Agent Properties Modal

Click an agent name or Properties button to open the details modal with four sections:

1. Information Grid

• Server Name, Agent ID, Type, Status (with colored indicator), Last Heartbeat, Version, Environment, Mode, Tags

2. Health Metrics

• CPU and Memory usage cards with color-coded thresholds (green/yellow/red)
• Values from the latest health report (updated every 30 seconds)

3. Collection Control

• Start Full — begins continuous ETW collection
• On-Demand — starts time-limited collection
• Stop — ends all ETW collection, returns to Health Only

A status bar shows the current collection state and active provider count.

4. Interactive Query Session

• Current session ID and event count (if active)
• Begin Session / End Session buttons to control live sessions from properties

5. Delete Agent

• Requires two confirmations before proceeding
• Sends a silent uninstall command to the agent ("C:\Program Files\ETDucky\Agent\uninstall\unins000.exe" /VERYSILENT) via the existing SSE shell channel
• Modal closes immediately; a countdown toast shows the remaining time before database removal
• After 15 seconds, the agent record and all associated data are permanently deleted from the database
• The agent process self-terminates via the uninstaller; the subsequent heartbeat 401 is expected and benign

Remote Management

Collection Control

• Start Full/On-Demand/Stop buttons in Properties modal
• Agent picks up commands on next heartbeat (within 30 seconds)
• Live Sessions automatically start and stop collection

Configuration Push

• Changes in the Configure modal are saved server-side
• Agents poll for updates every 30 seconds
• Server-side config overrides local AgentConfig.json
• No agent restart required for most settings