Server unavailable (offline,
The Agent communicates with the
Appliance when available.
In case the Appliance is unavailable, the Agent uses a local
encrypted cache of hashes that have been checked previously. So a
computer that's being used offline (a laptop or notebook) can be
used the same way it was used while the Appliance was available, as
long as hashes are checked that have been previously allowed for
this computer. Note that for a hash to be stored in the local
encrypted cache, the Agent must check the hash on the whitelist,
which only happens when a program is used or a device is
Preparing for offline
The local cache only contains hashes that have previously been
checked on the Appliance. You can fill the cache with all entries
from the whitelist by clicking the menu item "prepare for offline
mode" in the Agent's icon. Verify the value "cachesize" in the
Agent's setup.ini is large enough to store all hashes from your
Unknown hashes while
In case the following conditions apply:
- Agent is offline (Appliance unavailable)
- Hash is unknown (e.g. user starts an application that's not in
then settings from the configuration option "offline mode" will
The following options are available:
The user will be presented with a password dialog. Entering the
correct password will allow the requested hash and add the hash to
a second local "offline cache".
"don't ask password, allow everything":
The computer will not block any unknown hash and will add the hash
to a second local "offline cache".
"challenge response method".
The user will be presented with a dialog containing a "challenge"
(numbers) and a text field in which a response must be entered:
The user can now call the administrator on the phone and explain
what he's doing. The administrator can create a "response" code
(menu item Extra > challenge response) and tell
it to the user, who in turn will be able to use the hash:
Hashes that represent configuration options can be configured the
same way as hashes that represent devices or programs.
In the example above, host "l1w7" is configured so that in offline
mode no hash will be denied, while all other computers will ask for
a password when unknown hashes are requested in onffline mode.
Local offline "delta
- the Agent is offline and
- the hash is not listed in the "offline cache" file and
- the hash is authorized using one of the methods mentioned
the Agent will add the hash to a second local cache file ("delta
cache"), which only contains hashes that have been allowed in
offline mode which were not listed in the first "offline
As soon as the Agent reconnects to the Appliance, all entries
from this "delta cache" will be checked on the whitelist. These
hashes will be learned on the Appliance (while it is in learn mode)
and listed in the logs. This way, the administrator will be
notified if users (try to) start untrusted hashes while in offline