SonicWALL 4.5 User Manual

02/4%#4)/.!44(%30%%$/&"53).%33

3ONIC7!,,%NFORCED#LIENT

!NTI6IRUSAND!NTI3PYWARE

0RODUCT'UIDE

6ERSION

Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NcAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE F OR A FULL REFUND.

Attributions

This product includes or may include:

• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. • Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee pro-+34vide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. • Copyright © copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. • ©1995-2002 International Business Machines Corporation and others. • Inc. • Outside In

• by Gunnar Ritter. • Gisle Aas. © RSA Data Security, Inc., © copyrighted by Brad Appleton, © copyrighted by Larry Wall and Clark Cooper, © Foundation, Copyright © © Simone Bordet & Marco Cravero, © (http://www.extreme.indiana.edu/). • University of California, Berkeley and its contributors. • www.modssl.org/). • copyrighted by David Abrahams, © Dawes, Howard Hinnant & John Maddock, ©

•

2001. • David Abrahams, Jeremy Siek, and Daryle Walker, ©1999-2001. • by Housemarque Oy <http://www.housemarque.com>, © © by Jeremy Siek and John R. Bandela, © University © copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, © Josefsson, © copyrighted by Todd C. Miller, © contributed to Berkeley by Chris Torek.

1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the Apache Software Foundation (http://www.apache.org/). A

Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free

International Components for Unicode ("ICU") Copyright

2001, 2002, 2003. A copy of the license agreement for thi s software can be found at www.python.org. • Software copyrighted by Beman Dawes,

2002. • Software copyrighted by Stephen Purcell, © 2001. • Software developed by the Indiana University Extreme! Lab Software copyrighted by International Business Machines Corporation and others, © 1995-2003. • Software developed by the

2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman

Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://

2004. • Software copyrighted by Simon

PATENT INFORMATION

Protected by US Patents 6,006,035; 6,029,256; 6,035,423; 6,151,643; 6,266,774; 6,266,811; 6,269,456; 6,301,699; 6,457,076; 6,496,875; 6,510,448; 6,542,943; 6,550,012; 6,594,686; 6,611,925; 6,622,150; 6,668,289; 6,684,329; 6 ,697,950; 6,725,377; 6,728,885; 6,757,830; 6,763,403; 6,775,780; 6,782,527; 6,799,197; 6,8 23,460; 6,839,852; 6,907,396; 6,931,540; 6,931,546; 6,947,986; 6,966,059; 6,973,578; 6,976,068; 6,978,454; 6,988,209; 7,016,939; 7,058,975; 7,069,330.

Issued February 2007 / Enforced Client Anti-Virus and Anti-Spyware

DBN-001-EN

Contents

1 Introduction 7

What is Enforced Client? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Select the right version of Enforced Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Protect against many kinds of threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Ensure continuous, automatic protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

What is new in this release? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

How does the software work?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

The updating process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Retrieving updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Uploading security information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Outbreak response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Rumor technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Internet Independent Updating (IIU) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Managing with the online SecurityCenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

User groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Customized policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Who should read this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2 Installing Enforced Client 25

After you place your order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Operating system support ending . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

RAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Email security service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Email server security application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Terminal servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Before you install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Uninstall existing virus protection software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Uninstall existing firewall software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configure your browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Non-Microsoft browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Install the standalone installation agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Installing Enforced Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Standard URL installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Sending an installation URL to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Installing on client computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Advanced installation methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Push installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

If you use a corporate firewall or proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Enabling relay servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Using the Push Install utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Enforced Client Product Guide Contents

Using VSSETUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Completing the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Test virus protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Scan the client computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Scan the email Inbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Set up the default firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

What should I do after installing?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3 Using Enforced Client 51

Using the client software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Enforced Client system tray icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Removing and displaying the icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Client menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Administrative menu and tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Updating client computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Update automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Update manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Update during an outbreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Update computers where no user is logged on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Using the SecurityCenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Getting started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Log on to the SecurityCenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Access online features and functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Make the most of your online data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Customize listings and reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Using the online help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Setting up your account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Set up your profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Change your SecurityCenter password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Viewing your security services at-a-glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Install protection services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

View and resolve action items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

View security coverage for your account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Managing your computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Search for computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Install protection services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Display details for a computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

View detections for a computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

View user-approved applications for a computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Send email to computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Block computers from receiving updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Delete computers from your reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Move computers into a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Creating groups to manage your site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

