This article lists down the questions that customers may ask about the Threat Management Service.
The TMSP daily report will not list all the TDA detections. It will correlate the TDA detection and will try to find whether or not there is an endpoint infected. TMSP will look into the endpoint that needs action from users.
TMSP will display external detections only if these are High Profile Malware attacks blocked by OCS. Otherwise, TMSP will neglect these external detections.
The worm detections will be included in the report only when they attack internally or when internal endpoints are being infected and users need to take action on the infection source. For external attacks, users cannot do anything on the infection source since the machine is outside their network.
TDA has a watchdog mechanism with the following functions:
- TDA boots up and sets IPMI watchdog timer to a fixed value (20 seconds)
- TDA pings watchdog periodically to refresh the timer (a kernel thread does this every 3 seconds)
- If TDA dies (or is unable to ping watchdog), the watchdog timer will reboot the system when it times out.
Therefore, if the CPU hangs or crashes, such that the daemon to ping (refresh) IPMI watchdog timer does work, the TDA device will reboot. In cases where TDA is overloading, but the CPU does not hang, the watchdog will not take effect.
This depends on the network being monitored by the device, but in some cases, it is normal. TDA can still work properly and it can still generate logs when there is high CPU usage.
Yes, TDA can still work normally even if overloading traffic session is encountered.
TMTM 2.5 can manage up to 5000 clients, which is less than the 10000 endpoints that the previous version, TMTM 2.0, can manage. The value is based on the fact that version 2.0 is an inline solution.
The reason why TMTM 2.5 can manage fewer clients is because the target of performance is different in version 2.5. In 2.0, the test target of performance is DHCP proxy while in 2.5, the target is current connection between the TMAgent and TMTM.