Instruction/ maintenance manual of the product 4.5 SonicWALL
Go to page of 212
02/4%#4)/.!44(%30%%$/&"53).%33 3ONIC7!,,%NFORCED#LIENT !NTI6IRUSAND!NTI3PYWARE 0RODUCT'UIDE 6ERSION.
Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT Copyright © 2007 McAfee, Inc. All Rights R eserved. No part of this publi cation may be reprod uced, transmitted, transcribed, st ored in a retrieval system, or translated into any l anguage in any form or by any means without the written permission of NcA fee, Inc.
3 Contents 1 Intr oduction 7 What is Enforced Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Select the right version of Enfo rced Client . . . . . . . . . . . . . . . . . . . . . . . .
4 Enforced Clie nt Produc t Guide Contents Using VSSETUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Completing the installatio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5 Enforced Clie nt Produc t Guide Contents Send email to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Update user em ail addresses . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 Enforced Clie nt Produc t Guide Contents V iewing reports for fire wall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 V iew unrecognized Internet ap plications . . . . . . . . . . . . . . . . . . . . . .
7 1 Introduction SonicWALL Enforced Client Anti-Vi rus and Anti-Spyware, referred to in this guide as En forced Client, safeguards your computers automatically , and its advanced feat ures let you customize your business’s security strategy.
8 Enforced Clie nt Product G uide Introducti on What is Enfo rced Client ? 1 What is Enforced Client? Enforced Client delivers comprehensive securi ty as a service for all the computers on your account.
9 Enforced Clie nt Product G uide Introducti on What is Enfo rced Client ? 1 Select the right versio n of Enforced Client Select the version that best supports your needs.
10 Enforced Clie nt Produc t Guide Introducti on What is Enfo rced Client ? 1 The email s erver securit y application i s avai lable with Enforced Cl ient Advanced. Detailed documentation on this appli cation is available on the CD or in the down loadable installer accessible from the Soni cWALL download center.
11 Enforced Clie nt Produc t Guide Introducti on What is new in this release? 1 What is new in this release? New features Changes in support New feature Description Browser prote ction service Protects client computers against we b-based threats while searching and browsing.
12 Enforced Clie nt Produc t Guide Introducti on How does the software work? 1 How does the software work? Enforced Client impleme nts a thre e-prong approach to security by: 1 Silently monitoring all.
13 Enforced Clie nt Product G uide Introducti on How does th e software work ? 1 Updates can occur in three wa ys, enabling yo u to use netw ork resources efficiently. Figure 1-2 Methods for updating client computers In a simple scenario, each client computer on your account has a direct connection to the Internet and checks for new updates.
14 Enforced Clie nt Product G uide Introducti on How does th e software work ? 1 The detection definition ( DAT ) files on the Internet site are regularly updated to add protection against new threats.
15 Enforced Clie nt Produc t Guide Introducti on How does the software work? 1 If so, the client computer retr ieves the update from a peer. (Dig ital signatures are checked to verify that the computer is valid.) If not, the client computer retrieves th e update directly from the update site.
16 Enforced Clie nt Product G uide Introducti on Managing with the on line SecurityCenter 1 Managing with the on line SecurityCenter To manage your account via the SecurityCenter, use the URL you received in an email message from your service provider.
17 Enforced Clie nt Produc t Guide Introducti on Managing with the on line SecurityCenter 1 The SecurityCenter’s ma in page shows a status summary for all th e protection services you have purchased.
18 Enforced Clie nt Product G uide Introducti on Managing with the on line SecurityCenter 1 User groups Each computer running the client software belongs to a group. A group consists of one or more computers using the same security settings (called po licies ).
19 Enforced Clie nt Product G uide Introducti on Managing with the on line SecurityCenter 1 Customized policies After installation, Enf orced Client protects client com puters from threats immediat ely using default security set tings. Howe ver, you might want to change the way some features are implemented for some or all of your co mputers.
1 Create a Sales Team group and a Sales polic y. 2 Assign the Sales policy to the Sales Team group. 3 Client software running on computers in the Sa les Team group perform s the tasks defined in the Sales policy: 4 Client software sends security data for each client computer to the SecurityCent er.
21 Enforced Clie nt Product G uide Introducti on Using this guide 1 Conventions This guide uses the following conven tions: Bold Condensed All words from the user interface, includ ing options, menus, bu ttons, and dialog box names. Example: Type the User name and Password of the desired account.
22 Enforced Clie nt Product G uide Introducti on Getting product information 1 Getting product information Several types of information are available to meet the spe cific needs of client computer users and administrators.
Email security service See Chapter 7, Using the Email Security Service for instructions on setting up and using basic fe atures of the email security service. Links are available from the SecurityCenter website to th e e mail security service’s web portal, where you can configure the service, access its administration guide, and view reports.
24 Enforced Clie nt Produc t Guide Introducti on Getting product information 1.
25 2 Installing Enforced Client This section describes what happens after y ou pur chase the hos ted services in E nforced Client and Enforced Client Advanced, provides system requirements, and ex plains how to install the virus and spyware protection servic e, firewall protection se rvice, and browser protection service.
26 Enforced Clie nt Product G uide Installing Enf orced Client After you place your order 2 After you place your order When you place an order for Enforced Client, you supply an email address, and your account is associated with that email addr ess. After you submit your order: 1 SonicWALL processes your order.
