Actifile Support

FAQ and “How To…” Guides

Our how-to section includes how-to videos, how-to articles, and links to support content. 

 

 

MSP

Actifile Deployment – Considerations and Important Links

The Actifile agent can be easily installed using an RMM, a logon script or even by the end user (given a tenant install key). The following collection of links and data provides the MSP or IT manager with all necessary prerequisites and considerations for the different types of deployments.

Supported OS

Windows Server (2012, 2012 R2, 2016, 2019)
Windows 11 (All versions except IOT)
Windows 10 (All versions except IOT)
Windows 8 (All versions)
Windows 7 (All Versions) – Functionality is deprecated to discovery only
Mac OS 10.15.x – support is being phased out
Mac OS 11.0-11.5 – supported

Supported browsers for the Management Portal

Chrome
Edge (Chromium and Legacy)
Firefox
Safari
Opera

Deployment tools

Most MSPs would use their RMM to deploy the Actifile agents to the endpoints. This facilitates automation of the installation and management of the various installation keys.

Sometimes an RMM isn’t available. In these cases the following tools are great to make deployment easier.
PDQ Deploy – The free version supports most common deployment scenarios. Has an easy to use UI.
PSTools PSEXEC – Tried and tested tool from Microsoft’s Sysinternals. Command Based tool does need basic batch file writing/editing.
Logon Script – Sample installation script (AD logon script) shows how to check if Actifile is deployed and deploys if it isn’t.
https://support.actifile.com/wp-content/uploads/2020/04/Installation.rar is a nifty batch file written by an MSP (Momentum Z – used with their permission) that is sent to a user and which automates the installation. Remember to change the install key in the key file.

https://support.actifile.com/wp-content/uploads/2021/01/deployActifile.ps1 Powershell script that can be used to download and install Actifile on clients computers. Can be use as a logon script – it checks if already installed and quits. Logs the result into %tmp% directory. Downloads the MSI from Actifile into %tmp%.
New version of deployActifile.ps1 script: Now sets Powershell to use TLS1.2 to download installer, preventing “unable to create SSL/TLS tunnel error”.

Troubleshooting a failed agent deployment: https://support.actifile.com/docs/troubleshooting-an-agent-installation/

Uninstallation tools

Removal of the agent needs the same installer version that was used to deploy. For customers it isn’t a problem as they usually have 1 installer. But for MSPs the problem is that it isn’t always easy to track which version was used to install to which customer and which device.

So we’ve created a Powershell script to remove Actifile. Intended for RMM use, it checks for proper Admin privileges, stops the services and processes, unmounts the filters, and runs the uninstaller using WMI (so don’t have to keep any version of the installer). It creates a log file (at $Env:TMP ActifileUninstall.log), and stuffs error messages into the log.

The uninstall script is at: https://1drv.ms/u/s!AnGFvQ5rPFi4gedlJlMTErLENLSf7g

Method used: 

The main uninstall command used in the script leverages WMI uninstall method:

                $vPackage = Get-WmiObject Win32_Product -Filter “Name=’Actifile Agent'”

                $vPackage.Uninstall()

But that isn’t sufficient as the service protects itself from removal (and will popup a request for the uninstall key). To get around that, the script first disables the services and unmounts the drivers (leveraging the admin credentials).

Release Notes

See at https://support.actifile.com/system-updates/

Installation Guides

Administration manual (Pages 11-13): https://support.actifile.com/docs/actifile-administration-manual/
How to use the silent install functionality: https://support.actifile.com/docs/silent-install/
Mac Installation: Mac Agent Download and Installation – Actifile

Important Links

(Important) Prevent AV/EDR caused slowdowns: https://support.actifile.com/docs/antivirus-edr-collision-performance-issues/
Enabling the tamper resistance functionality: https://support.actifile.com/docs/actifile-tamper-resistance-uninstall-key-functionality/
Switching agents between tenant accounts: https://support.actifile.com/docs/switching-agents-between-tenants/

Direct link to agent installer

https://app.actifile.com/Home/DownloadAgentMsi
Mac Agent Download and Installation – Actifile

How to register a new partner portal account and deploy your first risk assessment (video)

In this video you’ll learn how to:
– Create your own MSP portal on Actifile.
– Create customer tenants.
– Deploy your first data risk assessment customer.

