Manuals / SonicWALL / Kitchen Appliance / Frozen Dessert Maker

SonicWALL 4.5 Using the Unrecognized Programs report, When you want to, the Computer Details page

Models: 4.5

1 212

Page 105

Enforced Client Product Guide	Using the Virus and Spyware Protection Service
	Viewing reports for virus and spyware detections

Using the Unrecognized Programs report

When you want to...	Do this...

Display computers or	Click	next to a name:
detections	Click	next to a name:
detections	Under a computer name, show which detections were found.
	Under a computer name, show which detections were found.
	Under a detection name, show the computers where it was found.

View details about	On the Unrecognized Programs report, click the name of a potentially
detections	unwanted program to display detailed information from the SonicWALL
	Avert Labs Threat Library.

View details about a	On the Unrecognized Programs report, click a computer name to display
computer where a	the Computer Details page.
detection occurred	The Computer Details page displays information about the computer, its

	service components, and its detections (see Display details for a computer
	on page 67).

Approve a program	To add unrecognized programs to the list of approved programs for other
	users, add them to a new or existing policy (see Specify approved programs
	on page 101). Approved programs will no longer be detected as a threat by
	the virus and spyware protection service on computers using the policy.

105

Page 105

Image 105

SonicWALL 4.5 manual Using the Unrecognized Programs report, When you want to, the Computer Details page, on page

