AV Management Dashboard



Similar documents
User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

System Administrator Guide

LabTech Integration Instructions

Sophos for Microsoft SharePoint startup guide

NSi Mobile Installation Guide. Version 6.2

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

LANDesk Management Suite 9.0. Getting started with Patch Manager

FileMaker Server 14. FileMaker Server Help

There are numerous ways to access monitors:

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO


Sophos Anti-Virus for NetApp Storage Systems startup guide

User Guide Online Backup

How To Install & Use Metascan With Policy Patrol

Charter Business Desktop Security Administrator's Guide

ACTIVE DIRECTORY DEPLOYMENT

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

MailEnable Connector for Microsoft Outlook

FileMaker Server 11. FileMaker Server Help

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

PureMessage for Microsoft Exchange Help. Product version: 4.0

Sophos Anti-Virus for Windows, version 7 user manual. For Windows 2000 and later

NetIQ. How to guides: AppManager v7.04 Initial Setup for a trial. Haf Saba Attachmate NetIQ. Prepared by. Haf Saba. Senior Technical Consultant

Basic Setup Guide. Remote Administrator 4 NOD32 Antivirus 4 Business Edition Smart Security 4 Business Edition

HDA Integration Guide. Help Desk Authority 9.0

Oracle Beehive. Using Windows Mobile Device Release 2 ( )

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Administrator's Guide

LabTech Remote Tray. Overview. Accessing the Tray. LabTech

Laptop Backup - User Guide (Windows)

EVENT LOG MANAGEMENT...

FileMaker Server 13. FileMaker Server Help

Thirtyseven4 Endpoint Security (EPS) Upgrading Instructions

Welcome to MaxMobile. Introduction. System Requirements

Actualtests.C questions

Quickstart Guide. First Edition, Published September Remote Administrator / NOD32 Antivirus 4 Business Edition

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Worry-Free TM Remote Manager

WhatsUp Gold v16.3 Installation and Configuration Guide

Installing and Configuring vcloud Connector

Sophos Enterprise Console Help

Managing Qualys Scanners

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Best Practices. Understanding BeyondTrust Patch Management

Core Protection for Virtual Machines 1

Sophos for Microsoft SharePoint Help

FileMaker Server 12. FileMaker Server Help

Sophos Anti-Virus for Mac OS X: Home Edition Help

Configuration Information

Worry-Free TM Remote Manager TM 1

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

MyNetFone Virtual Fax. Virtual Fax Installation

XStream Remote Control: Configuring DCOM Connectivity

Trend Micro OfficeScan Best Practice Guide for Malware

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

pcanywhere Advanced Configuration Guide

Aventail Connect Client with Smart Tunneling

CLOUD SECURITY FOR ENDPOINTS POWERED BY GRAVITYZONE

Welcome to MaxMobile. Introduction. System Requirements. MaxMobile 10.5 for Windows Mobile Pocket PC

VMware/Hyper-V Backup Plug-in User Guide

Using Websense Data Endpoint Client Software

Net Protector Admin Console

Backup Server DOC-OEMSPP-S/6-BUS-EN

Trend Micro KASEYA INTEGRATION GUIDE

SAM Server Utility User s Guide

(Installation through ADSelfService Plus web portal and Manual Installation)

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Comodo Endpoint Security Manager SME Software Version 2.1

XMap 7 Administration Guide. Last updated on 12/13/2009

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Desktop Surveillance Help

Introduction. This white paper provides technical information on how to approach these steps with Symantec Antivirus Corporate edition.

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

PureMessage for Microsoft Exchange Help. Product version: 3.1

Sophos Anti-Virus for Mac OS X Help

Quadro Configuration Console User's Guide. Table of Contents. Table of Contents

How to easily clean an infected computer (Malware Removal Guide)

ESET Mobile Security Business Edition for Windows Mobile

Best Practice Configurations for OfficeScan (OSCE) 10.6

Airtel PC Secure Trouble Shooting Guide

Kaseya 2. Installation guide. Version 7.0. English

Kaseya Server Instal ation User Guide June 6, 2008

Managing Software Updates with System Center 2012 R2 Configuration Manager

IBM Security QRadar SIEM Version MR1. Administration Guide

Citrix Access Gateway Plug-in for Windows User Guide

Additionally, you can run LiveUpdate manually to check for the latest definitions directly from Symantec:

Nexio Connectus with Nexio G-Scribe

Trend Micro TM Worry-Free Business Security Services Integration with LabTech

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

Protected Trust Directory Sync Guide

for Small and Medium Business Quick Start Guide

K7 Business Lite User Manual

FileMaker Server 10 Help

Presentation Reporting Quick Start

Sophos Computer Security Scan startup guide

Transcription:

LabTech AV Management Dashboard AV MANAGEMENT DASHBOARD... 1 Overview... 1 Requirements... 1 Dashboard Overview... 2 Clients/Groups... 2 Offline AV Agents... 3 Threats... 3 AV Product... 4 Sync Agent Data Now... 4 Last Sync Time... 4 Configuration Status... 4 Settings... 5 Column Descriptions... 5 AV Manager Installation... 7 Enabling Communication with the (ERAS) ESET Server... 7 Using the AV Management Dashboard... 12 Acknowledging Threats... 13 Performing Scans... 13 Performing AV Updates... 14 Editing ESET Configuration Settings... 14 Troubleshooting... 16 Document Revision History... 16 Overview The AV Management Dashboard gives you real-time antivirus stats at a glance, making it easier for you to assess vulnerabilities and threats. This version of the dashboard provides integration with ESET and Symantec Endpoint Protection; however, you can still use the AV Management Dashboard for scanning and updating of definitions for all other products listed in the antivirus definitions (Dashboard > Config > Configurations > Virus Scan). Requirements The integration with ESET gives you the ability to edit scanning profiles, turn off realtime file protection temporarily, turn real-time back on if it was turned off by the user, set notifications and turn it on or off. Whereas, the integration with Symantec gives infection detection as well as the ability to create scan jobs and update definitions. For Symantec Endpoint Protection and ESET, a separate server is required. For Symantec Endpoint Protection, you must have the Symantec Endpoint Protection Manager installed and configured. For installation/configuration instructions, please refer to the Symantec Endpoint Protection documentation. For ESET, the virus server console needs to be installed before deploying in LabTech. Refer to the ESET File Server Installation or ERAS Installation documentation for instructions. Once the ERAS server has been installed and configured, follow the instructions in the ESET Installation documentation for licensing and deployment instructions. 19.51.155.AVManagementDashboard 1

AV Management Dashboard Dashboard Overview To access the AV Management Dashboard, select AV Manager from the main tool bar of the Control Center. NOTE: If you do not see the AV Manager button on the main toolbar, the plugin has not been enabled. Select Help > Plugin Manager and select AV Management Dashboard. As you close the window, you may be prompted to reload plugins and to update remote plugins on the agent. Click Yes for both messages. Figure 1: AV Management Dashboard Initially, you will see a list of all computers and the AV Engine that is currently running on that computer, as well as a message box displaying the current status of the plugin. Select the Only Show When Errors Occur checkbox to disable this message from displaying every time. Click OK to close. NOTE: ESET is not enabled by default. Refer to the Enabling Communication with the (ERAS) ESET Server section for additional information. The AV Management Dashboard is split into several sections, each with a specific function and purpose. Each section is explained in the following sections of this document. Clients/Groups The Clients/Groups tabs allow you to filter the data based on client, location or group. By default, the AV Management Dashboard will list all clients. To limit your data to a specific client, expand Clients and select the appropriate client. A green icon checkmark will display to show that it has been selected. The same applies for location. To limit the search to location, select the appropriate location(s). You can also limit your data to specific groups. Click on the Groups tab and select the appropriate group(s). 19.51.155.AVManagementDashboard 2

LabTech Figure 2: Clients/Groups NOTE: The navigation tree will only show clients, locations and groups that you have permission to access. Offline AV Agents Threats The Offline AV Agents option works as a toggle switch to display antivirus agents that are connected and not connected. Default display shows all agents based on your client/location/group selection. Clicking the Offline AV Agents option will display all antivirus agents for the selected client/location/group that have ESET installed, but are not connected. This display option will be indicated by a checkmark. The Offline AV Agents filter is only functional for ESET at this time. The Threats option allows you to search for past threats, by a date range based on your client/location/group selection. The Threats filter is only functional for ESET at this time. 1. Click on Threats. This will display a calendar. Figure 3: Threats The calendar control will default to today s date and will check a date range based on the day you select from the calendar. For example, if August 30 th was selected, the dashboard would return all threats from August 30, 2011 to the current date of the selected year. 2. Select the beginning date to search from (e.g., August 30, 2011). The dashboard will return all threats from the beginning date to today s date. 19.51.155.AVManagementDashboard 3

