This article shows you how to download, install, and use SSProtect as an Individual User.
This article provides everything necessary to acquire, install, provision, and use SSProtect as an Individual User. If you intend to work in a different Role, refer to its' associated Article in this Section.
Each section of this article offers high-level guidance with references to related materials that contain in-depth information. This allows you to quickly work through basic requirements then selectively pursue areas of interest.
SSProtect is a system comprised of multiple components. You install and use the :Foundation Client on your host computer, though it is often more simply referred to as SSProtect. For details, refer to the article, Components and Names.
The :Foundation Client is very small and runs in the background using few system resources. The software is supported on qualified Windows 7/ 10 systems. For other variations/ platforms, refer to the article, System Requirements and/ or contact Support.
The abbreviated procedure is as follows, with the rest of the article dedicated to each task:
- Use Downloads to identify and download the appropriate Installer
- Verify the package signature, then execute steps in Installing the :Foundation Client
- Create your Individual Account using steps in, Creating an Account
- IMPORTANT: Login and export keys, as described in the article, 1st Time Use
- Review the System Overview, proceed with details in, Managing Data w/ SSProtect
- Review Components and Names, select components with Adding Feature Components
Acquiring the :Foundation Client
Navigate to the Download page for the latest version, then choose the package that meets your needs. The Primary Package includes a Filesystem Driver required for In-Place Encryption, suitable for most Individual Account holders. This package requires elevated permissions during installation.
If you cannot elevate privileges during install, and/ or do not need In-Place Encryption (i.e. only intend to manage Outlook Email), use the Alternate Package without the Filesystem Driver.
Installing the :Foundation Client
Download and verify the package's signature before executing the install. When installing the Filesystem Driver, you may need to acknowledge User Account Control prompts. Refer to, Installing the :Foundation Client for details.
NOTE: Do not ignore Reboot notification after installation, else the software will not functional properly.
Accessing the :Foundation Client UI
SSProtect provides a set of configuration and management displays specific to your User Role and enabled features/ components. When you login to Windows, the notification tray contains the DefiniSec, "D" icon. Click the icon to display the context menu with items that navigate to configuration displays.
If the notification tray icon is not present, double-click the desktop shortcut created by the installer. The first time you use the software, any attempt to access the UI will instead display Account Creation/ Registration.
Getting Help from the :Foundation Client UI
All UI components include a Help button, which redirects you to a specific article on this site. If you prefer to discover things on your own, explore the displays using the context menu, and use the Help button to refer to individual topics that suit your interests.
Creating your Account
Click the notification icon or double-click the desktop shortcut then choose Create New... together with directions in the article, Creating an Account to provision your Individual Account. You will not be able to proceed until you complete this process.
Your Create request will generate a unique code sent to the email address you associated with your Account. This steps verifies your control of the target email, assigning it as your unique Username.
SSProtect uses Login Sessions to manage context. You don't have to explicitly Login - you will be prompted to do so when the software detects activity that requires its' intervention. Use the Profile/ credentials you created during Provisioning.
Login Sessions remain active for a configurable amount of time - initially set to one hour by default. You do not have to enter your password again during this period, and you will be re-prompted with the first subsequently-related activity after a Session expires.
2FA is not enabled by default, though when configured, is required with each managed operation. For more information, refer to the articles in the :Access Section.
1st Time Use and Keys
The first time you use the software, you may be prompted to carry out additional tasks. All Individual Accounts must export Account keys. This is described in the article, 1st Time Use.
Critical Export Keyfile Information
If as an Individual Account holder, you lose your Login Password, the exported keyfile is the only way to regain Account access: The (KODiAC) cloud service operator cannot access your content, cannot recover your keys, and cannot reset your password without (today) violating the principle requirement of making certain MSPs never have or gain access to your data/ resources.
Maintain an offline copy of your keyfile: Never store it on network-connected systems. Also make sure you maintain access to its' password.
Because it's counter-intuitive to require a password to replace a password, future releases will offer alternative protection methods. For more information, refer to the article, Credentials, Keys, and 2FA.
