User Guide Norman Security Portal SECURITY PORTAL Features Cloud-based endpoint management Managed & unmanaged customers Generate client software Statistics & reports Security Module Antivirus & Antispyware protection - endpoints - servers
Norman Security Portal Admin Guide Limited Warranty Limited Warranty This warranty is limited to replacement of the product. We are not liable for any other form of loss or damage arising from use of the software or documentation or from errors or deficiencies therein, including but not limited to loss of earnings. With regard to defects or flaws in the documentation, or this licensing agreement, this warranty supersedes any other warranties, expressed or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. In particular, and without the limitations imposed by the licensing agreement with regard to any special use or purpose, we will in no event be liable for loss of profits or other commercial damage including but not limited to incidental or consequential damages. This warranty expires 30 days after purchase. The information in this document as well as the functionality of the software is subject to change without notice. The software may be used in accordance with the terms of the license agreement. The purchaser may make one copy of the software for backup purposes. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other than the purchaser s personal use, without the explicit written permission of the owner. Names of products mentioned in this documentation are either trademarks or registered trademarks of their respective owners. They are mentioned for identification purposes only. Norman documentation and software are. All rights reserved. Last revised June 2015. ii
Norman Security Portal Admin Guide Contents Introduction...5 System requirements... 5 Network requirements for communication.5 Network requirements for deployment... 5 Help & Support... 6 Contact us... 6 Trial version... 6 About this guide... 6 What is this... 7 How does it work... 8 User privilege levels... 8 Groups, policies and installers... 8 Secure login with an authenticator... 9 The distributor role... 9 The Partner role... 9 The Customer role... 9 Managed... 9 Unmanaged... 9 License tracking and ordering process... 10 Scalability... 10 Security modules... 10 Getting started...11 Login...12 Partner... 12 Customer... 12 Register... 12 How to navigate the portal...13 The top menu... 13 Printing feature... 13 Search... 14 Settings...15 Notifications... 15 My account... 16 Change email address... 16 Change language... 16 Change Password... 16 Show warning messages... 16 Authenticators... 17 Add an authenticator... 17 Delete an authenticator... 19 Recovery key... 19 Get a recovery key... 19 Reset Recovery Key... 19 Account History... 20 Company information... 20 Partner... 20 Customer Trial Link... 20 Customer... 20 License... 20 Request or disable management... 20 Manage users... 21 Help & Support... 21 About... 21 Log out... 21 Home...22 Infections and Quarantine... 22 Summary... 22 Top Customers... 22 Top Malware... 23 Endpoints Status... 23 Endpoints per Policy... 23 Customers...24 Add a customer... 24 Dashboard... 25 Users... 25 Information... 25 Deleting a customer... 25 Requesting or disabling management... 26 Disable management... 26 Request management... 26 iii
Norman Security Portal Admin Guide Contents continued... Endpoints...27 Groups... 27 Customized groups... 27 Default groups... 28 Graphical presentation... 28 Endpoint overview... 28 Move to group... 28 Assign policy... 29 Delete endpoint... 29 Policies...30 Standard policies... 30 Antivirus configuration... 31 Real-time Scanner... 31 Scan files on network drives... 32 Scan for potentially unwanted software.32 Advanced options... 32 Cleaning options... 32 Allow user to disable real-time scanner from endpoint... 32 Enable real-time scanner... 33 Manual and Scheduled Scans... 33 Install Screensaver Scanner... 33 Scan for potentially unwanted software.33 Advanced options... 33 Cleaning options... 33 Scheduled scans... 33 Quarantine... 34 Exclude paths or extensions... 34 Path or extension to exclude... 34 Apply to... 34 Updates and Other Advanced Options... 34 Virus definition and software updates.. 34 Use Proxy settings... 34 Use distribution point... 35 Other advanced options... 36 Installers...37 Generate installers... 37 Delete installers... 38 Download and distribute installers... 38 Installing on endpoints... 39 Removing existing antivirus... 39 Executing installers... 40 Quarantine...41 Administer the quarantine... 42 Requested Uploads... 43 Download uploaded items... 44 Delete requested upload... 44 Delete items... 44 Restore items... 44 License use...45 Lead license use... 45 License use per customer... 45 Client interface...46 Administration... 46 Settings... 46 Display GUI on endpoint... 46 Use... 47 Scan your computer... 47 Disable the Real-time scanner... 47 Uninstall the antivirus application... 47 Screensaver scanner... 47 iv
Norman Security Portal Admin Guide Introduction Introduction System requirements Below you will find system requirements as per writing this user guide. We strongly recommend that you confer with our frequently updated requirements at http://www.norman.com/business/system_requirements Operating system (antivirus client) Windows Windows Windows Windows Windows Windows Windows Windows Server Windows Server Windows Server Windows Server Windows Server Windows Server XP 32-bit SP3 Vista 32-bit SP1 Vista 64-bit 7 32-bit 7 64-bit 8/8.1 32-bit 8/8.1 64-bit 2003 32-bit SP1 R2 2008 32-bit SP1 2008 64-bit SP1 2008 R2 64-bit 2012 64-bit 2012 R2 64-bit Internet Browsers (portal administration) Mozilla Firefox latest version Internet Explorer latest version Opera latest version Chrome latest version Note that browsers must be configured to use TLS 1.2 or higher Hardware (client) Processor (CPU) Memory (RAM) Disk space 1,5 GHz 1 GB 1,5 GB Network requirements for communication Ports 80 and 8444 must be open (egress-filtering) in the firewall/router in order for the endpoints to update and communicate with the portal. Network requirements for deployment Before you install client software, make sure there are no other antivirus products installed on the endpoints and that you have administrator rights on the computer. 5
Norman Security Portal Admin Guide Introduction Help & Support We provide technical support and consultancy services and security issues in general. For training or technical support issues please contact your local dealer or a Norman Office. Search web support articles for frequently asked questions and other support issues or visit our blog which contains articles with relevant information and scenarios. Support http://www.norman.com/support. Blog http://blogs.norman.com Contact us Please refer to the last page of this document for a list of offices and web addresses, or visit our web site for an up-to-date overview of our offices and countries. Contact us http://www.norman.com/home_and_small_office/contact_us Trial version It is easy to get hold of a version of the Norman Security Portal; register for a trial version online, activate your account from the email you receive, log in. Set up groups and policies, generate and run installers on the endpoints, and start to monitor and manage your network. Norman Partners Certified partners should register with Norman directly, even for testing purposes. Customers If you are assigned a service provider (Norman Partner) already, you should preferably register directly with the provider, or else you will be assigned one after signing up for a trial. For both parties, see also Login on page 12. About this guide This guide describes the software options and configurations to get you started with the application, giving you the basic information needed. See also the short intro chapter Getting started on page 11. 6
Norman Security Portal Admin Guide Introduction What is this Norman Security Portal with antivirus is a cloud based solution for endpoints and servers. Built from the ground up and using state of the art technology, it does not sacrifice security for convenience. It is a great fit for businesses of all sizes, protecting computers both on and off premise with around the clock antivirus updates. Access Norman Security Portal from anywhere, with any web browser and generate installers, manage endpoints and view the security status of your network directly in your web browser. Security was never easier than this. The Norman Security Portal enables customers, service providers and Norman to manage endpoints from a centralized web portal (cloud) and control policies that assist in securing the endpoints. The endpoint antivirus software is new and completely customized to work efficiently as a part of the Norman Security Portal infrastructure. It is controlled by Norman Security Portal and is completely redesigned using a next generation scan engine, well prepared to handle the threats of today and tomorrow. 99 Easy setup, rapid and effective cloud managed service 99 Easily manageable for service providers 99 Easy handling of security for your customers 99 Easily manageable for customers 99 Protects your network from malware 99 Included the next generation antivirus software 99 Best protection against new threats. 7
