6ERSIONS���
3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE
02/4%#4/. !444%/30%%$!/& 53.%33
Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT
TRADEMARK ATTRIBUTIONS
LICENSE INFORMATION License Agreement
Attributions
Installing Enforced Client
Contents
Introduction
Using Enforced Client
Using the Virus and Spyware Protection Service
Using the Firewall Protection Service
Disabling on-access scanning
Managing your subscriptions
Using the Browser Protection Service
1 Introduction
„ What is Enforced Client? „ What is new in this release?
„ Managing with the online SecurityCenter „ Using this guide
„ How does the software work?
What is Enforced Client?
„ Select the right version of Enforced Client
„ Protect against many kinds of threats
„ Ensure continuous, automatic protection
Select the right version of Enforced Client
Protect against many kinds of threats
Ensure continuous, automatic protection
What is new in this release?
New feature
users when support ends on page
Chapter 2, Installing Enforced Client
How does the software work?
The updating process
„ The updating process „ Outbreak response „ Rumor technology
„ Internet Independent Updating IIU
Retrieving updates
Figure 1-2 Methods for updating client computers
Rumor technology
Outbreak response
Uploading security information
Internet Independent Updating IIU
Managing with the online SecurityCenter
Figure 1-3 The online SecurityCenter
See Using the SecurityCenter on page 55 for more information
User groups
Customized policies
Figure 1-4 Example Sales Team group and Sales policy
Who should read this guide?
Using this guide
„ Who should read this guide? „ Conventions
Conventions
Bold
Condensed
Example
Getting product information
Contact information
Avert Labs DAT Notification Service
Product Upgrades Valid grant number required
Security Updates DATs, engine HotFix and Patch Releases
Introduction
Enforced Client Product Guide
Getting product information
Installing Enforced Client
„ Before you install „ Installing Enforced Client
„ Completing the installation „ What should I do after installing?
„ After you place your order „ System requirements
After you place your order
System requirements
Operating systems
„ Operating systems „ RAM „ Email security service
Protection services
Notifying users when support ends
Operating system support ending
Email security service
Email server security application
Terminal servers
Before you install
Uninstall existing virus protection software
„ Uninstall existing virus protection software
„ Uninstall existing firewall software „ Configure your browser
SonicWALL Enterprise
SonicWALL Retail
Computer Associates
Finjan
Uninstall existing firewall software
Configure your browser
Internet Explorer
Non-Microsoft browsers
Install the standalone installation agent
Installing Enforced Client
Standard URL installation
Requirements
Standard URL installation
Sending an installation URL to users
Installing on client computers
What is the email address used for?
3 When you are prompted to do so, click Install
Advanced installation methods
Figure 2-2 Advanced installation methods
Advanced installation method
The administrator
Requirements
Silent installation
„ Requirements „ Installation
Installation
What is my company key?
VSSETUP parameters
Push installation
Considerations for scheduling push installations
„ Requirements „ Installation
1 Download the Push Install utility from the SecurityCenter
Requirements
Installation
To install Enforced Client using the Push Install utility
Enabling relay servers
If you use a corporate firewall or proxy server
Figure 2-6 Status for target computers
Completing the installation
Using the Push Install utility
Using VSSETUP
„ Using the Push Install utility „ Using VSSETUP
Test virus protection
Scan the client computer
Set up the default firewall
Scan the email Inbox
What should I do after installing?
„ Setting up your account on page
„ Viewing your security services at-a-glance on page
„ Setting up policies on page „ Viewing reports on page
What should I do after installing?
