• No results found

AV Management Dashboard

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "AV Management Dashboard"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

AV Management Dashboard

AV MANAGEMENT DASHBOARD ... 1 Overview ... 1 Requirements ... 1 Dashboard Overview ... 2 Clients/Groups ... 2 Offline AV Agents ... 3 Threats ... 3 AV Product ... 4

Sync Agent Data Now ... 4

Last Sync Time ... 4

Configuration Status... 4

Settings ... 5

Column Descriptions ... 5

AV Manager Installation ... 7

Enabling Communication with the (ERAS) ESET Server ... 7

Using the AV Management Dashboard ... 12

Acknowledging Threats ... 13

Performing Scans ... 13

Performing AV Updates ... 14

Editing ESET Configuration Settings ... 14

Troubleshooting ... 16

Document Revision History ... 16

Overview

The AV Management Dashboard gives you real-time antivirus stats at a glance, making it easier for you to assess vulnerabilities and threats. This version of the dashboard provides integration with ESET and Symantec™ Endpoint Protection; however, you can still use the AV Management Dashboard for scanning and updating of definitions for all other products listed in the antivirus definitions (Dashboard > Config > Configurations > Virus Scan).

The integration with ESET gives you the ability to edit scanning profiles, turn off real-time file protection temporarily, turn real-real-time back on if it was turned off by the user, set notifications and turn it on or off. Whereas, the integration with Symantec gives infection detection as well as the ability to create scan jobs and update definitions. Requirements

For Symantec™ Endpoint Protection and ESET, a separate server is required.

 For Symantec™ Endpoint Protection, you must have the Symantec Endpoint Protection Manager installed and configured. For installation/configuration instructions, please refer to the Symantec™ Endpoint Protection

documentation.

 For ESET, the virus server console needs to be installed before deploying in LabTech. Refer to the ESET File Server Installation or ERAS Installation documentation for instructions. Once the ERAS server has been installed and configured, follow the instructions in the ESET Installation

(2)

Dashboard Overview

To access the AV Management Dashboard, select AV Manager from the main tool bar of the Control Center.

NOTE: If you do not see the AV Manager button on the main toolbar, the plugin has not been enabled. Select Help > Plugin Manager and select ‘AV Management Dashboard’. As you close the window, you may be prompted to reload plugins and to update remote plugins on the agent. Click Yes for both messages.

Figure 1: AV Management Dashboard

Initially, you will see a list of all computers and the AV Engine that is currently running on that computer, as well as a message box displaying the current status of the plugin. Select the Only Show When Errors Occur checkbox to disable this message from displaying every time. Click OK to close.

NOTE: ESET is not enabled by default. Refer to the Enabling Communication with the (ERAS) ESET Server section for additional information.

The AV Management Dashboard is split into several sections, each with a specific function and purpose. Each section is explained in the following sections of this document.

Clients/Groups

(3)

Figure 2: Clients/Groups

NOTE: The navigation tree will only show clients, locations and groups that you have permission to access.

Offline AV Agents

The Offline AV Agents option works as a toggle switch to display antivirus agents that are connected and not connected. Default display shows all agents based on your client/location/group selection. Clicking the Offline AV Agents option will display all antivirus agents for the selected client/location/group that have ESET installed, but are not connected. This display option will be indicated by a checkmark

. The Offline AV Agents filter is only functional for ESET at this time. Threats

The Threats option allows you to search for past threats, by a date range based on your client/location/group selection. The Threats filter is only functional for ESET at this time.

1. Click on Threats. This will display a calendar. Figure 3: Threats

The calendar control will default to today’s date and will check a date range based on the day you select from the calendar. For example, if August 30th was selected, the dashboard would return all threats from August 30, 2011 to the current date of the selected year.

(4)

TIP: You can click on the calendar month label to view all months in the current year. Click again on the year to view additional years (1990-2019). If you want to view all threats for the month of August, simply select the month instead of the beginning date (1st).

3. Click Threats again. The threats that meet the date range you selected will display. A checkmark will display to indicate that the threats shown are the result of a search .

4. To return to the original listing, click Threats again and click Reset at the bottom of the calendar.

AV Product

The AV Product option works as a toggle switch to display antivirus agents that are using specific antivirus products. Default display shows all agents based on your client/location/group selection. Click the AV Products option and place a checkmark next to each option you want to filter for (e.g., ESET NOD 32 v4, Symantec EP 12.1 x64, etc.) and click AV Products again to filter the data for the selected

client/location/group. A checkmark will display to indicate that the data is filtered .

