manualshive.com logo in svg

F-SECURE CLIENT SECURITY 7.00, Administrator'S Manual

Download the Administrator's Manual for F-Secure Client Security 7.00 for free from manualshive.com. This comprehensive manual provides in-depth instructions on how to effectively manage the security of your network. Stay protected with the help of this user-friendly manual.

Share
Download
background image

CHAPTER 6

 

197

6.1.2

Security Level Design Principles

Each security level has a set of pre-configured Firewall Rules. In addition, 
you can create new rules for all security levels for which the 

Filtering 

Mode

 

Normal

 is displayed in the 

Firewall Security Levels

 table. The rules 

in the 

Firewall Security Levels

 table are read from top to bottom.

When you create new security levels, you should consider the following 
main principle for defining the firewall rules associated with them:

„

Allow only the needed services, and deny all the rest. This 
minimizes the security risk. The drawback is that when new 
services are needed, the firewall must be reconfigured, This, 
however, is a small price to pay for increased security.

The opposite concept - to deny dangerous services and allow the rest - is 
not acceptable, because no one can tell with certainty which services are 
dangerous or might become dangerous in the future when a new security 
problem is discovered.

A good security level would look something like this:

1.

Deny rules for the most dangerous services or hosts, optionally with 
alerting.

2.

Allow rules for much-used common services and hosts.

3.

Deny rules for specific services you want alerts about (e.g. trojan 
probes) with alerting.

4.

More general allow rules.

5.

Deny everything else.

Disabled

In this security level all network traffic, inbound 
and outbound, is allowed and no alerts are 
generated. Local rules cannot be created.

Summary of Contents for CLIENT SECURITY 7.00

Page 1: ...F Secure Client Security Administrator s Guide...

Page 2: ...Corporation will not be liable for any errors or omission of facts contained herein F Secure Corporation reserves the right to modify specifications cited in this document without prior notice Compani...

Page 3: ...1 Virus and Spy Protection 18 1 2 2 Internet Shield 21 1 2 3 Application Management 22 1 3 Introduction to F Secure Policy Manager 23 1 3 1 Main Components of F Secure Policy Manager 24 1 3 2 F Secure...

Page 4: ...117 3 6 Settings Inheritance 120 3 6 1 How Settings Inheritance is Displayed on the User Interface 122 3 6 2 Locking and Unlocking all Settings on a Page at Once 123 3 6 3 Settings Inheritance in Tab...

Page 5: ...osts to Use Real Time Scanning 169 5 3 4 Excluding Microsoft Outlooks s pst File from Real Time Scanning 170 5 4 Configuring System Control 171 5 4 1 System Control Configuration Settings 171 5 5 Conf...

Page 6: ...t Security Level for the Managed Hosts 199 6 2 3 Adding a New Security Level for a Certain Domain Only 200 6 3 Configuring Network Quarantine 203 6 3 1 Network Quarantine Settings 203 6 3 2 Enabling N...

Page 7: ...28 Chapter 8 Upgrading Software 229 8 1 Overview Upgrading Software 230 8 1 1 Using the Installation Editor 230 Chapter 9 Local Host Operations 234 9 1 Overview 235 9 2 Scanning File Viruses Manually...

Page 8: ...ion Posture Token 255 Chapter 12 Advanced Features Virus and Spyware Protection 257 12 1 Overview 258 12 2 Configuring Scheduled Scanning 258 12 3 Configuring Policy Manager Proxy 260 12 4 Configuring...

Page 9: ...dix B E mail Scanning Alert and Error Messages 292 B 1 Overview 293 Glossary 297 Technical Support 311 Overview 312 Web Club 312 Virus Descriptions on the Web 312 Advanced Technical Support 312 F Secu...

Page 10: ...10 ABOUT THIS GUIDE Overview 11 Additional Documentation 13...

Page 11: ...s the F Secure Policy Manager Anti Virus Mode user interface components Chapter 4 Setting up the Managed Network Describes how to plan and create the centrally managed network Chapter 5 Configuring Vi...

Page 12: ...13 Advanced Features Internet Shield Covers the advanced Internet Shield features such as using port and IP checking with Application Control adding new services and troubleshooting connection proble...

Page 13: ...Secure Policy Manager Advanced Mode user interface and other advanced operations can be found under F Secure Policy Manager in the navigation tree F Secure Client Security Online Help The F Secure Cl...

Page 14: ...Secure products It also includes information on F Secure Management Agent F Secure Policy Manager Web Reporting and F Secure Anti Virus Proxy F Secure Policy Manager Reporting Option Administrator s G...

Page 15: ...s black is used for file and folder names for figure and table captions and for directory tree names Courier New is used for messages on your computer screen WARNING The warning symbol indicates a sit...

Page 16: ...used for online viewing and printing using Adobe Acrobat Reader When printing the manual please print the entire manual including the copyright and disclaimer statements For More Information Visit F...

Page 17: ...17 1 INTRODUCTION Overview 18 F Secure Client Security Components and Features 18 Introduction to F Secure Policy Manager 23 Basic Terminology 26...

Page 18: ...includes several scanning methods Real Time Scanning E mail Scanning Web Traffic Scanning Rootkit Scanning and Manual Scanning It also includes System Control Automatic Updates the F Secure Automatic...

Page 19: ...removes viruses automatically For more information see Configuring Web Traffic HTTP Scanning 178 Rootkit Scanning If you want to ensure there are no suspicious hidden files hidden processes hidden ap...

Page 20: ...F Secure Anti Virus Research If the integrity is compromised the code will not be executed For more information see Configuring Automatic Updates 162 F Secure Automatic Update Agent With F Secure Auto...

Page 21: ...aptops with F Secure Client Security Internet Shield also protects the entire LAN because the individual computers cannot be used as a stepping stone to gain access to the LAN Internet Shield offers s...

Page 22: ...be either denied access or the user is prompted to decide whether the application can initiate a connection For more information see Configuring Application Control 209 Intrusion Prevention System In...

Page 23: ...n to F Secure Policy Manager This section contains a brief introduction to F Secure Policy Manager For more information see F Secure Policy Manager Administrator s Guide F Secure Policy Manager provid...

Page 24: ...or any intervention by the end user F Secure Policy Manager Console includes two different user interfaces Anti Virus Mode user interface that is optimized for managing F Secure Client Security and F...

Page 25: ...allows users to receive virus definition database updates and informational content without interrupting their work to wait for files to download from the Web It downloads files automatically in the b...

Page 26: ...gement of virus scanning tasks and other operations 1 4 Basic Terminology Host In this document it means a computer that is centrally managed with F Secure Policy Manager Policy A security policy is a...

Page 27: ...f large networks The inherited settings may be overridden for individual hosts or domains When a domain s inherited settings are changed the changes are inherited by all of the domain s hosts and subd...

Page 28: ...28 2 INSTALLING F SECURE POLICY MANAGER Overview 29 System Requirements 30 Installation Steps 33 Uninstalling F Secure Policy Manager 55...

Page 29: ...native installation scenarios as well as the server security issues see chapters Installing F Secure Policy Manager Console and Installing F Secure Policy Manager Server in F Secure Policy Manager Adm...

Page 30: ...ments Operating system Microsoft Windows 2000 Server SP 3 or higher Windows 2000 Advanced Server SP 3 or higher Windows Server 2003 Standard Edition or Web Edition Windows 2003 Small Business Server P...

