Windows Root Cause Analysis in Seconds, Not Hours

ET Ducky correlates ETW events, health signals, and system changes directly on the endpoint—filtering out PII and proprietary data before anything leaves the machine—then delivers AI-powered root cause analysis from structured findings only. Deploy lightweight agents, set alert rules, and get a clear “what happened / why / what to do next” summary from a single dashboard.

Free tier available • No credit card required

Trusted by IT teams for real-time Windows diagnostics

Windows Admins MSPs Enterprise Ops Security Teams

Built for incident response speed

Your data stays on the endpoint

Raw ETW events never leave the machine. The local correlation engine filters out PII and proprietary information, then builds a structured diagnostic summary on-agent—so only sanitized, actionable findings reach the AI.

Lower noise, higher signal

Three collection modes (Health / On-Demand / Full) let you control overhead precisely. Collect only what you need, when you need it, and auto-stop when the window expires.

Fleet-wide visibility, single pane

Deploy lightweight agents across your Windows infrastructure and troubleshoot from a centralized dashboard with health metrics, alerting, live query sessions, remote shell, and browser-based remote desktop.

See ET Ducky in Action

Features

Comprehensive Windows monitoring, diagnostics, and fleet management

Core Platform

Cloud Dashboard

A single-page web application at etducky.com providing centralized visibility into your entire Windows infrastructure. Sign in with Clerk authentication (OAuth, SAML 2.0 SSO, or SCIM directory sync) and access everything from any browser.

Real-Time Agent Fleet View — Monitor all deployed agents with online/offline status, CPU/memory usage, and color-coded health indicators refreshing every 30 seconds
Organization Switcher — Manage multiple organizations seamlessly; switch between them to view different agent fleets, alert rules, and team members
Dashboard Summary Cards — At-a-glance subscription status, query usage with progress bars, agent seat utilization with contributor breakdown, and quick action buttons
Enterprise SSO & Provisioning — SAML 2.0 single sign-on and SCIM directory sync for automated user lifecycle management across your organization
Client-Side Routing — SPA with browser history integration for fast navigation between Dashboard, Agents, Alerts, Team, and Settings pages

AI-Powered Diagnostics

Every diagnostic workflow is powered by Claude AI from Anthropic. Ask questions in plain English and receive expert-level root cause analysis.

Natural Language Queries — No query syntax to learn; ask questions like “Why is SQL Server failing to start?” or “What’s causing high CPU right now?”
Local Correlation Engine — Agents process raw ETW events locally, filtering out PII and proprietary data before building a structured query—only sanitized diagnostic findings are sent to AI
Context-Aware Responses — AI understands the full system context including running processes, services, network state, and recent changes
Actionable Recommendations — Every response includes specific remediation steps, not just diagnosis
Conversation History — Up to 10 turns of context for follow-up questions within a session

Two Agent Types

Managed Agents — Full Power

Windows Service running as Local System with auto-start
Full ETW event collection with 30+ configurable providers
Live Sessions with AI queries, remote shell, and file transfers
Browser-based Remote Desktop with screen capture, input injection, and clipboard sync
Remote configuration push, alert evaluation, multi-agent correlation
Starting at $5/agent/month with volume discounts down to $2/agent

Desktop Agents — Free & Lightweight

User-mode application starting with login session
Health metrics monitoring (CPU, memory, disk) with dashboard visibility
~30–50 MB RAM, <1% CPU — zero cost, unlimited deployment

Flexible Pricing

BYOK (Free) — Bring your own Anthropic API key for unlimited AI queries at zero subscription cost
Professional ($39/mo) — 1,000 queries/month with 10 free agent seats per subscribed user
Business ($99/mo) — 5,000 queries/month for growing teams
Enterprise ($249/mo) — 50,000 queries/month with premium support
Volume Discounts — Agent seat pricing drops from $5 to $2/seat as you scale
Annual Billing — Save 15% on subscriptions and agent seats
Organization Quota Pooling — All team members share the same query pool and agent seats

Monitoring & Health

Real-Time Health Metrics

Every agent reports health metrics every 30 seconds, displayed in the Agents table and agent Properties modal with automatic color-coded thresholds.

CPU Usage — System-wide utilization with green/yellow/red indicators (<60% / 60–85% / >85%)
Memory Usage — Physical memory utilization with same color thresholds
Disk Space — All mounted volumes with usage percentages and free space remaining
Network — Bytes sent/received and active connection counts
Process List & Service Status — Running processes and Windows service states (toggleable via Remote Configuration)

ETW Event Collection

30+ configurable Event Tracing for Windows providers across kernel, user-mode, and performance categories.

Kernel Providers

File System I/O, File System Initialization, Process & Thread, Image Load, Registry, Network TCP/IP, Network UDP, Memory Management, Driver Operations, Object Handles, Process Counters

User-Mode Providers

.NET Runtime, .NET Exceptions, DNS Client, WinHTTP, TCP/IP, Windows Error Reporting, Shell Core, LDAP Client, Group Policy, Windows Firewall, SQL Server, PowerShell, Task Scheduler, Certificate Services, Print Service

Performance & Diagnostics

Performance Counters, Diagnostic Policy Service, Timer Events, Wait Analysis

Three Collection Modes

Mode	ETW Events	CPU Impact	RAM	Use Case
Health Only	None	<1%	~50 MB	Always-on production monitoring
On-Demand	Configured providers (timed)	5–10%	50–150 MB	Targeted troubleshooting
Full Monitoring	All enabled (continuous)	8–15%	100–200 MB	Critical incident investigation

Live Sessions automatically start and stop collection. On-Demand mode auto-returns to Health Only when the timer expires.

Data Retention

Raw Metrics: 30 days of detailed data points
Aggregated Data: 90 days of hourly averages
Long-Term Trends: 1 year of daily summaries
Interactive time-series charts with zoom, multi-agent comparison, and CSV export

Live Sessions

Three-Tab Diagnostic Modal

Start a live session with any online agent to open a real-time diagnostic modal with three powerful tabs, connected via Server-Sent Events (SSE).

Query Tab — AI-Powered Diagnostics

Chat-style interface for natural language questions about the agent’s state
Agent collects ETW events, correlates locally (filtering PII and proprietary data), and sends structured findings to Claude AI
Responses include diagnostic findings, root cause analysis, and actionable recommendations
Up to 10 turns of conversation context for follow-up questions
Press Enter to send, Shift+Enter for new line

Shell Tab — Remote Command Execution

PowerShell / CMD toggle — switch execution engine via dropdown
Command history — navigate with ↑/↓ arrow keys
Saved Scripts — dropdown of pre-saved scripts with one-click execution; Script Manager for create/edit/delete
Terminal-style output with exit codes, stdout, and stderr
5-minute timeout, max 3 concurrent commands, runs as Local System

Files Tab — Bidirectional Transfers

Push File: Upload from browser to agent with destination path
Pull File: Download from agent by source path
1 MB chunk transfers with MD5 integrity verification
Real-time progress bars; max 2 concurrent transfers
Completed pulls show a Download button for saving locally

Session Lifecycle

Start: Click Live Session → ETW collection starts automatically → SSE stream connects → three-tab modal opens
During: Query AI, execute commands, transfer files — all in parallel
End: Click End Session → ETW stops → agent returns to previous mode
One active session per agent at a time

Remote Desktop

Browser-Based Remote Control

Take full remote control of any online agent directly from the ET Ducky dashboard — no VNC, no RDP client, no firewall rules. Connect with one click and interact with the agent’s desktop as if you were sitting in front of it.

One-Click Connect — Click “Remote” on any online agent row to launch a fullscreen remote desktop session
GPU-Accelerated Capture — DXGI Desktop Duplication API for high-performance screen capture with dirty-region tracking; automatic GDI+ fallback for RDP sessions or older GPUs
WebP & JPEG Encoding — Adaptive encoding via SkiaSharp with configurable quality (Low / Medium / High / Ultra); dirty regions sent individually to minimize bandwidth
Full Input Control — Mouse movement, clicks, scroll, and full keyboard injection via Win32 SendInput API with proper modifier key tracking
Bidirectional Clipboard Sync — Copy text on either end and paste on the other; uses Windows AddClipboardFormatListener for instant change detection
Smart Cursor Rendering — Agent detects cursor shape changes (pointer, text, resize, wait, etc.) and sends CSS cursor names; custom application cursors sent as PNG images
Multi-Monitor Support — Display selector in the toolbar when the agent has multiple monitors; switch between displays mid-session

Viewer Interface

The remote desktop viewer is a fullscreen modal with a collapsible toolbar providing real-time session controls and performance readouts.

Canvas Renderer — Hardware-accelerated HTML5 Canvas with offscreen compositing for dirty-region rendering at native resolution
Scale Modes — Fit (maintain aspect ratio), Stretch (fill viewport), or Native (1:1 pixel mapping with scrolling)
Quality Slider — Adjust encoding quality on the fly; changes take effect immediately
Keyboard Grab — Toggle to capture all keyboard shortcuts (Ctrl+Tab, Alt+F4, etc.) and forward them to the remote system instead of the local browser
Fullscreen Mode — True browser fullscreen for an immersive remote experience
Live Stats — Real-time FPS counter and bandwidth readout (KB/s or MB/s) in the toolbar
Connection Status — Color-coded indicator: amber (connecting), green (connected), red (disconnected)

Architecture & Performance

Remote desktop uses a WebSocket relay through the ET Ducky server. The server never decodes frame data — it forwards binary frames from agent to browser with zero processing overhead.

Data Flow: Agent captures screen → encodes to WebP/JPEG → sends binary frames over WebSocket → server relays unchanged → browser decodes on Canvas
Input Flow: Browser captures mouse/keyboard → sends JSON input messages → server relays → agent injects via SendInput
Latency: <50 ms on LAN, <150 ms on WAN
Frame Rate: 1–5 FPS idle, 15–30 FPS during active interaction, adaptive to bandwidth
Bandwidth: 0.5–2 Mbps (low quality) to 2–5 Mbps (high quality at 1080p)
Security: WSS (TLS-encrypted WebSocket), Clerk JWT authentication for browser, Agent ID + Org Key for agents, 15-minute idle timeout
Limits: 2 concurrent remote desktop sessions per organization

Multi-Agent Analysis

Fleet-Wide Diagnostics

Query multiple agents simultaneously to diagnose distributed issues, compare fleet health, and identify outliers.

Agent Selection Grid — Visual grid showing all org agents; online agents have checkboxes, offline agents are grayed out
Select All / Deselect All buttons for quick selection
Environment Filter — Show only Production, Staging, or Development agents
Parallel Query Distribution — Questions sent to all selected agents simultaneously
Agent Status Sidebar — Real-time status per agent: green (responding), yellow (waiting), red (failed)
Agent View Selector — Filter chat by specific agent or view all responses together
Skip Waiting Agents — Proceed without slow or unresponsive agents

Cross-Correlation Engine

After agents respond, trigger cloud-side analysis that compares findings across your fleet:

Common Patterns — Issues appearing across multiple systems
Outlier Behavior — Agents behaving differently from the rest
Shared Root Causes — Underlying issues affecting multiple systems simultaneously
Environmental Correlations — Patterns tied to specific environments or configurations
Auto-Correlate Toggle — Automatically run correlation after each query round
Export Results — Download the full transcript with all queries, responses, and analyses

Query Cost: 1 query per agent per question + 1 per device for correlation. Example: querying 5 agents with correlation = 10 queries.

Common Scenarios

Distributed App Failures: Select web, app, and database tier agents to trace requests across tiers
Load Balancer Issues: Compare identical servers in a pool to find the problematic one
Active Directory: Correlate authentication events across domain controllers
Security Incidents: Track lateral movement and coordinated attack patterns
Performance Comparison: Identify outlier servers with degraded metrics

Alert System

Intelligent Monitoring

Automated alert system with AI-powered analysis monitors your infrastructure 24/7. The Alerts page provides a three-tab interface with auto-refresh every 30 seconds.

Alert History

Stat cards for Critical, Warning, Info, Active Total, and Resolved Today counts
Filter by status (Active/Acknowledged/Resolved) and severity (Critical/Warning/Info)
Alert cards with severity badge, time since triggered, rule name, agent name, and AI Analysis badge
Actions: Acknowledge, Resolve, View Details (with AI root cause analysis)

Alert Rule Builder

11 Available Metrics: CPU %, Memory %, Disk %, Network Bytes Sent/Received, Active Connections, Agent Name/ID/Type/Tags/OS
10 Operators: > ≥ < ≤ = != contains not_contains starts_with ends_with
AND/OR Condition Logic — Combine multiple conditions in a single rule
Duration Requirements — e.g., “CPU > 90% for 300 seconds” to avoid alerting on brief spikes
Severity Levels: Critical, Warning, Info
Enable/Disable Toggle without deleting rules

Notification Channels

Email, Slack, Microsoft Teams, Custom Webhooks
Test notifications to verify channel configuration
Enable/disable toggle, reusable across multiple rules

AI-Powered Alert Analysis

Every triggered alert receives automatic Claude AI analysis including:

Root cause identification and impact assessment
Immediate mitigation steps and long-term prevention recommendations
Confidence level for the analysis
Results cached 24 hours — similar alerts get instant insights

Fleet Management

Remote Configuration

Push configuration changes to agents without local access. Changes apply within 30 seconds via server-side polling.

