GFI Product Manual Administrator Guide
The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources.
Contents 1 Introduction 1.0.1 Terms and conventions used in this guide 1.1 Portable media device threats 1.2 About GFI EndPointSecurity 1.3 Components of GFI EndPointSecurity 1.3.1 GFI EndPointSecurity Management Console 1.3.2 GFI EndPointSecurity Agent 1.4 Key Features 1.5 How GFI EndPointSecurity works - Deployment and Monitoring 1.6 How GFI EndPointSecurity works - Device Access 1.7 How GFI EndPointSecurityworks - Temporary Access 1.8 Supported device categories 1.9 Supported connectivity ports 1.
6 Customizing Protection Policies 6.1 Configuring controlled device categories 6.2 Configuring controlled connectivity ports 6.3 Configuring power users 6.4 Configuring access permissions for device categories 6.5 Configuring access permissions for connectivity ports 6.6 Configuring access permissions for specific devices 6.7 Viewing access permissions 6.8 Configuring priorities for permissions 6.9 Configuring device blacklist 6.10 Configuring device whitelist 6.11 Configuring temporary access privileges 6.
9.2.1 Protection Status 9.2.2 Device Usage by Device Type 9.2.3 Device Usage by Connectivity Port 9.3 Status view 9.4 Deployment status view 9.4.1 About Deployment status view 9.4.2 Current Deployments 9.4.3 Queued Deployments 9.4.4 Scheduled Deployments 9.4.5 Deployment History 10 Reporting 10.1 GFI EndPointSecurity GFI ReportPack 10.2 Generating Digest reports 11 Managing the Database Backend 11.1 Maintaining the database backend 11.2 Using an existing SQL Server instance 12 Alerting Options 12.
List of Figures Screenshot 1: Navigating GFI EndPointSecurity user interface 20 Screenshot 2: GFI EndPointSecurity installation: domain administrator account setup 24 Screenshot 3: GFI EndPointSecurity installation: license key details 24 Screenshot 4: Navigating GFI EndPointSecurity user interface 28 Screenshot 5: Selecting control entities 31 Screenshot 6: Selecting device categories to assign permissions 31 Screenshot 7: Adding users or groups 32 Screenshot 8: Selecting permission types per
Screenshot 39: Protection Policies sub-tab - users view 69 Screenshot 40: Protection Policies sub-tab - Security area 70 Screenshot 41: Black list options 71 Screenshot 42: Select Devices options 72 Screenshot 43: Select Devices options - Select device serials 73 Screenshot 44: Select Devices options - Edit Device serials 74 Screenshot 45: White list options 75 Screenshot 46: Select Devices options 75 Screenshot 47: Select Devices options - Select device serials 76 Screenshot 48: Select De
Screenshot 79: Devices list area - Add device to devices database 105 Screenshot 80: Statistics sub-tab 106 Screenshot 81: Protection Status area 107 Screenshot 82: Device Usage by Device Type area 107 Screenshot 83: Device Usage by Connectivity Port area 108 Screenshot 84: Activity Log sub-tab 109 Screenshot 85: Activity Log sub-tab - Advanced filtering 110 Screenshot 86: Logs Browser sub-tab 111 Screenshot 87: Query Builder options 112 Screenshot 88: Risk Assessment sub-tab 114 Screens
Screenshot 119: Uninstallation information message 146 Screenshot 120: Specifying contact and purchase details 148 Screenshot 121: Specifying issue details and other relevant information to recreate the problem 148 Screenshot 122: Gathering machine information 148 Screenshot 123: Finalizing the Troubleshooter wizard 148
List of Tables Table 1: Terms and conventions used in this manual 11 Table 2: GFI EndPointSecurityfeatures 13 Table 3: Deployment and Monitoring protection policy 15 Table 4: Deployment and Monitoring protection policy 17 Table 5: Deployment and Monitoring protection policy 17 Table 6: System requirements - Hardware 21 Table 7: Auto Discovery settings 26 Table 8: Auto Discovery settings 26 Table 9: Database backend options 27 Table 10: Add Computer(s) dialog options 38 Table 11: Logon cr
1 Introduction The proliferation of consumer devices such as iPods, USB devices and smartphones has increased the risk of deliberate and/or unintentional data leaks and other malicious activity. It is very simple for an employee to copy large amounts of sensitive data onto an iPod or USB stick, or to introduce malicious and illegal software onto your network through these devices.
Better storage capacity Improved performance Easier and faster to install Physically small enough to carry in a pocket. As a result, internal users may deliberately or accidentally: Take away sensitive data Expose confidential information Introduce malicious code (example: viruses, Trojans) that can bring the entire corporate network down Transfer inappropriate or offensive material on to corporate hardware Make personal copies of company data and intellectual property Get distracted during work hours.
GFI EndPointSecurity Management Console Management Console GFI EndPointSecurity Agent. 1.3.
GFI EndPointSecurity features Power users The administrator can specify users or groups who would always have full access to devices that are otherwise blocked by GFI EndPointSecurity. Temporary access The administrator is able to grant temporary access to a device (or group of devices) on a particular computer.
Figure 1: Protection policy - Deployment and Monitoring The table below describes the stages depicted above: Table 3: Deployment and Monitoring protection policy Stage Description Stage 1 Configure computers The administrator specifies which protection policy is assigned to which computers, and the log-on credentials to be used by GFI EndPointSecurity to access the target computers and deploy the agents.
Stage Description Stage 3 Deploy protection policy The administrator deploys the protection policy. Upon the first deployment of a protection policy, a GFI EndPointSecurity agent is automatically installed on the remote network target computer. Upon the next deployments of the same protection policy, the agent will be updated and not re-installed.
Table 4: Deployment and Monitoring protection policy Stage Description Stage 1 - Device The user attaches a device to a target computer protected by GFI EndPointSecurity. attached to computer Stage 2 - Protection policy enforcement The GFI EndPointSecurity agent installed on the target computer detects the attached device and goes through the protection policy rules applicable to the computer/user. This operation determines whether the device is allowed or blocked from being accessed.