Norman Security Portal Admin Guide Introduction How does it work Norman Security Portal is a hosted service for managing endpoints in a network via a web interface. With endpoint management as a service, customers and partners can manage endpoints and control policies that assist in securing the endpoints. This is all done from a web portal (the cloud), and there is no need to install endpoint management software. Certified partners (service providers) register an account with Norman or a Norman distributor. They add customers to their account, and both the service providers and the customers are able to logon and monitor the endpoints. Of course, the customer can only view their own endpoints, while the partner can view all their customers and their endpoints, as long as the customer is managed. The security portal home page presents a few relevant parameters and gives an overall view of customers and endpoints. See Home on page 22. The top bar menu options view differ from a logged in service provider to a customer. As a service provider, as opposed to a customer, you will have multiple customers with endpoints registered. You are required to select a customer to access the endpoints view. This is why you find the Customers option on the service provider s menu only. In addition you have other options to view customer information which is relevant for the partner-side customer management. This information stems from data that the logged in customers can view from the settings menu when logged into their account. See also How to navigate the portal on page 13. For a customer who becomes unmanaged the service provider s access is reduced to the information menu. The customer is moved from Managed Customers to the Unmanaged Customers section of the service provider s customer list. See also Unmanaged customers on page 24. User privilege levels Account users are granted different levels of privileges; see also This menu presents a graphical overview per customer, like the graph on the customer s home page. on page 25: User - As a user you can monitor endpoints, users and policies, but you cannot remove or add items Administrator - As an administrator you can do everything Groups, policies and installers For large customers you can group endpoints for better control and overview. Create one or more suitable groups and assign a policy for each group before you generate endpoint installers from the portal. See Groups on page 27 and Policies on page 30. An installer consists of a framework and an antivirus module. It is distributed to the endpoints for installation. See Installers on page 37. Once the installation is complete the endpoints become visible from the portal enabling the administrator to approve and manage them. The endpoints receive virus definition files and software updates as soon as they are approved in the portal. Ports 80 and 8444 must be open (egress-filtering) in the firewall/router in order for the endpoints to update and communicate with the portal. If you configure and run non-interactive installers with automatic approval on the endpoints they are automatically moved to the right group without any interaction. This requires that you have complete control over the endpoints, but you should always verify the approved endpoints regardless. 8
Norman Security Portal Admin Guide Introduction Secure login with an authenticator Secure authentication is extremely important for a cloud based system. We recommend that you use our two-factor authentication app Norman Authenticator when you log in to the portal. The app is available for Android devices and you can download it from Google Play. See Authenticators on page 17. You should always create a recovery key when you use an authenticator. With the recovery key you are always able to log in even if your device is inaccessible for some reason, or stolen. See Get a recovery key on page 19. The distributor role This is the top level distribution line where Norman and Norman Distributors reside. Only they are certified to register partner accounts in Norman Security Portal. When registered partners add or edit a customer license, an email order is sent to Norman or to the distributor for some countries. The Partner role A partner account is registered with Norman (or a Norman distributor for some countries). Our software is sold through our certified partners (the customer s service providers). When you sell licenses to your customers it means that you add customers to your security portal partner account. (See Login on page 12). The partners install and maintain security software and provide assistance to their customers. Some customers have dedicated technical personnel so that they can handle security issues internally. Others have no internal technical resources and depend on external human resources to maintain the security in their network. Since most of our customers have their core business on other areas than technology, our partner is often both a human and a technical resource they depend upon. An important feature of Norman Security Portal is to help partners improve the level of service they can provide for their customers. From the security portal the partner can administer and monitor security on any of their customer s networks. It is up to the customer to make this information available for the partner, and the partner can then make sure customer security is handled properly. The Customer role A customer is assigned to a service provider; a certified Norman partner. Customers are managed or unmanaged and in both cases the service provider handles purchase and termination of the customer s licenses. Customers are by default assigned to Norman until they become assigned to a service provider. Managed Managed customers allow a service provider to monitor and manage endpoint security. Customers that do not have dedicated personnel to do the work, or do not want to spend internal resources on security management may need management via the portal. For such customers the service provider can offer to monitor and manage endpoint security. See also Managed customers on page 24. Unmanaged Unmanaged customers monitor and manage endpoint security themselves. Some customers may have the knowledge and people to manage and monitor their own network security. In that case there is no need for the service provider to see the customer s network topology. Such customers are still assigned to a service provider who assists with license purchase or termination. When an unmanaged customer needs assistance they can request management via the security portal. This will immediately enable the service provider to view and manage the customer s endpoints. Both the service provider and the customer can disable management again. See also Unmanaged customers on page 24. 9
Norman Security Portal Admin Guide Introduction License tracking and ordering process Norman Security Portal keeps information about the partner and its customers and licenses. The portal communicates with our customer management system and tracks the purchased licenses and the number of seats in use. Information about the account and licenses from the CRM system is intercepted by the portal, which avails the partner to add customers and endpoints, and the customer to add endpoints. The service provider handles the practical purchase and termination of licenses for their customers. All customers are assigned to a service provider (a Norman certified partner or Norman). The security portal generates a license expiry date upon registration, while future updates are done via our internal customer management system as the security portal receives data about changes from that system. There is one exception though, since the security portal can handle conversions from trial customers into licensed paying customers. Scalability The unlimited technicalities of Norman Security Portal invite also larger customers to use the product. It is designed to efficiently handle any number of endpoints and automatically scales to the customer s needs. With the opportunity to add groups and assign several policies per customer, you can still maintain a good overview even if the company has thousands or more endpoints. Security modules Norman Security Portal is flexible and can manage any security module to create and maintain a secure platform. We can add, change or remove security modules which communicate with Norman Security Portal via a predefined interface. For now we have added an antivirus module to work with the framework. 10
Norman Security Portal Admin Guide Getting started Getting started 1. Login (See Login on page 12) Register a partner account with Norman. A customer registers an account via their service provider (a partner), or they can register for a trial via the login page. Go to the login page. Add authenticator Install Norman Authenticator, a two-factor authentication app for secure logins to the portal. Download the app from Google Play and install it on your Android device. (See Authenticators on page 17). You should get a recovery key when you use an authenticator. (See Get a recovery key on page 19.) Partner (service provider) vs. customer Service providers will see relevant data about their customers with endpoints, while customers will see their endpoints only. Service providers select a customer first to view more details for that customer. Managed/unmanaged customers The service provider handles everything for the managed customers, while the unmanaged customer handles everything themselves except from the license purchase, extension or termination. 2. Partners only: Add customers (see Customers on page 24) Configure your account and add users with the necessary privileges; User or Administrator. Add your customers and enter the required account information and users. 3. Create groups ( Endpoints on page 27) Create rational groups. Divide the endpoints into groups and get better control over larger customers. For smaller companies you can configure the installer to automatically approve the endpoints. With a predefined group the endpoints are then automatically approved and moved to the predefined group. 4. Create policies (see Policies on page 30) Assign a policy to each group that you created. It is sufficient to use one of the standard policies to start with. If you configure the installer to auto-approve endpoints, and you predefined a group, the endpoints are automatically approved and moved to the right group and assigned the predefined policy. 5. Generate installers (see Installers on page 37) Generate installers for the endpoints. Generate one installer per group if you configure it to automatically approve the endpoints. The endpoints are then automatically approved and moved to the right group. Select interactive or non-interactive installer type. The non-interactive installer is self-extracting and installs automatically, while you must manually open and run the interactive installer. 6. Run installers on the endpoints (see Download and distribute installers on page 38) Distribute and run installers on the endpoints. Once the software is installed the endpoints communicate with the security portal. Ports 80 and 8444 must be open (egress-filtering) in the firewall/router. The endpoints appear in the unapproved group assigned with a default policy. Approve and move the endpoints to groups and assign policies. If you configured automatic approval and selected a group and a policy the endpoints are automatically moved to the group and assigned the policy you selected. 7. Approve endpoints, manually or automatically (see Generate installers on page 37) Once the endpoints are approved they receive software and virus definition updates. At a determined time interval they communicate with the security portal and informs about their status or incidents. 8. Ready to monitor customers and endpoints Customers are registered and you have executed the steps above. Use a web browser to log in to the security portal from anywhere and start to monitor endpoints. Remember to use Norman Authenticator, the two-step authentication app for a secure login to the portal. (See Authenticators on page 17) 11
