-
Zemana Endpoint Security
Administration Guide Version 1.9.380
-
Introduction 5
What is Zemana Endpoint Security? 5
What is Zemana Control Center? 5
How do Endpoint Agents and Control Center communicate with each other? 5
Features 6
Support 7
Getting Started 8
Server Requirements for Zemana Control Center 8
Endpoint Requirements for Zemana Endpoint Security Agents 8
Installation 10
Step 1: Installing Control Center 10
Step 2: Deployment of Endpoint Agents 11
Manual Deployment 11
Deployment via Group Policy Object 11
Creating a Machine Startup Script for use with Active Directory 11
Registering the Machine Startup Script with a Group Policy Object 12
Mail Deployment 12
Remote Deployment 13
Optional Step 3: Installing Failover Server 13
Administration 15
Logging into Control Center 15
Modules 15
Dashboard 15
Network 15
Groups Pane 15
Endpoints Pane 16
Endpoints Pane Context Menu 16
Filters 17
Endpoint Actions Bar 17
Endpoint Details Dialog 17
Tasks 18
Policies 18
Quarantine 18
Reports 18
Deployment 19
Setup Packages 19
Update Servers 19
How to install an Update Server? 20
How to check the status of Update Servers? 20
2
-
How to uninstall an Update Server? 20
Notifications 20
Settings 21
Failover Servers 23
Failover Server Registration 24
Failover Server Unregistration 24
Audit Logs 24
User Management 24
User Types 24
Roles 24
Policy 27
General Settings 27
Anti-Virus Settings 27
Content Control Settings 28
Device Control Settings 29
ID Theft Protection Settings 29
Frequently Asked Questions 31
How do I create a backup of Zemana Control Center? 31
How do I restore Zemana Control Center? 31
How do I create a support tool output? 31
How do I enable SSL on Zemana Control Center? 32
Enabling SSL in IIS Manager 32
Enabling SSL in Control Center 32
How do I migrate Zemana Control Center to a new server? 32
Migrating Control Center to a new server 32
Forwarding Endpoint Agents to New Control Center 32
What ports are used by Endpoint Agents and Control Center? 33
External URLs used by Endpoint Agents and Control Center? 33
How do I uninstall Endpoint Agents? 33
How do I uninstall a group of Endpoint Agents? 34
How do I send feedback about the product? 34
3
-
Introduction
4
-
Introduction
Thank you for choosing Zemana Endpoint Security.
This document will guide you through all the features of Zemana Endpoint Security and Control Center.
What is Zemana Endpoint Security?
Zemana Endpoint Security is a client-server solution which protects your physical or virtual machines
against all types of threats including phishing, malware, cryptolocker while providing you with the best
user experience on managing your entire network.
What is Zemana Control Center?
Zemana Control Center is a web-based management console for managing endpoint security agents
installed on your network.
How do Endpoint Agents and Control Center communicate with each
other?
Endpoint Agents connect to Zemana Control Center using a one-way communication channel over
predefined ports which are automatically allowed by the installation packages.
In case you are using different VLANs for Agents and Control Center, please make sure these ports are
properly forwarded from Agent VLAN to Control Center VLAN.
5
-
Features
Zemana Endpoint Security combines the following features and lets you manage these features
through a web-based management console for ease of use:
● AntiMalware protection (On-Demand and On-Access scans) ● Zero-day malware protection ● Identity Theft Protection ● Cryptolocker protection ● Device Control ● Advanced rootkit and bootkit remediation ● Web Control for blocking access to harmful web sites ● Keyword filtering for blocking access to websites containing provided keywords ● Application blocking ● Search advisor for browsers ● Policy based centralized management ● Scheduled Scans ● Active Directory integration ● Out-of-box SIEM integration ● Advanced Reporting module ● Internal update mirrors for low-bandwidth usage
6
-
Support
Before contacting Technical Support, make sure you have satisfied the system requirements that are
listed in your product documentation.
In case you need technical assistance, please contact [email protected] with the following
information available:
● Product version ● Hardware information ● Available memory, disk space, and NIC information ● Operating system ● Version and patch level ● Network topology ● Router, gateway, and IP address information ● Problem description with the following information:
○ Error messages and log files (located at C:\zemana_logs) ○ Support tool output (click here for more information about creating a support tool output) ○ Recent software configuration changes and network changes
7
mailto:[email protected]
-
Getting Started
Server Requirements for Zemana Control Center
● Supported operating systems: ○ Minimum required server version is Windows Server 2008 R2 (64-bit)
● Hardware requirements: ○ 64-bit Intel 2 GHz or higher (or equivalent) ○ 8 GB available RAM ○ 40 GB free space on the hard drive ○ Internet connection (required for product activation and some update features)
Endpoint Requirements for Zemana Endpoint Security Agents
Supported operating systems:
● Windows Client ○ Windows 10 ○ Windows 8.1(1)(2)
○ Windows 8(3)
○ Windows 7 with Service Pack 1 (1)VMware vShield platform (Agentless version) support for Windows 8.1 (32/64-bit) is available
starting with VMware vSphere 5.5 – ESXi build 1892794 and above. (2)In VMware NSX, the OS version is supported starting with vSphere 5.5 Patch 2. (3)In VMware NSX, the OS version is supported starting with vSphere 5.5.