Page 31: ...ents depend on the size of the installation In addition to this it is recommended to allocate about 1 MB per host for alerts and policies The actual disk space consumption per host is hard to anticipa...

Page 32: ...003 Small Business Server Processor Intel Pentium III 450 MHz processor or faster Managing more than 5000 hosts requires Pentium III 750 MHz processor or faster Memory 256 MB of RAM Managing more than...

Page 33: ...ive 2 Select Corporate Use Click Next to continue 3 Select F Secure Policy Manager from the Install or Update Management Software menu Step 2 View the Welcome screen and follow the setup instructions...

Page 34: ...34 Step 3 Read the license agreement information If you agree select I accept this agreement Click Next to continue...

Page 35: ...d on the same computer is allowed access to F Secure Policy Manager Server Access to Web Reports is allowed also from other computers Custom This is the default recommended option that lets you specif...

Page 36: ...Select the following components to be installed F Secure Policy Manager Console F Secure Policy Manager Server F Secure Policy Manager Update Server Agent F Secure Installation Packages Click Next to...

Page 37: ...2 37 Step 6 Choose the destination folder It is recommended to use the default installation directory Use the Browse feature to install F Secure Policy Manager in a different directory Click Next to c...

Page 38: ...ectory and this will be the directory that F Secure Policy Manager Server will use as a repository You can use the previous commdir as a backup or you can delete it once you have verified that F Secur...

Page 39: ...ion file HTTPD conf This option automatically keeps the existing administration host and web reporting ports If you want to change the ports from the previous installation select the Change settings o...

Page 40: ...porting module is used for communication with F Secure Policy Manager Web Reporting Select whether it should be enabled Web Reporting uses a local socket connection to the Admin module to fetch server...

Page 41: ...CHAPTER2 41 Click Next to continue...

Page 42: ...42 Step 10 Specify F Secure Policy Manager Server address and Administration port number Click Next to continue Depending on the installation method this window is not always displayed...

Page 43: ...CHAPTER2 43 Step 11 Select to add product installation package s from the list of available packages if you selected F Secure Installation Packages in Step 5 36 Click Next...

Page 44: ...44 Step 12 Review the changes that setup is about to make Click Start to start the installation...

Page 45: ...CHAPTER2 45 Step 13 When the setup is completed the setup shows whether all components were installed successfully...

Page 46: ...46 Step 14 Click Finish to complete the F Secure Policy Manager Server installation After this you should run the F Secure Policy Manager Console for the fist time...

Page 47: ...ind the shortcut from Start Programs F Secure Policy Manager Console F Secure Policy Manager Console When F Secure Policy Manager Console is run for the first time the Console Setup Wizard collects th...

Page 48: ...llows you to view administrator data but no changes can be made If you select Read only mode you will not be able to administer hosts To change to Administrator mode you will need the admin pub and ad...

Page 49: ...CHAPTER2 49 Step 17 Enter the address of the F Secure Policy Manager Server that is used for communicating with the managed hosts...

Page 50: ...ivate key files will be stored By default key files are stored in the F Secure Policy Manager Console installation directory Program Files F Secure Administrator Click Next to continue If the key pair...

Page 51: ...the random seed used by the management key pair generator Using the path of the mouse movement ensures that the seed number for the key pair generation algorithm has enough randomness When the progres...

Page 52: ...52 Step 20 Enter a passphrase which will secure your private management key Re enter your passphrase in the Confirm Passphrase field Click Next Step 21 Click Finish to complete the setup process...

Page 53: ...ure Policy Manager Console will generate the management key pair For information on backing up the admin pub key see chapter Maintaining F Secure Policy Manager Server in F Secure Policy Manager Admin...

Page 54: ...more information see Creating the Domain Structure 130 and Adding Hosts 132 If you decide to exit from F Secure Policy Manager Console and want to login again later see Logging in for the First Time...

Page 55: ...Control Panel Select Add Remove Programs 2 Select the component you want to uninstall F Secure Policy Manager Console or Server and click the Add Remove button 3 The F Secure Uninstall dialog box app...

Page 56: ...56 3 INTRODUCTION TO F SECURE POLICY MANAGER ANTI VIRUS MODE USER INTERFACE Overview 57 Policy Domains Tab 58 Management Tabs 58 Toolbar 116 Menu Commands 117 Settings Inheritance 120...

Page 57: ...nd monitoring F Secure Client Security installed on hosts as well as for carrying out operations Message View at the bottom of the window that displays informative messages from the Policy Manager for...

Page 58: ...ains Move hosts or domains using cut and paste operations Export a policy file After selecting a domain or host you can access the above options from the Edit menu or by right clicking the selected ho...

Page 59: ...gned to display the most important information concerning the selected domain s or host s at a glance When a domain is selected the Summary tab displays information about the whole domain When a singl...

Page 60: ...tations and Internet Shield When a host is selected the sections are Policy Manager Host Virus Protection and Internet Shield These sections are described in detail below Summary Tab When a Domain is...

Page 61: ...policy data and distribute the new policies to hosts See the status of the virus definitions on the server See the status of the spyware definitions on the server See the status of System Control upd...

Page 62: ...also access a detailed list displaying the hosts connection status by clicking View disconnected hosts which takes you to the Status tab and Centralized Management page See a summary of new alerts If...

Page 63: ...Protection page See how many infections have been found in the domain If you want to see host specific infection information click View hosts infection status to access the Status tab and Overall Prot...

Page 64: ...nternet Shield installed See what is the most common latest attack and how many percents of the domain has been affected If you want to get more detailed information on the latest attacks you can clic...

Page 65: ...file the host is using is the latest or not the latest one See whether the host is disconnected or not See a summary of new alerts If you want to get more detailed information on the alerts click on...

Page 66: ...ection shows security news from F Secure Security news are usually news about new virus outbreaks and they state the virus definitions version required on the hosts to protect against this new virus o...

Page 67: ...ews show the alert level of the security threat In the Security News Details section you can see the details about the selected virus news You can obtain even more details with your web browser by cli...

Page 68: ...hosts are displayed as unprotected you can most likely ignore them since they will automatically update the virus and spyware definitions once they are turned on Update delta tells you how well the ho...

Page 69: ...efined on the current level Force Value The Force Value menu item is available only when a Policy Domain is selected You can enforce the current domain setting to also be active in all subdomains and...

Page 70: ...elected policy domain together with the value of the selected field Click any domain or host name to quickly select the domain or host on the Policy Domains tab It is possible to open more than one Do...

Page 71: ...urity 6 x and later In the Automatic Updates for F Secure Client Security 6 x and later section you can Enable or disable automatic updates Note that deselecting this setting disables all ways for the...

Page 72: ...P Proxy can be used and specify the HTTP Proxy address For configuration examples and more information see Configuring Automatic Updates 162 Automatic Updates for F Secure Client Security 5 5x Clickin...

Page 73: ...CHAPTER3 73 Figure 3 9 Settings Automatic Updates Automatic Updates F Secure Client Security 5 x page Automatic Updates In the Automatic Updates section you can Enable or disable automatic updates...

Page 74: ...ger server polling Interval to access the Centralized Management page where you can configure the polling interval See a list of Anti Virus Proxy Servers You can also add new servers on the list delet...

Page 75: ...CHAPTER3 75 Real Time Scanning Figure 3 10 Settings Real Time Scanning page...