27 Enforced Clie nt Produc t Guide Installing Enf orced Client System requirements 2 System requirements Enforced Client is designed for Microsof t Windows operating systems running on a PC platform. It installs and r uns on co mputers equipped with: An Intel Pentium processo r or compatible architecture .
28 Enforced Clie nt Product G uide Installing Enf orced Client System requirements 2 Operating system support ending Support for these Windows operating systems is en d ing with Enforced Cl ient version 4.5. Windows 95 Windows 98 Windows ME Windows NT 4.
29 Enforced Clie nt Product G uide Installing Enf orced Client System requirements 2 RAM Minimum virus and spyware protection Minimum firewall protection* Recommended Windows 2000 64 MB 256 MB 256 MB .
30 Enforced Clie nt Produc t Guide Installing Enf orced Client System requirements 2 Terminal servers Enforced Client supports terminal servers and the Windows fast us er switching feature in most scenarios, with these lim itations: Enforced Client must be installed on the server by someone with local administrator privileges.
31 Enforced Clie nt Produc t Guide Installing Enf orced Client Before you install 2 Before you install Complete thes e procedures on each computer to prepare for i nstalling th e client soft ware: .
32 Enforced Clie nt Produc t Guide Installing Enf orced Client Before you install 2 SonicWALL products auto matically detected Non-SonicWALL products au tomatic ally detected SonicWALL Enterprise .
33 Enforced Clie nt Product G uide Installing Enf orced Client Before you install 2 Uninstall existing firewall software Before installing the fi rewall protecti on service, we recommend th at you uninstall any other firewall programs on your computer.
34 Enforced Clie nt Produc t Guide Installing Enf orced Client Before you install 2 Install the standalone installation agent To allow users without administrator rights to install Enforced Client on client computers using the URL method, you must first load a standalone installation agent on their client computers.
35 Enforced Clie nt Produc t Guide Installing Enf orced Client Installing Enfor ced Client 2 Installing Enforced Client Install the client software in any of the following ways: Standard URL installation Use the URL you received in your welcome emai l message to install the software on your computer and access the Secur ityCenter website.
36 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 Sending an installation URL to users As the administrator, you can obtain the comp any-specific installa tion URL in two ways: After signing up for Enforced Client, you rece ive an email message containing the URL that has been set up for your company.
Figure 2-1 Inte rnet URL installation 37 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 2 Select the services to install if you are prom pted to do so, type your email address in the Email or identifier field, and click Continue .
38 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 Advanced installation methods Administrators can use the advanc ed installation methods to instal l the Enforced Client client software without user interaction.
39 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 Silent installation VSSETUP is an executable file for installing Enforc ed Client on a client computer with no user interaction. This installation me thod is not network-specific a nd installs the software on any Windows operating system.
40 Enforced Clie nt Produc t Guide Installing Enf orced Client Installing Enfor ced Client 2 You must know your company key (t he series of characters in the installation URL after the characters CK= ). Installation To install Enforced Client silently: 1 From your web browser, log on to your SecurityCenter.
41 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 VSSETUP parameters For a silent installation, use this command li ne and any of the following parameters (which are not case-sensitive): VSSETUP.EX E /CK=<your c ompany key> / <parameters > /CK=XYZ Required .
42 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 Push installation Push means deploying remotely to one or more com puters in a network. Th is method uses the Push Install utility to deploy th e client software directly from your service pr ovider’s website to client computers on your network.
43 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 To perform a push installation: 1 Download the Push Install utility from the SecurityCenter. 2 Initiate a push to one or more client computers. 3 Optional. Initiate a push to one or more relay servers.
44 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 Installation To install Enforced Client u sing the Push Install utility: 1 On the administrative computer, open the web br owser, log on to the SecurityCenter, then click Install Protection .
45 Enforced Clie nt Product G uide Installing Enf orced Client Installing Enfor ced Client 2 After installati on is complete, a status for eac h target computer i s displayed. Figure 2-6 Status for target computers 10 Click View Log to open a log file in Microsoft Notepa d that shows the status of the current session, then save the file.
46 Enforced Clie nt Produc t Guide Installing Enf orced Client Completing th e installation 2 You can specify one or more computer s as a relay server in two ways: Using the Push Install uti lity .
47 Enforced Clie nt Product G uide Installing Enf orced Client Completing th e installation 2 Test virus protection Test the virus-detection feature of the virus and spyware protection se rvice at any time by downloading the EICAR Standard An tiVirus Test File at the client computer.
48 Enforced Clie nt Produc t Guide Installing Enf orced Client Completing th e installation 2 Scan the email Inbox After installing the virus and spyware protec tion service for the fi rst time, we re commend running an on-demand email scan be fore proceeding.
49 Enforced Clie nt Product G uide Installing Enf orced Client What should I do aft er installing? 2 What should I do after installing? After installing E nforced Client, cl ient computer s are protec.
50 Enforced Clie nt Produc t Guide Installing Enf orced Client What should I do aft er installing? 2.
51 3 Using Enforced Client Enforced Client consists of two ma in components for managing security: The client sof tware: Softwar e installed on each client co mputer. The client software runs in the background to download update s and protect the computer fro m threats.
