Athena EPP (Endpoint Protection Platform)

Athena EPP (formerly Sangfor Endpoint Secure) integrates NGAV, EDR, and endpoint management into a single, powerful solution for comprehensive endpoint protection.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.0.4R4
Athena EPP (Endpoint Protection Platform) {{ breadTitle }} User Manual Getting Started System System
{{sendMatomoQuery("Athena EPP (Endpoint Protection Platform)","System")}}

System

{{ $t('productDocDetail.updateTime') }}: 2026-04-09

In this module, you can configure system settings on the following pages: General, Data Backup, Network, Logging Options, Deployment and Upgrade, Alert Options, LDAP Sync, Customization, and Tools.

4.7.9.1 General

On the General page, you can configure basic system settings, including Date and Time, Time Zone, Password Security Policies, Session Timeout Logout, Endpoint Deletion, Remote Support, Endpoint Data Collection, Security Patch Download, Access Control for Device Integration, Product Features, Domain Name Collection, SSL/TLS Protocol, SMTP Server, SSL Certificate, Realtime Virus Detection, Cloud Security Program, and Privacy Options, as shown in the following figures.

 

 

  1. Date and Time: Customize the time of the Athena EPP manager. You can click Sync with Local PC to synchronize the time from the local computer, or click Obtain System Time to obtain the time of the server where the Athena EPP manager is installed. If the Athena EPP manager can access the Internet, you can select Sync time with NTP server periodically to synchronize the time of the Athena EPP manager with the specified NTP server.
  1. Time Zone: Click Edit to modify the time zone of the Athena EPP manager. The time zone of the Chinese mainland is GMT+08:00.
  2. Password Security Policies: Configure password security policies, including password expiration period, CAPTCHA verification, and automatic account lockout after a specific number of failed login attempts within a specified time period.
  3. Session Timeout Logout: Automatically log out a user if the user stays inactive for a specific period of time without performing any operations on the Athena EPP manager.
  4. Endpoint Deletion: Select whether to automatically delete an endpoint from the Athena EPP manager and revoke its license if the endpoint remains offline for a specific number of consecutive days.
  5. Remote Support: Specify the fixed port for remote access in Athena EPP. Through the fixed port, remote control can be implemented.
  6. Endpoint Data Collection: Specify the time interval for endpoint data collection of the Endpoint Inventory module, with a value range from 4 to 168 hours, as well as the time interval for endpoint status updates, with a value range from 3 to 10 minutes.
  7. Security Patch Download: If the Athena EPP agent cannot download security patches due to the inaccessibility to the Internet, the Athena EPP manager can download the security patches on behalf of the agent. Then, the agent downloads the security patches from the Athena EPP manager.
  8. Access Control for Device Integration: Specify the maximum period of time within which devices integrated with Athena EPP are allowed to access the Athena EPP manager. To ensure the access security of integrated devices such as Athena IAG, Athena NGFW, and Athena NDR, the integrated devices can access the Athena EPP manager only within the specified period when this check box is selected.
  9. Product Features: Select whether to enable or disable specific product features, including Global Search in Endpoint Inventory, Snapshot-Based Ransomware Recovery, Advanced Threat Detection and Response, App Blacklist, Software Uninstallation, Unauthorized Outbound Access Detection, and Cleanup. If you enable these features, business continuity on endpoints may be affected. By default, these features are disabled.
  10. Domain Name Collection: If you enable this feature, the Athena EPP manager records the processes that access malicious domain names. This feature can be used with botnet and malicious domain name forensics and global threat identification.
  11. SSL/TLS Protocol: Protocol versions include TLS 1.0, TLS 1.1, and TLS 1.2. By default, TLS 1.2 is enabled because it is more secure than TLS 1.0 and TLS 1.1. To integrate Athena EPP with other devices, you must select TLS 1.0 and TLS 1.1.
  12. SMTP Server: Configure the SMTP server to send subscription and alert emails. Click Send Test Email to check whether the SMTP server is properly configured. If the configuration is successful, the specified administrator will receive a test email, as shown in the following figure.

 

 

  1.  SSL Certificate: Support exporting custom SSL certificates to Athena EPP to achieve more secure access.
  2. Realtime Virus Detection: Select whether to enable delayed file scan and delayed process scan. We recommend that you enable delayed file scan if Athena EPP conflicts with other software in terms of file exclusivity. After it is enabled, the virus scan on a file will be delayed by 2 seconds when the file is being written to the disk. We recommend that you enable delayed process scan if encryption software exists. After it is enabled, the virus scan on the files associated with a process will be delayed by 2 seconds when the process is being started.
  3. Cloud Security Program: If Join the cloud security program to integrate with cloud-based security products for enhanced capabilities and Allow internet-connected endpoints to upload virus-infected files to the cloud for improved detection of threats such as ransomware are selected, Athena EPP will collect suspicious files to the cloud for analysis to provide better security services. Make sure that the Athena EPP manager is accessible at https://clt.sangfor.com.
    1. Data Backup

On the Data Backup page, you can back up and restore configurations of the General Policies and Micro-Segmentation modules.