● Windows Server ○ Windows Server 2019 ○ Windows Server 2016 ○ Windows Server 2012 R2(1)(2)
○ Windows Server 2012(3)(4)
○ Windows Small Business Server (SBS) 2011 ○ Windows Server 2008 R2(4)
(1)VMware vShield platform (Agentless version) support for Windows Server 2012 R2 (64-bit) is
available starting with VMware vSphere 5.5 – ESXi build 1892794 and above. (2)In VMware NSX, the OS version is supported starting with vSphere 5.5 Patch 2. (3)In VMware NSX, the OS version is supported starting with vSphere 5.5. (4)VMware NSX does not support the 32-bit versions of Windows 2012 and Windows Server 2008
R2.
8
-
Hardware requirements:
● Windows Client ○ Intel Pentium compatible processors, 2 Ghz or higher (or equivalent) ○ 1 GB available RAM ○ 1.5 GB free space on the hard drive ○ Internet connection (required for product activation and some update features)
● Windows Server ○ Minimum 2.4 Ghz single-core CPU, Recommended 1.86 Ghz or higher Intel Xeon
multi-core CPU
○ Minimum free RAM 512 MB, Recommended free RAM 1 GB ○ 1.5 GB free space on the hard drive ○ Internet connection (required for product activation and some update features)
9
-
Installation
Installation of Zemana Endpoint Security is divided into two steps. The first step is the “Control Center
Installation”, which provides you with the endpoint installation packages and continues on the second step
of installation, which is “Endpoint Agents Installation”. Once the two steps are completed, you will be able
to login to Control Center and start managing the computers in your network.
Step 1: Installing Control Center
1. Download the latest version of Zemana Control Center Installer using the link below:
https://download.zemana.com/api/products/zescontrolcenter
2. Double-click on the installer and accept UAC Prompt if prompted so,
3. Accept the User License Agreement and click “Next”,
4. Check “Create Desktop Shortcut” for easy access to Zemana Control Center from your desktop
and click “Next”,
5. Wait for the installer to extract installation files,
6. Click “Install Control Center” option and click “Next”,
7. Choose either “Direct Internet Connection” option or “Use Proxy for Connecting to Internet”
option,
8. Enter a valid license for Zemana Control Center. If you don’t have one, please contact
9. Provide a Domain Name or a Static IP address for Control Center to use. This is the address you
will enter into your browser’s address bar. If you use an IP address here, make sure it is static.
NOTE: For testing purposes, you can use 127.0.0.1 as the IP address but you need to change it
before starting the deployment of endpoint agents,
10. Enter Administrator Email and a password for managing Zemana Control Center. This account will
be used for logging into the Control Center and it will also be set as the Control Center’s System
Administrator account (most privileged account type),
11. If you use Active Directory in your company, select “Use Active Directory for managing computers
in my network” option or skip this step by choosing “Skip Active Directory integration” option. The
account you provide in this step will *only* be used for synchronization purposes,
12. Wait for Setup to download packages and complete all the steps,
IMPORTANT NOTE: This step could take a few minutes due to downloading of endpoint
installation packages and other installation media.
13. Once this step is completed, setup will automatically open your browser and direct you to Login
Page,
10
https://download.zemana.com/api/products/zescontrolcentermailto:[email protected]://127.0.0.1:55555/http://127.0.0.1:55555/
-
14. Click Finish to complete setup and use the Administrator Email and Password you have provided in
the previous steps to login into Zemana Control Center.
Step 2: Deployment of Endpoint Agents
Deployment of endpoint agents can be performed in two alternate ways: Manual Deployment and
Deployment via GPO.
Manual Deployment
a. Open the browser in the machine you would like to install endpoint agent to,
b. Navigate to Deploy Page. This URL doesn’t require authentication to make deployment of
endpoint agents into your network as easy as possible,
c. This page will provide you with 32bit and 64bit versions of Endpoint Setup Packages as
ZIP files,
d. Download the appropriate package and extract the ZIP archive to a directory. This will
extract the contents of ZIP file which should contain installer exes and configuration files,
e. Double click the installer32.exe or installer64.exe to start installation of Agent,
f. Once installation is completed, you will be able to see the endpoint in Network Page.
Deployment via Group Policy Object
Deployment via GPO is composed of two steps. First, you need to create a deployment script
using Control Center and then you should set this script as a machine startup script by the help
of GPO.
1. Creating a Machine Startup Script for use with Active Directory
a. Navigate to http://127.0.0.1:55555/Deployment page,
b. You will be provided with 32bit and 64bit versions of Endpoint Setup
Packages as ZIP files,
c. Download “both” ZIP files to your computer and extract them to separate
directories,
d. Create a shared folder either in one of your Domain Controllers or in a file
server,
e. Give “Everyone” read access to this folder and copy installer32.exe and
installer64.exe into this folder,
f. Copy the path of shared folder as a UNC path. As an example, if you have
created a folder named “Shared”, the UNC path should be
\\SomeServer\Shared
g. Click “Create Deployment Script” button in Deployment Page,
h. Paste the shared folder path into “Shared Folder Path” textbox in the
dialog,
i. Choose preference for removing competitor products,
11
http://controlcenter:55555/Deployhttp://controlcenter:55555/Networkhttp://127.0.0.1:55555/Deployment
-
j. Click “Download Script” button in the dialog and save the resulting BAT
file into your computer.
2. Registering the Machine Startup Script with a Group Policy Object
a. Open “Group Policy Management Console” in your Domain Controller,
b. Create a GPO for deploying Endpoint Agent into your network,
c. Right click on the created GPO and select “Edit”,
d. In the opened “Group Policy Management Editor” window, select
“Computer Configuration > Policies > Windows Settings > Scripts (Startup /
Shutdown)” section,
e. In the right pane, double click “Startup” item,
f. In the opened “Startup Properties” page, click “Show Files” button. This
will open the startup scripts directory in Explorer,
g. Copy the Machine Startup Script you have created in the previous step
into the folder,
h. Close the Explorer window and click “Add” button in “Startup Properties”
page. This will bring up “Add Script” dialog,
i. Click “Browse” in the “Add Script” dialog and select the previously copied
Deployment Script and click “OK
j. Machines using this GPO will automatically install Endpoint Agent after
they are restarted.
Mail Deployment
a. Open the browser and access Control Center,
b. Navigate to Deployment Page.
c. Click “Send via Email” from left menu under Setup Packages,
d. Add recipient Email addresses to “Email List To Send” box,
e. Review mail content in the editor and click Send,
f. Recipients will receive deployment mail which contains Endpoint Agent download links.
WARNING: This feature requires a configured E-mail Server on Control Center Settings.
12
http://controlcenter:55555/Deployment
-
Remote Deployment
a. Find “Zemana Deploy Manager” icon on the desktop of Zemana Endpoint Security Control Center installed machine, double click to execute (Default path : "C:\Program Files\Zemana Control Center\Zemana.EPS.Console.DeployManager.exe"),
b. To target Active Directory computers click “Deploy using Active Directory”, or to target computers on your network using computer name or IP address click “Deploy using Computer Name / IP Address”,
c. On current window a computer selection list or a text area to type computer names or IP addresses (each should be entered line by line) is displayed according to your previous choice. Select target machines or type computer name / IP address of target machines then click “Proceed”,
d. Type local administrator credentials in order to start deployment on your target computers,
e. Choose preference for removing competitor products,
f. Click “Start Deployment” to start deployment process.
g. Deployment will be initiated on target computers remotely. Deployment statuses will be displayed on current window. Deployment process will be conducted silently.
WARNING: “Administrative Share” and “File Sharing” permissions should be allowed on target machines. Remote Deployment uses “135”, “139” and “445” ports, these ports should be accessible as well.
Optional Step 3: Installing Failover Server
1. Download the latest version of Zemana Control Center Installer to a server, which will be used as a
Failover Server, using the link below:
https://download.zemana.com/api/products/zescontrolcenter
2. Double-click on the installer and accept UAC Prompt if prompted so
3. Accept the User License Agreement and click “Next”,
4. Check “Create Desktop Shortcut” for easy access to Zemana Control Center from your desktop
and click “Next”,
5. Wait for the installer to extract installation files,
6. Click “Install Failover / Mirror Server” option and click “Next”,
7. Failover server will be automatically installed, click Finish.
Failover server management will be explained in detail in “Failover Servers” section of
Administration chapter.
13
https://download.zemana.com/api/products/zescontrolcenter
-
Administration
14
-
Administration
Zemana Control Center is a web-based management console for administering Zemana Endpoint
Security agents. This chapter will guide you through all the features of Zemana Control Center.
Logging into Control Center
You can log in to Control Center using one of the account types below:
● Local Accounts ● Active Directory Accounts
At least one local account is created during the installation process but you are free to add any number
of Local or Active Directory accounts after logging into the Control Center.
On a fresh installation, login page only allows you to use Local Accounts. You can add Active Directory
accounts by navigating to “User Management” by clicking the dropdown menu at the topmost right of
Control Center.
NOTE: Control Center logins have a session timeout limit which is 30 minutes by default.
Modules
Dashboard
Dashboard is the first page you will see after a successful login. This page contains charts for
endpoints, issues and licensing as well as a Threats Timeline and a list of Critical Endpoints.
Threats Timeline lets you view the security events which take place on endpoints on a daily basis.
You can click on a specific day to get a detailed “Threat Report”. Reports will be explained in detail
in “Reports” section of this chapter.
Network
Network page is where you will see all of the endpoints in your network. It contains a “Groups
Pane” for displaying custom endpoint groups and Active Directory domain groups, and a right
pane which lists the contents of the selected group. If no endpoint group is selected, right pane
displays all endpoints.
Groups Pane
This pane is located at the leftmost side of Network Page and contains a top level group
named “Computers” which acts as the default container for individual endpoints which do
15
-
not belong to any Active Directory Domain. If Active Directory is not set up, this is the only
top level group you will see in Network Page. After configuring Active Directory
synchronization from Settings, each domain in Active Directory will be another top level
group in this pane. Active Directory synchronization feature will mirror the exact same
structure of your domains including organizational units and groups and computers.
Endpoints Pane
This is the pane which displays the contents of selected Group in your network. Endpoints
are listed in a grid alongside some useful information such as the issues and online status
of endpoint.
At any given time, an endpoint could be in one of the three management states:
1. Managed: Endpoint is managed by the Control Center and it is ready to accept
tasks and policies.
2. UnManaged: Endpoint is discovered through the Active Directory but it hasn’t got
Endpoint Security Agent installed yet.
3. Deploy Failed: Endpoint Security Agent installation failed on this endpoint. This
could be due to a number of reasons such as the failure to uninstall a competitor
AntiVirus solution and etc. These type of endpoints require manual installation and
inspection.
In normal cases, endpoint should not have any issues but in case something goes wrong
in an endpoint, you will see the issues in this pane as well. Issue types for endpoints are as
listed below:
1. Update Failed: Endpoint can not get product or signature updates.
2. Outdated: Endpoint’s last update time is older than 3 days which can be changed
in Settings.
3. Feature Status Mismatch: Status of protection modules on endpoint does not
comply with the policy applied to the endpoint.
4. Infected: Endpoint is infected with a malware and it was not possible to clean the
endpoint.
5. Scan Failed: Scheduled or on demand scan task failed to complete.
6. Reboot Required: Endpoint agent requires reboot to perform some tasks such as
boot deleting malware or completing an update.
7. Unreachable: Endpoint didn’t connect to Control Center for more than 7 days
which can be changed in Settings.
Endpoints Pane Context Menu
This is the right click context menu which lets the Administrator perform endpoint related
tasks and set labels for endpoints. Tasks listed here can also be found in Quick Actions
bar in Endpoint Details Dialog.
16
-
Filters
This buttons brings up a dialog in which you can change the settings related to viewing of
endpoints in Endpoints Pane. Normal behavior of Endpoints Pane is displaying the
contents of the selected group without including the endpoints which reside in sub-groups
of the selected group. You can change this behavior by choosing a Group and then
selecting “All Groups Recursively” option in Filter dialog. Default behavior of Endpoint
Pane when no group is selected is displaying all endpoints in all groups including Active
Directory domains and Computers top level group. This is why, when no group is selected,
Filters dialog will not have “All Groups Recursively” option until you select a Group from
the Groups Pane. You can also provide a computer name for filtering all computer names
containing the provided string. After setting the required filter options, you should click
“Save” for activating the filter options.
Endpoint Actions Bar
This bar is located at the upper side of Groups Pane and it lets the IT Admin perform
endpoint and group related tasks such as creating a new group, renaming an already
existing group and deleting an endpoint. Please note that, group related actions in this bar
are only applicable to groups created beneath “Computers” top level group and they will
be disabled when an Active Directory Domain group is selected. This is because Active
Directory Domain groups are synchronized directly from the provided domain and IT
Admin has to make changes in the domain itself (in domain controller) and click “Sync
Active Directory” button in this bar to fetch updated domain structure.
In order to use “Sync Active Directory” feature, you should configure Control Center to use
Active Directory from Settings page.
Endpoint Details Dialog
Endpoints Pane displays a summary of information about each endpoint. In case you need
to get more information about the endpoint, you should click on the name of the endpoint
which will bring up Endpoint Details Dialog. This dialog contains detailed information about
the selected endpoint and it also provides you with a “Quick Actions” bar for performing
endpoint related tasks. Tabs in this dialog are as follows:
1. General Tab: Displays most of the information about the Endpoint.
2. Endpoint Tab: Displays the status of protection modules.
3. Policy Tab: Displays the last assigned policy of endpoint and assignment status /
type of the policy. Assignment type of policy can either be “Inherited” or “Direct”.
Inherited indicates that endpoint inherited its policy from its parent group so no
direct assignment is made by the IT Admin.
4. Events Tab: Displays all type of events which was sent by the Endpoint Agent.
17
-
Tasks
Tasks are the main unit of work for Endpoint Agents. Tasks are assigned to Endpoint Agents by the
Control Center in response to Administrator's actions. They can be assigned to a single or multiple
endpoint agents and lets the administrator view status of the task on each endpoint.
Tasks module keeps a record of each assigned task and sets the status of task to “Pending” until
the all the endpoints connects to the Control Center and gets the task. In this case, task status is
switched to “In Progress”. After the task completes in all endpoints, task will be marked as
“Completed”.
For further inspection about the status of task on each endpoint, you can click on the numbers in
the “Status” column.
Policies
Policy is a group of settings which can be applied to a single or a group of endpoints.
Policies include all types of settings an endpoint should comply with. Control Center is shipped
with a default / optimized policy which is called “First Policy” and this policy is set as “Default
Policy” so any endpoint which joins into the managed group of computers receives this policy as
their active policy.
You can create any number of policies using “Create Policy” button in the actions toolbar and you
can also create a copy of the policy by selecting the source policy and clicking the “Clone Policy”
button.
NOTE: Please refer to Policy Section for more information.
Quarantine
This module lists the files which are quarantined by Endpoint Agents and provides you with the
following options:
● Restore: Restore the quarantined file to the endpoint. This is what Administrator should do to revert the quarantine action and let the user use the file in question.
● Delete File: This option deletes the file from quarantine. ● Delete Record: This options removes the quarantine entry from Control Center and
doesn't do anything on the endpoint side. This is useful for deleting quarantine entries
which are submitted from unreachable endpoints.
Reports
This module allows you to create instant or scheduled reports from the Control Center. Main grid
of this page lists the previously registered Scheduled Reports. You can edit or delete a previously
18
-
created report by highlighting the report and clicking the appropriate action button in the action
toolbar.
Report types are:
1. Threat Report: Displays all detections including malware detections and content control
detections. This report type is a merged view of "Malware Detection Report" and "Content
Control Report".
