Your organization may divide devices into single or multiple groups. Every device may belong exactly to a single group only. Each must be a member of
Device group before they get monitored. Each group provides a security
Policy which is later conditionally applied to them. Whether the device is present on the
external network makes it
It separates the network location into
external and the biggest role here has the
Internal domain setting which must be defined in the
Device group. If HOS detects the
Internal domain the network location is decided as
internal. Detection is performed by running DNS query for the configured internal domain and receiving the configured answer.
HOS is constantly monitoring changes on the network interfaces and based on the conditions it changes its states.
All DNS traffic is diverted to DoH server. HOS becomes
Activewhen it is connected to the public network, but the
Internal domainis unreachable. This state is used for the danger zones such as public wifi.
DNS trafic is left intact. This state is used when device can’t connect to the Internet or when it is connected through internal network.
In the background HOS uses
Hostname of the
Resolver is never diverted and is cached. The identification and authenticity is left to the TLS protocol. When device belongs to any
Domain, then all domain names and their subdomains are allowed to reach the DNS servers they route to. HOS uses Win32_NetworkAdapterConfiguration WMI table to get the information.
Because HOS must intecept network traffic it requres to run as SYSTEM account. You can query the service by name
hos to see if it started properly. When none or invalid installation token is supplied the service it will stop.
C:\Users\admin>sc query "Whalebone Home Office Security" SERVICE_NAME: HOS TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
On first run HOS also installs
windivert system driver.
C:\Users\admin>sc query windivert type=kernel SERVICE_NAME: windivert TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Service is configured to recover after crash three times and then stay stopped.
The Android app has access to:
precise location (GPS and network-based)
take pictures and videos (to scan QR code of the Device group from the portal)
Wi-Fi connection information
view Wi-Fi connections
view network connections
connect and disconnect from Wi-Fi
full network access (to create a VPN tunnel to Whalebone Cloud resolvers)
run at startup
Application Firewall Settings¶
Enable TCP port 443 for the Whalebone Home Office Security.exe in the application firewall. To enable it for all network profiles in Windows, adjust following command to let HOS connect to your DoH server (e.g. 184.108.40.206):
If HOS service does not work please ensure that HOS service can connect to hos.whalebone.io and mobileapi.whalebone.io.
netsh advfirewall firewall add rule name="Whalebone Home Office Security" dir=out action=allow program="C:\Program Files (x86)\Whalebone\Home Office Security\Whalebone Home Office Security.exe" enable=yes remoteip=220.127.116.11,LocalSubnet
It is not necessary for the service to listen on port 53, thus there is no requirement for the application firewall to follow.
Additionally, service is listening on TCP endpoint localhost:9000 to provide data endpoint for UI app, and UI app server
whosui.exe listens on TCP endpoint localhost:55221 to render graphical components. Even though these ports are not critical for HOS operation they are relevant for UI app
AdminUI.exe. Please ensure that services are allowed to listen on those local ports as this allows user to have insight into app operation.
Service logs can be found at
c:\ProgramData\Whalebone\Home Office Security\Logs\, which contain detailed information about application states and operation. In case you encounther unexpected service behaviour please include this Log folder and/or Config folder along inside your support ticket. Application provides additional information for operation trace, in AdminUI.exe app, Events tab may give you better insight in HOS operation.