The Default group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Create or edit a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Delete a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Designating group administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Create or edit a group administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Delete a group administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Setting up policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

The SonicWALL Default policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Create or edit a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Assign a policy to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Restore default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Delete a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Viewing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

View duplicate computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

View computer profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Managing your correspondence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Enforced Client Product Guide Contents

Send email to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Update user email addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Update your account’s email address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Add your logo to reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Managing your subscriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

View your service subscriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Update subscription information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Purchase, add, and renew services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Request a trial subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Receive subscription notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Getting assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

View printed and online documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Download utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Contact product support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

4 Using the Virus and Spyware Protection Service 87

Accessing client features (Scan Tasks menu) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Scanning client computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Scan automatically (on-access scans) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Scan manually (on-demand scans) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

View scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

How detections are handled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Schedule on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Scan email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Scan for spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Configuring policies for virus and spyware protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Set basic virus protection options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Schedule on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Exclude files and folders from virus scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Set advanced virus protection options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Select your update frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Enable optional protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Set basic spyware protection options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Enable spyware protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Select a spyware protection mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Specify approved programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Set advanced spyware protection options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Viewing reports for virus and spyware detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

View detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

View unrecognized programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

View your detection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Managing detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Manage your protection strategy with best practices . . . . . . . . . . . . . . . . . . . . . . . . . 108

Manage quarantined files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Disabling on-access scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

5 Using the Firewall Protection Service 111

Accessing client features (Firewall Settings command) . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Configuring policies for firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Specify who configures firewall protection settings . . . . . . . . . . . . . . . . . . . . . . . . . 113

Install the firewall protection service via policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Enable firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Select a firewall protection mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Learn mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Specify a connection type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Configure a custom connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configure system services for a custom connection . . . . . . . . . . . . . . . . . . . . . . 117

Configure IP addresses for a custom connection . . . . . . . . . . . . . . . . . . . . . . . . 120

Set up allowed Internet applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Specify Internet applications in a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Specify whether to use SonicWALL recommendations. . . . . . . . . . . . . . . . . . . . 122

Enforced Client Product Guide Contents

Viewing reports for firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

View unrecognized Internet applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

View inbound events blocked by the firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Managing suspicious activity with best practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

6 Using the Browser Protection Service 127

Accessing site safety information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

How safety ratings are compiled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Staying safe during searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Staying safe while browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Viewing safety reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring browser protection settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring browser protection from the SecurityCenter. . . . . . . . . . . . . . . . . . . . . . 130

Installing via policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring browser protection on the client computer . . . . . . . . . . . . . . . . . . . . . . . 131

Submitting feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

7 Using the Email Security Service 133

Activating the email security service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Using the portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Setting up your account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Update your MX records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Customize your account settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Recommended first steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Optional customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Configure general administration settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Viewing your email protection status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Configuring a policy for email security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Viewing reports for the email security service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Managing quarantined email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

View and manage quarantined user messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Check the Quarantine Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

View quarantined mail deliveries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Getting more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

8 Troubleshooting 145

Uninstalling protection services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Frequently asked questions (FAQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146

Adding, renewing, and moving licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Configuring and managing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Firewall protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Browser protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151

General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Contacting product support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Glossary 161

Index 167

Introduction

SonicWALL Enforced Client Anti-Virus and Anti-Spyware, referred to in this guide as Enforced Client, safeguards your computers automatically, and its advanced features let you customize your business’s security strategy.

This section provides an overview of the product, its features, and how to use product resources for additional assistance.

 What is Enforced Client?

 What is new in this release?

 How does the software work?

 Managing with the online SecurityCenter

 Using this guide

 Getting product information

Enforced Client Product Guide Introduction

What is Enforced Client?

Enforced Client delivers comprehensive security as a service for all the computers on your account. These services automatically check for threats, intercept them, take the appropriate action to keep your data and your network safe, and track detections and security status for reports.

Figure 1-1 Enforced Client overview

The Enforced Client client software runs on each computer where it is installed.

The client software updates itself — automatically and silently — by downloading the latest detection definition (

DAT) files from your account’s administrative website, the SonicWALL

SecurityCenter.

The client software uploads security information about each computer to the SecurityCenter for use in administrative reports.

As your account’s administrator, you can use a web browser to visit the SecurityCenter, where you can access reports that detail the status of client computers and use tools for customizing and managing security.

