Application Log

The agent logs detection events to the Windows application log.

Delete Files

The agent permanently deletes any file artifacts that are identified as an artifact of interest (AOI).

Delete Registry Keys

The agent permanently deletes the entire registry key of any AOI that are identified as registry artifacts.

Delete Registry Values

The agent permanently deletes the registry value of any AOI that are identified as registry artifacts.

Dump Detection to Disk

The agent creates a detection data file in the Aurora Focus application data directory.

Log Off All Users

The agent logs off all interactive and remote users.

Log Off Users

The agent logs off the specified users.

Log Off Interactive Users

The agent logs off all users that are currently physically interacting with the device.

Log Off Remote Users

The agent logs off all users that currently have a remote session established on the system.

Notification Window

The agent displays a notification window with the detection notification message that you specified, using the native OS notification box instead of the Aurora Protect agent.

Suspend Processes

The agent suspends any process artifacts that are identified as an AOI.

Suspend Process Trees

The agent suspends the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree.

Terminate Processes

The agent terminates any process artifacts that are identified as an AOI.

Terminate Process Trees

The agent terminates the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree.

Whitelist Processes

This option excludes the specified processes from being observed by Aurora Focus and is applicable to custom detection rules only.