Breadcrumbs

macOS

Overview

The EnforceDNS Agent empowers organizations to leverage the robust capabilities of EnforceDNS on their roaming devices. Functioning as a DNS Proxy, the Agent offers a straightforward, lightweight, and highly effective solution to extend the full benefits of EnforceDNS to your mobile workforce.

This page will review the Agent installation procedure for a Mac machine. We’ll give you both UI and Terminal options along with some troubleshooting steps if you get stuck along the way.

The Agent currently uses branding for HYAS Protect, including the app icon in the Menu Bar. This will be updated in a future release.

Architecture

  • The EnforceDNS Agent consists of two parts, a service and a UI (user interface).

    • Service/Backend: The service, also known as the backend, is responsible for the core functionality and logic of the Agent.

    • The UI, also known as the front end, is the part of the application that users interact with.

  • For purposes of this document, when referring to the EnforceDNS Agent, we mean the service and the UI together.

Starting the Agent UI

By default, the Agent’s UI will not launch upon install. However, the EnforceDNS service is running and protecting your machine in the background.

The EnforceDNS Agent UI provides feedback, status updates and other information related to the Agent. To start the Agent UI, perform the following steps:

  1. Navigate to Launchpad.

    1. Screenshot 2024-04-08 at 3.08.33 PM.png

  2. Search for and click on HYAS. This will start the Agent UI. (Note: a version featuring the EnforceDNS will be available in a future release)

    1. Screenshot 2024-04-08 at 3.19.57 PM.png

Checking Agent Status

When checking status, keep in mind that the Agent communicates with the EnforceDNS backend approximately every 5 minutes, so statuses may not appear immediately in the EnforceDNS Portal.

EnforceDNS Portal

Administrators may check the status of all Agents from the Manage tab in the EnforceDNS Agent section of the EnforceDNS Portal.

  1. Login to the EnforceDNS Portal, then click on Settings> Organization Settings> EnforceDNS Agent> Manage

    Screenshot 2024-08-09 at 3.01.10 PM.png

  2. From this view, the Status column provides information on the status of all the Agents.

EnforceDNS Agent UI

It is also possible to check the status of the Agent on the local machine itself.

By default, the Agent’s UI will not launch. However, the service will still be running and actively protecting your machine whether the UI is open or not.

  1. Ensure the EnforceDNS Agent UI is running.

    1. If you do not see the HYAS Screenshot 2024-08-09 at 2.48.26 PM.png in the menu bar, the Agent UI is not running. This does not mean that EnforceDNS is not protecting the machine. This only means the UI is not running.

    2. To start the Agent UI follow the instructions listed above Starting The Agent UI.

  2. With the UI running, click on the HYAS icon in the menu bar.

    1. You’ll be presented with the following window:

      1. Screenshot 2024-08-08 at 3.37.18 PM.png

    2. Green means everything has passed checks and is working properly. Red signifies that there is an issue with the status and further troubleshooting may be required.

Agent Status Definitions

Protection Active

  • This shows the overall status of the Agent.

Internet Check

  • Checks if the Agent can reach the EnforceDNS resolver directly. The Agent will do a DNS lookup that only threatER EnforceDNS can answer.

Proxy Check

  • This checks whether the DNS proxy can connect to the EnforceDNS backend. It verifies both if the service running on localhost:53 belongs to EnforceDNS and if it can communicate with threatER's backend. It performs a lookup that only EnforceDNS can respond to. Therefore, if another DNS proxy is using port 53, this check will not succeed.

OS Check

  • The EnforceDNS service asks the OS to do a DNS lookup. If the system is configured to use the Agent, the lookup will go to the DNS proxy. If this fails, some other process has reconfigured DNS and competing with the Agent for DNS resolution.

Agent Preferences

The Agent on the local machine includes configurable preferences to provide greater flexibility, visibility, and advanced troubleshooting. To access Preferences, start by navigating to the Menu Bar and right-clicking the HYAS icon.

Screenshot 2024-08-08 at 3.37.18 PM.png

Once you click on Preferences, you’ll see the three options below:

Screenshot 2024-04-08 at 3.31.41 PM.png

  • Start UI at Login

    • Enabling this will ensure that the Agent UI is started on machine login.

The Agent will still run in the background, and be protecting your machine, regardless whether the UI is running or not.

  • Notifications

    • Turning this on allows the EnforceDNS Agent to send you notifications regarding connectivity or errors that may have occurred.

  • Debug Mode

    • Toggling this on can be useful if you’re having issues with your Agent. This feature enables additional logs to be collected for Client Admin or threatER analysis.