Contents

3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE 6ERSIONS02/4%#4/. !444%/30%%$!/& 53.%33 TRADEMARK ATTRIBUTIONS Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHTLICENSE INFORMATION License Agreement AttributionsContents Installing Enforced ClientIntroduction Using Enforced Client Using the Firewall Protection Service Using the Virus and Spyware Protection ServiceDisabling on-access scanning Managing your subscriptionsUsing the Browser Protection Service „ What is Enforced Client? „ What is new in this release? 1 Introduction„ Managing with the online SecurityCenter „ Using this guide „ How does the software work?„ Select the right version of Enforced Client What is Enforced Client?„ Protect against many kinds of threats „ Ensure continuous, automatic protectionProtect against many kinds of threats Select the right version of Enforced ClientEnsure continuous, automatic protection New feature What is new in this release?users when support ends on page Chapter 2, Installing Enforced ClientThe updating process How does the software work?„ The updating process „ Outbreak response „ Rumor technology „ Internet Independent Updating IIUFigure 1-2 Methods for updating client computers Retrieving updatesOutbreak response Rumor technologyUploading security information Internet Independent Updating IIU Figure 1-3 The online SecurityCenter Managing with the online SecurityCenterSee Using the SecurityCenter on page 55 for more information User groups Figure 1-4 Example Sales Team group and Sales policy Customized policiesUsing this guide Who should read this guide?„ Who should read this guide? „ Conventions Bold ConventionsCondensed ExampleGetting product information Avert Labs DAT Notification Service Contact informationProduct Upgrades Valid grant number required Security Updates DATs, engine HotFix and Patch ReleasesEnforced Client Product Guide IntroductionGetting product information „ Before you install „ Installing Enforced Client Installing Enforced Client„ Completing the installation „ What should I do after installing? „ After you place your order „ System requirementsAfter you place your order Operating systems System requirements„ Operating systems „ RAM „ Email security service Protection servicesOperating system support ending Notifying users when support endsEmail server security application Email security serviceTerminal servers Uninstall existing virus protection software Before you install„ Uninstall existing virus protection software „ Uninstall existing firewall software „ Configure your browserSonicWALL Retail SonicWALL EnterpriseComputer Associates FinjanConfigure your browser Uninstall existing firewall softwareInternet Explorer Non-Microsoft browsersInstall the standalone installation agent Standard URL installation Installing Enforced ClientRequirements Standard URL installationInstalling on client computers Sending an installation URL to users3 When you are prompted to do so, click Install What is the email address used for?Figure 2-2 Advanced installation methods Advanced installation methodsAdvanced installation method The administratorSilent installation Requirements„ Requirements „ Installation What is my company key? InstallationVSSETUP parameters Push installation „ Requirements „ Installation Considerations for scheduling push installations1 Download the Push Install utility from the SecurityCenter RequirementsTo install Enforced Client using the Push Install utility InstallationIf you use a corporate firewall or proxy server Enabling relay serversFigure 2-6 Status for target computers Using the Push Install utility Completing the installationUsing VSSETUP „ Using the Push Install utility „ Using VSSETUPScan the client computer Test virus protectionScan the email Inbox Set up the default firewall„ Setting up your account on page What should I do after installing?„ Viewing your security services at-a-glance on page „ Setting up policies on page „ Viewing reports on pageInstalling Enforced Client What should I do after installing?Enforced Client Product Guide „ Using the client software „ Updating client computers Using Enforced Client„ Using the SecurityCenter „ Getting started „ Setting up your accountEnforced Client system tray icon Using the client softwareRemoving and displaying the icon „ Administrative menu and tasksAdministrative menu and tasks Updating client computersClient menu Update manually Update automaticallyUpdate during an outbreak „ Update automatically „ Update manually „ Update during an outbreakUpdate computers where no user is logged on Using the SecurityCenterSetting up your account When you areSetting up policies Viewing reports Managing your correspondence „ Set up your profile „ Change your SecurityCenter passwordGetting started Access online features and functionsLog on to the SecurityCenter „ Log on to the SecurityCenter „ Access online features and functionsFigure 3-1 SecurityCenter tabs Using Enforced ClientEnforced Client Product Guide Getting startedWhen you want to Make the most of your online dataFigure 3-2 Page controls for listings and reports Do thisCustomize listings and reports Do this Using the online helpShow Navigation Previous and NextSet up your profile Setting up your accountChange your SecurityCenter password Sign up for email notificationsViewing your security services at-a-glance View and resolve action items Install protection services„ Install protection services „ View and resolve action items „ Purchase, add, and renew services „ Request a trial subscriptionView security coverage for your account Managing your computers„ Send email to computers „ Block computers from receiving updates „ Search for computers „ Install protection services„ Display details for a computer „ View detections for a computer „ View user-approved applications for a computerDisplay details for a computer Search for computersInstall protection services See Chapter 2, Installing Enforced Client for more informationFigure 3-5 Computer Details page When you want toDo this For System email address, type a new email address, then click SaveView detections for a computer View user-approved applications for a computerSend email to computers Creating groups to manage your site Block computers from receiving updatesDelete computers from your reports Move computers into a group„ Create or edit a group „ Delete a group The Default groupDesignating group administrators Create or edit a groupDelete a group Figure 3-7 Site and group administrators „ Create or edit a group administrator „ Delete a group administrator Create or edit a group administratorDelete a group administrator Setting up policies„ Restore default policy settings „ Delete a policy „ Create or edit a policy „ Assign a policy to a groupDefault setting The SonicWALL Default policyAll programs types are enabled Virus protectionRestore default policy settings Create or edit a policyAssign a policy to a group Delete a policy Viewing reportsTo view Use this reportDetections UnrecognizedFigure 3-9 Duplicate Computers report View duplicate computersView computer profiles Managing your correspondence„ Send email to users „ Update user email addresses „ Update your account’s email address „ Add your logo to reportsUpdate your account’s email address Update user email addressesSend email to users Add your