F-secure CLIENT SECURITY 9.00 ADMINISTRATOR GUIDE
F-Secure Client Security
Administrator's Guide
Contents
Chapter 1: Introduction.......................................................................9
Chapter 2: Installing the product......................................................17
F-Secure Client Security | TOC | 3
System requirements..............................................................................................................10
Policy Manager Server.................................................................................................10
Policy Manager Console..............................................................................................10
Main components...................................................................................................................12
Features..................................................................................................................................13
Product registration.................................................................................................................14
Application management........................................................................................................15
Basic terminology...................................................................................................................16
Installation steps.....................................................................................................................18
Download and run the installation package.................................................................18
Select components to install........................................................................................18
Complete installation of the product............................................................................19
Run Policy Manager Console......................................................................................19
Changing the web browser path.............................................................................................21
Uninstalling the product..........................................................................................................22
Chapter 3: Anti-virus mode user interface......................................23
Policy domains tab..................................................................................................................24
Management tabs...................................................................................................................25
Summary tab................................................................................................................25
Settings tab..................................................................................................................27
Status tab.....................................................................................................................35
Alerts tab......................................................................................................................37
Reports tab..................................................................................................................37
Installation tab..............................................................................................................38
Operations tab.............................................................................................................38
The toolbar..............................................................................................................................39
Menu commands....................................................................................................................40
Settings inheritance................................................................................................................42
How settings inheritance is displayed on the user interface........................................42
Locking and unlocking all settings on a page at once.................................................43
Settings inheritance in tables.......................................................................................43
Chapter 4: Setting up the managed network...................................45
Logging in...............................................................................................................................46
4 | F-Secure Client Security | TOC
Managing domains and hosts.................................................................................................48
Adding hosts...........................................................................................................................49
Local installation and Policy Manager....................................................................................58
Installing on an infected host..................................................................................................60
Checking that the management connections work.................................................................61
Connection properties..................................................................................................46
Changing communication preferences........................................................................46
Adding policy domains.................................................................................................48
Adding hosts in Windows domains..............................................................................49
Importing autoregistered hosts....................................................................................49
Push installations.........................................................................................................51
Policy-based installation..............................................................................................53
Local installation and updates with pre-configured packages.....................................55
System requirements...................................................................................................58
Uninstall other antivirus programs...............................................................................58
Installation steps..........................................................................................................59
Chapter 5: Configuring virus and spyware protection...................63
Configuring automatic updates...............................................................................................64
How do automatic updates work?................................................................................64
Automatic update settings ...........................................................................................64
Configuring automatic updates from Policy Manager Server......................................64
Configuring Policy Manager Proxy..............................................................................65
Configuring clients to download updates from each other...........................................65
Configuring real-time scanning...............................................................................................67
Real-time scanning settings.........................................................................................67
Enabling real-time scanning for the whole domain......................................................68
Forcing all hosts to use real-time scanning.................................................................69
Excluding Microsoft Outlooks's .pst file from real-time scanning.................................69
Configuring DeepGuard..........................................................................................................70
DeepGuard settings.....................................................................................................70
DeepGuard server queries...........................................................................................70
Configuring rootkit scanning (Blacklight)................................................................................72
Rootkit scanning settings.............................................................................................72
Launching a rootkit scan for the whole domain...........................................................72
Configuring e-mail scanning...................................................................................................73
E-mail scanning settings..............................................................................................73
Enabling e-mail scanning for incoming and outgoing e-mails......................................74
Configuring web traffic (HTTP) scanning................................................................................75
Web traffic scanning settings.......................................................................................75
Enabling web traffic scanning for the whole domain....................................................75
Excluding a web site from HTTP scanning..................................................................75
Configuring spyware scanning................................................................................................77
Spyware control settings..............................................................................................77
F-Secure Client Security | TOC | 5
Setting up spyware control for the whole domain........................................................78
Launching spyware scanning in the whole domain.....................................................79
Allowing the use of a spyware or riskware component................................................79
Managing quarantined objects................................................................................................80
Deleting quarantined objects.......................................................................................80
Releasing quarantined objects....................................................................................80
Preventing users from changing settings...............................................................................82
Setting all virus protection settings as final..................................................................82
Configuring alert sending........................................................................................................83
Setting Client Security to send virus alerts to an e-mail address.................................83
Disabling Client Security alert pop-ups........................................................................83
Monitoring viruses on the network..........................................................................................84
Testing your antivirus protection.............................................................................................85
Chapter 6: Configuring Internet Shield............................................87