Sync Agent Data Now

The Sync Agent Data Now option allows you to sync data now if you made any changes to the configuration, instead of waiting for the data to be updated at its normal hour interval. When data is sync’ing, the title bar will display ‘Sync in progress…’ in green and will appear for both manual syncs and regularly scheduled syncs.

Figure 4: Sync in Progress

Last Sync Time

The Last Sync Time shows the date and time of the last sync, whether it was a manual sync or a regularly scheduled sync.

Configuration Status

The Configuration Status indicates the current configuration status. If a connection could not be made with the ESET server, verify that the ERAS (ESET) server’s FQDN is accurate in Settings and reload the plugin.

Figure 5: Connection with ESET Server Successful

(5)

You can click on Configuration Status to view the status of the plugin, as well as the last sync time and the next scheduled sync time. Syncs occur approximately every hour. If a manual sync has been done, the regularly scheduled sync will still occur at its regular schedule.

Figure 7: Configuration Status

Settings

The Settings section is for use with ESET to set up the communication with the ERAS server. To enable the communication with the ERAS server, select the

Enable the communication with the ERAS Server option and then enter the FQDN or IP address of the ERAS server in the Server FQDN field. When finished, click Save. This will reload the plugin and establish communication if the ERAS server has been installed/configured properly.

The Web Service Installer option is for the initial configuration of the ERAS server and is discussed in the Enabling Communication with the (ERAS) ESET Server section of this document.

Column Descriptions

Table 1: Column Descriptions

Column Description

Computer Name Displays the computer name as it appears on the Control Center’s navigation tree. Will be preceded by the antivirus icon, if integrated. If ESET enabled, ESET icons will display to the left of the computer name. Otherwise, if ESET is disabled, the LabTech logo will display, unless you using a customized

Control Center .ico.

AV Engine Displays the antivirus engine installed on the computer. Currently, only ESET will display. Definition Date Displays the definition date as it appears on

the Welcome screen of the agent computer. Scanner Status Displays the scanner status as it appears on

the Welcome screen of the agent computer. Health Displays the current antivirus health of the

(6)

Client Displays the client name this computer is associated with.

Location Displays the location of the selected computer.

Last AV Agent Checkin Displays the last time the antivirus agent checked into the ERAS (ESET) server. If ‘Unknown’ is displayed, integration with ESET exists but antivirus agent has not checked into the ERAS (possibly due to an offline agent). If ‘Not Available’ is displayed, the computer does not have ESET installed.

Prod/Threat Version Displays the version of the current threat or of the last threat, if applicable. Red background indicates a current threat and green

background indicates there are no threats at this time. If no threats have ever been detected ‘Not Available’ will display. Only available if using ESET.

Last Threat Displays the date and time of the current threat or of the last threat, if applicable. Red background indicates a current threat and green background indicates there are no threats at this time. If no threats have ever been detected, ‘None’ will display. Otherwise, ‘Not Available’ will display for computers that have not checked in to the ESET server. Only available if using ESET.

Virus Displays the name of the virus. Red

background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Type Displays the type of virus (e.g., email, web

page script, file, etc.). Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Virus Name Displays the file path to the virus file. Red

background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET. Threat Level Displays the threat level of the detected virus:

warning, normal and critical. Red background indicates a current threat and coral

background indicates that action has been taken. Only available if using ESET.

Action Taken Displays any action that was taken against the virus (e.g., Cleaned by deleting –

quarantined). Red background indicates a current threat and coral background indicates that action has been taken. Only available if using ESET.

Policy Displays the policy applied on the ESET

(7)

AV Manager Installation

The AV Management Dashboard can be downloaded from the Marketplace. Once the dashboard has been downloaded, the dashboard will be added to the Plugin Manager, where it will need to be enabled. If you need additional information on how to download from the Marketplace, please refer to the Marketplace documentation. To install the AV Management Dashboard:

1. Download the AV Management Dashboard from the Marketplace. The dashboard will automatically be added to the Plugin Manager.

2. Select Help > Plugin Manager.

Figure 8: Plugin Manager

5. Select the checkbox to the left of AV Management Dashboard to enable. Close the Plugin Manager. You may be prompted to restart the Control Center and to tell all agents to update plugin after each selection.

