GFI EndPointSecurity, Add, 100-249u, 2Y, ENG
Contents
1. Q Specity the general details for this user D User name EndPointS ecurtuAdministratar Description Administrator user Email Mobile Number Computers H Multiple emails or computers can be specified by using semicolons as separator Network message alerts are sent to the computers specified mia Cancel Screenshot 106 EndPointSecurityAdministrator Properties options General tab 4 From the General tab key in the following details Account user name Account Description Email address Mobile number Computers network messages are sent to the specified computers Note More than one email address and more than one computer name IP address can be specified Separate entries with semicolons GFI EndPointSecurity 12 Alerting Options 132 Piri Lir m Na T ui a rj ar IrL Lo ili CPE Es L Pu i IN LEI LII aaa TA Tl L bk Hk at B Specify the user working hours AK C 06h 09h tah 15h 18h 2th 24h Marked time intervals are considered as work time Un marked times will be considered as outside working time a Screenshot 107 EndPointSecurityAdministrator Properties options Working Hours tab 5 Click Working Hours tab and mark the typical working hours of the user Marked time intervals are considered as working hours GFI EndPointSecurity 12 Alerting Options 133 EndPointSecurityAdministrator2. Power Users User Group name Select Users or Groups Select this object type Users Groups or Built in security principals Object Types From this location tcdomainb com Locations Enter the object names to select examples H NOTE The powe connected to the Check Namez Advanced OK Cancel Screenshot 26 Power users options 4 In the Power Users dialog Option 1 Click Add to specify the user s group s that will be set as power users for this pro tection policy and click OK Option 2 Highlight user s group s and click Remove to demote from power users and click OK To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 4 Configuring access permissions for device categories GFI EndPointSecurity enables you to set permissions by device categories to Active Directory AD users and or user groups You can do this on a policy by policy basis GFI EndPointSecurity 6 Customizing Protection Policies 60 When a device category is not set to be controlled by the particular security policy the relevant entry is disabled For more information refer to Configuring controlled device categories page 57 To configure device category access permissions for users in a protection policy 1 Click Configuration
3. 22 a 25 2 5 Navigating the Management Console 2 0 0 cece cece cee ceeeceecccccceeeeeeeettteseeees 27 2 6 Testing your installation 2 0 aaa 29 2 6 1 Test preconditions 2 00 a 29 a PAK NAA 30 2 6 3 Reverting to default settings 22 2 2 a 33 3 Achieving Results 22 22222 kaaa 34 3 1 Preventing data leaks and malware infections 2 2 2 cece cece c eee eececcccccecceeeetteeeee 34 3 2 Automating network protection _ 1 2 2 2 a 35 3 3 Monitoring network activity from a central location 2 00 a 37 4 Adding Target Computers Uu 38 4 1 Adding computers manually 2 0 00 00 00 a 38 4 2 Adding computers automatically 2222 a 39 4 3 Configuring log on credentials 222 2 c cece cece cc ceeeccccccceeceeeeeteeeeeccceeeeeeees 42 5 Managing Protection Policies 45 5 1 Creating a new protection policy 1 0 0 ccc cece ce eeeeccccccceceeeeetttteceeees 45 5 2 Assigning a Protection Policy 2 202 222 ooo ccc ccc cece ceeceecccccceeeceeeeetttnceccceeeeeees 51 5 2 1 Deploy immediately c cece cece cece ceeteececececeeeeeeeteteteeseceeeees 52 5 2 2 Scheduled policy deployment 02Q cece ccc ec ceecccccccceeceeetettteceeceeeees 53 5 2 3 Deploying policies through Active Directory 2 2 ccc cece cece e eee ceeccccceceeeeeeees 54 5 3
4. Add pemissionf5 Add local domain users groups Grant temporary access Edit controlled device categories Edit controlled ports Switch to devices view BARA K Actions EF Delete pennission s H GF Increase priority Decrease priority Properties H GH Help H E Configuring and using Protection Policies Screenshot 39 Protection Policies sub tab users view GFI EndPointSecurity 6 Customizing Protection Policies 69 4 From the left pane click Switch to devices view or Switch to users view in the Common tasks section to switch grouping of permissions by devices ports or users Note In users view you will also see any power users specified within the policy 6 8 Configuring priorities for permissions GFI EndPointSecurity enables you to prioritize any permissions assigned to Active Directory AD users and or user groups You can do this on a policy by policy basis and on a user by user basis For example for a specific user specified within a specific protection policy you may decide to give priority 1 to USB port permissions and priority 2 to CD DVD drive permissions This means that if the user connects an external CD DVD drive via the USB port to the target computer permissions for the USB port will take precedence over permissions for the CD DVD drive pa Security 5 pecily the users and groups that are allowed to access the devices blocked by this protec
5. 3 The table below describes the available options of the Add Computer s dialog Table 10 Add Computer s dialog options Key in the name IP of the target computer to add and click Add Repeat this step for each target computer o you want to add to this protection policy Click Select In the Select Computers dialog select the relevant Domain Workgroup from the drop down list and click Search Enable the required computer s and click OK GFI EndPointSecurity 4 Adding Target Computers 38 Click From Domain Specify the required computer s from within the domain workgroup where GFI End PointSecurity resides Click Import Browse to the location of the text file that contains a list of computers to be imported rote Specify ONLY one computer name IP per line 4 Click Finish 4 2 Adding computers automatically GFI EndPointSecurity enables you to search for and add new computers when they are connected to your network at specified time intervals This enables you to automatically add computers as soon as they are detected on the network Through Auto Discovery features you can configure The frequency and schedule of the searches The discovery domain workgroup to scan The policy assigned to newly discovered target computers and the logon credentials By default Auto discovery settings are set to scan the Current domain workgroup domain workgroup where GFI EndPointSecurity resides I
6. Doman work Group Remove Screenshot 11 Auto Discovery options Discovery Area tab 6 Click Discovery Area tab and select the area to be covered by auto discovery For The following domains workgroups and Entire network except click Add and key in the Domain workgroup name GFI EndPointSecurity 4 Adding Target Computers 41 Auto Discovery Auto Discovery Discover Area Actions J Specify the actions that should be performed on the discovered EI computers and the default policy to be used Use as default policy Policy VW Install agents on discovered computers Use the security contest under which the GFI EndPomtSecurity Service is running Use the logon credentials epecihted below User Name administrator Password V Send alert TRE caros Avot Screenshot 12 Auto Discovery options Actions tab 7 Click Actions tab and from the Use as default policy drop down menu select the policy you want to assign to newly discovered computers 8 Select unselect Install agents on discovered computers to enable disable auto agent deploy ment Click Yes to confirm the enabling of Automatic Protection 9 Select the logon mode that GFI EndPointSecurity uses to log on to the target computer s and deploy agents protection policies By default GFI EndPointSecurity is configured to use the logon credentials of the currently logged on user accou
7. Mo Recipients Configured Configure Screenshot 71 Alerting Options General tab 4 In the Alerting Options dialog click General tab and select any of the following alert types to send Email alerts Network messages SMS messages GFI EndPointSecurity 6 Customizing Protection Policies 97 Alerting Options Filter Specify what alerts should be sent when a security event is generated Select the alert types that should be sent ET Send email alerts to Mo Recipients Configured gee Send network message to No Recipients Configured E 18 Send SMS message to Mo Recipients Configured Select users and groups Available users groups aa EndPomtSecurityadministrat Screenshot 72 Alerting Options Configuring users and groups 5 For each alert type enabled highlight the alert type and click Configure to specify alerts recip ients Click OK GFI EndPointSecurity 6 Customizing Protection Policies 98 Alerting Options General Filter Specify bor what type of events the alerts should be sent Select the event types that should be sent V Service Events 7 la Device connected events K iz Device disconnected events E 1a Access allowed events E Access denied events Ed id Encryption events Ok Cancel Apply Screenshot 73 Alerting Options Filter tab 6 Select Filte
8. Users list User Group Name Access Read Select Users or Groups Select this object type Users Groups or Built in security principals Object Types From this location tcdomainb com Locations Enter the object names to select examples Everyone Check Names Advanced Cancel Screenshot 7 Adding users Or groups 10 Click Add and specify the user with no administrative privileges to have access to the CD DVD device category specified in this protection policy and click OK Add permissions Users Select the users groups which will have access ko the devices parts Users list User Group Name Access Read write A Everyone Back Finish Cancel Screenshot 8 Selecting permission types per user or group 11 Enable the Access Read and Write permissions and click Finish GFI EndPointSecurity 2 Installing GFI EndPointSecurity 32 To deploy the protection policy updates on to the local computer 1 From the right pane click on the top warning message to deploy the protection policy updates The view should automatically change to Status gt Deployment 2 From the Deployment History area confirm the successful completion of the update onto the local computer Re accessing a CD DVD disc Upon the assignment of user permissions the specified user with no administrative privileges should now be allowed to access CD DVD discs through CD DVD drive
9. GFI EndPointSecurity stores event logs in an SQL Server database In a large network with a lot of activity the size of the database can grow exponentially and read write performance between GFI EndPointSecurity and the database may degrade It is recommended to configure log retention settings to automatically delete old or unwanted events or even create a new database when the current one reaches a specific size Refer to the following sections for information about Maintaining the database backend Using an existing SQL Server instance GFI EndPointSecurity 3 Achieving Results 37 4 Adding Target Computers GFI EndPointSecurity enables you to specify the computers you intend to deploy agents and protection policies on Topics in this chapter 4 1 Adding computers manually lee eee cee cence cece LLALLA LLALL LaaLa Lano anaana 38 4 2 Adding computers automatically oleic ahaaa aaa aLaaa LaL LALLA LLALLA LaaLa aL anaana 39 4 3 Configuring log on credentials aoaaa aaa aaao aa aaa eee eee eee eee DALLAL Laa LaaLa aLaaa 42 4 1 Adding computers manually To manually add a target computer 1 Click Configuration tab gt Computers 2 From Common tasks click Add computer s Add Computer s xX j Select the computers you want to add to this protection policy A Computer name or IF 192 168 3 24 Computer Name Finish Screenshot 9 Adding computers manually
10. GFI Product Manual GF EndPointSecurity Administrator Guide GFI The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind either express or implied including but not limited to the implied warranties of merchantability fitness for a particular purpose and non infringement GFI Software is not liable for any damages including any consequential damages of any kind that may result from the use of this document The information is obtained from publicly available sources Though reasonable effort has been made to ensure the accuracy of the data provided GFI makes no claim promise or guarantee about the completeness accuracy frequency or adequacy of information and is not responsible for misprints out of date information or errors GFI makes no warranty express or implied and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document If you believe there are any factual errors in this document please contact us and we will review your concerns as soon as practical All product and company names herein may be trademarks of their respective owners GFI EndPointSecurity is copyright of GFI SOFTWARE Ltd 1999 2013 GFI Software Ltd All rights reserved Document Version 1 1 1 Last updated month day year 25 03 2013 Contents 1 ahdgera a LA 11 1 0 1 Terms and conv
11. Risk Assessment Statistics Status Deployment wh Statistics Monitor the device usage aggregated for all computers or select individual computers from the list below Select a computer to view its statistics All Computers Protection Status a0 15 10 5 0 12 00 AM 4 00 4M 8 00 AM 4 00 PM 8 00PM 12 00 AM Device Usage by Device Type Device Usage by Connectivity Port Tupe Allowed Blocked im Tupe Allowed Blocked H Floppy Disks 2161 2 558 F USB S CD DVD 397 7 292 Firewire co Storage Devices 223 92 1 PCMCIA Printers 0 k3 Bluetooth PDAs 0 Y Serial amp Parallel a Network Adapters o a Infrared was Modems 0 Secure Digital 5D all Imaging Devices 0 mii Internal e Human Interface Devices 1 Screenshot 80 Statistics sub tab To access the Statistics sub tab from GFI EndPointSecurity management console click Status tab gt Statistics The Statistics section contains information about GFI EndPointSecurity 8 Monitoring Device Usage Activity 106 Protection Status Device Usage by Device Type Device Usage by Connectivity Port 8 1 1 Protection Status 20 Allowed a P Blocked 10 0 12 00 AM 4 00 AM 2 00 AM 12 00 PM 4 00 PM 8 00 PM 12 00 AM Screenshot 81 Protection Status area This section graphically represents daily device usage on computers differentiating between devices that have been blocked and devices that have be
12. aoaaa aaoo aa oaao anoano anoano aao oan aa 108 AN 108 8 2 AA i OS n E CROC wnea ere Re ESO ane Ro Re 108 8 2 2 Advanced Filtering ieee cece ccc cece aaa LLALLA LLLA DLLD LAAL aa oaan 109 8 2 3 Logs Browser aaa a oo bce aa AP LG ed bees toes don a nba apa aa 110 8 2 4 Creating event queries 2 2 2 aa oaoa 00000000 a02 aa aa aD c ccc Daoa anrora nanan 111 9 Status Monitoring AA AA AA KAP 113 9 1 Risk Assessment view a 113 9 2 Statistics view oaoa ccc L bb bbb beeen 115 9 2 1 Protection Status 355 vis ono ng aa AA tn la tat tab a LL NANG na 116 9 2 2 Device Usage by Device Type 117 9 2 3 Device Usage by Connectivity Port 117 nA PAN 117 9 4 Deployment statusviewu cece cece ccc cece ee eec cece eeeeccecceeeteeceeeceeetetseeseesess 119 9 4 1 About Deployment statusview ieee cece cece ccc cee ceeececceeeteceeeeeeees 120 9 4 2 Current Deployments occ cece cece c cece ee ceeeeeecceeteeeeeeeeeetesceeseeees 121 9 4 3 Queued Deployments 0 c ccc cece eecececeeeeeceeeeeetteeeeeees 121 9 4 4 Scheduled Deployments c cece ccc c cece ce eeececcceeeceeeceecectteeeeeseeees 121 9 4 5 Deployment History u oaaao anaoa aa oaaao cece ccc eeeeceeeceeeeeecceeeesttecceeseeess 122 5 0 6 2 occie ane ee eee ee ee ee eee eee 123 10 1 GFI EndPointSecurity GFI ReportPack oie ccc eee ec oaa anana a ooann aa n 123 10 2 Generating Digest reports 123 11 Managing
13. 8 2 3 Logs Browser The Logs Browser sub tab allows you to access and browse events currently stored in the database backend GFI EndPointSecurity also includes a query builder to simplify searching for specific events With the events query builder you can create custom filters that filter events data and display only the information that you need to browse without deleting records from your database backend GFI EndPointSecurity 8 Monitoring Device Usage Activity 110 File Configure Help Discuss this wersion Status Activity Configuration Scanning Reporting General its Activity Log ilo Logs Browser ia Agent logs database 8 Events Event lupe Device Name Time E P 5 Read only access alowed TSSTcorp DYD ROM TS L3 4872010 4 02 57 PM FI Device connedivily events 8 Read only access allowed TSSTcorp DVD ROM TS L3 47872010 4 02 24 PM Gg Device connected events 7 5 Read only access alowed TSSTcorp DYD ROM TS L3 4872010 4 01 25 PM Device disconnected events T Read only access allowed TSSTcopDVD ROMTS L3 48 2010 4 01 25 PM EI E Access events 20 Full access allowed TSSTcorp DVD ROM TS L3 42872010 4 01 25 PM iy Access allowed events P E Read only access allowed Msft Virtual CDROM 4 8 2010 3 59 52 PM 5 Read only access allowed Msft Virtual CD ROM 4 5 2010 3 13 25 PM P pi Head only access allowed TSSTcorp DYO HOM TS L3 48 010 3 12 06 PM 3 4f Access denied events ou oe
14. Deployment Deployment History DateTime Computer Type Messages 4 42872010 4 52 33 PM P04 Installation The deployment was completed B 42872010 4 52 33 PM P04 Installation Installing the protection agent 1 4 6 2010 4 52 33 PM P04 Installation Installing the deployment service i 4 672010 4 52 32 PM PU Installation Copying the setup Files i 4 6 2010 4 52 37 PM P04 Installation Preparing files i 482010 4 52 32 PM P04 Installation Collecting information i 4 672010 4 52 32 PM arig Installation Checking if the computer i online 44872010 4 52 23 PM P04 Un inskallation The ur installation was completed Pde oni Aad Phd Pra In inetallatinn In inetallima Fhe nmtecthan anent a Screenshot 22 Deployment History area 2 From Deployment History confirm the successful completion of the update onto the local com puter For more information refer to Deployment status view page 119 5 3 2 Agents status Use the information displayed in the Agents Status area to determine the status of all deployment operations performed on your network target computers To view agents status 3 Click Status gt Agents Agents Status gt Computer Protection Policy Up to date Status Schedule EPO General Control es Online Last message received ak 46 2010 2 56 47 Pm 46 2070 2 53 05 PM NG P04 General Control No Update pending Online Last message received ak 4 8 2010 2 56 47 PM N A Screenshot 23 Agent s
15. The second is ko allow usage of removable devices but to monitor the activity by logging everything to the central database where it can then be accessed through the viewer or ReportCenter lt Back Finish Cancel Screenshot 18 Creating a new policy Global Permissions settings 10 From the Global Permissions dialog select the required global access permissions from Block any access to the controlled devices to block access to all selected devices ports Allow everyone to access the controlled devices to allow access to all selected devices ports If this option is selected activity monitoring will still be carried out on target computers covered by the protection policy 11 Click Next 12 Click File Type Filter and add the file types to block allow by this policy Note GFI EndPointSecurity enables you to restrict access based on file types It is also able to identify the real content of most common file types example DOC or XLS files and take the necessary actions applicable for the true file type This is most useful when file extensions are maliciously manipulated For more information refer to Configuring file type filters page 81 13 Click OK to close the File Type Filter dialog and return to the wizard 14 Click Encryption and enable configure the preferred encryption engine GFI EndPointSecurity 5 Managing Protection Policies 49 w Note In addition GFI EndPointSec
16. used 1 3 Components of GFI EndPointSecurity When you install GFI EndPointSecurity the following components are set up GFI EndPointSecurity 1 Introduction 12 gt GFI EndPointSecurity Management Console Management Console gt GFI EndPointSecurity Agent 1 3 1 GFI EndPointSecurity Management Console Through the Management Console you can Create and manage protection policies and specify which device categories and connectivity ports are to be controlled Remotely deploy protection policies and agents on to your target computers Grant temporary access to target computers to use specific devices View the device protection status of every computer that is being monitored Carry out scans on target computers to identify devices currently or previously connected Check logs and analyze what devices have been connected to every network computer Keeps track of which computers have an agent deployed and which agents need to be updated 1 3 2 GFI EndPointSecurity Agent The GFI EndPointSecurityagent is a client side service responsible for the implementation of the protection policies on target computer s This service is automatically installed on the remote network target computer after the first deployment of the relevant protection policy through the GFI EndPointSecurity management console Upon the next deployments of the same protection policy the agent will be updated and not re installed 1 4 Key Features GFI
17. 14 17 23 29 30 34 36 38 39 42 45 51 54 57 59 61 63 65 68 70 71 74 79 81 83 86 88 94 96 99 100 104 119 122 144 Q Quick Start wizard 25 29 126 S security encryption 88 supported connectivity ports 58 supported device categories 57 100 T target computer 17 22 38 51 53 100 104 117 144 147 Technical Support 148 temporary access 13 14 17 35 77 Index 154 Troubleshooter wizard 148 Troubleshooting 147 U user messages 35 138 140 V versions 11 W Web Forum 149 wizard Create Protection Policy wizard Quick Start wizard Troubleshooter wizard 25 47 148 GFI EndPointSecurity Index 155 USA CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway Suite 104 Cary NC 27513 USA Telephone 1 888 243 4329 Fax 1 919 379 3402 ussales gfi com UK AND REPUBLIC OF IRELAND Magna House 18 32 London Road Staines upon Thames Middlesex TW18 4BP UK Telephone 44 0 870 770 5370 Fax 44 0 870 770 5377 sales gfi com EUROPE MIDDLE EAST AND AFRICA GFI House San Andrea Street San Gwann SGN 1612 Malta Telephone 356 2205 2000 Fax 356 2138 2419 sales gfi com AUSTRALIA AND NEW ZEALAND 83 King William Road Unley 5061 South Australia Telephone 61 8 8273 3000 Fax 61 8 8273 3099 sales gfiap com
18. 140 13 3 Configuring GFI EndPointSecurity updates e eee ccccceeeeeeeeees 141 14 Miscellaneous ic c5921e 5g ces es ee segs et aaa NOO Gani Ob Sa sha each ice dadveueeadovesenady 143 14 1 Product licensing e cece cece cece ce eeeeteecececeeeeeeeetettteetceeeeeeees 143 14 2 Uninstalling GFI EndPointSecurity ua 143 14 2 1 Uninstalling GFI EndPointSecurityagents 20 22 c cece ccceeeeeeee 143 14 2 2 Uninstalling GFI EndPointSecurityapplication c cece eee eects 145 14 3 Product version information cc ccc cece cece cece ccccccecceeeeeceeeeecceeeeeseeeeeeeees 146 15 Troubleshooting and Support u 22 22 147 KCI CONS Lo 150 NING E E E E E EE E EE E E A E 154 Screenshot 1 Screenshot 2 Screenshot 3 Screenshot 4 Screenshot 5 Screenshot 6 Screenshot 7 Screenshot 8 Screenshot 9 Screenshot 10 Screenshot 11 Screenshot 12 Screenshot 13 Screenshot 14 Screenshot 15 Screenshot 16 Screenshot 17 Screenshot 18 Screenshot 19 Screenshot 20 Screenshot 21 Screenshot 22 Screenshot 23 Screenshot 24 Screenshot 25 Screenshot 26 Screenshot 27 Screenshot 28 Screenshot 29 Screenshot 30 Screenshot 31 Screenshot 32 Screenshot 33 Screenshot 34 Screenshot 35 Screenshot 36 Screenshot 37 Screenshot 38 List of Figures Navigating GFI EndPointSecurity user interface 0 22 2 eee eee eee cece 20 GFI EndPointSecurity installation domain a
19. Add permissions options Users 0000000000000 e cece cece eee ee cee ceeceeeeeeeeeee 67 Add permissions options Users 0000000000000 aa 0200o 0220n aoaaa ceeceeeeeeeeeee 68 Protection Policies sub tab devices View U 022222 e eee eee ee eee eee eee eee 69 Screenshot 39 Screenshot 40 Screenshot 41 Screenshot 42 Screenshot 43 Screenshot 44 Screenshot 45 Screenshot 46 Screenshot 47 Screenshot 48 Screenshot 49 Screenshot 50 Screenshot 51 Screenshot 52 Screenshot 53 Screenshot 54 Screenshot 55 Screenshot 56 Screenshot 57 Screenshot 58 Screenshot 59 Screenshot 60 Screenshot 61 Screenshot 62 Screenshot 63 Screenshot 64 Screenshot 65 Screenshot 66 Screenshot 67 Screenshot 68 Screenshot 69 Screenshot 70 Screenshot 71 Screenshot 72 Screenshot 73 Screenshot 74 Screenshot 75 Screenshot 76 Screenshot 77 Screenshot 78 Protection Policies sub tab users view e eee eee cece ee cece eee eee cece cence 69 Protection Policies sub tab Security area icc ence eee cece e cece eeeeeeeees 70 Black NISEOPUONS aka aaa pecan Se seine cae aan her gece nen 71 Select Devices options a 72 Select Devices options Select device serials 73 Select Devices options Edit Device serials 74 WHITTLE a 75 Select Devices options a 75 Select Devices options Select device serials 76 Select Devices options Ed
20. Click Configuration tab gt Options sub tab 2 From Configure select Database Backend 3 From the right pane click Change database backend Databae Eackend Settings Curent database settings is Server WIN 0B5OLEXPRE55 Database 8 EndPoint5ecurity2012R2 ser New database settings Please specify the name or IP of the machine hosting the Microsoft SQL Serwer MSDE database you want to use Server WIN O8 SQLEXPRESS Database EndPointSecunty2012R2 Use Windows authentication Use Microsoft SQL Server authentication User Password Screenshot 102 Change Database Backend 4 From the Server drop down menu select the SQL Server you want to use 5 Specify the name of the database in the Database text box 6 Select the authentication mode and specify the logon credentials if necessary 7 Click Apply and OK GFI EndPointSecurity 11 Managing the Database Backend 128 12 Alerting Options This chapter provides you with information about configuring the GFI EndPointSecurity alerting options and alerts recipients Alerting is a crucial part of GFI EndPointSecurity s operation which help you take remedial actions as soon as a threat is detected Topics in this chapter 12 1 Configuring alerting options 129 12 2 Configuring the alerts administrator account _ 22 222 occ cece cee ce eee ec cect eeeceeeeeeeees 131 12 3 Configuring alerts recipients cece cece ee eee eee cece eee e e
21. EndPointSecurity Administrator Guide contains solutions for all possible problems you may encounter If you are not able to resolve any issue please contact GFI Support for further assistance Common Issues The table below lists the most common issues which you may encounter during the initial setup and first time use of GFI EndPointSecurity and a possible solution for each Table 19 Troubleshooting Common issues Issue Possible Cause Possible Solution The com GFI EndPointSecurity management If a target computer is offline the deployment of the relevant puter is off console pings the target computer policy is rescheduled for an hour later GFI EndPointSecurity line at deployment to determine keeps trying to deploy that policy every hour until the target whether it is online and if not this computer is back online message is displayed Ensure that the target computer is switched on and connected to the network Failed to GFI EndPointSecurity was not able Ensure that your firewall settings enable communication between connect to to extract data from the registry of the target computers and the GFI EndPointSecurity server For the remote the target computer more information refer to System Requirements registry error Failed to GFI EndPointSecurity was not able For more details about the cause of the error and a possible gather to extract version related data solution refer to the system error message within the req
22. EndPointSecurity offers the following main features Table 2 GFI EndPointSecurityfeatures GFI EndPointSecurity features Group based In GFI EndPointSecurity you can configure and place computers into groups that are governed by one pro protection tection policy This allows you to configure a single protection policy and apply it to all the computers control that are members of that group Granular GFI EndPointSecurity enables you to allow or deny access to a specific device as well as to assign where access applicable full or read only privileges over every supported device e g CD DVD drives PDAs ona control user by user basis Scheduled GFI EndPointSecurity allows you to schedule the deployment of protection policies and any related con deployment figuration changes without the need to keep to the GFI EndPointSecurity management console open The deployment feature also handles failed deployments through automatic rescheduling Access Apart blocking a range of device categories GFI EndPointSecurity also allows blocking control By file type for example allow the user to read doc files but block access to all exe files By physical port all devices connected to particular physical ports for example all devices con nected to USB ports By device ID block access to a single device based on the unique Hardware ID of the device NOTE In Microsoft Windows 7 a feature called BitLocker To Go can be us
23. GFI ReportPack aa 123 10 2 Generating Digest reports ee ccc cee eee cece eee e cece eee eceeeeeeeeeeseeees 123 10 1 GFI EndPointSecurity GFI ReportPack To generate reports you need to download and install the GFI EndPointSecurity GFI ReportPack add on To download the add on visit http www gfi com endpointsecurity esecreportpack htm For more information about GFI EndPointSecurity GFI ReportPack 1 Click Reporting tab 2 From the left pane select either GFI EndPointSecurityGFl ReportPack or GFI ReportCenter Note An Internet connection is required 10 2 Generating Digest reports GFI EndPointSecurity enables you to generate Digest reports to the configured recipients Digest reports contain a summary of periodical activity statistics as detected by GFI EndPointSecurity Alert recipients are not Active Directory AD users and or user groups but are profile accounts created by GFI EndPointSecurity to hold the contact details of users intended to alerts It is best to create alert recipients prior to configuring alerts For more information refer to Configuring alerts recipients page 135 To configure Digest reports 1 Click Configuration tab gt Options sub tab 2 From Configure click Alerting Options and from the right pane click Configure the digest report GFI EndPointSecurity 10 Reporting 123 Digest Report Details Specify what alerts should be sent when
24. Introduction 20 2 Installing GFI EndPointSecurity This chapter provides you with information about preparing your network environment to successfully deploy GFI EndPointSecurity Topics in this chapter 2 1 System requirements elec cee eee ee LLALL LDAA LLDD LLDD eee ceeeeeeeeeeeeeseseeeeeeeeeees 21 2 2 Upgrading GFI EndPointSecurity 0 0 2022 i eee ee cece eee eee ence eee sees ceeeeeeeeeeees 22 2 3 Installing a new instance of GFI EndPointSecurity 22 0 0 2 eco c eee cee eee eee eee eeeeeeeeee 23 2 4 Post install configurations oaaao cece cece eee eee LLALLA LLALLA LLALLA LLALLA eeeeeeeeseeeeees 25 2 5 Navigating the Management Console 2 2 22 cece eee eee cee cece e cece cece eeeeeeeseeeceseeeeeees 27 2 6 Testing your installation o oleic cence eee aLaaa LALLA LLALL DALLAL LALLA LLa LaaLa anaa 29 2 1 System requirements Hardware requirements The table below lists the hardware requirements for GFI EndPointSecurity and GFI EndPointSecurity Agent Table 6 System requirements Hardware GFI EndPointSecurity GFI EndPointSecurity Agent Processor Minimum 2 GHz Minimum 1 GHz Recommended 2GHz Recommended 1 GHz RAM Minimum 512 MB Minimum 256 MB Recommended 1 GB Recommended 512 MB Free space Minimum 100 MB Minimum 50 MB Recommended 100 MB Recommended 50 MB Supported operating systems x64 x86 GFI EndPointSecurity and GFI EndPointSecurity Agent can
25. Messages x 12 02 2013 12 19 58 CATALYST PC Installation Failed to connect to the remote registry Attempted to perform an unauthorized i 12 02 2013 12 19 54 W710 Installation The deployment was completed i 12 02 2013 12 19 54 TCOFFICESERVER Installation The deployment was completed Pe 12 02 2013 12 19 50 KPO Installation The computer is offline Pe 12 02 2013 12 19 49 W7 11 Installation The computer is offline aye A Che dJ O FON La sir ee Pale hm Screenshot 20 Deploying a policy immediately Deployment sub tab 5 2 2 Scheduled policy deployment To schedule deployment of a protection policy 1 Click Configuration tab gt Computers 2 Highlight the required target computer s If more than one deployment is required you can high light all the required target computers at once and then deploy the policies to the selected set of target computers 3 From Actions click Schedule deployment GFI EndPointSecurity 5 Managing Protection Policies 53 5chedule deployment Es ij Schedule the deployment to start at the following date and L time Date October 2011 Time 00 07 47 aa Screenshot 21 Schedule deployment options 4 From Schedule deployment dialog select the deployment date and time and click OK w Note If the target computer is offline the deployment of the relevant policy is rescheduled for an hour later GFI EndPointSecuritykeeps trying to deploy that policy every
26. Status area 4 From Agents Status confirm the successful assignment of the correct protection policy to the target computer s and that agent deployment is up to date oO Note Each agent sends its online status to the main GFI EndPointSecurity installation at regular intervals If this data is not received by the main installation the agent is considered to be offline GFI EndPointSecurity 5 Managing Protection Policies 55 w Note If a target computer is offline the deployment of the relevant policy is rescheduled for an hour later GFI EndPointSecurity keeps trying to deploy that policy every hour until the target computer is back online For more information about the agents status area refer to the Agents status view section in the Monitoring statuses chapter GFI EndPointSecurity 5 Managing Protection Policies 56 6 Customizing Protection Policies This chapter provides you with information related to modifying the settings of your pre configured protection policies This enables you to tweak settings by time as you discover new security obstacles and possible vulnerabilities Topics in this chapter 6 1 Configuring controlled device categories cece cece cece eee eee ceeeeeeeeseeseeeee 57 6 2 Configuring controlled connectivity ports c cece cece cece ceeeeeeseeeeeereee 58 6 3 Configuring power users 59 6 4 Configuring access permissions for device categories 60 6 5 Configu
27. Verifying protection policy deployment 22 c cece cece cecccccccceceeeeeettteteceees 54 5 3 1 Deployment History naano aa oaa onno aao aa oaa Doa aa Laa oaa naonao aan 55 5 3 2 Agents status aaa 55 6 Customizing Protection Policies ccc c cece cece ecceeeecceeeeetteeeeeees 57 6 1 Configuring controlled device categories U AA cc cece cece eccecceeeeeeeeeeeee 57 6 2 Configuring controlled connectivity ports 58 6 3 Configuring power users 59 6 4 Configuring access permissions for device categories 60 6 5 Configuring access permissions for connectivity ports 0000 00 c eee e cece e eee eee 63 6 6 Configuring access permissions for specific devices _ 2 2 2 2 eee eee c eee naran 65 6 7 Viewing access permissions 2 2 cece cece cece cece LLALL LALLA ALLL LLLA LLLA LLLA L Laa Laaa 68 6 8 Configuring priorities for permissions oaao an2a aaa a Loa LaaLa aa aa naano an2a 70 6 9 Configuring device blacklist ccc cc cece aao L aa LLALLA LLALLA aa aana aan 70 6 10 Configuring device whitelist 20000000000000 a 74 6 11 Configuring temporary access privileges 7 6 11 1 Requesting temporary access for a protected computer 22222 22222 7 6 11 2 Granting temporary access to a protected computer 220 222 e cece eee 79 6 12 Configuring file type filters 81 6 13 Configuring
28. and Support 149 16 Glossary A Access permissions A set of permissions access read and write that are assigned to users and groups per device category connectivity port or a specific device Active Directory A technology that provides a variety of network services including LDAP like directory serv ices Alert recipient A GFI EndPointSecurity profile account to hold the contact details of users intended to receive e mail alerts network messages and SMS messages Alerts A set of notifications e mail alerts network messages or SMS messages that are sent to alert recipients when particular events are generated Alerts administrator account An alert recipient account that is automatically created by GFI EndPointSecurity upon instal lation Automatic discovery A GFI EndPointSecurity feature to search and discover computers that were newly connected to the network at configured scheduled times BitLocker To Go A Microsoft Windows 7 feature to protect and encrypt data on removable devices C Connectivity port An interface between computers and devices Create Protection Policy wizard A wizard to guide you in the creation and configuration of new protection policies Con figuration settings include the selection of device categories and ports to be controlled and whether to block or allow all access to them This wizard also allows the configuration of file type based filters encryption permissions as
29. be installed on a machine running any of the following operating systems Microsoft Windows Server 2012 Microsoft Windows Small Business Server 2011 Standard edition Microsoft Windows Server 2008 R2 Standard or Enterprise edition Microsoft Windows Server 2008 Standard or Enterprise edition Microsoft Windows Small Business Server 2008 Standard edition Microsoft Windows Server 2003 Standard Enterprise or Web edition Microsoft Windows Small Business Server 2003 Microsoft Windows 8 Professional or Enterprise Microsoft Windows 7 Professional Enterprise or Ultimate edition Microsoft Windows Vista Enterprise Business or Ultimate edition Microsoft Windows XP Professional Service Pack 3 GFI EndPointSecurity 2 Installing GFI EndPointSecurity 21 Agent Hardware requirements Processor 1GHz processor clock speed or better RAM 256 MB minimum 512 MB recommended Hard Disk 50 MB of available space Agent Software requirements Processor 1GHz processor clock speed or better gt RAM 256 MB minimum 512 MB recommended Hard Disk 50 MB of available space Other software components GFI EndPointSecurity requires the following software components for a fully functional deployment Microsoft Internet Explorer 5 5 or higher Microsoft NET Framework 2 0 or higher Microsoft SQL Server 2000 2005 or 2008 as the backend database Note A database backend is required for
30. built GSM SMS Server gt GFI FaxMaker SMS gateway Clickatell Email to SMS service gateway Generic SMS provides gateway 7 From the Set properties for the selected SMS system area highlight the property you want to configure and click Edit Repeat this step for each SMS system property you want to modify 8 Click Format SMS message to modify the Subject and Message as required Click Save 9 Click OK 12 2 Configuring the alerts administrator account GFI EndPointSecurity enables you to configure profile accounts to hold contact details of users intended to receive e mail alerts network messages and SMS messages Upon installation GFI EndPointSecurityautomatically creates an alerts administrator account Alert administrators are not Active Directory AD users and or user groups By default GFI EndPointSecurity automatically creates the EndPointSecurityAdministrator account for alerts purposes upon installation and sets it as a member of the EndPointSecurityAdministrators notification group To configure the GFI EndPointSecurityAdministrator account GFI EndPointSecurity 12 Alerting Options 131 1 Click Configuration tab gt Options sub tab 2 From Configure click Alerting Options gt Users sub node 3 From the right pane right click EndPointSecurityAdministrator and select Properties EndPointSecurity4dministrator Properties General Working Hours Alerts Member Of
31. computers based on settings of an assigned security policy You can create as many security policies as required and each policy can contain different settings for different authorization levels Refer to the following sections for information about Assigning protection policies Deploying policies immediately Deploying policies through Active Directory GFI EndPointSecurity 3 Achieving Results 34 3 Configure protection policy settings Configure the protection policy to block removable storage devices This prevents end users from using devices that allow them to transfer data from and to a computer Refer to the following sections for information about Viewing access permissions Configuring device blacklist 4 Configure notification alerts on attempted breach of the security policy GFI EndPointSecurity can send notifications to a single or group of recipients when an end user attempts to breach a security policy This enables you to immediately take the required actions and terminate unauthorized use of removable storage devices Refer to the following sections for information about Configuring alerts Configuring alerting options Configuring alerts recipients 5 Configure temporary access for genuine use of removable storage devices If a blocking protection policy is active GFI EndPointSecurity still enables you to temporary allow access to a device to genuinely transfer data to and from a computer Refer
32. devices and connection ports when such access is normally blocked on protected target computers for a specified duration and time window User message A message that is displayed by GFI EndPointSecurity agents on target computers when devices are accessed GFI EndPointSecurity 16 Glossary 153 17 Index A access permissions 30 33 35 49 60 63 65 68 Active Directory 12 14 34 36 50 54 59 60 63 65 68 70 81 96 123 131 135 alert recipients 35 96 135 alerts 14 16 35 51 96 118 123 129 131 135 142 alerts administrator account 35 131 135 automatic discovery 40 B BitLocker To Go 13 88 C Common Issues 147 connectivity port 51 108 117 D database backend 14 22 27 37 110 126 128 device blacklist 35 70 105 device category 31 61 68 115 Device Scan 103 device whitelist 35 74 105 digest report 123 E event logging 36 51 94 F file type filters 77 81 GFI EndPointSecurity G GFI EndPointSecurity agent application management console Temporary Access tool version 11 14 16 19 21 23 25 27 29 30 33 35 37 39 42 45 51 54 55 57 60 63 65 68 70 74 77 81 83 86 88 94 96 99 100 104 106 109 113 116 118 120 123 126 129 131 135 138 140 141 143 145 147 Glossary 150 H Human Interface Devices 18 47 58 L licensing 20 25 28 143 M msi file 54 p power users 15 26 30 33 35 59 70 protection policy 13
33. eee eeeeeees 139 Screenshot 113 Advanced Options Agent Security tab 2 02 2 lec cece cece cece ee eeeees 140 Screenshot 114 Custom Messages dialog options 2 222 2 eee eee e eee cee cece cece ee ceeeeceeeeesees 141 Screenshot 115 General tab Updates 20 2 2 l a 142 Screenshot 116 Editing license key U coco ce cece cece cece cece cece eee cee eee eeeseescecseeeeeseeees 143 Screenshot 117 Computers sub tab delete computer s 2 0 eee eee eee eee cee cece ee eeeeeeeees 144 Screenshot 118 Deployment sub tab _ 22 2222 llc e eee cece cee cece ee eeeceeeeeeeees 145 Screenshot 119 Uninstallation information message Uu 146 Screenshot 120 Specifying contact and purchase details 148 Screenshot 121 Specifying issue details and other relevant information to recreate the problen 148 Screenshot 122 Gathering machine information 0 22 22 c eee eee eee cee cee cece cee ceeeeeeeseeeees 148 Screenshot 123 Finalizing the Troubleshooter wizard 2 22 2 a 148 List of Tables Table 1 Terms and conventions used in this manual 2 222 222 e cece cece ee eee eee eee 11 Table 2 GFI EndPointSecurityfeatures a 13 Table 3 Deployment and Monitoring protection policy 2 22 2 a 15 Table 4 Deployment and Monitoring protection policy a 17 Table 5 Deployment and Monitoring protection
34. events 12 Invalid password events Device mounted events Create query Actions Edit query Delete query There 1s no event selected Help Configuring and using Logs Browser Tool O Events Screenshot 86 Logs Browser sub tab To access the Logs Browser sub tab from GFI EndPointSecurity management console click Activity tab gt Logs Browser To view more details about a particular event click on the event Additional information is displayed in the events description pane at the bottom of the sub tab 8 2 4 Creating event queries To create custom event queries 1 From GFI EndPointSecurity management console click Activity tab 2 Click Logs Browser sub tab 3 In the left pane right click Agent logs database node and select Create query GFI EndPointSecurity 8 Monitoring Device Usage Activity 111 Query Builder General I Create new queres to organize in a simpler way the collected 3 events Mame sP Oe Description Select events fors4P 4 Mot Computer Equal To XP 4 Edit Delete Clear Screenshot 87 Query Builder options 4 In the Query Builder dialog specify a name and a description for the new query 5 Click Add configure the required query condition s and click OK Repeat until all required query conditions have been specified 6 Click OK to finalize your settings The custom query is added as a sub node within Agent logs database node Note Y
35. hour until the target computer is back online 5 2 3 Deploying policies through Active Directory You can create a Windows installer package msi installation file that you can then deploy through Active Directory Group Policies across target computers in your domain To create the Windows installer package 1 Click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which you want to create the Windows installer package 3 From the right pane click Deploy through Active Directory in the Deployment section 4 Key in the File name of the msi file and browse to select the destination path 5 Click Save G Note For information on how to deploy software using Active Directory Group Policies in Microsoft Windows Server 2003 and Microsoft Windows Server 2008 refer to http support microsoft com kb 816102 5 3 Verifying protection policy deployment Once a protection policy is deployed it is recommended to verify that target computers were affected by the policy Verify if the deployment was successful from GFI EndPointSecurity 5 Managing Protection Policies 54 Deployment history area Agents status area 5 3 1 Deployment History Use the information displayed in the Deployment History area to determine whether deployment for each target computer completed successfully or whether errors were encountered To view the deployment history 1 Click Status gt
36. sub tab GFI EndPointSecurity 14 Miscellaneous 143 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Computers LA Protection Policies Options a Mit Computers amp All computers 1s Not Controlled Computers that can be controlled ere i oli Up To Date Last Update 5 12 02 2013 12 19 44 jE TCOFFIC Deployment n Ye 12 02 2013 12 19 54 Assign policy 12 02 2013 12 19 54 Move to group Set logon credentials Set description Common tasks Delete computer s Del Create new computer group Add computer s Delete computer s without uninstall Ny a i Deploy to all computers Date Time Mees Puto discovery settings 12 02 2013 16 28 37 Computer RES EUGTEST was deleted from the computers list 12 02 2013 16 28 34 Computer GFIACCEICA 8C54 was deleted from the computers list Arima 12 02 2013 16 28 29 Computer RESEARCH 21 was deleted from the computers list 4 II Deploy now 3 Computer 5 he Screenshot 117 Computers sub tab delete computer s 3 From the right pane right click target computer that you would like to uninstall and select Deleting Computer s Deleting com GFI EndPointSecurity will deploy protection policy updates and uninstalls Agent puter s with unin stallation Deleting com GFI EndPointSecurity will deploy protection policy updates and removes the r
37. the agent on to the local computer is not up to date then manually deploy the agent on to it For more information refer to the GFI Administration and Configuration Manual Ensure that the user account with no administrative privileges is not set as a power user in the General Control protection policy shipping default protection policy O Note If the user account is set as a power user then manually remove it from the power users group of the General Control protection policy shipping default protection policy For more information refer to the GFI EndPointSecurityAdministration and Configuration Manual 2 6 2 Test case Accessing a CD DVD disc Upon compliance with the previously outlined test pre conditions non administrative users are no longer allowed access to any devices or ports connected to the local computer To verify that both the device and media are inaccessible to the non administrative user 1 Log in to the local computer as the user with no administrative privileges 2 Insert the CD DVD disc in the CD DVD drive 3 From Windows Explorer locate the CD DVD drive and confirm that you are unable to view and open the contents stored on the CD DVD disc Assign permissions to user with no administrative privileges To assign CD DVD device access permissions to the user with no administrative privileges 1 Log in to the local computer as the user with administrative privileges Launch GFI EndPointSecur
38. welcome screen 2 From Risk Assessment select unselect Start a Risk Scan to enable disable the function to start a scan on your network to determine the risk level 3 Optional Click Risk scan settings and configure settings from the tabs described below GFI EndPointSecurity 2 Installing GFI EndPointSecurity 25 Table 7 Auto Discovery settings 7 Tab Scan Area Select the target area on which GFI EndPointSecurity scans the computers on the network Current domain workgroup GFI EndPointSecurity searches for new computers within the same domain workgroup where it is installed The following domains workgroups Select this option and click Add Specify the domains where GFI EndPointSecurity searches for new computers and click OK Entire network except Select this option and click Add Specify the domain workgroup that should be excluded during auto discovery and click OK IP range Select this option and click Add Specify the range of IP addresses that should be included or excluded during auto discovery and click OK Computer list Select this option and click Add Specify the domain workgroup that should be included or excluded during auto discovery and click OK Logon Cre Enable disable Logon using credentials below and specify a set of credentials that GFI dentials EndPointSecuritywill use to access computers that will be scanned Scan Device Select the device categories that GFI EndPointSe
39. well as logging and alerting options GFI EndPointSecurity 16 Glossary 150 Database backend A database used by GFI EndPointSecurity to keep an audit trail of all events generated by GFI EndPointSecurity agents deployed on target computers Deployment error messages Errors that can be encountered upon deployment of GFI EndPointSecurity agents from the GFI EndPointSecurity management console Device blacklist A list of specific devices whose usage is blocked when accessed from all the target computers covered by the protection policy Device category A group of peripherals organized in a category Device scan A GFI EndPointSecurity feature to search for all devices that are or have been connected to the scanned target computers Device whitelist A list of specific devices whose usage is allowed when accessed from all the target computers covered by the protection policy Digest report A summary report giving an account of the activity statistics as detected by GFI End PointSecurity Event logging A feature to record events related to attempts made to access devices and connection ports on target computers and service operations File type filters A set of restrictions that are assigned to users and groups per file type Filtering is based on file extension checks and real file type signature checks G GFI EndPointSecurity agent A client side service responsible for the implementation enforcement of th
40. 18 This section graphically represents all agents deployed on network computers differentiating between those currently online and offline This selection lists Target computer name and applicable protection policy The status of the GFI EndPointSecurity Agent whether currently deployed and up to date or await ing deployment The status of the target computer whether currently online or offline To deploy pending agents 1 Select one or more computers from Agents Status 2 Right click the selected computers and select Deploy selected agent s or Schedule deployment for selected agent s 3 Click OK Note If a target computer is offline deployment is differed by an hour GFI EndPointSecurity tries to deploy that policy every hour until the target computer is back online Note Each agent sends its online status to GFI EndPointSecurity at regular intervals If this data is not received by the main application the agent is considered to be offline 9 4 Deployment status view About Deployment status view Current Deployments Queued Deployments gt Scheduled Deployments Deployment History GFI EndPointSecurity 9 Status Monitoring 119 9 4 1 About Deployment status view GFI EndPointSecurity 2013 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment wll Deployment S
41. 2 19 58 CATALYST PC Installation Failed to connect to the remote registry Attempted to perform an unauthorized 12 02 2013 12 19 54 W710 Installation The deployment was completed i 12 02 2013 12 19 54 TCOFFICESERVER Installation The deployment was completed Pe 12 02 2013 12 19 50 XPI Installation The computer is offline x 12 02 2013 12 19 49 W711 Installation The computer is offline UP Mid d Tie AG LU at whi CO rs gl eons i Screenshot 118 Deployment sub tab 6 From the Deployment History area confirm the successful completion of the un installation from the target computer 14 2 2 Uninstalling GFI EndPointSecurityapplication To uninstall the GFI EndPointSecurity application o Note Run the uninstaller as a user with administrative privileges on the computer 1 From the Microsoft Windows Control Panel select Add Remove Programs or Programs and Fea tures option 2 Select GFI EndPointSecurity 3 Click Change to start the un installation of GFI EndPointSecurity application 4 Click Next at the Welcome screen to continue un installation GFI EndPointSecurity 14 Miscellaneous 145 GFT EndPointSecurity 2013 agents managed by this application were found If you continue the uninstall process then those agents will not be uninstalled and will remain orphans until another EndPointSecurity 2013 main application will take the ownership Do you want to continue Screenshot 119 Uninst
42. Administrat P 5 4 8 2010 3 08 49 PM TECHCOMSERYT WO Administrak P 35 4 8 2010 3 08 42 PM TECHCOMSERYT WO 4A dministrat 4 Access allowed User Mame W TECHCOMSERYTWON Administrator Device TS5T corp OYD ROM TS L3334 ATA Device File Path E Real File Type BA Device Information Description Channel 1 Target O Lun 0 Category CD 7 OWD System Class CDROM Connectivity Port Internal a Ewents Screenshot 84 Activity Log sub tab To access the Activity Log sub tab from GFI EndPointSecurity management console click Activity tab gt Activity Log To view more details about a particular event click on the event Additional information is displayed in the events description pane at the bottom of the sub tab To customize the Activity Log sub tab to suit your company s needs right click the header and select the columns that should be added to or removed from the view To change a column s position select the column header drag and drop it at the required position 8 2 2 Advanced Filtering This feature allows you to further filter down the device usage history logs using one or more criteria from the following set Application Path File path gt Device gt Event type GFI EndPointSecurity 8 Monitoring Device Usage Activity 109 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General ila Activity Log ilo Logs Browser Activity L
43. EE Germany ID PK Personal identity number Bund Screenshot 59 Managing templates 6 14 Configuring file options GFI EndPointSecurity enables you to specify the options required to block or allow files based on size GFI EndPointSecurity also enables you to ignore large files when checking file type and content and archived files 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which you want to specify file options restric tions 3 From the right pane click File options in the File control section GFI EndPointSecurity 6 Customizing Protection Policies 86 File Options m z Set general options used when checking accessed files lgnore files larger than C Block files larger than Files size 2 H NOTE To improve computer perfomance you can choose to ignore large files when checking file type and content Screenshot 60 File options 4 In the File options dialog select from the following options Table 13 File options User options Ignore files larger than Ignores files larger than the specified size when checking accessed files Block files larger than Blocks files larger than the specified size when checking accessed files GFI EndPointSecurity 6 Customizing Protection Policies 87 File Options m Search inside o a fo ang Maximum archive nesting level 10 Screenshot 61 Fi
44. It also enables you to encrypt devices that are not yet secured Note For more information refer to For more information refer to Customizing Protection Policies page 57 18 Configure logging and alerting options for this policy and click Next G Note For more information refer to Configuring event logging and Configuring alerts 19 Review the summary page for information about your policy and click Finish 5 2 Assigning a Protection Policy The next step is to link the relevant set of device access and connectivity port permissions to each target computer You can do this by assigning protection policies to target computers w Note Target computers can only be assigned one protection policy at a time To assign a protection policy on to a target computer 1 From the GFI EndPointSecurity management console select Configuration 2 Click Computers 3 Highlight the required target computer s G Note If assigning the same policy to more than one target computer select all the required target computers and then specify the protection policy for the selected set of target computers GFI EndPointSecurity 5 Managing Protection Policies 51 4 From the left pane click the Assign Protection Policyhyperlink in the Actions section Assign Protection Policy T Select the protection policy General Control Lk Cancel Screenshot 19 Assign Protection Policy Options 5 In the Assig
45. OK To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 17 Configuring alerts GFI EndPointSecurity can be configured to send alerts to specified recipients when particular events are generated You can configure alerts to be sent through several alerting options and also specify the types of events for which alerts are sent You can do this on a policy by policy basis Alert recipients are not Active Directory AD users and or user groups but are profile accounts created by GFI EndPointSecurity to hold the contact details of users intended to alerts It is best to create alert recipients prior to configuring alerts For more information refer to Configuring alerts recipients page 135 To specify alerting options for users in a protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 From the right pane click Alerting options in the Logging and Alerting section GFI EndPointSecurity 6 Customizing Protection Policies 96 Alerting Options Filter Specify what alerts should be sent when a security event ts generated Select the alert types that should be sent Send email alerts to No Recipients Configured E a Send network message to lt No Recipients Configured C F Send SMS message to
46. Properties Working Hours Slerts Member OF pa Specify the types of alerts this user is to receive Specify at what time and through which medium should alerts be sent to this user itis ever added to a protection policy alerting options During working Outside of working Hours Hours Email alerts Network message alerts SMS alerts FE Screenshot 108 EndPointSecurityAdministrator Properties options Alerts tab 6 Click Alerts tab and select the alerts to be sent and at what time alerts are sent EndPoint5ecurtyAdministrator Properties Alerts Member bi pA Select the notification groups bo which this user belongs Member of 3a EndPoint5 ecurityAdministrators Screenshot 109 EndPointSecurityAdministrator Properties options Member Of tab GFI EndPointSecurity 12 Alerting Options 134 7 Click Member Of tab and click Add to add the user to notification group s 8 Click Apply and OK 12 3 Configuring alerts recipients GFI EndPointSecurity enables you to configure other profile accounts apart from the default GFI EndPointSecurityAdministrator account to hold the contact details of users intended to receive e mail alerts network messages and SMS messages Alert recipients are not Active Directory AD users and or user groups but are profile accounts created by GFI EndPointSecurity to hold the contact details of users intended to alerts Creating alert recipients Editing alert recipien
47. Run Type in gpedit msc Browse to Computer Configuration gt Administrative Templates gt System gt Device Installation Under the Settings tab select the Enable option 2 3 4 5 Right click Allow remote access to the PnP interface and select Properties 6 7 Click Ok to save changes 8 Restart the computer To run a device scan GFI EndPointSecurity 7 Discovering Devices 100 1 Click Scanning tab 2 From Common tasks click Options 3 From the Options dialog select Logon Credentials tab 5 Scan Device Categories Scan Ports Specify the credentials that GFI EndPointSecunty will use to A connect to computers to be scanned By default GFI EndPoint Security performs the scan using the security context of the curently logged on user You may specify an altemate set of credentials to access the computers to be scanned Logon using credentials below User name johndoe Screenshot 74 Running a device scan Logon credentials tab 4 From the Logon Credentials tab of the Options dialog select unselect Logon using credentials below to enable disable use of alternate credentials Note If you do not specify any logon credentials GFI EndPointSecurity attempts to logon the target computer using the currently logged on user GFI EndPointSecurity 7 Discovering Devices 101 LA Select which device categories should be included in the scan Select the device categories 2CD DVD Ci St
48. TS 0k Cancel Screenshot 25 Controlled connectivity ports options 5 From the Controlled connectivity ports dialog select unselect the required connectivity ports that will be controlled by the protection policy and click OK To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 3 Configuring power users GFI EndPointSecurity enable you to specify Active Directory AD users and or user groups as power users Power users are automatically given full access to devices connected to any target computer GFI EndPointSecurity 6 Customizing Protection Policies 59 covered by a protection policy You can define sets of power users on a policy by policy basis You should exercise caution when using this feature since incorrectly specifying a user as a power user will lead to that user overriding all restrictions of the relevant protection policy To specify power users of a protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies 5 Security select the protection policy to configure 3 From the right pane click Power users in the Security section Power Users Power Users devices connected to the computers protected by this protection g Select the users to whom pou want to grant full access to the ah policy
49. a security event ts generated Select the alert types that should be sent 2 Send email alerts to EndPoint5 ecurty Administrator oes Send network message to lt No Recipients Configured Configure Screenshot 99 Digest Report options General tab 3 From the General tab of the Digest Report dialog select unselect the preferred alerting method 4 For each alert type selected click Configure to specify the user s group s to whom the alert is sent GFI EndPointSecurity 10 Reporting 124 Digest Report General FE Specify the report content and how frequent to be sent Select what to be included in the report content FI General Status ai Device Usage by Device Type Device Usage by Connectrvity Port Fy File Usage on Storage Devices Select how frequent the reports are sent O Daily Weekly O Monthly Screenshot 100 Digest Report options Details tab 5 Click Details tab to select unselect report content items to include in the digest report 6 Select the sending frequency of the report from Daily Weekly or Monthly 7 Click Apply and OK GFI EndPointSecurity 10 Reporting 125 11 Managing the Database Backend This chapter provides you information related to managing and maintaining the database where data gathered by GFI EndPointSecurity is stored After installing GFI EndPointSecurity you can choose to Download and install an instance of Microsoft SQL Server Express Edition an
50. abase GFI EndPointSecurity keeps an audit trail of these logs and provides the information in a set of dashboard views GFI EndPointSecurity s extensive dashboard views enable you to monitor network activity in real time allowing the administrator to take immediate action when a security risk is detected Configure GFI EndPointSecurity to periodically daily weekly monthly generate and send reports to IT and management staff for a full analysis view of endpoint security statuses Ej 1 Analyze network wide activity The sub tabs provided under the Status and Activity tabs enable you to monitor network activity from a central location These tabs provide you with risk assessment statistics statuses activity logs and deployment information using charts and tables Refer to the following sections for information about Analyzing risk assessment details Analyzing statistics Analyzing agent deployment details Analyzing activity logs 2 Generate reports based on activity logs generated by agents on the network GFI EndPointSecurity contains an extensive list of reports that can be used as they are or even modified to further suit your reporting requirements The ReportPack contains both technical reports for IT staff as well as executive reports for management purposes Refer to the following sections for information about Using GFI EndPointSecurity ReportPack Generating digest reports 3 Maintain the database backend
51. actor level The current encryption status on the endpoint The file type checking feature status The content checking feature status 9 2 Statistics view Use the Statistics sub tab to view the daily device activity trends and statistics for a specific computer or for all network computers GFI EndPointSecurity 9 Status Monitoring 115 GH EndPointSecurity 013 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment wl Statistics Monitor the device usage aggregated for all computers or select individual computers from the list below Select a computer to view its statistics All Computers Protection Status 20 15 10 5 0 12 00 AM 4 00 AM 8 4 00 PM 8 00 PM 12 00 AM Device Usage by Device Type Device Usage by Connectivity Port Tupe Allowed Blocked Hi Tupe Allowed Blocked lt 3 Floppy Disks 2161 2 558 F USB Si CD DVD 397 7 292 Firewire co Storage Devices 223 92 17 PCMCIA Printers o o Bluetooth PDAs gt Serial amp Parallel a Network Adapters T Infrared o Moderns Secure Digital 50 1 143 Si Imaging Devices B pi Internal 1 865 364 Human Interface Devices a II 4 I Screenshot 89 Statistics sub tab To access the Statistics sub tab from GFI EndPointSecurity management console click Status tab gt Statistics The Statistics section contains information about Protect
52. agent deployment NZA I GFI RESVM General Control No Pending agent deployment N A IR NICKATESTAUZ General Control No Pending agent deployment N A iy NICKATESTAUS General Control No Pending agent deployment N A ak mre miiectrre ts a ad Fl ll Ri nw kh et J Ma mee aeaa A EI Ffi Screenshot 93 Status sub tab This section lists Q The operational status of GFI EndPointSecurity management console service The user account under which the GFI EndPointSecurity service is running The time when the service was last started This section lists The operational status of the database server currently used by GFI EndPointSecurity The name or IP address of the database server currently used by GFI EndPointSecurity The name of the database where GFI EndPointSecurity is archiving events To modify any of the current database settings click Configure database This launches the Database Backend dialog For more information refer to Managing the Database Backend page 126 This section lists The operational status of the alerting server currently used by GFI EndPointSecurity The name or IP address of the alerting server currently used by GFI EndPointSecurity To modify any of the current alerts related settings click Configure alerting This launches the Alerting Options dialog For more information refer to Configuring alerts page 96 GFI EndPointSecurity 9 Status Monitoring 1
53. allation information message Note If any agents are still installed an information dialog is displayed asking you whether you would like to continue the agents will remain installed and orphans or stop the un installation process For more information about uninstalling agents refer to the Uninstalling GFI EndPointSecurity agents section in this chapter 5 Select Uninstall without deleting configuration files or Complete uninstall option and click Next to continue 6 Upon completion click Finish to finalize un installation 14 3 Product version information GFI Software Ltd releases product updates which can be manually or automatically downloaded from the GFI website To check if a newer version of GFI EndPointSecurity is available for download 1 Click General tab 2 From the left pane select Version Information 3 From the right pane click Check for newer version to manually check if a newer version of GFI EndPointSecurity is available Alternatively select Check for newer version at startup to auto matically check if a newer version of GFI EndPointSecurity is available for download every time the management console is launched GFI EndPointSecurity 14 Miscellaneous 146 15 Troubleshooting and Support This chapter explains how to resolve any issues encountered during installation of GFI EndPointSecurity The main sources of information available to solve these issues are This section and the rest of GFI
54. an either select a device with all its serials or else select some of the serials associated with the device Vendors list Devices list Vendors a Device description Device c lt All devices L c39 Floppy disk drive Floppy Disks vendor ID 0409 sa Generic USB Storage CFC USB Device Storage Devices Vendor ID Daec a Ca JetFlash TSS 12MIFZB 2L USB Device Storage Devices Vendor ID Deal C 23 M5 QDYD ROM CO DVD vendor ID ms eel NEC USB UFOOOx USE Device Floppy Disks Vendor ID samsung 3 SAMSUNG CD ROM SC 1454 CO DD Add New Device Screenshot 46 Select Devices options GFI EndPointSecurity 6 Customizing Protection Policies 75 5 In the Select Devices dialog enable or disable the devices to add to the whitelist from the Devices list and click Next Note If a required device is not listed click Add New Device to specify the details of the device you want to add to the whitelist and click OK Select Devices Select device serials Add to blacklist only devices with the specified serials All serials Only selected serials Device description Device category Product ID Serial c3 Floppy disk drive Floppy Disks MILE lt All serials gt lt Back Finish Cancel Screenshot 47 Select Devices options Select device serials 6 Select the required serials related option from All serials to whitelist all serial numbers of a specific device Click Finish and OK Only selecte
55. as completed Installation Installing the protection agent lnstallation Installing the deployment service Installation Copying the setup files Installation Freparing tiles Installation Collecting information Installation Checking if the computer is online Un inskallation The ur installation was completed In inetallatinn In inetallina the nmtechan anent mi ME bd This section displays an audit trail for all stages of all agent or protection policy deployments carried out by GFI EndPointSecurity The information provided includes the timestamp of each log entry the computer name deployment type and errors and information messages generated during the deployment process For more information refer to Troubleshooting and Support page 147 To remove displayed log entries right click in the Deployment History area and select Clear all messages GFI EndPointSecurity 9 Status Monitoring 122 10 Reporting The GFI EndPointSecurity GFI ReportPack is a fully fledged reporting add on to GFI EndPointSecurity This reporting package can be scheduled to automatically generate graphical IT level and management reports based on data collected by GFI EndPointSecurity giving you the ability to report on devices connected to the network device usage trends by machine or by user files copied to and from devices including actual names of files copied and much more Topics in this chapter 10 1 GFI EndPointSecurity
56. ata and intellectual property Get distracted during work hours In an attempt to control these threats organizations have started to prohibit the use of personally owned portable devices at work Best practice dictates that you must never rely on voluntary compliance and the best way to ensure complete control over portable devices is by putting technological barriers 1 2 About GFI EndPointSecurity GFI EndPointSecurity is the solution that helps you maintain data integrity by preventing unauthorized access and transfer of content to and from the following devices or connection ports USB Ports example Flash and Memory card readers pen drives Firewire ports example digital cameras Firewire card readers Wireless data connections example Bluetooth and Infrared dongles Floppy disk drives internal and external Optical drives example CD DVD Magneto Optical drives internal and external Removable USB hard disk drives Other drives such as Zip drives and tape drives internal and external Through its technology GFI EndPointSecurity enables you to allow or deny access and to assign full or read only privileges to Devices example CD DVD drives PDAs Local or Active Directory users user groups With GFI EndPointSecurity you can also record the activity of all devices or connection ports being used on your target computers including the date time of usage and by whom the devices were
57. ates automatically When the application starts up Installation Install updates automatically Notifications Show messages in the application Send alerts to the GFI EndPointSecunty Administrator user Check for updates 3 From the right pane configure the options described below Table 18 Update options Check for updates auto matically Install updates automatically Show messages in the appli cation Send alerts to the GFI End PointSecurityAdministrator user Check for updates GFI EndPointSecurity Connect to the GFI update servers and download product updates automatically Select When the application starts up or specify a day and time when to check and download updates If an update is found GFI EndPointSecurity will download and install the update auto matically If an update is found and installed a message is displayed in GFI EndPointSecurity application Once an update is downloaded and installed an email message is sent to the GFI End PointSecurity Administrator For more information refer to Configuring the alerts administrator account page 131 Click the link to instantly run the GFI EndPointSecurity updates engine download and install any missing updates 13 Configuring GFI EndPointSecurity 142 14 Miscellaneous The miscellaneous chapter gathers all the other information that falls outside the initial configuration of GFI EndPointSecurity Topics in this chapter 14 1 Produ
58. atus i e whether the computer is included in a GFI EndPointSecurity protection pol icy Total number of devices currently and historically connected Number of devices currently connected If a scanned target computer is not included in any GFI EndPointSecurity protection policy you can choose to deploy a protection policy to the computer To do this 1 Right click on the relevant computer name IP address under Computer column and select Deploy agent s 2 Select the protection policy to deploy Click Next to continue and Finish to start deployment 7 2 2 Devices list Devices lis Device Name Device Description Connected Device Category Connection Port Vendor ID Floppy disk drive Tes Floppy Disks Internal cs Matt Virtual CDROM Yes CD 7 DVD Internal matt Screenshot 78 Devices list area This section displays a detailed list of discovered devices for every scanned computer including Device name description and category Connectivity port Connection status i e whether the device is currently connected or not 7 3 Adding discovered devices to the database You can select one or more of the discovered devices from the Devices list and add them to the devices database These devices are then retrieved from this database whenGFI EndPointSecurity GFI EndPointSecurity 7 Discovering Devices 104 lists the devices currently connected to the target computers for the blacklist and whitelist For informati
59. central database is not configured no logging will be made Screenshot 69 Logging Options General tab 4 In the Logging Options dialog click General tab 5 Enable or disable the locations where to store events generated by this protection policy Log events to the you can view events through the Windows Event Viewer of every target computer or through GFI Windows Security EventsManager after they are collected in a central location Event Log Log events to the you can view the events within the Logs Browser sub tab in the GFI EndPointSecurity management central database console This option requires the configuration of a central database For more information refer to Managing the Database Backend page 126 If both options are enabled then the same data is logged in both locations GFI EndPointSecurity 6 Customizing Protection Policies 95 Logging Options General Filter ial Please specity the event types that should be logged Select what events should be logged on the computers contained in this protection policy a Service events E Device connected events 12 Device disconnected events ia Access allowed events la Access denied events P Encryption events Fd dq OK Cancel Screenshot 70 Logging Options Filter tab 6 Select Filter tab and select any of the following event types to log by this protection policy Click
60. ck Save Alerting Options Email Network EA af Specify the network settings to use when sending network alerts Specify the network message settings to use when sending net send alerts to the computers used by the administrators of the machines which triggered any monitoring alerts Format network message Network messages can be sent to both computers and users In the case of users the user must be logged on so as to successtully receive the message For both computers and users the messenger service must be enabled and started 0k Cancel Apply Screenshot 104 Alerting Options Network tab 5 Click Network tab 5 Format network message to edit the network message Click Save GFI EndPointSecurity 12 Alerting Options 130 Alerting Options Email Network 55 kaa Specify settings for available SMS systems through which 5 M5 alerts will be sent Select SMS In built GSM SMS Server Set properties for the selected SMS system Property Service Center Nu COM Port Baud Fate Initialization String Optional settings Format SMS message 0k Cancel Apply Screenshot 105 Alerting Options SMS tab 6 Click SMS tab and from the Select SMS drop down menu select the SMS gateway you want to use Supported SMS systems include gt n
61. content awareness cece cece cece cece ee eceeceeeececeeeteceeeetteeseees 83 6 13 1 Managing content awareness options 83 6 13 2 Managing template options e eee ceccccccceeeeeeteeteeeeeeees 85 6 14 Configuring file options LL e cece cece eee cceeeeeteeececeeeecseeeseteees 86 6 15 Configuring security encryption _ 2 200 c cece LLALLA DLLD LAAL aa oaa aan a 88 6 15 1 Configuring Microsoft BitLocker To Go devices 88 6 15 2 Configuring Volume Encryption oo c cece cece cece cece Laa aaa aana anaana 90 6 16 Configuring event logging 94 6 17 AN 96 6 18 Setting a policy as the default policy c cece ccccceceeteteeceees 99 7 DISCOVEFING DEVICES osetin abad AG atest Aba ana Ga BG BB Sect nati sna PA ba donee 100 7 1 Running a device scan cece aa oaao aa cece ce eeeteeeececeeeeceeeeetttecccccceeeeeeesenes 100 7 2 Analyzing device scan results 1100 0 cece ccc cece cece LaaLa DLADLA LLLA LLLA LL aa nanona 103 Ta BA COMDUCET S ev akma a OD AGE ga a aata aa Oe nT 104 7 2 2 DEVICES N E A e ES 104 7 3 Adding discovered devices to the database 0 000000000 0000000000 e ec cccccceeeeeeeeees 104 8 Monitoring Device Usage Activity cec ee cece cece 0a 2o22 2222an 106 S CS AA 106 8 1 1 Protection Status 2 20000 clic cece ccc eee aa 107 8 1 2 Device Usage by DeviceType oii c cece cece eceeeecceceeecceeeeeesees 107 8 1 3 Device Usage by ConnectivityPort
62. creenshot 42 Select Devices options 5 In the Select Devices dialog enable or disable the devices to add to the blacklist from the Devices list and click Next Note If a required device is not listed click Add New Device to specify the details of the device you want to add to the blacklist and click OK GFI EndPointSecurity 6 Customizing Protection Policies 72 Select Devices Select device serials Add to blacklist only devices with the specified serials All serials Only selected serials Device description Device category Product ID Serial c3 Floppy disk drive Floppy Disks MG cell serials gt lt Back Cancel Screenshot 43 Select Devices options Select device serials 6 Select the required serials related option from All serials to blacklist all serial numbers of a specific device Click Finish and OK Only selected serials to specify particular device serial number s to be added to the blacklist Next highlight the device and click Edit to specify the serial number s Click OK Finish and OK GFI EndPointSecurity 6 Customizing Protection Policies 73 Select Devices Select device serials Add to blacklist only devices with the specified serials All serials Only selected serials Product ID Serial 228 Floppy disk drive Floppy Edit Device serials 5 Floppy disk drive Custom serial Select the senals Mf Daec3260000001 a00 Devic
63. ct licensing cece eee eee e cee eee cee e cece seen eeesseeeeeeseenseenees 143 14 2 Uninstalling GFI EndPointSecurity 2 22 0222 o eee cece cence eee eect cece e eee eeceeseeeeeeeeee 143 14 3 Product version information 146 14 1 Product licensing After installing GFI EndPointSecurity you can enter your license key without re installing or re configuring the application To enter your license key 1 Click General tab 2 From the left pane select Licensing Screenshot 116 Editing license key 3 From the right pane click Edit 4 In the License Key text box key in the license key provided by GFI Software Ltd 5 Click OK to apply the license key 14 2 Uninstalling GFI EndPointSecurity GFI EndPointSecurityenables you to easily uninstall both the GFI EndPointSecurity agents and the GFI EndPointSecurity application This chapter covers the following topics Uninstalling GFI EndpointSecurity agents Uninstalling GFI EndpointSecurity application 4 Warning GFI EndPointSecurity agents are not uninstalled automatically during the un installation of the GFI EndPointSecurity application It is best that first you uninstall the GFI EndPointSecurity agents and next the GFI EndPointSecurity application 14 2 1 Uninstalling GFI EndPointSecurityagents To uninstall a GFI EndPointSecurityagent 1 From the GFI EndPointSecurity management console click Configuration tab 2 Click Computers
64. ctivity tab to monitor device usage across the network and logged events for a specific computer or for all network computers The Activity section contains information about Activity Log Advanced Filtering Logs Browser Creating event queries 8 2 1 Activity Log This sub tab allows you to monitor the devices in use on the network Select the computer and or user from the relevant drop down lists to filter the Activity Log list by computer and or by user In addition this tab allows you to further filter down the list by the provided time filters GFI EndPointSecurity 8 Monitoring Device Usage Activity 108 GFI EndPointSecurity 2013 uy 5 5 58B Wa File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General ita Activity Log Ha Logs Browser 5 O Activity Log Monitor the use of devices across the network Select or type the computer name Select or type the user name Timetrame All Computers w All Users Advanced filtering Time Description 5 4 8 2010 4 02 24 PM TECHCOMSERYT WO Administrat 35 4 8 2010 4 01 28 PM TECHCOMSERYT WO Administrak 5 47872010 4 01 25 PM TECHCOMSERYT WO Administrak P 5 47872010 4 01 25 PM TECHCOMSERYT WO Administrat P pi 44872010 3 53 57 PM TCOOMAINA administrator on com pi 4072010 3 12 28 PM TCDOMAINA administrator on com 35 4 8 2010 3 12 06 PM TECHCOMSERYT WO AA dmintstrak P 5 4 8 2010 3 12 02 PM TECHCOMSERYT WO
65. curitywill include in the scan Categories Scan ports Select the device connection ports that GFI EndPointSecuritywill include in the scan Click Apply and OK to close the Risk Assessment dialog and click Next at the Quick Start Wizard From Auto Discovery select unselect Enable Auto Discovery to turn on off auto discovery When Auto Discovery is enabled GFI EndPointSecurity periodically scans your network for new computers Select unselect Install agents on discovered computers to turn on off automatic deployment of GFI EndPointSecurity Agents on newly discovered computers Optional Click Auto discovery settings and configure settings from the tabs described below Table 8 Auto Discovery settings 10 11 Tab Auto Dis Enable disable auto discovery and configure a schedule when GFI EndPointSecurity scans your network for covery new computers Discovery Select where GFI EndPointSecurity searches for new computers Select from Area Current domain workgroup GFI EndPointSecurity searches for new computers within the same domain workgroup where it is installed The following domains workgroups Select this option and click Add Specify the domains where GFI EndPointSecurity searches for new computers and click OK Entire network except Select this option and click Add Specify the domain workgroup that should be excluded during auto discovery and click OK Actions Configure the actions taken by GFI EndPointSecur
66. d ab Secure Digital 50 e Internal lt Back Ned Cancel Screenshot 52 Grant temporary access options Device categories and connection ports 5 Enable the required device categories and or connection ports from the list to which you will be granting temporary access and click Next Grant temporary access Time restrictions Specify the time restrictions For this temporary unlock The code will unlock the usage of devices For The unlock code can be activated only in the Following interval di 812010 w 5 36 48 PM 2 4 812010 s 6 36 46 PM Wote The unlock key can t be activated outside the interval specified above lt Back Med Cancel Screenshot 53 Grant temporary access options Time restrictions 6 Specify the duration during which access is allowed and the validity period of the unlock code and click Next GFI EndPointSecurity 6 Customizing Protection Policies 80 7 Take note of the Unlock code generated Communicate the code to the user requesting tem porary access and click Finish 6 12 Configuring file type filters GFI EndPointSecurity enables you to specify file type restrictions on files such as DOC or XLS files being copied to from allowed devices You can apply these restrictions to Active Directory AD users and or user groups You can do this on a policy by policy basis Filtering is based on file extension checks and real file type signature checks Real f
67. d serials to specify that only particular device serial number s are to be added to the whitelist Next highlight the device and click Edit to select the serial number s to white list Click OK Finish and OK GFI EndPointSecurity 6 Customizing Protection Policies 76 Select Devices Select device serials Add to blacklist only devices with the specified serials CO All serials Only selected serials Product ID Serial 228 Floppy disk drive Floppy Edit Device serials 5 Floppy disk drive Custom eral Select the serials Qaecs2Z 60000001 a00 Device description Device category Screenshot 48 Select Devices options Edit Device serials To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 11 Configuring temporary access privileges GFI EndPointSecurity enables you to grant temporary access to users This enables them to access devices and connection ports on protected target computers for a specified duration time window You can do this on a policy by policy basis When temporary access is granted any permissions and settings e g file type filters set in the protection policy applicable for the target computer are temporarily overridden For more information refer to How GFI EndPointSecurityworks Temporary Access page 17 m Requestin
68. d to automatically create a database for GFI EndPointSecurity This can be done through the Quick Start wizard Connect to an available Microsoft SQL Server instance and connect to an existing database or else create a new one This can be done through the Quick Start wizard the General Status or the Options sub tabs Topics in this chapter 11 1 Maintaining the database backend i eee cece eee eee cece eee aLaaa anaana oaan naa 126 11 2 Using an existing SQL Server instance ieee eee eee eee eee ee eee eee eee ceeeeeeeeseeeees 128 11 1 Maintaining the database backend Periodical database maintenance is essential in order to prevent your database backend from growing too much GFI EndPointSecurity provides you with the facility to configure parameters that automatically maintain your database backend To configure database backend maintenance 1 Click Configuration tab gt Options sub tab 2 From Configure select Database Backend 3 From the right pane click Database maintenance GFI EndPointSecurity 11 Managing the Database Backend 126 Maintenance Maintenance z IF pou need to limit the size of the database backend you can select to delete events penodically Configure how often you want to delete events from the backend database to limit its size Database maintenance options Never delete events Backup events older than the specified period Delete events older than t
69. dPointSecurity 6 Customizing Protection Policies 65 1 Click Configuration tab gt Protection Policies From Protection Policies 5 Security select the protection policy to configure Click Security sub node A U N From the left pane click Add permission s in the Common tasks section Add permissions Control entities Specify For which type of item do you want to setup the permissions For Add permissions For Device categories e g Floppy disks Storage devices Connectivity ports e g USB Firewire z Back Cancel Screenshot 34 Add permissions options Control entities 5 In the Add permissions dialog select Specific devices and click Next GFI EndPointSecurity 6 Customizing Protection Policies 66 Add permissions Specific devices Select the devices For which to setup the permissions Vendors list Devices list Vendors Device description lt All devices gt Floppy disk drive Vendor ID samsung a Generic USE Storage CFC USE Device Vendor ID ms ee JetFlash 1551 MJP2B L USB Device Vendor ID Deal0 ams CIDVD ROM Vendor ID Daec L ee NEC USB UFOOOs USE Device vendor ID 0409 F SAMSUNG CD ROM SC 1464 Screenshot 35 Add permissions options Specific devices 6 Enable or disable the required devices from the Devices list for which to configure permissions and click Next If a required device is not listed click Add New Device to specify the details of t
70. devices such as iPods USB devices and smartphones has increased the risk of deliberate and or unintentional data leaks and other malicious activity It is very simple for an employee to copy large amounts of sensitive data onto an iPod or USB stick or to introduce malicious and illegal software onto your network through these devices GFI EndPointSecurityquickly and easily helps you combat these critical threats without needing to lock down all ports and disturbing your daily operations Topics in this chapter Tel acl En Ce Al NAA 11 1 2 About GFI EndPointSecurity 02 02 2 eee aoaaa a LaaLa aLa LLa eee eee DALALDALA DALLAL oaaao aLa aaa 12 1 3 Components of GFI EndPointSecurity coe cece cece ee cee cece cece eee ceeeeceeseeeesseeeeeees 12 1 4 Key Features cece cece eee cece eee e cece cee eens eee e eee ceeeeeeeeeeeseeseeeseerteenees 13 1 5 How GFI EndPointSecurity works Deployment and Monitoring 22 22 eee cece cece eeeee 14 1 6 How GFI EndPointSecurity works Device ACCESS ee eee eee cee cece e cece cee ceeceecceeseeseees 16 1 7 How GFI EndPointSecurityworks Temporary Access 17 1 8 Supported device categories 18 1 9 Supported connectivity ports 19 1 10 Navigating the Management Console 2 22 c occ cece cece cee cece cece cece ce eceeecceeeeeeeee 19 1 0 1 Terms and conventions used in this guide Table 1 Terms and conventions used in this manual O Additional infor
71. dministrator account setup 2 2 24 GFI EndPointSecurity installation license key details 24 Navigating GFI EndPointSecurity user interface 0 0 0 22 2 e eee eee eee 28 Selecting control entities 31 Selecting device categories to assign permissions _ 2 22 22 cece eee cee cee cece ec eeceeeeees 31 Adding users Or groups 2 a 32 Selecting permission types per user Or groyp _ 22 222 eee eee ee eee eee cece eee eeeeeeeees 32 Adding computers manually 2 2 222 22 e eee eee eee cece cece cece ee ceeeecceeeeeerseeees 38 Auto Discovery options Auto Discovery tab e eee ee eee eee cee cece cee eeeeeee 40 Auto Discovery options Discovery Area tab 022 222 eee eee eee cee cece cee eeeeeee 41 Auto Discovery options Actions tab _ 0 2 22 lice e cece cece cece eee eceeeeceeeeees 42 Logon Credentials dialog options _ 2 22 22 l eee eee cece eee cece eee e cece cece ceeeeeeeeeees 43 Creating a new policy General settings 45 Creating a new policy Controlled Categories and Ports settings 46 Controlled Device Categories options AA 47 Controlled connectivity ports options a 48 Creating a new policy Global Permissions settings 22 2 22222 e eee eee eee cece eee 49 Assign Protection Policy Options 022 222 cece eee cece cence eee e cee ceeeeeeeeeeeees 52 Deploying a policy i
72. duce your data leakage risk level Computer Name Status m ENDPOINT Unprotected TCOFFICESER VER Unprotected Protect computers Show scan details rr A N W710 Unprotected 7 k W7 07 Protected ARIELLETESTOS Offline CATALYST PC Offine EUGENIA TEST Dffline ng GFI CCEICA78C54 Offline Summary of last assessment Protected by GFI EndPointSecurity IL GFI RESDUAL Offline iL GFI RESVM Offline Time 30 01 2013 10 59 MiA 75 00 95 in Target o Current Domain Worl baat F ro t EC te d i 6 2 5 ii bl G NICKATEST ALI 5 O Hiline Successful scans 4 RESEARCH O1 Offline Protected endpoints 1 i RESEARCH V5 Offline Unprotected endpoints 3 I RES EUGTEST Offine Devices discovered View device usage statistics Device Threat Level Device Usage 6 Selected endpoint details O Low 83 33 36 Floppy Disks W7 07 Protected Risk level Medium Co Medium 13 04 CD DVD Risk factors 7 A High 3 62 Storage Devices High threat devices found Control device Printers i i PDA Devices Encryption disabled Enable Network Adapters File type checking Enable Modems faked chechi pi a Imaging Devices Enable Human Interface Devices Other Devices NICKATESTAL2 Offline a a a pa aaa aa GG AE Screenshot 88 Risk Assessment sub tab To access the Risk Assessment sub tab from GFI EndPointSecurity management console click Status tab 5 Risk Assessment Description This section shows The gauge show
73. e Directory or other deployment deployment options An MSI file will contain all the security settings configured in a particular protection policy through MSI Agent Agent management functions such as update and un install are protected by a user configurable pass management word This means that any other GFI EndPointSecurity instances will not have access to the agent man password agement options Device The GFI EndPointSecurity engine can be used to scan and detect the presence of devices on the net discovery work even on computers that are not assigned any protection policy The information gathered about detected devices can then be used to build security policies and assign access rights for specific devices Logs An in built tool allows the administrator to browse logs of user activity and device usage that is detected browser by GFI EndPointSecurity Alerting GFI EndPointSecurity allows you to configure e mail alerts network messages and SMS messages that can be sent to specified recipients when devices are connected or disconnected when device access is allowed or blocked and upon service generated events Custom When users are blocked from using devices they are shown popup messages explaining the reasons why messages the device was blocked GFI EndPointSecurity allows the customization of these messages Database To maintain the size of the database backend GFI EndPointSecurity can be set to backup or delete maintenance ev
74. e description Device category Screenshot 44 Select Devices options Edit Device serials To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 10 Configuring device whitelist GFI EndPointSecurity enables you to specify which device s can be accessed by everyone The whitelist is granular so you can even whitelist a specific device with a specific serial number You can do this on a policy by policy basis For an updated list of devices currently connected to the target computers run a device scan and add the discovered devices to the devices database prior to configuring whitelisted devices For more information refer to Discovering Devices page 100 To add whitelist devices to a protection policy 1 Click Configuration tab 5 Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 From the right pane click Devices WhiteList in the General Control section GFI EndPointSecurity 6 Customizing Protection Policies 74 white list n ng Specify which are the devices that should be accessible to a everone Devices list Device Description Device category Product Remove Screenshot 45 White list options 4 In the Whitelist dialog click Add to select devices to add to the whitelist Select Devices Select Devices 7 You c
75. e protection pol icies on the target computer s GFI EndPointSecurity 16 Glossary 151 GFI EndPointSecurity application A server side security application that aids in maintaining data integrity by preventing unauthorized access and transfer of content to and from devices and connection ports GFI EndPointSecurity management console The user interface of the GFI EndPointSecurity server side application GFI EndPointSecurity Temporary Access tool A tool which is available on the target computers It is used by the user to generate a request code and later to enter the unlock code in order to activate the temporary access once it is granted by the administrator Upon activation the user will have access to devices and con nection ports when such access is normally blocked on his protected target computer for the specified duration and time window Global permissions A Create Protection Policy wizard step that prompts the user to either block or else to allow access to all devices falling in a category or which are connected to a port of the target com puters covered by the protection policy GPO See Group Policy Objects Group Policy Objects An Active Directory centralized management and configuration system that controls what users can and cannot do on a computer network Human Interface Devices A specification that is part of the universal serial bus USB standard for a class of peripheral devices These devices suc
76. e the scan is complete Use the Scanning tab to scan target computers and discover connected devices By default GFI EndPointSecurity scans all supported device categories and connectivity ports A discovered target computer can be any computer on the network and may not be included in any GFI EndPointSecurity protection policy The device scan must be executed under an account that has administrative privileges over the target computer s Topics in this chapter 7 1 Running a device scan a 100 7 2 Analyzing device scan results ccuscccascacecinaceuuveredancenscesdsendiiee gatas tae ciebancegucsaseewnenaeendeas 103 7 3 Adding discovered devices to the database 0 0 0 cece cece cece ccecececeeeceecceeceeees 104 7 1 Running a device scan Running a device scan is essential in order to discover new devices GFI EndPointSecurity enables you to search for new devices that are connected to your target computer This enables you to add new devices as soon as they are detected on it G Note A new security policy has been introduced in Microsoft Vista Microsoft Windows 7 and Microsoft Windows 2008 which needs to be enabled in order for the GFI EndPointSecurity device scanner to enumerate the physical devices located on the machine To enable remote access to the Plug and play interface 1 Logon to the Microsoft Windows Vista 7 or Server 2008 computer with administrative privileges Click Start 5
77. ected to target computers protected by this policy To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 2 Configuring controlled connectivity ports GFI EndPointSecurity enables you to select which supported connectivity ports should be controlled or not by a protection policy You can do this on a policy by policy basis GFI EndPointSecurity 6 Customizing Protection Policies 58 w Note Unspecified ports will be fully accessible from the target computers covered by the protection policy As a result GFI EndPointSecurity cannot monitor and block devices connected to a port that is not controlled by the protection policy To configure which ports will be controlled by a specific protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 Click Security 4 From Common tasks click Edit controlled ports Controlled connectivity ports Controlled connectivity ports a Select which connectivity ports should be controlled by this mag ECWrky policy Devices list v USB I Firewire NG PCMCIA Fi EJ Bluetooth 2 Serial amp Parallel T Infrared B Secure Digital SD E Internal NOTE 4 non controlled connectivity port is fully accessible by all LIS
78. ed to protect and encrypt data on removable devices GFI EndPointSecurity performs checks on real file types encrypted with Windows 7 BitLocker To Go Device The administrator can define a list of specific devices that are permanently allowed and others that are whitelist permanently banned and blacklist GFI EndPointSecurity 1 Introduction 13 GFI EndPointSecurity features Power users The administrator can specify users or groups who would always have full access to devices that are otherwise blocked by GFI EndPointSecurity Temporary The administrator is able to grant temporary access to a device or group of devices on a particular com access puter This feature allows the administrator to generate an unlock code that the end user can use to obtain a time limited access to a particular device or port even when the GFI EndPointSecurity agent is not connected to the network Status The dashboard s user interface shows the statuses of live and deployed agents database and alerting dashboard servers the GFI EndPointSecurity service as well as statistical data with charts The main application keeps track of the live agent status by communicating with its deployed agents Maintenance tasks are performed automatically once an agent goes online Active From the GFI EndPointSecurity management console it is possible to generate MSI files that can be later Directory deployed using the Group Policy Object GPO feature within the Activ
79. ee e cence ceeseeeseeseeseeees 135 12 4 Configuring groups of alert recipients 02 22 22 eee eee eee eee eee cece aa anoano naa 135 12 1 Configuring alerting options GFI EndPointSecurity allows you configure the following alerting options The mail server settings sender details and email message that are used when email alerts The network message to use when sending network alerts The SMS gateway and SMS message that is used when sending SMS alerts To configure alerting options 1 Click Configuration tab gt Options sub tab 2 From Configure right click Alerting Options node and select Edit alerting options Alerting Options Email N etwork 5 F Sal j Speci the mail server settings to use when sending email alerts Specify one or more mail servers to use when sending email alerts in order of priority The alternative mall servers will only be used when mail servers with higher priority cannot be contacted or return errors Add Remove Format Email Message ok Cancel Appl Screenshot 103 Alerting Options Email tab GFI EndPointSecurity 12 Alerting Options 129 3 From Email tab click Add to specify your mail server settings Click OK to close the Mail server properties dialog 4 To edit the email message click Format Email Message modify the Subject and Message fields as required and cli
80. egory or connectivity port is not set to be controlled by the particular security policy the relevant permission is disabled For more information refer to Configuring controlled device categories or Configuring controlled connectivity ports To view all permissions assigned to users in a protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 Click Security In the right pane you can view all the set permissions for this protection policy GFI EndPointSecurity 6 Customizing Protection Policies 68 GFI EndPointSecurity 2013 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General X Computers 5 Protection Policies Options Protection Policies i A The protection policy updates are not yet applied on all computers Click here to deploy the protection policy updates CTRL D Ef General Control i Security amp Security g Policy T oem Specify the users and groups that are allowed to access the devices blocked by this protection policy El 22 Users Floppy Disks CD DVD iar Storage Devices A Printers Common tasks PDA Devices Pr E Network Adapters pemissionls Mod Add local domain users groups am NO Grant temporary access Edit controlled device categories Edit controlled ports Switch to devices view Full Access Full Access Full Access Fu
81. elevant computer entry puter s from the Computers list However it leaves the agent installed on the target computer This is useful in without unin the event that the target computer was removed from the network and GFI End stallation PointSecurityapplication is unable to connect to it to uninstall the agent 4 Click Yes to confirm the deletion of the selected computer from the list 5 From the right pane click on the top warning message to deploy the protection policy updates The view should automatically change to Status gt Deployment GFI EndPointSecurity 14 Miscellaneous 144 T GF End PointSecurity 2013 Sea File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment wll Deployment Status Monitor the progress of current protection agent deployments You can also check which deployments are scheduled and go through the deployment history log Current Deployments z Queued Deployrnents Computer Progress Type Computer Type W7_07 75 Installation There are no items to show in this view Scheduled Deployments Computer Deploy on Type IU GFI CCE1CA78C54 12 02 2013 13 19 42 Installation O LANGUARDW8 12 02 2013 13 19 48 Installation II W711 12 02 2013 13 19 45 Installation WA XPO1 12 02 2013 13 19 50 Installation r Deployment History Date Time Computer Type Messages x 12 02 2013 1
82. en allowed by the agents The information provided can be filtered for a specific computer or for all network computers 8 1 2 Device Usage by Device Type Device Usage by Device Type at st ssti i s O C CRC Type Allowed Blocked Total Count c29 Floppy Disks 2 98 90 ca CD DVD 2 161 397 2 5000 co storage Devices 1 939 5 353 292 Ham Printers 11 p 16 i PDAs 10 7 17 E Network Adapters 16 13 23 aa Modems 6 5 11 80 Imaging Devices z Hi 12 Human Interface Devices 4 4 o e Other Devices 200 23 223 Screenshot 82 Device Usage by Device Type area This section enumerates device connection attempts by device type that were either allowed or blocked The information provided can be filtered for a specific computer or for all network computers GFI EndPointSecurity 8 Monitoring Device Usage Activity 107 8 1 3 Device Usage by Connectivity Port Device Usage by Connectivity Port rabbi Tupe Allowed Blocked Total Count ip USE 1 339 1 197 2 536 l 9 Firewire 0 0 0 L PEMCIA 6 3 5 EJ Bluetooth 1 1 2 Serial amp Parallel 0 0 0 T Infrared 0 0 D Secure Digital 50 1 143 4 347 5 490 e4 Internal 1869 354 2 223 Screenshot 83 Device Usage by Connectivity Port area This section enumerates device connection attempts by connectivity port that were either allowed or blocked The information provided can be filtered for a specific computer or for all network computers 8 2 Activity Use the A
