How it Works
McAfee
Loading...
M
N
O
P
Q
S
T
U
V
Loading...
Loading...
SiteAdvisor Enterprise Plus 3.0
Product Manual
58 pgs596.12 Kb0

McAfee MSA09EMB1RAA, SiteAdvisor Enterprise Plus 3.0 Product Manual

McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide2
Contents
Introducing SiteAdvisor Enterprise Plus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Setting up a Browsing Security Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Benefits of using SiteAdvisor Enterprise Plus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
How safety ratings are compiled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Safety icons and balloons protect during searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Using site safety balloons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SiteAdvisor menu protects while browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using the SiteAdvisor menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Safety reports provide details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Viewing safety reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Administrators customize policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Guidelines for creating a strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Select the right policy options and features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Information that SiteAdvisor Enterprise Plus sends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
How policies work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Types of policy categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Creating and editing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Apply general options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Enabling observe mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Setting the control panel option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Block and warn sites by ratings and threat factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring access based on ratings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Use Authorize and Prohibit lists for sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
How site patterns work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
How multiple-instance policies work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Working with Authorize lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Working with Prohibit lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Customize messages for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Contents
Creating customized messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Disable and reenable the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Disabling and re-enabling from the ePO server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Disabling and reenabling from the browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Track events for reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Tracking visits to domains and downloads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Tracking domain page views and downloads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Tracking green site content categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Using Dashboards, Monitors, and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Use queries to create reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Creating reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Running a purge task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Use dashboards and monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Creating monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Where to find more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Web Filtering for Endpoint and Web Reporter Appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
How web content filtering works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Policy additions with web content filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Report and dashboard additions with web content filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
How Web Reporter works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Sending Web Reporter logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Applying the Content Actions policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Working with the Web Reporter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide4
Introducing SiteAdvisor Enterprise Plus
McAfee®SiteAdvisor®Enterprise Plus is a browser protection solution that can be deployed and managed by using McAfee ePolicy Orchestrator®4.0 or 4.5. The client software runs on managed systems to protect users from threats they encounter while searching and browsing websites with Internet Explorer or Firefox or downloading files with Internet Explorer. SiteAdvisor Enterprise Plus is integrated with McAfee advanced protection solutions.
This guide provides information that you need to create a browsing security strategy for your business and configure SiteAdvisor Enterprise Plus policy options.
Contents
Benefits of using SiteAdvisor Enterprise Plus
How safety ratings are compiled
Safety icons and balloons protect during searches
SiteAdvisor menu protects while browsing
Safety reports provide details
Administrators customize policy settings
Benefits of using SiteAdvisor Enterprise Plus
As SiteAdvisor Enterprise Plus runs on each managed system, it notifies users about threats they might encounter when searching or browsing websites by displaying the following:
Safety rating for each site
• When searching, safety ratings of green, yellow, red, and gray icons appear next to each site listed on a search results page.
• When browsing, the SiteAdvisor menu button appears in the browser window in the color that matches the safety rating for the current site.
Safety report for each site
• The report includes a detailed description of test results and feedback submitted by users and site owners.
• Users access safety reports to learn more about how the safety rating for a site was calculated.
Using the ePO Policy Catalog, administrators can create SiteAdvisor Enterprise Plus policies that determine which sites managed systems can access. They can assign actions to sites based on their SiteAdvisor rating (for example, block red sites and warn users trying to access yellow sites). They can create lists of authorized and prohibited sites based on URLs and domains. Administrators can also customize the messaging that SiteAdvisor Enterprise Plus displays to managed systems, and prevent users from disabling the client software on managed systems.
5McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Introducing SiteAdvisor Enterprise Plus How safety ratings are compiled
With the addition of the Web Filtering for Endpoint extension, you can expand safety ratings to include site content and track pages viewed on domain sites. With the addition of Web Reporter you can create detailed reports on websites.
The SiteAdvisor Enterprise Plus client software supports both Microsoft Internet Explorer and Mozilla Firefox browsers.