Norman Security Portal Admin Guide Login Login The Norman Security Portal URL is https://securityportal.norman.com/login. Use a two-step verification app for a secure login, see Authenticators on page 17. We distinguish portal accounts by partners and customers. Customers are registered with a license, while the partner is registered as a manager of customers with licenses. A customer is managed or unmanaged, still, always assigned to a service provider (partner). Read more about this in The Partner role on page 9, The Customer role on page 9, Customers on page 24 and Endpoints on page 27. Partner Certified Norman Partners must register an account directly with their Norman office (or with the Norman distributor for some countries), before they can start to add customers. Contact your local Norman office if you are not registered yet. See also The Partner role on page 9. If you want a license for your own network and endpoints, you can add yourself as a customer in your partner account and purchase a license. Customer If you are a customer please contact your service provider or contact Norman to learn how to get a license. If you simply want to try Norman Security Portal for free, you are welcome to do so - just register and try it. See the next paragraph on how to register for a trial. See also The Customer role on page 9. Register If you are a trial customer you can register an account from the login page (or you can contact your service provider and ask them to set up a trial for you). You will receive an email with a link to confirm your registration, which you must confirm before you can log in, and so must any user that you add to the account. Email address duplicates are not allowed in the portal. Select Register new account and fill in the form on the Register Account page. Click the globe at the top of the page to change the application language. Enter the required information and the image check, and click Register to complete. Check your email to confirm the registration. Go to Norman Security Portal login page at https://securityportal.norman.com/login Who can register If you are a certified Norman Partner and you have not registered an account yet, please contact Norman. If you are customer, please contact your service provider (a Norman partner), or contact Norman and we will assign you to a partner and register you for a trial. 12
Norman Security Portal Admin Guide How to navigate the portal How to navigate the portal The top menu Select from the top menu bar to navigate the portal, use the search feature to search the portal, or enter the settings to view account information or notifications. The top menu options view differs based on whether you are a logged in service provider (partner) or a logged in customer. Access to relevant data about the customers is essential for a service provider, while customers only need access to see data about their own endpoints. Customer Service Provider A service provider with several customers selects a customer to access that customer s details, like endpoints, groups and policy details. The menu is expanded with a submenu once a customer is selected. The submenu contains a few more options compared to the customer menu, like Dashboard, Users and Information. The Users and Information pages display the customer s account data and equals the information that the customer can view via the settings menu. The Dashboard displays a graphical representation of infections and quarantine, endpoint status, endpoints per policy and top malware for a customer. This page equals the logged in customers home page. Printing feature Click the print icon from any page for a printer friendly page. 13
Norman Security Portal Admin Guide How to navigate the portal Search You can search any part of the security portal for endpoint names, operating systems, user names, policy names, group names, IP-addresses, quarantined item filenames, etc. Enter a search subject and click the search symbol. The search results page appears with the results from your search. The results are sectioned into relevant areas of the portal. For each area you can click a result entry to view more details. Narrow your search Click the search drop-down menu and select an area from the list to narrow your search. Remember that if you select a specific area like this, the search takes in results only from that area. 14
Norman Security Portal Admin Guide Settings Settings From this page you can view notifications from the portal, administer your account or add users, get help, read about the product or log out. From the My account option you can add or remove authenticators, get or reset the recovery key, and more. Other options enable you to edit the company information and add or remove users. The help and support section features a search option that links to our support web page and support articles herein. The Settings menu and options apply to the partner account for the logged in partner, while management of a customer s account is done from the Information or Users options. Likewise, the Settings menu applies to the customer account for the logged in customer. Notifications From this section you can view security portal event notifications, which stems from activity on the account you are logged in to, service provider or customer. Partner notifications include customer, license, user or company account events. Customer notifications include endpoint, group, policy, installer or user events. Clicking Mark All Read or Delete All will mark all the notifications as read or delete them all in one go. Alternatively you can select one or more notifications at a time and mark them as read (envelope icon) or delete them (trash can icon). 15
Norman Security Portal Admin Guide Settings My account From this section you can edit your account Administrator user, change language, configure notifications, change your password, add or remove authenticators, get recovery key and view account history. Change email address The account user is the logged in user. You can edit your name and phone number, but not the email address since it is unique to the portal. If you want to change your email address, you must add a new user with the new email address, before you can delete the old one. Log in with your old email address. Create a new Administrator user with your new email address. Log out from the portal. Check your new email inbox for the confirmation email. Confirm the user account registration and log in with your new user. Delete the old Administrator user from Manage Users. Change language Select a language from the Language Preference drop-down menu and click Save to confirm. Change Password This is where you change your account user password. Enter your current password and your new password, then repeat your new password and click Change to confirm. The new password will take effect the next time you log in to the portal. If you forgot your password go to the portal login page and click Forgot your password? A message with a link to set your password is sent to your email address. Show warning messages Select all the options if you want a warning message when you try to delete groups, endpoints or policies. If you deselect these options the portal will never warn, but immediately execute your action to delete. 16
Norman Security Portal Admin Guide Settings Authenticators This section describes how to use the two-factor authentication mechanism for secure logins to the portal. Norman Authenticator is an app developed to support a two-factor authentication and provides an extra layer of security to your user account. This drastically reduces potentially unwanted access to the portal in case your user credentials are stolen. Download Norman Authenticator from Google Play (supports Android devices). In a cloud-based system, secure authentication is extremely important. You should therefore always use the two-factor authentication app when you log in to the portal. Add an authenticator 1. Download Norman Authenticator from Google Play. Install the app on your Android device and open it. You are prompted for an activation code. 2. Log in to the portal and go to the Authenticators section in Settings > My account. 3. Get Recovery Key First you should get a recovery key which enables you to log on to your account in case your device should become unaccessible. You can click Skip to omit this step, although we strongly recommend against it. When using an authenticator you need either your working device with the app installed or a recovery key to log on to your account. Click Get Recovery Key and write down the key that appears on your screen. If you already got a recovery key the button text toggles to Reset Recovery Key. Reset the key if you cannot find or have lost your previous key. Remember to write down the new key. The previous one is deleted when you reset your key. We strongly recommend that you have a recovery key when you use an authenticator, or else you may not be able to log in to your account. (See Get a recovery key on page 19). 4. Add authenticator Make sure that you have your device at hand before you proceed. a) On your device, open the Norman Authenticator app. 17
Norman Security Portal Admin Guide Settings b) In the portal, click the plus icon to add a new authenticator and an activation code appears. c) On your device, enter the activation code in the Activation Code field and click Save to confirm. d) In log out from your portal account. e) Your device is ready to authenticate a login to the portal. 6. Settings Edit the app settings or continue to the next step if you want to change them at a later time: Press the cogwheel icon to open the app Settings: -- Set a Password for the app login. A password adds extra security when you use the authenticator app on your device. -- Select a Language for the application. English, German and Norwegian are available and more languages will come. -- Reset to original settings. If you select this option you will reset the language and password to factory settings. -- Deactivate the Authenticator. If you deactivate the authenticator from your device it is made unusable on that device, but it is not removed from the portal. Always remember to remove the authenticator from the portal before you deactivate it on your device, or else you cannot log in to the portal, unless you have another authenticator or a recovery key. If you deactivate the authenticator from your device it is not removed from your portal account. If you deactivate the authenticator like this, you will need another authenticator or a recovery key to log in to your account (see next page about recovery key). 7. With your device at hand, open the portal login web page in your browser and log in as usual. Notice the token that is displayed. 8. Open the authenticator app on your device and press Authenticate. Make sure you are connected to Internet. 9. Compare the token from the portal login dialog with the token on the app s Confirm login dialog. Press Allow to confirm the identical token and a legitimate login. If it is an illegitimate attempt, e.g. the tokens does no match, press Deny. The app authenticates your login and gives you access to the portal. Repeat steps 7 to 9 each time you log in to the portal using an authenticator; attempt a login to the portal, press authenticate, compare tokens, press allow, and you are logged in. 18
