Download - Talon FAST 4.x - Firewall and Antivirus Requirements FAST... · Firewall & Antivirus Requirements Guide ... 1. FIREWALL AND ANTIVIRUS BEST PRACTICES ... , and drives are excluded

1

Talon FAST™

Firewall & Antivirus

Requirements Guide

Revision 401029

2

TABLEOFCONTENTS

1. FirewallandAntivirusBestPractices............................................3

2. McAfeeVirusScan.........................................................................5

3. SymantecEndpointProtection12.x...........................................17

4. SophosEndpointSecurityandControlv10.x.............................25

5. TrendMicroOfficeScan..............................................................31

DISCLAMER:THISDOCUMENTATIONISPROVIDEDBYTALONONAN"ASIS"BASIS.TALONMAKESNOREPRESENTATIONSORWARRANTIESOFANYKIND,EXPRESSORIMPLIED,ASTOTHEOPERATIONOFTHEWEBSITEORTHEINFORMATION,CONTENT,MATERIALS,ORPRODUCTSINCLUDEDINTHISDOCUMENT.TOTHEFULLEXTENTPERMISSIBLEBYAPPLICABLELAW,TALONDISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDING,BUTNOTLIMITEDTO,IMPLIEDWARRANTIESOFMERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSEANDNON-INFRINGEMENT.

AlthoughTalonhasattemptedtoprovideaccurateinformationinthisdocumentation,Talonassumesnoresponsibilityfortheaccuracyorcompletenessoftheinformation.Talonmaychangetheprogramsorproductsmentionedinthisdocumentatanytimewithoutnotice,butTalonmakesnocommitmenttoupdatetheprogramsorproductsmentionedonthiswebsiteinanyrespect.Mentionofnon-Talonproductsorservicesisforinformationalpurposesonlyandconstitutesneitheranendorsementnorarecommendation.

3

1. FIREWALLANDANTIVIRUSBESTPRACTICESNote:WhileTalonmakesareasonableefforttovalidatethatthefollowingantivirusapplicationsuitesarecompatiblewiththeTalonFAST™solution,wecannotguaranteeandarenotresponsibleforanyincompatibilitiesorperformanceissuescausedbytheseprograms,ortheirassociatedupdates,servicepacks,ormodifications.TalondoesnotrecommendtheinstallationnorapplicationofmonitoringorantivirussolutionsonanyFAST™enabledappliances(CoreorEdge).Shouldasolutionbeinstalled,bychoiceorbypolicy,thefollowingBestPracticesandrecommendationsmustbeapplied.

MicrosoftFirewall

• RetainFirewallSettingsasDefault

Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofOFFandnotstartedforstandardTalonFAST™CoreorEdgeinstallations.

Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofONandstartedforCoreorEdgeappliancesalsobeingusedasdomaincontrollers.

CorporateFirewall

• RetainFirewallSettingsasDefault•Firewall:ports6618-6621(TalonFAST™usesTCPports6618-6621)• WANOptimizationsolutions/devicesmustbeconfiguredto“Pass-thru”Talon-specificports

Client-SideSoftware

TalonhastestedcommonantivirussoftwarepackagesincludingMcAfee,Symantec,SophosandTrendMicroforusealongsideourFAST™solutiononbothCoreandEdgesystemsconfiguredtorunoursoftware.

Note:AddingantivirustoanEdgeappliancemayintroducea20-30%impactonuserperformance.

Pre-Installationnotes

• TheantivirussoftwarepackageshouldbecertifiedbyTalon.• Theantivirussoftwarepackage(likeanyothercertifiedsoftware)shouldonlybeinstalledondriveC:\

4

RestrictFileScanning

Applicationsthatscanfilesand/orfoldersinordertogatherstatisticsorotherdatasometimesonlyreadmetadataofthefilewithoutreadingactualdatacontainedwithinthefile.Otherapplicationsmayopeneachfileindividuallyinordertodeterminethetypeofdatapresentinthefile.Inthecaseofpictures,music,orvideofiles,certainapplicationsmayalsocreatethumbnailsorprovideadditionalinformationaboutthecontentsofthefile.

ScansthatcausethesetypesoffileopenoperationsshouldbeavoidedontheEdgeapplianceandontheclientworkstation.AnyopenofafileinthismannerwillcausetheEdgeappliancetoretrievethefilefromthebackenddatacenterfileserverandcacheitlocallyinthebranchoffice.ScanningtogatherstatisticsorprovidethumbnailstopicturefilescouldalsocausetheEdgeappliancetoretrieveandcachemoredatathanthecachewasoriginallysizedtoaccommodate.Client-sidesoftwarethatsearches,indexesand/orscansnetworkfilesandfolderscancauseunnecessarymetadataandfiletransfersovertheWAN,resultinginanadditionalloadontheapplianceandshouldbeavoided.

