Skip to content

Local Configuration

All configuration options should be made from the configuration options available on the Device Configuration page within the SenseOn platform. Local options should not be changed unless there are exceptional circumstances.

These options can overridden locally via the see.flags configuration file located in the SenseOn installation directory. This local configuration covers the full range of options available through the SenseOn platform.

⚠ Alerts: If the see.flags file is accessed by an unknown process a security alert will populate in the platform.

💡 Different configuration option names: The names of the settings in the see.flags file may be different from those within the SenseOn platform.

Network Analysis

Whether the Universal Sensor processes network traffic.

--enable_epns=(true / false)

Reflex Host Isolation (Windows only)

Whether Reflex Host Isolation in response to ransomware is automatic or requires manual approval.

--reflex_response_mode=(manual / auto)

Auto Updates

Whether the Universal Sensor software should receive automatic updates.

--disable_update_check=(true / false)

Antimalware (Windows / macOS only)

Detect & block file based malware. Default actions can be customised using the options below.

--disable_antimalware=(true / false)

--antimalware_mode (dual_running / scan_only / scan_and_block)

scan_and_block: Scans files and blocks access to them if they are found to be malicious. Recommended NOT to be used alongside other antimalware products with real-time scanning enabled.

scan_only: Scans and alerts for detected malicious files but does not block access to them if they are found to be malicious. Recommended NOT to be used alongside other antimalware products with real-time scanning enabled.

dual_running: Can be used alongside other antimalware products without risk of interference. Scans and alerts for detected malicious files but does not block access to them if they are found to be malicious.

Paths to be excluded from antimalware file scanning.

--onaccess_exclude_paths (comma-separated list of paths, with backslashes doubled, e.g. C:\\Program Files\\senseon-see)

Paths to be scanned without blocking (available only in scan_and_block mode).

--onaccess_exclude_paths (comma-separated list of paths, with backslashes doubled, e.g. C:\\Program Files\\senseon-see)

Active Response (Windows / Linux only)

Activating this setting will enable select users to gain remote access to Windows and Linux endpoint devices, as well as quick isolation of Windows devices meaning they will no longer be able to send or receive network connections.

--enable_remeda=(true / false)

Endpoint crash reporting (Windows only)

Help improve endpoint performance by automatically sending endpoint crash reports to SenseOn and crash dump files to secure cloud storage for analysis by the Universal Sensor support team.

--enable_crash_dumps_retrieval=(true / false)

Disabling remote settings updates

It is possible to disable all remote settings updates via the --disable_settings flag. Setting this flag will ensure that no remote configuration is possible even if a new setting is added in the future. When using this flag, the following default values will be used for the local agent configuration:

--enable_epns=true
--reflex_response_mode=manual
--disable_update_check=false
--disable_antimalware=true
--antimalware_mode=dual_running
--onaccess_exclude_paths=
--onaccess_scan_only_paths=
--enable_remeda=false
--enable_crash_dumps_retrieval=true

Note that the sensor must be restarted to for any changes to see.flags to take effect.

Scheduled Telemetry Collection

The SenseOn Universal Sensor runs a number of scheduled queries, sending telemetry to the platform at regular intervals. Normally, the sensor fetches this configuration from the platform. However, it is possible to specify the configuration locally. To do so, add the following two lines to the sensor's see.flags configuration file:

--config_plugin=filesystem
--config_path=C:\\Program Files\\senseon-see\\see.conf (Windows)
--config_path=/etc/senseon-see/see.conf (Linux)
--config_path=/var/senseon-see/see.conf (macOS)

The default see.conf configuration file provided with the sensor is empty, so will disable all regular telemetry collection. Alternatively, we can provide the current configuration available from the SenseOn platform. With this setup, the agent will collect the same telemetry as is standard, while also being protected against an unexpected remote change of configuration.

Disable process enrichment

Process enrichment is where network data is linked to processes, it's enabled by default but can be disabled for troubleshooting.

--audit_allow_sockets=(true / false)

Logging

By default limited logs for troubleshooting are sent back to the SenseOn platform. The default setting of logger_plugin is below.

---logger_plugin=tls,

Local logging

Logs can be set to be stored locally by adding filesystem to the logger_plugin setting and defining a path for the log files.

⚠ Log Rotation: Log files stored locally can grow very large. This should on be enabled for short periods for troubleshooting purposes.

---logger_plugin=tls,filesystem
---logger_path=/var/log/senseon-see/

Verbose logging

More verbose logs can be created using the following option.

--verbose=(true / false)