ETW Providers Tab: Level filter, 30+ kernel provider checkboxes, excluded paths
Metrics Tab: Toggle CPU, memory, disk, process list, service status, event logs
Performance Tab: Batch size and timeout tuning
Server-side config overrides local AgentConfig.json automatically

Agent Tags

Organization-scoped, color-coded labels for categorizing agents by function, location, team, or any custom grouping.

Create tags with name, description, and color at the organization level
Assign/remove via Tag Modal with current and available tag sections
Up to 3 tags shown inline on agent rows with “+N” overflow count
Use tags in alert rule conditions (e.g., “agent_tags contains production”)

Team Management

Role-based access control with Clerk-powered organization membership.

Capability	Administrator	Member
View agents, health, sessions, alerts	✓	✓
Start live sessions, configure agents	✓	✓
Remote desktop sessions	✓	✓
Invite/remove members	✓	✗
Manage billing & org settings	✓	✗

Invite members by email with role selection
Pending invitations table with Revoke option
All org members share query pool, agents, alerts, and seats

Subscription & Billing

Stripe Integration — Secure checkout for subscriptions and agent seats
Billing Portal — Self-service plan changes, invoice history, payment methods
Agent Seat Purchase Modal — Interactive calculator with volume pricing breakdown and savings display
Instant Upgrades with prorated billing; downgrades at next cycle
Usage Monitoring — Real-time query and seat usage on Dashboard

Deployment Options

Agent Setup Wizard

Guided 4-step installation flow built into the dashboard:

Registration Token — Create a scoped, revocable token for agent enrollment (admin-only)
Download Installer — Get ETDuckyAgentSetup.exe with bundled .NET 9.0 Runtime
Silent Install — Run with your registration token: /SILENT /REG_TOKEN="etd_..."
Verify — sc query ETDuckyAgent confirms the service is running

Bulk Deployment

PowerShell Remoting — Built-in template using Get-ADComputer and Invoke-Command for AD-based mass deployment
SCCM/MECM — Silent install flag works with Configuration Manager task sequences
Intune — Deploy as a Win32 app with the /SILENT /REG_TOKEN parameters
GPO — Startup script deployment using the silent install command

Cloud Hosting Tiers

Tier	Agents	Per Agent	Infra Fee	Highlights
Shared	0–99	$5/mo	$0	Multi-tenant, instant setup
Dedicated T1	100–999	$4/mo	$87/mo	Own subdomain, data isolation, SOC2/HIPAA
Dedicated T2	1K–9,999	$3/mo	$194/mo	Load balanced, Redis cache, 90-day retention
Dedicated T3	10K+	$2/mo	$666/mo	HA 99.9% SLA, auto-failover, 24/7 support

Self-Hosted Option

Custom Docker image and pre-configured agent installer for your infrastructure
Annual licensing from $10K/year or perpetual from $35K one-time
Full data sovereignty, air-gap support, and 80% cost savings at 5,000+ agents
PostgreSQL + TimescaleDB with your own Anthropic API keys

Enterprise & Scale

Scale

Architecture designed for 100,000+ agents
Volume pricing dropping to $2/agent/month at 10K+ agents
Automated tier migrations with zero downtime and no agent reconfiguration
Dedicated infrastructure with load balancing, Redis caching, and HA database clusters
Local correlation with PII filtering — minimal sensitive data exposure and low network overhead even at scale

Security

Clerk Authentication — OAuth, SSO (SAML 2.0), SCIM provisioning, and MFA support for all user accounts
Organization-Scoped Isolation — Each org's agents, data, and resources are completely isolated
TLS 1.3 Encryption — All agent-to-cloud and browser-to-cloud communication encrypted, including WSS for remote desktop sessions
Local Event Processing — ETW events correlated on-agent before transmission; minimal data leaves the system
Compliance Ready — SOC2 and HIPAA compliance on Dedicated Tier 1 and above
Self-Hosted Option — Complete data sovereignty for air-gapped and regulated environments

Support

Tier	Response Time	Channels
Professional	24 hours	Email
Business	8 hours	Priority email
Enterprise	2 hours	Dedicated contact, phone
Self-Hosted Premium	4 hours	24/7, dedicated Slack
Self-Hosted Enterprise	1 hour	Dedicated CSM, on-site visits

Integration Ready

Notification Webhooks — Connect alerts to any ITSM, automation, or monitoring tool via custom HTTP webhooks
Slack & Microsoft Teams — Native webhook integration for team chat notifications
Email Notifications — Direct delivery to individuals or distribution lists
Stripe Billing — Self-service subscription management with billing portal
Active Directory — Bulk deployment via AD-based PowerShell remoting
SCCM/MECM, Intune, GPO — Compatible with all major enterprise deployment tools

Documentation

Complete guide to ET Ducky Cloud Platform

Getting Started

What is ET Ducky?

ET Ducky is a cloud-based Windows monitoring and diagnostics platform powered by Event Tracing for Windows (ETW). Deploy lightweight agents across your infrastructure, then monitor, diagnose, and troubleshoot issues from a centralized web dashboard with AI-powered analysis from Claude by Anthropic.

Key Features

Agent-Based Architecture — Deploy managed agents (Windows Service) or free desktop agents across unlimited systems
Cloud Dashboard — Single-page application at etducky.com with real-time monitoring, accessible from any browser
Real-Time Health Metrics — CPU, memory, disk, and network monitoring with color-coded thresholds and 30-second auto-refresh
ETW Event Collection — 30+ configurable kernel and user-mode providers for file system, registry, process, network, and application events
Live Query Sessions — Interactive three-tab modal with natural language AI queries, remote shell execution, and bidirectional file transfers
Browser-Based Remote Desktop — One-click screen sharing and remote control for any online agent, directly from the dashboard via WebSocket relay
Multi-Agent Correlation — Query multiple agents simultaneously with cross-correlation analysis to identify fleet-wide patterns
Intelligent Alert System — Rule-based alerts with 11 metrics, AND/OR condition logic, multi-channel notifications, and AI root cause analysis
Remote Configuration — Push ETW provider settings, metrics toggles, and performance tuning to agents without local access
Organization-Scoped Resources — Agent tags, alert rules, query quotas, and team members all scoped to your Clerk organization
Multi-Organization Support — Switch between organizations seamlessly with the built-in organization switcher

Quick Start Guide

Create Your Account
- Visit etducky.com and click Sign Up
- Register with email or an OAuth provider (Google, GitHub, etc.) via Clerk authentication. Enterprise customers can configure SAML 2.0 SSO and SCIM directory sync for automated provisioning.
- Create your first organization — this becomes the scope for your agents, alerts, tags, and query pool. You can create additional organizations later from the Dashboard or Team page for separate clients or environments.
- Invite team members from the Team page if collaborating
Choose a Subscription
- Start with BYOK (Bring Your Own Key) — free with your own Anthropic API key for unlimited queries
- Or select a paid tier: Professional ($39/mo, 1K queries), Business ($99/mo, 5K queries), or Enterprise ($249/mo, 50K queries)
- All paid plans include 10 free managed agent seats per subscribed user; additional seats start at $5/agent/month with volume discounts
- Organization admins can purchase subscriptions on behalf of team members from the Dashboard or Team page
- Desktop agents are always free and unlimited on every tier
Deploy Your First Agent
- Navigate to the Agent Setup page from the navigation bar
- Create a Registration Token (admin-only) — click "+ New Token" and copy the etd_... value
- Download ETDuckyAgentSetup.exe from the dashboard
- Run the installer with your token: .\ETDuckyAgentSetup.exe /SILENT /REG_TOKEN="etd_..."
- Verify the agent service is running: sc query ETDuckyAgent
- The agent appears on your Agents page within seconds
Configure Monitoring
- On the Agents page, click the Configure button for your agent
- Select ETW providers to enable (kernel and user-mode), toggle health metrics, and adjust performance tuning
- Save — the agent picks up the new configuration within 30 seconds via server polling
Set Up Alerts
- Go to the Alerts page and switch to the Alert Rules tab
- Click Create Rule and define conditions using 11 available metrics with operators like >, <, contains, starts with
- Set up Notification Channels (Email, Slack, Microsoft Teams, or custom Webhooks) and assign them to your rules
Start Diagnosing
- Click Live Session on any online agent to open the three-tab diagnostic modal
- Use the Query tab to ask natural language questions — the agent collects ETW events, runs local correlation, and sends structured prompts to AI
- Use the Shell tab for remote PowerShell/CMD execution
- Use the Files tab to push or pull files with real-time progress tracking
- Click Remote on any online agent to launch a browser-based remote desktop session for visual troubleshooting or hands-on configuration

System Requirements

For Agent (Monitored Systems)

OS: Windows 10/11, Windows Server 2016+
Permissions: Administrator/SYSTEM privileges for managed agents; standard user privileges for desktop agents
RAM: ~50 MB in Health Only mode; 50–200 MB during active ETW collection
Disk: 100 MB for the agent binary and local event buffer
Network: HTTPS outbound to etducky.com (port 443); SSE support for real-time connections
.NET: .NET 8.0 Runtime (bundled with the installer)

For Dashboard (Your Browser)

Browser: Chrome 120+, Firefox 121+, Edge 120+, Safari 17+ (latest versions recommended)
Network: Stable internet connection for real-time features
JavaScript: Must be enabled (the dashboard is a single-page application)
EventSource: Must be supported for SSE-based live sessions, real-time updates, and remote desktop relay

Agents & Monitoring

Agent Types

Managed Agents ($5/month each)

Managed agents run as a Windows Service under the Local System account, starting automatically with Windows. They are the full-featured agent type designed for servers, production systems, and critical workstations.

Deployment: Windows Service (runs as SYSTEM), auto-start with Windows
Full ETW Event Collection with 30+ configurable kernel and user-mode providers
Real-Time Health Metrics — CPU, memory, disk, network reported every 30 seconds
Live Query Sessions with AI-powered diagnostics, remote shell, and file transfers
Browser-Based Remote Desktop — DXGI screen capture with WebSocket relay for one-click remote control from the dashboard
Remote Configuration Management — push provider, metrics, and performance settings from the dashboard
Alert Evaluation — health metrics evaluated against your alert rules on every heartbeat
Multi-Agent Correlation — participate in cross-fleet diagnostic sessions
Billing: $5/month per agent on shared infrastructure, with volume discounts at scale. 10 free per subscribed user on paid plans.
Resource Usage: ~50 MB RAM in Health Only mode; 50–200 MB during active collection; 1–15% CPU depending on providers

Desktop Agents (Free, Unlimited)

Desktop agents run as a user-mode application that starts with the user session. They provide health visibility without the overhead of ETW collection.

Deployment: User-mode application, starts with user login session
Real-Time Health Metrics — CPU, memory, disk monitoring with dashboard visibility
Basic Status and Uptime Tracking with online/offline indicators
No ETW event collection, no AI diagnostics, no live sessions, no remote shell
Billing: Free and unlimited on all tiers
Resource Usage: ~30–50 MB RAM, <1% CPU

Collection Modes

Managed agents operate in one of three collection modes, controlled from the agent Properties modal or automatically via live sessions.

Health Only (Default)

Data: CPU, memory, disk space, network statistics every 30 seconds
ETW Events: None collected
Resource Impact: <1% CPU, ~50 MB RAM, <100 MB total footprint

On-Demand Collection

Data: Health metrics plus configured ETW providers for a time-limited window (5–60 minutes)
Auto-Stop: Returns to Health Only when timer expires
Resource Impact: 5–10% CPU, 50–150 MB RAM

Full Monitoring

Data: Health metrics plus all enabled ETW providers running continuously until manually stopped
Resource Impact: 8–15% CPU, 100–200 MB RAM

Tip: Live Sessions automatically start ETW collection when opened and stop it when ended.

ETW Event Providers

ET Ducky supports 30+ ETW providers organized into three categories. Enable them individually through Remote Configuration or via presets.

Kernel Providers

File System I/O: File creation, deletion, read, write, rename
File System Initialization: Volume mount, file system load
Process & Thread: Process creation, termination, thread lifecycle
Image Load: DLL and executable loading
Registry: Key and value operations
Network TCP/IP: TCP connection, send, receive
Network UDP: UDP datagram events
Memory Management: Page faults, memory allocation
Driver Operations: Driver load and unload
Object Handles: Handle creation and destruction
Process Counters: Performance counter snapshots

User-Mode Providers

.NET Runtime / .NET Exceptions: CLR events, JIT, GC, managed exception tracking
DNS Client: DNS queries and responses
WinHTTP: HTTP request and response events
TCP/IP (User): User-mode network stack events
Windows Error Reporting: Application crashes and hangs
Shell Core: Windows Explorer and shell events
LDAP Client: Active Directory queries
Group Policy: Policy processing events
Windows Firewall: Firewall rule evaluations
SQL Server / PowerShell / Task Scheduler / Certificate Services / Print Service

Performance & Diagnostics

Performance Counters: System-wide performance metrics
Diagnostic Policy Service: Windows troubleshooting events
Timer Events: High-precision timing
Wait Analysis: Thread wait and contention tracking

Dashboard

Dashboard Overview

The ET Ducky dashboard is a single-page application (SPA) at etducky.com with client-side routing and browser history integration. Authentication is handled by Clerk, and the interface adapts based on your sign-in state.

