Web Mon 4 Manual

8/13/2019 Web Mon 4 Manual

1/79

GFI WebMonitor 4 for ISA Server

Manual

By GFI Software


2/79

http://www.gfi.com

E-mail: [email protected]

Information in this document is subject to change without notice.Companies, names, and data used in examples herein are fictitiousunless otherwise noted. No part of this document may be reproducedor transmitted in any form or by any means, electronic or mechanical,for any purpose, without the express written permission of GFISOFTWARE.

Version 4.0 Last updated February 25, 2008


3/79

GFI WebMonito r 4.0 0BIntroduc tion 3

Contents

Introduction 6Introduction to GFI WebMonitor.....................................................................................6Editions ..........................................................................................................................6How does GFI WebMonitor work?.................................................................................6Key features...................................................................................................................8GFI WebMonitor licensing scheme................................................................................8

License expiry ...................................................................................................9GFI WebMonitor product evaluation..............................................................................9

Installing GFI WebMonitor 11Introduction ..................................................................................................................11System requirements ...................................................................................................11

WebFilter Edition Minimum hardware requirements....................................11WebSecurity Edition Minimum hardware requirements...............................11GFI WebMonitor UnifiedProtection Edition Minimumhardware requirements ...................................................................................11Software requirements all editions...............................................................11

Installation procedure...................................................................................................12Launching GFI WebMonitor .........................................................................................14Downloading the WebGrade Database .......................................................................14Downloading anti-virus signatures ...............................................................................14Upgrading from a previous version..............................................................................15

Navigating the GFI WebMonitor console 17Introduction ..................................................................................................................17Navigating the GFI WebMonitor user console.............................................................17

Getting started: Monitoring Internet activity 19Introduction ..................................................................................................................19Active Connections ......................................................................................................19Past Connections.........................................................................................................20Sites History .................................................................................................................21

Top Time Consumption...................................................................................21Top Hits Count ................................................................................................22Users History................................................................................................................23

Top Surfers .....................................................................................................23Top Hits Count ................................................................................................24

Site History Details.......................................................................................................25User History Details .....................................................................................................26Activity Log...................................................................................................................27

WebFilter Edition Site rating and content filtering 28Introduction ..................................................................................................................28Configuring Web Filtering policies ...............................................................................29

Adding a Web Filtering Policy .........................................................................29

Editing a Web Filtering Policy .........................................................................31Disabling a Web Filtering Policy .....................................................................32Enabling a Web Filtering Policy ......................................................................32


4/79

4 0BIntroduct ion GFI WebMonito r 4.0

Deleting a Web Filtering Policy.......................................................................32Default web filtering policy ..............................................................................32

Configuring advanced web filtering policy conditions ..................................................33Adding an advanced web filtering policy condition .........................................33Editing an advanced web filtering policy condition .........................................34Removing an advanced web filtering policy condition....................................34

WebGrade Database settings......................................................................................35Enabling/disabling the database.....................................................................35Configure database updates...........................................................................35

Bandwidth Monitoring...................................................................................................36Sites Top Bandwidth Consumption.................................................................36Users Top Bandwidth Consumption ...............................................................37Site History Details..........................................................................................38

User History Details .....................................................................................................40WebSecurity Edition File scanning and download control 42

Introduction to WebSecurity Edition.............................................................................42Configuring Download Control policies........................................................................43

Adding a Download Control Policy..................................................................43

Editing a Download Control Policy..................................................................46Disabling a Download Control Policy..............................................................46Enabling a Download Control Policy...............................................................46Delete a Download Control Policy ..................................................................47Default Download Control Policy ....................................................................47Adding Content-types .....................................................................................47

Configuring Virus Scanning Policies............................................................................48Adding a Virus Scanning Policy......................................................................48Editing a Virus Scanning Policy ......................................................................51Disabling a Virus Scanning Policy ..................................................................51Enabling a Virus Scanning Policy ...................................................................51Delete a Virus Scanning Policy.......................................................................52Default Virus Scanning Policy.........................................................................52

Scanning Engines ........................................................................................................52

Enabling/disabling the scanning engines........................................................52Configure anti-virus updates ...........................................................................53Kaspersky Scanning Engine Options .............................................................54

Anti-Phishing Engine....................................................................................................55Enabling/disabling the Anti-Phishing Engine ..................................................55Configure Anti-Phishing database updates ....................................................56Configure phishing notifications......................................................................57

Handling blocked downloads 58Introduction ..................................................................................................................58Approving or Deleting items.........................................................................................58

Viewing quarantined items..............................................................................58Approving quarantined items ..........................................................................59Deleting quarantined items .............................................................................60

Configuring permitted and prohibi ted sites 62Introduction ..................................................................................................................62Configuring the Whitelist ..............................................................................................62

Preconfigured items ........................................................................................63Adding items to the Permanent Whitelist........................................................63Delete items from the Permanent Whitelist ....................................................63Adding items to the Temporary whitelist.........................................................64Removing items from the Temporary whitelist................................................65

Configuring the blacklist...............................................................................................65Adding items to the Blacklist ...........................................................................66Delete items from the Blacklist........................................................................66


5/79


Using wildcards ............................................................................................................67Configuring GFI WebMonitor 68

Introduction ..................................................................................................................68Administrative Access Control .....................................................................................68

Adding users/IPs to the access permissions list............................................. 68

Deleting users/IPs to the access permissions list...........................................69Notifications..................................................................................................................69

Configuring email settings...............................................................................69Configuring email recipients............................................................................69Deleting recipients: .........................................................................................70

General Settings ..........................................................................................................70Reporting Setup 72

Introduction ..................................................................................................................72Enabling Reporting.......................................................................................................72

The update reporting data now button............................................................73Disabling Reporting......................................................................................................73

Miscellaneous 75Introduction ..................................................................................................................75Entering your license key after installation ..................................................................75Checking for newer builds............................................................................................75

Troubleshooting 76Introduction ..................................................................................................................76Knowledge Base ..........................................................................................................76Request technical support via email ............................................................................76Request technical support via phone...........................................................................77Web Forum ..................................................................................................................77Build notifications .........................................................................................................77

Index 79


6/79


Introduction

Introduction to GFI WebMonitor

GFI WebMonitor is a comprehensive monitoring tool that plugs in andcompliments the functionality provided by Microsoft ISA Server toenable you to monitor and filter network users web traffic (browsingand file downloads) in real time. It also enables you to block webconnections in progress as well as to scan traffic for viruses, trojans,

spyware and phishing material.It is the ideal solution to transparently and seamlessly exercise asubstantial degree of control over your network users browsing anddownloading habits. At the same time it enables you to ensure legaland best practice initiatives without alienating your network users.

Editions

GFI WebMonitor 4 is available in 3 different editions. Each editioncaters for systems administrators that have different requirements:

WebFilter Edition:Filters web traffic and website use according

to its built in WebGrade database. This is a configurable websitecategorization database that determines access according touser/group/IP address/time.

WebSecurity Edition:Provides a high degree of web security fordownloaded web traffic. This is achieved through its built indownload control module and multiple anti-virus engines and antispyware scanning modules.

UnifiedProtection Edition:Provides both WebFilter Edition andWebSecurity Edition functionalities in a single package.

How does GFI WebMonitor work?

GFI WebMonitor operations can be divided in 4 logical stages:


7/79


Figure 1 - How does GFI WebMonitor work

Stage 1 - Request initiation:At this stage users request a webpage

or a download over the Internet. The incoming traffic generated by theusers request is received by Microsoft ISA Server which in turn refersto GFI WebMonitor any web traffic (webpage requests, imagedownloads, file downloads) received.

