Page 1
McAfee SiteAdvisor Enterprise Plus 3.0
Product Guide
Page 2
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide2
Page 3
Contents
Introducing SiteAdvisor Enterprise Plus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Setting up a Browsing Security Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Benefits of using SiteAdvisor Enterprise Plus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
How safety ratings are compiled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Safety icons and balloons protect during searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Using site safety balloons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SiteAdvisor menu protects while browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using the SiteAdvisor menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Safety reports provide details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Viewing safety reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Administrators customize policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Guidelines for creating a strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Select the right policy options and features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Information that SiteAdvisor Enterprise Plus sends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
How policies work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Types of policy categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Creating and editing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Apply general options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Enabling observe mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Setting the control panel option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Block and warn sites by ratings and threat factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring access based on ratings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Use Authorize and Prohibit lists for sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
How site patterns work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
How multiple-instance policies work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Working with Authorize lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Working with Prohibit lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Customize messages for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 4
Contents
Creating customized messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Disable and reenable the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Disabling and re-enabling from the ePO server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Disabling and reenabling from the browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Track events for reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Tracking visits to domains and downloads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Tracking domain page views and downloads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Tracking green site content categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Using Dashboards, Monitors, and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Use queries to create reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Creating reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Running a purge task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Use dashboards and monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Creating monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Where to find more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Web Filtering for Endpoint and Web Reporter Appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
How web content filtering works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Policy additions with web content filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Report and dashboard additions with web content filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
How Web Reporter works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Sending Web Reporter logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Applying the Content Actions policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Working with the Web Reporter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide4
Page 5
Introducing SiteAdvisor Enterprise Plus
McAfee®SiteAdvisor®Enterprise Plus is a browser protection solution that can be deployed
and managed by using McAfee ePolicy Orchestrator®4.0 or 4.5. The client software runs on
managed systems to protect users from threats they encounter while searching and browsing
websites with Internet Explorer or Firefox or downloading files with Internet Explorer. SiteAdvisor
Enterprise Plus is integrated with McAfee advanced protection solutions.
This guide provides information that you need to create a browsing security strategy for your
business and configure SiteAdvisor Enterprise Plus policy options.
Contents
Benefits of using SiteAdvisor Enterprise Plus
How safety ratings are compiled
Safety icons and balloons protect during searches
SiteAdvisor menu protects while browsing
Safety reports provide details
Administrators customize policy settings
Benefits of using SiteAdvisor Enterprise Plus
As SiteAdvisor Enterprise Plus runs on each managed system, it notifies users about threats
they might encounter when searching or browsing websites by displaying the following:
Safety rating for each site
• When searching, safety ratings of green, yellow, red, and gray icons appear next to each
site listed on a search results page.
• When browsing, the SiteAdvisor menu button appears in the browser window in the color
that matches the safety rating for the current site.
Safety report for each site
• The report includes a detailed description of test results and feedback submitted by users
and site owners.
• Users access safety reports to learn more about how the safety rating for a site was
calculated.
Using the ePO Policy Catalog, administrators can create SiteAdvisor Enterprise Plus policies that
determine which sites managed systems can access. They can assign actions to sites based on
their SiteAdvisor rating (for example, block red sites and warn users trying to access yellow
sites). They can create lists of authorized and prohibited sites based on URLs and domains.
Administrators can also customize the messaging that SiteAdvisor Enterprise Plus displays to
managed systems, and prevent users from disabling the client software on managed systems.
5McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 6
Introducing SiteAdvisor Enterprise Plus
How safety ratings are compiled
With the addition of the Web Filtering for Endpoint extension, you can expand safety ratings
to include site content and track pages viewed on domain sites. With the addition of Web
Reporter you can create detailed reports on websites.
The SiteAdvisor Enterprise Plus client software supports both Microsoft Internet Explorer and
Mozilla Firefox browsers.
NOTE: The only difference in functionality between the browsers is that Firefox does not allow
users to hide the SiteAdvisor button with the View | Toolbars command or check file
downloads.
How safety ratings are compiled
A McAfee team derives safety ratings by testing a variety of criteria for each site and evaluating
the results to detect common threats.
Automated tests compile safety ratings for a website by:
• Downloading files to check for viruses and potentially unwanted programs bundled with the
download.
• Entering contact information into signup forms to check for resulting spam or a high volume
of non-spam emails sent by the site or its affiliates.
• Checking for excessive popup windows.
• Checking for attempts by the site to exploit browser vulnerabilities.
• Checking for deceptive or fraudulent practices employed by a site.
The team assimilates test results into a safety report that can also include:
• Feedback submitted by site owners, which might include descriptions of safety precautions
used by the site or responses to user feedback about the site.
• Feedback submitted by site users, which might include reports of phishing scams, bad
shopping experiences, and selling services that can be obtained without cost from other
sources.
• Additional analysis by McAfee professionals.
Safety icons and balloons protect during searches
When users type keywords into a popular search engine such as Google, Yahoo!, MSN, Ask, or
AOL.com, color-coded safety icons appear next to sites listed in the search results page:
(Green, checkmark)
(Yellow, exclamation point)
(Red, x)
(Red, bar)
(Gray, question mark)
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide6
Tests revealed no significant problems.
Tests revealed some issues users should know about. For example,
the site tried to change the testers’ browser defaults, displayed
popups, or sent them a significant amount of non-spam email.
Tests revealed some serious issues that users should consider
carefully before accessing this site. For example, the site sent
testers spam email or bundled adware with a download.
This site is blocked by a Prohibit List, Rating Actions, or Content
Actions policy option.
This site is unrated.
Page 7
Introducing SiteAdvisor Enterprise Plus
SiteAdvisor menu protects while browsing
Placing the cursor over an icon displays a safety balloon that summarizes the safety report for
a site. Click More Info or a report link for a detailed safety report.
Using site safety balloons
Use this task to view additional information available through a site’s safety icon listed in a
search results page.
Task
1 Hold the cursor over the site’s safety icon. A safety balloon displays a high-level summary
of the site’s safety report.
2 Click a safety report link or the More info link in the safety balloon to view details of the
site's safety report.
SiteAdvisor menu protects while browsing
When users browse to a website, a color-coded menu button appears in the top-left corner of
the window. The color of the button corresponds to the site’s safety rating. Placing the cursor
over this button displays a safety balloon that summarizes the safety report for the site, with
a link to the detailed site report page. The menu button next to the icon displays the SiteAdvisor
menu.
This button...
and symbol...
point
mark
Gray, disconnected
cables
Indicates this...With this color
The site is safe.Green, checkmark
There might be some issues with the site.Yellow, exclamation
There might be some serious issues with the site.Red, x
No rating is available for the site.Gray, question
A communication error occurred with the SiteAdvisor website that
contains rating information.
Client settings that affect the SiteAdvisor menu button
• When SiteAdvisor Enterprise Plus is disabled, the menu button is gray with a question mark.
• When event tracking is disabled for specific sites in the Authorize List or in the Event Tracking
policy, the menu button is gray with a question mark while visiting the sites.
• When a communication error occurs with the SiteAdvisor server, the menu button is gray
with disconnected cables.
• In Internet Explorer, users can display or hide the menu button by using the View |
Toolbars | McAfee SiteAdvisor menu option. This does not affect the functional status
(enabled or disabled) of the SiteAdvisor Enterprise Plus client software.
NOTE: Firefox users cannot hide the menu button while SiteAdvisor Enterprise Plus is enabled.
7McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 8
Introducing SiteAdvisor Enterprise Plus
SiteAdvisor menu protects while browsing
Troubleshooting link
If the gray communication error button appears, a troubleshooting link in the site's safety
balloon opens to a connection status page. This page displays the reason for the communication
error and provides information on possible resolutions. Clicking this link runs these test with
these results:
What this meansTest
Does the browser have internet access?Internet Access
Is the SiteAdvisor server down?SiteAdvisor Server Availability
Is the SiteAdvisor server responding to requests?SiteAdvisor Server Response
Format
The Repeat Tests button allows the user to see if the error persists or has been corrected
while the page is open.
Using the SiteAdvisor menu
Use this task to display the options for accessing SiteAdvisor features on managed systems.
Task
1 Click the down arrow on the SiteAdvisor menu button to view the SiteAdvisor menu and
do any of the following:
Explanation if there is an
issue
Your computer cannot access the
Internet. This might indicate the
SiteAdvisor policy for proxy
settings are configured
incorrectly. Contact your
administrator.
The SiteAdvisor servers appear
to be down.
The SiteAdvisor servers are up,
but they are not responding to
requests.
To do this...Select this command...
View Site Report
Show Balloon
Disable/Enable SiteAdvisor
About
Display the safety report for the current site (not
available when SiteAdvisor Enterprise Plus is disabled).
NOTE: You can also click Read site report in the site
safety balloon.
Display the current site’s safety balloon (not available
when SiteAdvisor Enterprise Plus is disabled). The
balloon disappears after a few seconds, or you can click
the close button.
NOTE: The site safety balloon also appears by placing
the cursor over the menu button.
Turn the SiteAdvisor Enterprise Plus client software off
or on (available only when an Enable/Disable policy
option is configured to allow this functionality).
Access a brief description of browser protection, its
license agreement, and its privacy policy.
2 If the communication error button appears, show the balloon for the site, and click
Troubleshoot. The connection status page that appears indicates the possible cause of
the communication error.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide8
Page 9
Introducing SiteAdvisor Enterprise Plus
Safety reports provide details
Safety reports provide details
Users can supplement the color-coded safety information for a site by viewing its detailed safety
report. These reports describe specific threats discovered by testing and include feedback
submitted by site owners and users.
Safety reports for sites are delivered from the McAfee SiteAdvisor and provide the following
information:
ExplanationItem
Summary
Established
Country
Popularity
The overall rating for the website. We determine this rating
by looking at a wide variety of information. First, we
evaluate a website's email and download practices using
our proprietary data collection and analysis techniques.
Next, we examine the website itself to see if it engages
in annoying practices such as excessive pop-ups or
requests to change your home page. Then we perform an
analysis of its online affiliations to see if the site associates
with other sites flagged as red. Finally, we combine our
own review of suspicious sites with feedback from our
volunteer reviewers and alert you to sites that are deemed
suspicious.
The year the domain name was registered. More recently
registered websites have had less time to prove their safety
and trustworthiness.
The country where a domain is registered. Keep in mind
that it's sometimes more difficult to get good customer
service or resolve disputes with websites registered outside
of your country of residence.
The level of how popular the website is. Don't assume,
however, that popularity always goes hand in hand with
safety. For example, some very popular prize sites send
lots of spam, and some very popular file-sharing programs
bundle adware. Likewise, many personal websites, blogs
and small business sites that do not get a lot of traffic can
be safe to browse and use. That's why the analysis behind
SiteAdvisor's overall verdict is so useful.
Email Results
Downloads
Overall rating for a website's email practices. We rate sites
based on both how much email we receive after entering
an address on the site as well as how spammy the email
we receive looks. If either of these measures is higher
than what we consider acceptable, we'll give the site a
yellow warning. If both measures are high, or one of them
looks particularly egregious, we'll give the site a red
warning.
Each email link opens a detailed email analysis page.
