02/4%#4)/. !4 4(% 30%%$ /& "53).
Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT Copyright © 2007 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NcAfee, Inc., or its suppliers or affiliate companies.
Contents 1 Introduction 7 What is Enforced Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Select the right version of Enforced Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Protect against many kinds of threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Ensure continuous, automatic protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enforced Client Product Guide Contents Using VSSETUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Completing the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Test virus protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Scan the client computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enforced Client Product Guide Contents Send email to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Update user email addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Update your account’s email address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Add your logo to reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enforced Client Product Guide Contents Viewing reports for firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 View unrecognized Internet applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 View inbound events blocked by the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Managing suspicious activity with best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Introduction SonicWALL Enforced Client Anti-Virus and Anti-Spyware, referred to in this guide as Enforced Client, safeguards your computers automatically, and its advanced features let you customize your business’s security strategy. This section provides an overview of the product, its features, and how to use product resources for additional assistance.
Enforced Client Product Guide Introduction What is Enforced Client? What is Enforced Client? Enforced Client delivers comprehensive security as a service for all the computers on your account. These services automatically check for threats, intercept them, take the appropriate action to keep your data and your network safe, and track detections and security status for reports. Figure 1-1 Enforced Client overview 1 2 3 4 The Enforced Client client software runs on each computer where it is installed.
Enforced Client Product Guide Introduction What is Enforced Client? Select the right version of Enforced Client Select the version that best supports your needs. Enforced Client Anti-Virus and Anti-Spyware Basic Advanced Virus and spyware protection for desktop computers and servers. Virus and spyware protection for desktop computers and servers. Firewall protection for desktop computers and servers. Firewall protection for desktop computers and servers.
Enforced Client Product Guide Introduction What is Enforced Client? The email server security application is available with Enforced Client Advanced. Detailed documentation on this application is available on the CD or in the downloadable installer accessible from the SonicWALL download center.
Enforced Client Product Guide Introduction What is new in this release? What is new in this release? New features New feature Description Browser protection service Protects client computers against web-based threats while searching and browsing. Users can display a color-coded safety rating and detailed report for each website. See Chapter 6, Using the Browser Protection Service.
Enforced Client Product Guide Introduction How does the software work? How does the software work? Enforced Client implements a three-prong approach to security by: 1 Silently monitoring all file input and output, downloads, program executions, inbound and outbound communications, and other system-related activities on client computers. Detected viruses are deleted or quarantined automatically.
Enforced Client Product Guide Introduction How does the software work? Updates can occur in three ways, enabling you to use network resources efficiently. Figure 1-2 Methods for updating client computers In a simple scenario, each client computer on your account has a direct connection to the Internet and checks for new updates. Rumor technology enables all computers in a workgroup to share downloaded files, which controls Internet traffic and minimizes expensive downloads.
Enforced Client Product Guide Introduction How does the software work? The detection definition (DAT) files on the Internet site are regularly updated to add protection against new threats. When the client software connects to the update site on the Internet, it retrieves: Regular DAT files, which contain the latest definitions for viruses, potentially unwanted programs, and cookies and registry keys that might indicate spyware.
Enforced Client Product Guide Introduction How does the software work? If so, the client computer retrieves the update from a peer. (Digital signatures are checked to verify that the computer is valid.) If not, the client computer retrieves the update directly from the update site. 4 On the client computer, the catalog file is extracted and new components are installed.
Enforced Client Product Guide Introduction Managing with the online SecurityCenter Managing with the online SecurityCenter To manage your account via the SecurityCenter, use the URL you received in an email message from your service provider. From the SecurityCenter, you can view the status of your protection services, access reports on client activity such as detections and suspicious activity, update your account data, and configure security settings.
Enforced Client Product Guide Introduction Managing with the online SecurityCenter The SecurityCenter’s main page shows a status summary for all the protection services you have purchased (except email server protection): Security Status — Indicates whether any action is required to address security issues, and links you to instructions for resolving them.
Enforced Client Product Guide Introduction Managing with the online SecurityCenter User groups Each computer running the client software belongs to a group. A group consists of one or more computers using the same security settings (called policies). By default, computers are placed in the Default group. Groups help you manage different types of computers effectively. You can base groups on geographic location, department, computer type, user tasks, or anything meaningful to your organization.
Enforced Client Product Guide Introduction Managing with the online SecurityCenter Customized policies After installation, Enforced Client protects client computers from threats immediately using default security settings. However, you might want to change the way some features are implemented for some or all of your computers. For example, you might want the service to check for updates every four hours or set up a list of programs you consider safe.
Enforced Client Product Guide Introduction Using this guide Create a Sales Team group and a Sales policy. 1 Assign the Sales policy to the Sales Team group. 2 Client software running on computers in the Sales Team group performs the tasks defined in the Sales policy: 3 Check for updates to software components and DAT files every 4 hours. Check for outbreak DAT file every hour. Scan for viruses and potentially unwanted programs daily.
Enforced Client Product Guide Introduction Using this guide Conventions This guide uses the following conventions: Bold Condensed All words from the user interface, including options, menus, buttons, and dialog box names. Example: Type the User name and Password of the desired account. The path of a folder or program; text that represents something the user types exactly (for example, a command at the system prompt). Courier Example: The default location for the program is: C:\Program Files\McAfee\EPO\
Enforced Client Product Guide Introduction Getting product information Getting product information Several types of information are available to meet the specific needs of client computer users and administrators. Users — Client computer users can access online help from links in the client software. Online User Help Access online instructions for performing security tasks in two ways: Click help on any window displayed by the client software. Click in the system tray and select Help.
Enforced Client Product Guide Introduction Getting product information Enforced Client Advanced — With Enforced Client Advanced, additional documents are available. Email security service See Chapter 7, Using the Email Security Service for instructions on setting up and using basic features of the email security service. Links are available from the SecurityCenter website to the email security service’s web portal, where you can configure the service, access its administration guide, and view reports.
Enforced Client Product Guide Introduction Getting product information 24 1
2 Installing Enforced Client This section describes what happens after you purchase the hosted services in Enforced Client and Enforced Client Advanced, provides system requirements, and explains how to install the virus and spyware protection service, firewall protection service, and browser protection service. Note If you purchased Enforced Client Advanced, refer to emails and materials from SonicWALL for instructions on installing the email security service or email server security application.
Enforced Client Product Guide Installing Enforced Client After you place your order After you place your order When you place an order for Enforced Client, you supply an email address, and your account is associated with that email address. After you submit your order: 1 SonicWALL processes your order. 2 You receive three emails: This email... Contains... Welcome The download URL and instructions for installing the protection services, accessing documentation, and contacting customer support.
Enforced Client Product Guide Installing Enforced Client System requirements System requirements Enforced Client is designed for Microsoft Windows operating systems running on a PC platform. It installs and runs on computers equipped with: An Intel Pentium processor or compatible architecture. Microsoft Internet Explorer 5.5 SP2 or later.
Enforced Client Product Guide Installing Enforced Client System requirements Operating system support ending Support for these Windows operating systems is ending with Enforced Client version 4.5. Windows 95 Windows 98 Windows ME Windows NT 4.x For more information about support for these operating systems, visit http://www.mcafee.com/us/enterprise/support/customer_service/end_life.html, then look for Enforced Client under Managed Services Matrix.
Enforced Client Product Guide Installing Enforced Client System requirements RAM Minimum virus and spyware protection Minimum firewall protection* Recommended Windows 2000 64 MB 256 MB 256 MB Windows XP 128 MB 256 MB 256 MB Windows 2003 256 MB 512 MB 512 MB Windows Vista 512 MB 512 MB 1 GB Servers 256 MB 512 MB 512 MB * Use the value listed for the firewall protection service whether installing that service alone or with other protection services.
