HP Sygate Security Agent User Guide
Automatically block attacker’s IP address for... second(s)
Blocks all communication from a source host once an attack has been detected. For instance, if the Agent detects a DoS attack originating from a certain IP address, the Agent will block any and all traffic from that IP for the duration specified in the seconds field. By default, this option is enabled in the Agent.
Block all traffic while the service is not loaded
Prevents any traffic from entering or leaving your device during the seconds between the time that your machine turns on and the Agent is launched. This time frame is a small security hole that can allow unauthorized communication. Enabling this feature prevents possible Trojan horses or other unauthorized applications from communicating with other computers or devices. This also takes effect if the Agent crashes or if the Agent is shut down. By default, this option is enabled in the Agent.
Allow initial traffic
Enables initial traffic, needed for basic network connectivity, to take place. This includes initial DHCP and NetBIOS traffic so that the Agent can obtain an IP address, for example. By default, this option is enabled in the Agent.
Enable DLL authentication
Allows the Agent to determine which DLLs are used by which trusted applications and to store that information. The Agent then blocks applications that are using DLLs that are not associated with a trusted application or DLLs that are associated with a trusted application and that have changed. Note that this may take place if you download a patch to an application that modifies that application’s DLL, in which case you are prompted to approve or reject using this changed DLL.
A DLL (dynamic link library) is list of functions or data used by Windows applications. Most, if not all, Windows applications use DLLs to run, and each application uses specific DLLs. Often, several applications will access the same DLL. However, some hackers try to disguise malicious code or applications as DLLs, and use them to hack computers. Most DLLs have a file extension of .dll, .exe, .drv, or .fon.
Because this option can interfere with the functioning of Windows applications, it is recommended that only users who have a firm understanding of Windows and DLLs enable this feature. By default, this option is disabled in the Agent.
Reset all fingerprints for all applications
Clears the Agent’s memory of all application fingerprints. The result is that each time you use an application that uses the network, you are prompted through a
44