02/4%#4/. !444%/30%%$!/& 53.%33
3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE
6ERSIONS���
TRADEMARK ATTRIBUTIONS
Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT
LICENSE INFORMATION License Agreement
Attributions
Introduction
Contents
Installing Enforced Client
Using Enforced Client
Using the Firewall Protection Service
Using the Virus and Spyware Protection Service
Disabling on-access scanning
Managing your subscriptions
Using the Browser Protection Service
„ What is Enforced Client? „ What is new in this release?
1 Introduction
„ Managing with the online SecurityCenter „ Using this guide
„ How does the software work?
„ Select the right version of Enforced Client
What is Enforced Client?
„ Protect against many kinds of threats
„ Ensure continuous, automatic protection
Protect against many kinds of threats
Select the right version of Enforced Client
Ensure continuous, automatic protection
New feature
What is new in this release?
users when support ends on page
Chapter 2, Installing Enforced Client
The updating process
How does the software work?
„ The updating process „ Outbreak response „ Rumor technology
„ Internet Independent Updating IIU
Figure 1-2 Methods for updating client computers
Retrieving updates
Uploading security information
Outbreak response
Rumor technology
Internet Independent Updating IIU
Figure 1-3 The online SecurityCenter
Managing with the online SecurityCenter
See Using the SecurityCenter on page 55 for more information
User groups
Figure 1-4 Example Sales Team group and Sales policy
Customized policies
„ Who should read this guide? „ Conventions
Using this guide
Who should read this guide?
Bold
Conventions
Condensed
Example
Getting product information
Avert Labs DAT Notification Service
Contact information
Product Upgrades Valid grant number required
Security Updates DATs, engine HotFix and Patch Releases
Getting product information
Enforced Client Product Guide
Introduction
„ Before you install „ Installing Enforced Client
Installing Enforced Client
„ Completing the installation „ What should I do after installing?
„ After you place your order „ System requirements
After you place your order
Operating systems
System requirements
„ Operating systems „ RAM „ Email security service
Protection services
Operating system support ending
Notifying users when support ends
Email server security application
Email security service
Terminal servers
Uninstall existing virus protection software
Before you install
„ Uninstall existing virus protection software
„ Uninstall existing firewall software „ Configure your browser
SonicWALL Retail
SonicWALL Enterprise
Computer Associates
Finjan
Configure your browser
Uninstall existing firewall software
Internet Explorer
Non-Microsoft browsers
Install the standalone installation agent
Standard URL installation
Installing Enforced Client
Requirements
Standard URL installation
Installing on client computers
Sending an installation URL to users
3 When you are prompted to do so, click Install
What is the email address used for?
Figure 2-2 Advanced installation methods
Advanced installation methods
Advanced installation method
The administrator
„ Requirements „ Installation
Silent installation
Requirements
What is my company key?
Installation
VSSETUP parameters
Push installation
„ Requirements „ Installation
Considerations for scheduling push installations
1 Download the Push Install utility from the SecurityCenter
Requirements
To install Enforced Client using the Push Install utility
Installation
Figure 2-6 Status for target computers
If you use a corporate firewall or proxy server
Enabling relay servers
Using the Push Install utility
Completing the installation
Using VSSETUP
„ Using the Push Install utility „ Using VSSETUP
Scan the client computer
Test virus protection
Scan the email Inbox
Set up the default firewall
„ Setting up your account on page
What should I do after installing?
„ Viewing your security services at-a-glance on page
„ Setting up policies on page „ Viewing reports on page
Enforced Client Product Guide
Installing Enforced Client
What should I do after installing?
