1. Manuals
  2. Brands
  3. F-SECURE Manuals
  4. Software
  5. ANTI-VIRUS FOR MICROSOFT EXCHANGE 9.00
  6. Administrator's manual

F-SECURE CLIENT SECURITY 9.00 Administrator's Manual

Hide thumbs Also See for CLIENT SECURITY 9.00:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual
F-Secure Client Security
Administrator's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CLIENT SECURITY 9.00 and is the answer not in the manual?

Questions and answers

Related Manuals for F-SECURE CLIENT SECURITY 9.00

Summary of Contents for F-SECURE CLIENT SECURITY 9.00

  • Page 1 F-Secure Client Security Administrator's Guide...

  • Page 3: Table Of Contents

    F-Secure Client Security | TOC | 3 Contents Chapter 1: Introduction...............9 System requirements......................10 Policy Manager Server....................10 Policy Manager Console....................10 Main components........................12 Features..........................13 Product registration.........................14 Application management......................15 Basic terminology........................16 Chapter 2: Installing the product............17 Installation steps........................18 Download and run the installation package..............18 Select components to install..................18...
  • Page 4 4 | F-Secure Client Security | TOC Connection properties....................46 Changing communication preferences................46 Managing domains and hosts....................48 Adding policy domains....................48 Adding hosts...........................49 Adding hosts in Windows domains................49 Importing autoregistered hosts..................49 Push installations......................51 Policy-based installation....................53 Local installation and updates with pre-configured packages........55 Local installation and Policy Manager..................58...
  • Page 5 F-Secure Client Security | TOC | 5 Setting up spyware control for the whole domain............78 Launching spyware scanning in the whole domain.............79 Allowing the use of a spyware or riskware component..........79 Managing quarantined objects....................80 Deleting quarantined objects..................80 Releasing quarantined objects..................80 Preventing users from changing settings................82...
  • Page 6 Suspending downloads and updates..................129 Allowing users to unload F-Secure products................130 Chapter 10: Virus information............131 Malware information and tools on the F-Secure web pages..........132 How to send a virus sample to F-Secure................133 How to package a virus sample.................133 What should be sent....................133 How to send the virus sample..................134...
  • Page 7 F-Secure Client Security | TOC | 7 Allowing or denying events requested by a specific application automatically..143 Configuring Policy Manager Proxy..................145 Configuring automatic updates on hosts from Policy Manager Proxy........146 Excluding an application from the web traffic scanner............147 Chapter 13: Advanced features: Internet Shield......149 Managing Internet Shield properties remotely..............150...
  • Page 8 8 | F-Secure Client Security | TOC...

  • Page 9: Chapter 1: Introduction

    Chapter Introduction Topics: Policy Manager can be used for: • defining security policies, • System requirements • distributing security policies, • Main components • installing application software to local and remote systems, • Features • monitoring the activities of all systems in the enterprise to ensure •...

  • Page 10: System Requirements

    10 | F-Secure Client Security | Introduction System requirements This section provides the system requirements for both Policy Manager Server and Policy Manager Console. Policy Manager Server In order to install Policy Manager Server, your system must meet the minimum requirements given here.
  • Page 11 F-Secure Client Security | Introduction | 11 Operating system: Microsoft Windows: • Windows XP Professional (SP2 or higher) • Windows Vista (32-bit or 64-bit) with or without SP1; Business, Enterprise or Ultimate editions • Windows 7 (32-bit or 64-bit); Professional, Enterprise or Ultimate editions •...

  • Page 12: Main Components

    12 | F-Secure Client Security | Introduction Main components The power of Policy Manager lies in the F-Secure management architecture, which provides high scalability for a distributed, mobile workforce. Policy Manager Policy Manager Console provides a centralized management console for the security of Console the managed hosts in the network.

  • Page 13: Features

    Updates can be provided in several ways: • From an F-Secure CD. • From the F-Secure web site to the customer. These can be automatically ‘pushed’ by Automatic Update Agent, or voluntarily ‘pulled’ from the F-Secure web site. • Policy Manager Console can be used to export pre-configured installation packages, which can also be delivered using third-party software, such as SMS and similar tools.

  • Page 14: Product Registration

    In order to improve our service, we collect statistical information regarding the use of F-Secure products. To help F-Secure provide better service and support, you can allow us to link this information to your contact information. To allow this, please enter the customer number from your license certificate during the installation of Policy Manager.

  • Page 15: Application Management

    Policy Manager, and performs policy-based installations. Cisco Network Admission Control (NAC) Support F-Secure Corporation participates in the Network Admission Control (NAC) collaboration led by Cisco ® Systems .

  • Page 16: Basic Terminology

    A security policy is a set of well-defined rules that regulate how sensitive information and other resources are managed, protected, and distributed. The management architecture of F-Secure software uses policies that are centrally configured by the administrator for optimum control of security in a corporate environment.

  • Page 17: Chapter 2: Installing The Product

    Chapter Installing the product Topics: Here you will find instructions for installing the main product components; Policy Manager Server and Policy Manager Console. • Installation steps • Changing the web browser path • Uninstalling the product...

  • Page 18: Installation Steps

    18 | F-Secure Client Security | Installing the product Installation steps Follow these steps in the order given here to install Policy Manager Server and Policy Manager Console on the same machine. Download and run the installation package The first stage in installing Policy Manager is to download and run the installation package.

  • Page 19: Complete Installation Of The Product

    F-Secure Client Security | Installing the product | 19 Note: This dialog is displayed only if a previous installation of Policy Manager Server was detected on the computer. • By default the setup keeps the existing settings. Select this option if you have manually updated the Policy Manager Server configuration.
  • Page 20 When setting up workstations, you must provide them with a copy of the admin.pub key file (or access to it). If you install the F-Secure products on the workstations remotely with Policy Manager, a copy of the admin.pub key file is installed automatically on them. However, if you run the setup from a CD, you must transfer a copy of the admin.pub key file manually to the workstations.