AV Management Dashboard AV Product TIP: You can click on the calendar month label to view all months in the current year. Click again on the year to view additional years (1990-2019). If you want to view all threats for the month of August, simply select the month instead of the beginning date (1 st ). 3. Click Threats again. The threats that meet the date range you selected will display. A checkmark will display to indicate that the threats shown are the result of a search. 4. To return to the original listing, click Threats again and click Reset at the bottom of the calendar. The AV Product option works as a toggle switch to display antivirus agents that are using specific antivirus products. Default display shows all agents based on your client/location/group selection. Click the AV Products option and place a checkmark next to each option you want to filter for (e.g., ESET NOD 32 v4, Symantec EP 12.1 x64, etc.) and click AV Products again to filter the data for the selected client/location/group. A checkmark will display to indicate that the data is filtered. Sync Agent Data Now The Sync Agent Data Now option allows you to sync data now if you made any changes to the configuration, instead of waiting for the data to be updated at its normal hour interval. When data is sync ing, the title bar will display Sync in progress in green and will appear for both manual syncs and regularly scheduled syncs. Figure 4: Sync in Progress Last Sync Time The Last Sync Time shows the date and time of the last sync, whether it was a manual sync or a regularly scheduled sync. Configuration Status The Configuration Status indicates the current configuration status. If a connection could not be made with the ESET server, verify that the ERAS (ESET) server s FQDN is accurate in Settings and reload the plugin. Figure 5: Connection with ESET Server Successful Figure 6: Connection with ESET Server Not Successful 19.51.155.AVManagementDashboard 4

LabTech You can click on Configuration Status to view the status of the plugin, as well as the last sync time and the next scheduled sync time. Syncs occur approximately every hour. If a manual sync has been done, the regularly scheduled sync will still occur at its regular schedule. Figure 7: Configuration Status Settings The Settings section is for use with ESET to set up the communication with the ERAS server. To enable the communication with the ERAS server, select the Enable the communication with the ERAS Server option and then enter the FQDN or IP address of the ERAS server in the Server FQDN field. When finished, click Save. This will reload the plugin and establish communication if the ERAS server has been installed/configured properly. The Web Service Installer option is for the initial configuration of the ERAS server and is discussed in the Enabling Communication with the (ERAS) ESET Server section of this document. Column Descriptions Table 1: Column Descriptions Column Computer Name AV Engine Definition Date Scanner Status Health Description Displays the computer name as it appears on the Control Center s navigation tree. Will be preceded by the antivirus icon, if integrated. If ESET enabled, ESET icons will display to the left of the computer name. Otherwise, if ESET is disabled, the LabTech logo will display, unless you using a customized Control Center.ico. Displays the antivirus engine installed on the computer. Currently, only ESET will display. Displays the definition date as it appears on the Welcome screen of the agent computer. Displays the scanner status as it appears on the Welcome screen of the agent computer. Displays the current antivirus health of the agent (e.g., not available, clean, infected). 19.51.155.AVManagementDashboard 5

AV Management Dashboard Client Location Last AV Agent Checkin Prod/Threat Version Last Threat Virus Type Virus Name Threat Level Action Taken Policy Displays the client name this computer is associated with. Displays the location of the selected computer. Displays the last time the antivirus agent checked into the ERAS (ESET) server. If Unknown is displayed, integration with ESET exists but antivirus agent has not checked into the ERAS (possibly due to an offline agent). If Not Available is displayed, the computer does not have ESET installed. Displays the version of the current threat or of the last threat, if applicable. Red background indicates a current threat and green background indicates there are no threats at this time. If no threats have ever been detected Not Available will display. Only available if using ESET. Displays the date and time of the current threat or of the last threat, if applicable. Red background indicates a current threat and green background indicates there are no threats at this time. If no threats have ever been detected, None will display. Otherwise, Not Available will display for computers that have not checked in to the ESET server. Only available if using ESET. Displays the name of the virus. Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Displays the type of virus (e.g., email, web page script, file, etc.). Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Displays the file path to the virus file. Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Displays the threat level of the detected virus: warning, normal and critical. Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Displays any action that was taken against the virus (e.g., Cleaned by deleting quarantined). Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Displays the policy applied on the ESET ERAS server. The policy is read-only and cannot be modified from the dashboard. Only available if using ESET. 19.51.155.AVManagementDashboard 6

