background image

Use this feature...

If this is your security or productivity goal...

Queries and monitors

Monitor the effect of current policy settings.

Functional Compliance query

Ensure that the correct version of the SiteAdvisor
Enterprise Plus client software is installed on all managed
systems and functions properly.

Content Actions policy with Web Filtering for Endpoint
extension

Use site content to control access to sites.

Web Reporter with Web Filtering for Endpoint extension

Obtain detailed reports based on site content.

See

Configuring Policies for information about using the policy features. See Using Dashboards,

Monitors, and Reports for information about queries and monitors.

Information that SiteAdvisor Enterprise Plus sends

The client software sends the following information to the ePO server for use in queries:

• Type of event initiated by the managed system (site visit or download).

• Unique ID assigned by SiteAdvisor Enterprise Plus to the managed system.

• Time of event.

• Domain for event.

• URL for event.

• SiteAdvisor rating for the event’s site.

• Site threat factor.

• Whether the event’s site or site resource is on an Authorize list, a Prohibit list, or no list.

• Reason for action (allow, warn, or block) taken by SiteAdvisor Enterprise Plus.

• Observe mode status (on or off).

SiteAdvisor Enterprise Plus sends the following information to the SiteAdvisor website’s servers:

• Version of the SiteAdvisor Enterprise Plus client software running on the managed system.

• Version of the operating system running on the managed system.

• Language and country locale selected for the operating system and browser running on the

managed system.

• Host name and part of the URL for each website the managed system requests to access.

• MD5 algorithm for each application the managed system requests to download.

When a managed system visits a website, SiteAdvisor Enterprise Plus tracks the site’s

domain

specifier. The domain specifier is the smallest amount of information required for SiteAdvisor
Enterprise Plus to uniquely identify the site being rated for security. The focus of SiteAdvisor
Enterprise Plus is protecting your managed systems; no attempt is made to track personal
Internet usage.

NOTE:

SiteAdvisor Enterprise Plus does not send information on your company’s intranet sites

to the SiteAdvisor website’s servers, unless specifically requested. See

Tracking visits to domains

and downloads under Configuring Policies for more information.

Setting up a Browsing Security Strategy
Information that SiteAdvisor Enterprise Plus sends

15

McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide

Summary of Contents for MSA09EMB1RAA - Site Advisor Plus 2009

Page 1: ...McAfee SiteAdvisor Enterprise Plus 3 0 Product Guide...

Page 2: ...ed trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICE...

Page 3: ...olicy options and features 14 Information that SiteAdvisor Enterprise Plus sends 15 Configuring Policies 16 How policies work 16 Types of policy categories 17 Default policy settings 17 Creating and e...

Page 4: ...reate reports 43 Creating reports 44 Running a purge task 45 Use dashboards and monitors 45 Creating monitors 46 Reference 47 Frequently Asked Questions 47 Where to find more information 50 Web Filter...

Page 5: ...threats they might encounter when searching or browsing websites by displaying the following Safety rating for each site When searching safety ratings of green yellow red and gray icons appear next t...

Page 6: ...team assimilates test results into a safety report that can also include Feedback submitted by site owners which might include descriptions of safety precautions used by the site or responses to user...

Page 7: ...ton The site is safe Green checkmark There might be some issues with the site Yellow exclamation point There might be some serious issues with the site Red x No rating is available for the site Gray q...

Page 8: ...res on managed systems Task 1 Click the down arrow on the SiteAdvisor menu button to view the SiteAdvisor menu and do any of the following To do this Select this command Display the safety report for...

Page 9: ...of your country of residence The level of how popular the website is Don t assume however that popularity always goes hand in hand with Popularity safety For example some very popular prize sites send...

Page 10: ...hat can leave a computer essentially unusable Reviewers and site owners can provide additional information and commentary to supplement SiteAdvisor s automated test results Reviewer and Site Owner Com...

Page 11: ...or a particular group or all groups Instead of updating the entire list with the new entries you can create a second policy instance for the new entries and apply it and the default list together The...

Page 12: ...e Plus Create a list of blocked sites that users cannot access Prohibit List A multiple instance policy Rating Actions Assign actions warn block or allow to sites or site resources such as file downlo...

Page 13: ...t policy but tracks browsing behavior data that you can retrieve in reports See Evaluate policy settings with Observe mode under Configuring Policies 2 Evaluate browsing traffic and usage patterns Rep...

