Skip to content

Learn Mode vs Monitor Mode

The Best Practice for On-Boarding New Endpoints/Customer is to use Monitor Mode.

Learn Mode has a very narrow use case.

Our Learn Mode is meant to Learn CERTs and/or Unsigned Apps when an endpoint is in Blocking Mode. and you are just adding a single App. Learn Mode Groups all learned CERTs & Apps in a Learn Mode Session into a single App named @ (e.g. "RENO-211@2016-02-24 15:03:24” )

A Learn Mode Session has a Timeout setting to prevent accidentally leaving a protected Host in Learn Mode beyond what was anticipated. You also need to review the Learn Mode session's Element to ensure they are what is necessary before trusting it.

Whereas Monitor Mode doesn’t have a timeout and allows you to organize the Monitor Mode Polity Exceptions into one or more Apps. With Monitor Mode you can incrementally add both Trust for Apps, CERTs, Trusted Children and Block Policies.