83. entions used in this guide U a 11 1 1 Portable media device threats 2222200000000 00000 aaa 11 1 2 About GFI EndPointSecurity 2 aa 12 1 3 Components of GFI EndPointSecurity 222 aa 12 1 3 1 GFI EndPointSecurity Management Console 2 2 2 22 ccc cccccec ce ceeccccccceeeeeeeees 13 1 3 2 GFI EndPointSecurity Agent 00 22 c cece cccccccccceeeeeeeteeecccceeeeeeeeees 13 Cg DAA AP 13 1 5 How GFI EndPointSecurity works Deployment and Monitoring eee 14 1 6 How GFI EndPointSecurity works Device ACCESS 2 2 cece ecccccceeceeececccececeeeeeeeees 16 1 7 How GFI EndPointSecurityworks Temporary ACCESS 2 2 2 2 2c cece cee eeeceeccccceceeeeeeees 17 1 8 Supported device categories 2 2 2 eee aa 18 1 9 Supported connectivity ports 202 2 c ccc c cece eeeeeecccccecececeetetteeecccceeeeeees 19 1 10 Navigating the Management Console 20 2 cece cece cece cece ec ccccccccccceceetteeeececeeeeeees 19 2 Installing GFI EndPointSecurity _ 22000 002 2 coco eec eee cece cece e cee eeeeeeeeeee 21 2 1 System requirements 2 2 c cece cece cece ccccccceeeeeeeeeeeeecccceeeeeeeeetttteseceeeeeeeeeees 21 2 2 Upgrading GFI EndPointSecurity 2020 00 00 c cece ceccccccceceeeeetettetecccceeeeees 22 2 3 Installing a new instance of GFI EndPointSecurity 0 2 0 2 2 a 23 2 4 Post install configurations
84. ents older than a custom number of hours or days Device For maximum security GFI EndPointSecurity can be configured to encrypt storage devices using AES 256 encryption encryption Encryption can be enforced on specific computers running agents over the network Data leakage risk assess ment Content awareness The dashboard enables users to see potential data leakage risk for each endpoint Use the provided tips and perform suggested actions to reduce risks levels The content awareness feature enables users to look into files entering the endpoints via removable Devices Content is identified based on predefined or custom regular expressions and dictionary files By default the feature looks for secure confidential details such as passwords and credit card numbers 1 5 How GFI EndPointSecurity works Deployment and Monitoring GFI EndPointSecurity protection policy deployment and monitoring operations can be divided in the four logical stages described below GFI EndPointSecurity 1 Introduction 14 Administrator uses GFI EndPointSecurity management console GFI EndPointSecurity management console O Configure computers O Deployment Deploy protection policy Configure computers to be protected Configure credentials O Customize protection policy Configure device Configure access conmectivity port permissions usage permissions Configure power users Configure event logging and notifications blackl
85. es 8 Use the Add Edit and Remove buttons to manage file types 9 Click OK 6 15 2 Configuring Volume Encryption Volume Encryption enables you to encrypt the contents of USB devices using AES 256 encryption When volume encryption is enforced users must provide a password to encrypt or access storage devices data To enforce Volume Encryption on installed agents w Note Encryption on demand is possible even if not forced by the administrator directly by the end user by clicking the Encrypt entry from the shell context menu of a removable drive GFI EndPointSecurity 6 Customizing Protection Policies 90 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which to apply encryption policy 3 From the right pane click Encryption in the Security section General Q Enable and configure the encryption engine you want to use Windows 7 BitLocker to Go Encryption On systems running Windows 7 GFI EndPointSecunty can detect devices encrypted with BitLocker to Go and apply different permissions to them Select the checkbox below if you want to enable this feature Enable detection of encrypted devices On E Enable volume encryption The user password for an encrypted device can be reset in case the user Reset user password forgots the password Screenshot 65 Encryption options General tab 4 Select E
86. es will be fully accessible from the target computers covered by the protection policy As a result GFI EndPointSecurity cannot monitor and block devices falling in a category that is not controlled by the protection policy To configure devices controlled by a protection policy GFI EndPointSecurity 6 Customizing Protection Policies 57 1 Click Configuration tab gt Protection Policies From Protection Policies 5 Security select the protection policy to configure Click Security A U N From Common tasks click Edit controlled device categories Controlled Device Categories Controlled Device Categories i F Select which device categories should be controlled by this ay Security policy Device categories list ex Floppy Disks A CD DVD amp Storage Devices y Printers H PDA Devices E Network Adapters aa Modems a0 Imaging Devices JEE amp Ea a Human Interface Devices lt 8 Other Devices H MOTE 4 non controlled device category is fully accessible by all UZETE 0k Cancel Screenshot 24 Controlled Device Categories options 5 From the Controlled Device Categories dialog select unselect the required device categories that will be controlled by the protection policy and click OK Ye Important If you enable Human Interface Devices and deny access such devices users will not be able to use USB keyboards and mice conn
87. example optical drives connected internally on PCI 1 10 Navigating the Management Console GFI EndPointSecurity management console provides you with all the administrative functionality to monitor and manage device access usage GFI EndPointSecurity 1 Introduction 19 S GF EndPoint5ecurity 2013 File Configure Help Status Activity Configuration Protection Policies 3 24 General Control Py Security Common tasks Add pemission s _ Add local domain users groups Edit controlled device categories Edit controlled ports Switch to devices view Actions Delete permission s Increase priority Decrease priority Properties 1 Computer s E Tools Reporting General amp Computers Eal Protection Policies 7 Options pa Security Specify the users and groups that are allowed to access the devices blocked by this protection policy gt ser 2 Administrators Power User 82 GFILESEC_Bluetooth_FullAccess EJ Bluetooth GFILESEC_CdDwd_FullAccess GFI ESEC CdDvd ReadOnly el CD DVD E 22 GFILESEC_Firewire_FullAccess 2 GFI ESEC Foppy FullAccess 28 GFILESEC_Floppy_ReadOnly 2 GFILESEC_HID_FullAccess 2 GFI ESEC ImagingDevices FullAccess al Imaging Devices 22 GFI ESEC Infrared FullAccess 2 GFI ESEC Intemal FullAccess 2 GFLLESEC Modem FullAccess 2 GFI ESEC NetworkDevices Full Access a Network Adapters 2 GFI_ESEC_OtherDevices_F
88. figuration Access and configure the default protection policies Scanning Scan target computers and discover connected devices Reporting Download or launch GFI EndPointSecurity GFI ReportPack to generate your reports General Check for GFI EndPointSecurity updates as well as version and licensing detail Sub tabs Left Pane Right Pane OO GFI EndPointSecurity Access more settings and or information about the selected tab from section 1 Access configuration options provided in GFI EndPointSecurity The configuration options are grouped into three sections including Common Tasks Actions and Help Available only for some tabs Configure the configuration options selected from the left pane Available only for some tabs 2 Installing GFI EndPointSecurity 28 2 6 Testing your installation Once GFI EndPointSecurity is installed and the Quick Start wizard is completed test your installation to ensure that GFI EndPointSecurity is working correctly Follow the instructions in this section to verify the correctness of both the GFI EndPointSecurity installation as well as the operations of the shipping default protection policy This section contains the following information Test preconditions Test case Reverting to default settings 2 6 1 Test preconditions The following test pre conditions and settings are required ONLY for the purpose of this test Device setup For the following test you requi
89. fiter applies Template Create template Users Groups User Group name Screenshot 57 Add a new template 5 Click Add and select or key in the template from the Template drop down list 6 Click Add to specify the user s group s and click OK Repeat the preceding two sub steps for each template that will be applied 7 Click OK Select Users or Groups Select this object type Users Groups or Built in security principals From this location WIN 08 Enter the object names to select examples Screenshot 58 Selecting users or groups 6 13 2 Managing template options To add edit or remove predefined templates 1 Click Templates and select a template from the Template list 2 Click Add Edit or Remove to change or delete templates GFI EndPointSecurity 6 Customizing Protection Policies 85 Content Awareness Add edit or remove content blocking templates Name Description Austria ID 7MR 7ahl National identification number Austria ID ASVG Social insurance number Austria ID ssPIN New national identification number Belgium ID Identification number of the Bulgaria ID EGM Uniform Civil Number Czech Slovakia ID RC Birth Number Czech Slovakia ID COP Citizen s Identification Card Nu Denmark ID CPR Personal Identification Number Estonia ID IK Personal identification code Finland ID HETU Personal identity code France ID NIR Social security number INS
90. g temporary access for a protected computer ny Granting temporary access to a protected computer 6 11 1 Requesting temporary access for a protected computer To generate a request code tool GFI EndPointSecurity 6 Customizing Protection Policies 77 4L Devices Temporary Access Screenshot 49 Devices Temporary Access icon 1 From the Control Panel click Devices Temporary Access O GA EndPointSecurity Temporary Access fo a m GFI EndPoint5ecurity To temporary unlock the devices on this computer contact your administrator a and provide him the following Information Computer name BOGY Request code ddmnz5 TSP KOLA mONDEN yde To unlock the computer type the unlock code that pour administrator provided pou Unlock code Screenshot 50 GFI EndPointSecurityTemporary Access tool 2 In the GFI EndPointSecurity Temporary Access dialog take note of the Request code generated Communicate the following details to your security administrator Request code gt Device connection port type When you require access For how long you require access Keep the GFI EndPointSecurity Temporary Access tool open 3 When the administrator sends the unlock code key it in the Unlock code field i Note An unlock code keyed in on the protected target computer outside the specified validity period will not activate temporary access 4 Click Unlock to activate temporary access You are now able to access t
91. gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 Click Security gt Set Permissions 4 From Common tasks click Add permission s GFI EndPointSecurity 6 Customizing Protection Policies 63 Add permissions Control entities Specify For which type of item do you want to setup the permissions For Add permissions For Device categories e g Floppy disks Storage devices Connectivity ports e g USB Firewire Specific devices z Back Cancel Screenshot 31 Add permissions options Control entities 5 In the Add permissions dialog select Connectivity ports and click Next Add permissions Connectivity ports Select the connectivity ports For which to setup the permissions Connectivity ports W USB mi 2 Firewire pamela Fi Bluetooth Serial amp Parallel FI T Infrared B secure Digital 5D C 85 Internal lt Back Cancel Screenshot 32 Add permissions options Connectivity ports 6 Enable or disable the required connectivity ports for which to configure permissions and click Next GFI EndPointSecurity 6 Customizing Protection Policies 64 7 Click Add to specify the user s group s that will have access to the connectivity ports spec ified in this protection policy and click OK Add permissions Users Select the users groups which will have access
92. h as a mice keyboards and joysticks enable users to input data or to interact directly with the computer M MSI file A file generated by GFI EndPointSecurity for later deployment using GPO or other deployment options It can be generated for any protection policy and contains all the relevant configured security settings including installation settings for unprotected target computers Power user A power users is automatically given full access to devices connected to any target computer covered by the protection policy GFI EndPointSecurity 16 Glossary 152 Protection policy A set of device access and connectivity port permissions that can be configured to suit your company s device access security policies Q Quick Start wizard A wizard to guide you in the configuration of GFI EndPointSecurity with custom settings It is launched upon the initial launch of GFI EndPointSecurity management console and is intended for first time use S Security encryption A set of restrictions configured to either block or else to allow users groups to access specific file types stored on devices that are encrypted with BitLocker To Go These restrictions are applied when the encrypted devices are connected to the target computers covered by the protection policy T Target computer A computer that is protected by a GFI EndPointSecurity protection policy Temporary access A period of time during which users are allowed to access
93. he device for which to configure permissions and click OK Add permissions Users Select the users groups which will have access ko the devices parts Users lisk User Group Name Access Read Select Users or Groups Select this object type Users Groups or Built in security principals Object Types From this location tcdomainb com Enter the object names to select examples Check Namez Screenshot 36 Add permissions options Users GFI EndPointSecurity 6 Customizing Protection Policies 67 7 Click Add to specify the user s group s that will have access to the specific devices specified in this protection policy and click OK Add permissions Users Select the users groups which will have access ko the devices ports Users list User Group Mame Access Read write 2 tedomainb com John Smith Cancel Screenshot 37 Add permissions options Users 8 Enable or disable Access Read and Write permissions for each user group you specified and click Finish To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 7 Viewing access permissions GFI EndPointSecurity enables you to view all permissions assigned to Active Directory AD users and or user groups You can do this on a policy by policy basis When a device cat
94. he most up to date listing of technical support questions and patches In case that the information in this guide does not solve your problems next refer to GFI SkyNet by visiting http kb gfi com GFI EndPointSecurity 15 Troubleshooting and Support 148 Web Forum User to user technical support is available via the GFI web forum Access the web forum by visiting http forums gfi com Request technical support If none of the resources listed above enable you to solve your issues contact the GFI Technical Support team by filling in an online support request form or by phone Online Fill out the support request form and follow the instructions on this page closely to sub mit your support request on http support gfi com supportrequestform asp Phone To obtain the correct technical support phone number for your region visit http www gfi com company contact htm O note Before contacting Technical Support have your Customer ID available Your Customer ID is the online account number that is assigned to you when first registering your license keys in the GFI Customer Area at http customers gfi com We will answer your query within 24 hours or less depending on your time zone Documentation If this manual does not satisfy your expectations or if you think that this documentation can be improved in any way let us know via email on documentation gfi com GFI EndPointSecurity 15 Troubleshooting
95. he required device and or connection port GFI EndPointSecurity 6 Customizing Protection Policies 78 6 11 2 Granting temporary access to a protected computer To grant temporary access 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies sub tab 2 From the left pane select the protection policy that includes the computer on which temporary access needs to be granted 3 From the right pane click Grant temporary access in the Temporary Access section Request code Enter request code Grant temporary access J The user has to use the GFI EndPomt5 ecurty Temporary Access tool which is Installed on the client computer to generate the request code Request code Fe Computer Mame taal Screenshot 51 Grant temporary access options Request code 4 In the Grant temporary access dialog key in the request code received from the user in the Request code field The computer name from which the request code was generated is displayed in the Computer Name field Click Next GFI EndPointSecurity 6 Customizing Protection Policies 79 Grant temporary access Device categories and connection ports Select the device categories and connection ports that will be granted temporary ACCESS Select device categories and connection ports H Device categories v Connection ports w USE g Firewire vt PCMCIA Bluetooth z 7 Serial amp Parallel wla Infrare
96. he specified period a30 Days Roll over database when its size reaches 4 GE Screenshot 101 Maintenance options 4 From the Maintenance dialog configure how often events are deleted from the database back end Select from the options described below Table 17 Database maintenance options Never delete events Keep all events in your database backend without deleting old ones Note Ensure that manual deletion of old records is done to prevent GFI EndPointSecurity performance loss Backup events older than the Select this option and specify how old events have to be before they are backed up specified period in a separate database Delete events older than the Select this option and specify how old events have to be before they are deleted specified period Roll over database when its size Specify the maximum size a database can grow before GFI EndPointSecurity auto reaches matically switches to a new database 5 Click Apply and OK O Note Since Microsoft SQL Express 2005 has a database size limitation of 4 GB and Microsoft SQL Express 2008 R2 has a database limitation of 10 GB it is recommended to use Roll over database option For more information on Microsoft SQL Server Edition engine specifications refer to http go gfi com pageid ESEC SqlSpecs GFI EndPointSecurity 11 Managing the Database Backend 127 11 2 Using an existing SQL Server instance To connect to an existing SQL Server instance 1
97. ided by GFI EndPointSecurity 1 Click Start gt Programs gt GFI EndPointSecurity2013 gt GFI EndPointSecurity2013 Trou bleshooter 2 Click Next at the wizard welcome screen Screenshot 120 Specifying contact and purchase details 3 Key in your contact details so that our support team would be able to contact you for further anal ysis information Click Next Screenshot 121 Specifying issue details and other relevant information to recreate the problem 4 Specify the error you are getting and other information that would help our support team rec reate this issue Click Next Screenshot 122 Gathering machine information 5 The troubleshooter scans your system to get hardware information You can manually add more information in the space provided or click Next Screenshot 123 Finalizing the Troubleshooter wizard 6 At this stage the troubleshooter creates a package with the information gathered from the pre vious steps Next send this package to our support team so they can analyze and troubleshoot your problem Click the buttons described below for sending options Open Containing Folder Opens the folder containing the troubleshooter package so that you can send the package manually via email Go to GFI Support Opens the support page of GFI website 7 Click Finish GFI SkyNet GFI maintains a comprehensive knowledge base repository which includes answers to the most common problems GFI SkyNet always has t
98. ile type signature checking can be done on the following file types AVI BMP CAB CHM HTM JPE JPEG JPG MSG MSI OCX P7M TIF TIFF TXT URL Note 1 DLL LNK PDF WAV DOC M4A PPT XLS EMF MDB RAR ZIP EXE MP3 RTF DOCX GIF HLP MPEG MPG SCR SYS XLSX PPTX For any other file type not specified above filtering is based only on the file extension Note 2 File type filtering is only applied to device categories and or ports for which permissions have been set to allow access To configure file type restrictions for users in a specific protection policy 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which you want to specify file type restric tions 3 From the right pane click File type Filter in the File control section GFI EndPointSecurity 6 Customizing Protection Policies 81 File type Filter Filter z Specify which are the file type restrictions for the protection policy Allow all files but black the usage of the following files types O Block all files but allow the usage of the following files types im File type Users Groups Im ege Everyone Add Edit Remove i NOTE File type filtering applies only on controlled device calegones ports devices where the permissione configuration allows access Screenshot 54 File type Filter options 4 In the File
99. in the GFI End activates tem PointSecurity Temporary Access tool to activate the temporary access and to be able to use the porary device required devices ports access GFI EndPointSecurity 1 Introduction 17 1 8 Supported device categories In GFI EndPointSecurity devices are organized into the following categories amp Floppy disks amp CDs DVDs Printers PDAs including Pocket PCs Sy Smart phones Network Adapters including FE ng Ethernet adapters ng Wi Fi adapters ng Removable adapters USB Firewire PCMCIA es Modems including ng Smart phones ng Mobile phones sit Imaging Devices Digital cameras Webcams Scanners Human Interface Devices Keyboards gt Mice Game controllers ix Storage Devices including gt USB Pen drives Digital Media Players e g MP3 MP4 players Flash and Memory Card Readers Multi drive USB devices i e devices that do not mount as a single drive 5 Other Devices Bluetooth dongles ports Infrared dongles ports GFI EndPointSecurity 1 Introduction 18 Zip drives Tape drives MO magneto optical drives internal and external 1 9 Supported connectivity ports GFI EndPointSecurity scans for devices that are or have been connected on the following ports Y USB B secure Digital SD Firewire Bluetooth Infrared 7 PCMCIA 7 Serial amp Parallel Internal
100. ing risk assessment results of the network computers The option to re scan the network to obtain the latest risk assessment results The Time of the last risk assessment GFI EndPointSecurity 9 Status Monitoring 114 BOO This section lists the cumulative values of the number of Scanned endpoints Successful scans Protected endpoints Unprotected endpoints Devices discovered This section also represents The network where agents are installed The time and date of the last risk assessment This section graphically represents the number of agents that are currently Awaiting installation on network computers Protected by GFI EndPointSecurity Not protected by GFI EndPointSecurity This section represents all agents deployed on network computers differentiating between those currently online and those that are offline For more information refer to Status view page 117 This section graphically represents the device threat percentage levels as logged by the agents of network computers that have GFI EndPointSecurityinstalled on them This section graphically represents the percentages of user accesses per device category of the total cumulative amount of user accesses to devices as logged by the agents User accesses to devices refer to both allowed and blocked device accesses This section lists The user account under which the GFI EndPointSecurity service is running gt The risk f
101. ion refer to Discovering Devices page 100 Note Power users will override any blacklisted devices and thus will be able to access blacklisted devices To add devices to the blacklist of a specific protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 From the right pane click Devices Blacklist in the General Control section Black fist Black list r Specify which are the devices that will be accessible to gi eVernone Devices list Device Description Device category Floppy disk drive Floppy Disks Remove _ Cancel Apply Screenshot 41 Black list options 4 In the Black list dialog click Add to select devices to add to the blacklist GFI EndPointSecurity 6 Customizing Protection Policies 71 Select Devices Select Devices You can either select a device with all its serials or else select some of the serials associated with the device Vendors list Devices list Vendors Device description Device c lt All devices C Floppy disk drive Floppy Disks Vendor ID 0409 Op Generic USB Skorage CFC USB Device Storage Devices vendor ID Qaec F JetFlash T5512MIF2B 2L USB Device Storage Devices vendor ID Deal as CDYVD ROM CD DVD vendor IC ms ae NEC USB UFOOOx USE Device Floppy Disks vendor ID samsung C 23 SAMSUNG CD ROM SC 1484 CD DVD Add New Device S
102. ion Status Device Usage by Device Type Device Usage by Connectivity Port 9 2 1 Protection Status Protection Status 4 00 AM Screenshot 90 Protection Status area GFI EndPointSecurity 9 Status Monitoring 116 This section graphically represents daily device usage on computers differentiating between devices that have been blocked and devices that have been allowed by the agents The information provided can be filtered for a specific computer or for all network computers 9 2 2 Device Usage by Device Type Device Usage bv Device Type pig Tupe Allowed Blocked Total Count CG Floppy Disks 2 ata g0 25 CD DVD 2 161 397 2 558 co Storage Devices 1 939 5 353 292 Hm Printers 11 5 16 PDAs 10 7 17 E Network Adapters 16 13 29 a Modems 6 5 11 80 Imaging Devices z Hi 12 Human Interace Devices 4 4 a S Other Devices 200 23 223 Screenshot 91 Device Usage by Device Type area This section enumerates device connection attempts by device type that were either allowed or blocked The information provided can be filtered for a specific computer or for all network computers 9 2 3 Device Usage by Connectivity Port Device Usage by Connectivity Port Tupe Allowed Blocked Total Count ip USB 1 339 1 157 2 536 2 Firewire 0 0 0 1 PCMCIA 6 3 9 EJ Bluetooth 1 1 2 NG Serial amp Parallel 0 0 0 T Infrared D D D a Secure Digital 50 1 143 4 347 ES 490 E Internal 1 569 354 2223 Screenshot 92 Device Usage by Connecti
103. is assigned to newly discovered devices If a protection policy is not configured for deployment create a policy that can be assigned to new agents that are being installed on discovered computers The default policy must be assigned to a new agent but can be changed from the Configuration tab gt Computers sub tab Security settings and device behavior are dictated by the policy Refer to the following section for information about Customizing Protection Policies Setting a policy as the default policy 4 Assign protection policies automatically Configure GFI EndPointSecurity to automatically deploy protection policies on new agents Refer to the following sections for information about Scheduling policy deployment Deploying policies through Active Directo Verifying protection policy deployment 5 Monitor device activity GFI EndPointSecurity enables you to maintain an audit trail of activity logs generated by agents deployed on network computers event logging must be enabled The Status and Activity tabs enable you to view statuses and statistical information about endpoints agents and GFI EndPointSecurity Refer to the following sections for information about Configuring event loggin View device usage activit View device usage statistics GFI EndPointSecurity 3 Achieving Results 36 3 3 Monitoring network activity from a central location Agents generate activity logs that are stored in an SQL Server dat