6. Click Yes through these options.

7. Close the Plugin Manager and restart the Control Center. If you are using ESET, please proceed to the next section of this document to enable

communication with the ERAS server. Otherwise, you are ready to use the AV Management Dashboard.

Enabling Communication with the (ERAS) ESET Server

(8)

1. From the AV Management Dashboard, click on Settings. Figure 9: AV Management Settings

2. Click on Web Service Installer. You will be prompted to save the file. The filename defaults to LabTech AV Web Service. Leave this as is. Select the location to save the file to and click Save.

3. Run this file on the ESET server. This must be run as a local/domain admin. The user running the MSI needs to have rights to create the application under the default site, application pool and the system DSN for accessing the ESET

(9)

NOTE: The ODBC System DSN is used to access the ESET Database. MS Access is installed through the LabTech Web Service installer, by default. This is also the default used in the ESET installation. There are multiple varieties of database engines that can be used with ESET. If you receive errors that indicate that that ESET database cannot be connected or are using a different database, please refer to the AV Troubleshooting Guide.

4. After installing you must run the application pool in IIS under a user that has access to the system registry and ESET directories. Select Start >

Administrative Tools > Internet Information Services (IIS) Manager. Figure 10: IIS—LabTechWebAV

5. Expand the server on the navigation tree and select Application Pools. 6. Highlight LabTechWebAV from the Application Pools section.

(10)

Figure 11: Advanced Settings

8. Change the Identity to either ‘LocalSystem’ or any user you wish that has the permissions to access the registry, ESET database and ESET directories. 9. Click OK. Close IIS.

(11)

Figure 12: AV Manager

11. Click on Settings.

Figure 13: Configure ERAS Server

12. Select the Enable the communication with the ERAS Server checkbox. 13. Enter the ERAS Server FQDN or IP address (and port if different from the

default) and click Save.

(12)

Once the plugin has reloaded, the dashboard will immediately display when successful.

NOTE: If there are no issues with configuration, it will be indicated by the green check mark next to Configuration Status as shown in the screen capture below. Otherwise, if there is an issue, it will be indicated by a red warning symbol.

Upon initial installation, there will not be any data showing in the dashboard until it is collected from the ESET or Symantec server. Data is collected approximately every hour from the ESET server and sent back to the dashboard. If using Symantec, any threats are reported back every five minutes. Once data has been collected, each of the columns will populate with the latest data as shown by the following example.

Figure 15: Data Collected

Using the AV Management Dashboard

(13)

Figure 16: AV Management Dashboard

Offline computers will be indicated by a grayed out computer as shown by the following example.

Figure 17: Offline Computer

Any new threats will be indicated by a red background. Highlighting an agent will show the protection features for that computer that are active, not active, present and not present in the bottom of this window. For additional information on these settings and modifying these settings, refer to the Editing ESET Configuration Settings section of this document.

TIP: All functionality that exists in the Control Center is also available in this dashboard. Right-click on a computer for a menu of available options. Additionally, double-click on the machine to open the Computer Management screen.

Acknowledging Threats

Right-click on the agent that has a current threat and select AV Actions > Acknowledge Threat. The threat will be cleaned and deleted without requiring additional user intervention. The background of the AV Last Connected and Last Connected fields for the agent will change from red to green once the threat has been acknowledged.

Performing Scans

(14)

Performing AV Updates

You can perform an on-demand antivirus definitions update by right-clicking one of the agents and selecting AV Actions > Update.

Editing ESET Configuration Settings

The Edit Configuration option will pull the configuration settings from the ESET server, at the machine level, to allow you to edit the settings and then send back to the server. To view the current settings for an agent, select the agent. This will display the current protection features and their status in the bottom-half of the window.

NOTE: This is only available for ESET.

To edit the configuration for a single machine or multiple machines: 1. Highlight the agent or agents. If one agent is selected, click the Edit

Configuration button for the current settings to display. If multiple machines are selected, the AV Configurations section will display with no current settings displayed.

Figure 18: Editing the Configuration

(15)

2. The AV Configurations section consists of several tabs for different scanning options. Make the necessary changes on each tab. Field descriptions are in the following table.

On-Demand Scanner: Allows you to select from different scanning profiles to control the level of scanning. These can then be scheduled at different times of the day, depending on how intense the scan is. For example, the in-depth scan would run off-hours; whereas, the smart scan can run during the day. The default profiles in ESET are: In-depth, Shellext and smart.

File System Scanner: Allows you to select the level of cleaning for file systems.