Navigation Bar

The top navigation bar shows different items depending on whether you are signed in:

Link	Visibility	Description
Home	Always	Landing page with feature overview and demo videos
Features	Always	Detailed feature showcase
Documentation	Always	This documentation (you are here)
Pricing	Always	Subscription tiers, agent pricing, and interactive calculator
Dashboard	Signed in	Organization selector, subscription status, usage stats, agent seats, and quick actions
Agents	Signed in	Agent fleet management, live sessions, and multi-agent queries
Alerts	Signed in	Alert history, rules, and notification channels
Team	Signed in	Organization members, invites, and role management

On mobile devices, the navigation collapses into a hamburger menu. Your user avatar appears on the right with a dropdown for Settings, Manage Account, and Sign Out.

Dashboard Home Page

After signing in, the Dashboard displays an organization selector and four summary cards:

Organization Selector

If you belong to multiple organizations, a dropdown appears at the top of the Dashboard
Switching organizations reloads all dashboard metrics for the selected org (subscription status, usage, agent seats)
The + New Organization button lets you create additional organizations for different clients or environments
Organizations scope all resources: agents, registration tokens, alerts, queries, tags, and team members

Subscription Status Card

Shows your current tier name (Professional, Business, Enterprise, or Free Tier)
Displays queries per month allocation and renewal date
If no active subscription, shows an Upgrade Now button linking to Pricing

Usage Statistics Card

Queries used vs. total allocation with visual progress bar
Color-coded: green under 75%, yellow at 75–90%, red above 90%

Agent Seats Card

Three-column grid: Total seats, Used seats, Available seats
Progress bar with utilization percentage
Breakdown of included (free) vs. purchased seats with per-seat rate
Seat Contributors section showing per-member breakdown for multi-member orgs
Warning banners when seats are nearly full or completely used

Quick Actions

Manage Query Subscription — Opens Stripe billing portal for your query plan
Manage Agent Subscription — Opens seat purchase modal or billing portal
Manage Team Subscriptions — Opens a modal showing all organization members with their subscription status. Admins can purchase plans for unsubscribed members or cancel admin-purchased subscriptions. (Admin only; visible when you belong to an organization.)
Download App — Downloads the agent installer
View Documentation — Navigates here

Agents Page

The central hub for monitoring and managing your agent fleet.

Organization Switcher

If you belong to multiple organizations, a dropdown selector appears at the top. Switching organizations reloads all agent data for the selected org.

Statistics Bar

Four summary metrics above the agent table:

Managed Agents: Count with per-agent cost ($5/mo on shared)
Desktop Agents: Count (always free)
Active Now: Agents with heartbeat within last 10 minutes
Monthly Fees: Estimated total monthly cost for managed seats

Agent Table

Column	Details
Server Name	Hostname with collection mode badge and color-coded tag pills (max 3 visible + overflow count)
Type	Managed or Desktop with icon
Status	Online (green dot) or Offline (red dot) with colored pill badge
CPU / Memory	Color-coded: green <60%, yellow 60–85%, red >85%
Last Seen	Relative timestamp (e.g., “2m ago”)
Actions	Live Session, Properties, Configure buttons

The table auto-refreshes every 30 seconds. The Multi-Agent Session button above the table opens multi-agent sessions.

Agent Management

Agent Properties Modal

Click an agent name or Properties button to open the details modal with four sections:

1. Information Grid

Server Name, Agent ID, Type, Status (with colored indicator), Last Heartbeat, Version, Environment, Mode, Tags

2. Health Metrics

CPU and Memory usage cards with color-coded thresholds (green/yellow/red)
Values from the latest health report (updated every 30 seconds)

3. Collection Control

Start Full — begins continuous ETW collection
On-Demand — starts time-limited collection
Stop — ends all ETW collection, returns to Health Only

A status bar shows the current collection state and active provider count.

4. Interactive Query Session

Current session ID and event count (if active)
Begin Session / End Session buttons to control live sessions from properties

Remote Management

Collection Control

Start Full/On-Demand/Stop buttons in Properties modal
Agent picks up commands on next heartbeat (within 30 seconds)
Live Sessions automatically start and stop collection

Configuration Push

Changes in the Configure modal are saved server-side
Agents poll for updates every 30 seconds
Server-side config overrides local AgentConfig.json
No agent restart required for most settings

Agent Tags

Organization-Scoped Labels

Agent tags are color-coded labels scoped to your organization. Use them to categorize agents by function, location, team, or any custom grouping.

Creating Tags

Click the tag area on any agent row in the Agents page
In the Tag Modal, click Create New Tag
Enter a Name, optional Description, and pick a Color
The tag is created at the organization level and available for all agents

Assigning & Removing Tags

The Tag Modal shows Current Tags and Available Tags sections
Click a tag in Available to assign it; click × on a Current tag to remove it
Each tag shows its usage count across all agents
Up to 3 tags shown inline on agent rows with “+N” overflow

Using Tags in Alert Rules

Use the agent_tags metric in alert rule conditions to target specific agent groups (e.g., “agent_tags contains production”).

Agent Setup Wizard

4-Step Installation Flow

The Agent Setup page provides a guided installation wizard. You must be signed in and belong to at least one organization.

Step 1: Create a Registration Token

Organization admins can create scoped, revocable registration tokens
Click + New Token, give it a name, optional max-agent limit, and expiry
Copy the etd_... token immediately — it is only shown once
If you belong to multiple organizations, a dropdown lets you select which org to deploy into

Security: Tokens are scoped to a single organization and can be revoked at any time. Use separate tokens for different environments.

Step 2: Download Installer

Click Download to get ETDuckyAgentSetup.exe
The installer auto-downloads .NET 9.0 Runtime if not already present

Step 3: Run Silent Install

.\ETDuckyAgentSetup.exe /SILENT /REG_TOKEN="etd_your_token_here"

The installer passes your registration token to the agent configuration tool, which registers the agent with the ET Ducky cloud API. The server validates the token, resolves the organization, creates the agent record, and returns the organization ID. This is stored locally so the agent can authenticate on every subsequent heartbeat. No organization keys or manual configuration files are needed.

The install command with your token is pre-filled when you create a new token on the Agent Setup page.

Step 4: Verify

sc query ETDuckyAgent

The agent should appear on your Agents page within seconds.

Bulk Deployment

Deploy across multiple machines using PowerShell remoting with Active Directory:

$computers = Get-ADComputer -Filter * -SearchBase "OU=Servers,DC=corp,DC=local" | Select -ExpandProperty Name
$token = "etd_your_token_here"

foreach ($computer in $computers) {
    Invoke-Command -ComputerName $computer -ScriptBlock {
        param($t)
        Start-Process "C:\Temp\ETDuckyAgentSetup.exe" -ArgumentList "/SILENT /REG_TOKEN=`"$t`"" -Wait
    } -ArgumentList $token
}

Enterprise Deployment Tools

The silent installer works with any deployment tool that supports command-line execution:

MECM / SCCM: Create an Application or Package with the silent install command. Use a Device Collection to target machines. The /SILENT flag ensures no user interaction is required.
Intune: Upload the installer as a Win32 app (.intunewin). Use the silent install command as the install command string. Set detection rules based on the ETDuckyAgent service or install directory.
Group Policy (GPO): Deploy via a Startup Script targeting computer accounts. Place the installer on a network share accessible by machine accounts.

Tip: Create a dedicated registration token with a high max-agent limit for bulk deployments. Use separate tokens per deployment wave for tracking and revocation control.

Live Sessions

Three-Tab Diagnostic Modal

Live Sessions provide real-time, interactive diagnostics with a single agent. Click Live Session on any online agent to open the modal, which automatically starts ETW collection and establishes an SSE (Server-Sent Events) connection.

Query Tab

Natural language chat interface for AI-powered diagnostics:

Type questions in the input box and press Enter to send (Shift+Enter for new line)
The agent collects ETW events, runs local correlation (filtering out PII and proprietary data), builds a structured prompt, and sends it to Cloud AI
Responses include diagnostic findings, root cause analysis, and actionable recommendations
Conversation history supports up to 10 turns of context
Each question consumes 1 query from your organization pool

Shell Tab

Remote command-line interface for direct execution on the agent:

Shell Type Toggle: Switch between PowerShell and CMD via dropdown
Press Enter to execute; ↑/↓ arrow keys for command history
Saved Scripts: Dropdown of pre-saved scripts with one-click execution. Script Manager to create, edit, delete.
Terminal-style output with exit codes, stdout, and stderr
Limits: 5-minute timeout per command, max 3 concurrent commands
Runs under: Agent service account (Local System for managed agents)

Files Tab

Bidirectional file transfers between your browser and the agent:

Push File: Upload from browser with a destination path on the agent
Pull File: Download from agent by specifying a source path
Transferred in 1 MB chunks with MD5 verification
Real-time progress bars with percentage and byte count
Completed pulls show a Download button
Limits: Max 2 concurrent transfers; status refreshes every 5 seconds

Session Lifecycle

Starting

Click Live Session on an online agent
ETW collection initiates on the agent
SSE connection establishes with QueryResponse, QueryFailed, and SessionEnded event handlers
Three-tab modal opens — ready for queries

Ending

Click End Session
ETW collection stops on the agent
SSE stream closes; agent returns to previous mode

Only one live session per agent at a time. Session history is not retained after closing.

Effective Query Tips

Be Specific: “Why can't user John access \\server\share?” beats “Why doesn't this work?”
Include Context: Mention app names, file paths, service names, user accounts
Start Broad, Then Narrow: Overview first, then drill down
One Issue at a Time: Focus on a single problem for best correlation
Processing Time: Most queries return in 3–10 seconds

Remote Desktop

Overview

ET Ducky’s browser-based remote desktop lets you view and control any online agent’s screen directly from the dashboard. No VPN, no VNC client, no RDP configuration, no firewall rules — just click “Remote” on any online agent and start working.

Remote desktop sessions run alongside existing features. You can have a live query session and a remote desktop session with the same agent simultaneously.

Starting a Session

Navigate to the Agents page
Click the Remote button on any online agent row (the button is disabled for offline agents)
A fullscreen modal opens with a connecting overlay
The server creates a session record and signals the agent via SSE
The agent initializes screen capture and connects its WebSocket
Once both sides are connected, frames begin streaming and the overlay disappears

Typical connect time: 1–3 seconds on LAN, 2–5 seconds on WAN.

Toolbar Controls

Control	Description
Status Indicator	Color-coded dot: amber (connecting), green (connected), red (disconnected)
FPS / Bandwidth	Live readout of frames per second and data throughput
Quality	Dropdown: Low (30), Medium (50), High (70), Ultra (90). Adjusts encoding quality in real time
Scale Mode	Fit (maintain aspect ratio), Stretch (fill viewport), Native (1:1 pixels with scroll)
Display Selector	Appears when the agent has multiple monitors. Switch displays mid-session
Keyboard Grab	Toggle to capture browser shortcuts (Ctrl+Tab, Alt+F4, etc.) and send them to the remote system
Fullscreen	Enter true browser fullscreen for an immersive experience
Disconnect	End the session, release all resources, and close the modal

Input & Clipboard

Mouse

Mouse movement, left/middle/right click, and scroll wheel are all forwarded to the remote agent
Coordinates are normalized (0.0–1.0) and translated to absolute screen coordinates on the agent via SendInput
Mouse move events are throttled to 60/second to prevent overwhelming the connection

Keyboard

All key presses are captured using browser KeyboardEvent.code values and mapped to Windows virtual key codes
Modifier keys (Ctrl, Alt, Shift, Win) are tracked independently to prevent stuck-key issues
Enable Keyboard Grab in the toolbar to intercept browser shortcuts and forward them to the remote system
All held modifier keys are automatically released when a session ends

Clipboard

Text clipboard syncs bidirectionally between browser and agent
Agent monitors clipboard changes via AddClipboardFormatListener and pushes updates instantly
Browser clipboard access requires page focus (Clipboard API security requirement)

Performance & Limits

Metric	Typical Value
Input latency	<50 ms LAN, <150 ms WAN
Frame rate (idle)	1–5 FPS
Frame rate (active)	15–30 FPS
Bandwidth (low quality)	0.5–2 Mbps
Bandwidth (high quality, 1080p)	2–5 Mbps
Capture method	DXGI Desktop Duplication (GPU-accelerated); GDI+ fallback for RDP sessions
Encoding	WebP (default) or JPEG; dirty-region encoding to minimize data
Max concurrent sessions	2 per organization
Idle timeout	15 minutes

Adaptive quality: The encoder automatically reduces quality when bandwidth is constrained and increases it when headroom is available.

Troubleshooting

Black screen after connecting: The agent may be in an RDP session where DXGI is unavailable. The agent automatically falls back to GDI+ capture, which may take an extra second.
High latency or stuttering: Reduce quality to Low or Medium in the toolbar. Check network connectivity between the agent and the ET Ducky server.
Keyboard shortcuts not working remotely: Enable Keyboard Grab in the toolbar to intercept browser shortcuts.
Clipboard not syncing: Ensure the browser tab is focused. The Clipboard API requires page focus for security reasons.
“Agent is not online” error: The agent must be online (green status) to start a remote desktop session. Check agent connectivity.
“Maximum sessions” error: Your organization has 2 concurrent remote desktop sessions active. End one before starting another.