 A screenshot of a computer Description automatically generated

 

To export the current configurations of a module, select the module and click Download Configurations.

You can restore configurations from scheduled backup files or local backup files.

To use Method 1, select a scheduled backup file from the drop-down list and click Restore.

To use Method 2, click Browse and select a local backup file as needed.

4.7.9.3Network

In the Network module, you can configure settings for the network interfaces, routing, DNS, SSH service, and Athena EPP manager ports.

 

Interfaces

You need to specify an IP address for the communication between the Athena EPP manager and the Athena EPP agent and access to the Athena EPP manager. To specify the IP address, go to System > System > Network > Interfaces, as shown in the following figure.

 

Click the name of the interface that you want to configure, as shown in the following figure. A screenshot of a computer Description automatically generated

1. If the specified IP address is changed, endpoints installed with the Athena EPP agent and connected to the interface will be disconnected from the Athena EPP manager and must be redeployed. Proceed with caution.

2. The Routing and Advanced tabs are displayed if you use an ISO or OVA image for the deployment but are not displayed if you use an offline installation package and script.

 

Routing

You must configure route settings for the Athena EPP manager to connect to the Internet and communicate with endpoints. To configure a route, go to System > System > Network > Routing, and click New, as shown in the following figure.

In the dialog box that appears, configure parameters as required, and click OK.

Domain Connectivity Tests

After the administrator logs in to the manager, a pop-up window prompts the administrator to perform domain connectivity tests.

Go to System > Network > Domain Connectivity Tests to start domain connectivity tests.

Advanced

To configure settings such as the SSH service port, DNS server IP addresses, Athena EPP manager access ports, proxy server settings, and Athena EPP manager IP addresses, go to System > System > Network > Advanced, as shown in the following figures.

 

 

SSH Service: Specify whether to enable the SSH service. By default, the SSH service is disabled and will use port 22345 if you enable it. The service is automatically disabled after eight hours. If you are not using cascade deployment, we recommend that you do not enable the SSH service.

DNS Server: Specify the IP addresses of the DNS server for the Athena EPP manager. The DNS service is required for the Athena EPP manager to connect to the Internet and update the antivirus database.

Ports: Specify the port for Athena EPP manager access and for Athena EPP agent updates.

Proxy Server: If the Athena EPP manager cannot directly connect to the Internet and you have deployed a proxy server, you can configure the proxy server's settings for purposes such as updating databases and using a Cloud-Based Engine. HTTP and HTTPS proxies are supported.

Manager IP Addresses: Specify multiple Athena EPP manager IP addresses or domain names. The Athena EPP agent will test the connectivity of the specified IP addresses from top to bottom and connect to the first accessible IP address. This feature solves issues in the following scenarios:

 

  1. Remote working

When endpoint users work in the office, the Athena EPP agent connects to the Athena EPP manager through internal IP addresses. When endpoint users are on a business trip or work remotely, the Athena EPP agent connects to the Athena EPP manager through external IP addresses. This switchover ensures continuous communication.

In this scenario, you must specify internal and external IP addresses in the Manager IP Addresses section.

 

  1. Athena EPP manager migration

Assume that a customer has deployed the Athena EPP agent on many endpoints and needs to migrate the Athena EPP manager with a single IP address to a host of new IP address ranges due to network transformation. To connect the Athena EPP agent to the Athena EPP manager after the migration, the customer must redeploy the Athena EPP agent on those endpoints. To avoid that issue, the Athena EPP manager supports multiple IP addresses. You can specify the destination IP address before the Athena EPP manager migration so that endpoints installed with the Athena EPP agent can connect to the Athena EPP manager after migration.

In this scenario, you must specify both the source and destination IP addresses in the Manager IP Addresses section.

 

Port Blocking: If you enable port blocking, the host where the Athena EPP manager is located only enables the ports used by Athena EPP, such as ports 443, 4430, 8083, and 54120.

4.7.9.4 Logging Options

On the Logging Options page, you can set the mechanism for automatic log cleanup. Logs that can be automatically deleted include security logs, coordinated action logs, operation logs, and admin logs. You can set the maximum preservation time for logs before they are automatically deleted to 7 to 1,095 days. By default, automatic log cleanup is enabled. You can set the expected number of log preservation days and log storage usage for triggering alerts in the Alert Triggers section. To set the rules, go to System > System > Logging Options, as shown in the following figure.

  1. When the log storage usage exceeds 70%, a banner notification will be displayed.
  1. When the log storage usage exceeds the threshold for deleting logs, logs are automatically deleted.
    1. Deployment and Upgrade

Athena EPP supports the auto update, concurrent update, and P2P upgrade of the Athena EPP agent and databases.