How to white label the Actifile portal and reports (video and article)

Open the partner portal. Select the General Settings tool.

Note: If general settings show a different menu than shown below, you have probably drilled down into a customer portal. Return to the partner portal by clicking on the Partner Portal tab.

Click Upload. Upload a 150x17px image. A transparent background PNG looks best against the Actifile background which is grey (Hex #E1E1E1).

Click Ok in the confirmation popup. At this point you should see the new logo. If you want to go back to the Actifile logo, click Reset to default.

 

Understanding the initial risk assessment results and ongoing monitoring (video)

In this video you’ll learn how to:
– Interpret and present the results of a data risk assessment / audit.
– Create customer tenants.
– Deploy your first data risk assessment customer.


Encryption

How to use encryption to reduce a customer’s data privacy risk (video)

In this video you’ll learn how to:
– Use encryption to reduce customer data liability.

Is Actifile’s encryption a general purpose encryption solution? (article)

No. All encryption solutions work on the same principle of converting plaintext into ciphertext. Actifile is no different and uses AES256 as its encryption library. What differentiates encryption solutions is how they are activated – resulting in the encryption and/or decryption of data.

General purpose encryption solutions are usually manually operated, or operate on a specific folder (or vault). General purpose encryption solutions are flexible – but hard to configure in a way that reduces liability.

Actifile works differently. Actifile’s encryption policies are always triggered by a policy – and are completely automated. Actifile’s encryption is designed to automatically reduce excessive liability – and do it in a way that is least intrusive.

What does “liability reducing” encryption do? (article)

Actifile’s encryption is always tied to policies that detect data (either by content, by source, by type, or by folder), policies which provide an assessment of the liability the data poses to the organization should a data privacy event happen. If excessive liability is found, the operator may opt to activate the encryption to protect some or all of the data,

Encryption and decryption are performed automatically. Data is encrypted according to the detected policy. By default, data is decrypted whenever the data is accessed using a local process (e.g. Word, Excel, Acrobat etc.).

One of the challenges is  that most business systems and workflows require decrypted files for them to be able to process data. Therefore, decryption can also be set to occur when data is uploaded to an authorized application and/or a portal. However, for many organizations, a simpler solution is available: encryption delay. As an example, most healthcare and financial services businesses process information in a timely fashion (a patient is cared for, data is processed, and the clinic generates the billing forms), after which data is no longer processed – just kept for later reference and/or archival purposes. Setting a delay (typically 30-90 days) allows these processes to conveniently complete before data is encrypted.


Compliance

How does Actifile calculate the “value” of data and what does this value mean? (article)

For discovered content: Actifile multiplies the number of discovered records by the assessed “cost” per record and displays this per content type (e.g. SSN).

For discovered activity: Actifile multiplies the number of activities (uploads and downloads) with the assessed incident cost – per each source/destination (e.g. source portal).

The displayed “liability” is an assessment of the cost of addressing a data privacy incident and is based on best available figures. This cost usually comprises of fines and penalties, forensics services, legal representation, PR and notifications costs, increased insurance premiums and subsequent scrutiny. It is an assessment: depending on actual circumstances the cost of addressing an incident may be different – and sometimes even significantly so. Having legal protections (such as business associate contracts, good employee contracts, good HR practices), showing due care, and demonstrating IT compliance can all change the assessed fines, penalties and other associated costs.

How does Actifile help with HIPAA and HIPAA Business Associate Agreements (BAAs) (article)

Out of the box Actifile does have HIPAA ePHI detection, and Actifile uses AES-256 encryption to help protect ePHI and as safe harbor to reduce the risk associated with ePHI.

In regards to Business Associate Agreements (BAA) (or Business Associate Contracts) – what we do is identify destinations: where (both portals and apps) and how much ePHI is going. At that point, it is the responsibility to the covered entity (or its service provider) to formulate and execute the BAA.