Multi-Agent Sessions

Cross-System Diagnostics

Query multiple agents simultaneously and correlate findings across your fleet for distributed application failures, load balancing issues, and fleet-wide problems.

Starting a Multi-Agent Session

Click Multi-Agent Session on the Agents page
Agent selection grid appears: online agents have checkboxes, offline agents are grayed out
Select All / Deselect All buttons for quick selection
Environment Filter dropdown: show only Production, Staging, or Development agents
Click Start Session — ETW collection begins on all selected agents

Query Distribution & Responses

Queries distribute to all selected agents in parallel (1 query per agent per question).

Agent Status Sidebar

Green — Responding / completed
Yellow — Waiting for response
Red — Failed or timed out

Use the Agent View Selector to filter chat by specific agent or view all. Skip Waiting Agents to proceed without slow responders.

Cross-Correlation Analysis

After agents respond, click Run Correlation for cloud-side analysis that compares findings across agents:

Common Patterns: Issues appearing across multiple systems
Outlier Behavior: Agents behaving differently from the fleet
Shared Root Causes: Underlying issues affecting multiple systems
Environmental Correlations: Patterns tied to specific environments

Auto-Correlate: Toggle to automatically run correlation after each query round.

Export Results: Download the full session transcript with all queries, responses, and correlations.

Query Cost

1 query per agent per question + 1 per device for correlation. Example: querying 5 agents with correlation = 10 queries.

Common Scenarios

Distributed App Failures: Select web, app, and database tier agents to trace requests and find the failing tier
Load Balanced Services: Select all pool members to identify the problematic server and detect configuration drift
Active Directory Issues: Correlate authentication events across domain controllers
Security Incidents: Track lateral movement and coordinated attacks across systems
Performance Comparison: Compare metrics across identical servers to find outliers

Alert System

Alerts Dashboard

The Alerts page has three tabs for managing monitoring rules, notifications, and alert history. Auto-refreshes every 30 seconds.

Tab 1: Alert History

Stat Cards: Counts for Critical, Warning, Info, Active Total, and Resolved Today
Filters: By status (All/Active/Acknowledged/Resolved) and severity (All/Critical/Warning/Info)
Alert Cards: Severity badge, status badge, time since triggered, rule name, agent name, description, AI Analysis badge

Alert Status	Available Actions
Active	Acknowledge, Resolve, View Details
Acknowledged	Resolve, View Details
Resolved	View Details

View Details opens a modal with full alert info, triggering metrics, and AI root cause analysis with recommendations.

Tab 2: Alert Rules

Define conditions that trigger alerts. Click Create Rule to open the Rule Builder.

Rule Builder Fields

Rule Name & Description
Severity: Critical, Warning, or Info (radio buttons)
Conditions: One or more conditions with AND/OR logic
Notification Channels: Select channels to notify
Enabled Toggle: On/off without deleting

Available Metrics (11 Total)

Category	Metrics
Performance	CPU Usage %, Memory Usage %, Disk Usage %, Network Bytes Sent, Network Bytes Received, Active Connections
Agent Properties	Agent Name, Agent ID, Agent Type, Agent Tags, OS

Condition Operators

Numeric	String
> ≥ < ≤ = !=	= != contains not_contains starts_with ends_with

Each condition supports an optional Duration requirement (e.g., “CPU > 90% for 300 seconds”) to avoid alerting on brief spikes.

Saved rules display as cards with name, severity, evaluation interval, channel count, and edit/delete/toggle controls.

Tab 3: Notification Channels

Configure where alerts are delivered. Channels are reusable across multiple rules.

Type	Configuration	Use Case
Email	Recipient addresses, subject template	Individual notifications, reports
Slack	Webhook URL	Team chat, DevOps channels
Microsoft Teams	Webhook URL	Enterprise collaboration
Webhook	Custom URL, HTTP method, headers	ITSM, automation, custom integrations

Test: Send a test notification to verify configuration
Enable/Disable: Toggle without deleting
Each channel card shows type icon, name, type label, and toggle switch

AI-Powered Alert Analysis

Every alert receives automatic Claude AI analysis including root cause, impact assessment, immediate actions, long-term recommendations, and confidence level. Analysis is cached for 24 hours — similar alerts reuse cached results.

Remote Configuration

Configuration Modal

Click Configure on any agent to open the Remote Configuration modal. Changes are stored server-side and delivered within 30 seconds. Server-side config always overrides the local AgentConfig.json.

ETW Providers Tab

Level Filter: Minimum ETW level (Verbose, Informational, Warning, Error, Critical)
Kernel Provider Checkboxes: 30+ individual providers to toggle
Excluded Paths: File paths to exclude (one per line, supports wildcards)

Metrics Tab

Toggle which health metrics the agent collects: CPU Usage, Memory Usage, Disk Space, Process List, Service Status, Event Logs.

Performance Tab

Batch Size: Events to batch before processing/sending
Timeout: Max wait before sending a partial batch

Tip: Increase batch size for high-volume environments; decrease for time-sensitive diagnostics.

Configuration Presets

Standard (Baseline)

File I/O, Process/Thread, Registry, Network, .NET Runtime, DNS
100–500 events/sec; 2–5% CPU, 50–100 MB RAM

Comprehensive

All Standard plus Memory, Handles, Drivers, WER, Shell
500–2,000 events/sec; 5–10% CPU, 100–150 MB RAM

Maximum

All providers; 5,000–10,000+ events/sec; 10–15% CPU, 150–200 MB RAM
Short-term diagnostic sessions only

Team Management

Organization Overview

The Team page manages membership and access control. Info cards show Total Members, Administrators, and Pending Invites. Multi-org users see an Organization Switcher dropdown.

Members Table

Email, Role (Administrator/Member), Join Date, and Remove button (admin only).

Roles & Permissions

Capability	Administrator	Member
View agents, health, sessions, alerts	✓	✓
Configure agents	✓	✓
Run live sessions and queries	✓	✓
Invite/remove members	✓	✗
Create/revoke registration tokens	✓	✗
Purchase subscriptions for members	✓	✗
Manage org settings & billing	✓	✗
Delete organization (creator only)	✓*	✗

* Only the user who originally created the organization can delete it, even if other users have the Administrator role.

Inviting Members

Click Invite Member (admin only)
Enter email and select role (Administrator or Member)
Click Send Invite
Invitation appears in Pending Invitations table with Revoke option

Shared Resources: All org members share the same query pool, agents, alert rules, notification channels, and agent seats.

Team Subscriptions

Organization admins can purchase query subscriptions on behalf of team members. This ensures every member has access to AI diagnostics without requiring each person to manage their own billing.

How It Works

From the Dashboard, click Manage Team Subscriptions in Quick Actions
A modal displays all organization members with their current subscription status
For any unsubscribed member, click Buy Plan
Select a tier (Professional, Business, or Enterprise) and click Proceed to Checkout
Complete payment in Stripe — the subscription is created immediately for the target member

Subscription Ownership

Admin-purchased: The admin who bought the subscription can cancel it. The subscription's billing is tied to the organization's Stripe customer. Shown with an “Admin-purchased” badge.
Self-purchased: Members who buy their own subscription manage it through their personal Stripe billing portal. Shown with a “Self” badge. Admins cannot cancel self-purchased subscriptions.

Cancelling Admin-Purchased Subscriptions

Click the Cancel button next to any admin-purchased subscription. Cancellation takes effect immediately with prorated billing.

How Subscriptions Pool

Each subscribed member contributes their tier's query quota and 10 free agent seats to the organization pool. For example, if an admin purchases Professional for 3 members, the org gets 3,000 queries/month and 30 free agent seats.

Creating Organizations

Organizations are the fundamental scoping boundary in ET Ducky. Every resource — agents, registration tokens, alert rules, notification channels, queries, tags, and team members — belongs to exactly one organization.

When to Create Separate Organizations

MSP / Multi-Client: Create one organization per client to keep agents, billing, and data fully isolated
Environment Separation: Separate Production, Staging, and Development environments into distinct orgs for access control
Business Units: Large enterprises can use orgs to give each team independent query pools and agent budgets

How to Create

Click + New Organization on the Dashboard, Team page, or Agent Setup page
Enter an organization name
Click Create Organization — the new org is created via Clerk and set as your active org immediately
Invite team members and set up subscriptions as needed

Multi-Org Users: Use the organization dropdown on the Dashboard, Agents, and Team pages to switch between organizations. All metrics, agents, and settings update to reflect the selected org.

Deleting Organizations

Only the original creator of an organization can delete it. Organization deletion is permanent and irreversible.

What Gets Deleted

All agents registered to the organization
All registration tokens
All alert rules and notification channels
All query history and usage data
All team memberships and pending invitations
All associated billing subscriptions

How to Delete

Navigate to the Team page
Select the organization you want to delete from the dropdown (if you have multiple)
Click the red Delete Organization button in the Organization info card (visible to admins only)
Type the organization name exactly as shown to confirm
Click Delete Organization to proceed

Creator-Only: If you are an admin but not the creator of the organization, the deletion will be rejected by the server. Only the user who originally created the organization can delete it.

Registration Tokens

Registration tokens are the secure method for authenticating agent installations. Only organization admins can create and manage tokens.

Creating Tokens

Navigate to the Agent Setup page
Click + New Token
Give it a descriptive name (e.g., “Production Servers”, “IT Team Deploy”)
Optionally set a max agent limit and expiry date
Copy the etd_... token immediately — it is shown only once

Token Security

Tokens are stored as SHA-256 hashes — the plaintext is never persisted
Each token is scoped to a single organization
Tokens can be revoked at any time to prevent further registrations
Use separate tokens per environment (production, staging, dev) for audit control
Usage counters track how many agents each token has registered

Managing Tokens

The Agent Setup page lists all tokens for your organization with their prefix, name, usage count, status, and expiry. Use the Revoke button to disable a token or Delete to remove it permanently.

Health Monitoring

Real-Time Metrics

Agents report health every 30 seconds. Metrics display in the agent table, properties modal, and feed alert rule evaluation.

CPU: System-wide utilization %; color-coded green/yellow/red
Memory: Physical memory %; same color coding
Disk: All volumes with usage percentages and free space
Network: Bytes sent/received, active connections

Data Retention

Raw Metrics: 30 days of detailed data points
Aggregated: 90 days of hourly averages
Long-Term: 1 year of daily summaries

Interactive time-series charts with zoom, multi-agent comparison, and CSV export.

AI Diagnostics

How AI Analysis Works

Your natural language query is sent to the agent
Agent collects relevant ETW events based on query context
Local correlation engine processes events, filtering out PII and proprietary information
Correlated findings are packaged into a structured prompt with system context
Prompt sent to Claude AI via CloudAPI
AI responds with diagnostics, root cause, and recommendations

Example Queries

“Why is the SQL Server service failing to start?”
“What processes are accessing C:\ProgramData?”
“Show me all failed authentication attempts in the last hour”
“Why is the system slow right now?”
“What changed before the application started crashing?”

Query Pool System

Tier	Monthly Queries	Cost
BYOK	Unlimited	Free (your Anthropic key)
Professional	1,000	$39/mo
Business	5,000	$99/mo
Enterprise	50,000	$249/mo

What Consumes Queries

Live Session Question: 1 query
Multi-Agent Question: 1 per agent per question
Cross-Correlation: 1 additional per device
Alert AI Analysis: 1 per alert (cached 24 hours)

Shared across all org members. Unused queries do not roll over.

Cloud Deployment Options

Overview

Fully-managed monitoring infrastructure with zero ops. Choose shared for small deployments or dedicated for enterprise needs.

Zero infrastructure management
Automatic updates and scaling
10 free agents per subscribed user on paid plans
<1 hour to first agents online

Deployment Tiers

Tier	Agents	Per Agent	Infra Fee	Key Features
Shared	0–99	$5/mo	$0	Multi-tenant, etducky.com/dashboard
Dedicated T1	100–999	$4/mo	$87/mo	Own subdomain, data isolation, SOC2/HIPAA
Dedicated T2	1K–9,999	$3/mo	$194/mo	Load balanced, Redis cache, 90-day retention
Dedicated T3	10K+	$2/mo	$666/mo	HA (99.9% SLA), failover, 24/7 support

Infrastructure fees become negligible at scale. Tier migrations are automated with zero downtime.

Self-Hosted Deployment

Overview

For organizations with compliance, air-gap, or data sovereignty requirements. Run ET Ducky on your own infrastructure.

