Latest update 17/12/2015
|
|
- Coleen Gaines
- 8 years ago
- Views:
Transcription
1 TECHNICAL DOCUMENT Reference Nr. Written by /CI/2 Costas Ioannou Latest update 17/12/2015 F-SECURE CONFIGURATION BEST PRACTICE AGAINST ZERO-HOUR MALWARE F-SECURE CLIENT SECURITY (CS) F-SECURE SERVER SECURITY (SS) F-SECURE AND SERVER SECURITY (ESS) The following document is a best-practice configuration for making sure that you get the maximum protection level from F-Secure solution against ransomware and zerohour malware to maximum. Many settings are proposed to be locked. This means that end-user at the user interface cannot change the setting and thus disable a protection setting. F-secure Policy Manager Console can work in Antivirus Mode and in Advanced Mode. Some of the settings can be configured only in Advanced Mode. We indicate which settings are configured in Antivirus mode and which can only be configured in Advanced Mode. Under each configuration setting (or set of settings) you will find a brief explanation of what this setting accomplishes. TABLE OF CONTENTS Best Practice for F-secure Client Security and F-secure Server Security... 3 Policy Manager Console Antivirus Mode... 3 Policy Manager Console - Advanced Mode... 5 Best Practice for F-secure and Server Security traffic on Exchange... 7 Administrator s web User Interface... 7 Policy Manager Console Advanced Mode... 8
2 2 Disclaimer The information contained in this document is meant to help the reader in the combat against specific malware. Although utmost care has been taken for the correctness of the information, Inter Engineering does not accept any responsibility for the use, misuse or inability to use the information in this document. Due to the nature of the subject the information provided in this document is or will become incomplete over time. It is the sole responsibility of the reader to judge whether or not to use the information herein and to accept the consequences. If you disagree with this then you should not use this document. The aim of this document This document aims to provide the reader a configuration guide on how F- Secure Anti Malware software can contribute to protection of an organization against zero-hour malware.
3 3 BEST PRACTICE FOR F-SECURE CLIENT SECURITY AND F-SECURE SERVER SECURITY Policy Manager Console Antivirus Mode Automatic Updates Automatic Updates > Enabled Automatic Updates = Checked & Locked - end-user cannot disable automatic updates. Status > Automatic Updates > Virus Definition Version (column) - Check that latest updates are installed on all hosts Real Time protection Real-Time Scanning > Real Time scanning = Checked & Locked - end-user cannot disable real-time scanning Real-Time Scanning > Custom Action on infection = Quarantine Automatically (Locked) - end-user does not leave infected code in the hard drive by mistake Zero-hour protection Real-Time Scanning > Enable DeepGuard = Enabled and Locked - zero-hour malware detection cannot be disabled by end user. Mandatory for ransomware protection. Real-Time Scanning > Action on System Modification attempt = Automatic: Do not ask Real-Time Scanning > Use server Queries to improve accuracy = Enabled and Locked - additional method for zero-hour detection by cloud-looukups. Mandatory for ransomware protection. Real-Time Scanning > Use Advanced process monitoring = and locked - additional method for zero-hour detection. Mandatory for ransomware protection. Scanning on Desktop scanning on desktop is highly recommended especially if you don't have a gateway solution or F-secure on Microsoft-Exchange (ESS). Supports IMAP, POP3, SMTP scanning. Scanning > Enable Incoming Scanning = and locked - scanning cannot be disabled by user Scanning > Action on incoming infected attachments = Disinfect Attachment (Locked) - Attempt to disinfect infected attachment. Setting cannot be changed by enduser Scanning > Action on malformed message parts = Remove Message Part (Locked) - Malformed parts cannot be scanned. Setting cannot be changed by end-user
4 4 Scanning > Scan inside compressed attachments = Enabled and Locked - Scan inside archives (zip, rar, etc.). Setting cannot be changed by the enduser Web Traffic Scanning Web Traffic scanning on desktop is highly recommended especially if you don't have a gateway/proxy solution protecting web-traffic. Web Scanning > HTTP Scanning Enabled = Only Included Content Types (Locked) - Web traffic scanning cannot be disabled by end-user. Web Scanning > Action on infection = Block (Locked) - User cannot bypass an infected item and download it. Browsing Protection > Browsing Protection Enabled = Checked and Locked - Browsing protection protects browser from vulnerability exploits and blocks access to malicious URLs. Setting cannot be disabled by the end-user. Browsing Protection > Allow users to continue to blocked pages = Disabled and Locked - End-user cannot bypass the blocking of a malicious page. Desktop Firewall Firewall Security Levels > Enabled network quarantine = and locked - Network quarantine will block host s access to the network if virus definitions are old or RTS is disabled. Firewall Security Levels > Active network quarantine on host if real-time scanning is disabled = and locked - do not allow network access to endpoint if real-time scanning is disabled (except for updating). Application Control > Do not prompt for applications that DeepGuard has identified = and locked Application Control > Do not prompt for Applications that identified using Real-time protection network = and clear Application Control > Do not prompt for applications identified by scan engines = and clear - Application Control does not allow unknown applications to connect to the network. Web traffic scanning Advanced Protection Web Traffic Scanning > Advanced Protection - These settings can help you block java, flash, pdf, Silverlight, active-x, etc. content from web-sites. You can implement an aggressive policy where you block the active content from pages by default, and whitelis t only the websites you need in order to work. Note that this approach demands more administration than normal, because you need to whitelist sites that your users are visiting.
