Talon FAST 4.x - Firewall and Antivirus Requirements FAST...Firewall Antivirus Requirements Guide...

download Talon FAST 4.x - Firewall and Antivirus Requirements FAST...Firewall Antivirus Requirements Guide ... 1. FIREWALL AND ANTIVIRUS BEST PRACTICES ... , and drives are excluded from antivirus

of 33

  • date post

    13-May-2018
  • Category

    Documents

  • view

    233
  • download

    3

Embed Size (px)

Transcript of Talon FAST 4.x - Firewall and Antivirus Requirements FAST...Firewall Antivirus Requirements Guide...

  • 1

    Talon FAST

    Firewall & Antivirus

    Requirements Guide

    Revision 401029

  • 2

    TABLEOFCONTENTS

    1. FirewallandAntivirusBestPractices............................................3

    2. McAfeeVirusScan.........................................................................5

    3. SymantecEndpointProtection12.x...........................................17

    4. SophosEndpointSecurityandControlv10.x.............................25

    5. TrendMicroOfficeScan..............................................................31

    DISCLAMER:THISDOCUMENTATIONISPROVIDEDBYTALONONAN"ASIS"BASIS.TALONMAKESNOREPRESENTATIONSORWARRANTIESOFANYKIND,EXPRESSORIMPLIED,ASTOTHEOPERATIONOFTHEWEBSITEORTHEINFORMATION,CONTENT,MATERIALS,ORPRODUCTSINCLUDEDINTHISDOCUMENT.TOTHEFULLEXTENTPERMISSIBLEBYAPPLICABLELAW,TALONDISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDING,BUTNOTLIMITEDTO,IMPLIEDWARRANTIESOFMERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSEANDNON-INFRINGEMENT.

    AlthoughTalonhasattemptedtoprovideaccurateinformationinthisdocumentation,Talonassumesnoresponsibilityfortheaccuracyorcompletenessoftheinformation.Talonmaychangetheprogramsorproductsmentionedinthisdocumentatanytimewithoutnotice,butTalonmakesnocommitmenttoupdatetheprogramsorproductsmentionedonthiswebsiteinanyrespect.Mentionofnon-Talonproductsorservicesisforinformationalpurposesonlyandconstitutesneitheranendorsementnorarecommendation.

  • 3

    1. FIREWALLANDANTIVIRUSBESTPRACTICESNote:WhileTalonmakesareasonableefforttovalidatethatthefollowingantivirusapplicationsuitesarecompatiblewiththeTalonFASTsolution,wecannotguaranteeandarenotresponsibleforanyincompatibilitiesorperformanceissuescausedbytheseprograms,ortheirassociatedupdates,servicepacks,ormodifications.TalondoesnotrecommendtheinstallationnorapplicationofmonitoringorantivirussolutionsonanyFASTenabledappliances(CoreorEdge).Shouldasolutionbeinstalled,bychoiceorbypolicy,thefollowingBestPracticesandrecommendationsmustbeapplied.

    MicrosoftFirewall

    RetainFirewallSettingsasDefault

    Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofOFFandnotstartedforstandardTalonFASTCoreorEdgeinstallations.

    Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofONandstartedforCoreorEdgeappliancesalsobeingusedasdomaincontrollers.

    CorporateFirewall

    RetainFirewallSettingsasDefaultFirewall:ports6618-6621(TalonFASTusesTCPports6618-6621) WANOptimizationsolutions/devicesmustbeconfiguredtoPass-thruTalon-specificports

    Client-SideSoftware

    TalonhastestedcommonantivirussoftwarepackagesincludingMcAfee,Symantec,SophosandTrendMicroforusealongsideourFASTsolutiononbothCoreandEdgesystemsconfiguredtorunoursoftware.

    Note:AddingantivirustoanEdgeappliancemayintroducea20-30%impactonuserperformance.

    Pre-Installationnotes

    TheantivirussoftwarepackageshouldbecertifiedbyTalon. Theantivirussoftwarepackage(likeanyothercertifiedsoftware)shouldonlybeinstalledondriveC:\

  • 4

    RestrictFileScanning

    Applicationsthatscanfilesand/orfoldersinordertogatherstatisticsorotherdatasometimesonlyreadmetadataofthefilewithoutreadingactualdatacontainedwithinthefile.Otherapplicationsmayopeneachfileindividuallyinordertodeterminethetypeofdatapresentinthefile.Inthecaseofpictures,music,orvideofiles,certainapplicationsmayalsocreatethumbnailsorprovideadditionalinformationaboutthecontentsofthefile.

    ScansthatcausethesetypesoffileopenoperationsshouldbeavoidedontheEdgeapplianceandontheclientworkstation.AnyopenofafileinthismannerwillcausetheEdgeappliancetoretrievethefilefromthebackenddatacenterfileserverandcacheitlocallyinthebranchoffice.ScanningtogatherstatisticsorprovidethumbnailstopicturefilescouldalsocausetheEdgeappliancetoretrieveandcachemoredatathanthecachewasoriginallysizedtoaccommodate.Client-sidesoftwarethatsearches,indexesand/orscansnetworkfilesandfolderscancauseunnecessarymetadataandfiletransfersovertheWAN,resultinginanadditionalloadontheapplianceandshouldbeavoided.

    AntivirusCoverageRecommendation

    AntivirussoftwareinstalledonthebackenddatacenterfileserverandonclientPCsisgenerallyadequateprotectionagainstnetworkviruses.TalondoesallowdataonitsEdgeandCoreappliancestobescanned,ensuringcompletepoint-to-pointprotection.However,onbothCoresandEdges,theD:\(cachedrive)andT:\(virtualfileshare)volumesshouldbothbeexcludedfromvirusscanningaswellasanyTalonFASTprocesses.Usersmappednetworkdrivesshouldneverbescanned.

    ConfigureExclusions

    AntivirussoftwareorotherthirdpartyindexingorscanningutilitiesshouldneverscandriveD:\ordriveT:\ontheEdgeappliance.ThesescansofEdgeserverdrivesD:\andT:\willresultinnumerousfileopenrequestsfortheentirecachenamespace.ThiswillresultinfilefetchesovertheWANtoallfileserversbeingoptimizedatthedatacenter.WANconnectionfloodingandunnecessaryloadontheEdgeappliancewilloccurresultinginperformancedegradation.

    ThefollowingTalonFASTprocessesshouldbeexcludedfromanyandallantivirusscans:

    C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe C:\ProgramFiles\TalonFAST\Bin\Optimus.exe C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe C:\ProgramFiles\TalonFAST\Bin\tapp.exe C:\ProgramFiles\TalonFAST\Bin\TService.exe C:\ProgramFiles\TalonFAST\Bin\tum.exe C:\Windows\System32\drivers\tfast.sys

  • 5

    2. MCAFEEVIRUSSCAN

    ThissectionoutlinesbestpracticesforMcAfeeVirusScanEnterpriseversiontargetedforTalonFASTappliancesbasedonWindowsServer2012R2.

    BaselineProtection

    AftercompletingaStandardinstallationoftheMcAfeeVirusScanEnterpriseandchoosingtonotperformtheinitialOn-demandscan,followtheconfigurationspecificsasoutlinedbelow,includingOn-AccessScanning,FullandTargetedScan.

  • 6

    ExcludingServicesandProcessesinMcAfeeVirusScanConsole

    ThissectiondetailshowtoexcludeTalonFASTprocessesonCore/EdgeServersandotherremoteappliancesbasedonMcAfeeVirusScanscanning.

    Note:EnsurethatTalonFASTprocesses,services,anddrivesareexcludedonantivirusserversandclientsandasagrouppolicyforTalonFASTusers,ifapplicable.

    DoubleclicktheOn-AccessScannertaskinthemainVirusScanConsolewindow.

  • 7

    ClickDefaultProcessesintheleftpaneandthenselecttheradiobuttonlabeledConfiguredifferentscanningpoliciesforhigh-risk,low-risk,anddefaultprocesses.

    ClicktheExclusionstabandthenclicktheExclusionsbuttontoconfigurethem.

  • 8

    AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.ClickOKwhenfinished

    ClicktheScanItemstabandde-selectWhenwritingtodisk

  • 9

    ClickLow-RiskProcessesintheleftpane. ClicktheAddbuttonontheProcessestab.

  • 10

    Oncethelistofavailableprocessesfinishespopulating,youmayneedtoclicktheBrowsebuttonandmanuallyaddthefollowingprocesses.

    C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe C:\ProgramFiles\TalonFAST\Bin\Optimus.exe C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe C:\ProgramFiles\TalonFAST\Bin\tapp.exe C:\ProgramFiles\TalonFAST\Bin\TService.exe C:\ProgramFiles\TalonFAST\Bin\tum.exe

    ClickOKtoapplythechanges.

  • 11

    ClicktheScanItemstabandde-selectWhenwritingtodiskandWhenreadingfromdisk.

  • 12

    ClicktheExclusionstabatthetop. ClicktheExclusionsbutton

  • 13

    AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans. AddC:\Windows\System32\drivers\tfast.sys.Note:Youmayhavetomanuallytypeinthispathtoadd

    tfast.sys ClickOKwhenfinished.

  • 14

    FullorTargetedScans

    IfrunningafullortargetedscanonaTalonFASTserver,pleasefollowthestepsbelow

    DoubleclickeitherFullScanorTargetedScanfromtheVirusScanConsole

    ClicktheExclusionstabfromtheOn-DemandScanPropertieswindow.ClicktheExclusionsbutton.

  • 15

    AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.

    ClickOKwhenfinished.

  • 16

    PreventConnectionBlockinginSharedFolders

    WiththeexclusionsoftheD:\andT:\drives,itisrecommendedthatconnectionsnotbeblockedfromsharedfolders.ThiswillprovideconsistentfileaccessfromtheTalonVirtualFileShare,T:\.

    Todisabletheconnectionblocking,unchecktheboxasshownbelow:

  • 17

    3. SYMANTECENDPOINTPROTECTION12.X

    ThissectionoutlinesbestpracticesforSymantecEndpointProtectionversion12.xtargetedforTalonFASTappliancesbasedonWindowsServer2012R2.

    DoubleclicktheSymantecicononthetaskbar

    VirusandSpywareProtection->ClickOptions->ChangeSettings

    ClickViewList

  • 18

    ClickAdd->SecurityRickException->Folder

    Scrolldown,clickonD,andclickOK

  • 19

    ClickAdd->SecurityRiskException->Folder

    Scrolldown,clickonT,andclickOK

  • 20

    ClickAdd->SecurityRiskException->Folder

    Addthefollowing:

    C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe C:\ProgramFiles\TalonFAST\Bin\Optimus.exe C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe C:\ProgramFiles\TalonFAST\Bin\tapp.exe C:\ProgramFiles\TalonFAST\Bin\TService.exe C:\ProgramFiles\TalonFAST\Bin\tum.exe C:\Windows\System32\drivers\tfast.sys

  • 21

    ClickAdd->ApplicationException

  • 22

    BrowsetoC:\ProgramFiles\TalonFAST\Bin\andaddtum

    ClickOK

    ClickontheAuto-Protecttab.UnderFileTypes,clickSelected.UncheckDeterminefiletypesbyexaminingfilecontents.ClickAdvanced.

  • 23

    Adjustsettingsasshownbelow

    ClickNetwork

    UncheckNetworkcache

    ClickOK

  • 24

    NetworkThreatProtection->ClickOptionsandselectViewNetworkActivity

    Rightclicktum.exeandselectAllow

    Configurationiscomplete.

  • 25

    4. SOPHOSENDPOINTSECURITYANDCONTROLV10.X

    Thissectionoutlinesbestp