gfi web monitor manual v2009

GFI WebMonitor 2009 for ISA Server

Manual

By GFI Software Ltd.

http://www.gfi.com

E-mail: [email protected]

formation in this document is subject to change without notice. ompanies, names, and data used in examples herein are fictitious nless otherwise noted. No part of this document may be reproduced r transmitted in any form or by any means, electronic or mechanical, r any purpose, without the express written permission of GFI

InCuofoSOFTWARE LTD.

GFI WebMonitor 20

09 – Last updated April 7, 2009.

GFI WebMonitor 2009 0BIntroduction • 5

Contents

Introduction 9 Introduction to GFI WebMonitor.....................................................................................9 Editions ..........................................................................................................................9 How does GFI WebMonitor work? ...............................................................................10 Key features .................................................................................................................11 GFI WebMonitor licensing............................................................................................12 GFI WebMonitor product evaluation ............................................................................12

Installing GFI WebMonitor 13 Introduction ..................................................................................................................13 System requirements ...................................................................................................13 Installation ....................................................................................................................14 Launching GFI WebMonitor .........................................................................................16 Downloading anti-virus signatures ...............................................................................16 Upgrading from a previous version ..............................................................................17 Uninstalling...................................................................................................................17

Navigating the GFI WebMonitor console 19 Introduction ..................................................................................................................19 Navigating the GFI WebMonitor user console .............................................................19

Getting started: Using the GFI WebMonitor dashboard 21 Introduction ..................................................................................................................21 The GFI WebMonitor dashboard .................................................................................22

Getting started: Monitoring Internet activity 27 Introduction ..................................................................................................................27 Active Connections ......................................................................................................27 Past Connections.........................................................................................................28 Bandwidth consumption...............................................................................................28 Sites History .................................................................................................................29

Top Time Consumption...................................................................................29 Top Hits Count ................................................................................................30

Users History................................................................................................................31 Top Surfers .....................................................................................................31 Top Hits Count ................................................................................................32 Top Policy Breakers........................................................................................33

Site History Details.......................................................................................................34 User History Details .....................................................................................................35 Activity Log...................................................................................................................36

Configuring allowed and blocked websites 37 Introduction ..................................................................................................................37 Configuring the Whitelist ..............................................................................................37

Preconfigured items ........................................................................................37 Adding items to the Permanent Whitelist........................................................37

6 • 0BIntroduction GFI WebMonitor 2009

Delete items from the Permanent Whitelist ....................................................38 Adding items to the Temporary Whitelist ........................................................38 Removing items from the Temporary Whitelist...............................................40

Configuring the blacklist ...............................................................................................40 Adding items to the Blacklist ...........................................................................40 Delete items from the Blacklist........................................................................41

Using wildcards ............................................................................................................41

WebFilter Edition – Site rating and content filtering 43 Introduction ..................................................................................................................43 Configuring Web Filtering policies ...............................................................................43

Adding a Web Filtering Policy .........................................................................43 Editing a Web Filtering Policy .........................................................................48 Disabling a Web Filtering Policy .....................................................................48 Enabling a Web Filtering Policy ......................................................................48 Deleting a Web Filtering Policy .......................................................................49 Default web filtering policy ..............................................................................49

Configuring advanced web filtering policy conditions ..................................................49 Adding an advanced web filtering policy condition .........................................49 Editing an advanced web filtering policy condition .........................................50 Removing an advanced web filtering policy condition ....................................51

WebGrade Database settings......................................................................................51 Enabling/disabling online lookups...................................................................52 Viewing updated online lookups .....................................................................52 Enabling/disabling the database.....................................................................52 Configure database updates...........................................................................52 Checking URL categories ...............................................................................53

WebSecurity Edition – File scanning and download control 55 Introduction ..................................................................................................................55 Download Control policies ...........................................................................................55

Adding a new Download Control Policy..........................................................56 Editing a Download Control Policy..................................................................59 Disabling a Download Control Policy..............................................................59 Enabling a Download Control Policy...............................................................59 Delete a Download Control Policy ..................................................................59 Default Download Control Policy ....................................................................60 Adding Content-types .....................................................................................60

Configuring Instant Messaging (IM) Control Policies...................................................61 Adding a new IM Control Policy ......................................................................61 Editing an IM Control Policy............................................................................64 Enabling/Disabling an IM Control Policy.........................................................64 Deleting an IM Control Policy..........................................................................64

Configuring Virus Scanning Policies............................................................................64 Adding a Virus Scanning Policy ......................................................................65 Editing a Virus Scanning Policy ......................................................................67 Disabling a Virus Scanning Policy ..................................................................68 Enabling a Virus Scanning Policy ...................................................................68 Delete a Virus Scanning Policy.......................................................................68 Default Virus Scanning Policy.........................................................................69

Scanning Engines ........................................................................................................69 Enabling/disabling the scanning engines........................................................69 Configure anti-virus updates ...........................................................................70 Kaspersky Scanning Engine Options .............................................................71

Anti-Phishing Engine....................................................................................................71 Enabling/disabling the Anti-Phishing Engine ..................................................72 Configure Anti-Phishing database updates ....................................................72 Configure phishing notifications ......................................................................73


Configuring GFI WebMonitor 75 Introduction ..................................................................................................................75 Administrative Access Control .....................................................................................75

Adding users/IPs to the access permissions list.............................................75 Deleting users/IPs to the access permissions list...........................................76

Notifications..................................................................................................................76 Configuring email settings...............................................................................76 Configuring email recipients............................................................................76 Deleting recipients: .........................................................................................77

General Settings ..........................................................................................................77

Handling blocked downloads 79 Introduction ..................................................................................................................79 Approving or Deleting items.........................................................................................79

Viewing quarantined items..............................................................................79 Approving quarantined items ..........................................................................80 Deleting quarantined items .............................................................................81

Reporting Setup 83 Introduction ..................................................................................................................83 Enabling Reporting.......................................................................................................83

The update reporting data now button............................................................84 Disabling Reporting......................................................................................................85

Miscellaneous 87 Introduction ..................................................................................................................87 Entering your license key after installation ..................................................................87

Troubleshooting 88 Introduction ..................................................................................................................88 Knowledge Base ..........................................................................................................88 Web Forum ..................................................................................................................88 Request technical support ...........................................................................................88 Build notifications .........................................................................................................89

Index 91


Introduction

Introduction to GFI WebMonitor GFI WebMonitor is a comprehensive monitoring tool that plugs in and compliments the functionality provided by Microsoft ISA Server to enable you to monitor and filter network users’ web traffic (browsing and file downloads) in real time. It also enables you to block web connections in progress as well as to scan traffic for viruses, trojans, spyware and phishing material. It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over your network users’ browsing and downloading habits. At the same time it enables you to ensure legal and best practice initiatives without alienating your network users.

Editions GFI WebMonitor is available in 3 different editions. Each edition caters for systems administrators that have different requirements: • WebFilter Edition: Filters web traffic and website use according

to its built-in WebGrade database. This is a configurable website categorization database that determines access according to user/group/IP address/time.

• WebSecurity Edition: Provides a high degree of web security for downloaded web traffic. This is achieved through its built-in download control module and multiple anti-virus engines and anti spyware scanning modules.

• UnifiedProtection Edition: Provides both WebFilter Edition and WebSecurity Edition functionalities in a single package.