Enforced Client Product Guide Installing Enforced Client System requirements Terminal servers Enforced Client supports terminal servers and the Windows fast user switching feature in most scenarios, with these limitations: Enforced Client must be installed on the server by someone with local administrator privileges.
Enforced Client Product Guide Installing Enforced Client Before you install Before you install Complete these procedures on each computer to prepare for installing the client software: Uninstall existing virus protection software Uninstall existing firewall software Configure your browser Install the standalone installation agent — Required if users will install protection services on client computers where they do not have administrator rights.
Enforced Client Product Guide Installing Enforced Client Before you install SonicWALL products automatically detected SonicWALL Enterprise Anti-Spyware Enterprise (all editions) SonicWALL Retail Internet Security Suite ePO agent SonicWALL SecurityCenter Managed VirusScan (previous editions) Enforced Client for Home Users Enforced Client Enterprise VirusScan Retail 8.0 VirusScan Enterprise 8.5i / 8.0i / 7.1 / 7.0 VirusScan Professional Edition 7.0 / 6.0 VirusScan 4.
Enforced Client Product Guide Installing Enforced Client Before you install Uninstall existing firewall software Before installing the firewall protection service, we recommend that you uninstall any other firewall programs on your computer. Follow your firewall program’s instructions for uninstalling or use the Windows Control Panel. To uninstall existing firewall software: 1 In the Windows Control Panel, open Add/Remove Programs.
Enforced Client Product Guide Installing Enforced Client Before you install Install the standalone installation agent To allow users without administrator rights to install Enforced Client on client computers using the URL method, you must first load a standalone installation agent on their client computers. You can use a deployment tool to install it from your administrative computer, or you can download it directly onto the client computers.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Installing Enforced Client Install the client software in any of the following ways: Standard URL installation Use the URL you received in your welcome email message to install the software on your computer and access the SecurityCenter website. Then install the software on other computers using a standard or customized URL, or send the URL to users with instructions on how to install.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Sending an installation URL to users As the administrator, you can obtain the company-specific installation URL in two ways: After signing up for Enforced Client, you receive an email message containing the URL that has been set up for your company. This installation URL installs all the services you have subscribed to into your account’s default group in your account’s default language.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Figure 2-1 Internet URL installation 2 Select the services to install if you are prompted to do so, type your email address in the Email or identifier field, and click Continue. What is the email address used for? The information entered here identifies the computer where the installation is taking place. The SecurityCenter uses it to identify that computer in reports.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Advanced installation methods Administrators can use the advanced installation methods to install the Enforced Client client software without user interaction. Figure 2-2 Advanced installation methods Two advanced installation methods are available: Silent installation and Push installation. Select the one that works best for your network. Advanced installation method The administrator...
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Silent installation is an executable file for installing Enforced Client on a client computer with no user interaction. This installation method is not network-specific and installs the software on any Windows operating system. VSSETUP Figure 2-3 How silent installation works To use silent installation: Download VSSETUP from the SecurityCenter. 1 2 Deploy to each computer where you want to install the client software.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client You must know your company key (the series of characters in the installation URL after the characters CK=). Installation To install Enforced Client silently: 1 From your web browser, log on to your SecurityCenter. 2 On the Computers page, click Add Computer. 3 Select the group to place the user’s computer in, the services to install, and a language for the software, then click Next.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client VSSETUP parameters For a silent installation, use this command line and any of the following parameters (which are not case-sensitive): VSSETUP.EXE /CK= / /CK=XYZ Required. Launches Setup using the company key. /Email=x@y.com Identifies the user’s email address in administrative reports. Note: Despite its name, the email variable does not need to be an email address.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Push installation Push means deploying remotely to one or more computers in a network. This method uses the Push Install utility to deploy the client software directly from your service provider’s website to client computers on your network. Push installation does not require third-party deployment software or interaction with users.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client To perform a push installation: 1 2 3 Download the Push Install utility from the SecurityCenter. Initiate a push to one or more client computers. Optional. Initiate a push to one or more relay servers. Requirements Installation Note Online help for the Push Install utility is available by clicking the help link in any dialog box during installation.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client Installation Back up any vital data on your critical servers before pushing software to them. Caution To install Enforced Client using the Push Install utility: 1 On the administrative computer, open the web browser, log on to the SecurityCenter, then click Install Protection. 2 Select the type of computers to install software on, then click Next.
Enforced Client Product Guide Installing Enforced Client Installing Enforced Client After installation is complete, a status for each target computer is displayed. Figure 2-6 Status for target computers 10 Click View Log to open a log file in Microsoft Notepad that shows the status of the current session, then save the file. The dialog box indicates only whether the files were pushed to the target computers.
Enforced Client Product Guide Installing Enforced Client Completing the installation You can specify one or more computers as a relay server in two ways: Using the Push Install utility Using VSSETUP Using the Push Install utility During the push installation procedure, select Set as Relay Server(s) before clicking Install Enforced Client (see step 10 under Installation on page 44).
Enforced Client Product Guide Installing Enforced Client Completing the installation Test virus protection Test the virus-detection feature of the virus and spyware protection service at any time by downloading the EICAR Standard AntiVirus Test File at the client computer. Although it is designed to be detected as a virus, the EICAR test file is not a virus. To run a test: 1 Download the EICAR file from the following location: http://www.eicar.org/download/eicar.
Enforced Client Product Guide Installing Enforced Client Completing the installation Scan the email Inbox After installing the virus and spyware protection service for the first time, we recommend running an on-demand email scan before proceeding. This checks for threats in email already in the client’s Microsoft Outlook Inbox. Future emails are scanned before they are placed in the Inbox. To run an on-demand email scan: From the Tools menu in Outlook, select Scan for Threats.
Enforced Client Product Guide Installing Enforced Client What should I do after installing? What should I do after installing? After installing Enforced Client, client computers are protected immediately and no further setup is required for the virus and spyware protection service, the firewall protection service, or the browser protection service. You will receive regular status emails with details about your account.
Enforced Client Product Guide Installing Enforced Client What should I do after installing? 50 2
3 Using Enforced Client Enforced Client consists of two main components for managing security: The client software: Software installed on each client computer. The client software runs in the background to download updates and protect the computer from threats. It also provides users access to the basic functions of their SonicWALL protection services, such as scanning files, folders, and email messages.
Enforced Client Product Guide Using Enforced Client Using the client software Using the client software After installing Enforced Client, the software runs on each client computer to immediately protect it from threats such as viruses and intrusions. Typically, users have little interaction with the client software unless they want to manually scan for threats. User tasks are documented in the online User Help on client computers.
Enforced Client Product Guide Using Enforced Client Updating client computers Client menu Click in the system tray to access these options: Scan Tasks: Displays a submenu for accessing features of the virus and spyware protection service. Firewall Settings: Displays the current status, mode, and connection type for the firewall protection service. If the policy allows users to configure firewall protection, a dialog box for changing settings appears instead.
Enforced Client Product Guide Using Enforced Client Updating client computers Users can check for updates manually at any time. In addition, you can configure optional policy settings for updating tasks. Update support for some operating systems is ending. Once support ends, client computers running those operating systems will no longer be protected against new threats. See Operating system support ending on page 28 for more information.
Enforced Client Product Guide Using Enforced Client Using the SecurityCenter For maximum protection, configure your policies to check for an outbreak DAT file every hour (see Enable optional protection on page 97). This feature is enabled by default. Update computers where no user is logged on In most scenarios, Enforced Client supports terminal servers and the Windows fast user switching feature. When an update occurs, one session is designated as the primary update session.
