Kaseya 2 Endpoint Security User Guide Version R8 English December 17, 2014
Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya’s “Click-Accept” EULATOS as updated from time to time by Kaseya at http://www.kaseya.com/legal.aspx. If Customer does not agree with the Agreement, please do not install, use or purchase any Software and Services from Kaseya as continued use of the Software or Services indicates Customer’s acceptance of the Agreement.” ©2014 Kaseya. All rights reserved. | www.kaseya.
Contents Welcome ....................................................................................................................................................... 1 Security Overview ....................................................................................................................................... 1 Endpoint Security Module Requirements ................................................................................................. 3 Dashboard .....................................
Welcome Welcome Endpoint Security Online User Assistance Some things to keep in mind as you navigate online help: Enable Internet Explorer to accept cookies and JavaScript. Click to display context-sensitive help for the currently selected function. Documentation You can download a PDF version of the following documents. You must have Acrobat Reader installed on your system to view the PDF files. Endpoint Security User Guide This is the same content as the Endpoint (http://help.kaseya.
Security Overview Generic Detection - Detects instructions characteristic of a virus or group of viruses. Known Virus Detection - Searches for character strings characteristic of a virus. Scans Email - Checks incoming and outgoing email by using plug-ins designed for the most frequently used email programs. Once detected, viruses are cleaned or quarantined. Some email clients may support messages with text certifying that sent and received email has been scanned for viruses.
Endpoint Security Module Requirements Functions Description Dashboard (page 4) Provides a dashboard view of the status of machines installed with Endpoint Security. Security Status (page 10) Displays the current security status of machine IDs. Manual Update (page 8) Schedules updates of the latest version of security protection definition files. Schedule Scan (page 10) Schedules security protection scans of machine IDs.
Dashboard Dashboard Security > Dashboard Similar information is provided by Info Center > Reporting > Reports > Security. The Dashboard page provides a dashboard view of the status of machines installed with Endpoint Security.
Security Status Top Threats Discovered A pie chart displays which threats have been found on the greatest percentage of machines. Click any slice of the pie chart or any label of the pie chart to display a list of individual machines belonging to that slice in the View Threats page. Security Status Security > Security Status Similar information is provided by Info Center > Reporting > Reports > Security (page 33).
Security Status Agent is online but remote control has been disabled The agent has been suspended (Select All Checkbox) - Click this checkbox to select all rows in the paging area. If checked, click this checkbox to unselect all rows in the paging area. Machine.Group ID - A unique machine ID / group ID / organization ID name for a machine in the VSA. Profile Name - The security profile assigned to the machine ID.
Security Status Virus Vault - The number of threats stored in the virus vault of the machine ID. These items are safely quarantined and will be automatically deleted, if profile settings apply. You can click the hyperlinked number in any row to display these threats in the Virus Vault tab of the View Threats (page 11) > page. Version - The version of security protection currently used by this machine ID. For example: 8.5.322 270.12.6/2084 8.5.322 - The version of AVG program installed. 270.12.
Manual Update Script Name: KES_Disable Resident Shield Script Description: Disables Resident Shield temporarily (until next scan or reboot) IF True THEN Get Variable Parameter 1 : 10 Parameter 2 : Parameter 3 : agenttemp OS Type : 0 Execute File Parameter 1 : #agenttemp#\kes\KasAVCmd.
Manual Update Stagger by - You can distribute the load on your network by staggering this task. If you set this parameter to 5 minutes, then the task on each machine ID is staggered by 5 minutes. For example, machine 1 runs at 10:00, machine 2 runs at 10:05, machine 3 runs at 10:10, ... Skip if Machine Offline - If a checkmark displays and the machine is offline, skip and run the next scheduled period and time.
Schedule Scan If automatic updates are enabled but no AVG update is detected, the table cell is blank, unless a manual update is also scheduled. If automatic updates are disabled, then a red-cross icon update is scheduled. If a manual update is scheduled, a time stamp displays. displays, even if a manual Schedule Scan Security > Schedule Scan The Schedule Scan page schedules security protection scans of selected machine IDs licensed to use Endpoint Security.
View Threats Next Scan / Schedule - This timestamp shows the next scheduled scan. Overdue date/time stamps display as red text with yellow highlight. A green checkmark indicates the scan is recurring. View Threats Security > View Threats Similar information is provided by Info Center > Reporting > Reports > Security (page 33). The View Threats page displays threats you can take action on.
