ViRobot Management System 4.0

106 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

ViRobot Management System 4.0

USER GUIDE

(2)
(3)

Contents

1. ViRobot Management System 4.0 ... 5

1.1 Overview ... 5

1.2 Check Points for Installation ... 5

1.3 System Requirements ... 6

2. Key Features ... 8

2.1 ViRobot Management System Server ... 8

2.1.1 VMS Server Log Viewer ... 8

2.1.2 VMS Server Settings ... 11

2.1.3 VMS Server Updates ... 19

2.2 ViRobot Management System Console ... 20

2.2.1 VMS Console Login ... 20

2.2.2 VMS Console Monitoring ... 21

2.2.3 Management Menu ... 22

2.2.4 Policy Management ... 43

2.2.5 Console Configuration ... 88

2.3 ViRobot Management System Agent ... 91

2.3.1 Settings ... 91

2.3.2 Log Viewer ... 95

2.3.3 View Notice ... 98

2.3.4 Update ... 99

2.3.5 Check Server Connection ... 100

2.3.6 Virus Scan ... 101

2.3.7 Display ViRobot ... 102

2.3.8 Stop Real-Time Monitoring ... 103

2.3.9 Information ... 103

3. Potential issues and troubleshooting methods on using ViRobot Management System 4.0 ... 105

3.1 How to troubleshoot the issues ... 105

3.1.1 Potential issues on installation ... 105

(4)

Chapter 1

ViRobot Management System 4.0

Introduction

(5)

1.

ViRobot Management System 4.0

1.1 Overview

ViRobot Management System 4.0 is a total management tool of HAURI with client vaccine management as major function.

As this user guide is to correctly operate ViRobot Management System 4.0, please refer to the contents in this guide for effective operation.

1.2 Check Points for Installation

1) Communication Port

Product Port Function

VMS Server

18600 As one of the service ports that configures VMS 4.0 server, VMS Server is communications channel to Agent for policy distribution. 18604 As one of the service ports that configures VMS 4.0 server, it is a communications channel to process commands by connecting data received from

VMS Agent with database system.

18607 As a port to receive local or remote administrator command, it receives and performs functions related to VMS server settings and management. 18632 One of the VMS server communications channels that collects and records suspicious files as virus, proactive blocked files, and disinfected files, and

automatically sends them to Hauri Collection Server. 18639

A communications channel to distribute VMS module, ViRobot module, Hauri common module, and engine module sent by request of VMS Agent.

VMS Agent 18605

A communications channel to transmit/receive data from VMS Agent Service to VMS Console, VMS Server, and Socket.

(6)

1.3 System Requirements

Minimum hardware/software requirements for running VMS Server, VMS Console, and VMS Agent are as follows.

VMS Server VMS Console VMS Agent

CPU Pentium 4 1.5 GHz or higher Pentium 4 1.5 GHz or higher Pentium 3 1GHz or higher

Memory 1GB or higher 1GB or higher 512MB or higher

HDD 5GB of free disk space or more 2GB of free disk space or more 500M of free disk space or more

OS Windows Server 2000 SP3 or higher Windows Server 2003 Windows Server 2008 Windows XP Pro

Windows Vista/7 (32bit/64bit)

Windows Server 2003 Windows Server 2008 Windows XP Pro Windows Vista/7 (32bit/64bit) Windows Server 2000 SP3 or higher Windows Server 2003 Windows Server 2008 Windows 2000 Pro Windows XP Pro Windows Vista/7 (32bit/64bit) SW MS SQL 2005 Winsock 2.0 or upper version Net FrameWork 3.5 Winsock 2.0 or upper version Windows 2000 Internet Explorer 6.0, Winsock 2.0 or upper version

(7)

Chapter 2

ViRobot Management System 4.0

Key Features

(8)

2.

Key Features

2.1 ViRobot Management System Server

2.1.1 VMS Server Log Viewer

It provides user with a function to check database (logs) information from VMS Server. VMS Server system information and logs information saved in DB can be checked.

① System Information Screen

¾ It consists of Server information, Database information, Service status, and Update information. The system information can be checked as below.

[Fig. 1] VMS Server System Information

I. Server Information

¾ Server type: Primary server or secondary server is displayed.

¾ Center server: SUS (Signature Update Server) connected to Hauri is displayed.

¾ Authentication status: License status of VMS server is displayed.

¾ Collecting service: Collect service status information is displayed.

¾ HDD Free Size: Available hard disk capacity is displayed.

¾ HDD Total Size: Total hard disk capacity of System is displayed.

¾ Install Path: VMS Server 4.0 installed path is displayed. II. DataBase Information

¾ DataBase Type: Type of DBMS connected to VMS server is displayed.

¾ DataBase IP: DBMS IP address is displayed.

¾ DataBase backup ratio: DB backup ratio is displayed.

¾ DataBase Mdf Size: MS SQL database actual data file size is displayed.

¾ DataBase Ldf Size: MS SQL database log data file size is displayed. III. Service Status

(9)

¾ Management service: Management service status is displayed.

¾ Data collecting service: Data collecting service status is displayed.

¾ Policy service: Policy service status is displayed.

¾ File service: File service status is displayed.

¾ Update service: Update service status is displayed.

¾ Collecting service: Collecting service status is displayed.

¾ Log service: Log service status is displayed. IV. Update Information

¾ Module name: Installed module name is displayed.

¾ Module version: The latest version information of each module is displayed.

¾ Engine version: The latest engine version information is displayed. ② Log Information

¾ It provides a function that checks logs by service of VMS server via database.

[Fig. 2] VMS Server Log Information

I. Manager Server

¾ Log of management service’s start/stop and VMS server setting changes is displayed. II. Data server

¾ Process results for data from VMS agent can be checked. III. Policy server

(10)

VI. Scheduler

¾ Scheduler task process results of VMS Agent can be checked. VII. Collecting server

(11)

2.1.2 VMS Server Settings

VMS Server is provided as server type service, and Windows system tray icon is shown after installation.

[Fig. 3] VMS Server Main Screen

① Settings

¾ VMS server type and notification function can be set. I. Select server type

A. Main server

¾ If VMS Server is at the top place, it can be applied to main server. If main server is selected, UI will be inactivated. If subserver is selected, server address setting will be enabled.

B. Subserver

¾ Change the role of VMS Server to subserver. → Add: Input IP address of VMS upper server.

(12)

→ Check: Check connection to specified VMS server. → Subserver option: Set for subserver options.

9 Policy: Set to synchronize the organization chart and policy information from upper server. If this option is selected, policy data is synchronized from upper server so that they can’t be operated separately. In other words, if the option is selected, user can’t use policy management function nor can’t configure a group on access to subserver via VMS console, neither. (Default: Enable)

[Fig. 5] VMS Secondary Server Options

(13)

[Fig. 7] VMS server console on synchronizing subserver policy

9 File sending: Select the suspicious files to report from subserver to upper server. (Default: Enable)

II. Notice

¾ Select automatic notification function by setting below options. (Default: Disable) A. HDD size limit (1GB)

B. Send a notification if viruses are detected as the following criteria.

¾ Set the time limit and number of virus infection that will be applied. Time limit can be input by minute, and number of virus infection is based on the cases of detected virus.

