User manual F-SECURE CLIENT SECURITY 7.00 ADMINISTRATOR GUIDE

[. . . ] F-Secure Client Security Administrator's Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. [. . . ] Go to the Settings tab and select the Web Traffic Scanning page. Excluding a Domain from HTTP Scanning To exclude an entire domain from HTTP scanning, enter the URL of the domain in the Trusted Sites table as follows: 180 1. Click on the line you just created so that it becomes active, and type http://*. example. com/* This excludes all the sub-domains. Click on the line you just created so that it becomes active, and type http://example. com/* This excludes the second-level domain. Step 3. Excluding a Sub-Directory from HTTP Scanning To exclude a sub-directory from HTTP scanning, enter the URL of the domain with the directory path in the Trusted Sites table as follows: 1. Click on the line you just created so that it becomes active, and type http://www. example2. com/news/* Step 4. 1. to distribute the policy. CHAPTER 5 181 5. 8 Configuring Spyware Scanning Spyware scanning protects the hosts against different types of spyware, such as data miners, monitoring tools and dialers. In centrally managed mode spyware scanning can be set, for example, to report the spyware items found on hosts to the administrator or to quarantine all found spyware items automatically. It is also possible to allow the use of certain spyware applications by specifying them as allowed spyware on the Spyware Control page. A Note About Cleaning Spyware and Riskware Spyware is a gray area between a fully legitimate application and a virus/ trojan. Some spyware may be necessary to run ordinary applications, while most spyware is just malware and should not be allowed to run even once. By default, F-Secure Spyware Scanning is configured to allow all spyware to run. You can check whether you need to allow some spyware to run on your network before you tighten the security and prevent all new spyware from executing. Riskware is any program that does not intentionally cause harm but can be dangerous if misused, especially if set up incorrectly. Examples of such programs are chat programs (IRC), or file transfer programs. 5. 8. 1 Spyware Control Settings Spyware Scanning on File Access To enable real-time spyware scanning, select the Scan for spyware check box. 182 From the Action on spyware drop-down list, you can select the action to take when spyware is detected. Choose one of the following actions Action Report only Ask after scan Definition The spyware is reported only, but no action is taken. A note about the Ask after scan option: If Show alerts to users is set to Show in standalone mode only, and the host is centrally managed, the spyware is reported only to the administrator. Remove automatically Quarantine automatically The spyware is deleted automatically. To prevent users from accessing quarantined spyware, select the Deny access to spyware check box. From Show alerts to users you can select whether detection dialogs of found spyware are shown to users. The options are: Show in Standalone Mode Only - In centrally managed environments detection dialogs of spyware detected by real-time scanning are not shown. Show Always - Detection dialogs of spyware detected by real-time scanning are always shown to the user. CHAPTER 5 183 The Configure other spyware scanning options in advanced mode link takes you to the F-Secure Policy Manager Console Advanced Mode user interface, where other spyware scanning options can be configured. Manual Spyware Scanning To enable manual spyware scanning select the Scan for spyware during manual virus scanning check box. From the Action on spyware drop-down list, you can select the action to take when spyware is detected. Choose one of the following actions Action Report only Ask after scan Remove automatically Quarantine automatically Definition The spyware is reported only, but no action is taken. The spyware is quarantined. The Show alerts to users setting on the Real-Time Scanning page has no effect on manual spyware scanning. [. . . ] To connect to the Web Club directly from your Web browser, go to: http://www. f-secure. com/webclub/ Virus Descriptions on the Web F-Secure Corporation maintains a comprehensive collection of virus-related information on its Web site. To view the Virus Information Database, go to: http://www. f-secure. com/virus-info/. Advanced Technical Support For advanced technical support, go to the F-Secure Support Center at http://support. f-secure. com/ or contact your local F-Secure distributor directly. For basic technical assistance, please contact your F-Secure distributor. Please include the following information with your support request: 313 1. [. . . ]