Protect Agent Deployment

Overview

The HYAS Protect Agent (HPA) empowers organizations to leverage the robust capabilities of HYAS Protect on their roaming devices. Functioning as a DNS Proxy, the HPA offers a straightforward, lightweight, and highly effective solution to extend the full benefits of HYAS Protect to your mobile workforce.

Key Features and Benefits

• DNS Proxy Integration: The HPA seamlessly integrates with your existing DNS infrastructure, providing a transparent layer of protection for your roaming devices.

• Lightweight and Efficient: The HPA is designed to be a minimally intrusive solution, with a small footprint and efficient resource utilization, ensuring optimal performance on your roaming devices.

• Comprehensive Protection: By deploying the HPA, your roaming devices gain access to the comprehensive security features and threat intelligence provided by HYAS Protect, safeguarding your organization's data and assets.

• Simplified Management: The HPA streamlines the deployment and management of HYAS Protect, making it easier for your IT team to ensure consistent protection across your entire network, including remote and mobile users.

With the HYAS Protect Agent, your organization can extend the power of HYAS Protect to your roaming devices, providing a robust and efficient solution to enhance the security of your mobile workforce.

Platform Specific Installation Guides

• Click on one of the links below for a step by step tutorial:

  • HYAS Protect Agent - Android Installation Instructions

  • HYAS Protect Agent - iOS Installation Instructions

  • HYAS Protect Agent - macOS Installation Instructions

  • HYAS Protect Agent - Windows Installation Instructions

HYAS Protect Agent Dashboard

• To begin using the HYAS Protect Agent, navigate to the HYAS Protect UI, login, and click on the Settings (gear) icon. From there, select ‘Organization Settings' and then 'Protect Agent’ from the left side menu bar.

• Once there, you will be presented with the HYAS Protect Agent Dashboard. This dashboard allows you to Manage, Troubleshoot, Configure Settings & Install the Agent.

Manage Tab

The Manage Agent tab is comprised of:

• Trash icon

  • Delete devices that are no longer in the organization. If an agent is deleted but still synchronizing, it will show up again. You must uninstall an Agent for it to stop syncing.

• Refresh

  • To refresh the view when new agents are added, or to determine an updated Last Sync Date

• Download

  • Download the list of Agents. CSV or JSON.

• Add Filter +

  • To apply specific filters to all agents onboarded: Agent Version, Device Name, OS Type, OS Version, Status

• Action

  • Select one or more Agents to enable button.

  • Update Agent (v2.2.7+ only) - Updates the selected Agent(s) to the newest version. Current Agent must be 2.2.7 or new to be able to be updated in this method.

  • Disable Agent - Disables the selected Agent(s) indefinitely. Machine must be running v2.2.5 or later.

  • Disable Agent for 15m (v2.2.11+) - Disables the selected agents for 15 minutes. Agent will automatically become re-enabled once the 15 minute timeframe has concluded. Machine must be running v2.2.11 or later.

  • Enable Agent - Enables the selected Agent(s). Machine must be running v2.2.5 or later.

  • Restart Agent - Restarts the selected Agents(s). Machine must be running v2.2.5 or later.

  • Run Diagnostics - Retrieves troubleshooting logs from the selected Agents. Shown under the Troubleshoot Tab. Machine must be running v2.2.5 or later.

  • Uninstall (v2.2.6+) - Uninstalls the Agent directly from the Central Agent Management console. Agent to be uninstalled must be 2.2.6 or later to be uninstalled using this method.

• Search Data Table

  • To perform a case-insensitive substring search on any columns within the current data displayed (50-300 agents)

Agent List Table

The columns available within the table are:

• Checkbox - To select one or more devices to manage

• Status

  • Installed, Enabled, Active - Agent installed and working properly

  • Installed, Enabled, No status <48h - Agent hasn’t checked in with the backend for less than 48hrs

  • Installed, Enabled, No Status >48h - Agent hasn’t checked in with the backend for more than 48hrs

  • Installed, Enabled, Inactive due to problem - Agent is installed and enabled but experiencing a communication issue

  • Installed, Disabled/Bypassed - Agent has been disabled/bypassed by the Administrator

  • Uninstalled

  • Icons in order:

  • 

• Device Name

• Client IP

• Identity - The user logged into the device. Mac and Windows only. Machine must be running agent v2.2.5 or later.