Page 76: ...e created or modified Define what is the action to take when an infected file is found For configuration examples explanation of the Action on infection options and more information see Configuring Re...

Page 77: ...r floppy disk boot sectors Select whether boot sectors are scanned at startup Select what is the action to take when an infection is found From the Action on infection drop down list you can select th...

Page 78: ...78 Manual Scanning Figure 3 11 Settings Manual Scanning...

Page 79: ...Scan inside compressed files Select this check box to scan inside compressed ZIP ARJ LZH RAR CAB TAR BZ2 GZ JAR and TGZ files Scanning inside large compressed files might use a lot of system resources...

Page 80: ...ion see Configuring Spyware Scanning 181 Action Definition Ask after scan Starts the F Secure Disinfection Wizard when an infected file is detected Disinfect automatically Disinfects the file automati...

Page 81: ...ples and more information see Configuring Rootkit Scanning 172 Scheduled Scanning The Configure scheduled scanning in advanced mode link takes you to the F Secure Policy Manager Console Advanced Mode...

Page 82: ...82 Spyware Control Figure 3 12 Settings Spyware Control...

Page 83: ...have allowed to run on the hosts Spyware and Riskware Reported by Hosts The Spyware and Riskware Reported by Hosts table displays spyware and riskware that the hosts have reported and spyware and risk...

Page 84: ...84 E mail Scanning Figure 3 13 Settings E mail Scanning page This page includes separate settings for incoming and outgoing E mail Scanning The settings in the General section are common for both...

Page 85: ...ect the action to take on malformed message parts Select to save the blocked messages in the end user s outbox General In the General section you can Select whether all or just some attachments are sc...

Page 86: ...eb Traffic Scanning General In the General section you can enable or disable HTTP scanning HTTP Scanning Select the action to take on infection Select the action to take on scanning failure Select whe...

Page 87: ...able displays a list of HTTP sites from which are defined as trusted Downloads from these sited are not scanned for viruses For more information on Web Traffic Scanning and for practical configuration...

Page 88: ...88 Firewall Security Levels Figure 3 15 Settings Firewall Security Levels...

Page 89: ...to inbound and outbound packets by selecting Enable firewall engine For more information see Configuring Internet Shield Security Levels and Rules 198 Enable the use of trusted interface For more info...

Page 90: ...and performance level For configuration examples and more information see Configuring the Intrusion Prevention 218 Firewall Security Levels Table Global The Firewall Security Levels Table displays the...

Page 91: ...CHAPTER3 91 Firewall Rules Figure 3 16 Settings Firewall Rules...

Page 92: ...ty level The table also displays the location for these rules The Firewall Rules table displays the following information for each rule Whether the rule is enabled or disabled The name and comment for...

Page 93: ...ckets from ordinary applications need to be allowed by the rules in the firewall rules table For more information on how to create and modify firewall rules see Configuring Internet Shield Security Le...

Page 94: ...17 Settings Firewall Services Service short for Network Service means a service that is available on the network e g file sharing remote console access or web browsing It is most often described by w...

Page 95: ...ble to create or allow the end users to create new services for the firewall For more information on how to add or modify firewall services see Adding New Services 269 You can also restrict the users...

Page 96: ...Application Control page displays a list of known applications and the rules defined for them for inbound and outbound connection attempts Unknown Applications Reported by Hosts The Unknown Applicatio...

Page 97: ...section contains the following options Show default messages for unknown applications can be used to select whether users see default messages on unknown application connection attempts Define defaul...

Page 98: ...Alert Sending General In the General section you can Select the alerting language E mail Alert Sending Define the E mail server address SMTP Define the E mail sender address and E mail subject to be...

Page 99: ...the alerts that are of certain severity are to be forwarded For examples on how to configure Anti Virus alert forwarding see Configuring F Secure Client Security Alert Sending 190 For examples on how...

Page 100: ...on contains the following options Allow users to change all settings This option makes all the settings throughout the F Secure Policy Manager Anti Virus and Advanced Mode user interface non final whi...

Page 101: ...eselecting this option prevents end users from uninstalling F Secure software from their computer Uninstallation always requires administrative rights This applies to all Windows operating systems eve...

Page 102: ...e policy files The default value is 10 minutes Outgoing packages update interval Defines how often the host tries to send new versions of periodically sent information for example statistics towards t...

Page 103: ...ny row on Status tab page you can access a context menu that contains the following options Copy as Text copies the currently selected row s and column headings from the table as text Select All selec...

Page 104: ...definitions version on F Secure Gateway products The date and time when spyware definitions were last updated Spyware definitions version The date and time when spam definitions on F Secure Gateway G...

Page 105: ...ure Anti Virus for Citrix Servers F Secure Anti Virus for Windows Servers F Secure Internet Gatekeeper or F Secure Anti Virus for Microsoft Exchange installed Virus Protection Figure 3 23 Status Virus...

Page 106: ...Internet Shield page displays the following information Latest attack date and time in the Latest Attack Timestamp column Latest attack service Latest attack source Recent attacks this column can be s...

Page 107: ...t s F Secure Client Security software version including the build number and possible hotfixes List of Anti Spyware hotfixes Whether Internet Shield is installed Whether E Mail Scanning is installed W...

Page 108: ...tion Policy file timestamp Policy file counter this is the number of the policy file currently in use at the host The date when the last statistics update has been sent to the F Secure Policy Manager...

Page 109: ...ties Figure 3 27 Status Host Properties The Host Properties page displays the following information for each host The WINS name of the host The IP address of the host The DNS name of the host The oper...

Page 110: ...rom the selected host s and domain s It can also be used to manage the alert reports The Alerts tab displays the following information for each alert severity see Viewing Alerts 226 for more informati...

Page 111: ...rts may also have an attached report This report will be displayed in the lower half of the page By clicking Configure Alert Forwarding you can access the Settings tab and Alerts page where you can co...

Page 112: ...in s It can also be used to manage the scanning reports The Reports tab displays the following information about each report severity date and time description host and user the product the report rel...

Page 113: ...mation on how alerts can be used for monitoring see Viewing Scanning Reports 225 3 3 7 Installation Tab Figure 3 30 Installation tab The Installation tab is the first one that opens when the Policy Ma...

Page 114: ...appear in the NT domain browse list of the Autodiscover view Import autoregistered hosts Hosts will send autoregistration messages to F Secure Policy Manager whenever the first product is installed to...

Page 115: ...AN For more information see What to Do in Case of a Virus Outbreak 250 Update Virus Definitions Operation With this operation you can order the selected hosts or all hosts in the selected domain to ge...

Page 116: ...Go to the previous domain or host in the domain tree selection history Go to the next domain or host in the domain tree selection history Go to the parent domain Cuts a host or domain Pastes a host or...

Page 117: ...llation packages Updates the virus definition database Displays all alerts The icon is highlighted if there are new alerts When you start F Secure Policy Manager Console the icon is always highlighted...

Page 118: ...ports hosts that have sent an autoregistration request Autodiscover Windows Hosts Imports hosts from the Windows domain structure Push Install to Windows Hosts Installs software remotely and imports t...

Page 119: ...ge with all alerts showing Advanced Mode Changes to the Advanced mode user interface Anti Virus Mode Changes to the Anti Virus mode user interface which is the user interface described in this manual...