C. Daily virus status

¾ Based on date, virus infection status is sent by email.

D. Administrator mail setting: E-mail address, SMTP, account name, and password are necessary information.

¾ E-mail address: Set email address specified in mail server

¾ Sending e-mail(SMTP): Input server address for use at email transmission

¾ Account name: Input registered account in mail server.

¾ Password: Input password for e-mail account.

[Fig. 8] Administrator email setting of notification Function

② Update

¾ Set for all VMS server update functions such as update cycle, update module, and update via proxy.

(14)

[Fig. 9] VMS server update

I. Update cycle A. Update cycle

¾ Update cycle is specified to update VMS server latest patterns and engine files by connecting to Hauri SUS (Signature Update Server). If schedule is set for 0, update cycle will be disabled. (Available range: 0~86400, Default: 14,400 seconds)

B. Schedule update

¾ Make VMS server to perform update by setting update time.

[Fig. 10] VMS Server Scheduled Update

→Update restricted settings: Make the server start to update after the specified time. (Default: Do not set)

9 Do not set: No limit for update starting time

9 Settings: It restricts the server from attempting update until the specified time.

→Update cycle setting: Specify the cycle at scheduled update. (Default: Do not set)

9 Do not set: Unspecified update cycle.

9 Daily: Attempt to update daily as specified number of times. The number of times can be set from 2 to 99.

9 Weekly: Attempt to update according to the specified day. II. Update module

¾ Select the module to update from server of Hauri. For selecting update module, click check box twice, then it will be set/cancelled. (Default: Enable all)

(15)

¾ ISMS 3.5: Previous product of VMS 4.0 (Total Security Management Solution of Hauri). If selecting this option, update runs for ISMS 3.5 module.

¾ VMS4.0: Module for controlling ViRobot. If selecting this option, update runs for VMS module.

¾ VRIS2011: Module for ViRobot Internet Security 2011. If selecting this option, update runs for ViRobot module for PC.

¾ VRSP2011: Module for ViRobot Server Protection 2011. If selecting this option, update runs for ViRobot module for server.

III. Proxy Settings

¾ User can run correct update in content-filtering proxy server as well as general proxy server. For general proxy server, just input values in IP address/Port fields respectively. For content-filtering proxy server, check in ‘Activation’ check box and enter user account/password. (Default: Disable)

[Fig. 11] VMS Server Proxy Settings

A. IP Address: Input IP address of proxy server.

B. Port: Input available access port via proxy server. (Default: 8080 Port)

C. Activation: Set this field for content-filtering proxy server. If checking in the check box, user account and password fields are activated.

¾ User Account: Input user account for available proxy server.

¾ Password: Input password for the user account.

③ Performance log

¾ User can set available simultaneous access number by service provided by VMS server and log information checked from VMS console.

VMS Server Updates run with either automatic updates or manual updates. Automatic updates are divided into update by access cycle of VMS server and update by scheduled task wizard. If scheduled task wizard is set, update runs when reaching VMS server access cycle after the starting time.

(16)

[Fig. 12] VMS Server Performance/Log

I. Performance

A. Simultaneous access numbers of server service can be set. The access numbers can be set between 1 and 999.

¾ Agent information: Agent data collection session (Default: 2000)

¾ Policy service: Agent policy session (Default: 2000)

¾ Update file service: Update session to provide files to secondary server or agent when updated. (Default: 2000)

¾ File collecting service: Collectible session from agent (Default: 2000) II. Send to console

A. Set logs that can be checked from VMS console. (Default: Enable all)

¾ Agent connection information: Agent information and property logs are transmitted to console.

¾ Virus infection information: Virus infection logs are transmitted to console.

¾ Update information: Update access logs are transmitted to console.

¾ Network infection information: Network infection logs are transmitted to console.

¾ File collection information: File collection logs are transmitted to console. ④ DataBase

¾ By specifying DBMS system which is connected with VMS server, VMS Database log management function is provided.

(17)

[Fig. 13] VMS Server DB Settings

I. DB server settings

A. Server type: Select MS SQL DB connected to VMS server. DB supported by VMS 4.0 can support MS SQL 2005 ~2008.

B. Server: Input accessible IP address for DBMS. C. Port: Input access port for DBMS.

D. Account: Input account registered in DBMS. E. Password: Input password for the access account.

F. Check: Confirm the access to DBMS specified by an authorized manager. When clicking [Check] button, DB backup, deletion, and log transmission will be done. II. DB Backup

A. It sets to automatically back up major data such as virus logs, property data in VMS database. Auto-backup cycle can be set daily, weekly, or monthly by specified time, day, and date. (Default: Monthly, 1st, 01:00 AM)

III. Delete DB

A. It sets to automatically delete old task logs before specified date from VMS database. It can be set between 1 and 999. Default setting is to delete old task logs before 31.

IV. Send to DB

A. Send logs to DB by checking/unchecking log types in the box below. (Default: Enable all)

¾ Property information: Transmit agent software and hardware data to DB.

¾ Virus infection information: Transmit received virus infection data to DB.

¾ Update information: Transmit update related logs to DB.

(18)

[Fig. 14] VMS Server Installation Guide Settings

I. Add: Installation guide server data can be input.

[Fig. 15] Addition of Installation Guide Server

A. Server address: Input VRIGIS server IP address. B. Server: Input VRIGIS server details.

II. Edit: Existing VRIGIS server data can be edited. III. Delete: Existing server data can be deleted. ⑥ Property Setting

¾ VMS Server property can be set. Default shows the data input at the time of VMS server installation. Server name, company name, and division name must be input. When clicking Apply button below, changed property is applied.

(19)

[Fig. 16] VMS Server Properties

I. Server name: Input VMS server name. II. Company name: Input company name. III. Division name: Input group information.

IV. User name: Input VMS server administrator name. V. Telephone number: Input contact number.

VI. Others: Input additional information.

2.1.3 VMS Server Updates

Latest engine and signature are downloaded from SUS (Signature Update Server) via server update menu.

When user can’t normally update or urgent update exists, administrator can manually update with this function.

(20)

2.2 ViRobot Management System Console

VMS Console provides various agent management functions as well as the role of counting and displaying virus status. When VMS server collects data, console can remotely perform various commands to agent using the collected data.

2.2.1 VMS Console Login

[Fig. 18] VMS Console Logon Screen

y If account login to VMS console fails activation five times, account is locked for security reason, and user must try login after five minutes.

If user input wrong password for manager account, error message displays. If user fails login five times consecutively, error message displays even if correct password is input on 6th attempt. User can try to log in again five minutes later.