52 Enforced Clie nt Product G uide Using Enforce d Client Using the client software 3 Using the client software After installing Enforced Client , the software runs on each cl ient computer to immediately protect it from threats such as viruses and intrusions.
53 Enforced Clie nt Product G uide Using Enforce d Client Updating client computers 3 Client menu Click in the system tr ay to access these optio ns: Scan T asks: Displays a submenu for accessing features of the virus and spyware protection service.
54 Enforced Clie nt Product G uide Using Enforce d Client Updating client computers 3 Users can check for updates manuall y at any time. In addition, yo u can configure optional policy settings for updating tasks.
55 Enforced Clie nt Produc t Guide Using Enforced C lient Using the Secur ityCenter 3 For maximum protection, configure your policies to check for an outbreak DAT file every hour (see Enable optional protection on page 97 ). This feature is enabled by default.
Setting up your account Viewing your security services at-a-glance Managing yo ur computers Creating groups to manage your site Designating group administrators Setting up policies Viewing reports Man.
57 Enforced Clie nt Product G uide Using Enforce d Client Getting started 3 Getting started The SecurityCenter website help s you locate information easily.
Figure 3-1 SecurityCenter tabs 58 Enforced Clie nt Product G uide Using Enforce d Client Getting started 3.
59 Enforced Clie nt Product G uide Using Enforce d Client Getting started 3 Make the most of your online data Each SecurityCenter page incl udes features for displaying the exact data you need and using it efficiently. Figure 3-2 Page controls for listings and reports 1 2 3 4 5 6 7 8 1 Print the current page.
60 Enforced Clie nt Product G uide Using Enforce d Client Getting started 3 Customize listings and reports Select the information to display or the order in which it appears. To filter information: At the top of a page, select the information to display (group name , period of time, or type of information).
61 Enforced Clie nt Product G uide Using Enforce d Client Getting started 3 Using the online help Online help is available fro m any page on the SecurityCent er website by clicking the help ( ? ) link in the top-right corner of the page. The he lp window provides information about the page from which it wa s called.
62 Enforced Clie nt Product G uide Using Enforce d Client Setting up your a ccount 3 Setting up your account Configure your contact informat ion so that you receive important notices from your service provider.
63 Enforced Clie nt Product G uide Using Enforce d Client Viewing your security services at-a-gla nce 3 Viewing your security services at-a-glanc e The SecurityCenter page is your “home” page on t.
64 Enforced Clie nt Product G uide Using Enforce d Client Viewing your security services at-a-gla nce 3 From the SecurityCenter page, you can: Install protec tion servic es View and resolve ac.
65 Enforced Clie nt Product G uide Using Enforce d Client Managing your computers 3 To view instructions for resol ving an action item: On the SecurityCenter page or the Computer Details page, click an action it em.
Figure 3-4 Computers page 66 Enforced Clie nt Product G uide Using Enforce d Client Managing your computers 3 Select the information th at appears on this page: Groups — Display only the computers in a group or display all computers. Report perio d — Specify the length of time for which to display information.
67 Enforced Clie nt Product G uide Using Enforce d Client Managing your computers 3 View duplicate computers View computer profiles Search for computers Use this feature to find a pa rticular computer in your listings.
Figure 3-5 Computer Details page 1 2 3 4 1 Update the email address. For System email address , type a new email address, then click Save . 2 Move the computer into a new group. For Group , select a group from the list, then click Save . 3 Display instructions for resolving an action item.
69 Enforced Clie nt Produc t Guide Using Enforced C lient Managing your computers 3 View detections for a computer Use this feature to view all the dete ctions for a single client computer. To view detections: 1 On the Computers page, click a quantity under Detections to display a list of detected items and their status.
70 Enforced Clie nt Product G uide Using Enforce d Client Creating groups t o manage your site 3 Block computers from receiving updates Use this feature to prevent unauthorized computers that are connecting to your network (sometimes call ed rogue systems ) from receiving service updates.
71 Enforced Clie nt Product G uide Using Enforce d Client Creating groups t o manage your site 3 By default, every computer in your ac count is placed into a group called Default .
72 Enforced Clie nt Product G uide Using Enforce d Client Designating group ad ministrators 3 The Default group uses the SonicWALL Def ault policy, which is configured with settings recommended by SonicWALL to protect most or ganizations. You can as sign a different policy to the De fault group.
Figure 3-7 Site and group administrators 1 The site administrator communicates direct ly with the SecurityCenter to create policies, check reports, and maintain the Enforced Client account. 2 The site adminis trator creates and manages grou p administrators.
74 Enforced Clie nt Produc t Guide Using Enforced C lient Designating group ad ministrators 3 What can group administrators do? The access level you assign determines which ta sks group administrators can perform for their groups. You specify the access level when you create the group administrator’s account, and you can edit it at any time.
75 Enforced Clie nt Produc t Guide Using Enforced C lient Setting up policies 3 Your local email applic ation opens a preaddresse d message explaining how to log on to the SecurityCenter, assigned groups, and instruct ions for accessing information about their responsibilities.
76 Enforced Clie nt Product G uide Using Enforce d Client Setting up policies 3 The SonicWALL Default policy Until you create additional policies, all computers are assigned the SonicWALL Defau lt policy, which is configured with setti ngs recommended by SonicWALL to protect man y environments.