What You Get

Custom Docker Image with embedded license
Custom Agent Installer pre-configured for your server
Docker Compose templates, PostgreSQL scripts, deployment guide

Requirements

Linux Docker host (4+ vCPU, 8+ GB RAM, 100+ GB disk)
PostgreSQL 13+ with TimescaleDB
Anthropic Claude API key (required)

Licensing

Annual Subscription

Agents	Annual	Setup	Year 1
Up to 1K	$10K/yr	$2.5K	$12.5K
1K–5K	$25K/yr	$2.5K	$27.5K
5K–10K	$40K/yr	$2.5K	$42.5K
10K–25K	$50K/yr	$2.5K	$52.5K

Perpetual License

Agents	One-Time	Maintenance (10%/yr)	Break-Even
Up to 1K	$35K	$3.5K/yr	3.5 years
Up to 5K	$85K	$8.5K/yr	3.4 years
Up to 10K	$140K	$14K/yr	3.5 years
Up to 100K	$350K	$35K/yr	3.5 years

10-Year Comparison (5K agents): Cloud $3.02M | Annual $252K | Perpetual $170K

Pricing & Billing

Query Subscription Tiers

Tier	Monthly	Queries	Free Agents (per subscribed user)
BYOK	$0	Unlimited (your key)	0
Professional	$39	1,000	10 per subscribed user
Business	$99	5,000	10 per subscribed user
Enterprise	$249	50,000	10 per subscribed user

Agent Seat Pricing

Count	Per Seat/Month	Notes
First 10 per subscribed user	Free	Included with paid plans (scales with number of subscribed users)
11–100	$5	Standard rate
101–999	$4	20% discount
1K–9,999	$3	40% discount
10K+	$2	60% discount

Annual billing: Save 15% on both query subscriptions and agent seats.

Subscription Management

Personal Subscriptions

Upgrade: Immediate with prorated billing
Downgrade: Takes effect at next billing cycle
Cancel: Full access until period end; data retained 30 days

All billing via Stripe. Access your personal billing portal from Dashboard → Manage Query Subscription.

Team Subscriptions (Admin-Purchased)

Organization admins can purchase subscriptions for team members who don't have their own. This is useful for onboarding new staff or ensuring every team member has access to AI diagnostics.

Purchase: Dashboard → Manage Team Subscriptions → click Buy Plan next to an unsubscribed member → choose tier → complete Stripe checkout
Billing: Charged to the organization's Stripe customer account, managed by the admin who purchased it
Cancel: Admins can cancel any admin-purchased subscription immediately with prorated billing. Self-purchased subscriptions can only be managed by the subscriber.
Pooling: Each admin-purchased subscription contributes its tier's query quota and 10 free agent seats to the organization pool, just like self-purchased subscriptions

Troubleshooting Workflows

The ET Ducky Diagnostic Method

Identify: What system? What problem? When?
Prepare: Enable relevant ETW providers via Remote Configuration
Capture: Start a Live Session (ETW starts automatically)
Reproduce: Trigger the issue while ETW is collecting
Query: Ask AI specific, targeted questions
Analyze: Review root cause and recommendations
Remediate: Apply fixes via Shell tab or manually
Verify: Confirm resolution
Monitor: Set up alert rules to detect recurrence

Common Scenarios

Application Not Starting

Live Session → Attempt to start app → Ask “Why did [app] fail to start?” → AI analyzes Process, File I/O, Registry events.

Performance Degradation

Check health metrics → Live Session → “What is causing high CPU?” → Use Shell tab to terminate problematic processes.

Service Start Failures

Live Session → Start service → “Why did [service] fail to start?” → AI analyzes dependencies and errors.

Multi-System Issues

Multi-Agent Session → Select all affected agents → “Trace this request through all tiers” → Run Correlation.

Best Practices

Agent Deployment Strategy

Production Servers

Managed agents in Health Only mode by default (<1% CPU, ~50 MB RAM)
On-Demand for maintenance windows; Full Monitoring only during active incidents
Standard (Baseline) provider configuration; alert rules for CPU, memory, disk

Dev/Test Systems

Managed for AI diagnostics, desktop for basic visibility
Comprehensive config for debugging sessions

User Workstations

Desktop agents (free) fleet-wide; managed only for VIP/critical workstations
On-Demand collection only when troubleshooting

Cost Optimization

Desktop agents for non-critical systems (free, unlimited)
Health Only mode when not troubleshooting
Right-size subscription tier to actual query usage
Consolidate agents in single org for volume discounts
15% savings with annual billing
BYOK tier for heavy AI users
Delete inactive agents promptly

Security

Use registration tokens for all agent installations; never share tokens in plaintext outside secure channels
Create separate tokens per environment (production, staging, dev) and per deployment wave
Revoke tokens immediately when a deployment is complete or a token is compromised
Set max-agent limits and expiry dates on tokens to limit blast radius
Separate orgs for production vs. non-production
Review team access regularly; remove departed employees and cancel their admin-purchased subscriptions
Exclude sensitive paths from ETW collection
Route critical alerts to security team channels

Alert Tips

Use duration requirements to avoid false positives on brief spikes
Test notification channels immediately after creation
Multiple channels for critical alerts (email + Slack + webhook)
Tag agents to target rules at specific groups
Review rules monthly based on alert frequency

Getting Help

Email: support@etducky.com
Phone: 817-880-1336
Status: status.etducky.com

Response Times: Professional 24hr | Business 8hr | Enterprise 2hr

Roadmap

Near-Term (3 months)

Enhanced alert templates, alert analytics, agent group management, multi-agent timeline UI

Mid-Term (3–6 months)

Mobile app with push notifications, extended retention, custom dashboards, AD auto-discovery, integration marketplace

Long-Term (6–12 months)

ML anomaly detection, predictive alerting, automated remediation, Linux/macOS agents, Kubernetes monitoring, public API

Timelines subject to change based on customer feedback.

Keyboard Shortcuts

Quick Reference

Context	Key	Action
Query Tab	Enter	Send query
	Shift + Enter	New line
Shell Tab	Enter	Execute command
	↑ / ↓	Command history
Multi-Agent	Enter	Send to all agents
	Esc	End session
Remote Desktop	All keys	Forwarded to remote agent (when Keyboard Grab is on)
	Tab	Always captured and forwarded (prevents losing canvas focus)
Team Invite	Enter	Send invite

Glossary

Key Terms

Term	Definition
Query	A natural language question sent to AI for analysis. Consumes from your org's monthly pool.
Live Session	Interactive diagnostic session with one agent via a three-tab modal (Query, Shell, Files).
Multi-Agent Session	Diagnostic session spanning multiple agents with parallel query distribution and cross-correlation.
Cross-Correlation	Cloud-side analysis comparing findings across agents for common patterns and shared root causes.
Alert Rule	Configurable condition(s) that trigger notifications when agent metrics meet specified thresholds.
Notification Channel	Delivery endpoint for alerts (Email, Slack, Teams, Webhook). Reusable across rules.
Agent Seat	Billing unit for managed agents. Each managed agent = 1 seat. Desktop agents are free.
Registration Token	A secure `etd_...` string created by org admins for authenticating agent installations. Stored as a SHA-256 hash; plaintext shown only once at creation. Scoped to one organization, revocable, with optional max-agent limits and expiry dates.
Admin-Purchased Subscription	A query subscription bought by an organization admin on behalf of a team member. Billed to the org, manageable by admins. Contributes to the org's query pool and agent seat count like a self-purchased subscription.
BYOK	Bring Your Own Key — free tier using your own Anthropic API key for unlimited queries.
Organization	Clerk-managed entity scoping all resources: agents, registration tokens, tags, alert rules, notification channels, queries, members, and billing. Users can belong to multiple organizations and switch between them via dropdowns on the Dashboard, Agents, and Team pages. Created from the Dashboard, Team, or Agent Setup pages.
SSE	Server-Sent Events — a lightweight HTTP-based protocol for real-time server-to-client streaming. Used for live sessions, multi-agent queries, agent heartbeat events, and remote desktop relay.
Agent Tag	Organization-scoped, color-coded label for agent categorization. Usable in alert rule conditions.
Remote Desktop	Browser-based screen sharing and remote control for agents. Uses DXGI screen capture, WebSocket relay, and Canvas rendering.
DXGI	DirectX Graphics Infrastructure — GPU-accelerated screen capture API used by the remote desktop feature for high-performance, low-CPU frame capture with dirty-region tracking.
Dirty Region	A rectangular area of the screen that changed since the last frame. Only dirty regions are encoded and transmitted, significantly reducing bandwidth.

Pricing

Query Subscriptions: The Foundation of ET Ducky

Query subscriptions power all diagnostic and analysis capabilities across ET Ducky. Whether you're troubleshooting on your desktop, monitoring remote agents, or analyzing alerts, every interaction uses queries from your subscription pool.

What Are Queries Used For?

Desktop Monitoring

Ask questions during local ETW monitoring sessions on your machine

Live Query Sessions

Interactive troubleshooting on single remote agents (1 query per session)

Multi-Agent Queries

Query multiple devices simultaneously (1 query per device)

Cross-Correlation

Analyze events across multiple agents with correlation (1 query per device)

Alert Analysis

Automated root cause analysis for triggered alerts (1 query per alert)

Free

$0 /month

Bring Your Own API Key

Full ETW monitoring capabilities
Local event correlation
Use your own API key (Anthropic, OpenAI, Copilot supported)
Desktop app and agent support
Unlimited live sessions
Organization support
No query limits with your own key

Professional

$39 /month

1,000 Queries Per Month

Everything in Free
Cloud-based event processing
No API key needed
Desktop + agent + alert support
Multi-agent query sessions
Cross-correlation analysis
Priority support
Usage analytics dashboard
10 free agents per subscribed member
Queries & agents pool across your org

Business

$99 /month

5,000 Queries Per Month

Everything in Professional
5x query capacity
Team collaboration tools
Advanced event correlation
Historical analytics
Automated alert analysis
Dedicated support channel
10 free agents per subscribed member
Queries & agents pool across your org

Enterprise

$249 /month

50,000 Queries Per Month

Everything in Business
50x query capacity
Enterprise-scale monitoring
Custom integrations
Advanced multi-agent correlation
SLA guarantee
White-glove support
10 free agents per subscribed member
Queries & agents pool across your org
Organization-wide analytics

Organization Quota Pooling

When multiple users join an organization, their individual query quotas and free agent seats automatically combine into shared pools that any member can use across all use cases.

How It Works

Each subscribed member contributes their query quota and 10 free managed agent seats to the organization
Any member can use queries and agents from the shared pools
Queries work across Desktop app, agents, multi-agent sessions, and alerts
Example: 3 Professional users = 3,000 queries/month + 30 free managed agents for the entire organization
Real-time quota tracking shows organization-wide usage for both queries and agent seats

Query Usage Examples

Understanding how queries are consumed helps you choose the right subscription tier:

Use Case	Query Cost	Example
Desktop Monitoring	1 query per question	"Why is this application crashing?" = 1 query
Single Agent Query	1 query per session	Live troubleshooting on one server = 1 query
Multi-Agent Session	1 query per device	Query 5 web servers simultaneously = 5 queries
Cross-Correlation	1 query per device	Correlate events across 3 database servers = 3 queries
Alert Root Cause	1 query per alert	Automated analysis of disk space alert = 1 query

Desktop Application

The ET Ducky Desktop application is a free download that runs on Windows 10/11. It captures and correlates ETW events locally, then uses your query subscription to process diagnostic requests.

Key Features

Local ETW event capture and correlation
Real-time system monitoring
Interactive troubleshooting sessions
Shares query quota with agents and alerts
No agent deployment required
Works with Free tier (BYOK) or paid subscriptions

Perfect for developers, IT professionals, and power users who want to diagnose issues on their own machines without deploying infrastructure.

Frequently Asked Questions

What counts as a query?

Each request to process correlated ETW events through the ET Ducky API server counts as one query. This includes diagnostic requests from the Desktop app, live session queries from agents, multi-agent queries (1 per device), cross-correlation analysis (1 per device), and automated alert analysis.

Can I use queries with both the Desktop app and agents?

Yes. Your query subscription provides a shared pool that works with the Desktop application, all deployed agents, multi-agent queries, cross-correlation sessions, and automated alert analysis. All queries count against the same monthly quota regardless of source.

What happens if I exceed my quota?

Once your monthly quota is reached, cloud-based processing will be paused until the next billing cycle. You can upgrade at any time, or switch to BYOK mode with the Free tier.

Do queries reset monthly?

Yes. Your query quota resets at the start of each billing cycle. Unused queries do not roll over.

How does organization quota pooling work?

When multiple users join an organization, their individual query quotas and free agent seats combine into shared pools. For example, if 3 users each have Professional plans (1,000 queries each), the organization gets a pool of 3,000 queries and 30 free managed agents that any member can use for desktop monitoring, agent queries, multi-agent sessions, cross-correlation, or alert analysis.

Ready to Get Started?

Choose your query subscription to deploy your first ten agents for free!

Agent Pricing

Purchase agent seats (required for managed agents). Volume pricing is applied automatically.

ET Ducky uses a simple per-agent model for managed agents (Windows Service). Desktop agents (the Windows app) are free and unlimited.

Managed Agents (Service)

Shared / Entry: 10 agents free per subscribed user, then $5/agent/month
Dedicated Tier 1 (100–999): $4/agent/month
Dedicated Tier 2 (1,000–9,999): $3/agent/month
Dedicated Tier 3 (10,000+): $2/agent/month

Desktop Agents (App)

Price: Free (unlimited)
Use case: Deep-dive troubleshooting and interactive sessions when you need it

Annual billing: Save 15% on your agent and platform costs when billed annually.

What counts as a “Managed Agent”?

A managed agent is a Windows Service installed on servers or workstations that performs health monitoring, optional ETW collection, alert evaluation, and remote configuration.

