Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

Agent configuration



About Agent configuration

Agent configuration options are part of the whitelist. Select the "Rules" tab and choose the "by program" view (leftmost radiobutton or menu item View > Rules > By Program). Scroll upwards and double-click "Agent config":

AgentConfig

Click in the empty line to create additional rules if need be.
newline

Changing Agent configuration options changes the whitelist, so they must be sent to the server to be put into effect:
activate

Furthermore, the Agent requests information about these configuration settings only at the time the agent connects to the Appliance. If you want your Agent configuration changes to be enforced immediately, you need to:
  • make the Agent configuration change
  • activate the change on the Appliance
  • reboot the computer on which you want your changes to become active

Instead of rebooting the computer, you can also click on the Agent's icon in the taskbar and choose "re-check devices". This will manually trigger a reload of Agent configuration data on this computer.



Device check

Defines whether the referring object should:
  • not manage USB devices
  • manage USB devices, identified by their USB vendor ID and product ID only. Multiple devices of the same product and manufacturer will only have one entry in the whitelist, since VIDPID is the same for each device.
  • manage USB devices, identified by their serial number (if applicable). Each device will have a separate entry in the whitelist since devices are identified by their individual serial number.


Disable warning

In case the "Disable Mode" is activated for more than 15 minutes, a reminder will be shown:
DisableNotification

This can be configured using the option "config_disablenotification_00000":
DisableNotification


Disable password

Defines the password for locally disabling the Agent on the referring object.

Any user may click on the Agent's icon in the taskbar of their computer and choose "disable SecuLution":
agentmenu

The user will be asked a password:
pw

After entering the correct password the Agent will enter "disabled mode". In this mode the Agent will not deny any hash until the Agent is either re-enabled or the computer is restarted. However, the Agent will still check each hash on the Appliance, so the Appliance will still log every unknown program or device that was started or used on this computer.

Entering "Disabled mode" is logged in the Appliance's log system (administrative logs switched on):



A disabled SecuLution Agent is indicated by the Agent's icon:
disabled


DLL check

Defines whether the referring object should also check dynamic libraries.
By default this option is set to "do not check dlls", because this option will have an impact on the amount of administrative work, performance and network load. Read the FAQ before you turn this option on.


Java code check

Defines whether the referring object should also check Java code. Javascript code within a browser is not being affected.


Hideicon

Defines whether the referring object should show or hide the Agent icon in the taskbar.
icon

If hidden, the icon can still be shown (e.g. to access the menu) by starting the program "SSIcon.exe" from the Agent install path (usually "C:\Program Files\SecuLution\Agent") manually.


Offline mode

Defines what the Agent running on the referring object (computer) should do in case the Appliance is unreachable (the Agent is offline) and an as-yet-unknown hash should be checked. More details available here.



GUI translation

The content of the Agents menus are configurable in "Agent config / _Agent GUI translation" in view "Rules by programs".

This enables individual translations per user, group, computer or region.

These individual translations are set on the client computer only during installation of the Agent. therefore a later change of translations in the whitelist does not change the translations on the client computers.