Global firewall security levels..................................................................................................88
Design principles for security levels........................................................................................89
Configuring security levels and rules......................................................................................90
Selecting an active security level for a workstation.....................................................90
Configuring a default security level for the managed hosts.........................................90
Adding a new security level for a certain domain only.................................................90
Configuring network quarantine..............................................................................................93
Network quarantine settings........................................................................................93
Turning network quarantine on in the whole domain...................................................93
Fine-tuning network quarantine...................................................................................93
Configuring rule alerts.............................................................................................................94
Adding a new rule with alerting....................................................................................94
Configuring application control...............................................................................................97
Application control settings..........................................................................................97
Setting up application control for the first time.............................................................98
Creating a rule for an unknown application on root level.............................................99
Editing an existing application control rule.................................................................100
Turning off application control pop-ups......................................................................100
Using alerts to check that Internet Shield works...................................................................102
Configuring intrusion prevention...........................................................................................103
Intrusion prevention settings......................................................................................103
Configuring IPS for desktops and laptops.................................................................103
Chapter 7: How to check that the network environment is protected.105
Checking that all the hosts have the latest policy.................................................................106
Checking that the server has the latest virus definitions......................................................107
Checking that the hosts have the latest virus definitions......................................................108
Checking that there are no disconnected hosts...................................................................109
Viewing scanning reports......................................................................................................110
6 | F-Secure Client Security | TOC
Viewing alerts.......................................................................................................................111
Creating a weekly infection report........................................................................................112
Monitoring a possible network attack....................................................................................113
Chapter 8: Upgrading software......................................................115
Using the installation editor...................................................................................................116
Chapter 9: Local host operations...................................................119
Scan manually .....................................................................................................................120
Scan at set times .................................................................................................................122
Where to find firewall alerts and log files..............................................................................124
Connecting to Policy Manager and importing a policy file manually.....................................128
Suspending downloads and updates....................................................................................129
Allowing users to unload F-Secure products........................................................................130
How to select the type of manual scan......................................................................120
Clean malware automatically.....................................................................................121
View the results of manual scan ...............................................................................121
Schedule a scan .......................................................................................................122
Cancel a scheduled scan ..........................................................................................122
View the results of scheduled scan............................................................................123
View firewall alerts.....................................................................................................124
View the action log ....................................................................................................125
Monitor network traffic with packet logging................................................................125
Chapter 10: Virus information.........................................................131
Malware information and tools on the F-Secure web pages................................................132
How to send a virus sample to F-Secure..............................................................................133
How to package a virus sample.................................................................................133
What should be sent..................................................................................................133
How to send the virus sample....................................................................................134
What to do in case of a virus outbreak?...............................................................................136
Chapter 11: Setting up the Cisco NAC plugin...............................137
Installing the Cisco NAC plugin............................................................................................138
Importing posture validation attribute definitions..................................................................139
Using attributes for the application posture token................................................................140
Chapter 12: Advanced features: virus and spyware protection...141
Configuring scheduled scanning...........................................................................................142
Advanced DeepGuard settings.............................................................................................143
Notifying user on a deny event..................................................................................143
Letting an administrator allow or deny program events from other users..................143
F-Secure Client Security | TOC | 7
Allowing or denying events requested by a specific application automatically..........143
Configuring Policy Manager Proxy.......................................................................................145
Configuring automatic updates on hosts from Policy Manager Proxy..................................146
Excluding an application from the web traffic scanner..........................................................147
Chapter 13: Advanced features: Internet Shield...........................149
Managing Internet Shield properties remotely......................................................................150
Using packet logging..................................................................................................150
Using the trusted interface.........................................................................................150
Using packet filtering..................................................................................................150
Configuring security level autoselection...............................................................................152
Troubleshooting connection problems..................................................................................153
Adding new services.............................................................................................................154
Creating a new Internet service based on the default HTTP.....................................154
Setting up dialup control.......................................................................................................156
Allowing and blocking phone numbers......................................................................156
Using call logging.......................................................................................................156
Chapter 14: Modifying prodsett.ini.................................................159
Configurable prodsett.ini settings.........................................................................................160
Chapter 15: E-mail scanning alert and error messages...............167
Alert and error messages.....................................................................................................168
Chapter 16: Products detected or removed during client installation.171
Product list............................................................................................................................172
8 | F-Secure Client Security | TOC
Introduction
Chapter
1
Topics:
•
System requirements
•
Main components
•
Features
•
Product registration
•
Application management
•
Basic terminology
Policy Manager can be used for:
• defining security policies,
• distributing security policies,
• installing application software to local and remote systems,
• monitoring the activities of all systems in the enterprise to ensure
compliance with corporate policies and centralized control.
When the system has been set up, you can see status information from
the entire managed domain in one single location. In this way it is very
easy to make sure that the entire domain is protected, and to modify the
protection settings when necessary. You can also restrict the users from
making changes to the security settings, and be sure that the protection
is always up-to-date.
10 | F-Secure Client Security | Introduction
System requirements
This section provides the system requirements for both Policy Manager Server and Policy Manager Console.
Policy Manager Server
In order to install Policy Manager Server, your system must meet the minimum requirements given here.