5 5 Policy Manager Console - Advanced Mode F-secure Antivirus > Plug-ins > confirm that All plugins (Antimalware engines) are Real-time scanning Scanning > Inclusions and Exclusions > Add Extensions Defined in Database = en a- bled + locked - F-secure may include new extensions in database as new threats may rise. Exclusions Scanning > Inclusions and Exclusions > Excluded Objects Enabled = Disabled (locked) Scanning > Inclusions and Exclusions > Excluded Objects >Disallow User Changes = Scanning > Inclusions and Exclusions > Excluded Processes Enabled = Disabled (locked) Scanning > Inclusions and Exclusions > Excluded Processes = empty (locked) -if you choose and need to enable exclusions the it s better to define exclusions (objects, processes, paths) into PMC and keep these locked so the enduser may not add exclusions at the local UI. Scanning on desktop level F-Secure Antivirus > Settings for Scanning > Scanning Options > Incoming Scanning > Action on Disinfection Failure = Remove attachment (Locked) - if disinfection of attachment fails, then remove the complete attachment. F-Secure Antivirus > Settings for Scanning > Scanning Options > Common > Inclusions and Exclusions > Included Extensions > Check included extensions that have the default extensions to scan. - Default extensions are: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ POT MSO PIF. ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI BAT CMD DOC DOT JOB LSP MHT PHP PPT SWF WMA WMV WMF WRI XLS XLT CLASS DOCX DOCM DOTX DOTM DOCB XLSX XLSM XLTX XLTM XLSB XLAM PPTX PPTM POTX POTM PPAM PPSX PPSM SLDX SLDM PUB F-Secure Antivirus > Settings for Scanning > Scanning Options > Common > Inclusions and Exclusions > Included Extensions for Compressed Files > check that they are the default - Default extensions are: ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
6 6 F-Secure Antivirus > Settings for Scanning > Scanning Options > Common > Inclusions and Exclusions > Add Extensions Defined in Database Updates = Enabled (locked) - F-secure may automatically add extensions for scanning based on new threats rise. F-Secure Antivirus > Settings for Scanning > Scanning Options > Common > Inclusions and Exclusions > Excluded Extensions > Check for any 'dangerous' excluded extensions (see list of included extensions above) Automatic Updates F-Secure Automatic Update Agent > Settings > Communications > Ask Before Download = no (Locked) - prevent end-user from stopping downloads Zero-hour Detection F-Secure DeepGuard > Settings > Exploit protection = (locked) - protects browser from exploit attempts F-Secure DeepGuard > Settings > Applications > Check for any 'suspicious'/'unknown' application that is allowed by DeepGuard to run F-Secure Real-Time Protection Network Client > Participate in the Real-Time Protection Network = yes (Locked) F-Secure Real-Time Protection Network Client > Client is = Yes (Locked) F-Secure Real-Time Protection Network Client > Excluded Domains (Check for any 'suspicious' domain) - Real-Time Protection Network is F-secure s Cloud is one of Deep Guard s methods for detecting zero-hour malware. F-Secure Network Filter > Excluded Applications > check for any application that is not necessary to be included here.
7 7 BEST PRACTICE FOR F-SECURE AND SERVER SECURITY Administrator s web User Interface TRAFFIC ON EXCHANGE Attachment Stripping Transport Protection > Inbound Mail > Attachments > Strip attachments from Inbound messages = Transport Protection > Inbound Mail > Attachments > Strip these attachments = Disallowed Files Transport Protection > Inbound Mail > Attachments > Action on disallowed attachments = Drop Attachment Transport Protection > Inbound Mail > Attachments > Disallowed Files = *.bat,*.cmd,*.com,*.exe,*.hta,*.js,*.jse,*.pif,*.scr,*.shs,*.vbe,*.vbs,*.{* Transport Protection > Inbound Mail > Attachments > Quarantine stripped attachments = e n- abled - strip incoming dangerous attachments (executables and scripts) Incoming Virus protection Transport Protection > Inbound Mail > Viruses > Scan inbound messages for viruses = Transport Protection > Inbound Mail > Viruses > Heuristic scanning = Transport Protection > Inbound Mail > Viruses > Action on infected messages = drop attac h- ment Transport Protection > Inbound Mail > Viruses > Quarantine infected messages = Transport Protection > Inbound Mail > Grayware > Scan inbound e- mail messages for grayware = Transport Protection > Inbound Mail > Grayware > Action on Grayware = Drop attachment Transport Protection > Inbound Mail > Grayware > Quarantine dropped grayware = Transport Protection > Inbound Mail > Archives > Scan archives = Transport Protection > Inbound Mail > Archives > List of files to scan inside archives = unsafe files Transport Protection > Inbound Mail > Archives > Unsafe files = *.ACM, *.APP, *.ARJ, *.ASD, *.ASP, *.AX, *.BAT, *.BIN, *.BOO, *.BZ2, *.CAB, *.CHM, *.CMD, *.CNV, *.COM, *.CPL, *.CSC, *.DLL, *.DO?, *.DRV, *.EML, *.EXE, *.GZ, *.HLP, *.HTA, *.HTM, *.HTML, *.HTT, *.INF, *.INI, *.JS, *.JSE, *.LHA, *.LNK, *.LZH, *.MDB, *.MP?, *.MSG, *.MSO, *.OBD, *.OBT, *.OCX, *.OV?, *.P?T, *.PCI, *.PDF, *.PGM, *.PIF, *.PP?, *.PRC, *.PWZ, *.RAR, *.RTF, *.SCR, *.SHB, *.SHS, *.SYS, *.TAR, *.TD0, *.TGZ, *.TLB, *.TSP, *.TT6, *.VBE, *.VBS, *.VSD, *.VWP, *.VXD, *.WB?, *.WIZ, *.WML, *.WPC, *.WS?, *.XL?, *.XML, *.ZIP, *.ZL?, *.{*, Treatment of Archives files (zip, rar, etc.) Transport Protection > Inbound Mail > Archives > Excluded these files = <blank> Transport Protection > Inbound Mail > Archives > Limit max levels of nested archives to 3 / Transport Protection > Inbound Mail > Archives > Detect disallowed files inside archives = disallowed files / - enable this setting with caution as it can be resource intensive. On the other hand it will strip archives (zip, rar, etc.) which contain disallowed (executables and scripts). Transport Protection > Inbound Mail > Archives > Action on archive with disallowed files = drop archive Transport Protection > Inbound Mail > Archives > Action on max nested archives = drop archive Transport Protection > Inbound Mail > Archives > Action on password protected archives = drop archive
8 8 - beware that this setting will block password protected archives (zip, rar, etc.) Transport Protection > Inbound Mail > Archives > Quarantine dropped archives = Miscellaneous Options Transport Protection > Inbound Mail > Other > Intelligent File type recognition = - intelligent file type recognition recognizes file types based on their content and not on their filename extension. Transport Protection > Inbound Mail > Other > Limit max levels of nested message to 3 / e n- abled Transport Protection > Inbound Mail > Other > Actions on mails with exceeding nesting levels = drop the whole message Transport Protection > Inbound Mail > Other > Actions on malformed mails = drop the whole message Transport Protection > Inbound Mail > Other > Quarantine problematic messages = Storage Protection Real-time scanning Storage Protection > Real-time scanning > Viruses > Scan mailboxes = scan all mailboxes Storage Protection > Real-time scanning > Viruses > Scan public folders = scan all public folders Storage Protection > Real-time scanning > Viruses > Scan these attachments = unsafe files Storage Protection > Real-time scanning > Viruses > Exclude these attachments = <blank> Storage Protection > Real-time scanning > Viruses > Actions > Try to disinfect = disabled Storage Protection > Real- time scanning > Viruses > Actions > Quarantine infected attachments = Policy Manager Console Advanced Mode F-Secure Content Scanner Server > Settings > Virus Scanning > Scan Engines > All engines F-Secure Content Scanner Server > Settings > Virus Scanning > Action if Engine Malfunctions = Return Scan Error F- Secure Content Scanner Server > Settings > Virus Scanning > Scan Inside Archives = Enabled F- Secure Content Scanner Server > Settings > Virus Scanning > Suspect Max Nested A r- chives = Treat as Unsafe F-Secure Content Scanner server > Settings > Virus Scanning > Suspect Password Protected Archives = Treat As Unsafe F- Secure Content Scanner server > Settings > Virus Scanning > Scan extensions inside a r- chives > check that they are the default extensions - default extensions: ACM APP ARJ ASD ASP AX BAT BIN BOO BZ2 CAB CHM CMD CNV COM CPL CSC DLL DO? DRV EML EXE GZ HLP HTA HTM HTML HTT INF INI JS JSE LHA LNK LZH MDB MP? MSG MSO OBD OBT OCX OV? P?T PCI PDF PGM PIF PP? PRC PWZ RAR RTF SCR SHB SHS SYS TAR TD0 TGZ TLB TSP TT6 VBE VBS VSD VWP VXD WB? WIZ WML WPC WS? XL? XML ZIP ZL? {* F- Secure Content Scanner server > Settings > Virus Scanning > Extensions Allowed in Pas s- word Protected Archives = <empty>
Chapter 1: Installation...5
F-Secure Internet Security 2014 F-Secure Internet Security 2014 TOC 2 Contents Chapter 1: Installation...5 1.1 Before you install for the first time...6 1.2 Installing the product for the first time...7
More informationInternet Security 2015
Internet Security 2015 TOC Internet Security 2015 Contents Chapter 1: Installation...5 1.1 Before you install for the first time...6 1.2 Installing the product for the first time...6 1.3 Installing and
More informationDocument Exporter for Outlook
V6 Document Exporter for Outlook Export emails to PDF/XPS/DOC/MHT/HTM Bahrur Rahman AssistMyTeam SMB Solutions Welcome to Document Exporter for Outlook- A fast, light-weight add-in for Microsoft Outlook
More informationAntivirus Administration Guide
Hitachi NAS Platform Antivirus Administration Guide Release 12.1 MK-92HNAS004-02 2011-2014 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or
More informationF-Secure Client Security. Administrator's Guide
F-Secure Client Security Administrator's Guide F-Secure Client Security TOC 3 Contents Chapter 1: Introduction...9 System requirements...10 Policy Manager Server...10 Policy Manager Console...10 Main
More information2.2.1 Malware Protection (Inbound)... 14
.trust Table of Contents About This Document 2 1 Non-Rule Functionality 2 1.1 Disclaimers (Message Stamps)... 2 1.2 Administrative Email Addresses... 2 1.3 Notifications... 2 1.4 Digests... 2 1.5 Blended
More informationF-Secure Internet Security 2012
F-Secure Internet Security 2012 F-Secure Internet Security 2012 TOC 3 Contents Chapter 1: Getting started...7 How to use automatic updates...8 Check the update status...8 Change the Internet connection
More informationAnti-Virus Policy. Computing and Networking Services (CNS).
Anti-Virus Policy Reference: CNS-P-I-ANTIVIRUS Revision: A Supersedes: Purpose: Source: None CNS is to provide a computing network that is virus-free. The purpose of this policy is to provide instructions
More informationARIMS Bulk Archive Tool (ARIMS-BAT) User s Guide v 3.7
United States Army Records Management and Declassification Agency (USARMDA) ARIMS Bulk Archive Tool (ARIMS-BAT) User s Guide v 3.7 Prepared by October 17, 2013 Table of Contents 1 Overview...1 2 Using
More informationF-Secure E-mail and Server Security. Deployment Guide
F-Secure E-mail and Server Security Deployment Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks
More informationQuick Start Guide. Managing the Service. Converting Files and Folders
PEERNET has been successfully installed as a Windows service on your computer. The mini-tutorials below are designed to get you converting files as soon as possible. Converting Files and Folders Convert
More informationSaaS Endpoint Security Solutions Performance Test
Panda Managed Office Protection SaaS Endpoint Security Solutions Performance Test April 2009 Contents 1. INTRODUCTION... 3 2. PRODUCTS ANALYZED... 3 3. METRICS... 5 Benchmark 1 CPU usage... 5 Benchmark
More informationF-Secure Anti-Virus for Microsoft Exchange. Deployment Guide
F-Secure Anti-Virus for Microsoft Exchange Deployment Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either
More informationGuidance for recipients of an encrypted NHSmail email
Guidance for recipients of an encrypted NHSmail email January 2015 V.03 Copyright 2013, Health and Social Care Information Centre. 1 Contents Introduction 3 Receiving an encrypted email 3 Reply to and
More informationMicrosoft Outlook 2003 Quick Reference
Microsoft Outlook 2003 Quick Reference Table of Contents Creating Messages 3 Using the Address book 3 Sending messages 3 Saving unfinished messages 4 Adding attachments 4 Using automatic signatures 5 Reading
More informationSophos for Microsoft SharePoint Help. Product version: 2.0
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: September 2015 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 3.1 On-access scan...5 3.2
More informationMailMarshal SMTP Default Rules (Release 6.8)
Technical Reference MailMarshal SMTP Default Rules (Release 6.8) Contents Policy Group: Connection Policies 2 Policy Group: Virus & Threats (Inbound) 3 Policy Group: Virus & Threats (Outbound) 5 Policy
More informationSophos for Microsoft SharePoint Help
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: March 2011 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 4 Reports...27 5 Search...28
More informationM-FILES 2015.1 NEW FEATURES AND ENHANCEMENTS
M-FILES CORPORATION M-FILES 2015.1 NEW FEATURES AND ENHANCEMENTS VERSION 1.3 Contents 1. Introduction... 4 1.1 System Requirements... 4 1.2 How to Upgrade... 4 1.3 Contact Us... 4 2. Metadata Card Configurability...
More informationF-Secure Internet Gatekeeper
F-Secure Internet Gatekeeper TOC F-Secure Internet Gatekeeper Contents Chapter 1: Welcome to F-Secure Internet Gatekeeper...5 1.1 Features...6 Chapter 2: Deployment...8 2.1 System requirements...9 2.2
More informationENDPOINT SECURITY BY BITDEFENDER
ENDPOINT SECURITY BY BITDEFENDER User's Guide Publication date 2014.09.30 Copyright 2014 Bitdefender Legal Notice All rights reserved. No part of this book may be reproduced or transmitted in any form
More informationBARRACUDA. N e t w o r k s SPAM FIREWALL 600
BARRACUDA N e t w o r k s SPAM FIREWALL 600 Contents: I. What is Barracuda?...1 II. III. IV. How does Barracuda Work?...1 Quarantine Summary Notification...2 Quarantine Inbox...4 V. Sort the Quarantine
More informationF-Secure Anti-Virus for Microsoft Exchange. Administrator s Guide
F-Secure Anti-Virus for Microsoft Exchange Administrator s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either
More informationF-Secure E-mail and Server Security. Administrator's Guide
F-Secure E-mail and Server Security Administrator's Guide TOC F-Secure E-mail and Server Security Contents Preface: Disclaimer...vi Chapter 1: About This Guide...7 1.1 Introduction...8 1.1.1 Product contents...8
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationF-Secure Anti-Virus. for Windows Servers. Administrator s Guide
F-Secure Anti-Virus for Windows Servers Administrator s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either
More informationRedbooks Paper. IBM System Storage N series Antivirus Scanning Best Practices Guide. Introduction
Redbooks Paper IBM System Storage N series Antivirus Scanning Best Practices Guide Introduction IBM System Storage N series solutions include integrated antivirus functionality to protect corporate data
More informationF-Secure Anti-Virus for Windows Servers. Administrator's Guide
F-Secure Anti-Virus for Windows Servers Administrator's Guide F-Secure Anti-Virus for Windows Servers TOC 3 Contents Chapter 1: Introduction...5 Product license...6 Disclaimer...6 Installation...7 System
More informationQuick Heal Exchange Protection 4.0
Quick Heal Exchange Protection 4.0 Customizable Spam Filter. Uninterrupted Antivirus Security. Product Highlights Built-in defense keeps your business communications and sensitive information secure from
More informationMicrosoft Outlook: Security Features. and Vulnerabilities
Microsoft Outlook: Security Features and Vulnerabilities ECE478 Report By: Mohammad Al-Fares Fares Al-Osaimi Abstract: Microsoft Outlook has been a favorite victim of virus makers for its relatively easy
More informationProtecting computers from hidden threats. Implementation Guide. PestPatrol. In a Networked Environment
Protecting computers from hidden threats Implementation Guide PestPatrol In a Networked Environment TABLE OF CONTENTS Implementation Guide INTRODUCTION 3 PESTPATROL: A BRIEF OVERVIEW 3 PESTPATROL IN A
More informationExchange Security. User Manual
Exchange Security User Manual Avira Exchange Security Table of contents Table of contents 1 Quickstart... 5 1.1 Installing on an Exchange server... 5 1.2 Starting the Avira Exchange Security Management
More informationBitDefender for Microsoft ISA Servers Standard Edition
BitDefender for Microsoft ISA Servers Standard Edition Copyright 2006 SOFTWIN Edition 1. How Does It Work? As content entering or leaving your company must meet security policies, it is crucial to choose
More informationUser Guide. Version R93. English
Antivirus User Guide Version R93 English May 9, 2016 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated
More informationE-MAIL AND SERVER SECURITY
E-MAIL AND SERVER SECURITY DEPLOYMENT GUIDE 1 E-MAIL AND SERVER SECURITY Deployment Guide 2 CONTENTS 1. Overview 3 2. Deployment scenarios 5 2.1 Stand-alone server 5 2.2 Deploying the product with F-Secure
More informationAvira Professional Security Migration to Avira Professional Security version 2013. HowTo
Avira Professional Security Migration to Avira Professional Security version 2013 HowTo Table of contents 1. Introduction...3 2. Manual Upgrade of Avira Professional Security...3 3. Migration via the Avira
More informationThe Death of AV Defense in Depth? - revisiting Anti-Virus Software. Sergio Alvarez Director of Research Thierry Zoller Security Engineer
The Death of AV Defense in Depth? - revisiting Anti-Virus Software Sergio Alvarez Director of Research Thierry Zoller Security Engineer Revisiting AV Software? Who are we? Who are we? Sergio Alvarez Director
More informationGFI Product Manual. Administration and Configuration Manual
GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is"
More informationF-Secure Anti-Virus Linux Server and Client Security. Administrator s Guide
F-Secure Anti-Virus Linux Server and Client Security Administrator s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos
More informationUser Manual. User Manual: NXPowerLite File Server Edition. File Server Edition, Version 3.7 Copyright 2007-2008 Neuxpower Solutions Ltd
User Manual File Server Edition, Version 3.7 Copyright 2007-2008 Solutions Ltd 1 Introduction... 3 1.1 Overview... 3 1.2 Important Information... 3 1.3 Upgrading from NXPowerLite Server Edition 3.5 or
More informationKaspersky Endpoint Security 8 for Windows and Kaspersky Security Center
Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center Reviewer s Guide Contents Introduction / Solution Headlines... 3 Getting Started... 4 Deployment... 4 Installation on an Infected
More informationGet Started Guide - PC Tools Internet Security
Get Started Guide - PC Tools Internet Security Table of Contents PC Tools Internet Security... 1 Getting Started with PC Tools Internet Security... 1 Installing... 1 Getting Started... 2 iii PC Tools
More informationE-MAIL AND SERVER SECURITY
E-MAIL AND SERVER SECURITY DEPLOYMENT GUIDE 1 E-MAIL AND SERVER SECURITY Deployment Guide 2 CONTENTS 1. Overview 3 1.1 How the product works 3 1.2 Product contents 4 2. Deployment scenarios 5 2.1 Stand-alone
More informationStopping Inbound and Outbound Threats; Juniper Networks Firewall/IPSec VPN with Unified Threat Management (UTM)
Solution Brief Stopping Inbound and Outbound Threats; Juniper Networks Firewall/IPSec VPN with Unified Threat Management (UTM) Challenge As the network attack landscape continues to evolve, IT managers
More informationGeneral Terms and Conditions for Cloud Hosting services by QSS d.o.o Sarajevo
General Terms and Conditions for Cloud Hosting services by QSS d.o.o Sarajevo Introduction Dear Users, In this document you can find the standards terms and conditions for Cloud hosting by the company
More informationFortiSandbox - Administration Guide VERSION 2.0.1
FortiSandbox - Administration Guide VERSION 2.0.1 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE
More informationBeware! CryptoLocker Ransomware
Beware! CryptoLocker Ransomware 1 Ransomware Malicious software (malware) that infects a computer and restricts access to the computer and/or its files Demands a ransom to be paid in order for the restriction
More informationHOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments
HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what
More informationdocument sharing platform advanced document management user-friendly administration SOFTWARE SOLUTIONS
document sharing platform advanced document management user-friendly administration SOFTWARE SOLUTIONS imageware Document Server A simple yet powerful document sharing solution. An essentially better way
More informationSimplicity Value Documentation 3.5/5 5/5 4.5/5 Functionality Performance Overall 4/5 4.5/5 86%
Alt-N SecurityGateway for Email Servers - Universal Email Security Gateway Manufacturer: Alt-N Technologies Model: Standard Origin: Texas, USA Website: www.altn.com Price: 204 for up to 25 users Simplicity
More informationServer Internet Veiligheidspakket Administrator s guide. Administrator s Guide Internet Veiligheidspakket voor Server s
Server Internet Veiligheidspakket Administrator s guide Administrator s Guide Internet Veiligheidspakket voor Server s Server IVP Administrator s Guide Versie 1.0, d.d. 01-08-2011 Inhoudsopgave 1 Introduction...
More informationRELEASE NOTES F-Secure E-mail and Server Security Version 10.01 RTM build 173
RELEASE NOTES F-Secure E-mail and Server Security Version 10.01 RTM build 173 Copyright 1993-2013 F-Secure Corporation. All Rights Reserved. Portions Copyright 2004 BackWeb Technologies Inc. Portions Copyright
More informationF-Secure Anti-Virus for Mac 2015
F-Secure Anti-Virus for Mac 2015 TOC F-Secure Anti-Virus for Mac 2015 Contents Chapter 1: Getting started...3 1.1 Manage subscription...4 1.2 How to make sure that my computer is protected...4 1.2.1 Protection
More informationv2.0 Document Server v2.0 v2.0 v2.0 advanced document sharing platform robust document management user-friendly administration SOFTWARE SOLUTIONS
Document Server advanced document sharing platform robust document management user-friendly administration SOFTWARE SOLUTIONS imageware Document Server A simple yet powerful advanced document sharing solution.
More informationBarracuda Spam Firewall
Barracuda Spam Firewall E-mail is one of our key communication tools within the district, and offensive and inappropriate e-mail messages have become an increasing problem. Because of this, we installed
More informationProtection Service for Business
Protection Service for Business FAQ Version 4.0 Table of Contents 1. Protection Service for Business... 3 What is Protection Service for Business?... 3 What are the key benefits of Protection Service for
More informationHow To Install & Use Metascan With Policy Patrol
Policy Patrol 9 technical documentation June 16, 2014 How To Install & Use Metascan With Policy Patrol No antivirus engine is perfect. With over 220,000 new threats emerging daily, it would be impossible
More informationHow to Identify Phishing E-Mails
How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com
More information7.7 DDoS : Unknown Secrets and Botnet Counter-Attack. www.issuemakerslab.com sionics & kaientt
7.7 DDoS : Unknown Secrets and Botnet Counter-Attack sionics & kaientt Contents Overview Botnet Structure 7.7 DDoS Bot Malware Analysis Botnet Counter-Attack Demo Overview 7.7 DDoS Attack Cyber attack
More informationAvira AntiVir Exchange 7
User Manual Avira AntiVir Exchange 2000/2003 Avira AntiVir Exchange 2007 www.avira.com Contents 1 Getting Started... 6 1.1 Installation on an Exchange Server... 6 1.2 Starting AntiVir Exchange Management
More informationSTOPPING INBOUND AND OUTBOUND THREATS
SOLUTION BRIEF STOPPING INBOUND AND OUTBOUND THREATS JUNIPER NETWORKS SECURE ROUTER and FIREWALL/IPSEC VPN WITH UNIFIED THREAT MANAGEMENT (UTM) Challenge As the network attack landscape continues to evolve,
More informationUsing the Trash to Restore Files and Folders. Recovering Items. Accessing the Trash
Using the Trash to Restore Files and Folders Box features a Trash, that allows you to recover files and folders that have been deleted. By default, all deleted items will be moved the Trash location of
More informationTROUBLESHOOTING GUIDE
TROUBLESHOOTING GUIDE Page 1 OVERVIEW This document is intended to provide the following 1. Step by step procedures for troubleshooting and solving issues in the following SharePoint applications https://ishare.nielsen.com
More informationHow to Use the File Transfer (FTP) Service
How to Use the File Transfer (FTP) Service How to Use the File Transfer (FTP) Service...1 What is a File Transfer Service?...2 First Steps...2 How to Upload Files to the File Transfer Service...2 How to
More informationUser Guide for PCs. SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete Endpoint Protection
User Guide for PCs SecureAnywhere AntiVirus SecureAnywhere Internet Security Plus SecureAnywhere Complete Endpoint Protection Copyright Webroot SecureAnywhere User Guide for PCs July, 2013 2013 Webroot
More informationSymantec Endpoint Protection and Symantec Network Access Control Client Guide
Symantec Endpoint Protection and Symantec Network Access Control Client Guide Symantec Endpoint Protection and Symantec Network Access Control Client Guide The software described in this book is furnished
More informationRELEASE NOTES F-Secure E-mail and Server Security version 11.00 build 739 (RTM)
RELEASE NOTES F-Secure E-mail and Server Security version 11.00 build 739 (RTM) 1993-2014 F-Secure Corporation. All rights reserved. Portions Copyright 2004 BackWeb Technologies Inc. Portions Copyright
More informationWorry-FreeTM. Business Security Standard and Advanced Editions. Installation and Upgrade Guide. Administrator s Guide
8 Worry-FreeTM Business Security Standard and Advanced Editions Securing Your Journey to the Cloud Administrator s Guide Installation and Upgrade Guide Trend Micro Incorporated reserves the right to make
More informationESET Mobile Security Business Edition for Windows Mobile
ESET Mobile Security Business Edition for Windows Mobile Installation Manual and User Guide Click here to download the most recent version of this document Contents 1. Installation...3 of ESET Mobile Security
More informationSophos Anti-Virus for Mac OS X Help
Sophos Anti-Virus for Mac OS X Help For networked and standalone Macs running Mac OS X Product version: 9 Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5
More informationSymantec Hosted Mail Security Getting Started Guide
Symantec Hosted Mail Security Getting Started Guide Redirecting Your MX Record You have successfully activated your domain within the Symantec Hosted Mail Security Console. In order to begin the filtration
More informationAntiVirus and AntiSpam email scanning The Axigen-Kaspersky solution
AntiVirus and AntiSpam email scanning The Axigen-Kaspersky solution The present document offers a comprehensive analysis of the ways to secure corporate email systems. It provides an expert opinion on
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationChapter 2 Copyright Statement
Chapter 2: Protection at the Client Level...19 Virus Entry Points...19 Securing the Desktop Client Protection 101...20 Choosing Antivirus Client Software...20 Common Vendors of Antivirus Client Software...21
More informationF-Secure Anti-Virus for Mac. User's Guide
F-Secure Anti-Virus for Mac User's Guide F-Secure Anti-Virus for Mac TOC 3 Contents Chapter 1: Getting started...5 What to do after installation...6 Manage subscription...6 Open the product...6 How to
More informationAvira AntiVir Exchange User Manual
Avira AntiVir Exchange User Manual Contents 1 Quickstart... 5 1.1 Installation on an Exchange server... 5 1.2 Starting the AntiVir Exchange Management Console... 5 1.3 Configuration in the AntiVir Exchange
More informationSMX. Secure email exchange. Powerful and Simple-to-Manage.