1.8 Supported device categories In GFI EndPointSecurity devices are organized into the following categories: Floppy disks CDs/DVDs Printers PDAs, including: Pocket PCs Smart-phones Network Adapters, including: Ethernet adapters Wi-Fi adapters Removable adapters (USB, Firewire, PCMCIA) Modems, including: Smart-phones Mobile phones Imaging Devices: Digital cameras Webcams Scanners Human Interface Devices: Keyboards Mice Game controllers Storage Devices, including: USB Pen drives Digital Media Players (e.g.
Zip drives Tape drives MO (magneto optical) drives (internal and external). 1.9 Supported connectivity ports GFI EndPointSecurity scans for devices that are or have been connected on the following ports: USB Secure Digital (SD) Firewire Bluetooth Infrared PCMCIA Serial & Parallel Internal (example: optical drives connected internally on PCI). 1.
Screenshot 1: Navigating GFI EndPointSecurity user interface GFI EndPointSecurity Management Console consists of the sections described below: Section Description Tabs Navigate between the different tabs of GFI EndPointSecurity management console. The available tabs are: Status - Monitor the status of GFI EndPointSecurity and statistical information on device access. Activity - Monitor devices used on the network. Configuration - Access and configure the default protection policies.
2 Installing GFI EndPointSecurity This chapter provides you with information about preparing your network environment to successfully deploy GFI EndPointSecurity. Topics in this chapter 2.1 System requirements 21 2.2 Upgrading GFI EndPointSecurity 22 2.3 Installing a new instance of GFI EndPointSecurity 23 2.4 Post-install configurations 25 2.5 Navigating the Management Console 27 2.6 Testing your installation 29 2.
Agent - Hardware requirements Processor: 1GHz processor clock speed or better RAM: 256 MB (minimum); 512 MB (recommended) Hard Disk: 50 MB of available space Agent - Software requirements Processor: 1GHz processor clock speed or better RAM: 256 MB (minimum); 512 MB (recommended) Hard Disk: 50 MB of available space Other software components GFI EndPointSecurity requires the following software components for a fully functional deployment: Microsoft Internet Explorer 5.5 or higher Microsoft .NET Framework 2.
Security settings Options: Logging options Database options. Upgrading from GFI LanGuard Portable Storage Control If the computer on which you are installing GFI EndPointSecurity is protected by a GFI LanGuardPortable Storage Control agent, you first need to uninstall that agent. To do this: 1. Open GFI LanGuard Portable Storage Control configuration console. 2. Delete the agent from the computer where GFI EndPointSecurity will be installed.
Screenshot 2: GFI EndPointSecurity installation: domain administrator account setup 5. Key in the logon credentials of an account with administrative privileges and click Next to continue. Screenshot 3: GFI EndPointSecurity installation: license key details 6. Key in the Full Name and Company. If you have a license key, update the License Key details and click Next.
Note The license key can be keyed in after installation or expiration of the evaluation period of GFI EndPointSecurity. For more information refer to Product licensing. 7. Key in or browse to select an alternative installation path or click Next to use the default path and proceed with the installation. 8. Click Back to re-enter installation information or click Next and wait for the installation to complete. 9.
Table 7: Auto Discovery settings Tab Description Scan Area Select the target area on which GFI EndPointSecurity scans the computers on the network. Current domain/workgroup - GFI EndPointSecurity searches for new computers within the same domain/workgroup where it is installed The following domains/workgroups - Select this option and click Add. Specify the domains where GFI EndPointSecurity searches for new computers and click OK. Entire network except - Select this option and click Add.
12. From Users Groups, select/unselect Configure Users Groups to create domain/workgroup users and bind them to device categories and connectivity ports settings selected in the next step. 13. Click Select which Users Groups to create.... From the Configure Users Groups dialog, select the devices and/or connection ports for which users are created on. To manage every supported device and port from this policy, click Select All. 14.
Screenshot 4: Navigating GFI EndPointSecurity user interface GFI EndPointSecurity Management Console consists of the sections described below: Section Description Tabs Navigate between the different tabs of GFI EndPointSecurity management console. The available tabs are: Status - Monitor the status of GFI EndPointSecurity and statistical information on device access. Activity - Monitor devices used on the network. Configuration - Access and configure the default protection policies.
2.6 Testing your installation Once GFI EndPointSecurity is installed and the Quick Start wizard is completed, test your installation to ensure that GFI EndPointSecurity is working correctly. Follow the instructions in this section to verify the correctness of both the GFI EndPointSecurity installation as well as the operations of the shipping default protection policy. This section contains the following information: Test preconditions Test case Reverting to default settings 2.6.
Note If the deployment of the agent on to the local computer is not up-to-date, then manually deploy the agent on to it. For more information, refer to the GFI Administration and Configuration Manual. Ensure that the user account with no administrative privileges is not set as a power user in the General Control protection policy (shipping default protection policy).
Screenshot 5: Selecting control entities 8. In the Add permissions… dialog select the Device categories option and click Next to continue. Screenshot 6: Selecting device categories to assign permissions 9. Enable the CD/DVD device category, and click Next.
Screenshot 7: Adding users or groups 10. Click Add… and specify the user with no administrative privileges, to have access to the CD/DVD device category specified in this protection policy, and click OK. Screenshot 8: Selecting permission types per user or group 11. Enable the Access/Read and Write permissions and click Finish.
To deploy the protection policy updates on to the local computer: 1. From the right pane, click on the top warning message to deploy the protection policy updates. The view should automatically change to Status > Deployment. 2. From the Deployment History area, confirm the successful completion of the update onto the local computer.
3 Achieving Results This chapter provides you with step by step instructions about how to block unauthorized devices from the network and secure endpoints using GFI EndPointSecurity. This chapter helps you achieve positive legal compliance results, while ensuring that your network is protected using the most up-todate vulnerability detection methods and techniques. Topics in this chapter 3.1 Preventing data leaks and malware infections 34 3.2 Automating network protection 35 3.
3. Configure protection policy settings Configure the protection policy to block removable storage devices. This prevents end-users from using devices that allow them to transfer data from and to a computer. Refer to the following sections for information about: Configuring controlled device categories Configuring access permissions for device categories Configuring access permissions for specific devices Configuring priorities for permissions Viewing access permissions Configuring device blacklist. 4.
1. Automatically discover devices on the network GFI EndPointSecurity enables you to automatically add new computers that are connected to the network. This allows you to scan a specified domain or workgroup and add the computers that are found in it. Refer to the following sections for information about: Running a device scan Analyzing device scan results Adding discovered devices to the database. 2.