NOTE: The only difference in functionality between the browsers is that Firefox does not allow
users to hide the SiteAdvisor button with the View | Toolbars command or check file downloads.
How safety ratings are compiled
A McAfee team derives safety ratings by testing a variety of criteria for each site and evaluating the results to detect common threats.
Automated tests compile safety ratings for a website by:
• Downloading files to check for viruses and potentially unwanted programs bundled with the download.
• Entering contact information into signup forms to check for resulting spam or a high volume of non-spam emails sent by the site or its affiliates.
• Checking for excessive popup windows.
• Checking for attempts by the site to exploit browser vulnerabilities.
• Checking for deceptive or fraudulent practices employed by a site.
The team assimilates test results into a safety report that can also include:
• Feedback submitted by site owners, which might include descriptions of safety precautions used by the site or responses to user feedback about the site.
• Feedback submitted by site users, which might include reports of phishing scams, bad shopping experiences, and selling services that can be obtained without cost from other sources.
• Additional analysis by McAfee professionals.
Safety icons and balloons protect during searches
When users type keywords into a popular search engine such as Google, Yahoo!, MSN, Ask, or AOL.com, color-coded safety icons appear next to sites listed in the search results page:
(Green, checkmark)
(Yellow, exclamation point)
(Red, x)
(Red, bar)
(Gray, question mark)
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide6
Tests revealed no significant problems.
Tests revealed some issues users should know about. For example, the site tried to change the testers’ browser defaults, displayed popups, or sent them a significant amount of non-spam email.
Tests revealed some serious issues that users should consider carefully before accessing this site. For example, the site sent testers spam email or bundled adware with a download.
This site is blocked by a Prohibit List, Rating Actions, or Content Actions policy option.
This site is unrated.
Introducing SiteAdvisor Enterprise Plus SiteAdvisor menu protects while browsing
Placing the cursor over an icon displays a safety balloon that summarizes the safety report for a site. Click More Info or a report link for a detailed safety report.
Using site safety balloons
Use this task to view additional information available through a site’s safety icon listed in a search results page.
Task
1 Hold the cursor over the site’s safety icon. A safety balloon displays a high-level summary
of the site’s safety report.
2 Click a safety report link or the More info link in the safety balloon to view details of the
site's safety report.
SiteAdvisor menu protects while browsing
When users browse to a website, a color-coded menu button appears in the top-left corner of the window. The color of the button corresponds to the site’s safety rating. Placing the cursor over this button displays a safety balloon that summarizes the safety report for the site, with a link to the detailed site report page. The menu button next to the icon displays the SiteAdvisor menu.
This button...
and symbol...
point
mark
Gray, disconnected cables
Indicates this...With this color
The site is safe.Green, checkmark
There might be some issues with the site.Yellow, exclamation
There might be some serious issues with the site.Red, x
No rating is available for the site.Gray, question
A communication error occurred with the SiteAdvisor website that contains rating information.
Client settings that affect the SiteAdvisor menu button
• When SiteAdvisor Enterprise Plus is disabled, the menu button is gray with a question mark.
• When event tracking is disabled for specific sites in the Authorize List or in the Event Tracking policy, the menu button is gray with a question mark while visiting the sites.
• When a communication error occurs with the SiteAdvisor server, the menu button is gray with disconnected cables.
• In Internet Explorer, users can display or hide the menu button by using the View | Toolbars | McAfee SiteAdvisor menu option. This does not affect the functional status (enabled or disabled) of the SiteAdvisor Enterprise Plus client software.
NOTE: Firefox users cannot hide the menu button while SiteAdvisor Enterprise Plus is enabled.
7McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Introducing SiteAdvisor Enterprise Plus SiteAdvisor menu protects while browsing
Troubleshooting link
If the gray communication error button appears, a troubleshooting link in the site's safety balloon opens to a connection status page. This page displays the reason for the communication error and provides information on possible resolutions. Clicking this link runs these test with these results:
What this meansTest
Does the browser have internet access?Internet Access
Is the SiteAdvisor server down?SiteAdvisor Server Availability
Is the SiteAdvisor server responding to requests?SiteAdvisor Server Response
Format
The Repeat Tests button allows the user to see if the error persists or has been corrected while the page is open.