Installing Enforced Client
Enforced Client Product Guide
Using Enforced Client
„ Using the client software „ Updating client computers
„ Using the SecurityCenter „ Getting started
„ Setting up your account
Using the client software
Enforced Client system tray icon
Removing and displaying the icon
„ Administrative menu and tasks
Updating client computers
Administrative menu and tasks
Client menu
Update automatically
Update manually
Update during an outbreak
„ Update automatically „ Update manually „ Update during an outbreak
Using the SecurityCenter
Update computers where no user is logged on
When you are
Setting up your account
Setting up policies Viewing reports Managing your correspondence
„ Set up your profile „ Change your SecurityCenter password
Access online features and functions
Getting started
Log on to the SecurityCenter
„ Log on to the SecurityCenter „ Access online features and functions
Using Enforced Client
Figure 3-1 SecurityCenter tabs
Enforced Client Product Guide
Getting started
Make the most of your online data
When you want to
Figure 3-2 Page controls for listings and reports
Do this
Customize listings and reports
Using the online help
Do this
Show Navigation
Previous and Next
Setting up your account
Set up your profile
Change your SecurityCenter password
Sign up for email notifications
Viewing your security services at-a-glance
Install protection services
View and resolve action items
„ Install protection services „ View and resolve action items
„ Purchase, add, and renew services „ Request a trial subscription
Managing your computers
View security coverage for your account
„ Search for computers „ Install protection services
„ Send email to computers „ Block computers from receiving updates
„ Display details for a computer „ View detections for a computer
„ View user-approved applications for a computer
Search for computers
Display details for a computer
Install protection services
See Chapter 2, Installing Enforced Client for more information
When you want to
Figure 3-5 Computer Details page
Do this
For System email address, type a new email address, then click Save
View user-approved applications for a computer
View detections for a computer
Send email to computers
Block computers from receiving updates
Creating groups to manage your site
Delete computers from your reports
Move computers into a group
The Default group
„ Create or edit a group „ Delete a group
Create or edit a group
Designating group administrators
Delete a group
Figure 3-7 Site and group administrators
Create or edit a group administrator
„ Create or edit a group administrator „ Delete a group administrator
Setting up policies
Delete a group administrator
„ Restore default policy settings „ Delete a policy
„ Create or edit a policy „ Assign a policy to a group
The SonicWALL Default policy
Default setting
All programs types are enabled
Virus protection
Create or edit a policy
Restore default policy settings
Assign a policy to a group
Viewing reports
Delete a policy
Use this report
To view
Detections
Unrecognized
View duplicate computers
Figure 3-9 Duplicate Computers report
Managing your correspondence
View computer profiles
„ Send email to users „ Update user email addresses
„ Update your account’s email address „ Add your logo to reports
Update user email addresses
Update your account’s email address
Send email to users
Add your logo to reports
View your service subscriptions
Managing your subscriptions
„ View your service subscriptions „ Update subscription information
„ Purchase, add, and renew services „ Request a trial subscription
Update subscription information
Purchase, add, and renew services
Getting assistance
Request a trial subscription
Receive subscription notifications
View printed and online documents
Download utilities
Contact product support
VSSetup
Run the Push Install Utility
Using the Virus and Spyware Protection
Service
Accessing client features Scan Tasks menu
„ Accessing client features Scan Tasks menu
Select this command
Disable On-Access Scanner
Scanner see Disabling on-access scanning on page
Figure 4-1 Scan Tasks menu
Scan automatically on-access scans
Scanning client computers
„ Scan automatically on-access scans „ Scan manually on-demand scans
„ Schedule on-demand scans „ Scan email „ Scan for spyware
View scan results
Scan manually on-demand scans
„ View scan results „ How detections are handled
How detections are handled
Scan email
Schedule on-demand scans
Scan for spyware
Clean
Cleaned
Approve
Close
Configuring policies for virus and spyware protection
Set basic virus protection options
Schedule on-demand scans
„ Schedule on-demand scans
Exclude files and folders from virus scans
Select your update frequency
Enable optional protection
Set advanced virus protection options
„ Select your update frequency „ Enable optional protection
Enable script scanning
Enable outbreak response Enable buffer overflow protection
Scan email before delivering to the Outlook Inbox
rar, .tat, .tgz
Enable spyware protection
Set basic spyware protection options
„ Enable spyware protection „ Select a spyware protection mode
„ Specify approved programs
Select a spyware protection mode
Behavior of protection service
Mode
Report
Set advanced spyware protection options
Learn mode
Specify approved programs
Password crackers
2 Click the Advanced Settings tab
Threat type
Description
Viewing reports for virus and spyware detections
View detections
„ Detections see View detections
„ Unrecognized Programs see View unrecognized programs on page
When you want to
advanced spyware protection options on page
Buffer Overflow Processes
Details page
View unrecognized programs
Figure 4-7 Unrecognized Programs report
Using the Unrecognized Programs report
When you want to
the Computer Details page
on page
View your detection history
Figure 4-8 Detection History report
Managing detections
Manage your protection strategy with best practices
„ Manage your protection strategy with best practices
„ Manage quarantined files
Manage quarantined files
Restore
the Quarantine Viewer
