Understanding self-protection on agents and performing maintenance operations

SES Evolution agents are equipped with a self-protection mechanism implemented by a set of rules that are transparent for administrators and users. With these rules, you can:

  • guarantee that the security policies applied by administrators do not hinder the proper operation of agents (but does not prevent policies from hindering the operation of workstations when there are wrongly configured rules),

  • protect agents from external attacks or malicious users who may attempt to disable or uninstall the agents.

However, to perform maintenance operations on agents in a group, they must first be switched to Maintenance mode to disable the self-protection system. To do so, you must allow Maintenance mode to be used in the group’s configuration.

Administration privileges are required to enable Maintenance mode.

All maintenance operations performed will be logged while Maintenance mode is enabled.

The agent’s automatic updates will also be suspended when Maintenance mode is enabled. They will be applied automatically when Maintenance mode ends. You can also apply forced updates. For more information, see the section Updating agents.

When Maintenance mode is enabled, the agent continues to protect the workstation because the security policy stays enabled. However, this mode must be used with caution and by trustworthy users.

  1. In an agent group’s Software tab, go to the Maintenance section.
  2. Enable the parameter Allow Maintenance mode.
  3. Deploy the configuration in the environment to apply the new configuration.

The user must enable Maintenance mode in the agent's interface, in the advanced settings of the Preferences tab . For further information, refer to the section Configuring preferences on the agent.

When maintenance operations are completed, remember to end Maintenance mode by clicking on Disable in the agent’s interface to restore self-protection and security. The integrity of the agent's resources will then be checked. If anomalies are detected, the agent will launch repairs. The user may then be asked to restart the workstation.

You can also enable and disable Maintenance mode via a script, by launching EsGui ([...]\Stormshield\SES Evolution\Agent\Bin\Gui) with the command line options /EnterMaintenanceMode and /LeaveMaintenanceMode.

Administration privileges are not required to disable Maintenance mode.

You can also enable Maintenance mode individually on the workstation concerned using challenges. Administration privileges are not required. For further information, refer to the section Resolving issues with challenges.