FAQs

What are the types of Host-related incidents that are not reported during the maintenance mode?What are the types of Host-related incidents that are not reported during the maintenance mode?

Incidents related to Process and library monitoring, ACP and Memory exploit protection are not reported. All the other types of incidents (VSP-Web, FSM and VSP-Memory) are reported on CMS even during the maintenance mode.

What are the types of Host-related files that are automatically added to allowlist during maintenance mode?What are the types of Host-related files that are automatically added to allowlist during maintenance mode?

Only the new .exe and library files are added to the allowlist automatically.

How does the maintenance mode work in case of Pristine Mode is enabled?How does the maintenance mode work in case of Pristine Mode is enabled?

In Pristine Mode, once the Maintenance window ends, the below events occur:

A scan is initiated on all the hosts in Maintenance mode
Once the scan is complete, all the newly installed processes/libraries are auto-allowlisted
The processes/libraries installed after the initial scan completion and before the start of the Maintenance window are reported to CMS as incidents

What happens to that files that were previously not allowlisted explicitly? Are they discovered again during maintenance mode?What happens to that files that were previously not allowlisted explicitly? Are they discovered again during maintenance mode?

Such files are not allowlisted after maintenance ends. They are also not re-discovered during the scan.