Support

Support FAQs

Why can't the seculution components establish a connection to each other?

The connection between all components is protected by TLS certificates and "Certificate Pinning”. If this connection is broken by network components, e.g. a proxy, the remote peer will reject the connection and return an error.

In order for you to configure your firewall correctly, we have created an overview of the required ports and destinations here.

The agent is not deployed using client management. What are possible causes?

Please make sure that:

  • No hashes are denied when installing the agent on the server (see also “Why does an error message appear when installing the agent?”)
  • The share is accessible with the Agent Setup for all PCs (security settings: read and execute for each)
  • The GPO refers to the correct UNC path
  • Batch processing cannot be prevented by another GPO
  • The user "System" is not restricted in his authorisations
  • A network connection is present at the time of application of the GPO (system boot)

Can I install the agent manually?

Of course this is possible, but we recommend to use the client management. A manual installation can be done by running cmd.exe as administrator. All necessary parameters for the installation via cmd.exe can be obtained by double-clicking on the Agent Setup (autosetup.exe) - don't worry, the setup will not be started by this.

Please note:

  1. The “client.pem” and the “autosetup.exe” (Agent Setup program) must be located in the same folder.
  2. The installation must be performed as administrator. You can do this by running cmd.exe as an administrator. Windows basically distinguishes between two versions:
  • Double-click = execution as currently logged on user
  • Right click > Run as administrator = explicitly run with the highest permissions available

The agent can only be installed using the second option.

Why does an error message appear when installing the agent?

You receive the following message when installing or updating a Seculution agent:

“Install failed: something was denied (server not in learning mode?)”

The reason for this message is that the agent checks all currently running programs for clearance on the whitelist during setup. If one of the programs is not allowed, the setup routine of the agent is terminated intentionally. This is because it cannot be guaranteed that the program that is currently running on the computer but is not in the whitelist may be needed when booting the computer!

There are two possible solutions:

  1. You switch on the learning mode for the affected PC and the denied programs can be added to the whitelist. We then recommend that you check the newly learned hashes with the seculution TrustLevel database (TLDB)!
  2. You have intentionally restricted the use of programs that are denied on the affected PC in your whitelist. In the logs, check which programs are denied and also allow these programs for the computer on which the installation of the agent failed.

If you intentionally deny certain programs and still want to force the installation of the agent on a computer with unauthorised software, navigate to the client configuration in the AdminWizard and select “Installation” (next to “Behaviour”). Here set the slider to “Off”. The agent will be installed on the PC even if software is running on the computer that is not approved.

Note that the software is blocked after the computer is rebooted.

Why is the hash of a program I want to unlock not added to the whitelist?

Can you start the program anyway? Then the hash is already on your whitelist.

Can you not start the program? Then the hash may be on your whitelist, but there is a restriction that only allows certain users or computers to use it.

Can I change the IP of my Seculution server?

To change the IP of your server, open the virtual machine console and restart the server (restart possible from the console or AdminWizard > Server Appliance > Restart). After the startup sequence, you have 10 seconds to press "Enter" and then adjust all IP configurations of your server as desired.

Important: All agents already deployed at this time will not be able to connect to the server and will switch to offline mode! Operation will of course still be guaranteed.

Note: The server IP is communicated to the agent during the installation by the client management or cmd.exe and is stored in the registry on each host.

Basically, all programs on the whitelist are uniquely identifiable by the resulting hash. If a hash is already on the whitelist, it will not be added again by an import.

Support

Email: support@atcyber.co.uk

Phone:  01625 409141