Skip to main content

Windows Agent Configuration

This section provides comprehensive information on configuring the Windows Interaction Sensor application.

Configuration File Location

The main configuration file is located at:

app/configs/default.yaml

This file contains all the settings for application filtering, data capture, processing, and storage.

Configuration Options

Application Filtering Mode

The most important configuration is the application filtering mode. To change this, modify the application_filtering section in the default.yaml configuration file:

mode: "whitelist"  # Options: "allow_all", "whitelist", "blacklist"

Available Modes:

  • "allow_all" - Capture interactions from all applications (no filtering)
  • "whitelist" - Only capture from approved applications in the approved_apps list
  • "blacklist" - Block applications in the approved_apps list, allow all others

How to Configure Application Lists

To add applications to the approved list (for both whitelist and blacklist modes), modify the approved_apps section in the default.yaml configuration file:

capture:
  approved_apps:                               # List of approved applications
    - explorer.exe
    - acrobat.exe
    - notepad++.exe
    - mstsc.exe
    - chrome.exe
    - msedge.exe
    - winword.exe
    - excel.exe

To add your own applications:

  1. Add the executable application (e.g., "yourapp.exe")
  2. Only the .exe application name is needed, not the full application name
  3. You can find the .exe application name in Windows Task Manager under the "Processes" tab

How it works:

  • Whitelist mode: Only applications in this list will be monitored
  • Blacklist mode: Applications in this list will be blocked from monitoring
  • Allow all mode: This list is ignored, all applications are monitored

Note: If you use application name instead of executable name, that will not work.

Screenshot Rate Limiting

To control screenshot frequency and performance, modify the rate limiting settings in the default.yaml configuration file:

event_filtering:
  # Other settings...
  screenshot_strategy:
    # Other settings...
    # Rate Limiting
    max_screenshots_per_second: 1             # Industry standard continuous rate
    burst_rate: 3                             # Maximum rate for short bursts
    burst_duration: 5                         # Maximum duration for bursts (seconds)

Rate Limiting Settings:

  • max_screenshots_per_second: Maximum screenshots per second (default: 1)
  • burst_rate: Maximum rate for short bursts (default: 3)
  • burst_duration: Maximum duration for bursts in seconds (default: 5)

Performance Impact:

  • Lower values = better performance, fewer screenshots
  • Higher values = more screenshots, potential performance impact
  • Recommended: Keep max_screenshots_per_second at 1 for optimal performance

Data Capture Frequency

To control how often the agent listens for new events, modify the event processing interval in the default.yaml configuration file:

performance:
  # Event Processing Optimization
  event_batch_size: 30                        # Number of events to process in each 
  event_processing_interval: 0.3              # Frequency in seconds (300 milliseconds)batch

Frequency Settings:

  • event_batch_size: Number of events to process in each batch (default: 30)
  • event_processing_interval: How often to check for new events (default: 0.3 seconds = 300 milliseconds)

Note: Higher the number, less performance impact.