Keeper Forcefield

Endpoint Protection for Sensitive Data

Keeper Forcefield: Endpoint Protection for Sensitive Data

Keeper Forcefield is currently in Preview Only

Overview

Keeper Forcefield is an advanced endpoint security product for Windows that protects sensitive applications and processes from unauthorized access. It is specifically designed to defend against threats such as memory scraping and credential harvesting from malicious software installed via phishing or other attacks.

Forcefield integrates directly with the Keeper Desktop application and operates silently in the background to ensure data protection without impacting performance or usability.

A standalone .msi installer is also available for usage without the Keeper Desktop application.

Getting Started

Install Keeper Forcefield via Keeper Desktop

To get started, install the Keeper Desktop App.

After installation:

  • Navigate to Settings > Security in Keeper Desktop

  • Toggle Keeper Forcefield ON

Once enabled, Forcefield will immediately begin protecting your environment.

Forcefield Screen on Keeper Desktop
Forcefield Installer
Forcefield is ON

Standalone Production Version

Production release is planned for April

The installation of the standalone version of Keeper Forcefield is available at the below URL:

https://download.keepersecurity.com/forcefield/keeperforcefield.msidownload.keepersecurity.com
Production Standalone Installer

Preview Version

The standalone preview version is availalable at the below URL:

https://download.keepersecurity.com/forcefield/preview/keeperforcefield.msi
Preview Standalone Installer

System Tray

The system tray provides a Forcefield status and the ability to check for a new version.

Forcefield System Tray

How Forcefield Works

  • Kernel-Level Protection: Installs a lightweight driver that monitors and restricts memory access to protected applications.

  • Selective Memory Restriction: Blocks unauthorized processes from reading memory of protected applications.

  • Smart Process Validation: Only untrusted processes are blocked. Trusted system processes function normally.

  • Seamless Integration: Works silently in the background without disrupting user experience.

Applications Protected by Forcefield

The following applications are protected by process name and validated via code signature:

Keeper Applications:

  • keeperpasswordmanager.exe

  • keeper-ksm.exe

  • keeper-commander.exe

  • keeper-gateway-service.exe

  • KeeperBridgeClient.exe

  • KeeperBridgeSvc.exe

  • chat.UWP.exe

  • keeperimport.exe

Web Browsers:

  • chrome.exe

  • msedge.exe

  • firefox.exe

  • brave.exe

  • opera.exe

  • vivaldi.exe

If you would like Keeper Forcefield to protect additional applications, please email us at forcefield@keepersecurity.com and we'll consider your request.

Key Benefits

  • Enhanced Security: Prevents memory scraping and credential theft.

  • Lightweight: Minimal impact on system performance.

  • User Controlled: Toggle on/off from Keeper Desktop.

  • Broad Compatibility: Supports Windows 10 and above.

Updates

Auto and Manual Updates

  • Forcefield checks for updates 10 seconds after the client starts and every 24 hours.

  • The update source is determined by %userprofile%\.keeper\forcefield.ini:

    • stable: https://download.keepersecurity.com/forcefield/version.txt

Update Installation

If an update is found, the system tray icon will indicate availability. Users must approve the update. Upon confirmation, Forcefield will download and launch the MSI installer.

  • Install silently (admin required):

    msiexec.exe /i keeperforcefield.msi /quiet

  • Uninstall silently (admin required):

    msiexec.exe /x keeperforcefield.msi /quiet

Update Verification

  • MSI packages are code-signed with Keeper's EV certificate.

  • The updater verifies the signature before launching.

How to Verify It’s Running

Run the following command:

sc.exe query keeperforcefield

If the state is RUNNING, Forcefield is active.

Quick Testing

To verify protection:

  1. Open Task Manager.

  2. Right-click on a protected process.

  3. Choose Create memory dump file.

  4. The .dmp file should be 0 bytes if blocked.

Component Overview

  • Driver: %systemroot%\system32\drivers\keeperforcefield.sys

  • Client: %programfiles%\Keeper Forcefield\keeperforcefield.exe

The client handles updates and communicates with the driver.

Network Requirements

Outbound HTTPS access is required to the following:

  • https://download.keepersecurity.com/forcefield/

Update Control

  • Updates are user-invoked from the system tray.

  • Admins can manage updates using remote software distribution tools (e.g. RMM).

  • Admins can test updates before rollout.

Silent Installation / Uninstallation

Install:

msiexec.exe /i keeperforcefield.msi /quiet

Uninstall:

msiexec.exe /x keeperforcefield.msi /quiet

To log installation or uninstallation:

msiexec.exe /i keeperforcefield.msi /quiet /l*v install.log

Troubleshooting

If an error occurs:

  • Check for dump files in C:\Windows\Minidump

  • If missing:

    • Crash dumps may be disabled

    • Power loss or insufficient permissions could be the cause

  • Provide the .dmp file to Keeper support for analysis via windbg.exe

Note: Crashes may not always be related to ForceField. Ensure proper diagnosis.

Admin Deployment

  • ForceField can be silently deployed using standard MSI methods.

  • Compatible with software management tools.

  • The .msi can be downloaded directly or embedded within Keeper Desktop build.

PreviousKeeperPAM Privileged Access ManagerNextKeeperChat

Last updated

Was this helpful?