3.3 Monitoring network activity from a central location Agents generate activity logs that are stored in an SQL Server database. GFI EndPointSecurity keeps an audit trail of these logs and provides the information in a set of dashboard views. GFI EndPointSecurity's extensive dashboard views enable you to monitor network activity in real-time, allowing the administrator to take immediate action when a security risk is detected.
4 Adding Target Computers GFI EndPointSecurity enables you to specify the computers you intend to deploy agents and protection policies on. Topics in this chapter 4.1 Adding computers manually 38 4.2 Adding computers automatically 39 4.3 Configuring log on credentials 42 4.1 Adding computers manually To manually add a target computer: 1. Click Configuration tab > Computers. 2. From Common tasks, click Add computer(s)…. Screenshot 9: Adding computers manually 3.
Option Description Click From Domain…. Specify the required computer(s) from within the domain/workgroup where GFI EndPointSecurity resides. Click Import. Browse to the location of the text file that contains a list of computers to be imported. Note Specify ONLY one computer name/IP per line. 4. Click Finish. 4.2 Adding computers automatically GFI EndPointSecurity enables you to search for and add new computers when they are connected to your network at specified time intervals.
Screenshot 10: Auto Discovery options - Auto Discovery tab 3. Click Start discovery now to run auto discovery immediately. 4. Select/unselect Enable automatic discovery to detect computers newly connected to the network, to enable/disable Auto Discovery. 5. From the Schedule section select the start date and set frequency of the searches from Hourly, Daily, Weekly or Monthly.
Screenshot 11: Auto Discovery options - Discovery Area tab 6. Click Discovery Area tab and select the area to be covered by auto discovery. For The following domains/workgroups and Entire network except, click Add and key in the Domain/workgroup name.
Screenshot 12: Auto Discovery options - Actions tab 7. Click Actions tab and from the Use as default policy drop-down menu, select the policy you want to assign to newly discovered computers. 8. Select/unselect Install agents on discovered computers to enable/disable auto, agent deployment. Click Yes to confirm the enabling of Automatic Protection. 9. Select the logon mode that GFI EndPointSecurity uses to log on to the target computer(s) and deploy agents/protection policies.
1. Click Configuration tab > Computers. 2. Right-click on a computer from the list and click Set logon credentials.... Note If you want to set multiple computers to log on using the same credentials, highlight the required computers, right-click on one of them and click Set logon credentials.... Alternatively, click Set logon credentials... from Actions. Screenshot 13: Logon Credentials dialog options 3.
Note By default, GFI EndPointSecurity is configured to use the logon credentials of the currently logged-on user account, running GFI EndPointSecurity.
5 Managing Protection Policies This chapter describes how to deploy newly created protection policies and schedule them. Prior to deployment you can also modify the settings of your protection policy. Topics in this chapter 5.1 Creating a new protection policy 45 5.2 Assigning a Protection Policy 51 5.3 Verifying protection policy deployment 54 5.1 Creating a new protection policy GFI EndPointSecurity ships with a default protection policy so that the software is operational upon installation.
3. Key in a unique name for the new protection policy. 4. Select whether you want to create a blank policy or copy the settings from an existing policy. Click Next.In the settings area select the required settings inheritance option from: Screenshot 15: Creating a new policy - Controlled Categories and Ports settings 5. Click Controlled Device Categories.
Screenshot 16: Controlled Device Categories options 6. From the Controlled Device Categories dialog, select the required device categories you want to control by this new policy. Click OK to close the Controlled device categories dialog and return to the wizard. Important If Human Interface Devices is enabled and access is denied, users will not be able to use USB keyboards and mice connected to target computers protected by this policy. 7. Click Controlled Connectivity Ports.
Screenshot 17: Controlled connectivity ports options 8. From the Controlled connectivity ports dialog, select the required connectivity ports that you want to control by this new policy. Click OK to close the Controlled connectivity ports dialog and return to the wizard. 9. Click Next.
Screenshot 18: Creating a new policy - Global Permissions settings 10. From the Global Permissions dialog, select the required global access permissions from: Block any access to the controlled devices - to block access to all selected devices/ports. Allow everyone to access the controlled devices - to allow access to all selected devices/ports. If this option is selected, activity monitoring will still be carried out on target computers covered by the protection policy. 11. Click Next. 12.
Note In addition, GFI EndPointSecurity can also allow or block Active Directory (AD) users and/or user groups, from accessing specific file-types stored on devices that are encrypted with BitLocker To Go. These restrictions are applied when the encrypted devices are connected to the target computers covered by the protection policy. For more information, refer to Configuring security encryption (page 88). 15. Click OK to close the Encryption dialog and return to the wizard. 16. Click Next. 17.
Tab Description Content Awareness GFI EndPointSecurity enables you to specify the file content restrictions for a particular protection policy. The content awareness feature looks into files transiting the endpoints via removable devices and it \identifies content based on pre-configured and custom regular expressions and dictionary files.
4. From the left pane, click the Assign Protection Policyhyperlink in the Actions section. Screenshot 19: Assign Protection Policy Options 5. In the Assign Protection Policy dialog select the required protection policy from the drop down list, and click OK. 5.2.1 Deploy immediately To immediately deploy a protection policy on target computers: 1. Click Configuration tab > Computers sub-tab. 2. Highlight the required target computer(s).
Screenshot 20: Deploying a policy immediately - Deployment sub-tab 5.2.2 Scheduled policy deployment To schedule deployment of a protection policy: 1. Click Configuration tab > Computers. 2. Highlight the required target computer(s). If more than one deployment is required, you can highlight all the required target computers at once and then deploy the policies to the selected set of target computers. 3. From Actions, click Schedule deployment….
Screenshot 21: Schedule deployment options 4. From Schedule deployment dialog select the deployment date and time, and click OK. Note If the target computer is offline, the deployment of the relevant policy is rescheduled for an hour later. GFI EndPointSecuritykeeps trying to deploy that policy every hour, until the target computer is back online. 5.2.3 Deploying policies through Active Directory You can create a Windows installer package (.
Deployment history area Agents' status area 5.3.1 Deployment History Use the information displayed in the Deployment History area to determine whether deployment for each target computer completed successfully, or whether errors were encountered. To view the deployment history: 1. Click Status> Deployment. Screenshot 22: Deployment History area 2. From Deployment History, confirm the successful completion of the update onto the local computer.
