netwrix · AyeshaAz36 · Jul 16, 2025 · Jul 7, 2025 · Jul 7, 2025 · Jul 8, 2025
@@ -12,8 +12,11 @@ SQLite Agent Queue option dumps the queue and all pending events are lost.
 
 Follow the steps to clear the SQLite Agent queue for an Agent:
 
-**CAUTION:** These events are permanently deleted and are not processed by the Enterprise Manager on
+:::warning
+These events are permanently deleted and are not processed by the Enterprise Manager on
 reconnection. This option is for diagnostic and troubleshooting purposes only.
+:::
+
 
 **Step 1 –** Click Agents in the left pane to launch the Agents interface.
 
@@ -26,10 +29,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Access Verification window, the system performs a prerequisites or verification
 check that can fail or succeed.
@@ -38,8 +44,11 @@ check that can fail or succeed.
   of prior to the next attempt.
 - Success – Click **Next** to begin clearing the SQLite Agent Queue
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 5 –** The Clear Agent Queue window displays the task in progress and then its status as
 either:

@@ -22,13 +22,19 @@ check that can fail or succeed.
   of prior to the next attempt.
 - Success – Click **Next** to begin hardening the Agent.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 4 –** The Harden Agent window displays the task in progress and then its status as either:
 

@@ -10,8 +10,11 @@ The Agents Interface displays a list of servers where the Agent has been deploye
 remove a server from this list for any reason, such as when the Agent is no longer required on the
 server.
 
-**NOTE:** If the server has a deployed Agent, it will be added back to the list the next time the
+:::note
+If the server has a deployed Agent, it will be added back to the list the next time the
 Agent sends information to the Enterprise Manager.
+:::
+
 
 Follow the steps to remove a server from the list on the Agents Interface.
 

@@ -22,13 +22,19 @@ check that can fail or succeed.
   of prior to the next attempt.
 - Success – Click **Next** to begin softening the Agent.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
 
-**NOTE:** Closing the Administration Console while this action is in process causes problems with
+
+:::note
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 4 –** The Soften Agent window displays the task in progress and then its status as either:
 

@@ -22,10 +22,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Start Agent window, the Agent will be started. One of two status messages
 display:

@@ -12,11 +12,14 @@ deployed. This happens due to a change in the DLL versions. To exit this state,
 Prevention administrator must start the Active Directory module. See the
 [Agent Safe Mode](/docs/threatprevention/7.5/admin/agents/safemode.md) topic for additional information.
 
-**_RECOMMENDED:_** If multiple DCs are in the Start Pending Modules state, this means one of the
+:::info
+If multiple DCs are in the Start Pending Modules state, this means one of the
 monitored system DLLs was changed from when the Agent was last run. This could impact the operation
 of the Agent. It is recommended to enable the pending modules on one DC initially and verify that
 Threat Prevention is collecting events as expected from this specific DC and that the DC appears to
 be stable before starting the pending modules on additional DCs.
+:::
+
 
 Follow the steps to start pending modules on a server.
 

@@ -21,10 +21,13 @@ to connect to the target machine and query information about shares. A local Adm
 on the target machine should have access to the system shares. Click **OK** after entering the
 credentials.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 **Step 4 –** On the Stop Agent window, the Agent will be stopped. One of two status messages
 display:

@@ -11,9 +11,12 @@ DLL), in LSASS without having to upgrade the entire Agent. To facilitate this, t
 [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) displays the currently installed versions of the Agent and the
 ADMonitor DLL.
 
-**NOTE:** The Agent and the ADMonitor DLL should have the same major/minor version, such as 7.5.x.x,
+:::note
+The Agent and the ADMonitor DLL should have the same major/minor version, such as 7.5.x.x,
 where x.x for the DLL can be equal or higher than that of the Agent. Example: Agent 7.5.0.123 and
 DLL 7.5.0.777
+:::
+
 
 In previous Threat Prevention versions, you had to uninstall the Agent and then reinstall it just to
 update the ADMonitor DLL. With Threat Prevention 7.5, the _Upgrade ADMonitor_ feature enables you to

@@ -38,6 +38,9 @@ currently in use to the installer downloaded.
 - If the downloaded version is newer, the message displays both version numbers and provides an
   option to apply the update. Click **Apply Update**.
 