2 Select Scan Tasks Quarantine Viewer
Disabling on-access scanning
Cleaned
Clean failed
2 Select Disable On-Access Scanner or Enable On-Access Scanner
Disabling on-access scanning
Using the Virus and Spyware Protection Service
Enforced Client Product Guide
Using the Firewall Protection Service
Accessing client features Firewall Settings command
„ Accessing client features Firewall Settings command
„ Configuring policies for firewall protection
Configuring policies for firewall protection
„ Specify who configures firewall protection settings
„ Install the firewall protection service via policy
„ Enable firewall protection „ Select a firewall protection mode
Specify who configures firewall protection settings
Figure 5-1 Desktop Firewall policy tab
Install the firewall protection service via policy
Enable firewall protection
Select a firewall protection mode
Learn mode
Specify a connection type
Configure a custom connection
„ Configure system services for a custom connection
Configure system services for a custom connection
Standard system service ports
„ Configure IP addresses for a custom connection
„ Standard system service ports „ Open a service port
Open a service port
Add and edit service ports
Close a service port
Set up allowed Internet applications
Configure IP addresses for a custom connection
Specify Internet applications in a policy
Specify whether to use SonicWALL recommendations
View unrecognized Internet applications
Viewing reports for firewall protection
„ Unrecognized Programs see View unrecognized Internet applications
View inbound events blocked by the firewall
Managing suspicious activity with best practices
Events to display the Inbound Event List
„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open
Enforced Client Product Guide
Using the Firewall Protection Service
Managing suspicious activity with best practices
Using the Browser Protection Service
Accessing site safety information
„ Accessing site safety information
„ Configuring browser protection settings „ Submitting feedback
How safety ratings are compiled
Staying safe during searches
Staying safe while browsing
Settings
Settings
Configuring browser protection on the client
Configuring browser protection settings
Viewing safety reports
Configuring browser protection from the SecurityCenter
Installing via policy
Configuring browser protection on the client computer
Enable or disable the display of safety icons next
Encrypt the data sent to the server using the
Enable or disable the color coding for the
Submitting feedback
Using the Email Security Service
„ Activating the email security service „ Using the portal
„ Setting up your account „ Viewing your email protection status
„ Configuring a policy for email security
Using the portal
Activating the email security service
2 Click Install Protection 3 Select Install email security service
Update your MX records
Customize your account settings
Setting up your account
„ Update your MX records „ Customize your account settings
Recommended first steps
Default settings
1 Add your other domains
Optional customization
Configure general administration settings
Figure 7-2 Administration page
Viewing your email protection status
Access basic administration features on the Administration page
Use this feature
General Settings
To view the status of your service
Configuring a policy for email security
Viewing reports for the email security service
Managing quarantined email
View and manage quarantined user messages
Check the Quarantine Summary
„ View and manage quarantined user messages
Getting more information
View quarantined mail deliveries
Enforced Client Product Guide
Using the Email Security Service
Getting more information
8 Troubleshooting
Uninstalling protection services
„ Uninstalling protection services „ Frequently asked questions FAQ
„ Error messages „ Contacting product support
Frequently asked questions FAQ
Installing
„ Installing „ Adding, renewing, and moving licenses
„ Configuring and managing policies „ Scanning „ Reporting „ Updating
Configuring and managing policies
Adding, renewing, and moving licenses
Scanning
Reporting
Updating
Firewall protection
Email
Browser protection
General
Error messages
„ Installation Declined „ Installation Denied
„ Invalid Entitlement Error
„ Cannot find remote shared directory „ File does not exist
„ MyASUtil.SecureObjectFactory error message „ MyINX Error
„ Unable to connect to the Enforced Client update server
„ Unable to create Cab Installer Object
Cannot find remote shared directory
The user doesn’t have administrator rights
The security level of the browser is too high
Internet Explorer is blocking ActiveX controls
A registry file is missing
Installation Denied Common causes and solutions
1 From the Windows Control Panel, open Add/Remove Programs
If you do not see a Status column, set your view options to Details
1 Select Start Run
You might need to adjust your corporate firewall or proxy settings
See If you use a corporate firewall or proxy server on page
Contacting product support
Glossary
Compare to group administrator and user
protection service
See reports
Compare to URL installation
Compare to SecurityCenter website
See policy
Compare to trusted connection and untrusted connection
protection service
protection service
Compare to administrator and user
See also push installation, silent installation, and URL installation
Compare to protect mode and report mode
Compare to prompt mode and report mode
Compare to silent installation and URL installation
Compare to prompt mode and protect mode
See on-access scanning and on-demand scanning
Compare to push installation and URL installation
Customer Home site
Compare to client software
Compare to push installation and silent installation
Compare to administrator and group administrator
service
Compare to trusted connection
Login page
SecurityCenter tab
„ Log on to the SecurityCenter „ Change your SecurityCenter password
„ Viewing your security services at-a-glance
Computers tab
„ Managing your computers „ Install protection services