 Select the right version of Enforced Client

 Protect against many kinds of threats

 Ensure continuous, automatic protection

Enforced Client Product Guide Introduction

What is Enforced Client?

Select the right version of Enforced Client

Select the version that best supports your needs.

Enforced Client Anti-Virus and Anti-Spyware

Basic Advanced

 Virus and spyware protection for desktop

computers and servers.

 Firewall protection for desktop computers and

servers.

 Browser protection for desktop computers.

 Access to the SonicWALL SecurityCenter for

centralized management of your accounts.

This guide focuses on the Enforced Client services for desktop computers and servers, and also contains instructions for setting up the email security service available in Enforced Client Advanced. Refer to your product CD or the SonicWALL download center for information about using the email server security application.

 Virus and spyware protection for desktop

computers and servers.

 Firewall protection for desktop computers and

servers.

 Browser protection for desktop computers.

 Access to the SonicWALL SecurityCenter for

centralized management of your accounts.

 Email security:

Email security service to protect all inbound email against virus, spam, and phishing attacks, or

Email server security application for additional virus protection at the server level.

Protect against many kinds of threats

Enforced Client protects against a broad range of threats:

 The virus and spyware protection service checks for viruses, spyware, unwanted

programs, and other potential threats borne on removable media or brought in from your network, including via email. Every time a file on your computer is accessed, your service scans the file to make sure it is free of viruses and spyware.

 The firewall protection service establishes a barrier between each computer and the Internet

or other computers on your local network. It silently monitors communications traffic for suspicious activity and takes appropriate action, such as blocking.

 The browser protection service displays information to safeguard client computer users

against web-based threats. Users can view website safety ratings and safety reports as they browse or search with Microsoft Internet Explorer or Mozilla Firefox.

 The email security service protects against email threats by scanning messages before they

are received. It blocks or quarantines detections of directory harvest attacks, spam, phishing scams, viruses, and other email-borne threats in messages and attachments, to prevent them from reaching client computers. The email security service is available with Enforced Client Advanced.

 The email server security application, SonicWALL GroupShield

and Lotus Domino, provides comprehensive virus protection for the email and other content entering and leaving your Microsoft Exchange Server 2000/2003 environment. Proactive anti-virus scanning and an automatic outbreak manager prevent malicious code from disrupting the system, while advanced content filtering allows administrators to set up rules for inappropriate content, sensitive information, and adding disclaimers to messages.

for Microsoft Exchange

Enforced Client Product Guide Introduction

What is Enforced Client?

The email server security application is available with Enforced Client Advanced. Detailed documentation on this application is available on the CD or in the downloadable installer accessible from the SonicWALL download center.

Ensure continuous, automatic protection

Enforced Client safeguards your computers with:

 Continuous protection — From the time a client computer is turned on until it is turned off,

Enforced Client silently monitors all file input and output, downloads, program executions, inbound and outbound communications, and other system-related activities.

 Instant discovery — When Enforced Client detects a virus threat, it attempts to clean the

item containing the threat before further damage can occur. If an item cannot be cleaned, a copy of it is placed in a quarantine folder and the original item is deleted.

 Customized threat response — By default, Enforced Client provides a high degree of

protection against threats. You can also configure the response to detections of potentially unwanted programs and suspicious activity to suit the needs of your business: take immediate action to clean, quarantine, or block the detection; prompt users for a response; or only log the detection for administrative reports.

 Automatic updates — Enforced Client checks for product updates at regular intervals

throughout the day, comparing security components against the latest releases. When a computer needs a newer version, the client software automatically retrieves it.

 Avert Early Warning system and outbreak response — Enforced Client uses the latest

information about threats and outbreaks as soon as they are discovered by SonicWALL Avert Labs, a research division of SonicWALL. Whenever Avert Labs releases an outbreak detection definition (

DAT) file, your network receives it promptly.

Enforced Client Product Guide Introduction

What is new in this release?

New features

New feature Description

Browser protection service

New policy options for greater control

Auto-renewal option If your service provider has enabled this option, automatically renews your

Changes in support

Support for... Description

Operating systems  Provides protection services for computers running Windows Vista.

Browsers

Languages

Protects client computers against web-based threats while searching and browsing. Users can display a color-coded safety rating and detailed report for each website. See Chapter 6, Using the Browser Protection Service.

Virus and spyware protection service: On-demand scans now scan all file types by default, or administrators can select a policy option to scan only certain types of files. See Enable optional protection on page 97.

Firewall protection service: Select whether to use SonicWALL recommendations for safe Internet applications or allow only those you specify. See Specify whether to use SonicWALL recommendations on

page 121.

subscriptions before they expire.