Note If a target computer is offline, the deployment of the relevant policy is rescheduled for an hour later. GFI EndPointSecurity keeps trying to deploy that policy every hour, until the target computer is back online. For more information about the agents status area, refer to the Agents status view section in the Monitoring statuses chapter.
6 Customizing Protection Policies This chapter provides you with information related to modifying the settings of your pre-configured protection policies. This enables you to tweak settings by time, as you discover new security obstacles and possible vulnerabilities. Topics in this chapter 6.1 Configuring controlled device categories 57 6.2 Configuring controlled connectivity ports 58 6.3 Configuring power users 59 6.4 Configuring access permissions for device categories 60 6.
1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3. Click Security. 4. From Common tasks, click Edit controlled device categories…. Screenshot 24: Controlled Device Categories options 5. From the Controlled Device Categories dialog, select/unselect the required device categories that will be controlled by the protection policy, and click OK.
Note Unspecified ports will be fully accessible from the target computers covered by the protection policy. As a result, GFI EndPointSecurity cannot monitor and block devices connected to a port that is not controlled by the protection policy. To configure which ports will be controlled by a specific protection policy: 1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3. Click Security. 4.
covered by a protection policy. You can define sets of power users on a policy-by-policy basis. You should exercise caution when using this feature, since incorrectly specifying a user as a power user will lead to that user overriding all restrictions of the relevant protection policy. To specify power users of a protection policy: 1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3.
When a device category is not set to be controlled by the particular security policy, the relevant entry is disabled. For more information, refer to Configuring controlled device categories (page 57). To configure device category access permissions for users in a protection policy: 1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3. From Common tasks, click Add permission(s)….
Screenshot 28: Add permissions options - Device categories 5. Enable or disable the required device categories for which to configure permissions, and click Next.
6. Click Add… to specify the user(s)/group(s) that will have access to the device categories specified in this protection policy, and click OK. Screenshot 30: Add permissions options - Users 7. Enable or disable Access/Read and Write permissions for each user/group you specified and click Finish. To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.
Screenshot 31: Add permissions options - Control entities 5. In the Add permissions dialog select Connectivity ports and click Next. Screenshot 32: Add permissions options - Connectivity ports 6. Enable or disable the required connectivity ports for which to configure permissions, and click Next.
7. Click Add… to specify the user(s)/group(s) that will have access to the connectivity ports specified in this protection policy, and click OK. Screenshot 33: Add permissions options - Users 8. Enable or disable Access/Read permissions for each user/group you specified, and click Finish. To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.
1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3. Click Security sub-node. 4. From the left pane, click Add permission(s)…in the Common tasks section. Screenshot 34: Add permissions options - Control entities 5. In the Add permissions dialog select Specific devices and click Next.
Screenshot 35: Add permissions options - Specific devices 6. Enable or disable the required devices from the Devices list, for which to configure permissions, and click Next. If a required device is not listed, click Add New Device… to specify the details of the device for which to configure permissions, and click OK.
7. Click Add… to specify the user(s)/group(s) that will have access to the specific devices specified in this protection policy, and click OK. Screenshot 37: Add permissions options - Users 8. Enable or disable Access/Read and Write permissions for each user/group you specified and click Finish. To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.
Screenshot 38: Protection Policies sub-tab - devices view Screenshot 39: Protection Policies sub-tab - users view GFI EndPointSecurity 6 Customizing Protection Policies | 69
4. From the left pane, click Switch to devices view or Switch to users view in the Common tasks section, to switch grouping of permissions by devices/ports or users. Note In users view, you will also see any power users specified within the policy. 6.8 Configuring priorities for permissions GFI EndPointSecurity enables you to prioritize any permissions assigned to Active Directory (AD) users and/or user groups. You can do this on a policy-by-policy basis and on a user-by-user basis.
For an updated list of devices currently connected to the target computers, run a device scan and add the discovered devices to the devices database prior to configuring blacklisted devices. For more information, refer to Discovering Devices (page 100). Note Power users will override any blacklisted devices, and thus will be able to access blacklisted devices. To add devices to the blacklist of a specific protection policy: 1. Click Configuration tab > Protection Policies. 2.
Screenshot 42: Select Devices options 5. In the Select Devices dialog enable or disable the devices to add to the blacklist from the Devices list and click Next. Note If a required device is not listed, click Add New Device… to specify the details of the device you want to add to the blacklist, and click OK.
Screenshot 43: Select Devices options - Select device serials 6. Select the required serials related option from: All serials - to blacklist all serial numbers of a specific device. Click Finish and OK. Only selected serials - to specify particular device serial number(s) to be added to the blacklist. Next, highlight the device and click Edit… to specify the serial number(s). Click OK, Finish and OK.
Screenshot 44: Select Devices options - Edit Device serials To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.10 Configuring device whitelist GFI EndPointSecurity enables you to specify which device(s) can be accessed by everyone. The whitelist is granular, so you can even whitelist a specific device with a specific serial number. You can do this on a policy-by-policy basis.
Screenshot 45: White list options 4. In the Whitelist dialog, click Add… to select devices to add to the whitelist.
5. In the Select Devices dialog enable or disable the devices to add to the whitelist from the Devices list, and click Next. Note If a required device is not listed, click Add New Device… to specify the details of the device you want to add to the whitelist, and click OK. Screenshot 47: Select Devices options - Select device serials 6. Select the required serials related option from: All serials - to whitelist all serial numbers of a specific device. Click Finish and OK.
Screenshot 48: Select Devices options - Edit Device serials To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.11 Configuring temporary access privileges GFI EndPointSecurity enables you to grant temporary access to users. This enables them to access devices and connection ports on protected target computers for a specified duration/time window.
Screenshot 49: Devices Temporary Access icon 1. From the Control Panel click Devices Temporary Access. Screenshot 50: GFI EndPointSecurityTemporary Access tool 2. In the GFI EndPointSecurity Temporary Access dialog take note of the Request code generated. Communicate the following details to your security administrator: Request code Device/connection port type When you require access For how long you require access. Keep the GFI EndPointSecurity Temporary Access tool open. 3.