Page 14: ...t your goals Use this feature If this is your security or productivity goal Rating Actions policy Use SiteAdvisor ratings to control access to sites download files or phishing pages Prohibit List poli...

Page 15: ...n or block taken by SiteAdvisor Enterprise Plus Observe mode status on or off SiteAdvisor Enterprise Plus sends the following information to the SiteAdvisor website s servers Version of the SiteAdviso...

Page 16: ...lt policy is installed in the repository You cannot change this default policy but you can create a duplicate of this policy with a different name and configure it to meet your needs TIP Before deploy...

Page 17: ...assigned this policy and whether it can be disabled on individual systems General Settings required for managed systems to access the Internet through a proxy server to turn on Observe mode to tune e...

Page 18: ...rve mode Enable Not selected Options configured for blocking or warning are enforced Control Panel Option Enable Not selected to have SiteAdvisor Enterprise Plus appear in the client system Add or Rem...

Page 19: ...new policy or select Edit to change settings for an existing policy 5 Click Save Run an agent wake up call to apply the setting immediately or wait for the next automatic agent server communication A...

Page 20: ...browsing patterns are adversely affected by any current settings adjust them before disabling observe mode Policy settings are enforced when observe mode is disabled Control panel option You can allow...

Page 21: ...For the policy you want to edit click Edit 4 Click the Action Enforcement tab 5 Select Enable 6 Click Save Setting the control panel option Use this task to allow SiteAdvisor Enterprise Plus to appea...

Page 22: ...low access This enables a greater level of granularity in protecting users from pages that employ phishing techniques on a site with an overall green rating To block file downloads and phishing pages...

Page 23: ...ed in downgrading reactions for red and yellow sites NOTE Use the Enforcement Messaging policy options to customize the message that is displayed to users for blocked and warned sites Task For option...

Page 24: ...he message that displays to users for blocked phishing pages Task For option definitions click in the interface 1 Do one of the following ePolicy Orchestrator 4 0 Go to Systems Policy Catalog ePolicy...

Page 25: ...to specify a range of sites affected by enforcement rules This enables you to apply enforcement rules to particular domains or to a range of similar sites without entering each URL separately When a m...

Page 26: ...http acme com 9090 downloads must have a domain that ends with acme com 9090 and a path that begins with downloads https news acme com 9090 downloads Does not match http www myacme com 9090 downloads...

Page 27: ...ns click in the interface 1 Do one of the following ePolicy Orchestrator 4 0 Go to Systems Policy Catalog ePolicy Orchestrator 4 5 Click Menu Policy Policy Catalog 2 From the Product list select SiteA...

Page 28: ...enu Policy Policy Catalog 2 From the Product list select SiteAdvisor Enterprise Plus 3 0 0 from the Category list select Authorize List 3 For the policy you want to edit click Edit 4 On the Manage Aut...

Page 29: ...criteria and again display the contents of the list click Clear Testing an Authorize list Use this task to test whether specific sites or site patterns are included in an Authorize list When Authoriz...

Page 30: ...te with an overall rating of green can contain individual download files rated yellow or red To protect users specify an action that is specific to the rating for an individual file Use this task to b...

Page 31: ...ested Phishing page blocking and download rating actions are also disabled only when this option is disabled McAfee recommends using this procedure to prevent private information about intranet sites...

Page 32: ...t select Authorize List 3 For the policy you want to edit click Edit 4 On the Advanced Options tab select Track events and request information from the SiteAdvisor server 5 Select Give this Authorize...

Page 33: ...Manage Prohibited Sites tab click Add Multiple 5 Type a URL or partial URL called a site pattern then type a space or tab followed by a comment URLs or site patterns must be at least six characters in...

Page 34: ...useful for finding sites in large lists Task For option definitions click in the interface 1 Do one of the following ePolicy Orchestrator 4 0 Go to Systems Policy Catalog ePolicy Orchestrator 4 5 Clic...

Page 35: ...site rated red yellow or green Safety balloons Warn or block pages Short message to display when users attempt to download files or access blocked phishing pages Safety balloons Warn or block pages S...

Page 36: ...ou have configured as Block Block message A site you have configured as Allow Allow message 7 Click Save Creating a message for phishing pages Use this task to customize the message that is displayed...