Microsoft Windows:Operating system:
• Microsoft Windows Server 2003 SP1 or higher
(32-bit); Standard, Enterprise, Web Edition or Small
Business Server editions
• Windows Server 2003 SP1 or higher (64-bit);
Standard or Enterprise editions
• Windows Server 2008 SP1 (32-bit); Standard,
Enterprise or Web Server editions
• Windows Server 2008 SP1 (64-bit); Standard,
Enterprise, Web Server, Small Business Server or
Essential Business Server editions
• Windows Server 2008 R2; Standard, Enterprise or
Web Server editions
Disk space:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts or using Web
Reporting requires P4 3 GHz level processor or faster.
512 MB RAM, 1 GB RAM recommended.Memory:
Managing more than 5000 hosts or using Web
Reporting requires 1 GB RAM.
5 GB of free hard disk space; 8 GB or more is
recommended. The disk space requirements depend
on the size of the installation.
In addition to this it is recommended to allocate about
1 MB per host for alerts and policies. The actual disk
space consumption per host is hard to anticipate, since
it depends on how the policies are used and how many
installation packages are stored.
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit
network.
Policy Manager Console
In order to install Policy Manager Console, your system must meet the minimum requirements given here.
F-Secure Client Security | Introduction | 11
Microsoft Windows:Operating system:
• Windows XP Professional (SP2 or higher)
• Windows Vista (32-bit or 64-bit) with or without
SP1; Business, Enterprise or Ultimate editions
• Windows 7 (32-bit or 64-bit); Professional,
Enterprise or Ultimate editions
• Microsoft Windows Server 2003 SP1 or higher
(32-bit); Standard, Enterprise, Web Edition or Small
Business Server editions
• Windows Server 2003 SP1 or higher (64-bit);
Standard or Enterprise editions
• Windows Server 2008 SP1 (32-bit); Standard,
Enterprise or Web Server editions
• Windows Server 2008 SP1 (64-bit); Standard,
Enterprise, Web Server, Small Business Server or
Essential Business Server editions
• Windows Server 2008 R2; Standard, Enterprise or
Web Server editions
Display:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts requires P4 3 GHz
processor or faster.
512 MB of RAM.Memory:
Managing more than 5000 hosts requires 1 GB of
memory.
200 MB of free hard disk space.Disk space:
Minimum 16-bit display with resolution of 1024x768
(32-bit color display with 1280x1024 or higher
resolution recommended).
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit
network.
12 | F-Secure Client Security | Introduction
Main components
The power of Policy Manager lies in the F-Secure management architecture, which provides high scalability
for a distributed, mobile workforce.
Policy Manager
Console
Policy Manager
Server
Management
Agent
Policy Manager Console provides a centralized management console for the security of
the managed hosts in the network. It enables the administrator to organize the network
into logical units for sharing policies. These policies are defined in Policy Manager Console
and then distributed to the workstations through Policy Manager Server. Policy Manager
Console is a Java-based application that can be run on several different platforms. It can
be used to remotely install the Management Agent on other workstations without the
need for local login scripts, restarting, or any intervention by the end user.
Policy Manager Console includes two different user interfaces:
• Anti-virus mode user interface that is optimized for managing Client Security and
Anti-virus for Workstations.
• Advanced mode user interface that can be used for managing other F-Secure
products.
Policy Manager Server is the repository for policies and software packages distributed
by the administrator, as well as status information and alerts sent by the managed hosts.
Communication between Policy Manager Server and the managed hosts is accomplished
through the standard HTTP protocol, which ensures trouble-free performance on both
LAN and WAN.
Management Agent enforces the security policies set by the administrator on the managed
hosts, and provides the end user with a user interface and other services. It handles all
management functions on the local workstations and provides a common interface for
all F-Secure applications, and operates within the policy-based management infrastructure.
Web Reporting
Update Server &
Agent
Web Reporting is an enterprise-wide, web-based graphical reporting system included in
Policy Manager Server. With Web Reporting you can quickly create graphical reports
based on historical trend data, and identify computers that are unprotected or vulnerable
to virus outbreaks.
Update Server & Agent are used for updating virus and spyware definitions on the
managed hosts, and are included in Policy Manager Server. The Automatic Update Agent
allows users to receive virus definition database updates and data content without
interrupting their work to wait for files to download from the web. It downloads files
automatically in the background using bandwidth not being used by other Internet
applications. If Automatic Update Agent is always connected to the Internet, it will
automatically receive new virus definition updates within about two hours after they have
been published by F-Secure.
Features
Some of the main features of Policy Manager are described here.
F-Secure Client Security | Introduction | 13
Software distribution
Configuration and policy
management
Event management
Performance management
• Installation of F-Secure products on hosts from one central location, and
updating of executable files and data files, including virus definitions updates.
• Updates can be provided in several ways:
• From an F-Secure CD.
• From the F-Secure web site to the customer. These can be automatically
‘pushed’ by Automatic Update Agent, or voluntarily ‘pulled’ from the
F-Secure web site.
• Policy Manager Console can be used to export pre-configured installation
packages, which can also be delivered using third-party software, such as
SMS and similar tools.
• Centralized configuration of security policies. The policies are distributed
from Policy Manager Server by the administrator to the user’s workstation.