6.11.2 Granting temporary access to a protected computer To grant temporary access: 1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies sub-tab. 2. From the left pane, select the protection policy that includes the computer on which temporary access needs to be granted. 3. From the right pane, click Grant temporary access in the Temporary Access section. Screenshot 51: Grant temporary access options - Request code 4.
Screenshot 52: Grant temporary access options - Device categories and connection ports 5. Enable the required device categories and/or connection ports from the list, to which you will be granting temporary access, and click Next. Screenshot 53: Grant temporary access options - Time restrictions 6. Specify the duration during which access is allowed, and the validity period of the unlock code, and click Next.
7. Take note of the Unlock code generated. Communicate the code to the user requesting temporary access and click Finish. 6.12 Configuring file-type filters GFI EndPointSecurity enables you to specify file-type restrictions on files, such as .DOC or .XLS files, being copied to/from allowed devices. You can apply these restrictions to Active Directory (AD) users and/or user groups. You can do this on a policy-by-policy basis. Filtering is based on file extension checks and real file type signature checks.
Screenshot 54: File-type Filter options 4. In the File-type Filter dialog select the restriction to apply to this policy: Allow all files but block the usage of the following file types Block all files but allow the usage of the following file types.
Screenshot 55: File-type Filter and user options 5. Click Add… and select or key in the file-type from the File type drop-down list. 6. Click Add… to specify the user(s)/group(s) who are allowed/blocked from accessing the specified file-type, and click OK. Repeat the preceding two sub-steps for each file type to restrict. 7. Click OK twice. To deploy protection policy updates on target computers specified in the policy: 1.
1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies. 2. From the left pane, select the protection policy for which to specify content restrictions. 3. From the right pane, click Content awareness in the File control section. Screenshot 56: Content awareness options 4.
Screenshot 57: Add a new template 5. Click Add… and select or key in the template from the Template drop-down list. 6. Click Add… to specify the user(s)/group(s) and click OK. Repeat the preceding two sub-steps for each template that will be applied. 7. Click OK. Screenshot 58: Selecting users or groups 6.13.2 Managing template options To add, edit or remove predefined templates: 1. Click Templates and select a template from the Template list. 2. Click Add, Edit or Remove to change or delete templates.
Screenshot 59: Managing templates 6.14 Configuring file options GFI EndPointSecurity enables you to specify the options required to block or allow files based on size. GFI EndPointSecurity also enables you to ignore large files when checking file type and content and archived files. 1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies. 2. From the left pane, select the protection policy for which you want to specify file options restrictions. 3.
Screenshot 60: File options 4.
.. Screenshot 61: File-type Filter and user options 5. From the Archive Options tab, enable / disable Search inside archives and specify the archive nesting level to use when checking archive files. 6. Click OK. 6.15 Configuring security encryption GFI EndPointSecurity enables you to configure settings which specifically cater for encrypted devices. It also enables you to encrypt devices which are not yet secured. Configuring Microsoft BitLocker To Go devices Configuring Volume Encryption 6.15.
Screenshot 62: Encryption options - General tab 4. Select Enable detection of encrypted devices and click Configure.
5. Click Add… to specify the users and groups with access to encrypted devices. Screenshot 64: Encryption options - File-type Filter tab 6. Select the File-type Filter tab to configure the file-types to restrict. 7. Select the restriction to apply to this policy: Use the same File-type filters used for non-encrypted devices Allow all files but block the usage of the following file types Block all files but allow the usage of the following file types. 8.
1. From GFI EndPointSecurity management console, click Configuration tab > Protection Policies. 2. From the left pane, select the protection policy for which to apply encryption policy. 3. From the right pane, click Encryption in the Security section. Screenshot 65: Encryption options - General tab 4. Select Enable volume encryption. Click Configure. Click Reset user password to reset the encryption password for a specific user.
Screenshot 66: Encryption options -Security tab 5. From the Security tab, configure the features described below: Table 14: Volume encryption - Security options Option Description Recovery Password Key in a password used if users forget or lose their passwords. Enable user password security Enforce restrictions to passwords specified by end users. In Minimum password length, specify the minimum acceptable password length.
Screenshot 67: Encryption options - Users tab 6. Select Users tab and configure the following options: Table 15: Volume encryption - User options Option Description Enforce all users in the following list Select the users that will have volume encryption enforced on their portable devices. Use the Add and Remove buttons to manage selected users. Enforce all users except those in the following list Select the users that will be exempt from volume encryption.
Screenshot 68: Encryption options - Traveler tab Note Traveler is an application that can be automatically installed on storage devices using GFI EndPointSecurity. This application enables you to un-encrypt data encrypted by GFI EndPointSecurity on storage devices, from computers that are not running a GFI EndPointSecurity Agent. 7.
1. Click Configuration tab > Protection Policies. 2. From Protection Policies > Security, select the protection policy to configure. 3. From the right pane, click Set Logging Options in the Logging and Alerting section. Screenshot 69: Logging Options - General tab 4. In the Logging Options dialog, click General tab. 5.
Screenshot 70: Logging Options - Filter tab 6. Select Filter tab, and select any of the following event types to log by this protection policy. Click OK. To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.17 Configuring alerts GFI EndPointSecurity can be configured to send alerts to specified recipients when particular events are generated.
Screenshot 71: Alerting Options - General tab 4. In the Alerting Options dialog, click General tab and select any of the following alert types to send: Email alerts Network messages SMS messages.
Screenshot 72: Alerting Options - Configuring users and groups 5. For each alert type enabled, highlight the alert type and click Configure to specify alerts recipients. Click OK.
Screenshot 73: Alerting Options - Filter tab 6. Select Filter tab, select any of the following event types for which alerts are sent by this protection policy. Click OK. To deploy protection policy updates on target computers specified in the policy: 1. Click Configuration tab > Computers. 2. From Common tasks, click Deploy to all computers…. 6.
7 Discovering Devices GFI EndPointSecurity enables you to transparently and rapidly query organizational network endpoints, locating and reporting all devices that are or have been connected to the scanned target computers. The application granularly identifies endpoint devices connected to the target computers, both currently and historically, and displays the detailed information on screen once the scan is complete. Use the Scanning tab to scan target computers and discover connected devices.