 Extends support to 64-bit versions of Windows XP and Windows Vista.

See Operating systems on page 27.

 Computers running older versions of Windows will continue to be

supported against existing threats, but protection against new threats will be phased out as

support ending on page 28.

 Administrators can configure a policy option for displaying notifications

on client computers to remind users that support is ending. See Notifying

users when support ends on page 28.

 Installs on computers using Windows Internet Explorer version 7. See

Chapter 2, Installing Enforced Client.

 Adds browser protection for Mozilla Firefox. See Chapter 6, Using the

Browser Protection Service.

With Enforced Client Advanced, Quarantine Summary emails generated by the email security service are now available in multiple languages.

Note: No localized version is available for Brazilian Portuguese.

DAT files are no longer updated. See Operating system

Enforced Client Product Guide Introduction

How does the software work?

Enforced Client implements a three-prong approach to security by:

1 Silently monitoring all file input and output, downloads, program executions, inbound and

outbound communications, and other system-related activities on client computers.

 Detected viruses are deleted or quarantined automatically.

 Potentially unwanted programs, such as spyware or adware, are removed automatically

unless you select a different response.

 Suspicious activity is blocked unless you specify a different response.

2 Regularly updating detection definition (DAT) files and software components to ensure that

you are always protected against the latest threats.

3 Uploading security information for each client computer to the SecurityCenter, then using

this information to send emails and create reports that keep you informed about your account’s status.

In addition, it provides tools for managing client computers and customizing your security strategy.

 The updating process

 Outbreak response

 Rumor technology

 Internet Independent Updating (IIU)

The updating process

Regular updates are the cornerstone of Enforced Client.

 Updates of its security components running on client computers. See Retrieving updates.

 Updates to the security data maintained on the SecurityCenter website and used in

administrative reports. See Uploading security information.

Enforced Client Product Guide Introduction

How does the software work?

Updates can occur in three ways, enabling you to use network resources efficiently.

Figure 1-2 Methods for updating client computers

 In a simple scenario, each client computer on your account has a direct connection to the

Internet and checks for new updates.

 Rumor technology enables all computers in a workgroup to share downloaded files, which

controls Internet traffic and minimizes expensive downloads.

 Internet Independent Updating (IIU) enables any computer on the network to get information

from the update site, even if that computer does not have an Internet connection, as long as at least one computer on the network is configured as a relay server.

Retrieving updates

Five minutes after a client computer starts, and at regular intervals throughout the day, the Enforced Client client software checks if updates are available. If they are, the client computer pulls them from another computer on the network (via directly from the Internet site.

Rumor technology) or downloads them

Enforced Client Product Guide Introduction

How does the software work?

The detection definition (DAT) files on the Internet site are regularly updated to add protection against new threats. When the client software connects to the update site on the Internet, it retrieves:

 Regular DAT files, which contain the latest definitions for viruses, potentially unwanted

programs, and cookies and registry keys that might indicate spyware.

 Outbreak DAT files, which are high-priority detection definition files released in an

emergency situation (see Outbreak response).

 Upgrades to the software if a newer version exists.

 Policy updates.

At any time, users can update manually by double-clicking in the system tray.

Update support for some operating systems is ending. After support ends, client computers running those operating systems will no longer be protected against new threats. See Operating

Note

system support ending on page 28 for more information.

Uploading security information

Client computers upload detection and status data hourly to the SecurityCenter website. This information is available to administrators in reports they can view on the SecurityCenter (see

Viewing reports on page 78).

Outbreak response

When an outbreak of a new threat is identified by Avert Labs, they issue an outbreak DAT, which is a special detection definition ( encoded to inform the first computer receiving it to share the update immediately with other client computers on the network. By default, client computers check for an outbreak hour.

Rumor technology

When one computer shares updates with other computers on the local area network (LAN), rather than requiring each computer to retrieve updates from the update website individually, the Internet traffic load on the network is reduced. This process of sharing updates is called Rumor.

1 Each client computer checks the version of the most recent catalog file on the Internet site.

This catalog file contains information for every component in Enforced Client, and is stored in a digitally signed, compressed .

 If the version is the same as the catalog file on the client computer, the process stops here.

 If the version is different from the catalog file on the client computer, the client computer

attempts to retrieve the latest catalog file from its peers. It queries if other computers on the LAN have already downloaded the new catalog file.

2 The client computer retrieves the required catalog file (directly from the Internet site or from

one of its peers) and uses it to determine if new components are available for Enforced Client.

