GFI WebMonitor 2009 Administration and Configuration Manual By GFI Software Ltd. http://www.gfi.com E-mail: [email protected] Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of GFI SOFTWARE LTD. Document Version: WEBMON-ACM-EN-1.0.7 Last updated: November 10, 2009. Contents 1 Introduction 1.1 1.2 2 3 3 9 Introduction Active Connections Past Connections Hidden Downloads Bandwidth consumption Sites History Users History Site History Details User History Details Activity Log 9 9 9 10 12 13 15 18 20 21 23 Introduction Configuring the Whitelist Configuring the blacklist Using wildcards 23 23 26 27 29 Introduction Configuring Web Filtering policies Configuring advanced web filtering policy conditions WebGrade Database settings 29 29 35 36 WebSecurity Edition - File scanning and download control 6.1 6.2 6.3 6.4 6.5 6.6 7 Introduction The GFI WebMonitor dashboard WebFilter Edition - Site rating and content filtering 5.1 5.2 5.3 5.4 6 3 Configuring allowed and blocked websites 4.1 4.2 4.3 4.4 5 1 1 Monitoring Internet activity 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 4 About this manual Terms used in this manual Using the GFI WebMonitor dashboard 2.1 2.2 3 1 Introduction Download Control policies Configuring Instant Messaging (IM) Control Policies Configuring Virus Scanning Policies Scanning Engines Anti-Phishing Engine 39 39 44 48 52 55 Configuring GFI WebMonitor 7.1 7.2 7.3 7.4 7.5 GFI WebMonitor 2009 39 59 Introduction Administrative Access Control Notifications General Settings Proxy Settings 59 59 60 61 63 Introduction i 7.6 8 67 Quarantine 8.1 8.2 9 Reporting 72 Introduction Approving or Deleting items 72 72 Miscellaneous 9.1 9.2 77 Introduction Configure Network Access policy 77 77 10 Troubleshooting 10.1 10.2 10.3 10.4 10.5 10.6 83 Introduction Common Issues Knowledge Base Web Forum Request technical support Build notifications 83 83 84 84 84 84 Glossary 85 Index 87 ii Introduction GFI WebMonitor 2009 1 Introduction GFI WebMonitor is a comprehensive monitoring solution that enables you to monitor and filter network users’ web traffic (browsing and file downloads) in real-time. It also enables you to block web connections in progress as well as to scan traffic for viruses, trojans, spyware and phishing material. It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over your network users’ browsing and downloading habits. At the same time, it enables you to ensure legal and best practice initiatives without alienating your network users. 1.1 About this manual The aim of the Administration and Configuration Manual is to help you use and configure GFI WebMonitor on your network. This manual is structured as follows: Chapter 1 Introduces this manual and its use. Chapter 2 How to access and use GFI WebMonitor’s dashboard. Chapter 3 How to monitor internet activity. Chapter 4 How to configure allowed and blocked entities. Chapter 5 How to configure WebFilter Edition policies. Chapter 6 How to configure WebSecurity Edition policies. Chapter 7 How to configure GFI WebMonitor settings. Chapter 8 How to configure and manage quarantined items. Chapter 9 Provides information on topics that do not strictly fall within other chapters. Chapter 10 Provides troubleshooting information on common issues. Glossary Explains specific technical terms used in this manual. Getting Started Guide Detailed installation guidelines are provided in a separate manual called Getting Started Guide, which is downloadable from the GFI web site: http://www.gfi.com/webmon/webmon2009gsg.pdf The getting started guide provides detailed information on how to select your deployment environment and install GFI WebMonitor with default settings. 1.2 Terms used in this manual The following terms are used in this manual: “NOTE:” GFI WebMonitor 2009 Introduction 1 o Provides additional information and references essential for the operation of GFI WebMonitor. “IMPORTANT:” o Provides important information such as warnings and cautions regarding potential issues commonly encountered. For any technical terms and their definitions as used in this manual, refer to the Glossary chapter in this manual. 2 Introduction GFI WebMonitor 2009 2 2.1 Using the GFI WebMonitor dashboard Introduction The Dashboard node enables you to obtain graphical and statistical information related to GFI WebMonitor’s operation. This includes: 2.2 Usage and operations statistics Hits over time and bandwidth usage trend charts WebFilter statistics Last blocked requests and security threats. The GFI WebMonitor dashboard Screenshot 1 - GFI WebMonitor Dashboard GFI WebMonitor 2009 Using the GFI WebMonitor dashboard 3 Click the Dashboard node in the navigation bar to access the GFI WebMonitor Dashboard. The dashboard shows the information described in the sections below. NOTE: Click the dashboard. icon in the top right hand corner to refresh the Dashboard: Statistics Screenshot 2 – Dashboard: Operation Statistics The information provided in this table enables you to obtain information on a number of important operational elements of GFI WebMonitor. Select the hyperlink next to Current Active Connections to view the Active Connections page. This page is also accessible from the Monitoring node. For more information, refer to section 3.2 Active Connections in this manual. Select the hyperlink next to Current items in Quarantine to view a summary of the quarantine folder. Quarantined items can also be accessed from the Quarantine node. For more information, refer to the section Viewing quarantined items in this manual. AV Scanned Downloads represents the total downloads scanned by the anti-virus engines. For more information, refer to the section Scanning Engines in this manual. Select the other hyperlinks within Today’s statistics to view further detail on the statistics as summarized below. Feature Quarantined Blocked AV & Anti Phishing Selecting the hyperlink under Quarantined allows you to approve or delete quarantined items in the Virus Scanning Policies category. For further information, refer to the section named Viewing quarantined items. Selecting the hyperlink under Blocked. allows you to view the Top Policy Breakers Report. For further information, refer to the section named Top Policy Breakers. Download & IM Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information, refer to the section named Selecting the hyperlink under Blocked allows you to view the Top Policy Breakers Report. For further information, 4 Using the GFI WebMonitor dashboard GFI WebMonitor 2009 Download policies. Web Filtering Control refer to the section named Top Policy Breakers. Selecting the hyperlink under Quarantined allows you to approve or delete quarantined items in the Download Control Policies category. For further information, refer to the section named Viewing quarantined items. Selecting the hyperlink under Blocked allows you to view the Top Policy Breakers Report. For further information, refer to the section named Top Policy Breakers. Dashboard: WebSecurity/WebFilter Status and usage chart Screenshot 3 – Dashboard: WebSecurity and WebFilter status and usage chart The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not. 2. View a graphical representation of the correlation between the number of hits and bandwidth use for the current day. Dashboard: Hits Over Time chart Screenshot 4: Dashboard: Hits Over Time chart The Hits Over Time chart is a graphical representation of the total number of hits per day over the last 30-day period and includes the current day. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify any anomalies. GFI WebMonitor 2009 Using the GFI WebMonitor dashboard 5 Dashboard: Bandwidth Usage Trends chart Screenshot 5 - Dashboard: Bandwidth Usage Trends graph The Bandwidth Usage Trends chart is a graphical representation of the total bandwidth use per day over the last 30-day period and includes the current day. This enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and to identify spikes and anomalies. Dashboard: Top Categories (Sites) chart Screenshot 6 - Dashboard: Top Categories (Hits) Chart The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users. 6 Using the GFI WebMonitor dashboard GFI WebMonitor 2009 Dashboard: Top Categories (Bandwidth) chart Screenshot 7 - Dashboard: Top Categories (Bandwidth) Chart The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis-à-vis the website categories browsed by users. Dashboard: Top blocked categories (Hits) chart Screenshot 8 - Dashboard: Top Blocked Categories chart This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked. GFI WebMonitor 2009 Using the GFI WebMonitor dashboard 7 Dashboard: Last blocked requests list Screenshot 9 - Dashboard: Last Blocked Requests list The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not. Dashboard: Last blocked security threats list Screenshot 10 - Dashboard: Last Blocked Security Threats list The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify security issues as early as possible enabling you to take preventive measures before your network security is breached. 8 Using the GFI WebMonitor dashboard GFI WebMonitor 2009 3 3.1 Monitoring Internet activity Introduction Use the Monitoring node and its sub-nodes to examine current and historical web request data processed by GFI WebMonitor. Through these nodes, you can view data related to: 3.2 Active connections Past connections Bandwidth consumption Sites history Users history Activity log Active Connections Active connections provide information related to current active connections. Screenshot 11 – Active connections Click Monitoring ► Active Connections in the navigation bar to access the Active connections view. Through this view, you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To interrupt connections, click on the button in the Status column of the connection and the download will be terminated. NOTE: The information displayed is not refreshed automatically. Click on the refresh button on the upper right corner of the view to update the information being shown. 