Tip: Use the Calculator tab to estimate your monthly or annual total (platform + agents + hosting).

Cloud Hosted Deployment

Fully-managed infrastructure by ET Ducky. Deploy agents, we handle everything else. Requires a query subscription to power diagnostics and analysis.

Zero infrastructure management
Automatic updates and scaling
Built-in high availability
AI processing included in query subscription
Get started in under 1 hour

Note: Cloud hosted agents require both a query subscription (for diagnostics) and agent seats (for infrastructure). Query subscriptions are covered in the Query Subscriptions tab.

Agent Seat Pricing

10 agents per subscribed user are FREE! Pay only for agents beyond your free allowance. Org members without their own subscription do not add free agents.

11-99 agents

$5/agent/mo

$4.25 annual

100-999

$4/agent/mo

$3.40 annual

1,000-9,999

$3/agent/mo

$2.55 annual

10,000+

$2/agent/mo

$1.70 annual

Save 15% with annual billing

Infrastructure Tiers

Optional dedicated infrastructure for enhanced performance and isolation.

Tier	Agent Range	Infrastructure Fee	What You Get
Shared	0-99 agents	$0/month	Shared multi-tenant infrastructure Standard support etducky.com access
Dedicated Tier 1	100-999	+$87/month	Your subdomain (yourcompany.etducky.com) Dedicated instance + database Priority support (24h) Optional upgrade at 100 agents
Dedicated Tier 2	1,000-9,999	+$194/month	Everything in Tier 1 plus: Load balanced (2 instances) Redis caching 90-day retention Recommended at 1,000 agents
Dedicated Tier 3	10,000+	+$666/month	Everything in Tier 2 plus: High availability (99.9% SLA) HA database (2-node) 24/7 support (4h response) Dedicated CSM Required at 10,000 agents

Infrastructure fees are flat rates per tier and don't increase with agent count. At 5,000 agents, infrastructure is only 1.3% of your total bill.

Example Monthly Costs

Note: Add your query subscription cost separately

50 agents

40 billable × $5 = $200
Infrastructure: $0 (shared)

$200/month

$170/mo with annual

+ query subscription

POPULAR

120 agents

110 billable × $4 = $440
Infrastructure: +$87 (Tier 1)

$527/month

Tier 1 optional

+ query subscription

5,000 agents

4,990 × $3 = $14,970
Infrastructure: +$194 (Tier 2)

$15,164/month

Infrastructure = 1.28%

+ query subscription

25,000 agents

24,990 × $2 = $49,980
Infrastructure: +$666 (Tier 3)

$50,646/month

Infrastructure = 1.31%

+ query subscription

Ready to Get Started?

Start with a query subscription, then deploy 10 free agents per subscribed user

Choose Query Subscription

Self-Hosted Deployment

Run ET Ducky on your own infrastructure with complete control and data sovereignty. Queries use your own API keys - no query subscription needed.

Your Infrastructure: Run on your own servers or cloud
Your Database: Complete data control
Your AI Keys: Use your own Anthropic/OpenAI API keys
No Query Limits: Pay your AI provider directly, no ET Ducky query costs
80-90% Cost Savings: At scale vs cloud hosting
Air-Gap Support: Works in isolated networks
Compliance Ready: HIPAA, FedRAMP, SOC2

Annual Subscription License

Best for: 1-3 year deployments, operating expense (OpEx) budgets, evaluation periods

Agent Tier	Annual License	Setup Fee	Year 1 Total
Up to 1,000 agents	$10,000/year	$2,500	$12,500
Up to 5,000 agents	$25,000/year	$2,500	$27,500
Up to 10,000 agents	$40,000/year	$2,500	$42,500
Up to 25,000 agents	$50,000/year	$2,500	$52,500

What's Included

Software:

Custom Docker image
Custom agent installer
Signed license key
Quarterly updates

Documentation:

Deployment guides
Docker templates
Database scripts
Best practices

Support:

Business hours
Email/ticket support
24-hour response
Annual renewal

Agent Tier	Perpetual License	Annual Maintenance	Break-even
Up to 1,000 agents	$35,000	$3,500 (10%)	3.5 years
Up to 5,000 agents	$85,000	$8,500 (10%)	3.4 years
Up to 10,000 agents	$140,000	$14,000 (10%)	3.5 years
Up to 25,000 agents	$175,000	$17,500 (10%)	3.5 years
Up to 50,000 agents	$250,000	$25,000 (10%)	3.3 years
Up to 100,000 agents	$350,000	$35,000 (10%)	3.5 years

Your Infrastructure Costs (Estimated)

In addition to the license fee, you'll need to budget for your own infrastructure and AI API usage.

Component	1,000 Agents	5,000 Agents	10,000 Agents
Docker Host	~$50-100/month	~$150-300/month	~$300-500/month
PostgreSQL Database	~$50-100/month	~$100-200/month	~$200-400/month
AI API Usage	~$200-500/month	~$500-1,500/month	~$1,000-3,000/month
Total (Your Costs)	~$300-700/month	~$750-2,000/month	~$1,500-3,900/month

Actual costs vary based on cloud provider, region, and AI usage patterns. Self-hosted deployments use your own API keys, so you pay your AI provider directly based on your actual query usage.

Ready to Deploy Self-Hosted?

Contact our sales team to get started with self-hosted deployment

Contact Sales

Or email sales@etducky.com

Pricing Calculator

Estimate your monthly or annual cost based on platform plan, agent count, and hosting tier.

Platform plan

Includes shared query quota for desktop app and agents.

Deployment tier

Shared: 10 free agents per subscribed user.

Managed agents

Desktop agents remain free and unlimited (not included here).

Subscribed users

10 free agents per user with a query subscription — 10 free agents included. Adding org members without their own subscription does not add free agents.

Billing

Monthly Annual (15% savings)

Annual billing applies a 15% discount to the recurring total.

Estimated total

per month

Opens the same seat purchase dialog as your Dashboard.

Breakdown

Platform plan$0

Free agents included10

Managed agents$0

Infrastructure$0

Total$0

Dashboard

Your Subscription

Usage This Month

Agent Seats

Quick Actions

Alert Monitoring

Real-time system monitoring and notifications

Loading... Auto-refresh: 30s

Settings

Account

Agent Management
Monitor and manage your ET Ducky monitoring agents.

+ Install New Agent

Asset Management

—

Managed Agents

$5/month each

—

Desktop Agents

Included in Pro

—

Active Now

Heartbeat < 10min

—

Monthly Agent Fees

All Agents

Name

Type

Status

CPU

Memory

Last Seen

Actions

Loading agents…

Registration Tokens

Create scoped, revocable tokens for agent registration.

Token

Status

Usage

Expires

Last Used

Actions

Loading tokens…

Loading organization details...

Organization Required

You need to create or join an organization to set up agents.

View Plans

Team Management
Manage your organization members and invitations.

Organization

—

Total Members

Active users

—

Administrators

Can manage team

—

Pending Invites

Awaiting acceptance

Team Members

Role

Joined

Actions

Loading members...

Pending Invitations

Role

Sent

Actions

No pending invitations

Team Subscriptions

Member

Subscription

Actions

Privacy Policy

Last Updated: December 18, 2025

Overview

Purpose of this policy

ET Ducky is a Windows diagnostics application that monitors Windows system events using Event Tracing for Windows (ETW) to help you troubleshoot issues.

Summary

ETW event data is collected locally on your device
We do not sell personal information
Cloud AI analysis is user-initiated
BYOK mode keeps data on your device

What We Collect

Account and subscription data

Email address
Name (if provided)
Subscription status and plan tier

ETW Diagnostic Data

ETW data is stored locally on your device by default. It's only transmitted when you use cloud AI features.

AI Processing

Data is sent to AI providers only when you explicitly request analysis.

Storage & Security

Encryption in transit (TLS/HTTPS)
Access controls and authentication
You can delete local data at any time

Your Choices

Enable/disable monitoring
Choose which ETW providers to use
Use BYOK mode for complete privacy
Request data deletion: [email protected]

Data Retention

Account data: while account is active
Local ETW data: you control retention
Cloud request metadata: limited retention for abuse prevention

Terms of Service

Last Updated: January 27, 2026

Overview

1. Acceptance of Terms

By accessing and using ET Ducky's website, cloud platform, desktop application, agent software, and related services (collectively, the "Service"), you accept and agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, do not use the Service.

2. Description of Service

ET Ducky provides Windows system monitoring and diagnostics solutions through multiple deployment models:

Cloud-Hosted Service

Fully-managed infrastructure where you deploy lightweight agents on Windows systems that report to our cloud platform. Includes:

Real-time health monitoring (CPU, memory, disk, network)
ETW event collection and analysis
AI-powered diagnostics using Claude AI (Anthropic) and OpenAI
Multi-agent correlation across systems
Centralized web dashboard
Automated alerting with AI analysis

Self-Hosted Annual License

License to run ET Ducky CloudAPI software on your own infrastructure with annual subscription and support. Includes:

Custom Docker image and agent installer
Quarterly software updates
Business hours support
Complete data sovereignty

Self-Hosted Perpetual License

One-time purchase license to run ET Ducky CloudAPI software on your own infrastructure. Includes:

Own the software forever
Optional annual maintenance (10%) for updates and support
Complete control over infrastructure
Air-gap deployment support

Desktop Application

Standalone Windows application for local ETW monitoring and analysis.

3. Modifications to Terms

We may modify these Terms at any time. Material changes will be communicated via:

Email notification to your registered email
Dashboard notification when you log in
At least 30 days before effective date

Continued use of the Service after changes become effective constitutes acceptance of the modified Terms.

Accounts & Security

Account Registration

To use the Service, you must create an account by providing accurate and complete information. You agree to:

Provide truthful, accurate, and complete registration information
Update your information to keep it current
Be at least 18 years old or have parental/guardian consent
Have authority to bind your organization (if applicable)

Account Security

You are responsible for:

Maintaining the confidentiality of your account credentials
All activities that occur under your account
Notifying us immediately of any unauthorized access
Ensuring your team members comply with these Terms
Using strong passwords and enabling two-factor authentication where available

Important: You may not share account credentials or allow unauthorized access to your account.

Organization Accounts

For organization accounts:

Account owner has full control over team members and billing
You can invite multiple users to your organization
Each user must accept these Terms individually
You are responsible for all activity by your team members
Removing a team member immediately revokes their access

Pricing & Billing

Cloud-Hosted Service Pricing

Agent Seat Pricing

10 agents per subscribed user: FREE with any paid plan
11-99 agents: $5/agent/month ($4.25 annual)
100-999 agents: $4/agent/month ($3.40 annual)
1,000-9,999 agents: $3/agent/month ($2.55 annual)
10,000+ agents: $2/agent/month ($1.70 annual)

Infrastructure Fees (Optional Dedicated Tiers)

Shared (0-99 agents): $0 - Shared multi-tenant infrastructure
Tier 1 (100-999): +$87/month - Dedicated instance + subdomain
Tier 2 (1,000-9,999): +$194/month - Load balanced + Redis caching
Tier 3 (10,000+): +$666/month - High availability + 24/7 support

Billing Terms

Billed monthly or annually (15% discount on annual)
Billed in advance at start of billing period
Agent count based on highest count during billing period
Subscriptions renew automatically unless cancelled

Self-Hosted Licensing

Annual License

Agent Tier	Annual License	Setup Fee
Up to 1,000	$10,000/year	$2,500
Up to 5,000	$25,000/year	$2,500
Up to 10,000	$40,000/year	$2,500
Up to 25,000	$50,000/year	$2,500

Perpetual License

Agent Tier	Perpetual License	Annual Maintenance
Up to 1,000	$35,000	$3,500 (10%)
Up to 5,000	$85,000	$8,500 (10%)
Up to 10,000	$140,000	$14,000 (10%)
Up to 50,000	$250,000	$25,000 (10%)
Up to 100,000	$350,000	$35,000 (10%)

Payment Terms

All payments processed through Stripe
We accept major credit cards
Enterprise customers may request invoice billing
Failed payments may result in service suspension
Past due accounts subject to late fees and collection

Price Changes

We reserve the right to modify pricing with 30 days' advance notice via email and dashboard notification. Continued use after price changes constitutes acceptance.

Cancellation and Refunds

Cloud Service

Cancel anytime through your account dashboard
Access continues until end of current billing period
No refunds for partial months or unused queries
Annual subscriptions: Prorated refund if cancelled within 30 days

Self-Hosted Licenses

Annual: No refunds. License valid through paid period.
Perpetual: No refunds after delivery of software and license key.
Trial Period: 30-day evaluation licenses available upon request.

Acceptable Use Policy

Prohibited Activities

You agree NOT to:

Illegal or Unauthorized Use

Use the Service for any illegal purpose or to violate any laws
Monitor systems without proper authorization
Access systems or data you don't have permission to monitor
Violate privacy laws or regulations (GDPR, CCPA, etc.)