Using the SiteAdvisor menu
Use this task to display the options for accessing SiteAdvisor features on managed systems.
Task
1 Click the down arrow on the SiteAdvisor menu button to view the SiteAdvisor menu and
do any of the following:
Explanation if there is an issue
Your computer cannot access the Internet. This might indicate the SiteAdvisor policy for proxy settings are configured incorrectly. Contact your administrator.
The SiteAdvisor servers appear to be down.
The SiteAdvisor servers are up, but they are not responding to requests.
To do this...Select this command...
View Site Report
Show Balloon
Disable/Enable SiteAdvisor
About
Display the safety report for the current site (not available when SiteAdvisor Enterprise Plus is disabled).
NOTE: You can also click Read site report in the site
safety balloon.
Display the current site’s safety balloon (not available when SiteAdvisor Enterprise Plus is disabled). The balloon disappears after a few seconds, or you can click the close button.
NOTE: The site safety balloon also appears by placing
the cursor over the menu button.
Turn the SiteAdvisor Enterprise Plus client software off or on (available only when an Enable/Disable policy option is configured to allow this functionality).
Access a brief description of browser protection, its license agreement, and its privacy policy.
2 If the communication error button appears, show the balloon for the site, and click
Troubleshoot. The connection status page that appears indicates the possible cause of
the communication error.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide8
Introducing SiteAdvisor Enterprise Plus Safety reports provide details
Safety reports provide details
Users can supplement the color-coded safety information for a site by viewing its detailed safety report. These reports describe specific threats discovered by testing and include feedback submitted by site owners and users.
Safety reports for sites are delivered from the McAfee SiteAdvisor and provide the following information:
ExplanationItem
Summary
Established
Country
Popularity
The overall rating for the website. We determine this rating by looking at a wide variety of information. First, we evaluate a website's email and download practices using our proprietary data collection and analysis techniques. Next, we examine the website itself to see if it engages in annoying practices such as excessive pop-ups or requests to change your home page. Then we perform an analysis of its online affiliations to see if the site associates with other sites flagged as red. Finally, we combine our own review of suspicious sites with feedback from our volunteer reviewers and alert you to sites that are deemed suspicious.
The year the domain name was registered. More recently registered websites have had less time to prove their safety and trustworthiness.
The country where a domain is registered. Keep in mind that it's sometimes more difficult to get good customer service or resolve disputes with websites registered outside of your country of residence.
The level of how popular the website is. Don't assume, however, that popularity always goes hand in hand with safety. For example, some very popular prize sites send lots of spam, and some very popular file-sharing programs bundle adware. Likewise, many personal websites, blogs and small business sites that do not get a lot of traffic can be safe to browse and use. That's why the analysis behind SiteAdvisor's overall verdict is so useful.
Email Results
Downloads
Overall rating for a website's email practices. We rate sites based on both how much email we receive after entering an address on the site as well as how spammy the email we receive looks. If either of these measures is higher than what we consider acceptable, we'll give the site a yellow warning. If both measures are high, or one of them looks particularly egregious, we'll give the site a red warning.
Each email link opens a detailed email analysis page.
Overall rating about the impact a site's downloadable software had on our testing computer. Red flags are given to sites that have virus-infected downloads or that add unrelated software which many people would consider adware or spyware. The rating also takes note of the network servers a program contacts during its operation, as well as any modifications to browser settings or a computer's registry files.
Each download link opens a detailed download analysis page.
9McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Introducing SiteAdvisor Enterprise Plus Safety reports provide details
ExplanationItem
Online Affiliations
Annoyances
Exploits
Reviewer and Site Owner Comments
Indication of how aggressively the site tries to get you to go to other sites that we've flagged as red. It is a very common practice on the Internet for suspicious sites to have many close associations with other suspicious sites. The primary purpose of these "feeder" sites is to get you to visit the suspicious site. A site can receive a red warning if, for example, it links too aggressively to other red sites. In effect, a site can become "red by association" due to the nature of its relationship to red flagged domains.
