1
Talon FAST™
Firewall & Antivirus
Requirements Guide
Revision 401029
2
TABLEOFCONTENTS
1. FirewallandAntivirusBestPractices............................................3
2. McAfeeVirusScan.........................................................................5
3. SymantecEndpointProtection12.x...........................................17
4. SophosEndpointSecurityandControlv10.x.............................25
5. TrendMicroOfficeScan..............................................................31
DISCLAMER:THISDOCUMENTATIONISPROVIDEDBYTALONONAN"ASIS"BASIS.TALONMAKESNOREPRESENTATIONSORWARRANTIESOFANYKIND,EXPRESSORIMPLIED,ASTOTHEOPERATIONOFTHEWEBSITEORTHEINFORMATION,CONTENT,MATERIALS,ORPRODUCTSINCLUDEDINTHISDOCUMENT.TOTHEFULLEXTENTPERMISSIBLEBYAPPLICABLELAW,TALONDISCLAIMSALLWARRANTIES,EXPRESSORIMPLIED,INCLUDING,BUTNOTLIMITEDTO,IMPLIEDWARRANTIESOFMERCHANTABILITYANDFITNESSFORAPARTICULARPURPOSEANDNON-INFRINGEMENT.
AlthoughTalonhasattemptedtoprovideaccurateinformationinthisdocumentation,Talonassumesnoresponsibilityfortheaccuracyorcompletenessoftheinformation.Talonmaychangetheprogramsorproductsmentionedinthisdocumentatanytimewithoutnotice,butTalonmakesnocommitmenttoupdatetheprogramsorproductsmentionedonthiswebsiteinanyrespect.Mentionofnon-Talonproductsorservicesisforinformationalpurposesonlyandconstitutesneitheranendorsementnorarecommendation.
3
1. FIREWALLANDANTIVIRUSBESTPRACTICESNote:WhileTalonmakesareasonableefforttovalidatethatthefollowingantivirusapplicationsuitesarecompatiblewiththeTalonFAST™solution,wecannotguaranteeandarenotresponsibleforanyincompatibilitiesorperformanceissuescausedbytheseprograms,ortheirassociatedupdates,servicepacks,ormodifications.TalondoesnotrecommendtheinstallationnorapplicationofmonitoringorantivirussolutionsonanyFAST™enabledappliances(CoreorEdge).Shouldasolutionbeinstalled,bychoiceorbypolicy,thefollowingBestPracticesandrecommendationsmustbeapplied.
MicrosoftFirewall
• RetainFirewallSettingsasDefault
Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofOFFandnotstartedforstandardTalonFAST™CoreorEdgeinstallations.
Recommendation:LeaveMicrosoftFirewallsettingsandservicesatthedefaultsettingofONandstartedforCoreorEdgeappliancesalsobeingusedasdomaincontrollers.
CorporateFirewall
• RetainFirewallSettingsasDefault•Firewall:ports6618-6621(TalonFAST™usesTCPports6618-6621)• WANOptimizationsolutions/devicesmustbeconfiguredto“Pass-thru”Talon-specificports
Client-SideSoftware
TalonhastestedcommonantivirussoftwarepackagesincludingMcAfee,Symantec,SophosandTrendMicroforusealongsideourFAST™solutiononbothCoreandEdgesystemsconfiguredtorunoursoftware.
Note:AddingantivirustoanEdgeappliancemayintroducea20-30%impactonuserperformance.
Pre-Installationnotes
• TheantivirussoftwarepackageshouldbecertifiedbyTalon.• Theantivirussoftwarepackage(likeanyothercertifiedsoftware)shouldonlybeinstalledondriveC:\
4
RestrictFileScanning
Applicationsthatscanfilesand/orfoldersinordertogatherstatisticsorotherdatasometimesonlyreadmetadataofthefilewithoutreadingactualdatacontainedwithinthefile.Otherapplicationsmayopeneachfileindividuallyinordertodeterminethetypeofdatapresentinthefile.Inthecaseofpictures,music,orvideofiles,certainapplicationsmayalsocreatethumbnailsorprovideadditionalinformationaboutthecontentsofthefile.
ScansthatcausethesetypesoffileopenoperationsshouldbeavoidedontheEdgeapplianceandontheclientworkstation.AnyopenofafileinthismannerwillcausetheEdgeappliancetoretrievethefilefromthebackenddatacenterfileserverandcacheitlocallyinthebranchoffice.ScanningtogatherstatisticsorprovidethumbnailstopicturefilescouldalsocausetheEdgeappliancetoretrieveandcachemoredatathanthecachewasoriginallysizedtoaccommodate.Client-sidesoftwarethatsearches,indexesand/orscansnetworkfilesandfolderscancauseunnecessarymetadataandfiletransfersovertheWAN,resultinginanadditionalloadontheapplianceandshouldbeavoided.
AntivirusCoverageRecommendation
AntivirussoftwareinstalledonthebackenddatacenterfileserverandonclientPCsisgenerallyadequateprotectionagainstnetworkviruses.TalondoesallowdataonitsEdgeandCoreappliancestobescanned,ensuringcompletepoint-to-pointprotection.However,onbothCoresandEdges,theD:\(cachedrive)andT:\(virtualfileshare)volumesshouldbothbeexcludedfromvirusscanningaswellasanyTalonFAST™processes.Users’mappednetworkdrivesshouldneverbescanned.
ConfigureExclusions
AntivirussoftwareorotherthirdpartyindexingorscanningutilitiesshouldneverscandriveD:\ordriveT:\ontheEdgeappliance.ThesescansofEdgeserverdrivesD:\andT:\willresultinnumerousfileopenrequestsfortheentirecachenamespace.ThiswillresultinfilefetchesovertheWANtoallfileserversbeingoptimizedatthedatacenter.WANconnectionfloodingandunnecessaryloadontheEdgeappliancewilloccurresultinginperformancedegradation.
ThefollowingTalonFAST™processesshouldbeexcludedfromanyandallantivirusscans:
• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe• C:\Windows\System32\drivers\tfast.sys
5
2. MCAFEEVIRUSSCAN
ThissectionoutlinesbestpracticesforMcAfeeVirusScanEnterpriseversiontargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.
BaselineProtection
AftercompletingaStandardinstallationoftheMcAfeeVirusScanEnterpriseandchoosingtonotperformtheinitialOn-demandscan,followtheconfigurationspecificsasoutlinedbelow,includingOn-AccessScanning,FullandTargetedScan.
6
ExcludingServicesandProcessesinMcAfeeVirusScanConsole
ThissectiondetailshowtoexcludeTalonFAST™processesonCore/EdgeServersandotherremoteappliancesbasedonMcAfeeVirusScanscanning.
✍Note:EnsurethatTalonFAST™processes,services,anddrivesareexcludedonantivirusserversandclientsandasagrouppolicyforTalonFAST™users,ifapplicable.
• Doubleclickthe“On-AccessScanner”taskinthemainVirusScanConsolewindow.
7
• Click“DefaultProcesses”intheleftpaneandthenselecttheradiobuttonlabeled“Configuredifferentscanningpoliciesforhigh-risk,low-risk,anddefaultprocesses.”
• Clickthe“Exclusions”tabandthenclickthe“Exclusions…”buttontoconfigurethem.
8
• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.ClickOKwhenfinished
• ClicktheScanItemstabandde-select“Whenwritingtodisk”
9
• Click“Low-RiskProcesses”intheleftpane.• Clickthe“Add…”buttononthe“Processes”tab.
10
• Oncethelistofavailableprocessesfinishespopulating,youmayneedtoclickthe“Browse…”buttonandmanuallyaddthefollowingprocesses.
• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe
• ClickOKtoapplythechanges.
11
• Clickthe“ScanItems”tabandde-select“Whenwritingtodisk”and“Whenreadingfromdisk”.
12
• Clickthe“Exclusions”tabatthetop.• Clickthe“Exclusions…”button
13
• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.• AddC:\Windows\System32\drivers\tfast.sys.Note:Youmayhavetomanuallytypeinthispathtoadd
tfast.sys• ClickOKwhenfinished.
14
FullorTargetedScans
IfrunningafullortargetedscanonaTalonFAST™server,pleasefollowthestepsbelow
• DoubleclickeitherFullScanorTargetedScanfromtheVirusScanConsole
• Clickthe“Exclusions”tabfromtheOn-DemandScanPropertieswindow.Clickthe“Exclusions…”button.
15
• AddtheT:\andD:\drivestotheExclusionslist.Ensurethatsubfoldersarealsoexcludedfromscans.
ClickOKwhenfinished.
16
PreventConnectionBlockinginSharedFolders
WiththeexclusionsoftheD:\andT:\drives,itisrecommendedthatconnectionsnotbeblockedfromsharedfolders.ThiswillprovideconsistentfileaccessfromtheTalonVirtualFileShare,T:\.
Todisabletheconnectionblocking,unchecktheboxasshownbelow:
17
3. SYMANTECENDPOINTPROTECTION12.X
ThissectionoutlinesbestpracticesforSymantecEndpointProtectionversion12.xtargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.
