6ERSIONS���
3ONIC7!,,C%NFORCED #LIENT !NTI6IRUS AND !NTI3PYWARE 0RODUCTDUIDE
02/4%#4/. !444%/30%%$!/& 53.%33
Attributions
Enforced Client Anti-Virus and Anti-Spyware 4.5COPYRIGHT
TRADEMARK ATTRIBUTIONS
LICENSE INFORMATION License Agreement
Installing Enforced Client
Contents
Introduction
Using Enforced Client
Managing your subscriptions
Using the Virus and Spyware Protection Service
Using the Firewall Protection Service
Disabling on-access scanning
Using the Browser Protection Service
„ How does the software work?
1 Introduction
„ What is Enforced Client? „ What is new in this release?
„ Managing with the online SecurityCenter „ Using this guide
„ Ensure continuous, automatic protection
What is Enforced Client?
„ Select the right version of Enforced Client
„ Protect against many kinds of threats
Protect against many kinds of threats
Select the right version of Enforced Client
Ensure continuous, automatic protection
Chapter 2, Installing Enforced Client
What is new in this release?
New feature
users when support ends on page
„ Internet Independent Updating IIU
How does the software work?
The updating process
„ The updating process „ Outbreak response „ Rumor technology
Figure 1-2 Methods for updating client computers
Retrieving updates
Rumor technology
Outbreak response
Uploading security information
Internet Independent Updating IIU
Figure 1-3 The online SecurityCenter
Managing with the online SecurityCenter
See Using the SecurityCenter on page 55 for more information
User groups
Figure 1-4 Example Sales Team group and Sales policy
Customized policies
Who should read this guide?
Using this guide
„ Who should read this guide? „ Conventions
Example
Conventions
Bold
Condensed
Getting product information
Security Updates DATs, engine HotFix and Patch Releases
Contact information
Avert Labs DAT Notification Service
Product Upgrades Valid grant number required
Introduction
Enforced Client Product Guide
Getting product information
„ After you place your order „ System requirements
Installing Enforced Client
„ Before you install „ Installing Enforced Client
„ Completing the installation „ What should I do after installing?
After you place your order
Protection services
System requirements
Operating systems
„ Operating systems „ RAM „ Email security service
Operating system support ending
Notifying users when support ends
Email server security application
Email security service
Terminal servers
„ Uninstall existing firewall software „ Configure your browser
Before you install
Uninstall existing virus protection software
„ Uninstall existing virus protection software
Finjan
SonicWALL Enterprise
SonicWALL Retail
Computer Associates
Non-Microsoft browsers
Uninstall existing firewall software
Configure your browser
Internet Explorer
Install the standalone installation agent
Standard URL installation
Installing Enforced Client
Standard URL installation
Requirements
Installing on client computers
Sending an installation URL to users
3 When you are prompted to do so, click Install
What is the email address used for?
The administrator
Advanced installation methods
Figure 2-2 Advanced installation methods
Advanced installation method
Requirements
Silent installation
„ Requirements „ Installation
What is my company key?
Installation
VSSETUP parameters
Push installation
Requirements
Considerations for scheduling push installations
„ Requirements „ Installation
1 Download the Push Install utility from the SecurityCenter
To install Enforced Client using the Push Install utility
Installation
Enabling relay servers
If you use a corporate firewall or proxy server
Figure 2-6 Status for target computers
„ Using the Push Install utility „ Using VSSETUP
Completing the installation
Using the Push Install utility
Using VSSETUP
Scan the client computer
Test virus protection
Scan the email Inbox
Set up the default firewall
„ Setting up policies on page „ Viewing reports on page
What should I do after installing?
„ Setting up your account on page
„ Viewing your security services at-a-glance on page
What should I do after installing?