Technical Restrictions

Reverse engineer, decompile, or disassemble the software
Attempt to bypass license validation or usage limits
Exceed licensed agent limits (self-hosted deployments)
Share account credentials or licenses with unauthorized parties
Interfere with or disrupt the Service or servers
Attempt to gain unauthorized access to systems or data

Commercial Restrictions

Use the Service to develop competing products or services
Resell, sublicense, or transfer your license without written consent
Provide service bureau or time-sharing services to third parties
Use the Service on behalf of others without authorization

Abusive Behavior

Upload malicious code, viruses, or harmful content
Use the Service to spam, harass, or harm others
Generate excessive load or abuse system resources
Attempt to exploit security vulnerabilities

Authorized Monitoring

You represent and warrant that:

You own or control all systems where agents are deployed
You have obtained necessary permissions to monitor systems
You have notified users if required by applicable law
Your monitoring complies with all applicable laws and regulations
You will not monitor personal devices without explicit consent

Consequences of Violations

Violations may result in:

Immediate suspension or termination of your account
Removal of content or data
Legal action and reporting to authorities
Liability for damages
Permanent ban from the Service

Data & Privacy

Cloud-Hosted Service

Data Collection

Agents collect and transmit:

System health metrics (CPU, memory, disk, network)
Event Tracing for Windows (ETW) events based on configured providers
Diagnostic information during live query sessions
Agent version, system information, and connectivity status

Data Storage and Processing

Data stored in our cloud infrastructure (DigitalOcean)
Encrypted in transit (TLS 1.3) and at rest
Retention: 30-180 days depending on your infrastructure tier
Processed using AI services (Anthropic Claude, OpenAI)
AI analysis performed on-demand, not continuously

Data Usage

We use your data only to provide the Service
We do NOT use your data to train AI models
We do NOT sell or share your data with third parties
AI providers process queries per their terms (not for training)

Data Ownership

You retain all rights to your data. We claim no ownership over data you collect and store through the Service.

Self-Hosted Deployments

Your Infrastructure: All data remains on infrastructure you control
No Access: We do not have access to your collected data
Your AI Keys: You provide your own AI API keys and accept their terms
License Validation: Software validates license key with our servers (requires internet)
No Data Transmission: Only license validation data sent to our servers, not monitoring data

Your Responsibilities

Comply with all applicable privacy laws (GDPR, CCPA, HIPAA, etc.)
Obtain necessary consents for monitoring
Provide appropriate privacy notices to monitored users
Implement appropriate security measures
Do not collect or process sensitive data without proper safeguards

Privacy Policy

See our separate Privacy Policy for complete details on how we collect, use, and protect your information.

Intellectual Property

Ownership

The Service, including all software, documentation, trademarks, logos, and content, is owned by ET Ducky and protected by copyright, trademark, patent, and other intellectual property laws.

License Grant

Your license to use the Service does NOT transfer any ownership rights. You receive only a limited license to use the Service as described in these Terms and the EULA.

Restrictions

You may not copy, modify, or create derivative works
You may not remove or alter any proprietary notices
You may not use our trademarks without written permission
Source code remains confidential and proprietary
You may not register confusingly similar trademarks or domains

Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such feedback without compensation or attribution.

Warranties & Liability

Service Availability

Cloud Service SLAs

Shared/Tier 1/Tier 2: Best effort availability, no SLA guarantee
Tier 3: 99.9% uptime SLA with automatic failover
Maintenance: Scheduled maintenance announced 48 hours in advance
Downtime Credits: Available for Tier 3 customers per SLA terms

Self-Hosted

For self-hosted deployments, you are responsible for availability and uptime of your infrastructure.

Warranty Disclaimer

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

We disclaim all warranties including but not limited to:

MERCHANTABILITY
FITNESS FOR A PARTICULAR PURPOSE
NON-INFRINGEMENT
ACCURACY OR RELIABILITY
UNINTERRUPTED OR ERROR-FREE OPERATION

We do not warrant that:

The Service will meet your requirements
Results will be accurate or reliable
AI analysis will detect all issues
AI recommendations will be correct
Errors will be corrected

Important: You are responsible for validating all AI-generated recommendations before implementing them on production systems.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ET DUCKY SHALL NOT BE LIABLE FOR:

INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES
SERVICE INTERRUPTIONS OR PERFORMANCE ISSUES
DAMAGES RESULTING FROM AI ANALYSIS ERRORS
SYSTEM FAILURES OR DATA LOSS ON MONITORED SYSTEMS
UNAUTHORIZED ACCESS OR DATA BREACHES
THIRD-PARTY ACTIONS OR CONTENT

TOTAL LIABILITY: Our total liability shall not exceed the greater of:

Amounts paid by you in the 12 months preceding the claim, OR
$100

Indemnification

You agree to indemnify, defend, and hold harmless ET Ducky from any claims, damages, losses, liabilities, or expenses (including legal fees) arising from:

Your use or misuse of the Service
Your violation of these Terms
Your violation of any rights of others
Unauthorized monitoring or data collection
Your breach of applicable laws or regulations
Content or data you submit or collect

Termination

Termination by You

You may terminate your account at any time by:

Cancelling your subscription through the dashboard, OR
Contacting support at [email protected]

Your access will continue through the end of your current billing period.

Termination by Us

We may suspend or terminate your access immediately, without prior notice, if:

You violate these Terms or the EULA
Your payment fails or account is past due (>30 days)
You exceed licensed agent limits (self-hosted)
We detect fraudulent, abusive, or illegal activity
Required by law or court order
Necessary to protect our rights or prevent harm

Effect of Termination

Cloud Service

All access to the Service immediately terminates
All agents stop reporting to the platform
Data retained for 30 days, then permanently deleted
You may export data before termination through the dashboard
No refunds for unused time or queries

Self-Hosted Annual License

License expires at end of paid term
CloudAPI stops accepting new agent connections
Existing agents continue health metrics only (no diagnostics)
No updates or support after expiration
Contact sales to renew

Self-Hosted Perpetual License

Software continues to function (you own it)
No updates or support without active maintenance
License key remains valid
Must resume maintenance to receive updates

Survival

The following sections survive termination:

Data & Privacy (your obligations)
Intellectual Property
Warranties & Liability
Indemnification
Governing Law and Disputes

Legal & Disputes

Governing Law

These Terms are governed by the laws of the State of Washington, United States, without regard to conflict of law principles.

Dispute Resolution

Informal Resolution

Before filing a claim, you agree to contact us at [email protected] to attempt informal resolution. We commit to working in good faith to resolve disputes.

Binding Arbitration

If informal resolution fails, disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Commercial Arbitration Rules.

Location: Washington State
Rules: AAA Commercial Arbitration Rules
Decision: Arbitrator's decision is final and binding
Costs: Each party pays own legal fees unless arbitrator decides otherwise

Class Action Waiver

YOU AGREE TO RESOLVE DISPUTES INDIVIDUALLY. You waive any right to participate in class action lawsuits or class-wide arbitration.

Exceptions

Either party may seek injunctive relief in court for:

Intellectual property infringement
Unauthorized access or use
Violations requiring immediate action

Export Compliance

The Service and software may be subject to U.S. export control laws. You agree to:

Comply with all applicable export and import laws
Not export or re-export to prohibited countries or entities
Not use the Service for prohibited purposes (e.g., weapons development)
Comply with sanctions and embargoes

Miscellaneous

Entire Agreement

These Terms, together with the EULA and Privacy Policy, constitute the entire agreement between you and ET Ducky and supersede all prior agreements.

Severability

If any provision is found invalid or unenforceable, the remaining provisions remain in full force and effect.

No Waiver

Failure to enforce any provision does not waive our right to enforce it later.

Assignment

You may not assign these Terms without our written consent. We may assign our rights and obligations without restriction.

Force Majeure

We are not liable for delays or failures due to circumstances beyond our reasonable control, including natural disasters, war, terrorism, pandemics, internet outages, or government actions.

Notice

Notices to you will be sent to your registered email address. Notices to us should be sent to [email protected].

Contact Information

For questions about these Terms:

Legal: [email protected]
Support: [email protected]
Sales: [email protected]

End User License Agreement (EULA)

Last Updated: January 27, 2026

Overview

1. Agreement to Terms

By downloading, installing, or using ET Ducky software (including agent software, desktop application, and self-hosted CloudAPI), you agree to be bound by the terms of this End User License Agreement ("EULA").

If you do not agree, do not install or use the Software.

This EULA is a legal agreement between you (either an individual or entity) and ET Ducky governing your use of the Software.

2. Definitions

"Software" - ET Ducky agent software, desktop application, CloudAPI software, and related documentation
"Agent" - Software installed on Windows systems to collect and transmit monitoring data
"Desktop Application" - Standalone Windows application for local monitoring
"CloudAPI" - Server software for self-hosted deployments
"Service" - Cloud-hosted platform operated by ET Ducky
"License" - Rights granted to you under this EULA
"You/Your" - The individual or entity using the Software

3. Acceptance

By installing the Software, you acknowledge that you have:

Read and understood this EULA
Agree to be bound by its terms
Have authority to bind your organization (if applicable)
Are at least 18 years old

License Grant

Scope of License

Subject to your compliance with this EULA, we grant you a:

Limited - Specific uses only as described
Non-exclusive - We may license to others
Non-transferable - Cannot be transferred without consent
Revocable - May be terminated if you breach terms

Permitted Uses

You may:

Install the Software on systems you own or control
Use the Software for monitoring and diagnostics
Deploy agents up to your licensed limit
Make backup copies for archival purposes
Use the Software in accordance with documentation

License Models

Depending on your deployment type, different license terms apply. See the following sections for details:

Cloud Deployments - Subscription-based licensing
Self-Hosted Annual - Annual renewable license
Self-Hosted Perpetual - One-time purchase, own forever

Cloud Deployments

Subscription-Based License

For cloud-hosted agents, your license is tied to an active paid subscription.

What You Can Do

Install agents on Windows systems you own or control
Deploy up to the number of agents allowed by your subscription
Access the cloud-hosted Service through the web dashboard
Use multi-agent correlation features
Receive automatic agent updates

Subscription Tiers

Agent Range	Price per Agent	Infrastructure Fee
1-10	FREE	$0 (Shared)
11-100	$5/month ($4.25 annual)	$0 (Shared) or +$87 (Tier 1)
100-999	$4/month ($3.40 annual)	+$87 (Tier 1 optional)
1,000-9,999	$3/month ($2.55 annual)	+$194 (Tier 2)
10,000+	$2/month ($1.70 annual)	+$666 (Tier 3)

Billing Terms

Billed monthly or annually (15% discount on annual)
Charges based on highest agent count during billing period
Automatic renewal unless cancelled
Payment required in advance
Failed payments may result in service suspension

Cancellation

Cancel anytime through dashboard
Access continues through end of billing period
Agents stop reporting after subscription ends
No refunds for partial months
Data retained 30 days after cancellation

License Validation

Agents periodically validate subscription status with our servers. This requires internet connectivity. Invalid subscriptions result in agents stopping new data collection (health metrics continue).

Self-Hosted Deployments

License Types

Self-hosted deployments use one of two license models:

Annual License

Term: One year from purchase
Renewal: Required annually to continue use
Best For: 1-3 year deployments, OpEx budgets

Perpetual License

Term: Indefinite - you own the software forever
Maintenance: Optional (10% annually) for updates and support
Best For: 5+ year deployments, CapEx budgets

Annual License Details

Pricing

Agent Tier	Annual Cost	Setup Fee
Up to 1,000	$10,000/year	$2,500
Up to 5,000	$25,000/year	$2,500
Up to 10,000	$40,000/year	$2,500
Up to 25,000	$50,000/year	$2,500

What's Included

Custom Docker image with embedded license
Custom agent installer pre-configured for your infrastructure
Digitally signed license key
Docker Compose templates and deployment scripts
Quarterly software updates
Security patches and bug fixes
Business hours email support (24-hour response)
Deployment assistance

Renewal

License expires one year after purchase date
Automatic renewal via Stripe subscription
30-day expiry warnings via email and in CloudAPI logs
After expiry: CloudAPI stops accepting new agent connections
Existing agents continue health metrics only

Perpetual License Details

Pricing

Agent Tier	One-Time Cost	Annual Maintenance
Up to 1,000	$35,000	$3,500 (10%)
Up to 5,000	$85,000	$8,500 (10%)
Up to 10,000	$140,000	$14,000 (10%)
Up to 25,000	$175,000	$17,500 (10%)
Up to 50,000	$250,000	$25,000 (10%)
Up to 100,000	$350,000	$35,000 (10%)

What's Included

Everything in Annual License
Perpetual right to use the software
No expiration date
Software continues working even if maintenance lapses
Setup fee included in purchase price

Maintenance (Optional)

With Active Maintenance:

Quarterly software updates
Security patches and bug fixes
Business hours email support
License key rotation if needed

Without Maintenance:

Software continues to function (you own it)
No updates or security patches
No support access
Can resume maintenance anytime

Agent Limits

License enforces maximum concurrent agent connections
CloudAPI validates agent count at startup and continuously
When limit reached: CloudAPI rejects new connections
Existing agents continue functioning normally
Contact [email protected] to upgrade agent tier

License Validation

Self-hosted CloudAPI validates license key:

At startup (required)
Periodically during operation
Requires internet connectivity to licensing server
License file digitally signed with RSA-2048
Tampering with license file voids license

Your Responsibilities

For self-hosted deployments, you must provide and maintain:

Infrastructure

Docker host (Linux server with Docker 20.10+)
PostgreSQL 13+ database with TimescaleDB extension
Minimum: 4 vCPU, 8 GB RAM, 100 GB storage
Network connectivity for agents and AI APIs

Services

Anthropic Claude API key (required)
OpenAI API key (optional)
Backups and disaster recovery
Security and access controls

Operations

Installing software updates (provided quarterly)
Database maintenance and optimization
Monitoring and troubleshooting
Scaling infrastructure as needed

Deployment Package

Upon purchase, you receive:

Custom Docker image (tarball or registry access)
Custom Windows agent installer (.exe)
License key file (digitally signed)
Docker Compose configuration files
PostgreSQL schema and setup scripts
Environment variable templates
Deployment documentation
Troubleshooting guide

No Refunds

Self-hosted licenses are non-refundable after delivery of software package and license key. We offer 30-day trial licenses for evaluation upon request.

