Frequently Asked Questions

SEVA (Secrets Vault)

The software provides protections for possible vulnerability exploitation by using CAPTCHA.  When selected command line tools like powershell.exe, cmd.exe, cscript.exe, wscript.exe, csc.exe, rundll32.exe, regedit.exe, psexec.exe, cusrmgr.exe, msdt.exe and others are run, the user is challenged with CAPTCHA.   Execution of all such programs in non-interactive mode is blocked.

With Open API, one can integrate the software with ServiceNow, Zendesk, Postman, Custom Applications and Custom Scripts that are written in PowerShell.

The software can only be deployed in customer’s Azure Tenant. This model ensures that all customer data remains private and in their control.  With Azure Resources deployed in customer tenant, customer may enforce Azure Conditional Access Policies, Multi-Factor Authentication and other policies to operate a hardened environment.

By default, the Built-In Administrator account in Windows 10 and Windows 11 is disabled.  Although this delivers a hardened Windows Operating System out-of-the-box, it presents an operational challenge when system maintenance tasks need to be performed with administrator privileges.  The account is of no use, when disabled, unless you have console access and running it in Windows System Recovery Mode.

SEVA software addresses this by managing two local accounts and rotating their credentials, in addition to that of the Built-In Administrator account. Unlike the Built-In Administrator account which has the well-known SID S-500, the two accounts have a unique and non-guessable SID assigned to them.

The software also provides an added benefit of rotating the logon name, when the accounts passwords are changed. 

Passwords are randomly generated and by default, are 16 characters in length.  For hardened environments, it is recommended that the password length is set to 30 characters. You also have the option to use Pass Phrases instead of Passwords.

Password rotation occurs only when the Password Maximum Age has elapsed and when the device can connect to specific Azure Resources in your Azure Tenant.

Yes. The software may be installed on Virtual Machines or Physical Machines that run Windows, Unix or MacOS.

Yes. The software can use WPAD proxy configuration, or specific Web Proxy Server parameters, including FQDN or IP and port number.