77 Enforced Clie nt Produc t Guide Using Enforced C lient Setting up policies 3 Create or edit a policy Use this procedure to na me a policy and configure its security settings. To create or edit a policy: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
78 Enforced Clie nt Product G uide Using Enforce d Client Viewing reports 3 Delete a policy Use this procedure to remove a policy you have created from your account. You cannot delete the SonicWALL Default policy. To delete a policy: On the Groups + Policies page, next to a policy name click Delete .
79 Enforced Clie nt Product G uide Using Enforce d Client Viewing reports 3 Why use reports? Reports provide valuable tools for managing your security strategy.
80 Enforced Clie nt Product G uide Using Enforce d Client Viewing reports 3 View duplicate computers Use the Duplicate Computers report to locate compute rs that are listed more than once in your reports.
81 Enforced Clie nt Product G uide Using Enforce d Client Managing your correspondence 3 View computer profiles Use the Computer Profiles report to view the version of the Windows operating system and the Internet Explorer web browser running on client computers.
82 Enforced Clie nt Produc t Guide Using Enforced C lient Managing your correspondence 3 Send email to users Use email to send important information about corporate security to your users: Send reports or listings as an attached archived web page in .
83 Enforced Clie nt Produc t Guide Using Enforced C lient Managing your subscrip tions 3 If your logo file is not the correct size, the SecurityCenter resizes it to fit the allotted area and displays a preview of how it will appear on reports. Click A pprove to accept th e resized logo, or Delete and Resubmit to select a different file.
84 Enforced Clie nt Product G uide Using Enforce d Client Managing your subscrip tions 3 Update subscription information Use the Subscription History page to update the contact and ac count information for each of your protection service subscriptions .
85 Enforced Clie nt Produc t Guide Using Enforced C lient Getting assista nce 3 Request a trial subscription To try a protection service free of charge for 30 days, you can reques t a trial subscription. You’ll have the opportunity to try all the features.
86 Enforced Clie nt Product G uide Using Enforce d Client Getting assista nce 3 Download utilities Access utilities to assist wi th installing cl ient software and trou bleshooting installati on problems from the Utilities page. To download utilities: On the Help page, click Utilities , then click a link .
87 4 Using the Virus and Spyware Protection Service The virus and spyware protection service in Enforc ed Client safeguards cl ient computers against threats, such as viruses a nd potentially unwanted program s, by scanning files and email messages as they are accessed .
Figure 4-1 Scan Tasks menu Scan... Select a location to scan ( My Computer , My Documents Folder , or Floppy A ). Click Scan Folder... to browse to a folder of y our choice. Quarantine Viewer (administrative menu only) Open the quarantine folder, which contains possible threats detected on the computer (see Manage quarantined files on page 109 ).
89 Enforced Clie nt Produc t Guide Using the Vir us and Spy ware Protec tion Servi ce Scanning client computers 4 Scanning client computers The virus and spyware protection service safegua rds computers by automa tically scanning for viruses and spyware.
90 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Scanning client computers 4 Scan manually ( on-demand scans) The virus and spyware protection service automatica lly scans most files when they are accessed. However, users can scan a particular drive or fo lder at any time.
91 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Scanning client computers 4 To view results of a manual scan: In the Scan Completed dialog box, click Report to display the Scan Statistics report.
92 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Scanning client computers 4 Schedule on-demand scans Schedule an on-demand scan to occur at a specif ic date and time, either once or on a recurring basis. For example, you might want to scan client computer s at 11:00 P.
93 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Scanning client computers 4 2 Select one or more detecti ons, then select an action: Clean Place an encrypted original copy of e ach se lected item in a qu arantine folder, then attempt to clean it.
94 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 Configuring policies for virus and spyware protection Policies define th e operational settings for all your protec tion serv ices.
95 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 To schedule an on-demand scan: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
96 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 Set advanced virus protection options On the Groups + Po.
97 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 To specify optional scans: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
98 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 Set basic spyware protection options On the Groups + Policies page, use the Spyware Protection tab to configure ba si c settings for spyware protection.
99 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 Select a spyware protection mode You can specify how the v irus and spyware protection service r esponds to detections of potentially unwanted program s on client computers.
100 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Configuring poli cies for virus and sp yware protection 4 Learn mode Report mode can be used as a “learn mode” to help you determine whic h programs to approve (see Specify ap proved programs on pag e 101 ).
101 Enforced Clie nt Produc t Guide Using the Vir us and Spy ware Protec tion Servi ce Configuring poli cies for virus and sp yware protection 4 To specify programs to detect: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
102 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Viewing reports for virus and spyware detections 4 Viewing reports for virus and spyware detections Whenever a client computer chec ks for updates, it also sends da ta to the SecurityCenter in encrypted XML files.
103 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Viewing reports for virus and spyware detections 4 Select the information that appe ars in this report: Groups — Display only the computers in a group or display all computers.
104 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Viewing reports for virus and spyware detections 4 View unrecognized programs Use the Unrecognized Programs report to view a list of unapproved programs that the spyware protection service or firewall protectio n service detected on your network.
105 Enforced Clie nt Produc t Guide Using the Vir us and Spy ware Protec tion Servi ce Viewing reports for virus and spyware detections 4 Using the Unrecognized Program s report When you want to.. . Do this... Display computers or detections Click next to a name: Under a computer name, show which detections were found.