License Restrictions

Prohibited Actions

You agree NOT to:

Technical Restrictions

Reverse Engineer: Decompile, disassemble, or reverse engineer the Software
Modify: Modify, adapt, translate, or create derivative works
Copy: Copy the Software except as necessary for authorized use and backups
Remove Notices: Remove, alter, or obscure any proprietary notices, labels, or marks
Circumvent Protection: Bypass license validation, usage limits, or security measures
Extract Components: Separate components for use in other applications

Distribution Restrictions

Distribute: Distribute, sell, rent, lease, or sublicense the Software
Share Credentials: Share account credentials, API keys, or license keys with unauthorized parties
Transfer: Transfer license to another entity without written consent
Service Bureau: Use the Software to provide services to third parties (unless authorized)

Usage Restrictions

Exceed Limits: Deploy more agents than your license allows
Unauthorized Monitoring: Monitor systems without proper authorization
Competitive Use: Use the Software to develop, test, or support competing products
Benchmarking: Publish benchmark results without written permission

Installation Restrictions

Authorized Systems Only

You may only install agents on:

Systems you own or have legal control over
Systems where you have explicit authorization to monitor
Systems within your organization's infrastructure
Systems where you have obtained necessary user consents

Prohibited Installations

Personal devices without explicit owner consent
Systems you don't have authorization to monitor
Third-party or customer systems (without written agreements)
Systems in violation of applicable laws or regulations

Compliance Requirements

You agree to:

Comply with all applicable laws and regulations
Obtain necessary permissions for monitoring
Provide required privacy notices to monitored users
Respect intellectual property rights
Follow export control regulations
Maintain security and confidentiality

Consequences of Violations

Violations of these restrictions may result in:

Immediate termination of license
Requirement to uninstall all Software
Legal action for damages
Injunctive relief
No refund of fees paid

Data Collection & Privacy

Data Collected by Agents

Agents collect and transmit the following data:

Always Collected (Health Metrics)

CPU usage percentage
Memory usage (total, available, used)
Disk usage (total, free, used per volume)
Network bandwidth (sent/received bytes)
System uptime
Agent version and configuration
Windows version and build number
Hostname and IP addresses

Collected During Live Sessions

Event Tracing for Windows (ETW) events
Process information (name, PID, path, command line)
File system operations
Network connections and traffic
Registry operations
User authentication events
Application errors and crashes
Performance counters

Cloud-Hosted Data Handling

Transmission

All data encrypted in transit using TLS 1.3
Sent to ET Ducky cloud infrastructure (DigitalOcean)
Compressed to minimize bandwidth
Intelligent local correlation filters PII and proprietary data before transmission

Storage

Data stored in PostgreSQL with TimescaleDB
Encrypted at rest
Retention: 30-180 days based on tier
Automatic deletion after retention period
Backups encrypted and retained 30 days

Processing

AI analysis using Anthropic Claude API
Optional OpenAI API integration
Queries sent to AI providers on-demand only
AI providers do not use your data for model training
Correlation and analysis performed server-side

Your Data Rights

You retain all ownership rights to your data
We claim no ownership over collected data
We do not sell or share your data with third parties
You can export data anytime through dashboard
You can delete your account and data anytime

Self-Hosted Data Handling

Your Infrastructure: All monitoring data stays on your infrastructure
No Access: We do not have access to your collected data
Your AI Keys: You provide your own AI API keys
Your Responsibility: You accept AI provider terms directly
License Validation Only: Only license validation data sent to our servers
Data Sovereignty: Complete control over data location and retention

Privacy Compliance

You are responsible for:

Complying with applicable privacy laws (GDPR, CCPA, HIPAA, etc.)
Obtaining necessary consents for monitoring
Providing privacy notices to monitored users
Implementing appropriate security measures
Handling data subject rights requests
Maintaining records of processing activities

Sensitive Data

Warning: The Software may collect sensitive information depending on ETW providers configured. You are responsible for:

Configuring appropriate filters to prevent collection of sensitive data
Ensuring compliance with data protection regulations
Not collecting passwords, credit card numbers, or PII without proper safeguards
Implementing encryption for sensitive data

Telemetry and Analytics

The Software may collect anonymous usage statistics to improve the product:

Feature usage (which features are used most)
Performance metrics (query response times)
Error reports (crashes, exceptions)
Agent version distribution

This data is anonymized and does not include your monitoring data.

Updates & Support

Cloud Service Updates

CloudAPI Platform

Updates applied automatically to cloud infrastructure
Zero downtime during most updates
Major updates announced 48 hours in advance
Scheduled maintenance windows (if needed)

Agent Updates

New agent versions released quarterly
Download from dashboard
Deploy via SCCM, Intune, GPO, or manual installation
Agents typically backward compatible with older CloudAPI versions
Critical security updates released as needed

Self-Hosted Updates

With Active License/Maintenance

Quarterly software releases
Security patches between releases
Bug fixes
New features and improvements
Agent installer updates

Update Process

Receive email notification of new version
Download new Docker image and agent installer
Review release notes for breaking changes
Backup database before upgrade
Deploy new Docker image: docker-compose down && docker-compose up -d
Run database migrations if required
Update agents as needed

Without Maintenance (Perpetual Only)

Software continues to function
No updates provided
No security patches
No bug fixes
No support access

Support

Cloud Service

Tier	Support Level	Response Time
Shared/Tier 1	Email support	48 hours
Tier 2	Priority email	24 hours
Tier 3	24/7 premium	4 hours

Self-Hosted Standard

Business hours (9am-5pm ET, Mon-Fri)
Email/ticket support
24-hour response time
Deployment assistance during initial setup
Bug reports and troubleshooting

Self-Hosted Premium (+$15,000/year)

24/7 email and phone support
4-hour response time for critical issues
Dedicated Slack channel
Monthly check-in calls
Priority bug fixes

Self-Hosted Enterprise (+$25,000/year)

Everything in Premium plus:
1-hour response time for critical issues
Dedicated Customer Success Manager
Quarterly business reviews
On-site visits (1-2 per year)
Custom SLAs

Support Scope

Covered

Software installation and configuration
Bug reports and troubleshooting
Feature questions and guidance
Best practices and recommendations
Deployment assistance

Not Covered

Infrastructure management (self-hosted)
Custom development or integrations
Training beyond documentation
Issues caused by modifications to Software
Third-party software or services

Documentation

All license types include access to:

Online documentation at etducky.com/docs
Deployment guides
API reference
Troubleshooting guides
Best practices
Video tutorials (coming soon)

Legal Terms

Intellectual Property

The Software and all intellectual property rights are owned by ET Ducky and protected by:

Copyright laws
Trademark laws
Patent laws (pending)
Trade secret laws

This EULA grants you a license to use the Software, not ownership.

Trademarks

"ET Ducky" and associated logos are trademarks of ET Ducky. You may not:

Use our trademarks without written permission
Register confusingly similar trademarks
Register domain names containing our marks
Suggest affiliation or endorsement without authorization

Warranties and Disclaimers

THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND.

We Disclaim All Warranties Including:

MERCHANTABILITY
FITNESS FOR A PARTICULAR PURPOSE
NON-INFRINGEMENT
ACCURACY OR RELIABILITY
UNINTERRUPTED OR ERROR-FREE OPERATION
SECURITY OR FREEDOM FROM VIRUSES

We Do Not Warrant That:

The Software will meet your requirements
Results will be accurate or reliable
AI analysis will detect all issues
AI recommendations will be correct or safe
Errors or bugs will be corrected
The Software is suitable for critical applications

CRITICAL: You are solely responsible for validating all AI-generated recommendations before implementing them on production systems. Always test in non-production environments first.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

We Are Not Liable For:

INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
LOSS OF PROFITS, REVENUE, DATA, OR USE
LOSS OF GOODWILL OR REPUTATION
BUSINESS INTERRUPTION
SYSTEM FAILURES OR DOWNTIME
DATA LOSS OR CORRUPTION
SECURITY BREACHES
ERRORS IN AI ANALYSIS
DAMAGES FROM FOLLOWING AI RECOMMENDATIONS
THIRD-PARTY CLAIMS

Maximum Liability

Our total liability shall not exceed the greater of:

Amounts paid by you in the 12 months prior to the claim, OR
$100

This limitation applies even if we have been advised of the possibility of such damages.

Indemnification

You agree to indemnify, defend, and hold harmless ET Ducky from any claims, damages, losses, liabilities, and expenses (including legal fees) arising from:

Your use or misuse of the Software
Your violation of this EULA
Your violation of applicable laws
Unauthorized monitoring or data collection
Infringement of third-party rights
Data you collect or process

Termination

By You

You may terminate by:

Ceasing all use of the Software
Uninstalling all agents and applications
Cancelling your subscription or license
Deleting all copies of the Software

By Us

We may terminate immediately if:

You breach any term of this EULA
You exceed licensed agent limits
Your payment fails
We detect fraudulent or abusive use
Required by law

Effect of Termination

All licenses immediately terminate
You must cease all use of the Software
You must uninstall all agents
You must delete all copies
Exception: Perpetual licenses continue to function (you own the software)

Export Compliance

The Software is subject to U.S. export control laws. You agree to:

Comply with all applicable export and import laws
Not export or re-export to prohibited countries
Not provide to prohibited entities or persons
Not use for prohibited purposes (e.g., weapons development)
Comply with sanctions and embargoes

Prohibited Destinations: Cuba, Iran, North Korea, Syria, Russia (partially), and other sanctioned countries or entities.

Governing Law

This EULA is governed by the laws of the State of Washington, United States, without regard to conflict of law principles.

Dispute Resolution

Informal Resolution

Before filing a claim, contact [email protected] to attempt informal resolution.

Binding Arbitration

Disputes shall be resolved through binding arbitration administered by the American Arbitration Association in Washington State.

Class Action Waiver

You agree to resolve disputes individually and waive any right to participate in class actions.

Entire Agreement

This EULA, together with the Terms of Service and Privacy Policy, constitutes the entire agreement regarding the Software and supersedes all prior agreements.

Modifications

We may modify this EULA with 30 days' notice. Continued use after changes constitutes acceptance.

Severability

If any provision is found invalid, the remaining provisions remain in effect.

No Waiver

Failure to enforce any provision does not waive our right to enforce it later.

Assignment

You may not assign this EULA without our written consent. We may assign without restriction.

Contact Information

For questions about this EULA:

Legal: [email protected]
Support: [email protected]
Sales: [email protected]

Acknowledgment

BY INSTALLING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS EULA.

If you do not agree, do not install or use the Software.

Agent Details

Current Health

Collection Control

Interactive Query Session

Windows Root Cause Analysis in Seconds, Not Hours

Built for incident response speed

Your data stays on the endpoint

Lower noise, higher signal

Fleet-wide visibility, single pane

See ET Ducky in Action

Features

Core Platform

Cloud Dashboard

AI-Powered Diagnostics

Two Agent Types

Managed Agents — Full Power

Desktop Agents — Free & Lightweight

Flexible Pricing

Monitoring & Health

Real-Time Health Metrics

ETW Event Collection

Kernel Providers

User-Mode Providers

Performance & Diagnostics

Three Collection Modes

Data Retention

Live Sessions

Three-Tab Diagnostic Modal

Query Tab — AI-Powered Diagnostics

Shell Tab — Remote Command Execution

Files Tab — Bidirectional Transfers

Session Lifecycle

Remote Desktop

Browser-Based Remote Control

Viewer Interface

Architecture & Performance

Multi-Agent Analysis

Fleet-Wide Diagnostics

Cross-Correlation Engine

Common Scenarios

Alert System

Intelligent Monitoring

Alert History

Alert Rule Builder

Notification Channels

AI-Powered Alert Analysis

Fleet Management

Remote Configuration

Agent Tags

Team Management

Subscription & Billing

Deployment Options

Agent Setup Wizard

Bulk Deployment

Cloud Hosting Tiers

Self-Hosted Option

Enterprise & Scale

Scale

Security

Support

Integration Ready

Documentation

Getting Started

What is ET Ducky?

Key Features

Quick Start Guide

System Requirements

For Agent (Monitored Systems)

For Dashboard (Your Browser)

Agents & Monitoring

Agent Types

Managed Agents ($5/month each)

Desktop Agents (Free, Unlimited)

Collection Modes

Health Only (Default)

On-Demand Collection

Full Monitoring

ETW Event Providers

Kernel Providers

User-Mode Providers