DAT) file marked as Medium or High importance. It is specially

DAT every

CAB file format.

3 If new components are available, the client computer attempts to retrieve them from its peers.

It queries if computers on the LAN have already downloaded the new components.

Enforced Client Product Guide Introduction

How does the software work?

 If so, the client computer retrieves the update from a peer. (Digital signatures are checked

to verify that the computer is valid.)

 If not, the client computer retrieves the update directly from the update site.

4 On the client computer, the catalog file is extracted and new components are installed.

Internet Independent Updating (IIU)

Internet Independent Updating enables computers to use Enforced Client when they are not connected to the Internet. At least one computer on the subnet must have an Internet connection to be able to communicate with the udpate site. That computer is configured as a relay server, and computers without an Internet connection retrieve updates locally from the relay server.

1 When a computer without Internet access fails to connect directly to the update site, it

requests information from the relay server.

2 The relay server downloads a catalog of updates from the update site.

3 The computer with no Internet connection downloads the necessary updates from the relay

server.

For more information, see Enabling relay servers on page 46.

Enforced Client Product Guide Introduction

Managing with the online SecurityCenter

To manage your account via the SecurityCenter, use the URL you received in an email message from your service provider. From the SecurityCenter, you can view the status of your protection services, access reports on client activity such as detections and suspicious activity, update your account data, and configure security settings. You can manage client computers by customizing how often they check for updates, changing the way they handle detections, and scheduling regular scans.

Figure 1-3 The online SecurityCenter

Enforced Client Product Guide Introduction

Managing with the online SecurityCenter

The SecurityCenter’s main page shows a status summary for all the protection services you have purchased (except email server protection):

 Security Status — Indicates whether any action is required to address security issues, and

links you to instructions for resolving them.

 Your virus and spyware protection — Illustrates the number of computers that are up-to-date

and out-of-date, and where the virus and spyware protection service is not installed. Click a color in the pie chart to display a list of computers in that category.

 Your desktop firewall protection — Illustrates the number of computers where the firewall

protection service is and is not installed. Click a color in the pie chart to display a list of computers in that category.

 Your email protection — Illustrates the number of messages delivered by category (clean,

spam, virus detected). Click a color in the pie chart or select the

Click here to configure link to

open the email security service’s web portal and view reports about your email.

 Your browser protection — Illustrates the number of computers where the browser protection

service is and is not installed. Click a color in the pie chart to display a list of computers in that category.

See Using the SecurityCenter on page 55 for more information.

The SecurityCenter offers two powerful tools for displaying your computers in groups and fine-tuning their security settings.

 User groups enable you to effectively categorize and manage client computers that require

different security settings or special monitoring.

 Customized policies allow you to specify security settings to meet the needs of your users and

effectively use your network resources.

Enforced Client Product Guide Introduction

Managing with the online SecurityCenter

User groups

Each computer running the client software belongs to a group. A group consists of one or more computers using the same security settings (called policies). By default, computers are placed in the

Default group.

Groups help you manage different types of computers effectively. You can base groups on geographic location, department, computer type, user tasks, or anything meaningful to your organization.

For example, you might place all laptops used by traveling sales representatives into a single group called Sales Team. You can then view details about this group of computers separately from other computers in your account. You can easily check detections for these computers or customize their security settings in a policy (see for specific circumstances and risks of a remote user.

To create groups, use the Groups + Policies tab on the SecurityCenter website. See Creating

groups to manage your site on page 71 for more information.

The following example shows how an administrator might configure policies for three different groups of client computer users in an organization. You should configure policies for your users to meet your own company’s needs.

Customized policies on page 19) that accounts

Policy Setting

On-Demand Scan Weekly Daily Daily

Enable outbreak response Enabled Enabled Enabled

Scan within archives during on-access scans

Check for updates every 12 hours 4 hours 4 hours

Spyware Protection Mode Prompt Protect Prompt

Approved Programs None None Nmap remote admin tool

Firewall Protection Mode Protect Protect Prompt

Use Smart Recommendations to automatically approve common Internet applications

Connection Type Trusted network Untrusted network Trusted network

Allowed Internet Applications

AOL Instant Messenger None AOL Instant Messenger

No Enabled Enabled

Enabled No Enabled

GoogleTalk

Enforced Client Product Guide Introduction

Managing with the online SecurityCenter

Customized policies

After installation, Enforced Client protects client computers from threats immediately using default security settings. However, you might want to change the way some features are implemented for some or all of your computers. For example, you might want the service to check for updates every four hours or set up a list of programs you consider safe.