Norman Security Portal Admin Guide Settings Delete an authenticator Always delete the authenticator from the portal before you deactivate it on your device - never the other way round. If you uninstall the authenticator app or deactivate the authenticator from your device it is not removed from the portal. You will not be able to access your account, unless you have a recovery key or another authenticator to log in with. In case of emergency: If you cannot log in with your authenticator and you do not have a recovery key, please contact Norman. We will follow comprehensive security procedures to make sure you are the right owner of the account, protecting your user and the account. Recovery key Get a recovery key A recovery key is a backup key that enables access to your account. Write down the recovery key and keep it in a safe place. Do not save the key on your computer or device. Go to Settings > My account and select Get Recovery Key. Write down the key. We strongly recommend that you get a recovery key when using an authenticator. If you lose your device, the recovery key is used to access your account. In case of emergency: If you cannot log in with your authenticator and you do not have a recovery key, please contact Norman. We will follow comprehensive security procedures to make sure you are the right owner of the account, protecting your user and the account. Reset Recovery Key Once you have generated a recovery key for the first time, you can reset it whenever needed. The new key will delete your current key and create a new one. Make sure to write down the new key and keep it in a safe place. Do not save the key on your computer or device. After a reset you can destroy your old key which is rendered invalid. Go to Settings > My account. Select Reset Recovery Key. Click Reset to confirm deletion of the current key and generate a new one. Write down the key. 19
Norman Security Portal Admin Guide Settings Account History The account history displays events, like when you were logged in, at what time and date, from what IPaddress, in what country, and what browser and operating system you used. Company information This section contains information about your registered company name and country. When you change your company name or switch country the change is communicated to our customer relationship management system and updated accordingly. Other information in this section alternates between a partner and a customer account and is described separately in the next paragraphs. Partner The partner account is a management account and there is no license information to display, as there is none. If you want a product license to manage your own endpoints, you can register your company as a regular customer and purchase the license you need as you would for any customer. Customer Trial Link The customer trial link is an auto-generated url located in the company information section of your partner account. The url contains data about you and the address to our trial registration page. Copy the url from the portal and send it via email to a customer who wants to register for a license or a trial. Add some instructions to your email on how the customer should proceed. Customers that use your trial link when they register are auto-assigned to your partner account. Customer From the company information section you can view your registrered company name and country and your license details. In addition, you can make a management request to your service provider, or select to disable the service provider s management of your account. License The allowed number of endpoints indicates how many licensed seats you have purchased, while the approved endpoints indicates how many of the purchased seats that are actually in use. The number of available endpoints indicates purchased seats minus the number of endpoints that are approved. Request or disable management You can make a management request to your service provider. If you are managed, you can disable management so that the service provider no longer have access or permission to manage your account. With this feature customers can manage their endpoints themselves and yet they have the opportunity to request immediate help if needed. See Requesting or disabling management on page 26. Only the customer can set the unmanaged state to be managed again. The partner can disable management for a customer, but cannot enable management once disabled. 20
Norman Security Portal Admin Guide Settings Manage users From this option you can add, edit or remove a company account user. Click the plus icon to add a user or select a user name entry to edit or delete a user. You can grant users administrator or user privileges. Only an Administrator user can add, delete or edit the account users. User type User Administrator Can monitor endpoints, users and policies, but cannot remove or add items Can do everything Help & Support In this section you can search our web for relevant support articles with the security portal search feature. Search results are displayed in the portal as links to web pages. Click a link entry to go to the web page if you want to read more about a search result. At the right-hand side you will find an email address and a phone number if you want to send us an email message or call us for help. About This section contains information about the product. In addition to the product version number you will find web links about contact infomation, our terms of service and privacy policy, and open source information. Log out Right click the Settings icon and select Log out. 21
Norman Security Portal Admin Guide Home Home This is the security portal home page and it is the first page you see when you log in to the portal. The home page displays a numeric summary of connected endpoints, groups, policies and quarantined items. The graphical representations and data varies between a logged in customer or a partner. The home page displays the service provider s customers and endpoints. When a customer is logged in the home page displays that customer s endpoints. Infections and Quarantine This graph displays the number of items quarantined per day. Hover the graph with your pointing device to see the dates and the number of items. Graphical overview - service provider s view Summary Partner view only: This summary is adjusted to service providers and gives you a quick first hand status overview of customers, endpoints and quarantined items. Click an entry to view more details. Top Customers Partner view only: This graph is adjusted to service providers and represents your customers with the most endpoints registered. Hover the graph with your pointing device to see more details. Click a customer name below the graph to hide it from the graph view. Click again to show it. 22
Norman Security Portal Admin Guide Home Top Malware This chart represents a list of malware types that are the most detected ones in customer networks. The malware list represents the total of a service provider s customer data, or the total of the endpoints data for a customer. The data is collected from the quarantine. Graphical overview - customer s view Endpoints Status Customer view only: This chart is adjusted to customers and toggles between the percentage of online and offline or approved and unapproved endpoints. Offline endpoints are endpoints that have not reported back to the portal within a given amount of time. Unapproved endpoints have the client software installed and communicate with the portal, but they are not yet approved. Endpoints per Policy Customer view only: This graph is adjusted to customers and represents the amount of endpoints assigned per policy name. You can click a policy name below the graph to hide the policy from the graph. Click again to show it. 23
Norman Security Portal Admin Guide Customers Customers Customers are placed in the groups managed or unmanaged when they are added to the portal. Select a customer to view more details. Service providers cannot access unmanaged customers, but can view and handle the customer s information and license from the Information option. Add a customer Click the add icon and enter the required fields; company information, contact information, management select, license period and number of endpoints. Once you have registered a new customer and notified us formally we will activate the customer s license. Add groups and policies and generate installers. See also Groups on page 27, Policies on page 30 and Generate installers on page 37. Managed customers Customers are managed or unmanaged. A service provider manages the license and endpoints for managed customers. The service provider adds the customer with users, groups and policies. Once the client software is installed on the customer s endpoints the service provider can see and handle them from the portal. Both the customer and the service provider can request that a customer becomes unmanaged. See also Requesting or disabling management on page 26. Unmanaged customers Customers are managed or unmanaged. A service provider hosts the license and endpoints for unmanaged customers. The service provider cannot see or manage the customer s endpoints, add users or access the customer s account, except from via the information page where the customer s license is handled. If you want to switch from unmanaged to managed, you can make a request via your account settings. See also Requesting or disabling management on page 26. The following menu options are explained in their own chapters: Endpoints - Endpoints on page 27 Policies - Policies on page 30 Installers - Installers on page 37 24