(21)

2.2.2 VMS Console Monitoring

[Fig. 19] VMS Console Main Screen

① Action

¾ User starts or stops monitoring action. (Default: Start) ② Item

¾ User checks real-time monitoring information from main screen. Information for the monitoring items is as below.

- Server System Resources: Display VMS server hardware (CPU, Network, HD, Memory, etc.) use in real time.

- Real-Time Infection Status: Display total number of infection for files, spyware, and network virus.

- File Collecting from Quarantine: Display total number of suspicious files as malware or misdiagnosis by scanning collected files.

- Server Service: Display VMS server service status in order to monitor remotely. Available services for display are updates, data collection, logs, policies, schedules, files, management, and collect service.

- Agent Status: Display number of agent that simultaneously accesses to VMS server service.

- Server Information: Display server type, server address, number of management node, use of misdiagnosis detection, use of automatic collection, and use of proactive quarantine for business that are being monitored from VMS console.

- Data Base: Display address, type, Ldf size, Mdf size, backup date, and backup frequency setting data for the database that is being used in VMS.

- Module version: Display engine version for ViRobot products that are interworking with VMS server.

(22)

2.2.3 Management Menu

[Fig. 20] VMS Console Management Menu Screen

① Group information

¾ It is hierarchical node management window for VMS Server. Low servers or agents connected to related VMS server are hierarchically managed. If administrator select group for task and command, all nodes below the selected group perform the command.

② Management Menu

¾ All status information for management node can be checked from console. I. Node classification

y All: It shows a list of all currently active agents.

y Normal: It shows only normal agents after performing ‘Check network’.

y Failure: It shows only abnormal agents after performing ‘Check network’.

y Error: It shows only agents determined as fault due to long-term disconnection.

y Duplicated: It shows only agents connected with same IP. II. Node type

y Agent: It shows only agent nodes in node info window.

y Server: It shows only server nodes connected to VMS server in node info window.

y Group: It shows only group information connected to VMS server in node info window. III. Policy

y Distribution status: It shows application of policy distributed from VMS server. IV. ViRobot

y Remote scan result: It shows remote virus scan result in task info window. V. Virus Log

y All: It shows all detected malware logs.

(23)

y Spyware/Adware: It shows only spyware related logs.

y Network virus: It shows only memory scan related logs. VI. Security management

y Shared folder: It shows shared information that is set in agent system.

y Worm vulnerability: It shows worm vulnerability information that is existed in agent system. VII. Property management

y Hardware: It shows agent hardware information after running hardware data in data update.

y Software: It shows agent software information after running software data in data update. VIII. False positive

y Collected information: it shows information for root kit, dll injection, run reg, host file modification, and files with network traffic threshold collected from agent.

IX. Log

y Console command: It shows task information processed via console. X. Remote Command

¾ It can be used by clicking right mouse button from group information or node

information. If performing group remote command, it is equally applied to all low nodes in the group. If performing node remote command, it can perform task by node. A. Group remote command

¾ Group settings: It performs to add, edit, or delete group in group information.

¾ Add agent: User can manually add agent in selected group. To add agent, specify starting IP or IP band. Manually added agents become unknown node status ( ) until connection to VMS server is confirmed.

[Fig. 21] VMS Console - Add Agent

(24)

[Fig. 22] VMS Console - Add Server

¾ Check network: User can see network connection for the selected group. Network connection check is based on reply for echo request using ICMP protocol. In the event of connection failure, node status becomes unchecked network connection status ( ).

¾ Check agent: User can see connection with system agent of the selected group node. Agent check can be done by connecting agent service port. In the event of failure, node status is changed to Failure node status ( ).

¾ Restart agent: VMS agent service for selected group node restarts.

¾ Induce update: Engine and module updates for group node are performed.

¾ Induce apply policy: Assigned policies by group are guided for application. Applicable policies can be checked through assignment status, and the assigned policies may be cancelled in task information window. Please refer to policy assignment below for further information about policy assignment & cancellation.

¾ ViRobot: ViRobot is controlled via VMS console. Administrator can perform virus scan remotely, and the scan results can be checked in ViRobot-Remote scan results of management menu. In addition, real-time virus monitoring and real-time network security for agent system, control (start/stop) of Hauri self-defense service status can be performed.

¾ Update information: Hardware, software, worm vulnerability, and shared information can be checked through VMS console, security and property management can be checked by agents after running command.

¾ Change agent group setting: Agent group setting can be changed.

[Fig. 23] Change VMS Agent group setting

(25)

9 User defined group name: VMS console administrator can select agent group through VMS server registered group map.

[Fig. 24] Change VMS console administrator defined agent group name

9 Change Workgroup name to group name. Register agent group information as a Workgroup, the default value of VMS console.

→ Change user name to computer name: Change agent node name to user’s computer name. At this time, the group information that has agents is reset.

→ Server connection cycle: Change VMS server connection cycle that is set in agent. → Change server list

9 Add: Add VMS server that connects from agent to the server list.

[Fig. 25] Add VMS console agent server

(26)

[Fig. 26] Request for user information change

→ Notice: VMS console administrator can set a notice to show to agent.

→ User information: Request to change the user information that is registered in agent.

9 The user can change it directly: Agent user can change it by inputting the new name directly.

9 It changes the user name to the computer name: Set agent registered name as same as the computer name.

[Fig. 27] Request to change VMS agent user information name

(27)

9 It changes to Admin’s defined group name: VMS console administrator selects agent’s department by searching the registered group map in VMS server.

9 It changes the Workgroup name to the group name: Register agent group information as Workgroup, the default value of VMS console.

9 The user can change it directly.

9 The user selects the group and changes it: Agent system user can select a group from the registered group information in VMS server.

[Fig. 28] Change user defined agent group

9 Change telephone number: Change telephone number that is used for agent user settings.

9 Change mobile phone number: Change mobile number that is used for agent user settings.

9 Change user description: Change description that is used for agent user settings.

9 Change other contact: Change the registered contact information that is used for agent user settings.

¾ Assign policy: Set the policy of agent, window, deploy, ViRobot, subserver to assign. Display the list that is created by policy type on assigning policy. Once a policy assigned, it is marked separately, so administrator can assign or recall the policy.

(28)

[Fig. 29] Assign VMS agent policy

¾ Recall policy: Recall all assigned policies from groups. Administrator can check the recalled policies from the assign policy information window.

¾ Empty Recycle Bin: Delete node information that exists in group information’s recycle bin. Deleted node information cannot be restored.

¾ Restore all items: Restore all node information from the recycle bin. ③ Node Information

¾ Administrator can check the detailed node information from the console.

¾ Modify column information: Select a column to printout to node information.

[Fig. 30] Modify the column of node information

9 All<<: For printing out deselect column information to console, move all to the selected column information.

9 All>>: Move all to the unselected column information. For this, a column information must be registered, at least.

[Fig. 31] Error when there is no selected column information

9 >>: Move some parts to the selected column information

9 <<: Move some parts to the unselected column information.

