Topics on this page
User mode solution
User mode provides event generation and basic functions for Activity Monitoring and Anti-Malware without any driver requirements. This solution allows some protection for systems that lack the driver support required to run in kernel mode, and provides the auto option to automatically enable the best protection available at any given time.
For details on basic functions, see Activity Monitoring Engine has only Basic Functions and Anti-Malware Engine has only Basic Functions
Modes available
Kernel Mode generates events and provides full Activity Monitoring and Anti-Malware functionality, but can only be enabled on systems with the required driver support.
User Mode generates events and enables basic functions for Anti-Malware & Activity Monitoring without any driver requirements.
User mode can be enabled to run on a system without using drivers, even if the system supports the drivers required to run in kernel mode.
Auto switches between kernel mode and user mode to provide the best protection available at any given time. Kernel mode is prioritized, but Deep Security Agent will switch to user mode automatically during any driver support gaps that prevent kernel mode operation. If a system that lacks the required drivers to run in kernel mode later obtains them (from a system update, for example), then the agent automatically switches to use kernel mode and give the system full protection from Activity Monitoring and Anti-Malware.
Choose whether to use drivers for system protection
To configure the driver mode from Cloud One - Endpoint & Workload Security:
- Go to Computer (or Policy) > System > General > Choose whether to use Drivers for System Protection.
- Select Auto, Kernel Mode, or User Mode from the drop-down menu.
- Select Save.
Supported agents
Operating System | Feature support in user mode | |
Anti-Malware | Activity Monitoring | |
Amazon Linux (64-bit) | ||
Amazon Linux 2 (64-bit) | ✔ | ✔ |
Amazon Linux 2 (AWS ARM-Based Graviton 2) | ||
Amazon Linux 2 (AWS ARM-Based Graviton 3) | ||
Amazon Linux 2023 (64-bit) | ✔ | ✔ |
Debian 8 (64-bit) | ||
Debian 9 (64-bit) | ||
Debian 10 (64-bit) | ✔ | ✔ |
Debian 11 (64-bit) | ✔ | ✔ |
Debian 12 (64-bit) | ✔ | ✔ |
Oracle Linux 6 (32-bit) | ||
Oracle Linux 6 (64-bit) | ||
Oracle Linux 7 (64-bit) | ||
Oracle Linux 8 (64-bit) | ✔ | ✔ |
Oracle Linux 9 (64-bit) | ✔ | ✔ |
Red Hat Enterprise Linux 6 (32-bit) | ||
Red Hat Enterprise Linux 6 (64-bit) | ||
Red Hat Enterprise Linux 7 (64-bit) | ||
Red Hat Enterprise Linux 8 (64-bit) | ||
Red Hat Enterprise Linux 8 (AWS ARM-Based Graviton 2) | ||
Red Hat Enterprise Linux 8.6 (PowerPC little-endian) | ||
Red Hat Enterprise Linux 9 (64-bit) | ✔ | ✔ |
Red Hat Enterprise Linux Workstation 7 (64-bit) | ||
SUSE Linux Enterprise Server 12 (64-bit) | ||
SUSE Linux Enterprise Server 12 (PowerPC little-endian) | ||
SUSE Linux Enterprise Server 15 (64-bit) | ✔ | ✔ |
SUSE Linux Enterprise Server 15 (PowerPC little-endian) | ||
Ubuntu 16.04 (64-bit) | ||
Ubuntu 18.04 (64-bit) | ||
Ubuntu 18.04 (AWS ARM-Based Graviton 2) | ||
Ubuntu 20.04 (64-bit) | ✔ | ✔ |
Ubuntu 20.04 (AWS ARM-Based Graviton 2) | ||
Ubuntu 22.04 (64-bit) | ✔ | ✔ |
Ubuntu 22.04 (AWS ARM-Based Graviton 2) |