Cyberoam End Point Data Protection User Guidev 3.21.0902
Cyberoam End Point Data Protection User Guidev 3.21.0902
Cyberoam End Point Data Protection User Guidev 3.21.0902
IMPORTANT NOTICE
Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without
warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore
assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make
changes in product design or specifications. Information is subject to change without notice.
USERS LICENSE
The Software Product (Product) described in this document is furnished under the terms of Elitecores End User license
agreement.
Please read these terms and conditions carefully before using the Product. By using this Product, you agree to be bound by the
terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused Product and
manual (with proof of payment) to the place of purchase for a full refund.
LIMITED WARRANTY
Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the
Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially
conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only
to the customer as the original licensee. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under
this warranty will be, at Elitecore or its service centers option, repair, replacement, or refund of the software if reported (or, upon,
request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error
free, or that the customer will be able to operate the software without problems or interruptions. Elitecore hereby declares that the
Endpoint Data Protection Suite may be powered by its Technology Vendor(s) from time to time, and the performance thereof shall
be under warranty provided by such Technology Vendor(s). It is specified that such Technology Vendor(s) does (do) not warrant
that the Software protects against all known threats to the Endpoint Data, nor that the Software will not occasionally erroneously
report a threat in a title not affected by that threat.
Hardware: Elitecore warrants that the Hardware portion (if applicable) of the Elitecore Products excluding power supplies, fans
and electrical components will be free from material defects in workmanship and materials for a period of One (1) year. Elitecore's
sole obligation shall be to repair or replace the defective hardware at no charge to the original owner. The replacement Hardware
need not be new or of an identical make, model or part. Elitecore may, at its discretion, replace the defective Hardware (or any part
thereof) with any reconditioned product that Elitecore reasonably determines as substantially equivalent (or superior) in all
material respects to the defective Hardware.
DISCLAIMER OF WARRANTY
Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without
limitation, any implied warranty or merchantability, fitness for a particular purpose, non-infringement or arising from a course of
dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its
supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages
however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its
suppliers have been advised of the possibility of such damages. In no event shall Elitecores or its suppliers liability to the
customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing
limitations shall apply even if the above stated warranty fails of its essential purpose.
In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without
limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers
have been advised of the possibility of such damages.
RESTRICTED RIGHTS
Copyright 1999-2009 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Elitecore Technologies Ltd.
CORPORATE HEADQUARTERS
Elitecore Technologies Ltd.
904 Silicon Tower, Off. C.G. Road,
Ahmedabad 380015, INDIA
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com, www.cyberoam.com
Contents
Contents............................................................................................................................................ ii
Technical Support ............................................................................................................................ iv
Chapter 1..................................................................................................................................................1
Introduction of Endpoint Data Protection..............................................................................................1
Cyberoam Endpoint Data Protection .............................................................................................1
Major Functions ................................................................................................................................3
Characteristics of Endpoint Data Protection .....................................................................................4
Chapter 2..................................................................................................................................................5
Endpoint Data Protection Startup.........................................................................................................5
Endpoint Data Protection Console....................................................................................................5
Using Endpoint Data Protection Console .........................................................................................7
Computer and User Operations ......................................................................................................10
Chapter 3................................................................................................................................................18
Statistics .............................................................................................................................................18
Application Statistics .......................................................................................................................18
Chapter 4................................................................................................................................................23
Event Log ...........................................................................................................................................23
Basic Event Log ..............................................................................................................................23
Application Log ...............................................................................................................................24
Document Operation Log................................................................................................................26
Shared File Log...............................................................................................................................28
Printing Log.....................................................................................................................................29
Removable-storage Log..................................................................................................................30
Assets Change Log.........................................................................................................................31
Policy Log .......................................................................................................................................32
System Log .....................................................................................................................................32
Chapter 5................................................................................................................................................34
Policy ..................................................................................................................................................34
Policy Introduction...........................................................................................................................34
Basic Policy.....................................................................................................................................36
Device Control Policy......................................................................................................................38
Application Policy............................................................................................................................41
Logging Policy.................................................................................................................................42
Alert Policy ......................................................................................................................................43
Mail Policy.......................................................................................................................................44
IM File Policy...................................................................................................................................46
Document Operation Policy ............................................................................................................48
Printing Policy .................................................................................................................................50
Removable-Storage Policy .............................................................................................................52
Chapter 6................................................................................................................................................54
Monitoring...........................................................................................................................................54
Instant Message Monitoring............................................................................................................54
Email Monitoring .............................................................................................................................55
Chapter 7................................................................................................................................................57
Assets Management...........................................................................................................................57
Assets Management .......................................................................................................................57
Patches Management .....................................................................................................................66
Vulnerability Check .........................................................................................................................70
Software Deployment......................................................................................................................70
Chapter 8................................................................................................................................................77
Encrypted Disk (Endpoint Security Module).......................................................................................77
Disk Encryption ...............................................................................................................................77
Format Encrypted Disks into Non- encrypted Disks .......................................................................78
Removable-storage Information .....................................................................................................79
Chapter 9................................................................................................................................................82
Database Backup & Data Recovery...................................................................................................82
Database Backup............................................................................................................................82
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department at the following address:
Corporate Office
eLitecore Technologies Ltd.