2. Malware Detection Report: Displays malware detection events on all endpoints.
3. Content Control Report: Displays content control related detections on all endpoints such
as blocked web pages and keywords.
4. Endpoint Protection Status Report: Displays the protection status of each endpoint with
latest scan results.
5. Endpoint Feature Status Report: Displays the ON/OFF status of each protection module
for endpoints.
6. Endpoint Update Status Report: Displays the update status of each endpoint.
7. Endpoint Policy Report: Displays the policy name of each endpoint.
8. Endpoint Issue Report: Displays all types of issues encountered on each endpoint.
9. Endpoint Management Status Report: Displays the management status of each endpoint.
10. Device Control Report: Displays device exclusion configuration events on all endpoints.
Specifying e-mail addresses while creating Scheduled Reports lets report content to be sent to specified e-mail addresses upon creation of periodic reports.
WARNING: In order to receive scheduled reports with e-mail, E-mail Server should be configured on Control Center settings.
Deployment
Deployment page lets you download setup packages for Endpoint Agents and Update Servers.
This page also has a separate tab named “Update Servers” which let’s you view the currently in
use update servers. This page is only for viewing active update servers for information purposes.
Setup Packages
Endpoint Agent and Update Server packages can be downloaded by clicking the
appropriate link in this section. Setup packages are archive files which contain an installer
and a configuration file.
Update Servers
This section lists the active Update Servers of Control Center for information purposes
only. Uninstalling an Update Server will automatically delete its entry from this list.
Internal Update Servers are separate setup packages which can be used by Zemana
Control Center to centralize delivery of signature and product updates.
19
-
Control Center automatically loads balances update servers and distributes them to
endpoints in a round robin manner. Each Update Server can handle 600-1000 endpoints.
Once this limit is exceeded, Control Center notifies Administrator to install more update
servers.
How to install an Update Server?
In order to install an internal update server, please follow the steps below:
1. Set a static IP address to the server which will be used as an update
mirror,
2. Open your preferred browser and navigate to Deployment page,
3. Download the appropriate update server package by clicking either 32-bit
or 64 bit links,
4. Extract the Update Server Setup Package contents to a directory,
5. Run installation file and follow the on-screen prompts.
Upon installation, update server will automatically connect to Control Center and
register itself as an active update server.
How to check the status of Update Servers?
1. Navigate to Deployment page and click "Update Servers" tab,
2. You can see the active update servers and their statuses here.
How to uninstall an Update Server?
Update Servers are normal installation packages which can be uninstalled using
"Control Panel > Programs And Features" panel.
Upon uninstallation, Update Server entry will be removed from the Control Center
automatically and endpoint agents will be notified to use other Update Servers by
using this Update Server as their Update Source
NOTE: If there are no update servers left in the Control Center, the system will
automatically set Update Source settings to "Internet" in all policies.
Notifications
This module lists the notifications about Control Center and informs the Administrator about
important events.
Currently supported notifications are:
● Active Directory Synchronization Failed ● Backup Failed ● Email Notification Failed due to SMTP settings
20
-
● New Control Center Update is available ● Update Server Capacity Exceeded ● License Related Notifications
Settings
This module contains all configurations for Zemana Control Center to function properly and it is the
most critical part of the system.
● Control Center ○ General
■ Control Center Address: Address of Control Center which should be either an IP Address or a domain name.
■ Control Center Language: User interface language for Control Center management console.
■ Endpoint Language: User interface language for endpoint agents. ■ Timezone: Timezone information for the Control Center. All the
information in Control Center database is saved in UTC+0 by default and
converted to the timezone you provide in this field.
○ Proxy: Proxy configuration for Control Center. ○ Email Server: SMTP server settings which will be used for sending critical events
to Administrators via email.
○ Advanced ■ Use SSL: Endpoint agents will use HTTP by default. Enabling this option
forces endpoint agents to use HTTPS for connecting to Control Center.
IMPORTANT: You should add an SSL certificate to Control Center before
enabling this option. Please check this section for more information.
■ Submit error reports automatically: Submits error reports to Zemana automatically when enabled.
■ Enable Debug Logging for trouble shooting: Reserved for Zemana support personnel's use.
■ Treat endpoints as outdated after days: Indicates how many days should pass before marking an endpoint as “Outdated”.
■ Treat endpoints as unreachable after days: Indicates how many days should pass before marking an endpoint as “Unreachable”.
■ WARNING I wish to change troubleshooting settings: It is recommended to contacting your product manager before changing these settings.
Troubleshooting Settings is used to resolve unexpected situations
encountered in Zemana Endpoint Security. It is not recommended to
change these settings for other purposes.
21
-
■ Allow update task assignments: Enables or disables notifying endpoints regarding new update versions.
■ Allow version update downloads for clients: Enables or disables setting up new version packages on the endpoints.
■ Allow client event requests: Enables or disables notifying the control center regarding all events performed by endpoint agents.
■ Allow client settings requests: Once this option is switched off, future changes regarding control center will not be sent to endpoint agents.
Endpoint agents will appear offline since will not receive any notification
after this process.
■ Allow sending events to administrator: Enables or disables sending e-mails to system administrator regarding all events performed by
endpoint agents. Even if Email events to System Administrator option,
which is located under Event Alert Settings tab, is on e-mails will not be
sent.
■ Allow sending events to SysLog and SIEM: Enables or disables sending events to Syslog / SIEM products regarding all events occurred on
endpoints. Even if Send events to Syslog / SIEM option, which is located
under Event Alert Settings tab, is on events will not be sent.
■ Allow Installation Success Requests: Once this option is switched off, agents, which will be setup on an endpoint for the first time, will not notify
the control center after a successful installation. The agent’s status will
remain as unmanaged since the control center will not receive any
notification.
■ Allow Installation Failed Requests: Once this option is switched off, agents, which will be setup on an endpoint for the first time, will not notify
the control center after a failed installation.
■ Allow Uninstallation Success Requests: Once this option is switched off, the notification regarding successful uninstallation of the agent will not be
sent to the control center. The agent’s status will not change since the
control center will not receive any notification.
■ Allow Endpoint Id Changed Requests: Once this option is switched off, the notification regarding Id changes will not be sent to the control center.
■ Allow Endpoint Command Processor Job: Enables or disables notifications regarding Installation Success Requests, Installation Failed
Requests, Uninstallation Success Requests and Endpoint Id Changed
Requests to be processed by the control center.
■ Allow All API Requests: Enables or disables the communication between the control center and our products, such as all servers and endpoint
agents that have a connection with the control center.
22
-
■ Endpoint client event interval (minute): Indicates how many minutes should pass before notifying the control center regarding the events
performed by an agent on the endpoint.
■ Endpoint check settings interval (minute): Indicates how many minutes should pass before sending request to the control center regarding
changed endpoint settings.
■ Concurrent Setup Package Download Limit: Indicates the simultaneous distribution limit of setup update packages that are sent to all update
servers and endpoint agents via the control center.
■ ProductStatusEvent Process Capacity Per Job: Indicates how many notifications regarding endpoint agents will be handled by the control
center.
■ Top Priority Event Process Capacity Per Job: Indicates how many notifications regarding event processors defined under Event Processor
Filters title will be handled by the control center.
■ Endpoint Command Process Capacity: Indicates how many notifications regarding Installation Success Requests, Installation Failed Requests,
Uninstallation Success Requests and Endpoint Id Changed Requests will
be handled by the control center.
■ Event Processor Filters: Enables or disables notifying the control center regarding event processors defined under Event Processor Filters title:
Product Update, Assigned Task Completed, Scan Failed, Scan
Completed, Quarantine Item Change, Malware Detected, Product Status
○ Backup: Options for automatic backup creation. Current version supports file system shares and FTP upload options. In order to create a manual backup,
please refer to this section.
● Active Directory: When enabled, Control Center connects to the provided Active Directory domain and synchronizes the directory structure as well as computers directly into the
network module. This is performed with a background job which fires once in three hours.
● License: Provides information about the currently in use license.
● Event Notifications: Provides configuration for sending events to System Administrator via
E-mail and SIEM and Syslog. When enabled, Control Center sends the selected events to
System Administrator’s E-mail and/or provided SIEM server.
WARNING: In order to receive event notifications with e-mail, E-mail Server should be configured on Control Center settings.
Failover Servers
This module allows user to register, unregister and overview Zemana Failover Servers. If Control
Center has one or more failover servers registered, Endpoint Agents will connect those servers in
case their connection to Control Center fails.
23
-
Failover Server Registration
To register a failover server, navigate to Failover Servers Page, click “Add Failover Server” and
type failover server address then click “OK”. If targeted failover server is eligible it will be added to
failover servers list.
IMPORTANT: Registration requires a server with Zemana Failover Server installed.
Failover Server Unregistration
To unregister a failover server, navigate to Failover Servers Page, hover over an existing failover
server and click “Delete” then click “Yes”. Targeted failover server will be deleted from failover
servers list.
Audit Logs
This module lets you view all of the important activities performed by Control Center users. It is
viewable by Administrators and System Administrator only.
User Management
User Types
● Local Users: This account type is for customers who do not use Active Directory in their network.
● Active Directory Users: Active Directory provided users which will be used for managing Control Center. Since, Active Directory user passwords are managed by Active Directory
itself, Control Center doesn't need any password information for this type. Creating an
Active Directory user only approves the user as a valid Control Center account.
Roles
1. System Administrator: This role can be applied to a single user only and defines the most
privileged user in Control Center. This user is the sole owner of the system and there are
no restrictions for this role.
2. Administrator: This is a less privileged administrator role which is capable of managing
the Control Center. The only restriction is that this role cannot change the Control Center
settings.
3. Report Manager:
a. View only access to Network page,
b. View only access to Tasks page,
c. View only access to Quarantine page.
d. Full access to Reports page.
4. Maintenance Manager:
a. View only access to Network page,
24
http://controlcenter:55555/Failoverhttp://controlcenter:55555/Failover
-
b. Ability to manage endpoints,
c. View only access to Tasks page,
d. View only access to Policy page,
e. Full access to Quarantine page,
f. Limited access to Reports page (can create instant reports and view scheduled
reports)
g. Full access to Deployment page,
5. Monitoring Engineer
a. View only access to Network page,
b. View only access to Reports page.
In case a user forgets account password, “Forgot your password?” button on Login page can be used to retrieve user credentials to their e-mail address.
25
-
Policy
26
-
Policy
General Settings
These are general settings which affect the way endpoints work.