Overall rating about the impact a site's downloadable
software had on our testing computer. Red flags are given
to sites that have virus-infected downloads or that add
unrelated software which many people would consider
adware or spyware. The rating also takes note of the
network servers a program contacts during its operation,
as well as any modifications to browser settings or a
computer's registry files.
Each download link opens a detailed download analysis
page.
9McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 10
Introducing SiteAdvisor Enterprise Plus
Safety reports provide details
ExplanationItem
Online Affiliations
Annoyances
Exploits
Reviewer and Site Owner Comments
Indication of how aggressively the site tries to get you to
go to other sites that we've flagged as red. It is a very
common practice on the Internet for suspicious sites to
have many close associations with other suspicious sites.
The primary purpose of these "feeder" sites is to get you
to visit the suspicious site. A site can receive a red warning
if, for example, it links too aggressively to other red sites.
In effect, a site can become "red by association" due to
the nature of its relationship to red flagged domains.
Common web practices that users find annoying, such as
excessive pop-ups, requests to change a user's home page,
or requests to add a site to the browser's favorites list.
We also list third-party cookies (sometimes known as
"tracking cookies") in this section. If a website has a lot
of pop-ups, and in particular if it engages in practices such
as popping up more windows when you try to close them,
we will give that website a red flag.
Rare but extremely dangerous security threats caused by
a website "exploiting" a browser's security vulnerability.
The exploit can cause the user's computer to receive
programming code that can cause adware infections,
keystroke spying, and other malicious actions that can
leave a computer essentially unusable.
Reviewers and site owners can provide additional
information and commentary to supplement SiteAdvisor's
automated test results.
Results
Website owner comments
Reviewer comments
Viewing safety reports
Use this task to view safety reports to obtain more information about a site’s safety rating.
Task
• Do any of the following to view a safety report for a site:
Summary of the comments of SiteAdvisor's entire reviewer
community. Reviewers can rate sites for downloads, email
practices, shopping experiences and more. This input is
particularly important in helping the SiteAdvisor community
guide each other concerning e-commerce websites.
Anonymous input alone is not enough to change a site's
overall rating, but sufficient votes from registered users
can affect a site's rating.
Allows owners of analyzed websites to address our ratings.
Owners are free to comment, disagree or clarify. These
comments are posted unedited after we verify the
authenticity of the person leaving the comment. We
manually review all owner comments and if an error was
made, we will try our best to promptly correct it. We don't
allow sites to pay to be rated or to change or improve their
ratings.
What our volunteer reviewers have to say about this
website. These comments are posted unedited.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide10
Page 11
Introducing SiteAdvisor Enterprise Plus
Administrators customize policy settings
Do this...From this location...
Website • Click the SiteAdvisor menu button and select Read
Analysis page
Site Details.
• Click the SiteAdvisor button.
Click the safety icon following the web page link.Search results page
Type a URL in the Look up site report box.SiteAdvisor home page (www.siteadvisor.com) or
Administrators customize policy settings
Administrators create SiteAdvisor Enterprise Plus policies in the ePO Policy Catalog and assign
them to managed systems running the SiteAdvisor Enterprise Plus client software. You can
assign the same policy settings to all managed systems, or to groups of managed systems that
perform similar tasks and require the same type of access and protection.
Configure policies in SiteAdvisor Enterprise Plus to achieve the right level of browsing protection
for your users. Note that both the Authorize List and Prohibit List policies are multiple-instance
policies. These policies allow for a profile of settings through the application of multiple policies
under a single policy instance. This can be helpful if you want to apply a default list of sites,
and add entries for a particular group or all groups. Instead of updating the entire list with the
new entries, you can create a second policy instance for the new entries and apply it and the
default list together. The effective policy is then the combination of the two policy instances.
Authorize List
(A multiple-instance policy)
Disable/Enable
Enforcement Messaging
DescriptionPolicy
• Create a list of sites that are approved for users to
access.
• Configure access to site resources, such as file
downloads and phishing pages, on approved sites.
• Specify whether an Authorize list has precedence over
Prohibit lists.
• Disable and then reenable the SiteAdvisor Enterprise
Plus client software for all ePO managed systems using
this policy.
• Allow the disabling and reenabling of the SiteAdvisor
Enterprise Plus client software from the browser on
managed systems and configure whether or not this
functionality requires a password.
Create messages, which can include your own logo or
image, for users who attempt to access:
• Blocked sites
• Warned sites
• Authorized sites
• Prohibited sites
• Phishing pages
• File downloads
Event Tracking
• Report on domain site visits.
• Report on internal domain site visits.
11McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 12
Introducing SiteAdvisor Enterprise Plus
Administrators customize policy settings
DescriptionPolicy
• Report on page views on all domain sites. (Available
with with the additional Web Filtering for Endpoint
extension.)
General
(A multiple-instance policy)
Rating Actions
(Available with the Web Filtering for Endpoint extension)
See
Configuring Policies
for more information.
• Specify proxy server settings required to contact the
Internet by managed systems running the client
software.
• Enable Observe mode to evaluate policy settings
before implementing them.
• Specify whether users can use Add/Remove Programs
to remove SiteAdvisor Enterprise Plus.
Create a list of blocked sites that users cannot access.Prohibit List
• Assign actions (warn, block, or allow) to sites or site
resources (such as file downloads and phishing pages)
based on their ratings.
• Apply threat factors to fine-tune rating actions.
Allow, warn, or block sites based on content categories.Content Actions
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide12
Page 13
Setting up a Browsing Security Strategy
SiteAdvisor Enterprise Plus includes a default policy with settings recommended by McAfee to
protect managed systems from most web-based threats. This section provides an overview of
features that assist you in customizing policy settings that are specific to your business needs.
The following topics provide details about using these features.
Contents
Guidelines for creating a strategy
Select the right policy options and features
Information that SiteAdvisor Enterprise Plus sends
Guidelines for creating a strategy
Follow these guidelines to design and implement a browsing security strategy that fully protects
your managed systems against web-based threats.
1 Install SiteAdvisor Enterprise Plus, enable Observe mode, and deploy the client
software.
Before deploying the client software, enable Observe mode (Action Enforcement tab on
the General policy page). This prevents SiteAdvisor Enterprise Plus from taking actions
(such as blocking and warning) configured as part of the default policy, but tracks browsing
behavior data that you can retrieve in reports.
See
Evaluate policy settings with Observe mode
2 Evaluate browsing traffic and usage patterns (Reports).
Run queries and review the results to learn about network browsing patterns. For example,
what types of sites are users visiting and what tasks are they performing at these sites?
What time of day is browsing traffic heaviest?
See
Using Dashboards, Monitors, and Reports
3 Create policies.
Configure policy options based on the browsing behavior revealed in the query results.
Prohibit, block, or warn about sites or downloads that present threats, and authorize sites
that are important to your users.
See the
4 Test and evaluate policy settings (Observe mode).
Enable Observe mode to track the number of users who access sites that would be affected
by the policy settings you have configured. Run queries, then view and evaluate the tracked
data. Are the settings comprehensive enough? Do they have any unintended consequences
you need to resolve? Adjust the policy settings as needed, then disable Observe mode to
activate them.
Configuring Policies
chapter for more information.
.
under
Configuring Policies
.
13McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 14
Setting up a Browsing Security Strategy
Select the right policy options and features
See
Evaluate policy settings with Observe mode
under
Configuring Policies
.
5 Ensure compliance, productivity, and security with frequent monitoring.
Run queries regularly. View results in reports or in monitors.
• Ensure that the SiteAdvisor Enterprise Plus client software is enabled on all computers
and can function properly (by using the Functional Compliance query).
• Check whether any sites or site resources, such as download files, that are required for
business are blocked.
• Check visits to sites that contain threats.
• Update policy settings to address any problems.
• Run a purge task occasionally to clear out the reports database.
See
Using Dashboards, Monitors, and Reports
and
Configuring Policies
.
Select the right policy options and features
When developing a browsing security strategy:
• Assess the security concerns and vulnerabilities that apply to your business.
• Carefully consider any domains and sites that must be accessible to your managed systems
and any that you would like to block.
• Decide which network browsing activities you need to monitor.
• Determine your most effective and efficient forms of monitoring.
Use this list to identify which product features can help meet your goals.
Use this feature...If this is your security or productivity goal...
files, or phishing pages.
resources on these sites (such as download files). Track
visits to these sites and access of site resources.
the SiteAdvisor website’s servers.
protect against threats on a site.
Enterprise Plus client software.
implemented.
Rating Actions policyUse SiteAdvisor ratings to control access to sites, download
Prohibit List policyBlock particular sites or domains.
Authorize List policyEnsure access to particular sites. Control access to
Event Tracking policyPrevent data about intranet sites from being reported to
Enforcement Messaging policyCommunicate to users why a site is blocked or how to
Disable/Enable policyControl who can disable or enable the SiteAdvisor
Observe mode (part of General policy)Evaluate the effect of policy settings before they are
access.
servers.
domain servers.
domain servers.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide14
Proxy Server (part of General policy)Enter information on any proxy server needed for Internet
Event Tracking policyObtain information for and track activity on private domain
Event Tracking policyObtain information for and track visits to non-private
Event Tracking policyObtain information for and track each page accessed from
Page 15
Setting up a Browsing Security Strategy
Information that SiteAdvisor Enterprise Plus sends
Use this feature...If this is your security or productivity goal...
Queries and monitorsMonitor the effect of current policy settings.
Enterprise Plus client software is installed on all managed
systems and functions properly.
Use site content to control access to sites.
See
Configuring Policies
Monitors, and Reports
for information about using the policy features. See
for information about queries and monitors.
Functional Compliance queryEnsure that the correct version of the SiteAdvisor
Content Actions policy with Web Filtering for Endpoint
extension
Web Reporter with Web Filtering for Endpoint extensionObtain detailed reports based on site content.
Using Dashboards,
Information that SiteAdvisor Enterprise Plus sends
The client software sends the following information to the ePO server for use in queries:
• Type of event initiated by the managed system (site visit or download).
• Unique ID assigned by SiteAdvisor Enterprise Plus to the managed system.
• Time of event.
• Domain for event.
• URL for event.
• SiteAdvisor rating for the event’s site.
• Site threat factor.
• Whether the event’s site or site resource is on an Authorize list, a Prohibit list, or no list.
• Reason for action (allow, warn, or block) taken by SiteAdvisor Enterprise Plus.
• Observe mode status (on or off).
SiteAdvisor Enterprise Plus sends the following information to the SiteAdvisor website’s servers:
• Version of the SiteAdvisor Enterprise Plus client software running on the managed system.
• Version of the operating system running on the managed system.
• Language and country locale selected for the operating system and browser running on the
managed system.
• Host name and part of the URL for each website the managed system requests to access.
• MD5 algorithm for each application the managed system requests to download.
When a managed system visits a website, SiteAdvisor Enterprise Plus tracks the site’s
specifier
. The domain specifier is the smallest amount of information required for SiteAdvisor
Enterprise Plus to uniquely identify the site being rated for security. The focus of SiteAdvisor
Enterprise Plus is protecting your managed systems; no attempt is made to track personal
Internet usage.
domain
NOTE: SiteAdvisor Enterprise Plus does not send information on your company’s intranet sites
to the SiteAdvisor website’s servers, unless specifically requested. See
and downloads
under
Configuring Policies
Tracking visits to domains
for more information.
15McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 16
Configuring Policies
For the purposes of this guide, we assume that you have installed ePolicy Orchestrator and
have the necessary privileges to perform the steps described in this guide. For more information
about ePolicy Orchestrator, refer to the product’s documentation.
Contents
How policies work
Types of policy categories
Default policy settings
Creating and editing policies
Apply general options
Block and warn sites by ratings and threat factors
Use Authorize and Prohibit lists for sites
Customize messages for users
Disable and reenable the software
Track events for reports
How policies work
A policy is a collection of software settings that you configure and enforce on managed client
systems. Policies ensure that security software products are configured and function as your
organization requires.
When SiteAdvisor Enterprise Plus is installed, its preconfigured default policy is installed in the
repository. You cannot change this default policy, but you can create a duplicate of this policy
with a different name and configure it to meet your needs.
TIP: Before deploying the SiteAdvisor Enterprise Plus client software to managed systems,
consider carefully how you want the software to behave in your environment. Although you
can reconfigure policies after the software has been deployed, McAfee recommends that you
configure policy settings prior to deployment to prevent unnecessary resource impact.
Policy assignment rules
In general, a policy is applied to a group, and all systems in the group receive the same policy
settings. If, however, you are working in an ePO 4.5 environment, where the ePO server is
version 4.5 and the McAfee Agent on the client system is version 4.5, you can create user-specific
instead of system-specific policy assignments with policy assignment rules. These assignment
rules are enforced on the client system for a particular user when that user logs on, regardless
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide16
Page 17
Configuring Policies
Types of policy categories
of the ePO group in which the system is placed. For more information, see
Rules Work
NOTE: Policy assignment rules are enforced only if the user logs on as the interactive user. If
a user logs on with a
the user's logon is not set to interactive, the policy assigned to the system and not the one
assigned to the user is enforced.
For recommendations on selecting and implementing SiteAdvisor Enterprise Plus policy settings,
see
Setting up a Browsing Security Strategy
For more information about using policies with ePolicy Orchestrator, see
with Policies and Client Tasks
in the
ePolicy Orchestrator4.5 Product Guide
runas
command, or logs on to a remote desktop or terminal service where
in the
ePolicy Orchestrator Product Guide
.
Types of policy categories
For the SiteAdvisor Enterprise Plus software, configure these policy categories:
• Authorize List — Sites that users are authorized to access, and rules for accessing the
individual resources on the sites. Several instances of this policy can be applied, resulting
in one combined, effective policy.
• Enforcement Messaging — Text displayed to users who attempt to access a site, phishing
page, or file download that has been blocked, warned, or allowed.
• Enable/Disable — Whether the SiteAdvisor Enterprise Plus client software is disabled or
enabled for all managed systems assigned this policy, and whether it can be disabled on
individual systems.
• General — Settings required for managed systems to access the Internet through a proxy
server, to turn on Observe mode to tune enforcement rules, and to allow SiteAdvisor
Enterprise Plus to be removed with Add or Remove Programs.
• Event Tracking — Settings to track domain visits and downloads. If the Web Filtering for
Endpoint extension and Web Reporter are installed, you can also track pages views and
downloads within a domain and send information to Web Reporter for reports.
• Prohibit List — Sites that users are blocked from accessing. Several instances of this policy
can be applied resulting in one combined, effective policy.
• Rating Actions — Rules for user access based on the safety ratings and threat factors
SiteAdvisor assigns to sites, pages on a site, or file downloads.
How Policy Assignment
.
Managing Products
.
NOTE: A Content Actions policy appears if the Web Filtering for Endpoint extension is installed.
See the
For more information about using policies with ePolicy Orchestrator, see
Web Filtering for Endpoint and Web Reporter Appendix
with Policies and Client Tasks
Default policy settings
During installation, a default SiteAdvisor Enterprise Plus policy is added to the ePO master
repository and listed in the Policy Catalog. The default policy settings are:
Authorize List
in the
ePolicy Orchestrator Product Guide
Default policy settingsPolicy
No Authorize list is set up.
for details.
Managing Products
.
17McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 18
Configuring Policies
Default policy settings
Default policy settingsPolicy
After a list is created, default settings for the advanced
options are:
• Track events: Selected.
• Block phishing pages: Selected.
• File downloads:
• Yellow: Warn
• Red: Block
• Unrated: Allow
• Block sites with exploits: Selected.
• Give this Authorize list precedence: Not
selected.
Enable/Disable • SiteAdvisor policy enforcment — Enable:
Enforcement Messaging
General • No proxy settings are defined.
Prohibit List
Event Tracking • Domains and downloads — Track: Selected.
Selected. The client software is enabled on all
systems managed with this policy.
• SiteAdvisor menu option — Enable: Not selected.
The client software cannot be disabled from the
managed system.
No custom messages or logos are displayed to users
when they attempt to access allowed, warned, or blocked
sites and site resources.
• Observe mode — Enable: Not selected. Options
configured for blocking or warning are enforced.
• Control Panel Option — Enable: Not selected.
to have SiteAdvisor Enterprise Plus appear in the
client system Add or Remove Programs control panel
is not selected.
No Prohibit list is set up.
• Include traffic to internal sites: Set to Never.
• Track content categories for allowed green
sites: Selected. Only available if the Web Filtering
for Endpoint extension is installed.
Rating Actions • Site navigation rating actions:
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide18
• Page views and downloads — Track: Not
selected. Only available if the Web Filtering for
Endpoint extension is installed.
• Yellow: Warn
• Red: Block
• Unrated: Allow
• Page-level rating actions: Block phishing pages
selected. Phishing pages detected on allowed sites
are blocked.
Page 19
Configuring Policies
Creating and editing policies
Default policy settingsPolicy
• File download rating actions:
• Yellow: Warn
• Red: Block
• Unrated: Allow
Content Actions
(Only available when the Web Filtering for Endpoint
extension is installed.)
All content categories are allowed.
Creating and editing policies
Use this general task to create a new policy and configure its settings, or to change the settings
in an existing policy. Details for configuring settings in specific policies are provided later in this
section.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0.
3 From the Category list, select the policy.
4 Select New to configure settings for a new policy, or select Edit to change settings for an
existing policy.
5 Click Save. Run an agent wake-up call to apply the setting immediately, or wait for the
next automatic agent-server communication.
Apply general options
The General policy category lets you apply general policy options that control proxy server
settings, application of Observe mode, and whether the software can be removed from client
systems using the Add or Remove Programs control panel.
Proxy server settings
If proxy servers are set up as intermediaries between managed systems and the Internet, use
policy settings to configure those proxy server settings for SiteAdvisor Enterprise Plus. This
enables SiteAdvisor Enterprise Plus to access the Internet through the proxy servers.
The Proxy Server tab on the General policy page includes settings to:
• Use no proxy server (default).
• Use Internet Explorer proxy server settings.
19McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 20
Configuring Policies
Apply general options
• Manually configure proxy server settings.
NOTE: These proxy settings apply only to SiteAdvisor Enterprise Plus. They are not used by
other security software products managed by ePolicy Orchestrator.
Supported proxy servers
• Microsoft Proxy Server 2.0 - Anonymous
• Microsoft Proxy Server 2.0 - Chap
• Microsoft Proxy Server 2.0 - NTLM
• Microsoft ISA Proxy (SP1) - Anonymous
• Microsoft ISA Proxy (SP1) - Chap
• Microsoft ISA Proxy (SP1) - NTLM
• Blue Coat ProxySG
Observe mode action enforcement
Observe mode enables you to evaluate the effect that policy settings for warning or blocking
access have on network browsing activity before you implement them.
Use observe mode to track:
• Visits to red, yellow, or unrated sites.
• Visits to sites you have configured to block or warn.
• Visits to phishing pages you have configured to block.
• Downloads you have configured to block or warn.
Information compiled in observe mode is available by running queries. If you determine that
network browsing patterns are adversely affected by any current settings, adjust them before
disabling observe mode. Policy settings are enforced when observe mode is disabled.
Control panel option
You can allow or prohibit the appearance of SiteAdvisor Enterprise Plus in the Add or Remove
Programs control panel on a client system. If it appears, users can remove SiteAdvisor Enterprise
Plus. You might find this option useful in troubleshooting, but McAfee does not recommend its
application. By default, this option is set to prohibit the appearance of the application in the
control panel.
Configuring proxy settings
Use this task to configure SiteAdvisor Enterprise Plus to access the Internet through proxy
servers.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select General.
3 For the policy you want to edit, click Edit.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide20
Page 21
Configuring Policies
Apply general options
4 Click the Proxy Server tab.
5 Select the type of proxy server settings to use.
6 Specify any additional required information.
7 Click Save.
Enabling observe mode
Use this task to track browsing behavior that is affected by the policy settings configured to
warn or block access. These policy settings are not enforced while observe mode is enabled.
NOTE: See
information.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select General.
3 For the policy you want to edit, click Edit.
4 Click the Action Enforcement tab.
5 Select Enable .
6 Click Save.
Using Dashboards, Monitors, and Reports
Setting the control panel option
Use this task to allow SiteAdvisor Enterprise Plus to appear in the Add or Remove Programs
control panel on client systems. If you allow it to appear, users can remove SiteAdvisor Enterprise
Plus. You might find this option useful in troubleshooting, but McAfee does not recommend its
application.
for information on retrieving tracked
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select General.
3 For the policy you want to edit, click Edit.
4 Click the Control Panel Option tab.
5 Select Enable.
6 Click Save.
21McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 22
Configuring Policies
Block and warn sites by ratings and threat factors
Block and warn sites by ratings and threat factors
The Rating Actions policy options let you use the SiteAdvisor ratings to determine whether users
can access a site or resources on a site, such as download files. In addition, you can fine-tune
site access by allowing the reaction to be less stringent for red and yellow sites when certain
factors, such as email or downloads, are the cause for a site's red or yellow status.
• For each yellow, red, or unrated site, specify whether to allow, warn, or block the site.
• For red and yellow sites, specify whether to allow or warn when certain threat factors, which
you might not consider harmful, cause the site's ratings. These factors include:
• Email
• Downloads
• Annoyances
• E-commerce
• Online affiliations
• Exploits
• For each yellow, red, or unrated download file, specify whether to allow, warn, or block the
download. This enables a greater level of granularity in protecting users against individual
files that might pose a threat on sites with an overall green rating.
• For each phishing page, specify whether to block or allow access. This enables a greater
level of granularity in protecting users from pages that employ phishing techniques on a site
with an overall green rating.
To block file downloads and phishing pages on sites included in an Authorize list, modify the
settings on the Advanced Options tab of the Authorize List policy.
NOTE: To ensure users can access specific sites that are important to your business, no matter
how they are rated, add them to an Authorize list. Users can access sites that appear on an
Authorize list even if you have configured other actions with their ratings. See
with Authorize Lists
for more information.
Configuring access based on ratings
Use the Rating Actions policy settings to control access to sites or site resources based on their
SiteAdvisor rating (green, yellow, red, or unrated) and threat factors.