How does GFI WebMonitor work? GFI WebMonitor operations can be divided in 4 logical stages:

traffic (webpage requests, image

his stage comprises an

ebsites categorized in a

Figure 1 - How does GFI WebMonitor work

age 1 - Request initiation: At this stage users reSt quest a webpage or a download over the Internet. The incoming traffic generated by the user’s request is received by Microsoft ISA Server which in turn refers to GFI WebMonitor any webdownloads, file downloads) received. Stage 2 - Blacklist/Whitelist filtering: Tinternal GFI WebMonitor blacklist/whitelist filtering mechanism that analyzes user IDs, originating IP address and URL requested. • Web traffic requested by blacklisted users and IP addresses or

from blacklisted URLs, is rejected immediately. • Web traffic requested by whitelisted users and IP addresses or

from URLs that are whitelisted are automatically granted access and forwarded to the user.

• Requests that are neither blacklisted nor whitelisted are forwarded to the WebFilter module for processing.

Stage 3 - WebFilter module: The WebFilter module analyzes the uncategorized web traffic received from the blacklist/whitelist filtering mechanism against a comprehensive list of wwide variety of classes. Web traffic is rejected or approved according to policies set up against website categories included within the WebGrade database. WebGrade database synchronizes the updated


URLs with the Internet. For more information refer to the section ‘Webgrade database settings’. Policies can be set to reject web traffic to a quarantine; where systems administrators can review and approve/deny according to needs and requirements. When the quarantined web traffic is manually approved,

the case of

incoming material for viruses, spyware and other malware. Infected

erial is automatically rejected or quarantined based on the policies

updatable a is found to originate from a

ed

available in the WebSecurity case

going le.

Key features

the formerly quarantined URL is put in a temporary whitelist so that users can have access to this web resource. NOTE: The WebFilter module is only available in the WebFilter Edition and the UnifiedProtection Edition of GFI WebMonitor. Inthe WebSecurity Edition, web traffic is directly sent from the whitelist/blacklist filters to the WebSecurity module. Stage 4 - WebSecurity module: The WebSecurity module analyzes web traffic through the download control module and scans the

matset up.

ebW traffic is also scanned for phishing material through andatabase of phishing sites. If this datknown phishing element, it is automatically rejected. The approvweb material is then sent to the user through ISA Server. NOTE: The WebSecurity module is onlyedition and UnifiedProtection editions of GFI WebMonitor. In theof the WebFilter edition, web traffic is relayed to the user withoutthrough the processes included in the WebSecurity modu

GFI WebMonitor includes the following features: • Real time web activity monitoring. • Immediate blocking of web access and downloads in progress.

pdatable anti-virus • Web traffic security through multiple and uengines and anti-spyware features.

xtensions ized with their real file type.

f important events. se enabling all website requests to be checked

d control policies. WebFilter

r/website.

• Native integration with Microsoft ISA Server as a web filter. • No duplication of Microsoft ISA Server functionality. • Easy installation with minimal configuration requirements.

iles with renamed e• Real file type signature checking – fare automatically recogn

• Email notifications o• WebGrade Databa

against an extensive and top-notch categorization database. • Downloa• URL, user and IP whitelist and blacklist that override all

and WebSecurity policies. • Bandwidth use reporting per use• Quarantine of hazardous files and content. • Web-based interface.


GFI WebMonitor licensing For more information on licensing and evaluation refer to the GFI website at: http://www.gfi.com/products/gfi-webmonitor/pricing/licensing

GFI WebMonitor product evaluation You may download and try out a fully featured version of GFI WebMonitor without an evaluation key for 10 days. However you can apply for a 30-day product evaluation key by filling in the online registration form on the GFI website (available at http://www.gfi.com/downloads/register.aspx?pid=webmon&vid=5&lid=en) when downloading the product. This will also qualify you for free email support. The 30-day evaluation period key will be emailed to you automatically after you download the product. During the evaluation period all the GFI WebMonitor features are available.

GFI WebMonitor 2009 1BInstalling GFI WebMonitor • 13

Installing GFI WebMonitor

Introduction This chapter provides you with information related to the installation of GFI WebMonitor 2009.

System requirements Install GFI WebMonitor on computers that meet the following hardware and software system requirements: WebFilter Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 1 GB • Hard disk: 2 GB of available disk space. WebSecurity Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 1 GB • Hard disk: 10 GB of available disk space. GFI WebMonitor UnifiedProtection Edition – Minimum hardware requirements • Processor: 1.8 GHz • RAM: 2 GB • Hard disk: 12 GB of available disk space. NOTE: The hard disk size specifications specified for each edition are those required to install and operate the GFI WebMonitor edition. Allowance has been made for the downloads cache, processing space required for scanning, and history data files. However, this is only indicative; you may need to allocate additional disk space depending on your environment and number of users being monitored. Software requirements – all editions • Windows 2000 Server (SP4) or Windows 2003 operating system • Microsoft ISA Server 2004 (SP3) or later • Internet Explorer 6 or later • .NET framework 2.0 NOTE 1: GFI WebMonitor can only be installed on the server machine hosting Microsoft ISA Server. NOTE 2: Internet Explorer 6 or later is recommended to be used for administration when using GFI WebMonitor.

14 • 1BInstalling GFI WebMonitor GFI WebMonitor 2009

Installation Ensure that you run the program as a user that has Administrator privileges on the machine on which GFI WebMonitor is installed. 1. Launch the GFI WebMonitor installation setup and wait for the installation to load. 2. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website and click on the Next button. 3. Read the licensing agreement. To proceed with installation select I accept the terms in the license agreement option and click Next.

4. Specify the user name or the IP address, which can access the GFI WebMonitor Web interface and click Next to continue. NOTE: More than one user or computer can be specified. Entries shall be separated with a semicolon ‘;’

Screenshot 1 - Installation Access permissions


Screenshot 2 - Installation Customer Information

5. Specify the User Name and Organization respectively. If you have a license key, update the License Key details.

administrative

Screenshot 3 - Installation Logon Information

6. Specify the logon credentials of an account withprivileges to run the GFI WebMonitor service. Click Next to continue.

16 • 1BInstalling GFI WebMonitor GFI WebMonitor 2009

Screenshot 4 - Installation email settings

7. Specify the SMTP mail server details and email address where administrator notifications will be sent. Optionally, click Verify Mail Settings to send a test email. Click Next to continue.

lick Next to install in default location or click Browse to change .

10. Click Finish. NOTE 1: For more information on how to configure ISA Server authentication, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002526

8. Cpath9. Click Install to start the installation, and wait for the installation to complete.

. NOTE 2: The username and password provided must have “Logon as Service” rights; otherwise, it will be switched on automatically for the specified account. The username and password provided will be used to create and run a new service.

Launching GFI WebMonitor Following the installation, launch GFI WebMonitor from Start ► Programs ► GFI WebMonitor ► GFI WebMonitor. Alternatively, GFI WebMonitor’s web console can also be launched through a web browser via the URL or IP address that points to the GFI WebMonitor installation on the ISA Server. Example: http://monitor.isa

Downloading anti-virus signatures By default, anti-virus signatures are not included with the GFI WebMonitor installation. Upon installing GFI WebMonitor, the latest


signatures for the supported scanning engines are automatically downloaded and installed.

Upgrading from a previous version You cinstall

an upgrade GFI WebMonitor if you have GFI WebMonitor 4 ed, by running WebMonitor2009.exe.

In order to upgrade to the latest version run WebMonitor2009.exe, and, follow the instructions displayed on screen. NOTE: The upgrade process is similar to the installation instructions. For more information refer to the section named ‘Installation’.

Uninstalling For more information on uninstalling GFI WebMonitor refer to http://kbase.gfi.com/showarticle.asp?id=KBID003241.

GFI WebMonitor 2009 2BNavigating the GFI WebMonitor console • 19

Navigating the GFI WebMonitorconsole

Introduction GFI WebMonitor’s console is a web-based interface through which you can control every aspect of its functionality. Through it you can

ll network traffic on your network.

Navigating the GFI WebMonitor user console

monitor, block and grant access to a

Screenshot 5 - Navigating the GFI WebMonitor console

Viewing Pane – The viewing pane located on the right hand side of the screen allows the GFI WebMonitor user to view and configure settings according to the node selected in the Navigation Bar.

20 • 2BNavigating the GFI WebMonitor console GFI WebMonitor 2009

and features configurable by GFI WebMonitor. Located on the left-hand side of the screen, the available nodes are:

Navigation Bar – This consists of all the sections

• Dashboard – provides a graphical overview of statistical information.

• Monitoring – web traffic monitoring functions. • Whitelist/Blacklist – permanent and/or temporary

whitelist and blacklist functions. • WebFilter Edition – manage and control access to

different websites categories for users, groups and IPs. • WebSecurity – manage and control restrictions to web

applications for network users, IPs or groups. • Configuration – Configure settings and administrative

features for GFI WebMonitor. • Licensing – Provides access to the licensing setup

and version information. • Quarantine – Configure and manage quarantined

items that were blocked by GFI WebMonitor. • Help – Provides help on all aspects of GFI

WebMonitor’s functionality.

GFI WebMonitor 2009 3BGetting started: Using the GFI WebMonitor dashboard • 21

GettinWebM

Introduction

g :onitor das started Using the G

hboard FI

The Dashboard nod grapinformation related to GFI WebMonitor’s operation. des: • d operat• Hits over time and• WebFilter statistic• Last blocked requ

e enables you to obtain hical and statistical This inclu

Usage an ions statistics bandwidth usage trend charts s ests and security threats.

22 • 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009

The GFI WebMonitor dashboard

GFI WebMonitor Dashboard can be refreshed by clicking on the

Screenshot 6 - GFI WebMonitor Dashboard

Access the GFI WebMonitor Dashboard by clicking the Dashboard node in the navigation bar. The dashboard shows the information described in the sections below. NOTE: The

icon in the top right hand corner.


Dashboard: Statistics

Screenshot 7 – Dashboard: Operation Statistics

The information provided by this table enables you to reainformation on a number of important operatioWebMonitor. Select the hyperlinks next to Current Active Connections

dily obtain nal elements of GFI

to view the ssible from the Monitoring Active Connections, which is also acce

Node. For more information refer to the Active Connections section in this manual. Selecting the hyperlink next to Current items in Quarantine allows viewingrefer to the

a summary of the quarantine folder. For more information section named Viewing Quarantine Items.

ds scanned by the section

AV Scanned Downloads represents the total downloathe anti-virus engines. For more information refer to Scanning Engines in this manual. Select the other hyperlinks within Today’s statisticsdetail on the statistics as summarized below.

to view further

Feature Quarantined Blocked AV & Anti-Phishing Selecting the hyperlink under

Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named ‘Viewing Quarantined Items’.

SelectiBlocke

ng the hyperlink under d, allows you to review

the Top Policy Breakers Report. For further information refer to the section named ‘Top Policy Breakers’.

Download control Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information refer to the section named ‘Configuring Download Control policies’.

Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named ‘Top Policy Breakers’.

Web Filtering Selecting the hyperlink under

the section named Viewing Quarantined Items.

Selecting the hyperlink under review akers

fer to the section named ‘Top Policy Breakers’.

Quarantined to the screen allows you to configure quarantined items. For further information refer to

Blocked, allows you to the Top Policy BreReport. For further information re


Dashboard: WebSecurity/WebFilter Status and usage chart

The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not.

correlation between the

Screenshot 8 – Dashboard: WebSecurity and WebFilter status and usage graph

2. View a graphical representation of thenumber of hits and bandwidth use.

Dashboard: Hits over time chart

Screenshot 9: Dashboard: Hits over time graph

The hits over time chart is a graphical representation of the number of hits on a day-by-day basis for the current month. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify anomalies.

Dashboard: Bandwidth usage trends chart

Screenshot 10 - Dashboard: Bandwidth Usage Trends graph

The bandwidth usage trends chart is a graphical representation of bandwidth use on a day-by-day basis for the current month. This


enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and enables you to identify spikes and anomalies.

Dashboard: Top Categories (Sites) chart

Dashboard: Top Categories (Bandwidth) chart

Screenshot 11 - Dashboard: Top Categories (Hits) Chart

The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users.

Screenshot 12 - Dashboard: Top Categories (Bandwidth) Chart

The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis-à-vis the website categories browsed by users.


Dashboard: Top blocked categories (Hits) chart

Screenshot 13 - Dashboard: Top Blocked Categories chart

This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked.

Dashboard: Last blocked requests list

Screenshot 14 - Dashboard: Last Blocked Requests list

The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not.

Dashboard: Last blocked security threats list

Screenshot 15 - Dashboard: Last Blocked Security Threats list

The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify securi as early as possible enabling you to take preventive measures before your network security is breached.

ty issues

GFI WebMonitor 2009 4BGetting started: Monitoring Internet activity • 27

Getting started: Monitoring Internet activity

Introduction Use the Monitoring node and its sub-nodes to examine current and historical web request data collected and processed by Microsoft ISA server. Through these nodes you can view data related to: • Active connections • Past connections • Bandwidth consumption • Sites history • Users history • Activity log

Active Connections Active connections provide information related to active connections which are processed through Microsoft ISA server’s Web Filters.

Screenshot 16 – Active connections

Access the Active connections view by clicking on Monitoring Active Connections in the navigation bar. Through this view you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To interrupt connections, click on the button in the Status column of the connection and the download will be terminated.

User column. Otherwise NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed within thethe user name is displayed as ‘unauthenticated’. NOTE 2: The information displayed is not refreshed automatically. Click on the refresh button on the upper right corner of the view to update the information being shown.

28 • 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009

Past Connections The Past connections view shows the last 2000 complete connections processed through Microsoft ISA Server

Screenshot 17 – Past connections

Access the Past connections view by clicking on Monitoring Past Connections in the navigation bar. The information is sorted by time, with the latest URL accessed listed on top. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed in the User column. Otherwise the user name is displayed as ‘unauthenticated’. NOTE 2: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown.

Bandwidth consumption The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports: • Top Sites - Displays web sites browsed, sorted by bandwidth with

the site having the highest bandwidth at the top. • Top Users - Displays websites by windows user or IP address.

This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticate

ries browsed with the categories carrying the highest bandwidth on top.

NOTE: Within the Top Sites and Top Users reports, you can select the Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. By default, this view lists today’s default date. To view data for other days, use the controls on the upper

• Previous day – click on the back butt

d users the IP address is displayed.

• Top Categories - Report displays the top catego

right of the view:

on .

• Next day –click on the forward button .


• Specific date – click on the calendar button , select the required d click Go to retrieve data for that date.

retrieved is displayed. NOTE 2: The information displayed is not automatically refreshed. Click refresh button

date anNOTE 1: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be

on the upper right of the view to update the information selected.

Sites History The ‘Sites History’ node enables you to identify: • The sites which are most frequently visited by your network users • The total browsing time per site.

Top Time Consumption The ‘Top Time Consumption’ view lists the sites on which network

time. The time spent browsing each site

users spent most time browsing for a specific date. The information displayed includes: • Site. The sites which were accessed • Surf• File types. The file types accessed from each site • Accessed by User / IP. The users/IPs that accessed the site. The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header.

Screenshot 18 – Sites History: Top Time Consumption

Access the ‘Top Time Consumption’ Top Time Consum

view by clicking on Sites History ption in the navigation bar.

ght of view: By default, this view lists today’s default date. To view data for other days, use the controls on the upper ri the

• Previous day – click on the back button


• Next day –click on the forward button • Specific date – click the calendar , select the required date, and,

click Go to retrieve information for that date.

nable to be

• Graphical representations of site hits over time. The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top).

NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was uretrieved is displayed. You can also click on any of the sites listed to bring up the ‘Site History Details’ view. For more information refer to the ‘Site History

accessed by network users on a specific date. The information displayed includes: • Sites - The sites that were accessed • Hits - The number of times that each site was accessed (i.e., the

number of hits) • The file types accessed from each site • Accessed by User / IP - The users/IPs that accessed the site

Details’ section in this chapter.

Top Hits Count The ‘Top Hits Count’ view lists the sites that were most frequently

Screenshot 19 – Sites History: Top Hits Count

Access the ‘Top Hits Count’ view by clicking on Sites History Top Hits Count in the navigation bar. To access graphs showing hits over time per site, select the ‘Show Hits Over Time Charts’ option. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view:


• Next day –click on the forward button • Specific date – click on the calendar button , select the required

date and click on Go to retrieve data for that date.


NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information refer to the ‘Site History Details’ section in this chapter.

Users History The ‘Users History’ provides details of which users who spent most time browsing sites and details of sites that were most frequently accessed. Three types of reports are available: • Top Surfers • Top Hits Count • Top Policy Breakers

Top Surfers

Screenshot 20 – Users History: Top Surfers

Access the ‘Top Surfers’ view by clicking on Users History Top Surfers in the navigation bar. The ‘Top Surfers’ view lists the time spent by network users browsing sites on a specific date. The information displayed includes: • User / IP. The users/IPs that browsed sites

e spent browsing sites ser.

The list can be sorted either by user/IP in ascending order, or by time t browsing in descending order (the site on which most time was t is listed on top).

ay’s default date. To view data for other upper right of the view:

• Surf Time. The tim• Sites Accessed. The sites which were accessed by each u

spenspen• To sort by user/IP, click on the User/IP column heading. • To sort by time spent on the site, click on the Surf Time column

heading. By default, this view lists toddays, use the controls on the


• Next day –click on the forward button


• Specific date – click the calendar button , select the required date and click on Go to retrieve data for that date.

NOTE: If no data for a specific date is available, an error messtating that data was unable to be retrieved will be displayed.

age s

Top Hits Count

You can also click on any of the users/IPs listed to review ‘User History Details’.

Screenshot 21 – Users History: Top Hits Count

Access the ‘Top Hits Count’ view by clicking on Users History Top Hits Count in the navigation bar. The ‘Top Hits Count’ view lists the users with the highest number of site accesses on a specific date. The information displayed includes: • User/IP - The users/IPs that browsed sites. • Hits - The number of site accesses made by each user. • Sites accessed - The sites which were accessed by each user. • Graphical representations of site hits over time. The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. • To sort by user/IP, click on the User/IP column heading. • To sort by site accesses, click on the Hits column heading. To display graphs showing hits over time for each of the sites listed, select the ‘Show Hits Over Time Charts’ checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists today’s default date. To view data for other days, use the controls on the upper right of the view:


• Next day –click on the forward button • Specific date – click on the calendar button , select the required

date and click on Go to retrieve data for that date. NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed.


You can also click on any of the users/IPs listed to review ‘User History Details’. For more information refer to the ‘User History Details’ section in this chapter.

Top Policy Breakers

Screenshot 22 – Users History: Top Policy Breakers

To view the users which breached most policies, navigate to GFI WebMonitor Monitoring Users History Top Policy Breakers. When clicking on one of the users/IPs, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view:


• Next day – click on the forward button • Specific date – click the calendar button , select the required

date, and, click Go to retrieve data for that date. NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed.


Site History Details

Screenshot 23 – Site History Details

Access ‘Site History Details’ view by clicking on Sites History Top

This view shows the following information: • User / IP - All users/IPs who have accessed that site on the

specified date. • Hits -The number of times the site was accessed by each user. • The file types accessed from the site by each user. • A graphical representation of total site hits over time, for all users. • A graphical representation of user site hits over time, for each user

listed. • A graphical representation of traffic over time for each of the file

types shown, for each user. To display the graph showing total site hits over time for all users, select the ‘Show Hits Over Time Chart’ checkbox. This graph assists you in identifying the time period(s) for the ecified dates during which the site was most frequently accessedTo display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review ‘User History Details’ view. For more information refer to the ‘User History Details’ section in this chapter.

Time Consumption or Top Hits Count) from the navigation bar. From the view pane select one of the listed sites in the Site column.

sp by users.


User History Details

Screenshot 24 – User History Details

Access ‘User History Details’ view by clicking on Users History (Top Surfers or Top Hits Count) from the navigation bar. From the

select one of the listed users/IPs in th user:

ite hits over time. • A graphical representation of specific site hits over time.

graphical representation of traffic over time for each of the file

rt helps you to identify ) for the specified date during which the user sites.

ic site hits over time for the user, inter over the number of hits for any one of

the sites listed under heading File types. A chart pops up showing the

view pane e User/IP column. The ‘User History Details’ view shows the following for a specific• Site indicates shows the sites accessed on the specified date. • Hits indicates the number of times the site was accessed. • The file types accessed from the site. • A graphical representation of total s

• Atypes shown, for a specific site.

To display the graph showing total site hits over time, select the ‘Show Hits Over Time Chart’ option. This chathe time period(s

cac essed the listed To display the graph showing specifhover with the mouse po


specified site access pattern and frequency by the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. You can also click on any of the sites listed to review ‘Site History Details’. For more information refer to the ‘Site History Details’ section in this chapter.

Activity Log

ted to:

which have failed.

items which have been blocked or quarantined • URL accessed.

Click on the refresh button

S e

Access the ’Activity Log’ view by clicking on the Activity Log node from the navigation bar.

cr enshot 25 – GFI WebMonitor Activity Log

The ‘Activity Log’ view shows all GFI WebMonitor activity rela• Items which have been blocked or quarantined • ProcessesThe ’Activity Log’ view shows the following: • The User/IP who carried out the activity • Date and time when the activity took place • Description of the activity which took place and the reason why

on the upper right of the view to update the information being shown.

GFI WebMonitor 2009 5BConfiguring allowed and blocked websites • 37

Configuring allowed and blocked

on

websites

IntroductiWhitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the

Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are

administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a

overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist

nitor. If a also listed

Configur

feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMosite is therefore listed in the Blacklist and that same site is in the Whitelist, the site will be blocked.

ing the Whitelist To access the Whitelist click on the Whitelist node in the navigationbar.

Preconfigured items By config

ured sites

to allow

Adding items to the Permanent Whitelist To add an item to the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab.

default GFI WebMonitor includes a number of prein the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websitesautomatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected.

38 • 5BConfiguring allowed and blocked websites GFI WebMonitor 2009

e (s) and/or IP(s) for

1. Click on the Whitelist node and select the Permanent Whitelist tab.

2. Click on the delete icon

Screenshot 26 – GFI WebMonitor Whitelist

2. From the drop-down lists, select whether a User, IP or Site will badded to the whitelist and provide the user(s), groupwhom the new whitelist item applies. Repeat for all user(s), group(s)

erver authentication is used to validate

cards.

setup.

nother section in GFI WebMonitor.

Delete items from the Permanent Whitelist To remove an item from the Permanent Whitelist:

and/or IP(s) required. NOTE 1: When adding a user to the whitelist, specify the username in the format DOMAIN\user. ISA Sthe user name. NOTE 2:When adding a site to the whitelist, you can use wildFor more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalizeNOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to a

next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.

Adding items to the Temporary Whitelist To add an item to the Temporary Whitelist:


Screenshot 27 – Temporary Whitelist

1. Click on the Whitelist node and select the Temporary Whitelist tab.

Screenshot 28 – Temporary Whitelist: Granting temporary access

2. Click on Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. NOTE 1: When granting temporary access to a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the Whitelist, you can use wildcards. For more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup.

