Sophos Enterprise Console Help

Total Page:16

File Type:pdf, Size:1020Kb

Sophos Enterprise Console Help Sophos Enterprise Console help Product version: 5.5 Contents 1 About Sophos Enterprise Console ..........................................................................................6 2 Guide to the Enterprise Console interface...............................................................................7 2.1 User interface layout...................................................................................................7 2.2 Toolbar buttons...........................................................................................................7 2.3 Dashboard panels.......................................................................................................9 2.4 Security status icons.................................................................................................10 2.5 Navigating the Endpoints view..................................................................................11 2.6 Computer list icons...................................................................................................12 2.7 Filter computers by the name of a detected item......................................................13 2.8 Find a computer in Enterprise Console....................................................................14 2.9 Navigating the Update managers view.....................................................................15 3 Getting started with Sophos Enterprise Console...................................................................16 4 Setting up Enterprise Console................................................................................................18 4.1 Managing roles and sub-estates...............................................................................18 4.2 Creating and using groups........................................................................................29 4.3 Creating and using policies.......................................................................................32 4.4 Discovering computers on the network.....................................................................38 4.5 Synchronizing with Active Directory..........................................................................41 4.6 Configure the Sophos Mobile Control URL...............................................................47 5 Protecting computers..............................................................................................................48 5.1 Prepare for installation of security software..............................................................48 5.2 Remove third-party security software.......................................................................48 5.3 Protect computers automatically...............................................................................49 5.4 Locate installers for protecting computers manually ................................................50 5.5 Checking whether your network is protected............................................................51 5.6 Dealing with alerts and errors...................................................................................53 5.7 Scanning and cleaning up computers now...............................................................57 6 Updating computers...............................................................................................................59 6.1 Configuring the update manager..............................................................................59 6.2 Configuring software subscriptions...........................................................................67 6.3 Configuring the updating policy................................................................................71 6.4 Monitoring the update manager................................................................................78 2 6.5 Update out-of-date computers..................................................................................79 7 Configuring policies................................................................................................................81 7.1 Anti-virus and HIPS policy........................................................................................81 7.2 Firewall policy.........................................................................................................113 7.3 Application control policy........................................................................................141 7.4 Data control policy..................................................................................................144 7.5 Device control policy...............................................................................................159 7.6 Tamper protection policy.........................................................................................166 7.7 Patch policy............................................................................................................168 7.8 Web control policy...................................................................................................169 7.9 Exploit prevention policy.........................................................................................177 8 Setting up alerts and messages...........................................................................................180 8.1 Set up software subscription alerts.........................................................................180 8.2 Set up anti-virus and HIPS email alerts..................................................................181 8.3 Set up anti-virus and HIPS SNMP messaging.......................................................182 8.4 Configure anti-virus and HIPS desktop messaging................................................183 8.5 Set up application control alerts and messages.....................................................183 8.6 Set up data control alerts and messages...............................................................184 8.7 Set up device control alerts and messages............................................................185 8.8 Set up network status email alerts..........................................................................186 8.9 Set up Active Directory synchronization email alerts..............................................187 8.10 Configure Windows event logging.........................................................................187 8.11 Turn sending feedback to Sophos on or off..........................................................188 9 Viewing events......................................................................................................................189 9.1 View application control events...............................................................................189 9.2 View data control events.........................................................................................189 9.3 View device control events......................................................................................190 9.4 View firewall events.................................................................................................191 9.5 View tamper protection events................................................................................191 9.6 Patch assessment events.......................................................................................192 9.7 View web events.....................................................................................................195 9.8 View exploit prevention events................................................................................197 9.9 Export the list of events to a file..............................................................................198 10 Generating reports.............................................................................................................199 10.1 Create a new report..............................................................................................199 