1. Click Scanning tab. 2. From Common tasks, click Options. 3. From the Options dialog, select Logon Credentials tab. Screenshot 74: Running a device scan - Logon credentials tab 4. From the Logon Credentials tab of the Options dialog, select/unselect Logon using credentials below to enable/disable use of alternate credentials. Note If you do not specify any logon credentials, GFI EndPointSecurity attempts to logon the target computer using the currently logged-on user.
Screenshot 75: Running a device scan - Scan device categories tab 5. Click Scan Device Categories tab and select the device categories you want to include in the scan.
Screenshot 76: Running a device scan - Scan ports tab 6. Click Scan Ports tab and select the connection ports you want to include in the scan. 7. Click Apply and OK. 8. To specify scan target computers: In the right pane, key in the computer name or IP address of the target computer(s) in the Scan target text box. Click New Scan to start scanning the specified computer. 7.2 Analyzing device scan results Device Scan results are displayed in two sections: Computers Devices list.
7.2.1 Computers Screenshot 77: Computers area This section displays device scan summary results for every scanned target computer, including: The computer name / IP address The user currently logged on Protection status, i.e., whether the computer is included in a GFI EndPointSecurity protection policy Total number of devices currently and historically connected Number of devices currently connected.
lists the devices currently connected to the target computers for the blacklist and whitelist. For information, refer to Configuring device blacklist or Configuring device whitelist. Screenshot 79: Devices list area - Add device to devices database To add devices to the devices database: 1. Select one or more devices to add to the devices database from the Devices list section. 2. Right-click on the selected devices and select Add to devices database. 3. Click OK.
8 Monitoring Device Usage Activity This chapter provides you with information about monitoring the activity of your network devices. GFI EndPointSecurity enables you to keep an audit trail of all events generated by GFI EndPointSecurity Agents deployed on network computers. To maintain an audit trail, you must enable logging. For more information, refer to Configuring event logging (page 94). Topics in this chapter 8.1 Statistics 106 8.2 Activity 108 8.
Protection Status Device Usage by Device Type Device Usage by Connectivity Port 8.1.1 Protection Status Screenshot 81: Protection Status area This section graphically represents daily device usage on computers, differentiating between devices that have been blocked and devices that have been allowed by the agents. The information provided can be filtered for a specific computer or for all network computers. 8.1.
8.1.3 Device Usage by Connectivity Port Screenshot 83: Device Usage by Connectivity Port area This section enumerates device connection attempts by connectivity port, that were either allowed or blocked. The information provided can be filtered for a specific computer or for all network computers. 8.2 Activity Use the Activity tab to monitor device usage across the network and logged events for a specific computer or for all network computers.
Screenshot 84: Activity Log sub-tab To access the Activity Log sub-tab, from GFI EndPointSecurity management console click Activity tab > Activity Log. To view more details about a particular event, click on the event. Additional information is displayed in the events description pane at the bottom of the sub-tab. To customize the Activity Log sub-tab to suit your company’s needs, right-click the header and select the columns that should be added to or removed from the view.
Screenshot 85: Activity Log sub-tab - Advanced filtering To access advanced filtering options of Activity Log, click Advanced filtering in the Activity Log subtab. 8.2.3 Logs Browser The Logs Browser sub-tab allows you to access and browse events currently stored in the database backend. GFI EndPointSecurity also includes a query builder to simplify searching for specific events.
Screenshot 86: Logs Browser sub-tab To access the Logs Browser sub-tab, from GFI EndPointSecurity management console click Activity tab > Logs Browser. To view more details about a particular event, click on the event. Additional information is displayed in the events description pane at the bottom of the sub-tab. 8.2.4 Creating event queries To create custom event queries: 1. From GFI EndPointSecurity management console, click Activity tab. 2. Click Logs Browser sub-tab. 3.
Screenshot 87: Query Builder options 4. In the Query Builder dialog, specify a name and a description for the new query. 5. Click Add…, configure the required query condition(s) and click OK. Repeat until all required query conditions have been specified. 6. Click OK to finalize your settings. The custom query is added as a sub-node within Agent logs database node. Note You can also filter the results of existing event queries by creating more specific subqueries.
9 Status Monitoring This chapter provides with information related to monitoring the status of GFI EndPointSecurity as well as the status of GFI EndPointSecurity Agents. The status views provide you with graphs and statistical information related to device usage. Topics in this chapter 9.1 Risk Assessment view 113 9.2 Statistics view 115 9.3 Status view 117 9.4 Deployment status view 119 9.
Screenshot 88: Risk Assessment sub-tab To access the Risk Assessment sub-tab, from GFI EndPointSecurity management console click Status tab > Risk Assessment. Feature Description This section shows: The gauge showing risk assessment results of the network computers. The option to re-scan the network to obtain the latest risk assessment results. The Time of the last risk assessment.
Feature Description This section lists the cumulative values of the number of: Scanned endpoints Successful scans Protected endpoints Unprotected endpoints Devices discovered This section also represents: The network where agents are installed The time and date of the last risk assessment.
Screenshot 89: Statistics sub-tab To access the Statistics sub-tab, from GFI EndPointSecurity management console click Status tab > Statistics. The Statistics section contains information about: Protection Status Device Usage by Device Type Device Usage by Connectivity Port 9.2.
This section graphically represents daily device usage on computers, differentiating between devices that have been blocked and devices that have been allowed by the agents. The information provided can be filtered for a specific computer or for all network computers. 9.2.2 Device Usage by Device Type Screenshot 91: Device Usage by Device Type area This section enumerates device connection attempts by device type, that were either allowed or blocked.
Screenshot 93: Status sub-tab Feature Description This section lists: The operational status of GFI EndPointSecurity management console service. The user account under which the GFI EndPointSecurity service is running. The time when the service was last started. This section lists: The operational status of the database server currently used by GFI EndPointSecurity . The name or IP address of the database server currently used by GFI EndPointSecurity.
Feature Description This section graphically represents all agents deployed on network computers, differentiating between those currently online and offline. This selection lists: Target computer name and applicable protection policy. The status of the GFI EndPointSecurity Agent, whether currently deployed and up-to-date, or awaiting deployment. The status of the target computer, whether currently online, or offline. To deploy pending agents: 1. Select one or more computers from Agents’ Status. 2.