  1. Auto update: Only one agent is updated first when agents on some servers need to be updated. Other agents are updated only after it is confirmed that the first updated agent is normal.
  1. Concurrent update: To prevent network congestion due to simultaneous updates of a large number of agents, you can set the maximum number of concurrently updated endpoints to reduce the update's impact on the network bandwidth.
  2. P2P update: In this upgrade mode, the Athena EPP agent is downloaded from multiple seed nodes (endpoints that have installed the Athena EPP agent). Compared to the previous single-channel agent download from the Athena EPP manager, this mode accelerates the upgrade and reduces bandwidth usage. P2P upgrade is supported for the Athena EPP agent installation, Athena EPP agent upgrade, and antivirus database update.
  3. Integrated client deployment: You can enable this feature if you want to integrate Athena SASE or Athena SWG with the Athena EPP agent. After you have specified the download URL of Athena SASE or Athena SWG and the applicable endpoint group of this policy, the Windows endpoints that have installed the EPP agent in the applicable endpoint group will automatically download Athena SASE or Athena SWG and integrate it with the EPP agent.

To configure the upgrade settings, go to System > System > Deployment and Upgrade, as shown in the following figure.

 

Agent and Database Update: Specify the Athena EPP agent upgrade method and the number of endpoints for concurrent upgrade.

Auto Update: Specify the auto upgrade policy.

Concurrent Update: Specify the concurrent upgrade policy to limit the number of concurrent upgrade endpoints and reduce the upgrade's impact on bandwidth.

P2P Settings: If you enable P2P for installation and upgrade, Athena EPP agent installation, Athena EPP agent upgrade, and antivirus database update are executed in P2P mode. The endpoints serving as P2P seed nodes will enable the HTTP service for download in pieces. To exclude an endpoint from serving as a seed node, select it from Non-distribution Endpoints.

Vulnerability Update: Specify the time for the automatic update of the vulnerability database of the Athena EPP manager.

Client Deployment: Select Download Omnipoint Secure and integrated it into Agent if you want to integrate Athena SASE Client with the Athena EPP agent.

Download URL: Specify the download URL of Sangfor Access Client.

Apply To: Specify the endpoint group that applies this policy.

Endpoint User Info Sync: Support synchronizing user information from Athena SASE or Athena SWG to this management platform for easier correspondence with owners.

1. The P2P upgrade is not supported in scenarios where the Athena EPP manager is exposed to the Internet through port mapping.

2. The P2P upgrade is supported for Athena EPP agent installation, upgrade, and antivirus database update.

3. The P2P upgrade applies only to Windows PC endpoints, and is inapplicable to Windows XP, Windows Server, macOS, and Linux.

4.7.9.6 Alert Options

Security event alerts can be sent to specified email addresses.

 

Email alerts

The Athena EPP manager supports the monitoring of CPU, memory, and disk usage. If the usage exceeds the threshold for the specified period, you are alerted by email. This feature keeps you informed of the operation status of Athena EPP and the global security.

To configure alert events, go to System > System > Alert Options > Alert Events, as shown in the following figure.

To configure an alert notification, go to System > System > Alert Options > Alert Notification, as shown in the following figure.

The following figure shows a sample alert email sent to the specified email addresses when a specified event triggers an alert.

To use email alerts, you must first configure the SMTP server in the General module.

 

4.7.9.7 LDAP Sync

For details about LDAP synchronization, see Chapter 3.2.1.3 Synchronize the LDAP Information.

 

4.7.9.8 Customization

For more information about customization, see Chapter 3.5.1.9 Customization.

4.7.9.9 Tools

On the Tools page, you can find tools such as Offline Security Patch Downloader and Agent Uninstaller.

 

Offline Security Patch Downloader

This tool can be used with Athena EPP's vulnerability detection and repair feature. When the Athena EPP manager and the managed endpoints of a customer cannot access the Internet, they can use this tool to download vulnerability patches and then import the patches to the Athena EPP manager and fix vulnerabilities of endpoints.

 

To download Offline Security Patch Downloader, go to System > System > Tools, as shown in the following figure.

Step 1.After downloading the tool, copy it to an endpoint with Internet access.

Step 1.Run the tool to download a vulnerability patch package, as shown in the following figure.

Step 2.Import the downloaded vulnerability patch package into the Athena EPP manager, as shown in the following figure.

Step 3.Run an Athena EPP manager vulnerability scan and fix the detected vulnerabilities.

We recommend that you download vulnerability patches as needed. The downloaded patch package can be huge if you download all patches simultaneously. As a result, the import may fail.

 

Agent Uninstaller

When the Athena EPP agent is disconnected from the Internet, and the uninstallation password cannot be used, you can download Agent Uninstaller from the Athena EPP manager and share it with endpoint users who want to uninstall the Athena EPP agent from their endpoints.

  1. Download Agent Uninstaller from the Athena EPP manager

The downloaded Agent Uninstaller package contains the uninst.exe file, configuration files, and the uninstallation password in plain text.

  1. Run Agent Uninstaller on a Windows endpoint

The endpoint user receives the Agent Uninstaller package, decompresses it, and runs uninst.exe.

On the UI of Agent Uninstaller, the endpoint user enters the uninstallation password in the readme.txt file to start the uninstallation.