SonicWALL TZ 190 CHAPTER 59

745

SonicOS Enhanced 4.0 Administrator Guide

CHAPTER 59

Chapter 59: Activating Anti-Spyware Service

SonicWALL Anti-Spyware is part of the SonicWALL Gateway Anti-Virus, Anti-Virus and

Intrusion Prevention Service solution that provides comprehensive, real-time protection against

viruses, worms, Trojans, spyware, and software vulnerabilities.

The SonicWALL Anti-Spyware Service protects networks from intrusive spyware by cutting off

spyware installations and delivery at the gateway and denying previously installed spyware

from communicating collected information outbound. SonicWALL Anti-Spyware works with

other anti-spyware program, such as programs that remove existing spyware applications from

hosts. You are encouraged to use or install host-based anti-spyware software as an added

measure of defense against spyware.

SonicWALL Anti-Spyware analyzes inbound connections for the most common method of

spyware delivery, ActiveX-based component installations. It also examines inbound setup

executables and cabinet files crossing the gateway, and resets the connections that are

streaming spyware setup files to the LAN. These file packages may be freeware bundled with

adware, keyloggers, or other spyware. If spyware has been installed on a LAN workstation prior

to the SonicWALL Anti-Spyware solution install, the service will examine outbound traffic for

streams originating at spyware infected clients and reset those connections. For example,

when spyware has been profiling a user's browsing habits and attempts to send the profile

information home, the SonicWALL security appliance identifies that traffic and resets the

connection.

The SonicWALL Anti-Spyware Service provides the following protection:

• Blocks spyware delivered through auto-installed ActiveX components, the most common

vehicle for distributing malicious spyware programs.

• Scans and logs spyware threats that are transmitted through the network and alerts

administrators when new spyware is detected and/or blocked.

• Stops existing spyware programs from communicating in the background with hackers and

servers on the Internet, preventing the transfer of confidential information.

• Provides granular control over networked applications by enabling administrators to

selectively permit or deny the installation of spyware programs.

• Prevents e-mailed spyware threats by scanning and then blocking infected e-mails

transmitted either through SMTP, IMAP or Web-based e-mail.