Enforced Client Product Guide Using Enforced Client Using the SecurityCenter When you are...
Enforced Client Product Guide Using Enforced Client Getting started Getting started The SecurityCenter website helps you locate information easily. Log on to the SecurityCenter Access online features and functions Make the most of your online data Customize listings and reports Using the online help Log on to the SecurityCenter You must use your unique user name and password to log on to the SecurityCenter.
Enforced Client Product Guide Using Enforced Client Getting started Figure 3-1 SecurityCenter tabs 58 3
Enforced Client Product Guide Using Enforced Client Getting started Make the most of your online data Each SecurityCenter page includes features for displaying the exact data you need and using it efficiently. Figure 3-2 Page controls for listings and reports 1 2 3 4 5 6 8 7 When you want to... Do this... 1 Print the current page. Click Print to open the page in a separate browser window, then select Send to printer to open the Windows Print dialog box.
Enforced Client Product Guide Using Enforced Client Getting started Customize listings and reports Select the information to display or the order in which it appears. To filter information: At the top of a page, select the information to display (group name, period of time, or type of information). To sort information in listings: Click a column heading to sort by that column. Click it again to switch the order in which it is displayed (ascending order or descending ).
Enforced Client Product Guide Using Enforced Client Getting started Using the online help Online help is available from any page on the SecurityCenter website by clicking the help ( ? ) link in the top-right corner of the page. The help window provides information about the page from which it was called. You can access additional information with the table of contents, the index, or the search feature. Help navigation procedures To... Do this...
Enforced Client Product Guide Using Enforced Client Setting up your account Setting up your account Configure your contact information so that you receive important notices from your service provider. Set up your profile Change your SecurityCenter password Sign up for email notifications Set up your profile Your profile contains the information your service provider needs to contact you about your account.
Enforced Client Product Guide Using Enforced Client Viewing your security services at-a-glance Viewing your security services at-a-glance The SecurityCenter page is your “home” page on the SecurityCenter website — a graphical overview of your coverage with instant access to summary information about the computers and service subscriptions in your account.
Enforced Client Product Guide Using Enforced Client Viewing your security services at-a-glance From the SecurityCenter page, you can: Install protection services View and resolve action items View security coverage for your account Purchase, add, and renew services Request a trial subscription Install protection services From the SecurityCenter, you can begin the installation process in two ways: On the SecurityCenter page, click Install Protection.
Enforced Client Product Guide Using Enforced Client Managing your computers To view instructions for resolving an action item: On the SecurityCenter page or the Computer Details page, click an action item. View security coverage for your account For each protection service, a pie chart shows the status of client computers in your account. This color... Indicates... Red Out-of-date or unprotected computers. Green Up-to-date or protected computers.
Enforced Client Product Guide Using Enforced Client Managing your computers Figure 3-4 Computers page Select the information that appears on this page: Groups — Display only the computers in a group or display all computers. Report period — Specify the length of time for which to display information. Computer status — Show all computers, or only out-of-date computers, computers with detections, or computers you have blocked from receiving updates.
Enforced Client Product Guide Using Enforced Client Managing your computers View duplicate computers View computer profiles Search for computers Use this feature to find a particular computer in your listings. Site administrators can search the entire account; group administrators can search only the groups their site administrator has assigned to them. (See Designating group administrators on page 72 for information on group administrators.
Enforced Client Product Guide Using Enforced Client Managing your computers Figure 3-5 Computer Details page 1 2 3 4 When you want to... Do this... 1 Update the email address. For System email address, type a new email address, then click Save. 2 Move the computer into a new group. For Group, select a group from the list, then click Save. 3 Display instructions for resolving an action item. Click the red action item. 4 Display details about detections.
Enforced Client Product Guide Using Enforced Client Managing your computers View detections for a computer Use this feature to view all the detections for a single client computer. To view detections: 1 On the Computers page, click a quantity under Detections to display a list of detected items and their status. 2 From the Detection List, click the name of a detection to display detailed information from the SonicWALL Avert Labs Threat Library.
Enforced Client Product Guide Using Enforced Client Creating groups to manage your site Block computers from receiving updates Use this feature to prevent unauthorized computers that are connecting to your network (sometimes called rogue systems) from receiving service updates. To block computers: On the Computers page, select the computers you want to block, then click Block.
Enforced Client Product Guide Using Enforced Client Creating groups to manage your site By default, every computer in your account is placed into a group called Default. You can create other groups to place them in instead. Why use groups? Groups help you manage large numbers of computers or computers that use different security settings (defined in policies). Groups are particularly helpful in larger organizations or companies that are widely distributed geographically.
Enforced Client Product Guide Using Enforced Client Designating group administrators The Default group uses the SonicWALL Default policy, which is configured with settings recommended by SonicWALL to protect most organizations. You can assign a different policy to the Default group. Create or edit a group Use this procedure to assign a name and a policy to a group. See Move computers into a group on page 70 for instructions on assigning computers to the group.
Enforced Client Product Guide Using Enforced Client Designating group administrators Figure 3-7 Site and group administrators 1 2 3 4 45 The site administrator communicates directly with the SecurityCenter to create policies, check reports, and maintain the Enforced Client account. The site administrator creates and manages group administrators. Group administrators communicate directly with the SecurityCenter to access security data for the groups they are assigned to.
Enforced Client Product Guide Using Enforced Client Designating group administrators What can group administrators do? The access level you assign determines which tasks group administrators can perform for their groups. Basic tasks for Read Only Additional tasks for Read & Modify Reports Access the SecurityCenter website (see Getting started). Install protection services. View and manage computers from the SecurityCenter (see Managing your computers).
Enforced Client Product Guide Using Enforced Client Setting up policies Your local email application opens a preaddressed message explaining how to log on to the SecurityCenter, assigned groups, and instructions for accessing information about their responsibilities. (You can use this feature only if you have a local email application installed.) 7 Send the email message. Delete a group administrator For security purposes, be sure to delete obsolete accounts for group administrators.
Enforced Client Product Guide Using Enforced Client Setting up policies The SonicWALL Default policy Until you create additional policies, all computers are assigned the SonicWALL Default policy, which is configured with settings recommended by SonicWALL to protect many environments. You cannot rename or modify the SonicWALL Default policy. When you create a new policy, the default settings appear as a guideline.
Enforced Client Product Guide Using Enforced Client Setting up policies Create or edit a policy Use this procedure to name a policy and configure its security settings. To create or edit a policy: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 In the Add Policy window, type a name in the Policy name box. (If you are editing an existing policy, the name appears automatically in the Edit Policy window.) 3 Configure the settings on each tab.
Enforced Client Product Guide Using Enforced Client Viewing reports Delete a policy Use this procedure to remove a policy you have created from your account. You cannot delete the SonicWALL Default policy. To delete a policy: On the Groups + Policies page, next to a policy name click Delete. Note If you delete a policy that is assigned to one or more groups, the SonicWALL Default policy will be assigned to those groups.
Enforced Client Product Guide Using Enforced Client Viewing reports Why use reports? Reports provide valuable tools for managing your security strategy. Only the reports available for the installed protection services appear on this page. Use this report... To view... Detections The types of potentially malicious code or unwanted programs that have been found on your network. Use this report to manage detections of viruses and potentially unwanted programs.
Enforced Client Product Guide Using Enforced Client Viewing reports View duplicate computers Use the Duplicate Computers report to locate computers that are listed more than once in your reports. Duplicate listings usually result when the Enforced Client client software has been installed more than once on a single computer or when users install it on their new computers without uninstalling it from their previous computers.