Disabling/Enabling the Agent

Disabling

There are a few different options to “turn off” the Agent.

Disabling the UI Only

This turns the UI off but allows the Agent to still run in the background.

  1. Click on the HYAS icon in the Menu Bar to access the settings.

  2. Click Quit to turn off the Agent UI.

Screenshot 2024-08-08 at 3.37.18 PM.png


The Agent will still run in the background, and be protecting your machine, regardless of whether the UI is running or not.

Re-enabling the UI Only

  • If the HYAS icon is missing from the Menu Bar, it means the UI isn’t running.

Disabling Protection Locally

If you wish to disable the Agent completely, you must stop the service itself.

This will completely stop the EnforceDNS Agent from running and it will no longer be protecting your machine.

  1. Click on the HYAS icon in the Menu Bar.

  2. Select Disable Protection

    1. This will disable the Agent completely for a period of 5 minutes.

If you are unable to select Disable Protection, your Administrator must toggle the feature on via the EnforceDNS Agent Portal.

Re-enabling Protection Locally

The Agent will automatically restart after 5 minutes. However, if you wish to restart the Agent sooner perform the following:

  1. Navigate to the HYAS icon in the Menu Bar, click on it and select Enable Protection

Screenshot 2024-08-08 at 4.36.53 PM.png

  1. This will re-enable the Agent to begin protecting your device again.

Disabling Protection via the Agent Portal

EnforceDNS Admin privileges are required to manage agents in the Portal.

  1. Navigate to the Manage tab of the EnforceDNS Portal.

  2. Select the Agent(s) you wish to disable by selecting the check box next to the Agent(s) and selecting the Action button Screenshot 2024-08-08 at 4.48.02 PM.png at the top of the screen or by selecting the Actions icon Screenshot 2024-08-08 at 4.49.41 PM.png at the right of the page.

  3. Select Disable Agent.

    Screenshot 2024-08-08 at 4.51.00 PM.png


This will disable the Agent indefinitely. The Agent must be manually re-enabled before it can resume protecting the selected devices.

Confirming the Agent’s Running State

By default, the Agent runs in the background and automatically protects your machine upon installation. However, if you’d like to confirm that it’s running, you can do so by following one of the procedures below:

By default, the Agent’s UI will not launch, but the service will still be running and actively protecting your machine whether the UI is running or not.

If the UI is NOT running (default state)

  1. Run the Check Running State script in the Terminal.

If the UI is running

  1. Navigate to the Menu Bar at the top of the screen and you should see: Screenshot 2024-04-08 at 3.06.44 PM.png

    1. The H with the solid dot signifies that the Agent (both service and UI) is up and running.

Updating the Agent

Like all software, regular updates are crucial for fixing bugs, adding new features, and improving client experience and overall security.

threatER strongly recommends using a phased rollout approach. This involves updating a few machines at a time, testing them, and then proceeding with additional updates. This standard practice for software updates helps ensure easier troubleshooting and minimizes the risk of widespread issues.

Update via the EnforceDNS Portal

To update agents from the EnforceDNS Portal:

  1. Navigate to the EnforceDNS Portal, click on Settings> Organization Settings> EnforceDNS Agent> Manage

  2. Select the machine(s) you which to update

  3. Click on Action

    Screenshot 2024-08-09 at 3.49.01 PM.png


  4. Select Update Agent

    Screenshot 2024-08-09 at 3.49.58 PM.png


  5. Allow up to 15 minutes for the updates to complete.

Uninstalling the Agent

Uninstall via the EnforceDNS Portal

The easiest way to uninstall the Agent is through the Manage tab in the EnforceDNS Portal.

  1. Navigate to EnforceDNS> Settings> Organization Settings> EnforceDNS Agent> Manage

  2. From the Manage tab, select the machine(s) you wish to uninstall the Agent from, click on Action and select Uninstall (vx.x.x)

  3. The Agent(s) will be uninstalled from the desired machines in about 15 minutes.

Uninstall via macOS

For individual machines, you can also uninstall using macOS.

  1. Stop the EnforceDNS Agent service.

    1. Go to Disabling Protection Locally for instructions on stopping the service.

  2. Next navigate to the Finder.

    Screenshot 2024-04-08 at 4.02.34 PM.png

  3. Click on Applications.

    Screenshot 2024-04-08 at 4.02.57 PM.png

  4. Search for HYAS Protect

  5. Right-click on HYAS Protect and select Move to Trash.