Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
1
Helpful
4
Replies

How to monitor if DUO client is active on Windows device

Go to solution
RF031
Level 1
Level 1

‎09-26-2024 06:57 AM

Hello,

Which process should we monitor to see if DUO client is actively running on Windows device?

We did find the link https://duo.my.site.com/s/article/5536?language=en_US but we want to check if it is actively running on the device and not if it is installed.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to RF031

‎09-27-2024 08:59 AM

I don't understand what you are trying to accomplish. What data point do you want to monitor?

Monitoring if the installation is there by seeing if the DLLs are present lets you know that the end-user did not uninstall the application.

Monitoring the registry keys HKLM\SOFTWARE\Duo Security\DuoCredProv and HKLM\Software\Policies\Duo Security\DuoCredProv lets you know that the configuration is intact and the end-user did not tamper with settings.

If you want to workstation logins authenticating with Duo you might want to do that from the Duo Authentication Logs in the Admin Panel or accessible via Duo Admin API's logging endpoint.

The Duo logon event is also captured locally in the Windows Event Viewer - Application log.

DuoKristina_0-1727452782834.png

 

Duo, not DUO.

View solution in original post

4 Replies 4

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎09-26-2024 11:59 AM

Duo Authentication for Windows Logon (the application the article you linked is about) is not an application or service that actively runs all day, so there's nothing to monitor. It's a credential provider that only gets executed during system login.

Are you asking about something besides Duo Authentication for Windows Logon?

Duo, not DUO.
0 Helpful

Go to solution
RF031
Level 1
Level 1
In response to DuoKristina

‎09-27-2024 12:58 AM

Thanks for your quick reply.
If DUO is not an application or service on a Windows device, then it will indeed be difficult to monitor this.
The only thing that can be monitored is whether DLLs are present?

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to RF031

‎09-27-2024 08:59 AM

I don't understand what you are trying to accomplish. What data point do you want to monitor?

Monitoring if the installation is there by seeing if the DLLs are present lets you know that the end-user did not uninstall the application.

Monitoring the registry keys HKLM\SOFTWARE\Duo Security\DuoCredProv and HKLM\Software\Policies\Duo Security\DuoCredProv lets you know that the configuration is intact and the end-user did not tamper with settings.

If you want to workstation logins authenticating with Duo you might want to do that from the Duo Authentication Logs in the Admin Panel or accessible via Duo Admin API's logging endpoint.

The Duo logon event is also captured locally in the Windows Event Viewer - Application log.

DuoKristina_0-1727452782834.png

 

Duo, not DUO.

Go to solution
RF031
Level 1
Level 1
In response to DuoKristina

‎09-30-2024 02:05 AM

Thanks for the answer.
We were looking for a way to check that DUO client is active on device and not uninstalled by a user. We will work on this and thanks again for the support!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents