Light Agent functional components

Each type of threats is handled by a separate Light Agent functional component. You can enable, disable and configure the functional components independently of each other.

The following Light Agent functional components are considered to be protection components:

• File Anti-Virus prevents infection of the file system of the protected virtual machine’s operating system. The component starts together with the application, continuously remains active in computer memory, and scans all files that are opened, saved, or started in the operating system of the protected virtual machine. File Anti-Virus intercepts every attempt to access a file and scans the file for viruses and other malicious programs.
• Mail Anti-Virus scans incoming and outgoing email messages for viruses and other malware.
• Web Anti-Virus scans inbound and outbound web traffic of a protected virtual machine, and checks web addresses against the databases of malicious and phishing web addresses.
• Firewall protects personal data that is stored in the operating system of the protected virtual machine and blocks all possible threats to the operating system while the protected virtual machine is connected to the Internet or to a local area network. Firewall filters all network activity according to two types of rules: network rules for applications and network packet rules.
• Network Attack Blocker scans inbound network traffic for activity that is typical of network attacks. When the application detects an attempted network attack that targets the protected virtual machine, it blocks network activity originating from the attacking device.
• System Watcher receives information about application activity in the operating system of the protected virtual machine and provides this information to other components for more effective protection. The System Watcher can also protect shared folders against external encryption by monitoring operations performed from a remote device.
• AMSI Protection allows Microsoft Office applications and other third-party programs to send requests for scanning objects for viruses and other threats using Windows Antimalware Scan Interface (AMSI).

The following Light Agent functional components are considered to be control components:

• Application Startup Control keeps track of user attempts to start applications and regulates the startup of applications.
• Application Privilege Control logs the activity of applications in the operating system of the protected virtual machine, and regulates application activity depending on the group to which the application was assigned by Application Privilege Control. A set of rules is specified for each group of applications. These rules regulate applications’ access to personal data and operating system resources. Personal user data includes user files (the My Documents folder, cookies, user activity information) and files, folders, and registry keys that contain operation settings and important data for the most frequently used applications.
• Device Control lets you set flexible restrictions on access to devices that are sources of information (for example, hard drives, removable drives, CD/DVD discs), tools for transferring information (for example, modems) or for converting information to hard copy (for example, printers), or interfaces used by devices to connect to the protected virtual machine (for example, USB or Bluetooth).
• Web Control lets you set flexible restrictions on access to web resources for different user groups.
• System Integrity Monitoring can track changes in the protected virtual machine’s operating system.

The operation of control components is based on the following rules:

• Application Startup Control uses Application Startup Control rules.
• Application Privilege Control uses Application Control rules.
• Device Control uses device access rules and connection bus access rules.
• Web Control uses web resource access rules.
• System Integrity Monitoring uses System Integrity Monitoring rules.

The set of Light Agent functional components that you can use on a virtual machine depends on the guest operating system of the virtual machine.

• On a virtual machine with a Microsoft Windows desktop operating system, you can install the following functional components:
  • All protection components
  • Control components, except for System Integrity Monitoring

  Installation and operation of the AMSI Protection functional component is not supported on virtual machines with guest OS version lower than Windows 10.

• On a virtual machine with a Microsoft Windows server operating system, you can install the following functional components:
  • protection components:
    • File Anti-Virus
    • Mail Anti-Virus
    • Firewall
    • Network Attack Blocker
    • System Watcher
    • AMSI Protection
  • control components:
    • Application Startup Control
    • System Integrity Monitoring

  Installation and operation of the AMSI Protection functional component is not supported on virtual machines with guest OS version lower than Windows Server 2016.

  The System Integrity Monitoring functional component operates only on the virtual machines that have NTFS or FAT32 file system.

• You can install only the File Anti-Virus protection component on a virtual machine with a Linux operating system.