NOTE: To control access to site resources on authorized sites, see
Tasks
Blocking or warning site access based on ratings
Blocking or warning site access based on threat factors
Blocking or warning file downloads based on ratings
Blocking phishing pages
Ensure Access
Working with Authorize lists
.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide22
Page 23
Configuring Policies
Block and warn sites by ratings and threat factors
Blocking or warning site access based on ratings
Use this task to block users from accessing sites that contain threats, or to warn users about
potential threats on sites.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users for blocked and warned sites.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Rating Actions.
3 For the policy you want to edit, click Edit.
4 Click the Site tab.
5 For Site navigation rating actions, select an action for yellow, red, and unrated sites.
6 Click Save.
Blocking or warning site access based on threat factors
Use this task to fine-tune site access by indicating which threat factors should be considered
in downgrading reactions for red and yellow sites.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users for blocked and warned sites.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Rating Actions.
3 For the policy you want to edit, click Edit.
4 Click the Site tab.
5 For Exceptions basd on threat factors, select one or more threat factors of red sites,
then select the downgraded action to either Allow or Warn.
6 Repeat step 5 for yellow sites.
7 Click Save.
Blocking or warning file downloads based on ratings
A site with an overall rating of green can contain individual download files rated yellow or red.
To protect users, specify an action that is specific to the rating for an individual file. Use this
23McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 24
Configuring Policies
Use Authorize and Prohibit lists for sites
task to block users from downloading files that contain threats or to warn users about potential
threats from downloads.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users for blocked and warned downloads.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Rating Actions.
3 For the policy you want to edit, click Edit.
4 Click the Site Resources tab.
5 For File download rating actions, select an action for yellow, red, and unrated files.
6 Click Save.
Blocking phishing pages
A site with an overall rating of green can contain phishing pages. To protect users, use this
task to block access to these pages.
NOTE: Use the Enforcement Messaging policy options to customize the message that displays
to users for blocked phishing pages.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Rating Actions.
3 For the policy you want to edit, click Edit.
4 Click the Site Resources tab.
5 For Page-level rating actions, select Block phishing pages.
6 Click Save.
Use Authorize and Prohibit lists for sites
Use Authorize lists to ensure that managed systems can access sites that are important to your
business. Use Prohibit lists to block access to sites that are not related to job performance or
do not conform to company security standards. An Authorize list contains a list of URLs or
patterns
blocked on all computers using the policy. See
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide24
that users can access. A Prohibit list contains a list of URLs or
How site patterns work
site patterns
for more information.
that are
site
Page 25
Configuring Policies
Use Authorize and Prohibit lists for sites
If a managed system uses a policy that contains an Authorize list, the system can access sites
on that list even when they are blocked or warned (by a Rating Actions policy) due to their
safety rating. If a Rating Actions policy blocks red sites but a red site is added to the Authorize
list, that site can be accessed. Therefore, it is important to exercise caution when adding sites
to an Authorize list.
You can also specify actions for resources within authorized sites, such as file downloads and
phishing pages. For example, if you evaluate a yellow site and determine that your users are
not vulnerable to potential threats on the site, you can add the site to an Authorize list. If the
site contains a phishing page or a red download file, you can authorize access to the site but
block access to the phishing page and download file. This ensures that sites important to your
business are accessible, but that your users are protected from potential threats on those sites.
The Authorize List and Prohibit List policy categories are
multiple-instance policies work
for more information.
multiple-instance
policies. See
How
By default, if the same site appears on an Authorize list and a Prohibit list, the Prohibit list takes
precedence and the site is blocked. You can configure a policy option to give an Authorize list
priority instead.
NOTE: The Authorize List or Prohibit List policy settings override those in the Content Actions
policy if this policy is available.
How site patterns work
Authorize lists and Prohibit lists use
enforcement rules. This enables you to apply enforcement rules to particular domains or to a
range of similar sites without entering each URL separately.
When a managed system attempts to navigate to a site, SiteAdvisor Enterprise Plus checks
whether the URL matches any site patterns configured in an Authorize List or Prohibit List policy.
It uses specific criteria to determine a match.
A site pattern consists of a URL or partial URL, which SiteAdvisor Enterprise Plus interprets a
site pattern as two distinct components:
https://, or ftp://) and
Site pattern example: .acme.com/downloads:
Domain information is matched from the
URL’s domain must
The protocol can vary. path, which includes everything that follows the "/" after
These strings match the domain component of the site
pattern: These strings match the path component of the site
• http://www.acme.com
• http://www.info.acme.com
• http://acme.com
These strings do not match the domain component of
the site pattern:
• http:// www.myacme.com
• http://www.info.acme.net
path
.
end
with the site pattern’s domain.
site patterns
domain
end
. A matching
to specify a range of sites affected by
with protocol information (for example, http://,
Path component: /downloadsDomain component: .acme.com
Path information is matched from the
matching URL’s path must
the domain.
pattern:
• /downloads/news
• /downloads/applications/setup.exe
• /downloads/index.asp
These strings do not match the path component of the
site pattern:
• /download/news
• /user/downloads/applications/setup.exe
begin
beginning
with the site pattern’s
. A
• http://acme.com.tk
NOTE: Use the "." character at the beginning of any site
pattern to match a specific domain. This character
25McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 26
Configuring Policies
Use Authorize and Prohibit lists for sites
Path component: /downloadsDomain component: .acme.com
disregards the protocol and introductory characters. For
example, even though there is no dot before acme in
http://acme.com, this pattern assumes www. and is
thus a match.
You can also add port numbers after the domain (:8443,
for example) as part of the site pattern to restrict access
to a particular port, preventing or allowing access
through the port depending on whether the site pattern
is on a prohibit or authorize list. If no port number is
given, all ports are matched.
Site patterns must be at last six characters in length, and they do not accept wildcard characters.
SiteAdvisor Enterprise Plus does not check for matches in the middle or end of URLs.
More examples:
ResultSite pattern
http://www.site.com/news
The domain is http://www.site.com and the path is
/news. The URL string that matches this pattern must
have a domain that ends with
a path that begins with
.acme.com:9090/downloads
The domain is .acme.com:9090 and the path is
/downloads. The URL string that matches this pattern
must have a domain that ends with
and a path that begins with
http://www.site.com
/news
.
/downloads
.acme.com:9090
.
Matches:
• http://www.site.com/news/index.asp
• http://www.site.com:8443/news/pages/logo.gif
and
Does not match:
• https://www.site.com/news/index.asp
• http://info.site.com:8443/news/pages/logo.gif
Matches:
• http://www.acme.com:9090/downloads
• http://acme.com:9090/downloads
• https://news.acme.com:9090/downloads
Does not match:
• http://www.myacme.com:9090/downloads
• http://acme.com/downloads
• https://news.acme.net:9090/downloads
How multiple-instance policies work
Authorize List and Prohibit List policies are called
assign multiple instances of an Authorize list or a Prohibit list under a single policy. The policy
instances are automatically combined into one
Multiple-instance policies obey the ePolicy Orchestrator laws of inheritance within a System
Tree (see
Tasks
Organizing Systems for Management
in the
ePolicy Orchestrator Product Guide
As an example, say that you configure one Authorize List policy for Group A, another for Group
B, and another for Group C. If Group A contains Group B, and Group B contains Group C, then
Group C’s Authorize List policy would be an effective policy incorporating elements from all
three Authorize List policies. The Authorize list for Group C might contain all the sites listed for
Group A and Group B, plus additional sites specific to Group C. By using an effective policy,
there is no need to re-enter all the sites from Group A and Group B into the Authorize list for
Group C.
multiple-instance policies
effective policy
and
Managing Products with Policies and Client
).
because you can
.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide26
Page 27
Configuring Policies
Use Authorize and Prohibit lists for sites
Working with Authorize lists
Use Authorize List policy options to create and manage the contents of an Authorize list, which
ensures that users can access sites you consider to be important for your business.
Tasks
Adding a site to an Authorize list
Adding multiple sites to an Authorize list
Deleting sites from an Authorize list
Editing information in an Authorize list
Searching an Authorize list
Testing an Authorize list
Blocking exploits on authorized sites
Blocking or warning file downloads on authorized sites
Blocking phishing pages on authorized sites
Turning off tracking for visits to authorized sites
Setting list precedence
Adding a site to an Authorize list
Use this task to add one site at a time to an Authorize list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Manage Authorized Sites tab, click Add.
5 Type a URL or partial URL (called a
6 Type a comment or note to associate with the site
7 Click OK.
site pattern
Adding multiple sites to an Authorize list
Use this task to add more than one site to an Authorize list simultaneously.
) that is at least six characters in length.
(optional)
.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
27McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 28
Configuring Policies
Use Authorize and Prohibit lists for sites
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Manage Authorized Sites tab, click Add Multiple.
5 Type a URL or partial URL (called a
comment. URLs or site patterns must be at least six characters in length.
The comment is optional. Spaces are allowed within a comment, but the first space on a
line separates the site pattern from the comment.
6 On a new line, repeat step 4 for each site you want to add to the Authorize list.
7 Click OK.
site pattern
Deleting sites from an Authorize list
Use this task to remove sites from an Authorize list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
), then type a space or tab followed by a
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Manage Authorized Sites tab, select the checkbox next to each site you want
to delete from the list.
5 Click Delete.
Editing information in an Authorize list
Use this task to change a URL, site pattern, or comment that appears on an Authorize list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Manage Authorized Sites tab, select the checkbox next to each site you want
to edit, then click Edit.
5 Modify the site patterns or comments as needed.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide28
Page 29
Configuring Policies
Use Authorize and Prohibit lists for sites
Comments are optional. Spaces are allowed within a comment, but the first space on a
line separates the site pattern from the comment. Each site pattern must appear at the
beginning of a new line.
6 Click OK.
Searching an Authorize list
Use this task to locate URLs or site patterns in an Authorize list. This feature is useful for finding
sites in large lists.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Manage Authorized Sites tab, type a URL, site pattern, or text in the Search
box, then click Go. SiteAdvisor Enterprise Plus searches all site patterns and comments in
the list and displays those that match.
5 To clear the search criteria and again display the contents of the list, click Clear.
Testing an Authorize list
Use this task to test whether specific sites or site patterns are included in an Authorize list.
When Authorize List is implemented as a multiple-instance policy, this is useful for testing the
resulting effective policy (see
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Test Site Patterns tab, type a URL or partial URL in the Match URL box, then
click Go. SiteAdvisor Enterprise Plus displays any site patterns that match your entry. If
no site patterns are displayed, the Authorize list does ensure access to the URL you entered.
5 To clear the test criteria and results, click Clear.
How multiple-instance policies work
).
29McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 30
Configuring Policies
Use Authorize and Prohibit lists for sites
Blocking exploits on authorized sites
An authorized site can contain exploits, which attack a managed system by taking advantage
of a vulnerability in an application or system. To protect users, use this task to block access to
sites where SiteAdvisor detects exploits.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users for blocked sites (see
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 Click the Advanced Options tab.
5 For Exploits, select Block sites with exploits.
6 Click Save.
Customize messages for users
).
Blocking or warning file downloads on authorized sites
An authorized site with an overall rating of green can contain individual download files rated
yellow or red. To protect users, specify an action that is specific to the rating for an individual
file. Use this task to block users from downloading files that contain threats or to warn users
about potential threats from downloads.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users for blocked and warned downloads (see
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Advanced Options tab, select Track events and request information from
the SiteAdvisor server.
5 For File downloads, select an action for yellow, red, and unrated files.
6 Click Save.
Customize messages for users
).
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide30
Page 31
Configuring Policies
Use Authorize and Prohibit lists for sites
Blocking phishing pages on authorized sites
An authorized site can contain phishing pages. To protect users, use this task to block access
to these pages.
NOTE: Use the Enforcement Messaging policy options to customize the message that is displayed
to users.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Advanced Options tab, select Track events and request information from
the SiteAdvisor server.
5 For Phishing, select Block phishing pages.
6 Click Save.
Turning off tracking for visits to authorized sites
Use this task to turn off the tracking feature for sites in an Authorize list. When you do this,
events for sites and site resources are no longer collected, and site information from the
SiteAdvisor server is not requested. Phishing page blocking and download rating actions are
also disabled only when this option is disabled.
McAfee recommends using this procedure to prevent private information about intranet sites
from being sent to the SiteAdvisor website’s servers. It also reduces the amount of data returned
by certain reports because visits to authorized sites are not reported.
NOTE: The SiteAdvisor menu button appears gray when visiting sites that are not being tracked.
This setting takes precedence over the one in the Event Tracking policy.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 Click the Advanced Options tab.
5 Deselect Track events and request information from the SiteAdvisor server. This
effectively also disables phishing page blocking and download rating actions for sites on
the list.
6 Click Save.
31McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 32
Configuring Policies
Use Authorize and Prohibit lists for sites
Setting list precedence
Use this task to specify that users can access sites on the Authorize list, even if they also appear
on a Prohibit list.
By default, a Prohibit list has precedence over an Authorize list, which means that sites appearing
on both are blocked. Using this procedure ensures that users can access any site on the Authorize
list, even if it also appears on a Prohibit list.
CAUTION: Use caution when selecting this option. Check to ensure that sites on the Authorize
list are safe so that managed systems remain protected from web-based threats.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Authorize List.
3 For the policy you want to edit, click Edit.
4 On the Advanced Options tab, select Track events and request information from
the SiteAdvisor server.
5 Select Give this Authorize list precedence over Prohibit lists.
6 Click Save.
Working with Prohibit lists
Use Prohibit List policy options to create and manage the contents of a Prohibit list, which
prevents managed systems from accessing sites considered to be inappropriate or noncompliant
with company policy.
Tasks
Adding a site to a Prohibit list
Adding multiple sites to a Prohibit list
Deleting sites from a Prohibit list
Editing information in a Prohibit list
Searching a Prohibit list
Testing a Prohibit list
Adding a site to a Prohibit list
Use this task to add one site at a time to a Prohibit list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide32
Page 33
Configuring Policies
Use Authorize and Prohibit lists for sites
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 On the Manage Prohibited Sites tab, click Add.
5 Type a URL or partial URL (called a
6 Type a comment or note to associate with the site (optional).
7 Click OK.
site pattern
Adding multiple sites to a Prohibit list
Use this task to add more than one site to a Prohibit list simultaneously.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
) that is at least six characters in length.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 On the Manage Prohibited Sites tab, click Add Multiple.
5 Type a URL or partial URL (called a
comment. URLs or site patterns must be at least six characters in length.
The comment is optional. Spaces are allowed within a comment, but the first space on a
line separates the site pattern from the comment.
6 On a new line, repeat step 4 for each site you want to add to the Prohibit list.
7 Click OK.
Deleting sites from a Prohibit list
Use this task to remove sites from a Prohibit list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
site pattern
), then type a space or tab followed by a
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 On the Manage Prohibited Sites tab, select the checkbox next to each site you want to
delete from the list.
33McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 34
Configuring Policies
Use Authorize and Prohibit lists for sites
5 Click Delete.
Editing information in a Prohibit list
Use this task to change a URL, site pattern, or comment that appears on a Prohibit list.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 On the Manage Prohibited Sites tab, select the checkbox next to each site you want to
edit, then click Edit.
5 Modify the site patterns or comments as needed.
Comments are optional. Spaces are allowed within a comment. Each URL or site pattern
must appear at the beginning of a new line.
6 Click OK.
Searching a Prohibit list
Use this task to locate URLs or site patterns in a Prohibit list. This feature is useful for finding
sites in large lists.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 Click the Manage Prohibited Sites tab.
5 Type a URL, site pattern, or text in the Search box, then click Go. SiteAdvisor Enterprise
Plus searches all site patterns and comments in the list and displays those that match.
6 To clear the search criteria and again display the contents of the list, click Clear.
Testing a Prohibit list
Use this task to test whether specific sites or site patterns are included in a Prohibit list. When
Prohibit List is implemented as a multiple-instance policy, this is useful for testing the resulting
effective policy (see
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide34
How multiple-instance policies work
).
Page 35
Configuring Policies
Customize messages for users
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Prohibit List.
3 For the policy you want to edit, click Edit.
4 Click the Test Site Patterns tab.
5 Type a URL or partial URL in the Match URL box, then click Go. SiteAdvisor Enterprise
Plus displays any site patterns that match your entry. If no site patterns are displayed, the
Prohibit list does not block access to the URL you entered.
6 To clear the test criteria and results, click Clear.
Customize messages for users
Use the Enforcement Messaging policy to customize messages that users see.
Location of messageType of message
Short message to display when users attempt to access a
site rated red, yellow, or green.
Short message to display when users attempt to download
files or access blocked phishing pages.
Short message to display when users attempt to access a
site on the Authorize list or Prohibit list.
Explanatory message to display when users attempt to
access a site on the Prohibit list.
Creating customized messaging
Use the Enforcement Messaging policy options to create customized messages for your users.
Tasks
Creating a message for rated sites
Creating a message for phishing pages
Creating a message for downloads
Creating a message for sites on Authorize or Prohibit lists
Adding a logo in a message
• Safety balloons
• Warn or block pages
• Safety balloons
• Warn or block pages
• Safety balloons
• Block pages
• Block pages
Creating a message for rated sites
Use this task to customize the message that is displayed when users attempt to access a site
where you have associated an action with the site’s rating. This message appears on:
35McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 36
Configuring Policies
Customize messages for users
• Safety balloons
• Warn or block pages
NOTE: See
Block and warn sites by ratings
for information on using Rating Actions policy options.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Enforcement Messaging.
3 For the policy you want to edit, click Edit.
4 Click the Site tab.
5 Select a language.
6 Type a message of up to 50 characters for these circumstances:
Appears when users attempt to access...This type of message...
A site you have configured as Warn.Warn message
A site you have configured as Block.Block message
A site you have configured as Allow.Allow message
7 Click Save.
Creating a message for phishing pages
Use this task to customize the message that is displayed when users attempt to access a blocked
phishing page. This message appears on:
• Safety balloons
• Block pages
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0 ; from the Category
list, select Enforcement Messaging.
3 For the policy you want to edit, click Edit.
4 Click the Site Resources tab.
5 Select a language.
6 Under Block message (for phishing page), type a message of up to 50 characters.
7 Click Save.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide36
Page 37
Configuring Policies
Customize messages for users
Creating a message for downloads
Use this task to customize the message that is displayed when users attempt to access a
download file that you have configured to block or warn users. This message appears on:
• Safety balloons
• Warn or block pages
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0 ; from the Category
list, select Enforcement Messaging.
3 For the policy you want to edit, click Edit.
4 Click the Site Resources tab.
5 Select a language.
6 Type a message of up to 50 characters under these items (for downloads):
Appears when users attempt to access...This type of message...
Warn message
Block message
Download files that have a warning associated with
their rating. You can explain why users should be
cautious.
Blocked download files. You can explain why the file is
blocked.
7 Click Save.
Creating a message for sites on Authorize or Prohibit lists
Use this task to customize the message that is displayed when users attempt to access sites
you have added to an Authorize list or Prohibit list.
• Messages can contain up to 50 characters. They appear on safety balloons and block pages.
• Explanations can contain up to 200 characters. They appear on block pages.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Enforcement Messaging.
3 For the policy you want to edit, click Edit.
4 Click the Authorize and Prohibit Lists tab.
5 Select a language.
37McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 38
Configuring Policies
Disable and reenable the software
6 Type the text you want to display for sites on an Authorize list and sites on a Prohibit list.
7 Click Save.
Adding a logo in a message
Use this task to add your company logo or a custom image to the warn or block pages.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Enforcement Messaging.
3 For the policy you want to edit, click Edit.
4 Click the Images tab.
5 Type the URL link for the image you want to display in the message pages.
6 Click Save.
Disable and reenable the software
Administrators can configure two options for disabling or re-enabling the SiteAdvisor Enterprise
Plus client software on managed systems:
• Disable or re-enable the software on all systems managed by the ePO server. The default
setting is to have SiteAdvisor Enterprise Plus enabled.
• Allow users to disable and then re-enable the software from the SiteAdvisor Enterprise Plus
menu in the browser or to do so only with a password. The default setting is to block
disabling.
CAUTION: In general, McAfee does not recommend disabling the client software. However, it
might be useful when performing tests or troubleshooting network connection problems. Be
sure to re-enable the software as soon as it is practical to do so.
Disabling and re-enabling from the ePO server
Use this task to disable the SiteAdvisor Enterprise Plus client software on all systems managed
by the ePO server with this policy. When the software is disabled, policy settings are not enforced,
the site report cannot be displayed, the SiteAdvisor menu button is gray, and its menu option
Disable/Enable SiteAdvisor does not appear.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide38
Page 39
Configuring Policies
Track events for reports
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Enable/Disable.
3 For the policy you want to edit, click Edit.
4 For SiteAdvisor policy enforcement, deselect Enable .
5 Click Save.
6 To re-enable the software on all managed system, select the option, click Save, and apply
the policy.
Disabling and reenabling from the browser
Use this task to allow the SiteAdvisor Enterprise Plus client software to be disabled on an
individual managed system from the SiteAdvisor menu. When disabled, policy settings are not
enforced, the site report cannot be displayed, and the SiteAdvisor menu button is gray.
NOTE: Users can circumvent policy settings by using their browser’s Add-ons feature (accessed
on the Tools menu) to disable SiteAdvisor Enterprise Plus. Detect this behavior by running the
Functional Compliance query, which reports the functional status of the client software on
managed systems.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Enable/Disable.
3 For the policy you want to edit, click Edit.
4 For SiteAdvisor menu option, selectEnable..
5 Select Only allow with password if a password is required. If you select this option,
type and confirm the password.
6 Click Save. Run an agent wake-up call to apply the setting immediately, or wait for the
next automatic agent-server communication.
7 From the SiteAdvisor menu in the browser, select Disable SiteAdvisor. To enable the
software again, select Enable SiteAdvisor from the SiteAdvisor menu. If a password is
required to perform this action, type the one specified in the policy setting.
Track events for reports
Use the Event Tracking policy to indicate which events to track for reports.
