Skip to main content

Operational Characteristics

This section describes the runtime behaviour, deployment options, and operational profile of ControlGuard within industrial environments.

Platform Support

ControlGuard supports deployment across a broad range of Windows environments:

CapabilitySupported Platforms
Active Protection (whitelisting and enforcement)Windows 7 and higher (64-bit)
Monitoring (visibility and event collection)Any Windows and Linux operating systems

ControlGuard can be installed on both physical and virtual machines, supporting standard enterprise virtualisation platforms used in industrial environments.

Protected Mode

ControlGuard supports a Protected Mode in which the agent cannot be stopped, disabled, or uninstalled by a local IT administrator. This ensures that security enforcement remains in place even if an attacker gains elevated privileges on the endpoint.

Protected Mode is configured during deployment and provides a critical layer of tamper resistance for environments where endpoint integrity must be guaranteed.

Data Collection Capabilities

Once deployed, ControlGuard continuously collects and reports the following information to the First Watch Controller:

  • Computer metadata — hostname, operating system version, hardware identifiers, and network configuration
  • Software inventory — complete catalogue of installed applications, system components, drivers, services, and containerised software
  • User inventory — detected user and system accounts with their attributes
  • Windows Event Logs — structured collection of system, security, and application events for visibility and policy-driven response
  • Whitelisting enforcement data — allow/block decisions, policy matches, and integrity verification results

This data forms the foundation for asset management, change detection, policy creation, and compliance reporting within the platform.

Performance Profile

ControlGuard is designed for minimal impact on endpoint performance, reflecting the platform's commitment to non-disruptive operation in industrial environments.

OperationCPU Impact
Whitelisting enforcement (runtime execution checks)Below 1% CPU utilisation
Software updates and installations (inventory scanning and hash validation)Limited, controlled CPU consumption during the update process

During normal operation, ControlGuard operates transparently — operators and control system users experience no perceptible impact on system responsiveness or process execution.