9.4.1 About Deployment status view Screenshot 94: Deployment sub-tab Use the Deployment sub-tab to view: Current deployment activity Queued deployments Scheduled deployments Deployment history. To access the Deployment sub-tab, from GFI EndPointSecurity management console, click Status tab > Deployment.
9.4.2 Current Deployments Screenshot 95: Current Deployments area This section displays a list of deployments currently taking place. The information provided includes the computer name, deployment progress and deployment type. The deployment is an installation, un-installation or update. 9.4.3 Queued Deployments Screenshot 96: Queued Deployments area This section displays a list of pending deployments. The information provided includes the computer name and deployment type. 9.4.
9.4.5 Deployment History Screenshot 98: Deployment History area This section displays an audit trail for all stages of all agent or protection policy deployments carried out by GFI EndPointSecurity. The information provided includes the timestamp of each log entry, the computer name, deployment type and errors and information messages generated during the deployment process. For more information, refer to Troubleshooting and Support (page 147).
10 Reporting The GFI EndPointSecurity GFI ReportPack is a fully-fledged reporting add-on to GFI EndPointSecurity. This reporting package can be scheduled to automatically generate graphical IT-level and management reports based on data collected by GFI EndPointSecurity, giving you the ability to report on devices connected to the network, device usage trends by machine or by user, files copied to and from devices (including actual names of files copied) and much more. Topics in this chapter 10.
Screenshot 99: Digest Report options - General tab 3. From the General tab of the Digest Report dialog, select/unselect the preferred alerting method. 4. For each alert type selected, click Configure to specify the user(s)/group(s) to whom the alert is sent.
Screenshot 100: Digest Report options - Details tab 5. Click Details tab to select/unselect report content items to include in the digest report. 6. Select the sending frequency of the report, from Daily, Weekly or Monthly. 7. Click Apply and OK.
11 Managing the Database Backend This chapter provides you information related to managing and maintaining the database where data gathered by GFI EndPointSecurity is stored. After installing GFI EndPointSecurity you can choose to: Download and install an instance of Microsoft SQL Server Express Edition and to automatically create a database for GFI EndPointSecurity. This can be done through the Quick Start wizard.
Screenshot 101: Maintenance options 4. From the Maintenance dialog, configure how often events are deleted from the database backend. Select from the options described below: Table 17: Database maintenance options Option Description Never delete events Keep all events in your database backend, without deleting old ones. Note Ensure that manual deletion of old records is done to prevent GFI EndPointSecurity performance loss.
11.2 Using an existing SQL Server instance To connect to an existing SQL Server instance: 1. Click Configuration tab > Options sub-tab. 2. From Configure, select Database Backend. 3. From the right pane, click Change database backend. Screenshot 102: Change Database Backend 4. From the Server drop-down menu, select the SQL Server you want to use. 5. Specify the name of the database in the Database text box. 6. Select the authentication mode and specify the logon credentials, if necessary. 7.
12 Alerting Options This chapter provides you with information about configuring the GFI EndPointSecurity alerting options and alerts recipients. Alerting is a crucial part of GFI EndPointSecurity's operation which help you take remedial actions as soon as a threat is detected. Topics in this chapter 12.1 Configuring alerting options 129 12.2 Configuring the alerts administrator account 131 12.3 Configuring alerts recipients 135 12.4 Configuring groups of alert recipients 135 12.
3. From Email tab , click Add..., to specify your mail server settings. Click OK to close the Mailserver properties dialog. 4. To edit the email message, click Format Email Message…, modify the Subject and Message fields as required, and click Save. Screenshot 104: Alerting Options - Network tab 5. Click Network tab > Format network message…, to edit the network message. Click Save.
Screenshot 105: Alerting Options - SMS tab 6. Click SMS tab and from the Select SMS drop-down menu, select the SMS gateway you want to use. Supported SMS systems include: In-built GSM SMS Server GFI FaxMaker SMS gateway Clickatell Email to SMS service gateway Generic SMS provides gateway. 7. From the Set properties for the selected SMS system area, highlight the property you want to configure and click Edit. Repeat this step for each SMS system property you want to modify. 8.
1. Click Configuration tab > Options sub-tab. 2. From Configure, click Alerting Options > Users sub-node. 3. From the right pane, right-click EndPointSecurityAdministrator and select Properties. Screenshot 106: EndPointSecurityAdministrator Properties options - General tab 4.
Screenshot 107: EndPointSecurityAdministrator Properties options - Working Hours tab 5. Click Working Hours tab and mark the typical working hours of the user. Marked time intervals are considered as working hours.
Screenshot 108: EndPointSecurityAdministrator Properties options - Alerts tab 6. Click Alerts tab and select the alerts to be sent and at what time alerts are sent.
7. Click Member Of tab and click Add to add the user to notification group(s). 8. Click Apply and OK. 12.3 Configuring alerts recipients GFI EndPointSecurity enables you to configure other profile accounts (apart from the default GFI EndPointSecurityAdministrator account) to hold the contact details of users intended to receive email alerts, network messages and SMS messages.
Deleting groups of alert recipients 12.4.1 Creating groups of alert recipients To create a new group of alert recipients: 1. Click Configuration tab > Options sub-tab. 2. Click Alerting Options > Groups sub-node. 3. From the left pane, click Create group…. Screenshot 110: Creating New Group options 4. From the Creating New Group dialog key in the group name and an optional description. 5. Click Add to select the user(s) that belong to this notification group, and click OK. 12.4.
1. Click Configuration tab > Options sub-tab. 2. Click Alerting Options > Groups sub-node. 3. From the right pane, right-click the group you want to delete and select Delete. 4. Click Yes to confirm deletion of the group.
13 Configuring GFI EndPointSecurity GFI EndPointSecurity enables you to configure the computers you intend to install updates and display user messages on. Topics in this chapter 13.1 Configuring advanced options 138 13.2 Configuring user messages 140 13.3 Configuring GFI EndPointSecurity updates 141 13.1 Configuring advanced options GFI EndPointSecurity allows you to configure the following Agent advanced options: Main communication TCP/IP port Deployment options Agents control password.
3. From the Communication tab, key in the required TCP/IP port number to be used for communication between GFI EndPointSecurity and GFI EndPointSecurity Agents. By default, port 1116 is specified. Screenshot 112: Advanced Options - Deployment tab 4. Click Deployment tab and key in the required Number of deployment threads and Deployment timeout (seconds) values.