Common web practices that users find annoying, such as excessive pop-ups, requests to change a user's home page, or requests to add a site to the browser's favorites list. We also list third-party cookies (sometimes known as "tracking cookies") in this section. If a website has a lot of pop-ups, and in particular if it engages in practices such as popping up more windows when you try to close them, we will give that website a red flag.
Rare but extremely dangerous security threats caused by a website "exploiting" a browser's security vulnerability. The exploit can cause the user's computer to receive programming code that can cause adware infections, keystroke spying, and other malicious actions that can leave a computer essentially unusable.
Reviewers and site owners can provide additional information and commentary to supplement SiteAdvisor's automated test results.
Results
Website owner comments
Reviewer comments
Viewing safety reports
Use this task to view safety reports to obtain more information about a site’s safety rating.
Task
• Do any of the following to view a safety report for a site:
Summary of the comments of SiteAdvisor's entire reviewer community. Reviewers can rate sites for downloads, email practices, shopping experiences and more. This input is particularly important in helping the SiteAdvisor community guide each other concerning e-commerce websites. Anonymous input alone is not enough to change a site's overall rating, but sufficient votes from registered users can affect a site's rating.
Allows owners of analyzed websites to address our ratings. Owners are free to comment, disagree or clarify. These comments are posted unedited after we verify the authenticity of the person leaving the comment. We manually review all owner comments and if an error was made, we will try our best to promptly correct it. We don't allow sites to pay to be rated or to change or improve their ratings.
What our volunteer reviewers have to say about this website. These comments are posted unedited.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide10
Introducing SiteAdvisor Enterprise Plus Administrators customize policy settings
Do this...From this location...
Website Click the SiteAdvisor menu button and select Read
Analysis page
Site Details.
Click the SiteAdvisor button.
Click the safety icon following the web page link.Search results page
Type a URL in the Look up site report box.SiteAdvisor home page (www.siteadvisor.com) or
Administrators customize policy settings
Administrators create SiteAdvisor Enterprise Plus policies in the ePO Policy Catalog and assign them to managed systems running the SiteAdvisor Enterprise Plus client software. You can assign the same policy settings to all managed systems, or to groups of managed systems that perform similar tasks and require the same type of access and protection.
Configure policies in SiteAdvisor Enterprise Plus to achieve the right level of browsing protection for your users. Note that both the Authorize List and Prohibit List policies are multiple-instance policies. These policies allow for a profile of settings through the application of multiple policies under a single policy instance. This can be helpful if you want to apply a default list of sites, and add entries for a particular group or all groups. Instead of updating the entire list with the new entries, you can create a second policy instance for the new entries and apply it and the default list together. The effective policy is then the combination of the two policy instances.
Authorize List
(A multiple-instance policy)
Disable/Enable
Enforcement Messaging
DescriptionPolicy
Create a list of sites that are approved for users to access.
Configure access to site resources, such as file downloads and phishing pages, on approved sites.
Specify whether an Authorize list has precedence over Prohibit lists.
Disable and then reenable the SiteAdvisor Enterprise Plus client software for all ePO managed systems using this policy.
Allow the disabling and reenabling of the SiteAdvisor Enterprise Plus client software from the browser on managed systems and configure whether or not this functionality requires a password.
Create messages, which can include your own logo or image, for users who attempt to access:
Blocked sites
Warned sites
Authorized sites
Prohibited sites
Phishing pages
File downloads
Event Tracking
Report on domain site visits.
Report on internal domain site visits.
11McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Introducing SiteAdvisor Enterprise Plus Administrators customize policy settings
DescriptionPolicy
Report on page views on all domain sites. (Available with with the additional Web Filtering for Endpoint extension.)
General
(A multiple-instance policy)
Rating Actions
(Available with the Web Filtering for Endpoint extension)
See
Configuring Policies
for more information.