Stage 2 - Blacklist/Whitelist filtering: This stage comprises aninternal GFI WebMonitor blacklist/whitelist filtering mechanism thatanalyzes user IDs, originating IP address and URL requested.

Web traffic requested by blacklisted users and IP addresses orfrom blacklisted URLs is rejected immediately.

Web traffic requested by whitelisted users and IP addresses orfrom URLs that are whitelisted are automatically granted

access and forwarded to the user. Requests that are neither blacklisted nor whitelisted are

forwarded to the WebFilter module for processing.

Stage 3 - WebFilter module: The WebFilter module analyzes theuncategorized web traffic received from the blacklist/whitelist filteringmechanism against a comprehensive list of websites categorized in a

variety of classes. Web traffic is rejected or approved accordingolicies set up against website categories included within the

to a quarantine; where systemsnd

rce.

wideto pWebGrade database.

Policies can be set to reject web trafficadministrators can review and approve/deny according to needs a

requirements. When the quarantined web traffic is manually approved,the formerly quarantined URL is put in a temporary whitelist so thatusers can have access to this web resou


8/79


NOTE:The WebFilter module is only available in the WebFilter Editionn the case ofnt from the

d scans thed other malware. Infected

data is found to originate from aautomatically rejected. The approved

le is only available in the WebSecurityebMonitor. In the casethe user without going

rity module.

and the UnifiedProtection Edition of GFI WebMonitor. Ithe WebSecurity Edition, web traffic is directly sewhitelist/blacklist filters to the WebSecurity module.

Stage 4 - WebSecurity module:The WebSecurity module analyzes

web traffic through the download control module anincoming material for viruses, spyware anmaterial is automatically rejected or quarantined based on the policiesset up.

Web traffic is also scanned for phishing material through an updatabledatabase of phishing sites. If thisknown phishing element, it isweb material is then sent to the user through ISA Server.

NOTE:The WebSecurity moduedition and UnifiedProtection editions of GFI Wof the WebFilter edition, web traffic is relayed to

through the processes included in the WebSecu

Key features

GFI WebMonitor includes the following features:

es and anti-spyware features.

Native integration with Microsoft ISA Server as a web filter.

lication of Microso ver functionality Easy installation with minimal configuration requirements.

type signature c es with ren nsionsare automatically recognized with their real file type.

otifications of important events.

f the art WebGrade Database enabling all ststo be checked against an extensive and top-notch categorization

s

y policies.

idth use reporting p

azardous files and content.

.

GFI WebMo schem

Real time web activity monitoring.

Immediate blocking of web access and downloads in progress.

Web traffic security through multiple and updatable anti-virusengin

No dup ft ISA Ser .

Real file hecking fil amed exte

Email n

State o website reque

database.

Download control policies.

URL, user and IP whiteli t and blacklist that override all WebFilter

and WebSecurit

Bandw er user/website.

Quarantine of h

Web-based interface

nitor licensing e

G sing hatbecome unavailable when the subscription period runs out.

The table below specifies which features are available with which

edition and whether the features are available when the subscriptione

FI WebMonitor 4 licen is subscription based with features t

xpires.


9/79


Feature Edition Expired Subscript ion

Monitoring All editions Available

Whitelist All editions Not available

Blacklist All editions Not available

Web Filtering policies WebFilter Edition Not available

Bandwidth monitoring WebFilter Edition Not available

Download controlpolicies WebSecurity Edition Not available

Virus & spyware

scanning and policies WebSecurity Edition Available

without updates

Anti-virus updates WebSecurity Edition Not available

Anti-phishing engines WebSecurity Edition Not available

Quarantine All editions Available

Reporting All editions Available

License expiry

FI WebMonitor 4 licenses expire for two reasons: End of subscription period

Licensed user count exceeded

When the licensed user count is exceeded, systems administratorshave a 15-day grace period during which they have to purchase newlicenses. After the prescribed grace period, all the GFI WebMonitor 4features (except for monitoring and anti-virus scanning) are disabled(grayed out).

GFI WebMonitor product evaluation

G

You may download and try out a fully featured version of GFIWebMonitor 4 without an evaluation key for 10 days. However youcan apply for a 30-day product evaluation key by filling inthe online registration form on the GFI website(http://www.gfi.com/downloads/register.aspx?pid=webmon&vid=4&lid=en) when downloading the product. This will also qualify you for freeemail support. The 30-day evaluation period key will be emailed to youautomatically after you download the product. During the evaluationperiod all the GFI WebMonitor 4 features are available.


10/79

10 0BIntroduc tion GFI WebMonitor 4.0


11/79

GFI WebMonito r 4.0 1BInstalling GFI WebMonito r 11

Install

Introduction

ing GFI WebMonitor

This chapter provides you with information related to the installation ofGFI WebMonitor 4.

System requirements

Install GFI WebMonitor on computers that meet the followinghardware and software system requirements:

WebFilter Edition Minimum hardware requirements

Processor: 1.8 GHz processor clock speed

RAM: 1 GB

processor clock speed

RAM: 1 GB

Hard disk: 10 GB of available space

GFI WebMonitor UnifiedProtection Edition Minimumhardware requirements

Processor: 1.8 GHz processor clock speed

RAM: 2 GB


NOTE: The hard disk size specifications quoted for each edition arethose required to install and operate the GFI WebMonitor edition.Allowance has been made for the downloads cache, processing spacerequired for scanning, and history data files. However, this is onlyindicative; you may need to allocate additional disk space depending

monitored.

oft ISA Server 2004 (SP3) or later

Internet Explorer 6 or later

.NET framework 2.0

NOTE:GFI WebMonitor can only be installed on the server machinehosting Microsoft ISA Server.


WebSecurity Edition Minimum hardware requirements

Processor: 1.8 GHz

on your environment and number of users being

Software requirements all editions

Windows 2000 Server (SP4) or Windows 2003 operating system

Micros


12/79

12 1BInstalling GFI WebMonito r GFI WebMonito r 4.0

Installation procedure

To install GFI WebMonitor 4:

1. Double-click on webmonitor4.exeand click Next.

2. Choose whether you want the installation wizard to search for a

newer build of GFI WebMonitor 4 on the GFI website and click on theNextbutton.

Screenshot 1 Checking for a newer build of GFI WebMonitor

3. Read the licensing agreement carefully. To proceed with theinstallation, select the I accept the terms in the license agreementoption and click Next.

Screenshot 2 GFI WebMonitor access permissions


13/79


4. Specify the user name or the IP address which will be grantedaccess to the GFI WebMonitor Web interface and click Next tocontinue.

icense details

default evaluation

Screenshot 3 GFI WebMonitor l

5. Specify the user name, organization and license key details. If youwill be evaluating the product for 10 days, leave thekey as Evaluation. Click Nextto continue.

Screenshot 4 GFI WebMonitor administrative credentials

6. Specify the administrative credentials which will be used to run theGFI WebMonitor service. Click Nextto continue.


14/79

14 1BInstalling GFI WebMonito r GFI WebMonito r 4.0

Screenshot 5 GFI WebMonitor SMTP mail server settings

7. Specify the SMTP mail server details and email address whereadministrator notifications will be sent. Click Nextto continue.

8. Specify an alternative installation path or click Next to use thedefault path and proceed with the installation.

9. Click Installto finalize the installation.

Launching GFI WebMonitor

Following the installation, launch GFI WebMonitor from StartPrograms GFI WebMonitor GFI WebMonitor .

