Presentation is loading. Please wait.

Presentation is loading. Please wait.

VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips.

Published byAmberly Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips."— Presentation transcript:

1 VIRUS AND SPY PROTECTION ADMINISTRATION

2 Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips Updating databases Handling infections

3 ADMINISTRATION INTERFACE

4 Page 4 Remote Administration The Policy Manager Console offers two different graphical interfaces Anti-Virus Mode Optimized for administering F-Secure Anti-Virus Client Security Advanced Mode Used for deeper product configurations Products other than AVCS have to be administered with this mode Some settings are only available in this mode!

5 Page 5 Anti-Virus Mode Message view Informative messages e.g. virus definitions update info Management tabs Host configuration and monitoring Operations management Policy domain tab Displays policy domain structure

6 Page 6 Advanced Mode Message view Informative messages e.g. virus definitions update info Policy properties pane Host configuration and monitoring Operations management Product help Field focus help, if policy properties tab selected Product view pane Provides most common settings Functions differ for selected properties tabs (e.g. policy tab)

7 Page 7 Anti-Virus Mode Summary Tab Policy Manager section Policy distribution status Virus and spyware definitions status Autoregistration request Internet Shield section Active security level (if host selected) Latest Attack (host or whole domain) Virus protection section Real-time protection status Infections (host or whole domain) Virus definitions status (host or domain) Domain/Host section Displays most important information More detailed for hosts (e.g. UID) Host alert summary

8 Page 8 Anti-Virus Mode Outbreak Tab Security News Radar Security News from F-Secure Shows what definitions needes to protect Shows if hosts are updated Security News Details Shows the selected news item in detail Shows which hosts are connected

9 Page 9 Anti-Virus Mode Virus & Spy Protection Settings Automatic Updates Enable or disable automatic updates and update methods Specify the time interval for polling updates from PMS Real-Time Scanning Configure what is scanned Settings for file scanning, spyware and boot sector scanning Manual Scanning Configure what is scanned Settings for file scanning, spyware and boot sector scanning Scheduled scanning Spyware Control Configure real-time and manual spyware handling (redundancy) Manage allowed and reported spyware from hosts

10 Page 10 Anti-Virus Mode Virus & Spy Protection Settings E-mail Scanning Configure incoming and outgoing email settings Configure file handling settings Web Traffic Scanning Enable web traffic scanning Configure trusted sites and action on infected files Alert Sending Policy Manager settings Configure where alerts are forwarded Centralized Management Policy Manager setting Configure PMS connection settings

11 LOCAL USER INTERFACE

12 Page 12 Local User Interface: Basic Select main interfaces Home Virus & Spy Protection Internet Shield Automatic Updates Central Management Settings Basic settings Status notifications Advanced Open advanced settings Help

13 Page 13 Local User Interface: Advanced Virus & Spy Protection Real-Time Scanning E-mail Scanning Scheduled Scanning Manual Scanning Browser Control System Control Automatic updates Policy Manager Proxy Connection HTTP Proxy Restriction Setting, editing frame Help

14 ADMINISTRATING SCANNING REMOTELY

15 Page 15 Adminstering Virus and Spy Protection Finding the right level of security for a corporation is a challenge In practice the administration is a balancing act between security and usability, as the tighter the security, the more the users and admin need to actively know about all things security related F-Secure Anti-Virus Client Security and Policy Manager are tools to implement the decision the administrator makes

16 Page 16 Real-Time Scanning Should all files be scanned for viruses? Extension list includes most commonly infected file types Does something need to be specifically excluded ? How transparent should the operation be to the end-user? Different actions on detection Should some users have the ability to change their settings? Users rarely raise the level of security, so this is in effect giving the user the possibility to lower the level

17 Page 17 Manual Scanning Should manual scans be performed inside archives? Archives cannot be disinfected! If the scanning operation is configured transparent, the secondary action will be applied automatically (remove or delete archive) Scanning archives has a performance impact! It is very important to run regular manual virus and spyware scans on all hosts! For example through PMC operations Scheduled scans include no spyware scanning!