AntivirusCoverageRecommendation

AntivirussoftwareinstalledonthebackenddatacenterfileserverandonclientPCsisgenerallyadequateprotectionagainstnetworkviruses.TalondoesallowdataonitsEdgeandCoreappliancestobescanned,ensuringcompletepoint-to-pointprotection.However,onbothCoresandEdges,theD:\(cachedrive)andT:\(virtualfileshare)volumesshouldbothbeexcludedfromvirusscanningaswellasanyTalonFAST™processes.Users’mappednetworkdrivesshouldneverbescanned.

ConfigureExclusions

AntivirussoftwareorotherthirdpartyindexingorscanningutilitiesshouldneverscandriveD:\ordriveT:\ontheEdgeappliance.ThesescansofEdgeserverdrivesD:\andT:\willresultinnumerousfileopenrequestsfortheentirecachenamespace.ThiswillresultinfilefetchesovertheWANtoallfileserversbeingoptimizedatthedatacenter.WANconnectionfloodingandunnecessaryloadontheEdgeappliancewilloccurresultinginperformancedegradation.

ThefollowingTalonFAST™processesshouldbeexcludedfromanyandallantivirusscans:

• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe• C:\Windows\System32\drivers\tfast.sys

5

2. MCAFEEVIRUSSCAN

ThissectionoutlinesbestpracticesforMcAfeeVirusScanEnterpriseversiontargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.

BaselineProtection

AftercompletingaStandardinstallationoftheMcAfeeVirusScanEnterpriseandchoosingtonotperformtheinitialOn-demandscan,followtheconfigurationspecificsasoutlinedbelow,includingOn-AccessScanning,FullandTargetedScan.

6

ExcludingServicesandProcessesinMcAfeeVirusScanConsole

ThissectiondetailshowtoexcludeTalonFAST™processesonCore/EdgeServersandotherremoteappliancesbasedonMcAfeeVirusScanscanning.

✍Note:EnsurethatTalonFAST™processes,services,anddrivesareexcludedonantivirusserversandclientsandasagrouppolicyforTalonFAST™users,ifapplicable.

• Doubleclickthe“On-AccessScanner”taskinthemainVirusScanConsolewindow.

7

• Click“DefaultProcesses”intheleftpaneandthenselecttheradiobuttonlabeled“Configuredifferentscanningpoliciesforhigh-risk,low-risk,anddefaultprocesses.”

• Clickthe“Exclusions”tabandthenclickthe“Exclusions…”buttontoconfigurethem.

8

• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.ClickOKwhenfinished

• ClicktheScanItemstabandde-select“Whenwritingtodisk”

9

• Click“Low-RiskProcesses”intheleftpane.• Clickthe“Add…”buttononthe“Processes”tab.

10

• Oncethelistofavailableprocessesfinishespopulating,youmayneedtoclickthe“Browse…”buttonandmanuallyaddthefollowingprocesses.

• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe

• ClickOKtoapplythechanges.

11

• Clickthe“ScanItems”tabandde-select“Whenwritingtodisk”and“Whenreadingfromdisk”.

12

• Clickthe“Exclusions”tabatthetop.• Clickthe“Exclusions…”button

13

• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.• AddC:\Windows\System32\drivers\tfast.sys.Note:Youmayhavetomanuallytypeinthispathtoadd

tfast.sys• ClickOKwhenfinished.

14

FullorTargetedScans

IfrunningafullortargetedscanonaTalonFAST™server,pleasefollowthestepsbelow

• DoubleclickeitherFullScanorTargetedScanfromtheVirusScanConsole

• Clickthe“Exclusions”tabfromtheOn-DemandScanPropertieswindow.Clickthe“Exclusions…”button.

15

• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.

ClickOKwhenfinished.

16

PreventConnectionBlockinginSharedFolders

WiththeexclusionsoftheD:\andT:\drives,itisrecommendedthatconnectionsnotbeblockedfromsharedfolders.ThiswillprovideconsistentfileaccessfromtheTalonVirtualFileShare,T:\.

Todisabletheconnectionblocking,unchecktheboxasshownbelow:

17

3. SYMANTECENDPOINTPROTECTION12.X

ThissectionoutlinesbestpracticesforSymantecEndpointProtectionversion12.xtargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.