„ Using the client software „ Updating client computers
Using Enforced Client
„ Using the SecurityCenter „ Getting started
„ Setting up your account
Enforced Client system tray icon
Using the client software
Removing and displaying the icon
„ Administrative menu and tasks
Client menu
Administrative menu and tasks
Updating client computers
Update manually
Update automatically
Update during an outbreak
„ Update automatically „ Update manually „ Update during an outbreak
Update computers where no user is logged on
Using the SecurityCenter
Setting up your account
When you are
Setting up policies Viewing reports Managing your correspondence
„ Set up your profile „ Change your SecurityCenter password
Getting started
Access online features and functions
Log on to the SecurityCenter
„ Log on to the SecurityCenter „ Access online features and functions
Figure 3-1 SecurityCenter tabs
Using Enforced Client
Enforced Client Product Guide
Getting started
When you want to
Make the most of your online data
Figure 3-2 Page controls for listings and reports
Do this
Customize listings and reports
Do this
Using the online help
Show Navigation
Previous and Next
Set up your profile
Setting up your account
Change your SecurityCenter password
Sign up for email notifications
Viewing your security services at-a-glance
View and resolve action items
Install protection services
„ Install protection services „ View and resolve action items
„ Purchase, add, and renew services „ Request a trial subscription
View security coverage for your account
Managing your computers
„ Send email to computers „ Block computers from receiving updates
„ Search for computers „ Install protection services
„ Display details for a computer „ View detections for a computer
„ View user-approved applications for a computer
Display details for a computer
Search for computers
Install protection services
See Chapter 2, Installing Enforced Client for more information
Figure 3-5 Computer Details page
When you want to
Do this
For System email address, type a new email address, then click Save
Send email to computers
View detections for a computer
View user-approved applications for a computer
Creating groups to manage your site
Block computers from receiving updates
Delete computers from your reports
Move computers into a group
„ Create or edit a group „ Delete a group
The Default group
Delete a group
Designating group administrators
Create or edit a group
Figure 3-7 Site and group administrators
„ Create or edit a group administrator „ Delete a group administrator
Create or edit a group administrator
Delete a group administrator
Setting up policies
„ Restore default policy settings „ Delete a policy
„ Create or edit a policy „ Assign a policy to a group
Default setting
The SonicWALL Default policy
All programs types are enabled
Virus protection
Assign a policy to a group
Restore default policy settings
Create or edit a policy
Delete a policy
Viewing reports
To view
Use this report
Detections
Unrecognized
Figure 3-9 Duplicate Computers report
View duplicate computers
View computer profiles
Managing your correspondence
„ Send email to users „ Update user email addresses
„ Update your account’s email address „ Add your logo to reports
Update your account’s email address
Update user email addresses
Send email to users
Add your logo to reports
Managing your subscriptions
View your service subscriptions
„ View your service subscriptions „ Update subscription information
„ Purchase, add, and renew services „ Request a trial subscription
Purchase, add, and renew services
Update subscription information
Request a trial subscription
Getting assistance
Receive subscription notifications
View printed and online documents
Contact product support
Download utilities
VSSetup
Run the Push Install Utility
Service
Using the Virus and Spyware Protection
Accessing client features Scan Tasks menu
„ Accessing client features Scan Tasks menu
Disable On-Access Scanner
Select this command
Scanner see Disabling on-access scanning on page
Figure 4-1 Scan Tasks menu
Scanning client computers
Scan automatically on-access scans
„ Scan automatically on-access scans „ Scan manually on-demand scans
„ Schedule on-demand scans „ Scan email „ Scan for spyware
„ View scan results „ How detections are handled
Scan manually on-demand scans
View scan results
How detections are handled
Scan for spyware
Schedule on-demand scans
Scan email
Cleaned
Clean
Approve
Close
Set basic virus protection options
Configuring policies for virus and spyware protection
Schedule on-demand scans
„ Schedule on-demand scans
Exclude files and folders from virus scans
Enable optional protection
Select your update frequency
Set advanced virus protection options
„ Select your update frequency „ Enable optional protection
Enable outbreak response Enable buffer overflow protection
Enable script scanning
Scan email before delivering to the Outlook Inbox
rar, .tat, .tgz
Set basic spyware protection options
Enable spyware protection
„ Enable spyware protection „ Select a spyware protection mode
„ Specify approved programs
Behavior of protection service
Select a spyware protection mode
Mode
Report
Specify approved programs
Learn mode
Set advanced spyware protection options
2 Click the Advanced Settings tab
Password crackers
Threat type
Description
View detections
Viewing reports for virus and spyware detections
„ Detections see View detections
„ Unrecognized Programs see View unrecognized programs on page
advanced spyware protection options on page
When you want to
Buffer Overflow Processes
Details page
Figure 4-7 Unrecognized Programs report
View unrecognized programs
When you want to
Using the Unrecognized Programs report
the Computer Details page
on page
Figure 4-8 Detection History report
View your detection history
Manage your protection strategy with best practices
Managing detections
„ Manage your protection strategy with best practices
„ Manage quarantined files
Restore
Manage quarantined files
the Quarantine Viewer