18 Page 18 HTTP Traffic Scanning Should HTTP traffic scanning be used? Certain folders cannot be scanned by the real-time scanner (e.g. Java cache or IE cache) HTTP scanning will inspect the data stream and remove viruses on the fly (no spyware detection!) Enabling this feature is recommended!

19 Page 19 Spyware Scanning Should some “Spyware” be tolerated? Possibility to exclude specific applications from spyware scanning Carefully check the spyware category, before excluding it from scanning (e.g. never exclude “Malware” categories) Excluded spyware rules can be deleted after creation

20 Page 20 Email Scanning Are the setting for incoming and outgoing email scanning the same? If there is an infection, we don’t want to risk to infect other internal hosts or outsiders

21 Page 21 Monitoring Hosts: Status The Administrator has a number of different ways to follow what is happening on the hosts The Status leaf on Policy Manager Console shows the latest infection date, infection name, infected object, action taken for each host as well as the number of all time infections

22 Page 22 Monitoring Hosts: Alerts Alerts leaf in Policy Manager Console displays security alerts from selected host(s) and domain(s) Can also be used to manage alert reports

23 Page 23 Monitoring Hosts: Reports Reports tab displays virus scanning reports from a selected host or sub-domain(s) Displays the severity, date/time, description, host/user and the related product More detailed scanning information can be revealed from the report details

24 Page 24 Taking Action: Operations Remotely Scan for Viruses and Spyware With this operation you can order a selected host sub-domain(s) to be scanned for viruses and spyware Local scans will be launched once the policy has been fetched! Remotly trigger virus definitions updates Update only happens once the policy has been fetched Uses the configured update channels

25 TIPS

26 Page 26 Tips: Enabling HTTP Traffic Scanning HTTP traffic scanning is disabled by default Enabling is easy

27 Page 27 Tips: Browser Control and System Control Browser Control and System Control are also disabled by default Enabling is only possible from Advanced Mode

28 Page 28 Effects on the Host When Browser control or System control blocks a hijack attempt or HTTP traffic scanner picks up a virus, a flyer is shown to the user More info available if user clicks link on flyer Notification flyers can be disabled

29 Page 29 Tips: Prevent Users from Changing Settings If you want to restrict user settings you can either Lock the specific settings, or Lock all settings with “Do not allow userd to change any settings…” in Settings/Centralized Management

30 Page 30 Tips: Excluding Outlooks's.pst File If you have real-time scanning set to scan all files, you might want to exclude large files (e.g. Outlook.pst files) In Settings/Real-Time Scanning mark the “Enable excluded extensions” checkbox and add the extension PST in the “Excluded extensions” text box

31 Page 31 Tips: Disabling All AVCS Alert Pop-Ups It is possible to configure AVCS in such way that the end-user never gets any security alert pop-ups Clear all the boxes on the “Local User Interface” column in Settings/Alert Sending

32 Page 32 Tips: Custom Messages It is possible to show the end-user a custom message on virus infections (by default disabled) The message is configured in the Advanced Mode

33 Page 33 Tips: Testing Anti-Virus with eicar.com To test whether F-Secure Anti-Virus Client Security operates correctly, download a special test file that is detected by F-Secure Anti-Virus Client Security as though it were a real virus http://www.europe.f-secure.com/virus-info/eicar_test_file.shtml

34 UPDATING DATABASES

35 Page 35 Database Updates Numerous methods to update virus definitions updates Update changes in Anti-Virus Client Security 6! FSMA no longer responsible for virus updates Components in the updating infrastructure F-Secure Root Update Server F-Secure Automatic Update Agent If on PMS, connects to the Root Server on hourly bases and downloads the update differentially If on host, connects to the PMS regularly – and if that fails, connects direcly to F- Secure Root Update Server F-Secure Automatic Update Server

36 Page 36 PMS Local Host Automated Database Update Centrally Managed Host 1.Databases are updated on F-Secure Update Server 2.Automatic Update Agent compares databases on PMS and Root Server, notices change, downloads new databases (using UDP as primary protocol!) 3.Host AUA compares local databases to those on PMS, notices change, download databases (always using HTTP!) F-Secure Root Server Centrally managed AVCS Automatic Update Agent Policy Manager Server Automatic Update Agent Old Databases New Databases

