netwrix · AyeshaAz36 · Jul 23, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
@@ -12,8 +12,11 @@ SQLite Agent Queue option dumps the queue and all pending events are lost.
 
 Follow the steps to clear the SQLite Agent queue for an Agent:
 
-**CAUTION:** These events are permanently deleted and are not processed by the Enterprise Manager on
+:::warning
+These events are permanently deleted and are not processed by the Enterprise Manager on
 reconnection. This option is for diagnostic and troubleshooting purposes only.
+:::
+
 
 **Step 1 –** Click Agents in the left pane to launch the Agents interface.
 
@@ -26,10 +29,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Access Verification window, the given credentials either succeed or fail during
 a prerequisites or verification check.
@@ -38,8 +44,11 @@ a prerequisites or verification check.
   of prior to the next attempt.
 - Success – Click **Next** to begin clearing the SQLite Agent Queue
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 5 –** The Clear Agent Queue window displays the task in progress and then its status as
 either:

@@ -22,10 +22,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Access Verification window, the given credentials either succeed or fail during
 a prerequisites or verification check.
@@ -34,8 +37,11 @@ a prerequisites or verification check.
   of prior to the next attempt.
 - Success – Click **Next** to begin hardening the Agent.
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 5 –** The Harden Agent window displays the task in progress and then its status as either:
 

@@ -10,8 +10,11 @@ The Agents Interface displays a list of servers where the Agent has been deploye
 remove a server from this list for any reason, such as when the Agent is no longer required on the
 server.
 
-**NOTE:** If the server has a deployed Agent, it will be added back to the list the next time the
+:::note
+If the server has a deployed Agent, it will be added back to the list the next time the
 Agent sends information to the Enterprise Manager.
+:::
+
 
 Follow the steps to remove a server from the list on the Agents Interface.
 

@@ -22,10 +22,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Access Verification window, the given credentials either succeed or fail during
 a prerequisites or verification check.
@@ -34,8 +37,11 @@ a prerequisites or verification check.
   of prior to the next attempt.
 - Success – Click **Next** to begin softening the Agent.
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 5 –** The Soften Agent window displays the task in progress and then its status as either:
 

@@ -22,10 +22,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Start Agent window, the Agent will be started. One of two status messages
 display:

@@ -13,11 +13,14 @@ Prevention administrator must start the Active Directory module. See the
 [Agent Safe Mode](/docs/threatprevention/7.4/admin/agents/safemode.md)
 topic for additional information.
 
-**_RECOMMENDED:_** If multiple DCs are in the Start Pending Modules state, this means one of the
+:::info
+If multiple DCs are in the Start Pending Modules state, this means one of the
 monitored system DLLs was changed from when the Agent was last run. This could impact the operation
 of the Agent. It is recommended to enable the pending modules on one DC initially and verify that
 Threat Prevention is collecting events as expected from this specific DC and that the DC appears to
 be stable before starting the pending modules on additional DCs.
+:::
+
 
 Follow the steps to start pending modules on a server.
 

@@ -21,10 +21,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Stop Agent window, the Agent will be stopped. One of two status messages
 display:

@@ -39,6 +39,9 @@ currently in use to the installer downloaded.
 - If the downloaded version is newer, the message displays both version numbers and provides an
   option to apply the update. Click **Apply Update**.
 
-**NOTE:** When the Agent installer is replaced with a newer version, all Agents’ versions in the
+:::note
+When the Agent installer is replaced with a newer version, all Agents’ versions in the
 Agents interface are highlighted to indicate they are not the current version. Agents should then be
 updated to the new version, using the Upgrade Agent option on the right-click menu.
+
+:::
@@ -46,4 +46,7 @@ manually deploy the Agent. It has the following fields:
 - Click **Copy** to copy the enrollment secret and enter it in the Certificates window of the Agent
   Setup wizard during manual Agent installation.
 
-**NOTE:** Restarting the Enterprise Manager cancels the current enrollment secret.
+:::note
+Restarting the Enterprise Manager cancels the current enrollment secret.
+
+:::
@@ -9,10 +9,13 @@ sidebar_position: 40
 The Log Level Configuration window displays the current log levels for the Agents, Enterprise
 Manager, and Administration Console. It also enables you to set new log levels.
 
-**NOTE:** Since Threat Prevention supports multiple instances of the Administration Console, each
+:::note
+Since Threat Prevention supports multiple instances of the Administration Console, each
 instance has its own settings for log levels. Changing the settings only affect the respective
 console instance. The Enterprise Manager and Agent log settings are global - the most recent changes
 made from any console instance apply.
+:::
+
 
 Follow the steps to set log levels.
 
