Configuring the Agent's Settings

Automatically allow all known DLLs

Automatically allows DLL modules that are commonly loaded by the network application. Disabling this feature will cause the engine to prompt for permission on all new DLLs that are loaded, and may cause very frequent prompting when using a complex network application, such as an Internet browser. By default, this option is enabled in the Agent.

Enable anti-MAC spoofing

Allows incoming and outgoing ARP traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. By default, this option is enabled on the Agent.

Some hackers use MAC spoofing to attempt to hijack a communication session between two computers in order to hack one of the machines. MAC (media access control) addresses are hardware addresses that identify computers, devices, servers, routers, etc. When Computer A wants to communicate with Computer B, it may send an ARP (Address Resolution Protocol) packet to the computer.

Enable anti-IP spoofing

IP spoofing is a process used by hackers to hijack a communication session between two computers, which we will call Computers A and B. A hacker can send a data packet that causes Computer A to drop the communication. Then, pretending to be Computer A, the hacker can communicate with Computer B, thus hijacking a communication session and attempting to attack Computer B.

Anti-IP spoofing foils most IP spoofing attempts by randomizing the sequence numbers of each communication packet, preventing a hacker from anticipating a packet and intercepting it. It is recommended that you enable this option along with Enable OS fingerprint masquerading. By default, this option is enabled on the Agent.

Enable OS fingerprint masquerading

Keeps programs from detecting the operating system of a device running the Agent software. When OS Fingerprint Masquerading is enabled, the Agent modifies TCP/IP packets so it is not possible to determine its operating system. It is recommended that you enable this option along with Enable anti-IP spoofing, discussed previously. By default, this option is enabled on the Agent.

NetBIOS protection

Blocks all communication from computers located outside the Agent’s local subnet range. NetBIOS traffic is blocked on UDP ports 88, 137, and 138 and TCP ports 135, 139, 445, and 1026. Be aware that this can cause a problem with Outlook if connecting to an Exchange server that is on a different subnet. If that occurs, you should create an advanced

45