Manuals / SonicWALL / Kitchen Appliance / Frozen Dessert Maker

SonicWALL 4.5 Inbound Event List, Duplicate Computers report, „ Customize listings and reports

Models: 4.5

1 212

Download 212 pages 10.59 Kb

Page 185

Inbound Event List

Enforced Client Product Guide

User Interface Definitions

A

	Item		Description

	Group by		Select Originating Computer to list the computers where events
			originated.
			Select Destination Computer to list the computers where events
			were targeted.

	Computer		Lists the name of each target computer.
			Click the arrow next to the event name to display or hide a list of
			computers where the event originated.
			Select a computer name to display details about it.

	Originating IP Address		Lists the IP address of the computer where the event originated.
	Originating IP Address
	Events		Shows the number of inbound events blocked. Select the quantity to
			display a list of the blocked events.

	Last Event Date		Shows the date when the event was last blocked.
	Last Event Date		Shows the date when the event was last blocked.

Inbound Event List

Use this page to view detailed information about inbound communications that were blocked by the firewall protection service.

The Computer and Report period selected on the previous page determine the content of this listing.

View inbound events blocked by the firewall

	Item			Description

	Attack Type			Shows the type of event that was blocked.
	Event Count			Shows the number of times this type of event was blocked.


	Last Event Date			Shows the date when the event was last blocked.

Duplicate Computers report

Use this report to investigate computers suspected to be duplicates. Duplicate listings usually result when the Enforced Client client software has been installed more than once on a single computer, or when users install it on their new computers without uninstalling it from their previous computers.

If you delete a computer where a valid service is installed, it will be added back to your listing the next time you log on. However, you will no longer be able to view historical report data for that computer.

View duplicate computers

Display details for a computer

View and resolve action items

Make the most of your online data

Customize listings and reports

187

Image 185

SonicWALL 4.5 manual Inbound Event List, Duplicate Computers report, „ View inbound events blocked by the firewall

