HP Sygate Security Agent User Guide
Automatically block attacker’s IP address for... second(s)
Blocks all communication from a source host once an attack has been detected. For
instance, if the Agent detects a DoS attack originating from a certain IP address, the Agent
will block any and all traffic from that IP for the duration specified in the seconds field. By
default, this option is enabled in the Agent.
Block all traffic while the service is not loaded
Prevents any traffic from entering or leaving your device during the seconds between the
time that your machine turns on and the Agent is launched. This time frame is a small
security hole that can allow unauthorized communication. Enabling this feature prevents
possible Trojan horses or other unauthorized applications from communicating with other
computers or devices. This also takes effect if the Agent crashes or if the Agent is shut
down. By default, this option is enabled in the Agent.
Allow initial traffic
Enables initial traffic, needed for basic network connectivity, to take place. This includes
initial DHCP and NetBIOS traffic so that the Agent can obtain an IP address, for example.
By default, this option is enabled in the Agent.
Enable DLL authentication
Allows the Agent to determine which DLLs are used by which trusted applications and to
store that information. The Agent then blocks applications that are using DLLs that are not
associated with a trusted application or DLLs that are associated with a trusted application
and that have changed. Note that this may take place if you download a patch to an
application that modifies that application’s DLL, in which case you are prompted to approve
or reject using this changed DLL.
A DLL (dynamic link library) is list of functions or data used by Windows applications.
Most, if not all, Windows applications use DLLs to run, and each application uses specific
DLLs. Often, several applications will access the same DLL. However, some hackers try to
disguise malicious code or applications as DLLs, and use them to hack computers. Most
DLLs have a file extension of .dll, .exe, .drv, or .fon.
Because this option can interfere with the functioning of Windows applications, it is
recommended that only users who have a firm understanding of Windows and DLLs enable
this feature. By default, this option is disabled in the Agent.
Reset all fingerprints for all applications
Clears the Agent’s memory of all application fingerprints. The result is that each time you
use an application that uses the network, you are prompted through a pop-up message to
Allow
or
Block
that application’s activity. By default, this option is enabled in the Agent.
44