DoubleclicktheSymantecicononthetaskbar
VirusandSpywareProtection->ClickOptions->ChangeSettings
ClickViewList
18
ClickAdd->SecurityRickException->Folder
Scrolldown,clickonD,andclickOK
19
ClickAdd->SecurityRiskException->Folder
Scrolldown,clickonT,andclickOK
20
ClickAdd->SecurityRiskException->Folder
Addthefollowing:
• C:\ProgramFiles\TalonFAST\Bin\LMClientService.exe• C:\ProgramFiles\TalonFAST\Bin\Optimus.exe• C:\ProgramFiles\TalonFAST\Bin\tafsexport.exe• C:\ProgramFiles\TalonFAST\Bin\tafsutils.exe• C:\ProgramFiles\TalonFAST\Bin\tapp.exe• C:\ProgramFiles\TalonFAST\Bin\TService.exe• C:\ProgramFiles\TalonFAST\Bin\tum.exe• C:\Windows\System32\drivers\tfast.sys
21
ClickAdd->ApplicationException
22
BrowsetoC:\ProgramFiles\TalonFAST\Bin\andaddtum
ClickOK
ClickontheAuto-Protecttab.UnderFileTypes,clickSelected.UncheckDeterminefiletypesbyexaminingfilecontents.ClickAdvanced.
23
Adjustsettingsasshownbelow
ClickNetwork
UncheckNetworkcache
ClickOK
24
NetworkThreatProtection->ClickOptionsandselectViewNetworkActivity
Rightclicktum.exeandselectAllow
Configurationiscomplete.
25
4. SOPHOSENDPOINTSECURITYANDCONTROLV10.X
ThissectionoutlinesbestpracticesforSophosEndpointSecurityandControltargetedforTalonFAST™appliancesbasedonWindowsServer2012R2.
BaselineProtection(EnterpriseConsoleconfiguration)
AftercompletingatypicalinstallationoftheSophosEnterpriseConsole,followtheconfigurationspecificsasdocumentedbelow.ThisprocessoutlinestheproceduretoconfigureSophosEndpointSecurityandControlfromacentralconfigurationperspective.
26
ExcludingServicesandProcessesusingSophosEnterpriseControl
ThissectiondetailshowtoexcludeTalonFAST™processesonserverandremoteappliancesfromSophosantivirusscanning.
✍Note:EnsurethatTalonFAST™processes,services,anddrivesareexcludedfromantivirusscanning
ThesechangesshouldbemadetoServerandClientpoliciesaswellasgrouppolicyforTalonFAST™usersifapplicable:
• ExpandtheAnti-VirusandHIPStreeinthePoliciessectionoftheEnterpriseConsole.Double-clickthepolicyyouwishtoadjust.
• Clickthe“Configure…”buttonnexttoEnableon-accessscanning.
27
• Clickthe“WindowsExclusions”tab
28
• AddthefollowingitemstotheExcludedItemslistandclickOKwhenfinished:ü C:\ProgramFiles\TalonFAST\Bin\LMClientService.exeü C:\ProgramFiles\TalonFAST\Bin\Optimus.exeü C:\ProgramFiles\TalonFAST\Bin\tafsexport.exeü C:\ProgramFiles\TalonFAST\Bin\tafsutils.exeü C:\ProgramFiles\TalonFAST\Bin\tapp.exeü C:\ProgramFiles\TalonFAST\Bin\TService.exeü C:\ProgramFiles\TalonFAST\Bin\tum.exeü C:\Windows\System32\drivers\tfast.sysü D:ü T:
29
Toverifythecentralconfigurationresultsonaconnectedclientmachine,wecanusetheSophosEndpointSecurityandControlpanel.
• Click“Configureanti-virusandHIPS”
• Click“On-accessscanning”
30
• Clickthe“Exclusions”tabtoverifythatthecorrectpolicyandexclusionshavebeenappliedtotheappliance.
SophosbuiltinFirewall
MicrosoftWindowsServer2012R2bydefaultincludesaMicrosoftWindowsFirewall.TalonFAST™softwareautomaticallyprovidesascripttoperformMicrosoftWindowsfirewallmaintenance,allowingportsassociatedwiththeTalonFAST™product.TalonrecommendstheuseoftheMicrosoftWindowsfirewall.
31
5. TRENDMICROOFFICESCAN
1. OpentheManagementGUIandnavigatetoNetworkedComputers->ClientManagement.
2. Navigateto“ScanSettings”->”Real-TimeScanSettings”.
32
3. Onthe“Target”tab,enable“FiletypesscannedbyIntelliScan”.
4. Directoryscanning.Scrolldownandaddthefollowingexclusionsto“ScanExclusionList(Directories)”topreventTrendMicrofromscanningTalonrelateddirectories:•C:\ProgramFiles\TalonFAST\bin\*•C:\ProgramFiles\TalonFAST\bin•D:\*•D:•T:\*•T:
33
5. TrendMicrowillscanactiveprocessesbeforeperformingafolder/filescan.Scrolldownandaddthefollowingexclusionsto“ScanExclusionList(Files)”:•C:\ProgramFiles\TalonFAST\Bin\*.exe•C:\Windows\System32\drivers\tfast.sys•TFAST.sys•TService.exe•Tapp.exe•tum.exe