9 Default: Reset the value to default.

9 : Move columns by ascending order.

(29)

[Fig. 32] Display the selected column information only

9 Column information that can search VMS4.0 console

Column name Description

Node name Agent node name

Division name Assigned division name

Local address Agent IP

Recently connected time Recently connected time to VMS server

User name User name that is provided on interlocking with HR DB

Version Agent product version

Server address Connected VMS server IP address

OS name Agent OS name

OS version Agent OS version

Computer name Agent system computer name

ViRobot version ViRobot product version

ViRobot installation info Agent system ViRobot installation information

ViRobot engine ViRobot engine version

Realtime monitoring Agent ViRobot Realtime monitoring status Realtime network protection Agent ViRobot network protection status Self-defense(Process) Agent ViRobot process protection status Self-defense(File) Agent ViRobot file protection status Self-defense(Registry) Agent ViRobot registry protection status Self-defense(DLL Injection) Agent ViRobot DLL Injection status

OS type Agent system’s platform information

Explanation Agent’s additional information

OS edition Agent OS edition information

ID number ID number on interlocking HR DB

Others Other phone number information on interlocking HR DB

Entire division name Entire division name from VMS server registered agents

IP integer type Display IP as integer type

OS language Agent OS language information

Mobile phone Agent registered mobile phone number

Node ID Agent MAC address

Node type Agent type information

Organization ID VMS server registered group ID

OS service pack Agent OS’s service pack information

OS shell name Agent OS’s Shell information

Status VMS server registered agent connection status information

Telephone number Agent registered phone number

Agent group name Agent registered group name

ViRobotReserverd8 Other reserved column(enable by user definition) A. Node remote command

(30)

[Fig. 33] VMS console node remote command menu

¾ Register search: Register search keyword to agent management environment, and search the node information by preset option. User can input the search keyword by using logical operator(and, or) and comparison operator(=, Like, >, <, >=, <=). After completing keyword registration, register search from node information changes to search mode.

[Fig. 34] VMS console keyword register

¾ Check network: Check network connection for the selected group. It works by Echo request reply via ICMP protocol, and if the connection is failed, node status changes to network connection unchecked status ( ).

¾ Check agent: Check the selected group node’s agent connection. It works by connecting to agent service port, and if it fails, node classification changes to failed node status ( ).

¾ Restart agent: Restart the selected group node’s VMS agent Service.

¾ Induce update: Induce engine and module update for group node.

¾ Induce Apply policy: Induce to apply the assigned policy per group. The applied policy can be checked thru policy assign window and the assigned policy can be recalled, too. For more information, refer to policy assignment section.

¾ ViRobot: Control ViRobot by VMS console. Administrator can analyze the virus remotely, and the result is displayed in ViRobot-Remote analysis result from the

(31)

management menu. Also, it makes to control the agent system’s Realtime virus analysis, Realtime network protection, HAURI self-defense service

¾Update information: Hardware & Software information, Network vulnerability information, Security patch information, Worm vulnerability information, Shared information can be checked by agent.

¾ Remote Command: User can run remote command as below in real time via VMS agent.

→ Send message: Message to agent is transmitted. Message can be checked from agent system.

[Fig. 35] VMS Console – Send message

[Fig. 36] VMS Agent Received Message

→ Send files and execute: Files are transmitted to agent system and executed. Administrator can add files to file list and safely transmit files by specifying location.

(32)

[Fig. 373] VMS Agent File transfer and Run

→ Execute program: Administrator can run program by specifying application program paths and executable files of agent system.

[Fig. 38] VMS Agent Run agent application

→ End Windows: Windows Shutdown, power off, and rebooting in agent system can be performed.

[Fig. 39] VMS Agent End Windows

(33)

process can be terminated.

[Fig. 404] VMS Agent Harmful process block

[Fig. 41] VMS Agent Setup/Add the harmful process files

(34)

[Fig. 42] VMS Agent group setting Change

[Fig. 43] VMS Agent - Request for User Information Change

¾ Policy Assignment: Agent, Windows, distribution, ViRobot, and secondary server policy are set for assignment by selecting them. It shows a list by policy type created when assigning policy. As assigned policies are separately indicated, administrator can assign or cancel policies after checking assigned policies.

(35)

[Fig. 44] VMS Agent Policy Assignment

¾ Policy Cancellation: All policies assigned to group are cancelled. Cancelled policy can be checked through assignment status.

¾ Empty Recycle Bin: Node data existed in recycle bin of group information is removed. Removed node data is not restored.

¾ Restore Recycle Bin: Node data existed in recycle bin is restored. B. Node Remote Command

[Fig. 45] VMS Console Node Remote Command Menu

¾ Keyword Registration: In the environment that multiple agents are managed, it searches node information for specified conditions by keyword registration. Keyword registration can be done selecting keyword registration and condition by clicking button. Keywords can be input for by selecting node data column and by using logical operators (and, or) and comparison operator (=, Like, >, <, >=, <=). When keyword registration is completed, search registration for node information is changed to search mode.

(36)

[Fig. 46] VMS Console Keyword Registration

¾ Network Check: User can see network connection for the selected group. Network connection check is based on reply for echo request using ICMP protocol. In the event of connection failure, node status becomes unchecked network connection status ( ).

¾ Agent Check: User can see connection with system agent of the selected group node. Agent check can be done by connecting agent service port. In the event of failure, node status is changed to Failure node status ( ).

¾ Agent Restart: VMS agent service for selected group node restarts.

¾ Update Guide: Engine and module updates for group node are performed.

¾ Policy Application Guide: Assigned policies by group are guided for application. Applicable policies can be checked through assignment status, and the assigned policies may be cancelled in task information window. Please refer to policy assignment below for further information about policy assignment & cancellation.

¾ ViRobot: ViRobot is controlled via VMS console. Administrator can perform virus scan remotely, and the scan results can be checked in ViRobot-Remote scan results of management menu. In addition, time virus monitoring and real-time network security for agent system, control (start/stop) of Hauri self-defense service status can be performed.

¾ Information Updates: Hardware, software, network vulnerability, security patch, worm vulnerability, and shared information can be checked by agents for node in real time.

¾ Remote Commands: User can run remote command as below in Realtime via VMS agent.

→ Send message: Message to agent is transmitted. Message can be checked from agent system.

(37)

[Fig. 47] VMS Console Message Transmission

→ Send files and execute: Files are transmitted to agent system and executed. Administrator can add files to file list and safely transmit files by specifying location.

[Fig. 48] VMS Agent File transfer and execution

→ Execute program: Administrator can run program by specifying application program paths and executable files of agent system.

(38)

[Fig. 49] VMS Agent application execution

→ End Windows: Windows shutdown, power off, and reboot in agent system can be performed.

[Fig. 50] VMS Agent Windows end

→ Block malicious process: By specifying harmful process in agent, specific process can be terminated.