Enforced Client Product Guide Using Enforced Client Managing your correspondence View computer profiles Use the Computer Profiles report to view the version of the Windows operating system and the Internet Explorer web browser running on client computers. This helps you locate computers for maintenance, such as installing Microsoft software patches.
Enforced Client Product Guide Using Enforced Client Managing your correspondence Send email to users Use email to send important information about corporate security to your users: Send reports or listings as an attached archived web page in .MHTM format (see Make the most of your online data on page 59). Send descriptions of security issues on client computers or instructions for required maintenance (see Send email to computers on page 69).
Enforced Client Product Guide Using Enforced Client Managing your subscriptions If your logo file is not the correct size, the SecurityCenter resizes it to fit the allotted area and displays a preview of how it will appear on reports. Click Approve to accept the resized logo, or Delete and Resubmit to select a different file. 6 Click Close Window. To delete a logo: 1 On the My Account page, in the My Logo section, click Edit. 2 On the Manage Logo page, click Delete Logo.
Enforced Client Product Guide Using Enforced Client Managing your subscriptions Update subscription information Use the Subscription History page to update the contact and account information for each of your protection service subscriptions. This is useful for administrators who manage multiple accounts. Your service provider determines whether this feature is available to you. Typically, the Edit link is available only to SonicWALL partners who oversee security for multiple accounts.
Enforced Client Product Guide Using Enforced Client Getting assistance Request a trial subscription To try a protection service free of charge for 30 days, you can request a trial subscription. You’ll have the opportunity to try all the features. You can then purchase the service and continue using it with no interruption in protection. To request a free trial: 1 On the My Account page or the SecurityCenter page, click Buy or Try. 2 Follow the instructions on the Product Purchase page.
Enforced Client Product Guide Using Enforced Client Getting assistance Download utilities Access utilities to assist with installing client software and troubleshooting installation problems from the Utilities page. To download utilities: On the Help page, click Utilities, then click a link. To do this... Click this link... Silently install client software on individual client computers.
4 Using the Virus and Spyware Protection Service The virus and spyware protection service in Enforced Client safeguards client computers against threats, such as viruses and potentially unwanted programs, by scanning files and email messages as they are accessed.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Accessing client features (Scan Tasks menu) Figure 4-1 Scan Tasks menu Select this command... To do this... Scan... Select a location to scan (My Computer, My Documents Folder, or Floppy A). Click Scan Folder... to browse to a folder of your choice. Quarantine Viewer Open the quarantine folder, which contains possible threats detected on the computer (see Manage quarantined files on page 109).
Enforced Client Product Guide Using the Virus and Spyware Protection Service Scanning client computers Scanning client computers The virus and spyware protection service safeguards computers by automatically scanning for viruses and spyware. At any time, users can perform manual scans of files, folders, or email, and administrators can set up scheduled scans.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Scanning client computers Scan manually (on-demand scans) The virus and spyware protection service automatically scans most files when they are accessed. However, users can scan a particular drive or folder at any time. This is referred to as an on-demand scan. The default on-demand scanning policy is: All processes running in memory are scanned. All files are scanned. All critical registry keys are scanned.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Scanning client computers To view results of a manual scan: In the Scan Completed dialog box, click Report to display the Scan Statistics report. What is in a Scan Statistics report? The Scan Statistics report opens in the default browser and displays the following information: Date and time the scan was started. Elapsed time for the scan. Version of the scanning engine software and DAT file.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Scanning client computers Schedule on-demand scans Schedule an on-demand scan to occur at a specific date and time, either once or on a recurring basis. For example, you might want to scan client computers at 11:00 P.M. each Saturday, when it is unlikely to interfere with other client processes. Scheduled scans are configured as part of a policy and run on all computers using that policy. See Schedule on-demand scans on page 95.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Scanning client computers 2 Select one or more detections, then select an action: Clean Place an encrypted original copy of each selected item in a quarantine folder, then attempt to clean it. If it cannot be cleaned, delete the item. Approve Add each selected item to the user’s list of approved programs. These programs will not be detected as spyware during future scans.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Configuring policies for virus and spyware protection Policies define the operational settings for all your protection services. See Setting up policies on page 75 for general information about using policies. Three tabs are used to configure the features for virus and spyware protection.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection To schedule an on-demand scan: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 Click the Virus Protection tab. 3 Under On-Demand Scan, click On. 4 Select a frequency, day, and time for the scan to run, then click Save.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Set advanced virus protection options On the Groups + Policies page, use the Advanced Settings tab to configure enhanced protection and safeguard against additional threats lurking in out-of-the-way locations.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection To specify optional scans: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 Click the Advanced Settings tab, select each scan you want to enable, then click Save. Enable outbreak response Check for an outbreak DAT file every hour.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Set basic spyware protection options On the Groups + Policies page, use the Spyware Protection tab to configure basic settings for spyware protection.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Select a spyware protection mode You can specify how the virus and spyware protection service responds to detections of potentially unwanted programs on client computers. Protect: It attempts to clean the detected item. If the item cannot be cleaned, a copy of the item is placed in a quarantine folder and the original item is deleted.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Learn mode Report mode can be used as a “learn mode” to help you determine which programs to approve (see Specify approved programs on page 101). In Report mode, the virus and spyware protection service tracks but does not delete unrecognized programs.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Configuring policies for virus and spyware protection Threat type Description Spyware Programs that covertly gather user information through the user’s Internet connection without the user’s knowledge. Once installed, spyware monitors user activity on the Internet and transmits that information in the background to someone else.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Viewing reports for virus and spyware detections Viewing reports for virus and spyware detections Whenever a client computer checks for updates, it also sends data to the SecurityCenter in encrypted XML files. You can view this data in reports accessed from the Reports page. Three reports contain information about virus or spyware detections: Detections (see View detections).
Enforced Client Product Guide Using the Virus and Spyware Protection Service Viewing reports for virus and spyware detections Select the information that appears in this report: Groups — Display only the computers in a group or display all computers. Report period — Specify the length of time for which to display information. Detection type — Show all threat detections or a particular type: Malware Infections Known threats that would infect your computer if they were not caught.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Viewing reports for virus and spyware detections View unrecognized programs Use the Unrecognized Programs report to view a list of unapproved programs that the spyware protection service or firewall protection service detected on your network. Figure 4-7 Unrecognized Programs report Select the information that appears in this report: Groups — Display only the computers in a group or display all computers.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Viewing reports for virus and spyware detections Using the Unrecognized Programs report When you want to... Do this... Display computers or detections Click next to a name: Under a computer name, show which detections were found. Under a detection name, show the computers where it was found.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Viewing reports for virus and spyware detections View your detection history Check the Detection History report for a graphical overview of the number of detections and the number of computers where detections occurred over the past year on your network.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Managing detections Managing detections To effectively manage your strategy for virus and spyware protection, we recommend that you proactively track the types of threats being detected and where they are occurring.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Managing detections Manage quarantined files When the virus and spyware protection service detects a threat on a client computer, it attempts to clean the item where the threat is detected. The item might be a file, cookie, or registry key. If it cannot clean the item, it deletes the original item and places an encrypted copy in a quarantine folder.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Disabling on-access scanning 4 Check the status of each item: Cleaned The rescan action was successful. You can safely restore the item. Clean failed The item cannot be cleaned. Delete failed The item cannot be cleaned or deleted. If it is in use, close it and attempt the clean again. If it resides on read-only media, such as CD, no further action is required.