904, Silicon Tower
Off C.G. Road
Ahmedabad 380015
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.elitecore.com
Cyberoam contact:
Email: [email protected]
Web site : www.cyberoam.com
Telephonic Support:
Region
North America
Europe
APAC
Middle East & Africa
India
Chapter 1
Introduction of Endpoint Data Protection
Cyberoam Endpoint Data Protection
Overview
Unrestricted data transfer to removable devices like USB and CD/DVD drives, or through web, mail,
IM, P2P applications and more is resulting in rising security breaches. Organizations are struggling
to define their data loss prevention needs comprehensively and Endpoint Data Protection Solution
has emerged as the critical immediate step. Simultaneously, presence of branch offices, rise in
sophisticated attacks and the resultant bugs and vulnerabilities are necessitating centralized,
automated asset management at the end point.
Hence, organizations need security that moves with users in order to protect data and assets in end
point devices. While gateway security solutions secure the organizations perimeter, End Point
Security solutions are needed to secure the weakest link in organizations - the end user.
2. Device Management
Removable devices are the most common routes to data leakage because of their small size,
considerable storage capability and lack of trail.
Cyberoam Device Management controls data loss through removable devices like USB drives,
storage devices, CD/DVDs, MP3 players, digital cameras, serial ports, parallel ports, modems,
bluetooth, wireless card, and more. It offers flexible controls for complete or selective blocking of
removable devices for individual users or groups.
3. Application Control
Unrestricted application usage can result in the use of unauthorized, illegal and malware-laden
applications, causing data loss, productivity loss, legal liability and network outages.
Cyberoams Application Control offers granular policy-based controls, enabling organizations to
prevent and control access to web, instant messengers, P2P, gaming, and more. Organizations can
thus, protect sensitive data while enhancing employee productivity.
4. Asset Management
Distributed offices and rise in malware attacks are opening organizations to higher levels of threats,
leaving IT teams in a fire-fighting mode.
Cyberoams Asset Management module for Windows enables organizations to simplify tracking of
their hardware and software asset location, configuration, version tracking, and historical
information, allowing streamlined IT infrastructure management. This results in control over
hardware and software costs, while keeping the operating system, application software and security
solutions up-to-date, lowering malware incidence. By automating patch management, it enables
rapid and correct installation of patches, handling bug fixes across the network irrespective of the
geographic location, allowing organizations to meet security compliance requirements.
Major Functions
Organizations nowadays not only protect their physical resources but intangible assets such as
intellectual property, information, and goodwill all are also important. Endpoint Data Protection
Solution provides effective monitoring and managing capabilities to help organizations minimize
their risks in information security. Endpoint Data Protection is an application to effectively monitor
and manage corporate Endpoint activities.
Some of the activities are stated below:
Running Statistics
Endpoint Data Protection Solution can generate statistics reports on every application process, and
network flow in order to find any suspicious activity and check employees productivity.
Real-time Monitoring
With Endpoint Data Protection Solution, administrator can monitor computer usage, including
application usage, document operation, printing, instant messenger logs, and email contents in real
time.
Policy Control
Computer restrictions include application usage, document operations and printing. The information
can be secured, enhance staff efficiency, and allow corporation to plan resources reasonably.
Asset Management
Endpoint Data Protection Solution gives detailed information about hardware and software assets.
Alert can be sent when there is any change in software or hardware. Asset information can be
searched from custom-built query.