10.2 Configure the Alert and event history report.........................................................200 3 10.3 Configure the Alert summary report.....................................................................200 10.4 Configure the Alerts and events by item name report..........................................201 10.5 Configure the Alerts and events by time report....................................................202 10.6 Configure the Alerts and events per location report.............................................203 10.7 Configure the Endpoint policy non-compliance report..........................................204 10.8 Configure the Events by user report.....................................................................204 10.9 Configure the Managed endpoint protection report..............................................205 10.10 Updating hierarchy report...................................................................................206 10.11 Schedule a report...............................................................................................206 10.12 Run a report........................................................................................................206 10.13 View a report as a table or chart.........................................................................206 10.14 Print a report.......................................................................................................207 10.15 Export a report to a file.......................................................................................207
Recommended publications
  • Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G
    IJRECE VOL. 7 ISSUE 2 (APRIL- JUNE 2019) ISSN: 2393-9028 (PRINT) | ISSN: 2348-2281 (ONLINE) Trojan Vs Rat Vs Rootkit Mayuri More1, Rajeshwari Gundla2, Siddharth Nanda3 1U.G. Student, 2 Senior Faculty, 3Senior Faculty SOE, ADYPU, Lohegaon, Pune, Maharashtra, India1 IT, iNurture, Bengaluru, India2,3 Abstract - Malicious Software is Malware is a dangerous of RATs completely and prevent confidential data being software which harms computer systems. With the increase leaked. So Dan Jiang and Kazumasa Omote researchers in technology in today’s days, malwares are also increasing. have proposed an approach to detect RAT in the early stage This paper is based on Malware. We have discussed [10]. TROJAN, RAT, ROOTKIT in detail. Further, we have discussed the adverse effects of malware on the system as III. CLASSIFICATION well as society. Then we have listed some trusted tools to Rootkit vs Trojan vs Rat detect and remove malware. Rootkit - A rootkit is a malicious software that permits a legitimate user to have confidential access to a system and Keywords - Malware, Trojan, RAT, Rootkit, System, privileged areas of its software. A rootkit possibly contains Computer, Anti-malware a large number of malicious means for example banking credential stealers, keyloggers, antivirus disablers, password I. INTRODUCTION stealers and bots for DDoS attacks. This software stays Nowadays, this world is full of technology, but with the hidden in the computer and allocates the remote access of advantages of technology comes its disadvantages like the computer to the attacker[2]. hacking, corrupting the systems, stealing of data etc. These Types of Rootkit: malpractices are possible because of malware and viruses 1.
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Nation-A Cyber Security Strategy Developed by Joshua Fatehnia 4Th May 2018 Version 1 Ref 113524
    q Nation-A Cyber Security Strategy Developed by Joshua Fatehnia 4th May 2018 Version 1 ref 113524 Contents 1. Introduction ............................................................................................................................ 2 1.1. Cyber Warfare ................................................................................................................ 3 2. Vision ....................................................................................................................................... 5 2.1. Threats ............................................................................................................................ 5 2.2. Vulnerabilities ................................................................................................................ 7 3. Response ............................................................................................................................... 13 3.1. Cooperative Involvement ........................................................................................... 13 3.2. Prosecution and Forensic Computing ....................................................................... 13 3.3. Training and Education ............................................................................................... 15 3.4. Government Assurance ............................................................................................... 15 3.5. Redundancy Options ..................................................................................................
    [Show full text]
  • Sophos Enterprise Console Help Product Version: 5.5 Contents About Sophos Enterprise Console
    Sophos Enterprise Console Help product version: 5.5 Contents About Sophos Enterprise Console...........................................................................................................1 Guide to the Enterprise Console interface.............................................................................................. 2 User interface layout..................................................................................................................... 2 Toolbar buttons..............................................................................................................................2 Dashboard panels......................................................................................................................... 4 Security status icons..................................................................................................................... 5 Navigating the Endpoints view......................................................................................................6 Computer list icons........................................................................................................................7 Filter computers by the name of a detected item.........................................................................8 Find a computer in Enterprise Console........................................................................................ 9 Navigating the Update managers view......................................................................................... 9 Getting
    [Show full text]
  • Remove Tags.Bkrtx.Com Pop-Up Ads from Internet Explorer, Firefox Or Google Chrome
    JUNE 22, 2014 STEP 1: AdwCleaner STEP 2: Junkware Removal Tool STEP 3: Malwarebytes Anti-Malware Free STEP 4: HitmanPro STEP 5: (OPTIONAL) Remove the browser extension redirect from Internet Explorer, Firefox and Google Chrome STEP 1: Remove redirect from Internet Explorer, Firefox and Google Chrome with AdwCleaner The AdwCleaner utility will scan your computer and web browser for the tags.bkrtx.com malicious files, browser extensions and registry keys, that may have been installed on your computer without your knowledge. 1. You can download AdwCleaner utility from the below link. ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner to your computer) 2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon. If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run. 3. When the AdwCleaner program will open, click on the Scan button as shown below. AdwCleaner will now start to search for the tags.bkrtx.com malicious files that may be installed on your computer. 4. To remove the tags.bkrtx.com malicious files that were detected in the previous step, please click on the Clean button. 5. AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button.