Integrity of the policies is ensured through the use of digital signatures.
• Reporting to the Event Viewer (local and remote logs), e-mail, and report
files and creation of event statistics.
• Statistics and performance data handling and reporting.
Task management
• Management of virus scanning tasks and other operations.
14 | F-Secure Client Security | Introduction
Product registration
You have the option of providing F-Secure with information regarding the use of Policy Manager by registering
your product.
The following questions and answers provide some more information about registering your installation of
Policy Manager. You should also view the F-Secure license terms
(http://www.f-secure.com/en_EMEA/estore/license-terms/) and privacy policy
(http://www.f-secure.com/en_EMEA/privacy.html).
Why does F-Secure collect data?
In order to improve our service, we collect statistical information regarding the use of F-Secure products. To
help F-Secure provide better service and support, you can allow us to link this information to your contact
information. To allow this, please enter the customer number from your license certificate during the installation
of Policy Manager.
What information is sent?
We collect information that cannot be linked to the end user or the use of the computer. The collected
information includes F-Secure product versions, operating system versions, the number of managed hosts
and the number of disconnected hosts. The information is transferred in a secure and encrypted format.
What do I benefit from submitting information to F-Secure?
When you contact our support, we can provide a solution to your problem more quickly based on the information
collected. In addition, with this information we can further develop our product and services to match the
needs of our customers even better.
Where is the information stored and who can access it?
The data is stored in F-Secure's highly secured data center, and only F-Secure's assigned employees can
access the data.
F-Secure Client Security | Introduction | 15
Application management
Policy Manager includes various components to manage applications within your network.
Management Agent
The Management Agent enforces the security policies set by the administrator on the managed hosts. It acts
as a central configuration component on the hosts, and for example, interprets the policy files, sends
autoregistration requests and host status information to Policy Manager, and performs policy-based installations.
Cisco Network Admission Control (NAC) Support
F-Secure Corporation participates in the Network Admission Control (NAC) collaboration led by Cisco
Systems®. The Cisco NAC can be used to restrict the network access of hosts that have too old virus definition
databases, or the antivirus or firewall module disabled.
16 | F-Secure Client Security | Introduction
Basic terminology
Here you will find descriptions for some of the commonly used terms in this guide.
Host
Policy
Policy domain
Policy
inheritance
Host refers to a computer that is centrally managed with Policy Manager.
A security policy is a set of well-defined rules that regulate how sensitive information and
other resources are managed, protected, and distributed. The management architecture
of F-Secure software uses policies that are centrally configured by the administrator for
optimum control of security in a corporate environment.
The information flow between Policy Manager Console and the hosts is accomplished by
transferring policy files.
Policy domains are groups of hosts or subdomains that have a similar security policy.
Policy inheritance simplifies the defining of a common policy. In Policy Manager Console,
each policy domain automatically inherits the settings of its parent domain, allowing for
easy and efficient management of large networks. The inherited settings may be overridden
for individual hosts or domains. When a domain's inherited settings are changed, the
changes are inherited by all of the domain’s hosts and subdomains.
The policy can be further refined for subdomains or even individual hosts. The granularity
of policy definitions can vary considerably among installations. Some administrators might
want to define only a few different policies for large domains. Other administrators might
attach policies directly to each host, achieving the finest granularity.
Installing the product
Chapter
2
Topics:
•
Installation steps
•
Changing the web browser path
•
Uninstalling the product
Here you will find instructions for installing the main product components;
Policy Manager Server and Policy Manager Console.
18 | F-Secure Client Security | Installing the product
Installation steps
Follow these steps in the order given here to install Policy Manager Server and Policy Manager Console on
the same machine.
Download and run the installation package
The first stage in installing Policy Manager is to download and run the installation package.
To begin installing the product:
1.
Download the installation package from www.f-secure.com/webclub.
You will find the file in the Download section of the Policy Manager page.
2. Double-click the executable file to begin installation.
Setup begins.
3. Select the installation language from the drop-down menu and click Next to continue.
4. Read the license agreement information, then select I accept this agreement and click Next to continue.
Select components to install
The next stage is to select the product components to install.
To continue installing the product:
1. Select the components to install and click Next to continue.
• Select both Policy Manager Server and Policy Manager Console to install both components on the
same machine.
• Select Policy Manager Server if you want to install Policy Manager Console on a separate machine.
2. Choose the destination folder and then click Next.
It is recommended to use the default installation directory. If you want to install the product in a different
directory, you can click Browse and select a new directory.
Note: If you have Management Agent installed on the same machine, this window will not be shown.
3. Enter your customer number and then click Next.
You can find your customer number in the license certificate provided with the product.
4. If setup does not detect any previous installation of Policy Manager, it asks you to confirm if a previous
installation of the product exists:
• If a previous version has been installed, select I have an existing F-Secure Policy Manager
installation. Enter the communication directory path of the installed Policy Manager. The contents of
this directory will be copied under <server installation directory>\commdir\ (communication
directory under the Policy Manager Server installation directory), and this will be the directory that
Policy Manager Server will use as a repository. You can use the previous commdir as a backup, or
you can delete it once you have verified that Policy Manager Server is correctly installed.