3.3 Past Connections The Past connections view shows the last 2000 complete connections processed by GFI WebMonitor. GFI WebMonitor 2009 Monitoring Internet activity 9 Screenshot 12 – Past connections Click Monitoring ► Past Connections in the navigation bar to access the Past connections view. The information is sorted by time, with the latest URL accessed listed on top. NOTE: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown. 3.4 Hidden Downloads The Hidden Downloads view enables the administrator to monitor all unattended downloads from user machines. An unattended download can be one of the following: Valid updates started automatically from the user’s machine Unwanted downloads by hidden applications Interrupted / forgotten downloads initialized by the user. These are downloads that are started by the user and not saved within 15 minutes Malicious downloads that will take advantage of computer software vulnerabilities using sequences of commands. Screenshot 13 – The Hidden Downloads view The Hidden Download option displays the following information: Name Description Last Time The last time the same URL was accessed if the URL radio 10 Monitoring Internet activity GFI WebMonitor 2009 button is selected, or the last time the same user agent was used if the User Agent radio button is selected. Count Real type Content Type The number of times the hidden download was accessed. File The file type of a hidden download. Click one of the Display radio buttons to show All file types or show Only Executables and Packages. The content type of the hidden download as suggested from the web content-type. To add a content type see Adding Contenttypes Expand an entry to view each time the hidden download was accessed. Name Description Time The date and time the Hidden download was accessed. User Click the User to display all hidden downloads accessed by the selected user. IP Click the IP address to display all hidden downloads accessed by the selected IP. Size The download size. From the Group By radio buttons select one of the following display options: URL to show the URL of the downloaded file User Agent to display the agent that started the hidden download. IP to display the IP address of the URL that started the hidden download. 3.4.1 Add hidden downloads to Whitelist Click on a hidden download to launch the Permanent Whitelist option. To allow the selected URL to be Whitelisted. click Add. GFI WebMonitor 2009 Monitoring Internet activity 11 Screenshot 14 – Whitelist hidden download 3.5 Bandwidth consumption The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports: 3.5.1 Top Sites The Top Sites node, displays websites visited details, sorted by bandwidth with the site having the highest bandwidth at the top. The list displays also the number of times a website was accessed (Hits) and the Web Category, that briefly describes the web site contents Group by Domains The list can be grouped by website-visited domain if Group by Domains in the Display Filters group is selected. To view each site visited from the selected domain click the domain entry, this displays Site Access History in a new page. Site Access History contains also the traffic over time chart and the hits over time chart. See Traffic Charts. Click a site entry to view the list of users that visited the site. See User History Details. Hide Referrals When selected this option the list will contain most likely websites manually entered by the user into browser. All linked sub-sites will be hidden. 3.5.2 Top Users This node displays websites, sorted by windows user or IP address. This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticated users the IP address is displayed. 12 Monitoring Internet activity GFI WebMonitor 2009 3.5.3 Top Categories This node displays the top categories browsed with the categories carrying the highest bandwidth on top. 3.5.4 Traffic Charts Show Traffic Over Time Chart to view a graph that shows the traffic during the selected date. Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. Show IM Messages Over Time Chart to view the number of Instant Messages received\sent during the selected date. 3.5.5 View data by date By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day –click on the forward button Specific date – click on the calendar button , select the required date and click Go to retrieve data for that date. . . NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. NOTE: The information displayed is not automatically refreshed. Click refresh button on the upper right of the view to update the information selected. 3.6 Sites History The Sites History node enables you to identify: The sites which are most frequently visited by your network users The total browsing time per site. 3.6.1 Top Time Consumption The Top Time Consumption view lists the sites on which network users spent most time browsing for a specific date. The information displayed includes: Site. The sites which were accessed Surf time. The time spent browsing each site File types. The file types accessed from each site Accessed by User / IP. The users/IPs that accessed the site. The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header. GFI WebMonitor 2009 Monitoring Internet activity 13 Screenshot 15 – Sites History: Top Time Consumption Click Sites History ► Top Time Consumption to access the Top Time Consumption view. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day –click on the forward button Specific date – click the calendar , select the required date, and, click Go to retrieve information for that date. NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. You can also click on any of the sites listed to bring up the Site History Details view. For more information, refer to the Site History Details section in this chapter. 3.6.2 Top Hits Count The Top Hits Count view lists the sites that were most frequently accessed by network users on a specific date. The information displayed includes: Sites - The sites that were accessed Hits - The number of times that each site was accessed (i.e., the number of hits) The file types accessed from each site Accessed by User / IP - The users/IPs that accessed the site Graphical representations of site hits over time. The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top). 14 Monitoring Internet activity GFI WebMonitor 2009 Screenshot 16 – Sites History: Top Hits Count Click Sites History ► Top Hits Count in the navigation bar to access the Top Hits Count view. To access graphs showing hits over time per site, select the Show Hits Over Time Charts option. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day –click on the forward button Specific date – click on the calendar button , select the required date and click on Go to retrieve data for that date. NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information, refer to the Site History Details section in this chapter. 3.7 Users History The Users History provides details of which users spent most time browsing sites also includes details of sites that were most frequently accessed. Three types of reports are available: Top Surfers Top Hits Count Top Policy Breakers GFI WebMonitor 2009 Monitoring Internet activity 15 3.7.1 Top Surfers Screenshot 17 – Users History: Top Surfers Click Users History ► Top Surfers in the navigation bar to access the Top Surfers view. The Top Surfers view lists the time spent by network users browsing sites on a specific date. The information displayed includes: User / IP. The users/IPs that browsed sites Surf Time. The time spent browsing sites Sites Accessed. Are sites accessed by each user. The list can be sorted either by user/IP in ascending order, or by time spent browsing in descending order (the site on which most time was spent is listed on top). To sort by user/IP, click on the User/IP column heading. To sort by time spent on the site, click on the Surf Time column heading. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day –click on the forward button Specific date – click the calendar button , select the required date and click on Go to retrieve data for that date. NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. You can also click on any of the users/IPs listed to review User History Details. 16 Monitoring Internet activity GFI WebMonitor 2009 3.7.2 Top Hits Count Screenshot 18 – Users History: Top Hits Count Click Users History ► Top Hits Count in the navigation bar to access the Top Hits Count view. The Top Hits Count view lists the users with the highest number of site accesses on a specific date. The information displayed includes: User/IP - The users/IPs that browsed sites. Hits - The number of site accesses made by each user. Sites accessed - Sites accessed by each user. Graphical representations of site hits over time. The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. To sort by user/IP, click on the User/IP column heading. To sort by site accesses, click on the Hits column heading. To display graphs showing hits over time for each of the sites listed, select the Show Hits Over Time Charts checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day –click on the forward button Specific date – click on the calendar button , select the required date and click on Go to retrieve data for that date. NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. You can also click on any of the users/IPs listed to review User History Details. For more information, refer to the User History Details section in this chapter. GFI WebMonitor 2009 Monitoring Internet activity 17 3.7.3 Top Policy Breakers Screenshot 19 – Users History: Top Policy Breakers To view the users that breached most policies, navigate to GFI WebMonitor ► Monitoring ► Users History ► Top Policy Breakers. When a users/IP is clicked, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view: Previous day – click on the back button Next day – click on the forward button Specific date – click the calendar button , select the required date, and, click Go to retrieve data for that date. NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. 