Policies are made up of security settings that define how protection services operate on client computers. Policy management allows you to assign different levels and types of protection to different users. If you have created groups, you can assign a unique policy to each group or one policy to all groups.

For example, you can assign a Sales policy to your mobile Sales Team group, with security settings that protect against threats in unsecure networks such as airports and hotels.

Figure 1-4 Example: Sales Team group and Sales policy

Enforced Client Product Guide Introduction

Using this guide

Create a Sales Team group and a Sales policy.

Assign the Sales policy to the Sales Team group.

Client software running on computers in the Sales Team group performs the tasks defined in the Sales policy:

 Check for updates to software components and DAT files every 4 hours.

 Check for outbreak DAT file every hour.

 Scan for viruses and potentially unwanted programs daily.

 Block communication from computers on local network (untrusted network).

Client software sends security data for each client computer to the SecurityCenter.

Administrator checks the security status for the Sales Team group in reports on the SecurityCenter.

The administrator adjusts the Sales policy. The modified policy is downloaded automatically to client computers in the Sales Team group the next time they check for updates.

To create your own policies and assign them to computers or groups, use the Groups + Policies tab on the SecurityCenter website. See Setting up policies on page 75 for more information.

Using this guide

This guide provides information on installing, configuring, using, and troubleshooting Enforced Client.

 Who should read this guide?

 Conventions

Who should read this guide?

This information is designed for:

 System and network administrators who want to implement a proactive, hands-on approach

to their security strategy.

 Partner Security Services (PSS) partners who remotely manage and monitor the

SecurityCenter on behalf of their customer base.

Hands-off administrators who do not need to customize security settings can read an overview of basic features in the Quick Start Guide, which is available from the SecurityCenter website.

Help page on the

Enforced Client Product Guide Introduction

Using this guide

Conventions

This guide uses the following conventions:

Bold Condensed

All words from the user interface, including options, menus, buttons, and dialog box names.

Example:

Type the User name and Password of the desired account.

Courier The path of a folder or program; text that represents something the user types exactly

(for example, a command at the system prompt).

Example:

The default location for the program is:

C:\Program Files\McAfee\EPO\3.5.0

Run this command on the client computer: C:\SETUP.EXE

Italic For emphasis or when introducing a new term; for names of product documentation

and topics (headings) within the material.

Example: Refer to the VirusScan Enterprise Product Guide for more information.

Blue A web address (URL) and/or a live link.

Visit the SonicWALL website at: http://www.mcafee.com

<TERM> Angle brackets enclose a generic term.

Example: In the console tree, right-click <SERVER>.

Note: Supplemental information; for example, an alternate method of executing the

Note

same command.

Tip: Suggestions for best practices and recommendations from SonicWALL for

Tip

threat prevention, performance, and efficiency.

Caution: Important advice to protect your computer system, enterprise, software

Caution

installation, or data.

Warning: Important advice to protect a user from bodily harm when interacting with a hardware product.

Warning

Enforced Client Product Guide Introduction

Getting product information

Several types of information are available to meet the specific needs of client computer users and administrators.

Users — Client computer users can access online help from links in the client software.

Online User Help Access online instructions for performing security tasks in two ways:

 Click help on any window displayed by the client software.

 Click in the system tray and select Help.

Note: If the product’s built-in help system displays incorrectly on a client

computer, its version of Microsoft Internet Explorer might not be using

ActiveX controls properly. These controls are required to display the help

file. Make sure the latest version of Internet Explorer is installed with its

Internet security settings set to

Online Installation Instructions

Administrators — Unless otherwise noted, these product documents are Adobe Acrobat .PDF files available on the product CD or the

Product Guide Product introduction and features, detailed instructions for configuring the

Quick Start Guide A short “getting started” with information on basic product features, routine

Release Notes ReadMe. Product information, resolved issues, known issues, and

Online SecurityCenter help

Online Push Install help

Avert Labs Threat Library

Click the help link on any installation dialog box to display instructions for installing Enforced Client using the URL method. Also contains instructions for preparing for installation, testing, uninstalling, and troubleshooting installation issues.

Help page of the SecurityCenter.

software, information on deployment, recurring tasks, and operating procedures. Recommended for administrators who manage large organizations or multiple accounts, and for hands-on administrators who want to customize security settings and actively monitor client computers.

tasks that you perform often, and critical tasks that you perform occasionally. Recommended for first-time customers who need an overview of the product, and for hands-off administrators who plan to use the default security settings and monitor security status through their weekly status email.

last-minute additions or changes to the product or its documentation. Available as a text document.