Page 120: ...domain level or the default value of the setting is re inherited Reporting Lets you select the reporting methods and the domains hosts and products included in the reports Update Virus Definitions on...

Page 121: ...sers are not allowed to change them Final always forces the policy the policy variable overrides any local host value and the end user cannot change the value as long as the Final restriction is set I...

Page 122: ...defined on the current level If the lock symbol is grey the setting is inherited An open lock symbol means that the user is allowed to change the setting at the current level If the lock symbol is blu...

Page 123: ...re displayed as dimmed with grey text Settings that are not inherited are displayed as black text on a white background Check boxes Inherited values are displayed as dimmed on a grey background Values...

Page 124: ...d global tables which means that all computers in the domain have the same values However different subdomains and different hosts may have different security levels enabled In tables the default valu...

Page 125: ...NAGED NETWORK Overview 126 Logging in for the First Time 126 Creating the Domain Structure 130 Adding Hosts 132 Local Installation 156 Installing on an Infected Host 158 How to Check That the Manageme...

Page 126: ...nto consideration so that you can profit the most from the centralized management of the security applications later on This includes for example planning the structure of the managed domain carefully...

Page 127: ...defined when you installed the program This is not your network administrator password You can start the program also in Read Only mode in which case you do not need to enter a passphrase In this cas...

Page 128: ...ole will generate a new key pair Check the Communication Preferences Select the Communication tab to customize communication settings 1 To change polling intervals click Polling Period Options In most...

Page 129: ...then For example laptop computers may not be able to access the server daily but in most cases this is normal 4 The communication protocol selection affects the default polling intervals You should m...

Page 130: ...good idea to plan the domain structure based on these criteria This makes it easier for you to manage the hosts later on If you have designed the policy domain structure beforehand you can import the...

Page 131: ...ices as subdomains Figure 4 4 An example of a policy domain country offices as sub domains A third possibility is to group the hosts into subdomains based on the installed F Secure Client Security ver...

Page 132: ...for the domain will be created in the Policy Domains tab 3 In the same way you can create the subdomains select the domain you created click in the toolbar and enter a name for the new subdomain 4 4...

Page 133: ...s and in domains where F Secure Client Security has been installed locally on hosts the most convenient way of importing hosts into F Secure Policy Manager Console is by using the autoregistration fea...

Page 134: ...g installation see step 6 in Using the Customized Remote Installation JAR Package section It is possible to sort autoregistration messages according to the values of any column by clicking the corresp...

Page 135: ...CHAPTER4 135 Autoregistration Import Rules Figure 4 6 Import Autoregistered Hosts dialog Import Rules tab...

Page 136: ...ort Rules window Only the values in the currently visible columns are used as matching criteria when importing hosts to the policy domain The values in the currently hidden columns are ignored You can...

Page 137: ...select the row and click Clone Now you can edit the criteria on the new duplicated row When you want to start the import operation select the Autoregistered Hosts tab and click Import The importing ru...

Page 138: ...ty on hosts you should make sure that there are not conflicting antivirus or firewall applications installed on them F Secure Setup recognizes and removes automatically the following antivirus program...

Page 139: ...5 50 Norman Virus Control version 5 5 Norton Symantec Anti Virus Corporate Edition version 8 1 0 821 Panda AdminSecure version 3 02 Panda AdminSecure version 3 06 10 Panda ClientShield Corporate vers...

Page 140: ...AntiVirus Corporate Edition 7 6 0 0000 Trend Micro Internet Security 2004 version 11 10 1299 Trend Micro Officescan Corporate Edition version 5 5 Trend Micro Officescan version 5 02 only when installe...

Page 141: ...u and select Autodiscover Windows Hosts alternatively click the button 3 From the NT Domains list select one of the domains and click Refresh The host list is updated only when you click Refresh Other...

Page 142: ...SPACE bar to check selected host s Several hosts can be easily selected by holding down the SHIFT key and doing one of the following clicking the mouse on multiple host rows dragging the mouse over se...

Page 143: ...names of those hosts to which you want to push install and click Next to continue You can click Browse to check the F Secure Management Agent version s on the host s 4 After you have selected your tar...

Page 144: ...products to install You can choose to force reinstallation if applications with the same version number already exist Click Next to continue 3 Choose to accept the default policy or specify which host...

Page 145: ...administrator with a password that matches the local administrator s password on the target host Another Account Enter account and password The administrator can enter any proper Domain Administrator...

Page 146: ...l at any time to stop the installation When the Status line displays finished the process has finished You can select in which domain the new hosts should be placed using the import settings Click Fin...

Page 147: ...Agent fetches the installation package specified in the task parameters from the server and starts installation program When the installation is complete F Secure Management Agent sends the result of...

Page 148: ...the product If there are multiple versions of the product installed all version numbers will be displayed For hosts this is always a single version number Version to Install Version numbers of the ava...

Page 149: ...on or uninstallation operation succeeded This message will disappear when the Installation Editor is closed Empty field No operations are active The Installed Version field displays the currently inst...

Page 150: ...ill cancel the installation operations defined for the selected policy domain or host It is possible to stop all installation tasks in the selected domain and all subdomains by selecting the Recursive...

Page 151: ...3 If F Secure Anti Virus was uninstalled successfully uninstall F Secure Management Agent 4 If uninstallation of F Secure Management Agent is unsuccessful F Secure Policy Manager Console will display...

Page 152: ...This will open the Installation Packages dialog box 3 Select the installation package that contains the products you want to install and click Export 4 Specify the file format JAR or MSI and the loca...

Page 153: ...Select the components you want to install d Select the language for the product you are about to install e Select the installation type The default Centrally managed installation is recommended You ca...

Page 154: ...le selection all the hosts from one unit can be imported to their target domain Note that the target domain can be changed directly from the autoregistration view and after that the hosts from another...

Page 155: ...n package was exported If you want the installation to run in silent mode enter the command in format ilaunchr package name jar Q Also in this case the user may be prompted to restart the computer aft...

Page 156: ...lication directory e g F Secure Client Security 6 0 files are in the directory software fsavcs 2 Copy the admin pub file to the same installation directory as above 3 Edit the prodsett ini file This f...

Page 157: ...kstations When setting up workstations you must provide them with a copy of the Admin pub key file or access to it If you install the F Secure products on the workstations remotely with F Secure Polic...

Page 158: ...installation For more information see Step 18 50 For information on backing up the admin pub key see chapter Maintaining F Secure Policy Manager Server in F Secure Policy Manager Administrator s Guide...

Page 159: ...Connections Work 1 Check the Policy Distribution Status on the Summary tab Save and distribute the polices if necessary 2 Go to the Status tab and select Centralized Management page Check the timestam...

Page 160: ...ime Scanning 166 Configuring System Control 171 Configuring Rootkit Scanning 172 Configuring E mail Scanning 173 Configuring Web Traffic HTTP Scanning 178 Configuring Spyware Scanning 181 Preventing U...

Page 161: ...ow to configure alert forwarding and how to test the virus protection Scheduled Scanning is an advanced feature and it is discussed in Adding a Scheduled Scan from a Local Host 236 and Configuring Sch...

Page 162: ...l Time Scanning Configuration Settings 166 and E mail Scanning Configuration Settings 173 5 2 Configuring Automatic Updates This section explains the different configuration settings available for Aut...

Page 163: ...ate Server through each Policy Manager Proxy in turn e If the client is configured to use HTTP Proxy it tries to download the updates through the HTTP Proxy from F Secure Update Server f After that th...