40 • 5BConfiguring allowed and blocked websites GFI WebMonitor 2009

NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE 4: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE 5: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view.

Removing items from the Temporary Whitelist 1. Click on the Whitelist node and select the Temporary Whitelist tab.

2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configuring the blacklist

Adding items to the Blacklist To add an item to the Blacklist: 1. Select Blacklist node from navigation bar.

Screenshot 29 – GFI WebMonitor Blacklist

2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for whom the new blacklist item applies. Repeat for all user(s), group(s)and/or IP(s) required. NOTE 1: When adding a user to the blacklist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.


NOTE 2: When adding a site to the blacklist, you can use wildcards. For more information refer to the ‘Using wildcards’ section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete items from the Blacklist To delete an item from the Blacklist: 1. Select Blacklist node from navigation bar.

2. Click on the delete icon next to the item you want to delete. 3. Complete deleting blacklist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view o o section in

Using wildcards

t m ve to anotherGFI WebMonitor.

When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below:

Example Description *.com Allow/block all ‘.com’ top-level domains

*.website.com Allow/block all sub domains of the ‘website.com’ domain

GFI WebMonitor 2009 6BWebFilter Edition – Site rating and content filtering • 43

WebFiconte

Introductio

lter Edition – Site rating and t filtering n

n GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI

then uses the configured web filtering policies to at action to take. This may be one of the following

WebMonitor determine whactions: • Allow access to site • Block access to site and quarantine the related file URL • Block access to site and delete related URLs. Policies can be customized to apply during specific time periods; for example a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor.

Configuring Web Filtering policies

Adding a Web Filtering Policy To add a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Select Add Policy.

44 • 6BWebFilter Edition – Site rating and content filtering GFI WebMonitor 2009

Sc nshot 30 –Adding a Web Filtering policy: general settings ree

3. Click on the General tab. 4. Provide new policy name and descriptionand the Policy Description text box respect

in the Policy Name field ly. ive

I5. n the Policy Schedule area specify the time period(s) during which the new policy will be enforced.


Screenshot 31 –Adding a Web Filtering policy: web filtering categories

6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: • Allow categories: Select categories from the Blocked Categories

list and click Allow>. • Block categories: Select categories from the Allowed Categories

list and click <Block. • Quarantine access: Select categories from the Allowed

Categories list and click <Quarantine. NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information refer to the ‘Configuring advanced web filtering policies conditions’ section.


Screenshot 32 – Adding a Web Filtering policy: web filtering exceptions

7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs which are: • Excluded (i.e. allowed) from the policy. This enables users to

NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy.

access sites overriding any policy setup.• Included (i.e. blocked) in the new policy. The URLs specified in the

included sites will be blocked regardless of the scope of the new policy.


policy applies. Repeat for all user(s), group(s)

SA Server authentication is used to validate the user

he group name.

Screenshot 33 –Adding a Web Filtering policy: who it applies to

8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the newand/or IP(s) required.

NOTE 1: When adding a user, specify the username in the format DOMAIN\user. Iname. NOTE 2: When adding a group ISA Server authentication is used to validate t

Screenshot 34 – Adding a Web Filtering policy: Notifications

9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy


checkbox if required. Complete setup by updating administrator’s

The newly

notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrator’s text box. 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 11. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

created policy will now be listed in the main Web Filtering Policies view.

Editing a Web Filtering Policy To edit a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar.

2. Click on the edit icon next to the policy you want to edit. 3. Refer to ‘Adding a Web Filtering Policy’ section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Disabling a Web Filtering Policy To disable a Web Filtering Policy: 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in

lick on WebFilter Edition Web Filtering Policies from the navigation bar. 2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

GFI WebMonitor.

Enabling a Web Filtering Policy 1. C


Deleting a Web Filtering Policy 1. Click on WebFilter Edition Web Filtering Policies from the navigation bar.

2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Default web filtering policy GFI WebMonitor - WebFilter Edition ships with a default web filtering policy which applies to all users. The policy name is listed as ‘Default Web Filtering Policy’. This policy can be edited but it cannot be disabled or deleted. If you

Configurin

want to edit the default policy, refer to the ‘Editing a Web Filtering elated to editing web

filtering policies.

hese

Policy’ section in this chapter for information r

NOTE 1: All user-created web filtering policies take precedence over the default web filtering policy. NOTE 2: Certain fields in the default policy cannot be edited. Tinclude Policy Name, Policy Description and fields in the Applies To tab.

g advanced web filtering policy conditions Advanced web filtering policy conditions give you greater flexibility in defining which sites should be allowed or blocked. These advanced policy conditions take precedence over categories you may have already specified in the Allowed Categories and Blocked

nced web filtering policy condition

Categories list boxes.

Adding an advaTo create an advanced web filtering policy condition:


Screenshot 35 – Web filtering policy

1. From the Web Filtering tab click on Show Advanced Options. dition to view the Edit Properties dialog where vanced condition.

ies which will enable you to allow,

h fall under the categories ‘Adult and

a. Select ‘Adult and pornography’ from Available Categories list box and click on Use Category b. Select ‘IM Client’ from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition.

4. Click on Save Settings to finalize settings. NOTE 1: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the ‘Adult themes’ category. Likewise, the site is NOT blocked if it only falls only under the ‘Sexuality’ category. NOTE 2: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Editing an advanced web filtering policy condition g policy condition:

changes you made.

2. Click on Add Conyou will create the ad3. Specify a combination of categorblock or quarantine sites. For example, to block sites whicpornography’ AND ‘IM Client’:

To edit an advanced web filterin1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the advanced policy to edit to display the Edit Properties dialog where you can edit the advanced condition. 3. Click OK to apply the


NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

an advanced web filtering policy condition: Removing an advanced web filtering policy condition To delete1. From the Web Filtering tab click on Show Advanced Options.

2. Click on the delete icon next to the advanced policy you want to delete. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in

WebGrade

GFI WebMonitor.

Database settings

Screenshot 36 – WebGrade Database settings

Through the WebGrade Database settings view you can: le/disable online lookups le/disable the database

• e database update• k the presence or vali local

database and se1. Access the ‘WebGrade Database’ settings view by clicking on WebFilter Edition Web Filtering Policies WebGrade Database from the navigation bar. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field.

• Enab• Enab• View the database status, version and license details Configur s

Chec dity of any URL with the active WebGrade nd feedback.


3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Complete setup by clicking on Save Settings. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling/disabling online lookups 1. Click on WebFilter Edition Web Filtering Policies WebGrade Database. 2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation.

Viewing updated online lookups Online lookup enables GFI WebMonitor to synchronize with a global internet database server for reviewed URLs. To review changes after these have been updated: 1. Click on WebFilter Edition. 2. Select Add Policy from the view pane. The Web Filtering Policy is displayed within the view pane. Categories are updated under the Blocked Categories and Allowed Categories headings.

Enabling/disabling the database To enable or disable the database: 1. Click on WebFilter Edition Web Filtering Policies WebGrade Database 2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories.

Configure database updates Through the checkboxes within the WebGrade Database Updates area in the WebGrade Database settings view you can: • Configure whether the WebGrade Database should be updated

automatically or manually • Configure the frequency with which available updates should be

installed • Configure if an email notification should be sent upon successful

updating of the WebGrade Database • Manually update the WebGrade Database by clicking Update

Now.


Checking URL categories The Check URL category tool enables you to key in a URL and

. If cal

To check a URL category: 1. Key in a URL in the check URL field 2. Click Check URL category. The category in the active local WebGrade database is displayed beneath the URL field. To report a missing or incorrect category, update the URL, click on

mit Feedback, and fill out the form displayed in your browser,

check for its category within your active local WebGrade databasethe category is not found or if the category listed in the loWebGrade database does not match with the website’s category, youcan report it for update.