• If no previous version has been installed, select I do not have an existing F-Secure Policy Manager.
This will not require an existing commdir, and will create an empty commdir in the default location
(under <F-Secure Policy Manager 5 installation directory>\commdir).
5. Click Next to continue.
6. Select whether you want to keep the existing settings or change them:
F-Secure Client Security | Installing the product | 19
Note: This dialog is displayed only if a previous installation of Policy Manager Server was detected
on the computer.
• By default the setup keeps the existing settings. Select this option if you have manually updated the
Policy Manager Server configuration. This option automatically keeps the existing administration, host
and web reporting ports.
• If you want to change the ports from the previous installation, select Change settings. This option
overwrites the edited configuration and restores the default settings.
7. Click Next to continue.
8. Select the Policy Manager Server modules to enable:
• The Host module is used for communication with the hosts. The default port is 80.
• The Administration module is used for communication with Policy Manager Console. The default
HTTP port is 8080.
Note: If you want to change the default port for communication, you will also need to change the
HTTP Port Number setting in Policy Manager Console.
By default, access to the Administration module is restricted to the local machine. This is the most
secure way to use the product. When using a connection over a network, please consider securing the
communication with F-Secure SSH.
• The Web Reporting module is used for communication with Web Reporting. Select whether it should
be enabled. Web Reporting uses a local socket connection to the Administration module to fetch
server data. The default port is 8081.
By default, access to Web Reporting is allowed also from other computers. If you want to allow access
only from this computer, select Restrict access to the local machine.
9. Click Next to continue.
10. Select the product installation package(s) to install from the list of available packages, then click Next to
continue.
Complete installation of the product
The next stage is to complete the installation of the product.
1. Review the changes that setup is about to make, then click Start to start installing the selected components.
When completed, the setup shows whether all components were installed successfully.
2. Click Finish to complete the installation.
3. Restart your computer if you are prompted to do so.
Run Policy Manager Console
The last stage in setting up the product is to run Policy Manager Console for the first time.
To run Policy Manager Console for the first time:
1. Run Policy Manager Console by selecting Start ➤ Programs ➤ F-Secure Policy Manager Console ➤
F-Secure Policy Manager Console.
When Policy Manager Console is run for the first time, the Console Setup Wizard collects the information
needed to create an initial connection to the server. The first page of the Policy Manager Console setup
wizard summarizes the installation process.
2. Click Next to continue.
3. Select your user mode according to your needs:
20 | F-Secure Client Security | Installing the product
Administrator mode - enables all administrator features.•
• Read-only mode - allows you to view administrator data, but no changes can be made. If you select
Read-only mode, you will not be able to administer hosts. To change to Administrator mode, you
will need the admin.pub and admin.prv administration keys.
4. Click Next to continue.
5. Enter the address of the Policy Manager Server that is used for communicating with the managed hosts,
then click Next to continue.
6. Enter the path where the administrator’s public key and private key files will be stored.
By default, key files are stored in the Policy Manager Console installation directory: Program
Files\F-Secure\Administrator.
7. Click Next to continue.
Note: If the key-pair does not already exist, it will be created later in the setup process.
8. Move your mouse cursor around in the window to initialize the random seed used by the management
key-pair generator.
Using the path of the mouse movement ensures that the seed number for the key-pair generation algorithm
has enough random variation.
When the progress indicator has reached 100%, the Passphrase dialog box will open automatically.
9. Enter a passphrase, which will secure your private management key.
10. Re-enter your passphrase in the Confirm passphrase field and click Next.
11. Click Finish to complete the setup process.
Policy Manager Console will generate the management key-pair. After the key-pair is generated, Policy
Manager Console will start.
The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer
is automatically added to this group. To allow another user to run Policy Manager you must manually add
this user to the FSPM users user group.
Policy Manager Console starts in Anti-virus mode, which is an optimized user interface for managing Client
Security, Anti-virus for Workstations and Anti-virus for Windows Servers. If you are going to use Policy Manager
Console for managing any other F-Secure product, you should use the Advanced mode user interface. You
can access it by selecting View ➤ Advanced mode from the menu.
When setting up workstations, you must provide them with a copy of the admin.pub key file (or access to
it). If you install the F-Secure products on the workstations remotely with Policy Manager, a copy of the
admin.pub key file is installed automatically on them. However, if you run the setup from a CD, you must
transfer a copy of the admin.pub key file manually to the workstations. The best and most secure method
is to copy the admin.pub file to a diskette and use this diskette for workstation installations. Alternatively,
you can put the admin.pub file in a directory that can be accessed by all hosts that will be installed with
remotely managed F-Secure products.
F-Secure Client Security | Installing the product | 21
Changing the web browser path
Policy Manager Console acquires the file path to the default web browser during setup.
