The new Security Configurations tool provides a convenient
single window where you can create and manage configurations for
several LANDesk
Security Suite components and services, as well as
corresponding deployment tasks.
Security configurations (or settings) control how security
services operate on managed devices. Security services and their
associated settings can be deployed to your managed devices as part
of the initial agent configuration, separate install or update
tasks, and change settings tasks.
Security Configurations lets you create and manage settings for
the following security services:
You can also perform security component tasks described in this
chapter.
IMPORTANT:LANDesk
Script Writers group permission required
In order to create scheduled tasks and policies in the Patch and
Compliance tool and the Security Configurations tool (for security
and compliance scan tasks, repair tasks, and change settings
tasks), a user must have the LANDesk Script Writers group
permission. In other words, they must belong to a group that has
the LANDesk Script Writers permission assigned. For more
information about role-based administration, see Role-based administration.
Using the Security
Configurations tool
The Security Configurations tool window provides a convenient
single interface that lets you manage settings and tasks for
several security components and services.
The steps below provide a quick summary outline of the typical
processes or tasks involved in implementing antivirus protection on
your network with LANDesk Antivirus. For detailed descriptions for
each of these procedures, see LANDesk Antivirus.
The device default security settings are deployed as part of the
initial agent configuration. At some point you may want to change
these default settings on certain devices. The Security
Configurations tool provides a way to do this without having to
redeploy an entirely new and complete agent configuration.
To do this, click the Change settings task located in the
Create a task toolbar button.
The dialog box that appears allows you to enter a unique name
for the task, specify whether it is a scheduled task or policy, and
either select an existing setting as the default or use the Edit
button to create a new setting as the default for target
devices.
About the Create
change settings task dialog
Use this dialog box to create and configure a task that changes
the default settings on target devices for Endpoint Security
components.
With a change settings task you can conveniently change a
managed device's default settings (which are written to the
device's local registry) without having to redeploy a full agent
configuration.
This dialog contains the following options:
Task name: Enter a unique name to identify the
task.
Create a scheduled task: Adds the task to the
Scheduled tasks window, where you can configure its scheduling and
recurrence options, and assign target devices.
Create a policy: Adds the task as a policy to
the Scheduled tasks window, where you can configure the policy
options.
Type: Identifies the security component.
Endpoint Security: Specifies the Endpoint
Security settings associated with this particular change settings
task. Keep in mind that although Endpoint Security is a single
agent that is deployed to target devices, it provides services for
several security components, including Location awareness (network
connections), HIPS, LANDesk Firewall, and Device Control. Select
the settings you want to deploy to target devices, modify an
existing setting by selecting the settings and clicking
Edit, or create a new settings by clicking Configure >
New.
Antivirus: Specifies antivirus settings used
for antivirus scan tasks. Antivirus settings determine whether the
LANDesk Antivirus icon appears in the device system tray,
availability of interactive options to end users, e-mail scan and
real-time protection enabling, file types to scan, files and
folders to exclude, infected file quarantine and backup, scheduled
antivirus scans, and scheduled virus definition file updates.
Select one of the settings from the list. Click Edit to
modify the options for the selected settings. Click
Configure to create new settings. For more information, see
About the LANDesk Antivirus settings
dialog box.
Windows Firewall: Specifies Windows Firewall
settings on target devices. You can enable and disable the
firewall, and configure firewall settings including exceptions,
inbound rules, and outbound rules (for services, ports,
programs).
About the Configure
security component settings dialog box
Use this dialog box to manage your security components settings.
Once configured, you can apply settings to agent configuration
tasks, security components install or update tasks, and change
settings tasks.
This dialog contains the following options:
New: Opens the settings dialog where you can
configure the various options.
Edit: Opens the settings dialog where you can
modify the selected settings.
Copy: Opens a copy of the selected settings as
a template, which you can then modify and rename. This is useful if
you want to make minor adjustments to settings and save them for a
specific purpose.
Delete: Removes the selected settings from the
database. (Note the selected settings may currently be associated
with one or more tasks or managed devices. If you choose to delete
the setting, devices with that setting still have it and continue
to use it until a new change settings task is deployed; and
scheduled tasks with that setting still run on target devices, as
do local scheduler tasks with that settings, until a new
configuration is deployed.)
Use selected: Indicates that the currently
selected settings will be used for the task.
Close: Closes the dialog without applying any
settings to the task.
Creating install or update
security components tasks
If you want to install or update security components, you can do
so as a separate task.