For information about any page of your SecurityCenter website, click the help (

? ) link in the upper-right corner. You can access additional

information with the table of contents, index, or search feature.

While running the Push Install utility, click the help link on any dialog box for information about deploying client software remotely to one or more computers without user intervention.

After an update, click Avert Labs Threat Library on the Enforced Client window to access the online SonicWALL Threat Library. This website has detailed information on where threats come from, how they infect your system, and how to remove them.

The Avert Labs Threat Library contains useful information on hoaxes, such as virus warnings that you receive via email. A Virtual Card For You and SULFNBK are two of the best-known hoaxes, but there are many others. Next time you receive a well-meaning warning, view our hoax page before you pass the message on to your friends.

Medium or Medium-high.

Enforced Client Product Guide Introduction

Enforced Client Advanced — With Enforced Client Advanced, additional documents are available.

Email security service See Chapter 7, Using the Email Security Service for instructions on setting

up and using basic features of the email security service. Links are available from the SecurityCenter website to the email security service’s web portal, where you can configure the service, access its administration guide, and view reports.

Email server security application

Detailed documentation for the email server security application is available on the product CD or in the downloadable installer accessible from the SonicWALL download center.

Getting product information

Contact information

Threat Center: SonicWALL Avert® Labs http://www.mcafee.com/us/threat_center/default.asp

Avert Labs Threat Library

http://vil.nai.com

Avert Labs WebImmune & Submit a Sample (Logon credentials required)

https://www.webimmune.net/default.asp

Avert Labs DAT Notification Service

http://vil.nai.com/vil/signup_DAT_notification.aspx

Download Site http://www.mcafee.com/us/downloads/

Product Upgrades (Valid grant number required)

Security Updates (DATs, engine)

HotFix and Patch Releases

 For Security Vulnerabilities (Available to the public)

 For Products (ServicePortal account and valid grant number required)

Product Evaluation

SonicWALL Beta Program

Technical Support http://www.mcafee.com/us/support/

KnowledgeBase Search

http://knowledge.mcafee.com/

SonicWALL Technical Support ServicePortal (Logon credentials required)

https://mysupport.mcafee.com/eservice_enu/start.swe

Customer Service

Web

http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html

Phone — US, Canada, and Latin America toll-free: +1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time

Professional Services

Small and Medium Business: http://www.mcafee.com/us/smb/services/index.html

Enforced Client

Beta Site

http://betavscan.mcafeeasap.com

Beta Feedback

DL_ToPS_SMB_Beta@mcafee.com

Enforced Client Product Guide Introduction

Getting product information

Installing Enforced Client

This section describes what happens after you purchase the hosted services in Enforced Client and Enforced Client Advanced, provides system requirements, and explains how to install the virus and spyware protection service, firewall protection service, and browser protection service.

If you purchased Enforced Client Advanced, refer to emails and materials from SonicWALL for instructions on installing the email security service or email server security application. See

Note

Chapter 7, Using the Email Security Service for information about activating and setting up the

email security service.

 After you place your order

 System requirements

 Before you install

 Installing Enforced Client

 Completing the installation

 What should I do after installing?

Enforced Client Product Guide Installing Enforced Client

After you place your order

When you place an order for Enforced Client, you supply an email address, and your account is associated with that email address. After you submit your order:

1 SonicWALL processes your order.

2 You receive three emails:

This email... Contains...

Welcome The download URL and instructions for installing the protection

services, accessing documentation, and contacting customer support.

administrative website and changing your password.

Grant letter The grant number for the order, which is required for customer

support.

3 If you purchased Enforced Client Advanced, you also receive an email with instructions for

changing your MX (Mail eXchange) records. See

If you purchased Enforced Client from a SonicWALL partner who manages security for you, the partner usually receives these emails. If you have questions about which emails you should

Note

receive, contact the partner.

Update your MX records on page 135.

Placing multiple orders If you placed more than one order using different email addresses, you have more than one Enforced Client account. To merge them so that all your security information and emails are sent to a single email address, contact the SonicWALL partner from whom you ordered, or SonicWALL customer support if you ordered directly from SonicWALL.

Enforced Client Product Guide Installing Enforced Client

System requirements

Enforced Client is designed for Microsoft Windows operating systems running on a PC platform. It installs and runs on computers equipped with:

 An Intel Pentium processor or compatible architecture.

 Microsoft Internet Explorer 5.5 SP2 or later.

