Host Management
  • 25 Apr 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Host Management

  • Dark
    Light
  • PDF

Article Summary

About this Article
This article provides information related to Host Management associated with the profiles - the available monitoring modes, association/disassociation of Probes (VM only) and syncing them with the latest allowlist on CMS.


Monitoring Modes

The available Monitoring Modes for the hosts are:

  1. Disabled - Host protection is not switched on 
  2. Detect - Executables that are not found in the host profile are reported immediately to CMS
    1. The executables are not stopped from execution
    2. If additional protection actions are configured in a protection profile, these actions are executed in response to a reported incident
  3. Protect - Executables that are not found in the host profile are suspended/blocked immediately. They are not acted upon until the user adds the detected errant executable to the allowlist or deletes it on the CMS
    1. In cases where the errant executable is added to the allowlist, the executable is resumed
    2. In cases where the errant executable is deleted from the allowlist, the executable is killed
    3. An executable not added to the allowlist on Windows is NOT allowed to execute
NOTE

Version 3.1 and Above: The protection modes can be configured independently for Executable (Host) Protection, ACP and Memory Exploit Protection 



To modify the Host Monitoring mode:

  1. On the Host Monitoring page, click the below icon
 
  1. Select all the required hosts and click Manage Monitoring Mode
    1. The Mode can be chosen separately for Executable Protection, App Control Policy or Memory Exploit Protection
    2. The Mode can be chosen for each host also. Select the required Monitoring Mode - Disable, Protect or DetectVSP3_1_ChangeProtectionMode
    3. If the Probe version is 3.0.x, only the Executable Protection Mode is considered for all the three modes
    4. Note that the ACP Monitoring can be in Protect Mode only if the Executable Protection is in Protect Mode. The Memory Exploit Protection Mode is independent of these two values
      1. When ACP is configured to Protect Mode, Executable Protection is automatically configured to Protect Mode (if in Detect/Disable mode)
      2. When Executable Protection is configured from Protect to Detect/Disable, ACP is automatically configured to Detect/Disable mode respectively
      3. Here are the allowed values:
        App Control PolicyExecutable Protection
        DisableProtect
        DisableDetect
        DisableDisable
        DetectProtect
        DetectDetect
        DetectDisable
        ProtectProtect
  1. Select all the required hosts and click Manage Monitoring Mode. The Mode can be chosen for each host also. Select the required Monitoring Mode - Disable, Protect or Detect. 


Associate/Disassociate Hosts (VMs only)

  1. On the Host Monitoring page, click the below icon
  2. The pop-up window displays the associated hosts. Click Manage Association > Associate
  3. Hosts with the same OS type and Registered status are listed for profile association. Select the required hosts. Click ASSOCIATE. Click YES on the confirmation screen
  4. By default, the hosts are in Disabled mode after the association
  5. Version 2.9 and Above: After association, a discovery scan is initiated on the newly associated host
  6. Standard search options are available to view the required hosts
  7. To disassociate hosts, select all the required hosts. Click Manage Association > Disassociate. Click YES on the confirmation screen


Mixed Mode (Linux only)

  1. The Mixed mode feature allows VSP Host Protection to support 32-bit applications running on 64-bit Linux machines
  2. By default, this feature is not enabled. Utilize the command below to enable it:
    vsp-cli config hmm edit mixedMode true
  3. Mixed mode is not supported on all Linux Operating Systems. The supported OS are:
    1. RHEL*
    2. UBUNTU*
    3. DEBIAN*
    4. AMAZON-LINUX 1
    5. SUSE
    6. ORACLE LINUX

* Refer to the Compatibility Matrix of the corresponding VSP version for more information on the OS versions



Was this article helpful?