Differences

This shows you the differences between two versions of the page.

--- infoblox_threat_defense:endpoints [2025/03/03 16:42] – bstafford
+++ infoblox_threat_defense:endpoints [2026/02/15 02:36] (current) – [Endpoint Config] bstafford
@@ Line 21: / Line 21: @@
 <code>Get-Content "C:\ProgramData\Infoblox\ActiveTrust Endpoint\logs\proxy.4.log" -wait -tail 5</code>
+On Windows, you can also find the registry keys at
+<code>Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Infoblox\ActiveTrust Endpoint</code>
+===== PTR and Internal Zones =====
 The files above are where Internal Domains are configured. Also, this is where BloxOne Endpoint automatically adds internal domains to the "Internal Domain" list as follows:
+  * <any DNS suffix assigned to your network interface>
   * local
+  * ipv4only.arpa
   * 10.in-addr.arpa
   * 16.172.in-addr.arpa
@@ Line 41: / Line 47: @@
   * 31.172.in-addr.arpa
   * 168.192.in-addr.arpa
+  * 254.169.in-addr.arpa
   * c.f.ip6.arpa
   * d.f.ip6.arpa
-  * ipv4only.arpa
-  * 254.169.in-addr.arpa
   * 8.e.f.ip6.arpa
   * 9.e.f.ip6.arpa
@@ Line 50: / Line 55: @@
   * b.e.f.ip6.arpa
+This can be summarised as
+  *   * <any DNS suffix assigned to your network interface>
+  * local
+  * ipv4only.arpa
+  * 10.0.0.0/8
+  * 172.16.0.0/12 (172.[16-31].0.0/16)
+  * 192.168.0.0/16
+  * 169.254.0.0/16
+  * fc00::/7 (fc00::/8 and fd00::/8)
+  * fe80::/16
+  * fe90::/16
+  * fea0::/16
+  * feb0::/16
+===== Config Files =====
 The following file is written every few seconds.
 <code>C:\ProgramData\Infoblox\ActiveTrust Endpoint\config\Coredns_info.4</code>