@@ -83,21 +86,24 @@ Console log files are stored on the machine where the respective console is inst
 
 Log files are stored in the following locations:
 
-Enterprise Manager Log Files
+**Enterprise Manager Log Files**
 
 ![Enterprise Manager Log File Location](/img/product_docs/threatprevention/7.4/admin/agents/window/emlogs.webp)
 
 The default location is:
 
-…\Netwrix\Netwrix Threat Prevention\SIEnterpriseManager\logs\
+**…\Netwrix\Netwrix Threat Prevention\SIEnterpriseManager\logs\**
 
 Administration Console Log Files
 
 ![Administration Console Log File Location](/img/product_docs/threatprevention/7.4/admin/agents/window/consolelogs.webp)
 
 The default location is:
 
-…\Netwrix\Netwrix Threat Prevention\SIWinConsole\logs\
+**…\Netwrix\Netwrix Threat Prevention\SIWinConsole\logs\**
 
-**NOTE:** Log files for a remote instance of the Administration Console are available at the same
+:::note
+Log files for a remote instance of the Administration Console are available at the same
 location on the respective machine.
+
+:::
@@ -11,7 +11,10 @@ The Threat Prevention Agent can be deployed through any of the following methods
 - Deploy the Agent to server(s) through the Administration Console – You can deploy the Agent to one
   or multiple servers through the Administration Console
 
-  **_RECOMMENDED:_** This is the recommended method for deploying the Agent.
+  :::info
+  This is the recommended method for deploying the Agent.
+  :::
+
 
 - Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard
 
@@ -28,19 +31,25 @@ compatibility with other security products. See the
 [Agent Server Requirements](/docs/threatprevention/7.4/requirements/agent/agent.md)
 topic for additional information.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 The Deploy Agents wizard consists of four windows: Select Computers, Set Options, Prerequisites
 Check, and Installing.
 
 Follow the steps to deploy the Agent from the Administration Console to a new or existing machine
 using the Deploy Agents wizard.
 
-**CAUTION:** Closing the Administration Console while this action is in process causes problems with
+:::warning
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 1 –** Click Agents in the left pane to launch the Agents interface.
 
@@ -90,11 +99,14 @@ topic for additional information.
 
 The Agent will be listed in the table on the Agents interface.
 
-**NOTE:** If the server where the Agent is deployed has multiple network adapters (multi-homed),
+:::note
+If the server where the Agent is deployed has multiple network adapters (multi-homed),
 then it is necessary to bind the Agent to an adapter that can communicate with the Enterprise
 Manager. See the
 [Bind To](/docs/threatprevention/7.4/troubleshooting/agentcommunication.md#bind-to)
 topic for additional information.
+:::
+
 
 ## Update Agent Settings
 

@@ -38,9 +38,12 @@ The Set Options window provides the following options:
     Enterprise Manager to the Agent(s) as long as the Agent service is enabled.
   - Start Agent Service – Starts the Threat Prevention Agent service on host after installation
 
-    **NOTE:** If the Agent Service is not started at the time of deployment, the Agent requires
+    :::note
+    If the Agent Service is not started at the time of deployment, the Agent requires
     a manual start or will be started automatically after a server reboot. Until the Agent is
     started, no activity is monitored or blocked.
+    :::
+
 
 - Create Windows Firewall Rules – Creates firewall rules on the selected computers for Agent
   communication
@@ -93,10 +96,13 @@ the window appears as follows:
 This window displays the default selections in the Modules to Set and Additional Options areas; they
 do not represent the actual current state of the Agent.
 
-**NOTE:** To view the current state and configured options for an Agent, hover over the Version
+:::note
+To view the current state and configured options for an Agent, hover over the Version
 String column on the
 [Agents Interface](/docs/threatprevention/7.4/admin/agents/overview.md)
 data grid for the tool tip. The AD Agent column indicates the Agent’s mode.
+:::
+
 
 This Set Options window is the same as discussed above, with the exception of the following:
 
@@ -110,6 +116,9 @@ This Set Options window is the same as discussed above, with the exception of th
 
   This setting has no impact on the Use These Credentials and Enterprise Manager areas.
 
-**CAUTION:** Make sure you select the desired settings for the Agent on this window, such as the
+:::warning
+Make sure you select the desired settings for the Agent on this window, such as the
 Enable DNS Host Name Resolution and Safe Mode options, even when they are currently enabled for the
 Agent. Leaving them unchecked will disable those settings when the wizard completes.
+
+:::