To track visits by a user to website domains either globally or locally in an intranet, select the
Domains option to track visits. The option in effect turns on or off the other tracking options in
the policy. The domain is the recognizable name of the Internet or local intranet network
resource that a server at a particular IP address serves up. A server or single IP address can
have several domains; for example,
• example.com
39McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 40
Configuring Policies
Track events for reports
• www.example.com
• example.net
• www.example.net
• example.org
• www.example.org
The URL used to reach a particular domain site and the domain's domain name are tracked.
For example, if user A goes to www.google.com to search for fishing in Alaska, and user B goes
to maps.google.com to search for Vermont, the following are reported:
URLDomainTime
www.google.com/search/keyword?alaska%20sfishingwww.google.com<time>
maps.google.com/search/gps?vermontmaps.google.com<time>
Because the domain for both visits is the same, two visits to a single domain (google.com) are
reported.
By default, visits to private domains on your local intranet are not tracked. These internal intranet
sites are likely accessed often, and are thus excluded to save processing time and to avoid
wasting log file space. The following IP ranges and URLs are always treated as private domains:
• 10.0.0 - 10.255.255.255
• 172.6.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• Localhost or 127.0.0.1
You have the option to force tracking of all private domains at all times, or to force tracking if
the client is disconnected from the corporate network. Tracking visits to private domains can
greatly increase the size of log files and the ePO server database, where this information is
stored.
NOTE: If you installed the Web Filtering for Endpoint extension, additional options appear in
this policy. See the
Web Filtering for Endpoint and Web Reporter Appendix
The Authorize List policy also has a tracking option, which takes precedence over the tracking
options in this policy. See
Turning off tracking for visits to authorized sites
Tracking visits to domains and downloads
Use this task to enable the tracking of visits to domains and domain resources such as downloads.
Information on the domains visited and the files downloaded from the domains are sent to the
ePO database for queries and reports. By, default, no visits to private domains are tracked.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Event Tracking.
3 For the policy you want to edit, click Edit.
for details.
for details.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide40
Page 41
Configuring Policies
Track events for reports
4 For Domain and downloads, select Track .
5 Optional: Under Include traffic to internal site, change the default setting to either
Only when the client system is disconnected from the corporate network or
Always.
6 Click Save.
Tracking domain page views and downloads
Use this task to enable the tracking of page views accessed from a single domain. Information
on the domain's pages that are visited and the files downloaded are sent to the Web Reporter
database for queries and reports. By default, no visits to pages accessed on private domains
are tracked. You must also indicate the location of Web Reporter, whose database stores this
information.
Before you begin
This option is available only if you have installed the Web Filtering for Endpoint extension and
Web Reporter. For details, see the
Appendix
.
Web Filtering for Endpoint extension and Web Reporter
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Event Tracking.
3 For the policy you want to edit, click Edit.
4 For Page views and downloads, select Track .
5 Optional: Under Include traffic to internal site, change the default setting to either
Only when the client system is disconnected from the corporate network or
Always.
6 Optional: Enter Web Reporter access information if you use Web Reporter:
a Type the path to the location of Web Reporter.
b Type the password to access Web Reporter, and confirm the password.
c Type the number of days to store the information.
7 Click Save.
Tracking green site content categories
Use this task to track content categories for all green sites. When a green site is on a Prohibit
list or has a rating or content action assigned to it, it is tracked; otherwise, green sites are not
tracked individually and are simply rolled up in reports. To track content categories of all green
sites, use this option.
41McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 42
Configuring Policies
Track events for reports
Before you begin
This option is available only if you have installed the Web Filtering for Endpoint extension and
selected to track visits to domains. For details, see the
Reporter Appendix
.
Web Filtering for Endpoint and Web
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Event Tracking.
3 For the policy you want to edit, click Edit.
4 For Domains and downloads, select Track content categories for all green sites.
5 Click Save.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide42
Page 43
Using Dashboards, Monitors, and Reports
To monitor browser protection and security, use the ePolicy Orchestrator dashboard, monitor,
and query features. SiteAdvisor Enterprise Plus provides a number of predefined queries and
monitors that create reports on the sites and download files which users access or attempt to
access.
After running queries and reports over an extended period of time, it is good practice to purge
the the ePO database of SiteAdvisor Enterprise Plus data to ensure proper generation of queries
and reports. This occasional database maintenance is done by running an ePO purge server
task.
Contents
Use queries to create reports
Use dashboards and monitors
Use queries to create reports
Use SiteAdvisor Enterprise Plus queries to obtain reports about browsing activity on managed
systems. Choose from a variety of predefined McAfee queries, or create your own by using the
ePO Query Builder. You can use a predefined query as the basis for a customized query or
create a brand new query. See
for more information.
Access queries by going to the Queries pane under Reporting. All predefined SiteAdvisor
Enterprise Plus queries begin with SAE+, followed by a descriptive name.
You can use queries as the basis for dashboard monitors, or you can run them separately.
Querying the Database
in the
ePolicy Orchestrator Product Guide
The predefined SiteAdvisor Enterprise Plus queries are:
Download Log
Downloads by Action
Downloads by Rating
Functional Compliance
Top 100 Blocked Red Sites
Top 100 Blocked Sites
DescriptionQuery Name
Detailed event log listing all downloads over the last 30
days.
Bar chart depicting the number of downloads over the last
30 days, grouped by policy-based action.
Pie chart depicting the number of downloads over the last
30 days, grouped by file rating.
Pie chart depicting the number of managed systems where
the SiteAdvisor Enterprise Plus client software is installed
and able to function correctly.
List of 100 blocked red sites that users attempted to visit
most frequently.
List of 100 blocked sites that users attempted to visit most
frequently.
43McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 44
Using Dashboards, Monitors, and Reports
Use queries to create reports
Top 100 Green Sites on Prohibit List
Top 100 Red Downloads
Top 100 Red Sites
Top 100 Red Sites on Authorize List
Top 100 Sites on Authorize List
Top 100 Sites on Prohibit List
Top 100 Unrated Downloads
Top 100 Unrated Sites
Top 100 Warned-Cancelled Sites
Top 100 Warned-Continued Sites
Top 100 Yellow Downloads
Top 100 Yellow Sites
Visit Log
Visits by Action
Visits by Rating
DescriptionQuery Name
List of 100 green sites users attempted to visit most
frequently that were blocked because of a Prohibit List
policy.
List of 100 most frequently downloaded files rated red
over the last 30 days.
List of 100 red sites visited most frequently in the last 30
days.
List of 100 red sites included on an Authorize list that users
visited most frequently over the last 30 days.
List of 100 sites included on an Authorize list that users
visited most frequently over the last 30 days.
List of 100 sites users attempted to visit most frequently
that were blocked.
List of 100 unrated files that users downloaded most
frequently over the last 30 days.
List of 100 unrated sites that users visited over the last
30 days.
List of 100 most frequently visited sites over the last 30
days where users received a warning, then cancelled their
visit.
List of 100 most frequently visited sites over the last 30
days where users received a warning, then proceeded with
their visit.
List of 100 yellow files that users downloaded most
frequently over the last 30 days.
List of 100 yellow sites visited most frequently in the last
30 days.
Detailed event log listing all site navigation activity over
the last 30 days.
Bar chart depicting the number of visits over the last 30
days, grouped by policy-based action.
Pie chart depicting the number of visits over the last 30
days, grouped by site rating.
Creating reports
Use this task to run a query. SiteAdvisor Enterprise Plus is packaged with several default queries,
and you can create new queries by using the ePolicy Orchestrator Query Builder.
NOTE: See
about creating new queries and editing existing queries.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Reporting | Queries.
• ePolicy Orchestrator 4.5 — Click Menu | Reporting | Queries.
2 From the Queries column, select the query to run. All SiteAdvisor Enterprise Plus queries
begin with SAE+: followed by the query name.
3 Click Run. The query results page shows you the details.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide44
Querying the Database
in the
ePolicy Orchestrator Product Guide
for information
Page 45
Using Dashboards, Monitors, and Reports
Use dashboards and monitors
4 Click Close when finished viewing the query results.
Running a purge task
Use this task to create and run an ePO purge server task to run periodic clean up of maintenance
on the ePO database of SiteAdvisor Enterprise Plus events.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Automation | Server Tasks.
• ePolicy Orchestrator 4.5 — Click Menu | Automation | Server Tasks.
2 Click New Task.
3 Name the task and click Next.
4 From the Actions list select Purge SiteAdvisor Enterprise Plus Events, and for Purge
visits older than, indicate a number of days, weeks, months, or years.
5 Click Next.
6 Schedule the task, click Next, then click Save.
Use dashboards and monitors
Use the ePolicy Orchestrator dashboard and monitor features to monitor browser activity on
managed systems. For details about these features, see the ePolicy Orchestrator documentation.
Dashboards consist of monitors, and monitors are based on queries. To monitor browser activity
on your network, use one or more predefined SiteAdvisor Enterprise Plus monitors or create
new monitors by using the predefined SiteAdvisor Enterprise Plus queries or your own custom
queries.
The predefined SiteAdvisor Enterprise Plus monitors are:
Shows results for these queriesMonitor
Activity • Top 100 Red Sites
• Top 100 Yellow Sites
• Top 100 Unrated Sites
• Top 100 Red Downloads
• Top 100 Yellow Downloads
• Top 100 Unrated Downloads
Authorize/Prohibit Lists • Top 100 Green Sites on Authorize List
• Top 100 Red Sites on Authorize List
• Top 100 Green Sites on Prohibit List
• Top 100 Red Sites on Prohibit List
Summary • Top 100 Visits by Rating
• Top 100 Visits by Action
• Top 100 Downloads by Rating
• Top 100 Downloads by Action
45McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 46
Using Dashboards, Monitors, and Reports
Use dashboards and monitors
Warned/Blocked • Top 100 Blocked Sites
Creating monitors
Use this task to create a monitor that reports browser activity on managed systems. Monitors
appear in tabs on the Dashboards page.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Dashboards.
• ePolicy Orchestrator 4.5 — Click Menu | Reporting | Dashboards.
Shows results for these queriesMonitor
• Top 100 Blocked Red Sites
• Top 100 Warned-Cancelled Sites
• Top 100 Warned-Continued Sites
2 Select Options, then New Dashboard.
3 In the Name field, type a descriptive name.
4 From the Size list, select a dashboard layout.
5 For each dashboard panel, click New Monitor.
6 For the Category option, select Queries.
7 For the Monitor option, select a query from the drop-down list. All SiteAdvisor Enterprise
Plus queries begin with SAE+:.
8 Click OK.
9 Repeat steps 5-8 to add monitors, then click Save.
10 In the Make Active dialog box, click Yes. You can add only active dashboards to the
Dashboard page.
11 In the Manage Dashboards page, click Close.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide46
Page 47
Reference
This section answers some frequently asked questions and explains how to find more information
about using SiteAdvisor Enterprise Plus.
Contents
Frequently Asked Questions
Where to find more information
Frequently Asked Questions
These questions address many typical issues that arise when deploying SiteAdvisor Enterprise
Plus to managed network systems.
Policy enforcement
Can users circumvent SiteAdvisor Enterprise Plus policy settings and hide their
browsing behavior?
Yes, but you can detect when this happens. Users can use several methods to hide browsing
activity, including:
• Using an unsupported browser. SiteAdvisor Enterprise Plus supports Microsoft Internet
Explorer and Mozilla Firefox.
