Architecture

EPM Windows is composed of the following:

• A centralized administration module on the Segura platform.
• An agent installed on the user's workstation.
  

There are three available applications in the custom installation process for the agent:

• • Core
  • Automation 
  • Vault

Services

Windows services

• The LOCAL_SYSTEM user can automatically execute the services.
• The Microsoft Isolated Storage securely stores sensitive data, following the standards of Microsoft.
• Data transferred between the Segura platform and EPM Windows occurs through HTTP connection and API REST. This communication occurs within the EPM services to prevent capture by logged-in users.  
• Exchanged messages have additional asynchronous encryption with a random key.

go Service

It's responsible for any interaction that occurs in the system, as:

• IDS (Intrusion Detection System) service to block applications executed outside of EPM Windows.
• IDS service to block applications that communicate via TCP/IP and UDP to destinations other than the password vault.
• Possibility of identifying applications that are automatically elevating privilege without the user's knowledge or consent.
• Processing the license file and machine registration on the server, log synchronization, and folder and file monitoring.
• Prevention of workstation cloning attempts to misuse EPM Windows by a workstation or ghost user.
• Prevention of horizontal jumping through network sharing or unauthorized binary access to network resources.
• Interconnection service responsible for synchronizing any EPM Windows settings.
• Interconnection service with Windows Kernel for privilege elevation and session control.
• Recording program (Recorder).