Enforced Client Product Guide Using the Virus and Spyware Protection Service Disabling on-access scanning 110 4
5 Using the Firewall Protection Service The firewall protection service in Enforced Client safeguards against intrusions by monitoring inbound and outbound communications on client computers. It checks: IP addresses and communication ports that attempt to communicate with your computer. Applications that attempt to access the Internet. As the administrator, you can define what constitutes suspicious activity and the firewall protection service’s response.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Configuring policies for firewall protection Policies define the operational settings for all your protection services. See Setting up policies on page 75 for general information about using policies. See The SonicWALL Default policy on page 76 for a table listing the firewall protection settings in the SonicWALL Default policy.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Figure 5-1 Desktop Firewall policy tab Specify who configures firewall protection settings Configuring settings for the firewall protection service enables you to control which applications and communications are allowed on your network. It provides the means for you to ensure the highest level of security. You can also allow users to configure their own firewall protection settings.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection How do user settings and administrator settings coexist? When you select Administrator configures firewall, any firewall settings that users have configured on their computers are saved. If you also select Prompt mode, user settings are merged with your policy settings on each client computer. When they differ, user settings take precedence over administrator settings.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Select a firewall protection mode Specify how the firewall protection service responds to suspicious activity on client computers. Protect: It blocks the suspicious activity. Prompt: It displays a dialog box with information about the detection, and allows the user to select a response. This option is the default.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Specify a connection type The connection type defines the environment where client computers are used and determines which IP addresses and ports the firewall protection service allows to communicate with them. This option defines what the firewall protection service considers to be suspicious activity. The default setting is Untrusted.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Configure IP addresses for a custom connection Custom settings configured on the SecurityCenter are ignored on client computers if the Firewall Protection Mode is set to Prompt mode. In Prompt mode, settings configured by users override administrator settings.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Remote Assistance You can add other service ports as needed.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection To open a service port: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 Click the Desktop Firewall tab. 3 Under Connection Type, select Custom settings, then click edit. 4 On the Firewall Custom Settings page, select the checkbox next to the service port(s) you want to open, then click Save.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection Configure IP addresses for a custom connection In addition to accepting communications through the selected service ports, client computers accept communications originating from designated IP addresses. To add one or more IP addresses: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 Click the Desktop Firewall tab.
Enforced Client Product Guide Using the Firewall Protection Service Configuring policies for firewall protection 2 A list of safe applications that SonicWALL maintains on the www.hackerwatch.org website. By default, the firewall protection service allows applications that appear on this list. If the administrator does not want the firewall protection service to consult this list, he can configure a policy option (see Specify whether to use SonicWALL recommendations).
Enforced Client Product Guide Using the Firewall Protection Service Viewing reports for firewall protection Viewing reports for firewall protection Whenever it checks for updates, each client computer also sends data to the SecurityCenter website in encrypted XML files. You can view this data in reports accessed from the Reports page. Two reports contain information about detected suspicious activity: Unrecognized Programs (see View unrecognized Internet applications).
Enforced Client Product Guide Using the Firewall Protection Service Viewing reports for firewall protection Using the Unrecognized Programs report When you want to... Do this... Display computers or detections Click View details about a computer where a detection occurred Allow an Internet application next to a name: Under a computer name, show which detections were found. Under a detection name, show the computers where it was found.
Enforced Client Product Guide Using the Firewall Protection Service Managing suspicious activity with best practices Using the Inbound Events Blocked by Firewall report When you want to... Do this... Display computers or detections Click View details about events next to a name: Under a computer name, show which detections were found. Under a detection name, show the computers where it was found.
Enforced Client Product Guide Using the Firewall Protection Service Managing suspicious activity with best practices Before installing the firewall protection service on a server, ensure that the server’s system services and Internet applications are configured correctly. If there is a possibility the service might be installed when no user is present to monitor the installation, disable the policy setting for Automatically install the desktop firewall on all computers using this policy.
Enforced Client Product Guide Using the Firewall Protection Service Managing suspicious activity with best practices 126 5
6 Using the Browser Protection Service ™ The browser protection service in Enforced Client, based on SonicWALL SiteAdvisor , displays information to safeguard client computer users against web-based threats: A safety rating for each website (see How safety ratings are compiled on page 128). A safety report for each website that includes a detailed description of test results and feedback submitted by users and site owners.
Enforced Client Product Guide Using the Browser Protection Service Accessing site safety information How safety ratings are compiled Safety ratings are derived by testing criteria for each website and evaluating the results to assess whether the site poses a risk and, if so, what type of risk. Automated tests compile safety ratings for a website by checking for: Viruses and potentially unwanted programs bundled with downloaded files.
Enforced Client Product Guide Using the Browser Protection Service Accessing site safety information Staying safe while browsing When users browse to a website, the SiteAdvisor toolbar displays a color-coded menu button (the location depends on the browser): To display the SiteAdvisor toolbar: In Internet Explorer, select View | Toolbars | SonicWALL SiteAdvisor. The SiteAdvisor toolbar is always displayed in Firefox. To display the SiteAdvisor menu: Click the SiteAdvisor menu button.
Enforced Client Product Guide Using the Browser Protection Service Configuring browser protection settings Viewing safety reports Users can supplement the color-coded safety information for a site by viewing its detailed safety report. These reports describe specific threats discovered by testing and include feedback submitted by site owners and users. To view the safety report for the current site: From the SiteAdvisor menu, select View Site Details. OR Click the safety icon in a Search Results page.
Enforced Client Product Guide Using the Browser Protection Service Configuring browser protection settings 3 Select Automatically install browser protection service on all computers using this policy, then click Save. The browser protection service will be installed on all computers using this policy the next time they check for an updated policy. Configuring browser protection on the client computer Users can configure settings for additional browser protection features.
Enforced Client Product Guide Using the Browser Protection Service Submitting feedback Submitting feedback SonicWALL encourages feedback about websites: Users can describe suspicious or dangerous behavior they encounter when visiting a site. Site owners can provide helpful information or respond to user feedback about their site. Feedback is displayed in the site’s safety report. Note Users and site owners must register before submitting information to SonicWALL.
7 Using the Email Security Service The email security service in Enforced Client Advanced scans messages before they are received by client computers and quarantines detections. Your service checks for spam, phishing scams, viruses, directory harvest attacks, and other email-borne threats in messages and attachments. The email security service resides outside your network, requiring no system resources. Your company’s mail exchange (MX) record is redirected through SonicWALL’s servers.
Enforced Client Product Guide Using the Email Security Service Activating the email security service Activating the email security service Activate your email security service through a unique registration website, which you access from the SecurityCenter website. To activate your account: 1 On the SecurityCenter website, click the SecurityCenter tab. 2 Click Install Protection. 3 Select Install email security service. 4 Click the URL to open the activation wizard.
Enforced Client Product Guide Using the Email Security Service Setting up your account Figure 7-1 Email security service’s portal Setting up your account When your account is activated, you can set it up to filter email for users in its activation domain, the domain you specified in the activation wizard.
Enforced Client Product Guide Using the Email Security Service Setting up your account Default settings As soon as your email security service is activated, default functionality and features are configured. Two users appear on the Users tab: Your administrator login address. A default user (whose name begins with pdefault), which you should ignore. Do not delete the pdefault entry. Caution Users in the activation domain automatically receive virus protection and basic attack blocking.
Enforced Client Product Guide Using the Email Security Service Setting up your account 3 Set up your email server to prevent spam and viruses from circumventing the email security service. Some virus and spam senders specifically target email servers using low-priority DNS MX records or by looking up a server directly with an intuitive name like mail.yourdomain.com.