Norman Security Portal Admin Guide Customers Dashboard This menu presents a graphical overview per customer, like the graph on the customer s home page. Users This menu option is available from a partner account and is accessible only if the customer is managed. The partner can view and manage the customer account users. The customer information is available also to the customer from Settings > Manage Users, when he/she is logged in to his/her account. Users are categorized as User or Administrator. User Administrator Can monitor endpoints, users and policies, but cannot remove or add items Can do everything Information This menu option is available for partner s and it is accessible whether the customer is managed or not. This is the sole access point to unmanaged customers, enabling the partner to handle the customers licenses. You can view and edit the customer s company name with details and you can disable management for a customer. The customer s management status is shown on this page. You can also delete a customer from this page. Customer information is available to the customer from Settings > Manage Users, when he/she is logged in to his/her account. Deleting a customer From the information page partners are able to delete a customer. You are prompted when you try to delete a customer, since this action cannot be undone. When deleting a customer like this the customer entry and its data will disappear from the portal. However, the deleted customer s license and updates will run until Norman or the distributor receive confirmatory information. In most cases partners should not need to delete a customer like this, unless the relation with this customer is already terminated. Click Delete Customer and then OK to confirm. Deleting a customer cannot be undone. If you deleted a customer by accident please call Norman (or your distributor) for assistance. 25
Norman Security Portal Admin Guide Customers Requesting or disabling management Both the service provider and the customer can disable management for the customer, the service provider via the information page and the customer via the company information settings. However, it s only the customer who can re-establish management again. Disable management Note that if you are a service provider, once you unmanage a customer you do no longer have access or management permissions to the customer account and you cannot revert the customer to become managed. Partner: Go to Customer > Information, deselect Managed customer and click Disable Management. Customer: Go to Settings > Company Information, deselect Managed customer and click Disable Management. Partner s view The customer is managed Managed customer was deselected The customer is unmanaged The unmanaged customer must him/herself enable management again. The service provider has no influence on the unmanaged customer, except to handle the customer s company information and license. Customer s view The customer is unmanaged Allow service... was selected The customer is managed Request management If you are a customer, you can enable management at any time. Your service provider will get acces to your account immediately after having accepted your request to be managed. Go to Settings > Company Information, select Allow service provider to manage and click Request to be Managed. The service provider receives you request and is ready to assist immediately after clicking Accept. 26
Norman Security Portal Admin Guide Endpoints Endpoints This page displays an overview of the endpoints in form of group names, ungrouped or unapproved endpoints, graphical presentation of the groups and the endpoints status. This page also presents a list of the endpoints and details like group, policy and operating system (OS). Ports 80 and 8444 must be open (egress-filtering) in the firewall/router in order for the endpoints to update and communicate with the portal. When a customer is registered you should create rational group names and move endpoints to the groups. Especially with customers that have a large number of endpoints you get better overview and tighter control when you divide the endpoints into groups. Select a group name or a column entry from the endpoints list to view more details. Click an endpoint name for a detailed view of the endpoint. Groups Customized groups This section displays the group names that you create for a customer. From the groups view you can easily assign endpoints to another policy, move endpoints to a different group, delete endpoints from the group, or delete the group name altogether. Click a group name to view endpoint names, group name, the assigned policies and operating system for the endpoints in that group. If you delete a group (name) its endpoints are moved to the Ungrouped folder. The policy will stick to the endpoint. 27
Norman Security Portal Admin Guide Endpoints Default groups The default groups are preset and contains endpoints that are set as distribution point, are ungrouped or are not yet approved. Distribution point This group contains endpoints that are appointed as distribution points. They are automatically moved to this group once appointed. See also Use distribution point on page 35. Ungrouped This group contains approved endpoints with the antivirus application installed. They communicate with the portal, but they are not yet moved to a group. Approving endpoints should include moving them to a defined group and assigning them a policy. We recommend that all endpoints are assigned to a group, which is rational and gives a better overview and control over the endpoints. Unapproved This group contains unapproved endpoints with the antivirus application installed. They communicate with the portal, but they are not yet approved. Once you approve the endpoints in this group they are moved to the default ungrouped group. Approving endpoints should include moving them to a defined group and assigning them a policy. We recommend that all endpoints are assigned to a group, which is rational and gives a better overview and control over the endpoints. Graphical presentation The groups and status graphs presents groups and online/offline or approved/unapproved endpoints for a selected customer. Use you pointing device to hover the charts for more details. Endpoint overview The list at the bottom Endpoints page displays all the endpoints for the selected customer. You can sort endpoints by the column; endpoint name, group, policy or operating system (OS). Use the Search feature to search for specific endpoints, groups, policies, operating system, and more. See Search on page 14. Move to group You can move one or more endpoints at a time to another group. Select the endpoints you want to move. Click the move group icon (folder). From the drop-down menu select a group and click Move. The endpoints you selected are immediately moved to the new group. 28
Norman Security Portal Admin Guide Endpoints Assign policy You can assign a policy to one or more endpoints at a time. Select the endpoints you want to assign a policy. Click the assign icon (document). From the drop-down menu select a policy and click Assign. The endpoints you selected are immediately assigned to the policy. Delete endpoint You can delete one or more endpoints at a time. Select the endpoints you want to delete and click the trash can icon. Unless you chose to not show warning messages from Settings > My Account you are prompted when you try to delete endpoints. Click OK to confirm the deletion. If you select Do not ask again from the deletion prompt dialog, you will not be asked the next time you try to delete endpoints. When you delete an endpoint it is immediately removed from the security portal. The next time the endpoint communicates with the portal, it is recognized as a deleted endpoint and the endpoint software is uninstalled. If you delete an endpoint from the portal, the client software is uninstalled from the endpoint and it will no longer receive updates or be protected. If you need to add a previously deleted endpoint, you have to follow the procedures for adding a new endpoint; install the client software and approve the endpoint. See Generate installers on page 37, Unapproved on page 28 and Move to group on page 28. 29
Norman Security Portal Admin Guide Policies Policies Policies are sets of rules which define the antivirus application and the update settings. You can create several policies per customer and assign groups of endpoints to them. Standard policies The portal comes with a few standard policies that contains the minimum configurations needed for a secure environment. Use the standard policies as starting point and configure it to your needs. It is easy to change the policy configuration at a later point if needed. Admin Desktop This policy is configured for users with special privileges allowing them to disable the real-time scanner. Desktop This policy is configured for standard users. The ability to disable the product is restricted. The screensaver scanner, which scans the computer when it is idle, is enabled. Server This policy is configured for servers. No scheduled scans are preset. Silent Desktop This policy is configured for users who should not get notifications from the product as well as no trace of it in the system tray while being protected. The user can still use the right-click scanner to invoke a manual scan. 30
Norman Security Portal Admin Guide Policies Antivirus configuration Real-time Scanner The real-time scanner works in the background and offers automatic protection of your system. Enable it at all times as it is an essential virus control component. This is why the real-time scanner is enabled by default. The real-time scanner is an essential component and should be enabled at all times. Real-time scanning is an ongoing process that monitors critical activities on your system. This involves file access and copy/move to other drives or directories. Whenever a file is accessed in a read/write operation or a program is executed, the real-time scanner is notified and scans the file on the fly. 31
