gfi web monitor manual v2009
TRANSCRIPT
GFI WebMonitor 2009 for ISA Server
Manual
By GFI Software Ltd.
http://www.gfi.com
E-mail: [email protected]
formation in this document is subject to change without notice. ompanies, names, and data used in examples herein are fictitious nless otherwise noted. No part of this document may be reproduced r transmitted in any form or by any means, electronic or mechanical, r any purpose, without the express written permission of GFI
InCuofoSOFTWARE LTD.
GFI WebMonitor 20
09 – Last updated April 7, 2009.
GFI WebMonitor 2009 0BIntroduction • 5
Contents
Introduction 9 Introduction to GFI WebMonitor.....................................................................................9 Editions ..........................................................................................................................9 How does GFI WebMonitor work? ...............................................................................10 Key features .................................................................................................................11 GFI WebMonitor licensing............................................................................................12 GFI WebMonitor product evaluation ............................................................................12
Installing GFI WebMonitor 13 Introduction ..................................................................................................................13 System requirements ...................................................................................................13 Installation ....................................................................................................................14 Launching GFI WebMonitor .........................................................................................16 Downloading anti-virus signatures ...............................................................................16 Upgrading from a previous version ..............................................................................17 Uninstalling...................................................................................................................17
Navigating the GFI WebMonitor console 19 Introduction ..................................................................................................................19 Navigating the GFI WebMonitor user console .............................................................19
Getting started: Using the GFI WebMonitor dashboard 21 Introduction ..................................................................................................................21 The GFI WebMonitor dashboard .................................................................................22
Getting started: Monitoring Internet activity 27 Introduction ..................................................................................................................27 Active Connections ......................................................................................................27 Past Connections.........................................................................................................28 Bandwidth consumption...............................................................................................28 Sites History .................................................................................................................29
Top Time Consumption...................................................................................29 Top Hits Count ................................................................................................30
Users History................................................................................................................31 Top Surfers .....................................................................................................31 Top Hits Count ................................................................................................32 Top Policy Breakers........................................................................................33
Site History Details.......................................................................................................34 User History Details .....................................................................................................35 Activity Log...................................................................................................................36
Configuring allowed and blocked websites 37 Introduction ..................................................................................................................37 Configuring the Whitelist ..............................................................................................37
Preconfigured items ........................................................................................37 Adding items to the Permanent Whitelist........................................................37
6 • 0BIntroduction GFI WebMonitor 2009
Delete items from the Permanent Whitelist ....................................................38 Adding items to the Temporary Whitelist ........................................................38 Removing items from the Temporary Whitelist...............................................40
Configuring the blacklist ...............................................................................................40 Adding items to the Blacklist ...........................................................................40 Delete items from the Blacklist........................................................................41
Using wildcards ............................................................................................................41
WebFilter Edition – Site rating and content filtering 43 Introduction ..................................................................................................................43 Configuring Web Filtering policies ...............................................................................43
Adding a Web Filtering Policy .........................................................................43 Editing a Web Filtering Policy .........................................................................48 Disabling a Web Filtering Policy .....................................................................48 Enabling a Web Filtering Policy ......................................................................48 Deleting a Web Filtering Policy .......................................................................49 Default web filtering policy ..............................................................................49
Configuring advanced web filtering policy conditions ..................................................49 Adding an advanced web filtering policy condition .........................................49 Editing an advanced web filtering policy condition .........................................50 Removing an advanced web filtering policy condition ....................................51
WebGrade Database settings......................................................................................51 Enabling/disabling online lookups...................................................................52 Viewing updated online lookups .....................................................................52 Enabling/disabling the database.....................................................................52 Configure database updates...........................................................................52 Checking URL categories ...............................................................................53
WebSecurity Edition – File scanning and download control 55 Introduction ..................................................................................................................55 Download Control policies ...........................................................................................55
Adding a new Download Control Policy..........................................................56 Editing a Download Control Policy..................................................................59 Disabling a Download Control Policy..............................................................59 Enabling a Download Control Policy...............................................................59 Delete a Download Control Policy ..................................................................59 Default Download Control Policy ....................................................................60 Adding Content-types .....................................................................................60
Configuring Instant Messaging (IM) Control Policies...................................................61 Adding a new IM Control Policy ......................................................................61 Editing an IM Control Policy............................................................................64 Enabling/Disabling an IM Control Policy.........................................................64 Deleting an IM Control Policy..........................................................................64
Configuring Virus Scanning Policies............................................................................64 Adding a Virus Scanning Policy ......................................................................65 Editing a Virus Scanning Policy ......................................................................67 Disabling a Virus Scanning Policy ..................................................................68 Enabling a Virus Scanning Policy ...................................................................68 Delete a Virus Scanning Policy.......................................................................68 Default Virus Scanning Policy.........................................................................69
Scanning Engines ........................................................................................................69 Enabling/disabling the scanning engines........................................................69 Configure anti-virus updates ...........................................................................70 Kaspersky Scanning Engine Options .............................................................71
Anti-Phishing Engine....................................................................................................71 Enabling/disabling the Anti-Phishing Engine ..................................................72 Configure Anti-Phishing database updates ....................................................72 Configure phishing notifications ......................................................................73
GFI WebMonitor 2009 0BIntroduction • 7
Configuring GFI WebMonitor 75 Introduction ..................................................................................................................75 Administrative Access Control .....................................................................................75
Adding users/IPs to the access permissions list.............................................75 Deleting users/IPs to the access permissions list...........................................76
Notifications..................................................................................................................76 Configuring email settings...............................................................................76 Configuring email recipients............................................................................76 Deleting recipients: .........................................................................................77
General Settings ..........................................................................................................77
Handling blocked downloads 79 Introduction ..................................................................................................................79 Approving or Deleting items.........................................................................................79
Viewing quarantined items..............................................................................79 Approving quarantined items ..........................................................................80 Deleting quarantined items .............................................................................81
Reporting Setup 83 Introduction ..................................................................................................................83 Enabling Reporting.......................................................................................................83
The update reporting data now button............................................................84 Disabling Reporting......................................................................................................85
Miscellaneous 87 Introduction ..................................................................................................................87 Entering your license key after installation ..................................................................87
Troubleshooting 88 Introduction ..................................................................................................................88 Knowledge Base ..........................................................................................................88 Web Forum ..................................................................................................................88 Request technical support ...........................................................................................88 Build notifications .........................................................................................................89
Index 91
GFI WebMonitor 2009 0BIntroduction • 9
Introduction
Introduction to GFI WebMonitor GFI WebMonitor is a comprehensive monitoring tool that plugs in and compliments the functionality provided by Microsoft ISA Server to enable you to monitor and filter network users’ web traffic (browsing and file downloads) in real time. It also enables you to block web connections in progress as well as to scan traffic for viruses, trojans, spyware and phishing material. It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over your network users’ browsing and downloading habits. At the same time it enables you to ensure legal and best practice initiatives without alienating your network users.
Editions GFI WebMonitor is available in 3 different editions. Each edition caters for systems administrators that have different requirements: • WebFilter Edition: Filters web traffic and website use according
to its built-in WebGrade database. This is a configurable website categorization database that determines access according to user/group/IP address/time.
• WebSecurity Edition: Provides a high degree of web security for downloaded web traffic. This is achieved through its built-in download control module and multiple anti-virus engines and anti spyware scanning modules.
• UnifiedProtection Edition: Provides both WebFilter Edition and WebSecurity Edition functionalities in a single package.