Contents

02/4%#4/. !444%/30%%$!/& 53.%33 3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE6ERSIONS TRADEMARK ATTRIBUTIONS Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHTLICENSE INFORMATION License Agreement AttributionsIntroduction ContentsInstalling Enforced Client Using Enforced Client Using the Firewall Protection Service Using the Virus and Spyware Protection ServiceDisabling on-access scanning Managing your subscriptionsUsing the Browser Protection Service „ What is Enforced Client? „ What is new in this release? 1 Introduction„ Managing with the online SecurityCenter „ Using this guide „ How does the software work?„ Select the right version of Enforced Client What is Enforced Client?„ Protect against many kinds of threats „ Ensure continuous, automatic protectionProtect against many kinds of threats Select the right version of Enforced ClientEnsure continuous, automatic protection New feature What is new in this release?users when support ends on page Chapter 2, Installing Enforced ClientThe updating process How does the software work?„ The updating process „ Outbreak response „ Rumor technology „ Internet Independent Updating IIUFigure 1-2 Methods for updating client computers Retrieving updatesUploading security information Outbreak responseRumor technology Internet Independent Updating IIU Figure 1-3 The online SecurityCenter Managing with the online SecurityCenterSee Using the SecurityCenter on page 55 for more information User groups Figure 1-4 Example Sales Team group and Sales policy Customized policies„ Who should read this guide? „ Conventions Using this guideWho should read this guide? Bold ConventionsCondensed ExampleGetting product information Avert Labs DAT Notification Service Contact informationProduct Upgrades Valid grant number required Security Updates DATs, engine HotFix and Patch ReleasesGetting product information Enforced Client Product GuideIntroduction „ Before you install „ Installing Enforced Client Installing Enforced Client„ Completing the installation „ What should I do after installing? „ After you place your order „ System requirementsAfter you place your order Operating systems System requirements„ Operating systems „ RAM „ Email security service Protection servicesOperating system support ending Notifying users when support endsEmail server security application Email security serviceTerminal servers Uninstall existing virus protection software Before you install„ Uninstall existing virus protection software „ Uninstall existing firewall software „ Configure your browserSonicWALL Retail SonicWALL EnterpriseComputer Associates FinjanConfigure your browser Uninstall existing firewall softwareInternet Explorer Non-Microsoft browsersInstall the standalone installation agent Standard URL installation Installing Enforced ClientRequirements Standard URL installationInstalling on client computers Sending an installation URL to users3 When you are prompted to do so, click Install What is the email address used for?Figure 2-2 Advanced installation methods Advanced installation methodsAdvanced installation method The administrator„ Requirements „ Installation Silent installationRequirements What is my company key? InstallationVSSETUP parameters Push installation „ Requirements „ Installation Considerations for scheduling push installations1 Download the Push Install utility from the SecurityCenter RequirementsTo install Enforced Client using the Push Install utility InstallationFigure 2-6 Status for target computers If you use a corporate firewall or proxy serverEnabling relay servers Using the Push Install utility Completing the installationUsing VSSETUP „ Using the Push Install utility „ Using VSSETUPScan the client computer Test virus protectionScan the email Inbox Set up the default firewall„ Setting up your account on page What should I do after installing?„ Viewing your security services at-a-glance on page „ Setting up policies on page „ Viewing reports on pageEnforced Client Product Guide Installing Enforced ClientWhat should I do after installing? „ Using the client software „ Updating client computers Using Enforced Client„ Using the SecurityCenter „ Getting started „ Setting up your accountEnforced Client system tray icon Using the client softwareRemoving and displaying the icon „ Administrative menu and tasksClient menu Administrative menu and tasksUpdating client computers Update manually Update automaticallyUpdate during an outbreak „ Update automatically „ Update manually „ Update during an outbreakUpdate computers where no user is logged on Using the SecurityCenterSetting up your account When you areSetting up policies Viewing reports Managing your correspondence „ Set up your profile „ Change your SecurityCenter passwordGetting started Access online features and functionsLog on to the SecurityCenter „ Log on to the SecurityCenter „ Access online features and functionsFigure 3-1 SecurityCenter tabs Using Enforced ClientEnforced Client Product Guide Getting startedWhen you want to Make the most of your online dataFigure 3-2 Page controls for listings and reports Do thisCustomize listings and reports Do this Using the online helpShow Navigation Previous and NextSet up your profile Setting up your accountChange your SecurityCenter password Sign up for email notificationsViewing your security services at-a-glance View and resolve action items Install protection services„ Install protection services „ View and resolve action items „ Purchase, add, and renew services „ Request a trial subscriptionView security coverage for your account Managing your computers„ Send email to computers „ Block computers from receiving updates „ Search for computers „ Install protection services„ Display details for a computer „ View detections for a computer „ View user-approved applications for a computerDisplay details for a computer Search for computersInstall protection services See Chapter 2, Installing Enforced Client for more informationFigure 3-5 Computer Details page When you want toDo this For System email address, type a new email address, then click SaveSend email to computers View detections for a computerView user-approved applications for a computer Creating groups to manage your site Block computers from receiving updatesDelete computers from your reports Move computers into a group„ Create or edit a group „ Delete a group The Default groupDelete a group Designating group administratorsCreate or edit a group Figure 3-7 Site and group administrators „ Create or edit a group administrator „ Delete a group administrator Create or edit a group administratorDelete a group administrator Setting up policies„ Restore default policy settings „ Delete a policy „ Create or edit a policy „ Assign a policy to a groupDefault setting The SonicWALL Default policyAll programs types are enabled Virus protectionAssign a policy to a group Restore default policy settingsCreate or edit a policy Delete a policy Viewing reportsTo view Use this reportDetections UnrecognizedFigure 3-9 Duplicate Computers report View duplicate computersView computer profiles Managing your correspondence„ Send email to users „ Update user email addresses „ Update your account’s email address „ Add your logo to reportsUpdate your account’s email address Update user email addressesSend email to users Add your logo to reportsManaging your subscriptions View your service subscriptions„ View your service subscriptions „ Update subscription information „ Purchase, add, and renew services „ Request a trial subscriptionPurchase, add, and renew services Update subscription informationRequest a trial subscription Getting assistanceReceive subscription notifications View printed and online documentsContact product support Download utilitiesVSSetup Run the Push Install UtilityService Using the Virus and Spyware ProtectionAccessing client features Scan Tasks menu „ Accessing client features Scan Tasks menuDisable On-Access Scanner Select this commandScanner see Disabling on-access scanning on page Figure 4-1 Scan Tasks menuScanning client computers Scan automatically on-access scans„ Scan automatically on-access scans „ Scan manually on-demand scans „ Schedule on-demand scans „ Scan email „ Scan for spyware„ View scan results „ How detections are handled Scan manually on-demand scansView scan results How detections are handled Scan for spyware Schedule on-demand scansScan email Cleaned CleanApprove CloseSet basic virus protection options Configuring policies for virus and spyware protectionSchedule on-demand scans „ Schedule on-demand scansExclude files and folders from virus scans Enable optional protection Select your update frequencySet advanced virus protection options „ Select your update frequency „ Enable optional protectionEnable outbreak response Enable buffer overflow protection Enable script scanningScan email before delivering to the Outlook Inbox rar, .tat, .tgzSet basic spyware protection options Enable spyware protection„ Enable spyware protection „ Select a spyware protection mode „ Specify approved programsBehavior of protection service Select a spyware protection modeMode ReportSpecify approved programs Learn modeSet advanced spyware protection options 2 Click the Advanced Settings tab Password crackersThreat type DescriptionView detections Viewing reports for virus and spyware detections„ Detections see View detections „ Unrecognized Programs see View unrecognized programs on pageadvanced spyware protection options on page When you want toBuffer Overflow Processes Details pageFigure 4-7 Unrecognized Programs report View unrecognized programsWhen you want to Using the Unrecognized Programs reportthe Computer Details page on pageFigure 4-8 Detection History report View your detection historyManage your protection strategy with best practices Managing detections„ Manage your protection strategy with best practices „ Manage quarantined filesRestore Manage quarantined filesthe Quarantine Viewer 2 Select Scan Tasks Quarantine ViewerCleaned Disabling on-access scanningClean failed 2 Select Disable On-Access Scanner or Enable On-Access ScannerEnforced Client Product Guide Using the Virus and Spyware Protection ServiceDisabling on-access scanning Accessing client features Firewall Settings command Using the Firewall Protection Service„ Accessing client features Firewall Settings command „ Configuring policies for firewall protection„ Specify who configures firewall protection settings Configuring policies for firewall protection„ Install the firewall protection service via policy „ Enable firewall protection „ Select a firewall protection modeFigure 5-1 Desktop Firewall policy tab Specify who configures firewall protection settingsEnable firewall protection Install the firewall protection service via policyLearn mode Select a firewall protection mode„ Configure system services for a custom connection Configure a custom connectionSpecify a connection type Standard system service