Norman Security Portal Admin Guide Policies Scan files on network drives Select this option if you want to scan shares that you have access to on remote computers, since files on network drives are not scanned by default. The real-time scanner s behavior depends on the user rights of the logged on user when files residing on network drives are scanned. When the Real-time Scanner sees a file that is opened from a network drive, it scans the file as usual. However, it is unable to repair or remove an infected file, unless the logged on user has write access to the file or folder in question. Still, access to the infected file is denied. Real-time scans in networks is intended for a situation where servers do not run antivirus software to avoid that the same files are scanned twice once on the server and then again when they are opened on the endpoint. The consequences of such double scans are that network logons and backup become slower. The system administrator must make the final decision where security and network operation are two major factors to consider. When the Real-time Scanner detects viruses or other malware on network drives, it displays the locations as UNC paths (e.g. \\Server\Share\InfectedFile) and not as mapped network drives (e.g. X:\Infected file). Scan for potentially unwanted software A potentially unwanted program is software that generally is not malicious, but still is considered unwanted by the user. The potential unwanted properties can include certain features that resemble malicious and/or privacy-invasive software such as spyware, adware, and content hijacking programs. Advanced options These options include the cleaning options, the option to allow the user to disable the real-time scanner from the endpoint and the option to enable the real-time scanner. The options are described further in the following paragraphs. Cleaning options A file detected as malware is sent to quarantine. Select one of the cleaning options to alter how the antivirus application should handle quarantined files. Note that access to an infected file is denied if repair fails. Note that a file is deleted altogether if it contains nothing but malware. Attempt to repair infected files Select this option to move an infected file to quarantine and clean it automatically. A copy of the infected file is sent to quarantine, while a cleaned version is kept in its original location. Move infected files to quarantine Select this option to move an infected file to quarantine without attempt to clean it. The infected file is removed from its original location. Block access to infected files Select this option to copy an infected file to quarantine and block access to the original version of the file. Allow user to disable real-time scanner from endpoint This option allows the endpoint user to disable the real-time scanner on the endpoint. You should consider carefully before you allow users to do this, since disabling the real-time scanner may endanger the company. Users are not allowed to disable the real-time scanner by default. See also Real-time Scanner on page 31. The real-time scanner should be enabled at all times. 32
Norman Security Portal Admin Guide Policies Enable real-time scanner This option allows you to start or stop the Real-time scanner on the endpoint. If you disable the real-time scanner, a warning appears in the system tray on the endpoint, provided that the option Display graphical user interface (GUI) on endpoint is selected. Beware that disabling the Real-time scanner may endanger the company. The real-time scanner is enabled by default. See also Real-time Scanner on page 31. The real-time scanner should be enabled at all times. Manual and Scheduled Scans Install Screensaver Scanner When your computer is idle, that is, there was no activity for a while, the scanner takes advantage of the unused time frame and scans your computer. If you disrupt the screensaver, the scanner pauses and starts again the next time your computer is idle. Scan for potentially unwanted software A potentially unwanted program is software that generally is not malicious, but still is considered unwanted by the user. The potential unwanted properties can include certain features that resemble malicious and/or privacy-invasive software such as spyware, adware, and content hijacking programs. Advanced options Cleaning options A file detected as malware is sent to quarantine. Select one of the cleaning options to alter how the antivirus application should handle quarantined files. Note that access to an infected file is denied if repair fails. Note that a file is deleted altogether if it contains nothing but malware. Attempt to repair infected files Select this option to move an infected file to quarantine and clean it automatically. A copy of the infected file is sent to quarantine, while a cleaned version is kept in its original location. Move infected files to quarantine Select this option to move an infected file to quarantine without attempt to clean it. The infected file is removed from its original location. Scheduled scans Scheduled scans use the same settings as for the manual scanner. Create a schedule to run a scan on the system at regular intervals. For example, you can create a schedule to ensure consistent checks of areas that require special attention. Enter a name, select your schedule and scan type and click Schedule to confirm and save. Schedule Scans can run at a specific time every day (Daily), on a specified weekday (Weekly) or a specified day of the month (Montly). A scheduled monthly scan always runs on the last day of the month, never mind if you selected a day that is not present in all months. (E.g. Monthly on the 31st will run on the 30st for June.) 33
Norman Security Portal Admin Guide Policies Scan Type Select Scan Type according to your needs: The Quick scan covers the most important areas of your computer. The Full scan runs a complete scan of your computer. The Targeted scan allows you to specify a path to scan. All the scan types allow you to enable or disable scanning of compressed files (archives) Quarantine Files in quarantine are kept for 4 weeks and with a maximum size of quarantine of 4 GB by default. This means that if the maximum size of 4 GB is reached, the quarantine items are removed even if the 4 week period is not passed. Select another time frame and size according to you needs. Exclude paths or extensions Paths and extensions on the exclude list are not scanned. If you exclude paths or extensions it is a decision at the expense of security. We recommend that you schedule and run regularly scans of items on the exclude list. For security reasons the exclude list for the real-time scanner is limited to 50 entries. In addition to the risk the exclude list represents, it also increases the use of system resources. The more entries in the list, the more resources are used by the real-time scanner. Path or extension to exclude Enter a path or extension that you want to exclude from scanning. Apply to You can make the exclude list apply to both the Real-time Scanner and the Manual Scanner, or to one of the scanners only. Select both or which scanner you want the list to apply to. Updates and Other Advanced Options Virus definition and software updates Always update when available Select this option to allow for update whenever it is available. Custom update schedule Select this option if you want to schedule updates. Select a specific hour for when you want to allow updates to run, or select several hours to establish a time frame for when updates are allowed to run. Use Proxy settings Some networks use a proxy server to connect to the Internet. You must configure the policy proxy settings to enable endpoints to download updates. Proxy servers may require user authentication. If you select to use a proxy server you must enter the same information for proxy server log on and authentication as configured on the proxy. 34
Norman Security Portal Admin Guide Policies Configuring the proxy settings Select a policy where you need to use a proxy. Go to Updates and other advanced options Select Use proxy settings. Fill in the required information for the proxy settings. Enter the Proxy address and Proxy port for the firewall s HTTP proxy. If you have specified information for HTTP proxy in your browser, you should enter exactly the same values here. Enter a valid Proxy user name and the Proxy password. Enter the Domain name. Use distribution point A customer with many endpoints or a slow network may experience issues with the network traffic when every endpoint downloads software and definition file updates via the Internet. In order to ease the network traffic you can convert an endpoint to a distribution point that hosts updates for other endpoints and set endpoints to update via this distribution point instead of the Internet. A distribution point will only handle definition files and software packages. A direct connection from the endpoints to the portal is still needed for event messages and to retrieve policy updates. The main menu option Distribution points (#) keeps count of the distribution points and you can click this option to view a list of endpoints that are currently configured as distribution points. In case access to the distribution point fails, the endpoints will try to update via the Internet. Set up and use a distribution point Log in to your portal and do the following to set an endpoint as a distribution point and configure endpoints to update via the distribution point. 1. Set the distribution point Go to Endpoints Select (click) the endpoint that you want to use as a distribution point. On a distribution point the port 2868 TCP/UDP is automatically opened on the Windows Firewall to accept update requests from endpoints. Click the distribution point (share) icon from the page s top right-hand side menu bar. -- At the top of the page a green text bar will display for a few seconds, confirming that you have selected to change the endpoint to a distribution point. -- The endpoint s status icon will change to a share icon ( ), indicating that the endpoint is set as a distribution point. -- The endpoint will be added to the Distribution points (1) list and the digit updates to reflect the number of current distribution endpoints. At the next policy replication (which happens every 60 seconds), the endpoint will start installing the necessary components. Once installed, the endpoint will download the definition files and software packages to be shared. After an endpoint is set as a distribution point it will take several minutes to complete the download process. The amount of time will vary depending on the Internet/network speed. 35