View Logs Only perform this action if you're certain the file is safe to use. The entire PUP Exclusion List is maintained using the Define Profile (page 20) > PUP Exclusions tab. Note: Non-PUP threats cannot be added to the PUP Exclusion List. Virus Vault tab Actions Restore - Restores the original file identified as a threat. Only perform this action if you're certain the file is safe to use. Delete - Deletes the original file identified as a threat from the Virus Vault.
Extend/Return this page, machine IDs must have the Endpoint Security client software installed on the managed machine using the Security > Installation (page 15) page. Click a machine ID.group ID to display an event log. Each event displays the Time, an event Code, and in most cases a Message containing additional information.
Notify Partial Available Licenses (Formerly assigned to a machine but returned to pool before expiration) Partial Allocated Licenses (Partial Available that has been scheduled for install, but install not yet complete) Total Licenses (Purchase licenses minus expired) Expired Licenses Show only licenses expiring within 30 days - Limits the display of licenses in the paging area to those expiring within 30 days.
Installations Note: See Endpoint Security Licensing in the Security Overview (page 1) topic. The list of machine IDs you can select depends on the machine ID / group ID filter and the scope you are using. To display on this page, machine IDs must have the Endpoint Security client software installed on the managed machine using the Security > Installation (page 15) page.
Installations The time to download endpoint installers from AVG may vary, based on an approximate 500 MB delivery package. A conditional reboot of VSA may be necessary. AVG 2012 does not register itself in the Windows Security Center. Endpoint Security licenses are allocated to group IDs using System > License Manager (http://help.kaseya.com/webhelp/EN/VSA/R8/index.asp#2924.htm). Rebooting the Endpoint During Installs and Upgrades Installing AVG 2012 may reboot the endpoint after the install.
Installations Edit User Prompts - Edit the warning prompt displayed to users, if a warning prompt is displayed. You can also specify the number of minutes the user is allowed to postpone installation. Installation Options - Sets module-level or default installation options (page 19) for installs or upgrades. Reboot - Reboots the selected computer. Periodically AVG releases an update that requires a reboot. Reboot Required displays in the Version column.
Installations Install Source - If a file source is defined using Patch Management > File Source (http://help.kaseya.com/webhelp/EN/VSA/R8/index.asp#366.htm), then installs are sourced from this location. Otherwise, installs are sourced from the internet. If the option Download from Internet if machine is unable to connect to the file server is selected in Patch Management>File Source: During a Endpoint Security v2.
Installations Skip if Machine Offline - Check to perform this task only at the scheduled time. If the machine is offline, skip and run the next scheduled period and time. Uncheck to perform this task as soon as the machine connects after the scheduled time. Components Workstation Components Link Scanner - Blocks dangerous websites and checks links returned by the most popular search engines. Does not install to browsers running on Windows Server O/S.
Define Profile Kill all running applications that prevent installation - module-level - If checked, stops all running applications that might prevent successful installation. Disable Windows Defender - module-level - Running Windows Defender significantly degrades the performance of Endpoint Security and should be disabled by default using this option.
Define Profile determine what share rights are assigned. If neither of the first two checkboxes are checked, the shared object can only be seen by the users given share access, but the object cannot be used nor edited. The Shared and Not Shared list boxes and the third checkbox determine who can see the object. Allow other administrators to modify - If checked, share rights to the object includes being able to use it, view its details and edit it.
Define Profile Display system tray notifications - If checked, the following system tray notifications can be optionally enabled. All notification messages display on the managed machine next to the system tray. Display tray notifications about update - If checked, displays a notification message that the Endpoint Security software is being updated. Display tray notifications about scanning - If checked, displays a notification message that the machine is being scanned.
Define Profile Scan for Tracking Cookies - If checked, the scan includes internet browser tracking cookies. Found tracking cookies are deleted immediately and not moved to the virus vault. Scan Potentially Unwanted Programs and Spyware threats - If checked, the scan detects executable applications or DLL libraries that could be potentially unwanted programs. Some programs, especially free ones, include adware and may be detected and reported by Endpoint Security as a Potentially Unwanted Program.
Define Profile Report Password Protected Documents - If checked, reports password-protected document attachments in email as threats. Report Files containing macro - If checked, reports files containing macros attached to email as threats. Report hidden extensions - If checked, reports files that use a hidden extension. Some viruses hide themselves by doubling their file extension. For example, the VBS/Iloveyou virus attaches a file, ILOVEYOU.TXT.VBS, to emails.