106 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Viewing reports for virus and spyware detections 4 View your detection history Check the Detection History report for a graphical overview of the number of detections and the number of computers where dete ctions occurred over the past year on your network.
107 Enforced Clie nt Produc t Guide Using the Vir us and Spy ware Protec tion Servi ce Managing detections 4 Managing detections To effectively manage your strategy for virus and spyware protection, we recommend that you proactively track the types of threats bei ng detected and where they are occurring.
108 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Managing detections 4 Manage quarantined files When the virus and spyware protection service dete cts a threat on a cl ient computer, it atte mpts to clean the item where the threat is dete cted.
109 Enforced Clie nt Product G uide Using the Vir us and Spy ware Prot ection Servi ce Disabling on-access scanning 4 4 Check the status of each item: Cleaned The rescan action was successful. You can safe ly restore the item. Clean failed The item cannot be cleaned.
110 Enforced Clie nt Produc t Guide Using the Vir us and Spy ware Protec tion Servi ce Disabling on-access scanni ng 4.
111 5 Using the Firewall Protection Service The firewall protection service in Enforced Client safeguards against in trusions by monitoring inbound and outbound communications on client computers. It checks: IP addresses and communicati on ports that attempt to comm unicate with your computer.
112 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Configuring policies fo r firewall p rotection Policies define th e operational settings for all your protec tion serv ices. See Setting up policies on page 75 for general inf ormation about using policies.
Figure 5-1 Desktop Firewall policy tab 113 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Specify who configures fire wall pr.
114 Enforced Clie nt Produc t Guide Using the Fir ewall Protectio n Service Configuring po licies for fir ewall protecti on 5 How do user settings and admi nistrator settings coexist? When you select Administrator configures firewall , any firewall settings th at users have configured on their computers are saved.
115 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Select a firewall protection mode Specify how the firewall protection service responds to suspici ous activity on cl ient computers.
116 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Specify a connection type The connection type defines the environment wher e client computers are used and determines which IP addresses and ports th e firewall protection service allows t o communicate with them.
117 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Configure IP addresses for a custom connection Configure system servic.
118 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Remote Assistance Y ou can add other service ports as needed.
119 Enforced Clie nt Produc t Guide Using the Fir ewall Protectio n Service Configuring po licies for fir ewall protecti on 5 T o open a service po rt: 1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy). 2 Click the Desktop Firewall tab.
120 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 Configure IP addresses for a custom connection In addition to accepting co mmunications through the selected service por ts, client computers accept communications originating from desig nated IP addresses.
121 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Configuri ng policies for fir ewall protecti on 5 2 A list of safe applications that SonicWALL mainta ins on the www.hacker watch.org website. By default, the firewall protection service allows applic ations that appear on this list.
122 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Viewing repo rts for firewal l protection 5 Viewing reports for firewall protection Whenever i t checks for upd ates, each client com puter also se nds data to t he Security Center website in encr ypted XML files.
123 Enforced Clie nt Product G uide Using the Fir ewall Protectio n Service Viewing repo rts for firewal l protection 5 Using the Unrecognized Program s report View inbound events bl ocked by the fire.
124 Enforced Clie nt Produc t Guide Using the Fir ewall Protectio n Service Managing suspicious activity with best pr actices 5 Using the Inbound Events Blocked by Firewall report Managing suspicious .
125 Enforced Clie nt Produc t Guide Using the Fir ewall Protectio n Service Managing suspicious activity with best pr actices 5 Before install ing the firewall protection servic e on a server, ensure that the server’ s system services and Internet a pplications are configured corre ct ly.
126 Enforced Clie nt Produc t Guide Using the Fir ewall Protectio n Service Managing suspicious activity with best pr actices 5.
127 6 Using the Browser Protection Service The browser protection service in Enforced Client, based on S onicWALL SiteAdvisor ™ , displays information to safe guard client computer users against web-based threats: A safety rating for each website (see How safety ratings are compiled on page 128 ).
128 Enforced Clie nt Product G uide Using the Bro wser Prot ection Servi ce Accessing s ite safety infor mation 6 How safety ratings are compiled Safety ratings are derived by test ing criteria for each website and evaluati ng the results to assess whether the site poses a risk a nd, if so, what type of risk.
129 Enforced Clie nt Product G uide Using the Bro wser Prot ection Servi ce Accessing s ite safety infor mation 6 Staying safe while browsing When users browse to a websit e, the SiteAd visor toolbar .
130 Enforced Clie nt Produc t Guide Using the Bro wser Protec tion Servi ce Configuring brow ser protection settings 6 Viewing safety reports Users can supplement the color-coded safety information for a site by viewing its detailed safety report.
131 Enforced Clie nt Product G uide Using the Bro wser Prot ection Servi ce Configuring brow ser protection settings 6 3 Select Automatically install browser protection ser vice on all computers using this policy , then click Save .
132 Enforced Clie nt Product G uide Using the Bro wser Prot ection Servi ce Submitting feedba ck 6 Submitting feedback SonicWALL encourages feedback about websites: Users can describe suspicious or dangerous behavior they en counter when visiting a site.
