Subido por Kato Stratocaster

Webmonitor 2009 Configuration Manual

Anuncio
GFI WebMonitor 2009
Administration and
Configuration Manual
By GFI Software Ltd.
http://www.gfi.com
E-mail: [email protected]
Information in this document is subject to change without notice.
Companies, names, and data used in examples herein are fictitious
unless otherwise noted. No part of this document may be reproduced
or transmitted in any form or by any means, electronic or mechanical,
for any purpose, without the express written permission of GFI
SOFTWARE LTD.
Document Version: WEBMON-ACM-EN-1.0.7
Last updated: November 10, 2009.
Contents
1
Introduction
1.1
1.2
2
3
3
9
Introduction
Active Connections
Past Connections
Hidden Downloads
Bandwidth consumption
Sites History
Users History
Site History Details
User History Details
Activity Log
9
9
9
10
12
13
15
18
20
21
23
Introduction
Configuring the Whitelist
Configuring the blacklist
Using wildcards
23
23
26
27
29
Introduction
Configuring Web Filtering policies
Configuring advanced web filtering policy conditions
WebGrade Database settings
29
29
35
36
WebSecurity Edition - File scanning and download control
6.1
6.2
6.3
6.4
6.5
6.6
7
Introduction
The GFI WebMonitor dashboard
WebFilter Edition - Site rating and content filtering
5.1
5.2
5.3
5.4
6
3
Configuring allowed and blocked websites
4.1
4.2
4.3
4.4
5
1
1
Monitoring Internet activity
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
4
About this manual
Terms used in this manual
Using the GFI WebMonitor dashboard
2.1
2.2
3
1
Introduction
Download Control policies
Configuring Instant Messaging (IM) Control Policies
Configuring Virus Scanning Policies
Scanning Engines
Anti-Phishing Engine
39
39
44
48
52
55
Configuring GFI WebMonitor
7.1
7.2
7.3
7.4
7.5
GFI WebMonitor 2009
39
59
Introduction
Administrative Access Control
Notifications
General Settings
Proxy Settings
59
59
60
61
63
Introduction  i
7.6
8
67
Quarantine
8.1
8.2
9
Reporting
72
Introduction
Approving or Deleting items
72
72
Miscellaneous
9.1
9.2
77
Introduction
Configure Network Access policy
77
77
10 Troubleshooting
10.1
10.2
10.3
10.4
10.5
10.6
83
Introduction
Common Issues
Knowledge Base
Web Forum
Request technical support
Build notifications
83
83
84
84
84
84
Glossary
85
Index
87
ii  Introduction
GFI WebMonitor 2009
1
Introduction
GFI WebMonitor is a comprehensive monitoring solution that enables
you to monitor and filter network users’ web traffic (browsing and file
downloads) in real-time. It also enables you to block web connections
in progress as well as to scan traffic for viruses, trojans, spyware and
phishing material.
It is the ideal solution to transparently and seamlessly exercise a
substantial degree of control over your network users’ browsing and
downloading habits. At the same time, it enables you to ensure legal
and best practice initiatives without alienating your network users.
1.1
About this manual
The aim of the Administration and Configuration Manual is to help
you use and configure GFI WebMonitor on your network.
This manual is structured as follows:
Chapter 1
Introduces this manual and its use.
Chapter 2
How to access and use GFI WebMonitor’s dashboard.
Chapter 3
How to monitor internet activity.
Chapter 4
How to configure allowed and blocked entities.
Chapter 5
How to configure WebFilter Edition policies.
Chapter 6
How to configure WebSecurity Edition policies.
Chapter 7
How to configure GFI WebMonitor settings.
Chapter 8
How to configure and manage quarantined items.
Chapter 9
Provides information on topics that do not strictly fall
within other chapters.
Chapter 10
Provides troubleshooting information on common
issues.
Glossary
Explains specific technical terms used in this manual.
Getting Started Guide
Detailed installation guidelines are provided in a separate manual
called Getting Started Guide, which is downloadable from the GFI
web site:
http://www.gfi.com/webmon/webmon2009gsg.pdf
The getting started guide provides detailed information on how to
select your deployment environment and install GFI WebMonitor with
default settings.
1.2
Terms used in this manual
The following terms are used in this manual:
“NOTE:”
GFI WebMonitor 2009
Introduction  1
o
Provides additional information and references essential
for the operation of GFI WebMonitor.
“IMPORTANT:”
o
Provides important information such as warnings and
cautions
regarding potential issues
commonly
encountered.
For any technical terms and their definitions as used in this manual,
refer to the Glossary chapter in this manual.
2  Introduction
GFI WebMonitor 2009
2
2.1
Using the GFI WebMonitor
dashboard
Introduction
The Dashboard node enables you to obtain graphical and statistical
information related to GFI WebMonitor’s operation. This includes:
2.2

Usage and operations statistics

Hits over time and bandwidth usage trend charts

WebFilter statistics

Last blocked requests and security threats.
The GFI WebMonitor dashboard
Screenshot 1 - GFI WebMonitor Dashboard
GFI WebMonitor 2009
Using the GFI WebMonitor dashboard  3
Click the Dashboard node in the navigation bar to access the GFI
WebMonitor Dashboard. The dashboard shows the information
described in the sections below.
NOTE: Click the
dashboard.
icon in the top right hand corner to refresh the
Dashboard: Statistics
Screenshot 2 – Dashboard: Operation Statistics
The information provided in this table enables you to obtain information
on a number of important operational elements of GFI WebMonitor.
Select the hyperlink next to Current Active Connections to view the
Active Connections page. This page is also accessible from the
Monitoring node. For more information, refer to section 3.2 Active
Connections in this manual.
Select the hyperlink next to Current items in Quarantine to view a
summary of the quarantine folder. Quarantined items can also be
accessed from the Quarantine node. For more information, refer to the
section Viewing quarantined items in this manual.
AV Scanned Downloads represents the total downloads scanned by
the anti-virus engines. For more information, refer to the section
Scanning Engines in this manual.
Select the other hyperlinks within Today’s statistics to view further
detail on the statistics as summarized below.
Feature
Quarantined
Blocked
AV & Anti Phishing
Selecting the hyperlink
under Quarantined allows
you to approve or delete
quarantined items in the
Virus Scanning Policies
category.
For
further
information, refer to the
section named Viewing
quarantined items.
Selecting the
hyperlink under Blocked.
allows you to view the
Top
Policy Breakers
Report.
For further
information,
refer to the section named
Top Policy Breakers.
Download & IM
Selecting the hyperlink
under Quarantined allows
you
to
manage
Downloads,
For further information,
refer to the section named
Selecting the
hyperlink under Blocked
allows you to view the
Top
Policy Breakers
Report.
For further
information,
4  Using the GFI WebMonitor dashboard
GFI WebMonitor 2009
Download
policies.
Web Filtering
Control
refer to the section named
Top Policy Breakers.
Selecting the hyperlink
under Quarantined allows
you to approve or delete
quarantined items in the
Download
Control
Policies category.
For further information,
refer to the section named
Viewing
quarantined
items.
Selecting the
hyperlink under Blocked
allows you to view the
Top
Policy Breakers
Report.
For further
information,
refer to the section named
Top Policy Breakers.
Dashboard: WebSecurity/WebFilter Status and usage chart
Screenshot 3 – Dashboard: WebSecurity and WebFilter status and usage chart
The WebSecurity/WebFilter status and usage chart enables you to:
1. Know whether the WebSecurity and WebFilter components are
active or not.
2. View a graphical representation of the correlation between the
number of hits and bandwidth use for the current day.
Dashboard: Hits Over Time chart
Screenshot 4: Dashboard: Hits Over Time chart
The Hits Over Time chart is a graphical representation of the total
number of hits per day over the last 30-day period and includes the
current day. This enables you to identify a pattern of how website hits
fluctuate on a day-by-day basis and to identify any anomalies.
GFI WebMonitor 2009
Using the GFI WebMonitor dashboard  5
Dashboard: Bandwidth Usage Trends chart
Screenshot 5 - Dashboard: Bandwidth Usage Trends graph
The Bandwidth Usage Trends chart is a graphical representation of the
total bandwidth use per day over the last 30-day period and includes
the current day. This enables you to identify patterns and trends of how
bandwidth is utilized on a day-by-day basis and to identify spikes and
anomalies.
Dashboard: Top Categories (Sites) chart
Screenshot 6 - Dashboard: Top Categories (Hits) Chart
The top categories (sites) chart is a graphical representation of the top
hits (HTTP requests) split by categories. This enables you to gain
knowledge on which categories of sites are being visited by web users.
6  Using the GFI WebMonitor dashboard
GFI WebMonitor 2009
Dashboard: Top Categories (Bandwidth) chart
Screenshot 7 - Dashboard: Top Categories (Bandwidth) Chart
The top categories (bandwidth) chart is a graphical representation of
bandwidth use split by categories. This enables you to identify how
your bandwidth is being utilized vis-à-vis the website categories
browsed by users.
Dashboard: Top blocked categories (Hits) chart
Screenshot 8 - Dashboard: Top Blocked Categories chart
This chart is a graphical representation of the blocked HTTP requests
according to the reason why these were blocked. It effectively enables
you to identify the main reasons of why requests were blocked.
GFI WebMonitor 2009
Using the GFI WebMonitor dashboard  7
Dashboard: Last blocked requests list
Screenshot 9 - Dashboard: Last Blocked Requests list
The last blocked request list displays the latest list of users/IPs who
have had blocked requests. This enables you to identify problems with
blocked requests regardless of whether these blocked requests are
reported to you or not.
Dashboard: Last blocked security threats list
Screenshot 10 - Dashboard: Last Blocked Security Threats list
The last blocked Security Threats list displays a list of threats/viruses
detected by GFI WebMonitor and the users/IPs where these occurred.
This enables you to identify security issues as early as possible
enabling you to take preventive measures before your network security
is breached.
8  Using the GFI WebMonitor dashboard
GFI WebMonitor 2009
3
3.1
Monitoring Internet activity
Introduction
Use the Monitoring node and its sub-nodes to examine current and
historical web request data processed by GFI WebMonitor. Through
these nodes, you can view data related to:
3.2