10 • 0BIntroduction GFI WebMonitor 2009
How does GFI WebMonitor work? GFI WebMonitor operations can be divided in 4 logical stages:
traffic (webpage requests, image
his stage comprises an
ebsites categorized in a
Figure 1 - How does GFI WebMonitor work
age 1 - Request initiation: At this stage users reSt quest a webpage or a download over the Internet. The incoming traffic generated by the user’s request is received by Microsoft ISA Server which in turn refers to GFI WebMonitor any webdownloads, file downloads) received. Stage 2 - Blacklist/Whitelist filtering: Tinternal GFI WebMonitor blacklist/whitelist filtering mechanism that analyzes user IDs, originating IP address and URL requested. • Web traffic requested by blacklisted users and IP addresses or
from blacklisted URLs, is rejected immediately. • Web traffic requested by whitelisted users and IP addresses or
from URLs that are whitelisted are automatically granted access and forwarded to the user.
• Requests that are neither blacklisted nor whitelisted are forwarded to the WebFilter module for processing.
Stage 3 - WebFilter module: The WebFilter module analyzes the uncategorized web traffic received from the blacklist/whitelist filtering mechanism against a comprehensive list of wwide variety of classes. Web traffic is rejected or approved according to policies set up against website categories included within the WebGrade database. WebGrade database synchronizes the updated
GFI WebMonitor 2009 0BIntroduction • 11
URLs with the Internet. For more information refer to the section ‘Webgrade database settings’. Policies can be set to reject web traffic to a quarantine; where systems administrators can review and approve/deny according to needs and requirements. When the quarantined web traffic is manually approved,
the case of
incoming material for viruses, spyware and other malware. Infected
erial is automatically rejected or quarantined based on the policies
updatable a is found to originate from a
ed
available in the WebSecurity case
going le.
Key features
the formerly quarantined URL is put in a temporary whitelist so that users can have access to this web resource. NOTE: The WebFilter module is only available in the WebFilter Edition and the UnifiedProtection Edition of GFI WebMonitor. Inthe WebSecurity Edition, web traffic is directly sent from the whitelist/blacklist filters to the WebSecurity module. Stage 4 - WebSecurity module: The WebSecurity module analyzes web traffic through the download control module and scans the
matset up.
ebW traffic is also scanned for phishing material through andatabase of phishing sites. If this datknown phishing element, it is automatically rejected. The approvweb material is then sent to the user through ISA Server. NOTE: The WebSecurity module is onlyedition and UnifiedProtection editions of GFI WebMonitor. In theof the WebFilter edition, web traffic is relayed to the user withoutthrough the processes included in the WebSecurity modu
GFI WebMonitor includes the following features: • Real time web activity monitoring. • Immediate blocking of web access and downloads in progress.
pdatable anti-virus • Web traffic security through multiple and uengines and anti-spyware features.
xtensions ized with their real file type.
f important events. se enabling all website requests to be checked
d control policies. WebFilter
r/website.
• Native integration with Microsoft ISA Server as a web filter. • No duplication of Microsoft ISA Server functionality. • Easy installation with minimal configuration requirements.
iles with renamed e• Real file type signature checking – fare automatically recogn
• Email notifications o• WebGrade Databa
against an extensive and top-notch categorization database. • Downloa• URL, user and IP whitelist and blacklist that override all
and WebSecurity policies. • Bandwidth use reporting per use• Quarantine of hazardous files and content. • Web-based interface.
12 • 0BIntroduction GFI WebMonitor 2009
GFI WebMonitor licensing For more information on licensing and evaluation refer to the GFI website at: http://www.gfi.com/products/gfi-webmonitor/pricing/licensing
GFI WebMonitor product evaluation You may download and try out a fully featured version of GFI WebMonitor without an evaluation key for 10 days. However you can apply for a 30-day product evaluation key by filling in the online registration form on the GFI website (available at http://www.gfi.com/downloads/register.aspx?pid=webmon&vid=5&lid=en) when downloading the product. This will also qualify you for free email support. The 30-day evaluation period key will be emailed to you automatically after you download the product. During the evaluation period all the GFI WebMonitor features are available.
GFI WebMonitor 2009 1BInstalling GFI WebMonitor • 13
Installing GFI WebMonitor
Introduction This chapter provides you with information related to the installation of GFI WebMonitor 2009.
System requirements Install GFI WebMonitor on computers that meet the following hardware and software system requirements: WebFilter Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 1 GB • Hard disk: 2 GB of available disk space. WebSecurity Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 1 GB • Hard disk: 10 GB of available disk space. GFI WebMonitor UnifiedProtection Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 2 GB • Hard disk: 12 GB of available disk space. NOTE: The hard disk size specifications specified for each edition are those required to install and operate the GFI WebMonitor edition. Allowance has been made for the downloads cache, processing space required for scanning, and history data files. However, this is only indicative; you may need to allocate additional disk space depending on your environment and number of users being monitored. Software requirements – all editions • Windows 2000 Server (SP4) or Windows 2003 operating system • Microsoft ISA Server 2004 (SP3) or later • Internet Explorer 6 or later • .NET framework 2.0 NOTE 1: GFI WebMonitor can only be installed on the server machine hosting Microsoft ISA Server. NOTE 2: Internet Explorer 6 or later is recommended to be used for administration when using GFI WebMonitor.
14 • 1BInstalling GFI WebMonitor GFI WebMonitor 2009
Installation Ensure that you run the program as a user that has Administrator privileges on the machine on which GFI WebMonitor is installed. 1. Launch the GFI WebMonitor installation setup and wait for the installation to load. 2. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website and click on the Next button. 3. Read the licensing agreement. To proceed with installation select I accept the terms in the license agreement option and click Next.
4. Specify the user name or the IP address, which can access the GFI WebMonitor Web interface and click Next to continue. NOTE: More than one user or computer can be specified. Entries shall be separated with a semicolon ‘;’
Screenshot 1 - Installation Access permissions
GFI WebMonitor 2009 1BInstalling GFI WebMonitor • 15
Screenshot 2 - Installation Customer Information
5. Specify the User Name and Organization respectively. If you have a license key, update the License Key details.
administrative
Screenshot 3 - Installation Logon Information
6. Specify the logon credentials of an account withprivileges to run the GFI WebMonitor service. Click Next to continue.
16 • 1BInstalling GFI WebMonitor GFI WebMonitor 2009
Screenshot 4 - Installation email settings
7. Specify the SMTP mail server details and email address where administrator notifications will be sent. Optionally, click Verify Mail Settings to send a test email. Click Next to continue.
lick Next to install in default location or click Browse to change .
10. Click Finish. NOTE 1: For more information on how to configure ISA Server authentication, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002526
8. Cpath9. Click Install to start the installation, and wait for the installation to complete.
. NOTE 2: The username and password provided must have “Logon as Service” rights; otherwise, it will be switched on automatically for the specified account. The username and password provided will be used to create and run a new service.
Launching GFI WebMonitor Following the installation, launch GFI WebMonitor from Start ► Programs ► GFI WebMonitor ► GFI WebMonitor. Alternatively, GFI WebMonitor’s web console can also be launched through a web browser via the URL or IP address that points to the GFI WebMonitor installation on the ISA Server. Example: http://monitor.isa
Downloading anti-virus signatures By default, anti-virus signatures are not included with the GFI WebMonitor installation. Upon installing GFI WebMonitor, the latest
GFI WebMonitor 2009 1BInstalling GFI WebMonitor • 17
signatures for the supported scanning engines are automatically downloaded and installed.
Upgrading from a previous version You cinstall
an upgrade GFI WebMonitor if you have GFI WebMonitor 4 ed, by running WebMonitor2009.exe.
In order to upgrade to the latest version run WebMonitor2009.exe, and, follow the instructions displayed on screen. NOTE: The upgrade process is similar to the installation instructions. For more information refer to the section named ‘Installation’.
Uninstalling For more information on uninstalling GFI WebMonitor refer to http://kbase.gfi.com/showarticle.asp?id=KBID003241.
GFI WebMonitor 2009 2BNavigating the GFI WebMonitor console • 19
Navigating the GFI WebMonitorconsole
Introduction GFI WebMonitor’s console is a web-based interface through which you can control every aspect of its functionality. Through it you can
ll network traffic on your network.
Navigating the GFI WebMonitor user console
monitor, block and grant access to a
Screenshot 5 - Navigating the GFI WebMonitor console
Viewing Pane – The viewing pane located on the right hand side of the screen allows the GFI WebMonitor user to view and configure settings according to the node selected in the Navigation Bar.
20 • 2BNavigating the GFI WebMonitor console GFI WebMonitor 2009
and features configurable by GFI WebMonitor. Located on the left-hand side of the screen, the available nodes are:
Navigation Bar – This consists of all the sections
• Dashboard – provides a graphical overview of statistical information.
• Monitoring – web traffic monitoring functions. • Whitelist/Blacklist – permanent and/or temporary
whitelist and blacklist functions. • WebFilter Edition – manage and control access to
different websites categories for users, groups and IPs. • WebSecurity – manage and control restrictions to web
applications for network users, IPs or groups. • Configuration – Configure settings and administrative
features for GFI WebMonitor. • Licensing – Provides access to the licensing setup
and version information. • Quarantine – Configure and manage quarantined
items that were blocked by GFI WebMonitor. • Help – Provides help on all aspects of GFI
WebMonitor’s functionality.
GFI WebMonitor 2009 3BGetting started: Using the GFI WebMonitor dashboard • 21
GettinWebM
Introduction
g :onitor das started Using the G
hboard FI
The Dashboard nod grapinformation related to GFI WebMonitor’s operation. des: • d operat• Hits over time and• WebFilter statistic• Last blocked requ
e enables you to obtain hical and statistical This inclu
Usage an ions statistics bandwidth usage trend charts s ests and security threats.
22 • 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
The GFI WebMonitor dashboard
GFI WebMonitor Dashboard can be refreshed by clicking on the
Screenshot 6 - GFI WebMonitor Dashboard
Access the GFI WebMonitor Dashboard by clicking the Dashboard node in the navigation bar. The dashboard shows the information described in the sections below. NOTE: The
icon in the top right hand corner.
GFI WebMonitor 2009 3BGetting started: Using the GFI WebMonitor dashboard • 23
Dashboard: Statistics
Screenshot 7 – Dashboard: Operation Statistics
The information provided by this table enables you to reainformation on a number of important operatioWebMonitor. Select the hyperlinks next to Current Active Connections
dily obtain nal elements of GFI
to view the ssible from the Monitoring Active Connections, which is also acce
Node. For more information refer to the Active Connections section in this manual. Selecting the hyperlink next to Current items in Quarantine allows viewingrefer to the
a summary of the quarantine folder. For more information section named Viewing Quarantine Items.
ds scanned by the section
AV Scanned Downloads represents the total downloathe anti-virus engines. For more information refer to Scanning Engines in this manual. Select the other hyperlinks within Today’s statisticsdetail on the statistics as summarized below.
to view further
Feature Quarantined Blocked AV & Anti-Phishing Selecting the hyperlink under
Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named ‘Viewing Quarantined Items’.
SelectiBlocke
ng the hyperlink under d, allows you to review
the Top Policy Breakers Report. For further information refer to the section named ‘Top Policy Breakers’.
Download control Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information refer to the section named ‘Configuring Download Control policies’.
Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named ‘Top Policy Breakers’.
Web Filtering Selecting the hyperlink under
the section named Viewing Quarantined Items.
Selecting the hyperlink under review akers
fer to the section named ‘Top Policy Breakers’.
Quarantined to the screen allows you to configure quarantined items. For further information refer to
Blocked, allows you to the Top Policy BreReport. For further information re
24 • 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
Dashboard: WebSecurity/WebFilter Status and usage chart
The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not.
correlation between the
Screenshot 8 – Dashboard: WebSecurity and WebFilter status and usage graph
2. View a graphical representation of thenumber of hits and bandwidth use.
Dashboard: Hits over time chart
Screenshot 9: Dashboard: Hits over time graph
The hits over time chart is a graphical representation of the number of hits on a day-by-day basis for the current month. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify anomalies.
Dashboard: Bandwidth usage trends chart
Screenshot 10 - Dashboard: Bandwidth Usage Trends graph
The bandwidth usage trends chart is a graphical representation of bandwidth use on a day-by-day basis for the current month. This
GFI WebMonitor 2009 3BGetting started: Using the GFI WebMonitor dashboard • 25
enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and enables you to identify spikes and anomalies.
Dashboard: Top Categories (Sites) chart
Dashboard: Top Categories (Bandwidth) chart
Screenshot 11 - Dashboard: Top Categories (Hits) Chart
The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users.
Screenshot 12 - Dashboard: Top Categories (Bandwidth) Chart
The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis-à-vis the website categories browsed by users.
26 • 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
Dashboard: Top blocked categories (Hits) chart
Screenshot 13 - Dashboard: Top Blocked Categories chart
This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked.
Dashboard: Last blocked requests list
Screenshot 14 - Dashboard: Last Blocked Requests list
The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not.
Dashboard: Last blocked security threats list
Screenshot 15 - Dashboard: Last Blocked Security Threats list
The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify securi as early as possible enabling you to take preventive measures before your network security is breached.
ty issues
GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 27
Getting started: Monitoring Internet activity
Introduction Use the Monitoring node and its sub-nodes to examine current and historical web request data collected and processed by Microsoft ISA server. Through these nodes you can view data related to: • Active connections • Past connections • Bandwidth consumption • Sites history • Users history • Activity log
Active Connections Active connections provide information related to active connections which are processed through Microsoft ISA server’s Web Filters.
Screenshot 16 – Active connections
Access the Active connections view by clicking on Monitoring Active Connections in the navigation bar. Through this view you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To interrupt connections, click on the button in the Status column of the connection and the download will be terminated.
User column. Otherwise NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed within thethe user name is displayed as ‘unauthenticated’. NOTE 2: The information displayed is not refreshed automatically. Click on the refresh button on the upper right corner of the view to update the information being shown.
28 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
Past Connections The Past connections view shows the last 2000 complete connections processed through Microsoft ISA Server
Screenshot 17 – Past connections
Access the Past connections view by clicking on Monitoring Past Connections in the navigation bar. The information is sorted by time, with the latest URL accessed listed on top. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed in the User column. Otherwise the user name is displayed as ‘unauthenticated’. NOTE 2: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown.
Bandwidth consumption The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports: • Top Sites - Displays web sites browsed, sorted by bandwidth with
the site having the highest bandwidth at the top. • Top Users - Displays websites by windows user or IP address.
This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticate
ries browsed with the categories carrying the highest bandwidth on top.
NOTE: Within the Top Sites and Top Users reports, you can select the Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. By default, this view lists today’s default date. To view data for other days, use the controls on the upper
• Previous day – click on the back butt
d users the IP address is displayed.
• Top Categories - Report displays the top catego
right of the view:
on .
• Next day –click on the forward button .
GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 29
• Specific date – click on the calendar button , select the required d click Go to retrieve data for that date.
retrieved is displayed. NOTE 2: The information displayed is not automatically refreshed. Click refresh button
date anNOTE 1: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be
on the upper right of the view to update the information selected.
Sites History The ‘Sites History’ node enables you to identify: • The sites which are most frequently visited by your network users • The total browsing time per site.
Top Time Consumption The ‘Top Time Consumption’ view lists the sites on which network
time. The time spent browsing each site
users spent most time browsing for a specific date. The information displayed includes: • Site. The sites which were accessed • Surf• File types. The file types accessed from each site • Accessed by User / IP. The users/IPs that accessed the site. The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header.
Screenshot 18 – Sites History: Top Time Consumption
Access the ‘Top Time Consumption’ Top Time Consum
view by clicking on Sites History ption in the navigation bar.
ght of view: By default, this view lists today’s default date. To view data for other days, use the controls on the upper ri the
• Previous day – click on the back button
30 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
• Next day –click on the forward button • Specific date – click the calendar , select the required date, and,
click Go to retrieve information for that date.
nable to be
• Graphical representations of site hits over time. The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top).
NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was uretrieved is displayed. You can also click on any of the sites listed to bring up the ‘Site History Details’ view. For more information refer to the ‘Site History
accessed by network users on a specific date. The information displayed includes: • Sites - The sites that were accessed • Hits - The number of times that each site was accessed (i.e., the
number of hits) • The file types accessed from each site • Accessed by User / IP - The users/IPs that accessed the site
Details’ section in this chapter.
Top Hits Count The ‘Top Hits Count’ view lists the sites that were most frequently
Screenshot 19 – Sites History: Top Hits Count
Access the ‘Top Hits Count’ view by clicking on Sites History Top Hits Count in the navigation bar. To access graphs showing hits over time per site, select the ‘Show Hits Over Time Charts’ option. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view:
• Previous day – click on the back button
• Next day –click on the forward button • Specific date – click on the calendar button , select the required
date and click on Go to retrieve data for that date.
GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 31
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information refer to the ‘Site History Details’ section in this chapter.
Users History The ‘Users History’ provides details of which users who spent most time browsing sites and details of sites that were most frequently accessed. Three types of reports are available: • Top Surfers • Top Hits Count • Top Policy Breakers
Top Surfers
Screenshot 20 – Users History: Top Surfers
Access the ‘Top Surfers’ view by clicking on Users History Top Surfers in the navigation bar. The ‘Top Surfers’ view lists the time spent by network users browsing sites on a specific date. The information displayed includes: • User / IP. The users/IPs that browsed sites
e spent browsing sites ser.
The list can be sorted either by user/IP in ascending order, or by time t browsing in descending order (the site on which most time was t is listed on top).
ay’s default date. To view data for other upper right of the view:
• Surf Time. The tim• Sites Accessed. The sites which were accessed by each u
spenspen• To sort by user/IP, click on the User/IP column heading. • To sort by time spent on the site, click on the Surf Time column
heading. By default, this view lists toddays, use the controls on the
• Previous day – click on the back button
• Next day –click on the forward button
32 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
• Specific date – click the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error messtating that data was unable to be retrieved will be displayed.
age s
Top Hits Count
You can also click on any of the users/IPs listed to review ‘User History Details’.
Screenshot 21 – Users History: Top Hits Count
Access the ‘Top Hits Count’ view by clicking on Users History Top Hits Count in the navigation bar. The ‘Top Hits Count’ view lists the users with the highest number of site accesses on a specific date. The information displayed includes: • User/IP - The users/IPs that browsed sites. • Hits - The number of site accesses made by each user. • Sites accessed - The sites which were accessed by each user. • Graphical representations of site hits over time. The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. • To sort by user/IP, click on the User/IP column heading. • To sort by site accesses, click on the Hits column heading. To display graphs showing hits over time for each of the sites listed, select the ‘Show Hits Over Time Charts’ checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view:
• Previous day – click on the back button
• Next day –click on the forward button • Specific date – click on the calendar button , select the required
date and click on Go to retrieve data for that date. NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed.
GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 33
You can also click on any of the users/IPs listed to review ‘User History Details’. For more information refer to the ‘User History Details’ section in this chapter.
Top Policy Breakers
Screenshot 22 – Users History: Top Policy Breakers
To view the users which breached most policies, navigate to GFI WebMonitor Monitoring Users History Top Policy Breakers. When clicking on one of the users/IPs, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view:
• Previous day – click on the back button
• Next day – click on the forward button • Specific date – click the calendar button , select the required
date, and, click Go to retrieve data for that date. NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed.
34 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
Site History Details
Screenshot 23 – Site History Details
Access ‘Site History Details’ view by clicking on Sites History Top
This view shows the following information: • User / IP - All users/IPs who have accessed that site on the
specified date. • Hits -The number of times the site was accessed by each user. • The file types accessed from the site by each user. • A graphical representation of total site hits over time, for all users. • A graphical representation of user site hits over time, for each user
listed. • A graphical representation of traffic over time for each of the file
types shown, for each user. To display the graph showing total site hits over time for all users, select the ‘Show Hits Over Time Chart’ checkbox. This graph assists you in identifying the time period(s) for the ecified dates during which the site was most frequently accessedTo display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review ‘User History Details’ view. For more information refer to the ‘User History Details’ section in this chapter.
Time Consumption or Top Hits Count) from the navigation bar. From the view pane select one of the listed sites in the Site column.
sp by users.
GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 35
User History Details
Screenshot 24 – User History Details
Access ‘User History Details’ view by clicking on Users History (Top Surfers or Top Hits Count) from the navigation bar. From the
select one of the listed users/IPs in th user:
ite hits over time. • A graphical representation of specific site hits over time.
graphical representation of traffic over time for each of the file
rt helps you to identify ) for the specified date during which the user sites.
ic site hits over time for the user, inter over the number of hits for any one of
the sites listed under heading File types. A chart pops up showing the
view pane e User/IP column. The ‘User History Details’ view shows the following for a specific• Site indicates shows the sites accessed on the specified date. • Hits indicates the number of times the site was accessed. • The file types accessed from the site. • A graphical representation of total s
• Atypes shown, for a specific site.
To display the graph showing total site hits over time, select the ‘Show Hits Over Time Chart’ option. This chathe time period(s
cac essed the listed To display the graph showing specifhover with the mouse po
36 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
specified site access pattern and frequency by the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. You can also click on any of the sites listed to review ‘Site History Details’. For more information refer to the ‘Site History Details’ section in this chapter.
Activity Log
ted to:
which have failed.
items which have been blocked or quarantined • URL accessed.
Click on the refresh button
S e
Access the ’Activity Log’ view by clicking on the Activity Log node from the navigation bar.
cr enshot 25 – GFI WebMonitor Activity Log
The ‘Activity Log’ view shows all GFI WebMonitor activity rela• Items which have been blocked or quarantined • ProcessesThe ’Activity Log’ view shows the following: • The User/IP who carried out the activity • Date and time when the activity took place • Description of the activity which took place and the reason why
on the upper right of the view to update the information being shown.
GFI WebMonitor 2009 5BConfiguring allowed and blocked websites • 37
Configuring allowed and blocked
on
websites
IntroductiWhitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the
Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are
administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a
overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist
nitor. If a also listed
Configur
feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMosite is therefore listed in the Blacklist and that same site is in the Whitelist, the site will be blocked.
ing the Whitelist To access the Whitelist click on the Whitelist node in the navigationbar.
Preconfigured items By config
ured sites
to allow
Adding items to the Permanent Whitelist To add an item to the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab.
default GFI WebMonitor includes a number of prein the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websitesautomatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected.
38 • 5BConfiguring allowed and blocked websites GFI WebMonitor 2009
e (s) and/or IP(s) for
1. Click on the Whitelist node and select the Permanent Whitelist tab.
2. Click on the delete icon
Screenshot 26 – GFI WebMonitor Whitelist
2. From the drop-down lists, select whether a User, IP or Site will badded to the whitelist and provide the user(s), groupwhom the new whitelist item applies. Repeat for all user(s), group(s)
erver authentication is used to validate
cards.
setup.
nother section in GFI WebMonitor.
