This article explains how to install Cato's Endpoint Protection (EPP) solution on your endpoints
Note
Note: This is an Early Availability (EA) feature that is only available for limited release. For more information, contact your Cato Networks representative or send an email to ea@catonetworks.com.
Cato's EPP solution is installed on your endpoints to protect them from attack. The solution is associated to your account using a unique token and can be distributed to endpoints using a Managed Deployment Solution, or manually. The EPP solution is Cato's software that runs the EPP engines to identify malicious files or processes. It is independent of the Cato Client and does not connect to any Cato PoPs. A unique Token that is used during the installation of the EPP Agent to associate it to your account.
Cato automatically upgrades the EPP solution when a new version is available.
Before the EPP solution is installed on an endpoint, ensure they meet that the following requirements:
-
The endpoint runs on Windows version 10 or higher
- The endpoint has x86-64 architecture
-
Your account has an endpoint protection license
-
You know your account's Agent Token. Endpoints are only protected if the EPP solution is registered to an account with the Account Token. For more information, see Associating EPP to your Account.
-
No other anti-virus solution is running on the endpoint
-
The endpoint can access these domains:
-
https://ep-registration.catonetworks.com
-
https://epp.catonetworks.com
-
https://cc2.catonetworks.com
-
https://socketlogs.catonet.works
-
https://client-telemetry.main.prod.k8s.catonet.works
-
To distribute the Cato's EPP solution to endpoints in your environment, Cato supports using a Mobile Device Management system. Cato's EPP Agent can also be manually installed.
The Agent Token is a unique token for your account that is used during the installation process. The Agent Token associates the EPP Agent to your account.
To show the Agent Token:
-
From the navigation menu, click Security > Endpoint Protection.
-
Click the Setting tab.
The Agent Token is displayed
Note
Note: You can refresh your Agent Token by clicking the refresh button. After the token is refreshed there is no impact on endpoints that are already associated to your account. To associate new endpoints to your account, use the updated Agent Token.
You can download the EPP Client to distribute or install it on the endpoints in your environment. An EXE and MSI version are available for download.
Note
Note: The EEP solution is only available to download if you have an EPP license.
During the Early Availability phase or EPP, to request a license send an email to ea@catonetworks.com.
To install EPP remotely, you can use a managed solution, for example Microsoft Intune, to deploy the EPP solution to endpoints in your environment.
After registering Endpoints with your Agent Token, the solution starts reporting data, for example:
-
The version used on each endpoint
-
The profile applied to each endpoint
To review protected endpoints:
-
From the navigation menu, click Monitoring > Protected Endpoints.
The Protected Endpoints screen opens.
The following table is an explanation of the columns in the Protected Endpoints table.
|
Column |
Explanation |
|---|---|
|
Endpoint ID |
Unique ID of the EEP agent. |
|
Endpoint Name |
Computer name of the endpoint. |
|
Owner User |
Administrator account of the endpoint. |
|
Logged-On User |
Last user to log into the endpoint. |
|
IP |
IP address of the endpoint. |
|
OS Version |
Endpoint operating system. |
|
EPP Version |
Version of the EPP solution installed on the Endpoint. |
|
Profile |
EPP profile assigned to the Endpoint. The clock symbol displayed in this column means the Endpoint has not yet received the EPP profile. The EPP profile is assigned the next time the endpoint is online. |
|
Quarantine Files |
Number of quarantined files on the endpoint. |
|
Status |
Status of the EPP solution. The possible statuses are:
|
Cato's EPP has Anti-Tampering protection enabled by default. This protects the processes, files, services and registries used by the EPP solution from malicious modifications or kill attempts. This also protects against unintentional enduser actions that might compromise security.
You can temporally unlock the Anti-Tamping protection for 15 minutes, for example if you need to uninstall solution. After this time, or if the endpoint is is rebooted, Anti-Tampering protecting is reenabled.
Errors may occur when installing EPP. Error messages are displayed in the Protected Endpoints table, under the Status column. If there is an error, the endpoint is not protected.
These are the error messages that could be displayed and how to resolve them:
-
Drivers are not installed correctly / Internal engine error: These errors mean that the solution has not been installed correctly and is unable to run the EPP engine(s). To resolve this issue, uninstall and reinstall the EPP Agent.
-
Error in module(s): atc/onaccess/selfprotect: There is an issue with the EPP engine(s). To resolve this issue, contact Support.
The EPP solution is located in the Windows system tray and creates alerts for blocked activities according to the Protection level set in the Profile.
Endusers can use the Agent to confirm that the endpoint is protected and to display basic Statistics and Settings. For example the Profile and the engines that are running,
Anti-Malware and Behavioral Protection scans use minimal resources and are invisible to the enduser.
If malicious activity is identified on an endpoint a system alert is displayed to the enduser. The alert displays the path of the malicious file and the file status. This information is also visible in Windows notifications.
Access to the file is determined by the Protection level set in the Profile.
Note
To receive system alerts, the EEP solution must be open and Windows notifications enabled on the endpoint.
Deleting Endpoint Protection
You can uninstall the EPP solution from your endpoints. After the solution is uninstalled, the EPP engines cannot scan for malicious activity and no Events are reported.
To uninstall Endpoint protection:
-
From the navigation menu, click Monitoring > Protected Endpoints.
The Protected Endpoints screen is displayed.
-
Click the three dots (
) on the endpoint that you are uninstalling EPP from.
-
Click Unlock Anti-Tamper.
- Within 15 minutes, click again on the three dots (
- Click Delete Endpoint.
Comments
0 comments
Please sign in to leave a comment.