Active connections

Past connections

Bandwidth consumption

Sites history

Users history

Activity log
Active Connections
Active connections provide information related to current active
connections.
Screenshot 11 – Active connections
Click Monitoring ► Active Connections in the navigation bar to
access the Active connections view.
Through this view, you can terminate active Internet connections. (e.g.,
interrupt file downloads that are taking up too much bandwidth). To
interrupt connections, click on the
button in the Status column of
the connection and the download will be terminated.
NOTE: The information displayed is not refreshed automatically. Click
on the refresh button
on the upper right corner of the view to
update the information being shown.
3.3
Past Connections
The Past connections view shows the last 2000 complete
connections processed by GFI WebMonitor.
GFI WebMonitor 2009
Monitoring Internet activity  9
Screenshot 12 – Past connections
Click Monitoring ► Past Connections in the navigation bar to access
the Past connections view.
The information is sorted by time, with the latest URL accessed listed
on top.
NOTE: The information displayed is not automatically refreshed. Click
on the refresh button
on the upper right of the view to update the
information being shown.
3.4
Hidden Downloads
The Hidden Downloads view enables the administrator to monitor all
unattended downloads from user machines. An unattended download
can be one of the following:

Valid updates started automatically from the user’s machine

Unwanted downloads by hidden applications

Interrupted / forgotten downloads initialized by the user. These are
downloads that are started by the user and not saved within 15
minutes

Malicious downloads that will take advantage of computer software
vulnerabilities using sequences of commands.
Screenshot 13 – The Hidden Downloads view
The Hidden Download option displays the following information:
Name
Description
Last Time
The last time the same URL was accessed if the URL radio
10  Monitoring Internet activity
GFI WebMonitor 2009
button is selected, or the last time the same user agent was
used if the User Agent radio button is selected.
Count
Real
type
Content
Type
The number of times the hidden download was accessed.
File
The file type of a hidden download. Click one of the Display
radio buttons to show All file types or show Only Executables
and Packages.
The content type of the hidden download as suggested from the
web content-type. To add a content type see Adding Contenttypes
Expand an entry to view each time the hidden download was
accessed.
Name
Description
Time
The date and time the Hidden download was accessed.
User
Click the User to display all hidden downloads accessed by the
selected user.
IP
Click the IP address to display all hidden downloads accessed
by the selected IP.
Size
The download size.
From the Group By radio buttons select one of the following display
options:

URL to show the URL of the downloaded file

User Agent to display the agent that started the hidden download.

IP to display the IP address of the URL that started the hidden
download.
3.4.1 Add hidden downloads to Whitelist
Click on a hidden download to launch the Permanent Whitelist option.
To allow the selected URL to be Whitelisted. click Add.
GFI WebMonitor 2009
Monitoring Internet activity  11
Screenshot 14 – Whitelist hidden download
3.5
Bandwidth consumption
The Bandwidth Consumption node allows you to monitor bandwidth
usage through the following reports:
3.5.1 Top Sites
The Top Sites node, displays websites visited details, sorted by
bandwidth with the site having the highest bandwidth at the top. The
list displays also the number of times a website was accessed (Hits)
and the Web Category, that briefly describes the web site contents
Group by Domains
The list can be grouped by website-visited domain if Group by
Domains in the Display Filters group is selected.
To view each site visited from the selected domain click the domain
entry, this displays Site Access History in a new page. Site Access
History contains also the traffic over time chart and the hits over time
chart. See Traffic Charts. Click a site entry to view the list of users that
visited the site. See User History Details.
Hide Referrals
When selected this option the list will contain most likely websites
manually entered by the user into browser. All linked sub-sites will be
hidden.
3.5.2 Top Users
This node displays websites, sorted by windows user or IP address.
This report is sorted with the user who consumes the most bandwidth
at the top. For unauthenticated users the IP address is displayed.
12  Monitoring Internet activity
GFI WebMonitor 2009
3.5.3 Top Categories
This node displays the top categories browsed with the categories
carrying the highest bandwidth on top.
3.5.4 Traffic Charts

Show Traffic Over Time Chart to view a graph that shows the
traffic during the selected date.

Show Hits Over Time Charts to view a graph that reports the
number of hits by time of day.

Show IM Messages Over Time Chart to view the number of
Instant Messages received\sent during the selected date.
3.5.5
View data by date
By default, this view lists today’s default date. To view data for other
days, use the controls on the upper right of the view:

Previous day – click on the back button

Next day –click on the forward button

Specific date – click on the calendar button , select the required
date and click Go to retrieve data for that date.
.
.
NOTE: If no data for a specific date is available (e.g. a future date is
selected), an error message stating that data was unable to be
retrieved is displayed.
NOTE: The information displayed is not automatically refreshed. Click
refresh button
on the upper right of the view to update the
information selected.
3.6
Sites History
The Sites History node enables you to identify:

The sites which are most frequently visited by your network users

The total browsing time per site.
3.6.1 Top Time Consumption
The Top Time Consumption view lists the sites on which network
users spent most time browsing for a specific date. The information
displayed includes:

Site. The sites which were accessed

Surf time. The time spent browsing each site

File types. The file types accessed from each site

Accessed by User / IP. The users/IPs that accessed the site.
The list can be sorted either alphabetically by site in ascending order,
or by surf time in descending order (the site on which most time was
spent is listed on top), by selecting the appropriate header.
GFI WebMonitor 2009
Monitoring Internet activity  13
Screenshot 15 – Sites History: Top Time Consumption
Click Sites History ► Top Time Consumption to access the Top
Time Consumption view.
By default, this view lists today’s default date. To view data for other
days, use the controls on the upper right of the view:

Previous day – click on the back button

Next day –click on the forward button

Specific date – click the calendar , select the required date, and,
click Go to retrieve information for that date.
NOTE: If no data for a specific date is available (e.g. a future date is
selected), an error message stating that data was unable to be
retrieved is displayed.
You can also click on any of the sites listed to bring up the Site
History Details view. For more information, refer to the Site History
Details section in this chapter.
3.6.2 Top Hits Count
The Top Hits Count view lists the sites that were most frequently
accessed by network users on a specific date. The information
displayed includes:

Sites - The sites that were accessed

Hits - The number of times that each site was accessed (i.e., the
number of hits)

The file types accessed from each site

Accessed by User / IP - The users/IPs that accessed the site

Graphical representations of site hits over time.
The list can be sorted either alphabetically in ascending order by site,
or in descending order of popularity (the site with most hits is listed on
top).
14  Monitoring Internet activity
GFI WebMonitor 2009
Screenshot 16 – Sites History: Top Hits Count
Click Sites History ► Top Hits Count in the navigation bar to access
the Top Hits Count view.
To access graphs showing hits over time per site, select the Show
Hits Over Time Charts option.
By default, this view lists today’s default date. To view data for other
days, use the controls on the upper right of the view:

Previous day – click on the back button

Next day –click on the forward button

Specific date – click on the calendar button , select the required
date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message
stating that data was unable to be retrieved will be displayed.
To view further details on the sites visited by users, click on the users
listed on User/IP heading. For more information, refer to the Site
History Details section in this chapter.
3.7
Users History
The Users History provides details of which users spent most time
browsing sites also includes details of sites that were most frequently
accessed. Three types of reports are available:

Top Surfers

Top Hits Count

Top Policy Breakers
GFI WebMonitor 2009
Monitoring Internet activity  15
3.7.1 Top Surfers
Screenshot 17 – Users History: Top Surfers
Click Users History ► Top Surfers in the navigation bar to access
the Top Surfers view.
The Top Surfers view lists the time spent by network users browsing
sites on a specific date. The information displayed includes:

User / IP. The users/IPs that browsed sites

Surf Time. The time spent browsing sites

Sites Accessed. Are sites accessed by each user.
The list can be sorted either by user/IP in ascending order, or by time
spent browsing in descending order (the site on which most time was
spent is listed on top).

To sort by user/IP, click on the User/IP column heading.

To sort by time spent on the site, click on the Surf Time column
heading.
By default, this view lists today’s default date. To view data for other
days, use the controls on the upper right of the view:

Previous day – click on the back button

Next day –click on the forward button

Specific date – click the calendar button , select the required
date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message
stating that data was unable to be retrieved will be displayed.
You can also click on any of the users/IPs listed to review User
History Details.
16  Monitoring Internet activity
GFI WebMonitor 2009
3.7.2 Top Hits Count
Screenshot 18 – Users History: Top Hits Count
Click Users History ► Top Hits Count in the navigation bar to access
the Top Hits Count view.
The Top Hits Count view lists the users with the highest number of
site accesses on a specific date. The information displayed includes:

User/IP - The users/IPs that browsed sites.

Hits - The number of site accesses made by each user.

Sites accessed - Sites accessed by each user.

Graphical representations of site hits over time.
The list can be sorted either by User/IP in ascending order, or by hits
in ascending or descending order. By default, the user with the most
site accesses is listed on top.

To sort by user/IP, click on the User/IP column heading.

To sort by site accesses, click on the Hits column heading.
To display graphs showing hits over time for each of the sites listed,
select the Show Hits Over Time Charts checkbox. Charts displayed
indicate the number of hits by time of day for the specified date by
user/IP.
By default, this view lists today’s default date. To view data for other
days, use the controls on the upper right of the view:

Previous day – click on the back button

Next day –click on the forward button

Specific date – click on the calendar button , select the required
date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message
stating that data was unable to be retrieved will be displayed.
You can also click on any of the users/IPs listed to review User
History Details. For more information, refer to the User History Details
section in this chapter.
GFI WebMonitor 2009
Monitoring Internet activity  17
3.7.3 Top Policy Breakers
Screenshot 19 – Users History: Top Policy Breakers
To view the users that breached most policies, navigate to GFI
WebMonitor ► Monitoring ► Users History ► Top Policy
Breakers.
When a users/IP is clicked, an activity log showing the Time,
Category, URL, and, IP address is displayed. By default, this view lists
the data of the day. To view data for other days, use the controls on
the upper right of the view:

Previous day – click on the back button

Next day – click on the forward button

Specific date – click the calendar button , select the required
date, and, click Go to retrieve data for that date.
NOTE: If no data for a specific date is available (e.g. a future date is
selected), an error message stating that data was unable to be
retrieved is displayed.
3.8
Site History Details
Screenshot 20 – Site History Details
18  Monitoring Internet activity
GFI WebMonitor 2009
Click Sites History ► Top Time Consumption (or Top Hits Count)
to access Site History Details view. From the view pane, select one of
the listed sites in the Site column.
This view shows the following information:

User / IP - All users/IPs who have accessed that site on the
specified date.

