IntroductionThis article provides everything necessary to acquire, install, provision, and use as an Individual User. If you intend to work in a different role, refer to the Quick Start for clarity.
Each section of this article offers high-level guidance with references to related materials that contain in-depth information. This allows you to quickly work through basic requirements then selectively pursue areas of interest.
Acquiring the :Foundation Client
Navigate to the Download page for the latest version, then choose the package that meets your needs. The Primary Package includes a Filesystem Driver required for In-Place Encryption, suitable for most Individual Account holders. This package requires elevated permissions during installation.
If you cannot elevate privileges during install, and/ or do not need In-Place Encryption (i.e. only intend to manage Outlook Email), use the Alternate Package without the Filesystem Driver.
Both packages support all other components and features. For older versions and/ or more package detail, refer to the article, Where do I find the Software?.
Installing the :Foundation Client
Download and verify the package's signature before executing the install. When installing the Filesystem Driver, you may need to acknowledge User Account Control prompts. Refer to, Installing the :Foundation Client for details.
NOTE: Do not ignore Reboot notification associated with installation - the software will not functional properly until carried out.
Accessing the :Foundation Client UI
All UI components include a Help button, which redirects you to a specific article on this site. If you prefer to discover things on your own, explore the displays using the context menu, and use the Help button to refer to individual topics that suit your interests.
Creating your Account
Click the notification icon or double-click the desktop shortcut then choose Create New... together with directions in the article, Creating an Account to provision your Individual Account. You will not be able to proceed until you complete this process.
Your Create request will generate a unique code sent to the email address you associated with your Account. This steps verifies your control of the target email, assigning it as your unique Username.
1st Time Use and Keys
The first time you use the software, you may be prompted to carry out additional tasks. All Individual Accounts must export Account keys. This is described in the article, 1st Time Use.
CRITICAL EXPORT KEYFILE INFORMATION
If as an Individual Account holder, you lose your Login Password, the exported keyfile is the only way to regain Account access: The (KODiAC) cloud service operator cannot access your content, cannot recover your keys, and cannot reset your password without (today) violating the principle requirement of making certain ISPs never have or gain access to your data/ resources.
Maintain an offline copy of your keyfile: Never store it on network-connected systems. Also make sure you maintain access to its' password.
Because it's counter-intuitive to require a password to replace a password, future releases will offer alternative protection methods. For more information, refer to the article, Credentials, Keys, and 2FA.
Working with Content
The next several sections walk you through basic use, which includes further detail as follows:
- Our Technology provides a high-level description of the process
- Managing Data w/ SSProtect provides additional insight on this process
- :Confidential/ :Shell Topic contains a collection of related articles
- Protecting and Working With Files provides further insight for managing content
Protecting files from within File Explorer
SSProtect extends File Explorer context menus, allowing you to choose up to 15 target files then right-click and choose, SSProtect Activate. This applies protection directly to chosen files. Note that you cannot apply protection to a folder or to certain types of files (i.e. read-only content and certain types of files that are not common for desktop/ application use). Use Bulk Conversion to add entire folders and subfolders of content.
File Explorer Overlay Icons for Protection State
Double-clicking a protected file launches its' default application and opens the file, in plaintext, for you to use. This puts the target file in a protected operating mode, which precludes others from reading and writing the source plaintext file while, "opened" in application software. This also prohibits sync and sharing applications from updating cloud content with unprotected plaintext - an inadvertent reality achieved everday by unwilling end-users.
When you Save and Close a protected file, it is re-encrypted before protective isolation is removed. This re-enables normal file operation - move, rename, copy, attach to email messages, coordinate changes with sync and sharing software, etc.
This process extends typical file encryption by removing the need for manual encrypt/ decrypt operation while maintaining protection over plaintext content independent from application data owners. This inhibits, "wait and offload" techniques employed by attackers who compromise hosts computers, wait for you to Login (even w/ 2FA), then proceed to copy unlocked content (slowly/ quietly).
You can, from within application software, directly, "load/ save" managed content using the software's native UI. This is often in the form of File/ Open menu operation (or similar). So long as the calling application matches the default registered handler for the managed filetype, SSProtect will intercept the request and apply authentication/ protection on the fly, then isolate the application's access to resulting plaintext content (as noted in the previous section).
Default handlers associated filetypes with software application - for example, Microsoft Word for .docx files, Reader for .pdf files, etc.
In-Place Encryption is being extended to provide more flexibility in choosing how applications work with managed content, extending this mechanism such that you can natively access managed content from more than the default application (which can be changed with Windows configuration proceedings). doesn't, however, interpret access activity from non-default applications. In such cases, the application ends up reading ciphertext directly, which results in an attempt to load a, "corrupted" file.
Authenticating On The Fly
If, when accessing content, you haven't established an SSProtect Login Session, you will be prompted to Login. When 2FA is configured, you must provide the second authentication factor with each request. Whether 2FA requires a physical presence activity or not depends on the method chosen for its' use. Many types of 2FA technologies can be quickly integrated, supporting changing industry dynamics.
Release protections by first holding the Shift key then right-clicking up to 15 protected files in File Explorer. Choose, SSProtect Release. This will remove protections, resulting in unmanaged plaintext (and the removal of the Icon Overlay status indicator).
All Accounts include a basic set of capabilities, as follows:
- :Access for 2-factor authentication; see Credentials, Keys, and 2FA
- :Assess for secure access event auditing and reporting
- :Collaborate for sharing data with external users using Third Party Trusts
- :Confidential/ :Shell, with references in the preceding sections
A short summary of system components is available in the article, Components and Names.
Additional capabilities can be individually added/ removed to any Account - without additional installation or host setup:
- :Recover for secure cloud Backup and on-demand Restore and Host Re-Deployment
- :xRecovery Disaster Recovery w/ offline Account/ Organization :Recover Archives
- :Respond for Sabotage (Ransomware) Remediation
- :Respond for On-Demand, Objective Disclosure Risk Reporting
- :Honeypots that monitor plaintext, "dummy" files for early presence detection
You can also enable Outlook Email protection, which when authorized, automatically installs and configures the associated Outlook Add-In. Refer to the articles in the :Email Topic.
Finding and Requesting Optional Features
When you create an Individual Account, you can only request :Recover (enabled by default) and :Email (not enabled by default). Other components must be configured using SSProtect Licensing, which manages all dynamic licensing.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v8.5.1 of the :Foundation Client