Software Deployment
Endpoint Data Protection Solution provides an effortless way to distribute documents and deploy
third party software to internal computers within the organization to lighten the workload of
administrator and improve effectiveness at the same time.
2. Data Encryption
Data transfer between workstation and server are encrypted using DES algorithm. With this
encryption technology, data is protected from illicit data capture.
3. System Authentication
Authentication is required for communication between server, agent, and console. Agent
workstation can only respond to authenticated server to avoid unauthenticated server connecting to
the network to steal data.
Chapter 2
Endpoint Data Protection Startup
Endpoint Data Protection Console
Logon Console
Before starting the console, Endpoint Data Protection server must be running.
1.
Go to Endpoint Data Protection default folder and click OConsole3.exe OR Go to Start All
Programs Endpoint Data Protection Endpoint Data Protection Console. The Logon
window can be viewed as shown in the below screen:
Server
Account
Password
When Endpoint Data Protection connection is disconnected, or you need to logon to another
Endpoint Data Protection server or you need to use another role to logon Endpoint Data Protection,
please go to Tools Relogin to logout current session and re-login based on your need.
1.
If the status of the Service Manager is , it indicates that Endpoint Data Protection server
is still in initial stage and is not running completely. In this case, please wait until the color of
the icon changes to
2.
If the status of the Service Manager is , it indicates that Endpoint Data Protection server
has stopped. In this case, right click Service Manager Service Start to start Endpoint
Data Protection server.
Change Password
You can change password to prevent others from using your account to login to the system and
perform illegal operations.
1.
Logon to the Console. Select Tools Change Password (see Figure 3.2).
2.
In Change Password dialogue box, key in the old password (the password is blank for the first
time). Then, enter New Password.
3.
In Confirm field, re-enter the same new password to make sure the new password is entered
correctly.
User can only change password of the current login account. The new password will be activated
after it is saved in the server module.
1. Toolbar
2. Menu bar
3. Agent Panel
4. User Panel
6. Navigation Sub-menu
9. Chart Panel
Icon
Color
Definitions
Light Blue
Agent is running
Light Grey
The computer agent module is not running. The computer may be turned off or
not connected to the network
Deep Grey
Icon
Color
Definitions
Light Blue
Light Grey
The agent user is not running. The user might not have logged on to the agent
computer
Date Range
Specify the date range.Click the start time and end time and all the log data
are searched and displayed as per the the Time and range selected.
Icon
Time
Descriptions
Select the date as the start time from the calendar
Select the date as the end time from the calendar
Restore to default setting
Endpoint Data Protection has several defined time types (All Day, Working
Time, Rest, and Weekend) which can be found in Tools Classes
Management Time Types (see Figure 3.5). System Administrator can
also define new time types for their preferences to facilitate the queries.
Click the
button to select the network range which can be either a
single computer, group or the entire network for query
Descriptions for Common Search Conditions Functions
Computer
The log records belonging to the client machine, the computer name here is
recorded by Endpoint Data Protection showed in the agent panel
User
The log records belonging to the user, the user here is recorded by Endpoint
Data Protection showed in the user panel
Descriptions for Common Log Records
Name
Computer
IP Address
Computers IP address
Status
Version
OS
Agents OS version
Running Time
Last Online
Installed Time
The last active time means the recorded time of the last
activities of the agent done in Windows
The first installed time of agent
IP/MAC
The last logging user in that agent computer. The status of idle
or lock is also displayed here
If The Whole Network is selected, Endpoint Data Protection Console displays all computer groups.
Click the
button can and you can view all computers belonging to that group.
Name
User
Status
Last Online
Last Active
Time
The last active time means the recorded time of the last activities
of the logon user done in Windows
User Basic Information Fields Descriptions
If the user logons to different computers using the same account, all information about the logon
computers and logon time will also be displayed.
button and you can view all users belonging to that group.
Grouping
By default, all new installed agents will be grouped into Unclassified group. To facilitate the
computer/user management, System administrator can create some groups and classify them into
target groups.
New Groups
Computers and users are displayed in the console tree. Groups can be set according to the actual
situation. Then, assign users and computers into different groups. Computers and users under the
group can be managed from computer groups and user groups.
Select the whole network or any group. Select FileNew Group and administrator can add a new
group in the console tree and allow administrators to name the new group. Administrator can define
multi-level groups for the organization. The operation of user group is identical.