Alternately GFI WebMonitors web console can also be launchedthrough a web browser via the URL or I.P. address that points to theGFI WebMonitor installation on the ISA Server.

Example:http://:1007

Downloading the WebGrade Database

By default, the WebGrade Database is not included with the GFIWebMonitor installation package. Upon installing GFI WebMonitor thelatest version of this database is automatically downloaded andinstalled.

Downloading anti-virus signatures

By default, anti-virus signatures are not included with the GFIWebMonitor installation. Upon installing GFI WebMonitor, the latestsignatures for the supported scanning engines are automaticallydownloaded and installed.


15/79


Upgrading f rom a previous version

The underlying operational and processing technologies on which GFIWebMonitor 4 is built are different than those in previous vGFI WebMonitor. Previous versions therefore cannot be imupgra

ersions ofported or

ded to GFI WebMonitor 4.


16/79


17/79

GFI WebMonit or 4.0 2BNavigating the GFI WebMonit or console 17

Navigating the GFI WebMonitor

console

Introduction

GFI WebMonitors console is a web-based interface through whichyou can control every aspect of its functionality. Through it you canmonitor, block and grant access to all network traffic on your network.

the GFINavigating WebMonitor user console

NaviFigure 2- gating the GFI WebMonitor console

Navigation Pane Enables you to view and navigate to all thevarious functions and options within GFI WebMonitor.

View Pane Allows you to view web statistics, current and historicweb traffic and setup of GFI WebMonitor.

Monitoring Node Provides access toGFI WebMonitors web trafficmonitoring functions.

Whitelist/Blacklist Node Provides access to GFI WebMonitorswhitelist and blacklist functions.

WebFilter Edition Node Provides access to the WebFilter Editionfunctions within GFI WebMonitor. This includes access to theWebGrade database settings.

WebSecurity Node Provides access to the WebSecurity Editionfunctions within GFI WebMonitor. This includes access to the variousanti-virus and download control setup screens.

Setup Nodes Provide access to all the setup and administrationfeatures that GFI WebMonitor requires. Includes access control,notification setup and General settings.


18/79

18 2BNavigating the GFI WebMonitor conso le GFI WebMonit or 4.0

Reporting Node Provides access to the reporting configuration andsetup within GFI WebMonitor.

Licensing Nodes Provides access to the licensing setup andversion information.

Quarantine Node Provides access to the quarantined items thatGFI WebMonitor blocked. These are listed by time.

Help Node Provides access to help on all aspects of GFIWebMonitors functionality.


19/79

GFI WebMonito r 4.0 3BGetting started: Monitori ng Internet activi ty 19

Getting started: Monitoring Internet

activity

Introduction

Use the Monitoringnode and its sub-nodes to examine current andhistorical web request data collected and processed by Microsoft ISAserver. Through these nodes you can view data related to:

Active connections

Past connections

Sites history

Users history

Activity log

Active Connections

nnections

ctions view by clicking on Monitoringnavigation pane.

gh Microsoft ISA Server.

Screenshot 6 Active co

Access the Active conneActive Connect ions in the

Active connectionsprovides information related to all currently activeTCP connections which are processed throu

The information displayed includes: User name


20/79

20 3BGetting started: Monitori ng Internet activi ty GFI WebMonit or 4.0

Source IP

Bytes received/sent

Connection details, such as traffic direction and file type

Details about the URL being accessed.

Through this view you can terminate active Internet connections. (e.g.,interrupt file downloads that are taking up too much bandwidth). Tointerrupt connections, click on the button in the Status column ofthe connection and the download will be terminated.

NOTE 1: When ISA Server authentication is used, the Windowsaccount user name is displayed in the User column. Otherwise theuser name is displayed as unauthenticated.

NOTE 2: The information displayed is not refreshed automatically.

Click on the refresh button on the upper right of the view to updatethe information being shown.

ePast Conn ctions

Screenshot 7 Past connections

view byclicking on Monitoring Past

ws the last 2000 complete

e URL was accessed

h as file type

Access the Past connectionsConnectionsin the navigation pane.

The Past connections view shoconnections processed through Microsoft ISA Server. The informationdisplayed includes:

User name

Source IP

Time when th

Bytes received/sent

Connection details, suc

Details about the URL accessed.


21/79


The information is sorted by time, with the latest URL accessed listedon top.

NOTE 1: When ISA Server authentication is used, the Windowsaccount user name is displayed in the User column. Otherwise theuser name is displayed as unauthenticated.

NOTE 2: The information displayed is not automatically refreshed.Click on the refresh button on the upper right of the view to updatethe information being shown.

Sites History

The Sites History node allows you to identify:

The sites which are most frequently visited by your network users

The total browsing time per site.

Top Time Consumption

The Top Time Consumption view lists the sites on which networkusers spent most time browsing for a specific date. The informationdisplayed includes:

The sites which were accessed

The time spent browsing each site

The file types accessed from each site

The users/IPs that accessed the site.

The list can be sorted either alphabetically by site in ascending order,or by time spent browsing on the website in descending order (the site

on which most time was spent is listed on top).

in the navigation pane.

e view:

Screenshot 8 Sites History: Top Time Consumption

Access the Top Time Consumptionview byclicking on Sites HistoryTop Time Consumption

By default, this view lists todays default data. To view data for otherdays, use the controls on the upper right of th


22/79


Previous day click on the back button

Next day click on the forward button

Specific date click on the calendar button , select the requiredn Go.

on any of the sites listed to bring up the Siteformation refer to the Site History

that were most frequentlycific date. The information

date and click o

NOTE: If no data for a specific date is available, an error messagestating that data was unable to be retrieved.

You can also clickHistory Details view. For more inDetails section in this chapter.

Top Hits Count

The Top Hits Count view lists the sitesaccessed by network users on a spedisplayed includes:

The sites that were accessed

The number of times that each site was accessed (i.e., the numberof hits)


The users/IPs that accessed the site

Graphical representations of site hits over time.

The list can be sorted either alphabetically in ascending order by site,or in descending order of popularity (the site with most hits is listed ontop).

Screenshot 9 Sites History: Top Hits Count

Access the Top Hits Count view byclicking on Sites History TopHits Count in the navigation pane.

To access graphs showing hits over time per site, select the Showver Time Charts option.Hits O

By default, this view lists todays default data. To view data for otherdays, use the controls on the upper right of the view:


23/79




the calendar button Specific date click on , select the requiredGoto retrieve data for that date.

ata for a specific date is available, an error messagea was unable to be retrieved will be displayed.

You can also click on any of the sites listed to review the Site HistoryDetails view. For more information refer to the Site History Detailssection in this chapter.

Users History

date and click on

NOTE: If no dstating that dat

The Users History provides details of users who spent most of histime browsing sites and details of sites that were most frequentlyaccessed. The Users History sub-node is further divided into twosub-nodes:

Top Surfers

Top Hits Count

Top Surfers

Screenshot 10 Users History: Top Surfers

Access the Top Surfers view by clicking on Users History TopSurfers in the navigation pane.

The Top Surfers view lists the time spent by network users browsingsites on a specific date. The information displayed includes:

The users/IPs that browsed sites

The time spent browsing sites

The sites which were accessed by each user.

The list can be sorted either by user/IP in ascending order, or by timespent browsing in descending order (the site on which most time wasspent is listed on top).


24/79


25/79


To sort by site accesses, click on the Hitscolumn heading.

To display graphs showing hits over time for each of the sites listed,select the Show Hits Over Time Charts checkbox. Charts assist youin identifying time period(s) the specified date during which each useraccessed the most sites.




Specific date click on the calendar button , select the requireddate and click on Goto trieve data for that date.

ecific date is available, an error message

Site

re

NOTE: If no data for a spstating that data was unable to be retrieved will be displayed.

You can also click on any of the users/IPs listed to review UserHistory Details. For more information refer to the User History Details

section in this chapter.

History Details

Screenshot 12 Site History Details

Access Site History Details view byclicking on Sites History (TopTime Consumption or Top Hits Count) from the navigation pane.Fromthe view pane select one of the listed sites in theSitecolumn.

This view shows the following information:

All users/IPs who have accessed that site on the specified date

The number of times the site was accessed by each user

The file types accessed from the site by each user

A graphical representation of total site hits over time, for all users

A graphical representation of user site hits over time, for each userlisted


26/79


A graphicatypes show

l representation of traffic over time for each of the filen, for each user.

To display the graph showing total site hits over time for all users,select the Show Hits Over Time Chart checkbox. This graph assistsyou in identifying the time period(s) for the specified dates during

which the site was most frequently accessed by users.To display the graph showing total site hits over time for a specificuser, hover with the mouse pointer over the number of hits for any oneof the users/IPs listed. A chart pops up showing the access patternand frequency of the user during the day.

To display the graph showing download/upload traffic over time for aspecific file type, for a specific user, hover with the mouse pointer over

or any one of the users/IPs listed.

User Histo

one of the file types shown f

You can also click on any one of the users/IPs listed review UserHistory Details view. For more information refer to the User HistoryDetails section in this chapter.

ry Details

Screenshot 13 User History Details

Access User History Details view by clicking on Users History(Top Surfers or Top Hits Count) from the navigation pane. Fromthe view pane select one of the listed users/IPs in theUser/IPcolumn.

The User History Details view shows the following for a specific user:

The sites accessed on the specified date

The number of times the site was accessed

The file types accessed from the site

A graphical representation of total site hits over time

A graphical representation of specific site hits over time

A graphical representation of traffic over time for each of the filetypes shown, for a specific site.


27/79


ToSh

display the graph showing total site hits over time, select theow Hits Over Time Chart option. This chart helps you to identify

the time period(s) for the specified date during which the useraccessed the listed sites.

To display the graph showing specific site hits over time for the user,

hover with the mouse pointer over the number of hits for any one ofthe sites listed. A chart pops up showing the specified site accesspattern and frequency by the user during the day.

To display the graph showing download/upload traffic over time for aspecific file type, for a specific site, hover with the mouse pointer overone of the file types shown for any one of the sites listed.

You can also click on any of the sites listed to review Site History

Activity Lo

Details. For more information refer to the Site History Details sectionin this chapter.

g

Screenshot 14 GFI WebMonitor Activity Log

Access the Activity Log view by clicking on the Activi ty Log nodefrom the navigation pane.

The Activity Log view shows all GFI WebMonitor activity related to:

Items which have been blocked or quarantined

Processes which have failed.

The Activity Log view shows the following:

The user/IP who carried out the activity

Date and time when the activity took place

Description of the activity which took place and the reason whyitems which have been blocked or quarantined

Details on the URL accessed.


28/79

28 4BWebFilter Edition Site rating and content filt ering GFI WebMonit or 4.0

WebFilter Edition Site rating and

content filtering

Introduction

GFI WebMonitor uses WebFilter and the WebGrade database tomanage Internet access of users, groups or IPs based on sitecategories. The category of a particular site is determined through the

WebGrade Database; if a site is listed in the database, GFIWebMonitor then uses the configured web filtering policies todetermine what action to take. This may be one of the followingactions:

Allow access to site

Block access to site and quarantine the related file URL

Block access to site and delete related URLs.

Policies can be customized to apply during specific time periods; forexample a policy can enable users to access news and entertainmentrelated sites during lunch breaks but not during working hours.

The WebGrade Database includes more than 60 predefinedcategories. These include pornography, adult themes, games,violence and many others. The database is updated on a regular basisand updates are automatically downloaded to GFI WebMonitor.


29/79

GFI WebMonito r 4.0 4BWebFilter Edition Site rating and content filt ering 29

Configuring Web Filtering polic ies

Adding a Web Fi ltering Pol icy

Screenshot 15 Web Filtering Policies

To add a Web Filtering Policy:

1. Click on WebFilter Edition Web Filtering Policies from thenavigation pane.

2. SelectAdd Policy .

Screenshot 16 Adding a Web Filtering policy: general settings

3. Click on the Generaltab.

4. Provide new policy name and description in the Policy Namefieldand the Policy Description text box respectively.

5. In the Policy Schedule area specify the time period(s) during whichthe new policy will be enforced.


30/79


Screenshot 17 Adding a Web Filtering policy: web filtering categories

6. Select the Web Filtering tab. Define the categories applicable tothe new policy and the actions to take:

To allow categories: Select categories from the BlockedCategories list and clickAllow.

To block categories: Select categories from the AllowedCategories list and click Block.

To quarantine access: Select categories from the Allowed

Categories list and click Quarantine.NOTE: You can also configure advanced category conditions. Formore information refer to the Configuring advanced web filteringpolicies conditions section.

Screenshot 18 Adding a Web Filtering policy: who it applies to


31/79


7. Click on theAppl ies Totab and specify the user(s), group(s) and/ores. Repeat for all user(s), group(s)IP(s) for whom the new policy appli

and/or IP(s) required.

NOTE 1: When adding a user, specify the username in the format

NOTE 2:When adding a group ISA Server authentication is used tovalidate the group name.

DOMAIN\user. ISA Server authentication is used to validate the username.

Screenshot 19 Adding a Web Filtering policy: Notifications

8. Click on the Notifications tab and select Notify the followingadministrators when the site category infringes this policy

tup with the administratorsication e-mail text.Also provide the

the

ser can be thus validated.

ing on Save Settings

Policy:

checkbox if required. Complete senotification email address and notifbody text for the notification email in the Send the followingnotification to the administratorstext box.

9. If you require the user to be notified when the policy you arecreating is triggered, select Notify the user accessing the site if the

site category infringes this policy checkbox and providenotification email text..

NOTE: The notification is sent only if ISA Server authentication ispossible and the u

10. Complete new policy setup by click

NOTE: Failing to click on Save Settingsmeans that you will losepolicy settings as soon as you leave the view to move to anothersection in GFI WebMonitor.

The newly created policy will now be listed in the main Web FilteringPoliciesview.

Editing a Web Filtering Policy

To edit a Web Filtering


32/79


1. Click on WebFilter Edition Web Filtering Policies from the

it icon

navigation pane.

2. Click on the ed next to the policy you want to edit.

s you leave the view to move to another section in

r Edition Web Filtering Policies from the

on WebFilter Edition Web Filtering Policies from the

ou want to

from the

2. Click on the delete icon

3. Refer to Adding a Web Filtering Policy section in this chapter, fora description of the fields which can be edited.

4. Click on Save Sett ingsto finalize editing a policy.

NOTE: Not clicking on Save Settings will lose all changed policysettings as soon aGFI WebMonitor.

Disabling a Web Filtering Policy

To disable a Web Filtering Policy:

1. Click on WebFiltenavigation pane.

2. Uncheck the box from the Enabledcolumn for the policy you want

to disable and click on Save Settingsto finalize disabling a policy.

NOTE: Not clicking on Save Settingswill lose all changed policysettings as soon as you leave the view to move to another section inGFI WebMonitor.

Enabling a Web Filtering Policy

1. Clicknavigation pane.

2. Check the box from the Enabledcolumn for the policy yenable and click on Save Settingsfinalize enabling a policy.

NOTE: Not clicking on Save Settings will lose all changed policysettings as soon as you leave the view to move to another section inGFI WebMonitor.

Deleting a Web Filtering Policy

1. Click on WebFilter Edition Web Filtering Policiesnavigation pane.

for the policy you want to delete and clickon Save Settingsfinalize deleting a policy.

NOTE: Not clicking on Save Settingswill lose all changed policysettings as soon as you leave the view to move to another section in

GFI WebMonitor.

Default web filtering policy

GFI WebMonitor - WebFilter Edition ships with a default web filteringpolicy which applies to all users. The policy name is listed as DefaultWeb Filtering Policy.

ut it cannot be disabled or deleted. If you

ebfiltering policies.

NOTE 1: Alluser-createdweb filtering policies take precedence overthe default web filtering policy.

This policy can be edited bwant to edit the default policy, refer to the Editing a Web FilteringPolicy section in this chapter for information related to editing w


33/79


NOTE 2:Certain fields in the default policy cannot be edited. Theseinclude Policy Name, Policy Description and fields in the Appl iesTotab.

Configuring advanced web filtering policy condit ions

Advanced web filtering policy conditions give you greater flexibility indefining which sites should be allowed or blocked. These advancedpolicy conditions take precedence over categories you may havealready specified in the Al lowed Categor ies and BlockedCategorieslist boxes.

Adding an advanced web fil tering po licy condit ion

To create an advanced web filtering policy condition:

Screenshot 20 Web filtering policy

1. From the Web Filteringtab click on Show Advanced Options.


34/79


Screenshot 21 Configuring advanced web filtering policy conditions

2. Click on Add Condition to view the Edit Propertiesdialog whereyou will create the advanced condition.

f categories which will enable you to allow,

For example, to block sites which fall under the categories Adultthemes AND Sexuality:

a) Select Adult themes from Available Categories list box andclick on Use Category

b) Select Sexuality fromAvailable Categorieslist box and clickon Use Category

c) Select Block and Delete from the Perform this action:dropdown list and click OKto apply the condition

4. Click on Save Settingsto finalize settings.

y, sites are not blocked if a site islisted under individual categories. In the example above, a site isNOTikewise, the

only under the Sexuality category.

nged policyer section in

iltering policy condition:

Show Advanced Options.

y the Edit Propertiesced condition.

ondition

g policy condition:

3. Specify a combination oblock or quarantine sites.

NOTE 1: With this advanced polic

blocked if it only falls under the Adult themes category. Lsite isNOT blocked if it only falls

NOTE 2: Not clicking on Save Settings will lose all chasettings as soon as you leave the view to move to anothGFI WebMonitor.

Editing an advanced web filtering policy condition

To edit an advanced web f

1. From the Web Filteringtab click on

2. Click on the advanced policy to edit to displadialog where you can edit the advan

3. Click OKto apply the changes you made.

NOTE: Not clicking on Save Settings will lose all changed policysettings as soon as you leave the view to move to another section inGFI WebMonitor.

Removing an advanced web filtering policy c

To delete an advanced web filterin

1. From the Web Filteringtab click on Show Advanced Options.

2. Click on the delete icon next to the advanced policy you want to

Settings will lose all changed policy

delete.

NOTE: Not clicking on Savesettings as soon as you leave the view to move to another section inGFI WebMonitor.


35/79


WebGrade Database settings

Screenshot 22 WebGrade Database settings

ring Polic ies WebGrade Database

WebFilter Edition Web Filtering Polic ies WebGrade

box in the Enabled column

es that the Web

e Databasesettings view you can:

UpdateNow .

Through the WebGrade Databasesettings view you can:

Enable/disable the database

View the database status, version and license details

Configure database updates

Access the WebGrade Database settings view by clicking on

WebFilter Edition Web Filtefrom the navigation pane.

Enabling/disabling the database

To enable or disable the database:

1. Click onDatabase

2. Checking and unchecking the checkenables or disables the WebGrade Database.

NOTE: Disabling the WebGrade database impli

il ring policies cannot access the site categories.F te

Configure database updates

Through the checkboxes within the WebGrade Database Updatesarea in the WebGrad

Configure whether the WebGrade Database should be updatedautomatically or manually

Configure the frequency with which available updates should beinstalled

Configure if an email notification should be sent upon successful

updating of the WebGrade Database Manually update the WebGrade Database by clicking


36/79


Bandwidth Monitor ing

Use Bandwidth Monitoring to identify the sites from which networkusers have downloaded most data, and the users who havedownloaded the most data. This data is available from these two sub-

mption

nodes beneath the Bandwidth Monitoringnode:

Sites Top Bandwidth Consumption

Users Top Bandwidth Consumption

Sites Top Bandwidth Consu

Screenshot 23 Sites Top Bandwidth Consumption

cAc ess Sites Top Bandwidth Consumption view byWebFilter Edition Sites Top Ban

clicking ondwidth Consumption from the

sites from whichspecific date. The

navigation pane.

The Sites Top Bandwidth Consumption view lists thenetwork users downloaded the most data, for ainformation displayed includes:

The sites which were accessed

Amount of data downloaded from each site

The number of times that each site was accessed (i.e., the numberof hits)


The users/IPs that accessed the site

Site category as defined by the WebGrade Database


By default the list is sorted by Usage, the amount of data downloaded,in descending order. The list can also be sorted:

Alphabetically in ascending order by site, by clicking on the Site

column heading


37/79


In descending order of popularity (the site with most hits is listed

ch of the sites


on top), by clicking on the Hitscolumn heading

To display the graphs showing hits over time for ealisted, select the Show Hits Over Time Charts checkbox. Thesegraphs enable you to identify the time period(s) for the specified date

during which each site was most frequently accessed.By default, this view lists todays default data. To view data for otherdays, use the controls on the upper right of the view:

the forward button Next day click on

Specific date click on the calendar button , select the requireddate and click on Goto retrieve data for that date.

NOTE: If no data for a specific date is available, an error messagestating that data was unable to be retrieved will be displayed.

You can also click on any of the sites listed to bring up the Site

History Details view. For more information refer to the Site HistoryDetails section in this chapter.

Users Top Bandwidth Consumption

Screenshot 24 Users Top Bandwidth Consumption

Access Users Top Bandwidth Consumption view by clicking onWebFilter Edition Users Top Bandwidth Consumption from the

andwidth Consumption view lists the users with the

ta downloaded by each user

navigation pane.

The Users Top Bhighest download volume on a specific date. The informationdisplayed includes:

The users/IPs that browsed sites

Amount of da

The number of site accesses made by each user The sites which were accessed by each user


38/79



By default the list is sorted by Usage, the amount of data downloaded,in descending order. The list can also be sorted:

In alphabetical/ascending order by user/IP, by clicking on theUser/IPcolumn heading

In descending order of popularity (the site with most hits is listedon top), by clicking on the Hitscolumn heading

To display the graphs showing hits over time for each of the user/IPslisted, select the Show Hits Over Time Charts option. The chartsassists you in identifying the time period(s) for the specified dateduring which each user carried out the most site accesses.




Specific date click on the calendar button , select the requireddate and click on Goto retrieve data for that date.

NOTE: If no data for a specific date is available, an error messagestating that data was unable to be retrieved will be displayed.

You can also click on any of the users/IPs listed to bring up the User view. For more information refer to the User History

n in this chapter.

Site History Details

History DetailsDetails sectio

any site listed in the

sing the Site History Details

through theMonitoring node.

Screenshot 25 Site History Details

Access Site History Details view byclicking onSites Top Bandwidth Consumption.

NOTE:More detail is shown when acces

view through the WebFilter Edition node than


39/79


This view shows the following information for a specific site, on thespecified date:

All users/IPs who have accessed that site

Amount of data downloaded/uploaded from/to the site

The number of times the site was accessed by each user/IP

Hits Over Time Chart option to display a graph

one of the users/IPs listed to display a graph

e number of hits for any one of the users/IPs listed to

during the day.

Hover over one of the file types shown for any one of the users/IPslisted to, for a specific user, display a graph showingdownload/upload traffic over time for a specific file type.

You can also click on any one of the users/IPs listed to display theUser History Details view. For more information refer to the UserHistory Details section in this chapter.

The file types accessed from the site by each user/IP

A graphical representation of total download/upload traffic from/tothe site, for all users/IPs

A graphical representation of total site hits over time, for allusers/IPs

A graphical representation of total download/upload traffic from/tothe site, for each user/IP listed

A graphical representation of user site hits over time, for eachuser/IP listed

A graphical representation of traffic over time for each of the filetypes shown, for each user/IP.

For a graphical representation of the various data elements presentedwithin this view:

Select the Show Traffic Over Time Chart option to display agraph showing total download/upload traffic from/to the site for allusers. This chart assists you in identifying the time period(s) forthe specified date during which there was greatest traffic from/tothe site.

Select the Showshowing total site hits over time for all users. This chart assists youin identifying the time period(s) for the specified date during whichthe site was most frequently accessed by users.

Hover over the amount of data downloaded/uploaded in the Usagecolumn for anyshowing total download/upload traffic from/to the site for a specificuser. A chart is displayed with information related to thedownload/upload pattern of the user during the day.

Hover over thdisplay a graph showing total site hits over time for a specificuser. A chart is displayed information related to access patternsand frequencies of the user


40/79


User History Details

Edition node than through the

te hits over time

ownload/upload traffic from/toa site, for each site listed

A graphical representation of specific site hits over time

A graphical representation of traffic over time for each of the filetypes shown, for a specific site.

For a graphical representation of the various data elements presentedwithin this view:

Select the Show Traffic Over Time Chart option to display agraph showing total download/upload traffic from/to the site for allsites. This chart helps you to identify the time period(s) for the

by the

Screenshot 26 User History Details

Access User History Detailsview byclicking on any site listed in theUsers Top Bandwidth Consumption.

NOTE:More detail is shown when accessing the User History Detailsview through the WebFilterMonitoring node.

The User History Details view shows the following for a specificuser/IP:

The sites accessed on the specified date

Amount of data downloaded/uploaded from/to each site

The number of times the site was accessed

The file types accessed from the site

Site category as defined by the WebGrade Database

A graphical representation of total download/upload traffic from/toall sites

A graphical representation of total si

A graphical representation of total d

specified date during which there was greatest trafficuser/IP.


41/79


Select the Show Hits Over Time Chart option to display a graphe. This chart helps you to identify

over the amount of data

d in the Usage column for any one of thesites listed to display a graph showing total download/upload trafficfrom/to a specific site. A chart is displayed with information relatedto the download/upload pattern of the user on the specific siteduring the day.

Hover with the mouse pointer over the number of hitsfor any oneof the sites listed to display the graph showing specific site hitsover time for the user. A chart is displayed with information relatedto the specified site access pattern and frequency by the userduring the day.

Hover with the mouse pointer over one of the file typesshown for

display the graph showingfor a specific file type, for a

showing total site hits over timthe time period(s) for the specified date during which the useraccessed the listed sites.

Hover with the mouse pointer

downloaded/uploade

any one of the sites listed todownload/upload traffic over timespecific site.

You can also click on any of the sites listed to bring up the SiteHistory Details view. For more information refer to the Site HistoryDetails section in this chapter.


42/79

42 5BWebSecurit y Edition File scanning and download control GFI WebMonitor 4.0

WebSecurity Edition File scanning

and download control

Introduction to WebSecurity Edition

GFI WebMonitors WebSecurity features scan and control filesdownloaded from the Internet by users, groups or IPs. GFIWebMonitor identifies the real file type of the file being downloaded

mine what action

file from being downloaded and quarantine the file URL

g downloaded and delete all related URLs.

s, GFI WebMonitor applies the configured Virusnning options. These

ay include any of the following:

Display download progress and status

Scan the downloaded file with any of the supported virus scanners

Take any of the following action when a virus is detected:

o Issue a warning, but allow access to the downloaded file

o Block access to the downloaded file and quarantine

o Block access to the downloaded file and delete it.

WebSecurity also includes an Anti-Phishing Engine which checkswebsite access against an updated database with known phishingURLs. If a URL being accessed is found on the anti-phishing list,

and then applies Download Control Policies to deterto take. This may be one of the following actions:

Allow the file to be downloaded

Block the

Block the file from bein

For allowed downloads and determines its virus scaScanning Policie

m

access to the site is denied.


43/79

GFI WebMonit or 4.0 5BWebSecuri ty Edition File scanning and downl oad contr ol 43

Configuring Download Control policies

Screenshot 27 - Download Control Policies

Adding a Download Control Pol icy

To add a download control policy:

1. Click on WebSecurity Edition Download Control Policiesfromthe navigation pane.

2. Click onAdd Policy .

Screenshot 28 - Add download control policy


4. Provide new policy name and description in the Policy Namefieldand the Policy Description text box respectively.


44/79


type you

Screenshot 29 - Add new download control policy: Download control tab

5. Click on the Download Control tab and click on the filewant to control.

Screenshot 30 - Add new download control policy: Change Action dialog

6. From the Change Actiondialog select the action to be performedfrom the Perform this action:drop down list. Available options are:

Allow

Block and Quarantine

Block and Delete


45/79


Screenshot 31 - Download control policies: Applies to tab

and/or IP(s) required.

7. Click OK, select Appl ies Tab and specify the user(s), group(s)and/or IP(s) for whom the new policy applies. Repeat for all user(s),group(s)

NOTE 1: When adding aDOMAIN\user. ISA Server

user, specify the username in the formatauthentication is used to validate the user

ate the group name.

name.

NOTE 2:When adding a group ISA Server authentication is used tovalid

Screenshot 32 Download control policies: Notification tab

8. Click on the Notifications tab. and se Notify the following

ownload content infringes this policycheckbox if required. Complete setup with the administrators

lect

administrators when the d


46/79


notification email address and notification email text.Also provide thebody text for the notification email in the Send the following

equire the users to be notified when the policy you are

10. Complete new policy setup by clicking on Save Settings.

ettings means that you will loseto another section in

GFI WebMonitor.

The policy you have just created will be listed in the main DownloadControl Policiesview.

Editing a Download Control Policy

To edit a download control policy:


2. Click on the edit icon

notification to the administratorstext box.

9. If you rcreating is triggered, select the option Notify the user performing

the download when the downloaded content infringes this policycheckbox and provide the notification email text.

NOTE: The notification is sent only if ISA Server authentication ispossible and the user can be thus validated.

NOTE: Failing to click on Save Ssettings as soon as you leave the view to move

next to the policy you want to edit.

d Control Policy section in this chapterfor a description of the fields which can be edited.

ng on Save Settings

e Settings means that you will lose

Control Policy

l policy:


2. Uncheck the checkbox in the Enabled column for the policy youwant to disable.

3. Complete disabling a download policy by clicking on Save Settings

NOTE: Failing to click on Save Settings means that you will losesettings as soon as you leave the view to move to another section inGFI WebMonitor.

Enabling a Download Control Policy

wnload control policy:

2. Check the checkbox in the Enabledcolumn for the policy you wantto disable.

3. Complete enabling a download policy by clicking on Save Settings

3. Refer to Adding a Downloa

4. Complete new policy setup by clicki

NOTE: Failing to click on Sav

settings as soon as you leave the view to move to another section inGFI WebMonitor.

Disabling a Download

To disable a download contro

To enable a previously disabled do



47/79



Delete a Down

To delete a download control policy:1. Click on WebSecurity Edition Download Control Policiesfromthe navigation pane.

2. Click on the delete icon

load Control Policy

next to the policy you want to delete.

g on Save Settings

NOTE: Failing to click on Save Settings means that you will lose

nloadis configured to apply to all users. The policy

ownload Control Policy.

ted, however it cannot be disabled or deleted. Ifdefault policy, refer to the Editing a Download

ntrol Policy section in this chapter for information related to editingdownload control policies.

NOTE 1:Alluser-createddownload control policies takes precedenceover the default download control policy.

NOTE 2:Certain fields in the default policy cannot be edited. Theseinclude Policy Name, Policy Description and fields in the Appl ies

Totab.

Adding Content-types

GFI WebMonitor - WebSecurity Edition includes a large number ofcommon file types. To add a file type which is not in the predefined

3. Complete deleting a download policy by clickin

settings as soon as you leave the view to move to another section inGFI WebMonitor.

Default Download Control Policy

GFI WebMonitor - WebSecurity Edition ships with a default dowcontrol policy whichname is listed as Default D

This policy can be ediou want to edit they

Co

list:


2. Click on Add Pol icy, select Download Control tab and click onAdd Content-type.


48/79


49/79


2. Click onAdd Policy .


ield

Screenshot 35 - Add new virus scanning policy

4. Provide new policy name and description in the Policy Namefand the Policy Description text box respectively.

Screenshot 36 - Add new virus scanning policy: Virus scanning tab

the Virus Scanningtab and click on the file type you wantviruses. From the Change Action dialog box select the

quired) andchoose the

s are:

5. Click onto scan forDisplay download progress and status option (if rechoose the virus scanners to scan the file type with. Also,action to undertake if a virus is found. The available option

Warn and Allow Block and Quarantine


50/79


Block and Delete

y: Applies to tabScreenshot 37 - Add new virus scanning polic

6. Click OK, select Appl ies Tab and specify the user(s), group(s)and/or IP(s) for whom the new policy applies. Repeat for all user(s),group(s) and/or IP(s) required.

tion is used to validate the user

hen adding a group ISA Server authentication is used to

NOTE 1: When adding a user, specify the username in the formatDOMAIN\user. ISA Server authentica

name.NOTE 2:Wvalidate the group name.

Screenshot 38 - Add new virus scanning policy: Notification tab


51/79


7. Click on the Notifications tab and select Notify the followingadministrators when the download content infringes this policycheckbox if required. Complete setup with the administratorsnotification email address and notification e-mail text.Also provide thebody text for the notification email in the Send the followingnotification to the administratorstext box.

8. If you require users to be notified when the policy you are creatingis triggered, select the option Notify the user performing thedownload when the downloaded content infringes this policycheckbox and provide the notification email text.

er authentication is

9. Complete new policy setup by clicking on Save Settings

NOTE 2: Failing to click on Save Settings means that you will losesettings as soon as you leave the view to move to another section inGFI WebMonitor.

The policy you have just created will be listed in the main VirusScanning Policiesview.

Editing a Virus Scanning Policy

To edit a virus scanning policy:

1. Click on WebSecurity Edition Virus Scanning Policiesfromthe

2. Click on the edit icon

NOTE 1:The notification is sent only if ISA Servpossible and the user can be thus validated.

navigation pane.

next to the virus scanning policy you want

y setup by clicking on Save Settings.

click on Save Settings means that you will loseas you leave the view to move to another section in

sabling a Virus Scanning Policy

To disable a virus scanning policy:

1. Click on WebSecurity Edition Virus Scanning Policiesfromthenavigation pane.

2. Uncheck the checkbox in the Enabled column for the policy youwant to disable.

3. Complete disabling a virus scanning policy by clicking on SaveSettings.


to edit.

3. Refer to Adding a Virus Scanning Policy section in this chapter,

for a description of the fields which can be edited.4. Complete new polic

NOTE: Failing tosettings as soonGFI WebMonitor.

Di

Enabling a Virus Scanning Policy

To enable a virus scanning policy:

1. Click on WebSecurity Edition Virus Scanning Policiesfromthenavigation pane.


52/79


2. Check the checkbox in the Enabledcolumn for the policy you wantto enable.

3. Complete enabling a download policy by clicking on Save Settings.

to click on Save Settings means that you will losen as you leave the view to move to another section in

ning Policiesfromtheavigation pane.

NOTE: Failingsettings as soo

GFI WebMonitor.

Delete a Virus Scanning Policy

To delete a Virus Scanning Policy:

1. Click on WebSecurity Edition Virus Scann

2. Click on the delete icon next to the policy you want to delete.

3. Complete deleting a virus scanning policy by clicking on Save

e to another section in

GFI WebMonitor WebSecurity Edition ships with a default virusscanning policy which is configured to apply to all users. The policyname is listed as Default Virus Scanning Policy.

This policy can be edited, however it cannot be disabled or deleted. Ifyou want to edit the default policy, refer to the Editing a VirusScanning Policy section in this chapter for information related toediting virus scanning policies.

NOTE 1: Any user-created virus scanning policy takes precedenceover the default virus scanning policy.

lt policy cannot be edited. Thesecription and fields in the Appl ies

Scanning E

Settings

NOTE: Failing to click on Save Settings means that you will lose

settings as soon as you leave the view to movGFI WebMonitor.

Default Virus Scanning Policy

NOTE 2:Certain fields in the defauinclude Policy Name, Policy DesTotab.

ngines

Through the Virus & Spyware Protectionview you can:

Enable/Disable one or more of the supported engines

View the licensing status Configure anti-virus engine/signature updates for each one of the

scanning engines

n view click on

ebSecurity Edition Virus Scanning Policies Virus

To access the Virus & Spyware ProtectioWebSecurity Edition Virus Scanning Policies Virus & SpywareProtection fromthe navigation pane.

Enabling/disabling the scanning engines

To enable or disable one or more of the scanning engines:

1. Click on W& Spyware Protection.


53/79


2. Check or o enableor disable scanning with the virus scanner for which the virus scanneris checked or unchecked.

NOTE: Disabling a virus scanning engine denotes that GFIWebMonitor cannot use that engine.

3. Complete Virus scanning engine setup by clicking on SaveSettings

NOTE: Failing to click on Save Settings means that you will losesettings as soon as you leave the view to move to another section inFI WebMonitor.

Configure anti-virus updates

ure updates

essage that should be sent upon successful

tures by clicking Update

Screenshot 39 - Virus & Spyware Protection

uncheck the checkboxes in the Enabledcolumn t

G

Through the configuration view for each one of the supportedscanning engines you can:

View the scanning engine status, version and license details

Check or uncheck checkboxes that enable automatic or manualscanning engine/signat

Configure the frequency with which available updates should beinstalled

Check or uncheck checkboxes that enable the configuration of anemail notification mupdating of scanning engines/signatures

Manually update scanning engines/signaNow .