 Operating systems

 RAM

 Email security service

 Email server security application

 Terminal servers

Operating systems

Protection services Operating system Virus and spyware Firewall Browser Client computers

Windows 2000 Professional with Service Pack 3 or later

Windows XP Home Windows XP Professional (32-bit)

Windows Vista (32-bit)

Windows XP Windows Vista (64-bit)

Servers

Windows 2000 Server Advanced Server Small Business Server with Service Pack 3 or later

Windows 2003 Standard Server Enterprise Server Web Edition Small Business Server

If you upgrade the operating system on a client computer (for example, from Windows 2000 to Windows XP) and you want to leave your existing files and programs intact during the upgrade,

Caution

you must first uninstall Enforced Client, then reinstall it after the upgrade is complete.

Support for some operating systems is ending. After support ends, client computers running those operating systems will no longer be protected against new threats. See Operating system support

Caution

ending for more information.

Enforced Client Product Guide Installing Enforced Client

System requirements

Operating system support ending

Support for these Windows operating systems is ending with Enforced Client version 4.5.

 Windows 95

 Windows 98

 Windows ME

 Windows NT 4.x

For more information about support for these operating systems, visit

http://www.mcafee.com/us/enterprise/support/customer_service/end_life.html, then look for

Enforced Client under Managed Services Matrix.

See Notifying users when support ends for information about notifying users when support for their operating system is ending.

Notifying users when support ends

By default, Enforced Client displays notifications on client computers to remind users that support is ending for their operating system.

 When upgrades to product components, such as the scanning engine, are scheduled to end or

will end within 30 days.

 When updates to detection definition (DAT) files have ended or will end within 30 days.

A policy option determines whether support notifications are displayed.

Notifications are not displayed for computers running Windows 95 because support for that operating system has already ended.

Note

To enable or disable notifications:

1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).

2 Click the Advanced Settings tab.

3 Select or deselect Display support notifications on client computers, then click Save.

Enforced Client Product Guide Installing Enforced Client

System requirements

RAM

Minimum

virus and spyware

protection

Windows 2000 64 MB 256 MB 256 MB

Windows XP 128 MB 256 MB 256 MB

Windows 2003 256 MB 512 MB 512 MB

Windows Vista 512 MB 512 MB 1 GB

Servers 256 MB 512 MB 512 MB

* Use the value listed for the firewall protection service whether installing that service alone or with other protection services.

Minimum firewall

protection*

Recommended

Email security service

Enforced Client Advanced includes the additional email security service. To set up and run this service, you need:

 A dedicated email server, either in-house or hosted by an ISP.

 A company email domain, such as yourdomain.com, with a static IP address.

Email server security application

Enforced Client Advanced gives you the option to install the SonicWALL GroupShield email server security application.

Minimum requirements for Microsoft Exchange Server 2003:

 Intel Pentium or compatible 133MHz processor.

 128 MB of RAM (512 MB recommended).

 740 MB free disk space.

 One of these operating systems:

 Microsoft Windows 2000 Server with Service Pack 4.

 Microsoft Windows 2000 Advanced Server with Service Pack 4.

 Microsoft Windows Server 2003 Standard Edition (32-bit).

 Microsoft Windows Server 2003 Enterprise Edition (32-bit).

Minimum requirements for Microsoft Exchange Server 2000 with Service Pack 3:

 Intel Pentium or compatible 133MHz processor.

 128 MB of RAM (256 MB recommended).

 740 MB of free disk space.

 Microsoft Windows 2000 Server with Service Pack 4.

Enforced Client Product Guide Installing Enforced Client

System requirements

Terminal servers

Enforced Client supports terminal servers and the Windows fast user switching feature in most scenarios, with these limitations:

 Enforced Client must be installed on the server by someone with local administrator

privileges.

 When an installation or update occurs on a terminal server, one session is designated as the

primary update session (see Update computers where no user is logged on on page 55 for restrictions that apply to automatic updates).

 For all user sessions, the Enforced Client icon is removed from the system tray during the

installation or update. The icon is restarted only for the user logged on to the primary update session. All user sessions are protected, and other users can manually redisplay their icons (see Removing and displaying the icon on page 52 for more information).

 Detection notifications are not displayed on the desktop of all computer users if the fast user

switching feature is enabled.

 If you use an authenticating proxy server, disable the policy option Update client computers

where users are not logged in

virus protection options on page 97).

on the SecurityCenter’s Advanced Settings tab (see Set advanced

+ 182 hidden pages