Specify proxy server settings required to contact the Internet by managed systems running the client software.
Enable Observe mode to evaluate policy settings before implementing them.
Specify whether users can use Add/Remove Programs to remove SiteAdvisor Enterprise Plus.
Create a list of blocked sites that users cannot access.Prohibit List
Assign actions (warn, block, or allow) to sites or site resources (such as file downloads and phishing pages) based on their ratings.
Apply threat factors to fine-tune rating actions.
Allow, warn, or block sites based on content categories.Content Actions
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide12
Setting up a Browsing Security Strategy
SiteAdvisor Enterprise Plus includes a default policy with settings recommended by McAfee to protect managed systems from most web-based threats. This section provides an overview of features that assist you in customizing policy settings that are specific to your business needs. The following topics provide details about using these features.
Contents
Guidelines for creating a strategy
Select the right policy options and features
Information that SiteAdvisor Enterprise Plus sends
Guidelines for creating a strategy
Follow these guidelines to design and implement a browsing security strategy that fully protects your managed systems against web-based threats.
1 Install SiteAdvisor Enterprise Plus, enable Observe mode, and deploy the client
software.
Before deploying the client software, enable Observe mode (Action Enforcement tab on the General policy page). This prevents SiteAdvisor Enterprise Plus from taking actions (such as blocking and warning) configured as part of the default policy, but tracks browsing behavior data that you can retrieve in reports.
See
Evaluate policy settings with Observe mode
2 Evaluate browsing traffic and usage patterns (Reports).
Run queries and review the results to learn about network browsing patterns. For example, what types of sites are users visiting and what tasks are they performing at these sites? What time of day is browsing traffic heaviest?
See
Using Dashboards, Monitors, and Reports
3 Create policies.
Configure policy options based on the browsing behavior revealed in the query results. Prohibit, block, or warn about sites or downloads that present threats, and authorize sites that are important to your users.
See the
4 Test and evaluate policy settings (Observe mode).
Enable Observe mode to track the number of users who access sites that would be affected by the policy settings you have configured. Run queries, then view and evaluate the tracked data. Are the settings comprehensive enough? Do they have any unintended consequences you need to resolve? Adjust the policy settings as needed, then disable Observe mode to activate them.
Configuring Policies
chapter for more information.
.
under
Configuring Policies
.
13McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Setting up a Browsing Security Strategy Select the right policy options and features
See
Evaluate policy settings with Observe mode
under
Configuring Policies
.
5 Ensure compliance, productivity, and security with frequent monitoring.
Run queries regularly. View results in reports or in monitors.
• Ensure that the SiteAdvisor Enterprise Plus client software is enabled on all computers and can function properly (by using the Functional Compliance query).
• Check whether any sites or site resources, such as download files, that are required for business are blocked.
• Check visits to sites that contain threats.
• Update policy settings to address any problems.
• Run a purge task occasionally to clear out the reports database.
See
Using Dashboards, Monitors, and Reports
and
Configuring Policies
.
Select the right policy options and features
When developing a browsing security strategy:
• Assess the security concerns and vulnerabilities that apply to your business.
• Carefully consider any domains and sites that must be accessible to your managed systems and any that you would like to block.
• Decide which network browsing activities you need to monitor.
• Determine your most effective and efficient forms of monitoring.
Use this list to identify which product features can help meet your goals.
Use this feature...If this is your security or productivity goal...
files, or phishing pages.
resources on these sites (such as download files). Track visits to these sites and access of site resources.
the SiteAdvisor website’s servers.
protect against threats on a site.
Enterprise Plus client software.
implemented.
Rating Actions policyUse SiteAdvisor ratings to control access to sites, download
Prohibit List policyBlock particular sites or domains.