If you want to change the web browser path:
1. Select Tools ➤ Preferences from the menu.
2. Select the Locations tab and enter the new file path.
22 | F-Secure Client Security | Installing the product
Uninstalling the product
Follow these steps to uninstall Policy Manager components.
To uninstall any Policy Manager components:
1. Open the Windows Start menu and go to Control Panel.
2. Select Add/Remove Programs.
3. Select the component you want to uninstall (Policy Manager Console or Policy Manager Server), and click
Add/Remove.
The F-Secure Uninstall dialog box appears.
4. Click Start to begin uninstallation.
5. When the uninstallation is complete, click Close.
6. Repeat the above steps if you want to uninstall other Policy Manager components.
7. When you have uninstalled the components, exit Add/Remove Programs.
8. It is recommended that you reboot your computer after the uninstallation.
Rebooting is necessary to clean up the files remaining on your computer after the uninstallation, and
before the subsequent installations of the same F-Secure products.
Anti-virus mode user interface
Chapter
3
Topics:
•
Policy domains tab
•
Management tabs
•
The toolbar
•
Menu commands
•
Settings inheritance
This section provides a reference of the settings available on the various
pages of the Anti-virus mode user interface.
Note: Policy Manager also includes another user interface, the
Advanced mode user interface. It is used to manage products other
than Client Security and Anti-virus for Workstations. It is also used
when you need to change advanced Client Security settings. You
can switch between the modes by selecting Advanced mode or
Anti-virus mode in the View menu.
The main components of the Anti-virus mode user interface are:
• The Policy domains tab that displays the structure of the managed
policy domains.
• The management tabs: Summary, Settings, Status, Alerts, Reports,
Installation and Operations that can be used for configuring and
monitoring Client Security installed on hosts as well as for carrying
out operations.
• The Message view at the bottom of the window that displays
informative messages from Policy Manager, for example, when the
virus definitions on the server have been updated.
24 | F-Secure Client Security | Anti-virus mode user interface
Policy domains tab
You can perform actions for policy domains and hosts within the Policy domains tab.
In the Policy domains tab, you can do the following:
•
Add a new policy domain by clicking the icon, which is located on the toolbar. A new policy domain
can be created only when a parent domain is selected.
•
Add a new host by clicking the icon.
• Find a host.
• View the properties of a domain or host. All hosts and domains should be given unambiguous names.
• Import autoregistered hosts.
• Autodiscover hosts from a Windows domain.
• Delete hosts or domains.
• Move hosts or domains, using cut and paste operations.
• Export a policy file.
After selecting a domain or host, you can access the above options from the Edit menu or by right-clicking
the selected host or domain. The Autodiscover and Import autoregistered hosts operations are also
available on the Installation tab.
Note: The domains referred to in the commands are not Windows NT or DNS domains. Policy domains
are groups of hosts or subdomains that have a similar security policy.
F-Secure Client Security | Anti-virus mode user interface | 25
Management tabs
This section describes the management tabs (Summary, Settings, Status, Alerts, Reports, Installation
and Operations), and the different pages on each of these tabs.
Summary tab
The Summary tab is designed to display the most important information concerning the selected domain(s)
or host(s) at a glance.
When a domain is selected, the Summary tab displays information about the whole domain. When a single
host is selected, you can see more detailed information concerning the host.
If some of the settings displayed on the Summary tab require your immediate attention or action, an icon is
displayed beside the setting. The icons can be interpreted as follows:
Warns of an error situation that requires your action.
The error cannot be fixed automatically. The icon is
displayed, for example, when the latest policies have
not been distributed, or when virus definitions on hosts
are outdated.
Warns of a situation that may require your action. This
does not create security problems yet, but it may lead
to a security problem later on if the problem is not fixed
now. The icon is displayed, for example, when there
are disconnected hosts.
The information displayed on the Summary tab depends on what is selected in the Policy domains tab:
• When a domain is selected, the Summary tab displays information divided into the following sections:
Policy Manager, Domain, Virus Protection for Workstations, and Internet Shield.
• When a host is selected, the sections are: Policy Manager, Host, Virus Protection and Internet Shield.
Summary tab when a domain is selected
The information described here is displayed on the Summary tab when a domain is selected on the Policy
domains tab.
Policy Manager
In the Policy Manager section you can:
• See the current Policy distribution status (Saved/Unsaved, Distributed/Undistributed), and when
necessary, save the policy data and distribute the new policies to hosts.
• See the status of the virus definitions on the server.
• See the status of the spyware definitions on the server.
• See the status of DeepGuard updates on the server.
• See the number of new autoregistered hosts. If there are new hosts, you can add them to the domain by
clicking Add these hosts to a domain....
• Autodiscover hosts from a Windows domain by clicking Autodiscover Windows hosts....
Domain
In the Domain section you can:
26 | F-Secure Client Security | Anti-virus mode user interface
• See the number of hosts that have the latest policy and access a summary of their latest policy update
by clicking View hosts’s latest policy update.... This takes you to the Status tab and Centralized
management page.