Page 164: ...Root in the Policy Domains tab 2 Go to the Settings tab and select the Automatic Updates page 3 Make sure that Enable automatic updates is selected 4 Make sure that the polling interval defined in Int...

Page 165: ...servers on the list This opens the F Secure Policy Manager Proxy Server Properties window 5 Enter a priority number in the Priority text box for the Policy Manager Proxy The priority numbers are used...

Page 166: ...available for selecting what to scan All Files All files will be scanned regardless of their file extension This option is not recommended for general use because it might slow down the system perfor...

Page 167: ...in the Excluded extensions field This is most useful when scanning is set to All Files Enable excluded objects Excluded objects are individual files or folders which are normally set locally They can...

Page 168: ...to Real Time Scanning Manual Scanning and E mail Scanning Action Definition Ask after scan Starts the F Secure Disinfection Wizard when an infected file is detected Disinfect automatically Disinfects...

Page 169: ...rom the File Scanning Action on infection drop down list 6 Check that the other settings on this page are suitable for your system and modify them if necessary For more information on the other Real T...

Page 170: ...pst File from Real Time Scanning If you have set real time scanning to scan all files you might want to exclude Microsoft Outlook s PST file from the scanning in order not to slow down the system unn...

Page 171: ...in those cases when System Control does not trust an application 5 4 1 System Control Configuration Settings To enable System Control select the Enable System Control check box You can select what to...

Page 172: ...Select Enable rootkit scanning to enable scanning for files and drives hidden by rootkits This option also enables users to run local quick scans for rootkits and other hidden items Select Include ro...

Page 173: ...ing E mail Scanning can be used to keep both inbound and outbound e mails protected against viruses Enabling it for outbound e mails also ensures that you do not accidentally send out infected e mail...

Page 174: ...ve Attachment deletes the attachment Report Only ignores the attachment but reports it to the administrator 3 Action on malformed message parts Drop Message Part deletes the message Report Only ignore...

Page 175: ...nter each file extension separated by a space Scan inside compressed attachments Select this check box to scan inside compressed ZIP ARJ LZH RAR CAB TAR BZ2 GZ JAR and TGZ attachments Scanning inside...

Page 176: ...ncoming E mail Scanning 2 Select the action to take from the Action on incoming infected attachment drop down list For explanations on the different actions see E mail Scanning Configuration Settings...

Page 177: ...the other settings on this page are suitable for your system and modify them if necessary For more information on the other E mail Scanning settings see Configuring E mail Scanning 173 Step 5 1 Click...

Page 178: ...scanning check box From the Action on infection drop down list you can select what to do when an infection is found in HTTP traffic The actions available are Block blocks access to the infected file R...

Page 179: ...xcluding a Web Site from HTTP Scanning You can exclude a web site or certain web pages from HTTP scanning by defining them in the Trusted Sites table Excluding a web site might be a good idea for exam...

Page 180: ...eated so that it becomes active and type http example com This excludes the second level domain Step 3 Excluding a Sub Directory from HTTP Scanning To exclude a sub directory from HTTP scanning enter...

Page 181: ...cation and a virus trojan Some spyware may be necessary to run ordinary applications while most spyware is just malware and should not be allowed to run even once By default F Secure Spyware Scanning...

Page 182: ...canning are not shown Show Always Detection dialogs of spyware detected by real time scanning are always shown to the user Action Definition Report only The spyware is reported only but no action is t...

Page 183: ...al spyware scanning targets in advanced mode link takes you to the F Secure Policy Manager Console Advanced Mode user interface where you can configure manual spyware scanning targets Applications Exc...

Page 184: ...Displays the severity of the spyware item This is a value from 3 to 10 Host Displays the name of the host on which the spyware item was found Spyware Status Displays the current status of the spyware...

Page 185: ...move automatically and quarantine On Spyware Control page the Deny access to spyware setting is enabled 5 8 2 Setting up Spyware Control for the Whole Domain This example explains how to set up spywar...

Page 186: ...tab and select the Real Time Scanning page Enable spyware scanning on the hosts by selecting Scan for spyware in the Spyware Scanning on File Access section Alternatively you can launch a manual spywa...

Page 187: ...naged domain They are located in the Spyware Scanning on File Access section 4 Check that the manual spyware scanning settings are valid for the managed domain They are located in the Manual Spyware S...

Page 188: ...spyware scanning is allowed for one host 1 In the Policy Domains tab select the host for which you want to allow the use of spyware or riskware 2 Go to the Settings tab and select the Spyware Control...

Page 189: ...ttings for both Virus Protection and Internet Shield final go to the Settings tab and Centralized Management page and click Do not allow users to change any settings This operation sets also the Advan...

Page 190: ...product to send virus alets an e mail address and how to disable the alert pop ups 5 10 1 Setting F Secure Client Security to Send Virus Alerts to an E mail Address In this example all the security a...

Page 191: ...ssage subject Step 3 Set up E mail Alert Forwarding The Alert Forwarding table is used to configure where different types of alerts are to be forwarded 1 Select the E mail check box on the Security Al...

Page 192: ...on by clicking the View hosts infection status link It takes you to the Status tab and Virus Protection page where you can see details of each host s infection status You can also check the Alerts and...

Page 193: ...Save this file to any name with a com extension for example EICAR COM Make sure that you save the file in the standard MS DOS ASCII format Note also that the third character of the extension is an up...

Page 194: ...195 Configuring Internet Shield Security Levels and Rules 198 Configuring Network Quarantine 203 Configuring Internet Shield Rule Alerts 205 Configuring Application Control 209 How to use Alerts for C...

Page 195: ...cations the IP addresses and the ports used Intrusion Detection System stops the malicious packets aimed at open ports in the host Internet Shield contains seven predefined security levels and each of...

Page 196: ...ules can be added to enable new network functionality Office This security level allows all outbound TCP traffic and FTP file retrievals Everything else is denied by default and only malicious connect...

Page 197: ...e needed the firewall must be reconfigured This however is a small price to pay for increased security The opposite concept to deny dangerous services and allow the rest is not acceptable because no o...

Page 198: ...curity level Office is set as the active security level for the workstations in Desktops Eng subdomain To change the Internet Shield Security level for the Desktops Eng subdomain do as follows 1 Selec...

Page 199: ...s in the domain 1 Select the Laptops Eng domain in the Policy Domains tab 2 Go to the Settings tab and select the Firewall Security Levels page 3 In the Firewall Security Levels table click the Defaul...

Page 200: ...ngs tab and select the Firewall Security Levels page 3 Click Add to add a new security level This opens the Security Level Description dialog box 4 Give a name for the new security level for example B...

Page 201: ...at denies all other traffic both ways as the last one on the list 10 In the Rule Type window select Deny as the rule type 11 In the Remote Hosts window select Any remote host to apply the rule to all...

Page 202: ...this security level in the Policy Domains tab 5 Enable the BrowserSecurity security level by selecting the Enabled check box beside it in the Firewall Security Levels table 6 Set the new security lev...

Page 203: ...uarantine 204 6 3 1 Network Quarantine Settings The network Quarantine Settings are located on the Firewall Security Levels page In the Network Quarantine section you can Enable or disable network qua...

Page 204: ...cing hosts to the Network Quarantine security level which has a restricted set of firewall rules You can add new Allow rules to the firewall rules in the Network Quarantine security level to allow add...