Norman Security Portal Admin Guide Policies 2. Use the distribution point Select a policy (where you want to update via a distribution point). Select Updates and other advanced options. Select Use distribution point. Enter the distribution point s DNS name, IP-address or a system environment variable. -- Examples DNS name: dataserver.domain.local IP-address: 192.168.0.10 System variable: %avserver% Save the policy After the next policy replication (which happens every 60 seconds), the endpoints using that policy will start looking for updates at the specified distribution point. Reverting a distribution point Select Distribution points (#) from the left-hand side menu to view the complete list of distribution points, or select Endpoints from the top bar menu to view all endpoints. A share icon ( ) next to the endpoint indicates that this is a distribution point. Select (click) the distribution endpoint that you want to revert back to a regular endpoint. Click the distribution point (share) icon from the page s top right-hand side menu bar. -- A green text bar at the top displays for a few seconds, confirming that the endpoint is no longer a distribution point. -- The endpoint s status icon changes to a computer icon ( ), indicating that the endpoint is now a regular endpoint. -- The endpoint is removed from the Distribution points (0) list and the digit updates to reflect the number of current distribution endpoints. At the next policy replication (which happens every 60 seconds), the endpoint will start uninstalling the distribution point components and become a regular endpoint. If you remove a distribution point, the endpoints that are configured to update via this point will fall back to update via the Internet. Other advanced options Display GUI on endpoint To the endpoint user the antivirus software is practically invisible, except from the application icon in the system tray which opens a tiny dialog (GUI) with a few options. This option enables you to display the endpoint graphical user interface (GUI) or hide it altogether. Allow user to uninstall from endpoint Select this option to allow the endpoint user to uninstall the client software from the endpoint. This is default enabled. 36
Norman Security Portal Admin Guide Installers Installers Once you have added a new customer and created groups and policies you should generate installers for the endpoints. Installers are created in the security portal and are run on the endpoints. To run the installer you need to have administrator rights on the computer. Each installer contains an antivirus module and a framework. The framework handles the communication between the endpoint and the security portal. The installer is run on the endpoint. Once installed the endpoint software antivirus component contacts the portal via the framework. Generate installers Installers generated in the portal are 7-zip archive files which contain the necessary 32 and 64-bit.msi installers, an.ini configuration file generated on the server and a system file. Installers that you create are added to the list of installers and remain there until you delete them. You can download installers from the list as many times as you want, until they are expired. 1. Click the plus icon on the Installers menu to add a new installer. 2. Installer Name Enter a suitable name for the installer, e.g. related to the customer you create it for. 3. Expires in: x days Select for how many days the installer should be valid. Expiry is by default set to 7 days. Setting a short expiry ensures fresh installers with the most recent updates. A short expiry may also prevent illegal use of a license in case an installer configured with auto-approval falls into the hands of unauthorized people. Even if you extend the expiry date, remember that the installer is eventually outdated. We recommend that you generate new installers when you need them. Still, endpoints receive updates even if you use an old installer. 37
Norman Security Portal Admin Guide Installers 4. Installation Type Select the interactive installer type if you need to manually install the client software on the endpoint, or select the the non-interactive type for automatic installation on the endpoint. -- Interactive The endpoint user or an administrator must open and run the interactive installer from the endpoint to initiate the client software installation. Make sure that you have administrator rights on the computer where the installer is run, or else the operating system may block the file when you try to open it. -- Non-interactive A non-interactive installer extracts itself, runs and installs the client software automatically on the endpoints. Make sure that you have administrator rights on the computer where the installer is run. If you do not have the right credentials, the installation silently terminates without a warning. To run the installer you need to have administrator rights on the computer. 5. Automatic Approval Select this option to automatically move the the endpoints with the client software installed to the specified group assigned with the specified policy. If automatic approval is not selected endpoints are placed in the unapproved group. Make sure you have complete control over the endpoints when using this feature. -- Create groups and policies for the customer before you generate the installers. Select automatic approval and specify a group and a policy for the installer. Once the client software is installed, the endpoint will communicate with the portal, which automatically moves the endpoint to the group and assignes it the policy that you selected for that installer. For safety, you should always check the list of approved endpoints. See Groups on page 27 and Policies on page 30. -- Once the client software is installed, but before the endpoint is approved or assigned to a policy, it is possible to disable the real-time scanner from the endpoint. However, the policy settings applies immediately after an endpoint is approved. 6. Click Save to confirm your choices and generate the new installer. Delete installers Installers stay on the list until you delete them. Unless you want to keep the expired installers on the list for historical purposes, you should delete the ones that you do not need anymore or that have expired. Delete installers that you no longer have control over the whereabouts for, whether they are expired or not. Try to maintain a tidy list with fresh and up-to-date installers. Download and distribute installers Click an entry on the list to view details for the installer. Additional information is available from the detailed view, like checksum for the installer and a public download link. You can download the installer directly on the endpoint using the installer s public download link. Paste the url into the address field in any browser to get access to the installer and save it on the computer. Once you have created an installer you can download the file from the portal as many times as you like until expiry date. When the expiry date is passed the download symbol link deactivates and changes to the plain text Expired. 38
Norman Security Portal Admin Guide Installers Installing on endpoints Before you install client software on endpoints you should make sure there is no other antivirus product installed and that you have administrator rights on the computer. To run the installer you need to have administrator rights on the computer. Removing existing antivirus We recommend to run just one antivirus product per computer, since two or more antivirus installations may cause the computer to crash or hang. Therefore, you should remove existing antivirus from other vendors, before you install the security portal client software on the endpoints. AppRemover is a free software designed to uninstall antivirus applications from your computer. You can read more about the tool and where to download it at http://www.norman.com/inst_appremover. Use AppRemover to uninstall antivirus products from other vendors, before you install the client software on endpoints. This tool is especially useful when the network is large with antivirus from different vendors. Use the interactive client installer if you need to remove other antivirus installations. From this installer you can make necessary choices during installation, for example to launch the AppRemover. The non-interactive installer, on the other hand, is a fully automatic installer and will run through the installation procedure without interaction. Before you run the installer with AppRemover you need to set a launch parameter. AppRemover.exe, and AppRemover.html if present, launch(es) with a command line parameter, provided that AppRemover.exe is located as specified in the parameter: APPREMOVERPATH=\\Path\to\AppRemover.exe AppRemover launches only the first time the security portal client installer is run. The client installer will also check the command line parameter NORMAN_INSTALLER_EXPIRES and skip launching AppRemover. exe if the client installer has expired, or if it is impossible to determine the expiry time or date. The security portal generated installer will search for and remove any of our own antivirus products, like variants of Endpoint Protection or Security Suite. The non-interactive installer will restart the endpoint automatically after the removal, while the interactive installer follows a manual process where you go through an install wizard step by step. 39
Norman Security Portal Admin Guide Installers Executing installers After you have removed security software from other vendors (see the previous paragraph), you can run the client installer on the endpoints. The non-interactive installer extracts itself when executed, searches for and uninstalls existing Endpoint Protection (Endpoint Manager) and Security Suite products, restarts the endpoint and installs the client software. The interactive installer is extracted and executed manually. The install wizard launches and guides you through the installation. If no changes or selections are made, the default installer settings will apply. Make sure that both the.msi and the.ini files are located in the same folder when you use active directory to run the installers on endpoints. Ports 80 and 8444 must be open (egress-filtering) in the firewall/router in order for the endpoints to update and communicate with the portal. 40
Norman Security Portal Admin Guide Quarantine Quarantine The quarantine page displays the items that has been detected as malicious and sent to quarantine. From the antivirus application s policy settings you can configure how to handle such files when they are detected. See Policies on page 30. Select a filename to view more details and adminster an item, deleting, restoring or uploading it. Scroll the customer drop-down menu and select a name to view items for that customer. Virus definition files are updated on a regular basis and a malware definition can change so that items that qualify as malware is later defined as non-malware. After an update of the virus definitions which clears a quarantined file as malware, it is removed from the quarantine. This happens without user interaction and is based on the virus definitions. It is not possible to restore files from the quarantine, except from files that are cleared as mentioned above. However, it is possible to request a file upload and save the file to an external media. Popup dialog on the client When malware is detected a popup window is triggered to appear on the client computer screen, describing what was detected and action taken. Client interface - detection dialog Client interface - detection dialog with details Click the plus sign [+] to view more details about the detected item and what action has been taken. The dialog may appear with a Restart button if the antivirus application requires a restart to complete cleaning. The client side popup window makes the client user aware of the incident. If the file contains nothing but malware it is deleted from its original location altogether. The security portal policies define how the detected items are handled in terms of quarantining, deleting, and so forth. 41
