-
-
-
-
-
-
Data Distribution and Separation (Routing to Multiple Backends)
-
Enhanced Privacy Guide
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
uberAgent Enhanced Privacy Configuration Guide
In many environments, uberAgent is subject to strict privacy expectations from data protection officers, works councils, and local regulations. While uberAgent is designed with privacy in mind and offers extensive configuration options, it is up to each organization to decide which data is collected and how it is handled. This guide explains which types of data uberAgent can collect and shows how to configure the product to minimize its privacy footprint. The focus is on practical, technical settings that help you reduce or anonymize personal data while preserving the monitoring capabilities you need for operations and troubleshooting.
Audience:
IT administrators who need to configure uberAgent with a reduced privacy footprint — for example, to comply with local privacy regulations, satisfy data protection officers, or fulfill requirements from a works council. Note: This guide covers technical configuration options only. It does not constitute legal advice.
1. What Data Does uberAgent Collect?
uberAgent collects the following categories of data:
| Category | Examples | Contains Personal Data? |
|---|---|---|
| User Experience | Logon duration, session performance, app response times | Indirectly (tied to username) |
| Application Usage | Foreground app name, window title, usage duration | Yes (user behavior) |
| Network Activity | Connection destinations, latency, bandwidth | Indirectly |
| System Health | CPU, RAM, disk utilization | No |
| Security Analytics | Process names, hashes, network connections | Indirectly |
| Process Command Lines | Full command line of launched processes | Potentially sensitive (passwords, tokens) |
| Browser/Web App URLs | Visited web application URLs | Yes (browsing behavior) |
| Username & Domain | Windows username and domain | Yes (directly personal) |
2. Privacy Configuration Options
2.1 Username & Domain Name Encryption
Risk: Usernames are included in most metrics by default, making data directly attributable to individuals.
Configuration:
[Miscellaneous]
EncryptUserNames = true
<!--NeedCopy-->
With this setting enabled, usernames appear as encrypted strings in the backend and dashboards.
Important limitation: Encryption is reversible. uberAgent ships with uAEncrypt.exe, which can decrypt usernames:
uAEncrypt.exe -decrypt -keyId 101 -data <encrypted_value>
<!--NeedCopy-->
Recommendation: Define an organizational process that specifies who is authorized to decrypt usernames and under what circumstances (e.g., security incident investigation, four-eyes principle required).
2.2 Process Command Line Arguments
Risk: Process command lines can contain sensitive information such as passwords, tokens, file paths, or user-entered data.
Default behavior: Command line collection is disabled by default and requires additional configuration prerequisites to be explicitly enabled.
Prerequisite: Set EnableExtendedInfo = true in [ProcessStartupSettings] (in uberAgent.conf). If you’re using uberAgent ESA, EnableExtendedInfo is automatically set to true. Without this setting, the ProcCmdline field remains empty.
[ProcessStartupSettings]
EnableExtendedInfo = true
<!--NeedCopy-->
If enabled, collection of the field ProcCmdline is enabled through uberAgent’s sourcetype uberAgent:Process:ProcessStartup. If you also want to evaluate this field through the sourcetype uberAgent:Process:ProcessDetail, collection should be scoped using allowlists and denylists.
Configure [ProcessDetail_SendCommandline] to specify which processes are allowed or denied for command line collection:
[ProcessDetail_SendCommandline]
# Include only specific processes (allowlist — recommended if enabled)
^myapp\.exe$ = uberAgent_allowlist
# Or exclude specific processes (denylist)
^sensitive\.exe$ = uberAgent_denylist
<!--NeedCopy-->
Recommendation: Do not enable command line collection unless there is a specific, documented operational need. If enabled, use an allowlist to limit collection to the minimum required set of processes.
2.3 Browser & Web Application URL Monitoring
Risk: Recorded URLs can reveal which web applications — and indirectly which content — users are accessing.