DoubleclicktheSymantecicononthetaskbar

VirusandSpywareProtection->ClickOptions->ChangeSettings

ClickViewList

18

ClickAdd->SecurityRickException->Folder

Scrolldown,clickonD,andclickOK

19

ClickAdd->SecurityRiskException->Folder

Scrolldown,clickonT,andclickOK

20

ClickAdd->SecurityRiskException->Folder

Addthefollowing:

• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe• C:\Windows\System32\drivers\tfast.sys

21

ClickAdd->ApplicationException

22

BrowsetoC:\ProgramFiles\TalonFAST\Bin\andaddtum

ClickOK

ClickontheAuto-Protecttab.UnderFileTypes,clickSelected.UncheckDeterminefiletypesbyexaminingfilecontents.ClickAdvanced.

23

Adjustsettingsasshownbelow

ClickNetwork

UncheckNetworkcache

ClickOK

24

NetworkThreatProtection->ClickOptionsandselectViewNetworkActivity

Rightclicktum.exeandselectAllow

Configurationiscomplete.

25

4. SOPHOSENDPOINTSECURITYANDCONTROLV10.X

ThissectionoutlinesbestpracticesforSophosEndpointSecurityandControltargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.

BaselineProtection(EnterpriseConsoleconfiguration)

AftercompletingatypicalinstallationoftheSophosEnterpriseConsole,followtheconfigurationspecificsasdocumentedbelow.ThisprocessoutlinestheproceduretoconfigureSophosEndpointSecurityandControlfromacentralconfigurationperspective.

26

ExcludingServicesandProcessesusingSophosEnterpriseControl

ThissectiondetailshowtoexcludeTalonFAST™processesonserverandremoteappliancesfromSophosantivirusscanning.

✍Note:EnsurethatTalonFAST™processes,services,anddrivesareexcludedfromantivirusscanning

ThesechangesshouldbemadetoServerandClientpoliciesaswellasgrouppolicyforTalonFAST™usersifapplicable:

• ExpandtheAnti-VirusandHIPStreeinthePoliciessectionoftheEnterpriseConsole.Double-clickthepolicyyouwishtoadjust.

• Clickthe“Configure…”buttonnexttoEnableon-accessscanning.

27

• Clickthe“WindowsExclusions”tab

28

• AddthefollowingitemstotheExcludedItemslistandclickOKwhenfinished:ü C:\ProgramFiles\TalonFAST\Bin\LMClientService.exeü C:\ProgramFiles\TalonFAST\Bin\Optimus.exeü C:\ProgramFiles\TalonFAST\Bin\tafsexport.exeü C:\ProgramFiles\TalonFAST\Bin\tafsutils.exeü C:\ProgramFiles\TalonFAST\Bin\tapp.exeü C:\ProgramFiles\TalonFAST\Bin\TService.exeü C:\ProgramFiles\TalonFAST\Bin\tum.exeü C:\Windows\System32\drivers\tfast.sysü D:ü T:

29

Toverifythecentralconfigurationresultsonaconnectedclientmachine,wecanusetheSophosEndpointSecurityandControlpanel.

• Click“Configureanti-virusandHIPS”

• Click“On-accessscanning”

30

• Clickthe“Exclusions”tabtoverifythatthecorrectpolicyandexclusionshavebeenappliedtotheappliance.

SophosbuiltinFirewall

MicrosoftWindowsServer2012R2bydefaultincludesaMicrosoftWindowsFirewall.TalonFAST™softwareautomaticallyprovidesascripttoperformMicrosoftWindowsfirewallmaintenance,allowingportsassociatedwiththeTalonFAST™product.TalonrecommendstheuseoftheMicrosoftWindowsfirewall.

31

5. TRENDMICROOFFICESCAN

1. OpentheManagementGUIandnavigatetoNetworkedComputers->ClientManagement.

2. Navigateto“ScanSettings”->”Real-TimeScanSettings”.

32

3. Onthe“Target”tab,enable“FiletypesscannedbyIntelliScan”.

4. Directoryscanning.Scrolldownandaddthefollowingexclusionsto“ScanExclusionList(Directories)”topreventTrendMicrofromscanningTalonrelateddirectories:•C:\ProgramFiles\TalonFAST\bin\*•C:\ProgramFiles\TalonFAST\bin•D:\*•D:•T:\*•T:

33

5. TrendMicrowillscanactiveprocessesbeforeperformingafolder/filescan.Scrolldownandaddthefollowingexclusionsto“ScanExclusionList(Files)”:•C:\ProgramFiles\TalonFAST\Bin\*.exe•C:\Windows\System32\drivers\tfast.sys•TFAST.sys•TService.exe•Tapp.exe•tum.exe