(39)

[Fig.52] VMS Agent harmful process files setting

→ Remote Registry: It runs registry editor in agent system. Edit function for remote registry can be run only when agent system user accept it.

→ Remote Explorer: It runs explorer which is Windows file management tool. Remote explorer can be run only when agent system user accept it.

→ Remote Process Manager: It runs Windows process management tool. Remote process manager can be run only when agent system user accept it. → Remote Control: It runs remote desktop tool in Windows system. Remote

desktop tool can be run only when agent system user accept it.

¾ Agent Settings: Modify group setting, user information, settings change request, and user information change request.

→ Group setting: Agent division information and VMS server connection settings can be changed.

(40)

9 It changes the Workgroup name to the dept. name: Register agent group information to Workgroup, the default value.

→ It changes the user name to the computer name: Change agent node name to user computer name. At this time, agent dept. name is reset.

→ Server connection interval: Change VMS server connection interval. → Change server list

9 Add: Add list of VMS server from agent.

[Fig. 46] Add VMS console agent server

9 Delete: Delete VMS server address from server list.

→ User Information Setting: User information for VMS agent is changed.

[Fig. 475] VMS Agent User Information Settings

9 Name: Change agent user name.

9 Group name: Change agent group information.

9 Telephone: Change agent registered phone number.

9 Mobile phone: Change registered mobile number.

9 Management number: Change registered management number.

9 Description: Change agent registered description.

(41)

[Fig. 48] Request VMS agent environment settings

→ Request to modify user information: Request to change the agent user information.

(42)

¾ Send to Recycle Bin: Selected agent is removed from the node information window. Removed node data can be restored from recycle bin in group information window.

C. Server Remote Command

¾ Check network: Network connection status can be checked through Ping in VMS server node.

¾ Check server: Service port for VMS server node can be checked.

¾ Synchronize Server: VMS primary server policy, VMS, ViRobot module, engine and signature are synchronized, or VMS console subserver policy is assigned and applied.

(43)

2.2.4 Policy Management

[Fig. 49] VMS Console Setting Menu Screen

① VMS Policy Information

• It shows a list of policies for agent, Windows, distribution, ViRobot, and subserver. ② Policy Settings

• By selecting New Policy, user can add policies.

• If policy is added and saved by inputting items in Add Policy window below, policy list is updated in VMS policy information window.

[Fig. 50] Policy Addition Settings

(44)

[Fig. 6] Policy Information

IV. Policy Name

¾ It shows created policies. V. Policy Name

¾ It shows a selected policy as parent policy. VI. Administrator ID

¾ It shows account name that creates policy. VII. Policy Version

¾ It shows version information for created policies. ③ Distribution Status

• It shows distribution status for VMS agent by policies.

• It displays distribution status for each policy with graphs, and shows distribution results by policies.

2.2.4.1 Agent Policy Settings Interface

[Fig. 52] VMS Agent Policy

General

(45)

[Fig. 53] VMS Agent Policy General Menu

I. Connection interval

¾ Set the interval to connect from agent to server.

¾ Unit is second. If connection interval is short, access to sever is increased, thus it may overload server equipments. It is recommended to use default value assigned when installed. (14,400 seconds = 4 hours)

II. Server Settings

¾ Add/Delete server address that agent connects. (Default: Disable)

¾ By setting ‘Delete the server address in agent’ option, existing server address can be deleted. Server address is input value basically when installed, and user can’t change. If user doesn’t know server address, please contact administrator.

[Fig. 54] VMS Agent Policy General Server Addition

III. Agent Settings

¾ Set socket communication time value between VMS server and agent by seconds. (Default: 3 seconds)

¾ Send the critical file to the server: Set option to send critical file to VMS server when it is found in agent installed system.

(46)

[Fig. 55] VMS Agent Restriction Policy Menu

I. Ability to change of settings for VMS agent

¾ Ability to change: Following options can be selected.

- Enable to change all (Default)

- Unable to change all

- Unable to change user settings tab

- Unable to change name/division

- Unable to change general tab II. Password settings to uninstall agent

¾ If user removes agents from system without discretion, the system can’t be protected from virus infection. Therefore password is assigned for agent removal. (Default: Disable)

III. Password settings to stop agent service

¾ Set password to prevent user from stopping agent service manually. Password function for agent service suspension supports Windows XP, NT, 2000, and 2003. (Default: Disable)

IV. Alert settings

¾ Set user notification. A. Display update window

¾ If VMS agent downloads engine and signature files, or if policy is automatically updated from VMS server, user sets ‘Show update window’ option. (Default: Disable)

B. Display notice message

¾ Set not to appear agent message window to user. (Default: Enable) Error check

(47)

[Fig. 56] VMS Agent error check menu

I. VRDT (Interlocking product) agent error report

¾ Report update errors by setting specified period of time. (Default: 14 days) II. Agent’s HDD size

¾ If the size is below the relevant setting value on the basis of HDD availability in agent system, it reports as fault. (Default: 60 MB)

Worm Vulnerability Collection.

(48)

[Fig. 587] VMS Agent Policy - Vulnerable Password Information Additional Settings

II. Operating option on detecting of vulnerable account: When detecting vulnerable account during collection of worm vulnerability data, it performs actions as below.

¾ Do nothing: When detecting vulnerable account, it maintains existing settings.

¾ With notification to user: If detecting vulnerable account, it sends message and guides to change the password for the account. (Default: Enable)

¾ Option for shared folder’s privilege change: If password for vulnerable account is not changed, it cancels the permissions for all shared folders. (Default: No change)

¾ Without notification to user: If detecting vulnerable account, it does not send message to user cancels the permissions for all shared folders.

Schedule

[Fig. 59] VMS Agent - Schedule Menu

I. Task Type: Agent updates and worm vulnerability check can be selected. II. Operation cycle: Select the cycle to act as below according to task types.

¾ Perform on agent starting

¾ Perform once on connecting cycle (Do not perform on next cycle)

¾ Do nothing

III. Operation limit time settings: Set the time for running tasks by specifying restriction time.

¾ Do not change the existing setting: Apply existing time-out setting.

¾ Release limit: Cancel existing time-out setting.

(49)

2.2.4.2 Windows Policy Settings Interface

[Fig. 60] VMS Windows Policy

① General

(50)

¾ Control screen saver settings in agent OS. I. Control administrator

¾ Screen saver settings: Set screen saver at the time agent OS is not being used.

¾ Password settings: Set password on resume from screen saver. II. Maintain user settings: Maintain the value set by user. (Default setting) Control Autorun.inf

¾ Control Autorun.inf that runs when inserting removable devices. Reboot is needed after applying policy.

I. Do not change existing settings: Leave existing auto-run settings. (Default setting) II. Activate all drives auto-execution: Enable auto-run setting for all drives for user

convenience such as program installation or device execution.

III. Deactivate all drives auto-execution(Recommended): Disable auto-run setting for all drives to prevent the drives from virus spreading by removable device.

