We have an API call checking if the data changed and if so, the agent will communicate back to the dashboard and the dashboard data will be refreshed only if something changed in regards to the last call/ check. We do this call every hour for the following data sets:
- Virus definitions
- "Last seen" info
- IP info
- DNS info
- Enabled modules (I computed on the backend when a GP is applied)
- Memory usage, disk usage, CPU usage. The displayed value represents the arithmetic mean of the last 24 hours.
- Windows version, build version, and last reboot info
At this point, we check if the device is up and running every one hour and we set the ‘Last seen’ timestamp and its IP.
Also, we check and log the ‘CPU Usage’, ‘Memory Usage’, ‘Disk Usage’, ‘Antivirus Info’, and ‘DNS Info’ each hour. For the rest, we check and log that information every 12 hours, or at each system bootup.
Notifications and Warnings
When you access the HEIMDAL Dashboard - Active Clients view - you may find that some computers have an orange exclamation mark icon in the Status column, like the one below, informing that actions need to be taken to have a fully protected environment.
Here is the list of possible warnings and their meaning:
- Could not detect a functional firewall on this device. It is recommended to install one.
The message is displayed when Heimdal™ Next-Gen Antivirus, Firewall & MDM checked the computer for a firewall solution, including Windows Firewall, and was unable to find and activate it.
- Could not detect a functional antivirus on this device. It is recommended to install one.
This notification informs the customer that HEIMDAL™ Next-Gen Antivirus, Firewall & MDM nor other anti-virus is running on the computer. It also includes the case when Windows Defender is turned OFF. If you do not have the HEIMDAL™ Next-Gen Antivirus, Firewall & MDM in your subscription please get in touch with your Account Manager or contact us by accessing this page: HEIMDAL™ Next-Gen Endpoint Antivirus.
In case you purchased our anti-virus and it is not enabled on that computer you can activate it from the Group Policy (for more information access this article: Dashboard Features: Group Policy Overview) or get in touch with our Support Team at firstname.lastname@example.org for assistance.
- Action required: for Heimdal™ Next-Gen Antivirus, Firewall & MDM to work, please uninstall the following antivirus product(s): ...
The warning is informing the customer that there is another anti-virus installed on the machine and they are in conflict. HEIMDAL™ Next-Gen Antivirus, Firewall & MDM offers complete protection and it is recommended to have only one anti-virus installed. When it comes to Windows Defender, our product will automatically disable it and take over to offer a true next-gen security solution.
- DarkLayerGuard was disabled by the uptime checker.
This notification has 2 possible reasons why it is being shown. The first one is that the DarkLayer Guard is not enabled in Group Policy and the local agent tries to start the services but without success. The second reason is due to the fact that incompatibilities have been detected between HEIMDAL™ and another security application that is running on the computer.
- Please restart your computer to finish the installation.
This message is displayed when the HEIMDAL™ Next-Gen Antivirus, Firewall & MDM anti-virus was activated and a restart of the machine is required for the installation to complete.
- DLL hijacking detected and stopped (...).
As they start, applications or services, are looking for DLL (Dynamic Link Libraries) files in order to function correctly. When these DLLs are not found or they are implemented insecurely it is possible for the application to be forced in loading and executing malicious Dynamic Link Libraries. For this kind of situation, HEIMDAL Security will detect and block any changes made in the locations where DLLs are stored.
- The machine needs a reboot to complete the Microsoft Update.
Whenever a Windows update that requires a restart is installed the notification above is being displayed until the computer is rebooted and communicates with our servers.
- A reboot is in progress on this machine to install one or more Microsoft Updates.
When at least one Windows update with the status "Reboot Required" has been installed and the system was shut down afterward the above message will be displayed if the client does not return actively within 7 days. Also, emails that inform about machines that have not come back online will be sent to the responsible person of the customer by activating Windows Updates Alert in the Account section of the Dashboard.
- There was an error when fetching available Windows Updates. HRESULT: 0x80072EFD.
HRESULT: 0x80072EFD. - ERROR_INTERNET_CANNOT_CONNECT- A connection with the server could not be established.
- An update has started!
This notification is informing that an update for the Thor agent has started on the respective computer and the application is being downloaded and installed.
- An update has finished!
The message informs that the HEIMDAL Agent has been updated on the machine.
- Could not update antivirus definition files.
The message informs that the Antivirus definition files failed to update on the machine and usually appear if the machine didn't perform a reboot for a long time and the definition files are outdated.
These are files that provide information and tell the scanner what to look for to spot viruses in infected files.
To resolve this, a reboot of the machine is needed to be performed.
In order to have a better overview of the computers, track their usage, and plan upgrades to meet the needs of the employees, the below information will be displayed for each device. These details are also important to be checked when there are suspicions about an infection, which in some cases consume computer resources. If the icons are orange, we advise that you examine if the behavior is normal on the computer.
- The processor is running at ... %
The icon will be orange if the CPU is above 50%.
- The memory is running at ... %
The icon will be orange if the memory is above 60%.
- The disk is running at ... %
The icon will be orange if the disk capacity is over 90%.