Skip to main content
All CollectionsAgentsWindows Agent
Mitigating a Compromised Liongard Domain Account
Mitigating a Compromised Liongard Domain Account

If you suspect that a Liongard domain account has been compromised, follow these steps immediately to secure your environment:

Updated over 4 months ago

1. Remove the Liongard Domain Account

Due to the discontinuation of remote Windows Server inspections by Liongard, domain accounts are no longer required. To mitigate any risks:

  • Delete the Liongard domain account from each of your customers' Active Directory environments. (Only applicable if the Liongard domain account shares a password across all of your customers' tenants.)

2. Update the Liongard Agent Service Account

  • Change the Liongard Agent Service's logon account to use the Local System account. This change enhances security by limiting the scope of potential account misuse.

3. Verify Agent Functionality

After updating the service account, ensure all agents are operational:

  • If any agent fails to send a heartbeat, reinstall the agent. During reinstallation, select System as the account type to ensure it runs with appropriate permissions.

  • For environments with multiple hosts, streamline the process using the Agent Reinstall script. Learn more about the script and how to use it.

Need Further Assistance?

If you encounter any issues or have additional questions, please don't hesitate to reach out. Open a conversation with the Liongard support team through our support portal for personalized assistance.

Did this answer your question?