Admin FAQ
Q. Events are being detected too frequently and interrupting my work.
MonitorDog detects events based on configured detection rules. You can adjust both organization-level and personal detection rules to fine-tune the types of events being detected. Setting appropriate detection rules for the organization and individual users ensures effective monitoring with fewer unnecessary interruptions.
Detection Modes
- Auto Lock : Automatically locks the screen and logs the event when detection occurs.
- Log Only : Records the event in logs without locking the screen.
- No Detection : Disables detection entirely; no logs or screen locks are generated.
Q. Suspicious activity is frequently detected and causing disruptions.
MonitorDog identifies suspicious activity according to predefined scenarios. In the case of Too Many Events, you can configure both the threshold value and the time range for detection. Adjust these settings to avoid unnecessary alerts during normal work activity.
Example
- Threshold: 3 / Time Range: 1 minute → 3 events within 1 minute are considered suspicious
- Threshold: 10 / Time Range: 2 minutes → 10 events within 2 minutes are considered suspicious
If you prefer not to lock the screen when a scenario is triggered, you can modify the scenario's lock settings to disable locking. Event logs will still be generated even if screen locking is disabled.
Q. Detection rules set at the organization level do not seem to apply.
Organization-level detection rules are applied only as default values for newly registered users. If a user modifies their personal detection rules, those take precedence. Please verify that the user’s individual rules match the intended organization settings.
Q. When selecting multiple users in the user table, detection rules appear different from the actual settings.
The user table allows batch modification of settings across multiple users. To display a unified view, all detection rules are shown as disabled when multiple users are selected. To review the exact detection rules of an individual user, select that user alone.
Q. Event timestamps and scenario timestamps differ from actual occurrence times.
By default, both organization and user time zones are set to UTC. Verify that the organization and user time zone settings match the expected event occurrence times.
Q. What is the difference between a regular user and an admin user?
Regular users are the monitored endpoints and cannot access the MonitorDog Admin service. Admin users can view monitoring results, manage user information, and control the MonitorDog Agent. To upgrade a regular user to an admin, change their role to Limited or higher on the user details page. To downgrade an admin user back to a regular user, set their role to Limited.
Q. What is the purpose of marking a user as "High Priority"?
Marking a user as a focus target highlights them for closer monitoring. It does not apply different actions or restrictions, but serves as a flag for administrators. The setting can be applied or removed directly from the user table or user details page.
Q. Can I add more applications to the Blocked Programs list?
Blocked programs are divided into System Default Entries and User-Added Entries. System default entries are maintained by the MonitorDog team and include applications identified as potential security threats or productivity risks. These are continuously updated.
If you need to use a blocked program for legitimate work purposes, you can toggle its detection or locking behavior off.
To request additional programs to be blocked, submit the program name, category, and reference links to the MonitorDog team. Upon review, the program may be added to the blocked list. Detection and locking can still be adjusted for any registered program, or removed entirely if unnecessary.