Installing Enforced Client
Enforced Client Product Guide
„ Setting up your account
Using Enforced Client
„ Using the client software „ Updating client computers
„ Using the SecurityCenter „ Getting started
„ Administrative menu and tasks
Using the client software
Enforced Client system tray icon
Removing and displaying the icon
Updating client computers
Administrative menu and tasks
Client menu
„ Update automatically „ Update manually „ Update during an outbreak
Update automatically
Update manually
Update during an outbreak
Update computers where no user is logged on
Using the SecurityCenter
„ Set up your profile „ Change your SecurityCenter password
When you are
Setting up your account
Setting up policies Viewing reports Managing your correspondence
„ Log on to the SecurityCenter „ Access online features and functions
Access online features and functions
Getting started
Log on to the SecurityCenter
Getting started
Using Enforced Client
Figure 3-1 SecurityCenter tabs
Enforced Client Product Guide
Do this
Make the most of your online data
When you want to
Figure 3-2 Page controls for listings and reports
Customize listings and reports
Previous and Next
Using the online help
Do this
Show Navigation
Sign up for email notifications
Setting up your account
Set up your profile
Change your SecurityCenter password
Viewing your security services at-a-glance
„ Purchase, add, and renew services „ Request a trial subscription
Install protection services
View and resolve action items
„ Install protection services „ View and resolve action items
View security coverage for your account
Managing your computers
„ View user-approved applications for a computer
„ Search for computers „ Install protection services
„ Send email to computers „ Block computers from receiving updates
„ Display details for a computer „ View detections for a computer
See Chapter 2, Installing Enforced Client for more information
Search for computers
Display details for a computer
Install protection services
For System email address, type a new email address, then click Save
When you want to
Figure 3-5 Computer Details page
Do this
View user-approved applications for a computer
View detections for a computer
Send email to computers
Move computers into a group
Block computers from receiving updates
Creating groups to manage your site
Delete computers from your reports
„ Create or edit a group „ Delete a group
The Default group
Create or edit a group
Designating group administrators
Delete a group
Figure 3-7 Site and group administrators
„ Create or edit a group administrator „ Delete a group administrator
Create or edit a group administrator
„ Create or edit a policy „ Assign a policy to a group
Setting up policies
Delete a group administrator
„ Restore default policy settings „ Delete a policy
Virus protection
The SonicWALL Default policy
Default setting
All programs types are enabled
Create or edit a policy
Restore default policy settings
Assign a policy to a group
Delete a policy
Viewing reports
Unrecognized
Use this report
To view
Detections
Figure 3-9 Duplicate Computers report
View duplicate computers
„ Update your account’s email address „ Add your logo to reports
Managing your correspondence
View computer profiles
„ Send email to users „ Update user email addresses
Add your logo to reports
Update user email addresses
Update your account’s email address
Send email to users
„ Purchase, add, and renew services „ Request a trial subscription
View your service subscriptions
Managing your subscriptions
„ View your service subscriptions „ Update subscription information
Purchase, add, and renew services
Update subscription information
View printed and online documents
Getting assistance
Request a trial subscription
Receive subscription notifications
Run the Push Install Utility
Download utilities
Contact product support
VSSetup
„ Accessing client features Scan Tasks menu
Using the Virus and Spyware Protection
Service
Accessing client features Scan Tasks menu
Figure 4-1 Scan Tasks menu
Select this command
Disable On-Access Scanner
Scanner see Disabling on-access scanning on page
„ Schedule on-demand scans „ Scan email „ Scan for spyware
Scan automatically on-access scans
Scanning client computers
„ Scan automatically on-access scans „ Scan manually on-demand scans
View scan results
Scan manually on-demand scans
„ View scan results „ How detections are handled
How detections are handled
Scan email
Schedule on-demand scans
Scan for spyware
Close
Clean
Cleaned
Approve
„ Schedule on-demand scans
Configuring policies for virus and spyware protection
Set basic virus protection options
Schedule on-demand scans
Exclude files and folders from virus scans
„ Select your update frequency „ Enable optional protection
Select your update frequency
Enable optional protection
Set advanced virus protection options
rar, .tat, .tgz
Enable script scanning
Enable outbreak response Enable buffer overflow protection
Scan email before delivering to the Outlook Inbox
„ Specify approved programs
Enable spyware protection
Set basic spyware protection options
„ Enable spyware protection „ Select a spyware protection mode
Report
Select a spyware protection mode
Behavior of protection service
Mode
Set advanced spyware protection options
Learn mode
Specify approved programs
Description
Password crackers
2 Click the Advanced Settings tab
Threat type
„ Unrecognized Programs see View unrecognized programs on page
Viewing reports for virus and spyware detections
View detections
„ Detections see View detections
Details page
When you want to
advanced spyware protection options on page
Buffer Overflow Processes
Figure 4-7 Unrecognized Programs report
View unrecognized programs
on page
Using the Unrecognized Programs report
When you want to
the Computer Details page
Figure 4-8 Detection History report
View your detection history
„ Manage quarantined files
Managing detections
Manage your protection strategy with best practices
„ Manage your protection strategy with best practices
2 Select Scan Tasks Quarantine Viewer
Manage quarantined files
Restore
the Quarantine Viewer