Authorize List policyEnsure access to particular sites. Control access to
Event Tracking policyPrevent data about intranet sites from being reported to
Enforcement Messaging policyCommunicate to users why a site is blocked or how to
Disable/Enable policyControl who can disable or enable the SiteAdvisor
Observe mode (part of General policy)Evaluate the effect of policy settings before they are
access.
servers.
domain servers.
domain servers.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide14
Proxy Server (part of General policy)Enter information on any proxy server needed for Internet
Event Tracking policyObtain information for and track activity on private domain
Event Tracking policyObtain information for and track visits to non-private
Event Tracking policyObtain information for and track each page accessed from
Setting up a Browsing Security Strategy Information that SiteAdvisor Enterprise Plus sends
Use this feature...If this is your security or productivity goal...
Queries and monitorsMonitor the effect of current policy settings.
Enterprise Plus client software is installed on all managed systems and functions properly.
Use site content to control access to sites.
See
Configuring Policies
Monitors, and Reports
for information about using the policy features. See
for information about queries and monitors.
Functional Compliance queryEnsure that the correct version of the SiteAdvisor
Content Actions policy with Web Filtering for Endpoint extension
Web Reporter with Web Filtering for Endpoint extensionObtain detailed reports based on site content.
Using Dashboards,
Information that SiteAdvisor Enterprise Plus sends
The client software sends the following information to the ePO server for use in queries:
• Type of event initiated by the managed system (site visit or download).
• Unique ID assigned by SiteAdvisor Enterprise Plus to the managed system.
• Time of event.
• Domain for event.
• URL for event.
• SiteAdvisor rating for the event’s site.
• Site threat factor.
• Whether the event’s site or site resource is on an Authorize list, a Prohibit list, or no list.
• Reason for action (allow, warn, or block) taken by SiteAdvisor Enterprise Plus.
• Observe mode status (on or off).
SiteAdvisor Enterprise Plus sends the following information to the SiteAdvisor website’s servers:
• Version of the SiteAdvisor Enterprise Plus client software running on the managed system.
• Version of the operating system running on the managed system.
• Language and country locale selected for the operating system and browser running on the managed system.
• Host name and part of the URL for each website the managed system requests to access.
• MD5 algorithm for each application the managed system requests to download.
When a managed system visits a website, SiteAdvisor Enterprise Plus tracks the site’s
specifier
. The domain specifier is the smallest amount of information required for SiteAdvisor Enterprise Plus to uniquely identify the site being rated for security. The focus of SiteAdvisor Enterprise Plus is protecting your managed systems; no attempt is made to track personal Internet usage.
domain
NOTE: SiteAdvisor Enterprise Plus does not send information on your company’s intranet sites
to the SiteAdvisor website’s servers, unless specifically requested. See
and downloads
under
Configuring Policies
Tracking visits to domains
for more information.
15McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Configuring Policies
For the purposes of this guide, we assume that you have installed ePolicy Orchestrator and have the necessary privileges to perform the steps described in this guide. For more information about ePolicy Orchestrator, refer to the product’s documentation.
Contents
How policies work
Types of policy categories
Default policy settings
Creating and editing policies
Apply general options
Block and warn sites by ratings and threat factors
Use Authorize and Prohibit lists for sites
Customize messages for users
Disable and reenable the software
Track events for reports
How policies work
A policy is a collection of software settings that you configure and enforce on managed client systems. Policies ensure that security software products are configured and function as your organization requires.
When SiteAdvisor Enterprise Plus is installed, its preconfigured default policy is installed in the repository. You cannot change this default policy, but you can create a duplicate of this policy with a different name and configure it to meet your needs.
TIP: Before deploying the SiteAdvisor Enterprise Plus client software to managed systems,
consider carefully how you want the software to behave in your environment. Although you can reconfigure policies after the software has been deployed, McAfee recommends that you configure policy settings prior to deployment to prevent unnecessary resource impact.
Policy assignment rules
In general, a policy is applied to a group, and all systems in the group receive the same policy settings. If, however, you are working in an ePO 4.5 environment, where the ePO server is version 4.5 and the McAfee Agent on the client system is version 4.5, you can create user-specific instead of system-specific policy assignments with policy assignment rules. These assignment rules are enforced on the client system for a particular user when that user logs on, regardless
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide16
Configuring Policies Types of policy categories
of the ePO group in which the system is placed. For more information, see
Rules Work
NOTE: Policy assignment rules are enforced only if the user logs on as the interactive user. If
a user logs on with a the user's logon is not set to interactive, the policy assigned to the system and not the one assigned to the user is enforced.