LabTech AV Manager Installation The AV Management Dashboard can be downloaded from the Marketplace. Once the dashboard has been downloaded, the dashboard will be added to the Plugin Manager, where it will need to be enabled. If you need additional information on how to download from the Marketplace, please refer to the Marketplace documentation. To install the AV Management Dashboard: 1. Download the AV Management Dashboard from the Marketplace. The dashboard will automatically be added to the Plugin Manager. 2. Select Help > Plugin Manager. Figure 8: Plugin Manager 5. Select the checkbox to the left of AV Management Dashboard to enable. Close the Plugin Manager. You may be prompted to restart the Control Center and to tell all agents to update plugin after each selection. 6. Click Yes through these options. 7. Close the Plugin Manager and restart the Control Center. If you are using ESET, please proceed to the next section of this document to enable communication with the ERAS server. Otherwise, you are ready to use the AV Management Dashboard. Enabling Communication with the (ERAS) ESET Server Once you have the ERAS server set up and configured (ERAS Installation), licensing information entered and ESET agents deployed (ESET Installation), you need to establish communication between LabTech and the ERAS server. The AV Management Dashboard plugin is embedded with a file, AV Web Service that is used with ESET. This file must be installed on the ESET server. This is done from the AV Management Dashboard. 19.51.155.AVManagementDashboard 7

AV Management Dashboard 1. From the AV Management Dashboard, click on Settings. Figure 9: AV Management Settings 2. Click on Web Service Installer. You will be prompted to save the file. The filename defaults to LabTech AV Web Service. Leave this as is. Select the location to save the file to and click Save. 3. Run this file on the ESET server. This must be run as a local/domain admin. The user running the MSI needs to have rights to create the application under the default site, application pool and the system DSN for accessing the ESET database. This will install the web service used to communicate with the LabTech server and the DSN. 19.51.155.AVManagementDashboard 8

LabTech NOTE: The ODBC System DSN is used to access the ESET Database. MS Access is installed through the LabTech Web Service installer, by default. This is also the default used in the ESET installation. There are multiple varieties of database engines that can be used with ESET. If you receive errors that indicate that that ESET database cannot be connected or are using a different database, please refer to the AV Troubleshooting Guide. 4. After installing you must run the application pool in IIS under a user that has access to the system registry and ESET directories. Select Start > Administrative Tools > Internet Information Services (IIS) Manager. Figure 10: IIS LabTechWebAV 5. Expand the server on the navigation tree and select Application Pools. 6. Highlight LabTechWebAV from the Application Pools section. 7. Click on Advanced Settings. 19.51.155.AVManagementDashboard 9

AV Management Dashboard Figure 11: Advanced Settings 8. Change the Identity to either LocalSystem or any user you wish that has the permissions to access the registry, ESET database and ESET directories. 9. Click OK. Close IIS. 10. Click the AV Manager icon on the Control Center toolbar. 19.51.155.AVManagementDashboard 10

LabTech Figure 12: AV Manager 11. Click on Settings. Figure 13: Configure ERAS Server 12. Select the Enable the communication with the ERAS Server checkbox. 13. Enter the ERAS Server FQDN or IP address (and port if different from the default) and click Save. 14. Select the Enable HTTPS checkbox if the ESET server is SSL enabled. Figure 14: Reloading Plugin 19.51.155.AVManagementDashboard 11

AV Management Dashboard Once the plugin has reloaded, the dashboard will immediately display when successful. NOTE: If there are no issues with configuration, it will be indicated by the green check mark next to Configuration Status as shown in the screen capture below. Otherwise, if there is an issue, it will be indicated by a red warning symbol. Upon initial installation, there will not be any data showing in the dashboard until it is collected from the ESET or Symantec server. Data is collected approximately every hour from the ESET server and sent back to the dashboard. If using Symantec, any threats are reported back every five minutes. Once data has been collected, each of the columns will populate with the latest data as shown by the following example. Figure 15: Data Collected Using the AV Management Dashboard 1. Click the AV Manager icon on the toolbar in the Control Center. 19.51.155.AVManagementDashboard 12

LabTech Figure 16: AV Management Dashboard Offline computers will be indicated by a grayed out computer as shown by the following example. Figure 17: Offline Computer Any new threats will be indicated by a red background. Highlighting an agent will show the protection features for that computer that are active, not active, present and not present in the bottom of this window. For additional information on these settings and modifying these settings, refer to the Editing ESET Configuration Settings section of this document. TIP: All functionality that exists in the Control Center is also available in this dashboard. Right-click on a computer for a menu of available options. Additionally, double-click on the machine to open the Computer Management screen. Acknowledging Threats Right-click on the agent that has a current threat and select AV Actions > Acknowledge Threat. The threat will be cleaned and deleted without requiring additional user intervention. The background of the AV Last Connected and Last Connected fields for the agent will change from red to green once the threat has been acknowledged. Performing Scans You can perform an on-demand scan by right-clicking one of the agents and selecting AV Actions > Scan. 19.51.155.AVManagementDashboard 13