  • Page 21: Changing The Web Browser Path

    F-Secure Client Security | Installing the product | 21 Changing the web browser path Policy Manager Console acquires the file path to the default web browser during setup. If you want to change the web browser path: 1. Select Tools Preferences from the menu.

  • Page 22: Uninstalling The Product

    22 | F-Secure Client Security | Installing the product Uninstalling the product Follow these steps to uninstall Policy Manager components. To uninstall any Policy Manager components: 1. Open the Windows Start menu and go to Control Panel. 2. Select Add/Remove Programs.

  • Page 23: Chapter 3: Anti-Virus Mode User Interface

    Chapter Anti-virus mode user interface Topics: This section provides a reference of the settings available on the various pages of the Anti-virus mode user interface. • Policy domains tab Note: Policy Manager also includes another user interface, the • Management tabs Advanced mode user interface.

  • Page 24: Policy Domains Tab

    24 | F-Secure Client Security | Anti-virus mode user interface Policy domains tab You can perform actions for policy domains and hosts within the Policy domains tab. In the Policy domains tab, you can do the following: • Add a new policy domain by clicking the icon, which is located on the toolbar.

  • Page 25: Management Tabs

    F-Secure Client Security | Anti-virus mode user interface | 25 Management tabs This section describes the management tabs (Summary, Settings, Status, Alerts, Reports, Installation and Operations), and the different pages on each of these tabs. Summary tab Summary tab is designed to display the most important information concerning the selected domain(s) or host(s) at a glance.
  • Page 26 Outdated means that the virus definitions are older than the configured time limit. Note: If you have F-Secure Anti-Virus 5.40 installed on some hosts, the virus definitions version on these hosts is displayed as Unknown. If you need to update the virus definitions on some hosts, click Update virus definitions..., which takes...

  • Page 27: Settings Tab

    F-Secure Client Security | Anti-virus mode user interface | 27 Host In the Host section you can: • See the name of the selected host displayed beside Computer identity. You can also access more detailed information on the host by clicking View host properties..
  • Page 28 28 | F-Secure Client Security | Anti-virus mode user interface Automatic updates Automatic Updates page is divided into two sections; Automatic Updates and Neighborcast. Automatic Updates In the Automatic Updates section you can: • Enable or disable automatic updates. Note that deselecting this setting disables all ways for the host to get automatic updates.
  • Page 29 F-Secure Client Security | Anti-virus mode user interface | 29 Manual scanning The settings displayed on this page affect the scans that are run manually by the host users. Manual File Scanning In this section, the following options are available for selecting what to scan: •...
  • Page 30 30 | F-Secure Client Security | Anti-virus mode user interface Scheduled Scanning Configure scheduled scanning in advanced mode... link takes you to the Advanced mode user interface, where scheduled scanning can be configured. Manual Boot Sector Scanning In this section you can: •...
  • Page 31 F-Secure Client Security | Anti-virus mode user interface | 31 • Select the action to take when an incoming infected attachment is detected. • Select the action to take when scanning fails. • Select the action to take when malformed message parts are detected.
  • Page 32 32 | F-Secure Client Security | Anti-virus mode user interface Firewall Security Levels Table (Global) This table displays the security levels that are available globally in the system. The security levels table is the same for all policy domains, but enabling and disabling individual security levels can be done per policy domain.
  • Page 33 F-Secure Client Security | Anti-virus mode user interface | 33 and the firewall then allows outgoing reply packets from the server applications. Outgoing packets from ordinary applications need to be allowed by the rules in the firewall rules table. Firewall services Service, short for network service, means a service that is available on the network, e.g.
  • Page 34 The settings in this section define how ratings for web sites are shown and whether web sites rated as harmful are blocked for users. These safety ratings are based on information from several sources, such as F-Secure malware analysts and F-Secure partners, as well as ratings given by other users of browsing protection.

  • Page 35: Status Tab

    This option specifies whether the user is allowed to unload all F-Secure products temporarily, for example in order to free memory for games or similar applications. Note that the main functions of the products are disabled during the time the product is unloaded and thus the computer becomes vulnerable to viruses and attacks.
  • Page 36 • Virus definitions version. • The date and time when virus definitions on F-Secure Gateway products were last updated. • Update delta, which is the time between the last virus definitions update on the host and the last time the host has sent statistics to Policy Manager.

  • Page 37: Alerts Tab

    F-Secure Client Security | Anti-virus mode user interface | 37 • Policy Manager Proxy version. Centralized management Centralized management page displays a summary of information relating to central management: • Policy file timestamp. • Policy file counter; this is the number of the policy file currently in use on the host.

  • Page 38: Installation Tab

    38 | F-Secure Client Security | Anti-virus mode user interface Installation tab Installation tab is the first one that opens when Policy Manager Console is installed. Installation tab contains shortcuts to all installation-related features. It also displays a list of available software installation packages.

  • Page 39: The Toolbar

    F-Secure Client Security | Anti-virus mode user interface | 39 The toolbar The toolbar contains buttons for the most common Policy Manager Console tasks Saves the policy data. Distributes the policy. Go to the previous domain or host in the domain tree selection history.

  • Page 40: Menu Commands

    40 | F-Secure Client Security | Anti-virus mode user interface Menu commands This section provides a reference of the available menu commands in Policy Manager Console. Menu Command Action File New policy Creates a new policy data instance with the Management Information Base (MIB) defaults.
  • Page 41 F-Secure Client Security | Anti-virus mode user interface | 41 Menu Command Action Anti-virus mode Changes to the Anti-virus mode user interface, which is optimized for centrally managing Client Security. Refresh <Item> Manually refreshes the status, alert, or report view. The menu item changes according to the selected page or tab.

  • Page 42: Settings Inheritance

    42 | F-Secure Client Security | Anti-virus mode user interface Settings inheritance This section explains how settings inheritance works and how inherited settings and settings that have been redefined on the current level are displayed in the user interface. The settings in Policy Manager Console can either be inherited from a higher level in the policy domain structure, or they may have been changed on the current level.

