Resolving issues with challenges

When users encounter issues on their workstations or need to perform operations that they cannot perform while the SES Evolution agent is running, they can ask the security administrator to temporarily disable or uninstall the agent, or allow it to run a diagnostic.

The Challenges feature must be enabled in the Settings tab of agent groups:

EXAMPLES
  • Self-protection may need to be disabled on the agent in order to debug potential compatibility issues with other programs.
  • The agent may need to be temporarily stopped on an offline workstation for the duration of maintenance operations such as the installation or update of an ERP.

As the security administrator, your responsibility is to choose which action to run on the user’s workstation and you must hold a role that includes the Challenge-response privilege.

The challenge mechanism is based on a question/answer system between the agent and the console.

A user on the workstation generates a character string (the question) from the agent that they communicate to you by telephone or e-mail. You then enter this string in the console, which generates another character string (the response) containing the definition of the action to allow. You forward this response to the user so they can enter it in the agent's interface. The action will then be allowed for the duration that you have defined.

The mechanism functions even when the agent is not connected to the network.

Three operations are possible using challenges:

  • Enabling maintenance mode,
  • Stopping the agent,
  • Running the diagnostic with or without tracing,
  • Uninstalling the agent.

Administration privileges are not required on the user's workstation to enable these operations via the challenge mechanism.

For further information on Maintenance mode, refer to the section Understanding self-protection on agents and performing maintenance operations.

For more information on diagnostics and tracing, refer to the section Diagnosing issues on agents.