Page 37: ...g You can explain why users should be cautious Warn message Blocked download files You can explain why the file is blocked Block message 7 Click Save Creating a message for sites on Authorize or Prohi...

Page 38: ...s to have SiteAdvisor Enterprise Plus enabled Allow users to disable and then re enable the software from the SiteAdvisor Enterprise Plus menu in the browser or to do so only with a password The defau...

Page 39: ...rom the Product list select SiteAdvisor Enterprise Plus 3 0 0 from the Category list select Enable Disable 3 For the policy you want to edit click Edit 4 For SiteAdvisor menu option selectEnable 5 Sel...

Page 40: ...rporate network Tracking visits to private domains can greatly increase the size of log files and the ePO server database where this information is stored NOTE If you installed the Web Filtering for E...

Page 41: ...o Systems Policy Catalog ePolicy Orchestrator 4 5 Click Menu Policy Policy Catalog 2 From the Product list select SiteAdvisor Enterprise Plus 3 0 0 from the Category list select Event Tracking 3 For t...

Page 42: ...e of the following ePolicy Orchestrator 4 0 Go to Systems Policy Catalog ePolicy Orchestrator 4 5 Click Menu Policy Policy Catalog 2 From the Product list select SiteAdvisor Enterprise Plus 3 0 0 from...

Page 43: ...ery or create a brand new query See Querying the Database in the ePolicy Orchestrator Product Guide for more information Access queries by going to the Queries pane under Reporting All predefined Site...

Page 44: ...then proceeded with their visit Top 100 Warned Continued Sites List of 100 yellow files that users downloaded most frequently over the last 30 days Top 100 Yellow Downloads List of 100 yellow sites v...

Page 45: ...stems For details about these features see the ePolicy Orchestrator documentation Dashboards consist of monitors and monitors are based on queries To monitor browser activity on your network use one o...

Page 46: ...ng Dashboards 2 Select Options then New Dashboard 3 In the Name field type a descriptive name 4 From the Size list select a dashboard layout 5 For each dashboard panel click New Monitor 6 For the Cate...

Page 47: ...tent of a frame loads websites Disabling the SiteAdvisor Enterprise Plus client software by using the Add ons feature through the browser s Tools menu Can users circumvent SiteAdvisor Enterprise Plus...

Page 48: ...llect information when users navigate to intranet sites By default no However you can change this by adding your intranet domain to an Authorize list then deselecting the Track events option in the Au...

Page 49: ...isor Enterprise Plus has been modified for management by an administrator with ePolicy Orchestrator In addition the automatic update feature has been removed to ensure that administrators control the...

Page 50: ...ation 2 Click ePolicy Orchestrator then ePolicy Orchestrator 4 0 or ePolicy Orchestrator 4 5 SiteAdvisor Enterprise Plus website For the latest information about SiteAdvisor Enterprise Plus and releva...

Page 51: ...security ratings and the settings in the Content Actions policy to block warn or allow the site based on content type are applied on client systems The approximately 100 site content categories are g...

Page 52: ...database After the log file data is transferred to the database reports are generated Log files are generated by running a SiteAdvisor Enterprise Plus client task from the ePO server on all managed s...

Page 53: ...cause of the amount of data that can be transferred when the logs are sent setting the client task to run on a randomized schedule is highly recommended Before you begin The client task to send Web Re...

Page 54: ...tegories 4 Select a content category and click Warn or Block to set the action for it The default is Allow 5 Click Save Working with the Web Reporter Refer to the Web Reporter Installation and Configu...

Page 55: ...eat factors 23 track allowed green sites 41 track domain page views 41 configuration SiteAdvisor Enterprise Plus continued track visits to domains 40 consumer version SiteAdvisor See SiteAdvisor Enter...

Page 56: ...visor Enterprise Plus 20 47 purge task SiteAdivsor Enterprise Plus running 45 Q queries SiteAdvisor Enterprise Plus creating reports 43 creating reports for web filtering 52 information sent for 15 R...

Page 57: ...ditional policy options 51 explanation 51 website access adding a logo to messages for sites 38 authorized sites blocking exploits 30 controlling by safety ratings 22 creating messages for sites 37 fi...

Page 58: ...McAfee SiteAdvisor Enterprise Plus 3 0 Product Guide 58 Index...

Reviews: