Managed Antivirus Quick Start Guide



Similar documents
Vulnerability Scanning and Patch Management

GFI Cloud User Guide A guide to administer GFI Cloud and its services

K7 Business Lite User Manual

Sophos for Microsoft SharePoint startup guide

Sophos Computer Security Scan startup guide

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Tutorial. Patch Management

Pearl Echo Installation Checklist

System Management. What are my options for deploying System Management on remote computers?

Sophos for Microsoft SharePoint Help

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Sophos Anti-Virus for NetApp Storage Systems startup guide

Comodo Endpoint Security Manager SME Software Version 2.1

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Cloud Migration Tool Help. Product version: 1.0

SecuraLive ULTIMATE SECURITY


Sophos Endpoint Security and Control How to deploy through Citrix Receiver 2.0

Symantec AntiVirus Corporate Edition Patch Update

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

GFI Product Manual. Version 6.0. Getting Started Guide

Net Protector Admin Console


Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Installation Instruction STATISTICA Enterprise Small Business

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

VERITAS Backup Exec TM 10.0 for Windows Servers

McAfee Endpoint Security Software

Configuration Information

This document details the procedure for installing Layer8 software agents and reporting dashboards.

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Server Edition Administrator s Guide

Netzwerkvirtualisierung? Aber mit Sicherheit!

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Kaseya Server Instal ation User Guide June 6, 2008

Upgrading Client Security and Policy Manager in 4 easy steps

Sophos for Microsoft SharePoint Help. Product version: 2.0

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

System Administrator Guide

Installing GFI Network Server Monitor

Sophos Endpoint Security and Control standalone startup guide

ESET Mobile Security Business Edition for Windows Mobile

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

How To Backup Your Computer With A Remote Drive Client On A Pc Or Macbook Or Macintosh (For Macintosh) On A Macbook (For Pc Or Ipa) On An Uniden (For Ipa Or Mac Macbook) On

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

If the Domain Controller is running Windows Server 2003, it is strongly advised that the Group Policy Management tool is installed.

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Core Protection for Virtual Machines 1

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Abila MIP. Installation Guide

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Moving the TRITON Reporting Databases

Migrating MSDE to Microsoft SQL 2008 R2 Express

Release Notes for Websense Security v7.2

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

BitDefender Security for Exchange

Providing Patch Management With N-central. Version 7.1

Egress Switch Client Deployment Guide V4.x

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

Actualtests.C questions

Aspera Connect User Guide

ScriptLogic File System Auditor User Guide

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

1. How do I access my VPS control panel?

LANDesk Management Suite 9.0. Getting started with Patch Manager

There are numerous ways to access monitors:

Sophos Enterprise Console Help

GFI Product Manual. Administration and Configuration Manual

FileMaker Server 15. Getting Started Guide

NetWrix USB Blocker. Version 3.6 Administrator Guide

Setting up FileMaker 10 Server

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Administrator s Guide

Providing Patch Management With N-central. Version 7.2

For Splunk Universal Forwarder and Splunk Cloud

CTERA Agent for Mac OS-X

ESET REMOTE ADMINISTRATOR. Migration guide

F-Secure Client Security. Administrator's Guide

Getting started. Symantec AntiVirus Corporate Edition 8.1 for Workstations and Network Servers

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

Citrix Access Gateway Plug-in for Windows User Guide

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

2. Installation and System requirements

4cast Client Specification and Installation

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Installing GFI LANguard Network Security Scanner

ez Agent Administrator s Guide

What Is Ad-Aware Update Server?

Installation and Setup: Setup Wizard Account Information

Installation Manual (MSI Version)

Installation Notes for Outpost Network Security (ONS) version 3.2

Kaseya 2. User Guide. Version R8. English

Remote Management System

WhatsUp Gold v16.3 Installation and Configuration Guide

User Guide. Version R91. English

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Transcription:

Quick Start Guide

Managed Antivirus In 2010, GFI Software enhanced its security product offering with the acquisition of Sunbelt Software and specifically its VIPRE product suite. Like GFI Software, Sunbelt Software does not believe in Bloatware and the VIPRE Enterprise Antivirus agent delivers high-performance, comprehensive endpoint malware protection with low system resource usage. Clean, fast, and powerful: 'by admins for admins'. We couldn t wait to get our hands on VIPRE and are pleased to announce that Dashboard v5.17 and Agent v8.8 Release Candidate utilize this technology to provide a Managed Antivirus solution that can be deployed, configured, monitored and reported on, all from your GFI MAX RemoteManagement Dashboard. Like Patch Management and Take Control before that, deployment is flexible and Managed Antivirus can be enabled, on individual servers and workstations or on all servers and workstations at a client or site. The Advanced Monitoring Agent on these servers and workstations will then download, install and configure the Managed Antivirus agent with the appropriate protection policy for that type of device at that client. From your GFI MAX RemoteManagement Dashboard, you can:» Enable Managed Antivirus on individual servers and workstations or on all servers and workstations at a client or site.» Configure every aspect of the Managed Antivirus agent including scan schedules, remediation action (i.e. what to do if a threat is discovered) and file and folder exclusions.» Save this as a protection policy for use on similar types of device at other clients and sites.» Receive alerts if a threat is quarantined and choose to delete or release from quarantine.» Start, Pause, Resume and Cancel scans all from the Dashboard!» View reports that demonstrate the service you re providing. This document describes the simple steps to follow to start doing all of this today! Step 1 Update to Agent v8.8 RC Managed Antivirus requires Advanced Monitoring Agent v8.8 Release Candidate. From the Agent menu, select Download Agent v8.8 RC and run this on each server and workstation on which Managed Antivirus is to be enabled. Alternatively, select Download Site Installation Package to generate a silent installer for installation on multiple workstations via Group Policies or the oneclick Remote Worker installer for workstations not connected to Active Directory. All existing configuration settings are retained when the Agent is updated. The Summary tab displays Agent Supported Features reflecting whether Managed Antivirus is available. 2 www.gfi.com/maxrm

Please note that Managed Antivirus can only be used at sites where there is no proxy server or where that proxy server uses BASIC authentication only. Also, Managed Antivirus cannot be used on Windows 2000. Agent v8.8 should be available for automatic update late May 2011. Step 2 Designate a Site Concentrator (if required) Managed Antivirus uses incremental differences in the Antivirus pattern definition updates meaning downloads are usually less than 100KB. However, the initial Antivirus pattern definition download can be as much as 60MB on each server or workstation. If there are a large number of workstations at a site, then a server at that site running Agent v8.8 can be designated as a Site Concentrator for that site. The Site Concentrator will download and cache both the initial Antivirus pattern definition as well as the incremental difference updates for use by other Agents at the site. These other Agents, then download them from the Site Concentrator, ensuring that each file is downloaded only once, reducing external network traffic. Select the required site in the Dashboard and then from the Edit menu, select Edit Site and the Site Concentrator tab. Select the server (running Agent v8.8) that is to act as the Site Concentrator and also the port on the Server that other Agents at that site should connect to. Please note that if you have a firewall running on the server, you may need to create a rule to allow Agents to connect to this port. 3 www.gfi.com/maxrm

If you do not wish the downloaded files to be cached on C:\ drive, you can also optionally specify the drive and path where the cached downloaded files are to be stored. Please ensure that there is sufficient free disk space on the specified drive. Files are removed from the cache if they have not been accessed for 30 days. Please note that it is not possible for the Site Concentrator to work through another proxy server. Step 3 Enable Managed Antivirus and select Protection Policies In exactly the same way as Patch Management and Take Control before that, Managed Antivirus can be switched on for all servers and workstations or for servers and workstations at individual clients and sites only, from the Settings menu, Managed Antivirus, Settings. Should you wish to exclude a server or workstation, or only enable Managed Antivirus on specific servers and workstations, this can be done from the Managed Antivirus tab of the Edit Server and Edit Workstation dialogs. (These settings are available to Superusers only.) By default, servers and workstations will inherit policy from site, which will in turn inherit from client, which will in turn inherit policies set for all servers and workstations. Once enabled you must select which Protection Policy is to be applied to the different server or workstation at that client or site. The Protection Policy configures every aspect of the Managed Antivirus agent including scan schedules, remediation action (i.e. what to do if a threat is discovered) and file and folder exclusions. Different policies can be specified on individual devices or for use with Laptops, Desktops, different versions of Small Business Servers and all other servers at that client or site as appropriate. Default policies have been supplied for Laptops, Desktops, different versions of Small Business Server, Exchange Servers, SQL Servers and generic servers, all of which follow Microsoft s own recommendations for file and folder exclusions (further information on what is excluded from each policy will be available in Help System). 4 www.gfi.com/maxrm

Step 4 Uninstall existing Antivirus product (if required) and reboot Having two Antivirus agents installed and running on the same device is usually catastrophic for that device. Therefore, the Managed Antivirus agent will not be installed if another Antivirus product is detected (including VIPRE). This will be shown in the summary tab for that device. In order for the Managed Antivirus agent to install, the existing Antivirus product must first be uninstalled and the device rebooted to complete the uninstallation. This will be shown in the summary tab for that device. The device can be rebooted manually, as part of the uninstallation process, or via Dashboard, by selecting Reboot Now from Server or Workstation drop-down menu. Warning: The next time the Agent uploads data it will be instructed to reboot the device after a delay of five minutes. Once this instruction has been sent to the Agent, it cannot be cancelled either from the Dashboard or on the device itself. Please ensure that any users logged onto this device save their work before proceeding. If you are using a central management console (such as VIPRE Antivirus Business) then please ensure that it does not attempt to reinstall the existing Antivirus product when it detects it has been uninstalled. In the future, we hope to be able to automate the removal of other Antivirus products. Step 5 Reboot to complete the installation of Managed Antivirus Once the existing Antivirus product has been uninstalled, the Advanced Monitoring Agent will then install the Managed Antivirus agent. It is again necessary to reboot the server or workstation to complete the installation. If a reboot is required, this will be shown in the summary tab for that device. The device can be rebooted manually or via Dashboard, by selecting Reboot Now from Server or Workstation drop-down menu. 5 www.gfi.com/maxrm

Warning: The next time the Agent uploads data it will be instructed to reboot the device after a delay of five minutes. Once this instruction has been sent to the Agent, it cannot be cancelled either from the Dashboard or on the device itself. Please ensure that any users logged onto this device save their work before proceeding. Step 6 Fine tune your Protection Policies The Protection Policy configures every aspect of the Managed Antivirus agent including scan schedules, remediation action (i.e. what to do if a threat is discovered) and file and folder exclusions. Default policies have been supplied for Laptops, Desktops, different versions of Small Business Server, Exchange Servers, SQL Servers and generic servers, all of which follow Microsoft s own recommendations for file and folder exclusions (further information on what is excluded from each policy will be available in Help System). The default policies can be edited or new policies created (based on an existing policy) from the Settings menu, Managed Antivirus, Protection Policy. The General tab specifies which type of device the policy applies to, the end-user interaction, whether to delete files from quarantine and how often to check for definition updates. 6 www.gfi.com/maxrm

The Scanning tab specifies options common to both quick and deep scan such as whether to perform scan if running on battery power; whether to scan USB drives upon insertion and what to do if a scheduled scan is missed. The Quick Scan tab and Deep Scan tab specify where to scan (drives and common threat locations etc), what to scan (common file types) and when to run quick scan and deep scan respectively. The Active Protection tab specifies the behavior of the resident in-memory scanner, whether it is enabled and when to scan (on execution or when some or all files are touched). The Remediation tab specifies what action the Managed Antivirus agent should take when it discovers traces of a threat during a Quick Scan, Deep Scan or Active Protection event. All threats are categorized and different remediation actions (Allow, Report, Quarantine or Delete) can be set for each category and sub-category. 7 www.gfi.com/maxrm

The Allowed Threats tab specifies any programs that although listed in threat definitions are not harmful and should be ignored by Managed Antivirus agent (for example: remote control tools). The Exceptions tab specifies files and folders that are to be excluded (allowed) by the Managed Antivirus agent. Any files or folders that are considered harmful and are always to be included (blocked) by the Managed Antivirus agent can also be specified here. Warning: this is not recommended and care must be taken to ensure that you do not quarantine (depending on the remediation action specified for Misc category, Misc General sub-category) important system files or folders. Any changes to a Protection Policy are included in the User Audit Report, from the Reports menu. 8 www.gfi.com/maxrm

Step 7 Run scans and view their results The Managed Antivirus Check monitors the Managed Antivirus Agent on each device and will fail if a threat is quarantined and requires intervention, if Active Protection is off and a scan hasn t run for a specified number of days (as specified in the Protection Policy) or the Managed Antivirus Agent stops uploading data. Click More Information to show the number of items in quarantine, when the Managed Antivirus Agent on that device last uploaded data, the status of Active Protection, the date and time of the last Quick and Deep scan and what type of scan is currently running. The Antivirus Protection Report available from the Reports menu, Managed Antivirus Reports shows this same information on all devices at selected clients. It can include details of other Antivirus products monitored by the GFI MAX RemoteManagement Antivirus Update Daily Safety Check on devices where Managed Antivirus is not enabled. Quick and Deep scans will be run automatically according to schedule specified in the Protection Policy for that device. However, they can also be started, paused, resumed and cancelled from the Managed Antivirus Scan option in the Server or Workstation drop down menu in the Dashboard. 9 www.gfi.com/maxrm

Click on the Scans tab to see a history of Quick and Deep scans as well as Active Protection events on that device in the last sixty days. Any traces of threats discovered can be seen by expanding the results of the scan. Step 8 Manage quarantine When traces of a threat are discovered during a Quick scan, Deep scan or Active Protection event, the remediation action specified for that category and sub-category of threat is taken automatically. Although, please note that Active Protection will allow any threats for which remediation action is report and quarantine any threats for which remediation action is delete. The Managed Antivirus Check monitors the Managed Antivirus Agent on each device and will fail, generating an alert, if a threat is quarantined and requires intervention. The Quarantine tab will show all traces of threats that are In Quarantine as well as a history of those traces that have been deleted from quarantine or released from quarantine in the last sixty days. Expand an event to see the file traces in quarantine of the discovered threat. The file traces can then be Released from quarantine or Deleted from quarantine as appropriate by clicking on the Actions drop down menu. 10 www.gfi.com/maxrm

SB0037-v1.0-EN Please note if you release from quarantine, you should also update your protection policies to either change the remediation action for the category of threats or allow the threat (not recommended) to prevent the file traces from being quarantined by Active Protection or the next scheduled Quick or Deep Scan. This can be done from the Policy drop down of the Threats tab, which will prompt you to select which protection policies to update. The Threats tab will list all threats that have been discovered on that device in the last sixty days, when a trace belonging to that threat was last discovered and what remediation action was taken. Expand the threat to see how traces were discovered (Quick scan, Deep scan or Active Protection event), when traces discovered. Expand each event to see what file traces were discovered. The Managed Antivirus Threat Report available from the Reports menu, Managed Antivirus Reports shows this same information on all devices on which Managed Antivirus discovered traces of threats at selected clients within the time-frame specified during last sixty days. Further options will be added to this report in the coming months. 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. 11 www.gfi.com/maxrm

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information