-**NOTE:** When the Agent installer is replaced with a newer version, all Agents’ versions in the
+:::note
+When the Agent installer is replaced with a newer version, all Agents’ versions in the
 Agents interface are highlighted to indicate they are not the current version. Agents should then be
 updated to the new version using the Upgrade Agent option on the right-click menu.
+
+:::
@@ -45,4 +45,7 @@ manually deploy the Agent. It has the following fields:
 - Click **Copy** to copy the enrollment secret and enter it in the Certificates window of the Agent
   Setup wizard during manual Agent installation.
 
-**NOTE:** Restarting the Enterprise Manager cancels the current enrollment secret.
+:::note
+Restarting the Enterprise Manager cancels the current enrollment secret.
+
+:::
@@ -9,10 +9,13 @@ sidebar_position: 40
 The Log Level Configuration window displays the current log levels for the Agents, Enterprise
 Manager, and Administration Console. It also enables you to set new log levels.
 
-**NOTE:** Since Threat Prevention supports multiple instances of the Administration Console, each
+:::note
+Since Threat Prevention supports multiple instances of the Administration Console, each
 instance has its own settings for log levels. Changing the settings only affect the respective
 console instance. The Enterprise Manager and Agent log settings are global - the most recent changes
 made from any console instance apply.
+:::
+
 
 Follow the steps to set log levels.
 
@@ -99,5 +102,8 @@ The default location is:
 
 …\Netwrix\Netwrix Threat Prevention\SIWinConsole\logs\
 
-**NOTE:** Log files for a remote instance of the Administration Console are available at the same
+:::note
+Log files for a remote instance of the Administration Console are available at the same
 location on the respective machine.
+
+:::
@@ -11,7 +11,10 @@ The Threat Prevention Agent can be deployed through any of the following methods
 - Deploy the Agent to server(s) through the Administration Console – You can deploy the Agent to one
   or multiple servers through the Administration Console
 
-  **_RECOMMENDED:_** This is the recommended method for deploying the Agent.
+  :::info
+  This is the recommended method for deploying the Agent.
+  :::
+
 
 - Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard
 
@@ -26,19 +29,25 @@ the deployment fails. Remember to check server requirements before deploying the
 compatibility with other security products. See the
 [Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent/agent.md) topic for additional information.
 
-**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+:::note
+The wizard does not block access to the Administration Console and can be minimized while
 actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
 blue link displays on the upper right corner of the interface with the action name displayed. Click
 this link to bring back the focus to the wizard.
+:::
+
 
 The Deploy Agents wizard consists of four windows: Select Computers, Set Options, Prerequisites
 Check, and Installing.
 
 Follow the steps to deploy the Agent from the Administration Console to a new or existing machine
 using the Deploy Agents wizard.
 
-**CAUTION:** Closing the Administration Console while this action is in process causes problems with
+:::warning
+Closing the Administration Console while this action is in process causes problems with
 data collection.
+:::
+
 
 **Step 1 –** Click Agents in the left pane to launch the Agents interface.
 
@@ -81,10 +90,13 @@ was successful. See the [Installing Window ](/docs/threatprevention/7.5/admin/ag
 
 The Agent will be listed in the table on the Agents interface.
 
-**NOTE:** If the server where the Agent is deployed has multiple network adapters (multi-homed),
+:::note
+If the server where the Agent is deployed has multiple network adapters (multi-homed),
 then it is necessary to bind the Agent to an adapter that can communicate with the Enterprise
 Manager. See the [Bind To](/docs/threatprevention/7.5/troubleshooting/agentcommunication.md#bind-to) topic for
 additional information.
+:::
+
 
 ## Update Agent Settings
 

@@ -37,9 +37,12 @@ The Set Options window provides the following options:
     Enterprise Manager to the Agent(s) as long as the Agent service is enabled.
   - Start Agent Service – Starts the Threat Prevention Agent service on host after installation
 
-    **NOTE:** If the Agent Service is not started at the time of deployment, the Agent requires
+    :::note
+    If the Agent Service is not started at the time of deployment, the Agent requires
     a manual start or will be started automatically after a server reboot. Until the Agent is
     started, no activity is monitored or blocked.
+    :::
+
 
 - Create Windows Firewall Rules – Creates firewall rules on the selected computers for Agent
   communication
@@ -87,9 +90,12 @@ option on the [Right-Click Menu](/docs/threatprevention/7.5/admin/agents/overvie
 This window displays the default selections in the Modules to Set and Additional Options areas; they
 do not represent the actual current state of the Agent.
 
-**NOTE:** To view the current state and configured options for an Agent, hover over the Version
+:::note
+To view the current state and configured options for an Agent, hover over the Version
 String column on the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) data grid for the tool tip. The AD Agent
 column indicates the Agent’s mode.
+:::
+
 
 This Set Options window is the same as discussed above, with the exception of the following:
 
@@ -102,6 +108,9 @@ This Set Options window is the same as discussed above, with the exception of th
 
   This setting has no impact on the Use These Credentials and Enterprise Manager areas.
 
-**CAUTION:** Make sure you select the desired settings for the Agent on this window, such as the
+:::warning
+Make sure you select the desired settings for the Agent on this window, such as the
 Enable DNS Host Name Resolution and Safe Mode options, even when they are currently enabled for the
 Agent. Leaving them unchecked will disable those settings when the wizard completes.
+
+:::
@@ -16,7 +16,10 @@ The Threat Prevention Agent can be deployed through any of the following methods
 - Deploy the Agent to server(s) through the Administration Console – You can deploy the Agent to one
   or multiple servers through the Administration Console
 
-  **_RECOMMENDED:_** This is the recommended method for deploying the Agent.
+  :::info
+  This is the recommended method for deploying the Agent.
+  :::
+
 
 - Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard
 
@@ -48,21 +51,27 @@ information for an Agent:
   - AD Event Latency – Time difference between when the event was detected by the Agent and when
     the Enterprise Manager received it
 
-    **NOTE:** When the **Send Latency Alerts** option is enabled in the
+    :::note
+    When the **Send Latency Alerts** option is enabled in the
     [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md), a
     warning symbol appears to indicate excessive latency. This warning symbol also appears when
     the Agent fails to load the instrumentation DLL, SI.ActiveDirectoryMonitor.dll (commonly
     known as ADMonitor DLL), into the LSASS process or when it fails to load the instrumentation
     DLL to MS Exchange.
+    :::
+
 
 - FSMO Roles – The FSMO (Flexible Single Master Operation) role(s) currently assigned to the domain
   controller where the Agent is deployed. Role names are displayed as abbreviations. For example,
   'SM' is displayed for the Schema Master role. Hover over data in this column to view the full
   names.
 
-  **NOTE:** You can use the FSMO roles information in combination with a policy created for the
+  :::note
+  You can use the FSMO roles information in combination with a policy created for the
   [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) to view events
   about which machine acquired a FSMO role and which machine relinquished it.
+  :::
+
 
 - Operating System – Operating system for the machine where the Agent is deployed with version
   information, including service pack details. For example, Windows Server 2022 Standard.. For
@@ -190,10 +199,13 @@ Below are some considerations:
   SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the
   [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information.
 
-  **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See
+  :::info
+  Activate an email notification for the _LSASS process terminated_ alert. See
   the
   [Enable the 'LSASS Process Terminated' Email Alert](/docs/threatprevention/7.5/troubleshooting/lsass.md#enable-the-lsass-process-terminated-email-alert)
   topic for additional information.
+  :::
+
 
 - In addition to the LSASS process termination check, the Agent can be configured for a Safe Mode.
   In Safe Mode, the Agent records the version of the LSASS DLLs that it hooks into during
@@ -208,6 +220,9 @@ Below are some considerations:
   resolve the issue permanently. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)
   topic for additional information.
 
-  **_RECOMMENDED:_** Activate an email notification for this alert. See the
+  :::info
+  Activate an email notification for this alert. See the
   [Enable Agent Started in AD Monitor Pending Mode Email Alert](/docs/threatprevention/7.5/admin/agents/safemode.md#enable-agent-started-in-ad-monitor-pending-mode-email-alert)
   topic and the [Agent Safe Mode](/docs/threatprevention/7.5/admin/agents/safemode.md) topic for additional information.
+
+  :::