Elevated Access: End User Elevation
Summary
Evo End User Elevation enables users to request administrative privileges for executing applications or installers. Upon submission, the request is forwarded to a technician for review, where it can be either approved or denied. Additionally, administrators can define access policies by creating custom rules for specific applications. This can be achieved manually or by placing designated Users, Groups, Endpoints, or an entire Tenant into Training Mode, which automatically approves requests and facilitates the creation of rules based on executed actions.
Enabling this feature
To enable End User Elevation, you must submit a request to Evo Support. Once activated, the Training section will be added to the Elevation tab. This feature is currently available exclusively in the New Beta UI.
Notes:
Permissions can be configured within the Roles & Permissions settings to restrict access to Elevation requests, ensuring that only designated users and groups have the ability to submit or manage requests.
Administration
When End User Elevation is enabled, if a user needs to run an application as an administrator or install an application that requires administrator rights there will be add a link to at the bottom of the UAC prompt “Request End User Elevation”.
When a user selects “Request End User Elevation,” an Elevated Access Request pop-up will appear, prompting them to provide a reason for the request. This request is then forwarded to the Evo Portal, where a technician can review the details and either approve or deny the request.
Once a request is submitted, the user will see the Elevation Request Status, which displays key details such as the file path, request date and time, and reason for the request. The user can close this window, and it will reappear once the request has been approved or denied. Additionally, users can check the status at any time by accessing the Status Viewer.
On the Evo Portal, technicians can locate and review requests by navigating to the respective Tenant and accessing the Elevation → Request section.
User View:
Technician view:
From this section, the technician can review the request by clicking on either the application name or the "Review" button.
The Request Details section provides the technician with comprehensive information for review, including the following:
Request details: Requested By, Request Timestamp, Resolution By, Action, Endpoint, Reason, Resolution Reason.
File Details: File Name, Product Name, File Version, File Description, File Size, Publisher, Internal Name, Folder, Arguments, Copyright, Issuer, Thumbprint, SHA256, MD5
AI Categorization Information: File Categories, File Danger, Virus Scan Status
At the bottom of the Request Details page, the technician has the option to approve the request, deny it, or create a new rule.
- Upon approval, the technician can choose to create a rule for future requests.
- A reason for approval or denial must be provided, either by selecting from predefined options or entering a custom response in the input field.
- To automate future approvals for similar requests, the technician can select “Create rule from this request.”
To configure automatic approval for specific applications when a user requests End User Elevation, rules can be created in one of two ways:
- From a Request – Directly generate a rule based on an approved request.
- Manually – Navigate to the Rules tab and select “Create Rule.”
Rules can be assigned to specific Users, Groups, and Endpoints to ensure controlled and automated elevation approvals.
Creating a manual Rule
Here, you can upload executable files such as .exe, .dll, .scr, or .msi, and the system will automatically extract and populate the application details. Based on the extracted information, you can select the relevant attributes for rule creation by checking the corresponding boxes.
Click Next to go to the next tab for General information.
In the General tab, you can configure the rule by:
- Assigning a name and description to the rule.
- Selecting the Users, Groups, and Endpoints to which the rule will apply.
- Optionally applying the rule to the entire tenant for broader enforcement.
Once the rule is created, it will appear in the Rules tab, where it can be edited, enabled, disabled, or deleted as needed. Additionally, the system will display the admin who created the rule for tracking and auditing purposes.
Once the technician approves the request or if the application is already permitted by an existing rule, the user will receive an Elevation Status notification stating:
“Your request to perform the action is: Approved.”
The user can then click “Execute Now” to proceed with running the requested application or installation.
In the Configurations tab, you can set up notification alerts for specific email addresses, users, or groups. When an End User Elevation request is submitted, an email notification will be sent to the designated recipients.
The email will include the Request Details as seen in the Evo Portal, along with a direct link to the request for quick access and review.
Please reach out to the Support Team at support@evosecurity.com with any questions!