User mode solution

User mode provides event generation and basic functions for Activity Monitoring and Anti-Malware without any driver requirements. This solution allows some protection for systems that lack the driver support required to run in kernel mode, and provides the auto option to automatically enable the best protection available at any given time.

For details on basic functions, see Activity Monitoring Engine has only Basic Functions and Anti-Malware Engine has only Basic Functions

Modes available

Kernel Mode generates events and provides full Activity Monitoring and Anti-Malware functionality, but can only be enabled on systems with the required driver support.

User Mode generates events and enables basic functions for Anti-Malware & Activity Monitoring without any driver requirements.

User mode can be enabled to run on a system without using drivers, even if the system supports the drivers required to run in kernel mode.

Auto switches between kernel mode and user mode to provide the best protection available at any given time. Kernel mode is prioritized, but Deep Security Agent will switch to user mode automatically during any driver support gaps that prevent kernel mode operation. If a system that lacks the required drivers to run in kernel mode later obtains them (from a system update, for example), then the agent automatically switches to use kernel mode and give the system full protection from Activity Monitoring and Anti-Malware.

Choose whether to use drivers for system protection

To configure the driver mode from Cloud One - Endpoint & Workload Security:

1. Go to Computer (or Policy) > System > General > Choose whether to use Drivers for System Protection.
2. Select Auto, Kernel Mode, or User Mode from the drop-down menu.
3. Select Save.

Supported agents