133 7 Using the Email Security Service The email security service in Enforced Clie nt Advanced scans messages be fore they are received by client computers and quarantines detections. Your service checks for spam, phishing scams, viruses, directory harvest atta cks, and other email- borne thre ats in messages and attachments.
134 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Activating th e email sec urity service 7 Activating the email security service Activate your email security service through a unique reg istration webs ite, which you access from the SecurityCente r website.
Figure 7-1 Email security service’s portal 135 Enforced Clie nt Product G uide Using the Email Se curity Servi ce Setting up your a ccount 7 Setting up your account When your account is acti vated, you can set it up to filter emai l for users in its activation domain, the domain you specified in the activation wizard.
136 Enforced Clie nt Product G uide Using the Email Se curity Servi ce Setting up your a ccount 7 Default settings As soon as your email security service is activated , default functionality and features are configured. Two users appear on the Users tab: Your administrator login address.
137 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Setting up your a ccount 7 3 Set up your email ser ver to prevent spam and viruses from circumven ting the email security service.
138 Enforced Clie nt Product G uide Using the Email Se curity Servi ce Setting up your a ccount 7 4 Do you want to manage a ll users’ quaran tined messages in one central quarantine, rather than sep.
139 Enforced Clie nt Product G uide Using the Email Se curity Servi ce Viewing your email p rotection status 7 Access basic administration featur es on the Administration page: Summary This chart can be helpful for Help Desk personnel.
140 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Viewing your email p rotection status 7 To view the status of your service: 1 On the SecurityCenter websi te, click the SecurityCenter tab. 2 Under Your email protection , check your emai l statistics.
141 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Configuring a poli cy for email security 7 Configuring a policy for email security Configure security settings for your email securi ty service by setting up a policy. (You can set up only one policy for you r email security service account.
142 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Managing quarantined emai l 7 Managing quarantined email The email s ecurity servic e quarantines e mail mess ages that contain detect ed spam, phishing, and virus threats.
143 Enforced Clie nt Product G uide Using the Email Se curity Servi ce Getting more information 7 T o restore quarantined email to an Inbox: Provide these instructions to your users: 1 Open the Quarantine Summary . 2 T o restore a message, click Deliver .
144 Enforced Clie nt Produc t Guide Using the Email Se curity Servi ce Getting more information 7.
145 8 Troubleshooting For help installin g, using, and maintaining Enfo rced Client, refer to fre quently asked questions or specific error messages and their so lutions.
146 Enforced Clie nt Produc t Guide Troubleshoo ting Frequently asked questions (FAQ) 8 Frequently asked questions (FAQ) This section includes questions asked by administrators and client computer users.
147 Enforced Clie nt Produc t Guide Troubleshoo ting Frequently asked questions (FAQ) 8 Adding, renewing, and moving licenses I purchased li censes for new c omputers, but the new computers don’t show up on my reports.
148 Enforced Clie nt Produc t Guide Troubleshoo ting Frequently asked questions (FAQ) 8 Why would I want to specify excluded fi les and folders or approved programs? Specifying excluded files and folders from scanning can be useful if you know a particular type of file is not vulnerable to atta ck, or a particular folder is sa fe.
149 Enforced Clie nt Product G uide Troubleshoo ting Frequently asked questions (FAQ) 8 If you upgraded or purchased addi tional services using a new emai l address, you r eceived a new company key and URL for a new account instead of adding licenses to your existing account.
150 Enforced Clie nt Produc t Guide Troubleshoo ting Frequently asked questions (FAQ) 8 How can I stop errors from showing up in my re ports when automatic up dates fail on systems where no user is logged on? For certain system configurati ons, automatic updates do not o ccur on systems where no user is logged on.
151 Enforced Clie nt Produc t Guide Troubleshoo ting Frequently asked questions (FAQ) 8 Browser protection Can users run the browser protection service fo r Internet Explorer and Firefox on the same computer? Yes. The browser protection service f or Internet Ex plorer and Firefox are compatible on the same computer .
152 Enforced Clie nt Product G uide Troubleshoo ting Error messages 8 I use Windows XP Service Pack 2, and I get a me ssage that my computer may be at risk. What does this mean? This is a known problem with Microsoft Securi ty Center, because Micr osoft cannot determine that Enforced Client is installed and up-to-d ate.
153 Enforced Clie nt Produc t Guide Troubleshoo ting Error messages 8 MyASUtil.SecureObje ctFactory error message MyINX Error Unable to connect to the En forced Client update server Un.
154 Enforced Clie nt Produc t Guide Troubleshoo ting Error messages 8 The security leve l of th e browser is too high. Set the browser’s s ecurity level to Medium or Medium-h igh (see Configure your browser on page 33 ). Internet Explorer i s blocking ActiveX controls.
155 Enforced Clie nt Produc t Guide Troubleshoo ting Error messages 8 Installation Denied Common causes and solutions: When you begin the installation, Internet Explorer displays a dialog box asking you to verify that you want to install Enfo rced Client.
156 Enforced Clie nt Product G uide Troubleshoo ting Error messages 8 If there is another comment in the Status column, contact product support with that information. MyINX Error The installer has detected other virus protec tion software on the computer, which you must uninstall: 1 From the Windows Control Panel , open Add/Remove Programs .