AV Management Dashboard Performing AV Updates You can perform an on-demand antivirus definitions update by right-clicking one of the agents and selecting AV Actions > Update. Editing ESET Configuration Settings The Edit Configuration option will pull the configuration settings from the ESET server, at the machine level, to allow you to edit the settings and then send back to the server. To view the current settings for an agent, select the agent. This will display the current protection features and their status in the bottom-half of the window. NOTE: This is only available for ESET. To edit the configuration for a single machine or multiple machines: 1. Highlight the agent or agents. If one agent is selected, click the Edit Configuration button for the current settings to display. If multiple machines are selected, the AV Configurations section will display with no current settings displayed. Figure 18: Editing the Configuration Figure 19: AV Configurations 19.51.155.AVManagementDashboard 14

LabTech 2. The AV Configurations section consists of several tabs for different scanning options. Make the necessary changes on each tab. Field descriptions are in the following table. On-Demand Scanner: Allows you to select from different scanning profiles to control the level of scanning. These can then be scheduled at different times of the day, depending on how intense the scan is. For example, the indepth scan would run off-hours; whereas, the smart scan can run during the day. The default profiles in ESET are: In-depth, Shellext and smart. File System Scanner: Allows you to select the level of cleaning for file systems. File System Settings: Allows you to temporarily turn off real time file system protection. If the real time protection was disabled either through the file scans, disabled on the client or set to not start at reboot, it can be turned back on by clicking the Turn On Real Time Protection button as shown in Figure 18. Startup Scanner: Allows you to select the level of cleaning for scanning during the boot up process. POP3Scanner: Allows you to select the level of cleaning for emails. HTTP Scanner: Allows you to select the level of cleaning for web pages. Email Notifications: Allows you to set the recipient and sender email addresses to receive notifications. Notifications can be set on certain events on the ESET server. Table 2: AV Configurations Field Descriptions Field Computer Profile Cleaning Level Unsafe Applications Unwanted Applications File Extensions Exclusions Scan All Files Scan on File Execution Scan on File Open Scan on File Create Description Determines the level of scanning: light scan to in-depth scan. Available options are: Indepth scan, Shellext scan and smart scan. There are three cleaning levels: no cleaning, standard cleaning and strict cleaning. Standard cleaning quarantines the file and strict will delete the file. Select the checkbox to scan for unsafe applications (determined by ESET). Select the checkbox to scan for unwanted applications (determined by ESET). Enter any file extensions that should be left out from the scan. Enter the file extension (e.g., doc) and click Add. To remove, highlight from the list and click Remove. Select the checkbox to scan all files. When selected, provides real-time protection when files are executed. When selected, provides real-time protection when files are opened. When selected, provides real-time protection when files are created. 19.51.155.AVManagementDashboard 15

AV Management Dashboard Automatic real-time file system protection settings Scan Network Disks Scan Local Disks Recipient Email Sender Email Send Email Notifications When selected, provides real-time protection during startup. When selected, scans network disks. When selected, scans local disks. Enter the email of the person that should receive email notifications on certain events, as specified on the ESET server. The Send Email Notifications field must also be enabled for email notifications to be sent. Enter the email address of the person that email notifications should come from. Select to enable email notifications. Recipient Email and Sender Email fields are required for email notifications to be sent. 3. Click Apply Configuration when all changes have been made. A message will display to indicate that the changes were saved to the ESET server. It will take approximately one hour for the changes to get applied. 4. You can click the Refresh button to check the status. The following screen capture indicates that a change was made to the real-time protection Figure 20: ESET Configurations Applied Troubleshooting Please refer to the AV Dashboard Management Troubleshooting guide if you are having difficulty or are receiving errors. Document Revision History Date Notes 09/07/2011 New with 2011.2 10/10/2011 Added additional steps to access and change the settings in IIS. 10/12/2011 Added database information and link to Troubleshooting guide. 10/19/2011 Definition date and AV scanner columns added to the dashboard. 10/18/2012 Updated for 2012 SP1. Added Symantec. Updated ESET information. Updated sync time Added Manual Sync and Last Sync Time 19.51.155.AVManagementDashboard 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information