Activate system recovery

¾ It controls ‘System Restore’ that restores system to previous backup point. I. Do not change: Leave currently set system restore function. (Default setting) II. Activate system recovery: Set the system to restorable status.

III. Deactivate system recovery: Set the system to do not recovery. ② Windows Updates

[Fig. 62] VMS Windows Policy Update Menu

Windows Update

¾ If Agent OS is Windows XP or higher, user enable or disable automatic updates function from Windows-Control Panel-Automatic Updates.

I. Do not change

II. Automatic: User can choose day and time for update. III. Download updates, but install on user defined time.

IV. Select to be notified new updates, but do not download or install them. V. Do not use automatic update.

(51)

2.2.4.3 Distribution Policy

• User can distribute files by grouping through distribution policy.

• When clicking ‘Add’, distribution package setting starts.

[Fig. 63] VMS Distribution Policy

General

(52)

[Fig. 64] VMS Distribution Policy General Menu

I. Package Information: User can include existing distribution package or create new package.

¾ Package name: Input package name to create.

¾ Package details: Input additional description for distribution package.

II. Distribution Type: User can set distribution type by selecting general files or installation software.

¾ Normal file: Specify distribution paths transmitted on distribution of file package.

¾ Installed software: Select the name displayed from program add/remove when distributing installation software.

(53)

[Fig. 65] VMS Distribution Policy Installation Software Name Selection

III. Distributing File List: By selecting file or installation software, register it in distributing file list or remove it

¾ Add: Files are added through ‘Import file’ window. File addition is restricted to maximum 30 MB.

¾ Delete: Files registered in distribution file list are removed.

IV. Execution option after Distribution: Set this option for running distributed files.

¾ Executable files: Specify executable files for running distribution files.

¾ Executing options: Specify executable file options and execute the files.

¾ Hide window on executing: Hide action set in execution options. Distributing Time

(54)

[Fig. 66] VMS Distribution Policy Distribution Time Menu

I. Distributing period settings

¾ No limits: Distribute regardless of period. (Default setting)

¾ Distribute only when the assigned period: Specify start date and end date. II. Distributing time settings

¾ No limit: Distribute regardless of time. (Default setting)

¾ Distribute only in the assigned time: Specify start time and end time. III. Distribution cycle settings

¾ Every day: Distribute every day. (Default setting)

¾ Once: Distribute only once regardless of period, time, and frequency.

¾ Once per a week: Distribute once per a week on the basis of specified day. Distributing target’s limits

(55)

[Fig. 67] VMS Distribution Policy Distribution Restriction Menu

I. Distributing target OS: User can limit target OS for distribution by specifying the targets.

¾ Windows 2000 Professional (Default setting)

¾ Windows Server 2000

¾ Windows XP (Default setting)

¾ Windows Server 2003

¾ Windows Vista (Default setting)

¾ Windows Server 2008

¾ Windows 7 (Default setting)

II. Target IP range for distribution: Limit distribution targets by specifying IP address.

¾ No limit: Apply distribution policy to all systems set in target OS for distribution. (Default setting)

¾ IP range’s limits: Distribute only if IP address is in the range of start IP address and end IP address.

(56)

[Fig. 68] VMS Distribution Policy - Add IP Range for Distribution Restriction

Result of Package Saving

¾ It shows result for created package. When clicking ‘OK’ for package saved results, package creation is processed and message for package saved results is displayed. Execution program type of package files is converted to Hauri’s unique compressed file type, and the files are safely saved in C:\Documents and Settings\All Users\Application Data\Hauri\VMS\Server\Pcy\FilePackage folder, then they are distributed.

(57)

[Fig. 70] VMS Distribution Policy Package Saved Results

2.2.4.4 ViRobot Policy – Scan Settings – General Setting Interface

• User can set scan setting, disinfection setting, advanced setting, and scan startup setting for malware detection by custom scan and scan with right mouse button in ViRobot Internet Security.

(58)

[Fig.71] ViRobot Policy Scan Settings - General Menu

Scan

I. All files: Scan all files on general scan. (Default setting for scan on creation of new policy)

II. Major files scanned by extension: Scan user-defined extensions defined in detailed settings on custom scan.

A. Detailed Settings

¾ User can set extensions for scanning major files by dividing to executable file extension, document file extension, and user-defined extension. If choosing default setting, executable file and document file are added and user-defined extension can be added by typing extensions in extension input field. The extension items for this setting are as below.

→ Executable files: EXE, BAT, COM

→ Document files: DOC, PDF, TXT, HTM, HWP, HTML, BAK, MBD, PPT, XLK, PPTM, XLS, XLSX

(59)

[Fig. 72] ViRobot Policy - Set main infection file details

III. Use scan size limit: File size for scan can be limited by setting. The size can be set within 1GB or 100MB. If size limit is not needed, cancel the option. (Default: 1GB). IV. Scan speed setting: Scan speed on general scan can be controlled. Speed control

levels are divided to maximum, medium (recommended), and minimum. Set appropriate scan speed according to system performance.

Add settings

I. Use compressed file scan: Files inside compressed file can be scanned. (Default setting)

A. Detailed settings: Compression level, size limit for scanning compressed files, and scan type for compressed files can be specified in advanced settings

(60)

[Fig. 73] ViRobot Policy - Set Scan Skip List

[Fig. 74] ViRobot Policy - Add Scan Skip List

(61)

[Fig. 76] ViRobot Policy - Added Scan Skip File

[Fig. 77] ViRobot Policy - Added Scan Skip Extension

III. Start scan setting (Default: check all)

A. Running memory scan: Run scan for currently loaded memory on general scan. Memory scan is processed first on general scan.

(62)

interaction. Automatically disinfected files are saved in backup storage. (Default setting on creation of new policy)

¾ Auto-delete: If detecting malware, it automatically deletes the malware without user interaction. Automatically deleted files are moved to backup storage.

II. Repair failed/Irreparable

¾ Keep intact: It shows only scan information for infected files with malware.

¾ Auto-delete: If detecting malware, it automatically delete the malware without user interaction. Automatically deleted files are moved to quarantine storage. (Default setting on creation of new policy)

(63)

2.2.4.5 ViRobot Policy – Scan Settings – Quick Scan Interface

• Applicable policy for quick scan in ViRobot Internet Security is set.

[Fig. 78] ViRobot Policy Scan Settings - Quick Scan Menu

Scan Settings

I. Malicious program scan: It performs scan for potentially unwanted programs first. (Default setting)

II. Virus scan for my document folder: If relevant box is checked, ‘My Documents’ folder path is automatically input in the field of target folders for quick scan below. (Default setting)

III. Virus scan for Windows folder: If relevant box is checked, ‘Windows’ folder path is automatically input in the field of target folders for quick scan below. (Default setting) IV. Quick scan target folder: It performs scan by adding user-defined paths on quick scan.