  • Page 43: Locking And Unlocking All Settings On A Page At Once

    F-Secure Client Security | Anti-virus mode user interface | 43 Not inherited Inherited Description Check boxes Inherited values are displayed as dimmed on a grey background. Values that are not inherited are displayed on a white background. Locking and unlocking all settings on a page at once You can choose to lock or unlock all of the settings on a page.

  • Page 45: Chapter 4: Setting Up The Managed Network

    Chapter Setting up the managed network Topics: Policy Manager offers you several ways to deploy Client Security in your company: • Logging in • In a Windows domain you can use the Autodiscover • Managing domains and hosts Autoregistration features to automate the creation of the managed •...

  • Page 46: Logging In

    46 | F-Secure Client Security | Setting up the managed network Logging in When you start Policy Manager Console, the Login dialog box will open. Tip: You can click Options to expand the dialog box to include more options. Login dialog box can be used to select defined connections.
  • Page 47 F-Secure Client Security | Setting up the managed network | 47 3. Click Polling period options to change the polling intervals. Polling period dialog box opens. 4. Modify the polling intervals to suit your environment. The communication protocol selection affects the default polling intervals. If you are not interested in certain management information, you should switch unnecessary polling off by clearing the polling item you want to disable.

  • Page 48: Managing Domains And Hosts

    48 | F-Secure Client Security | Setting up the managed network Managing domains and hosts If you want to use different security policies for different types of hosts (laptops, desktops, servers), for users in different parts of the organization or users with different levels of computer knowledge, it is a good idea to plan the domain structure based on these criteria.

  • Page 49: Adding Hosts

    F-Secure Client Security | Setting up the managed network | 49 Adding hosts This section describes different ways of adding hosts to a policy domain. The main methods of adding hosts to your policy domain, depending on your operating system, are as follows: •...
  • Page 50 50 | F-Secure Client Security | Setting up the managed network Using autoregistration import rules You can define the import rules for the autoregistered hosts on the Import rules tab in the Import autoregistered hosts window. You can use the following as import criteria in the rules: •...

  • Page 51: Push Installations

    After the target hosts are selected, both push installation operations proceed the same way. Note: Before you start to install F-Secure products on hosts, you should make sure there are no conflicting antivirus or firewall programs installed on them.
  • Page 52 52 | F-Secure Client Security | Setting up the managed network • Hide already managed hosts. Select this check box to show only those hosts, which do not have F-Secure applications installed. • Resolve hosts with all details (slower). With this selection, all details about the hosts are shown, such as the versions of the operating system and Management Agent.

  • Page 53: Policy-Based Installation

    F-Secure Client Security | Setting up the managed network | 53 Note: Push Installation requires administrator rights for the target machine during the installation. If the account you entered does not have administrator rights on one of the remote hosts, an...
  • Page 54 54 | F-Secure Client Security | Setting up the managed network Using the installation editor The installation editor must be used on those hosts that already have Management Agent installed. To use the installation editor: 1. Open the Policy tab and select the root node (the F-Secure sub-tree).

  • Page 55: Local Installation And Updates With Pre-Configured Packages

    F-Secure Client Security | Setting up the managed network | 55 Installation editor launches the Installation wizard, which queries the user for the installation parameters. The Installation editor then prepares a distribution installation package that is customized for the specific installation operation. The new package is saved on Policy Manager Server.
  • Page 56 56 | F-Secure Client Security | Setting up the managed network Using the customized remote installation package There are two ways of using the login script on Windows platforms: by using a customized remote installation JAR package or by using a customized MSI package.
  • Page 57 F-Secure Client Security | Setting up the managed network | 57 Enter ILAUNCHR /? on the command line to display complete help. When installing on Windows XP and newer you can also use the following parameters: • /user:domain\username (variation: /user:username) — Specifies the user account and the domain name.

  • Page 58: Local Installation And Policy Manager

    58 | F-Secure Client Security | Setting up the managed network Local installation and Policy Manager Local installation is recommended if you need to install Client Security locally on a workstation that is otherwise centrally managed by Policy Manager. You must have Policy Manager already installed before you can continue with the installation.

  • Page 59: Installation Steps

    Note: Use only the subscription key delivered with the product. You can use the subscription key for the number of installations your license is for (see the ‘F-Secure License’ note in this guide). If you have problems in registering, please contact F-Secure Technical Support.

  • Page 60: Installing On An Infected Host

    60 | F-Secure Client Security | Setting up the managed network Installing on an infected host If the host on which you are going to install Client Security is infected with some variant of the Klez virus, you should run the Klez removal tool on the host before starting the installation.

  • Page 61: Checking That The Management Connections Work

    F-Secure Client Security | Setting up the managed network | 61 Checking that the management connections work You can check that the management connections are working by following the steps given here. 1. Check the Policy distribution status on the Summary tab.

  • Page 63: Chapter 5: Configuring Virus And Spyware Protection

    Chapter Configuring virus and spyware protection Topics: Virus and spyware protection keeps computers protected against file viruses, spyware, riskware, rootkits and viruses that are spreading by • Configuring automatic updates e-mail attachments and in web traffic. • Configuring real-time scanning Automatic updates guarantee that virus and spyware protection is always •...

  • Page 64: Configuring Automatic Updates

    3. Next the client tries to download the updates directly from Policy Manager Server. 4. If Policy Manager Proxy is in use in the company network, the client tries to connect to the F-Secure update server through each Policy Manager Proxy in turn.

  • Page 65: Configuring Policy Manager Proxy

    HTTP proxy address settings are suitable for your environment. 6. If you want to enable the system to use Policy Manager Server or the F-Secure update server as a fall back when no Policy Manager Proxy can be accessed, select...
  • Page 66 66 | F-Secure Client Security | Configuring virus and spyware protection • Another Automatic Update Agent (for example Client Security) with neighborcast enabled. To enable neighborcast: 1. Select the target domain. 2. Select the Settings tab and the Automatic updates page.

