Network Access

Agent > Network Access

• This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center

The Network Access page lets you approve or deny TCP/IP-protocol-based network access on a per application basis. Users can also be notified when an unlisted application accesses the network, permitting or denying that application network access. Typically this function is used to control access to internal and external internet sites, but can include internal LAN traffic that also uses the TCP/IP protocol.

Driver

This function requires the driver be enabled to block network access and monitor network bandwidth statistics. The driver is disabled by default. This driver inserts itself into the TCP/IP stack to measure TCP/IP-protocol-based network traffic by application. An enabled driver only takes effect after a reboot of the machine.

Note: To determine which applications should be approved or denied network access, use the Network Statistics report to view network bandwidth utilization versus time. Drill down and identify peak bandwidth consumers by clicking the graph's data points. See which application and which machine use bandwidth at any point in time.

Warning: Applications that do not use the Windows TCP/IP stack in the standard way may conflict with the driver used to collect information and block access, especially older legacy applications.

Multiple Agents

If multiple agents are installed on a machine, only one agent at a time controls the drivers required to use File Access, Network Access, Application Blocker. These functions can only be performed by the agent controlling these drivers.

To approve or deny network access to one or more applications

1. Check the checkbox next to one or more machine IDs in the Machine.Group ID column.
2. Click the link of any machine ID in the Machine.Group ID column. It does not have to be the machine ID you checked. This displays the Application List popup window, listing all applications installed on that machine ID. The list is based on the latest audit that was performed for that machine ID.
3. Since the list in the Application List window may be large, you can control the applications displayed by clicking Filter to filter the list.
4. Check the checkboxes next to the application name you wish to approve or deny network access to.
5. You can also enter application names in the Add applications not found by audit here edit field, to identify applications not listed.
6. Click the Select button to confirm your selections and close the Application List window. The selected applications now display at the top of the page.
7. Click Approve Apps or Deny Apps. The applications selected in the Application List window are added from the Approved Apps/Denied Apps column.

To remove approve and deny settings for one or more machine IDs

1. Check the checkbox next to one or more machine IDs in the Machine.Group ID column.
2. Click the Remove Apps button.

Network Access Options

• Notify user when app blocked - Notify the user when a blocked application attempts to access the network. Use this function to build up the access list based on normal usage. This lets you see which applications on your system are accessing the network and when. The machine user is prompted to select one of four responses when an application is blocked:
  • Always - Allows the application access to the network indefinitely. Users will not be prompted again.
  • Yes - Allows the application access to the network for the duration of the session. Users will be prompted again.
  • No - Denies the application access to the network for the duration of the session. Users will be prompted again.
  • Never - Denies the application access to the network indefinitely. Users will not be prompted again.
• Enable/Disable driver at next reboot - Enable/Disable the network access protection driver for an agent. Applications that do not use the Windows TCP/IP stack in the standard way may conflict with this driver, especially older legacy applications. The agent can not monitor network statistics or block network access if this driver is disabled. An enabled driver only takes effect after a reboot of the machine.
• Apply Unlisted Action - An unlisted application is one that has not been explicitly approved or denied access to the network. Select the action to take when an unlisted application attempts to access the network.
  • Ask user to approve unlisted - A confirmation dialog box displays if an unlisted application attempts to access the network.
  • Approve all unlisted - The unlisted application is granted access to the network.

• Deny all unlisted - The unlisted application is denied access to the network and the application is closed on the managed machine.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

Notify User

A green checkmark in the Notify User column indicates that the managed machine user is notified when an application attempts to access the network that has been denied network access.

To notify the user when a application has been denied:

1. Select machine IDs.
2. Click the Enable button for Notify user when app is blocked.

To remove this notification:

1. Select machine IDs that display a green checkmark in the Notify column.
2. Click the Disable button for Notify user when app is blocked.

Enable Driver

Identifies on a per machine ID basis, which machines have the network protection driver enabled or not. An enabled driver only takes effect after a reboot of the machine.

Unlisted Action

Displays the Unlisted Action to take when an unlisted application attempts to access the network. See Apply Unlisted Action above.

Approved Apps / Denies Apps / Remove Apps / Remove All

These settings can only be applied once the driver is enabled.

• Approved applications are listed in the first row.
• Denied applications are listed in the second row.
• If the Approve all unlisted radio option is selected and applied to a machine ID, then the approved application list is replaced by the phrase Approve All Unlisted.
• If Deny all unlisted radio option is selected and applied to a machine ID, then the denied application list is replaced by the phrase Deny All Unlisted.
• Click Remove Apps to remove a selected applications from selected machines.
• Click Remove All to remove all applications from selected machines.

Topic 407: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.