Suband, click Submit.

GFI WebMonitor 2009 7BWebSecurity Edition – File scanning and download control • 55

WebSecurity Edition – File scanning and download control

on IntroductiGFI WebMonitor’s WebSecurity features scan and usarestrictions for various applications to users, IPs or groupnetwork. The control policies are:

controls

ge control s on your

Download

• Download Control Policies – Software download • IM Control Policies – Control use and access of MSN / Windows

Live Messenger • Virus Scanning Policies – configure which downloaded files should

be scanned for viruses and spyware. • Anti-Phishing Engine – Configure protection to network users from

phishing sites.

Control policies GFI WebMonitor identifies the real file type of the file being downloaded and then applies Download Control Policies to determine what action to take. This may be one of the following actions: • Allow the file to be downloaded • Block the file from being downloaded and quarantine the file URL • Block the file from being downloaded and delete all related URLs For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options.

Screenshot 37 - Download Control Policies

56 • 7BWebSecurity Edition – File scanning and download control GFI WebMonitor 2009

Adding a new Download Control Policy To add a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Click on Add Policy. 3. In the General tab provide a new policy name and description in the Policy Name field and the Policy Description text box respectively.

Screenshot 38 - Add new download control policy: Download control tab

rious file types. 4. Click on the Download Control tab to configure the actions to be taken on the va

Screenshot 39 - Add new download control policy: Add new content type


5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add.

Screenshot 40 - Add new download control policy: Change Action dialog

6. Click on any file type from the list to display the Change Action hat file type. From the

lect the applicable action to be

uarantine

dialog and configure the actions to be taken for tPerform this action: drop down list setaken. The available options are: • Allow • Block and Q• Block and Delete Click OK to apply the action.

Screenshot 41 - Download control policies: Applies to tab


7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. NOTE 2: When adding a user or a group, ISA Server authentication is used to validate the user or group name.

following

sers to be notified when the policy you are erforming his policy

NOTE: The notification is sent only if ISA Server authentication is possible and the user can be validated. 10. Complete the new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings will lose all settings.

Screenshot 42 – Download control policies: Notification tab

8. Click on the Notifications tab and select Notify theadministrators when the download content infringes this policy checkbox if required. Enter the administrator’s email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the ucreating is breached, select the option Notify the user pthe download when the downloaded content infringes tcheckbox and provide the notification email text.


The policy created will be listed in the main Download Control Policies view.

Editing a Download Control Policy To edit a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar.

2. Click on the edit icon next to the policy you want to edit. 3. Refer to ‘Adding a Download Control Policy’ section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose

to another section in settings as soon as you leave the view to moveGFI WebMonitor.

Disabling a Download Control Policy To disable a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. CNO ettings means that you will lose settGFI

Enatrol policy:

omplete disabling a download policy by clicking on Save Settings TE: Failing to click on Save Sings as soon as you leave the view to move to another section in WebMonitor.

bling a Download Control Policy To enable a previously disabled download con1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete a Download Control Policy To delete a download control policy: 1. Click on WebSecurity Edition Download Control Policies from the navigation bar.

2. Click on the delete icon next to the policy you want to delete.

s you leave the view to move to another section in

3. Complete deleting a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon aGFI WebMonitor.


Default Download Control Policy GFI WebMonitor - WebSecurity Edition ships with a default download

h is not in the predefined list:

control policy which is configured to apply to all users. The policy name is listed as ‘Default Download Control Policy’. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the ‘Editing a Download Control Policy’ section in this chapter for information related to editing download control policies. NOTE 1: All user-created download control policies takes precedence over the default download control policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.

Adding Content-types GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type whic

olicy, select Download Control tab and click on Add Content-type.

1. Click on WebSecurity Edition Download Control Policies from the navigation bar. 2. Click on Add P

Screenshot 43 - Add new content type

3. Key in the content-type in the Content-Type field in the format

t type by clicking on Save Settings content-types are not real file type

u will lose e view to move to another section in

type/subtype and click on Add. 4. Complete keying in anew contacNOTE 1: Files for user added checked as is the case with preconfigured file types.

Settings means that yoNOTE 2: Failing to click on Save settings as soon as you leave thGFI WebMonitor.


Configuring Instant Messaging (IM) Control Policies GFI WebMonitor enables administrators to control the use of MSN

all users,

WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies.

Messenger and Windows Live Messenger. These controls can be configured from WebSecurtiy Edition IM Control Policy node. The Default IM Control Policy is the control applicable tohowever specific controls to particular users, groups or IPs can be configured as described below.

Adding a new IM Control Policy To add a new IM control policy: 1. From the GFI

2. Click Add Policy and select the General tab.

nd description

Policy Name field and optionally

Screenshot 44 - Add new IM Policy – assign a name a

3. Key in the new policy name in theenter a brief description in the Policy Description text box.

Screenshot 45 - Add new IM Policy – Set IM Controls


4. From the IM Control tab, choose to block or allow instant messaging communications:

• Block all MSN / Windowsall communications via M

Live Messenger communications – SN or Windows Live Messenger is

blocked. • Allow MSN / Windows Live Messenger communications – the

use of MSN or Windows Live Messenger is allowed.

Screenshot 46 - Add new IM Policy - Applies To tab

5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user names and groups.


Screenshot 47 - Add new IM Policy – Notifications tab

6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email

address(es) when a user tries to

xt box, edit the email message text which will be sent in the email notification

9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download.

NOTE: Notification is sent only if user is validated through ISA Server authentication. 10. Complete the new IM policy setup by clicking Save Settings. NOTE: Failing to click on Save Settings will lose all settings The new policy will be listed in the main IM Control Policies view.

notification to the configured email access blocked IM policies.

7. Add the administrator(s) email address(es) to be notified in theEmail Address box.

8. In the Send the following notification to the administrators te


Editing an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity

con

Edition IM Control Policies.

2. Click on the edit i next to the policy you want to edit. l policy tabs and edit settings accordingly.

navigating to other sections.

3. Navigate in the contro4. Click Save Settings when finished. NOTE: If the settings are not saved, all configurations are lost when

Enabling/Disabling an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. In the Enabled column, check or uncheck the policy you want to enable or disable respectively. 3. Click Save Settings when finished.

Deleting an IM Control Policy 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the delete icon next to the policy you want to delete. 3. Click Save Settings when finished.

gConfigurin Virus Scanning Policies For allowed downloads, GFI WebMonitor applies virus scanning controls which include any of the following: • Display download progress and status • Scan the downloaded file with any of the supported virus scanners • Take any of the following action when a virus is detected:

o Issue a warning, but allow access to the downloaded file o Block access to the downloaded file and quarantine o Block access to the downloaded file and delete it

Screenshot 48 - Virus Scanning Policies


Adding a Virus Scanning Policy To add a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Click on Add Policy . 3. Click on the General tab.

Screenshot 49 - Add new virus scanning policy

scription in the Policy Name field n text box respectively.

4. rovide new policy name and deand the Policy Descriptio

P

Screenshot 50 - Add new virus scanning policy: Virus scanning tab


5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: • Warn and Allow • Block and Quarantine • Block and Delete

Screenshot 51 - Add new virus scanning policy: Applies to tab

6. Click OK, select Applies Tab and specify the user(s), group(s) plies. Repeat for all user(s),

NOTE 2: When adding a group ISA Server authentication is used to validate the group name.

and/or IP(s) for whom the new policy apgroup(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.


Screenshot 52 - Add new virus scanning policy: Notification tab

Notifications tab and select Notify the following

ave just created will be listed in the main Virus Scanning Policies view.

To edit a virus scanning policy:

7. Click on the administrators when the download content infringes this policy checkbox if required. Complete setup with the administrator’s notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box.

the policy you are creating e user performing the

this policy

cation is sent only if ISA Server authentication is

new policy setup by clicking on Save Settings

8. If you require users to be notified when is triggered, select the option Notify thdownload when the downloaded content infringes checkbox and provide the notification email text. NOTE 1: The notifipossible and the user can be thus validated. 9. CompleteNOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. The policy you h

Editing a Virus Scanning Policy


1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar.

2. Click on the edit icon next to the virus scanning policy you want to

3. Complete di olicy by clicking on Save Settings.

edit. 3. Refer to ‘Adding a Virus Scanning Policy’ section in this chapter, for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Disabling a Virus Scanning Policy To disable a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Uncheck the checkbox in the Enabled column for the policy you want to disable.

sabling a virus scanning p

Save Settings means that you will lose

NOTE: Failing to click on Save Settings means that you will lose

settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling a Virus Scanning PolicyTo enable a virus scanning policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar. 2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. NOTE: Failing to click onsettings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete a Virus Scanning Policy To delete a Virus Scanning Policy: 1. Click on WebSecurity Edition Virus Scanning Policies from the navigation bar.

2. Click on the delete icon next to the policy you want to delete. 3. Complete deleting a virus scanning policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.


Default Virus Scanning Policy GFI WebMonitor WebSecurity Edition ships with a default virus scanning policy which is configured to apply to all users. The policy name is listed as ‘Default Virus Scanning Policy’. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the ‘Editing a Virus Scanning Policy’ section in this chapter for information related to editing virus scanning policies. NOTE 1: Any user-created virus scanning policy takes precedence

Scanni

over the default virus scanning policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.

ng Engines Through the Virus & Spyware Protection view you can:

iew click on

:

• Enable/Disable one or more of the supported engines • View the licensing status • Configure anti-virus engine/signature updates for each one of the

scanning engines To access the Virus & Spyware Protection vWebSecurity Edition Virus Scanning Policies Virus & Spyware Protection from the navigation bar.

Enabling/disabling the scanning engines To enable or disable one or more of the scanning engines1. Click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection.

Screenshot 53 - Virus & Spyware Protection

2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. NOTE: Disabling a virus scanning engine denotes that GFI WebMonitor cannot use that engine. 3. Complete Virus scanning engine setup by clicking on Save Settings


NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configure anti-virus updates Through the configuration view for each one of the supported scanning engines you can: • View the scanning engine status, version and license details • Check or uncheck checkboxes that enable automatic or manual

scanning engine/signature updates • Configure the frequency with which available updates should be

installed • Check or uncheck checkboxes that enable the configuration of an

email notification message that should be sent upon successful updating of scanning engines/signatures

by clicking Update Now.

• Manually update scanning engines/signatures

Screenshot 54 - BitDefender Properties

Norman Anti-Virus Properties Screenshot 55 -


Kaspersky Scanning Engine Options From the configuration view for the Kaspersky scanning engine you can specify whether Virus Scanning Policies should be triggered when files are identified as: • Suspicious • Corrupted • Hidden

Screenshot 56 - Kaspersky Anti-Virus Properties

1. Click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection Kaspersky Anti-Virus. 2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Complete setup by clicking on Save Settings. NOTE: Failing to click on Save Settingssettings as soon as you leave the view to move

means that you will lose to another section in

Anti-Phish

GFI WebMonitor.

ing Engine Through the Anti-Phishing Engine view you can:

ing feature licensing status

nti-Phishing Engine from the navigation bar.

• Enable/Disable anti-phishing • View the anti-phish• Configure anti-phishing database updates To access the ‘Anti-Phishing Engine’ view click on WebSecurity Edition A


Enabling/disabling the Anti-Phishing Engine To enable or disable the Anti-Phishing Engine: 1. Click on WebSecurity Edition Anti-Phishing Engine. 2. Click on the General tab.

Screenshot 57 - Anti Phishing engine properties

Block access to phishing sites checkboxatures.

FI lock phishing sites.

Save Settings means that you will lose settings as soon as you leave the view to move to another section in

gs view you can: g Database should be updated

automatically or manually. hich available updates should be

ation should be sent upon successful updating of the Anti-Phishing Database;

• Manually update the Anti-Phishing Database by clicking Update Now.

To configure Anti-Phishing database updates: 1. Click on WebSecurity Edition Anti-Phishing Engine.

3. Check or uncheck the to enable or disable anti-phishing feNOTE 1: Disabling the anti-phishing engine implies that GWebMonitor cannot use that engine to b4. Complete anti-phishing engine setup by clicking on Save Settings NOTE 2: Failing to click on

GFI WebMonitor.

Configure Anti-Phishing database updates Through the checkboxes within the Anti-Phishing Updates area in the Anti-Phishing Engine settin• Configure whether the Anti-Phishin

• Configure the frequency with winstalled.

• Configure if an email notific


2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configure phishing notifications Through the Notifications tab in Anti-Phishing Engine settings view you can specify whether email notifications are to be sent when a site being accessed is a known phishing site. To enable phishing notifications: 1. Click on WebSecurity Edition Anti-Phishing Engine.

l text. Also provide the body text for the notification email in the Send the following notification to the

tified when a phishing site is user accessing the site if the site

Screenshot 58 - Anti-Phishing notification tab

2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrator’s notification email address and notification e-mai

administrators’ text box. 3. If you require the user to be noaccessed, check the Notify the


accessed is a known phishing site checkbox and provide the notification email text.

is sent only if ISA Server authentication is thus validated.

4. Complete phishing notifications setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose phishing notification settings as soon as you leave the view to move to another section in GFI WebMonitor.

NOTE: The notification possible and the user can be

GFI WebMonitor 2009 8BConfiguring GFI WebMonitor • 75

Configuring GFI WebMonitor

on IntroductiGFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane:

who can access GFI WebMonitor web interface for configuration and monitoring.

orting: Configure the database settings for reporting.

Administrative Access Control

• Administrative Access Control: Configure

• Notifications: Configure alerting options for email notifications on important events.

• General Settings: Configure the data retention, download cache and temporary whitelist policies.

• Rep

Access to GFI WebMonitor is based on IP or ISA Server authenticated username. Only users/IPs in the authorized list are allowed access.

Adding users/IPs to the access permissions list To add a user or IP to the access permissions list: 1. From the GFI WebMonitor navigation bar select Configuration Administrative Access Control.

Screenshot 59 – Configuring administrative access control

2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the

76 • 8BConfiguring GFI WebMonitor GFI WebMonitor 2009

new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the access control list, specify the

add the new item to the list and on Save Settings

on Save Settings means that you will lose settings as soon as you leave the view to move to another section in

ss permissions list: 1. Click on the Administrative Access Control node.

2. Click on the delete icon

username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. 3. Click on Add toto finalize setup. NOTE 2: Failing to click

GFI WebMonitor.

Deleting users/IPs to the access permissions list To remove a user or IP to the acce

next to the user/IP you want to delete. 3. Click on Save Settings to finalize deleting users/IPs. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Notifications Notifications are sent by email to administrators on important events including: • Items being quarantined • WebGrade Database, anti-virus signature update failures • WebGrade Database, anti-virus signature update success • Approaching expiry of WebGrade Database and a

signature update licenses. nti-virus

ify the email address from which notifications will be TP port. il settings setup.

r.

ail recipients

GFI WebMonitor navigation bar select Configuration

Configuring email settings To configure email settings: 1. Click on Notifications node 2. Go to the Send administrative emails using the following settings and specsent as well as the SMTP server and SM3. Click on Save Settings to finalize emaNOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonito

Configuring emTo add recipients to whom notifications are sent: 1. From theNotifications node

GFI WebMonitor 2009 8BConfiguring GFI WebMonitor • 77

Screenshot 60 – Configuring notifications

2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

ients:

the delete icon

Deleting recip1. Click on Notifications node

2. Click on next to the email address you want to

click on Save Settings means that you will lose iew to move to another section in

General Se

delete. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to settings as soon as you leave the vGFI WebMonitor.

ttings Through the General Settings node you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration General Settings node

78 • 8BConfiguring GFI WebMonitor GFI WebMonitor 2009

Screenshot 61 - Configuring General Settings

1. In the Data Retention area specify how long, in days, will browsing activity data be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. 2. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the

uests for the same file.

quarantine be kept in the Temporary

cache will speed up subsequent reqNOTE: Set the value to zero hours if you want to disable the cache. 3. In the Temporary Whitelist area specify how long (in hours), will items approved from theWhitelist. This is the amount of time available to the user during which the approved URL is accessible.

GFI WebMonitor 2009 9BHandling blocked downloads • 79

Handling blocked downloads

Introduction GFI WebMonitor includes a quarantine feature; a restricted, safe andcontrolled storage area where potentially harmful downloadstored. Policies may be set where downloaded files/URLs are blockedand stored in quarantine. Downloaded files may be quarantined as a

files are

result of one or more configured policies in the following categories being triggered: • Download Control Policies • Web Filtering Policies Virus Scanning Policies

the quarantine to: • Establish the reason for which a download file is being quarantined • Determine whether the file is harmful or harmless and should be

deleted or approved. If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: • Those transferred to quarantine today • Those transferred to quarantine yesterday

e this week • All items transferred to quarantine

Approving

•Administrators should review

• Those transferred to quarantin

or Deleting items

Viewing quarantined items formation is shown for all items listed in the

ed On. Date and time when the item was quarantined. user/IP who accessed the item which is now quarantined.

• Download URL - details of the quarantined item. • Quarantine reason - The reason why the item was quarantined. To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to either review all items or those for a specified period:

The following inquarantine: • Quarantin• The

80 • 9BHandling blocked downloads GFI WebMonitor 2009

• Today • Yesterday • This Week • All Items

lable tabs to view a list of items

test item being

Screenshot 62 - Quarantine

2. Click on each one of the avaiquarantined for each respective policy category: • Download Control Policies tab • Web Filtering Policies tab • Virus Scanning Policies tab Lists are sorted in descending order, with the laquarantined shown at the top of the list. 3. Click on the details icon to view details for that item.

5. Use the navigation icons

4. Click Go Back To List to move back to the list of quarantineditems.

to navigate through a long list of quarantined items.

Approving quarantined items To approve one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon

GFI WebMonitor 2009 9BHandling blocked downloads • 81

ly if the user has been s a valid

e

Temporary Whitelist. Refer to

Screenshot 63 - Approving a quarantined item

4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE 1: The user email address is shown onauthenticated through ISA Server authentication, and haActive Directory email field. NOTE 2: Using the checkbox associated with each entry in thquarantine enables multiple file whitelisting. NOTE 3: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to thethe Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE 4: Quarantined items which are not approved after 2 days are automatically deleted.

Deleting quarantined items To delete one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon 4. If you decide that the downloaded file should be deleted, click Delete Item 4. Click Delete Selected Item to make the downloaded file available to users or Delete All Items to make all items in a quarantine available to users. NOTE 1: Using the checkbox associated with each entry in the

letion. quarantine enables multiple file de

82 • 9BHandling blocked downloads GFI WebMonitor 2009

NOTE 2: Quarantined items which are not approved after 2 days are automatically deleted.

GFI WebMonitor 2009 10BReporting Setup • 83

Reporting Setup

Introduction GFI WebMonitor enables you to store data in a database for statistical information analysis using GFI WebMonitor ReportPack. In this section you will find information about: • How to enable or disable information gathering

Enabli

• Configuring reporting options

ng Reporting To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration Reporting node

84 • 10BReporting Setup GFI WebMonitor 2009

Screenshot 64 - GFI WebMonitor Reporting setup

2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password c

which enables GFI WebMonitor to connect and audit the Get

y purposes, passwords can only be configured from the machine where GFI WebMonitor is installed.

update reporting data now button

he Microsoft SQL server backend database as configured features. There are instances however

anually,

rage location to a central database

ombination and Database namedata to the database in the respective order. You can useDatabase List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For securit

TheDaily at midnight, GFI WebMonitor automatically transfers any data logged to twhen enabling the reportingwhen you would want to trigger the data retrieval process msuch as: • When upgrading GFI WebMonitor a the version that supports

reporting. • When migrating data stored in files in a sto

GFI WebMonitor 2009 10BReporting Setup • 85

• To test configuration settings. hers, clicking on the Update reporting

rocess.

Disabling R

In these cases, amongst otdata now triggers the retrieval pNOTE: Data is always collected for complete 24 hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked.

eporting To disable reporting features:

checkbox and click Save Settings 1. Click on the Reporting node. 2. Uncheck the Enable Reportingto disable reporting.

GFI WebMonitor 2009 11BMiscellaneous • 87

Miscel

Introduction

laneous

In this section you will find information on updating GFI WebMonitor license

Entering your license key after installation After installing GFI WebMonitor you can enter your license key without re-installing or re-configuring the product. To achieve this: 1. Click on the Licensing node from the navigation bar. 2. Key in the license key provided by GFI Software for one of the three GFI WebMonitor editions in the License Key field. 3. Click on Save Settings.

88 • 12BTroubleshooting GFI WebMonitor 2009

Troubleshooting

Introduction The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: • The manual – most issues can be solved by reading this manual. • GFI Knowledge Base articles • Web forum • Contacting GFI Technical Support

Knowledge Base GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most up-to-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.

Web Forum User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.

Request technical support If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. • Online: Fill out the support request form on:

http://support.gfi.com/supportrequestform.asp. Follow the instructions on this page closely to submit your support request.

• Phone: To obtain the correct technical support phone number for your region please visit: http://www.gfi.com/company/contact.htm.

NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone.

GFI WebMonitor 2009 12BTroubleshooting • 89

Build notifications We recommend that you subscribe to our build notificatway, you will be immediately notified about new productsubscribe to our build notifications, visit:

ions list. This builds. To

http://www.gfi.com/pages/productmailing.htm.

GFI WebMonitor 2009 12BTroubleshooting • 91

Index

.

.NET 11

A

Access Permissions 73 Active connections 25, 26 Active CActivity Lalerts 14 Anti-Phisanti-virus

B

blacklist

D

download control 7, 9, 53, 54, 55, 57, 58

E

Evaluation 10

G

General Options 73 graph 32, 33, 34

H

hardware requirements 11

I installation 14 ISA Server 7, 8, 9, 11, 14,

25, 26, 36, 37, 38, 45, 46, 56, 64, 65, 72, 73, 74, 79

L

License 85 licensing 12

P

Past Connections 25, 26

S

Site History Details 28, 32, 34

Sites History 25, 27, 28, 32 Software requirements 11 System requirements 11

T

Troubleshooting 86

U

UnifiedProtection 7, 9, 11 User History Details 30, 31,

32, 33 Users History 25, 29, 30, 33

W

WebFilter 7, 8, 9, 11, 18, 35, 41, 46, 47, 49, 50, 73

WebGrade 7, 8, 9, 41, 49,

urity 7, 9, 11, 18, 35,

onnections 25 og 25, 34

hing 69, 70, 71 9, 14, 67, 68, 74 50, 74

WebSec

8, 9, 18, 38, 39 39, 73, 79 wizard 12

53, 54, 57, 58, 63, 66, 67, 69, 70, 71, 73

whitelist 8, 9, 18, 36, 37, 38,

gfi web monitor manual v2009

Documents