Contents x
    Host Management
    • 30 May 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Host Management

    • Updated on 30 May 2024
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    About this Article
    This article provides information related to Host Management associated with the profiles - the available monitoring modes, association/disassociation of Probes (VM only) and syncing them with the latest allowlist on CMS.


    Monitoring Modes

    The available Monitoring Modes for the hosts are:

    1. Disabled - Host protection is not switched on 
    2. Detect - Executables that are not found in the host profile are reported immediately to CMS
      1. The executables are not stopped from execution
      2. If additional protection actions are configured in a protection profile, these actions are executed in response to a reported incident
    3. Protect - Executables that are not found in the host profile are suspended/blocked immediately. They are not acted upon until the user adds the detected errant executable to the allowlist or deletes it on the CMS
      1. In cases where the errant executable is added to the allowlist, the executable is resumed
      2. In cases where the errant executable is deleted from the allowlist, the executable is killed
      3. An executable not added to the allowlist on Windows is NOT allowed to execute


    To modify the Host Monitoring mode:

    1. On the Host Monitoring page, click the below icon
    2. Select all the required hosts and click Manage Monitoring Mode. The Mode can be chosen for each host also. Select the required Monitoring Mode - Disable, Protect or Detect. 


    Associate/Disassociate Hosts (VMs only)

    1. On the Host Monitoring page, click the below icon
    2. The pop-up window displays the associated hosts. Click Manage Association > Associate
    3. Hosts with the same OS type and Registered status are listed for profile association. Select the required hosts. Click ASSOCIATE. Click YES on the confirmation screen
    4. By default, the hosts are in Disabled mode after the association
    5. Version 2.9 and Above: After association, a discovery scan is initiated on the newly associated host
    6. Standard search options are available to view the required hosts
    7. To disassociate hosts, select all the required hosts. Click Manage Association > Disassociate. Click YES on the confirmation screen


    Mixed Mode (Linux only)

    1. The Mixed mode feature allows VSP Host Protection to support 32-bit applications running on 64-bit Linux machines
    2. By default, this feature is not enabled. Utilize the command below to enable it:
      vsp-cli config hmm edit mixedMode true
    3. Mixed mode is not supported on all Linux Operating Systems. The supported OS are:
      1. RHEL*
      2. UBUNTU*
      3. DEBIAN*
      4. AMAZON-LINUX 1
      5. SUSE
      6. ORACLE LINUX

    * Refer to the Compatibility Matrix of the corresponding VSP version for more information on the OS versions


    Was this article helpful?
    What's Next