157 Enforced Clie nt Produc t Guide Troubleshoo ting Error messages 8 From Windows Control Panel , open In ternet Options. 2 Under Temporary Internet Files , click the Del ete Files button. 3 Select Delete all offline content , then click OK . An hourglass appears while the files are being deleted.
158 Enforced Clie nt Produc t Guide Troubleshoo ting Contacting product s upport 8 Contacting product support There are three ways to contact product support. By email To contact product support via email, refer to your welcome email for your service provider’s support address.
161 Glossary action item Indicator of a p otential vulnerability in your organization’s security th at re quires attention. Action items appear in red on the Secu rityCenter website in three locations: SecurityCenter page, Computer Details page, and in reports (as dates).
162 Enforced Client An ti-Virus and Anti -Spyware 4.5 Prod uct Guide Glossary Clean Failed The virus and spyware protection service could not clean or delete the item. This might indicate that the item is in use; if so, cl ose it and attempt t h e clean again.
163 Enforced Client An ti-Virus and Anti -Spyware 4.5 Prod uct Guide Glossary email security service A web-based service that safeguards small bu siness computers by automatica lly routing email messages through SonicWALL’s serv ers and scanning for dangerou s and inappropriate content before delivering the messages to the local network.
164 Enforced Client An ti-Virus and Anti -Spyware 4.5 Prod uct Guide Glossary outbreak DAT file A special detection definition file marked as Medium or High importance and released by SonicWALL Avert Labs in response to an outbr eak.
165 Enforced Client An ti-Virus and Anti -Spyware 4.5 Prod uct Guide Glossary reports Data uploaded by client co mputers to th e SecurityCenter an d formatted for the administrator; information on the account’s security status for the administrator.
166 Enforced Client An ti-Virus and Anti -Spyware 4.5 Prod uct Guide Glossary untrusted connection A direct connection to the Internet, such as a wireless network in a public airport or hotel. The firewall protection service blocks comm unications from other de vices on an untrusted network (it considers them to be unsafe).
167 A User Interface Definitions Login page Use this page to log on to the SonicWALL Secu rityCenter website, wh ere you can manage your account and view reports. Log on to the SecurityCenter Change your SecurityCenter password Email Address Type the e mail address for your accou nt.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 168 A Computers tab Use this page to manage client computers where Enforced Client is inst alled. You can display all computers or one of the groups you have create d, then select individua l computers to manage or view details.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 169 A Item Description Find computers Type a full or partial computer name , email address, IP address, or relay server name in the box, then click Search to display computers matching your s earch criteria.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 170 A Reports tab Use this page to access ad ministrative reports. T he information in these rep orts is uploaded from client computers hourly.
Enforced Clie nt Product G uide User Interfa ce Definitions 171 A Groups + Policies tab Use this page to create a nd manage groups and policies: A group consists of one or more computers that us e the same security se ttings. Create groups to organize computers so that you can manage them more easily.
Enforced Clie nt Product G uide User Interfa ce Definitions 172 A My Account tab Use this page to manage information for your protection services account.
Add Select this link to create a new group administrator account or edit an existing account. All group administrators Select this link to open a page where you can view and edit all groups administrator accounts for your or ganization.
Enforced Clie nt Product G uide User Interfa ce Definitions 174 A Help tab Use this page to access online product documentation and to contact customer support.
Enforced Clie nt Product G uide User Interfa ce Definitions 175 A Installing Enforced Client Standard URL installation Using the portal Install products onto new computers (not yet managed.
Select Text and Copy to Clipboard To send users a URL they can use to install on their computers, first click this button. Then open a bl ank ema il message, paste the text you copied in to its body, and send it to users who need to install the protection service(s).
Enforced Clie nt Product G uide User Interfa ce Definitions 177 A Install Email Security Service Use this page to reference configuration info rmation for your Mail eXchange (MX) records, contact support, and access the email security se rvice’s portal, where you can manage and view reports for the email security service .
Enforced Clie nt Product G uide User Interfa ce Definitions 178 A Product Purchase Use this page to purchase new or additional licenses for SonicW ALL protection services or sign up for a trial subscription.
Email button Click to open a blank email messa ge addressed to the selected computers. (You must have a clie nt email application ins talled to use this feature.) Delete Click to delete the selected computers from your listing. Use this feature to delete dupli cate and obsolete computers.
Computer Details section Lists information abou t the computer and pr otection services. System email address Shows the email address used to contact the user. To change the address, type a new address. Group Shows the group to which this co mputer belongs.
Enforced Clie nt Product G uide User Interfa ce Definitions 181 A View user-approved applications for a computer Specify approved programs Set up allowed Internet applications Name Shows the name of the detected application.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 182 A Detections report (by computer) Use this report to view and ma nage detections and the computers where de tections occurred. You can display all com puters o r a subset, then select i ndividual computers fo r managing or viewing details.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 183 A Detections report (by detection) Use this report to view and ma nage detections and the computers where de tections occurred.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 184 A Unrecognized Programs report (by computer ) Use this report to view and manage detected pr ograms that were not recognized by the virus and spyware protection service or firewall protec tion servic e, and the computers where these programs were detected.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 185 A Unrecognized Programs report (by program) Use this report to view and ma nage detected progr ams not rec ognized by the virus and spyware protection service or firewall protection service, and the com puters where these programs were detected.