Screenshot 113: Advanced Options - Agent Security tab 5. Click Agent Security tab and select/unselect Enable agent control. Use this option to assign particular logon credentials to all GFI EndPointSecurity Agents deployed on your network. 6. Click Apply and OK. 13.2 Configuring user messages GFI EndPointSecurity enables you to customize the messages that is displayed by GFI EndPointSecurity Agents on target computers, when devices are accessed. To customize user messages: 1.
Screenshot 114: Custom Messages dialog options 3. Select/unselect the message types you want to customize. 4. For each message type selected, click Edit message…, modify the text as required, and click Save. Repeat this step for each message you want to modify. 5. Click Apply and OK.. 13.3 Configuring GFI EndPointSecurity updates GFI EndPointSecurity can be configured to download and install updates automatically on a schedule or on startup. To configure updates: 1. Click General tab. 2.
Screenshot 115: General tab - Updates 3. From the right pane, configure the options described below: Table 18: Update options Option Description Check for updates automatically Connect to the GFI update servers and download product updates automatically. Select When the application starts up, or specify a day and time when to check and download updates. Install updates automatically If an update is found, GFI EndPointSecurity will download and install the update automatically.
14 Miscellaneous The miscellaneous chapter gathers all the other information that falls outside the initial configuration of GFI EndPointSecurity. Topics in this chapter 14.1 Product licensing 143 14.2 Uninstalling GFI EndPointSecurity 143 14.3 Product version information 146 14.1 Product licensing After installing GFI EndPointSecurity you can enter your license key without re-installing or reconfiguring the application. To enter your license key: 1. Click General tab. 2.
Screenshot 117: Computers sub-tab - delete computer(s) 3. From the right pane, right-click target computer that you would like to uninstall and select: Deleting Computer(s) Deleting computer(s) with uninstallation GFI EndPointSecurity will deploy protection policy updates and uninstalls Agent. Deleting computer(s) without uninstallation GFI EndPointSecurity will deploy protection policy updates and removes the relevant computer entry from the Computers list.
Screenshot 118: Deployment sub-tab 6. From the Deployment History area, confirm the successful completion of the un-installation from the target computer. 14.2.2 Uninstalling GFI EndPointSecurityapplication To uninstall the GFI EndPointSecurity application: Note Run the uninstaller as a user with administrative privileges on the computer. 1. From the Microsoft Windows Control Panel, select Add/Remove Programs or Programs and Features option. 2. Select GFI EndPointSecurity. 3.
Screenshot 119: Uninstallation information message Note If any agents are still installed, an information dialog is displayed asking you whether you would like to continue (the agents will remain installed and orphans) or stop the uninstallation process. For more information about uninstalling agents, refer to the Uninstalling GFI EndPointSecurity agents section in this chapter. 5. Select Uninstall without deleting configuration files or Complete uninstall option and click Next to continue. 6.
15 Troubleshooting and Support This chapter explains how to resolve any issues encountered during installation of GFI EndPointSecurity. The main sources of information available to solve these issues are: This section and the rest of GFI EndPointSecurity Administrator Guide contains solutions for all possible problems you may encounter. If you are not able to resolve any issue, please contact GFI Support for further assistance.
Issue Possible Cause Possible Solution Installation failed. Installation of the GFI EndPointSecurity agent is complete, but is not marked as installed within the registry.The version and build numbers of the GFI EndPointSecurity agent are not the same as those of the GFI EndPointSecurity management console. For more details about the cause of the error and a possible solution, refer to the agent installation log files on the target computer at: %windir%\EndPointSecurity. Uninstallation failed.
Web Forum User to user technical support is available via the GFI web forum. Access the web forum by visiting: http://forums.gfi.com/. Request technical support If none of the resources listed above enable you to solve your issues, contact the GFI Technical Support team by filling in an online support request form or by phone. Online: Fill out the support request form and follow the instructions on this page closely to submit your support request on: http://support.gfi.com/supportrequestform.
16 Glossary A Access permissions A set of permissions (access, read and write) that are assigned to users and groups per device category, connectivity port or a specific device. Active Directory A technology that provides a variety of network services, including LDAP-like directory services. Alert recipient A GFI EndPointSecurity profile account to hold the contact details of users intended to receive e-mail alerts, network messages and SMS messages.
D Database backend A database used by GFI EndPointSecurity to keep an audit trail of all events generated by GFI EndPointSecurity agents deployed on target computers. Deployment error messages Errors that can be encountered upon deployment of GFI EndPointSecurity agents from the GFI EndPointSecurity management console. Device blacklist A list of specific devices whose usage is blocked when accessed from all the target computers covered by the protection policy.
GFI EndPointSecurity application A server-side security application that aids in maintaining data integrity by preventing unauthorized access and transfer of content to and from devices and connection ports. GFI EndPointSecurity management console The user interface of the GFI EndPointSecurity server-side application. GFI EndPointSecurity Temporary Access tool A tool which is available on the target computers.
Protection policy A set of device access and connectivity port permissions that can be configured to suit your company’s device access security policies. Q Quick Start wizard A wizard to guide you in the configuration of GFI EndPointSecurity with custom settings. It is launched upon the initial launch of GFI EndPointSecurity management console and is intended for first time use.
17 Index A access permissions 30, 33, 35, 49, 60, 63, 65, 68 G GFI EndPointSecurity Active Directory 12, 14, 34, 36, 50, 54, 59-60, 63, 65, 68, 70, 81, 96, 123, 131, 135 agent application alert recipients 35, 96, 135 management console alerts 14, 16, 35, 51, 96, 118, 123, 129, 131, 135, 142 Temporary Access tool alerts administrator account 35, 131, 135 version 11-14, 16-19, 21-23, 25, 27, 29-30, 33-35, 3739, 42, 45, 51, 54-55, 5760, 63, 65, 68, 70, 74, 77, 81, 83, 86, 88, 94, 96, 99-100, 104, 106
Troubleshooter wizard 148 Troubleshooting 147 U user messages 35, 138, 140 V versions 11 W Web Forum 149 wizard Create Protection Policy wizard Quick Start wizard Troubleshooter wizard 25, 47, 148 GFI EndPointSecurity Index | 155
USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104 Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines-upon-Thames, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.com EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.