104. ist whitelist filters Monitor device usage activity Configure device Configure device Configure file type statistics view Device Scan Figure 1 Protection policy Deployment and Monitoring The table below describes the stages depicted above Table 3 Deployment and Monitoring protection policy Description Stage 1 The administrator specifies which protection policy is assigned to which computers and the log on cre Configure dentials to be used by GFI EndPointSecurity to access the target computers and deploy the agents computers Stage 2 The administrator can customize a protection policy before or after deploying it Customization options Customize include the creation of power users addition of blacklisted whitelisted devices and device access per protection missions policy GFI EndPointSecurity 1 Introduction 15 Stage 3 The administrator deploys the protection policy Upon the first deployment of a protection policy a GFI Deploy pro 8 EndPointSecurity agent is automatically installed on the remote network target computer Upon the tection pol next deployments of the same protection policy the agent will be updated and not re installed icy Stage 4 When agen
105. it Device serials 7 Devices Temporary Access ICON o 12 222 eee cece ee eee cece eet eee cee eeceeeeeeeeseeeeees 78 GFI EndPointSecurityTemporary Access tool 78 Grant temporary access options Request code 79 Grant temporary access options Device categories and connection ports 80 Grant temporary access options Time restrictions 022 22 eee eee eee eee eee eee eee 80 File type Filter options 82 File type Filter and user options 2 2 22 2 oie cece cece cece eee e cece ee cee eeceeeceeeeeeeees 83 Content awareness options 2 2 22222 eee eee cece eee cece eee eee eee eee eee ee eeeeeeeeeeeee 84 Add a new template _ 2 2 02 2 aaao adanadan aaa Laaa cece eee cece eceeeeeeeeseeeceseeseeeeeees 85 SCIECTING Users OF STOUDS core cenledst La tat BAKA beeen Lb eds ble kari GAGA Ain bang bulsa seiede 85 Managing templates u 22 l icc c cece eee cece cece cee e cece eee eee eee eeeceeseeesereeeseees 86 PIC ODEONS cinsore aati get sues scacieivs GOB AA needa didn Ga GG Sa ue 87 File type Filter and user options 0 2 22 22 cee cece ccc eee eee e cece cece cece cee cceeceeeeeees 88 Encryption options General tab 20 0 0 cece cece cece ccc c cence scencenes 89 Encryption options Permissions tab 2 22 c eee eee cece cee cece cece ceeeeeeee 89 Encryption options File type Filter tab 2 cece cc cece ec ceeceeeeeee 90 Encryp
106. ity Click on the Configuration tab Click on the Protection Policies sub tab From the left pane select the General Control protection policy Click on the Security sub node NY DBD oO LR W N From the left pane click the Add permission s hyperlink in the Common tasks section GFI EndPointSecurity 2 Installing GFI EndPointSecurity 30 Add permissions Control entities Specify For which type of item do you wank to setup the permissions For Add permissions For Device categories e g Floppy disks Storage devices Connectivity ports e g USB Firewire Specific devices z Back Cancel Screenshot 5 Selecting control entities 8 In the Add permissions dialog select the Device categories option and click Next to continue Add permissions Device categories Select the device categories For which to setup the permissions Device categories V Floppy Disks 7 2G CD DVD a Storage Devices Ba Printers Ei H PDA Devices E E Network Adapters W s Modems ai Imaging Devices L Human Interface Devices Mot controlled _ SS other Devices lt Back Cancel Screenshot 6 Selecting device categories to assign permissions 9 Enable the CD DVD device category and click Next GFI EndPointSecurity 2 Installing GFI EndPointSecurity 31 Add permissions Users Select the users groups which will have access to the devices parts
107. ity when a new computer is discovered Also select the policy that these settings apply to Click Apply and OK to close the Auto Discovery dialog and click Next at the Quick Start Wizard From Power Users select unselect Set GFI EndPointSecurity Power Users to enable disable power users features Members of the power users group have access to any connected device effected by this policy Click Select Power Users and from the Power Users dialog click Add to add users from your domain workgroup Click Apply and OK to close the Power Users dialog and click Next at the Quick Start Wizard GFI EndPointSecurity 2 Installing GFI EndPointSecurity 26 12 13 14 15 From Users Groups select unselect Configure Users Groups to create domain workgroup users and bind them to device categories and connectivity ports settings selected in the next step Click Select which Users Groups to create From the Configure Users Groups dialog select the devices and or connection ports for which users are created on To manage every supported device and port from this policy click Select All Click Close to close the Configure Users Groups and click Next at the Quick Start Wizard From Database select the database type you want to use as the database backend Select from the options described below Table 9 Database backend options 16 17 Don t configure the Finalize the Quick Start Wizard and configure the database backend
108. later For more infor database at this time mation refer to ACM Use an already Use an instance of Microsoft SQL Server already installed on the same machine you are install installed SQL Server ing GFI EndPointSecurity or any other machine on the network instance Install a local instance Select this option to download and install an instance of Microsoft SQL Server Express on the of SQL Express Edi same machine you are installing GFI EndPointSecurity An Internet connection is required tion Optional Click Advanced database settings to specify the SQL Server address database name logon method and the respective credentials Click Apply and OK to close the Database Backend dialog Click Next and wait for the settings to be applied Click Finish to close the Quick Start Wizard 2 5 Navigating the Management Console GFI EndPointSecurity management console provides you with all the administrative functionality to monitor and manage device access usage GFI EndPointSecurity 2 Installing GFI EndPointSecurity 27 S GF EndPoint5ecurity 2013 File Configure Help Status Activity Configuration Tools Reporting General amp Computers Eal Protection Policies 7 Options Protection Policies pa Security 2 24 General Control er Security Common tasks Add pamissionis Add local domain users groups Edit controlled device categories _ Edit controlled ports Switch to devices view Actions Delete
109. le type Filter and user options 5 From the Archive Options tab enable disable Search inside archives and specify the archive nesting level to use when checking archive files 6 Click OK 6 15 Configuring security encryption GFI EndPointSecurity enables you to configure settings which specifically cater for encrypted devices It also enables you to encrypt devices which are not yet secured Configuring Microsoft BitLocker To Go devices Configuring Volume Encryption 6 15 1 Configuring Microsoft BitLocker To Go devices GFI EndPointSecurity can detect storage devices encrypted with Microsoft BitLocker To Go This enables you to configure different permissions on such devices To enable Microsoft BitLocker To Go detection 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which to apply the encryption policy 3 From the right pane click Encryption in the Security section GFI EndPointSecurity 6 Customizing Protection Policies 88 a Enable and configure the encryption engine you want to use Windows 7 BitLocker to Go Encryption i On systems running Windows 7 GFI EndPointSecunty can detect devices encrypted with BitLocker to Go and apply diferent pemissions to them Select the checkbox below if you want to enable this feature Enable detection of encrypted devices Configure on E Enable volume encryption The use
110. ll Access Full Access Full Access Full Access Full Access Full Access ail Imaging Devices E Other Devices Oo mon kh o na A amp Cs e Cs Cs Es x Screenshot 38 Protection Policies sub tab devices view GH EndPointSecurity 2013 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General amp Computers f5 Protection Policies Options Protection Policies A The protection policy updates are not yet applied on all computers Click here to deploy the protection policy updates CTRL D El General Control a Security Specify the users and groups that are allowed to access the devices blocked by this protection policy Sa Administrators Power User S8 GFILESEC_Bluetooth_FullAccess 48 GFI ESEC CdDvd FullAccess 2 GFI ESEC CdDvd ReadOnly 2 GFILESEC_Firewire_FullAccess 2 GFILESEC_Aoppy_FullAccess 2 GFILESEC_Aoppy_ReadOnly 2 GFLESEC HID FullAccess g8 GFI ESEC ImagingDevices FullAccess 82 GFI_ESEC_Infrared_FullAccess 2 GFILESEC_Intemal_FullAccess 88 GFILESEC_Modem_FullAccess S8 GFILESEC_NetworkDevices_FullAccess 82 GFLESEC OtherDevices FullAccess 8 GFILESEC_PCMCIA_FullAccess S amp GFILESEC_PDA_FullAccess S amp GFILESEC_Printer_FullAccess 2 GFILESEC_SecureDigital_FullAccess 2 GFILESEC_SerialParallel_FullAccess S8 GFILESEC_StorageDevices_FullAccess 2 GFI_LESEC_StorageDevices_ReadOnly GF ESEC USB FullAccess HAF A Common tasks
111. mation and references essential for the operation of GFI EndPointSecurity o Important notifications and cautions regarding potential issues that are commonly encountered gt Step by step navigational instructions to access a specific function Bold text Items toselect such as nodes menu options or command buttons Italics text Parameters and values that you must replace with the applicable value such as custom paths and fil enames Code Indicates text values to key in such as commands and addresses 1 1 Portable media device threats The key advantage of removable media devices or portable devices is easy access In theory this may be of great advantage for organizations but still it is a well reported fact that access and security are at opposite ends of the security continuum Developments in removable media technology are escalating Different versions of portable devices such as flash memory have increased in GFI EndPointSecurity 1 Introduction 11 Better storage capacity Improved performance Easier and faster to install Physically small enough to carry in a pocket As a result internal users may deliberately or accidentally Take away sensitive data Expose confidential information Introduce malicious code example viruses Trojans that can bring the entire corporate network down Transfer inappropriate or offensive material on to corporate hardware Make personal copies of company d
112. messages you want the GFI EndPointSecunty agent to display to the user when a device is accessed Select message type Message type Message Computer reboot is required Warning An administrat Acces allowed to a controlled device Access allowed ta desi W Access blocked to a controlled device Access blocked to devi Fa Temporary access granted Temporary access grar Edit message Cancel Screenshot 114 Custom Messages dialog options 3 Select unselect the message types you want to customize 4 For each message type selected click Edit message modify the text as required and click Save Repeat this step for each message you want to modify 5 Click Apply and OK 13 3 Configuring GFI EndPointSecurity updates GFI EndPointSecurity can be configured to download and install updates automatically on a schedule or on startup To configure updates 1 Click General tab 2 From the left pane click Updates GFI EndPointSecurity 13 Configuring GFI EndPointSecurity 141 GFI EndPoint5ecurity 2013 File Configure Help Status Activity Configuration General to Version Information Update Licensing Support Support Center Knowledge Base GFI Forums Submit feedback Links Home page How to purchase Other GFI Products Screenshot 115 General tab Updates Discuss this version Scanning Reporting General Update Check Check for upd
113. mmediately Deployment sub tab 00 00 20 22 e eee eee eee 53 Schedule deployment options aa 54 Deployment History area cic c eee ee cee cece eee e cee e cece eee eeeeeeeeceseeeeeeees 55 Agent s Status area _ 2 22 2 ieee c cece cece eee eee cece cence eee e eee eeeeeeeeceeeeseeeeees 55 Controlled Device Categories options 2 022 2 c ieee cece eee cece cece cee eeeeeeeeeees 58 Controlled connectivity ports options 222 o eee e cece cee eee eee e cece cece eeeeeeees 59 Power users options cst chien coveosicaudanehddedecsuwsdcbuatauewdcbsdadwiaeudndevdaessadadensodeuceacs 60 Add permissions options Control entities e cece ee eee eee cee eee eeee 61 Add permissions options Device categories 62 Add permissions options Users e eee c eee eee cece ec eee cece ee ceeeeececeeceeeeees 62 Add permissions options Users o cece cece cece eee e cee cee cece ec ce cee ceeceeeeeeeeeees 63 Add permissions options Control entities cece cece eee cee eee cee cece eee 64 Add permissions options Connectivity ports 022 22 eee cece eee eee e cece ee eeeeeee 64 Add permissions options Users _ 2 2 2 2 22 i cece cece cece eee cee cee cece eee e cee ceeceeeeseeeeees 65 Add permissions options Control entities 00 0002 co cece cece eee eee eee eee eens 66 Add permissions options Specific devices 67
114. n Protection Policy dialog select the required protection policy from the drop down list and click OK 5 2 1 Deploy immediately To immediately deploy a protection policy on target computers 1 Click Configuration tab 5 Computers sub tab 2 Highlight the required target computer s If more than one deployment is required you can high light all the required target computers at once and then deploy the protection policies to the selected set of target computers 3 From Actions click Deploy now The view should automatically change to Status 5 Deployment GFI EndPointSecurity 5 Managing Protection Policies 52 T GF End PointSecurity 2013 Sea File Configure Help Discuss this version Status 7 Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment a Deployment Status Monitor the progress of current protection agent deployments You can also check which deployments are scheduled and go through the deployment history log Current Deployments z Queued Deployrnents Computer Progress Type Computer Type IG W7 07 754 Installation There are no items to show in this view Scheduled Deployments Computer Deploy on Type II GFI CCEICA78C54 12 02 2013 13 19 42 Installation IF LANGUARDW8 12 02 2013 13 19 48 Installation TJ W71 1 12 02 2013 13 19 45 Installation WA XPO1 12 02 2013 13 19 50 Installation 4 4 Deployment History Date Time Computer Type
115. nable volume encryption Click Configure Click Reset user password to reset the encryption password for a specific user GFI EndPointSecurity 6 Customizing Protection Policies 91 Volume Encryption Securty G Y Specify the recovery password and enable the user password ia secunty Specify a recovery password that can be used to reset the user password for an encrypted device in case the user forgets the password Recovery Password Use the password security to enforce restrictions to passwords specified by users when encrypting devices Enable user password security Minimum password lenght 5 Screenshot 66 Encryption options Security tab 5 From the Security tab configure the features described below Table 14 Volume encryption Security options Recovery Password Key in a password used if users forget or lose their passwords Enable user pass Enforce restrictions to passwords specified by end users In Minimum password length specify word security the minimum acceptable password length GFI EndPointSecurity 6 Customizing Protection Policies 92 Volume Encryption Security G E Select the users groups which will have volume encryption 1 enforced upon Enforce all users in the following list O Enforce all users except those in the following list Leer tedormainb com johrsnnth tedomainb com johndoe Remove Screenshot 67 Encryption options Users tab 6 Select Users tab and config
116. nguage you want to install and click OK 3 Click Next at the Welcome screen to start setup 4 Read carefully the End User License Agreement If you agree to the terms laid out in the agreement select accept the license agreement and click Next GFI EndPointSecurity 2 Installing GFI EndPointSecurity 23 ja GF EndPointSecurity 2013 Setup RJ o User Account Information Please enter requested data The GFI EndPomtSecurnty 2013 Service listens for important events generated by protection agents and logs them to a central database It is recommended to run the service under a domain administrator account Set up the GFI EndPointSecunty 013 Service to run under Account ENDPOINT Sohn Smith Password IIT ICI Iii iii iti NOTE Specify the user name in the format DOMAIN administrator Back Next gt Cancel Screenshot 2 GFI EndPointSecurity installation domain administrator account setup 5 Key in the logon credentials of an account with administrative privileges and click Next to continue j8 GFI EndPointSecurity 2013 Setup Ao License Kep 4 ba Enter the Following information to personalize pour installation 3 Please enter pour name company and license key If you do not have a license key you can continue the installation and specily a license key later Without a valid license key you will have limited functonallity Full Mame John Smith Company MyCompany License Key Click Register t
117. nstall agent s settings are set to assign the General Control protection policy shipping default protection policy on to the newly discovered computers To configure the Auto Discovery settings 1 Click Configuration tab gt Computers 2 From Common tasks click Auto discovery settings GFI EndPointSecurity 4 Adding Target Computers 39 Auto Discovery Enable automatic discovery to detect computers newly 2 connected to the network Start discovery now Fi Enable automatic discovery to detect computers newly connected to the network Schedule Start discovery ak October 17 2011 06 58 PM Hourly Recur evem 1 weekls on Daily L Sunday V Monday Weekly C Tuesday E Wednesday Monthly C Thursday E Friday E Saturday Lk Cancel Screenshot 10 Auto Discovery options Auto Discovery tab 3 Click Start discovery now to run auto discovery immediately 4 Select unselect Enable automatic discovery to detect computers newly connected to the net work to enable disable Auto Discovery 5 From the Schedule section select the start date and set frequency of the searches from Hourly Daily Weekly or Monthly GFI EndPointSecurity 4 Adding Target Computers 40 Auto Discovery Auto Discover ek Select the area from where the new computers have to be 4 discovered Current domain workgroup O The following domains workgroups O Entire network except
118. nt from which GFI EndPointSecurity application is running 10 Select unselect Send alert to enable disable alerting options For more information refer to Configuring alerting options page 129 11 Click Apply and OK 4 3 Configuring log on credentials GFI EndPointSecurity requires to log on to the target computers in order to Deploy agents and protection policy updates Keep track of the protection status of all target computers This requires that GFI EndPointSecurity is run under an account that has administrative privileges over your network target computers example a domain administrator account To specify logon credentials for a target computer GFI EndPointSecurity 4 Adding Target Computers 42 1 Click Configuration tab 5 Computers 2 Right click on a computer from the list and click Set logon credentials w Note If you want to set multiple computers to log on using the same credentials highlight the required computers right click on one of them and click Set logon credentials Alternatively click Set logon credentials from Actions Logon Credentials Logon Credentials Pi Specify the credentials which will be used to logon to computers at contained within this protection policy O Use the security contest under which the GFI EndPoint Security 2E vICe 1 TUFF Use the logon credentials specified below User Name pamith Password Screenshot 13 Logon Credentials dialog option
119. o obtain a free 30 day evaluation key Register lt Back Next gt Cancel Screenshot 3 GFI EndPointSecurity installation license key details 6 Key in the Full Name and Company If you have a license key update the License Key details and click Next GFI EndPointSecurity 2 Installing GFI EndPointSecurity 24 w Note The license key can be keyed in after installation or expiration of the evaluation period of GFI EndPointSecurity For more information refer to Product licensing 7 Key in or browse to select an alternative installation path or click Next to use the default path and proceed with the installation 8 Click Back to re enter installation information or click Next and wait for the installation to complete 9 Upon installation completion enable or disable the Launch GFI EndPointSecurity checkbox and click Finish to finalize installation 2 4 Post install configurations On the initial launch of GFI EndPointSecurity management console the Quick Start wizard is automatically launched This enables you to configure important GFI EndPointSecurity settings for first time use The Quick Start wizard consists of the following steps and guides you to configure Risk Assessment Automatic discovery Power users gt Users groups Database backend G Note The Quick Start Wizard can be re launched from File 5 Quick Start Wizard To use the Quick Start Wizard 1 Click Next at the wizard
120. o use when deploying agents and protection policy updates A FA Deployment options Number of deployment threads Deployment timeout seconda Screenshot 112 Advanced Options Deployment tab 4 Click Deployment tab and key in the required Number of deployment threads and Deployment timeout seconds values GFI EndPointSecurity 13 Configuring GFI EndPointSecurity 139 Advanced Options a a Communication Deployment Agent Security E Specify the agents control password Agents control is restricted only to instances that are using the same agent password E Enable agent control Password Confirm password Cia Screenshot 113 Advanced Options Agent Security tab 5 Click Agent Security tab and select unselect Enable agent control Use this option to assign par ticular logon credentials to all GFI EndPointSecurity Agents deployed on your network 6 Click Apply and OK 13 2 Configuring user messages GFI EndPointSecurity enables you to customize the messages that is displayed by GFI EndPointSecurity Agents on target computers when devices are accessed To customize user messages 1 Click Configuration tab gt Options sub tab 2 From Configure right click Custom Messages and select Customize user messages GFI EndPointSecurity 13 Configuring GFI EndPointSecurity 140 Custom Messages General o Configure which
121. og Monitor the use of devices across the network Select or type the computer name Select or type the user name Timetrame All Computers All Users ka Advanced filtering Time Description Advanced filtering P 23 4 9 2010 4 02 24 PM TECHCOMSERYTWO4Administrat E Pl 4 8 2010 4 01 28 PM TECHCOMSERVTWONAdministrat Applicata Paih T 23 4 9 2010 40 25PM TECHCOMSERVTWONAdministrat P 23 4 9 2010 4 01 25 PM TECHCOMSERYT WO Administra 423 4 9 2010 3 59 52 PM TCDOMAINAkadministrator on com File path P pi 4872010 3 13 28 PM TCOOMAINA administrator on com T 23 4 9 2010 3 12 06 PM TECHCOMSERYTWONAdministrat 5 4 8 2010 3 12 02 PM TECHCOMSERYT WO Administrat Device P 25 4 8 2010 3 08 49 PM TECHCOMSERYT WO Administrat P 25 4 8 2010 3 08 42 PM TECHCOMSERYT WO Adminiatrat Ewent type Head only access allowed Head only access denied Access allowed Full access allowed User Name WS STECHCOMSERYT WO Administrator F Ful denied Device TSS Tcorp DVD ROM TS L3334 ATA Device cb File Path E Device connected Real File Type MAA Device disconnected Agent has started Device Information Description Channel 1 Target 0 Lun 0 Agent has stopped Category CD DVD System Class CDROM Connectivity Port Intermal 4 a Events Screenshot 85 Activity Log sub tab Advanced filtering To access advanced filtering options of Activity Log click Advanced filtering in the Activity Log sub tab
122. omputers protected by this policy 7 Click Controlled Connectivity Ports GFI EndPointSecurity 5 Managing Protection Policies 47 Controlled connectivity ports Controlled connectivity ports e Select which connectivity ports should be controlled by this ma security policy Devices list gt PCMCIA E3 Bluetooth 1 Serial amp Parallel T Infrared B Secure Digital SD Cas Internal i NOTE 4 non controlled connectivity port is fully accessible by all UZETE Screenshot 17 Controlled connectivity ports options 8 From the Controlled connectivity ports dialog select the required connectivity ports that you want to control by this new policy Click OK to close the Controlled connectivity ports dialog and return to the wizard 9 Click Next GFI EndPointSecurity 5 Managing Protection Policies 48 Create Protection Policy Create Protection Policy 7 This wizard will guide you through the most important steps to create a new protection policy A General Set whether to allow or block access to the previously defined device categories Mame and ports Protection Block any access ko the controlled devices Controlled Categories and j Forts mae Allow everyone bo access the controlled devices Global Permissions Storage Devices Monitoring Logging and Alerting Options Finalize Finish Mote There are two general scenarios when using SFI EndPointSecurity The First is to block all removable devices
123. on refer to Configuring device blacklist or Configuring device whitelist Devices list Device Name Device Description Connected Device Category Connection Port Vendor ID Floppy disk drive es Floppy Disks Internal Internal matt CD PAD Ys heft Virtual CO ROM mn Add ko devices database Screenshot 79 Devices list area Add device to devices database To add devices to the devices database 1 Select one or more devices to add to the devices database from the Devices list section 2 Right click on the selected devices and select Add to devices database 3 Click OK GFI EndPointSecurity 7 Discovering Devices 105 8 Monitoring Device Usage Activity This chapter provides you with information about monitoring the activity of your network devices GFI EndPointSecurity enables you to keep an audit trail of all events generated by GFI EndPointSecurity Agents deployed on network computers To maintain an audit trail you must enable logging For more information refer to Configuring event logging page 94 Topics in this chapter 8 1 Statistics na AG NGA DSL nG Lk G LILA BOUUA NGA tere leeds bnns NILLG aaa 106 BAAN OIN AA AA 108 8 1 Statistics Use the Statistics sub tab to view the daily device activity trends and statistics for a specific computer or for all network computers GFI EndPointSecurity 2013 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General
