Configuring the Agent's Settings
Automatically allow all known DLLs
Automatically allows DLL modules that are commonly loaded by the network application.
Disabling this feature will cause the engine to prompt for permission on all new DLLs that
are loaded, and may cause very frequent prompting when using a complex network
application, such as an Internet browser. By default, this option is enabled in the Agent.
Enable anti-MAC spoofing
Allows incoming and outgoing ARP traffic only if an ARP request was made to that specific
host. It blocks all other unexpected ARP traffic and logs it in the Security Log. By default,
this option is enabled on the Agent.
Some hackers use MAC spoofing to attempt to hijack a communication session between two
computers in order to hack one of the machines. MAC (media access control) addresses are
hardware addresses that identify computers, devices, servers, routers, etc. When Computer A
wants to communicate with Computer B, it may send an ARP (Address Resolution Protocol)
packet to the computer.
Enable anti-IP spoofing
IP spoofing is a process used by hackers to hijack a communication session between two
computers, which we will call Computers A and B. A hacker can send a data packet that
causes Computer A to drop the communication. Then, pretending to be Computer A, the
hacker can communicate with Computer B, thus hijacking a communication session and
attempting to attack Computer B.
Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of
each communication packet, preventing a hacker from anticipating a packet and intercepting
it. It is recommended that you enable this option along with
Enable OS fingerprint
masquerading
. By default, this option is enabled on the Agent.
Enable OS fingerprint masquerading
Keeps programs from detecting the operating system of a device running the Agent
software. When OS Fingerprint Masquerading is enabled, the Agent modifies TCP/IP
packets so it is not possible to determine its operating system. It is recommended that you
enable this option along with
Enable anti-IP spoofing
, discussed previously. By default,
this option is enabled on the Agent.
NetBIOS protection
Blocks all communication from computers located outside the Agent’s local subnet range.
NetBIOS traffic is blocked on UDP ports 88, 137, and 138 and TCP ports 135, 139, 445,
and 1026. Be aware that this can cause a problem with Outlook if connecting to an
Exchange server that is on a different subnet. If that occurs, you should create an advanced
45