logo to reportsManaging your subscriptions View your service subscriptions„ View your service subscriptions „ Update subscription information „ Purchase, add, and renew services „ Request a trial subscriptionPurchase, add, and renew services Update subscription informationRequest a trial subscription Getting assistanceReceive subscription notifications View printed and online documentsContact product support Download utilitiesVSSetup Run the Push Install UtilityService Using the Virus and Spyware ProtectionAccessing client features Scan Tasks menu „ Accessing client features Scan Tasks menuDisable On-Access Scanner Select this commandScanner see Disabling on-access scanning on page Figure 4-1 Scan Tasks menuScanning client computers Scan automatically on-access scans„ Scan automatically on-access scans „ Scan manually on-demand scans „ Schedule on-demand scans „ Scan email „ Scan for spywareScan manually on-demand scans View scan results„ View scan results „ How detections are handled How detections are handled Schedule on-demand scans Scan emailScan for spyware Cleaned CleanApprove CloseSet basic virus protection options Configuring policies for virus and spyware protectionSchedule on-demand scans „ Schedule on-demand scansExclude files and folders from virus scans Enable optional protection Select your update frequencySet advanced virus protection options „ Select your update frequency „ Enable optional protectionEnable outbreak response Enable buffer overflow protection Enable script scanningScan email before delivering to the Outlook Inbox rar, .tat, .tgzSet basic spyware protection options Enable spyware protection„ Enable spyware protection „ Select a spyware protection mode „ Specify approved programsBehavior of protection service Select a spyware protection modeMode ReportLearn mode Set advanced spyware protection optionsSpecify approved programs 2 Click the Advanced Settings tab Password crackersThreat type DescriptionView detections Viewing reports for virus and spyware detections„ Detections see View detections „ Unrecognized Programs see View unrecognized programs on pageadvanced spyware protection options on page When you want toBuffer Overflow Processes Details pageFigure 4-7 Unrecognized Programs report View unrecognized programsWhen you want to Using the Unrecognized Programs reportthe Computer Details page on pageFigure 4-8 Detection History report View your detection historyManage your protection strategy with best practices Managing detections„ Manage your protection strategy with best practices „ Manage quarantined filesRestore Manage quarantined filesthe Quarantine Viewer 2 Select Scan Tasks Quarantine ViewerCleaned Disabling on-access scanningClean failed 2 Select Disable On-Access Scanner or Enable On-Access ScannerUsing the Virus and Spyware Protection Service Disabling on-access scanningEnforced Client Product Guide Accessing client features Firewall Settings command Using the Firewall Protection Service„ Accessing client features Firewall Settings command „ Configuring policies for firewall protection„ Specify who configures firewall protection settings Configuring policies for firewall protection„ Install the firewall protection service via policy „ Enable firewall protection „ Select a firewall protection modeFigure 5-1 Desktop Firewall policy tab Specify who configures firewall protection settingsEnable firewall protection Install the firewall protection service via policyLearn mode Select a firewall protection modeConfigure a custom connection Specify a connection type„ Configure system services for a custom connection Standard system service ports Configure system services for a custom connection„ Configure IP addresses for a custom connection „ Standard system service ports „ Open a service portOpen a service port Close a service port Add and edit service portsConfigure IP addresses for a custom connection Set up allowed Internet applicationsSpecify whether to use SonicWALL recommendations Specify Internet applications in a policyViewing reports for firewall protection View unrecognized Internet applications„ Unrecognized Programs see View unrecognized Internet applications View inbound events blocked by the firewall Events to display the Inbound Event List Managing suspicious activity with best practices„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open Using the Firewall Protection Service Enforced Client Product GuideManaging suspicious activity with best practices Accessing site safety information Using the Browser Protection Service„ Accessing site safety information „ Configuring browser protection settings „ Submitting feedbackStaying safe during searches How safety ratings are compiledSettings Staying safe while browsingSettings Configuring browser protection on the clientViewing safety reports Configuring browser protection settingsConfiguring browser protection from the SecurityCenter Installing via policyEnable or disable the display of safety icons next Configuring browser protection on the client computerEncrypt the data sent to the server using the Enable or disable the color coding for theSubmitting feedback „ Activating the email security service „ Using the portal Using the Email Security Service„ Setting up your account „ Viewing your email protection status „ Configuring a policy for email securityActivating the email security service Using the portal2 Click Install Protection 3 Select Install email security service Customize your account settings Update your MX recordsSetting up your account „ Update your MX records „ Customize your account settingsDefault settings Recommended first steps1 Add your other domains Optional customization Figure 7-2 Administration page Configure general administration settingsAccess basic administration features on the Administration page Viewing your email protection statusUse this feature General SettingsTo view the status of your service Viewing reports for the email security service Configuring a policy for email securityView and manage quarantined user messages Managing quarantined emailCheck the Quarantine Summary „ View and manage quarantined user messagesView quarantined mail deliveries Getting more informationUsing the Email Security Service Enforced Client Product GuideGetting more information Uninstalling protection services 8 Troubleshooting„ Uninstalling protection services „ Frequently asked questions FAQ „ Error messages „ Contacting product supportInstalling Frequently asked questions FAQ„ Installing „ Adding, renewing, and moving licenses „ Configuring and managing policies „ Scanning „ Reporting „ UpdatingAdding, renewing, and moving licenses Configuring and managing policiesReporting ScanningUpdating Firewall protection Browser protection EmailGeneral „ Installation Declined „ Installation Denied Error messages„ Invalid Entitlement Error „ Cannot find remote shared directory „ File does not exist„ Unable to connect to the Enforced Client update server „ MyASUtil.SecureObjectFactory error message „ MyINX Error„ Unable to create Cab Installer Object Cannot find remote shared directoryThe security level of the browser is too high The user doesn’t have administrator rightsInternet Explorer is blocking ActiveX controls A registry file is missingInstallation Denied Common causes and solutions If you do not