37 Page 37 Automated Database Update Stand-alone Host F-Secure Automatic Update Agent is a mandatory component on each host (only in AVCS 6.x)! In stand-alone mode, AUA communicates directly with the F-Secure Root Update Server to download the new virus definitions differentially Uses UDP as a primary protocol, with automatic fail-over to HTTP Host F-Secure Root Update Server Stand-alone AVCS Automatic Update Agent Old Databases New Databases

38 Page 38 Manually Database Update Stand-alone Host Click on F-Secure Anti Virus Client Security/Automatic Updates/Check Now Host Stand-alone AVCS Automatic Update Agent Old Databases New Databases F-Secure Root Update Server New Databases

39 Page 39 Policy Manager Proxy (PMP) Alternative source of virus definition updates for networks behind slow connections Resides in the same remote network as the hosts that use it as a database distribution point Contacts PMS and F-Secure's distribution server when needed FSAVCS hosts fetch virus definition updates from PMP and policies from PMS Since the heavy database update traffic is redirected through the PMP in the same local network, the network connection between managed workstations and PMS has a substantially lighter load

40 HANDLING INFECTIONS

41 Page 41 Virus Outbreaks Monitor the global situation (on a daily basis) http://www.f-secure.com/weblog/ http://www.f-secure.com/virus-info/virus-news/ Update your knowledge on the latest threat, read virus descriptions from F-Secure website Type of malware Detection Behavior Removal

42 Page 42 Standard Disinfection With Virus & Spy Protection enabled, the host is protected; when files are accessed they are automatically scanned for viruses and spyware If a virus or spyware is found during the real-time scan it is also removed automatically If admin has chosen not to remove the infection automatically, then Virus & Spy Protection displays a virus or spyware detection dialog where the user can select what to do

43 Page 43 Cleaning Infected Computers Check the system before scanning Is product working properly? Does the computer have the latest virus signature database? Are both the real-time and manual scanning actions on infected file set to “Ask what to do” Perform manual system scan Do a target scan to save time if the customer knows the location of the infected file Scans both for viruses and spyware

44 Page 44 Why Are Some Files Skipped in Scans? It is normal that certain files are skipped during scannning Files are locked by the system Not possible to open them for scanning Scan time limit exceeded

45 Page 45 Removing Viruses and Spyware Manually Make sure you have the latest virus and spyware definitions updates Check the F-Secure Computer Virus Info Center for information on the virus Removal tools, instructions, tips, etc. http://www.f-secure.com/v-descs/ If a suspected new virus, send sample to F-Secure Anti-Virus Research

46 Page 46 Summary Main topics Administration interface Local user interface Administrating Scanning remotely Updating databases Handling infections

Download ppt "VIRUS AND SPY PROTECTION ADMINISTRATION. Page 2 Agenda Main topics Administration interface Local user interface Administrating scanning remotely Tips."

Similar presentations

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
VIRUS AND SPY PROTECTION ARCHITECTURE. Page 2 Agenda In this module Processes and services Product components Message flow during various scan operations.

VIRUS AND SPY PROTECTION ARCHITECTURE. Page 2 Agenda In this module Processes and services Product components Message flow during various scan operations.
For Removal Info: visit

For Removal Info: visit
ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Main topics Advanced Policy Manager Server configuration Resolving Apache Web Server security.

ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Main topics Advanced Policy Manager Server configuration Resolving Apache Web Server security.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
TROUBLESHOOTING. Page 2 Agenda This section covers Most common cases Disinfection related problems Installation problems General tips Specific cases.

TROUBLESHOOTING. Page 2 Agenda This section covers Most common cases Disinfection related problems Installation problems General tips Specific cases.
Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.

Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ADMINISTERING F-SECURE POLICY MANAGER

ADMINISTERING F-SECURE POLICY MANAGER
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Similar presentations

Ads by Google