The connection between all components is protected by TLS certificates and „Certificate Pinning” certificate pinning. If this connection is broken by network components, e.g. a proxy, the remote peer will reject the connection and return an error.
In order for you to configure your firewall correctly, we have created an overview of the required ports and destinations here.
Please make sure that:
Of course this is possible, but we recommend to use the client management. A manual installation can be done by running cmd.exe as administrator. All necessary parameters for the installation via cmd.exe can be obtained by double-clicking on the Agent Setup (autosetup.exe) - don't worry, the setup will not be started by this.
Please note:
1. The “client.pem” and the “autosetup.exe” (Agent Setup program) must be located in the same folder.
2. The installation must be performed as administrator. You can do this by running cmd.exe as an administrator.
Windows basically distinguishes between two versions:
The agent can only be installed using the second option.
You receive the following message when installing or updating a seculution agent:
“Install failed: something was denied (server not in learning mode?)”
The reason for this message is that the agent checks all currently running programs for clearance on the whitelist during setup. If one of the programs is not allowed, the setup routine of the agent is terminated intentionally. This is because it cannot be guaranteed that the program that is currently running on the computer but is not in the whitelist may be needed when booting the computer!
There are two possible solutions:
1. you switch on the learning mode for the affected PC and the denied programs can be added to the whitelist. We then recommend that you check the newly learned hashes with the seculution TrustLevel database (TLDB)!
2. You have intentionally restricted the use of programs that are denied on the affected PC in your whitelist. In the logs, check which programs are denied and also allow these programs for the computer on which the installation of the agent failed.
If you intentionally deny certain programs and still want to force the installation of the agent on a computer with unauthorised software, navigate to the client configuration in the AdminWizard and select “Installation” (next to “Behavior”). Here set the slider to “Off”. The agent will be installed on the PC even if software is running on the computer that is not approved.
Note that the software is blocked after the computer is rebooted.
Can you start the program anyway? Then the hash is already on your whitelist.
Can you not start the program? Then the hash may be on your whitelist, but there is a restriction that only allows certain users or computers to use it.
Basically, all programs on the whitelist are uniquely identifiable by the resulting hash. If a hash is already on the whitelist, it will not be added again by an import.
To change the IP of your server, open the virtual machine console and restart the server (restart possible from the console or AdminWizard > Server Appliance > Restart). After the startup sequence, you have 10 seconds to press "Enter" and then adjust all IP configurations of your server as desired.
Important: All agents already deployed at this time will not be able to connect to the server and will switch to offline mode! Operation will of course still be guaranteed.
Note: The server IP is communicated to the agent during the installation by the client management or cmd.exe and is stored in the registry on each host.
If you are a seculution customer, you can expand and refresh your knowledge of application whitelisting with seculution in various training courses at any time.
Any idea, no matter how good it may be, is useless if it is not shared with us. We constantly improve our product with feedback from everyday use. Soon with your ideas, too?
Installation, initial configuration and operation
More FAQs from our manual.
AdminWizard # Agent # Server
You are about to have a joint PC session with a seculution support representative.
Note: By starting the TeamViewer software you accept the disclaimer when using TeamViewer.
The seculution GmbH does not assume any warranty for the programs installed on your computer or their protective devices. The customer is solely responsible for his data security; regular backups and an up-to-date virus protection program are assumed by us.
The seculution GmbH accepts no liability for malfunctions not caused by seculution GmbH, even if they are in close proximity to the support provided.
With the download you confirm the acceptance of the agreement for online support and start the download of the TeamViewer QuickSupport software.