  • Page 67: Configuring Real-Time Scanning

    F-Secure Client Security | Configuring virus and spyware protection | 67 Configuring real-time scanning Real-time scanning keeps the computer protected all the time, as it is scanning files when they are accessed, opened or closed. It runs in the background, which means that once it has been set up, it is basically transparent to the user.

  • Page 68: Enabling Real-Time Scanning For The Whole Domain

    68 | F-Secure Client Security | Configuring virus and spyware protection Action Definition Ask after scan Starts the Disinfection Wizard when an infected file is detected. Disinfect automatically Disinfects the file automatically when a virus is detected. Rename automatically Renames the file automatically when a virus is detected.

  • Page 69: Forcing All Hosts To Use Real-Time Scanning

    F-Secure Client Security | Configuring virus and spyware protection | 69 Forcing all hosts to use real-time scanning In this example, real-time scanning is configured so that users cannot disable it; this ensures that all hosts stay protected in any circumstances.

  • Page 70: Configuring Deepguard

    70 | F-Secure Client Security | Configuring virus and spyware protection Configuring DeepGuard DeepGuard is a host-based intrusion prevention system that analyzes the behavior of files and programs. DeepGuard can be used to block intrusive ad pop-ups and to protect important system settings, as well as Internet Explorer settings against unwanted changes.
  • Page 71 F-Secure Client Security | Configuring virus and spyware protection | 71 What should I know about server queries? Server queries require access to the Internet to work. If your network allows access only through an HTTP proxy, set the Automatic Update Agent HTTP proxy setting to your proxy server's address to make sure server...

  • Page 72: Configuring Rootkit Scanning (Blacklight)

    72 | F-Secure Client Security | Configuring virus and spyware protection Configuring rootkit scanning (Blacklight) Rootkit scanning can be used to scan for files and drives hidden by rootkits. Rootkits are typically used to hide malicious software, such as spyware, from users, system tools and traditional antivirus scanners.

  • Page 73: Configuring E-Mail Scanning

    F-Secure Client Security | Configuring virus and spyware protection | 73 Configuring e-mail scanning E-mail scanning can be used to keep both inbound and outbound e-mails protected against viruses. Enabling it for outbound e-mails also ensures that you do not accidentally send out infected e-mail attachments.

  • Page 74: Enabling E-Mail Scanning For Incoming And Outgoing E-Mails

    74 | F-Secure Client Security | Configuring virus and spyware protection To save the blocked e-mail messages in the end-users’ Outbox folder, select Save blocked e-mails in outbox. The user must move, delete or modify the blocked message in their...

  • Page 75: Configuring Web Traffic (Http) Scanning

    F-Secure Client Security | Configuring virus and spyware protection | 75 Configuring web traffic (HTTP) scanning Web traffic scanning can be used to protect the computer against viruses in HTTP traffic. When enabled, web traffic scanning scans HTML files, image files, downloaded applications or executable files and other types of downloaded files.
  • Page 76 76 | F-Secure Client Security | Configuring virus and spyware protection In this configuration example, one whole domain (www.example.com) and a sub-directory from another domain (www.example2.com/news) are excluded from HTTP scanning. 1. Select Root on the Policy domains tab. 2. Go to the...

  • Page 77: Configuring Spyware Scanning

    F-Secure Client Security | Configuring virus and spyware protection | 77 Configuring spyware scanning Spyware scanning protects the hosts against different types of spyware, such as data miners, monitoring tools and dialers. In centrally managed mode, spyware scanning can be set, for example, to report the spyware items found on hosts to the administrator or to quarantine all found spyware items automatically.

  • Page 78: Setting Up Spyware Control For The Whole Domain

    78 | F-Secure Client Security | Configuring virus and spyware protection Spyware and riskware reported by hosts Removed - The spyware item has been removed from the host. Quarantined - The spyware item was quarantined on the host. Currently In quarantine - The spyware item is currently in quarantine on the host.

  • Page 79: Launching Spyware Scanning In The Whole Domain

    F-Secure Client Security | Configuring virus and spyware protection | 79 4. Check that the manual scanning settings are valid for the managed domain. 5. Click to save and distribute the policy. Launching spyware scanning in the whole domain In this example, a manual scan is launched in the whole domain.

  • Page 80: Managing Quarantined Objects

    80 | F-Secure Client Security | Configuring virus and spyware protection Managing quarantined objects Quarantine management gives you the possiblity to process objects that have been quarantined on host machines in a centralized manner. All infected files and spyware or riskware that have been quarantined on host machines are displayed on the...
  • Page 81 F-Secure Client Security | Configuring virus and spyware protection | 81 4. Select the quarantined object you want to allow on the Quarantined objects table, and click Release. The object is moved to the Actions to perform on quarantined objects...

  • Page 82: Preventing Users From Changing Settings

    82 | F-Secure Client Security | Configuring virus and spyware protection Preventing users from changing settings If you want to make sure that the users cannot change some or any of the virus protection settings, you can make these settings final.

  • Page 83: Configuring Alert Sending

    F-Secure Client Security | Configuring virus and spyware protection | 83 Configuring alert sending This section describes how to configure the product to send Client Security virus alerts to an e-mail address and how to disable the alert pop-ups. It is a good idea to have all virus alerts sent to administrators by e-mail to ensure that they are informed of any porential outbreaks as quickly as possible.

  • Page 84: Monitoring Viruses On The Network

    84 | F-Secure Client Security | Configuring virus and spyware protection Monitoring viruses on the network Policy Manager offers different ways and levels of detail for monitoring infections on your network. The best way to monitor whether there are viruses on the network is to check the...

  • Page 85: Testing Your Antivirus Protection

    F-Secure Client Security | Configuring virus and spyware protection | 85 Testing your antivirus protection To test that Client Security operates correctly, you can use a special test file that is detected by Client Security as though it were a virus.

  • Page 87: Chapter 6: Configuring Internet Shield

    Chapter Configuring Internet Shield Topics: Internet Shield protects the computers against unauthorized access from the Internet as well as against attacks originating from inside the LAN. • Global firewall security levels Internet Shield provides protection against information theft, because • Design principles for security unauthorized access attempts can be prohibited and detected.