Enforced Client Product Guide Using the Email Security Service Setting up your account 4 Do you want to manage all users’ quarantined messages in one central quarantine, rather than separate user quarantines? Initially, each user’s detected spam is quarantined in an individual user quarantine, where you can go to manage that user’s spam. If you prefer to manage all your organization’s spam from one location, you can divert all spam to a central quarantine by changing your spam disposition.
Enforced Client Product Guide Using the Email Security Service Viewing your email protection status Access basic administration features on the Administration page: Use this feature... Summary To... View your current domains. Add or delete a domain. Enable/disable subdomain stripping for a domain. Test and trace mailflow. Test server latency. Verify your MX record configuration. Modify your company name or support address.
Enforced Client Product Guide Using the Email Security Service Viewing your email protection status To view the status of your service: 1 On the SecurityCenter website, click the SecurityCenter tab. 2 Under Your email protection, check your email statistics. 3 Click the pie chart to open the portal, where you can view data for the last seven days of email activity. To resolve action items: Click an action item to display instructions for resolving it.
Enforced Client Product Guide Using the Email Security Service Configuring a policy for email security Configuring a policy for email security Configure security settings for your email security service by setting up a policy. (You can set up only one policy for your email security service account.) To set up a policy for email security: 1 On the SecurityCenter website, click the Groups + Policies tab. 2 Select Add Email Security Policy.
Enforced Client Product Guide Using the Email Security Service Managing quarantined email Managing quarantined email The email security service quarantines email messages that contain detected spam, phishing, and virus threats.
Enforced Client Product Guide Using the Email Security Service Getting more information To restore quarantined email to an Inbox: Provide these instructions to your users: 1 Open the Quarantine Summary. 2 To restore a message, click Deliver. View quarantined mail deliveries Administrators can track the number and type of quarantined messages that users deliver to their Inboxes by viewing Quarantine Delivery reports.
Enforced Client Product Guide Using the Email Security Service Getting more information 144 7
8 Troubleshooting For help installing, using, and maintaining Enforced Client, refer to frequently asked questions or specific error messages and their solutions. Uninstalling protection services Frequently asked questions (FAQ) Error messages Contacting product support Uninstalling protection services For testing purposes or before reinstalling the client software, you might need to uninstall the client software.
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) Frequently asked questions (FAQ) This section includes questions asked by administrators and client computer users.
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) Adding, renewing, and moving licenses I purchased licenses for new computers, but the new computers don’t show up on my reports. When you purchase additional services or renew services, use the same email address that you used when purchasing the original services. Also, place your order from the same SecurityCenter website where you purchased your original services.
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) Why would I want to specify excluded files and folders or approved programs? Specifying excluded files and folders from scanning can be useful if you know a particular type of file is not vulnerable to attack, or a particular folder is safe.
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) If you upgraded or purchased additional services using a new email address, you received a new company key and URL for a new account instead of adding licenses to your existing account. (The company key appears after the characters CK= in the URL.) Because you have two company keys, reports appear in two places. Make sure all your trial users reinstall with the installation URL associated with the new key.
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) How can I stop errors from showing up in my reports when automatic updates fail on systems where no user is logged on? For certain system configurations, automatic updates do not occur on systems where no user is logged on. You can prevent these failed updates from being reported by configuring a policy setting (see Update computers where no user is logged on on page 55).
Enforced Client Product Guide Troubleshooting Frequently asked questions (FAQ) Browser protection Can users run the browser protection service for Internet Explorer and Firefox on the same computer? Yes. The browser protection service for Internet Explorer and Firefox are compatible on the same computer. Users can install protection for both browsers. (If both browsers are present on a computer when browser protection is installed, protection for both browsers is installed automatically.
Enforced Client Product Guide Troubleshooting Error messages I use Windows XP Service Pack 2, and I get a message that my computer may be at risk. What does this mean? This is a known problem with Microsoft Security Center, because Microsoft cannot determine that Enforced Client is installed and up-to-date. If you get this message when starting your computer, click the message balloon to open the Recommendation window, select I have an antivirus program that I’ll monitor myself, then click OK.
Enforced Client Product Guide Troubleshooting Error messages MyASUtil.SecureObjectFactory error message MyINX Error Unable to connect to the Enforced Client update server Unable to create Cab Installer Object Your current security settings prohibit running ActiveX controls on this page A file needed to install the software is not available.
Enforced Client Product Guide Troubleshooting Error messages The security level of the browser is too high. Set the browser’s security level to Medium or Medium-high (see Configure your browser on page 33). Internet Explorer is blocking ActiveX controls. Click the narrow bar at the top of the Installation Denied page and select Install ActiveX Control. This returns you to the original installation page, where you can enter an email address and proceed successfully.
Enforced Client Product Guide Troubleshooting Error messages Installation Denied Common causes and solutions: When you begin the installation, Internet Explorer displays a dialog box asking you to verify that you want to install Enforced Client. You must click Yes. The browser must be able to run ActiveX controls. Set the browser’s Internet security setting to Medium or Medium-high (see Configure your browser on page 33).
Enforced Client Product Guide Troubleshooting Error messages If there is another comment in the Status column, contact product support with that information. If you do not see a Status column, set your view options to Details. Note MyINX Error The installer has detected other virus protection software on the computer, which you must uninstall: 1 From the Windows Control Panel, open Add/Remove Programs.
Enforced Client Product Guide Troubleshooting Error messages From Windows Control Panel, open Internet Options. 2 Under Temporary Internet Files, click the Delete Files button. 3 Select Delete all offline content, then click OK. An hourglass appears while the files are being deleted. 4 Under Temporary Internet Files, click Settings, then click View Files. 5 Select Edit | Select All. 6 Select File | Delete. It might take a while for all the files to be deleted. When the deletions are complete.
Enforced Client Product Guide Troubleshooting Contacting product support Contacting product support There are three ways to contact product support. By email To contact product support via email, refer to your welcome email for your service provider’s support address. By phone To access a list of current phone numbers for product support, visit: http://www.mcafee.com/us/about/contact/index.html From the web 1 Log on to the SecurityCenter with your user name and password.
Glossary action item Indicator of a potential vulnerability in your organization’s security that requires attention. Action items appear in red on the SecurityCenter website in three locations: SecurityCenter page, Computer Details page, and in reports (as dates). action taken How SonicWALL protection services handle or respond to detections; for example, Cleaned indicates that the detected threat was successfully removed. administrative reports See reports.
Enforced Client Anti-Virus and Anti-Spyware 4.5 Product Guide Glossary Clean Failed The virus and spyware protection service could not clean or delete the item. This might indicate that the item is in use; if so, close it and attempt the clean again. This might also indicate that the item resides on read-only media, such as a CD. If so, no further action is required.
Enforced Client Anti-Virus and Anti-Spyware 4.5 Product Guide email security service Glossary A web-based service that safeguards small business computers by automatically routing email messages through SonicWALL’s servers and scanning for dangerous and inappropriate content before delivering the messages to the local network. Compare to browser protection service, firewall protection service, and virus and spyware protection service. event See inbound event.
Enforced Client Anti-Virus and Anti-Spyware 4.5 Product Guide outbreak DAT file Glossary A special detection definition file marked as Medium or High importance and released by SonicWALL Avert Labs in response to an outbreak. It is specially encoded to inform the first computer receiving it to share the update immediately with other client computers on the network. Administrators can configure a policy setting to check for outbreak DAT files more frequently than regular updates.
Enforced Client Anti-Virus and Anti-Spyware 4.5 Product Guide Glossary reports Data uploaded by client computers to the SecurityCenter and formatted for the administrator; information on the account’s security status for the administrator. response How SonicWALL protection services handle or take action on detections; for example, Cleaned indicates that the detected threat was successfully removed from the item where it was found.
