HeartSuite relies on Application Permission Orders (APO) to actively prevent programs from starting without explicit permission from a HeartSuite administrator. Moreover, even if a program is provided with an APO to start execution, HeartSuite actively prevents programs from accessing files and remote computers unless and until granted additional, specific APOs by the administrator. When operated with the Lockdown feature on, it is simply impossible to evade HeartSuite protection. In contrast, existing anti-malware solutions rely heavily on digital signatures of known malware and predictions of behavior—both of which continue to be eluded by attackers today.
Once the HeartSuite Lockdown feature is activated, HeartSuite prevents any changes to the APO records and other important programs and settings. Lockdown itself cannot be deactivated directly; it can only be released by rebooting the server to an alternate kernel, which requires physical or serial port access.
The current product was built on a Debian 11 server, using an x86 chipset. Therefore, it is binary compatible with any Linux distro derived from Debian or Ubuntu running on an x86 chipset.
The product is distributed as a single tar file; you can download it from our website. Please note that access to the tar file via the wget command is disabled by our hosting provider; you must use the download link on our website.
Yes! Visit our tech support page for all the details!
No, you must add either the directories in which the files reside or the files themselves to the APO record. This task can be accomplished easily using the supplied hs-app-perm-orders-manager program.
Yes! HeartSuite does not prevent remote access, such as by SSH.
You activate Denial mode using the hs-monitor-state program. Before switching to Denial mode however, you must have successfully run the add_start_and_shutdown_programs.py script, repeatedly until you have received the message, “Congratulations, your startup and shutdown programs have been added to the APO database!”. Characteristically, the message will appear after running the program three or four times.
You activate Lockdown by using the HS_lockdown.sh script. Lockdown ends automatically the next time the server is booted. Even after lockdown ends, however, you must also run the HS_unlock.sh script if you wish to return programs and other files to a mutable state.
You can't—NO ONE CAN! You must reboot, thereby turning off Lockdown, prior to making any changes.
HeartSuite uses a separate database of directories to determine whether to back up a file that has been written. By default, the backup configuration database includes only a single directory, /home. You can remove it, as well as add additional directories, by using the hs-backup-config-manager tool. HeartSuite will automatically backup each file in these specified directories, including those within their subdirectories, whenever the contents of the file are changed by writing.
Without a license, you cannot activate either Denial Mode or Lockdown. However, Monitor mode provides you with a great amount of information about the resources accessed by programs. You can use this information to make decisions about the use of other software.
Have an unanswered question? Contact us.