• Last Sync Date

• OS Type

• OS Version

• Agent Version

• Last Action - Last action taken on an Agent

• Pending Actions - Action initiated but not yet executed

• Actions - Can be used when performing an Action on a single Agent.

  • To create Actions on Multiple Agents at once, use the Action button from the menu bar.

Troubleshoot Tab

The Troubleshoot tab displays specific logs retrieved from Agents that you've chosen to diagnose. To initiate diagnostics on an Agent or a group of Agents, go to the Manage tab, choose the Agent(s) you want to diagnose, and then select "Action" followed by "Run Diagnostics."

Troubleshooting logs will include but are not limited to the following information:

• Machine Details: Hardware, OS, release information

• Check Installation: Installation details around the HPA

• Active Network Interfaces

• DNS Lookup through OS

• DNS lookup direct

• Last 500 lines of the log file

• Last 500 lines of the querylog file

• Kernel extensions

• Network Services

• Firewall Rules

Sample Troubleshooting Log:

Settings Tab

The settings tab offers a variety of tools to help you manage your HYAS Protect Agent, including options to configure local domains and resolvers, as well as control whether employees are allowed to temporarily disable the Agent.

Local Domains

The Local Domains feature provides a streamlined approach to managing your local/internal domains effectively. These domains, utilized within a private network, are exclusive to an organization and are not publicly accessible on the internet. Internal DNS servers resolve these domain names, facilitating access to organization-specific resources and services within the intranet. With Local Domains, you can specify the domains for internal resolution, configure DNS resolvers for the Local Domains list, and ascertain the connectivity of a device to the local network.

To Configure Local Domains:

• Navigate to the settings icon in the top left of HYAS Protect.

  

• Then select Protect Agent.

  

• Next, select Settings.

• Finally, enter your Local Domains in the first box. Configuring Local Domains will let the HYAS Protect Agent know when it should resolve domains locally instead of sending them for external resolution.

Local Resolvers

• Next, enter the IP address(es) for the resolver(s) that should be queried when reaching out to the previously configured Local Domains. Doing this will ensure that the Local Domains are sent to your internal DNS resolvers for resolution instead of externally where they may not be resolved.

Split-Horizon DNS: Local Network Test

• Finally, Local Network Test can be configured if utilizing a Split-Horizon DNS. Split-Horizon DNS or Split-Brain DNS is a configuration where a DNS server provides different sets of DNS information based on the location or characteristics of the querying system. In a Split-Horizon setup, the DNS server resolves the same domain name to different IP addresses depending on whether the request originates from within the internal network (intranet) or from the external internet.

• Test Query: Choose a query with an A record that internal/local resolvers can return.

• Test Value: Specify the expected return value from the internal resolvers (IP).

• Procedure:

  • The agent will perform an A record lookup for test.local.hyas.com.

  • Queries will be sent to the specified internal resolvers at IP addresses 192.168.1.1 and 192.168.1.2.

  • If any of these resolvers returns the expected value (192.168.1.72), the agent concludes that the device is on the local network.

• Outcome:

  • All subsequent lookups for *.local.hyas.com will be directed to the identified local resolvers.

    

Allowing Temporary Agent Disable

Administrators can decide whether to allow end users to temporarily disable the HYAS Protect Agent for 5 minutes. By default, this feature is turned off. If enabled, users can disable the Agent on their local device for up to 5 minutes. This functionality is available on Agent v2.2.7 or later.

Safe Search

HYAS Protect enables the enforcement of Safe Search functionality for Google, YouTube, Bing, and DuckDuckGo. Safe Search filters out explicit content from search results, ensuring that inappropriate material is not displayed, making it especially valuable for protecting younger users. This feature is available only when using Agent v2.2.8 or later.

Disable Agent on Local Network

HYAS Protect administrators can configure agents to automatically disable themselves when connected to a trusted local network. When disabled, the agent ceases protection, allowing the machine to utilize the local or internal DNS infrastructure for DNS resolution. This full disablement ensures seamless integration with internal network resources while prioritizing flexibility.

For this capability to work, one must enable Disable Agent on Local Network and properly configure the Local Network Test so that the agent knows when it is connected to a local network.

Install Tab

• All of our agents can be downloaded from this portion of the settings page. Copy your Install Key and then select the version of the Agent you wish to deploy.

• Then, follow the prompts to complete the installation.