To create an install or update security components task
In the console, click Tools > Security >
Security Configurations.
Click the Create a task toolbar button, and
then click Install/Update security components.
Enter a name for the task.
Specify whether the installation is a scheduled task
or a policy-based task, or both.
Select the component you want to install. You can
create new settings or edit existing settings by clicking
Configure.
If you want to display the installation progress in
the security scanner dialog on targeted devices, select the Show
progress dialog on client option.
Select a Scan and repair setting from the list to
apply its reboot configuration (only) to the agent configuration
you're creating. You can create new settings or edit existing
settings by clicking Configure. Keep in mind that only
the reboot options specified on the Scan and repair settings
you select are used by this agent configuration's Endpoint Security
agent deployment to target devices. You can use existing Scan and
repair settings that already includes the reboot configuration you
want, or you can create brand new Scan and repair settings
specifically for your agent deployment.
Click OK.
About the Install or
update security components task dialog box
Use this dialog box to create and configure a task that installs
the security components (via the shared Endpoint Security agent) on
target devices that don't yet have it installed, or updates the
existing version of the security components on target devices.
NOTE: The
installation is executed by the security scanner.
This task lets you conveniently deploy and update a managed
device's security components (and associated settings) without
having to redeploy a full agent configuration.
This dialog contains the following options:
Task name: Enter a unique name to identify the
task.
Create a scheduled task: Adds the task to the
Scheduled tasks window, where you can configure its scheduling and
recurrence options, and assign target devices.
Create a policy: Adds the task as a policy to
the Scheduled tasks window, where you can configure the policy
options.
Security components to install: Specifies
which security components will be installed with the task. Check
the component you want to install. Click in the Settings
column to select an existing setting. Click Edit to modify
the options for the selected settings. Click Configure to
create new settings.
Show progress dialog on client: Indicates
whether the security scanner dialog displays the progress of the
installation on target devices.
Remove existing antivirus agent: Automatically
removes other antivirus software that might already be
installed on devices before installing LANDesk Antivirus (see
below). (NOTE: You can also choose to remove existing
antivirus software from managed devices when doing an initial
agent configuration.)
Scan and repair settings (reboot only):
Specifies the scan and repair settings associated with this
particular installation. The task will use the selected scan and
repair settings' reboot options ONLY, which determine reboot
requirements and actions on target devices during
installation.
List of third-party antivirus products that can be
automatically removed
If you want to remove security components from managed devices,
you can also do that as a separate task from the console.
To create a remove security components task
In the console, click Tools > Security >
Security Configurations.
Click the Create a task toolbar button, and
then click Remove security components.
Enter a name for the task.
Specify whether the installation is a scheduled task
or a policy-based task, or both.
Select the component you want to remove.
If you want to display the installation progress in
the security scanner dialog on target devices, check the Show
progress dialog on client option.
Select a scan and repair setting from the available
list to apply its reboot configuration to the task you're creating.
You can create new settings or edit existing settings by clicking
Configure. The task will use the selected scan and repair
settings' reboot options ONLY, which determine reboot requirements
and actions on target devices during agent removal.
Click OK.
About the Remove
security components task dialog box
Use this dialog box to create and configure a task that removes
the security components from target devices.
This dialog contains the following options:
Task name: Enter a unique name to identify the
task.
Create a scheduled task: Adds the task to the
Scheduled tasks window, where you can configure its scheduling and
recurrence options, and assign target devices.
Create a policy: Adds the task as a policy to
the Scheduled tasks window, where you can configure the policy
options.
Security components to remove: Specifies which
security components will be removed with the task. Select the
component you want to remove.
Show progress dialog on client: Indicates
whether the security scanner dialog displays the progress of the
agent removal from target devices.
Scan and repair settings (reboot only):
Specifies the scan and repair settings associated with this
particular agent removal task. The task will use the selected scan
and repair settings' reboot options ONLY, which determine reboot
requirements and actions on target devices during agent
removal.
Creating LANDesk
Antivirus tasks
The LANDesk Antivirus tool is described in a separate section.
For detailed information about antivirus tasks, see LANDesk Antivirus.
Configuring alert settings
You can configure security-related alerting so that you can be
notified when specific events are detected on managed devices in
your system. Security Antivirus uses the standard LANDesk alerting
tool.
The alert settings dialog contains options for both
vulnerability alerting and antivirus alerting.
Antivirus alerting
Antivirus alert settings are found on the Antivirus tab
of the Alert settings dialog.
You must first configure the antivirus alerts in the Alert
Settings tool in the console. Antivirus alerts include:
An alertable antivirus action failed
An alertable antivirus action succeeded
Virus outbreak alert (per virus)
The following antivirus events can generate antivirus
alerts:
Virus removal failed
Virus removal succeeded
Quarantine failed
Quarantine succeeded
Deletion failed
Deletion succeeded
Select which alerts you want generated. The time interval option
lets you avoid receiving too many alerts. More than one alert (for
any antivirus trigger) during the specified time interval is
ignored.
You can view the complete antivirus alert history for a device
in its Security and Patch Information dialog box. Right-click a
device, select Security and Patch Information, select the
Antivirus type in the Type list, and then select the
Antivirus History object.
Use this dialog box to create an authorization code that will
allow an end user to perform a blocked operation for a brief period
of time. You can use an authorization code to provide temporary
access for a specific user or for an IT administrator to have
access to a managed device.
For example, if a user attempts to connect a USB device that is
not allowed by a Device Control settings, a pop-up message appears
on the end user device that includes an operation code. The user
would provide that operation code to the administrator, who uses it
to generate an authorization code that is given back to the end
user. This allows them to perform the action on a temporary
basis.
To generate an authorization code
In the Security Configurations tool, click the
Common settings toolbar button, and then click Generate
authorization code.
Enter the operation code provided by the end
user.
If the operation code is valid, an authorization code
is automatically generated.
Enter the operation type that the end user wants to
perform.
Give the new authorization code to the end user. The
user enters that authorization code when prompted in order to
perform the blocked operation.
NOTE:Note about
inaccurate pop-up message
When a user is given access via an authorization code, a pop-up
message on the end user device may indicate that HIPS has been
disabled regardless of the actual action taken by the user. This
message can be ignored.
Using Windows Firewall settings
The Security Configurations tool also lets you create,
configure, and deploy Windows Firewall settings to manage the
Windows Firewall on target devices.
To create Windows Firewall settings
Click Tools > Security > Security
Configurations.
Right-click Windows Firewall, and then click
New.
Once configured, you can deploy settings to target devices with
an installation or update task, or a change settings task.
About the Create Windows
Firewall settings dialog box
Use this dialog box to configure Windows firewall settings.
Windows firewall settings are associated with a change settings
task to enable/disable the firewall, and configure firewall
settings including exceptions, inbound rules, and outbound rules
(for services, ports, and programs).
You can use this feature to deploy a configuration for the
Windows firewall on the following Windows versions:
Windows 2003
Windows XP (SP2 or later)
Windows Vista
About the
Windows Firewall (XP/2003): General page
Use this page to define firewall general settings.
About the
Windows Firewall (XP/2003): Exceptions page
Use this page to configure firewall exceptions.
This dialog contains the following options:
Current exceptions: Lists programs, ports, and
services whose connection/communication is not being blocked
by the firewall. The firewall prevents unauthorized access to
devices, except for the items in this list.
Add program: Lets you add a specific program
to the exception list to allow communication.
Add port: Lets you add a specific port to the
exception list to allow communication.
Edit: Lets you edit the selected exception's
properties, including the scope of affected devices.
Delete: Removes the selected exception from
the list.
OK: Saves your changes and closes the
dialog.
Cancel: Closes the dialog without saving your
changes.
Windows Firewall security threat definitions
LANDesk Security provides predefined security threat definitions
that let you scan for, detect, and configure firewall settings on
managed devices running specific Windows platforms. The following
security threat definitions let you scan for and modify firewall
settings:
ST000102: Security threat definition for the
Windows Firewall on Windows 2003, and Windows XP.
ST000015: Security threat definition for the
Internet Connection Firewall on Windows 2003, and Windows XP.
The Windows Firewall security threat properties includes custom
variables that let you configure Windows Firewall settings. You can
use these security threat definitions to scan for your specified
settings and return a vulnerability condition if those settings are
not matched. You can then use the customized definition in a repair
task in order to turn on or off the firewall as well as change or
reconfigure the firewall settings on the scanned device.
About the Windows
Firewall (Vista): General rules page
Use this page to configure firewall general rules.
About the
Windows Firewall (Vista): Inbound rules
Use this page to configure firewall inbound rules.
About the
Windows Firewall (Vista): Outbound rules
Use this page to configure firewall outbound rules.