Page 205: ...ted for inbound ICMP traffic for a certain subdomain This means that when somebody tries to ping the computer an alert is issued In the end of this example the rule is tested by pinging one of the com...

Page 206: ...the rule to an IP address a range of IP addresses or DNS addresses When this option is selected you can specify the addresses in the text field below If you want to enter several addresses or address...

Page 207: ...ity Alert 3 Select the alert trap to be sent in the Alert trap drop down list For this rule select Network event inbound service denied 4 Enter a descriptive comment for the alert in the Alert comment...

Page 208: ...ecurity Alert check box in the Policy Manager Console column For more information on configuring alert forwarding see the Policy Manager Administrator s Guide Step 8 Take the New Rule into Use 1 Make...

Page 209: ...to define more specific restrictions to network traffic on top of the restrictions defined in firewall rules The application permissions cannot be used to allow traffic that has been denied by static...

Page 210: ...nection attempt based on this rule 2 If there is no rule for the application in the Application Rules for Known Applications table Application Control allows or denies the connection attempt based on...

Page 211: ...pplication Displays the executable file name Act as Client out The following actions are available Deny Allow User Decision See for explanations below Act as Server in The following actions are availa...

Page 212: ...o install only trusted plug ins 6 5 2 Setting up Application Control for the First Time When you are setting up application control for the first time you should use a small test environment to create...

Page 213: ...cations drop down list 2 Select the default action to take when an unknown application tries to make an inbound connection Default action for server applications drop down list 3 Set the new applicati...

Page 214: ...ion to take when the application acts as a client and tries to make an outbound connection 2 Select Deny as the action to take when the application acts as a server and an inbound connection attempt i...

Page 215: ...r Known Applications table The Unknown Application Reported by Hosts table has been refreshed Step 5 Take the New Rule into Use 1 Click to save the policy data 2 Click to distribute the policy 6 5 4 E...

Page 216: ...se select Engineering Testing If the target host or domain already has a rule for any of the applications affected by the rule you are prompted to select whether to proceed and overwrite the existing...

Page 217: ...w to use Alerts for Checking that Internet Shield Works In normal use you should not get any alerts from the Internet Shield If you suddenly start to receive a lot of alerts it means that there is eit...

Page 218: ...at the rule is correct and enter a descriptive comment for the rule 9 Click to save the policy data 10 Click to distribute the policy 11 You can now test the rule by pinging one of the managed hosts a...

Page 219: ...Log and drop the packet means that the packet is logged into the alertlog with the packet header information IPs ports and protocol and it is not allowed to pass through the intrusion detection compo...

Page 220: ...happened In the F Secure Client Security Internet Shield the alert text usually indicates this by using words like probable or possible These kind of alerts should be eliminated or minimized 6 7 2 Co...

Page 221: ...lect the Desktops Eng subdomain in the Policy Domains tab 2 Go to the Settings tab and select the Firewall Security Levels page 3 Select the Enable intrusion detection check box 4 Select Log without d...

Page 222: ...Hosts Have the Latest Policy 223 How to Check that the Server has the Latest Virus Definitions 224 How to Check that the Hosts have the Latest Virus Definitions 224 How to Check that there are no Dis...

Page 223: ...utbreak tab It displays a list of F Secure Virus News items and shows how many hosts are protected against each virus When you select a news item detailed information about that virus is displayed 3 I...

Page 224: ...2 Go to the Summary tab and check what is displayed in the Virus Protection for Workstations section beside Virus definitions 3 If the virus definitions on some hosts are outdated there are two alter...

Page 225: ...ollows 1 Select the hosts in the Policy Domain tab 2 Go to the Reports tab 3 The scanning information from the selected hosts is displayed in the Reports table 4 Select a single host by clicking on a...

Page 226: ...Alternatively you can click View alert summary on the Summary tab The Alerts tab will open All alerts received will be displayed in the following format Ack Click the Ack button to acknowledge an ale...

Page 227: ...ls you have two options F Secure Policy Manager Web Reporting a web based tool with which you can generate a wide range of graphical reports from F Secure Client Security alerts and status information...

Page 228: ...t in the Policy Domains tab 2 Go to the Summary tab 3 Check what is displayed beside Most common recent attack If there has been an attack you can access more detailed information by clicking View Int...

Page 229: ...229 8 UPGRADING SOFTWARE Overview Upgrading Software 230...

Page 230: ...installation packages available are listed in the installation editor in the lower half of this tab 2 You can select the products and product versions to be installed on the currently selected host o...

Page 231: ...in Progress Progress of the installation task The Progress field displays information that is different for hosts and for domains In progress The installation operation has been started added to polic...

Page 232: ...st is not currently connected to the network or if the active installation operation requires a user to restart his host before the installation is completed If the hosts are connected to the network...

Page 233: ...subdomains and hosts option in the confirmation dialog Figure 8 2 Installation cancellation confirmation dialog The Stop All button is enabled only if the current host or domain has an installation o...

Page 234: ...Scanning Report on a Local Host 236 Adding a Scheduled Scan from a Local Host 236 Logging and Log File Locations on Local Hosts 237 Connecting to F Secure Policy Manager and Importing a Policy File Ma...

Page 235: ...omputer for viruses manually To scan files manually do the following 1 Select the Virus Spy Protection page 2 Click Scan my computer 3 From the pop up menu that appears select to Scan hard drives for...

Page 236: ...from a Local Host You can add a scheduled scanning task from the local user interface for a scan to be executed daily weekly or monthly It is done as follows 1 Go to the Virus Spy Protection page and...

Page 237: ...After computer is not used for check box and select the idle time from the drop down list For instructions on how to configure scheduled scanning from the Policy manage Advanced Mode user interface s...

Page 238: ...e maximum log file size is reached or manually by clicking Stop Logging The packet logs are collected into 10 different files so that previous logs can be viewed while the new log is generated The log...

Page 239: ...view the action log by clicking Show Action Log on the Logging page Practical examples of how to read the action log Change of firewall policy for example a security level change 07 16 03 15 48 01 suc...

Page 240: ...his applications use only The fields are 1 2 3 4 5 6 7 8 9 10 07 15 03 16 48 00 info appl control unknown allow receive 17 10 128 129 146 138 1 Date 2 Time 3 Type 4 Internal Reason 5 Name of applicati...

Page 241: ...Click Check now to initiate a new connection If you need to import a new policy file manually to a host you first have to export a host specific policy from the F Secure Policy Manager Console and th...

Page 242: ...tistics and Automatic Updates temporarily 1 Select the host in the Policy Domains tab 2 Go to the Settings tab and select the Centralized Management page 3 Select the Allow users to suspend all downlo...

Page 243: ...CHAPTER9 243 3 Select one of the options from the Allow users to unload products drop down menu 4 Click to save the policy data 5 Click to distribute the policy...

Page 244: ...244 10 VIRUS INFORMATION Virus Information on F Secure Web Pages 245 Latest Threats 245 Viruses in the Wild 246 How to Send a Virus Sample to F Secure 246 What to Do in Case of a Virus Outbreak 250...

Page 245: ...acks the better you can protect your network against them The list of latest threats can be found at F Secure Security Information Center http www europe f secure com virus info virus news The latest...

Page 246: ...n covers the following topics for sending a virus sample to F Secure VirusLab How to package a virus sample What files to send Where to send a virus sample In what language should questions and virus...