  • Page 88: Global Firewall Security Levels

    88 | F-Secure Client Security | Configuring Internet Shield Global firewall security levels If you do not need to customize the firewall settings for your network, there are several pre-configured security levels to choose from. The global firewall security levels that exist in Internet Shield are:...

  • Page 89: Design Principles For Security Levels

    F-Secure Client Security | Configuring Internet Shield | 89 Design principles for security levels The basic principles of design behind security levels are described here. Each security level has a set of pre-configured firewall rules. In addition, you can create new rules for all...

  • Page 90: Configuring Security Levels And Rules

    90 | F-Secure Client Security | Configuring Internet Shield Configuring security levels and rules This section explains how you can set and select the security levels based on the users' needs. In the practical configuration examples it is assumed that the managed hosts have been imported into a domain structure where, for example, laptops and desktops are located in their own subdomains.
  • Page 91 F-Secure Client Security | Configuring Internet Shield | 91 To add a new security level for a certain domain only, you first have to disable that security level on root level, and then enable it again on the appropriate lower level.
  • Page 92 92 | F-Secure Client Security | Configuring Internet Shield g) Click Finish. Take the new security level into use The next step is to take the new security level into use. To take the new security level into use only in the selected subdomain(s), you first have to turn it off on root level and then turn it on on a lower level in the policy domain hierarchy.

  • Page 93: Configuring Network Quarantine

    F-Secure Client Security | Configuring Internet Shield | 93 Configuring network quarantine Network quarantine is an Internet Shield feature that makes it possible to restrict the network access of hosts that have very old virus definitions and/or that have real-time scanning turned off.

  • Page 94: Configuring Rule Alerts

    94 | F-Secure Client Security | Configuring Internet Shield Configuring rule alerts Internet Shield rule alerts can be used to get notifications if certain types of malware try to access the computers. It is possible to issue an alert every time a rule is hit or when illegal datagrams are received, which makes it easy to see what kind of traffic is going on in your system.
  • Page 95 F-Secure Client Security | Configuring Internet Shield | 95 Direction Explanation <= The service will be allowed/denied if coming from the defined remote hosts or networks to your computer. => The service will be allowed/denied if going from your computer to the defined remote hosts or networks.
  • Page 96 96 | F-Secure Client Security | Configuring Internet Shield To do this: 1. Make sure that you have the correct subdomain selected on the Policy domains tab. 2. Select the Firewall security levels page on the Settings tab. 3. Set the security level for which you created the rule as the active security level by selecting it from the Internet Shield Security level at host drop-down list.

  • Page 97: Configuring Application Control

    F-Secure Client Security | Configuring Internet Shield | 97 Configuring application control Application control allows for safe browsing and is an excellent defence against malicious computer programs. Application control is also an excellent tool for fighting trojans and other network malware as it does not allow them to send any information to the network.

  • Page 98: Setting Up Application Control For The First Time

    98 | F-Secure Client Security | Configuring Internet Shield Application rules for known applications Description Displays the internal description of the executable, usually the name of the application. You can also modify the description. Message Displays the associated message (if any) which was created together with the rule.

  • Page 99: Creating A Rule For An Unknown Application On Root Level

    F-Secure Client Security | Configuring Internet Shield | 99 2. Configure the basic application control settings that will be used when application control is running: a) Select the default action to take when an unknown application tries to make an outbound connection...

  • Page 100: Editing An Existing Application Control Rule

    100 | F-Secure Client Security | Configuring Internet Shield In this example select Root. b) When the rule is ready, click Finish. The new rule is now displayed in the Application rules for known applications table. The Unknown applications reported by hosts table has been refreshed.
  • Page 101 F-Secure Client Security | Configuring Internet Shield | 101 4. Click to save and distribute the policy.

  • Page 102: Using Alerts To Check That Internet Shield Works

    102 | F-Secure Client Security | Configuring Internet Shield Using alerts to check that Internet Shield works In normal use you should not get any alerts from Internet Shield; if you suddenly start to receive a lot of alerts it means that there is either a configuration mistake or then there is a problem.

  • Page 103: Configuring Intrusion Prevention

    F-Secure Client Security | Configuring Internet Shield | 103 Configuring intrusion prevention Intrusion prevention monitors inbound traffic and tries to find intrusion attempts. Intrusion prevention (IPS) can also be used to monitor viruses that try to attack computers in the LAN. Intrusion prevention analyses the payload (the contents) and the header information of an IP packet, and compares this information with the known attack patterns.
  • Page 104 104 | F-Secure Client Security | Configuring Internet Shield It is assumed that desktops and laptops are located in their own subdomains, Desktops/Eng and Laptops/Eng. It is assumed that the desktops are also protected by the company firewall, and therefore the alert performance level selected for them is lower.
  • Page 105 Chapter How to check that the network environment is protected Topics: As part of the monitoring and system administration processes, you can regularly perform the tasks listed here to ensure that your network • Checking that all the hosts have environment is protected.

  • Page 106: Checking That All The Hosts Have The Latest Policy

    106 | F-Secure Client Security | How to check that the network environment is protected Checking that all the hosts have the latest policy You can ensure that all hosts have the correct settings by checking that they have the latest policy.

  • Page 107: Checking That The Server Has The Latest Virus Definitions

    F-Secure Client Security | How to check that the network environment is protected | 107 Checking that the server has the latest virus definitions You should check that the virus definitions are up to date on the server. 1. Select...

  • Page 108: Checking That The Hosts Have The Latest Virus Definitions

    108 | F-Secure Client Security | How to check that the network environment is protected Checking that the hosts have the latest virus definitions You should regularly check that the virus definitions are up to date on all hosts within the domain.

  • Page 109: Checking That There Are No Disconnected Hosts

    F-Secure Client Security | How to check that the network environment is protected | 109 Checking that there are no disconnected hosts You can ensure that all hosts are getting the latest updates by checking that there are no disconnected hosts.

