Host Profile

Version 2.10 to 3.0:

1. Navigate to Manage > Host > Host Protection in the left navigation pane. Click ADD PROFILE
2. Provide the below information

   Field Name	Description
   Name	Name of the profile
   Profile Tag	Tag used during VM Probe auto registration
   Library Monitoring	Select the box to enable Library Monitoring
   Memory Exploit Protection	Enable it for Memory Exploit Protection functionality
   Auto Allowlist	Auto allowlist files with reputation ”SAFE”
   Auto Allowlist Unknown files from Discovery Scan	Auto allowlist files with reputation “UNKNOWN”
   Auto Allowlist Unknown files from Discovery Scans and Incidents	Auto allowlist files with reputation “UNKNOWN” and source “INCIDENTS”
   Allow New Publisher/Package	Auto allowlist any new publisher/package detected due to new software installation OR new instance association with the profile When enabled, the publisher/package is automatically added to the allowlist with the source as “SCAN”. When Maintenance Mode is stopped, the newly added Publishers/Packages are listed in the respective lists. If Maintenance Mode is cancelled, only when the Publishers/Packages are accessed, they are listed in the respective lists with the source as “Incident” without any incidents reported in CMS When disabled and the Maintenance Mode is stopped, the newly added Publishers/Packages are listed in the respective lists. If Maintenance Mode is cancelled, only when the Publishers/Packages are accessed, incidents are reported with the Publishers/Packages listed in the respective lists with the source as “Incident” The user can modify the allowlist as required at any point. The modified list is published to the Probe
   Operating System	Select the Operation System – Windows/Linux - from the drop-down list
   Default Monitoring Mode	Select the monitoring mode as Protect or Detect
   App Control Policy Name	(Optional) Select the appropriate App Control policy from the drop-down list
   Protection Profile Name	(Optional) Select the appropriate Protection profile from the drop-down list. Based on the selected Host OS, Protection Profiles relevant to that OS are populated
   Exclusions for Allowlist	This is the list of directories that need to be excluded from host monitoring. Executables launched from these directories are not reported as incidents. Add the directories individually and press return key. Normal regex syntax can be utilized. This is a local list applicable only to the profile being created. By default, some directories are added to the list. Do not alter them as that can affect normal VSP functioning.
   Exclusions for Memory Exploit Protection	This is the list of directories that need to be excluded from Memory Exploit Protection. By default, some directories are added to the list. Do not alter them as that can affect normal VSP functioning.

   
3. Click SAVE
4. The created profile is listed on the Host Monitoring page

Version 2.9 and Below:

1. Navigate to Manage > Host > Host Protection in the left navigation pane. Click ADD PROFILE
2. Provide the below information

   Field Name	Description
   Name	Name of the profile
   Profile Tag	Tag used during VM Probe auto registration
   Library Monitoring	Select the box to enable Library Monitoring
   Memory Exploit Protection	Enable it for Memory Exploit Protection functionality
   Auto Allowlist	Auto allowlist files with reputation ”SAFE”
   Auto Allowlist Unknown files from Reference Host Scan	Auto allowlist files with reputation “UNKNOWN”
   Auto Allowlist Unknown files from Reference Host Scans and Incidents	Auto allowlist files with reputation “UNKNOWN” and source “INCIDENTS”
   Allow New Publisher/Package	Auto allowlist any new publisher/package detected due to new software installation OR new instance association with the profile When enabled, the publisher/package is automatically added to the allowlist with the source as “SCAN”. When Maintenance Mode is stopped, the newly added Publishers/Packages are listed in the respective lists. If Maintenance Mode is cancelled, only when the Publishers/Packages are accessed, they are listed in the respective lists with the source as “Incident” without any incidents reported in CMS When disabled and the Maintenance Mode is stopped, the newly added Publishers/Packages are listed in the respective lists. If Maintenance Mode is cancelled, only when the Publishers/Packages are accessed, incidents are reported with the Publishers/Packages listed in the respective lists with the source as “Incident” The user can modify the allowlist as required at any point. The modified list is published to the Probe
   Host Name	Select the name of the host from the drop-down list
   Default Monitoring Mode	Select the monitoring mode as Protect or Detect. This is applicable for all hosts except the reference host used to create the allowlist. Ensure that the monitoring mode is explicitly set for the reference host once the host scan is complete and the allowlist is published. For subsequent hosts associated with the profile, the default Mode is applied automatically
   App Control Policy Name	(Optional) Select the appropriate App Control policy from the drop-down list
   Protection Profile Name	(Optional) Select the appropriate Protection profile from the drop-down list. Based on the selected Host OS, Protection Profiles relevant to that OS are populated
   Exclusions for Allowlist	This is the list of directories that need to be excluded from host monitoring. Executables launched from these directories are not reported as incidents. Add the directories individually and press return key. Normal regex syntax can be utilized. This is a local list applicable only to the profile being created. Version 2.9 : By default, some directories are added to the list. Do not alter them as that can affect normal VSP functioning.
   Exclusions for Memory Exploit Protection	This is the list of directories that need to be excluded from Memory Exploit Protection. Version 2.9 : By default, some directories are added to the list. Do not alter them as that can affect normal VSP functioning.

3. Click SAVE
4. The created profile is listed on the Host Monitoring page
5. In both Windows and Linux, the mounted folders are auto-excluded during the initial system scan
6. The below icon is displayed when the scan is in progress. Expand the profile to view more information
7. Once the scan is complete, click the icon below
8. The warning message below is displayed
9. Click Edit AllowList and allow the execution of required files, libraries and scripts 
10. Click Publish Changes to update the associated host