ports Configure system services for a custom connection„ Configure IP addresses for a custom connection „ Standard system service ports „ Open a service portOpen a service port Close a service port Add and edit service portsConfigure IP addresses for a custom connection Set up allowed Internet applicationsSpecify whether to use SonicWALL recommendations Specify Internet applications in a policy„ Unrecognized Programs see View unrecognized Internet applications Viewing reports for firewall protectionView unrecognized Internet applications View inbound events blocked by the firewall Events to display the Inbound Event List Managing suspicious activity with best practices„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open Managing suspicious activity with best practices Using the Firewall Protection ServiceEnforced Client Product Guide Accessing site safety information Using the Browser Protection Service„ Accessing site safety information „ Configuring browser protection settings „ Submitting feedbackStaying safe during searches How safety ratings are compiledSettings Staying safe while browsingSettings Configuring browser protection on the clientViewing safety reports Configuring browser protection settingsConfiguring browser protection from the SecurityCenter Installing via policyEnable or disable the display of safety icons next Configuring browser protection on the client computerEncrypt the data sent to the server using the Enable or disable the color coding for theSubmitting feedback „ Activating the email security service „ Using the portal Using the Email Security Service„ Setting up your account „ Viewing your email protection status „ Configuring a policy for email security2 Click Install Protection 3 Select Install email security service Activating the email security serviceUsing the portal Customize your account settings Update your MX recordsSetting up your account „ Update your MX records „ Customize your account settings1 Add your other domains Default settingsRecommended first steps Optional customization Figure 7-2 Administration page Configure general administration settingsAccess basic administration features on the Administration page Viewing your email protection statusUse this feature General SettingsTo view the status of your service Viewing reports for the email security service Configuring a policy for email securityView and manage quarantined user messages Managing quarantined emailCheck the Quarantine Summary „ View and manage quarantined user messagesView quarantined mail deliveries Getting more informationGetting more information Using the Email Security ServiceEnforced Client Product Guide Uninstalling protection services 8 Troubleshooting„ Uninstalling protection services „ Frequently asked questions FAQ „ Error messages „ Contacting product supportInstalling Frequently asked questions FAQ„ Installing „ Adding, renewing, and moving licenses „ Configuring and managing policies „ Scanning „ Reporting „ UpdatingAdding, renewing, and moving licenses Configuring and managing policiesReporting ScanningUpdating Firewall protection General Browser protectionEmail „ Installation Declined „ Installation Denied Error messages„ Invalid Entitlement Error „ Cannot find remote shared directory „ File does not exist„ Unable to connect to the Enforced Client update server „ MyASUtil.SecureObjectFactory error message „ MyINX Error„ Unable to create Cab Installer Object Cannot find remote shared directoryThe security level of the browser is too high The user doesn’t have administrator rightsInternet Explorer is blocking ActiveX controls A registry file is missingInstallation Denied Common causes and solutions 1 Select Start Run If you do not see a Status column, set your view options to Details1 From the Windows Control Panel, open Add/Remove Programs See If you use a corporate firewall or proxy server on page You might need to adjust your corporate firewall or proxy settingsContacting product support Compare to group administrator and user Glossaryprotection service See reportsCompare to SecurityCenter website Compare to URL installationSee policy Compare to trusted connection and untrusted connectionprotection service protection serviceCompare to administrator and user See also push installation, silent installation, and URL installationCompare to prompt mode and report mode Compare to protect mode and report modeCompare to silent installation and URL installation Compare to prompt mode and protect modeCompare to push installation and URL installation See on-access scanning and on-demand scanningCustomer Home site Compare to client softwareCompare to administrator and group administrator Compare to push installation and silent installationservice Compare to trusted connectionSecurityCenter tab Login page„ Log on to the SecurityCenter „ Change your SecurityCenter password „ Viewing your security services at-a-glance„ Managing your computers „ Install protection services Computers tab„ Send email to computers „ Block computers from receiving updates „ Specify approved programs „ Set up allowed Internet applicationsFind computers DescriptionAdd Computer Groups„ Viewing reports for the email security service Reports tab„ Viewing reports „ View detections „ View unrecognized programs „ View unrecognized Internet applications„ Creating groups to manage your site „ Setting up policies Groups + Policies tab„ Configuring policies for virus and spyware protection „ Configuring policies