• See the number of disconnected hosts. You can also access a detailed list displaying the hosts’ connection
status by clicking View disconnected hosts..., which takes you to the Status tab and Centralized
management page.
• See a summary of new alerts. If you want to get more detailed information on the alerts, you can click on
View alerts by severity... link to access the Alerts tab.
The severity of the alerts is indicated by the following icons:
Info
DescriptionReferenceIcon
Normal operating information from
a host.
A warning from the host.Warning
Recoverable error on the host.Error
Unrecoverable error on the host.Fatal error
Security hazard on the host.Security alert
Virus Protection for Workstations
In the Virus Protection for Workstations section you can:
• See how many hosts in the domain have Virus Protection installed.
• See how many hosts in the domain have Real-time scanning enabled. If you want to see which hosts
have it enabled and which do not, click View hosts’ overall protection... to access more detailed
information on the Status tab and Overall protection page.
• See how many infections have been found in the domain. If you want to see host specific infection
information, click View hosts’ infection status... to access the Status tab and Overall protection page.
• See how many of the hosts have the latest virus definitions and whether the virus definitions on some
hosts are recent or outdated.
• Recent means that the virus definitions are not the latest ones.
• Outdated means that the virus definitions are older than the configured time limit.
Note: If you have F-Secure Anti-Virus 5.40 installed on some hosts, the virus definitions version
on these hosts is displayed as Unknown.
If you need to update the virus definitions on some hosts, click Update virus definitions..., which takes
you to the Operations tab.
Internet Shield
In the Internet Shield section you can:
• See how many hosts in the domain have Internet Shield installed.
• See what is the most common latest attack and what percentage of the domain has been affected. If you
want to get more detailed information on the latest attacks, you can click View Internet Shield Status...
to access the Status tab and Internet Shield page.
Summary tab when a host is selected
When a host is selected in the Policy domains tab, the Summary tab displays more detailed information in
the Host section.
F-Secure Client Security | Anti-virus mode user interface | 27
Host
In the Host section you can:
• See the name of the selected host displayed beside Computer identity. You can also access more
detailed information on the host by clicking View host properties.... This takes you to the Status tab and
Host properties page.
• See what is the active protocol (HTTP or file sharing), the address of the Policy Manager Server the host
is connected to and the date and time of the last connection.
• See whether the policy file the host is using is the latest one or not.
• See whether the host is disconnected or not.
• See a summary of new alerts. If you want to get more detailed information on the alerts, click on View
alerts by severity... to access the Alerts tab.
Virus Protection for Workstations
In addition to the information displayed when a domain is selected, the Virus Protection for Workstations
section also displays the version number of the virus definitions.
Internet Shield
In addition to the information displayed when a domain is selected, the Internet Shield section also displays
the currently selected Internet Shield security level for the host.
Settings tab
The Settings tab contains 12 different pages that are used for configuring the components of Client Security,
which are described briefly in this section.
Context menu on settings pages
By right-clicking any setting on a Settings tab page you can access a context menu that contains the following
options:
Clear
Force value
Show domain values
Locate in advanced mode
This option clears a setting that has been redefined
on the current level.
The Force value menu item is available only when a
policy domain is selected. You can use this command
to enforce the current domain setting to be active also
in all subdomains and hosts. In practice, this operation
clears the corresponding setting in all subdomains and
hosts below the current domain, enabling the
inheritance of the current value to all subdomains and
hosts. Use this menu entry cautiously: all values
defined in the subdomains or hosts under the selected
domain are discarded, and cannot be restored.
The Show domain values menu item is available only
when a policy domain is selected. You can use this
command to view a list of all policy domains and hosts
below the selected policy domain, together with the
value of the selected field. Click any domain or host
name to quickly select the domain or host on the
Policy domains tab. It is possible to open more than
one Domain value dialog simultaneously.
This option is for advanced users. It takes you to the
Advanced mode user interface and selects the setting
there.
28 | F-Secure Client Security | Anti-virus mode user interface
Automatic updates
The Automatic Updates page is divided into two sections; Automatic Updates and Neighborcast.
Automatic Updates
In the Automatic Updates section you can:
• Enable or disable automatic updates. Note that deselecting this setting disables all ways for the host to
get automatic updates.
• Specify the time interval for polling updates from Policy Manager Server.
• See a list of Policy Manager Proxy servers. You can also add new servers on the list, delete servers from
the list and edit their addresses and priorities.
• Select whether an HTTP proxy can be used and specify the HTTP proxy address.
• Select whether clients should download updates from each other in addition to any servers or proxies.
Neighborcast
Neighborcast allows clients to download updates from each other as well as from any available servers or
proxies. In this section you can:
• Set a client to serve updates to other clients.
• Set a client to download updates from other clients serving updates.
• Choose the port to use.
Real-time scanning
The settings displayed on this page affect the real-time scanning of hosts in the selected domain.