File System Settings: Allows you to temporarily turn off real time file system protection. If the real time protection was disabled either through the file scans, disabled on the client or set to not start at reboot, it can be turned back on by clicking the Turn On Real Time Protection button as shown in Figure 18.

Startup Scanner: Allows you to select the level of cleaning for scanning during the boot up process.

POP3Scanner: Allows you to select the level of cleaning for emails.

HTTP Scanner: Allows you to select the level of cleaning for web pages.

Email Notifications: Allows you to set the recipient and sender email addresses to receive notifications. Notifications can be set on certain events on the ESET server.

Table 2: AV Configurations Field Descriptions

Field Description

Computer Profile Determines the level of scanning: light scan to in-depth scan. Available options are: In-depth scan, Shellext scan and smart scan. Cleaning Level There are three cleaning levels: no cleaning,

standard cleaning and strict cleaning. Standard cleaning quarantines the file and strict will delete the file.

Unsafe Applications Select the checkbox to scan for unsafe applications (determined by ESET). Unwanted Applications Select the checkbox to scan for unwanted

applications (determined by ESET). File Extensions Exclusions Enter any file extensions that should be left

out from the scan. Enter the file extension (e.g., doc) and click Add. To remove, highlight from the list and click Remove.

Scan All Files Select the checkbox to scan all files. Scan on File Execution When selected, provides real-time protection

when files are executed.

Scan on File Open When selected, provides real-time protection when files are opened.

(16)

Automatic real-time file system protection settings

When selected, provides real-time protection during startup.

Scan Network Disks When selected, scans network disks. Scan Local Disks When selected, scans local disks. Recipient Email Enter the email of the person that should

receive email notifications on certain events, as specified on the ESET server. The Send Email Notifications field must also be enabled for email notifications to be sent. Sender Email Enter the email address of the person that

email notifications should come from. Send Email Notifications Select to enable email notifications.

Recipient Email and Sender Email fields are required for email notifications to be sent. 3. Click Apply Configuration when all changes have been made. A message will

display to indicate that the changes were saved to the ESET server. It will take approximately one hour for the changes to get applied.

4. You can click the Refresh button to check the status. The following screen capture indicates that a change was made to the real-time protection

Figure 20: ESET Configurations Applied

Troubleshooting

Please refer to the AV Dashboard Management Troubleshooting guide if you are having difficulty or are receiving errors.

Document Revision History

Date

Notes

09/07/2011 New with 2011.2

10/10/2011 Added additional steps to access and change the settings in IIS. 10/12/2011 Added database information and link to Troubleshooting guide. 10/19/2011 Definition date and AV scanner columns added to the

dashboard.

10/18/2012 Updated for 2012 SP1.

 Added Symantec.

 Updated ESET information.

 Updated sync time

References

Download now ( PDF - 16 Page - 1.16 MB )

Related documents

LDG Z-817H 75-Watt Automatic Tuner

This circuit measures forward and reflected power from which SWR may be calculated (some meters calculate SWR for you). More advanced units can measure forward

SYNTHESIO PRODUCT GUIDE THE EXPERIENCE RELEASE

Enhanced Dashboard Management: View your Dashboard and FlashDash usage at a glance, manage settings with ease, and quickly launch any dashboard..

Modern Orientals, Muslims in the West, Abul Kasem’s Misinterpretations and Blasphemy--Fasihuddin (PSP)

In the series of my coloumns against the pseudo-intellectuals and perverted writers like Sujit Das, today I have discussed in my coloumn, published in Daily Aaj, Peshawar (April 3,

IOT Based Smart Agriculture Monitoring System

 proposes a novel methodology novel methodology for smart for smart farming by farming by linking linking a smart sensing system and smart irrigator system through a

Proactive Rootkit Protection Comparison Test

In January 2013, AV-TEST performed a comparative review of McAfee Deep Defender, Microsoft System Center Endpoint Protection and Symantec Endpoint Protection to determine

Tivoli Endpoint Manager BigFix Dashboard

NOTE: The back end service can be installed onto any server and can remotely determine the status of your deployment but will require additional configuration..

AFDtek Energy Dashboard

The energy dashboard draws its energy data from the energy management system. The energy management system is required to have data points for each of the data the energy

WOOD DESTROYING PESTS AND ORGANISMS INSPECTION REPORT

Cost of all Primary Recommendations $ 850.00 NOTE: Damage found in Inaccessible Areas may require a Supplemental report and/or Work Authorization, or may require amendments to this