Configuration: URL collection can be scoped using allowlists and denylists:
[BrowserWebAppURL_Filter]
# Only monitor specific internal applications (recommended)
^https://intranet\.company\.com = uberAgent_allowlist
# Or exclude specific URLs
^https://excluded-site\.com = uberAgent_denylist
<!--NeedCopy-->
Recommendation: Use an allowlist containing only business-critical web applications. This prevents monitoring of private browsing even on work devices.
2.4 Foreground Application & Session Usage
Risk: uberAgent tracks which application is in the foreground at any given time, including the process name, app version, browser type, and active browser tab host. This data reveals detailed user behavior — which applications are used, how long, and in what context.
Default behavior: All foreground application fields are collected as part of the SessionDetail metric.
Important:
The
SessionDetailmetric also contains session performance data (e.g., response times). Disabling the entire metric would remove performance visibility. Use Event Data Filtering to clear only the behavior-related fields while retaining performance metrics.
Configuration — Clear all foreground application fields:
[EventDataFilter]
Action = clear
Sourcetype = Session:SessionDetail
Field = SessionFgAppId
Field = SessionFgAppVersion
Field = SessionFgProcessName
Field = SessionFgProcessId
Field = SessionFgBrowserType
Field = SessionFgBrowserActiveTabHost
Field = SessionFgWindowTitle
Field = SessionFgProcessGuid
Query = true
<!--NeedCopy-->
Note:
This configuration also clears
SessionFgWindowTitle. If you apply this block, the separateSessionFgWindowTitleMaxLength = 0setting in Section 2.5 is not additionally required.
See Section 2.6 — Event Data Filtering for a general explanation of the feature.
2.5 Window Titles
Risk: Window titles can contain sensitive content — document names, customer data, email subjects, etc.
Default behavior: Window titles are collected as part of the SessionDetail metric.
Important:
Disabling the entire
SessionDetailmetric also removes performance data (e.g., session response times). Use one of the targeted options below instead.
Option A — Suppress window titles via configuration setting:
[SessionDetail_Config]
SessionFgWindowTitleMaxLength = 0
<!--NeedCopy-->
Setting this to 0 suppresses window title collection while retaining all other SessionDetail performance metrics.
Option B — Remove window titles via Event Data Filtering:
See Section 2.6 — Event Data Filtering for details on how to remove specific fields from any metric before data leaves the endpoint.
2.6 Event Data Filtering
Event Data Filtering is uberAgent’s most powerful privacy tool. It allows removing or modifying arbitrary fields from any metric before the data leaves the endpoint — meaning sensitive data is never transmitted or stored in the backend.
Documentation: Event Data Filtering — uberAgent
Example — Remove window titles from SessionDetail:
[EventDataFilter]
Action = clear
Sourcetype = Session:SessionDetail
Field = SessionFgWindowTitle
Query = true
<!--NeedCopy-->
Event Data Filtering can be applied to any metric and any field. Common use cases in privacy-sensitive environments:
- Remove or clear window titles
- Remove usernames from specific metrics
- Remove URL fields from browser metrics
- Strip any field deemed too sensitive before it reaches the backend
3. Recommended Privacy Configuration
The following provides a balanced starting point that preserves core monitoring capabilities while significantly reducing the privacy footprint:
| Privacy Concern | Recommended Approach |
|---|---|
| Usernames in metrics |
EncryptUserNames = true + define authorized decryption process |
| Window titles | SessionFgWindowTitleMaxLength = 0 |
| Process command line arguments | Leave disabled (default) |
| URL/browser monitoring | Allowlist with business-critical applications only |
| Sensitive fields in any metric | Event Data Filtering |
4. Operational Recommendations
IT-perspective recommendations only — not legal advice.
- Document what is collected: Maintain a record of active configuration sections and share it with your data protection officer.
- Define data access roles: Specify who can access monitoring data in the backend, and who is authorized to decrypt usernames. Consider requiring two-person authorization for sensitive lookups.
- Establish a data retention policy: Define how long monitoring data is stored in Splunk or your backend of choice.
- Review configuration on upgrades: uberAgent is highly configurable and evolves with each release. Ensure your privacy configuration is reviewed whenever the product is upgraded.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.