124. ons to import Protection Policies Computer GFI EndPointSecurity 2 Installing GFI EndPointSecurity 22 Security settings gt Options Logging options Database options Upgrading from GFI LanGuard Portable Storage Control If the computer on which you are installing GFI EndPointSecurity is protected by a GFI LanGuardPortable Storage Control agent you first need to uninstall that agent To do this 1 Open GFI LanGuard Portable Storage Control configuration console 2 Delete the agent from the computer where GFI EndPointSecurity will be installed oO Note This process should be done only for the computer where GFI EndPointSecurity will be installed 3 Close the GFI LanGuard Portable Storage Control configuration console application and proceed to installing GFI EndPointSecurity 4 When installing GFI EndPointSecurity you are asked to confirm whether you want to import configurations from the previous version Click Yes to import configurations G Note GFI LanGuard Portable Storage Control agents that were protecting your computers will be automatically added to a protection policy called Legacy Agents in GFI EndPointSecurity 2 3 Installing a new instance of GFI EndPointSecurity To install GFI EndPointSecurity 1 Logon the machine where GFI EndPointSecurity is going to be installed using administrative privileges 2 Double click the GFI EndPointSecurity executable file 2 Select the la
125. orage Devices mg wa Human Interface Devices E3 Other Devices Screenshot 75 Running a device scan Scan device categories tab 5 Click Scan Device Categories tab and select the device categories you want to include in the scan GFI EndPointSecurity 7 Discovering Devices 102 Logon Credentials Scan Device Categories 5can Ports 2 Select which device connection ports should be included in the ng scan Select the connection ports Serial amp Parallel Secure Digital SD Screenshot 76 Running a device scan Scan ports tab 6 Click Scan Ports tab and select the connection ports you want to include in the scan 7 Click Apply and OK 8 To specify scan target computers Inthe right pane key in the computer name or IP address of the target computer s in the Scan target text box Click New Scan to start scanning the specified computer 7 2 Analyzing device scan results Device Scan results are displayed in two sections Computers Devices list GFI EndPointSecurity 7 Discovering Devices 103 7 2 1 Computers Computers Computer User Protected Devices Devices Connected Version a POT TCOOMAINA administrator Yes 2 2 420100324 Ba P04 TCDOMAINA Administrator Yes 2 2 A 20100 324 Screenshot 77 Computers area This section displays device scan summary results for every scanned target computer including The computer name IP address The user currently logged on Protection st
126. ore Controlled Connectivity Ports Ports that are not selected will not be controlled and cannot be monitored Global Permissions l or blocked Storage Devices Monitoring Logging and Alerting Options Finalize Finish MOTE IF the Human Interface Devices Category is controlled and access to the category is denied users will be unable to access the usb keyboard amp mouse lt Back Mext gt Finish Cancel Screenshot 15 Creating a new policy Controlled Categories and Ports settings 5 Click Controlled Device Categories GFI EndPointSecurity 5 Managing Protection Policies 46 Controlled Device Categories Controlled Device Categories T Select which device categories should be controlled by this Spe Security policy Device categories list lt Floppy Disks CD DYD co Storage Devices y Printers i POA Devices Network Adapters W a Modems Si maging Devices 3 Human Interface Devices 8 Other Devices H MOTE A non controlled device category 1s fully accessible by all UZETE Screenshot 16 Controlled Device Categories options 6 From the Controlled Device Categories dialog select the required device categories you want to control by this new policy Click OK to close the Controlled device categories dialog and return to the wizard a Important If Human Interface Devices is enabled and access is denied users will not be able to use USB keyboards and mice connected to target c
127. ou can also filter the results of existing event queries by creating more specific sub queries To do this right click on a query and select Create query GFI EndPointSecurity 8 Monitoring Device Usage Activity 112 9 Status Monitoring This chapter provides with information related to monitoring the status of GFI EndPointSecurity as well as the status of GFI EndPointSecurity Agents The status views provide you with graphs and statistical information related to device usage Topics in this chapter 9 1 Risk Assessment view ee cece eee eect eee cece cece eee cece eee ceeeeeeeeeeeeeseeees 113 9 2 Statistics VIEW pas eee se ee eee eee 115 2a SUS VION AA AA 117 9 4 Deployment status view 119 9 1 Risk Assessment view Use the Risk Assessment sub tab to view the status of Risk assessment level on the network computers with GFI EndPointSecurity agents installed on them GFI EndPointSecurityagents deployed on network computers Device usage such as the number and percentage of devices blocked and the number of devices allowed Device threat level of devices on the network GFI EndPointSecurity 9 Status Monitoring 113 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment A Data Leakage Risk Assessment View Report Assess the data leakage risk of your endpoints and network m A Re
128. oups of alert recipients 12 4 1 Creating groups of alert recipients To create a new group of alert recipients 1 Click Configuration tab gt Options sub tab 2 Click Alerting Options gt Groups sub node 3 From the left pane click Create group Creating New Group General a Specify the name and members tor this group Group name Mew group Description Members Remove Screenshot 110 Creating New Group options 4 From the Creating New Group dialog key in the group name and an optional description 5 Click Add to select the user s that belong to this notification group and click OK 12 4 2 Editing group of alert recipients properties To edit group of alert recipient s properties 1 Click Configuration tab 5 Options sub tab 2 Click Alerting Options gt Groups sub node 3 From the right pane right click the group you want to edit and select Properties 4 For more information on how to edit the settings of groups refer to Creating groups of alert recip ients 12 4 3 Deleting groups of alert recipients To delete a group of alert recipients GFI EndPointSecurity 12 Alerting Options 136 1 Click Configuration tab 5 Options sub tab Click Alerting Options gt Groups sub node From the right pane right click the group you want to delete and select Delete A U N Click Yes to confirm deletion of the group GFI EndPointSecurity 12 Alerting Options 137 13 Configuring GFI EndPoin
129. permission s Increase priority Decrease priority Properties 2 Administrators Power User 82 GFILESEC_Bluetooth_FullAccess EJ Bluetooth GFILESEC_CdDwd_FullAccess GFI ESEC CdDvd ReadOnly el CD DVD E 22 GFILESEC_Firewire_FullAccess 2 GFI ESEC Foppy FullAccess 28 GFILESEC_Floppy_ReadOnly 2 GFILESEC_HID_FullAccess 2 GFI ESEC ImagingDevices FullAccess al Imaging Devices 22 GFI ESEC Infrared FullAccess 2 GFI ESEC Intemal FullAccess 2 GFLLESEC Modem FullAccess 2 GFI ESEC NetworkDevices Full Access a Network Adapters 2 GFI_ESEC_OtherDevices_FullAccess E3 Other Devices M2 GFILESEC_PCMCIA_FullAccess EH 82 GFILESEC_PDA_FullAccess 82 GF ESEC Printer FullAccess 1 Computer s E Fi 3 er papra m Pie e i F HS Screenshot 4 Navigating GFI EndPointSecurity user interface Ko 6 lets Discuss this version Specify the users and groups that are allowed to access the devices blocked by this protection policy gt ser Full Access Read Only Access Full Access Full Access Full Access GFI EndPointSecurity Management Console consists of the sections described below Tabs 1 Navigate between the different tabs of GFl EndPointSecurity management console The available tabs are Status Monitor the status of GFI EndPointSecurity and statistical information on device access Activity Monitor devices used on the network Con
130. policy a 17 Table 6 System requirements Hardware 2 21 Table 7 Auto Discovery settings l cic cece cece eee cece cece eee ence cence ceneeeeeeeeeeeeees 26 Table 8 Auto Discovery settings 20 222 l ice cece cece cece cece cece cece cece cece ee ee cee seeeeseeeeeeees 26 Table 9 Database backend options 2 222 2 eee eee ene cee cee cece ec eect cece cece eee e cee seeeeeeeseeeees 27 Table 10 Add Computer s dialog options cle eee cece cece e cece cece eee eeceeeeeeeeeseeseees 38 Table 11 Logon credentials options cece cece eee eee ec ec eee cece eee eee eee cee eeeeeeeeseeeees 43 Table 12 Auto Discovery settings l lec cc eee cece cece ec ee cee eee eee eee e cee eeeeeeeeeeeeeeees 50 Table 13 File options User options a 87 Table 14 Volume encryption Security options 0000000000000 a002 cece cece eee eeceeeeeee 92 Table 15 Volume encryption User options 0000000000000200 cece eee ee cee eeececeeeeeeees 93 Table 16 Volume encryption Traveler options 0000000000000 a 0022an eee eceeceeeeeeees 94 Table 17 Database maintenance options 0000000000000000 cece cece eee eeeeeceeeeeeeeeeees 127 Table 18 Update options a 142 Table 19 Troubleshooting Common issues 2 22 2 a 147 1 Introduction The proliferation of consumer
131. porary Access GFI EndPointSecurity temporary access operations can be divided in three logical stages temporary access Input unlock code unlock code n EREA O request code User requests and activates temporary Gevice access Input temporary specify device access request category and code connectivity port reguest code Administrator grants temporary access akp o code restriction Figure 3 Requesting granting temporary access The table below describes the stages depicted above Table 5 Deployment and Monitoring protection policy Stage 1 User The user executes the GFI EndPointSecurity Temporary Access tool from the computer on which the requests tem device is to be accessed The tool is used to generate a request code which the user communicates porary device with the administrator The user also needs to inform the administrator on the device types or con access nection ports that need to be accessed and for how long will devices ports access be required Stage 2 The administrator uses the Temporary Access feature within the GFI EndPointSecurity management Administrator console to enter the request code specify devices ports and time restrictions An unlock code is gen grants tem erated which the administrator then communicates with the user porary access Stage 3 User Once the user receives the unlock code sent by the administrator this code is entered
132. r password for an encrypted device can be reset in case the user Reset user password forgots the password Screenshot 62 Encryption options General tab 4 Select Enable detection of encrypted devices and click Configure Permissions File type Filter Select the users qroups which will have access to encrypted devices Permissions User Group Name Head LA tcdomainb com John Smith Remove Screenshot 63 Encryption options Permissions tab GFI EndPointSecurity 6 Customizing Protection Policies 89 5 Click Add to specify the users and groups with access to encrypted devices BitLocker Encryption Permissions File tyoe Filter Specify which are the file type restrictions for the protection policy Use the same File type filters used for nor encrpted devices Allow all files but black the usage of the following files types Block all files but allow the usage of the following files types File type Users Groups B4 chm Everyone Remove UE Cancel Apply Screenshot 64 Encryption options File type Filter tab 6 Select the File type Filter tab to configure the file types to restrict 7 Select the restriction to apply to this policy Use the same File type filters used for non encrypted devices Allow all files but block the usage of the following file types Block all files but allow the usage of the following file typ
133. r tab select any of the following event types for which alerts are sent by this pro tection policy Click OK To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 18 Setting a policy as the default policy GFI EndPointSecurity provides you with the facility to define the protection policy that is assigned to newly discovered network computers by the agent deployment feature You can do this on a policy by policy basis By default the agent deployment feature is set to use the General Control protection policy but you can elect any other protection policy as the default policy To elect another protection policy as the default protection policy 1 Click Configuration tab 5 Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 From the left pane click Set as default policy in the Common tasks section GFI EndPointSecurity 6 Customizing Protection Policies 99 Discovering Devices GFI EndPointSecurity enables you to transparently and rapidly query organizational network endpoints locating and reporting all devices that are or have been connected to the scanned target computers The application granularly identifies endpoint devices connected to the target computers both currently and historically and displays the detailed information on screen onc
134. re CD DVD drive connected to the local computer CD DVD disc containing accessible contents preferably a disc the contents of which were acces sible prior to the installation of GFI EndPointSecurity Note Other devices and media may be used such as Floppy Disks or pen drives User accounts For this test ensure the availability of two user accounts on the same computer where GFI EndPointSecurity is installed One with no administrative privileges One with administrative privileges Configuration settings The configuration of the Quick Start wizard allows you to fine tune GFI EndPointSecurity to suit your company s needs which may not match the pre test settings required by this test As a result some GFI EndPointSecurity configuration settings need to be set as indicated below for this test to succeed Ensure the local computer is listed in the Status gt Agents view If the local computer is not listed then manually include it within the computers list For more information refer to the GFI End PointSecurity Administration and Configuration Manual Ensure the shipping default protection policy is deployed on the local computer and is up to date To verify check in the Status 5 Agents view that the protection policy is set to General Control the deployment is Up to date the local computer is Online GFI EndPointSecurity 2 Installing GFI EndPointSecurity 29 iy Note If the deployment of
135. reenshot 98 Deployment History area a 122 Screenshot 99 Digest Report options General tab cece cece eee eee eeceeceeeees 124 Screenshot 100 Digest Report options Details tab 2 22 2 e cece eee eeeeeees 125 Screenshot 101 Maintenance options _ 2 222 22 a 127 Screenshot 102 Change Database Backend 2 22 2 a 128 Screenshot 103 Alerting Options Email tab 2 0 02 22 l 00 cee cece cece cece eceeeeeeeeeees 129 Screenshot 104 Alerting Options Network tab c cece cece cece eee eee cee eeeeeeeeees 130 Screenshot 105 Alerting Options SMS tab cece cece eee cece eee e cee eeeeeeeeseeseeees 131 Screenshot 106 EndPointSecurityAdministrator Properties options General tab 2 22 2 132 Screenshot 107 EndPointSecurityAdministrator Properties options Working Hours tab 133 Screenshot 108 EndPointSecurityAdministrator Properties options Alerts tab 2 2 22 22222222222 134 Screenshot 109 EndPointSecurityAdministrator Properties options Member Of tab 2 2 134 Screenshot 110 Creating New Group options 22 22 22 i eee e eee cece eee cece cee cee ceeeeeeeeeeeees 136 Screenshot 111 Advanced Options Communication tab 22 2 22 2 a 138 Screenshot 112 Advanced Options Deployment tab 2 222 2 o cece eee eee cee cee eee
136. ring access permissions for connectivity ports 63 6 6 Configuring access permissions for specific devices 65 6 7 Viewing access permissions l 22 2 2 cece cece eee eee eee eee ee seceeceeeeeeceeeeceees 68 6 8 Configuring priorities for permissions 2 2222 2 eee eee eee e eee cece eee ee cee ceeceeceeceeeeeeseeseees 70 6 9 Configuring device blacklist cece cece ee eee cece eee eee cee eeeeeeeeeeeeeee 70 6 10 Configuring device whitelist ieee eee eee cece ee eee cece eee ee eeeeeeceeseeseeeee 74 6 11 Configuring temporary access privileges 71 6 12 Configuring file type filters aana aaa oaaao aa nec LaaLa LLALL DALLAL ALLAL LaL nanona 81 6 13 Configuring content awareness 2 aaa aaao eee eee cee cece eee LDAA LLALLA LDL DLLD ALLAL Laa an2 aan an 83 6 14 Configuring file options aoaaa aana ahaaa aa aoaaa ALDADA ALDA L DALLAL LLALL DALLAL aano aa a 86 6 15 Configuring security encryption aoaaa aaa aoaaa aaa LaaLa LLALLA LLALLA LLLA LaaLa oLan an 88 6 16 Configuring event logging 94 6 17 Configuring alerts 96 6 18 Setting a policy as the default policy aaan anaana eee LaaLa oaaao a nananana 99 6 1 Configuring controlled device categories GFI EndPointSecurity enables you to select which supported device categories should be controlled or not by a protection policy You can do this on a policy by policy basis Note Unspecified devic
137. rogress Tupe IG TWWINGPTESTYEAZ Maka Installation Screenshot 95 Current Deployments area This section displays a list of deployments currently taking place The information provided includes the computer name deployment progress and deployment type The deployment is an installation un installation or update 9 4 3 Queued Deployments Queued Deployments mp Computer Type My 10 0 0 7 Installation Fy 10 0 0 8 Installation 110 0 0 5 Installation Screenshot 96 Queued Deployments area This section displays a list of pending deployments The information provided includes the computer name and deployment type 9 4 4 Scheduled Deployments a Scheduled Deployments Computer Deploy on Type PO XPCLIENTO Z 971072009 1 43 10 PM Installation PO PCLIENTOB 3 10 2003 1 43 10 PM Installation Screenshot 97 Scheduled Deployments area This section displays a list of scheduled deployments The information provided includes the computer name scheduled time and deployment type GFI EndPointSecurity 9 Status Monitoring 121 9 4 5 Deployment History Deployment History Date Time Screenshot 98 Deployment History area 4 9 2010 4 52 56 PM 4872010 4 52 33 PM 4 5 2010 4 52 33 PM 4 5 2010 4 52 32 PM 4872010 4 52 32 PM 4 5 2010 4 52 32 PM 4 5 2010 4 52 32 PM 4 0 2010 4 52 23 PM AIRMN 4514 Ph Computer PO APO P04 PO APO POA PO PUA Phd Type Messages Installation The deployment w
138. s 3 The table below describes the available logon credentials options Table 11 Logon credentials options Use the security context under which GFI End Use the same credentials that are running GFI End PointSecurity service is running PointSecurity Use the logon credentials specified below Specify alternate credentials to use when logging in remote target computers Note Specify credentials which have administrative privileges over scan targets 4 Click Apply and OK GFI EndPointSecurity 4 Adding Target Computers 43 w Note By default GFI EndPointSecurity is configured to use the logon credentials of the currently logged on user account running GFI EndPointSecurity GFI EndPointSecurity 4 Adding Target Computers 44 5 Managing Protection Policies This chapter describes how to deploy newly created protection policies and schedule them Prior to deployment you can also modify the settings of your protection policy Topics in this chapter 5 1 Creating a new protection policy l cece cee eee eee eee eee ee cee eeeseeeeeeesees 45 5 2 Assigning a Protection Policy _ 00 2 l lee eee ee eee LLLA LLLA LLLA LLa aL Laana 51 5 3 Verifying protection policy deployment ZA 54 5 1 Creating a new protection policy GFI EndPointSecurity ships with a default protection policy so that the software is operational upon installation You can create further protection policies to suit your compan
139. s connected to the local computer To verify that both the device and media are now accessible to the non administrative user 1 Log in to the local computer as the user with no administrative privileges 2 Insert the same CD DVD disc in the CD DVD drive 3 From Windows Explorer locate the CD DVD drive and confirm that you are now able to view and open the contents stored on the CD DVD disc 2 6 3 Reverting to default settings To revert any GFI EndPointSecurity configuration settings back to the pre test scenario do the following for the user with no administrative privileges 1 Remove the user account from the local computer if it was created only for this test and is no longer required 2 Manually include the user in the power users list if it was set as a power user prior to this test For more information refer to the GFI EndPointSecurity Administration and Configuration Manual 3 Delete the CD DVD device access permissions to the user if it was not assigned CD DVD device access permissions prior to this test For more information refer to the GFI EndPointSecurity Administration and Configuration Manual GFI EndPointSecurity 2 Installing GFI EndPointSecurity 33 3 Achieving Results This chapter provides you with step by step instructions about how to block unauthorized devices from the network and secure endpoints using GFI EndPointSecurity This chapter helps you achieve positive legal compliance results while ens
140. s to select examples Check Names Advanced Cancel Screenshot 29 Add permissions options Users GFI EndPointSecurity 6 Customizing Protection Policies 62 6 Click Add to specify the user s group s that will have access to the device categories specified in this protection policy and click OK Add permissions Users Select the users groups which will have access ko the devices ports Users list User Group Mame Access Read write 2 tedomainb com John Smith lt Back Finish Cancel Screenshot 30 Add permissions options Users 7 Enable or disable Access Read and Write permissions for each user group you specified and click Finish To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 5 Configuring access permissions for connectivity ports GFI EndPointSecurity provides you with the facility to set permissions by connectivity ports to Active Directory AD users and or user groups You can do this on a policy by policy basis When a connectivity port is not set to be controlled by a protection policy the relevant permission is disabled For more information refer to Configuring controlled connectivity ports page 58 To configure connectivity port usage permissions for users within a specific protection policy 1 Click Configuration tab
141. secure confidential details such as social security numbers and primary account numbers as well as information related to companies and enterprises such as names of diseases drugs dangerous chemicals and also trivial language or ethnic racist terms You can configure content checking as a global policy in a similar fashion to the file checking mod ule 6 13 1 Managing content awareness options To configure content awareness options for users in a specific protection policy GFI EndPointSecurity 6 Customizing Protection Policies 83 1 From GFI EndPointSecurity management console click Configuration tab gt Protection Policies 2 From the left pane select the protection policy for which to specify content restrictions 3 From the right pane click Content awareness in the File control section Content Awareness Templates Specify which are the file content restrictions for the protection Allow all files but block the usage of files containing the following Template Edit Remove H NOTE Content blocking applies only on controlled device categories ports devices where the pemissions configuration allows access Screenshot 56 Content awareness options 4 In the Content awareness dialog click Add to select the template to apply to this policy GFI EndPointSecurity 6 Customizing Protection Policies 84 Content Awareness Select the template and specify which are the users to which this
142. stall the able to be installed or uninstalled solution refer to the system error message within the deployment by the service running on the tar parenthesis service get computer error GFI EndPointSecurity 15 Troubleshooting and Support 147 Issue Possible Cause Possible Solution Installation Installation of the GFI End For more details about the cause of the error and a possible failed PointSecurity agent is complete solution refer to the agent installation log files on the target but is not marked as installed computer at windir EndPointSecurity within the registry The version and build numbers of the GFI End PointSecurity agent are not the same as those of the GFI End PointSecurity management con sole Un Uninstallation of GFI End For more details about the cause of the error and a possible solu installation PointSecurity agent is complete tion refer to the agent installation log files on the target com failed but is not marked as uninstalled puter at windir EndPointSecurity within the registry The oper GFI EndPointSecurity has encoun Please use the Troubleshooter Wizard to contact the GFI ation failed tered an unexpected error Technical Support team due to an To open the Troubleshooter Wizard navigate to Start gt Programs unknown gt GFI EndPointSecurity 2013 gt GFI EndPointSecurity 2013 exception Troubleshooter Using GFI EndPointSecurity Troubleshooter To use the troubleshooting tool prov
143. storing device access data and for reporting purposes GFI EndPointSecurity provides the option to either use an available Microsoft SQL Server or else to automatically download and install Microsoft SQL Server 2005 Express on the same computer where GFI EndPointSecurity management console is installed Firewall ports TCP port 1116 default required by GFI EndPointSecurity Agents to notify GFI EndPointSecurity their statuses and to send device access events Without this port open the administrator has to either manually monitor events of each target computer or automatically via GFI EventsManager For more information refer to http www sgfi com eventsmanager 2 2 Upgrading GFI EndPointSecurity Upgrading from GFI EndPointSecurity 3 or later If you have GFI LanGuard Portable Storage Control or an earlier version of GFI EndPointSecurity it is possible to upgrade to the latest version of GFI EndPointSecurity Upgrading from GFI EndPointSecurity 3 or later to GFI EndPointSecurity2013 is straightforward The upgrade process is part of the GFI EndPointSecurity2013 installation process and includes Uninstalling GFI EndPointSecurity 3 or later Importing GFI EndPointSecurity 3 configuration settings When installing GFI EndPointSecurity you are asked to confirm whether you want to import configurations from the previous version Click Yes to import configurations You are then prompted to specify which of the following configurati
144. tSecurity GFI EndPointSecurity enables you to configure the computers you intend to install updates and display user messages on Topics in this chapter 13 1 Configuring advanced options 2 eee eee eee eee eee eee eee cence eee LLALLA LaaLa aLaaa aa 138 13 2 Configuring user messages 140 13 3 Configuring GFI EndPointSecurity updates 141 13 1 Configuring advanced options GFI EndPointSecurity allows you to configure the following Agent advanced options Main communication TCP IP port Deployment options Agents control password To configure advance options 1 Click Configuration tab gt Options sub tab 2 From Configure right click Advanced Options node and select Modify advanced options Advanced Options Communication Deployment KS Spec GFI EndPoint5 ecuriy communication port GF EndPomb5 ecurity uses TCPAP to communicate between the main application and the agents Specify the port number that should be used for this communication Main application port 1116 Cancel Screenshot 111 Advanced Options Communication tab GFI EndPointSecurity 13 Configuring GFI EndPointSecurity 138 3 From the Communication tab key in the required TCP IP port number to be used for com munication between GFI EndPointSecurity and GFI EndPointSecurity Agents By default port 1116 is specified Advanced Options Deployment Agent Security Specify the options t