Delete items from the Permanent Whitelist To remove an item from the Permanent Whitelist:
and/or IP(s) required. NOTE 1: When adding a user to the whitelist, specify the username in the format DOMAIN\user. ISA Sthe user name. NOTE 2:When adding a site to the whitelist, you can use wildFor more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalizeNOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to a
next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.
Adding items to the Temporary Whitelist To add an item to the Temporary Whitelist:
GFI WebMonitor 2009 5BConfiguring allowed and blocked websites • 39
Screenshot 27 – Temporary Whitelist
1. Click on the Whitelist node and select the Temporary Whitelist tab.
Screenshot 28 – Temporary Whitelist: Granting temporary access
2. Click on Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. NOTE 1: When granting temporary access to a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the Whitelist, you can use wildcards. For more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup.
40 • 5BConfiguring allowed and blocked websites GFI WebMonitor 2009
NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE 4: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE 5: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view.
Removing items from the Temporary Whitelist 1. Click on the Whitelist node and select the Temporary Whitelist tab.
2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configuring the blacklist
Adding items to the Blacklist To add an item to the Blacklist: 1. Select Blacklist node from navigation bar.
Screenshot 29 – GFI WebMonitor Blacklist
2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for whom the new blacklist item applies. Repeat for all user(s), group(s)and/or IP(s) required. NOTE 1: When adding a user to the blacklist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.
GFI WebMonitor 2009 5BConfiguring allowed and blocked websites • 41
NOTE 2: When adding a site to the blacklist, you can use wildcards. For more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete items from the Blacklist To delete an item from the Blacklist: 1. Select Blacklist node from navigation bar.
2. Click on the delete icon next to the item you want to delete. 3. Complete deleting blacklist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view o o section in
Using wildcards
t m ve to anotherGFI WebMonitor.
When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below:
Example Description *.com Allow/block all ‘.com’ top-level domains
*.website.com Allow/block all sub domains of the ‘website.com’ domain
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 43
WebFiconte
Introductio
lter Edition – Site rating and t filtering n
n GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI
then uses the configured web filtering policies to at action to take. This may be one of the following
WebMonitor determine whactions: • Allow access to site • Block access to site and quarantine the related file URL • Block access to site and delete related URLs. Policies can be customized to apply during specific time periods; for example a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor.
Configuring Web Filtering policies
Adding a Web Filtering Policy To add a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Select Add Policy.
44 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009
Sc nshot 30 –Adding a Web Filtering policy: general settings ree
3. Click on the General tab. 4. Provide new policy name and descriptionand the Policy Description text box respect
in the Policy Name field ly. ive
I5. n the Policy Schedule area specify the time period(s) during which the new policy will be enforced.
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 45
Screenshot 31 –Adding a Web Filtering policy: web filtering categories
6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: • Allow categories: Select categories from the Blocked Categories
list and click Allow>. • Block categories: Select categories from the Allowed Categories
list and click <Block. • Quarantine access: Select categories from the Allowed
Categories list and click <Quarantine. NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information refer to the ‘Configuring advanced web filtering policies conditions’ section.
46 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009
Screenshot 32 – Adding a Web Filtering policy: web filtering exceptions
7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs which are: • Excluded (i.e. allowed) from the policy. This enables users to
NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy.
access sites overriding any policy setup.• Included (i.e. blocked) in the new policy. The URLs specified in the
included sites will be blocked regardless of the scope of the new policy.
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 47
policy applies. Repeat for all user(s), group(s)
SA Server authentication is used to validate the user
he group name.
Screenshot 33 –Adding a Web Filtering policy: who it applies to
8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the newand/or IP(s) required.
NOTE 1: When adding a user, specify the username in the format DOMAIN\user. Iname. NOTE 2: When adding a group ISA Server authentication is used to validate t
Screenshot 34 – Adding a Web Filtering policy: Notifications
9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy
48 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009
checkbox if required. Complete setup by updating administrator’s
The newly
notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrator’s text box. 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 11. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
created policy will now be listed in the main Web Filtering Policies view.
Editing a Web Filtering Policy To edit a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar.
2. Click on the edit icon next to the policy you want to edit. 3. Refer to ‘Adding a Web Filtering Policy’ section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Disabling a Web Filtering Policy To disable a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in
lick on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor.
Enabling a Web Filtering Policy 1. C
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 49
Deleting a Web Filtering Policy 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar.
2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Default web filtering policy GFI WebMonitor - WebFilter Edition ships with a default web filtering policy which applies to all users. The policy name is listed as ‘Default Web Filtering Policy’. This policy can be edited but it cannot be disabled or deleted. If you
Configurin
want to edit the default policy, refer to the ‘Editing a Web Filtering elated to editing web
filtering policies.
hese
Policy’ section in this chapter for information r
NOTE 1: All user-created web filtering policies take precedence over the default web filtering policy. NOTE 2: Certain fields in the default policy cannot be edited. Tinclude Policy Name, Policy Description and fields in the Applies To tab.
g advanced web filtering policy conditions Advanced web filtering policy conditions give you greater flexibility in defining which sites should be allowed or blocked. These advanced policy conditions take precedence over categories you may have already specified in the Allowed Categories and Blocked
nced web filtering policy condition
Categories list boxes.
Adding an advaTo create an advanced web filtering policy condition:
50 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009
Screenshot 35 – Web filtering policy
1. From the Web Filtering tab click on Show Advanced Options. dition to view the Edit Properties dialog where vanced condition.
ies which will enable you to allow,
h fall under the categories ‘Adult and
a. Select ‘Adult and pornography’ from Available Categories list box and click on Use Category b. Select ‘IM Client’ from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition.
4. Click on Save Settings to finalize settings. NOTE 1: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the ‘Adult themes’ category. Likewise, the site is NOT blocked if it only falls only under the ‘Sexuality’ category. NOTE 2: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Editing an advanced web filtering policy condition g policy condition:
changes you made.
2. Click on Add Conyou will create the ad3. Specify a combination of categorblock or quarantine sites. For example, to block sites whicpornography’ AND ‘IM Client’:
To edit an advanced web filterin1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the advanced policy to edit to display the Edit Properties dialog where you can edit the advanced condition. 3. Click OK to apply the
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 51
NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
an advanced web filtering policy condition: Removing an advanced web filtering policy condition To delete1. From the Web Filtering tab click on Show Advanced Options.
2. Click on the delete icon next to the advanced policy you want to delete. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in
WebGrade
GFI WebMonitor.
Database settings
Screenshot 36 – WebGrade Database settings
Through the WebGrade Database settings view you can: le/disable online lookups le/disable the database
• e database update• k the presence or vali local
database and se1. Access the ‘WebGrade Database’ settings view by clicking on WebFilter Edition Web Filtering Policies WebGrade Database from the navigation bar. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field.
• Enab• Enab• View the database status, version and license details Configur s
Chec dity of any URL with the active WebGrade nd feedback.
52 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009
3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Complete setup by clicking on Save Settings. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling/disabling online lookups 1. Click on WebFilter Edition Web Filtering Policies WebGrade Database. 2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation.
Viewing updated online lookups Online lookup enables GFI WebMonitor to synchronize with a global internet database server for reviewed URLs. To review changes after these have been updated: 1. Click on WebFilter Edition. 2. Select Add Policy from the view pane. The Web Filtering Policy is displayed within the view pane. Categories are updated under the Blocked Categories and Allowed Categories headings.
Enabling/disabling the database To enable or disable the database: 1. Click on WebFilter Edition Web Filtering Policies WebGrade Database 2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories.
Configure database updates Through the checkboxes within the WebGrade Database Updates area in the WebGrade Database settings view you can: • Configure whether the WebGrade Database should be updated
automatically or manually • Configure the frequency with which available updates should be
installed • Configure if an email notification should be sent upon successful
updating of the WebGrade Database • Manually update the WebGrade Database by clicking Update
Now.
GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 53
Checking URL categories The Check URL category tool enables you to key in a URL and
. If cal
To check a URL category: 1. Key in a URL in the check URL field 2. Click Check URL category. The category in the active local WebGrade database is displayed beneath the URL field. To report a missing or incorrect category, update the URL, click on
mit Feedback, and fill out the form displayed in your browser,
check for its category within your active local WebGrade databasethe category is not found or if the category listed in the loWebGrade database does not match with the website’s category, youcan report it for update.
Suband, click Submit.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 55
WebSecurity Edition – File scanning and download control
on IntroductiGFI WebMonitor’s WebSecurity features scan and usarestrictions for various applications to users, IPs or groupnetwork. The control policies are:
controls
ge control s on your
Download
• Download Control Policies – Software download • IM Control Policies – Control use and access of MSN / Windows
Live Messenger • Virus Scanning Policies – configure which downloaded files should
be scanned for viruses and spyware. • Anti-Phishing Engine – Configure protection to network users from
phishing sites.
Control policies GFI WebMonitor identifies the real file type of the file being downloaded and then applies Download Control Policies to determine what action to take. This may be one of the following actions: • Allow the file to be downloaded • Block the file from being downloaded and quarantine the file URL • Block the file from being downloaded and delete all related URLs For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options.
Screenshot 37 - Download Control Policies
56 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
Adding a new Download Control Policy To add a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Click on Add Policy. 3. In the General tab provide a new policy name and description in the Policy Name field and the Policy Description text box respectively.
Screenshot 38 - Add new download control policy: Download control tab
rious file types. 4. Click on the Download Control tab to configure the actions to be taken on the va
Screenshot 39 - Add new download control policy: Add new content type
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 57
5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add.
Screenshot 40 - Add new download control policy: Change Action dialog
6. Click on any file type from the list to display the Change Action hat file type. From the
lect the applicable action to be
uarantine
dialog and configure the actions to be taken for tPerform this action: drop down list setaken. The available options are: • Allow • Block and Q• Block and Delete Click OK to apply the action.
Screenshot 41 - Download control policies: Applies to tab
58 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. NOTE 2: When adding a user or a group, ISA Server authentication is used to validate the user or group name.
following
sers to be notified when the policy you are erforming his policy
NOTE: The notification is sent only if ISA Server authentication is possible and the user can be validated. 10. Complete the new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings will lose all settings.
Screenshot 42 – Download control policies: Notification tab
8. Click on the Notifications tab and select Notify theadministrators when the download content infringes this policy checkbox if required. Enter the administrator’s email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the ucreating is breached, select the option Notify the user pthe download when the downloaded content infringes tcheckbox and provide the notification email text.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 59
The policy created will be listed in the main Download Control Policies view.
Editing a Download Control Policy To edit a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar.
2. Click on the edit icon next to the policy you want to edit. 3. Refer to ‘Adding a Download Control Policy’ section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose
to another section in settings as soon as you leave the view to moveGFI WebMonitor.
Disabling a Download Control Policy To disable a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. CNO ettings means that you will lose settGFI
Enatrol policy:
omplete disabling a download policy by clicking on Save Settings TE: Failing to click on Save Sings as soon as you leave the view to move to another section in WebMonitor.
bling a Download Control Policy To enable a previously disabled download con1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete a Download Control Policy To delete a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar.
2. Click on the delete icon next to the policy you want to delete.
s you leave the view to move to another section in
3. Complete deleting a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon aGFI WebMonitor.
60 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
Default Download Control Policy GFI WebMonitor - WebSecurity Edition ships with a default download
h is not in the predefined list:
control policy which is configured to apply to all users. The policy name is listed as ‘Default Download Control Policy’. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the ‘Editing a Download Control Policy’ section in this chapter for information related to editing download control policies. NOTE 1: All user-created download control policies takes precedence over the default download control policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.
Adding Content-types GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type whic
olicy, select Download Control tab and click on Add Content-type.
1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Click on Add P
Screenshot 43 - Add new content type
3. Key in the content-type in the Content-Type field in the format
t type by clicking on Save Settings content-types are not real file type
u will lose e view to move to another section in
type/subtype and click on Add. 4. Complete keying in anew contacNOTE 1: Files for user added checked as is the case with preconfigured file types.
Settings means that yoNOTE 2: Failing to click on Save settings as soon as you leave thGFI WebMonitor.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 61
Configuring Instant Messaging (IM) Control Policies GFI WebMonitor enables administrators to control the use of MSN
all users,
WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies.
Messenger and Windows Live Messenger. These controls can be configured from WebSecurtiy Edition IM Control Policy node. The Default IM Control Policy is the control applicable tohowever specific controls to particular users, groups or IPs can be configured as described below.
Adding a new IM Control Policy To add a new IM control policy: 1. From the GFI
2. Click Add Policy and select the General tab.
nd description
Policy Name field and optionally
Screenshot 44 - Add new IM Policy – assign a name a
3. Key in the new policy name in theenter a brief description in the Policy Description text box.
Screenshot 45 - Add new IM Policy – Set IM Controls
62 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
4. From the IM Control tab, choose to block or allow instant messaging communications:
• Block all MSN / Windowsall communications via M
Live Messenger communications – SN or Windows Live Messenger is
blocked. • Allow MSN / Windows Live Messenger communications – the
use of MSN or Windows Live Messenger is allowed.
Screenshot 46 - Add new IM Policy - Applies To tab
5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user names and groups.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 63
Screenshot 47 - Add new IM Policy – Notifications tab
6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email
address(es) when a user tries to
xt box, edit the email message text which will be sent in the email notification
9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download.
NOTE: Notification is sent only if user is validated through ISA Server authentication. 10. Complete the new IM policy setup by clicking Save Settings. NOTE: Failing to click on Save Settings will lose all settings The new policy will be listed in the main IM Control Policies view.
notification to the configured email access blocked IM policies.
7. Add the administrator(s) email address(es) to be notified in theEmail Address box.
8. In the Send the following notification to the administrators te
64 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
Editing an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity
con
Edition IM Control Policies.
2. Click on the edit i next to the policy you want to edit. l policy tabs and edit settings accordingly.
navigating to other sections.
3. Navigate in the contro4. Click Save Settings when finished. NOTE: If the settings are not saved, all configurations are lost when
Enabling/Disabling an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. In the Enabled column, check or uncheck the policy you want to enable or disable respectively. 3. Click Save Settings when finished.
Deleting an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the delete icon next to the policy you want to delete. 3. Click Save Settings when finished.
gConfigurin Virus Scanning Policies For allowed downloads, GFI WebMonitor applies virus scanning controls which include any of the following: • Display download progress and status • Scan the downloaded file with any of the supported virus scanners • Take any of the following action when a virus is detected:
o Issue a warning, but allow access to the downloaded file o Block access to the downloaded file and quarantine o Block access to the downloaded file and delete it
Screenshot 48 - Virus Scanning Policies
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 65
Adding a Virus Scanning Policy To add a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Click on Add Policy . 3. Click on the General tab.
Screenshot 49 - Add new virus scanning policy
scription in the Policy Name field n text box respectively.
4. rovide new policy name and deand the Policy Descriptio
P
Screenshot 50 - Add new virus scanning policy: Virus scanning tab
66 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: • Warn and Allow • Block and Quarantine • Block and Delete
Screenshot 51 - Add new virus scanning policy: Applies to tab
6. Click OK, select Applies Tab and specify the user(s), group(s) plies. Repeat for all user(s),
NOTE 2: When adding a group ISA Server authentication is used to validate the group name.
and/or IP(s) for whom the new policy apgroup(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 67
Screenshot 52 - Add new virus scanning policy: Notification tab
Notifications tab and select Notify the following
ave just created will be listed in the main Virus Scanning Policies view.
