Contents x
    Maintenance Mode
    • 04 Dec 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Maintenance Mode

    • Updated on 04 Dec 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    About this Article

    This article provides information related to the Maintenance Mode operation.

    What is Maintenance Mode?

    Maintenance Mode is a temporary state that fully disables host-level security monitoring on selected hosts. During this time:

    • No runtime memory protection

    • No application control enforcement

    • No memory exploit detection

    Important: This is not a reduced protection state—it’s a complete suspension of host security monitoring.

    What Stays Active?

    • Web Application Protection

    • File System Monitoring (FSM)

    • Buffer Exploit Protection

    When to Use Maintenance Mode

    Ideal for:

    • Planned software installations

    • OS patches and updates

    • Application or database upgrades

    • High-volume executable changes

    Do NOT use during:

    • Routine restarts or config changes

    • CMS or Probe upgrades

    • Scenarios requiring continuous protection

    How It Works

    Maintenance Mode uses a manual start/stop process:

    [Normal Protection] → [Start Maintenance] → [No Protection] → [Stop/Cancel] → [Normal Protection]

    • No automatic timeout

    • Persists across reboots

    • Must be ended manually in CMS

    Starting Maintenance Mode

    1. Verify UTC time sync between CMS and Probe

    2. In CMS, go to Host Monitoring

    3. Select hosts → Click Maintenance → Start

    4. Confirm action

    Indicators: “Maintenance State: Active” and grayed-out monitoring mode.

    Ending Maintenance Mode

    Two options:

    • Stop (Recommended):

      • Runs a File System Scan for files changed during maintenance

      • Auto-allowlists new executables with good/unknown reputation

      • Restores original protection mode

    • Cancel:

      • Ends immediately without scanning or allowlisting

    Best Practice: Reboot before ending Maintenance Mode to capture all changes.

    Security Warning

    While active:

    • Malware can run undetected

    • No memory or application protection

    • System is vulnerable

    Minimize duration and use only during approved change windows.

    Key FAQs

    • Incidents suppressed? Host-level incidents are suppressed; web and FSM incidents still reported.

    • Auto-allowlisting? Only new executables found during FS Scan with non-threat reputation.

    • Timeout? None—must end manually.

    • Schedule end? Not supported via CMS (refer to API).

    Was this article helpful?
    What's Next