  • Page 110: Viewing Scanning Reports

    110 | F-Secure Client Security | How to check that the network environment is protected Viewing scanning reports You can view the scanning reports from hosts to check if there have been any problems. If you want to see a scanning report from certain hosts, do as follows: 1.

  • Page 111: Viewing Alerts

    F-Secure Client Security | How to check that the network environment is protected | 111 Viewing alerts If there has been a problem with a program or with an operation, the hosts can send alerts and reports about It is a good idea to check regularly that there are no new alerts, and also to acknowledge (and delete) the alerts that you have already handled.

  • Page 112: Creating A Weekly Infection Report

    112 | F-Secure Client Security | How to check that the network environment is protected Creating a weekly infection report If you want to create a weekly infection report (or some other report to be generated at regular intervals), you have two options.

  • Page 113: Monitoring A Possible Network Attack

    F-Secure Client Security | How to check that the network environment is protected | 113 Monitoring a possible network attack If you suspect that there is a network attack going on in the local network, you can monitor it by following these steps.

  • Page 115: Chapter 8: Upgrading Software

    Chapter Upgrading software Topics: You can remotely upgrade F-Secure anti-virus software already installed on hosts by using the Installation editor. The editor creates policy-based • Using the installation editor installation tasks that each host in the target domain will carry out after the next policy update.

  • Page 116: Using The Installation Editor

    116 | F-Secure Client Security | Upgrading software Using the installation editor The installation editor must be used on those hosts that already have Management Agent installed. To use the installation editor: 1. Open the Policy tab and select the root node (the F-Secure sub-tree).
  • Page 117 2. Wait for Policy Manager Console to report the success or failure of the uninstallation. 3. If F-Secure Anti-Virus was uninstalled successfully, uninstall Management Agent. 4. If uninstallation of Management Agent is unsuccessful, Policy Manager Console will display a statistical report of the failure.

  • Page 119: Chapter 9: Local Host Operations

    • Scan at set times • Where to find firewall alerts and log files • Connecting to Policy Manager and importing a policy file manually • Suspending downloads and updates • Allowing users to unload F-Secure products...

  • Page 120: Scan Manually

    120 | F-Secure Client Security | Local host operations Scan manually You can scan your computer manually, if you suspect that you have malware on your computer. How to select the type of manual scan You can scan your whole computer or scan for a specific type of malware or a specific location.

  • Page 121: Clean Malware Automatically

    F-Secure Client Security | Local host operations | 121 Scan type What is scanned When to use this type check whether your computer is clean, because it is able to efficiently find and remove any active malware on your computer.

  • Page 122: Scan At Set Times

    122 | F-Secure Client Security | Local host operations Scan at set times You can scan your computer for malware at regular intervals, for example daily, weekly or monthly. Scanning for malware is an intensive process. It requires the full power of your computer and takes some time to complete.

  • Page 123: View The Results Of Scheduled Scan

    F-Secure Client Security | Local host operations | 123 3. Click Close. The scheduled scan is canceled. The next scheduled scan will start as usual. View the results of scheduled scan When a scheduled scan finishes you can check if malware were found.

  • Page 124: Where To Find Firewall Alerts And Log Files

    124 | F-Secure Client Security | Local host operations Where to find firewall alerts and log files By viewing the firewall alerts and log files, you can find out how network connections are protected on your computer. View firewall alerts You can view a list of all generated firewall alerts.

  • Page 125: View The Action Log

    F-Secure Client Security | Local host operations | 125 Field Description Services Shows the firewall services to which this traffic matched. Remote address The IP address of the remote computer. Remote port The port on the remote computer. Local address The IP address of your own computer.
  • Page 126 126 | F-Secure Client Security | Local host operations 3. Use the recommended logging time and file size that are shown in the Logging time Max log file size fields. You can also change them if you want to. 4. Click Start logging .
  • Page 127 F-Secure Client Security | Local host operations | 127 The pane on the right shows you the traffic types and their information. The lower pane of the window shows the information in hexadecimal and ASCII format. If you want to view all types of network traffic (and not only IP traffic), clear the Filter non IP checkbox.

  • Page 128: Connecting To Policy Manager And Importing A Policy File Manually

    128 | F-Secure Client Security | Local host operations Connecting to Policy Manager and importing a policy file manually If you need to initialize a connection from the local host to Policy Manager Server, you can do it by following these steps.

  • Page 129: Suspending Downloads And Updates

    F-Secure Client Security | Local host operations | 129 Suspending downloads and updates You can allow users to suspend network communications, for example if they are sometimes using a dial-up connection. This option is configured from Policy Manager Console. It is useful for hosts that sometimes use a slow dial-up connection.

  • Page 130: Allowing Users To Unload F-Secure Products

    This option is configured from the Policy Manager Console. It specifies whether the user is allowed to unload all F-Secure products temporarily, for example in order to free memory for games or similar applications. Note: Note that the main functions of the products are disabled during the time the product is unloaded and thus the computer becomes vulnerable to viruses and attacks.

  • Page 131: Chapter 10: Virus Information

    Topics: This section provides information on where to find out about viruses and how to handle viruses you encounter. • Malware information and tools on the F-Secure web pages • How to send a virus sample to F-Secure • What to do in case of a virus...

  • Page 132: Malware Information And Tools On The F-Secure Web Pages

    • The latest threats are also delivered to your desktop through Client Security as F-Secure news. Before sending us a sample you may consider trying our RescueCD. This is a tool that starts it’s own operating system and so can find some malware that cannot be found from within Windows. You can find it from the Security Center: http://www.f-secure.com/security_center/.

  • Page 133: How To Send A Virus Sample To F-Secure

    F-Secure Client Security | Virus information | 133 How to send a virus sample to F-Secure This section covers information on sending a virus sample to the F-Secure Security Lab. Note: This section is for advanced users. Please send detailed descriptions of the problem, symptoms or any questions you have in English whenever possible.