Define Profile Enable - If checked, adds a certification note to scanned email on MS Exchange Servers. Customize the certification note in the text field. Performance Run scans in background - Enable or disable background scanning. Background scanning is one of the features of the VSAPI 2.0/2.5 application interface. It provides threaded scanning of the Exchange Messaging Databases.
Assign Profile Add new record - Adds PUP files to exclude from a scan. Some files may be threat-free but be erroneously interpreted as potentially unwanted programs (PUPs). Filename - Enter the name of the file. Checksum - Enter the checksum value of the file. To determine the checksum value, open the AVG UI on a machine that contains the file. Select Tools > Advanced Settings. Select the PUP Exceptions property sheet. Click the Add exception button.
Log Settings installed on the managed machine using the Security > Installation (page 15) page. Actions Apply Configuration - Click Apply Configuration to apply the security profile displayed in the Select Profile drop-down box to selected machine IDs. Select Profile - Select a security profile to apply to selected machine IDs. Only display machines with the selected profile - If checked, filters the paging area by the selected security profile.
Exchange Status Agent is currently offline Agent has never checked in Agent is online but remote control has been disabled The agent has been suspended (Select All Checkbox) - Click this checkbox to select all rows in the paging area. If checked, click this checkbox to unselect all rows in the paging area. Machine.Group ID - A unique machine ID / group ID / organization ID name for a machine in the VSA.
Define Alarm Sets Machine.Group ID - A unique machine ID / group ID / organization ID name for a machine in the VSA. Install Status - If checked, Endpoint Security client software is installed on the machine ID. If the agent software is earlier than 4.7.1, the message Requires Agent Update displays. If blank, Endpoint Security client software is not installed on the machine ID. Install Source - If a file source is defined using Patch Management > File Source (http://help.kaseya.
Apply Alarm Sets 3. Use the Ignore additional alarms for to specify the number of minutes to ignore the same set of alert conditions. Set to 0 to trigger an alarm each time an alert condition occurs. 4. Click Save to save the alarm set. To Delete an Alarm Set 1. Select an alarm set from the Select Profile drop-down list. 2. Click Delete to delete the alarm set.
Apply Alarm Sets 2. 3. 4. 5. Email Recipients Set additional email parameters. Select an alarm set. Check the machine IDs to apply the alarm set to. Click Apply to assign the alarm set to selected machine IDs. To Cancel an Alert 1. Select machine ID checkboxes. 2. Click Remove to remove the assigned alarm set from selected machine IDs. Options Create Alarm - If checked and an alert condition is encountered, an alarm is created.
Security Reporting Security Reporting The following data sets are available to support the creation of custom Endpoint Security report definitions and report templates. They are located in the Info Center > Configure & Design > Report Parts. KES Alarm Set KES Alarm Set Assignment KES Event Log KES Exchange Status KES Machine Status KES Threats KES Threat Statistics In addition, the following legacy "fixed format" report definitions are provided.
Security Reporting Security - Configuration Info Center > Reporting > Reports > Security > Configuration Displays only if the Security add-on module is installed. Similar information is provided using Security > Security Status (page 5), View Logs (page 12), and View Threats (page 11). The Security - Configuration report definition generates reports for the following types of security data maintained by the VSA.
Security Reporting Time Selection Select the Time Range Type - Filters by a fixed type of date range. Number Of Days - Applies only if Last N Days is selected time range type. Custom Start DateTime - Applies only if Fixed Range is select time range type. Custom End DateTime - Applies only if Fixed Range is select time range type. Security - KES Log Info Center > Reporting > Reports > Security - KES Log Displays only if the Security add-on module is installed.
Index Index A Apply Alarm Sets • 30 Assign Profile • 26 D Dashboard • 4 Define Alarm Sets • 29 Define Profile • 20 E Enable/Disable Resident Shield by Agent Procedure • 7 Endpoint Security Module Requirements • 3 Exchange Status • 28 Executive Summary - Endpoint Security • 32 Extend/Return • 13 I Installation Options • 19 Installations • 15 Installing or Upgrading an Endpoint • 18 L Log Settings • 27 M Manual Update • 8 N Notify • 14 S Schedule Scan • 10 Security - Configuration • 33 Security - Hist