Unless otherwise stated, the settings listed on this page are valid for all Client Security versions. To view and
configure the settings that are no longer valid for Client Security 9 or higher and Anti-virus for Windows Servers
9 or higher, but that are valid for older product versions, click Settings for older clients (7.x, 8.x)....
General
In this section you can turn real-time scanning on or off.
File Scanning
In this section you can:
• Select which files will be scanned and define the included extensions.
• Select whether certain extensions will be excluded from the scan and define what they are.
• Select whether the users can exclude objects from real-time scanning.
• Select whether network drives are included in real-time scanning.
• Define the action to take automatically when an infected file is found (for Client Security 9 or higher and
Anti-virus for Windows Servers 9 or higher).
• Turn protection of the "Hosts" file on or off.
• Select whether tracking cookies are included in the scan.
DeepGuard
In this section you can:
• Turn DeepGuard on or off.
• Select the action to take when a system modification attempt is detected.
• Select whether to query a remote server to improve detection accuracy.
• Turn advanced process monitoring on or off.
F-Secure Client Security | Anti-virus mode user interface | 29
Manual scanning
The settings displayed on this page affect the scans that are run manually by the host users.
Manual File Scanning
In this section, the following options are available for selecting what to scan:
• Select which files will be scanned and define the included extensions.
• All files: All files will be scanned, regardless of their file extension. Forcing this option is not
recommended because it might slow down system performance considerably.
• Files with these extensions: Files with specified extensions will be scanned. To specify files that have
no extension, type .. You can use the wildcard ? to represent any letter. Enter each file extension
separated by a space.
• Select whether to scan inside compressed files. Select this check box to scan inside compressed ZIP,
ARJ, LZH, RAR, CAB, TAR, BZ2, GZ, JAR and TGZ files. Scanning inside large compressed files might use
a lot of system resources and slow down the system.
• Select whether certain extensions will be excluded from the scan and define what they are. You can specify
whether some files will not be scanned, and enter the extensions that will be excluded from scanning in
the Excluded extensions field.
• Select whether the users can exclude objects from real-time scanning. When Enable excluded objects
is selected, the users can specify individual files or folders that will not be scanned.
• From the Action on infection drop-down list, you can select the action Client Security will take when an
infected file is detected. Choose one of the following actions:
Ask after scan
Disinfect automatically
Rename automatically
Delete automatically
Report only
Rootkit Scanning
In this section you can:
DefinitionAction
Starts the Disinfection Wizard when an infected file
is detected.
Disinfects the file automatically when a virus is
detected.
Renames the file automatically when a virus is
detected.
Deletes the file automatically when a virus is
detected. Note that this option also deletes the object
the virus is attached to, so this option is not
recommended.
Indicates that a virus is found, and does not let you
open the infected object. This option only reports, it
does not take any action against the virus.
• Turn rootkit scanning on or off.
• Include or exclude rootkit scanning from full computer check.
• Specify whether detected suspicious items are shown in the disinfection wizard and in the scanning report
after a full computer check.
30 | F-Secure Client Security | Anti-virus mode user interface
Scheduled Scanning
The Configure scheduled scanning in advanced mode... link takes you to the Advanced mode user
interface, where scheduled scanning can be configured.
Manual Boot Sector Scanning
In this section you can:
• Turn manual scanning for floppy disk boot sectors on or off.
• Select the action to take when an infection is found.
Spyware control
The settings displayed on this page are spyware-specific, and provide additional spyware-specific settings
for real-time and manual scanning.
Applications Excluded from Spyware Scanning
This table displays a list of spyware and riskware that the administrators have allowed to run on the hosts.
Spyware and Riskware Reported by Hosts
This table displays spyware and riskware that the hosts have reported, and spyware and riskware that are
quarantined at the host(s). The table displays the type and the severity for each detected spyware and riskware
application. All spyware and riskware with the Potentially active status were allowed to run on the host by
the administrator.
If you want users to be able to decide the spyware and riskware items that are allowed, you can do so with
the Allow users to define the allowed spyware items drop-down list.
Quarantine management
This page is used to manage malware that has been quarantined on managed hosts.
Quarantine content
This table displays a list of quarantined items on the hosts. Each table row displays the object type, name,
file path and the number of hosts on which the object has been quarantined.
Actions to perform on quarantined objects
This table displays a list of the quarantined objects that have been processed. The quarantined objects are
either released (allowed) or deleted. The action indicated here is distributed to the managed hosts, so whenever
the malware in question is detected on a host, the selected action is applied. When the action is set to Release,
an appropriate exclusion rule needs to be in place on the Spyware control or Real-time scanning page,
depending on the object type, to prevent the object from being quarantined in future.
The applied actions are automatically cleaned from this table once there are no pending actions left for the
corresponding hosts (no hosts report this object as quarantined).
E-mail scanning
This page includes separate settings for incoming and outgoing e-mail scanning. The settings in the General
section are common for both.
Incoming E-mail Scanning
In this section you can:
• Turn incoming e-mail scanning on or off.
Loading...