# Endpoint protection

Endpoint Protection monitors your team's devices for security vulnerabilities, policy compliance, and Web3-specific risks. Since attackers increasingly target individual devices to gain access to wallets, credentials, and deployment systems, protecting endpoints is critical for Web3 organizations.

<figure><img src="/files/0UEyncvhLVZWxcwXBpFG" alt=""><figcaption></figcaption></figure>

## Why Endpoint Protection Matters

In Web3, compromised endpoints lead to:

* Stolen wallet private keys and seed phrases
* Compromised deployment credentials and CI/CD access
* Malware that signs transactions without user knowledge
* Clipper malware replacing wallet addresses during copy/paste
* Keyloggers capturing passwords and 2FA codes
* RAT (Remote Access Trojan) installations for persistent access

## Monitoring Capabilities

### Agent-Based Monitoring

Sentry's lightweight endpoint agent monitors devices without impacting performance:

**Supported Operating Systems**:

* macOS (10.15 and later)
* Windows (10 and later)
* Linux (major distributions)

### Web3-Specific Security Policies

Sentry includes policies tailored to Web3 operational security:

**Wallet Security**:

* Detect browser extensions with wallet access
* Identify insecure wallet applications
* Monitor for clipper malware
* Check for secure wallet storage locations

**Development Environment**:

* Ensure development tools are up to date
* Check for leaked .env files or credentials
* Monitor for unauthorized remote access tools
* Verify SSH key security

**Communication Security**:

* Monitor Discord/Telegram/Slack applications
* Check for screen sharing malware
* Detect unauthorized recording software

**System Hardening**:

* Firewall enabled and configured
* Disk encryption active (FileVault, BitLocker, LUKS)
* Automatic updates enabled
* Screen lock after inactivity
* Password-protected BIOS/UEFI

### Policy Enforcement

**Pass/Fail Status**: Each policy either passes or fails on each device.

**Host Reporting**: View which devices are failing each policy:

* Device name and owner
* Operating system details
* Last check timestamp
* Number of failing policies
* Severity of issues

**Remediation Guidance**: Each failing policy includes:

* Description of the security issue
* Step-by-step fix instructions
* Links to relevant documentation
* Estimate time to remediate

## Next Steps

* [Agent Deployment & Management](/monitoring/endpoint-protection/agent-deployment.md) - Agent installation and device management
* [Policy Dashboard & Inventory](broken://pages/ET7VdC54t7KyRvhMrf8m) - Compliance monitoring and vulnerability tracking


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sentry.auditware.io/monitoring/endpoint-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.