Enforced Clie nt Product G uide User Interfa ce Definitions 186 A Inbound Events Blocked by Firew all report (by originating computer) Use this report to view and ma nage blocked communications sent to client computers, and the computers where these communicati ons originat ed.
Enforced Clie nt Product G uide User Interfa ce Definitions 187 A Inbound Event List Use this page to view detail ed information about inbound communi cations that were blocked by the firewall pr otection service. The Computer and Report period selected on the previous page determine the content of th is listing.
Groups Select the group of computer s to display. If you have not created an y groups, this option does no t appear. Email button Click to open a blank email messa ge addressed to the selected computers. (You must have a local email application installed to use this feature.
Groups Select the group of computer s to display. If you have not created an y groups, this option does no t appear. Operating system version Select a version to display only th e computers running that ver sion. Only the operating syst ems running on client computers are listed here.
Groups Select the group of computer s to display. If you have not created an y groups, this option does no t appear. Display by Select increments in which to display historical information: Detections Found Shows the total numbe r of detectio ns for your account over the past year.
Name Type a new name for the group if you want to rename it. Policy Select a policy from the list if you want to assign a different one. The current policy is displayed, an d all available policies appear in the list. If you have not cr eated any policies, only th e SonicWALL Default policy appears.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 192 A Configuring policies fo r firewall protection Configuring browser protecti on from the SecurityCenter The SonicWALL Default policy Item Description Virus Protection Scheduled On-Demand Scan Disabled : No on-demand scan is scheduled.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 193 A Update client computers where users are not logged in Enabled. A utomatic updates occur on comput ers where no user is logged on, for example, terminal servers an d computers where the fast user switching feature is used.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 194 A Edit Policy: Virus Protection Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 195 A Edit Policy: Spyware Protection Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 196 A Edit Policy: Desktop Firewall Setting s Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 197 A Item Description Policy name Type a new name for the policy if you want to rename it.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 198 A Firewall Custom Settin gs Use this page to define custom settings for the environment where cl ient comp uters operate.
Enforced Clie nt Product G uide User Interfa ce Definitions 199 A Configure IP addresses for a custom connection Allowed Incoming Connections Specifies the system service port s through which comput ers using this policy can communicate. Allow Select the checkbox ne xt to each port you want to enable.
Enforced Clie nt Product G uide User Interfa ce Definitions 200 A Edit Policy: Browser Protection Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 201 A Advanced Virus Protection Settings Select additional protection feat ures for the virus and spyware protection service. If none of these features are selected, the service still detects viruses.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 202 A Add Policy: Virus Protection Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Policy name Typ e the name of the new policy. On-Demand Scan Regardless of this setting, on-access scans occur every time users run, open, or download files. Excluded Files and Folders Lists files, folders, and file na me extensions that the virus and spyware protection ser vice does not scan for viruses.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 204 A Add Policy: Desktop Firewall Settin gs Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 205 A Item Description Policy name Typ e a name for the new policy. Firewall Configuration Select who manages the firewall protection servic.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 206 A Add Policy: Browser Protection Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 207 A Add Policy: Advanced Settings Policies are made up of security set tings for all of your pro tection services . These settings define how your services operate on client computers. Use this page to create a polic y and configure its advanced viru s and spyware pr o tection settings.
Enforced Clie nt Produc t Guide User Interfa ce Definitions 208 A Advanced Virus Protection Settings Select additional protection feat ures for the virus and spyware protection service. If none of these features are selected, the service still detects viruses.
Enforced Clie nt Product G uide User Interfa ce Definitions 209 A Subscription History Use this page to view all your existing and previous licenses for SonicWALL protection services. Your service provider determines what type of information appears on this page, so you might not see some of the columns described below.
View Cancelled Services Select this link to open a page listing service subscr ipt ions that are no longer current. If you are already viewing a list of cancelled subscriptions, a link to display current subscriptions appears instead. Managed Services Lists the name of the Soni cWALL protection service.
Enforced Clie nt Product G uide User Interfa ce Definitions 211 A Manage Group Administrators Use this page to add a group admi nistrator account or modify the settings for an existing account. You can distribute manage ment tasks within your organizati on by creating group administrators.
Add Administrator Click to create a group administrator account. Name Shows the name you entered for identification purp oses when you created the group administrator account. Email Address Select an address to open a bla nk email message addressed to the group adminis trator.
Enforced Clie nt Product G uide User Interfa ce Definitions 213 A Edit Profile Use this page to modify the information your service provider uses to notify you about issues related to your account. Some fiel ds are optional; fields that you must f ill in are labeled as required.
Enforced Clie nt Product G uide User Interfa ce Definitions 214 A Install the standalone installation ag ent Silently install protection services on client computers Select the VSSetup link to download the silent installation package, which enables you to remotely depl oy Enforced Client on a client computer with no user interaction.
An important point after buying a device SonicWALL 4.5 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SonicWALL 4.5 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SonicWALL 4.5 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SonicWALL 4.5 you will learn all the available features of the product, as well as information on its operation. The information that you get SonicWALL 4.5 will certainly help you make a decision on the purchase.
If you already are a holder of SonicWALL 4.5, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SonicWALL 4.5.
However, one of the most important roles played by the user manual is to help in solving problems with SonicWALL 4.5. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SonicWALL 4.5 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