2 Select Disable On-Access Scanner or Enable On-Access Scanner
Disabling on-access scanning
Cleaned
Clean failed
Disabling on-access scanning
Using the Virus and Spyware Protection Service
Enforced Client Product Guide
„ Configuring policies for firewall protection
Using the Firewall Protection Service
Accessing client features Firewall Settings command
„ Accessing client features Firewall Settings command
„ Enable firewall protection „ Select a firewall protection mode
Configuring policies for firewall protection
„ Specify who configures firewall protection settings
„ Install the firewall protection service via policy
Figure 5-1 Desktop Firewall policy tab
Specify who configures firewall protection settings
Enable firewall protection
Install the firewall protection service via policy
Learn mode
Select a firewall protection mode
Specify a connection type
Configure a custom connection
„ Configure system services for a custom connection
„ Standard system service ports „ Open a service port
Configure system services for a custom connection
Standard system service ports
„ Configure IP addresses for a custom connection
Open a service port
Close a service port
Add and edit service ports
Configure IP addresses for a custom connection
Set up allowed Internet applications
Specify whether to use SonicWALL recommendations
Specify Internet applications in a policy
View unrecognized Internet applications
Viewing reports for firewall protection
„ Unrecognized Programs see View unrecognized Internet applications
View inbound events blocked by the firewall
Events to display the Inbound Event List
Managing suspicious activity with best practices
„ When running the firewall protection service on a server, ensure that service ports are configured correctly to prevent disruption of system services see Configure system services for a custom connection on page 117. Ensure that no unnecessary ports are open
Enforced Client Product Guide
Using the Firewall Protection Service
Managing suspicious activity with best practices
„ Configuring browser protection settings „ Submitting feedback
Using the Browser Protection Service
Accessing site safety information
„ Accessing site safety information
Staying safe during searches
How safety ratings are compiled
Configuring browser protection on the client
Staying safe while browsing
Settings
Settings
Installing via policy
Configuring browser protection settings
Viewing safety reports
Configuring browser protection from the SecurityCenter
Enable or disable the color coding for the
Configuring browser protection on the client computer
Enable or disable the display of safety icons next
Encrypt the data sent to the server using the
Submitting feedback
„ Configuring a policy for email security
Using the Email Security Service
„ Activating the email security service „ Using the portal
„ Setting up your account „ Viewing your email protection status
Using the portal
Activating the email security service
2 Click Install Protection 3 Select Install email security service
„ Update your MX records „ Customize your account settings
Update your MX records
Customize your account settings
Setting up your account
Recommended first steps
Default settings
1 Add your other domains
Optional customization
Figure 7-2 Administration page
Configure general administration settings
General Settings
Viewing your email protection status
Access basic administration features on the Administration page
Use this feature
To view the status of your service
Viewing reports for the email security service
Configuring a policy for email security
„ View and manage quarantined user messages
Managing quarantined email
View and manage quarantined user messages
Check the Quarantine Summary
View quarantined mail deliveries
Getting more information
Enforced Client Product Guide
Using the Email Security Service
Getting more information
„ Error messages „ Contacting product support
8 Troubleshooting
Uninstalling protection services
„ Uninstalling protection services „ Frequently asked questions FAQ
„ Configuring and managing policies „ Scanning „ Reporting „ Updating
Frequently asked questions FAQ
Installing
„ Installing „ Adding, renewing, and moving licenses
Adding, renewing, and moving licenses
Configuring and managing policies
Reporting
Scanning
Updating
Firewall protection
Email
Browser protection
General
„ Cannot find remote shared directory „ File does not exist
Error messages
„ Installation Declined „ Installation Denied
„ Invalid Entitlement Error
Cannot find remote shared directory
„ MyASUtil.SecureObjectFactory error message „ MyINX Error
„ Unable to connect to the Enforced Client update server
„ Unable to create Cab Installer Object
A registry file is missing
The user doesn’t have administrator rights
The security level of the browser is too high
Internet Explorer is blocking ActiveX controls
Installation Denied Common causes and solutions
1 From the Windows Control Panel, open Add/Remove Programs
If you do not see a Status column, set your view options to Details
1 Select Start Run
See If you use a corporate firewall or proxy server on page
You might need to adjust your corporate firewall or proxy settings
Contacting product support
See reports
Glossary
Compare to group administrator and user
protection service
Compare to trusted connection and untrusted connection
Compare to URL installation
Compare to SecurityCenter website
See policy
See also push installation, silent installation, and URL installation
protection service
protection service
Compare to administrator and user
Compare to prompt mode and protect mode
Compare to protect mode and report mode
Compare to prompt mode and report mode
Compare to silent installation and URL installation
Compare to client software
See on-access scanning and on-demand scanning
Compare to push installation and URL installation
Customer Home site
Compare to trusted connection
Compare to push installation and silent installation
Compare to administrator and group administrator
service
„ Viewing your security services at-a-glance
Login page
SecurityCenter tab
„ Log on to the SecurityCenter „ Change your SecurityCenter password