  • Page 134: How To Send The Virus Sample

    • The most common is to use our sample submission webform. This webform guides you to give us all the information we need to process a sample. You can find the webform at: http://www.f-secure.com/samples. • If the sample is larger than 5Mb in size, you must upload the sample to our ftp site at: ftp://ftp.f-secure.com/incoming/.
  • Page 135 F-Secure Client Security | Virus information | 135 Tammasaarenkatu 7 PL 24 00181 Helsinki Finland...

  • Page 136: What To Do In Case Of A Virus Outbreak

    Support through our support web page: http://support.f-secure.com. If you need urgent assistance, please point it out in your message. 4. If it is a new virus, try to locate a sample and send it to F-Secure Security Labs through the sample submission webform at: http://www.f-secure.com/samples.

  • Page 137: Chapter 11: Setting Up The Cisco Nac Plugin

    Chapter Setting up the Cisco NAC plugin Topics: F-Secure participates in the Network Admission Control (NAC) ® collaboration led by Cisco Systems . NAC can be used to restrict the • Installing the Cisco NAC plugin network access of hosts that have too old virus definition databases, or •...

  • Page 138: Installing The Cisco Nac Plugin

    138 | F-Secure Client Security | Setting up the Cisco NAC plugin Installing the Cisco NAC plugin The Cisco NAC plugin can be installed on hosts both locally and remotely. 1. Local installations: when installing Client Security locally, select Cisco NAC Plugin...

  • Page 139: Importing Posture Validation Attribute Definitions

    F-Secure Client Security | Setting up the Cisco NAC plugin | 139 Importing posture validation attribute definitions You need to add posture validation attribute definitions related to F-Secure products to the Cisco Secure ACS Posture Validation Attributes definition file. 1. Use the CSUtil tool on the Cisco Secure ACS server.

  • Page 140: Using Attributes For The Application Posture Token

    Using attributes for the application posture token Here you will find details on how to configure the Cisco ACS server to monitor product-related security attributes. To configure the Cisco ACS server to monitor F-Secure product-related security attributes, do the following: 1. Click the External user databases button on the Cisco ACS server user interface.

  • Page 141: Chapter 12: Advanced Features: Virus And Spyware Protection

    Chapter Advanced features: virus and spyware protection Topics: This section contains instructions for some advanced virus protection administration tasks, such as configuring scheduled scanning from the • Configuring scheduled scanning Advanced mode user interface and configuring the anti-virus proxy. • Advanced DeepGuard settings •...

  • Page 142: Configuring Scheduled Scanning

    142 | F-Secure Client Security | Advanced features: virus and spyware protection Configuring scheduled scanning A scheduled scanning task can be added from the Advanced mode user interface. In this example, a scheduled scanning task is added in a policy for the whole policy domain. The scan is to be run weekly, every Monday at 8 p.m, starting from August 25, 2009.

  • Page 143: Advanced Deepguard Settings

    F-Secure Client Security | Advanced features: virus and spyware protection | 143 Advanced DeepGuard settings This section covers the advanced settings relating to DeepGuard. Notifying user on a deny event You can configure the product to notify users when DeepGuard denies an event they have initiated.
  • Page 144 144 | F-Secure Client Security | Advanced features: virus and spyware protection 8. Double-click the Trusted cell for the new entry: • Select to allow all events for the application. • Select to deny all events for the application. 9. Double-click the Enabled cell for the new entry.

  • Page 145: Configuring Policy Manager Proxy

    Policy Manager Proxy caches automatic updates retrieved from the central F-Secure update server or the corporate Policy Manager Server, and it resides in the same remote network as the hosts that use it as a database distribution point.

  • Page 146: Configuring Automatic Updates On Hosts From Policy Manager Proxy

    146 | F-Secure Client Security | Advanced features: virus and spyware protection Configuring automatic updates on hosts from Policy Manager Proxy A list of proxies through which the hosts fetch updates can be configured on the Settings tab. If you need to configure this from a managed host’s local user interface, you can do it as follows: 1.

  • Page 147: Excluding An Application From The Web Traffic Scanner

    F-Secure Client Security | Advanced features: virus and spyware protection | 147 Excluding an application from the web traffic scanner If web traffic scanning causes problems with a program that is common in your organization you can exclude this application from the web traffic scanner.

  • Page 149: Chapter 13: Advanced Features: Internet Shield

    Chapter Advanced features: Internet Shield Topics: This section covers some advanced Internet Shield features and also contains some troubleshooting information. • Managing Internet Shield properties remotely • Configuring security level autoselection • Troubleshooting connection problems • Adding new services • Setting up dialup control...

  • Page 150: Managing Internet Shield Properties Remotely

    150 | F-Secure Client Security | Advanced features: Internet Shield Managing Internet Shield properties remotely This section describes how you can manage Internet Shield properties remotely. Using packet logging Packet logging is a very useful debugging tool to find out what is happening on the local network.
  • Page 151 F-Secure Client Security | Advanced features: Internet Shield | 151 1. Select View Advanced mode from the menu. Advanced mode user interface opens. 2. Select Root on the Policy domains tab. 3. On the Policy tab, select F-Secure Internet Shield...

  • Page 152: Configuring Security Level Autoselection

    152 | F-Secure Client Security | Advanced features: Internet Shield Configuring security level autoselection In this example, security level autoselection is configured for a subdomain that contains only laptops in such a way that when the computers are connected to company LAN, the Office security level is used;...

  • Page 153: Troubleshooting Connection Problems

    8. If nothing else helps, unload F-Secure products or set the Internet Shield to allow all mode. If even this does not help, it is likely that the problem is in routing or in some other component in the computer...

  • Page 154: Adding New Services

    154 | F-Secure Client Security | Advanced features: Internet Shield Adding new services Service, short for network service, means a service that is available on the network, e.g. file sharing, remote console access, or web browsing. Services are most often described by what protocol and port they use.
  • Page 155 F-Secure Client Security | Advanced features: Internet Shield | 155 Protocol name Protocol number Full name Cisco Generic Routing Encapsulation (GRE) Tunnel Encapsulation Security Payload protocol Authentication Header protocol Protocol Independent Multicast COMP Compression Header protocol Raw IP packets 6. Select the initiator ports: If your service uses the TCP or UDP protocol, you need to define the initiator ports the service covers.