for firewall protection„ Setting up your account „ Change your SecurityCenter password My Account tab„ Managing your subscriptions „ Designating group administrators Service Summary sectionMy Logo section Notification Preferences sectionHelp tab Install ProtectionEmail Page „ View printed and online documents „ Download utilitiesInstall Protection New Computers Email Text Install Protection New Computers„ Installing Enforced Client „ Standard URL installation „ Using the portalInstall Protection Existing Computers Email Text Install Protection Existing Computers„ Standard URL installation „ Standard URL installation „ Advanced installation methodsAdvanced Installation Methods Install Email Security Service„ Using the portal „ Update your MX records „ Viewing reports for the email security serviceProduct Coverage Product Purchase„ Managing your subscriptions „ Purchase, add, and renew services „ Request a trial subscription„ Set up allowed Internet applications Computer Details„ Managing your computers „ Make the most of your online data „ Customize listings and reports „ Specify approved programs„ View detections for a computer Detection ListUser-Approved Application List „ Specify approved programs „ Set up allowed Internet applications Search Results„ View user-approved applications for a computer „ Managing your computers „ Search for computers„ View detections „ Make the most of your online data Detections report by computer„ Customize listings and reports „ Manage your protection strategy with best practices„ View detections „ Make the most of your online data Detections report by detection„ Customize listings and reports „ Manage your protection strategy with best practices„ Set up allowed Internet applications Unrecognized Programs report by computer„ View unrecognized programs „ Make the most of your online data „ Customize listings and reports„ Specify approved programs „ Set up allowed Internet applications Unrecognized Programs report by program„ View unrecognized programs „ View user-approved applications for a computerInbound Events Blocked by Firewall report by destination computer Inbound Events Blocked by Firewall report by originating computerLists the IP address of the computer where the event originated „ View inbound events blocked by the firewallDuplicate Computers report Inbound Event List„ View inbound events blocked by the firewall „ View duplicate computers „ Display details for a computer„ View computer profiles Computer Profiles report„ View your detection history Detection History report„ Manage your protection strategy with best practices DescriptionEdit Group Edit Default Group„ Creating groups to manage your site „ Setting up policies „ Creating groups to manage your site „ Setting up policiesAdd Group View Default Policy„ Setting up policies „ Assign a policy to a group „ Setting up policies „ Set basic virus protection options„ Configuring browser protection from the SecurityCenter „ Configuring policies for firewall protection„ The SonicWALL Default policy Firewall ConfigurationEnable buffer overflow Enable outbreak responseEnable script scanning on-access scans„ Set basic virus protection options „ Assign a policy to a group Edit Policy Virus Protection Settings„ Set basic spyware protection options „ Assign a policy to a group Edit Policy Spyware Protection Settings„ Assign a policy to a group Edit Policy Desktop Firewall Settings„ Configuring policies for firewall protection „ Learn mode Automatically install the update the policy to User configures firewallFirewall Protection Mode Description„ Configure system services for a custom connection Firewall Custom Settings„ Configure IP addresses for a custom connection Add or Edit Incoming Connection„ Configure system services for a custom connection CancelEdit Policy Advanced Settings Edit Policy Browser Protection Settings„ Configuring browser protection from the SecurityCenter „ Update computers where no user is logged onCheck for updates every Settings„ Enable buffer overflow protection Detect code starting to run „ Scan all file types during on-access scans Inspect all types of„ Set basic virus protection options „ Assign a policy to a group Add Policy Virus Protection Settings„ Set basic spyware protection options „ Assign a policy to a group Add Policy Spyware Protection Settings„ Assign a policy to a group Add Policy Desktop Firewall Settings„ Configuring policies for firewall protection „ Learn mode update the policy to User configures firewall Firewall ConfigurationAutomatically install the Firewall Protection Mode„ Assign a policy to a group Add Policy Browser Protection Settings„ Configuring browser protection from the SecurityCenter „ Update computers where no user is logged on Add Policy Advanced Settings„ Notifying users when support ends „ Assign a policy to a group „ Set advanced virus protection optionsDescription SettingsCheck for updates every „ Managing your subscriptions Subscription History„ Update subscription information Edit Subscription InformationView Cancelled Services Managed ServicesManage All Group Administrators Manage Group Administrators„ Designating group administrators „ Designating group administrators„ Sign up for email notifications Notification PreferencesManage Logo Edit ProfileUtilities „ Set up your profile „ Change your SecurityCenter passwordSilently install protection „ Install the standalone installation agentInstall protection services previous installation