In additional settings window, Windows folder, System folder, My Documents folder, and C Drive folder have been defined and can be selected. User can input user-defined path manually

[Fig. 798] ViRobot Policy Scan Settings - Add Quick Scan Path

V. Delete: Select and remove existing folders for quick scan.

(64)

[Fig. 80] ViRobot Policy Scan Settings - Real-Time Monitoring Menu

Auto-run upon Windows start-up

¾ Real-time monitoring auto-run at Windows startup: It automatically runs real-time monitoring when Windows boots. (Default setting)

Use real-time monitoring

¾ It enables user to configure scan settings and disinfection settings at the time when scanning malware on real-time scan. (Default setting)

General Settings

I. All files: It monitors malware by monitoring I/O for all files in user PC. (Default) II. Main infected files (Based on extension): It monitors malware by monitoring I/O for

executable files in user PC. Detailed Settings

¾ User-defined extension: User can add or delete extensions of files for real-time monitoring.

※ Supported executable files for scan → Executable files: EXE, BAT, COM

→ Document files: DOC, PDF, TXT, HTM, HWP, HTML, BAK, MBD, PPT, XLK, PPTM, XLS, XLSX

(65)

[Fig. 81] ViRobot Policy - Main infected files

III. Run as hidden mode: According to disinfection setting for real-time monitoring, when detecting malware, it runs in background mode without security warning window or alarm to user. (Default)

Add Settings

I. Use scan skiip list: Apply scan exclusion items in real-time monitoring. (Default) A. Detailed setting: Scan exclusion items can be set according to detailed settings by

specifying folders, files, and extensions for exclusion. (No default setting)

(66)

[Fig. 84] ViRobot Policy - Added Real-Time Scan Skip Extension

I. Detect/scan USB drive: It blocks removable media such as USB interface from being used in system. (Default: Enable)

II. Use heuristic scan: Enable the heuristic engine to detect the various viruses. Repair Settings

I. Reparable

¾ Keep intact: It shows only scan information for infected files with malware.

¾ Auto-repair: If detecting malware, it automatically disinfects the malware without user interaction. Automatically disinfected files are saved in backup storage. (Default setting on creation of new policy)

¾ Auto-delete: If detecting malware, it automatically deletes the malware without user interaction. Automatically deleted files are moved to backup storage.

II. Repair failed/irreparable

¾ Keep intact: It shows only scan information for infected files with malware.

¾ Auto-delete: If detecting malware, it automatically delete the malware without user interaction. Automatically deleted files are moved to quarantine storage. (Default setting on creation of new policy)

(67)

[Fig. 85] ViRobot Policy - Malicious Process Menu

General Settings

I. Use Spyware/Adware Scan: Followings can be optionally selected. (Default setting)

¾ Spyware: It scans software that covertly gathers private information got on to user PC. (Default setting)

¾ Adware: It scans software that automatically displays advertisements after installing specific software or when running the software. (Default setting)

¾ Key logger: It scans software that tracks and logs the keys struck on a keyboard with malicious intention. (Default setting)

¾ Joke: It scans fake computer virus or program that arouses emotional anxiety and agitation without malicious intention. (Default setting)

¾ Remote control programs: It scans program that activates specific port or performs remote command by gaining permission of user system such as Trojans, IRQ, and Remote Control. (Default setting)

¾ Others (Malicious): It scans other predefined potentially unwanted programs. (Default setting)

II. Greyware: It scans greyware that is installed without user consent or knowledge. (Default setting)

(68)

[Fig. 86] ViRobot Policy - Add Customized Folder_1

[Fig. 879] ViRobot Policy - Add Customized Folder_2

¾ Delete: It deletes malicious program scan path that is registered in user-defined folder list.

Repair Settings

I. When malicious programs are found.

¾ Keep intact: It enables user to check detected program directly in the scan window.

¾ Auto-repair: If detecting unwanted program, it automatically disinfects the malware without user interaction. (Default setting)

¾ If internet start page change is required on repairing infection files: If internet start page is modified due to infection of potentially unwanted program, this setting prevents secondary infection through internet website. (No default setting)

(69)

[Fig. 88] ViRobot Policy - Scheduled Scan Setting Menu

Scheduled Scan List

¾ It enables VRIS to scan malware by the schedule specified in scheduled scan settings. (No default setting)

I. Add: When clicking ‘Add’, user can specify scheduled scan.

¾ Scheduled scan name: Scheduled scan name is specified.

¾ Elapsed time

¾ User can select the options with Daily, Weekly, Monthly, Only once, or Run the scan when screensaver is activated. (Default: Daily)

- If selecting Daily, ‘Time’ and ‘Items to scan’ are activated.

- If selecting Weekly, ‘Day’, ‘Time’, and ‘Items to scan’ are activated.

- If selecting Monthly, ‘Date’ ‘Time’, and ‘Items to scan’ are activated.

- If selecting Only once, ‘Date’ ‘Time’, and ‘Items to scan’ are activated.

- If selecting screensaver, ‘Items to scan’ is activated.

(70)

[Fig. 8910] ViRobot Policy - Add Scheduled Scan

I. Modify: Existing scheduled scan items can be edited. II. Delete: Existing scheduled scan items can be deleted

2.2.4.9 ViRobot Policy – Network Security – Internet Protection

Compressed file scan property for messenger protection is based on ViRobot policy-Scan settings-Generals-Scan setting for compressed file-Detailed settings. For compressed file scan size limit, multiple compress scan level, and compressed file type, see General scan-Advanced-Compressed file settings.

(71)

[Fig. 90] Virobot Policy Network Security - Internet Security Menu

① Block Phishing sites Use Anti-Phishing for sites

¾ It blocks phishing websites for access to safe websites. If user try to access to a phishing site URL that has been collected, it blocks the internet access, then displays blocking page. (Default: Enable)

Use Anti-Phishing Exception List

¾ Add: When user access to a website, it excludes to scan the website for phishing. It is input by URL in numerical order when registering it in permission list.

(72)

[Fig. 91] ViRobot Policy Network Security - Add Exception Site for Anti-Phishing

② Block websites

Use user-defined website blockage

¾ Add: It prevent VRIS user from accessing to the websites registered in policy. Except for restriction on access to the URLs defined as phishing websites, access to website may be restricted by administrator policy.

[Fig. 92] ViRobot Policy Network Security - User Defined Blocked Site

¾ Delete: Registered user-defined websites are deleted from the list. 2.2.4.10 ViRobot Policy – Network Security – Firewall

[Fig. 93] ViRobot Policy Network Security - Firewall Menu

(73)

Use network protection

¾ VRIS network intrusion prevention function is enabled. Use personal firewall

¾ VRIS personal firewall function is enabled.

I. Add: Add IP address, port number, and network access rule for process specified according to the firewall rule.

¾ General settings: Specify firewall rule name, protocol type, and network control. Specify direction for network packet for TCP/UDP protocol and rule.