„ Send email to computers „ Block computers from receiving updates
„ Specify approved programs „ Set up allowed Internet applications
Description
Find computers
Add Computer
Groups
Reports tab
„ Viewing reports for the email security service
„ Viewing reports „ View detections „ View unrecognized programs
„ View unrecognized Internet applications
Groups + Policies tab
„ Creating groups to manage your site „ Setting up policies
„ Configuring policies for virus and spyware protection
„ Configuring policies for firewall protection
My Account tab
„ Setting up your account „ Change your SecurityCenter password
„ Managing your subscriptions „ Designating group administrators
Service Summary section
Notification Preferences section
My Logo section
Install Protection
Help tab
Email Page
„ View printed and online documents „ Download utilities
Install Protection New Computers
Install Protection New Computers Email Text
„ Installing Enforced Client „ Standard URL installation
„ Using the portal
Install Protection Existing Computers
Install Protection Existing Computers Email Text
„ Standard URL installation
„ Standard URL installation „ Advanced installation methods
Install Email Security Service
Advanced Installation Methods
„ Using the portal „ Update your MX records
„ Viewing reports for the email security service
Product Purchase
Product Coverage
„ Managing your subscriptions „ Purchase, add, and renew services
„ Request a trial subscription
Computer Details
„ Set up allowed Internet applications
„ Managing your computers „ Make the most of your online data
„ Customize listings and reports „ Specify approved programs
User-Approved Application List
Detection List
„ View detections for a computer
Search Results
„ Specify approved programs „ Set up allowed Internet applications
„ View user-approved applications for a computer
„ Managing your computers „ Search for computers
Detections report by computer
„ View detections „ Make the most of your online data
„ Customize listings and reports
„ Manage your protection strategy with best practices
Detections report by detection
„ View detections „ Make the most of your online data
„ Customize listings and reports
„ Manage your protection strategy with best practices
Unrecognized Programs report by computer
„ Set up allowed Internet applications
„ View unrecognized programs „ Make the most of your online data
„ Customize listings and reports
Unrecognized Programs report by program
„ Specify approved programs „ Set up allowed Internet applications
„ View unrecognized programs
„ View user-approved applications for a computer
Inbound Events Blocked by Firewall report by originating computer
Inbound Events Blocked by Firewall report by destination computer
Lists the IP address of the computer where the event originated
„ View inbound events blocked by the firewall
Inbound Event List
Duplicate Computers report
„ View inbound events blocked by the firewall
„ View duplicate computers „ Display details for a computer
Computer Profiles report
„ View computer profiles
Detection History report
„ View your detection history
„ Manage your protection strategy with best practices
Description
Edit Default Group
Edit Group
„ Creating groups to manage your site „ Setting up policies
„ Creating groups to manage your site „ Setting up policies
View Default Policy
Add Group
„ Setting up policies „ Assign a policy to a group
„ Setting up policies „ Set basic virus protection options
„ Configuring policies for firewall protection
„ Configuring browser protection from the SecurityCenter
„ The SonicWALL Default policy
Firewall Configuration
Enable outbreak response
Enable buffer overflow
Enable script scanning
on-access scans
Edit Policy Virus Protection Settings
„ Set basic virus protection options „ Assign a policy to a group
Edit Policy Spyware Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
„ Configuring policies for firewall protection „ Learn mode
Edit Policy Desktop Firewall Settings
„ Assign a policy to a group
update the policy to User configures firewall
Automatically install the
Firewall Protection Mode
Description
Firewall Custom Settings
„ Configure system services for a custom connection
Add or Edit Incoming Connection
„ Configure IP addresses for a custom connection
„ Configure system services for a custom connection
Cancel
Edit Policy Browser Protection Settings
Edit Policy Advanced Settings
„ Configuring browser protection from the SecurityCenter
„ Update computers where no user is logged on
Settings
Check for updates every
„ Enable buffer overflow protection Detect code starting to run
„ Scan all file types during on-access scans Inspect all types of
Add Policy Virus Protection Settings
„ Set basic virus protection options „ Assign a policy to a group
Add Policy Spyware Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
„ Configuring policies for firewall protection „ Learn mode
Add Policy Desktop Firewall Settings
„ Assign a policy to a group
Firewall Configuration
update the policy to User configures firewall
Automatically install the
Firewall Protection Mode
„ Configuring browser protection from the SecurityCenter
Add Policy Browser Protection Settings
„ Assign a policy to a group
Add Policy Advanced Settings
„ Update computers where no user is logged on
„ Notifying users when support ends „ Assign a policy to a group
„ Set advanced virus protection options
Check for updates every
Settings
Description
Subscription History
„ Managing your subscriptions
Edit Subscription Information
„ Update subscription information
View Cancelled Services
Managed Services
Manage Group Administrators
Manage All Group Administrators
„ Designating group administrators
„ Designating group administrators
Notification Preferences
„ Sign up for email notifications
Edit Profile
Manage Logo
Utilities
„ Set up your profile „ Change your SecurityCenter password
„ Install the standalone installation agent
Silently install protection
Install protection services
previous installation
Report period
Select the time period to display.