To edit a virus scanning policy:
7. Click on the administrators when the download content infringes this policy checkbox if required. Complete setup with the administrator’s notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box.
the policy you are creating e user performing the
this policy
cation is sent only if ISA Server authentication is
new policy setup by clicking on Save Settings
8. If you require users to be notified when is triggered, select the option Notify thdownload when the downloaded content infringes checkbox and provide the notification email text. NOTE 1: The notifipossible and the user can be thus validated. 9. CompleteNOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. The policy you h
Editing a Virus Scanning Policy
68 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar.
2. Click on the edit icon next to the virus scanning policy you want to
3. Complete di olicy by clicking on Save Settings.
edit. 3. Refer to ‘Adding a Virus Scanning Policy’ section in this chapter, for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Disabling a Virus Scanning Policy To disable a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable.
sabling a virus scanning p
Save Settings means that you will lose
NOTE: Failing to click on Save Settings means that you will lose
settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling a Virus Scanning PolicyTo enable a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. NOTE: Failing to click onsettings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete a Virus Scanning Policy To delete a Virus Scanning Policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar.
2. Click on the delete icon next to the policy you want to delete. 3. Complete deleting a virus scanning policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 69
Default Virus Scanning Policy GFI WebMonitor WebSecurity Edition ships with a default virus scanning policy which is configured to apply to all users. The policy name is listed as ‘Default Virus Scanning Policy’. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the ‘Editing a Virus Scanning Policy’ section in this chapter for information related to editing virus scanning policies. NOTE 1: Any user-created virus scanning policy takes precedence
Scanni
over the default virus scanning policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.
ng Engines Through the Virus & Spyware Protection view you can:
iew click on
:
• Enable/Disable one or more of the supported engines • View the licensing status • Configure anti-virus engine/signature updates for each one of the
scanning engines To access the Virus & Spyware Protection vWebSecurity Edition Virus Scanning Policies Virus & Spyware Protection from the navigation bar.
Enabling/disabling the scanning engines To enable or disable one or more of the scanning engines1. Click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection.
Screenshot 53 - Virus & Spyware Protection
2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. NOTE: Disabling a virus scanning engine denotes that GFI WebMonitor cannot use that engine. 3. Complete Virus scanning engine setup by clicking on Save Settings
70 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configure anti-virus updates Through the configuration view for each one of the supported scanning engines you can: • View the scanning engine status, version and license details • Check or uncheck checkboxes that enable automatic or manual
scanning engine/signature updates • Configure the frequency with which available updates should be
installed • Check or uncheck checkboxes that enable the configuration of an
email notification message that should be sent upon successful updating of scanning engines/signatures
by clicking Update Now.
• Manually update scanning engines/signatures
Screenshot 54 - BitDefender Properties
Norman Anti-Virus Properties Screenshot 55 -
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 71
Kaspersky Scanning Engine Options From the configuration view for the Kaspersky scanning engine you can specify whether Virus Scanning Policies should be triggered when files are identified as: • Suspicious • Corrupted • Hidden
Screenshot 56 - Kaspersky Anti-Virus Properties
1. Click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection Kaspersky Anti-Virus. 2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Complete setup by clicking on Save Settings. NOTE: Failing to click on Save Settingssettings as soon as you leave the view to move
means that you will lose to another section in
Anti-Phish
GFI WebMonitor.
ing Engine Through the Anti-Phishing Engine view you can:
ing feature licensing status
nti-Phishing Engine from the navigation bar.
• Enable/Disable anti-phishing • View the anti-phish• Configure anti-phishing database updates To access the ‘Anti-Phishing Engine’ view click on WebSecurity Edition A
72 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
Enabling/disabling the Anti-Phishing Engine To enable or disable the Anti-Phishing Engine: 1. Click on WebSecurity Edition Anti-Phishing Engine. 2. Click on the General tab.
Screenshot 57 - Anti Phishing engine properties
Block access to phishing sites checkboxatures.
FI lock phishing sites.
Save Settings means that you will lose settings as soon as you leave the view to move to another section in
gs view you can: g Database should be updated
automatically or manually. hich available updates should be
ation should be sent upon successful updating of the Anti-Phishing Database;
• Manually update the Anti-Phishing Database by clicking Update Now.
To configure Anti-Phishing database updates: 1. Click on WebSecurity Edition Anti-Phishing Engine.
3. Check or uncheck the to enable or disable anti-phishing feNOTE 1: Disabling the anti-phishing engine implies that GWebMonitor cannot use that engine to b4. Complete anti-phishing engine setup by clicking on Save Settings NOTE 2: Failing to click on
GFI WebMonitor.
Configure Anti-Phishing database updates Through the checkboxes within the Anti-Phishing Updates area in the Anti-Phishing Engine settin• Configure whether the Anti-Phishin
• Configure the frequency with winstalled.
• Configure if an email notific
GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 73
2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configure phishing notifications Through the Notifications tab in Anti-Phishing Engine settings view you can specify whether email notifications are to be sent when a site being accessed is a known phishing site. To enable phishing notifications: 1. Click on WebSecurity Edition Anti-Phishing Engine.
l text. Also provide the body text for the notification email in the Send the following notification to the
tified when a phishing site is user accessing the site if the site
Screenshot 58 - Anti-Phishing notification tab
2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrator’s notification email address and notification e-mai
administrators’ text box. 3. If you require the user to be noaccessed, check the Notify the
74 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009
accessed is a known phishing site checkbox and provide the notification email text.
is sent only if ISA Server authentication is thus validated.
4. Complete phishing notifications setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose phishing notification settings as soon as you leave the view to move to another section in GFI WebMonitor.
NOTE: The notification possible and the user can be
GFI WebMonitor 2009 8BConfiguring GFI WebMonitor • 75
Configuring GFI WebMonitor
on IntroductiGFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane:
who can access GFI WebMonitor web interface for configuration and monitoring.
orting: Configure the database settings for reporting.
Administrative Access Control
• Administrative Access Control: Configure
• Notifications: Configure alerting options for email notifications on important events.
• General Settings: Configure the data retention, download cache and temporary whitelist policies.
• Rep
Access to GFI WebMonitor is based on IP or ISA Server authenticated username. Only users/IPs in the authorized list are allowed access.
Adding users/IPs to the access permissions list To add a user or IP to the access permissions list: 1. From the GFI WebMonitor navigation bar select Configuration Administrative Access Control.
Screenshot 59 – Configuring administrative access control
2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the
76 • 8BConfiguring GFI WebMonitor GFI WebMonitor 2009
new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the access control list, specify the
add the new item to the list and on Save Settings
on Save Settings means that you will lose settings as soon as you leave the view to move to another section in
ss permissions list: 1. Click on the Administrative Access Control node.
2. Click on the delete icon
username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. 3. Click on Add toto finalize setup. NOTE 2: Failing to click
GFI WebMonitor.