● Details ○ Policy Name: Name of the policy
● Product Settings ○ Settings
■ Display alert pop-ups: Displays alerts to a user and asks for user's decision. If unchecked, endpoint agents will automatically choose the best possible action
without asking the user anything.
■ Display notification pop-ups: Displays informational pop-ups such as update notifications.
■ Show product icon in System Tray: Displays Endpoint Agent icon in Windows System Tray.
○ Update Server Settings: Endpoint Agents require either an active Internet connection or an update mirror address for grabbing product and signature updates from. By default all
endpoints use Internet for their update source but you can install an Internal Update Mirror
anytime and instruct the endpoints to use this mirror. Control Center maintains a list of
active update mirrors and distributes these to the endpoints in an optimized way.
○ Uninstall/Repair Password: This is the password which will be asked from a user in case a manual repair or uninstall operation is initiated by the user manually. Remote tasks ignore
this password and do not need any user interaction.
● Proxy Settings: Endpoint proxy settings for connecting to the Internet.
Anti-Virus Settings
Anti-virus related settings for endpoints.
● On-Access Scannin: Enables or disables real time protection module of Zemana Endpoint Security Agent. This switch acts as a master switch for all of the settings below.
○ Limit File Size: Sets the maximum size limit for real time malware scanning. Unchecking this option removes the size limit and enables real time scanning of all files.
○ Scan Archives ■ Archive maximum size limit: Enables or disables scanning or Archive files. ■ Archive maximum depth: Level of recursion in archive content scanning.
○ Miscellaneous ■ Scan Boot Sectors: Enables/disables scanning of boot records such as MBR and
VBRs.
27
-
■ Scan Network Traffic: Scans the network traffic against malicious files and blocks the content before it is delivered to the requesting application.
■ Scan Potentially Unwanted Applications (PUA): Enabling this option activates scanning of not harmful but potentially unwanted applications such as sticky
toolbars in browsers.
● On-Demand: Enables or disables scan settings for removable devices such as USB drives, CD ROMs etc. as well as providing support for scheduled scans.
■ Scan Tasks: Scheduled scans with Quick and Full scan options. Scan tasks registered here start at the provided time at endpoint's local time zone.
■ Device Scan Settings ● Scan CD/DVD ROM: Enable/disable scanning of CD/DVD ROM devices. ● Scan Network Devices: Enable/disable scanning of network devices such
as network file shares.
● Scan Removable Devices: Enable/disable scanning of removable drives such as USB sticks.
● Heuristics: Configures the level of Zemana Heuristic Threat Control. Currently 4 levels are supported: Paranoid, Aggressive, Default, Permissive. Setting this option to a level above
Default will increase the heuristics based protection against unknown files but may lead to
false positives.
● Exclusions: Excludes the specified Directory, File or Extensions from all AntiMalware modules including On-Access, On-Demand, Heuristic.
● Quarantine Settings: Configures the amount of days a quarantined file is kept on an endpoint.
Content Control Settings
Configures content based protection options such as URL filtering and keyword filtering.
● Settings ○ General
■ Enable Anti-Phishing and Anti-Fraud Protection: Enables/disables scanning of web content against possible phishing attempts.
■ Scan SSL Traffic: Enables/disables scanning of SSL protected pages. ○ Web Access Control: Functions as a master switch for enabling/disabling web access
control related settings.
■ Blocked Web Addresses: Blocks the access to provided web addresses on endpoints. Access blocking is not specific to browsers and covers all type of
applications trying to access the blocked web site.
■ Blocked Keywords: Blocks the web content which contains the provided keywords.
■ Blocked Processes: Blocks the specified processes by name. ● Exclusions: Excludes specified URL, IP Address or Process Names from content control
access restrictions.
28
-
Device Control Settings
Settings for enabling/disabling, allowing/blocking and adding exclusions for Device Control Module.
● Settings
○ Device Control
■ Enable Device Control: Functions as a master switch for enabling/disabling device control related settings.
○ Bluetooth Devices: Allows/blocks Bluetooth devices.
○ CD ROM Drives: Allows/blocks CD ROM drives.
○ Disk Drives: Allows/blocks disk drives.
○ Imaging Devices: Allows/blocks still-image capture devices, digital cameras, and scanners.
○ Modems: Allows/blocks modems.
○ USB: Allows/blocks USB devices.
○ Lpt/Com Ports: Allows/blocks Lpt/Com ports.
○ Printers: Allows/blocks printers.
○ Internal Storage: Allows/blocks internal hard drives or gives read-only access.
○ External Storage: Allows/blocks external hard drives or gives read-only access.
● Exclusions
○ Device Control Exclusions: Excludes specific devices from device control restrictions. Exclusions can be added in two ways:
■ From Device Control Exclusions click on the “plus” button, type device ID and product ID, then pick an action for the device.
■ From Network tab click on computer name, then click on “events” from the popped up window. From “details” click on “add to exclusion”. Then choose an action for the device.
ID Theft Protection Settings
Settings for enabling/disabling ID Theft Protection Module.
● Settings ○ Enable ID Theft Protection: Enables/disables KeyCrypt Techology that encrypts keyboard actions
against keyloggers.
29
-
Frequently Asked Questions
30
-
Frequently Asked Questions
How do I create a backup of Zemana Control Center?
In order to create a manual backup of Zemana Control Center, please follow the steps below:
1. Open "Explorer" in the Zemana Control Center server machine,
2. Navigate to "C:\Program Files\Zemana Control Center\utils" folder,
3. Run "Backup Zemana Control Center" as Administrator,
4. Choose a folder for saving the backup file,
5. Click OK.
This will create a snapshot of all the database and settings of Zemana Control Center and save them as a
ZIP file to the selected folder.
How do I restore Zemana Control Center?
In order to restore Zemana Control Center from a backup, please follow the steps below:
1. Open "Explorer" in the Zemana Control Center server machine,
2. Navigate to "C:\Program Files\Zemana Control Center\utils" folder,
3. Run "Restore Zemana Control Center" as Administrator,
4. Choose a previously created backup file,
5. Click OK.
How do I create a support tool output?
Before contacting the support, please follow the steps below and create a support tool output which will be
saved to your desktop:
1. Open Explorer in your computer,
2. Navigate to "C:\Windows\zestools" folder,
3. Run "SupportTool.exe" and follow the on-screen prompts.
31
-
How do I enable SSL on Zemana Control Center?
Control Center uses HTTP as its default communication protocol but you can change this behaviour any
time by adding an SSL certificate to the Control Center.
Here are the steps you should follow for activating SSL on Control Center and Endpoint Agents:
1. Enabling SSL in IIS Manager i. Click "Start Menu",
ii. Type "IIS" and click "Internet Information Services (IIS) Manager",
iii. Expand the directory view at the left side of IIS Manager,
iv. Right click to "Sites > ZemanaControlCenter"
v. On the "Site Bindings" dialog, select second entry "HTTPS" and click "Edit",
vi. On the "Edit Site Bindings" dialog choose an SSL Certificate,
vii. Click OK to save changes.
2. Enabling SSL in Control Center i. Once SSL is enabled in IIS Manager, navigate to Settings > Advanced Settings,
ii. Enable "Use SSL" feature,
iii. Click "Save" to apply settings.
How do I migrate Zemana Control Center to a new server?
Migrating an already running instance of Control Center requires two steps:
1. Migrating Control Center to a new server i. Create a backup of Zemana Control Center by following the steps described in
FAQ,
ii. Install Zemana Control Center to a new server,
iii. Navigate to "C:\Program Files\Zemana Control Center\utils" folder on the new
server,
iv. Run "Restore Zemana Control Center" as Administrator,
v. Choose the backup file you have created in the step 1,
vi. Click OK.
2. Forwarding Endpoint Agents to New Control Center i. Once migration is done, you will have an exact copy of old Control Center in your
new server,
ii. Make sure old instance can access the new Control Center. If not, configure
Firewall settings to allow access from old instance's to new instance's address,
iii. Disable Active Directory Synchronization on the old instance,
iv. Navigate to Settings page on old instance,
v. Set "Control Center Address" to new instance's IP or Domain name,
vi. Save settings.
32
-
IMPORTANT NOTE: Disabling Active Directory synchronization is required to detect endpoints which are
still using the old instance. Endpoints will report to the old instance that they started using the new server
which will delete them from the endpoints list on the old instance. This way, you can see endpoints waiting
for migration and once all the endpoints are migrated, you can shutdown the old Control Center instance.
What ports are used by Endpoint Agents and Control Center?
- TCP 55555: Default HTTP port for agent to control center connections.
- TCP 55556: HTTPS port. Only usable if “Enable SSL” setting is ON.
- TCP 7074: Signature and product update port.
- 135, 139, 445 : Remote deployment
- 80 : License check (HTTP)
- 443 : License check (HTTPS)
- 389, 636, 3268, 3269 : (LDAP) Active Directory authentication
External URLs used by Endpoint Agents and Control Center?
- http://oem.zemana.com/ControlCenterLicenseAPI.ashx
- https://www.zemana.com/en-US/WhatsNew?ProductId=12
- http://mscloud.zemana.com/api/endpoints/settings
- http://zescloud.zemana.com
- http://dl13.zemana.com
How do I uninstall Endpoint Agents?
Setup packages are basically windows installation files and they can be uninstalled just like any other
application. The important thing to note about the uninstallation is that each setup package may install a
few other additional packages. Deciding which package to uninstall plays an important role for the
complete uninstall. In order to completely uninstall an endpoint agent, please follow the steps below:
1. Click Start button and type “Programs and Features”,
2. Find “Zemana Endpoint Security Agent” entry in the list,
3. Right click on the entry and select “Uninstall” option,
4. Enter the uninstall password if requested so,
5. Follow the on-screen instructions.
33
http://oem.zemana.com/ControlCenterLicenseAPI.ashxhttps://www.zemana.com/en-US/WhatsNew?ProductId=12http://mscloud.zemana.com/api/endpoints/settingshttp://zescloud.zemana.com/http://dl13.zemana.com/
-
How do I uninstall a group of Endpoint Agents?
Please follow the steps below for uninstalling a group of computers:
1. Go to Network page,
2. Right click on the group you would like to uninstall,
3. Choose “Tasks > Uninstall Agent” from the context menu,
4. Assign a descriptive name to the uninstallation task,
5. Click ‘OK’.
How do I send feedback about the product?
In order to send a feedback about the product, please scroll down in any page and click “Send Feedback”
link at the footer.
34