Protect Agent Deployment

Overview

The HYAS Protect Agent (HPA) empowers organizations to leverage the robust capabilities of HYAS Protect on their roaming devices. Functioning as a DNS Proxy, the HPA offers a straightforward, lightweight, and highly effective solution to extend the full benefits of HYAS Protect to your mobile workforce.

Prerequisites

• Supported OS

  • Windows 10+

  • macOS 13 (Ventura) +

  • Android - Limited Support: The HYAS Protect Agent for Android was developed specifically for Android VERSION 9. While forward and backward compatibility may be possible, it has not been broadly tested.

  • iOS - Limited Support: The HYAS Protect Agent for iOS was developed specifically for iOS VERSION 14. While forward and backward compatibility may be possible, it has not been broadly tested.

• Administrative rights on the device or software management system

• Internet connectivity and access to HYAS Protect DNS endpoints

• Optional: RMM/MDM tooling for bulk deployment

• DNS traffic not already intercepted or managed by another local service (e.g., another DNS client or EDR configuration)

Key Features, Benefits & Considerations

Agent Installation and Configuration Overview

Deploying the HYAS Protect Agent involves two key components: installation and configuration. Both are essential to ensure the agent operates effectively within your environment and enforces your DNS protection policies as intended.

• Installation refers to deploying the agent on supported Windows or macOS devices using manual or automated methods (e.g., direct download, terminal, MDM, RMM, GPO, etc.).

• Configuration defines how the agent should behave once installed—such as how it handles local domain resolution, determines internal vs. external network location, and enforces Safe Search or temporary disable options.

These two steps work together to deliver consistent, policy-driven protection for users across networks. The sections that follow will walk you through each in detail.

Agent Installation

Select the version of the HYAS Protect Agent you’d like to deploy from the options below:

macOS

Windows

iOS

Android

Agent Configuration

Learn how to configure your Agents here.

Agent Deployment Checklist & Verification

Use this checklist to ensure your HYAS Protect Agent deployment is complete and functioning correctly. Successful installation and configuration enable policy enforcement and visibility across both on- and off-network devices.

• Agent Installed on Endpoints
  The HYAS Protect Agent has been installed on all target Windows/macOS devices using your preferred method (manual, MDM, RMM, GPO, etc.)Agents shjowing up in Mange agent table
• Global Agent Configuration Set
  Initial HYAS Protect Agent settings have been configured in the portal (e.g., local resolution, split-horizon test, Safe Search, disable options)
• Agents Appearing in Portal
  Devices show up in the Manage Agent table under Organization Settings → Protect Agent → Manage
• DNS Logs Visible in Log View
  DNS traffic from Agent-managed devices appears in Log View, confirming that protection and visibility are active
• Enable Blocking Mode (Optional)
  By default, the HYAS Protect Agents are in Inspection Mode (non-blocking). Enable Protection Mode (blocking) if you wish for the Agent to block queries.

Configuring Policies

Now that you’ve successfully deployed HYAS Protect, your environment is already safeguarded against malicious domains—including phishing sites, malware delivery networks, and command-and-control (C2) infrastructure (among others). These threats are blocked by default using HYAS’s infrastructure intelligence and real-time decision engine.

If you'd like to customize your protection further, you can configure additional policies—such as blocking unwanted content categories, managing allow/block lists, or tailoring behavior by source network or user group. [Learn how to configure policies →]