Working with Content
The next several sections walk you through basic use, which includes further detail as follows:
- Our Technology provides a high-level description of the process
- Managing Data w/ SSProtect provides additional insight on this process
- The :Confidential Section contains a collection of related articles
- Protecting and Working With Files provides further insight for managing content
Protecting Files from Within File Explorer
SSProtect extends File Explorer context menus, allowing you to choose up to 15 target files then right-click and choose, SSProtect Activate. This applies protection directly to chosen files. Note that you cannot apply protection to a folder or to certain types of files (i.e. read-only content and certain types of files that are not common for desktop/ application use). Use Bulk Conversion to add entire folders and subfolders of content.
File Explorer Overlay Icons for Protection State
When File Explorer lists files protected by SSProtect, it shows a small Red or Yellow circle on top of the file's display icon (in most lists). A Red overlay is used for files you, "own", while a Yellow overlay indicates that a file is managed by SSProtect though owned by another. Because sharing permissions are governed by Policies that can be changed anytime, the Yellow icon only reflects access uncertainty.
Icon indicators change when you establish new Login Sessions, with Red/ Yellow context associated with the Session's Account.
Using Protected Files w/ In-Place Encryption
Double-clicking a protected file launches its' default application and opens the file, in plaintext, for you to use. This puts the target file in a protected operating mode, which precludes others from reading and writing the source plaintext file while, "opened" in application software. This also prohibits sync and sharing applications from updating cloud content with unprotected plaintext - an inadvertent reality achieved every day by unwilling end-users.
When you Save and Close a protected file, it is re-encrypted before protective isolation is removed. This re-enables normal file operation - move, rename, copy, attach to email messages, coordinate changes with sync and sharing software, etc.
This process extends typical file encryption by removing the need for manual encrypt/ decrypt operation while maintaining protection over plaintext content independent from application data owners. This inhibits, "wait and offload" techniques employed by attackers who compromise hosts computers, wait for you to Login (even w/ 2FA), then proceed to copy unlocked content (slowly/ quietly).
Native Application Access to Managed Content
You can, from within application software, directly, "load/ save" managed content using the software's native UI. This is often in the form of File/ Open menu operation (or similar). So long as the calling application matches the default registered handler for the managed filetype, SSProtect will intercept the request and apply authentication/ protection on the fly, then isolate the application's access to resulting plaintext content (as noted in the previous section).
Default handlers associated filetypes with software application - for example, Microsoft Word for .docx files, Reader for .pdf files, etc. SSProtect doesn't, however, interpret access activity from non-default applications. In such cases, the application ends up reading ciphertext directly, which results in an attempt to load a, "corrupted" file.
In-Place Encryption is being extended to provide more flexibility in choosing how applications work with managed content, extending this mechanism such that you can natively access managed content from more than the default application (which can be changed with Windows configuration proceedings).
Authenticating On The Fly
If, when accessing content, you haven't established an SSProtect Login Session, you will be prompted to Login. When 2FA is configured, you must provide the second authentication factor with each request. Whether 2FA requires a physical presence activity or not depends on the method chosen for its' use. Many types of 2FA technologies can be quickly integrated, supporting changing industry dynamics.
Release protections by first holding the Shift key then right-clicking up to 15 protected files in File Explorer. Choose, SSProtect Release. This will remove protections, resulting in unmanaged plaintext (and the removal of the Icon Overlay status indicator).
All Accounts include a basic set of capabilities, as follows:
- :Access for 2-factor authentication; see Credentials, Keys, and 2FA
- :Assess for secure access event auditing and reporting
- :Collaborate for sharing data with external users using Third Party Trusts
- :Confidential for encryption (as noted above)
A short summary of system components is available in the article, Components and Names.
Additional capabilities can be individually added (licensed)/ removed - without additional installation or host setup:
- :Recover for secure cloud Backup and on-demand Restore and Host Re-Deployment
- :xRecovery Disaster Recovery w/ offline Account/ Organization :Recover Archives*
- :Respond for Sabotage (Ransomware) Remediation*
- :Respond for On-Demand, Objective Disclosure Risk Reporting*
- :Honeypots that monitor plaintext, "dummy" files for early presence detection
* :xRecovery and :Respond are not to Individual Accounts: Migrate to an Organization Account, then add the related Component Services.
You can also enable Outlook Email protection, which when authorized, automatically installs and configures the associated Outlook Add-In. Refer to the articles in the :Email Sections.
Finding and Requesting Optional Features
When you create an Individual Account, you can only request :Recover (enabled by default) and :Email (not enabled by default). Other components must be configured using SSProtect Licensing, which manages all dynamic licensing.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.0.4 of the :Foundation Client