3.8 Site History Details Screenshot 20 – Site History Details 18 Monitoring Internet activity GFI WebMonitor 2009 Click Sites History ► Top Time Consumption (or Top Hits Count) to access Site History Details view. From the view pane, select one of the listed sites in the Site column. This view shows the following information: User / IP - All users/IPs who have accessed that site on the specified date. Hits -The number of times the site was accessed by each user. The file types accessed from the site by each user. A graphical representation of total site hits over time, for all users. A graphical representation of user site hits over time, for each user listed. A graphical representation of traffic over time for each of the file types shown, for each user. To display the graph showing total site hits over time for all users, select the Show Hits Over Time Chart checkbox. This graph assists you in identifying the time period(s) for the specified dates during which the site was most frequently accessed by users. To display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review ‘User History Details’ view. For more information, refer to the User History Details section in this chapter. GFI WebMonitor 2009 Monitoring Internet activity 19 3.9 User History Details Screenshot 21 – User History Details Click Users History ► Top Surfers (or Top Hits Count) to access User History Details view. From the view pane, select one of the listed users/IPs in the User/IP column. The User History Details view shows the following for a specific user: Site shows the sites accessed on a specified date - To display a graph showing total site hits over time, select the Show Hits Over Time Chart option. This chart helps you to identify the time period(s) for the specified date during which the user accessed the listed sites. Hits shows the number of times the site was accessed- To display a graph showing specific site hits over time for the user, hover with the mouse pointer over the number of hits for any one of the sites listed under heading File types. A chart pops up showing the specified site access pattern and frequency by the user during the day. File Types shows real file types retrieved from a particular site- To display the graph showing download/upload traffic over time for a 20 Monitoring Internet activity GFI WebMonitor 2009 specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. To view an Instant Messaging traffic over time graph click IM Messages Over Time Chart. This chart will display the frequency of received\sent IM messages during the day selected. You can also click on any of the sites listed to review Site History Details. For more information, refer to the Site History Details section in this chapter. 3.10 Activity Log Screenshot 22 – GFI WebMonitor Activity Log Click Activity Log node in the navigation bar, to access the Activity Log view. The Activity Log view shows all GFI WebMonitor activity related to: Items which have been blocked or quarantined Processes that have failed. The Activity Log view shows the following: The User/IP who carried out the activity Date and time when the activity took place Description of the activity which took place and the reason why items which have been blocked or quarantined URL accessed. Click on the refresh button the information being shown. GFI WebMonitor 2009 on the upper right of the view to update Monitoring Internet activity 21 4 4.1 Configuring allowed and blocked websites Introduction Whitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMonitor. If a site is therefore listed in the Blacklist and that same site is listed in the Whitelist, the site will be blocked. 4.2 Configuring the Whitelist To access the Whitelist click on the Whitelist node in the navigation bar. 4.2.1 Preconfigured items By default, GFI WebMonitor includes a number of preconfigured sites in the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websites to allow automatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected. 4.2.2 Adding items to the Permanent Whitelist To add an item to the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab. GFI WebMonitor 2009 Configuring allowed and blocked websites 23 Screenshot 23 – GFI WebMonitor Whitelist 2. From the drop-down lists, select whether a User, IP or Site will be added to the whitelist and provide the user(s), group(s) and/or IP(s) for whom the new whitelist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE: When adding a user to the whitelist, specify the username in the format DOMAIN\user. NOTE: When adding a site to the whitelist, you can use wildcards. For more information, refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 4.2.3 Delete items from the Permanent Whitelist To remove an item from the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor. 24 Configuring allowed and blocked websites GFI WebMonitor 2009 4.2.4 Adding items to the Temporary Whitelist To add an item to the Temporary Whitelist: Screenshot 24 – Temporary Whitelist 1. Click on the Whitelist node and select the Temporary Whitelist tab. Screenshot 25 – Temporary Whitelist: Granting temporary access 2. Click Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. GFI WebMonitor 2009 Configuring allowed and blocked websites 25 NOTE: When granting temporary access to a user, specify the username in the format DOMAIN\user. NOTE: When adding a site to the Whitelist, you can use wildcards. For more information, refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view. 4.2.5 Removing items from the Temporary Whitelist 1. Click on the Whitelist node and select the Temporary Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor. 4.3 Configuring the blacklist 4.3.1 Adding items to the Blacklist To add an item to the Blacklist: 1. Select Blacklist node from navigation bar. Screenshot 26 – GFI WebMonitor Blacklist 2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for 26 Configuring allowed and blocked websites GFI WebMonitor 2009 whom the new blacklist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE: When adding a user to the blacklist, specify the username in the format DOMAIN\user. NOTE: When adding a site to the blacklist, you can use wildcards. For more information, refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 4.3.2 Delete items from the Blacklist To delete an item from the Blacklist: 1. Select Blacklist node from navigation bar. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting blacklist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 4.4 Using wildcards When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below: Example Description *.com Allow/block all ‘.com’ top-level domains *.website.com Allow/block all sub domains of the ‘website.com’ domain GFI WebMonitor 2009 Configuring allowed and blocked websites 27 5 5.1 WebFilter Edition - Site rating and content filtering Introduction GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI WebMonitor then uses the configured web filtering policies to determine what action to take. This may be one of the following actions: Allow access to site Block access to site and quarantine the related file URL Block access to site and delete related URLs. Policies can be customized to apply during specific time periods, for example, a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor. 5.2 Configuring Web Filtering policies 5.2.1 Adding a Web Filtering Policy To add a Web Filtering Policy: 1. Click on WebFilter Edition ► Web Filtering Policies from the navigation bar. 2. Select Add Policy. GFI WebMonitor 2009 WebFilter Edition - Site rating and content filtering 29 Screenshot 27 –Adding a Web Filtering policy: general settings 3. Click on the General tab. 4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively. 5. In the Policy Schedule area, specify the time period(s) during which the new policy will be enforced. 30 WebFilter Edition - Site rating and content filtering GFI WebMonitor 2009 Screenshot 28 –Adding a Web Filtering policy: web filtering categories 6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: Allow categories: Select categories from the Blocked Categories list and click Allow>. Block categories: Select categories from the Allowed Categories list and click <Block. Quarantine access: Select categories Categories list and click <Quarantine. from the Allowed NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information, refer to the Configuring advanced web filtering policy conditions section. GFI WebMonitor 2009 WebFilter Edition - Site rating and content filtering 31 Screenshot 29 – Adding a Web Filtering policy: web filtering exceptions 7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs, which are: Excluded (i.e. allowed) from the policy. This enables users to access sites overriding any policy setup. Included (i.e. blocked) in the new policy. The URLs specified in the included sites will be blocked regardless of the scope of the new policy. NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy. 32 WebFilter Edition - Site rating and content filtering GFI WebMonitor 2009 Screenshot 30 –Adding a Web Filtering policy: who it applies to 8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. Screenshot 31 – Adding a Web Filtering policy: Notifications 9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy checkbox if required. Complete setup by updating administrator’s notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrator’s text box. GFI WebMonitor 2009 WebFilter Edition - Site rating and content filtering 33 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. 