• Creating an application that browses the web or creating a frame page where the content
of a frame loads websites.
• Disabling the SiteAdvisor Enterprise Plus client software by using the Add-ons feature
through the browser’s Tools menu.
Can users circumvent SiteAdvisor Enterprise Plus policy settings and hide their
browsing behavior?
Yes, but to protect against these situations:
• Check browsing behavior and browser usage regularly by using various queries that track
browsing behavior. This lets you know when particular managed systems show no browsing
data or less browsing data than expected.
• Check the functional status of the client software by using the Functional Compliance
query. This lets you know when the software is disabled.
By setting up monitors that use the applicable queries, or frequently checking reports generated
by these queries, you know when users are circumventing policy settings and can take immediate
steps to ensure compliance. See
Using Dashboards, Monitors, and Reports
for more information.
47McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 48
Reference
Frequently Asked Questions
Information tracking and reporting
What company- or user-specific information does SiteAdvisor Enterprise Plus send
to its website?
SiteAdvisor Enterprise Plus sends the host name and part of the URL when a managed system
navigates to a new website, and the MD5 algorithm for each application the system requests
to download. It also sends information about the version of the SiteAdvisor Enterprise Plus
client software installed, the operating system version, and the language and country (locale)
selected for the operating system and browser running on the managed system. SiteAdvisor
Enterprise Plus does not send any identification data for the managed system, such as the IP
address or a list of websites visited by an IP address.
Does SiteAdvisor Enterprise Plus track individual website pages viewed on managed
systems?
Basic SiteAdvisor Enterprise Plus tracks the
domain specifier
for each unique website visited
during a single browser session. The domain specifier is the smallest amount of information
required for SiteAdvisor Enterprise Plus to uniquely identify the site being rated for security.
(For example, if a managed system visited 10 different pages on the www.mcafee.com website
over the course of a single browser session, only a single visit to the .mcafee.com domain would
be logged.)
The ability to track domain pages viewed is provided, however, when the Web Filtering for
Endpoint extension is installed. This module provides an additional option in the Event Tracking
policy, where you can specify to track domain page views and file downloads.
Does SiteAdvisor Enterprise Plus collect information when users navigate to intranet
sites?
By default, no. However, you can change this by adding your intranet domain to an Authorize
list, then deselecting the Track events option in the Authorize List policy. Disabling this option
prevents SiteAdvisor Enterprise Plus from tracking and reporting visits to sites on the Authorize
list. You can also change this with the track visits to intranet sites option in the Event Tracking
policy.
If you have installed the Web Filtering for Endpoint extension, an additional option becomes
available in the Event Tracking policy to specify when to track visits to intranet sites. The default
is not to track visits.
If tracking visits to intranet sites is configured in both the Authorize List and Event Tracking
policy, the setting in the Authorize List policy takes precedence.
If Microsoft Internet Explorer is the only browser installed on a managed system
when SiteAdvisor Enterprise Plus is deployed, does SiteAdvisor Enterprise Plus need
to be redeployed after installing Mozilla Firefox?
No. The SiteAdvisor Enterprise Plus client software detects Firefox when it is installed and
immediately begins to protect searching and browsing activities in that browser, while continuing
to provide protection for Internet Explorer.
What happens if a managed system has a newer version of SiteAdvisor installed
than what SiteAdvisor Enterprise Plus is currently installing?
The installation process uninstalls the newer version of SiteAdvisor and then installs SiteAdvisor
Enterprise Plus. If users have configured client settings for SiteAdvisor, they need to configure
them again.
Color coding
Why is the SiteAdvisor button gray?
Several causes are possible:
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide48
Page 49
Reference
Frequently Asked Questions
• The site is not rated. Visit the www.siteadvisor.com website to submit a website for testing.
• The SiteAdvisor Enterprise Plus client software is disabled. If the administrator has not
disabled it at the policy level (by configuring a Disable/Enable policy option), click the arrow
on the menu button to display the SiteAdvisor menu, then select Enable SiteAdvisor.
(If SiteAdvisor Enterprise Plus is already enabled, the menu option changes to Disable
SiteAdvisor. Neither menu option is available if the administrator has disabled them at the
policy level.)
• The site is on the Authorize list and the Track events option is disabled (in the Authorize
List policy). When authorized sites are not being tracked, the SiteAdvisor server does not
receive data about the sites; therefore, it cannot display a color-coded rating for the sites.
• The managed system is not communicating with the Internet. Check the Internet connection.
• The managed system is not communicating with the SiteAdvisor server. A communication
error icon appears instead of a question mark on the button.
• The administrator has configured options in the General policy to use the proxy settings in
Internet Explorer, but no proxy settings are defined in Internet Explorer. As a result,
SiteAdvisor Enterprise Plus cannot connect to the Internet. To resolve this problem, configure
your proxy settings in Internet Explorer or reconfigure the policy settings in SiteAdvisor
Enterprise Plus.
Versions of SiteAdvisor software
What are the differences between the consumer version of SiteAdvisor and
SiteAdvisor Enterprise Plus?
SiteAdvisor Enterprise Plus has been modified for management by an administrator with ePolicy
Orchestrator. In addition, the automatic update feature has been removed to ensure that
administrators control the version of the software running on managed systems.
What are the differences between SiteAdvisor Enterprise and SiteAdvisor Enterprise
Plus?
SiteAdvisor Enterprise Plus allows administrators to configure policy options for authorizing and
blocking access to sites and site resources, customizing messages, and preventing users from
disabling the client software. SiteAdvisor Enterprise Plus is integrated with McAfee advanced
protection solutions.
General
How does SiteAdvisor Enterprise Plus define a website visit?
When a managed system visits a website, SiteAdvisor Enterprise Plus tracks the site’s
specifier
. The domain specifier is the smallest amount of information required for SiteAdvisor
domain
Enterprise Plus to uniquely identify the site being rated for security. (For example, if a managed
system visited 10 different pages on the www.mcafee.com website over the course of a
single browser session, only a single visit to the .mcafee.com domain would be logged. That
is the information required to locate a SiteAdvisor rating. Note that a single browser session
times out after 30 minutes and a new session is then tracked.)
If you have installed the Web Filtering for Endpoint extension, an additional option becomes
available in the Event Tracking policy to track all the pages viewed from a single website.
What if I disagree with the SiteAdvisor rating assigned to my site?
Site owners can visit the www.siteadvisor.com website to find information on resolving a ratings
dispute.
49McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 50
Reference
Where to find more information
Is it safe to use SiteAdvisor Enterprise Plus as my only source of security against
web-based threats?
No. SiteAdvisor Enterprise Plus tests a variety of threats, and constantly adds new threats to
its testing criteria, but it cannot test for all threats. Users should continue to employ traditional
security defenses, such as virus and spyware protection, intrusion prevention, and network
access control, for a multi-tiered defense.
Where to find more information
Several sources of additional information and support are available for using SiteAdvisor
Enterprise Plus under ePolicy Orchestrator.
ePolicy Orchestrator documentation
For detailed information on installing and managing applications under ePolicy Orchestrator,
visit the McAfee ServicePortal website:
https://knowledge.mcafee.com/SupportSite/supportcentral/supportcentral.do?id=m1
To view a complete listing of the ePolicy Orchestrator documentation available for download:
1 Under Useful Links, click Product Documentation.
2 Click ePolicy Orchestrator, then ePolicy Orchestrator 4.0 or ePolicy Orchestrator
4.5.
SiteAdvisor Enterprise Plus website
For the latest information about SiteAdvisor Enterprise Plus and relevant white papers, visit:
http://www.mcafee.com/us/enterprise/products/email_web_security/siteadvisor.html
Online SiteAdvisor Enterprise Plus forums
For the most current information on SiteAdvisor Enterprise Plus issues and web threats, visit
these McAfee online forums:
• http://forums.mcafeehelp.com
• http://mcafee.com/us/enterprise/products/email_web_security/siteadvisor.html
SiteAdvisor website
Visit the www.siteadvisor.com website to access tools and information available to SiteAdvisor
users and site owners:
• On the Home page or Analysis page, type a URL into the Look up site report box to view
a site’s safety report.
• Submit the URL for an unrated site you would like McAfee to test.
• Submit the URL for your site if you disagree with its SiteAdvisor rating and would would like
McAfee to retest it.
• Read information about SiteAdvisor ratings and tips for keeping your website safe.
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide50
Page 51
Web Filtering for Endpoint and Web Reporter
Appendix
With the additional purchase of the Web Filtering for Endpoint extension and the Web Reporter
reporting tool, you can define your browsing environment based on site content categories and
create detailed reports on web usage.
Contents
How web content filtering works
Policy additions with web content filtering
Report and dashboard additions with web content filtering
How Web Reporter works
Applying the Content Actions policy
Working with the Web Reporter
How web content filtering works
The Web Filtering for Endpoint extension provides extra filtering ability. When installed, a
Content Actions policy becomes available. When this policy is applied to client systems, content
classification ratings for a site are returned in addition to SiteAdvisor's usual security ratings,
and the settings in the Content Actions policy to block, warn, or allow the site based on content
type are applied on client systems.
The approximately 100 site content categories are grouped by function and risk, which allows
for easy application of the policy settings based on content alone or on content functional groups
or risk groups.
Policy additions with web content filtering
When you install the Web Filtering for Endpoint extension, you add the following policy options:
• Content Actions policy with all content filtering options
• These options in the Event Tracking policy:
• Track website pages viewed and files downloaded (for public or private domains)
• Track allowed green site content categories
• Enter Web Reporter access information
For details on applying the Content Actions policy, see
details on applying the Event Tracking options, see
Policies
.
Applying the Content Actions policy
Track events for reports
under
. For
Configuring
51McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 52
Web Filtering for Endpoint and Web Reporter Appendix
Report and dashboard additions with web content filtering
Report and dashboard additions with web content
filtering
When you install the Web Filtering for Endpoint extension, you add content-related queries for
reports and dashboards. See
on working with reports and dashboards.
You can use queries as the basis for dashboard monitors, or you can run them separately.
The predefined Web Filtering for Endpoint queries, which appear in the list of reports as a
SiteAdvisor Enterprise Plus (SAE+) reports, include:
Visits by Content
Visits by Action Grouped by Content
Using Dashboards, Monitors, and Reports
DescriptionQuery Name
Top sites grouped by content over the last 30 days.Top Sites Grouped by Content
Pie chart depicting the number of visits over the last 30
days grouped by site content.
Bar chart depicting the number of visits to each content
category over the last 30 days, grouped by policy-based
actions.
for more information
How Web Reporter works
Web Reporter provides reports showing Web usage and trends in your organization. Used in
connection with the Web Filtering for Endpoint extension, Web Reporter provides the reports
that help manage access to the Web to protect against liability exposure, productivity loss,
bandwidth overload, and security threats.
The Web Reporter server collects and processes log files and imports the data from the log file
to the database. After the log file data is transferred to the database, reports are generated.
Log files are generated by running a SiteAdvisor Enterprise Plus client task from the ePO server
on all managed systems.
