Skip to main content

Server-Side Settings

Configuration

Client configurations can be deployed using Security Policies. Creating a Policy with an "APPLY POLICY METADATA" action will apply the configuration to the clients of users that match the policy.

Instructions for creating Security Policies are located here

In the Optional Metadata section of the Policy, you can set configuration values for the client using the following format:

{
    "env": {
        "key": "value"
    },
    config_priority: 1,
}
  • env is a dictionary of environment variables that will be set on the client.
  • config_priority is an integer that determines the priority of the configuration.
    • If multiple Policies with the same configuration key are applied to a client, the configuration with the highest priority will be used.

Enable Tamper Protection

Enabling Tamper Protection prevents tampering with the client configuration in the registry, killing the EdgeGuardian.exe process, and modifying system configuration such as proxy settings that interferes with Lacework Edge functionality.

This configuration has no effect on macOS.

Key: Config.EnableTamperProtection Default Value: false Platform: Windows Values:

  • false - Disables tamper protection
  • true - Enables tamper protection
{
    "env": {
        "Config.EnableTamperProtection": "true"
    },
    config_priority: 1,
}

Enable Always On

We recommend enabling this configuration using an MDM profile. Please see this page for more details.

Key: Config.EnableAlwaysOnVPN Default Value: false Platform: Windows, macOS Values:

  • false - Disables Always On
  • true - Enables Always On
{
    "env": {
        "Config.EnableAlwaysOnVPN": "true"
    },
    config_priority: 1,
}

Windows Client Update Settings

The Windows client update behavior can be configured with server side configurations.

Key: Config.AutoUpdateEnabled Default Value: false Values:

  • false - Disables automatic updates
  • true - Enables automatic updates

Key: Config.ManualUpdateEnabled Default Value: false Values:

  • false - Hide the "Check for Updates" button in the client UI.
  • true - Displays the "Check for Updates" button in the client UI.

Browser Extension

Browser Request Collection

The browser extension can be configured to collect information about requests made by the browser. This information is used to enhance the access logs generated by the Lacework Edge client.

Key: Config.BrowserRequestInspection Default Value: disabled Values:

  • url - Enables request collection, collecting the full URL of the request.
  • domain - Enables request collection, collecting only the domain of the request.
  • disabled - Disables all request collection.
{
    "env": {
        "Config.BrowserRequestInspection": "url"
    },
    config_priority: 1,
}