see a Status column, set your view options to Details 1 From the Windows Control Panel, open Add/Remove Programs1 Select Start Run See If you use a corporate firewall or proxy server on page You might need to adjust your corporate firewall or proxy settingsContacting product support Compare to group administrator and user Glossaryprotection service See reportsCompare to SecurityCenter website Compare to URL installationSee policy Compare to trusted connection and untrusted connectionprotection service protection serviceCompare to administrator and user See also push installation, silent installation, and URL installationCompare to prompt mode and report mode Compare to protect mode and report modeCompare to silent installation and URL installation Compare to prompt mode and protect modeCompare to push installation and URL installation See on-access scanning and on-demand scanningCustomer Home site Compare to client softwareCompare to administrator and group administrator Compare to push installation and silent installationservice Compare to trusted connectionSecurityCenter tab Login page„ Log on to the SecurityCenter „ Change your SecurityCenter password „ Viewing your security services at-a-glance„ Managing your computers „ Install protection services Computers tab„ Send email to computers „ Block computers from receiving updates „ Specify approved programs „ Set up allowed Internet applicationsFind computers DescriptionAdd Computer Groups„ Viewing reports for the email security service Reports tab„ Viewing reports „ View detections „ View unrecognized programs „ View unrecognized Internet applications„ Creating groups to manage your site „ Setting up policies Groups + Policies tab„ Configuring policies for virus and spyware protection „ Configuring policies for firewall protection„ Setting up your account „ Change your SecurityCenter password My Account tab„ Managing your subscriptions „ Designating group administrators Service Summary sectionMy Logo section Notification Preferences sectionHelp tab Install ProtectionEmail Page „ View printed and online documents „ Download utilitiesInstall Protection New Computers Email Text Install Protection New Computers„ Installing Enforced Client „ Standard URL installation „ Using the portalInstall Protection Existing Computers Email Text Install Protection Existing Computers„ Standard URL installation „ Standard URL installation „ Advanced installation methodsAdvanced Installation Methods Install Email Security Service„ Using the portal „ Update your MX records „ Viewing reports for the email security serviceProduct Coverage Product Purchase„ Managing your subscriptions „ Purchase, add, and renew services „ Request a trial subscription„ Set up allowed Internet applications Computer Details„ Managing your computers „ Make the most of your online data „ Customize listings and reports „ Specify approved programsDetection List User-Approved Application List„ View detections for a computer „ Specify approved programs „ Set up allowed Internet applications Search Results„ View user-approved applications for a computer „ Managing your computers „ Search for computers„ View detections „ Make the most of your online data Detections report by computer„ Customize listings and reports „ Manage your protection strategy with best practices„ View detections „ Make the most of your online data Detections report by detection„ Customize listings and reports „ Manage your protection strategy with best practices„ Set up allowed Internet applications Unrecognized Programs report by computer„ View unrecognized programs „ Make the most of your online data „ Customize listings and reports„ Specify approved programs „ Set up allowed Internet applications Unrecognized Programs report by program„ View unrecognized programs „ View user-approved applications for a computerInbound Events Blocked by Firewall report by destination computer Inbound Events Blocked by Firewall report by originating computerLists the IP address of the computer where the event originated „ View inbound events blocked by the firewallDuplicate Computers report Inbound Event List„ View inbound events blocked by the firewall „ View duplicate computers „ Display details for a computer„ View computer profiles Computer Profiles report„ View your detection history Detection History report„ Manage your protection strategy with best practices DescriptionEdit Group Edit Default Group„ Creating groups to manage your site „ Setting up policies „ Creating groups to manage your site „ Setting up policiesAdd Group View Default Policy„ Setting up policies „ Assign a policy to a group „ Setting up policies „ Set basic virus protection options„ Configuring browser protection from the SecurityCenter „ Configuring policies for firewall protection„ The SonicWALL Default policy Firewall ConfigurationEnable buffer overflow Enable outbreak responseEnable script scanning on-access scans„ Set basic virus protection options „ Assign a policy to a group Edit Policy Virus Protection Settings„ Set basic spyware protection options „ Assign a policy to a group Edit Policy Spyware Protection SettingsEdit Policy Desktop Firewall Settings „ Configuring policies for firewall protection „ Learn mode„ Assign a policy to a group Automatically install the update the policy to User configures firewallFirewall Protection Mode Description„ Configure system services for a custom connection Firewall Custom Settings„ Configure IP addresses for a custom connection Add or Edit Incoming Connection„ Configure system services for a custom connection CancelEdit Policy Advanced Settings Edit Policy Browser Protection Settings„ Configuring browser protection from the SecurityCenter „ Update computers where no user is logged onCheck for updates every Settings„ Enable buffer overflow protection Detect code starting to run „ Scan all file types during on-access scans Inspect all types of„ Set basic virus protection options „ Assign a policy to a group Add Policy Virus Protection Settings„ Set basic spyware protection options „ Assign a policy to a group Add Policy Spyware Protection SettingsAdd Policy Desktop Firewall Settings „ Configuring policies for firewall protection „ Learn mode„ Assign a policy to a group update the policy to User configures firewall Firewall ConfigurationAutomatically install the Firewall Protection ModeAdd Policy Browser Protection Settings „ Configuring browser protection from the SecurityCenter„ Assign a policy to a group „ Update computers where no user is logged on Add Policy Advanced Settings„ Notifying users when support ends „ Assign a policy to a group „ Set advanced virus protection optionsSettings Check for updates everyDescription „ Managing your subscriptions Subscription History„ Update subscription information Edit Subscription InformationView Cancelled Services Managed ServicesManage All Group Administrators Manage Group Administrators„ Designating group administrators „ Designating group administrators„ Sign up for email notifications Notification PreferencesManage Logo Edit ProfileUtilities „ Set up your profile „ Change your SecurityCenter passwordSilently install protection „ Install the standalone installation agentInstall protection services previous installation

Using the Unrecognized Programs report

the Computer Details page.