Hits -The number of times the site was accessed by each user.

The file types accessed from the site by each user.

A graphical representation of total site hits over time, for all users.

A graphical representation of user site hits over time, for each user
listed.

A graphical representation of traffic over time for each of the file
types shown, for each user.
To display the graph showing total site hits over time for all users,
select the Show Hits Over Time Chart checkbox. This graph assists
you in identifying the time period(s) for the specified dates during which
the site was most frequently accessed by users.
To display the graph showing total site hits over time for a specific
user, hover with the mouse pointer over the number of hits for any one
of the users/IPs listed. A chart pops up showing the access pattern and
frequency of the user during the day.
To display the graph showing download/upload traffic over time for a
specific file type, for a specific user, hover with the mouse pointer over
one of the file types shown for any one of the users/IPs listed.
You can also click on any one of the users/IPs listed review ‘User
History Details’ view. For more information, refer to the User History
Details section in this chapter.
GFI WebMonitor 2009
Monitoring Internet activity  19
3.9
User History Details
Screenshot 21 – User History Details
Click Users History ► Top Surfers (or Top Hits Count) to access
User History Details view. From the view pane, select one of the
listed users/IPs in the User/IP column.
The User History Details view shows the following for a specific user:

Site shows the sites accessed on a specified date - To display a
graph showing total site hits over time, select the Show Hits Over
Time Chart option. This chart helps you to identify the time
period(s) for the specified date during which the user accessed the
listed sites.

Hits shows the number of times the site was accessed- To display
a graph showing specific site hits over time for the user, hover with
the mouse pointer over the number of hits for any one of the sites
listed under heading File types. A chart pops up showing the
specified site access pattern and frequency by the user during the
day.

File Types shows real file types retrieved from a particular site- To
display the graph showing download/upload traffic over time for a
20  Monitoring Internet activity
GFI WebMonitor 2009
specific file type, for a specific site, hover with the mouse pointer
over one of the file types shown for any one of the sites listed.

To view an Instant Messaging traffic over time graph click IM
Messages Over Time Chart. This chart will display the frequency
of received\sent IM messages during the day selected.
You can also click on any of the sites listed to review Site History
Details. For more information, refer to the Site History Details section
in this chapter.
3.10
Activity Log
Screenshot 22 – GFI WebMonitor Activity Log
Click Activity Log node in the navigation bar, to access the Activity
Log view.
The Activity Log view shows all GFI WebMonitor activity related to:

Items which have been blocked or quarantined

Processes that have failed.
The Activity Log view shows the following:

The User/IP who carried out the activity

Date and time when the activity took place

Description of the activity which took place and the reason why
items which have been blocked or quarantined

URL accessed.
Click on the refresh button
the information being shown.
GFI WebMonitor 2009
on the upper right of the view to update
Monitoring Internet activity  21
4
4.1
Configuring allowed and blocked
websites
Introduction
Whitelists and blacklists are content scanning policies that override all
policy settings set up in WebFilter and WebSecurity Editions.
The Whitelist is a list of sites, users and IPs approved by the
administrator to be excluded from all policies configured in GFI
WebMonitor. Besides the Permanent Whitelist, there is also a
Temporary Whitelist, used to temporarily approve access to a site for
a user or IP. Since all WebFilter and WebSecurity policies are
overridden, the Whitelist feature should be used with extreme caution.
The Blacklist is a list of sites, users and IPs which should always be
blocked irrespective of the policies are overridden, the Whitelist feature
policies configured in GFI WebMonitor.
The Blacklist takes priority over the Whitelist in GFI WebMonitor. If a
site is therefore listed in the Blacklist and that same site is listed in the
Whitelist, the site will be blocked.
4.2
Configuring the Whitelist
To access the Whitelist click on the Whitelist node in the navigation
bar.
4.2.1 Preconfigured items
By default, GFI WebMonitor includes a number of preconfigured sites
in the Permanent Whitelist. These include GFI websites to allow
automatic updates to GFI WebMonitor and Microsoft websites to allow
automatic updates to Windows. Removing any of these sites may
preclude important updates from being automatically effected.
4.2.2 Adding items to the Permanent Whitelist
To add an item to the Permanent Whitelist:
1. Click on the Whitelist node and select the Permanent Whitelist
tab.
GFI WebMonitor 2009
Configuring allowed and blocked websites  23
Screenshot 23 – GFI WebMonitor Whitelist
2. From the drop-down lists, select whether a User, IP or Site will be
added to the whitelist and provide the user(s), group(s) and/or IP(s) for
whom the new whitelist item applies. Repeat for all user(s), group(s)
and/or IP(s) required.
NOTE: When adding a user to the whitelist, specify the username in
the format DOMAIN\user.
NOTE: When adding a site to the whitelist, you can use wildcards. For
more information, refer to the Using wildcards section in this chapter.
3. Click on Add to add the new item to the list and on Save Settings to
finalize setup.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
4.2.3 Delete items from the Permanent Whitelist
To remove an item from the Permanent Whitelist:
1. Click on the Whitelist node and select the Permanent Whitelist
tab.
2. Click on the delete icon
next to the item you want to delete.
3. Complete deleting whitelist items by clicking on Save Settings
NOTE: Failing to click on Save Settings means that you will lose
whitelist settings as soon as you leave the view to move to another
section in GFI WebMonitor.
24  Configuring allowed and blocked websites
GFI WebMonitor 2009
4.2.4 Adding items to the Temporary Whitelist
To add an item to the Temporary Whitelist:
Screenshot 24 – Temporary Whitelist
1. Click on the Whitelist node and select the Temporary Whitelist
tab.
Screenshot 25 – Temporary Whitelist: Granting temporary access
2. Click Add and select whether temporary access will be granted to a
user or IP. Provide the details of the User or IP to be granted
temporary access as well as the URL and the number of hours.
GFI WebMonitor 2009
Configuring allowed and blocked websites  25
NOTE: When granting temporary access to a user, specify the
username in the format DOMAIN\user.
NOTE: When adding a site to the Whitelist, you can use wildcards. For
more information, refer to the Using wildcards section in this chapter.
3. Click on Add to add the new item to the list and on Save Settings to
finalize setup.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
NOTE: The number of hours during which the user or IP has access to
a site are applicable from the moment Save Settings is clicked.
NOTE: Time remaining before access is revoked can be viewed in the
For (hours) column in the Temporary Whitelist view.
4.2.5 Removing items from the Temporary Whitelist
1. Click on the Whitelist node and select the Temporary Whitelist
tab.
2. Click on the delete icon
next to the item you want to delete.
3. Complete deleting whitelist items by clicking on Save Settings
NOTE: Failing to click on Save Settings means that you will lose
whitelist settings as soon as you leave the view to move to another
section in GFI WebMonitor.
4.3
Configuring the blacklist
4.3.1 Adding items to the Blacklist
To add an item to the Blacklist:
1. Select Blacklist node from navigation bar.
Screenshot 26 – GFI WebMonitor Blacklist
2. From the drop-down lists, select whether a User, IP or Site will be
added to the blacklist and provide the user(s), group(s) and/or IP(s) for
26  Configuring allowed and blocked websites
GFI WebMonitor 2009
whom the new blacklist item applies. Repeat for all user(s), group(s)
and/or IP(s) required.
NOTE: When adding a user to the blacklist, specify the username in
the format DOMAIN\user.
NOTE: When adding a site to the blacklist, you can use wildcards. For
more information, refer to the Using wildcards section in this chapter.
3. Click on Add to add the new item to the list and on Save Settings to
finalize setup.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
4.3.2 Delete items from the Blacklist
To delete an item from the Blacklist:
1. Select Blacklist node from navigation bar.
2. Click on the delete icon
next to the item you want to delete.
3. Complete deleting blacklist items by clicking on Save Settings
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
4.4
Using wildcards
When adding a site to the whitelist or blacklist, you can use wildcards
as shown in the examples below:
Example
Description
*.com
Allow/block all ‘.com’ top-level domains
*.website.com
Allow/block all sub domains of the ‘website.com’ domain
GFI WebMonitor 2009
Configuring allowed and blocked websites  27
5
5.1
WebFilter Edition - Site rating and
content filtering
Introduction
GFI WebMonitor uses WebFilter and the WebGrade database to
manage Internet access of users, groups or IPs based on site
categories. The category of a particular site is determined through the
WebGrade Database; if a site is listed in the database, GFI
WebMonitor then uses the configured web filtering policies to
determine what action to take. This may be one of the following
actions:

Allow access to site

Block access to site and quarantine the related file URL

Block access to site and delete related URLs.
Policies can be customized to apply during specific time periods, for
example, a policy can enable users to access news and entertainment
related sites during lunch breaks but not during working hours.
Pre-defined site categories include pornography, adult themes, games,
violence and others. The database is updated on a regular basis and
updates are automatically downloaded to GFI WebMonitor.
5.2
Configuring Web Filtering policies
5.2.1 Adding a Web Filtering Policy
To add a Web Filtering Policy:
1. Click on WebFilter Edition ► Web Filtering Policies from the
navigation bar.
2. Select Add Policy.
GFI WebMonitor 2009
WebFilter Edition - Site rating and content filtering  29
Screenshot 27 –Adding a Web Filtering policy: general settings
3. Click on the General tab.
4. Provide new policy name and description in the Policy Name field
and the Policy Description text box respectively.
5. In the Policy Schedule area, specify the time period(s) during which
the new policy will be enforced.
30  WebFilter Edition - Site rating and content filtering
GFI WebMonitor 2009
Screenshot 28 –Adding a Web Filtering policy: web filtering categories
6. Select the Web Filtering tab. Define the categories applicable to the
new policy and the actions to take:

Allow categories: Select categories from the Blocked Categories
list and click Allow>.

Block categories: Select categories from the Allowed Categories
list and click <Block.

Quarantine access: Select categories
Categories list and click <Quarantine.
from
the
Allowed
NOTE: You can also configure advanced category conditions by
selecting the Show Advanced Options. For more information, refer to
the Configuring advanced web filtering policy conditions section.
GFI WebMonitor 2009
WebFilter Edition - Site rating and content filtering  31
Screenshot 29 – Adding a Web Filtering policy: web filtering exceptions
7. Select the Exceptions tab and in the Excluded Sites and Included
Sites fields specify any URLs, which are:

Excluded (i.e. allowed) from the policy. This enables users to
access sites overriding any policy setup.