Innovative secure email gateway product that has an Anti-Spam with state-of-the-art heuristic analysis, a built-in Antivirus, sophisticated Anti-Phishing and an advanced Data Loss Prevention Secure email
More informationPureMessage for Microsoft Exchange 2013 startup guide. Product version: 4.0
PureMessage for Microsoft Exchange 2013 startup guide Product version: 4.0 Document date: June 2015 Contents 1 About this guide...4 2 Planning your PureMessage deployment...5 2.1 Deploying PureMessage
More informationCopyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.
PureMessage for Microsoft Exchange protects Microsoft Exchange servers and Windows gateways against email borne threats such as from spam, phishing, viruses, spyware. In addition, it controls information
More informationIceWarp Unified Communications. AntiVirus Reference. Version 10.4
IceWarp Unified Communications AntiVirus Reference Version 10.4 Printed on 13 January, 2012 Contents AntiVirus 1 Anti-Virus... 2 Latest Avast! Engine... 2 Kaspersky Anti-Virus Support... 2 Support for
More informationRelease Notes for Websense Email Security v7.2
Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version
More informationhttp://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationApps4Rent Hosted Exchange Spam Management Interface Guide.
Spam Management Interface Guide. Apps4Rent Hosted Exchange Spam Management Interface Guide. NOTE: This document contains functionalities and procedures which are mainly used to manage your spam settings
More informationNorton Internet Security vs Windows Defender on Windows 8 (Edition 1)
vs on Windows 8 () Antivirus & Internet Security Windows 8 July 2012 Document: vs on Windows 8 () Authors: M. Baquiran, D. Wren Company: PassMark Software Date: 9 July 2012 Edition: 1 File: antivirus_win8-performance-testing-ed1.docx
More informationAdministration Guide. WatchDox Server. Version 4.8.0
Administration Guide WatchDox Server Version 4.8.0 Published: 2015-11-01 SWD-20151101091846278 Contents Introduction... 7 Getting started... 11 Signing in to WatchDox... 11 Signing in with username and
More informationMalware Prevention with Blue Coat Proxies
Malware Prevention with Blue Coat Proxies Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software".
More informationEndpoint Business Products Testing Report. Performed by AV-Test GmbH
Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed
More informationSophos Anti-Virus for Mac OS X: Home Edition Help
Sophos Anti-Virus for Mac OS X: Home Edition Help For standalone Macs running Mac OS X Product version: 9C Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationFrequently Asked Questions: Xplornet Internet Security Suite
Frequently Asked Questions: Xplornet Internet Security Suite Before Installation: Does the Xplornet Internet Security Suite (XISS), product work with other antivirus or firewall products installed on my
More informationF-Secure E-mail and Server Security. Administrator s Guide
F-Secure E-mail and Server Security Administrator s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks
More informationBest Practices for Deploying Behavior Monitoring and Device Control
Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...
More informationA comparison of e-book readers (features)
A comparison of e-book readers (features) Maker/ Vendor Model Screen size Touch screen Color Operating system Web browser Wi-Fi Other apps Speech features Sync. Highlight** Kindle Touch*, but Kindle Touch
More informationUser's Manual. Intego VirusBarrier Server 2 / VirusBarrier Mail Gateway 2 User's Manual Page 1
User's Manual Intego VirusBarrier Server 2 / VirusBarrier Mail Gateway 2 User's Manual Page 1 VirusBarrier Server 2 and VirusBarrier Mail Gateway 2 for Macintosh 2008 Intego. All Rights Reserved Intego
More informationK7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109
K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS v.109 1 The Exchange environment is an important entry point by which a threat or security risk can enter into a network. K7 Mail Security is a complete
More informationKaspersky Endpoint Security 8 for Smartphone for Android OS
Kaspersky Endpoint Security 8 for Smartphone for Android OS User Guide PROGRAM VERSION: 8.0 Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and
More informationTrend Micro OfficeScan 11.0. Best Practice Guide for Malware
Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned
More informationCYBER INTELLIGENCE THREAT ADVISORY
CYBER INTELLIGENCE THREAT ADVISORY GLOBAL THREAT ANALYSIS CENTERS CYBER MANAGED SERVICES, CSC CRYPTOLOCKER CONTINUES TO EVOLVE Friday, June 19, 2015 Synopsis Since the first reports of a Trojan that would
More informationCore Protection Suite
Core Protection Suite Admin Guide Spam Soap, Inc. 3193 Red Hill Avenue Costa Mesa, CA 92626 United States p.866.spam.out f.949.203.6425 e. info@spamsoap.com www.spamsoap.com Contents EMAIL PROTECTION OVERVIEW...3
More informationHow to stay protected against ransomware
How to stay protected against ransomware This document explains how to react quickly and effectively to the threats posed by ransomware such as Cryptowall, TeslaCrypt and Locky. It first details the mechanisms
More information