Page 247: ...RSONAL XLS file if it exists in addition to the infected XLS files If the macro virus also infected other applications for example Tristate send a sample of every file type 2 Virus that infects execut...

Page 248: ...rly to avoid damage during postage Note that we do not send diskettes back If an infection is on a hard drive use the GetMBR utility to collect boot sector samples The GetMBR utility should be put on...

Page 249: ...Suspicious e mail message If have a suspicious e mail message or a hoax try to save it as a file and then send it to samples f secure com in a ZIP archive If you cannot save a suspicious e mail messag...

Page 250: ...ake a longer time to investigate If you do not get a reply from us within a week please re send your message to samples f secure com 10 5 What to Do in Case of a Virus Outbreak This section contains a...

Page 251: ...earch Team samples f secure com according to the following guidelines http www europe f secure com support technical general samples shtml Provide as much information about the problem as possible It...

Page 252: ...the employees about the outbreak and warn them against running unknown attachments and visiting suspicious Internet sites Check the security settings of installed software on workstations Make sure th...

Page 253: ...253 11 SETTING UP CISCO NAC SUPPORT Introduction 254 Installing Cisco NAC Support 254 Attributes to be Used for Application Posture Token 255...

Page 254: ...http www cisco com go nac The installation package for F Secure Client Security contains an option to install Cisco NAC Support When you select this option both the F Secure NAC plug in and the CTA w...

Page 255: ...ou can do this by using CSUtil tool at the Cisco Secure ACS server Use the following command CSUtil exe addAVP fsnacpva def The fsnacpva def file is located on the F Secure product CD 11 3 Attributes...

Page 256: ...i Virus Posture Validation Attributes for Firewall Attribute name Type Example Software Name string F Secure Anti Virus Software Version version 7 0 0 0 Dat Date date the date of database Protection E...

Page 257: ...VIRUS AND SPYWARE PROTECTION Overview 258 Configuring Scheduled Scanning 258 Configuring Policy Manager Proxy 260 Configuring Automatic Updates on Hosts from Policy Manager Proxy 261 Configuring a Hos...

Page 258: ...5 2003 1 Open the View menu and select the Advanced Mode option The Advanced Mode user interface is opened 2 Select Root in the Policy Domains pane 3 Select the Policy tab in the Properties pane the m...

Page 259: ...ns select Scan Local Drives 11 The scanning task is now ready for distribution 12 Click to save the policy data 13 Click to distribute the policy For instructions on how to configure scheduled scan on...

Page 260: ...00 rmonthly s5 s20 means that the scan is run on the 5th and 20th of each month at 6 p m 12 3 Configuring Policy Manager Proxy F Secure Policy Manager Proxy offers a solution to bandwidth problems in...

Page 261: ...ing Automatic Updates on Hosts from Policy Manager Proxy A list of Policy Manager Proxies through which the hosts fetch updates can be configured on Policy Manager s Settings tab This is described in...

Page 262: ...o the extension agent is always loaded The NT master agent hosts the extensions and passes the requests to the Management Agent which is responsible for returning the request to the management console...

Page 263: ...ADVANCED FEATURES INTERNET SHIELD Overview 264 Managing Internet Shield Properties Remotely 264 Configuring Security Level Autoselection 266 Troubleshooting Connection Problems 268 Adding New Service...

Page 264: ...ns that in some corporate environments the administrator needs to disable the packet logging 1 Open the View menu and select the Advanced Mode option The Advanced Mode user interface is opened 2 Selec...

Page 265: ...iew menu and select the Advanced Mode option The Advanced Mode user interface is opened 2 Select the subdomain where you want to enable Trusted Interface in the Policy Domains pane 3 Select the Policy...

Page 266: ...th F Secure Internet Shield Settings Firewall Engine Firewall Engine To make sure the packet filtering is always enabled set this variable to Yes and select the Final check box Remember to distribute...

Page 267: ...ld add the following data Priority The rules are checked in the order defined by the priority numbers starting from the smallest number Security level Enter the ID composed of number and name of the s...

Page 268: ...thod 1 Select Dialup from the drop down list Argument 1 You can leave this empty Method 2 Select Always from the drop down list Argument 2 You can leave this empty 11 The configuration is now ready 12...

Page 269: ...managed domain has been changed is there a new policy in use and does this policy contain some settings that might cause these problems 9 Check from firewall rules that outbound HTTP connections are...

Page 270: ...not using the standard HTTP port any more This new service is HTTP port 8000 and it is based on the default HTTP service 1 Select the subdomain for which you want to create the new service in the Pol...

Page 271: ...is service from the Protocol drop down list It contains the most commonly used protocols TCP UDP ICMP If your service uses any other protocol refer to the table below and enter the respective number I...

Page 272: ...6 Transmission Control Protocol EGP 8 Exterior Gateway Protocol PUP 12 Xerox PUP routing protocol UDP 17 User Datagram Protocol IDP 22 Xerox NS Internet Datagram Protocol IPV6 41 IP Version 6 encapsul...

Page 273: ...than port port all ports equal and lower than port port only the port minport maxport minport and maxport plus all ports between minport and maxport notice that there are no spaces on either side of...

Page 274: ...mple define the initiator port as 1023 Step 4 Responder Ports If your service uses the TCP or UDP protocol you need to define the responder ports the service covers In this example define the responde...

Page 275: ...number for the service from the drop down list You can accept the default value Step 6 Extra Filtering Select whether any extra filtering is to be applied for the traffic allowed by the service you ar...

Page 276: ...and you do not have Application Control enabled you can select Active mode FTP from the Extra Filtering drop down menu Active mode FTP requires special handling from the Firewall as the information a...

Page 277: ...ake the New Rule into Use To take this new service into use you will have to create a new Internet Shield rule that allows the use of the HTTP 8000 firewall service in the currently used Internet Shie...

Page 278: ...278 A APPENDIX Modifying PRODSETT INI Overview 279 Configurable Prodsett ini Settings 279...

Page 279: ...InstallMode settings The RequestInstallMode setting can override the selection for components which have InstallMode 0 F Secure common Common settings CD Key XXXX XXXX XXXX XXXX XXXX Enter the CD Key...

Page 280: ...anguages ENG FRA DEU FIN SVE ITA List of languages being installed at the host This setting typically equals SupportedLanguages You can make the set of languages smaller if you want some unnecessary l...

Page 281: ...nting full access to authorized users and administrators and read only access to everyone 2 strict policy files and folders are protected with permissions granting full access to administrators read w...

Page 282: ...r a confirmation Note This choice executes a normal reboot at the host and therefore in some cases the user could delay the restart and also completely prevent it default 3 Do not reboot after install...

Page 283: ...Unique Identity to identify itself for the first time to the F Secure Policy Manager Server 1 F Secure Management Agent only uses its Unique Identity to identify itself to the F Secure Policy Manager...

Page 284: ...rver URL to the F Secure Policy Manager Server FsmsExtensionUri fsms fsmsh dll Do not change this setting FsmsCommdirUri commdir Do not change this setting Debug 1 0 Do not generate debug information...

Page 285: ...the installation will be aborted This applies in silent installation mode only default 1 If F Secure Anti Virus 4 x is installed on the computer then F Secure Anti Virus 5 x will be installed and F S...