For recommendations on selecting and implementing SiteAdvisor Enterprise Plus policy settings, see
Setting up a Browsing Security Strategy
For more information about using policies with ePolicy Orchestrator, see
with Policies and Client Tasks
in the
ePolicy Orchestrator4.5 Product Guide
runas
command, or logs on to a remote desktop or terminal service where
in the
ePolicy Orchestrator Product Guide
.
Types of policy categories
For the SiteAdvisor Enterprise Plus software, configure these policy categories:
Authorize List — Sites that users are authorized to access, and rules for accessing the
individual resources on the sites. Several instances of this policy can be applied, resulting in one combined, effective policy.
Enforcement Messaging — Text displayed to users who attempt to access a site, phishing
page, or file download that has been blocked, warned, or allowed.
Enable/Disable — Whether the SiteAdvisor Enterprise Plus client software is disabled or
enabled for all managed systems assigned this policy, and whether it can be disabled on individual systems.
General — Settings required for managed systems to access the Internet through a proxy
server, to turn on Observe mode to tune enforcement rules, and to allow SiteAdvisor Enterprise Plus to be removed with Add or Remove Programs.
Event Tracking — Settings to track domain visits and downloads. If the Web Filtering for
Endpoint extension and Web Reporter are installed, you can also track pages views and downloads within a domain and send information to Web Reporter for reports.
Prohibit List — Sites that users are blocked from accessing. Several instances of this policy
can be applied resulting in one combined, effective policy.
Rating Actions — Rules for user access based on the safety ratings and threat factors
SiteAdvisor assigns to sites, pages on a site, or file downloads.
How Policy Assignment
.
Managing Products
.
NOTE: A Content Actions policy appears if the Web Filtering for Endpoint extension is installed.
See the
For more information about using policies with ePolicy Orchestrator, see
Web Filtering for Endpoint and Web Reporter Appendix
with Policies and Client Tasks
Default policy settings
During installation, a default SiteAdvisor Enterprise Plus policy is added to the ePO master repository and listed in the Policy Catalog. The default policy settings are:
Authorize List
in the
ePolicy Orchestrator Product Guide
Default policy settingsPolicy
No Authorize list is set up.
for details.
Managing Products
.
17McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Configuring Policies Default policy settings
Default policy settingsPolicy
After a list is created, default settings for the advanced options are:
Track events: Selected.
Block phishing pages: Selected.
File downloads:
Yellow: Warn
Red: Block
Unrated: Allow
Block sites with exploits: Selected.
Give this Authorize list precedence: Not selected.
Enable/Disable SiteAdvisor policy enforcment — Enable:
Enforcement Messaging
General No proxy settings are defined.
Prohibit List
Event Tracking Domains and downloads — Track: Selected.
Selected. The client software is enabled on all systems managed with this policy.
SiteAdvisor menu option — Enable: Not selected. The client software cannot be disabled from the managed system.
No custom messages or logos are displayed to users when they attempt to access allowed, warned, or blocked sites and site resources.
Observe mode — Enable: Not selected. Options configured for blocking or warning are enforced.
Control Panel Option — Enable: Not selected. to have SiteAdvisor Enterprise Plus appear in the client system Add or Remove Programs control panel is not selected.
No Prohibit list is set up.
Include traffic to internal sites: Set to Never.
Track content categories for allowed green sites: Selected. Only available if the Web Filtering for Endpoint extension is installed.
Rating Actions Site navigation rating actions:
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide18
Page views and downloads — Track: Not selected. Only available if the Web Filtering for Endpoint extension is installed.
Yellow: Warn
Red: Block
Unrated: Allow
Page-level rating actions: Block phishing pages selected. Phishing pages detected on allowed sites are blocked.
Loading...
+ 40 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use