11. Complete new policy setup by clicking on Save Settings The newly created policy will now be listed in the main Web Filtering Policies view. 5.2.2 Editing a Web Filtering Policy To edit a Web Filtering Policy: 1. Click on WebFilter Edition ► Web Filtering Policies from the navigation bar. 2. Click on the edit icon next to the policy you want to edit. 3. Refer to Adding a Web Filtering Policy section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. 5.2.3 Disabling a Web Filtering Policy To disable a Web Filtering Policy: 1. Click on WebFilter Edition ► Web Filtering Policies from the navigation bar. 2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. 5.2.4 Enabling a Web Filtering Policy 1. Click on WebFilter Edition ► Web Filtering Policies from the navigation bar. 2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. 5.2.5 Deleting a Web Filtering Policy 1. Click on WebFilter Edition ► Web Filtering Policies from the navigation bar. 2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. 5.2.6 Default web filtering policy GFI WebMonitor - WebFilter Edition ships with a default web filtering policy which applies to all users. The policy name is listed as Default Web Filtering Policy. This policy can be edited but it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Web Filtering Policy section in this chapter for information related to editing web filtering policies. NOTE: All user-created web filtering policies take precedence over the default web filtering policy. 34 WebFilter Edition - Site rating and content filtering GFI WebMonitor 2009 NOTE: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab. 5.3 Configuring advanced web filtering policy conditions Advanced web filtering policy conditions give you greater flexibility in defining which sites should be allowed or blocked. These advanced policy conditions take precedence over categories you may have already specified in the Allowed Categories and Blocked Categories list boxes. 5.3.1 Adding an advanced web filtering policy condition To create an advanced web filtering policy condition: Screenshot 32 – Web filtering policy 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on Add Condition to view the Edit Properties dialog where you will create the advanced condition. 3. Specify a combination of categories, which will enable you to allow, block or quarantine sites. For example, to block sites which fall under the categories ‘Adult and pornography’ AND ‘IM Client’: a. Select ‘Adult and pornography’ from Available Categories list box and click on Use Category b. Select ‘IM Client’ from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition. 4. Click on Save Settings to finalize settings. GFI WebMonitor 2009 WebFilter Edition - Site rating and content filtering 35 NOTE: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the ‘Adult themes’ category. Likewise, the site is NOT blocked if it only falls only under the ‘Sexuality’ category. 5.3.2 Editing an advanced web filtering policy condition To edit an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the advanced policy to edit to display the Edit Properties dialog where you can edit the advanced condition. 3. Click OK to apply the changes you made. 4. Click on Save Settings to finalize settings. 5.3.3 Removing an advanced web filtering policy condition To delete an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the delete icon next to the advanced policy you want to delete. 3. Click on Save Settings to finalize settings. 5.4 WebGrade Database settings Screenshot 33 – WebGrade Database settings Through the WebGrade Database settings view you can: Enable/disable online lookups Enable/disable the database 36 WebFilter Edition - Site rating and content filtering GFI WebMonitor 2009 View the database status, version and license details Configure database updates Check the presence or validity of any URL with the active local WebGrade database and send feedback. 1. Click WebFilter Edition ► Web Filtering Policies ► WebGrade Database from the navigation bar to access the WebGrade Database settings. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field. 3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Click Save Settings to apply changes. 5.4.1 Enabling/disabling online lookups 1. Click on WebFilter Edition ► Web Filtering Policies ► WebGrade Database. 2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation. 5.4.2 Viewing updated online lookups Online lookup enables GFI WebMonitor to synchronize with a global internet database server for reviewed URLs. To review changes after these have been updated: 1. Click on WebFilter Edition. 2. Select Add Policy from the view pane. The Web Filtering Policy is displayed within the view pane. Categories are updated under the Blocked Categories and Allowed Categories headings. 5.4.3 Enabling/disabling the database To enable or disable the database: 1. Click on WebFilter Edition ► Web Filtering Policies ► WebGrade Database 2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories. 5.4.4 Configure database updates Through the checkboxes within the WebGrade Database Updates area in the WebGrade Database settings view, you can: Configure whether the WebGrade Database should be updated automatically or manually Configure the frequency with which available updates should be installed GFI WebMonitor 2009 WebFilter Edition - Site rating and content filtering 37 Configure if an email notification should be sent upon successful updating of the WebGrade Database Manually update the WebGrade Database by clicking Update Now. 5.4.5 Checking URL categories The Check URL category tool enables you to key in a URL and check for its category within your active local WebGrade database. If the category is not found or if the category listed in the local WebGrade database does not match with the website’s category, you can report it for update. To check a URL category: 1. Enter URL in the check URL field 2. Click Check URL category. The category in the active local WebGrade database is displayed beneath the URL field. To report a missing or incorrect category, update the URL, click on Submit Feedback, and fill out the form displayed in your browser, and, click Submit. 38 WebFilter Edition - Site rating and content filtering GFI WebMonitor 2009 6 6.1 WebSecurity Edition - File scanning and download control Introduction GFI WebMonitor’s WebSecurity features scan and usage control restrictions for various applications to users, IPs or groups on your network. The control policies are: 6.2 Download Control Policies – Software download controls IM Control Policies – Control use and access of MSN / Windows Live Messenger Virus Scanning Policies – configure which downloaded files should be scanned for viruses and spyware. Anti-Phishing Engine – Configure protection to network users from phishing sites. Download Control policies GFI WebMonitor identifies the real file type of the file being downloaded and then applies Download Control Policies to determine what action to take. This may be one of the following actions: Allow the file to be downloaded Block the file from being downloaded and quarantine the file URL Block the file from being downloaded and delete all related URLs For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options. Screenshot 34 - Download Control Policies 6.2.1 Adding a new Download Control Policy To add a download control policy: 1. Click on WebSecurity Edition ► Download Control Policies from the navigation bar. GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 39 2. Click on Add Policy. 3. In the General tab provide a new policy name and description in the Policy Name field and the Policy Description text box respectively. Screenshot 35 - Add new download control policy: Download control tab 4. Click on the Download Control tab to configure the actions to be taken on the various file types. Screenshot 36 - Add new download control policy: Add new content type 5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add. 40 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 37 - Add new download control policy: Change Action dialog 6. Click on any file type from the list to display the Change Action dialog and configure the actions to be taken for that file type. From the Perform this action: drop down list select the applicable action to be taken. The available options are: Allow Block and Quarantine Block and Delete Click OK to apply the action. Screenshot 38 - Download control policies: Applies to tab GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 41 7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. Screenshot 39 – Download control policies: Notification tab 8. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Enter the administrator’s email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the users to be notified when the policy you are creating is breached, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. 10. Complete the new policy setup by clicking on Save Settings. The policy created will be listed in the main Download Control Policies view. 6.2.2 Editing a Download Control Policy To edit a download control policy: 42 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 1. Click on WebSecurity Edition ► Download Control Policies from the navigation bar. 2. Click on the edit icon next to the policy you want to edit. 3. Refer to Adding a new Download Control Policy section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings 6.2.3 Disable a Download Control Policy To disable a download control policy: 1. Click WebSecurity Edition ► Download Control Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a download policy by clicking on Save Settings 6.2.4 Enable a Download Control Policy To enable a previously disabled download control policy: 1. Click WebSecurity Edition ► Download Control Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings 6.2.5 Delete a Download Control Policy To delete a download control policy: 1. Click WebSecurity Edition ► Download Control Policies from the navigation bar. 2. Click delete icon next to the policy you want to delete. 3. Complete deleting a download policy by clicking on Save Settings 6.2.6 Default Download Control Policy GFI WebMonitor - WebSecurity Edition ships with a default download control policy, which is configured to apply to all users. The policy name is listed as Default Download Control Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Download Control Policy section in this chapter for information related to editing download control policies. NOTE: All user-created download control policies takes precedence over the default download control policy. NOTE: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab. 6.2.7 Adding Content-types GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type which is not in the predefined list: GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 43 1. Click on WebSecurity Edition ► Download Control Policies from the navigation bar. 2. Click on Add Policy, select Download Control tab and click on Add Content-type. Screenshot 40 - Add new content type 3. Key in the content-type in the Content-Type field in the format type/subtype and click on Add. 4. Complete keying in a new contact type by clicking on Save Settings. NOTE: Files for user added content-types are not real file types, as is the case with preconfigured file types. 6.3 Configuring Instant Messaging (IM) Control Policies GFI WebMonitor enables administrators to control the use of MSN Messenger and Windows Live Messenger. These controls can be configured from WebSecurtiy Edition ► IM Control Policy node. The Default IM Control Policy is the control applicable to all users, however specific controls to particular users, groups or IPs can be configured as described below. 6.3.1 Adding a new IM Control Policy To add a new IM control policy: 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition ► IM Control Policies. 2. Click Add Policy and select the General tab. 44 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 41 - Add new IM Policy – assign a name and description 3. Key in the new policy name in the Policy Name field and optionally enter a brief description in the Policy Description text box. Screenshot 42 - Add new IM Policy – Set IM Controls 4. From the IM Control tab, choose to block or allow instant messaging communications: Block all MSN / Windows Live Messenger communications – all communications via MSN or Windows Live Messenger is blocked. Allow MSN / Windows Live Messenger communications – the use of MSN or Windows Live Messenger is allowed. GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 45 Screenshot 43 - Add new IM Policy - Applies To tab 5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. 46 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 44 - Add new IM Policy – Notifications tab 6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email notification to the configured email address(es) when a user tries to access blocked IM policies. 7. Add the administrator(s) email address(es) to be notified in the Email Address box. 8. In the Send the following notification to the administrators text box, edit the email message text, which will be sent in the email notification 9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download. 10. Complete the new IM policy setup by clicking Save Settings. The new policy will be listed in the main IM Control Policies view. 6.3.2 Editing an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition ► IM Control Policies. 2. Click on the edit icon next to the policy you want to edit. 3. Navigate in the control policy tabs and edit settings accordingly. GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 47 4. Click Save Settings when finished. 6.3.3 Enabling/Disabling an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition ► IM Control Policies. 2. In the Enabled column, check or uncheck the policy you want to enable or disable respectively. 3. Click Save Settings when finished. 6.3.4 Deleting an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition ► IM Control Policies. 2. Click on the delete icon next to the policy you want to delete. 3. Click Save Settings when finished. 6.4 Configuring Virus Scanning Policies For allowed downloads, GFI WebMonitor applies virus-scanning controls, which include any of the following: Display download progress and status Scan the downloaded file with any of the supported virus scanners Take any of the following action when a virus is detected: o Issue a warning, but allow access to the downloaded file o Block access to the downloaded file and quarantine o Block access to the downloaded file and delete it Screenshot 45 - Virus Scanning Policies 6.4.1 Adding a Virus Scanning Policy To add a virus scanning policy: 1. Click on WebSecurity Edition ► Virus Scanning Policies from the navigation bar. 2. Click on Add Policy. 3. Click on the General tab. 48 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 46 - Add new virus scanning policy 4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively. Screenshot 47 - Add new virus scanning policy: Virus scanning tab 5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: Warn and Allow Block and Quarantine Block and Delete GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 49 Screenshot 48 - Add new virus scanning policy: Applies to tab 6. Click OK, select Applies Tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. 50 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 49 - Add new virus scanning policy: Notification tab 7. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Complete setup with the administrator’s notification email address and notification e-mail text. Provide the body text for the notification email in the Send the following notification to the administrators text box. 8. If you require users to be notified when the policy you are creating is triggered, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. 9. Complete new policy setup by clicking on Save Settings The policy you have just created will be listed in the main Virus Scanning Policies view. 6.4.2 Editing a Virus Scanning Policy To edit a virus scanning policy: 1. Click on WebSecurity Edition ► Virus Scanning Policies from the navigation bar. 2. Click on the edit icon to edit. GFI WebMonitor 2009 next to the virus scanning policy you want WebSecurity Edition - File scanning and download control 51 3. Refer to Adding a Virus Scanning Policy section in this chapter, for a description of the fields, which can be edited. 4. Complete new policy setup by clicking on Save Settings. 6.4.3 Disabling a Virus Scanning Policy To disable a virus scanning policy: 1. Click on WebSecurity Edition ► Virus Scanning Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a virus scanning policy by clicking on Save Settings. 6.4.4 Enabling a Virus Scanning Policy To enable a virus scanning policy: 1. Click on WebSecurity Edition ► Virus Scanning Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. 6.4.5 Delete a Virus Scanning Policy To delete a Virus Scanning Policy: 1. Click on WebSecurity Edition ► Virus Scanning Policies from the navigation bar. 2. Click on the delete icon next to the policy you want to delete. 3. Complete deleting a virus scanning policy by clicking on Save Settings 6.4.6 Default Virus Scanning Policy GFI WebMonitor WebSecurity Edition ships with a default virus scanning policy, which is configured to apply to all users. The policy name is listed as Default Virus Scanning Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Virus Scanning Policy section in this chapter for information related to editing virusscanning policies. NOTE: Any user-created virus scanning policy takes precedence over the default virus scanning policy. NOTE: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab. 6.5 Scanning Engines Through the Virus & Spyware Protection view, you can: Enable/Disable one or more of the supported engines View the licensing status 52 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Configure anti-virus engine/signature updates for each one of the scanning engines To access the Virus & Spyware Protection view click on WebSecurity Edition ► Virus Scanning Policies ► Virus & Spyware Protection from the navigation bar. 6.5.1 Enabling/disabling the scanning engines To enable or disable one or more of the scanning engines: 1. Click on WebSecurity Edition ► Virus Scanning Policies ► Virus & Spyware Protection. Screenshot 50 - Virus & Spyware Protection 2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. IMPORTANT: If a virus-scanning engine is disabled GFI WebMonitor will not use the disabled engine. 3. Complete Virus scanning engine setup by clicking on Save Settings 6.5.2 Configure anti-virus updates Through the configuration view for each one of the supported scanning engines, you can: View the scanning engine status, version and license details Check or uncheck checkboxes that enable automatic or manual scanning engine/signature updates Configure the frequency with which available updates should be installed Check or uncheck checkboxes that enable the configuration of an email notification message that should be sent upon successful updating of scanning engines/signatures Click Update Now engines/signatures. GFI WebMonitor 2009 to manually update scanning WebSecurity Edition - File scanning and download control 53 Screenshot 51 - BitDefender Properties Screenshot 52 - Norman Anti-Virus Properties 6.5.3 Kaspersky Scanning Engine Options From the configuration view for the Kaspersky scanning engine, you can specify whether Virus Scanning Policies should be triggered when files are identified as: Suspicious Corrupted Hidden 54 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 Screenshot 53 - Kaspersky Anti-Virus Properties 1. Click on WebSecurity Edition ► Virus Scanning Policies ► Virus & Spyware Protection ► Kaspersky Anti-Virus. 2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Click Save Settings to apply settings. 6.6 Anti-Phishing Engine Through the Anti-Phishing Engine view, you can: Enable/Disable anti-phishing View the anti-phishing feature licensing status Configure anti-phishing database updates To access the Anti-Phishing Engine view, click on WebSecurity Edition ► Anti-Phishing Engine from the navigation bar. 6.6.1 Enabling/disabling the Anti-Phishing Engine To enable or disable the Anti-Phishing Engine: 1. Click on WebSecurity Edition ► Anti-Phishing Engine. 2. Click on the General tab. GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 55 Screenshot 54 - Anti Phishing engine properties 3. Check or uncheck the Block access to phishing sites checkbox to enable or disable anti-phishing features. NOTE: Disabling the anti-phishing engine implies that GFI WebMonitor cannot use that engine to block phishing sites. 4. Complete anti-phishing engine setup by clicking on Save Settings 6.6.2 Configure Anti-Phishing database updates Through the checkboxes within the Anti-Phishing Updates area in the Anti-Phishing Engine settings view you can: Configure whether the Anti-Phishing Database should be updated automatically or manually. Configure the frequency with which available updates should be installed. Configure if an email notification should be sent upon successful updating of the Anti-Phishing Database; Manually update the Anti-Phishing Database by clicking Update Now. To configure Anti-Phishing database updates: 1. Click on WebSecurity Edition ► Anti-Phishing Engine. 2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. 56 WebSecurity Edition - File scanning and download control GFI WebMonitor 2009 6.6.3 Configure phishing notifications Through the Notifications tab in Anti-Phishing Engine settings view, you can specify whether email notifications are to be sent when a site being accessed is a known phishing site. To enable phishing notifications: 1. Click on WebSecurity Edition ► Anti-Phishing Engine. Screenshot 55 - Anti-Phishing notification tab 2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrator’s notification email address and notification e-mail text. Provide the body text for the notification email in the Send the following notification to the administrators’ text box. 3. If you require the user to be notified when a phishing site is accessed, check the Notify the user accessing the site if the site accessed is a known phishing site checkbox and provide the notification email text. 4. Complete phishing notifications setup by clicking on Save Settings GFI WebMonitor 2009 WebSecurity Edition - File scanning and download control 57 7 7.1 Configuring GFI WebMonitor Introduction GFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane: 7.2 Administrative Access Control: Configure who can access GFI WebMonitor web interface for configuration and monitoring. Notifications: Configure alerting options for email notifications on important events. General Settings: Configure the data retention, downloaded cache and temporary whitelist policies. Proxy settings: Configure GFI WebMonitor proxy settings. Reporting: Configure the database settings for reporting. Administrative Access Control Access to GFI WebMonitor is based on IP or the authenticated username. Only users/IPs in the authorized list are allowed access. 7.2.1 Adding users/IPs to the access permissions list To add a user or IP to the access permissions list: 1. From the GFI WebMonitor navigation bar select Configuration ► Administrative Access Control. Screenshot 56 – Configuring administrative access control 2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. GFI WebMonitor 2009 Configuring GFI WebMonitor 59 NOTE: When adding a user to the access control list, specify the username in the format DOMAIN\user. 3. Click on Add to add the new item to the list and click Save Settings to finalize setup. 7.2.2 Deleting users/IPs to the access permissions list To remove a user or IP to the access permissions list: 1. Click on the Administrative Access Control node. 2. Click on the delete icon next to the user/IP you want to delete. 3. Click on Save Settings to finalize deleting users/IPs. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 7.3 Notifications Notifications are sent by email to administrators on important events including: Items being quarantined WebGrade Database, anti-virus signature update failures WebGrade Database, anti-virus signature update success Approaching expiry of WebGrade Database and anti-virus signature update licenses. 7.3.1 Configuring email settings To configure email settings: 1. Click on Notifications node 2. Go to the Send administrative emails using the following settings and specify the email address from which notifications will be sent as well as the SMTP server and SMTP port. 3. Click on Save Settings to finalize email settings setup. 7.3.2 Configuring email recipients To add recipients to whom notifications are sent: 1. From the GFI WebMonitor navigation bar select Configuration ► Notifications node 60 Configuring GFI WebMonitor GFI WebMonitor 2009 Screenshot 57 – Configuring notifications 2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 7.3.3 Deleting recipients: 1. Click on Notifications node 2. Click on the delete icon delete. next to the email address you want to 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. 7.4 General Settings Through the General Settings node, you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration ► General Settings node GFI WebMonitor 2009 Configuring GFI WebMonitor 61 2. In the Data Retention area specify how long, in days, browsing activity data will be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. Screenshot 58 - Configuring data retention 3. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the cache will speed up subsequent requests for the same file. NOTE: Set the value to zero hours if you want to disable the cache. Screenshot 59 - Configuring downloaded cache 4. In the Temporary Whitelist area specify how long (in hours), will items approved from the quarantine be kept in the Temporary Whitelist. This is the amount of time available to the user, during which the approved URL is accessible. Screenshot 60 - Configuring temporary whitelist 5. In the Proxy Array text box, specify all the IP addresses of the network linked proxy servers, which have GFI WebMonitor installed. Screenshot 61 - Configuring proxy array 62 Configuring GFI WebMonitor GFI WebMonitor 2009 6. From the Language drop down list, select the language in which GFI WebMonitor responds to client requests. Screenshot 62 - Configuring language Responds from GFI WebMonitor includes; 7.5 Download status windows Blocking Notifications Proxy Settings 7.5.1 Introduction The Proxy Settings page is available when installing GFI WebMonitor 2009 standalone proxy. This page enables the customization of proxy settings. The features that can be configured are: Network Configuration Authentication method Chained Proxy GFI WebMonitor 2009 Configuring GFI WebMonitor 63 Screenshot 63 – Proxy Settings page 7.5.2 Network Configuration The Network configuration drop down list contains a list of network cards installed on the server. To configure GFI WebMonitor to listen for incoming connections on a specific network card: 1. From the GFI WebMonitor navigation bar select Configuration ► Proxy Settings node. 64 Configuring GFI WebMonitor GFI WebMonitor 2009 Screenshot 64 – Network Configuration 2. Select the network card IP address from the drop down list, and enter the listening port (default 8080). 3. Select Use WPAD for network clients. This instructs client machines to automatically detect the server as the default proxy. 4. Select: Publish the IP of the GFI WebMonitor proxy in WPAD: includes the GFI WebMonitor IP address in the WPAD.dat file. Or Publish the host name of the GFI WebMonitor proxy in WPAD: Includes the GFI WebMonitor host name in the WPAD.dat file. 5. Click Save Settings NOTE: Select Listen on all network interfaces if GFI WebMonitor server is required to listen to incoming connections on multiple network cards. 7.5.3 Authentication Method The Authentication Method area enables the configuration of the authentication method used by the proxy. This determines how client machines are validated when accessing the internet. Screenshot 65 – Authentication Method No authentication Select this check box if proxy authentication is not required. GFI WebMonitor 2009 Configuring GFI WebMonitor 65 Basic authentication: Select this method if the user has to enter a valid user name and password when launching a new internet session. When launched, the internet browser will prompt the user to provide valid login credentials. Integrated authentication: Select this method if proxy authentication is done using the client machines’ access control service. Users will not be required to enter login credentials to access the internet. (Recommended) The integrated authentication option is disabled on a machine where Local users are authenticated as guest (This policy will be enabled by default on a Windows XP pro machine which has never been joined to a Domain Controller). Network access method can be configured; Manually on each machine or, Using active directory GPO. For more information on how to configure network access, refer to Configure Network Access policy section in this manual. Exception List GFI WebMonitor allows a list of IPs to be exempted from proxy authentication. To manage the list of IPs: 1. Click Set Exception List. Screenshot 66 – Exception list 2. Enter the IP address to be included, and click Add. 3. Click OK to exit. 4. In the Proxy Settings page, click Save Settings. 