Norman Security Portal Admin Guide Quarantine View all / per customer The quarantined items list displays data from all your managed customers. Select a customer name from the All customers drop-down list to view the quarantined items for that customer, or enter a letter in the quicklookup field to search by name or just scroll through the customers list that appears. Unmanaged customers do not appear on the list as they administrate the quarantine themselves. However, they can also perform item upload, restore or delete from quarantine as described in the following. Administer the quarantine At present quarantined files are administrated from the security portal. Partners administrate the quarantined items for their managed customers, while unmanaged customer handle quarantined items themselves. Select a filename entry on the quarantine list to view and manage incidents. Detailed items view Click a filename entry on the quarantined items list for details per item and incident. Select an entry that you want to restore, delete or upload and click the corresponding action button. 42
Norman Security Portal Admin Guide Quarantine Click an incident entry to view details for that item, like what actions are taken, if it has been restored or requested for upload. Pending Action, Uploaded and Restored values indicate whether an action has been taken and if it is pending or not. From the detailed page you can also restore, delete or upload an item. Action buttons The following action button icons represent the various options as described for administration of the incidents. Restore. Restore quarantined items to its original location. Select one or more filename entries on the incidents list or click a single incident to view more details, and click the restore icon. Delete. Delete quarantined items. Select one or more entries on the incidents list, or click a single incident to view more details, and click the delete icon. Upload. Upload quarantined items. Select one or more entries on the incidents list, or click a single incident to view more details, and click the upload icon. See also Requested Uploads on page 43. Print. Click this icon from any page for a printer friendly version of the page. Requested Uploads A quarantined item that you requested to be uploaded will appear on the Requested uploads list. Once the file is uploaded you can download it to an external media, like an USB stick or similar. To upload an item click a filename entry from the quarantine list, select an entry from the incidents list, and click the upload icon. If you download and open a quarantined file you expose your system to a potential risk of a malware infection, and you do so at your own risk. 43
Norman Security Portal Admin Guide Quarantine Download uploaded items Downloaded items are saved as a password protected archive file. You are prompted with a warning about the potential risk that you expose your system to malware infection when you try to open the file. Select an item from the list and click the download icon. The next dialog displays a password. You need this password to open the file after you have saved it. If you download and open a quarantined file you expose your system to a potential risk of a malware infection, and you do so at your own risk. Delete requested upload Delete items from the list when you have downloaded them, or if you do not need them to stay on the list anymore. Select one or more items from the list and click the delete icon (trash bin). Delete items Click a filename entry from the quarantine list. Select an entry that you want to delete from the incidents list and click the trash bin icon. Restore items Click a filename entry from the quarantine list. Select an entry that you want to restore from the incidents list and click the restore icon. If the item contains nothing but malware you will not be able to restore it. 44
Norman Security Portal Admin Guide License use License use This page displays data about license use, purchased licenses and upsell potential. Customers can view information about their own license, like number of endpoints in use, approved endpoints and available endpoints, via Settings > Company Information. Lead license use Endpoints This top-five list represents the customers with the highest amount of licenses in use. Upsell Potential This top-five list represents the customers with the highest negative difference between the number of purchased licenses minus the installed endpoints. This means the customer uses more licenses than purchased for, thus the customer potentially needs more licenses. Purchased Licenses This top-five list represents the customers with the highest amount of purchased licenses. License use per customer The customer list displays all your registered customers with the amount of licenses they have purchased, the amount of licenses they use, how many endpoints they have installed the client software on and the expiry date for their license. 45
Norman Security Portal Admin Guide Client interface Client interface Administration The client software installer is generated from within the security portal and run on the endpoints. The client software enables the endpoints to communicate with the portal and once approved, to receive updates. Until the endpoints are approved the default policy applies containing the minimum required security settings. First view after installation Approved and assigned a policy Disable Real-time Scanner options The above images are screenshots of the endpoint graphical user interface (GUI). The first image is captured immediately after a software installation. The second image is captured after the endpoint was approved in the security portal. The third image is from the disable real-time scanner option. Security is managed in the security portal. The endpoint user need not to interact in any way and when malware is found, it is handled from the security portal. You can also configure the portal policy to hide the user interface on the endpoints altogether. As a rule, we do not recommend allowing endpoints to disable the real-time scanner or uninstall the software, unless there is a special reason to do so. Settings The security portal policy defines what the assigned endpoints are allowed to or not. Allow user to disable the real-time scanner from endpoint This policy option is meant to cover special situations that may occur where you need to disable the real-time scanner from the endpoint. The real-time scanner can be disabled until restart or for 1 hour. If users disable the real-time scanner it will not start again until the system is restarted, or after one hour depending on what the user selected. Your system will be exposed to malware. Allow user to uninstall from the endpoint This option allows the endpoint user to uninstall the client software from the endpoint. If an endpoint user tries to uninstall the software from the endpoint without having the permission to do so because of a policy setting, he/she will receive an error message from the Windows operating system. Display GUI on endpoint This policy option hides or shows the graphical user interface (GUI) on the endpoint. If you deselect this option the endpoint graphical user interface, including the system tray application icon, becomes hidden. 46
Norman Security Portal Admin Guide Client interface Use The Administrator governs your antivirus application using policy settings in the security portal to define what you can do or not from the endpoint. The antivirus application icon (N) is placed on the system tray s (visible or) hidden icon area and represents your access point to the antivirus application menu with options. The policy you are assigned to may be configured to hide the antivirus application and icon altogether. If this is the case you will see no traces of the application. Scan your computer menu Scanning... Scanning and displaying details. Scan is paused Scan is completed Disable the real-time scanner Scan your computer Normally you will have access to scan your computer. Click Quick scan or Full scan and wait for the scanner to complete while you continue your work. Do not switch of your computer while scan is in progress, or else the process will not complete. Click the plus sign [+] in the scanner dialog to view more details. Click Pause if you want to stop the scan temporarily. Click Continue to complete the scan. When the scan has completed click Menu to finish and go back to the scan menu. Disable the Real-time scanner The real-time scanner runs in the background and is an essential antivirus component. Usually there is no need for you to stop the real-time scanner and cause a potential risk of malware infection. If you are not allowed to select this option it is most likely set via the portal policy. Uninstall the antivirus application Antivirus applications are essential to stop malware from infecting your computer. Usually, you should not be allowed to uninstall the antivirus application from the endpoint. Uninstalling should be controlled from the security portal. If you try to uninstall the application when prohibited, you will receive a warning from your computer s operating system (Windows). Screensaver scanner The security portal policy also controls your screensaver scanner. You may have noticed that a screensaver starts when your computer is idle (that is, no mouse movements or keyboard strokes) and stops again when you start using your computer. This is a combined screensaver and scanner that works to efficiently scan your computer when the resources are available. 47
Offices Norway Denmark France Germany Italy Netherlands Norway Spain Sweden Switzerland United Kingdom www.norman.com www.norman.com/dk www.norman.com/fr www.norman.com/de www.norman.com/it www.norman.com/nl www.norman.com/no www.norman.com/es www.norman.com/sv www.norman.com/ch www.norman.com/uk International Switzerland www.norman.com/ch norman contact details Norman Safeground AS PO box 43, 1324 Lysaker, Norway Office address: Strandveien 37, Lysaker Tel: 67 10 97 00 E-mail: norman@norman.com www.norman.com November 2014 Norman was aquired by AVG Technologies. We have teamed up to develop the best security software for businesses and consumers.