Included (i.e. blocked) in the new policy. The URLs specified in the
included sites will be blocked regardless of the scope of the new
policy.
NOTE: The Exceptions tab is similar to a whitelist/blacklist feature
that overrides any rules within the policy.
32  WebFilter Edition - Site rating and content filtering
GFI WebMonitor 2009
Screenshot 30 –Adding a Web Filtering policy: who it applies to
8. Click on the Applies To tab and specify the user(s), group(s) and/or
IP(s) for whom the new policy applies. Repeat for all user(s), group(s)
and/or IP(s) required.
NOTE: When adding a user, specify the username in the format
DOMAIN\user.
Screenshot 31 – Adding a Web Filtering policy: Notifications
9. Click on the Notifications tab and select Notify the following
administrators when the site category infringes this policy
checkbox if required. Complete setup by updating administrator’s
notification email address and notification e-mail text.
If required, check Notify the user accessing the site if the site category
infringes this policy, and provide the body text for the notification email
in the Send the following notification to the administrator’s text box.
GFI WebMonitor 2009
WebFilter Edition - Site rating and content filtering  33
10. If you require the user to be notified when the policy you are
creating is triggered, select Notify the user accessing the site if the
site category infringes this policy checkbox and provide the
notification email text.
11. Complete new policy setup by clicking on Save Settings
The newly created policy will now be listed in the main Web Filtering
Policies view.
5.2.2 Editing a Web Filtering Policy
To edit a Web Filtering Policy:
1. Click on WebFilter Edition ► Web Filtering Policies from the
navigation bar.
2. Click on the edit icon
next to the policy you want to edit.
3. Refer to Adding a Web Filtering Policy section in this chapter, for a
description of the fields which can be edited.
4. Click on Save Settings to finalize editing a policy.
5.2.3 Disabling a Web Filtering Policy
To disable a Web Filtering Policy:
1. Click on WebFilter Edition ► Web Filtering Policies from the
navigation bar.
2. Uncheck the box from the Enabled column for the policy you want
to disable and click on Save Settings to finalize disabling a policy.
5.2.4 Enabling a Web Filtering Policy
1. Click on WebFilter Edition ► Web Filtering Policies from the
navigation bar.
2. Check the box from the Enabled column for the policy you want to
enable and click on Save Settings finalize enabling a policy.
5.2.5 Deleting a Web Filtering Policy
1. Click on WebFilter Edition ► Web Filtering Policies from the
navigation bar.
2. Click on the delete icon
for the policy you want to delete and click
on Save Settings finalize deleting a policy.
5.2.6 Default web filtering policy
GFI WebMonitor - WebFilter Edition ships with a default web filtering
policy which applies to all users. The policy name is listed as Default
Web Filtering Policy.
This policy can be edited but it cannot be disabled or deleted. If you
want to edit the default policy, refer to the Editing a Web Filtering
Policy section in this chapter for information related to editing web
filtering policies.
NOTE: All user-created web filtering policies take precedence over the
default web filtering policy.
34  WebFilter Edition - Site rating and content filtering
GFI WebMonitor 2009
NOTE: Certain fields in the default policy cannot be edited. These
include Policy Name, Policy Description and fields in the Applies To
tab.
5.3
Configuring advanced web filtering policy conditions
Advanced web filtering policy conditions give you greater flexibility in
defining which sites should be allowed or blocked. These advanced
policy conditions take precedence over categories you may have
already specified in the Allowed Categories and Blocked Categories
list boxes.
5.3.1 Adding an advanced web filtering policy condition
To create an advanced web filtering policy condition:
Screenshot 32 – Web filtering policy
1. From the Web Filtering tab click on Show Advanced Options.
2. Click on Add Condition to view the Edit Properties dialog where
you will create the advanced condition.
3. Specify a combination of categories, which will enable you to allow,
block or quarantine sites.
For example, to block sites which fall under the categories ‘Adult and
pornography’ AND ‘IM Client’:
a. Select ‘Adult and pornography’ from Available Categories list
box and click on Use Category
b. Select ‘IM Client’ from Available Categories list box and click
on Use Category
c. Select Block and Delete from the Perform this action: drop
down list and click OK to apply the condition.
4. Click on Save Settings to finalize settings.
GFI WebMonitor 2009
WebFilter Edition - Site rating and content filtering  35
NOTE: With this advanced policy, sites are not blocked if a site is listed
under individual categories. In the example above, a site is NOT
blocked if it only falls under the ‘Adult themes’ category. Likewise, the
site is NOT blocked if it only falls only under the ‘Sexuality’ category.
5.3.2 Editing an advanced web filtering policy condition
To edit an advanced web filtering policy condition:
1. From the Web Filtering tab click on Show Advanced Options.
2. Click on the advanced policy to edit to display the Edit Properties
dialog where you can edit the advanced condition.
3. Click OK to apply the changes you made.
4. Click on Save Settings to finalize settings.
5.3.3 Removing an advanced web filtering policy
condition
To delete an advanced web filtering policy condition:
1. From the Web Filtering tab click on Show Advanced Options.
2. Click on the delete icon
next to the advanced policy you want to
delete.
3. Click on Save Settings to finalize settings.
5.4
WebGrade Database settings
Screenshot 33 – WebGrade Database settings
Through the WebGrade Database settings view you can:

Enable/disable online lookups

Enable/disable the database
36  WebFilter Edition - Site rating and content filtering
GFI WebMonitor 2009

View the database status, version and license details

Configure database updates

Check the presence or validity of any URL with the active local
WebGrade database and send feedback.
1. Click WebFilter Edition ► Web Filtering Policies ► WebGrade
Database from the navigation bar to access the WebGrade Database
settings.
2. Check/uncheck Manage WebGrade Local Database updates
automatically and update the time within the hours field.
3. If required check Send an email notification to the administrator on
successfully updating the WebGrade Database
4. Click Save Settings to apply changes.
5.4.1 Enabling/disabling online lookups
1. Click on WebFilter Edition ► Web Filtering Policies ►
WebGrade Database.
2. Check and uncheck the Enable online lookup for URLs not
resolved by local database enables or disables this feature.
NOTE: This option is enabled by default when the user updates the
installation.
5.4.2 Viewing updated online lookups
Online lookup enables GFI WebMonitor to synchronize with a global
internet database server for reviewed URLs. To review changes after
these have been updated:
1. Click on WebFilter Edition.
2. Select Add Policy from the view pane. The Web Filtering Policy is
displayed within the view pane.
Categories are updated under the Blocked Categories and Allowed
Categories headings.
5.4.3 Enabling/disabling the database
To enable or disable the database:
1. Click on WebFilter Edition ► Web Filtering Policies ►
WebGrade Database
2. Check/uncheck the checkbox in the Enabled column enables or
disables the WebGrade Database.
NOTE: When the WebGrade database is disabled, the Web Filtering
policies cannot access the site categories.
5.4.4 Configure database updates
Through the checkboxes within the WebGrade Database Updates
area in the WebGrade Database settings view, you can:

Configure whether the WebGrade Database should be updated
automatically or manually

Configure the frequency with which available updates should be
installed
GFI WebMonitor 2009
WebFilter Edition - Site rating and content filtering  37

Configure if an email notification should be sent upon successful
updating of the WebGrade Database

Manually update the WebGrade Database by clicking Update
Now.
5.4.5 Checking URL categories
The Check URL category tool enables you to key in a URL and check
for its category within your active local WebGrade database. If the
category is not found or if the category listed in the local WebGrade
database does not match with the website’s category, you can report it
for update.
To check a URL category:
1. Enter URL in the check URL field
2. Click Check URL category. The category in the active local
WebGrade database is displayed beneath the URL field.
To report a missing or incorrect category, update the URL, click on
Submit Feedback, and fill out the form displayed in your browser, and,
click Submit.
38  WebFilter Edition - Site rating and content filtering
GFI WebMonitor 2009
6
6.1
WebSecurity Edition - File
scanning and download control
Introduction
GFI WebMonitor’s WebSecurity features scan and usage control
restrictions for various applications to users, IPs or groups on your
network. The control policies are:
6.2

Download Control Policies – Software download controls

IM Control Policies – Control use and access of MSN / Windows
Live Messenger

Virus Scanning Policies – configure which downloaded files
should be scanned for viruses and spyware.

Anti-Phishing Engine – Configure protection to network users
from phishing sites.
Download Control policies
GFI WebMonitor identifies the real file type of the file being
downloaded and then applies Download Control Policies to determine
what action to take. This may be one of the following actions:

Allow the file to be downloaded

Block the file from being downloaded and quarantine the file URL

Block the file from being downloaded and delete all related URLs
For allowed downloads, GFI WebMonitor then applies the configured
Virus Scanning Policies and determines its virus scanning options.
Screenshot 34 - Download Control Policies
6.2.1 Adding a new Download Control Policy
To add a download control policy:
1. Click on WebSecurity Edition ► Download Control Policies from
the navigation bar.
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  39
2. Click on Add Policy.
3. In the General tab provide a new policy name and description in the
Policy Name field and the Policy Description text box respectively.
Screenshot 35 - Add new download control policy: Download control tab
4. Click on the Download Control tab to configure the actions to be
taken on the various file types.
Screenshot 36 - Add new download control policy: Add new content type
5. To add a new file type select Add Content-Type button and enter
the new Content-Type and a Description. Click Add.
40  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 37 - Add new download control policy: Change Action dialog
6. Click on any file type from the list to display the Change Action
dialog and configure the actions to be taken for that file type. From the
Perform this action: drop down list select the applicable action to be
taken. The available options are:

Allow

Block and Quarantine

Block and Delete
Click OK to apply the action.
Screenshot 38 - Download control policies: Applies to tab
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  41
7. From the Applies To tab, specify the user(s), group(s) and/or IP(s)
for whom the new policy applies. Repeat for all user(s), group(s) and/or
IP(s) required.
NOTE: When adding a user, specify the username in the format
DOMAIN\user.
Screenshot 39 – Download control policies: Notification tab
8. Click on the Notifications tab and select Notify the following
administrators when the download content infringes this policy
checkbox if required. Enter the administrator’s email address and
notification email text, by updating the text for the notification email in
the Send the following notification to the administrators text box.
9. If you require the users to be notified when the policy you are
creating is breached, select the option Notify the user performing the
download when the downloaded content infringes this policy
checkbox and provide the notification email text.
10. Complete the new policy setup by clicking on Save Settings.
The policy created will be listed in the main Download Control
Policies view.
6.2.2 Editing a Download Control Policy
To edit a download control policy:
42  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
1. Click on WebSecurity Edition ► Download Control Policies from
the navigation bar.
2. Click on the edit icon
next to the policy you want to edit.
3. Refer to Adding a new Download Control Policy section in this
chapter for a description of the fields which can be edited.
4. Complete new policy setup by clicking on Save Settings
6.2.3 Disable a Download Control Policy
To disable a download control policy:
1. Click WebSecurity Edition ► Download Control Policies from the
navigation bar.
2. Uncheck the checkbox in the Enabled column for the policy you
want to disable.
3. Complete disabling a download policy by clicking on Save Settings
6.2.4 Enable a Download Control Policy
To enable a previously disabled download control policy:
1. Click WebSecurity Edition ► Download Control Policies from the
navigation bar.
2. Check the checkbox in the Enabled column for the policy you want
to disable.
3. Complete enabling a download policy by clicking on Save Settings
6.2.5 Delete a Download Control Policy
To delete a download control policy:
1. Click WebSecurity Edition ► Download Control Policies from the
navigation bar.
2. Click delete icon
next to the policy you want to delete.
3. Complete deleting a download policy by clicking on Save Settings
6.2.6 Default Download Control Policy
GFI WebMonitor - WebSecurity Edition ships with a default download
control policy, which is configured to apply to all users. The policy
name is listed as Default Download Control Policy.
This policy can be edited, however it cannot be disabled or deleted. If
you want to edit the default policy, refer to the Editing a Download
Control Policy section in this chapter for information related to editing
download control policies.
NOTE: All user-created download control policies takes precedence
over the default download control policy.
NOTE: Certain fields in the default policy cannot be edited. These
include Policy Name, Policy Description and fields in the Applies To
tab.
6.2.7 Adding Content-types
GFI WebMonitor - WebSecurity Edition includes a large number of
common file types. To add a file type which is not in the predefined list:
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  43
1. Click on WebSecurity Edition ► Download Control Policies from
the navigation bar.
2. Click on Add Policy, select Download Control tab and click on Add
Content-type.
Screenshot 40 - Add new content type
3. Key in the content-type in the Content-Type field in the format
type/subtype and click on Add.
4. Complete keying in a new contact type by clicking on Save
Settings.
NOTE: Files for user added content-types are not real file types, as is
the case with preconfigured file types.
6.3
Configuring Instant Messaging (IM) Control Policies
GFI WebMonitor enables administrators to control the use of MSN
Messenger and Windows Live Messenger. These controls can be
configured from WebSecurtiy Edition ► IM Control Policy node. The
Default IM Control Policy is the control applicable to all users,
however specific controls to particular users, groups or IPs can be
configured as described below.
6.3.1 Adding a new IM Control Policy
To add a new IM control policy:
1. From the GFI WebMonitor navigation bar, click on WebSecurity
Edition ► IM Control Policies.
2. Click Add Policy and select the General tab.
44  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 41 - Add new IM Policy – assign a name and description
3. Key in the new policy name in the Policy Name field and optionally
enter a brief description in the Policy Description text box.
Screenshot 42 - Add new IM Policy – Set IM Controls
4. From the IM Control tab, choose to block or allow instant
messaging communications:

Block all MSN / Windows Live Messenger communications –
all communications via MSN or Windows Live Messenger is
blocked.

Allow MSN / Windows Live Messenger communications – the
use of MSN or Windows Live Messenger is allowed.
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  45
Screenshot 43 - Add new IM Policy - Applies To tab
5. From the Applies To tab key in user(s), group(s), and/or IP(s) for
whom the new policy applies and click Add. Repeat for all the user(s),
group(s), and/or IP(s) required.
NOTE: When adding a user, specify the username in the format
DOMAIN\user.
46  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 44 - Add new IM Policy – Notifications tab
6. From the Notifications tab, select Notify the following
administrators when this IM Policy is breached to send an email
notification to the configured email address(es) when a user tries to
access blocked IM policies.
7. Add the administrator(s) email address(es) to be notified in the
Email Address box.
8. In the Send the following notification to the administrators text
box, edit the email message text, which will be sent in the email
notification
9. Select Notify the user breaching this IM policy checkbox to send
an email notification to the user who breaches the IM policy. Edit the
email message text in the Send the following notification to the
user performing the download.
10. Complete the new IM policy setup by clicking Save Settings.
The new policy will be listed in the main IM Control Policies view.
6.3.2 Editing an IM Control Policy
1. From the GFI WebMonitor navigation bar, click on WebSecurity
Edition ► IM Control Policies.
2. Click on the edit icon
next to the policy you want to edit.
3. Navigate in the control policy tabs and edit settings accordingly.
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  47
4. Click Save Settings when finished.
6.3.3 Enabling/Disabling an IM Control Policy
1. From the GFI WebMonitor navigation bar, click on WebSecurity
Edition ► IM Control Policies.
2. In the Enabled column, check or uncheck the policy you want to
enable or disable respectively.
3. Click Save Settings when finished.
6.3.4 Deleting an IM Control Policy
1. From the GFI WebMonitor navigation bar, click on WebSecurity
Edition ► IM Control Policies.
2. Click on the delete icon
next to the policy you want to delete.
3. Click Save Settings when finished.
6.4
Configuring Virus Scanning Policies
For allowed downloads, GFI WebMonitor applies virus-scanning
controls, which include any of the following:

Display download progress and status

Scan the downloaded file with any of the supported virus scanners

Take any of the following action when a virus is detected:
o
Issue a warning, but allow access to the downloaded file
o
Block access to the downloaded file and quarantine
o
Block access to the downloaded file and delete it
Screenshot 45 - Virus Scanning Policies
6.4.1 Adding a Virus Scanning Policy
To add a virus scanning policy:
1. Click on WebSecurity Edition ► Virus Scanning Policies from
the navigation bar.
2. Click on Add Policy.
3. Click on the General tab.
48  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 46 - Add new virus scanning policy
4. Provide new policy name and description in the Policy Name field
and the Policy Description text box respectively.
Screenshot 47 - Add new virus scanning policy: Virus scanning tab
5. Click on the Virus Scanning tab and click on the file type you want
to scan for viruses. From the Change Action dialog box select the
Display download progress and status option (if required) and
choose the virus scanners to scan the file type with. Also, choose the
action to undertake if a virus is found. The available options are:

Warn and Allow

Block and Quarantine

Block and Delete
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  49
Screenshot 48 - Add new virus scanning policy: Applies to tab
6. Click OK, select Applies Tab and specify the user(s), group(s)
and/or IP(s) for whom the new policy applies. Repeat for all user(s),
group(s) and/or IP(s) required.
NOTE: When adding a user, specify the username in the format
DOMAIN\user.
50  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 49 - Add new virus scanning policy: Notification tab
7. Click on the Notifications tab and select Notify the following
administrators when the download content infringes this policy
checkbox if required. Complete setup with the administrator’s
notification email address and notification e-mail text. Provide the body
text for the notification email in the Send the following notification to
the administrators text box.
8. If you require users to be notified when the policy you are creating is
triggered, select the option Notify the user performing the download
when the downloaded content infringes this policy checkbox and
provide the notification email text.
9. Complete new policy setup by clicking on Save Settings
The policy you have just created will be listed in the main Virus
Scanning Policies view.
6.4.2 Editing a Virus Scanning Policy
To edit a virus scanning policy:
1. Click on WebSecurity Edition ► Virus Scanning Policies from
the navigation bar.
2. Click on the edit icon
to edit.
GFI WebMonitor 2009
next to the virus scanning policy you want
WebSecurity Edition - File scanning and download control  51
3. Refer to Adding a Virus Scanning Policy section in this chapter, for a
description of the fields, which can be edited.
4. Complete new policy setup by clicking on Save Settings.
6.4.3 Disabling a Virus Scanning Policy
To disable a virus scanning policy:
1. Click on WebSecurity Edition ► Virus Scanning Policies from
the navigation bar.
2. Uncheck the checkbox in the Enabled column for the policy you
want to disable.
3. Complete disabling a virus scanning policy by clicking on Save
Settings.
6.4.4 Enabling a Virus Scanning Policy
To enable a virus scanning policy:
1. Click on WebSecurity Edition ► Virus Scanning Policies from
the navigation bar.
2. Check the checkbox in the Enabled column for the policy you want
to enable.
3. Complete enabling a download policy by clicking on Save Settings.
6.4.5 Delete a Virus Scanning Policy
To delete a Virus Scanning Policy:
1. Click on WebSecurity Edition ► Virus Scanning Policies from
the navigation bar.
2. Click on the delete icon
next to the policy you want to delete.
3. Complete deleting a virus scanning policy by clicking on Save
Settings
6.4.6 Default Virus Scanning Policy
GFI WebMonitor WebSecurity Edition ships with a default virus
scanning policy, which is configured to apply to all users. The policy
name is listed as Default Virus Scanning Policy.
This policy can be edited, however it cannot be disabled or deleted. If
you want to edit the default policy, refer to the Editing a Virus Scanning
Policy section in this chapter for information related to editing virusscanning policies.
NOTE: Any user-created virus scanning policy takes precedence over
the default virus scanning policy.
NOTE: Certain fields in the default policy cannot be edited. These
include Policy Name, Policy Description and fields in the Applies To
tab.
6.5
Scanning Engines
Through the Virus & Spyware Protection view, you can:

Enable/Disable one or more of the supported engines

View the licensing status
52  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009

Configure anti-virus engine/signature updates for each one of the
scanning engines
To access the Virus & Spyware Protection view click on
WebSecurity Edition ► Virus Scanning Policies ► Virus &
Spyware Protection from the navigation bar.
6.5.1 Enabling/disabling the scanning engines
To enable or disable one or more of the scanning engines:
1. Click on WebSecurity Edition ► Virus Scanning Policies ►
Virus & Spyware Protection.
Screenshot 50 - Virus & Spyware Protection
2. Check or uncheck the checkboxes in the Enabled column to enable
or disable scanning with the virus scanner for which the virus scanner
is checked or unchecked.
IMPORTANT: If a virus-scanning engine is disabled GFI WebMonitor
will not use the disabled engine.
3. Complete Virus scanning engine setup by clicking on Save Settings
6.5.2 Configure anti-virus updates
Through the configuration view for each one of the supported scanning
engines, you can:

View the scanning engine status, version and license details

Check or uncheck checkboxes that enable automatic or manual
scanning engine/signature updates

Configure the frequency with which available updates should be
installed

Check or uncheck checkboxes that enable the configuration of an
email notification message that should be sent upon successful
updating of scanning engines/signatures

Click
Update
Now
engines/signatures.
GFI WebMonitor 2009
to
manually
update
scanning
WebSecurity Edition - File scanning and download control  53
Screenshot 51 - BitDefender Properties
Screenshot 52 - Norman Anti-Virus Properties
6.5.3 Kaspersky Scanning Engine Options
From the configuration view for the Kaspersky scanning engine, you
can specify whether Virus Scanning Policies should be triggered
when files are identified as:

Suspicious

Corrupted

Hidden
54  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
Screenshot 53 - Kaspersky Anti-Virus Properties
1. Click on WebSecurity Edition ► Virus Scanning Policies ►
Virus & Spyware Protection ► Kaspersky Anti-Virus.
2. Check or uncheck checkboxes that enable action for files identified
as Suspicious, Corrupted or Hidden.
3. Click Save Settings to apply settings.
6.6
Anti-Phishing Engine
Through the Anti-Phishing Engine view, you can:

Enable/Disable anti-phishing

View the anti-phishing feature licensing status

Configure anti-phishing database updates
To access the Anti-Phishing Engine view, click on WebSecurity
Edition ► Anti-Phishing Engine from the navigation bar.
6.6.1 Enabling/disabling the Anti-Phishing Engine
To enable or disable the Anti-Phishing Engine:
1. Click on WebSecurity Edition ► Anti-Phishing Engine.
2. Click on the General tab.
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  55
Screenshot 54 - Anti Phishing engine properties
3. Check or uncheck the Block access to phishing sites checkbox to
enable or disable anti-phishing features.
NOTE: Disabling the anti-phishing engine implies that GFI WebMonitor
cannot use that engine to block phishing sites.
4. Complete anti-phishing engine setup by clicking on Save Settings
6.6.2 Configure Anti-Phishing database updates
Through the checkboxes within the Anti-Phishing Updates area in the
Anti-Phishing Engine settings view you can:

Configure whether the Anti-Phishing Database should be updated
automatically or manually.

Configure the frequency with which available updates should be
installed.

Configure if an email notification should be sent upon successful
updating of the Anti-Phishing Database;

Manually update the Anti-Phishing Database by clicking Update
Now.
To configure Anti-Phishing database updates:
1. Click on WebSecurity Edition ► Anti-Phishing Engine.
2. Click on the General tab.
3. Specify the required settings in the Anti-Phishing Updates area.
4. Complete Anti-Phishing Database updates setup by clicking on
Save Settings.
56  WebSecurity Edition - File scanning and download control
GFI WebMonitor 2009
6.6.3 Configure phishing notifications
Through the Notifications tab in Anti-Phishing Engine settings view,
you can specify whether email notifications are to be sent when a site
being accessed is a known phishing site.
To enable phishing notifications:
1. Click on WebSecurity Edition ► Anti-Phishing Engine.
Screenshot 55 - Anti-Phishing notification tab
2. Click on the Notifications tab and check the Notify the following
administrators when the site accessed is a known phishing site
checkbox. Complete setup with the administrator’s notification email
address and notification e-mail text. Provide the body text for the
notification email in the Send the following notification to the
administrators’ text box.
3. If you require the user to be notified when a phishing site is
accessed, check the Notify the user accessing the site if the site
accessed is a known phishing site checkbox and provide the
notification email text.
4. Complete phishing notifications setup by clicking on Save Settings
GFI WebMonitor 2009
WebSecurity Edition - File scanning and download control  57
7
7.1
Configuring GFI WebMonitor
Introduction
GFI WebMonitor enables you to configure a default set of parameters
used by the WebFilter and WebSecurity editions. These parameters
are configured through three nodes or by selecting the appropriate
option within the viewing pane:
7.2

Administrative Access Control: Configure who can access GFI
WebMonitor web interface for configuration and monitoring.

Notifications: Configure alerting options for email notifications on
important events.

General Settings: Configure the data retention, downloaded cache
and temporary whitelist policies.

Proxy settings: Configure GFI WebMonitor proxy settings.

Reporting: Configure the database settings for reporting.
Administrative Access Control
Access to GFI WebMonitor is based on IP or the authenticated
username. Only users/IPs in the authorized list are allowed access.
7.2.1 Adding users/IPs to the access permissions list
To add a user or IP to the access permissions list:
1. From the GFI WebMonitor navigation bar select Configuration ►
Administrative Access Control.
Screenshot 56 – Configuring administrative access control
2. From the drop-down lists, select whether a User or IP will be added
to the access list and provide the user(s), and/or IP(s) for whom the
new access item applies. Repeat for all user(s), group(s) and/or IP(s)
required.
GFI WebMonitor 2009
Configuring GFI WebMonitor  59
NOTE: When adding a user to the access control list, specify the
username in the format DOMAIN\user.
3. Click on Add to add the new item to the list and click Save Settings
to finalize setup.
7.2.2 Deleting users/IPs to the access permissions list
To remove a user or IP to the access permissions list:
1. Click on the Administrative Access Control node.
2. Click on the delete icon
next to the user/IP you want to delete.
3. Click on Save Settings to finalize deleting users/IPs.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
7.3
Notifications
Notifications are sent by email to administrators on important events
including:

Items being quarantined

WebGrade Database, anti-virus signature update failures

WebGrade Database, anti-virus signature update success

Approaching expiry of WebGrade Database and anti-virus
signature update licenses.
7.3.1 Configuring email settings
To configure email settings:
1. Click on Notifications node
2. Go to the Send administrative emails using the following
settings and specify the email address from which notifications will be
sent as well as the SMTP server and SMTP port.
3. Click on Save Settings to finalize email settings setup.
7.3.2 Configuring email recipients
To add recipients to whom notifications are sent:
1. From the GFI WebMonitor navigation bar select Configuration ►
Notifications node
60  Configuring GFI WebMonitor
GFI WebMonitor 2009
Screenshot 57 – Configuring notifications
2. Key in an email address in the Email Address field and click Add.
3. Click on Save Settings to finalize email settings setup.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
7.3.3 Deleting recipients:
1. Click on Notifications node
2. Click on the delete icon
delete.
next to the email address you want to
3. Click on Save Settings to finalize email settings setup.
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in
GFI WebMonitor.
7.4
General Settings
Through the General Settings node, you can specify settings such as
the amount of hours to keep downloaded files in cache, and the default
time in hours a site is kept in the temporary whitelist after it has been
approved from the quarantine.
1. From the GFI WebMonitor navigation bar select Configuration ►
General Settings node
GFI WebMonitor 2009
Configuring GFI WebMonitor  61
2. In the Data Retention area specify how long, in days, browsing
activity data will be kept in GFI WebMonitor databases. This data is
used for monitoring and reporting.
Screenshot 58 - Configuring data retention
3. In the Download Cache are specify how long (in hours), will
downloaded files be kept in a local cache. Keeping these files in the
cache will speed up subsequent requests for the same file.
NOTE: Set the value to zero hours if you want to disable the cache.
Screenshot 59 - Configuring downloaded cache
4. In the Temporary Whitelist area specify how long (in hours), will
items approved from the quarantine be kept in the Temporary
Whitelist. This is the amount of time available to the user, during which
the approved URL is accessible.
Screenshot 60 - Configuring temporary whitelist
5. In the Proxy Array text box, specify all the IP addresses of the
network linked proxy servers, which have GFI WebMonitor installed.
Screenshot 61 - Configuring proxy array
62  Configuring GFI WebMonitor
GFI WebMonitor 2009
6. From the Language drop down list, select the language in which
GFI WebMonitor responds to client requests.
Screenshot 62 - Configuring language
Responds from GFI WebMonitor includes;
7.5

Download status windows

Blocking Notifications
Proxy Settings
7.5.1 Introduction
The Proxy Settings page is available when installing GFI WebMonitor
2009 standalone proxy. This page enables the customization of proxy
settings. The features that can be configured are:

Network Configuration

Authentication method

Chained Proxy
GFI WebMonitor 2009
Configuring GFI WebMonitor  63
Screenshot 63 – Proxy Settings page
7.5.2 Network Configuration
The Network configuration drop down list contains a list of network
cards installed on the server. To configure GFI WebMonitor to listen for
incoming connections on a specific network card:
1. From the GFI WebMonitor navigation bar select Configuration ►
Proxy Settings node.
64  Configuring GFI WebMonitor
GFI WebMonitor 2009
Screenshot 64 – Network Configuration
2. Select the network card IP address from the drop down list, and
enter the listening port (default 8080).
3. Select Use WPAD for network clients. This instructs client
machines to automatically detect the server as the default proxy.
4. Select:
Publish the IP of the GFI WebMonitor proxy in WPAD: includes the
GFI WebMonitor IP address in the WPAD.dat file.
Or
Publish the host name of the GFI WebMonitor proxy in WPAD:
Includes the GFI WebMonitor host name in the WPAD.dat file.
5. Click Save Settings
NOTE: Select Listen on all network interfaces if GFI WebMonitor
server is required to listen to incoming connections on multiple network
cards.
7.5.3 Authentication Method
The Authentication Method area enables the configuration of the
authentication method used by the proxy. This determines how client
machines are validated when accessing the internet.
Screenshot 65 – Authentication Method
No authentication
Select this check box if proxy authentication is not required.
GFI WebMonitor 2009
Configuring GFI WebMonitor  65
Basic authentication:
Select this method if the user has to enter a valid user name and
password when launching a new internet session. When launched, the
internet browser will prompt the user to provide valid login credentials.
Integrated authentication:
Select this method if proxy authentication is done using the client
machines’ access control service. Users will not be required to enter
login credentials to access the internet. (Recommended)
The integrated authentication option is disabled on a machine
where Local users are authenticated as guest (This policy will be
enabled by default on a Windows XP pro machine which has never
been joined to a Domain Controller). Network access method can be
configured;

Manually on each machine or,

Using active directory GPO.
For more information on how to configure network access, refer to
Configure Network Access policy section in this manual.
Exception List
GFI WebMonitor allows a list of IPs to be exempted from proxy
authentication. To manage the list of IPs:
1. Click Set Exception List.
Screenshot 66 – Exception list
2. Enter the IP address to be included, and click Add.
3. Click OK to exit.
4. In the Proxy Settings page, click Save Settings.
66  Configuring GFI WebMonitor
GFI WebMonitor 2009
7.5.4 Chained Proxy
Client machines can be configured to forward HTTP traffic to the GFI
WebMonitor server. In addition, the GFI WebMonitor server forwards
the filtered traffic to a proxy server.
To configure GFI WebMonitor to forward HTTP traffic to a proxy
server:
Screenshot 67 – Chained Proxy
1. Select WebMonitor Proxy will route the web traffic to the following
proxy: check box.
2. Key in the proxy server IP address in the Address text box and in
the Port text box enter the chained proxy port (default 8080).
3. If proxy authentication requires alternate credentials other than the
default user data, key in the required credentials in the User name and
Password fields.
NOTE: If no credentials are keyed in, the default user credentials are
used.
4. Click Text Proxy Chaining to test the connection between GFI
WebMonitor machine and the proxy server.
5. Click Save Settings
7.6
Reporting
7.6.1 Introduction
GFI WebMonitor enables you to store data on an existing database for
statistical information. Use GFI WebMonitor ReportPack to view and
analyze stored information. In this section, you will find information
about:

Reporting requirements.

How to enable or disable information gathering

Configuring reporting options
7.6.2 Reporting requirements
Before enabling reporting, create a blank database in an SQL
environment. On enabling reporting, the database structure is
automatically configured by GFI WebMonitor.
GFI WebMonitor 2009
Configuring GFI WebMonitor  67
Create a new database in Microsoft SQL server 2008
1. On the SQL server machine, click Start ► All Programs ►
Microsoft SQL Server 2008 ► SQL Server Management Studio.
2. Enter the database administrator credentials.
3. From the left panel expand SQL Server node ► Security.
4. Right-click Logins and select New Login.
5. Enter a valid user login name (example webMon_user).
6. Select authentication type and click OK to apply changes.
Screenshot 68 - Create new SQL login
7. From the left panel, right-click Databases folder and select New
Database.
8. In the new database dialog, enter a valid name (for example
WEBMONDB).
9. Click the owner browse button to enter a login name and in the
Select Database Owner dialog and click Browse.
68  Configuring GFI WebMonitor
GFI WebMonitor 2009
Screenshot 69 - Browse for object dialog
10. Select the user created earlier and click OK.
11. Click OK to close the Select Database Owner dialog and OK in
the New Database dialog to apply changes.
NOTE: To view more information on how to create a new database on
various SQL server version, see KBase article
http://kbase.gfi.com/showarticle.asp?id=KBID003379
7.6.3 Enable Reporting
To enable information gathering for reporting purposes:
1. From the GFI WebMonitor navigation bar select Configuration ►
Reporting node
GFI WebMonitor 2009
Configuring GFI WebMonitor  69
Screenshot 70 - GFI WebMonitor Reporting setup
2. Click on the Enable Reporting checkbox to enable reporting
features.
3. Key in the SQL Server, User/Password combination and Database
name which enables GFI WebMonitor to connect and audit data to the
database in the respective order. You can use the Get Database List
button to retrieve a list of databases available.
4. Click on Save Settings to save reporting setup.
NOTE: For security purposes, passwords can only be configured from
the machine where GFI WebMonitor is installed.
7.6.4 The update reporting data now button
Daily at midnight, GFI WebMonitor automatically transfers any data
logged to the Microsoft SQL server backend database as configured
when enabling the reporting features. There are instances however
when you would want to trigger the data retrieval process manually,
such as:

When upgrading GFI WebMonitor version that supports reporting.

When migrating data stored in files, in a storage location to a
central database

To test configuration settings.
70  Configuring GFI WebMonitor
GFI WebMonitor 2009
In these cases, amongst others, clicking on the Update reporting data
now triggers the retrieval process.
NOTE: Data is always collected for complete 24-hour periods from
midnight to midnight. Clicking Update reporting data now does not
collect data for partial periods between midnight and the time when this
button is clicked.
7.6.5 Disabling Reporting
To disable reporting features:
1. Click on the Reporting node.
2. Uncheck the Enable Reporting checkbox and click Save Settings
to disable reporting.
GFI WebMonitor 2009
Configuring GFI WebMonitor  71
8
8.1
Quarantine
Introduction
GFI WebMonitor includes a quarantine feature; a restricted, safe and
controlled storage area where potentially harmful download files are
stored. Policies may be set where downloaded files/URLs are blocked
and stored in quarantine. Downloaded files may be quarantined as a
result of one or more configured policies in the following triggered
categories:

Download Control Policies

Web Filtering Policies

Virus Scanning Policies
Administrators should review the quarantine to:

Establish the reason for which a download file is being quarantined

Determine whether the file is harmful or harmless and should be
deleted or approved.
If approved for access, quarantined items are transferred to a
Temporary Whitelist. Users can be then granted access to the
downloaded files through the Temporary Whitelist.
There are four different views for quarantined items:
8.2

Those transferred to quarantine today

Those transferred to quarantine yesterday

Those transferred to quarantine this week

All items transferred to quarantine
Approving or Deleting items
8.2.1 Viewing quarantined items
The following information is shown for all items listed in the quarantine:

Quarantined On. Date and time when the item was quarantined.

The user/IP that accessed the item, which is now quarantined.

Download URL - details of the quarantined item.

Quarantine reason - The reason why the item was quarantined.
To view quarantined items:
1. Click on the Quarantine node in the navigation bar, and select one
of views available to review either all items or those for a specified
period:
72  Quarantine

Today

Yesterday
GFI WebMonitor 2009

This Week

All Items
Screenshot 71 - Quarantine
2. Click on each one of the available tabs to view a list of items
quarantined for each respective policy category:

Download Control Policies tab

Web Filtering Policies tab

Virus Scanning Policies tab
Lists are sorted in descending order, with the latest item being
quarantined shown at the top of the list.
3. Click on the details icon to view details for that item.
4. Click Go Back To List to move back to the list of quarantined items.
5. Use the navigation icons
of quarantined items.
to navigate through a long list
8.2.2 Approving quarantined items
To approve one or more items in quarantine:
1. Click on Quarantine node from the navigation bar and select one of
the available views, depending on when the item was quarantined.
2. Click on the policy tab where the quarantined item is stored.
3. Click on the details icon
GFI WebMonitor 2009
Quarantine  73
Screenshot 72 - Approving a quarantined item
4. Click Approve Item to make the downloaded file available to users
or Approve All Items to make all items in a quarantine available to
users.
NOTE: The user email address is shown only if the user has been
authenticated, and has a valid Active Directory email field.
NOTE: Using the checkbox associated with each entry in the
quarantine enables multiple file whitelisting.
NOTE: Exert extreme caution with this feature. In approving an item
from the Quarantine, you are excluding the web site from all policies
configured in GFI WebMonitor for the particular user. Approving a
potentially harmful file may therefore lead to your network being
compromised.
Approved items are transferred to the Temporary Whitelist. Refer to
the Configuring allowed and blocked websites chapter for more
information on the whitelist.
NOTE: Quarantined items, which are not approved after 2 days, are
automatically deleted.
8.2.3 Deleting quarantined items
To delete one or more items in quarantine:
1. Click on Quarantine node from the navigation bar and select one of
the available views, depending on when the item was quarantined.
2. Click on the policy tab where the quarantined item is stored.
3. Click on the details icon
4. If you decide that the downloaded file should be deleted, click
Delete Item
5. Click Delete Selected Item to make the downloaded file available to
users or Delete All Items to make all items in a quarantine available to
users.
NOTE: Using the checkbox associated with each entry in the
quarantine enables multiple file deletion.
74  Quarantine
GFI WebMonitor 2009
NOTE: Quarantined items which are not approved after 2 days are
automatically deleted.
GFI WebMonitor 2009
Quarantine  75
9
9.1
Miscellaneous
Introduction
This section describes all the other information that fall outside the
initial configuration of GFI WebMonitor.
9.2
Configure Network Access policy
In the Proxy Settings page, the integrated authentication option is
disabled on a machine where Local users are authenticated as
guest (This policy will be enabled by default on a Windows XP pro
machine which has never been joined to a Domain Controller).
Network access method can be configured;
Manually on each machine or,
Using active directory GPO.
Configure network access manually
1. Click Start ► Control Panel ► Administrative Tools ► Local
Security Policy.
2. From the left panel expand Security Settings ► Local Policies►
Security Options.
3. Right click Network access: Sharing and security model for local
accounts from the right panel and click Properties.
4. Make sure that in Local Security Setting tab, Classic – local
users authenticate as themselves is selected.
GFI WebMonitor 2009
Miscellaneous  77
Screenshot 73 – Windows XP local security settings
5. Click Apply and OK.
6. Close Local Security Settings.
Configure network access using GPO in Windows 2003 server
To configure Network access policy through Windows 2003 GPO:
1. Click Start ► All Programs ► Administrative Tools ► Active
Directory Users and Computers, on the DNS server.
2. Right click the domain and click Properties.
3. Select Group Policy tab in the Domain Properties dialog.
78  Miscellaneous
GFI WebMonitor 2009
Screenshot 74 - Active Directory GPO
4. Select Default Domain Policy from the list, and click Edit.
5. Expand Computer Configuration ► Security Settings ► Local
Policies and click Security Options.
6. Right click Network access: Sharing and security model for local
accounts from the right panel, and click Properties.
7. In the Security Policy Setting tab, select Define this policy
setting and make sure that Classic – local users authenticate as
themselves is selected.
8. Click OK and close all opened windows.
Configure network access using GPO in Windows 2008 server
To configure Network access policy through Windows 2008 GPO:
1. In the command prompt type mmc.exe and press Enter.
2. In the Console Root window click File ► Add/Remove Snap-in…
to open the Add or Remove snap-ins window.
3. Select Group Policy Management from the Available snap-ins
list, and click Add.
GFI WebMonitor 2009
Miscellaneous  79
Screenshot 75 – Add/Remove Snap-Ins window
4. Click OK.
5. Expand Group Policy Management ► Forest ► Domains and
click the Domain.
Screenshot 76 – Console Root domain
6. Right click Default Domain Policy and click Edit. This opens the
Group Management Editor.
7. Expand Computer Configuration ► Policies ► Windows
Settings ► Security Settings ► Local Policies and click Security
Options.
8. Right click Network access: Sharing and security model for local
accounts from the right panel and click Properties.
80  Miscellaneous
GFI WebMonitor 2009
9. In the Security Policy Setting, click Define this policy setting and
make sure that Classic – local users authenticate as themselves is
selected.
10. Click OK to apply changes.
11. Close Group policy Management Editor and save the
management console created.
This information is also available in KBase:
http://kbase.gfi.com/showarticle.asp?id=KBID003666
GFI WebMonitor 2009
Miscellaneous  81
10 Troubleshooting
10.1
Introduction
The troubleshooting chapter explains how you should go about
resolving any software issues that you might encounter. The main
sources of information available to users are:
10.2

The manual – most issues can be solved by reading this manual.

