Maintenance mode is an intermediate mode for configured hosts. In this mode, the probe goes into an "observer" state, allowing the execution of new binaries during the change control window. No Incidents are reported and new binaries are automatically added to the allowlist.


Utilize Maintenance Mode for system maintenance windows that involve the installation and uninstallation of multiple software packages that could otherwise generate a large number of incidents and management overhead.


Maintenance Mode is an extension to the auto-Allowlist mode where files with a good reputation (or unknown reputation if so selected) are automatically added to the Allowlist. The difference is that it also allows the scenarios in which reputation check is not configured or reputation is unknown and is active for a limited period of time - the "Maintenance Window".


Figure – Maintenance Mode Workflow