Administrator Guide

Disconnected Mode

Disconnected mode allows a Dell Server to manage Advanced Threat Prevention endpoints without client connection to the

Internet or external network. Disconnected mode also allows the Dell Server to manage clients without Internet connection or a

provisioned and hosted Advanced Threat Prevention service. The Dell Server captures all event and threat data in Disconnected

mode.

To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the Remote Management

Console and select About. The About screen indicates that a Dell Server is in Disconnected mode, below the Dell Server version.

Disconnected mode is different than a standard connected installation of Dell Server in the following ways.

Client Activation

An install token is generated when the administrator uploads an Advanced Threat Prevention license, which allows the Advanced

Threat Prevention client to activate.

Management Console

The following items are

not available in the Management Console when Dell Server is running in Disconnected mode:

● The following areas specific to Advanced Threat Prevention: Advanced Threats by Priority, (Advanced Threat) Events by

Classification, Advanced Threats Top Ten, and Advanced Threat Prevention Events.

● Enterprise > Advanced Threats tab, which provides a dynamic display of detailed events information for the entire

enterprise, including a list of the devices on which events occurred and any actions taken on those devices for those events.

● (Left navigation pane) Services Management, which allows enabling of the Advanced Threat Prevention service and product

notifications enrollment.

The following item

is available to the Management Console to support Disconnected mode:

● Enterprise > Advanced Threat Events tab, which lists events information for the entire enterprise based on information

available in the Dell Server, even when running in Disconnected Mode.

Functionality

The following functionality is not available in the Management Console when Dell Server is running in Disconnected mode:

● Security Management Server upgrade, update, and migration

● Security Management Server Virtual auto update - update must be done manually

● Cloud profile update

● Advanced Threat Prevention auto update

● Upload of Unsafe or Abnormal Executable files for Advanced Threat Prevention analysis

● Advanced Threat Prevention file upload and log file upload

The following functionality differs:

● The Dell Server sends the Global Safe List, Quarantine List, and Safe List to agents.

● The Global Safe List is imported to the Dell Server through the Global Allow policy.

● The Quarantine List is imported to the Dell Server through the Quarantine List policy.

● The Safe List is imported to the Dell Server through the Safe List policy.

These policies are available only in Disconnected mode. For more information about these policies, see AdminHelp available in

the Remote Management Console.

For more information about Disconnected mode, see "Disconnected Mode" in AdminHelp, available in the Management Console.

Identify and Manage Threats in Disconnected Mode

To manage threats in Disconnected, mode, you must first set the following Advanced Threat Prevention policies as applicable

for your organization:

● Global Allow

● Quarantine List

Disconnected Mode 19