54/79


Screenshot 40 - Virus & Spyware Protection: BitDefender Properties

r the Kaspersky scanning engine you

Screenshot 41 - Norman Anti-Virus Properties

Kaspersky Scanning Engine Options

Through the configuration view focan specify whether Virus Scanning Policies should be triggered whenfiles are identified as:

Suspicious

Corrupted

Hidden


55/79


Virus Scanning Policies Virusky Anti-Virus.

as soon as you leave the view to move to another section in

Ant i-Phish

Screenshot 42 - Kaspersky Anti-Virus Properties

1. Click on WebSecurity Edition& Spyware Protection Kaspers

2. Check or uncheck checkboxes that enable action for files identifiedas suspicious, Corrupted or Hidden.

3. Complete setup by clicking on Save Settings.NOTE: Failing to click on Save Settings means that you will losesettingsGFI WebMonitor.

ing Engine

Through theAnti -PhishingEngineview you can:

access the Anti-Phishing Engine view click on WebSecurityEdition Anti-Phishing Engine fromthe navigation pane.

Enabling/disabling the Anti -Phishing Engine

To enable or disable the Anti-Phishing Engine:

1. Click on WebSecurity Edition Anti-Phishing Engine.


Enable/Disable anti-phishing

View the anti-phishing feature licensing status

Configure anti-phishing database updates

To


56/79


Screenshot 43 - Anti Phishing engine properties

checkbox

tings

n ave Settings means that you will lose

itor.

boxes within the Anti -Phishing Updates area in

atabase should be updated

ency with which available updates should beinstalled

Configure if an email notification should be sent upon successfulupdating of the Anti-Phishing Database

Manually update the Anti-Phishing Database by clicking UpdateNow .

To configure Anti-Phishing database updates:



3. Specify the required settings in theAnti -Phishing Updatesarea.

4. Complete Anti-Phishing Database updates setup by clicking on

Save Settings

3. Check or uncheck the Block access to phishing sitesto enable or disable anti-phishing features.

NOTE 1: Disabling the anti-phishing engine implies that GFIWebMonitor cannot use that engine to block phishing sites.

4. Complete anti-phishing engine setup by clicking on Save Set

NOTE 2: Failing to click o Ssettings as soon as you leave the view to move to another section inGFI WebMon

Configure Anti-Phishing database updates

Through the checktheAnti -Phishing Enginesettings view you can:

Configure whether the Anti-Phishing Dautomatically or manually

Configure the frequ


57/79


NOTE: Failing to click on Save Settings means that you will losesettings as soon as you leave the view to move to another section in

Through the Notificationstab inAnti -Phish ing Enginesettings view

GFI WebMonitor.

Configure phishing notifications

you can specify whether email notifications are to be sent when a sitebeing accessed is a known phishing site.

To enable phishing notifications:


Screenshot 44 - Anti-Phishing notification tab

2. Click on the Notifications tab and check the Notify the followingadministrators when the site accessed is a known phishing sitecheckbox.Complete setup with the administrators notification emailaddress and notification e-mail text.Also provide the body text for thenotification email in the Send the following notification to theadministratorstext box.

3. If you require the user to be notified when a phishing site is

accessed, check the Notify the user accessing the site if the siteaccessed is a known phishing site checkbox and provide the

NOTE: The notification is sent only if ISA Server authentication is

plete phishing notifications setup by clicking on Save Settings

on Save Settingsmeans that you will losegs as soon as you leave the view to move to

notification email text.

possible and the user can be thus validated.

4. Com

NOTE: Failing to clickphishing notification settinanother section in GFI WebMonitor.


58/79

58 6BHandling block ed downl oads GFI WebMonit or 4.0

Handli

Introduction

ng blocked downloads

GFI WebMonitor includes a quarantine feature; a restricted, safe andcontrolled storage area where potentially harmful download files arestored. Policies may be set where downloaded files/URLs are blockedand stored in quarantine. Downloaded files may be quarantined as aresult of one or more configured policies in the following categories

Download Control Policies

eview the quarantine to:

week

Approving

being triggered:

Web Filtering Policies

Virus Scanning Policies

Administrators should r

Establish the reason for which a download file is being quarantined

Determine whether the file is harmful or harmless and should bedeleted or approved.

If approved for access, quarantined items are transferred to a

Temporary Whitelist. Users can be then granted access to thedownloaded files through the Temporary Whitelist.

There are four different views for quarantined items:

Those transferred to quarantine today

Those transferred to quarantine yesterday

Those transferred to quarantine this

All items transferred to quarantine

or Deleting items

Viewing quarantined items

The following information is shown for all items listed in thequarantine:

d the item which is now quarantined

1. Click on the Quarantine node in the navigation pane, and select

one of views available to either review all items or those for a specifiedperiod:

Date and time when the item was quarantined

The user/IP who accesse

URL details of the quarantined item

The reason why the item was quarantined

To view quarantined items:


59/79

GFI WebMonito r 4.0 6BHandling blocked downl oads 59

Today

Yesterday

This Week

All Items

Screenshot 45 - Quarantine

2. Click on each one of the available tabs to view a list of itemsquarantined for each respective policy category:

WebFiltering Policies tab

eing

Download Contro l Policies tab

Virus Scanning Policies tab

Lists are sorted in descending order, with the latest item bquarantined shown at the top of the list.

3. Click on the details icon to view details for that item.

4. Click Go Back To List to move back to the list of quarantineditems.

5. Use the navigation icons to navigate through a long listof quarantined items.

rantined items

ws, depending on when the item was quarantined.

Approving qua

To approve one or more items in quarantine:

1. Click on Quarantinenode from the navigation pane and select oneof the available vie

2. Click on the policy tab where the quarantined item is stored.

3. Click on the details icon


60/79

60 6BHandling block ed downl oads GFI WebMonit or 4.0

Screenshot 46 - Approving a quarantined item

4. ClickApprove Item to make the downloaded file available to usersor Approve Al l Items to make all items in a quarantine available tousers.

NOTE 1:The user email address is shown only if the user has beenauthenticated through ISA Server authentication, and has a validActive Directory email field.

NOTE 2: Using the checkbox associated with each entry in thequarantine enables multiple file whitelisting.

NOTE 3:Exert extreme caution with this feature. In approving an itemfrom the Quarantine, you are excluding the web site from all policiesconfigured in GFI WebMonitor for the particular user. Approving apotentially harmful file may therefore lead to your network beingcompromised.

Approved items are transferred to the Temporary Whitelist. Refer tothe Configuring permitted and prohibited sites chapter for moreinformation on the whitelist.

NOTE 4:Quarantined items which are not approved after 2 days areautomatically deleted.

Deleting quarantined items

To delete one or more items in quarantine:

1. Click on Quarantinenode from the navigation pane and select oneof the available views, depending on when the item was quarantined.

2. Click on the policy tab where the quarantined item is stored.

3. Click on the details icon

4. If you decide that the downloaded file should be deleted, click

Delete Item


61/79

GFI WebMonito r 4.0 6BHandling blocked downl oads 61

4. Click Delete Seleto users or Delete

cted Item to make the downloaded file availableAl l Items to make all items in a quarantine

available to users.

NOTE 1: Using the checkbox associated with each entry in thequarantine enables multiple file deletion.

NOTE 2:Quarantined items which

Web Mon 4 Manual

Documents

Transcript of Web Mon 4 Manual