There are three groups of people involved in the Web Reporter environment:
• Web users who have SiteAdvisor installed and enabled in their browser
• Reporting users who create and view the reports
• Reporting administrator who installs, configures, and maintains the Web Reporter server
The reporting users log on to the Web Reporter server with a web-based interface to view
reports. A reporting administrator uses the same Web-based interface to manage how Web
Reporter is used in the organization; including creating login accounts, managing delegated
reporting, configuring email settings, managing mapped columns, and managing the database,
directories, and log sources.
Web Reporter environment
The Web Reporter environment comprises these areas:
• Web Reporter — This is the server-based software with a web-based user interface and
configuration settings that create detailed reports.
• Log sources — These are devices on the network set up to generate or store log files. Log
files contain web filtering data, including information such as user names, IP addresses,
URLs, time stamps, and protocol types. Web Reporter collects and processes the log files
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide52
Page 53
Web Filtering for Endpoint and Web Reporter Appendix
Sending Web Reporter logs
and then imports the data into its database. A log source can be a directory on the Web
Reporter report server, an FTP Server, or NetCache.
• Database — The database stores data from each log source, and reports are generated
using the data. Supported external database platforms include Microsoft SQL 2000 and 2005,
MySQL 5.0, and Oracle 9 and 10.
Sending Web Reporter logs
The Web Reporter server needs to collect and process log files of browsing data. After the log
file data is transferred to the database, reports can be generated. To get the log files to the
Web Reporter server, you must run an ePO server client task. Use this task to set up the client
task to run on managed systems.
When the task takes place, SiteAdvisor Enterprise Plus sends any and all Web Reporter data to
the Web Reporter configured in the Event Tracking policy. SiteAdvisor Enterprise Plus collects
all data logs from the secure SiteAdvisor Enterprise Plus database and sends Web Reporter logs
on page view and file downloads to the appropriate Web Reporter server, based on user- or
system-based policy.
NOTE: Because of the amount of data that can be transferred when the logs are sent, setting
the client task to run on a randomized schedule is highly recommended.
Before you begin
The client task to send Web Reporter logs is available only after the Web Filtering for Endpoint
extension has been installed. Also, the settings in the Event Tracking policy for access to the
Web Reporter server must be in place.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | System Tree.
• ePolicy Orchestrator 4.5 — Click Menu | Systems | System Tree.
2 On the Client Tasks tab, click New Task.
3 Name the task, and from the Type menu select Send Web Reporter Logs (Web Filtering
for Endpoint).
4 Click Next, then click Next again.
5 On the Schedule page set the schedule for the task. Select Enable Randomization and
set the randomization period.
6 Click Next, then click Save.
Applying the Content Actions policy
Use this task to find and set the action for any site content category. You can sort by functional
group, risk group, or action; or filter by a specific item. By default, all content categories are
set to Allow.
53McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 54
Web Filtering for Endpoint and Web Reporter Appendix
Working with the Web Reporter
Before you begin
This policy is available only if you have installed the Web Filtering for Endpoint extension.
Task
For option definitions, click ? in the interface.
1 Do one of the following:
• ePolicy Orchestrator 4.0 — Go to Systems | Policy Catalog.
• ePolicy Orchestrator 4.5 — Click Menu | Policy | Policy Catalog.
2 From the Product list, select SiteAdvisor Enterprise Plus 3.0.0; from the Category
list, select Content Actions.
3 Select an item from a filter list or type the name of the item in the filter box to determine
the display of content categories.
4 Select a content category and click Warn or Block to set the action for it. The default is
Allow.
5 Click Save.
Working with the Web Reporter
Refer to the
Guide
include:
• Entering license information
• Connecting to the database
• Defining directories
• Configuring log sources
• Customizing a log format
• Setting up email delivery
• Managing login accounts
• Configuring options
• Optimizing performance
• Maintenance
• Running reports
Web Reporter Installation and Configuration Guide
for detailed information on how to configure and use the tool to generate reports. Topics
and the
Web Reporter Product
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide54
Page 55
Index
A
Authorize List
adding a logo to messages for sites on 38
adding sites to 27
allowing access to sites 14
blocking activity 30, 31
controlling access to sites 24
creating and managing 27
creating messages for sites on 37
deleting sites from 28
editing 28
events and SiteAdvisor 15
list precedence 32
multiple-instance policies 26
searching for URLs or site patterns 29
site patterns 25
SiteAdvisor Enterprise Plus policies 11
specifying user access 32
testing 29
tracking feature, turning off 31
B
balloons, safety information in SiteAdvisor 6
browsing of websites
creating a security strategy 13
creating monitors 46
protection for 7
safety ratings 6
using dashboards and monitors 45
C
client settings, SiteAdvisor Enterprise Plus 47
communication error, SiteAdvisor Enterprise Plus
troubleshooting 7
configuration, SiteAdvisor Enterprise Plus
authorize lists 27
block phishing pages 24
client settings for SiteAdvisor Enterprise Plus 47
content actions 53
control panel option for 21
customized messaging 35
customizing policies 11
disabling from browser 39
disabling from ePO server 38
file downloads based on ratings 23
observe mode 21
policies for 16
prohibit lists 32
proxy settings for 20
site access based on ratings 23
site access based on threat factors 23
track allowed green sites 41
track domain page views 41
configuration, SiteAdvisor Enterprise Plus
track visits to domains 40
consumer version, SiteAdvisor (See SiteAdvisor Enterprise Plus) 47
control panel option
configuring SiteAdvisor Enterprise Plus 21
(continued)
D
dashboards
monitoring browser activity 45
SiteAdvisor Enterprise Plus queries for 43
SiteAdvisor Enterprise Plus queries for web filtering 52
deployment
SiteAdvisor Enterprise Plus policies 16
documentation
ePolicy Orchestrator 45, 50
SiteAdvisor Enterprise Plus 50
E
events, SiteAdvisor Enterprise Plus
information for queries 15
F
FAQs, SiteAdvisor Enterprise Plus 47
file downloads
blocking or warning by ratings 23
using Authorize lists to block activity 30
forums, online for SiteAdvisor Enterprise Plus 50
I
icons, safety 6
Internet Explorer
proxy settings and SiteAdvisor 19
SiteAdvisor Enterprise Plus and 5
supported browsers on SiteAdvisor Enterprise Plus 5
Internet usage, tracking 15, 47
M
managed systems
disabling SiteAdvisor on 39
running SiteAdvisor Enterprise Plus 5
SiteAdvisor Enterprise Plus policies 11
McAfee Default policy
SiteAdvisor Enterprise Plus 16
messages, SiteAdvisor Enterprise Plus
customizing 35
downloads 37
phishing pages 36
Mozilla Firefox
SiteAdvisor Enterprise Plus and 5
supported browsers on SiteAdvisor Enterprise Plus 5
multiple-instance policies
SiteAdvisor Enterprise Plus 11, 26
55McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 56
Index
O
Observe mode, SiteAdvisor Enterprise Plus
creating a strategy 13
effect of policy settings 14
enabling 21
evaluating policy settings 19
online forums, SiteAdvisor Enterprise Plus 50
P
page views, SiteAdvisor Enterprise Plus
creating reports with Web Reporter 52, 53, 54
phishing
blocking page access by ratings 24
blocking pages on authorized sites 31
customized messages for pages 36
scams and SiteAdvisor Enterprise Plus 6
policies, SiteAdvisor Enterprise Plus
about 16
Authorize List 24
Content Actions 51, 52, 53
controlling access by ratings 22, 23
controlling access by threat factors 23
creating and editing 19
customizing 11
default settings 17
duplicates 16
Enable/Disable 38
Enforcement Messaging 35
evaluating with Observe mode 19
Event Tracking 39
General 19
McAfee Default policy 16
multiple-instance 11, 26
Observe mode 13
proxy settings 19
Rating Actions 22
selecting options and features 14
types of 17
user-based 16
web filtering extension 51
popups
browsers and safety ratings 6
Prohibit List
adding a logo to messages for sites on 38
adding sites to 32, 33
blocking sites 14
creating and managing 32
creating messages for sites on 37
deleting sites from 33
editing 34
events and SiteAdvisor 15
list precedence 32
multiple-instance policies 26
searching for URLs or site patterns 34
site patterns 24, 25
SiteAdvisor Enterprise Plus policies 11
specifying user access 32
testing 34
threat protection 24
proxy settings
supported servers, SiteAdvisor Enterprise Plus 19
configuring SiteAdvisor Enterprise Plus 20, 47
purge task, SiteAdivsor Enterprise Plus
running 45
Q
queries, SiteAdvisor Enterprise Plus
creating reports 43
creating reports for web filtering 52
information sent for 15
R
reports, SiteAdvisor Enterprise Plus
creating 44
creating a strategy for web-based threats 13
data sent to ePO server 15
data sent to SiteAdvisor website 15, 47
purge tasks 45
queries for 43
queries for web filtering 52
safety 5, 9
viewing 10
Web Reporter 52, 53, 54
website safety 9
S
safety balloons and icons 6, 7
safety ratings
Authorize List 22
controlling access to sites 22
controlling file downloads 23
dispute resolution for site owners 47
how website ratings are derived 6
phishing pages, blocking 24
SiteAdvisor Enterprise Plus and 5
safety reports (See reports, SiteAdvisor Enterprise Plus) 6, 9
search engines and SiteAdvisor safety icons 6
settings, SiteAdvisor Enterprise Plus
client settings 47
menu buttons 7
site patterns in SiteAdvisor Enterprise Plus
controlling access 25
searching Authorize lists 29
searching Prohibit lists 34
testing Authorize lists 29
testing Prohibit lists 34
SiteAdvisor
safety reports 9
viewing safety reports 10
SiteAdvisor Enterprise Plus
about 5
benefits of 5
button, gray 47
customizing messages 35
customizing policy settings 11
differences with consumer version 47
disabling 38, 39
enabling 38
finding more information about 50
frequently asked questions 47
messages for downloads 37
monitors for browser activity 46
resolving a rating dispute 47
tracking Internet usage 15, 47
troubleshooting communication error 7
website 50
SiteAdvisor menu
description of 7
disabled 38
displaying options 8
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide56
Page 57
Index
support, SiteAdvisor 50
support, SiteAdvisor Enterprise Plus
McAfee ServicePortal website 50
online forums 50
website 50
T
threats
blocking exploits on authorized sites 30
browsers and safety ratings 6
protection with Prohibit lists 24
web-based 13
tracking feature
allowed green sites, applying 41
Authorize lists, turning off 31
domains and downloads, applying 40
page views and downloads, applying 41
troubleshooting
communication error 7
V
vulnerabilities (See threats) 6
W
web filtering, SiteAdvisor Enterprise Plus
additional policy options 51
explanation 51
website access
adding a logo to messages for sites 38
authorized sites, blocking exploits 30
controlling by safety ratings 22
creating messages for sites 37
file downloads, blocking on authorized sites 30
phishing pages, blocking on authorized sites 31
specifying users for 32
tracking feature, turning off 31
using ratings to block or warn 23
using threat factors to block or warn 23
websites
browsing protection 7
McAfee ServicePortal 50
rated, customized messages for 35
search protection 6
SiteAdvisor Enterprise Plus support 50
SiteAdvisor support 50
testing for safety 6
viewing SiteAdvisor safety reports 10
57McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Page 58
Index
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide58
Loading...