    [Show full text]
  • Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome
    Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome Browser toolbars have been around for years, however, in the last couple of months they became a huge mess. Unfortunately, lots of free software comes with more or less unwanted add-ons or browser toolbars. These are quite annoying because they may: Change your homepage and your search engine without your permission or awareness Track your browsing activities and searches Display annoying ads and manipulate search results Take up a lot of (vertical) space inside the browser Slow down your browser and degrade your browsing experience Fight against each other and make normal add-on handling difficult or impossible Become difficult or even impossible for the average user to fully uninstall Toolbars are not technically not a virus, but they do exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program. Generally speaking, toolbars are ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer, Firefox and Chrome, and distributed through various monetization platforms during installation. Very often users have no idea where did it come from, so it’s not surprising at all that most of them assume that the installed toolbar is a virus. For example, when you install iLivid Media Player, you will also agree to change your browser homepage to search.conduit.com, set your default search engine to Conduit Search, and install the AVG Search-Results Toolbar.
    [Show full text]
  • Clean Slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans - Anti-Malware Program Arsenal
    Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog Clean slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans - Anti-Malware Program Arsenal Author : admin Malware Bytes is a great tool to clean a PC in a quick and efficient way from Malware / Spyware that wormed while browsing infectious site on the internet. But sometimes PCs that has to be fixed are so badly infected with Spyware, Malware and Viruses that even after running Malware Bytes on boot time, left Work or Viruses do automatically download from the Internet or have been polymorphically renamed to a newer one that escapes Malware Bytes badware database and heroistics. Such problematic PCs are usually unmaintained user PCs whose Anti-Virus procetion with Nod32 or Kaspersky licensing has long expired leaving the PC without any mean of protection / PCs with removed Firewall / AV Program (due to Virus or Malware Infection) or on Computers which were used actively to download Cracked Programs, Games - by small kids or PCs used for watching heavily Porn (by teenagers). Here is a List of Top Iseful FreeWare anti-Malware softwares, you can use in combination with MalwareBytes to (Clean) / Fix a Windows PC that is in almost unsolvable state (and obviously needs re-install) but contains too much software either obsolete or hard (time wasting) to configure: Below anti-malware goodies helps in "Resurrecting" even the worst infected PC, so I believe every Win Admin should know them well and in computer clubs and university Windows computer networks with Internet it is recommended to check computers at least once a year ..
    [Show full text]
  • Hitmanpro.Alert Test Tool Manual
    Getting Started HitmanPro.Alert Getting Started 1.1 Page 1 1 Introduction HitmanPro.Alert is a solution that provides real-time protection for home and business PCs to guard against prevalent and zero-day software exploits, drive-by downloads, crypto-ransomware, online fraud, espionage and identity theft. It protects your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware solutions. 2 Install Prerequisites to Install HitmanPro.Alert Before installing HitmanPro.Alert, make sure that the target PC meets the following prerequisites: 5 MB disk space, 20 MB recommended Any 32-bit (x86) or 64-bit (x64) processor, Intel® Core™ i3, i5 or i7 recommended One of the following operating systems: Operating System 32-bit (x86) 64-bit (x64) Microsoft Windows XP with Service Pack 3 (SP3) Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows 10 HitmanPro.Alert Getting Started 1.1 Page 2 Install HitmanPro.Alert 1. Download the software, hmpalert.exe: http://www.hitmanpro.com/downloads The single installation file is designed for both 32-bit and 64-bit versions of Windows. 2. Make sure you are connected to the internet and run the HitmanPro.Alert installation file, hmpalert.exe. The install dialog appears: 3. Place a checkmark in the checkbox in front of I accept the Terms of Use. 4. Click on the large INSTALL button at the bottom of the window to start installation. 5. On Windows Vista, Windows 7, Windows 8.1 and Windows 10, a User Account Control dialog may appear. Select Yes. 6.
    [Show full text]
  • Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation White Paper
    White Paper Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation White Paper Authors: Claudiu Cobliș - Security Researcher, Cyber Threat Intelligence Lab Cristian Istrate - Security Researcher Tech Lead, Cyber Threat Intelligence Lab Cornel Punga - Security Researcher, Cyber Threat Intelligence Lab Andrei Ardelean - Security Researcher, Cyber Threat Intelligence Lab [2] White Paper Foreword For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached. This contract between the developer and the consumer, however, is governed by third parties –the advertisers – the entities that absorb the product’s cost in exchange for user-generated information and behavior. Enter the adware era. While generating untold revenue for the companies that run these programs, adware has witnessed constant improvements over the years in both data collection and resilience to removal. The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user. This whitepaper details an extremely sophisticated piece of spyware that has been running covertly since early 2012, generating revenue for its operators and compromising the privacy of its victims. One of the perks of identifying a new strain of malware is getting to name it. We called this adware family “Zacinlo”, after the final payload, although this might not be the most appropriate name for such a complex piece of code.