66 Configuring GFI WebMonitor GFI WebMonitor 2009 7.5.4 Chained Proxy Client machines can be configured to forward HTTP traffic to the GFI WebMonitor server. In addition, the GFI WebMonitor server forwards the filtered traffic to a proxy server. To configure GFI WebMonitor to forward HTTP traffic to a proxy server: Screenshot 67 – Chained Proxy 1. Select WebMonitor Proxy will route the web traffic to the following proxy: check box. 2. Key in the proxy server IP address in the Address text box and in the Port text box enter the chained proxy port (default 8080). 3. If proxy authentication requires alternate credentials other than the default user data, key in the required credentials in the User name and Password fields. NOTE: If no credentials are keyed in, the default user credentials are used. 4. Click Text Proxy Chaining to test the connection between GFI WebMonitor machine and the proxy server. 5. Click Save Settings 7.6 Reporting 7.6.1 Introduction GFI WebMonitor enables you to store data on an existing database for statistical information. Use GFI WebMonitor ReportPack to view and analyze stored information. In this section, you will find information about: Reporting requirements. How to enable or disable information gathering Configuring reporting options 7.6.2 Reporting requirements Before enabling reporting, create a blank database in an SQL environment. On enabling reporting, the database structure is automatically configured by GFI WebMonitor. GFI WebMonitor 2009 Configuring GFI WebMonitor 67 Create a new database in Microsoft SQL server 2008 1. On the SQL server machine, click Start ► All Programs ► Microsoft SQL Server 2008 ► SQL Server Management Studio. 2. Enter the database administrator credentials. 3. From the left panel expand SQL Server node ► Security. 4. Right-click Logins and select New Login. 5. Enter a valid user login name (example webMon_user). 6. Select authentication type and click OK to apply changes. Screenshot 68 - Create new SQL login 7. From the left panel, right-click Databases folder and select New Database. 8. In the new database dialog, enter a valid name (for example WEBMONDB). 9. Click the owner browse button to enter a login name and in the Select Database Owner dialog and click Browse. 68 Configuring GFI WebMonitor GFI WebMonitor 2009 Screenshot 69 - Browse for object dialog 10. Select the user created earlier and click OK. 11. Click OK to close the Select Database Owner dialog and OK in the New Database dialog to apply changes. NOTE: To view more information on how to create a new database on various SQL server version, see KBase article http://kbase.gfi.com/showarticle.asp?id=KBID003379 7.6.3 Enable Reporting To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration ► Reporting node GFI WebMonitor 2009 Configuring GFI WebMonitor 69 Screenshot 70 - GFI WebMonitor Reporting setup 2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password combination and Database name which enables GFI WebMonitor to connect and audit data to the database in the respective order. You can use the Get Database List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For security purposes, passwords can only be configured from the machine where GFI WebMonitor is installed. 7.6.4 The update reporting data now button Daily at midnight, GFI WebMonitor automatically transfers any data logged to the Microsoft SQL server backend database as configured when enabling the reporting features. There are instances however when you would want to trigger the data retrieval process manually, such as: When upgrading GFI WebMonitor version that supports reporting. When migrating data stored in files, in a storage location to a central database To test configuration settings. 70 Configuring GFI WebMonitor GFI WebMonitor 2009 In these cases, amongst others, clicking on the Update reporting data now triggers the retrieval process. NOTE: Data is always collected for complete 24-hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked. 7.6.5 Disabling Reporting To disable reporting features: 1. Click on the Reporting node. 2. Uncheck the Enable Reporting checkbox and click Save Settings to disable reporting. GFI WebMonitor 2009 Configuring GFI WebMonitor 71 8 8.1 Quarantine Introduction GFI WebMonitor includes a quarantine feature; a restricted, safe and controlled storage area where potentially harmful download files are stored. Policies may be set where downloaded files/URLs are blocked and stored in quarantine. Downloaded files may be quarantined as a result of one or more configured policies in the following triggered categories: Download Control Policies Web Filtering Policies Virus Scanning Policies Administrators should review the quarantine to: Establish the reason for which a download file is being quarantined Determine whether the file is harmful or harmless and should be deleted or approved. If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: 8.2 Those transferred to quarantine today Those transferred to quarantine yesterday Those transferred to quarantine this week All items transferred to quarantine Approving or Deleting items 8.2.1 Viewing quarantined items The following information is shown for all items listed in the quarantine: Quarantined On. Date and time when the item was quarantined. The user/IP that accessed the item, which is now quarantined. Download URL - details of the quarantined item. Quarantine reason - The reason why the item was quarantined. To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to review either all items or those for a specified period: 72 Quarantine Today Yesterday GFI WebMonitor 2009 This Week All Items Screenshot 71 - Quarantine 2. Click on each one of the available tabs to view a list of items quarantined for each respective policy category: Download Control Policies tab Web Filtering Policies tab Virus Scanning Policies tab Lists are sorted in descending order, with the latest item being quarantined shown at the top of the list. 3. Click on the details icon to view details for that item. 4. Click Go Back To List to move back to the list of quarantined items. 5. Use the navigation icons of quarantined items. to navigate through a long list 8.2.2 Approving quarantined items To approve one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon GFI WebMonitor 2009 Quarantine 73 Screenshot 72 - Approving a quarantined item 4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE: The user email address is shown only if the user has been authenticated, and has a valid Active Directory email field. NOTE: Using the checkbox associated with each entry in the quarantine enables multiple file whitelisting. NOTE: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to the Temporary Whitelist. Refer to the Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE: Quarantined items, which are not approved after 2 days, are automatically deleted. 8.2.3 Deleting quarantined items To delete one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon 4. If you decide that the downloaded file should be deleted, click Delete Item 5. Click Delete Selected Item to make the downloaded file available to users or Delete All Items to make all items in a quarantine available to users. NOTE: Using the checkbox associated with each entry in the quarantine enables multiple file deletion. 74 Quarantine GFI WebMonitor 2009 NOTE: Quarantined items which are not approved after 2 days are automatically deleted. GFI WebMonitor 2009 Quarantine 75 9 9.1 Miscellaneous Introduction This section describes all the other information that fall outside the initial configuration of GFI WebMonitor. 9.2 Configure Network Access policy In the Proxy Settings page, the integrated authentication option is disabled on a machine where Local users are authenticated as guest (This policy will be enabled by default on a Windows XP pro machine which has never been joined to a Domain Controller). Network access method can be configured; Manually on each machine or, Using active directory GPO. Configure network access manually 1. Click Start ► Control Panel ► Administrative Tools ► Local Security Policy. 2. From the left panel expand Security Settings ► Local Policies► Security Options. 3. Right click Network access: Sharing and security model for local accounts from the right panel and click Properties. 4. Make sure that in Local Security Setting tab, Classic – local users authenticate as themselves is selected. GFI WebMonitor 2009 Miscellaneous 77 Screenshot 73 – Windows XP local security settings 5. Click Apply and OK. 6. Close Local Security Settings. Configure network access using GPO in Windows 2003 server To configure Network access policy through Windows 2003 GPO: 1. Click Start ► All Programs ► Administrative Tools ► Active Directory Users and Computers, on the DNS server. 2. Right click the domain and click Properties. 3. Select Group Policy tab in the Domain Properties dialog. 78 Miscellaneous GFI WebMonitor 2009 Screenshot 74 - Active Directory GPO 4. Select Default Domain Policy from the list, and click Edit. 5. Expand Computer Configuration ► Security Settings ► Local Policies and click Security Options. 6. Right click Network access: Sharing and security model for local accounts from the right panel, and click Properties. 7. In the Security Policy Setting tab, select Define this policy setting and make sure that Classic – local users authenticate as themselves is selected. 