[Fig. 94] ViRobot Policy Network Security - Firewall Rule General Settings

¾ Source IP: Specify source IP address for the rule. User can specify the options; All IP addresses and specific IP address.

(74)

¾ Source Port: Specify source port number for the rule. User can specify the options; All ports and specific port.

[Fig. 96] ViRobot Policy Network Security - Firewall Rule Source Port Settings

¾ Destination IP: Specify destination IP address for the rule. User can specify the options; All IP addresses and specific IP address.

[Fig. 97] ViRobot Policy Network Security - Firewall Rule Destination IP address Settings

(75)

[Fig. 98] ViRobot Policy Data Protection - Permanent Deletion of Files Menu

① File wipe

File wipe security level settings

¾ By specifying security level for permanent deletion in data protection, it makes user unable to recover the deleted files when deleting files permanently in VRIS.

Algorithm for permanent deletion of file

¾ Generally, it is unable to recover software in level 1 ~ 2, and it is unable to recover both software and hardware in level 3 ~ 6. Algorithm for permanent deletion of file by each security level is as below.

Security Level

Times Delete method

Level 6 35 Overwritten 35 times by Guttmann wipe algorithm.

Level 5 13 Overwritten 13 times by DoD5220-22-M Recommendations. Level 4 7 Overwritten 7 times by DoD5220-22-M Recommendations. Level 3 3 Overwritten 3 times with random number, 0, and 1 by NIS Guides. Level 2 1 Overwritten once with random number.

Level 1 1 Overwritten once with 0.

(76)

[Fig. 99] ViRobot Policy System Optimization - System Cleanup Menu

① System Cleanup Reservation I. Internet use history

¾ It enables user to search following data left in system for internet browsing. → Internet Cookies: It searches internet cookies stored by user’s web browser. → File auto-completion: It searches list by predictive input setting.

→ IE History: It searches access history in internet explorer. → URL history: It searches web page list opened by user.

→ Internet temp file: It searches temporary internet files that are saved to open internet home page quickly.

II. Records Management using Windows

¾ It enables user to search following files after using Windows.

→ Search computers and files: It searches the computers and files. → Records management using program: It searches the using programs. → Remote Desktop: It searches connection list for remote desktop. → Windows temp files: It searches temporary files left in user profile. → Recycle Bin: It searches items existed in recycle bin.

→ Unnecessary registry files: It removes registry area in the table below. III. Record Management using program

¾ It enables user to search following files left after using Windows applications. → WordPad: It searches used files of WordPad (Windows basic text editor).

(77)

→ Windows Media Player: It searches playable files of Windows Media Player. → Paint: It searches used files of Paint (Windows paint editor tool).

→ My Recent Documents: It searches recent opened files.

(78)

2.2.4.13 ViRobot Policy – Other Settings

[Fig. 100] ViRobot Policy Other Settings Menu

① Self-defense Settings

I. Hauri products protection settings (Recommended): It enables VRIS Self-defense function such as protection for file, process, and registry to run. (Default: Enable)

¾ File protection: It protects files in installation path of Hauri products. (Default: Enable)

¾ Registry protection: It protects registry data used in Hauri products. (Default: Enable)

¾ Process protection: It protects execution process of Hauri products from being terminated. (Default: Enable)

② Easy Robot Settings

II. Easy Robot List Settings

¾ When running EasyRobot from VRIS Security Center, following actions are performed according to checked options.

→ Quick scan: EasyRobot quick scan runs according to [Chapter 2.2.4.5 ViRobot Policy-Scan Settings-Quick Scan Interface] Policy Setting.

→ System optimization: EasyRobot system optimization runs according to [2.2.4.12 ViRobot Policy-System Optimization-System Cleanup] Policy Setting.

③ PC Usage Control

I. PC usage control: It starts/stops VRIS PC usage control service. (Default: Enable) II. PC usage blocking: PC usage is blocked according to specified schedule. (Default:

Enable)

(79)

(Default: Enable)

IV. Administrator password setting: Set password to unblock PC usage. (Default: Enable) V. Default: Enable all options for PC usage control on policy screen.

④ Quarantine Settings

I. Backup before disinfection (except for compressed files): Set VRIS to backup disinfected/deleted files to quarantine after malware scan. (Default: Enable) II. Quarantine after deleting old quarantine data: If backup item number limit exceeds,

backup files in quarantine are removed. (Default: Enable)

III. Backup/quarantine item number limit: Set capacity of quarantine. Default is 1,000 items, and it stores up to 10,000 items.

IV. Default: Quarantine settings are changed to default. ⑤ Log Settings

I. Save malware log: Set it to record log on malware detection. (Default: Enable) II. Save task log: Set it to record VRIS task log. (Default: Enable)

III. Save network log: Set it to record network security log. (Default: Enable) IV. Save error log: Set it to record VRIS module error log. (Default: Enable)

V. Delete log by frequency: Set it to delete saved logs by frequency options with ‘Do not delete’, ‘1 day’, or ‘15 days’. (Default: Do not delete)

VI. Delete log by file size: Set it to delete saved logs by file size options with 4MB, 10MB, 50MB, or 100MB.

⑥ Advanced Settings

I. Settings protection: Set password to prevent settings from being changed. (Default: Disable)

II. Engine performance: Set engine mode (dual or single) for VRIS malware scan. For dual engine, set it to enhance malware detecting performance on in combination with Bitdefender scanning engine and ViRobot engine. (Default: Dual engine)

III. Default: Settings protection is changed to default. ⑦ Other Settings

I. Hide all notification function in full screen mode: If graphic mode of application program is in full screen mode, set it not to create notify message from VRIS. (Default: Enable) IV. Support scan with right mouse button: It adds VRIS scan menu to Windows explorer

menu that appears when clicking right mouse button on files and folders. (Default: Enable)

(80)

[Fig. 101] Sub Server Policy Menu

① Sub Server Options

(81)

[Fig. 10212] Sub server Option Settings

I. Policy

¾ It is synchronized with VMS policy of primary server. (Default: Enable) II. File Transfer

¾ It is automatically synchronized when high level server is updated. (Default: Enable) → Suspicious files as virus

② Alert

Hard disk space is not enough (1GB): Set sub server to send notification mail if free HDD space of sub server system is 1GB. (Default: Enable)

When virus outbreaks more than designated counts in time limit: Set sub server to send notification mail by specifying time limit and count of virus infection. (Default: Notify when virus infection counts 1,000 cases in 30 minutes)

Daily virus infection status: Set sub server to send notification mail for daily virus infection status. (Default: Enable)

Settings

¾ Email address: Set mail address to receive notification mail from sub server.

¾ Send mail(SMTP): Set SMTP mail server address.

¾ Account name: Set mail server account.

(82)

2.2.4.15 Sub Server Policy – Update

[Fig. 103] Sub Server Update Menu

① Update Interval

Interval: Connection frequency from sub server to primary server with second Schedule update setting: Update schedule for sub server

Figure

Updating...

References

Updating...

Related subjects :