    [Show full text]
  • Automated Malware Analysis Report for Hitmanpro Universal Crack (64
    ID: 40923 Sample Name: HitmanPro Universal Crack (64 bit).exe Cookbook: default.jbs Time: 05:18:12 Date: 25/12/2017 Version: 20.0.0 Table of Contents Table of Contents 2 Analysis Report 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Signature Overview 6 AV Detection: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 Persistence and Installation Behavior: 6 Data Obfuscation: 6 Spreading: 6 System Summary: 6 HIPS / PFW / Operating System Protection Evasion: 7 Anti Debugging: 7 Malware Analysis System Evasion: 7 Language, Device and Operating System Detection: 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus Detection 8 Initial Sample 8 Dropped Files 8 Domains 8 Yara Overview 8 Initial Sample 8 PCAP (Network Traffic) 8 Dropped Files 8 Memory Dumps 8 Unpacked PEs 8 Joe Sandbox View / Context 8 IPs 9 Domains 9 ASN 9 Dropped Files 9 Screenshot 9 Startup 10 Created / dropped Files 10 Contacted Domains/Contacted IPs 10 Contacted Domains 10 Contacted IPs 10 Static File Info 10 General 10 File Icon 11 Static PE Info 11 General 11 Entrypoint Preview 11 Data Directories 12 Sections 12 Resources 13 Imports 13 Network Behavior 13 Copyright Joe Security LLC 2017 Page 2 of 14 Code Manipulations 13 Statistics 13 System Behavior 13 Analysis Process: HitmanPro Universal Crack (64 bit).exe PID: 3256 Parent PID: 2948 13 General 13 File Activities 13 File Created 14 File Written 14 Disassembly 14 Code Analysis 14 Copyright Joe Security LLC 2017 Page 3 of 14 Analysis Report Overview General
    [Show full text]
  • Malware Removal Guide for Windows
    www.selectrealsecurity.com Malware Removal Guide for Windows Last Updated: October 1, 2012 – View HTML version © 2011 Brian Meyer This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware. Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal. I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware. How do I back up my data? Note: 1. In some cases, the only way to remove malware is to reformat and reinstall Windows. 2. This guide will continue to be updated, so please check back often. – Latest Updates 3. If you have any questions or comments about this guide, please contact me at: [email protected] Contents - Preparation for Removal - Removal Process - Step 1 - Scan for and Remove Rootkits - Step 2 - Scan for and Remove Malware - Step 3 – Online Malware Scan - After the Removal Process - Fix Post-Disinfection Problems - Get Expert Analysis - Can't Boot Into Windows or Safe Mode? - Conclusion www.selectrealsecurity.com Preparation for Removal Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.
    [Show full text]
  • Ransomware Crypto
    April 2016 Volume 14 Issue 4 Protecting against Tomorrow’s Malware Attacks Today The Rise of Malicious Documents The Practice of Malware Protection for Commercial Banking The Hotel Industry Has a PoS Malware Problem Evolving Ransomware Crypto lockerRANSOMWARE MALWARE THREAT EVOLUTION Table of Contents DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Feature 14 CryptoLocker By Carl Saiyed – ISSA member, Greater Spokane Chapter This article discusses CryptoLocker ransomware, how it works, how it happens, and most importantly what enterprises can do to protect themselves above and beyond IDS/IPS and antivirus systems. Articles 28 The Practice of Malware Protection for 19 Protecting against Tomorrow’s Malware Commercial Banking Attacks Today By Sergey Tikhonov and Miroslava Bondarenko – ISSA members, Russia By Guy Bunker – ISSA member, UK Chapter The variety of attacks against enterprise networks This article discusses why cybersecurity organizations is undergoing rapid development. In this article we need to rethink how they protect against the next wave will describe some protection practices performed of malware attacks and information-borne threats. by an in-house information security team in a small 24 The Rise of Malicious Documents commercial bank. By Didier Stevens – ISSA member, Belgian Chapter 37 The Hotel Industry Has a PoS Malware The author discusses the increasing use of embedded Problem active content—macros, scripts, executables—in malicious Office docs and pdfs designed to fly under By Andy Green the radar of email and antivirus scanning tools. Hotels are increasingly becoming victims of point- of-sale data breaches, falling prey to the same PoS malware that have been plaguing big retailers for years.
    [Show full text]