  • Page 156: Setting Up Dialup Control

    156 | F-Secure Client Security | Advanced features: Internet Shield Setting up dialup control Dialup control lets you create lists of phone numbers allowed and blocked from the users dialup modem. To turn on dialup control: 1. Select View Advanced mode...
  • Page 157 F-Secure Client Security | Advanced features: Internet Shield | 157 4. Click to save and distribute the policy.

  • Page 159: Chapter 14: Modifying Prodsett.ini

    Chapter Modifying prodsett.ini Topics: This section contains a list of the settings that can be edited in prodsett.ini. • Configurable prodsett.ini settings Caution: Do not edit any prodsett.ini settings in that are not included in this section. Note: Dependency between RequestInstallMode and InstallMode settings: The RequestInstallMode setting can override the selection for components, which have InstallMode=0.

  • Page 160: Configurable Prodsett.ini Settings

    160 | F-Secure Client Security | Modifying prodsett.ini Configurable prodsett.ini settings You can edit edit the settings described here in the prodsett.ini file. [F-Secure common] Common settings CD-Key=XXXX-XXXX-XXXX-XXXX-XXXX Enter the subscription key of the installation package here. SetupLanguage=ENG Enforced Installation language.
  • Page 161 F-Secure Client Security | Modifying prodsett.ini | 161 [F-Secure common] Common settings users and administrators, and read-only access to everyone. 2 = strict policy; files and folders are protected with permissions granting full access to administrators, read-write access to power users, read-only access to users, and no access to everyone.
  • Page 162 162 | F-Secure Client Security | Modifying prodsett.ini [FSMAINST.DLL] Settings for Management Agent win2000renamefiles=fsrec.2k|fsrec.sys;fsfilte Do not modify these settings! r.2k|fsfilter.sys;fsgk.2k|fsgk.sys InstallFSPKIH=0 InstallNetworkProvider=0 InstallGINA=0 RedefineSettings=0 ServiceProviderMode=0 MibVersion= GatekeeperVersion= StatisticsFilterPattern1= UseOnlyUID= 0 = Management Agent only uses all available identities (DNS name, IP address, WINS name, Unique Identity) to identify itself for the first time to the Policy Manager Server.
  • Page 163 F-Secure Client Security | Modifying prodsett.ini | 163 [PMSUINST.DLL] Settings for Policy Manager support the RequestInstallMode or InstallMode settings for this component. [FSAVINST.DLL] Settings for Client Security - virus protection RequestInstallMode=1 0 = Install this component as defined in the InstallMode setting.
  • Page 164 164 | F-Secure Client Security | Modifying prodsett.ini [ES_Setup.DLL] Settings for the installation of e-mail scanning 2 = Install this component if there is no existing version of it installed, or if the same or an older version exists. Debug=0 | 1 0 = Do not generate debug information (default).
  • Page 165 F-Secure Client Security | Modifying prodsett.ini | 165 [FWINST.DLL] Settings for Client Security - Internet Shield 1 = Install Dial-up Control InstallNetworkQuarantine=0 | 1 0 = Do not install Network Quarantine (default). 1 = Install Network Quarantine. DisableWindowsFirewall=0 | 1 0 = Do not disable Windows Firewall (on XP SP2 or later) (default).
  • Page 166 166 | F-Secure Client Security | Modifying prodsett.ini [FSPSINST.DLL] Settings for Client Security - Network Scanner 1 = HTTP Scanning enabled StartImmediatelyForApps= iexplore.exe,firefox.exe, This setting defines which executables should start netscape.exe,opera.exe, msimn.exe,outlook.exe, HTTP scanning immediately. Other processes will go mozilla.exe in scanning mode only after the first access to an external server port 80.

  • Page 167: Chapter 15: E-Mail Scanning Alert And Error Messages

    Chapter E-mail scanning alert and error messages Topics: This section provides a list of the alert and error messages that e-mail scanning can generate. • Alert and error messages...

  • Page 168: Alert And Error Messages

    168 | F-Secure Client Security | E-mail scanning alert and error messages Alert and error messages A list of the messages generated by e-mail scanning is given below. Message title Message ID Definition Message content E-Mail Scanning Session Connection to the Failed: System Error <server name>...
  • Page 169 F-Secure Client Security | E-mail scanning alert and error messages | 169 Message title Message ID Definition Message content • Infected e-mail was header: recipient filed email blocked addresses> subject: < Email header: The title subject filed of the message >...
  • Page 170 170 | F-Secure Client Security | E-mail scanning alert and error messages Message title Message ID Definition Message content • E-mail was blocked...
  • Page 171 Chapter Products detected or removed during client installation Topics: The products listed in this section are either detected so that the user can manually uninstall them or automatically uninstalled during the • Product list F-Secure Client Security installation process.

  • Page 172: Product List

    172 | F-Secure Client Security | Products detected or removed during client installation Product list A list of the products that are detected and removed during installation is given below. • Agnitum Outpost Firewall Pro 1.0 • AOL Safety and Security Center •...
  • Page 173 F-Secure Client Security | Products detected or removed during client installation | 173 • iProtectYou 7.09 • Jiangmin Antivirus Software (English version only) • K7 TotalSecurity 2006 • Kaspersky Anti-Spam Personal • Kaspersky Anti-Virus 6.0 (English version only) • Kaspersky Internet Security 6.0 (English version only) •...
  • Page 174 174 | F-Secure Client Security | Products detected or removed during client installation • Norton AntiVirus 2004 (Symantec Corporation) • Norton AntiVirus • Norton AntiVirus Corporate Edition • Norton Internet Security • Norton Internet Security 2005 • Norton Internet Security 2006 (Symantec Corporation) •...

This manual is also suitable for:

Client security

Table of Contents