145. tab gt Protection Policies 2 From Protection Policies 5 Security select the protection policy to configure 3 From Common tasks click Add permission s Add permissions Control entities Specify For which type of item do you want to setup the permissions For Add permissions For Device categories e g Floppy disks Storage devices Connectivity ports e g USB Firewire Specific devices z Back Cancel Screenshot 27 Add permissions options Control entities 4 In the Add permissions dialog select Device categories and click Next GFI EndPointSecurity 6 Customizing Protection Policies 61 Add permissions Control entities Specify For which type of item do you want to setup the permissions For Add permissions For Device categories e g Floppy disks Storage devices Connectivity ports e g USB Firewire Specific devices z Back Cancel Screenshot 28 Add permissions options Device categories 5 Enable or disable the required device categories for which to configure permissions and click Next Add permissions Users Select the users groups which will have access to the devices parts Users list Access Read User Group Name Select Users or Groups Select this object type Users Groups or Built in security principals Object Types From this location tcdomainb com Locations Enter the object name
146. tatus Monitor the progress of current protection agent deployments You can also check which deployments are scheduled and go through the deployment history log Current Deployments z Queued Deployments Computer Progress Type Computer Type my W7_07 754 Installation There are no items to show in this view 5cheduled Deployments Computer Deploy on Type NG GFI CCEICA78C54 12 02 2013 13 19 42 Installation IN LANGUARDWE 12 02 2013 13 19 48 Installation IN W711 12 02 2013 13 19 49 Installation 1 XP01 12 02 2013 13 19 50 Installation 4 a 4 Deployment History Date Time Computer Type Messages a Pe 12 02 2013 12 19 58 CATALYST PC Installation Failed to connect to the remote registry Attempted to perform an unauthorized LI 1202 2113 12 19 54 W710 Installation The deployment was completed 1202 2013 12 19 54 TCOFFICESERVER Installation The deployment was completed Pe 14 02 2013 12 19 50 APO Installation The computer is offline x 12 02 2013 12 19 49 W711 Installation The computer is offline e lmet lle i eA PT Cares 94 Deployment sub tab Use the Deployment sub tab to view Current deployment activity Queued deployments bn ph Scheduled deployments Deployment history To access the Deployment sub tab from GFI EndPointSecurity management console click Status tab gt Deployment GFI EndPointSecurity 9 Status Monitoring 120 9 4 2 Current Deployments FS Current Deployments Computer P
147. that you want to control from the tabs described below Table 12 Auto Discovery settings Tab File Type GFI EndPointSecurity enables you to specify file type restrictions on files such as DOC or XLS files being Filter copied to from allowed devices You can apply these restrictions to Active Directory AD users and or user groups GFI EndPointSecurity 5 Managing Protection Policies 50 Tab Content GFI EndPointSecurity enables you to specify the file content restrictions for a particular protection policy Awareness The content awareness feature looks into files transiting the endpoints via removable devices and it identifies content based on pre configured and custom regular expressions and dictionary files By default the module looks for secure confidential details such as social security numbers and primary account numbers as well as information related to companies and enterprises such as names of diseases drugs dangerous chemicals and also trivial language or ethnic racist terms You can configure content checking as a global policy in a similar fashion to the file checking module File GFI EndPointSecurityenables you to specify the options required to block or allow files based on size GFI Options EndPointSecurity also enables you to ignore large files when checking file type and content and archived files Encryption GFI EndPointSecurity enables you to configure settings that specifically cater for encrypted devices
148. the Database Backend e tcc e cece eeeeeeeeeees 126 11 1 Maintaining the database backend 2 2 een cc eecccceeeeeeeeeeeeeees 126 11 2 Using an existing SQL Server instance 2 222 222 ioc e cece ec eecccccceeeeeeeeeeeee 128 12 Nga AO AA AA 129 12 1 Configuring alerting options cece cece cece cceceececeeecettteeeeeeeeeeees 129 12 2 Configuring the alerts administrator account 2 0200 e cece cece 22222 131 12 3 Configuring alerts recipients cece cece cece eee cc eee ALLAL ALLAL a Laa oaa naa 135 12 3 1 Creating alert recipients Z ccc cece cece cece cece LLALLA Loa aa nannaa 135 12 3 2 Editing alert recipient properties cece cece cee eee cccceecceeeeeeeees 135 12 3 3 Deleting alert recipients cic ccc cece c cece ceeeccecceecsetteeseeeees 135 12 4 Configuring groups of alert recipients e eee ceccccceccceeeeeeeees 135 12 4 1 Creating groups of alert recipients ceeeeccccceeceeees 136 12 4 2 Editing group of alert recipients properties 136 12 4 3 Deleting groups of alert recipients cece ccc eee cece ccceeeeeeeeeeees 136 13 Configuring GFI EndPointSecurity u cece cece cece cece e cc eeeceeececeeeeeees 138 13 1 Configuring advanced options cece ccc cece cece ccececcceeeceeteeeeceeeeeeeeeeees 138 13 2 Configuring user messages cece c cece eee eeeeeceeeececeeeeeetteeeeeeeeeeees
149. tion options General tab l cece cece cece cee eee eee eee eeeeee 91 Encryption options Security tab cece cece cence ee cece cece cee ceeeceeeeees 92 Encryption options Users tab a 93 Encryption options Traveler tab cece cee cee eee cece ec eeeeeeeee 94 Logging Options General tab e ce cee cence cee oora orao 95 Logging Options Filter tab 22 22 loci aa 96 Alerting Options General tab 2 022 cece cece cee cece ececeeeeeseeees 97 Alerting Options Configuring users and groups 22 222 2 e eee eee eee cece ec eeceeeeeees 98 Alerting Options Filter tab cence cee cece ec eee eee cecceeceeseeeeeeeeees 99 Running a device scan Logon credentials tab o elec cece eee eee eee eee 101 Running a device scan Scan device categories tab 0 022 22 c cee eee ee eee ee eee 102 Running a device scan Scan ports tab e eee eee eee 103 COM pure SAGA clan ae caste AA batt dh ta AG ef oe ae PG ed a es 104 DEVIC CSH LG APR 104 Screenshot 79 Devices list area Add device to devices database eee eee eee ee eee 105 Screenshot 80 Statistics sub tab eee cece eee cece eeeeeeeeeeeees 106 Screenshot 81 Protection Status area eee cece ee eee eee eee cece eee cece ee eeeeees 107 Screenshot 82 Device Usage by Device T
150. tion policy User Priority Access Aead Wl ibe Status LA JohnDoe USE Full Access 3 CD DVD 2 Full Access Screenshot 40 Protection Policies sub tab Security area To prioritize permissions assigned to users in a protection policy 1 Click Configuration tab gt Protection Policies 2 From Protection Policies gt Security select the protection policy to configure 3 Click Security sub node 4 From the left pane click Switch to users view in the Common tasks section to switch grouping of permissions by users 5 Right click the Security section and select Expand all 6 Highlight the required device or port 7 From the left pane click Increase priority or Decrease priority in the Actions section To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 9 Configuring device blacklist GFI EndPointSecurity enables you to specify which device s can be made inaccessible to everyone The blacklist is granular so you can even blacklist a specific device with a specific serial number You can do this on a policy by policy basis GFI EndPointSecurity 6 Customizing Protection Policies 70 For an updated list of devices currently connected to the target computers run a device scan and add the discovered devices to the devices database prior to configuring blacklisted devices For more informat
151. to the devices parts Users list User Group Name Access Read Select Users or Groups Select this object type Users Groups or Built in security principals Object Types From this location tcdomainb com Locations Enter the object names to select examples Check Names Advanced Cancel Screenshot 33 Add permissions options Users 8 Enable or disable Access Read permissions for each user group you specified and click Finish To deploy protection policy updates on target computers specified in the policy 1 Click Configuration tab gt Computers 2 From Common tasks click Deploy to all computers 6 6 Configuring access permissions for specific devices GFI EndPointSecurity enables you to set permissions by specific devices to Active Directory AD users and or user groups You can do this on a policy by policy basis For example you can assign read only permissions to a specific company approved USB pen drive Attempts to use any other non approved USB pen drives will be blocked w Note For an updated list of devices currently connected to the target computers run a device scan and add the discovered devices to the devices database prior to configuring access permissions for specific devices For more information refer to Discovering Devices page 100 To configure specific device access permissions for users in a protection policy GFI En
152. to the following sections for information about How GFI EndPointsecurity works Temporary Access 3 2 Automating network protection After configuring GFI EndPointSecurity you can automatically protect new computers that are detected on reachable networks This can be achieved by specifying the domain s and or workgroup s that must be scanned for new computers and upon detection of one GFI EndPointSecurity installs an agent automatically and assigns it the default policy Policies can be changed from Configuration tab gt Computers sub tab GFI EndPointSecurity 3 Achieving Results 35 1 Automatically discover devices on the network GFI EndPointSecurity enables you to automatically add new computers that are connected to the network This allows you to scan a specified domain or workgroup and add the computers that are found in it Refer to the following sections for information about Running a device scan Analyzing device scan results Adding discovered devices to the database 2 Deploy agents on new discovered devices GFI EndPointSecurity can be configured to automatically install agents on new computers that are added to the database An agent must be installed on each computer that requires protection Refer to the following sections for information about Adding computers automaticall Configuring advanced options Configuring log on credentials 3 Optional Configure the protection policy that
153. ts have been deployed the administrator can monitor all device access attempts via the Man Monitor agement Console receive alerts and generate reports through GFI EndPointSecurity GFI ReportPack device access 1 6 How GFI EndPointSecurity works Device Access GFI EndPointSecurity device access operations can be divided in three logical stages CN Device usage blocked poe amp 5 a Error attaches message davice Yes Device blacklisted Device pa whitelisted memory devices Devices Port permission a Printers Device usage File type allowed allowed Figure 2 Device access The table below describes the stages depicted above GFI EndPointSecurity 1 Introduction 16 Table 4 Deployment and Monitoring protection policy Stage 1 Device The user attaches a device to a target computer protected by GFI EndPointSecurity attached to com puter Stage 2 Pro The GFI EndPointSecurity agent installed on the target computer detects the attached device and tection policy goes through the protection policy rules applicable to the computer user This operation deter enforcement mines whether the device is allowed or blocked from being accessed Stage 3 Device The user either receives an error message indicating that device usage has been blocked or else is usage allowed to access the device allowed blocked 1 7 How GFI EndPointSecurityworks Tem
154. ts properties Deleting alert recipients 12 3 1 Creating alert recipients To create a new alert recipient 1 Click Configuration tab gt Options sub tab 2 From Configure click Alerting Options gt Users sub node 3 From the left pane click the Create user 4 For more information about configuring the settings to create a new recipient refer to Con figuring the alerts administrator account 12 3 2 Editing alert recipient properties To edit alert recipient s properties 1 Click Configuration tab gt Options sub tab 2 From Configure click Alerting Options gt Users sub node 3 From the right pane right click the user you want to edit and select Properties 4 For more information about configuring the settings to edit a recipient refer to Configuring the alerts administrator account 12 3 3 Deleting alert recipients To delete an alert recipient 1 Click Configuration tab gt Options sub tab 2 From Configure click Alerting Options gt Users sub node 3 From the right pane right click the user you want to edit and select Delete 4 Click Yes to confirm deletion 12 4 Configuring groups of alert recipients GFI EndPointSecurity enables you to organize your alert recipients into groups in order to facilitate the management of alert recipients Creating groups of alert recipients Editing group of alert recipients properties GFI EndPointSecurity 12 Alerting Options 135 Deleting gr
155. type Filter dialog select the restriction to apply to this policy Allow all files but block the usage of the following file types Block all files but allow the usage of the following file types GFI EndPointSecurity 6 Customizing Protection Policies 82 File type Filter Select the file type and specify which are the users to which this filter applies File type Why Users Groups User Group name s tedomainb corJohn 5 mith UE Cancel Screenshot 55 File type Filter and user options 5 Click Add and select or key in the file type from the File type drop down list 6 Click Add to specify the user s group s who are allowed blocked from accessing the specified file type and click OK Repeat the preceding two sub steps for each file type to restrict 7 Click OK twice To deploy protection policy updates on target computers specified in the policy 1 From GFI EndPointSecurity management console click Configuration tab gt Computers sub tab 2 From the left pane click Deploy to all computers in the Common tasks section 6 13 Configuring content awareness GFI EndPointSecurity enables you to specify the file content restrictions for a particular protection policy The content awareness feature looks into files transiting the endpoints via removable devices and it identifies content based on pre configured and custom regular expressions and dictionary files By default the module looks for
156. uired from the target computer Oper parenthesis information ating System version and GFI End error PointSecurity agent version Failed to GFI EndPointSecurity was not able For more details about the cause of the error and a possible build the to add the necessary configuration solution refer to the system error message within the required files within the deployment file parenthesis installation msi installation file of the GFI End files error PointSecurity agent This error occurs before the deployment file is copied onto the target computer Failed to GFI EndPointSecurity was not able For more details about the cause of the error and a possible solu copy the to copy the deployment file msi tion refer to the system error message within the parenthesis files to the installation file onto the target Salud on Cannone For further information about network connectivity and security puter A possible cause can be that the permissions refer to error administrative share C that GFI http kb gfi com articles SkyNet_ EndPointSecurity is using to Article KBID003754 retURL 2Fapex 2FSupportHome amp popup true connect to the target computer is disabled Timeout Agent deployment onto the target Try to deploy the GFI EndPointSecurity agent again computer is either taking too long to complete or else is blocked Failed to GFI EndPointSecurity agent was not For more details about the cause of the error and a possible in
157. ullAccess E3 Other Devices 82 GFILESEC_PCMCIA_FullAccess 22 GFILESEC_PDA_FullAccess 82 GF ESEC Printer FullAccess Fi 3 er papra m Pie e i F HS Screenshot 1 Navigating GFI EndPointSecurity user interface Ko 6 lets Discuss this version Full Access Read Only Access Full Access Full Access Full Access GFI EndPointSecurity Management Console consists of the sections described below O OO Tabs Navigate between the different tabs of GFI EndPointSecurity management console The available tabs are Status Monitor the status of GFI EndPointSecurity and statistical information on device access Activity Monitor devices used on the network Configuration Access and configure the default protection policies Scanning Scan target computers and discover connected devices Reporting Download or launch GFI EndPointSecurity GFI ReportPack to generate your reports General Check for GFI EndPointSecurity updates as well as version and licensing detail Sub tabs Access more settings and or information about the selected tab from section 1 Left Pane Access configuration options provided in GFI EndPointSecurity The configuration options are grouped into three sections including Common Tasks Actions and Help Available only for some tabs Right Pane Configure the configuration options selected from the left pane Available only for some tabs GFI EndPointSecurity 1
158. ure the following options Table 15 Volume encryption User options Enforce all users in the fol Select the users that will have volume encryption enforced on their portable devices lowing list Use the Add and Remove buttons to manage selected users Enforce all users except Select the users that will be exempt from volume encryption Use the Add and those in the following list Remove buttons to manage selected users GFI EndPointSecurity 6 Customizing Protection Policies 93 Volume Encryption Users Traveler Allow usage of Traveler application on encrypted devices to On make the encrypted content available on machines without GFI EndPoint5 ecurty agent installed Copy Traveler to device for the following users O Copy Traveler to device for everyone except the following users Leer tedomainb com ohrdoe tedomainb com johnamith tedomainb conmjose Screenshot 68 Encryption options Traveler tab Note Traveler is an application that can be automatically installed on storage devices using GFI EndPointSecurity This application enables you to un encrypt data encrypted by GFI EndPointSecurity on storage devices from computers that are not running a GFI EndPointSecurity Agent 7 Select Traveler tab and configure the following options Table 16 Volume encryption Traveler options Copy Traveler to device for the fol Select the users that will have Traveler installed on their machines Use the lowing
159. uring that your network is protected using the most up to date vulnerability detection methods and techniques Topics in this chapter 3 1 Preventing data leaks and malware infections 00 o occ e cece cece cece ec ceecceeceecceeceeeceeees 34 3 2 Automating network protection eee cece eee e cece cee e cece cece cece eeeeceeeceeseeeseersceseeees 35 3 3 Monitoring network activity from a central location 3 1 Preventing data leaks and malware infections Most data theft happens internally by employees manually transferring data onto removable storage devices Using unauthorized removable storage devices can expose the network to a higher risk of malware infections GFI EndPointSecurity enables you to comprehensively control access to portable storage devices with minimal administrative effort Temporary access can be granted to end users for a device on a particular computer for a particular timeframe 1 Deploy agents on computers that require protection GFI EndPointSecurity Agents are used to secure computers on the network Agents can be deployed manually when installing agents on specific computers or automatically when installing agents on every new endpoint discovered on the network Refer to the following sections for information about Adding computers manuall Adding computers automaticall Configuring log on credentials 2 Create a protection policy to block removable storage Agents secure
160. urity can also allow or block Active Directory AD users and or user groups from accessing specific file types stored on devices that are encrypted with BitLocker To Go These restrictions are applied when the encrypted devices are connected to the target computers covered by the protection policy For more information refer to Configuring security encryption page 88 15 Click OK to close the Encryption dialog and return to the wizard 16 Click Next Pa Create Protection Policy Create Protection Policy This wizard will guide you through the most important steps to create a new protection policy maka A File Type Filter Name F Control access to files by file type Identify the file type from the content PAGG for most common file types Controlled Categories and Content Awareness Ports Control access to files with specific content Global Permissions j Storage Devices Note By setting a file type and or content filter devices from the Storage Device category will be accessible for everyone and the control will be Monitoring done based on the file type and or the content filter Logging and Alerting Options Finaliz File Options j Set general options to be used when checking accessed files Finish Encryption Storage Devices can be encrypted to protect contained data A protection policy can specify how an encrypted device will be controlled 17 From Storage Devices select the required options
161. users Add and Remove buttons to manage selected users Copy Traveler to device for everyone Select the users that will be exempt from having Traveler installed Use the except the following users Add and Remove buttons to manage selected users 8 Click Apply and OK 6 16 Configuring event logging GFI EndPointSecurity agents record events related to attempts made to access devices and connection ports on target computers The agents also record events related to service operations You can specify where these events are to be stored and also what types of events are to be logged You can do this on a policy by policy basis To specify logging options for users in a protection policy GFI EndPointSecurity 6 Customizing Protection Policies 94 1 Click Configuration tab gt Protection Policies 2 From Protection Policies 5 Security select the protection policy to configure 3 From the right pane click Set Logging Options in the Logging and Alerting section Logging Options Filter Specify where the security event logs generated by GFI EndPoint5 ecurity agents should be logged The computers contained in this policy will Log events to the Windows Security Event Log The events can be viewed using the Windows Event Viewer or collected to a central location using GFI Eventsh anager Log events to the central database To configure the central database select Configure phons4B ackend Database from the top menu IF the
162. vity Port area This section enumerates device connection attempts by connectivity port that were either allowed or blocked The information provided can be filtered for a specific computer or for all network computers 9 3 Status view Use the Status sub tab to determine the status of all deployment operations performed on your network targets For each target computer information displayed shows GFI EndPointSecurity 9 Status Monitoring 117 File Configure Help Discuss this version Status Activity Configuration Scanning Reporting General Risk Assessment Statistics Status Deployment A Status Monitor the status of the agent deployed on the computers protected by the GFI EndPoint5ecurity protection policies Service Status 1 Database Backend Status Alerting Status FW The GFI EndPoint Securty service is s Database server is running b Alerting server is configured User name elohn Smith Server WIN OE SQLEXPRESS Server WIN7 OS SQLEXPRESS Start time 4 12 2012 18 53 58 Database EndPointSecunty2012R2 Configure database Online Status Agents Status Computer Protection Policy Up to date Status 15 ARIELLETESTO3 General Control No Pending agent deployment N A I BAJADA General Control Na Pending agent deployment N A IR CATALYST PC General Control No Pending agent deployment N A I GFI CCEICA78C54 General Control No Pending agent deployment N A iy GFI RESDUAL General Control No Pending
163. y s device access security policies To create a new protection policy 1 Click Configuration tab gt Protection Policies 2 From Common tasks click Create new protection policy Create Protection Policy Create Protection Policy This wizard will quide you through the most important steps to create a new protection policy General Enter the name of the new protection policy Name 4 f Policy Protection Controlled Categories and Forts Global Permissions You can either create a Blank Policy or copy the settings from an existing Storage Devices protection policy Monitoring Blank protection policy Logging and Alerting Options 5 gt Copy the settings of an existing protection policy Finalize Finish pa General Control Ca Ca Screenshot 14 Creating a new policy General settings GFI EndPointSecurity 5 Managing Protection Policies 45 3 Key in a unique name for the new protection policy 4 Select whether you want to create a blank policy or copy the settings from an existing policy Click Next In the settings area select the required settings inheritance option from Create Protection Policy Create Protection Policy This wizard will guide you through the most important steps to create a new protection policy A General Controlled Device Categories Mame os Device Categories that are not selected will not be controlled and cannot A CHA be monitored or blocked Controlled Categories and ne Sh
164. ype area 107 Screenshot 83 Device Usage by Connectivity Port area c cece eee eee eee cee eeeeeeeeeees 108 Screenshot 84 Activity Log sub tab l licen eee eee ee eee cece cece eeecceeeeeseeseeees 109 Screenshot 85 Activity Log sub tab Advanced filtering 110 Screenshot 86 Logs Browser sub tab oie ccc ce eee cee cece eee cece eee cence eeeceeeeseesenees 111 Screenshot 87 Query Builder options _ 22 22 22 lice oaaao aaah aaao LaaLa LLALLA eens eee ceeseeeeeeeeeees 112 Screenshot 88 Risk Assessment sub tab 0 2 cece cece eee eee eee ete eee eee ee ee eeeeeee 114 Screenshot 89 Statistics sub tab ccc cece cee eee cece ee eee ee eee eeeeeeeeeeeees 116 screenshot 90 Protection Status areas nana adda badi wa k ARALAN ag SeoiebstSceke iwhedecel i EN 116 Screenshot 91 Device Usage by Device Type area eee cee eee cece eee eeceeeeeeesenees 117 Screenshot 92 Device Usage by Connectivity Port area eee eee e cece eeeseeees 117 DOhESMSMOL 955 Stars SUID CAND AA 118 Screenshot 94 Deployment sub tab a 120 Screenshot 95 Current Deployments area o eee eee eee cece cece eee cece cece eee eeeeeceeceeeeeeeees 121 Screenshot 96 Queued Deployments area cece ee ee eee eee LaaLa LLa LLALL aa Laa Lannan 121 Screenshot 97 Scheduled Deployments area cee eee eee ence eee ee eeeceeeeeeeseeees 121 Sc
Download Pdf Manuals
Related Search