Table of contents

Overview section of the Computer editor

The Computer editor Overview page has the following tabbed sections:

General tab

  • Hostname: Appears in the Name column on the Computers page. The name must be either the IP address of the computer or the hostname of the computer. Either a fully qualified hostname or a relative hostname can be used if a hostname is used instead of an IP address. You have to specify a hostname that can be resolved or a valid IP address that Workload Security can access. This is because the communication between Workload Security and the agent computers are based on the hostname. For relay-enabled agents, all of the computers within the relay group should be able to reach the specified IP address or hostname. If Workload Security cannot access the target computer the communication direction should be set to Agent/Appliance Initiated (Settings > Computer).
  • Display Name: Appears in the Display Name column and in brackets next to the Hostname value.
  • Description: A description of the computer.
  • Platform: Details of the computer's OS.
  • Group: The computer group to which the computer belongs appears in the list. You can reassign the computer to any other existing computer group.
  • Policy: The policy (if any) that has been assigned to this computer.

    Keep in mind that if you unassign a policy from a computer, rules may still be in effect on the computer if they were assigned independently of the policy.

  • Asset Importance: Workload Security uses a ranking system to quantify the importance of security events. Rules are assigned a severity level (high, medium, low, and so on), and assets (computers) are assigned an asset importance level. These levels have numerical values. When a rule is triggered on a computer the asset importance value and the severity level value are multiplied together. This produces a score which is used to sort events by importance. Event ranking can be seen in the Events pages. Use this Asset Importance list to assign an asset importance level to this computer. To edit the numerical values associated with severity and importance levels, go to Administration > System Settings > Ranking.

  • Download Security Updates From: Use the list to select which relay group the agent on this computer will download security updates from. This field is not displayed if agent is acting as a relay.

Computer status

The Status area displays the latest available information about the computer and the protection modules in effect on it. Whether the computer is protected by an agent is displayed in the top row.

  • Status:
    • When the computer is unmanaged the status represents the state of the agent with respect to activation. The status displays either Discovered or New followed by the agent state in brackets (No Agent/Appliance, Unknown, Reactivation Required, Activation Required, or Deactivation Required).
    • When the computer is managed and no computer errors are present, the status displays Managed followed by the state of the agent in brackets (Online or Offline).
    • When the computer is managed and the agent is in the process of performing an action (for example, Integrity Scan in Progress, Upgrading Agent (Install Program Sent), and so on) the task status is displayed.
    • When there are errors on the computer (for example, Offline, Update Failed, and so on) the status displays the error. When more than one error is present, the status displays Multiple Errors and each error is listed beneath.

Protection module status

Protection modules are deployed to agents on an as-needed basis. Only core functionality is included when an agent is first installed.

The Status area provides information about the state of the Workload Security modules. The status reflects the state of a module on the agent as well as its configuration in Workload Security. A status of On indicates that the module is configured in Workload Security and is installed and operating on the agent.

A green status light is displayed for a module when it is On and working. In addition, modules that allow individual rule assignment must have at least one rule assigned before they display a green light.

  • Anti-Malware: Whether Anti-Malware protection is on or off and whether it is configured for real-time or on-demand scans.
  • Web Reputation: Whether Web Reputation is on or off.
  • Device Control: Whether Device Control is on or off.
  • Firewall: Whether the Firewall is on or off and how many rules are in effect.
  • Intrusion Prevention: Whether Intrusion Prevention is on or off and how many rules are in effect.
  • Integrity Monitoring: Whether Integrity Monitoring is on or off and how many rules are in effect.
  • Log Inspection: Whether Log Inspection is on or off and how many rules are in effect.
  • Application Control: Whether Application Control is on or off.
  • Scanner (SAP): Status of the Scanner SAP feature.
  • Online: Indicates whether Workload Security can currently communicate with the agent.
  • Last Communication: The last time Workload Security successfully communicated with the agent on this computer.
  • Check Status: This button allows you to force Workload Security to perform an immediate heartbeat operation to check the status of the agent. Check Status does not perform a security update of the agent. When manager to agent communications is set to Agent/Appliance Initiated, Check Status is disabled. Checking status does not update the logs for this computer. To update the logs for this computer, go to the Actions tab.
  • Clear Warnings/Errors: Dismisses any alerts or errors on this computer.

Actions tab

Activation

A newly-installed agent needs to be activated by Workload Security before policies, rules, requests for event logs, and so on, can be sent to it. The activation procedure includes the exchange of SSL keys which uniquely identify Workload Security and an agent to each other.

Agents can only be deactivated locally on the computer or from Workload Security. If an agent is already activated, the button in this area will read Reactivate rather than Activate. Reactivation has the same effect as activation. A reactivation will reset the agent to the state it was in after first being installed and initiate the exchange of a new set of SSL keys.

Policy

When you change the configuration of an agent on a computer using the Workload Security console (apply a new Intrusion Prevention rule, change logging settings, and so on), Workload Security has to send the new information to the agent. This is a Send Policy instruction. Policy updates usually happen immediately but you can force an update by clicking the Send Policy button.

Agent Software

This displays the version of the agent currently running on the computer. If a newer version of the agent is available for the computer's platform you can click the Upgrade Agent button to remotely upgrade the agent from the Workload Security console. You can configure Workload Security to trigger an alert if new versions of the agent software are running on any of your computers by going to the Administration > System Settings > Updates tab.

Before updating or uninstalling an agent or relay on Windows, you must disable agent self-protection. To do this, on the Workload Security console, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

Support

The Create Diagnostic Package button creates a snapshot of the state of the agent on the computer. Your support provider may request this for troubleshooting purposes.

If you have lost communication with the computer, a diagnostics package can be created locally. For more information, see Create a diagnostic package.

System Events tab

For information about events, see System events.

Exceptions tab

USB Device Exception rule count limitation

The current supported USB device exception rule count for each computer is 1000.