Enforced Client Anti-Virus and Anti-Spyware 4.5 Product Guide untrusted connection Glossary A direct connection to the Internet, such as a wireless network in a public airport or hotel. The firewall protection service blocks communications from other devices on an untrusted network (it considers them to be unsafe). Compare to trusted connection. update site A repository on the Internet from which a client computer retrieves updates.
A User Interface Definitions Login page Use this page to log on to the SonicWALL SecurityCenter website, where you can manage your account and view reports. Log on to the SecurityCenter Change your SecurityCenter password Item Description Email Address Type the email address for your account. In most cases, this is the email address you used when registering for Enforced Client. Password Type the password for your account.
Enforced Client Product Guide User Interface Definitions Item Description Coverage Shows the protection status for your computers. Click a color in the pie chart to open the Product Coverage page, which lists details about the computers with the corresponding status. The pie chart appears only for services you have installed. For other services, a status message appears. Subscription Shows the status of your subscriptions and licenses for protection services.
Enforced Client Product Guide User Interface Definitions Item Description Find computers Type a full or partial computer name, email address, IP address, or relay server name in the box, then click Search to display computers matching your search criteria. Note: All the client computers in your account are searched. Add Computer Click to install Enforced Client services on one or more new client computers.
Enforced Client Product Guide User Interface Definitions Item Description Detections Shows the total number of detections for each computer during the selected time period. Select the quantity to display a list of the detections. User-Approved Applications Shows the number of detected applications the user approved to run on each computer. Select the quantity to display details about the applications. To approve an application for other users, you need to add it to a policy.
Enforced Client Product Guide User Interface Definitions Item Description Detection History Select this link to display a graphical overview of your detections for the past year. Email Security Reports Select this link to open the email security service’s portal, where you can access reports about email traffic and detections. Groups + Policies tab Use this page to create and manage groups and policies: A group consists of one or more computers that use the same security settings.
Enforced Client Product Guide User Interface Definitions My Account tab Use this page to manage information for your protection services account. Setting up your account Change your SecurityCenter password Managing your subscriptions Designating group administrators Sign up for email notifications Add your logo to reports My Profile section Shows contact information associated with your account. Your service provider uses this information to communicate with you.
Enforced Client Product Guide User Interface Definitions Item Description Add Select this link to create a new group administrator account or edit an existing account. All group administrators Select this link to open a page where you can view and edit all groups administrator accounts for your organization. Name Shows the name you entered for identification purposes when you created the group administrator’s account.
Enforced Client Product Guide User Interface Definitions Help tab Use this page to access online product documentation and to contact customer support. View printed and online documents Download utilities Contact product support Item Description Quick Start Guide Select this link to display a document that describes how to use the basic features of Enforced Client. This document is recommended for new administrators and those who want an overview of changes to the product.
Enforced Client Product Guide User Interface Definitions Installing Enforced Client Standard URL installation Using the portal Item Description Install products onto new computers (not yet managed by SecurityCenter) Select this option to install one or more protection services onto one or more computers where Enforced Client is not already installed.
Enforced Client Product Guide User Interface Definitions Item Description Select Text and Copy to Clipboard To send users a URL they can use to install on their computers, first click this button. Then open a blank email message, paste the text you copied into its body, and send it to users who need to install the protection service(s). You will have the opportunity to edit the instructions in your email message before sending. Note: This button does not appear in the Firefox browser.
Enforced Client Product Guide User Interface Definitions Item Description Display advanced installation methods Select this link to open a page where you can use the silent installation method or Push Install utility to deploy protection services on client computers without user interaction. Cancel Click to end the installation process.
Enforced Client Product Guide User Interface Definitions Product Purchase Use this page to purchase new or additional licenses for SonicWALL protection services or sign up for a trial subscription. Managing your subscriptions Purchase, add, and renew services Request a trial subscription Item Description Locate and contact your local SonicWALL reseller Select this link if you purchased Enforced Client from a SonicWALL reseller. Click here to...
Enforced Client Product Guide User Interface Definitions Item Description Email button Click to open a blank email message addressed to the selected computers. (You must have a client email application installed to use this feature.) Delete Click to delete the selected computers from your listing. Use this feature to delete duplicate and obsolete computers. If you delete a computer where a valid service is installed, it will be added back to your listing the next time you log on.
Enforced Client Product Guide User Interface Definitions Item Description Computer Details section Lists information about the computer and protection services. System email address Shows the email address used to contact the user. To change the address, type a new address. Group Shows the group to which this computer belongs. To move this computer to another group, select one from the list. (Services) Shows the status of each protection service.
Enforced Client Product Guide User Interface Definitions View user-approved applications for a computer Specify approved programs Set up allowed Internet applications Item Description Name Shows the name of the detected application. For potentially unwanted programs, select the name of the detected threat to display a detailed description from the SonicWALL Avert Threat Labs.
Enforced Client Product Guide User Interface Definitions Item Description Email Shows the email address for each computer. Select an address to open a blank email message addressed to that computer. (You must have a client email application installed to use this feature.) To send an email message to multiple computers instead, select the computers, then click the Email button. Last Connect Shows when a computer last connected to the network. The date appears in red for out-of-date computers.
Enforced Client Product Guide User Interface Definitions Item Description Move to Select a group to move selected computers into. To create a group, go to the Groups + Policies page. Then use this Move to list to move computers into the new group. Move Click to move the selected computers into the selected group. Name Lists each computer where a detection occurred. Detected Objects Select a computer to display detailed information about it.
Enforced Client Product Guide User Interface Definitions Item Description Detected Objects Shows the number of occurrences for this detection. Select a quantity to display the Detection List, showing which items contained the detected threats. Last Detection Date Shows the most recent date that a detection occurred.
Enforced Client Product Guide User Interface Definitions Item Description Computer Lists each computer where a detection occurred. Select a computer to display detailed information about it. Click the arrow next to a computer to display or hide a list of its detections. Select the name of a potentially unwanted program to display details about it from the SonicWALL Avert Threat Labs Library. Programs Shows the number of detections that occurred on the computer.
Enforced Client Product Guide User Interface Definitions Item Description Name Lists the name of each detected program. Select the name of a program to display detailed information about it. Click the arrow next to a program to display or hide a list of computers where it was detected. Select a computer name to display details about it. Computers Shows the number of computers where the program was detected.
Enforced Client Product Guide User Interface Definitions Item Description Group by Select Originating Computer to list the computers where events originated. Select Destination Computer to list the computers where events were targeted. Computer Lists the name of each target computer. Click the arrow next to the event name to display or hide a list of computers where the event originated. Select a computer name to display details about it.
Enforced Client Product Guide User Interface Definitions Item Description Groups Select the group of computers to display. If you have not created any groups, this option does not appear. Email button Click to open a blank email message addressed to the selected computers. (You must have a local email application installed to use this feature.) Delete Click to delete the selected computers from your listing. Block Click to prevent the selected computers from receiving product updates.
Enforced Client Product Guide User Interface Definitions Item Description Groups Select the group of computers to display. If you have not created any groups, this option does not appear. Operating system version Select a version to display only the computers running that version. Only the operating systems running on client computers are listed here. Browser version Select a version to display only the computers running that version.
Enforced Client Product Guide User Interface Definitions Item Description Groups Select the group of computers to display. If you have not created any groups, this option does not appear. Display by Select increments in which to display historical information: Month: Each bar in the graphs represents data for a month. Quarter: Each bar in the graphs represents data for a 3-month period. Detections Found Shows the total number of detections for your account over the past year.