Page 286: ...component is always run during the installation You do not need to edit the RequestInstallMode or InstallMode settings for this component Debug 0 1 0 Do not generate debug information default 1 Write...

Page 287: ...nstall this component default 1 Install this component except if a newer version already exists ES_Setup DLL Settings for the installation of E mail Scanning RequestInstallMode 1 0 Install this compon...

Page 288: ...install this component default 1 Install this component except if a newer version already exists FWINST DLL Settings for F Secure Client Security Internet Shield RequestInstallMode 1 0 Install this c...

Page 289: ...et Shield installation FSBWINST DLL Settings for F Secure Automatic Update Agent RequestInstallMode 1 0 Install this component as defined in the InstallMode setting 1 Install this component if newer o...

Page 290: ...tall this component except if a newer version already exists DisableScanningForApps Wget exe mplayer exe Disables Network Scanning for certain executables This is a comma separated list of executable...

Page 291: ...rsion exists CTAversion 1 0 55 CTAversion defines the version of the Cisco Trust Agent included in the package Cisco Trust Agent installation package can be updated by replacing the ctasetup msi file...

Page 292: ...292 B APPENDIX E mail Scanning Alert and Error Messages Overview 293...

Page 293: ...he problem persists please contact the system administrator E Mail Scanning Message Parser Failed System Error Message ID 604 Message Could not scan an e mail due to message parser error The session w...

Page 294: ...ecipient filed email addresses subject Email header The title subject filed of the message Malformed E Mail Alert Message ID 630 633 Definition When a malformed message is found it is treated based on...

Page 295: ...Definition When a scan fails the message is treated based on the configuration set in Advanced configuration The options to handle a message that cannot be properly scanned are Scanning failure was o...

Page 296: ...the scanning failure Attachment The attachment causing the scanning failure Action Action Taken Message Message ID from Email header sender filed email address to Email header recipient filed email a...

Page 297: ...297 GLOSSARY...

Page 298: ...oduct if there has been a problem with a program or with an operation Alerts are also generated when a virus is found The administrator and the user can define which alerts are generated either by def...

Page 299: ...ther detailed information recognizable by the computer s processing system Broadcast traffic Broadcast traffic comes from one specific computer and is sent to a whole network or subnetwork Usually don...

Page 300: ...fferent web sites Usually data miners work without your knowledge Denial of Service DoS attack An explicit attempt by attackers to prevent legitimate users of a service from using that service by disr...

Page 301: ...le is executable False positive False positive is an alert that wrongly indicates that the related event has happened In the F Secure Internet Shield the alert text usually indicates this by using wor...

Page 302: ...The specification is maintained and developed by the World Wide Web Consortium IDS Intrusion Detection System A component of Internet Shield that scans incoming network traffic for certain patterns th...

Page 303: ...gs user mode applications and services use an API to interact with the computer s hardware The Kernel mode also contains an interface to user mode and a facility for synchronizing it s own services an...

Page 304: ...rnet Protocol valid groups use the multicasting networking addresses 224 0 0 0 to 239 255 255 255 defined for IP Management of group membership and multicast traffic forwarding in switches and routers...

Page 305: ...itecture of F Secure software uses policies that are centrally configured by the administrator for optimum control of security in a corporate environment Policy based management Controlling the action...

Page 306: ...ntains all applications that have been detected during the scan and moved into the Quarantine repository You can add new applications to the Quarantine when Virus Spy Protection detects them Random Se...

Page 307: ...omputers and mail servers SNMP Simple Network Management Protocol A standard TCP IP protocol used for monitoring and setting network parameters and counters of LAN and WAN connected repeaters bridges...

Page 308: ...ssion Control Protocol Internet Protocol This is the suite of protocols that defines the Internet Originally designed for the UNIX operating system TCP IP software is now available for every major kin...

Page 309: ...one specific computer to another specific computer URL Uniform Resource Locator The standard way to give the address of any resource on the Internet User mode The protected part of an operating system...

Page 310: ...310 Worm A computer program capable of replication by inserting copies of itself in networked computers...

Page 311: ...311 Technical Support Overview 312 Web Club 312 Advanced Technical Support 312 F Secure Technical Product Training 313...

Page 312: ...ocation To connect to the Web Club directly from your Web browser go to http www f secure com webclub Virus Descriptions on the Web F Secure Corporation maintains a comprehensive collection of virus r...

Page 313: ...he computer with minimum effort F Secure Technical Product Training F Secure provides technical product training material and information for our distributors resellers and customers to succeed with F...

Page 314: ...nd hands on parts At the end of each course there is a certification exam Contact your local F Secure office or F Secure Certified Training Partner to get information about the courses and schedules C...

Page 315: ...er Communications The latest real time virus threat scenario news are available at the F Secure Antivirus Research Team weblog at http www f secure com weblog Services for Individuals and Businesses F...

Reviews:

No comments

Related manuals for CLIENT SECURITY 7.00

FARONICS DEVICE FILTER MAC Getting Started Manual preview
DEVICE FILTER MAC
Brand: FARONICS Pages: 4
3Com 3C19250 - USB Ethernet Network Interface... User Manual preview
3C19250 - USB Ethernet Network Interface...
Brand: 3Com Pages: 16
Alphasmart AS 3000 Installation And User Manual preview
AS 3000
Brand: Alphasmart Pages: 4
AVIRA SECURITY MANAGEMENT CENTER 2.5 Manual preview
SECURITY MANAGEMENT CENTER 2.5
Brand: AVIRA Pages: 39
F-SECURE MOBILE SECURITY 6 FOR S60 - User Manual preview
MOBILE SECURITY 6 FOR S60 -
Brand: F-SECURE Pages: 37
McAfee VirusScan Plus User Manual preview
VirusScan Plus
Brand: McAfee Pages: 205
Adobe PHOTOSHOP CS 2.0 - SCRIPTING GUIDE Manual preview
PHOTOSHOP CS 2.0 - SCRIPTING GUIDE
Brand: Adobe Pages: 91
Acer ASM Pro Installation Manual preview
ASM Pro
Brand: Acer Pages: 20
Acer eConsole User Manual preview
eConsole
Brand: Acer Pages: 33
Acer Destinator PN User Manual preview
Destinator PN
Brand: Acer Pages: 118
Mitsubishi Electric MELSOFT FR Configurator2 Instruction Manual preview
MELSOFT FR Configurator2
Brand: Mitsubishi Electric Pages: 230
eCopy ShareScan 4.2 Installation And Setup Manual preview
ShareScan 4.2
Brand: eCopy Pages: 266
A&D Doctor Pro 3 TM-9501 Instruction Manual preview
Doctor Pro 3 TM-9501
Brand: A&D Pages: 85
A&D Doctor Pro TM-2430-13 Instruction Manual preview
Doctor Pro TM-2430-13
Brand: A&D Pages: 69
Intel Active Management Technology v4.0 Administrator'S Manual preview
Active Management Technology v4.0
Brand: Intel Pages: 143
UNIBLUE DRIVERSCANNER 2009 Manual preview
DRIVERSCANNER 2009
Brand: UNIBLUE Pages: 62
Vaisala Veriteq viewLinc 3.6 Administrator'S Manual preview
Veriteq viewLinc 3.6
Brand: Vaisala Pages: 122
ICP Interactive UNIX Using Manual preview
Interactive UNIX
Brand: ICP Pages: 6

Brands by name

Popular brands

Load more brands