8. Click OK and close all opened windows. Configure network access using GPO in Windows 2008 server To configure Network access policy through Windows 2008 GPO: 1. In the command prompt type mmc.exe and press Enter. 2. In the Console Root window click File ► Add/Remove Snap-in… to open the Add or Remove snap-ins window. 3. Select Group Policy Management from the Available snap-ins list, and click Add. GFI WebMonitor 2009 Miscellaneous 79 Screenshot 75 – Add/Remove Snap-Ins window 4. Click OK. 5. Expand Group Policy Management ► Forest ► Domains and click the Domain. Screenshot 76 – Console Root domain 6. Right click Default Domain Policy and click Edit. This opens the Group Management Editor. 7. Expand Computer Configuration ► Policies ► Windows Settings ► Security Settings ► Local Policies and click Security Options. 8. Right click Network access: Sharing and security model for local accounts from the right panel and click Properties. 80 Miscellaneous GFI WebMonitor 2009 9. In the Security Policy Setting, click Define this policy setting and make sure that Classic – local users authenticate as themselves is selected. 10. Click OK to apply changes. 11. Close Group policy Management Editor and save the management console created. This information is also available in KBase: http://kbase.gfi.com/showarticle.asp?id=KBID003666 GFI WebMonitor 2009 Miscellaneous 81 10 Troubleshooting 10.1 Introduction The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: 10.2 The manual – most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support Common Issues Issue encountered Solution Client browsers are still retrieving old proxy Internet settings although the browsers are configured to automatically detect settings. Internet explorer may not refresh cached Internet settings so clients will retrieve old Internet settings. Refreshing settings is a manual process on each client browser. For more information, refer to Refresh cached Internet Explorer settings section within Miscellaneous chapter in GFI WebMonitor Getting Started Guide. Or visit: http://technet.microsoft.com/enus/library/cc302643.aspx Clients are required to manually authenticate when browsing, even when Integrated authentication is used. Integrated authentication will fail when a client computer security policy is authenticating as guest. To view more information on how to change network access policy see Configure Network Access policy section in this manual. Clients using Mozilla Firefox browsers are repeatedly asked to enter credentials when GFI WebMonitor standalone proxy is installed. The server and the client machine will use NTLMv2 for authentication when; GFI WebMonitor is installed on Microsoft Windows 2008 and LAN Manager authentication security policy is defined as Send NTLMv2 response only and The client machine LAN Manager is not defined (Default settings in Windows 7) NTLMv2 is not supported in Mozilla Firefox and the user browser will repeatedly ask for credentials. To solve this issue do one of the following : 1. From the GFI WebMonitor navigation bar select Configuration ► Proxy Settings node. 2. Under Use WPAD for network clients, select Publish the host name of the GFI WebMonitor proxy in WPAD Or GFI WebMonitor 2009 Troubleshooting 83 On the Microsoft Windows 2008 server: 1.Click Start ► Administrative Tools ► Local Security Policy. 2. Expand Local Policies ► Security Options. 3. Form the right panel right click Network Security: LAN Manager authentication level and click Properties. 4. From the Network Security dialog select, Send LM & NTLM - use NTLMv2 session security if negotiated. 5. Click Ok and close Local Security Policy window. For more information visit: http://kbase.gfi.com/showarticle.asp?id=KBID001782 10.3 Knowledge Base GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most upto-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/. 10.4 Web Forum User to user technical support is available via the web forum. The forum can be found at http://forums.gfi.com/. 10.5 Request technical support If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. 10.6 Online: Fill out the support request form on: http://support.gfi.com/supportrequestform.asp. Follow the instructions on this page closely to submit your support request. Phone: To obtain the correct technical support phone number for your region please visit http://www.gfi.com/company/contact.htm. NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone. Build notifications We recommend that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm 84 Troubleshooting GFI WebMonitor 2009 Glossary Access Control A feature that allows or denies users access to resources. For example, internet access. Active Directory A technology that provides a variety of network services, including LDAP-like directory services. AD See Active Directory Administrator The person responsible to install and configure GFI WebMonitor. Anti-Virus Software that detects malware on a computer Bandwidth The speed and quantity of data transferred on a network. Blacklist A list that contains information about what should be blocked by GFI WebMonitor Chained Proxy When client machines connect to more than one proxy server before accessing the requested destination. Console A web-based interface that provides administration tools that enable the monitoring and management of internet traffic. Dashboard Enables the user to obtain graphical and statistical information related to GFI WebMonitor operations File Transfer Protocol A protocol used to transfer files between computers FTP See File Transfer Protocol Hidden Downloads Unwanted downloads from hidden applications (trojans, etc.) or forgotten downloads initiated by users. HTTP See Hypertext Transfer Protocol Hypertext Transfer Protocol A protocol used to transfer hypertext data between servers and internet browsers. Internet Browser An application installed on a client machine that is used to access the Internet. Internet Explorer Internet Explorer is a Microsoft Internet browser Internet Security and Acceleration Server A Microsoft product that provides firewall and web proxy services. Also enables administrators to manage Internet access through policies. ISA Server See Internet Security and Acceleration Server MSN See Windows Live Messenger NTLM NT LAN Manager is a Microsoft authentication protocol. Phising Unwanted software designed to publish sensitive information like credit card numbers Proxy Server A server or software application that receives requests from client machines and responds according to filtering policies configured in GFI WebMonitor Quarantine A temporary storage for unknown data, that awaits approval from an administrator Spyware An unwanted software that publish private information to an external source GFI WebMonitor 2009 Troubleshooting 85 SQL Server Is a Microsoft database management system used by GFI WebMonitor to store and retrieve data. Uniform Resource Locator The Uniform Resource Locator is the address of a web page on the world wide web. URL See Uniform Resource Locator User Agent A client application that connects to the internet and performs automatic actions.. Virus An unwanted software that infects a computer. WAN See Wide Area Network Web Proxy Autodiscover y Protocol A protocol used by clients to locate the web browser proxy settings. Web Traffic The sent and received date by clients, over the network to a website WebFilter A configurable database that categorize access according to user/group/IP addresses and time. WebGrade A database in GFI WebMonitor, used to categorize access contents WebSecurity WebSecurity contains multiple anti-virus engines scans downloaded web traffic by the clients Whitelist A whitelist is a list that contains information about what is being allowed by GFI WebMonitor Wide Area Network The External network were resides the World Wide Web Windows Live Messanger An instant messaging application developed by Microsoft used to communicate on the internet. WPAD See Web Proxy Autodiscovery Protocol 86 Troubleshooting GFI WebMonitor 2009 ISA Server 85 Index K Kaspersky 54, 55 L Language 63 A license 37, 53, 84 Access Control 59, 60, 85 M Active connections 9 Active Directory 74, 78, 79, 85 Activity log 9 Malicious 10 monitoring 1, 59, 62, 85 MSN 39, 44, 45, 85 Add Content-type 44 Available Categories 35 B Bandwidth consumption 9, 12 Blacklist 23, 26, 27, 85 browsing 1, 13, 15, 16, 62 C P Past connections 9, 10 Phishing 1, 4, 39, 55, 56, 57 policy 23, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 73, 74 Proxy 59, 62, 63, 64, 67, 83, 85, 86 cache 59, 61, 62 Console 79, 80 Q D Quarantine 4, 31, 41, 49, 72, 73, 74, 85 Dashboard 3, 4, 5, 6, 7, 8, 85 Quarantined 4, 5, 72, 74, 75 Data Retention 62 database 29, 37, 38, 55, 56, 59, 67, 70, 86 downloads 1, 4, 9, 10, 11, 39, 48, 85 F FTP 85 G General Settings 59, 61 GPO 79 R reporting 59, 62, 67, 69, 70, 71 ReportPack 67 S scanning engine 53, 54 Sites history 9 snap-ins 79 Snap-Ins 80 Spyware 1, 52, 53, 55, 85 SQL 70, 86 H Hidden Downloads 10 HTTP 6, 7, 67, 85 T Threats 8 Top Categories 6, 7, 13 I Top Hits Count 14, 15, 17, 19, 20 Instant Messaging 21, 44 Top Policy Breakers 4, 5, 15, 18 internet browser 66 Top Sites 12 GFI WebMonitor 2009 Index 87 Top Surfers 15, 16, 20 Trojans 1 U Unattended downloads 10 updates 10, 23, 29, 37, 53, 55, 56 URL 10, 11, 18, 21, 25, 29, 37, 38, 39, 62, 72, 86 Users history 9 V virus 4, 39, 48, 49, 50, 51, 52, 53, 60, 86 viruses 1, 8, 39, 49 W Web Filtering 5, 29, 30, 31, 32, 33, 34, 35, 36, 37, 72, 73 web traffic 1, 67, 86 WebFilter 1, 3, 5, 23, 29, 34, 37, 59, 86 WebGrade 29, 36, 37, 38, 60, 86 WebSecurity 1, 5, 23, 39, 43, 44, 47, 48, 51, 52, 53, 55, 56, 57, 59, 86 Whitelist 11, 12, 23, 24, 25, 26, 62, 72, 74, 86 wildcards 24, 26, 27 Windows Live Messenger 39, 44, 45, 85 WPAD 65, 83, 86 88 Index GFI WebMonitor 2009