GFI Knowledge Base articles

Web forum

Contacting GFI Technical Support
Common Issues
Issue
encountered
Solution
Client
browsers
are still retrieving
old proxy Internet
settings although
the browsers are
configured
to
automatically
detect settings.
Internet explorer may not refresh cached Internet settings so
clients will retrieve old Internet settings. Refreshing settings
is a manual process on each client browser. For more
information, refer to Refresh cached Internet Explorer
settings section within Miscellaneous chapter in GFI
WebMonitor Getting Started Guide.
Or
visit:
http://technet.microsoft.com/enus/library/cc302643.aspx
Clients
are
required
to
manually
authenticate when
browsing,
even
when Integrated
authentication is
used.
Integrated authentication will fail when a client computer
security policy is authenticating as guest. To view more
information on how to change network access policy see
Configure Network Access policy section in this manual.
Clients
using
Mozilla
Firefox
browsers
are
repeatedly asked
to
enter
credentials when
GFI WebMonitor
standalone proxy
is installed.
The server and the client machine will use NTLMv2 for
authentication when;
 GFI WebMonitor is installed on Microsoft Windows 2008
and LAN Manager authentication security policy is
defined as Send NTLMv2 response only
and
 The client machine LAN Manager is not defined (Default
settings in Windows 7)
NTLMv2 is not supported in Mozilla Firefox and the user
browser will repeatedly ask for credentials. To solve this
issue do one of the following :
1. From the GFI WebMonitor navigation bar select
Configuration ► Proxy Settings node.
2. Under Use WPAD for network clients, select Publish the
host name of the GFI WebMonitor proxy in WPAD
Or
GFI WebMonitor 2009
Troubleshooting  83
On the Microsoft Windows 2008 server:
1.Click Start ► Administrative Tools ► Local Security
Policy.
2. Expand Local Policies ► Security Options.
3. Form the right panel right click Network Security: LAN
Manager authentication level and click Properties.
4. From the Network Security dialog select, Send LM &
NTLM - use NTLMv2 session security if negotiated.
5. Click Ok and close Local Security Policy window.
For more information visit:
http://kbase.gfi.com/showarticle.asp?id=KBID001782
10.3
Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most
common problems. If you have a problem, please consult the
Knowledge Base first. The Knowledge Base always has the most upto-date listing of technical support questions and patches. To access
the Knowledge Base, visit http://kbase.gfi.com/.
10.4
Web Forum
User to user technical support is available via the web forum. The
forum can be found at http://forums.gfi.com/.
10.5
Request technical support
If you have referred to this manual and our Knowledge Base articles,
and you still cannot solve issues with the software, contact the GFI
Technical Support team by filling in an online support request form or
by phone.
10.6

Online:
Fill
out
the
support
request
form
on:
http://support.gfi.com/supportrequestform.asp.
Follow
the
instructions on this page closely to submit your support request.

Phone: To obtain the correct technical support phone number for
your region please visit http://www.gfi.com/company/contact.htm.

NOTE: Before you contact our Technical Support team, please
have your Customer ID available. Your Customer ID is the online
account number that is assigned to you when you first register your
license
keys
in
our
Customer
Area
at
https://customers.gfi.com/login.aspx.

We will answer your query within 24 hours or less, depending on
your time zone.
Build notifications
We recommend that you subscribe to our build notifications list. This
way, you will be immediately notified about new product builds. To
subscribe to our build notifications,
visit: http://www.gfi.com/pages/productmailing.htm
84  Troubleshooting
GFI WebMonitor 2009
Glossary
Access
Control
A feature that allows or denies users access to resources. For
example, internet access.
Active
Directory
A technology that provides a variety of network services, including
LDAP-like directory services.
AD
See Active Directory
Administrator
The person responsible to install and configure GFI WebMonitor.
Anti-Virus
Software that detects malware on a computer
Bandwidth
The speed and quantity of data transferred on a network.
Blacklist
A list that contains information about what should be blocked by GFI
WebMonitor
Chained
Proxy
When client machines connect to more than one proxy server before
accessing the requested destination.
Console
A web-based interface that provides administration tools that enable
the monitoring and management of internet traffic.
Dashboard
Enables the user to obtain graphical and statistical information related
to GFI WebMonitor operations
File Transfer
Protocol
A protocol used to transfer files between computers
FTP
See File Transfer Protocol
Hidden
Downloads
Unwanted downloads from hidden applications (trojans, etc.) or
forgotten downloads initiated by users.
HTTP
See Hypertext Transfer Protocol
Hypertext
Transfer
Protocol
A protocol used to transfer hypertext data between servers and
internet browsers.
Internet
Browser
An application installed on a client machine that is used to access the
Internet.
Internet
Explorer
Internet Explorer is a Microsoft Internet browser
Internet
Security and
Acceleration
Server
A Microsoft product that provides firewall and web proxy services. Also
enables administrators to manage Internet access through policies.
ISA Server
See Internet Security and Acceleration Server
MSN
See Windows Live Messenger
NTLM
NT LAN Manager is a Microsoft authentication protocol.
Phising
Unwanted software designed to publish sensitive information like credit
card numbers
Proxy Server
A server or software application that receives requests from client
machines and responds according to filtering policies configured in GFI
WebMonitor
Quarantine
A temporary storage for unknown data, that awaits approval from an
administrator
Spyware
An unwanted software that publish private information to an external
source
GFI WebMonitor 2009
Troubleshooting  85
SQL Server
Is a Microsoft database management system used by GFI WebMonitor
to store and retrieve data.
Uniform
Resource
Locator
The Uniform Resource Locator is the address of a web page on the
world wide web.
URL
See Uniform Resource Locator
User Agent
A client application that connects to the internet and performs
automatic actions..
Virus
An unwanted software that infects a computer.
WAN
See Wide Area Network
Web
Proxy
Autodiscover
y Protocol
A protocol used by clients to locate the web browser proxy settings.
Web Traffic
The sent and received date by clients, over the network to a website
WebFilter
A configurable database that categorize access according to
user/group/IP addresses and time.
WebGrade
A database in GFI WebMonitor, used to categorize access contents
WebSecurity
WebSecurity contains multiple anti-virus engines scans downloaded
web traffic by the clients
Whitelist
A whitelist is a list that contains information about what is being
allowed by GFI WebMonitor
Wide
Area
Network
The External network were resides the World Wide Web
Windows
Live
Messanger
An instant messaging application developed by Microsoft used to
communicate on the internet.
WPAD
See Web Proxy Autodiscovery Protocol
86  Troubleshooting
GFI WebMonitor 2009
ISA Server 85
Index
K
Kaspersky 54, 55
L
Language 63
A
license 37, 53, 84
Access Control 59, 60, 85
M
Active connections 9
Active Directory 74, 78, 79, 85
Activity log 9
Malicious 10
monitoring 1, 59, 62, 85
MSN 39, 44, 45, 85
Add Content-type 44
Available Categories 35
B
Bandwidth consumption 9, 12
Blacklist 23, 26, 27, 85
browsing 1, 13, 15, 16, 62
C
P
Past connections 9, 10
Phishing 1, 4, 39, 55, 56, 57
policy 23, 29, 30, 31, 32, 33, 34,
35, 36, 39, 40, 41, 42, 43, 44,
45, 46, 47, 48, 49, 50, 51, 52,
73, 74
Proxy 59, 62, 63, 64, 67, 83, 85,
86
cache 59, 61, 62
Console 79, 80
Q
D
Quarantine 4, 31, 41, 49, 72, 73,
74, 85
Dashboard 3, 4, 5, 6, 7, 8, 85
Quarantined 4, 5, 72, 74, 75
Data Retention 62
database 29, 37, 38, 55, 56, 59,
67, 70, 86
downloads 1, 4, 9, 10, 11, 39, 48,
85
F
FTP 85
G
General Settings 59, 61
GPO 79
R
reporting 59, 62, 67, 69, 70, 71
ReportPack 67
S
scanning engine 53, 54
Sites history 9
snap-ins 79
Snap-Ins 80
Spyware 1, 52, 53, 55, 85
SQL 70, 86
H
Hidden Downloads 10
HTTP 6, 7, 67, 85
T
Threats 8
Top Categories 6, 7, 13
I
Top Hits Count 14, 15, 17, 19, 20
Instant Messaging 21, 44
Top Policy Breakers 4, 5, 15, 18
internet browser 66
Top Sites 12
GFI WebMonitor 2009
Index  87
Top Surfers 15, 16, 20
Trojans 1
U
Unattended downloads 10
updates 10, 23, 29, 37, 53, 55, 56
URL 10, 11, 18, 21, 25, 29, 37,
38, 39, 62, 72, 86
Users history 9
V
virus 4, 39, 48, 49, 50, 51, 52, 53,
60, 86
viruses 1, 8, 39, 49
W
Web Filtering 5, 29, 30, 31, 32,
33, 34, 35, 36, 37, 72, 73
web traffic 1, 67, 86
WebFilter 1, 3, 5, 23, 29, 34, 37,
59, 86
WebGrade 29, 36, 37, 38, 60, 86
WebSecurity 1, 5, 23, 39, 43, 44,
47, 48, 51, 52, 53, 55, 56, 57,
59, 86
Whitelist 11, 12, 23, 24, 25, 26,
62, 72, 74, 86
wildcards 24, 26, 27
Windows Live Messenger 39, 44,
45, 85
WPAD 65, 83, 86
88  Index
GFI WebMonitor 2009
Descargar