2 Select Scan Tasks Quarantine Viewer
Cleaned
Disabling on-access scanning
Clean failed
2 Select Disable On-Access Scanner or Enable On-Access Scanner
Enforced Client Product Guide
Using the Virus and Spyware Protection Service
Disabling on-access scanning
Accessing client features Firewall Settings command
Using the Firewall Protection Service
„ Accessing client features Firewall Settings command
„ Configuring policies for firewall protection
„ Specify who configures firewall protection settings
Configuring policies for firewall protection
„ Install the firewall protection service via policy
„ Enable firewall protection „ Select a firewall protection mode
Figure 5-1 Desktop Firewall policy tab
Specify who configures firewall protection settings
Enable firewall protection
Install the firewall protection service via policy
Learn mode
Select a firewall protection mode
„ Configure system services for a custom connection
Configure a custom connection
Specify a connection type
Standard system service ports
Configure system services for a custom connection
„ Configure IP addresses for a custom connection
„ Standard system service ports „ Open a service port
Open a service port
Close a service port
Add and edit service ports
Configure IP addresses for a custom connection
Set up allowed Internet applications
Specify whether to use SonicWALL recommendations
Specify Internet applications in a policy
„ Unrecognized Programs see View unrecognized Internet applications
Viewing reports for firewall protection
View unrecognized Internet applications
View inbound events blocked by the firewall
Events to display the Inbound Event List
Managing suspicious activity with best practices
„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open
Managing suspicious activity with best practices
Using the Firewall Protection Service
Enforced Client Product Guide
Accessing site safety information
Using the Browser Protection Service
„ Accessing site safety information
„ Configuring browser protection settings „ Submitting feedback
Staying safe during searches
How safety ratings are compiled
Settings
Staying safe while browsing
Settings
Configuring browser protection on the client
Viewing safety reports
Configuring browser protection settings
Configuring browser protection from the SecurityCenter
Installing via policy
Enable or disable the display of safety icons next
Configuring browser protection on the client computer
Encrypt the data sent to the server using the
Enable or disable the color coding for the
Submitting feedback
„ Activating the email security service „ Using the portal
Using the Email Security Service
„ Setting up your account „ Viewing your email protection status
„ Configuring a policy for email security
2 Click Install Protection 3 Select Install email security service
Activating the email security service
Using the portal
Customize your account settings
Update your MX records
Setting up your account
„ Update your MX records „ Customize your account settings
1 Add your other domains
Default settings
Recommended first steps
Optional customization
Figure 7-2 Administration page
Configure general administration settings
Access basic administration features on the Administration page
Viewing your email protection status
Use this feature
General Settings
To view the status of your service
Viewing reports for the email security service
Configuring a policy for email security
View and manage quarantined user messages
Managing quarantined email
Check the Quarantine Summary
„ View and manage quarantined user messages
View quarantined mail deliveries
Getting more information
Getting more information
Using the Email Security Service
Enforced Client Product Guide
Uninstalling protection services
8 Troubleshooting
„ Uninstalling protection services „ Frequently asked questions FAQ
„ Error messages „ Contacting product support
Installing
Frequently asked questions FAQ
„ Installing „ Adding, renewing, and moving licenses
„ Configuring and managing policies „ Scanning „ Reporting „ Updating
Adding, renewing, and moving licenses
Configuring and managing policies
Reporting
Scanning
Updating
Firewall protection
General
Browser protection
Email
„ Installation Declined „ Installation Denied
Error messages
„ Invalid Entitlement Error
„ Cannot find remote shared directory „ File does not exist
„ Unable to connect to the Enforced Client update server
„ MyASUtil.SecureObjectFactory error message „ MyINX Error
„ Unable to create Cab Installer Object
Cannot find remote shared directory
The security level of the browser is too high
The user doesn’t have administrator rights
Internet Explorer is blocking ActiveX controls
A registry file is missing
Installation Denied Common causes and solutions
1 Select Start Run
If you do not see a Status column, set your view options to Details
1 From the Windows Control Panel, open Add/Remove Programs
See If you use a corporate firewall or proxy server on page
You might need to adjust your corporate firewall or proxy settings
Contacting product support
Compare to group administrator and user
Glossary
protection service
See reports
Compare to SecurityCenter website
Compare to URL installation
See policy
Compare to trusted connection and untrusted connection
protection service
protection service
Compare to administrator and user
See also push installation, silent installation, and URL installation
Compare to prompt mode and report mode
Compare to protect mode and report mode
Compare to silent installation and URL installation
Compare to prompt mode and protect mode
Compare to push installation and URL installation
See on-access scanning and on-demand scanning
Customer Home site
Compare to client software
Compare to administrator and group administrator
Compare to push installation and silent installation
service
Compare to trusted connection
SecurityCenter tab
Login page
„ Log on to the SecurityCenter „ Change your SecurityCenter password
„ Viewing your security services at-a-glance
„ Managing your computers „ Install protection services
