Views:

To perform approved file updates or system maintenance on endpoints, you can configure Maintenance Mode for a specified period of time. During the Maintenance Mode, the agents allows all file executions and adds all files that are created, executed, or modified to the Approved List. Besides, the agents can ensure the execution of these applications are under the protected conditions by performing malware scanning before adding new or changed files to the Approved List. You can also define the action to take after suspicious files are detected.

Important:
Before using Maintenance Mode, apply the required updates on the following supported platforms for StellarProtect (Legacy Mode) agents:

  • For Windows 2000 Service Pack 4, apply the update KB891861 from the Microsoft Update Catalog website.

  • For Windows XP SP1, upgrade to Windows XP SP2.

Note:

  • If you change the policy settings of Application Lockdown, Multi-Method Threat Prevention (StellarProtect), OT Application Safeguard (StellarProtect), or Threat Prevention (StellarProtect (Legacy Mode)) during maintenance period, the policy settings will not be implemented until the maintenance period is ended.

  • During the maintenance period, you cannot perform agent patch updates on endpoints. In addition, the StellarProtect (Legacy Mode) agent does not support Windows updates that require restarting an endpoint during the maintenance period.

  • To run an installer that deploys files to a network folder during the maintenance period, StellarProtect (Legacy Mode) must have access permission to the network.

  1. Go to Agents > All.
  2. Click the All group on the Agents screen. The Agents screen displays a list of agents managed by StellarOne.
  3. Select one or more endpoints (agents or groups) by clicking the checkboxes next to them.
  4. Click the Protection button from the Tool Bar at the top of the Agents screen.
  5. A pop-up window appears. Click the Configure Maintenace Mode option.
  6. Click Confirm.
  7. The configuration window appears. Please read the notice carefully before you check the Disable or Enable radio button.

    • Click Disable > OK to end Maintenance Mode. This will cancel the scheduled maintenance period on endpoints.

      1. A warning message appears. Please read carefully before proceeding to next step.
        Important:

        If the Maintenance Mode is ended, the endpoint will start blocking the execution of files that are not recognized by the Application Lockdown or OT Application Safeguard.

      2. Click OK to end Maintenance Mode. A pop-up window appears showing the deployment status of stopping Maintenance Mode on endpoints.

    • Click Enable to start the Maintenance Mode settings. Please go to Step 8 for next procedure.

      Important:

      To reduce risk of infection, run only applications from trusted sources on endpoints during the maintenance period.

  8. The schedule configuration window appears. Do one of the following for scheduling Maintenance Mode.
    Note:

    • Agents can start one scheduled maintenance period at a time. If you configure a new maintenance period, the system overwrites the existing maintenance schedule that has not started yet.

    • When the agent is about to leave Maintenance Mode, restarting the endpoint prevents StellarProtect (Legacy Mode) from adding files in the queue to the Approved List.

    • Click the Schedule radio button, and then click the edit icon to select the start date and specify the start time for Maintenance Mode. After that, specify the duration of the maintenance period in Maintenance Mode will be ended after.

    • Click the Start now radio button, and then specify the duration of the maintenance period in Maintenance Mode will be ended after.

  9. A Scan toggle switch is added at the bottom and is set enabled by default.
    Note:

    • If you disable scan feature in the policy settings, TXOne Networks suggests you enable the scan function here to ensure all the new or changed files go through the malware scanning before they're added to the Approved List. After the maintenance, the original policy settings (in which the scan feature is disabled) will still apply.

    • The scan toggle should not appear on the StellarOne console with StellarOEM license edition. See License Editions for more details.

  10. Select one of the actions to take if suspicious files are detected during scanning:

    • Quarantine detected files

    • Add detected files to Approved List

  11. Click OK to deploy the settings to the selected agents or groups.
  12. The Command Deployment window appears showing the deployment status. Click the Close button to close the window.
    Note:
    On the Agents screen, in the Protection column of the selected agents/groups:

    • The will appear indicating a maintenance period has been scheduled but not started yet if you select Schedule in Step 8 and deploy related settings.

    • The icon will appear indicating the agents/groups are currently in maintenance mode if you select Start now in Step 8 and deploy related settings.

Parent topic: Protection