Deleting users/IPs to the access permissions list To remove a user or IP to the acce
next to the user/IP you want to delete. 3. Click on Save Settings to finalize deleting users/IPs. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Notifications Notifications are sent by email to administrators on important events including: • Items being quarantined • WebGrade Database, anti-virus signature update failures • WebGrade Database, anti-virus signature update success • Approaching expiry of WebGrade Database and a
signature update licenses. nti-virus
ify the email address from which notifications will be TP port. il settings setup.
r.
ail recipients
GFI WebMonitor navigation bar select Configuration
Configuring email settings To configure email settings: 1. Click on Notifications node 2. Go to the Send administrative emails using the following settings and specsent as well as the SMTP server and SM3. Click on Save Settings to finalize emaNOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonito
Configuring emTo add recipients to whom notifications are sent: 1. From theNotifications node
GFI WebMonitor 2009 8BConfiguring GFI WebMonitor • 77
Screenshot 60 – Configuring notifications
2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
ients:
the delete icon
Deleting recip1. Click on Notifications node
2. Click on next to the email address you want to
click on Save Settings means that you will lose iew to move to another section in
General Se
delete. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to settings as soon as you leave the vGFI WebMonitor.
ttings Through the General Settings node you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration General Settings node
78 • 8BConfiguring GFI WebMonitor GFI WebMonitor 2009
Screenshot 61 - Configuring General Settings
1. In the Data Retention area specify how long, in days, will browsing activity data be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. 2. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the
uests for the same file.
quarantine be kept in the Temporary
cache will speed up subsequent reqNOTE: Set the value to zero hours if you want to disable the cache. 3. In the Temporary Whitelist area specify how long (in hours), will items approved from theWhitelist. This is the amount of time available to the user during which the approved URL is accessible.
GFI WebMonitor 2009 9BHandling blocked downloads • 79
Handling blocked downloads
Introduction GFI WebMonitor includes a quarantine feature; a restricted, safe andcontrolled storage area where potentially harmful downloadstored. Policies may be set where downloaded files/URLs are blockedand stored in quarantine. Downloaded files may be quarantined as a
files are
result of one or more configured policies in the following categories being triggered: • Download Control Policies • Web Filtering Policies Virus Scanning Policies
the quarantine to: • Establish the reason for which a download file is being quarantined • Determine whether the file is harmful or harmless and should be
deleted or approved. If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: • Those transferred to quarantine today • Those transferred to quarantine yesterday
e this week • All items transferred to quarantine
Approving
•Administrators should review
• Those transferred to quarantin
or Deleting items
Viewing quarantined items formation is shown for all items listed in the
ed On. Date and time when the item was quarantined. user/IP who accessed the item which is now quarantined.
• Download URL - details of the quarantined item. • Quarantine reason - The reason why the item was quarantined. To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to either review all items or those for a specified period:
The following inquarantine: • Quarantin• The
80 • 9BHandling blocked downloads GFI WebMonitor 2009
• Today • Yesterday • This Week • All Items
lable tabs to view a list of items
test item being
Screenshot 62 - Quarantine
2. Click on each one of the avaiquarantined for each respective policy category: • Download Control Policies tab • Web Filtering Policies tab • Virus Scanning Policies tab Lists are sorted in descending order, with the laquarantined shown at the top of the list. 3. Click on the details icon to view details for that item.
5. Use the navigation icons
4. Click Go Back To List to move back to the list of quarantineditems.
to navigate through a long list of quarantined items.
Approving quarantined items To approve one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon
GFI WebMonitor 2009 9BHandling blocked downloads • 81
ly if the user has been s a valid
e
Temporary Whitelist. Refer to
Screenshot 63 - Approving a quarantined item
4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE 1: The user email address is shown onauthenticated through ISA Server authentication, and haActive Directory email field. NOTE 2: Using the checkbox associated with each entry in thquarantine enables multiple file whitelisting. NOTE 3: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to thethe Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE 4: Quarantined items which are not approved after 2 days are automatically deleted.
Deleting quarantined items To delete one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon 4. If you decide that the downloaded file should be deleted, click Delete Item 4. Click Delete Selected Item to make the downloaded file available to users or Delete All Items to make all items in a quarantine available to users. NOTE 1: Using the checkbox associated with each entry in the
letion. quarantine enables multiple file de
82 • 9BHandling blocked downloads GFI WebMonitor 2009
NOTE 2: Quarantined items which are not approved after 2 days are automatically deleted.
GFI WebMonitor 2009 10BReporting Setup • 83
Reporting Setup
Introduction GFI WebMonitor enables you to store data in a database for statistical information analysis using GFI WebMonitor ReportPack. In this section you will find information about: • How to enable or disable information gathering
Enabli
• Configuring reporting options
ng Reporting To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration Reporting node
84 • 10BReporting Setup GFI WebMonitor 2009
Screenshot 64 - GFI WebMonitor Reporting setup
2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password c
which enables GFI WebMonitor to connect and audit the Get
y purposes, passwords can only be configured from the machine where GFI WebMonitor is installed.
update reporting data now button
he Microsoft SQL server backend database as configured features. There are instances however
anually,
rage location to a central database
ombination and Database namedata to the database in the respective order. You can useDatabase List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For securit
TheDaily at midnight, GFI WebMonitor automatically transfers any data logged to twhen enabling the reportingwhen you would want to trigger the data retrieval process msuch as: • When upgrading GFI WebMonitor a the version that supports
reporting. • When migrating data stored in files in a sto
GFI WebMonitor 2009 10BReporting Setup • 85
• To test configuration settings. hers, clicking on the Update reporting
rocess.
Disabling R
In these cases, amongst otdata now triggers the retrieval pNOTE: Data is always collected for complete 24 hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked.
eporting To disable reporting features:
checkbox and click Save Settings 1. Click on the Reporting node. 2. Uncheck the Enable Reportingto disable reporting.
GFI WebMonitor 2009 11BMiscellaneous • 87
Miscel
Introduction
laneous
In this section you will find information on updating GFI WebMonitor license
Entering your license key after installation After installing GFI WebMonitor you can enter your license key without re-installing or re-configuring the product. To achieve this: 1. Click on the Licensing node from the navigation bar. 2. Key in the license key provided by GFI Software for one of the three GFI WebMonitor editions in the License Key field. 3. Click on Save Settings.
88 • 12BTroubleshooting GFI WebMonitor 2009
Troubleshooting
Introduction The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: • The manual – most issues can be solved by reading this manual. • GFI Knowledge Base articles • Web forum • Contacting GFI Technical Support
Knowledge Base GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most up-to-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.
Web Forum User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.
Request technical support If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. • Online: Fill out the support request form on:
http://support.gfi.com/supportrequestform.asp. Follow the instructions on this page closely to submit your support request.
• Phone: To obtain the correct technical support phone number for your region please visit: http://www.gfi.com/company/contact.htm.
NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone.
GFI WebMonitor 2009 12BTroubleshooting • 89
Build notifications We recommend that you subscribe to our build notificatway, you will be immediately notified about new productsubscribe to our build notifications, visit:
ions list. This builds. To
http://www.gfi.com/pages/productmailing.htm.
GFI WebMonitor 2009 12BTroubleshooting • 91
Index
.
.NET 11
A
Access Permissions 73 Active connections 25, 26 Active CActivity Lalerts 14 Anti-Phisanti-virus
B
blacklist
D
download control 7, 9, 53, 54, 55, 57, 58
E
Evaluation 10
G
General Options 73 graph 32, 33, 34
H
hardware requirements 11
I installation 14 ISA Server 7, 8, 9, 11, 14,
25, 26, 36, 37, 38, 45, 46, 56, 64, 65, 72, 73, 74, 79
L
License 85 licensing 12
P
Past Connections 25, 26
S
Site History Details 28, 32, 34
Sites History 25, 27, 28, 32 Software requirements 11 System requirements 11
T
Troubleshooting 86
U
UnifiedProtection 7, 9, 11 User History Details 30, 31,
32, 33 Users History 25, 29, 30, 33
W
WebFilter 7, 8, 9, 11, 18, 35, 41, 46, 47, 49, 50, 73
WebGrade 7, 8, 9, 41, 49,
urity 7, 9, 11, 18, 35,
onnections 25 og 25, 34
hing 69, 70, 71 9, 14, 67, 68, 74 50, 74
WebSec
8, 9, 18, 38, 39 39, 73, 79 wizard 12
53, 54, 57, 58, 63, 66, 67, 69, 70, 71, 73
whitelist 8, 9, 18, 36, 37, 38,