When you install the UpSight Client on a device, that device automatically becomes part of a device group. You can specify a device group during installation; otherwise, the device will be added to the Default group.
Device groups allow you to organize machines across your organization and apply different configurations and/or policies to specific sets of devices.
Tip: To install a device into a specific device group, open the Install tab under Devices. In the Manual Install or Bulk Deployment section, select the desired group from the Device Group dropdown. The sample installation command will automatically update to include the --devicegroupid parameter for that group.
Viewing and Modifying Device Group Assignments
Administrators can change which device group a device belongs to:
Navigate to the Devices page.
Locate the desired device and click its row.
Select Modify Device Group Assignment from the flyout on the right hand side of the screen.
In the dialog that appears, choose the new device group and click Save.
Default Device Groups
Each organization includes three predefined device groups: Default, Preview, and Visibility.
Device Group | Update Stream | Description |
Default | Release | The most stable stream. Devices in this group receive client and content updates that have passed multiple testing stages before release. |
Preview | Preview | Receives updates earlier and more frequently than the Release stream. Updates may have undergone less testing. |
Visibility | Release | Configured to run in Visibility Mode, where threats are detected and reported but not blocked. |
Recommendation: Assign 3% of all devices to the Preview group to evaluate new client and content updates before deploying them organization-wide. These devices should be used by power users who can quickly identify potential issues.
Creating a New Device Group
To create a new device group:
Navigate to the Devices page.
Click the Device Groups tab.
Click New Device Group in the upper-right corner of the page.
Enter a name for the new group.
Select an existing group to copy initial settings from (including its update stream).
Click Create.
The new device group will inherit settings from the selected group. You can modify its configuration at any time.
Editing Device Group Settings
To modify device group settings:
Navigate to the Devices page.
Click the Device Groups tab.
Select the tab for the group you want to modify.
Adjust the available settings under the following sections:
Overview
Enforcement Level
Client Configuration
Device Group Settings
Overview
The Overview section provides a snapshot of key group metrics:
Field | Description |
Security Rating | Indicates the protection level of devices in this group. A higher score reflects stronger protection. |
Device Count | The total number of devices currently assigned to the group. |
Exclusion Count | The number of exclusions that apply to this group. |
Enforcement Level
The Enforcement Level determines how the UpSight Client responds to detected threats.
Administrators can choose from four levels of protection:
Level | Description |
Full Protection | Detects, prevents, and evicts threats. Provides the highest Security Rating. |
Eviction Visibility + Protection | Detects and prevents threats, but only reports potential evictions without executing them. |
Visibility Mode | Reports threats that would have been prevented or evicted without taking action. Recommended for initial deployments to evaluate client actions and tune exclusions. |
Full Bypass | Disables all monitoring and response. The client is inert in this mode and does not track or mitigate threats. Typically used for troubleshooting. |
Tip: When first deploying the UpSight Client, start with Visibility Mode to verify detections and adjust exclusions before switching to Full Protection.
Client Configuration
The Client Configuration section provides advanced options for managing client behavior on devices within the group:
Option | Description |
Show Desktop Notifications | Displays a Windows toast notification when the client detects a threat. Disabled by default. |
Allow Users to Uninstall UpSight | Allows users to uninstall the client via Installed Apps without requiring an uninstall code. Disabled by default. |
Windows Defender Integration | Enables the UpSight Client to monitor Windows Defender activity and apply additional protections when threats are detected. Disabled by default. |
Support Device Cloning | Enables support for environments where devices are cloned from a golden image, such as VDI or imaging systems. Disabled by default. |
Windows Defender Integration
When Windows Defender Integration is enabled, the UpSight client detects and reports any Severe or High severity threats identified by Windows Defender. It then leverages its advanced causal attack graph to evict threat artifacts that Windows Defender might otherwise miss.
Support Device Cloning
The Support Device Cloning option is essential for environments where new devices are created from a golden image, such as virtual desktop infrastructure (VDI) or large-scale physical imaging.
When the UpSight Client is installed on the golden image, the UpSight backend records the device identity (including its hostname and MAC address). If Support Device Cloning is not enabled, all cloned machines derived from that image will appear as the same device in the UpSight console. As a result, new clones will not register properly, and administrators will be unable to view or manage them individually.
When Support Device Cloning is enabled, the UpSight backend automatically detects changes in the cloned device’s hostname and MAC address. It then assigns a new, unique identity to each cloned instance, ensuring that each device appears independently in the console and can be managed separately.
Best Practice:
Always enable Support Device Cloning on any device group used for your golden image installation and for all cloned devices.
When deploying the UpSight client in a device cloning environment for the first time, start in Visibility Mode. This allows you to observe how the client behaves in the environment and make any necessary configuration adjustments or exclusions.
The UpSight client is periodically updated by UpSight. To prevent newly cloned devices from immediately attempting to update the client upon creation, make sure to periodically update the UpSight client on your golden image.
Tip: Run "C:\Program Files\UpSight\upsvc.exe" policy --pull from an administrative command prompt to automate the process and force the UpSight client to check for new content.
Verify that cloned devices are being registered correctly after image deployment.
Keep this option permanently enabled for the device group assigned to those systems.