„ Specify approved programs „ Set up allowed Internet applications
Computers tab
„ Managing your computers „ Install protection services
„ Send email to computers „ Block computers from receiving updates
Groups
Description
Find computers
Add Computer
„ View unrecognized Internet applications
Reports tab
„ Viewing reports for the email security service
„ Viewing reports „ View detections „ View unrecognized programs
„ Configuring policies for firewall protection
Groups + Policies tab
„ Creating groups to manage your site „ Setting up policies
„ Configuring policies for virus and spyware protection
Service Summary section
My Account tab
„ Setting up your account „ Change your SecurityCenter password
„ Managing your subscriptions „ Designating group administrators
My Logo section
Notification Preferences section
„ View printed and online documents „ Download utilities
Install Protection
Help tab
Email Page
„ Using the portal
Install Protection New Computers
Install Protection New Computers Email Text
„ Installing Enforced Client „ Standard URL installation
„ Standard URL installation „ Advanced installation methods
Install Protection Existing Computers
Install Protection Existing Computers Email Text
„ Standard URL installation
„ Viewing reports for the email security service
Install Email Security Service
Advanced Installation Methods
„ Using the portal „ Update your MX records
„ Request a trial subscription
Product Purchase
Product Coverage
„ Managing your subscriptions „ Purchase, add, and renew services
„ Customize listings and reports „ Specify approved programs
Computer Details
„ Set up allowed Internet applications
„ Managing your computers „ Make the most of your online data
User-Approved Application List
Detection List
„ View detections for a computer
„ Managing your computers „ Search for computers
Search Results
„ Specify approved programs „ Set up allowed Internet applications
„ View user-approved applications for a computer
„ Manage your protection strategy with best practices
Detections report by computer
„ View detections „ Make the most of your online data
„ Customize listings and reports
„ Manage your protection strategy with best practices
Detections report by detection
„ View detections „ Make the most of your online data
„ Customize listings and reports
„ Customize listings and reports
Unrecognized Programs report by computer
„ Set up allowed Internet applications
„ View unrecognized programs „ Make the most of your online data
„ View user-approved applications for a computer
Unrecognized Programs report by program
„ Specify approved programs „ Set up allowed Internet applications
„ View unrecognized programs
„ View inbound events blocked by the firewall
Inbound Events Blocked by Firewall report by originating computer
Inbound Events Blocked by Firewall report by destination computer
Lists the IP address of the computer where the event originated
„ View duplicate computers „ Display details for a computer
Inbound Event List
Duplicate Computers report
„ View inbound events blocked by the firewall
„ View computer profiles
Computer Profiles report
Description
Detection History report
„ View your detection history
„ Manage your protection strategy with best practices
„ Creating groups to manage your site „ Setting up policies
Edit Default Group
Edit Group
„ Creating groups to manage your site „ Setting up policies
„ Setting up policies „ Set basic virus protection options
View Default Policy
Add Group
„ Setting up policies „ Assign a policy to a group
Firewall Configuration
„ Configuring policies for firewall protection
„ Configuring browser protection from the SecurityCenter
„ The SonicWALL Default policy
on-access scans
Enable outbreak response
Enable buffer overflow
Enable script scanning
„ Set basic virus protection options „ Assign a policy to a group
Edit Policy Virus Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
Edit Policy Spyware Protection Settings
„ Configuring policies for firewall protection „ Learn mode
Edit Policy Desktop Firewall Settings
„ Assign a policy to a group
Description
update the policy to User configures firewall
Automatically install the
Firewall Protection Mode
„ Configure system services for a custom connection
Firewall Custom Settings
Cancel
Add or Edit Incoming Connection
„ Configure IP addresses for a custom connection
„ Configure system services for a custom connection
„ Update computers where no user is logged on
Edit Policy Browser Protection Settings
Edit Policy Advanced Settings
„ Configuring browser protection from the SecurityCenter
„ Scan all file types during on-access scans Inspect all types of
Settings
Check for updates every
„ Enable buffer overflow protection Detect code starting to run
„ Set basic virus protection options „ Assign a policy to a group
Add Policy Virus Protection Settings
„ Set basic spyware protection options „ Assign a policy to a group
Add Policy Spyware Protection Settings
„ Configuring policies for firewall protection „ Learn mode
Add Policy Desktop Firewall Settings
„ Assign a policy to a group
Firewall Protection Mode
Firewall Configuration
update the policy to User configures firewall
Automatically install the
„ Configuring browser protection from the SecurityCenter
Add Policy Browser Protection Settings
„ Assign a policy to a group
„ Set advanced virus protection options
Add Policy Advanced Settings
„ Update computers where no user is logged on
„ Notifying users when support ends „ Assign a policy to a group
Check for updates every
Settings
Description
„ Managing your subscriptions
Subscription History
Managed Services
Edit Subscription Information
„ Update subscription information
View Cancelled Services
„ Designating group administrators
Manage Group Administrators
Manage All Group Administrators
„ Designating group administrators
„ Sign up for email notifications
Notification Preferences
„ Set up your profile „ Change your SecurityCenter password
Edit Profile
Manage Logo
Utilities
previous installation
„ Install the standalone installation agent
Silently install protection
Install protection services