Enforced Client Product Guide User Interface Definitions Item Description Name Type a new name for the group if you want to rename it. Policy Select a policy from the list if you want to assign a different one. The current policy is displayed, and all available policies appear in the list. If you have not created any policies, only the SonicWALL Default policy appears. Note: You must create a policy before you can assign it to a group. Save Click to update the group and return to the previous page.
Enforced Client Product Guide User Interface Definitions Configuring policies for firewall protection Configuring browser protection from the SecurityCenter The SonicWALL Default policy Item Description Virus Protection Scheduled On-Demand Scan Disabled: No on-demand scan is scheduled. On-access scans still occur every time users run, open, or download files.
Enforced Client Product Guide User Interface Definitions Item Description Update client computers where users are not logged in Enabled. Automatic updates occur on computers where no user is Display support notifications on client computers Enabled. Notification dialog boxes warn client computer users when software upgrades and DAT file updates are being discontinued for their operating system.
Enforced Client Product Guide User Interface Definitions Item Description Check for updates every 12 hours: Client computers check for updated detection definition (DAT) files and product components every 12 hours. Detect ... Enabled: The following threats are detected during scans: Jokes: Programs designed to be mistaken for a virus. They may alarm or annoy a user but do not harm files or data. They are intended to waste time and resources.
Enforced Client Product Guide User Interface Definitions Item Description Excluded Files and Folders Lists files, folders, and file name extensions that the virus and spyware protection service does not scan for viruses. If you have not designated any files or folders to exclude, no list appears here. Only files that you know are safe should be excluded from on-access and on-demand virus scans. Type Select the type of exclusion: File: The file will not be scanned.
Enforced Client Product Guide User Interface Definitions Item Description Spyware Protection Mode Select the response when a potentially unwanted program is detected: Report: Allow the program to run. Do not notify the user. Prompt: Ask the user how to respond. Protect: Block the program. Detections of potentially unwanted programs always appear in administrative reports when the spyware protection feature is enabled.
Enforced Client Product Guide User Interface Definitions Item Description Policy name Type a new name for the policy if you want to rename it. Firewall Management Select who manages the firewall protection service’s settings for client computers: Administrator configures firewall: You configure the policy settings that determine how the firewall protection service operates. When this option is selected, other firewall protection options appear on this page.
Enforced Client Product Guide User Interface Definitions Item Description Connection Type Select the environment where a client computer is used: Untrusted network: The computer connects to a network that might not be secure, such as an airport or hotel network. The firewall protection service should block communications from IP addresses on that network. Trusted network: The computer connects to a network that is protected from the Internet by a hardware firewall or router.
Enforced Client Product Guide User Interface Definitions Configure IP addresses for a custom connection Item Description Allowed Incoming Connections Specifies the system service ports through which computers using this policy can communicate. Allow Select the checkbox next to each port you want to enable. The firewall protection service allows communications through the selected ports. It blocks communications through unselected ports.
Enforced Client Product Guide User Interface Definitions Item Description OK Click to add the port configuration and return to the Firewall Custom Settings page. Cancel Click to return to the Firewall Custom Settings page without adding a port. Edit Policy: Browser Protection Settings Policies are made up of security settings for all of your protection services. These settings define how your services operate on client computers.
Enforced Client Product Guide User Interface Definitions Item Description Advanced Virus Protection Settings Select additional protection features for the virus and spyware protection service. If none of these features are selected, the service still detects viruses. Enable outbreak response: Check for an outbreak detection Enable buffer overflow protection: Detect code starting to run definition (DAT) file every hour. from data in reserved memory and prevent that code from running.
Enforced Client Product Guide User Interface Definitions Item Description Advanced Spyware Protection Settings Select potentially unwanted program threats to detect. If no threats are selected, the virus and spyware protection service does not detect any potentially unwanted programs. Jokes: Programs designed to be mistaken for a virus. They may alarm or annoy users but do not harm files or data. They are intended to waste time and resources.
Enforced Client Product Guide User Interface Definitions Item Description Policy name Type the name of the new policy. On-Demand Scan Select On to schedule an on-demand scan, then select the time and frequency. Select Off to schedule no on-demand scans. Regardless of this setting, on-access scans occur every time users run, open, or download files.
Enforced Client Product Guide User Interface Definitions Item Description Spyware Protection Mode Select the response when a potentially unwanted program is detected: Report: Allow the program to run. Do not notify the user. Prompt: Ask the user how to respond when a potentially unwanted program is detected. Protect: Block the program. Detections of potentially unwanted programs always appear in administrative reports when the spyware protection feature is enabled.
Enforced Client Product Guide User Interface Definitions Item Description Policy name Type a name for the new policy. Firewall Configuration Select who manages the firewall protection service’s settings for client computers: Administrator configures firewall: You configure the policy settings that determine how the firewall protection service operates. When this option is selected, other firewall protection options appear on this page.
Enforced Client Product Guide User Interface Definitions Item Description Connection Type Select the environment where a client computer is used: Untrusted network: The computer connects to a network that might not be secure, such as an airport or hotel network. The firewall protection service should block communications from IP addresses on that network. Trusted network: The computer connects to a network that is protected from the Internet by a hardware firewall or router.
Enforced Client Product Guide User Interface Definitions Item Description Cancel Click to return to the Groups + Policies page without changing the policy. Reset to Defaults Click to assign the original SonicWALL Default policy settings to this policy. Note: This resets all settings on all tabs. Settings will not take effect until you click Save. Add Policy: Advanced Settings Policies are made up of security settings for all of your protection services.
Enforced Client Product Guide User Interface Definitions Item Description Advanced Virus Protection Settings Select additional protection features for the virus and spyware protection service. If none of these features are selected, the service still detects viruses. Enable outbreak response: Check for an outbreak detection Enable buffer overflow protection: Detect code starting to run definition (DAT) file every hour. from data in reserved memory and prevent that code from running.
Enforced Client Product Guide User Interface Definitions Item Description Advanced Spyware Protection Settings Select potentially unwanted program threats to detect. If no threats are selected, the virus and spyware protection service does not detect any potentially unwanted programs. Jokes: Programs designed to be mistaken for a virus. They may alarm or annoy users but do not harm files or data. They are intended to waste time and resources.
Enforced Client Product Guide User Interface Definitions Item Description View Cancelled Services Select this link to open a page listing service subscriptions that are no longer current. If you are already viewing a list of cancelled subscriptions, a link to display current subscriptions appears instead. Managed Services Lists the name of the SonicWALL protection service. Quantity Shows the number of licenses allocated to the subscription.
Enforced Client Product Guide User Interface Definitions Item Description First Name If needed, enter a new first name for the subscription’s primary contact. Last Name If needed, enter a new last name for the subscription’s primary contact. Submit Click to save the changes and return to the previous page. Cancel Click to return to the previous page without updating the subscription information.
Enforced Client Product Guide User Interface Definitions Item Description Add Administrator Click to create a group administrator account. Name Shows the name you entered for identification purposes when you created the group administrator account. Email Address Select an address to open a blank email message addressed to the group administrator. (You must have a local email application installed to use this feature.) Groups Lists the groups assigned to the group administrator account.
Enforced Client Product Guide User Interface Definitions Edit Profile Use this page to modify the information your service provider uses to notify you about issues related to your account. Some fields are optional; fields that you must fill in are labeled as required. Set up your profile Change your SecurityCenter password Item Description Your Login Information This information is used to log on to the SecurityCenter.
Enforced Client Product Guide User Interface Definitions Install the standalone installation agent Item Description Silently install protection services on client computers Select the VSSetup link to download the silent installation package, which enables you to remotely deploy Enforced Client on a client computer with no user interaction. Download the utility to the administrative computer or client computer.