Computers tab
„ Send email to computers „ Block computers from receiving updates
„ Specify approved programs „ Set up allowed Internet applications
Find computers
Description
Add Computer
Groups
„ Viewing reports for the email security service
Reports tab
„ Viewing reports „ View detections „ View unrecognized programs
„ View unrecognized Internet applications
„ Creating groups to manage your site „ Setting up policies
Groups + Policies tab
„ Configuring policies for virus and spyware protection
„ Configuring policies for firewall protection
„ Setting up your account „ Change your SecurityCenter password
My Account tab
„ Managing your subscriptions „ Designating group administrators
Service Summary section
My Logo section
Notification Preferences section
Help tab
Install Protection
Email Page
„ View printed and online documents „ Download utilities
Install Protection New Computers Email Text
Install Protection New Computers
„ Installing Enforced Client „ Standard URL installation
„ Using the portal
Install Protection Existing Computers Email Text
Install Protection Existing Computers
„ Standard URL installation
„ Standard URL installation „ Advanced installation methods
Advanced Installation Methods
Install Email Security Service
„ Using the portal „ Update your MX records
„ Viewing reports for the email security service
Product Coverage
Product Purchase
„ Managing your subscriptions „ Purchase, add, and renew services
„ Request a trial subscription
„ Set up allowed Internet applications
Computer Details
„ Managing your computers „ Make the most of your online data
„ Customize listings and reports „ Specify approved programs
„ View detections for a computer
Detection List
User-Approved Application List
„ Specify approved programs „ Set up allowed Internet applications
Search Results
„ View user-approved applications for a computer
„ Managing your computers „ Search for computers
„ View detections „ Make the most of your online data
Detections report by computer
„ Customize listings and reports
„ Manage your protection strategy with best practices
„ View detections „ Make the most of your online data
Detections report by detection
„ Customize listings and reports
„ Manage your protection strategy with best practices
„ Set up allowed Internet applications
Unrecognized Programs report by computer
„ View unrecognized programs „ Make the most of your online data
„ Customize listings and reports
„ Specify approved programs „ Set up allowed Internet applications
Unrecognized Programs report by program
„ View unrecognized programs
„ View user-approved applications for a computer
Inbound Events Blocked by Firewall report by destination computer
Inbound Events Blocked by Firewall report by originating computer
Lists the IP address of the computer where the event originated
„ View inbound events blocked by the firewall
Duplicate Computers report
Inbound Event List
„ View inbound events blocked by the firewall
„ View duplicate computers „ Display details for a computer
„ View computer profiles
Computer Profiles report
„ View your detection history
Detection History report
„ Manage your protection strategy with best practices
Description
Edit Group
Edit Default Group
„ Creating groups to manage your site „ Setting up policies
„ Creating groups to manage your site „ Setting up policies
Add Group
View Default Policy
„ Setting up policies „ Assign a policy to a group
„ Setting up policies „ Set basic virus protection options
„ Configuring browser protection from the SecurityCenter
„ Configuring policies for firewall protection
„ The SonicWALL Default policy
Firewall Configuration
Enable buffer overflow
Enable outbreak response
Enable script scanning
on-access scans
„ Set basic virus protection options „ Assign a policy to a group
Edit Policy Virus Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
Edit Policy Spyware Protection Settings
„ Assign a policy to a group
Edit Policy Desktop Firewall Settings
„ Configuring policies for firewall protection „ Learn mode
Automatically install the
update the policy to User configures firewall
Firewall Protection Mode
Description
„ Configure system services for a custom connection
Firewall Custom Settings
„ Configure IP addresses for a custom connection
Add or Edit Incoming Connection
„ Configure system services for a custom connection
Cancel
Edit Policy Advanced Settings
Edit Policy Browser Protection Settings
„ Configuring browser protection from the SecurityCenter
„ Update computers where no user is logged on
Check for updates every
Settings
„ Enable buffer overflow protection Detect code starting to run
„ Scan all file types during on-access scans Inspect all types of
„ Set basic virus protection options „ Assign a policy to a group
Add Policy Virus Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
Add Policy Spyware Protection Settings
„ Assign a policy to a group
Add Policy Desktop Firewall Settings
„ Configuring policies for firewall protection „ Learn mode
update the policy to User configures firewall
Firewall Configuration
Automatically install the
Firewall Protection Mode
„ Assign a policy to a group
Add Policy Browser Protection Settings
„ Configuring browser protection from the SecurityCenter
„ Update computers where no user is logged on
Add Policy Advanced Settings
„ Notifying users when support ends „ Assign a policy to a group
„ Set advanced virus protection options
Description
Settings
Check for updates every
„ Managing your subscriptions
Subscription History
„ Update subscription information
Edit Subscription Information
View Cancelled Services
Managed Services
Manage All Group Administrators
Manage Group Administrators
„ Designating group administrators
„ Designating group administrators
„ Sign up for email notifications
Notification Preferences
Manage Logo
Edit Profile
Utilities
„ Set up your profile „ Change your SecurityCenter password
Silently install protection
„ Install the standalone installation agent
Install protection services
previous installation