Assign to group or changing groups
To assign a computer or user to a group, administrator can select the computer or user, select
FileMove to and choose the target group. Then the computer and user will be moved to the
selected group.
Alternatively, mouse drag facility can also be used. Select the target computer or group and drag it
to a group. Then the selected computer will be moved to the destination group.
NOTE
The default group is the Unclassified group for all computers and users. Unclassified group cannot be
deleted, renamed, or a new sub-group cannot be added within.
Find
Administrator can specify a computer or user quickly through the Find function to search related log
data
Search Computer
In the Computer Tree Column, Go to FileFind. Input the search conditions e.g. computer name or
IP address. The matched results gets displayed in the list box and double clicking any one record
will direct you to related log or policy settings
Delete
Administrator can select File->Delete to delete computer (group) or user (group). Deleting
computer (group) will uninstall the Agents of the selected group or computer as well as update the
license number.
Deleting user (group) will only remove the current basic information.
Rename
Select the computer (group) or user (group) to change the name from FileRename.
Control
Administrator can control the running agents using Endpoint Data Protection Console. The
prerequisite is that the agent must be in running status and all controls can only be done in
Computer mode but not in User mode.
Notification
Endpoint Data Protection can send notification to a computer or a group. Select ControlNotify to
notify the selected computer or group. In Notify dialogue box, enter the message and click Send to
notify the target computer or group.
Lock/Unlock Computer
Endpoint Data Protection can lock the computer or the whole group of computers to prevent users
on the agent computer to use the keyboard and mouse in case of unusual event. Select Control
Lock Computer to lock. The locked computer would be locked with its basic information.
Select ControlUnlock to unlock the computer. The target computer will once again be able to
use the mouse and keyboard.
Supplementary Functions
In Endpoint Data Protection Console, there are some other common functions that are often
used .The detailed functions and descriptions introduced are mentioned below.
Import Policies
Chapter 3
Statistics
Endpoint Data Protection assists organizations to evaluate the behavior of the staff according to the
collected statistics reports on application usage, and Internet browsing.
Application Statistics
Application statistics provide powerful statistical functions to focus on the computer daily operations
and application usage to provide detailed records and complete analysis report. The statistical data
provides reference to managerial people to assess employees working behavior.
Select Statistic Application to query the application usage of computer (group) or user (group)
in a given period of time. By default, it queries the current statistics of application usage.
The interface of Application Statistics is divided into 4 parts: (1) Computer or User column, (2)
Statistical Data Panel, (3) Chart Panel and (4) Search Panel.
Mode Administrator can select different application statistic view mode. Options
include: By Class, By Name, By Detail or By Group
Expand In By Class view mode, if an application class has sub-classes, use this
button to expand and view the sub-classes. For group view, expand button can
expand the computer group or user group to view the computers or users within the
group. This button will turn grey and be disabled in detail view.
Show Controls number of records to display. Options include All, Top 10, Top 20,
and Custom. This button will turn grey and be disabled when selected by class mode
and would expand.
Statistics Functional Buttons
In Application Statistic, the startup time and working time are default collected statistical data.
Startup time means that the agent computer starts running after logging to Windows; the working
time means the operations of mouse and keyboard controlled by agent computer.
There are 4 modes in Application Statistics:
1. By Class
In this mode, System Administrator can query the statistics by class. The application class can be
defined in Tools Classes Management Applications. Using this mode administrator can
facilitate to query defined application usage.
To choose this option, click the Mode button and then select By Class. By default, it shows all
statistics of defined application classes. Each record contains the following details:
Class
Time
Percent
2. By Name
This mode lists the order of all statistics of application usage with application executable name,
usage of time and its percentage of selected computer (group) or user (group).
To choose this option, click the Mode button and then select By Name.
3. By Detail
In this mode, it is listed in the order of the details of application, not by process. For example, there
are two different versions of MSN program running in different agents, and the process name are
the same, called msnmsgr.exe. Using By Detail mode, they are counted as two different versions
of MSN. However, if using By Name mode, the usage time of those two versions will be counted
together.
To choose this option, click the Mode button and then select By Detail.
4. By Group
In this mode, it analyzes the application and its percentage usage based on selected computer
(group) or user (group). By default, the statistical data are displayed in terms of working time and
running time.
Chapter 4
Event Log
Endpoint Data Protection collects all the operation logs from agent computers including user logon,
logout, application log, document operation log, shared document log, printing log,
removable-storage log, asset changes log etc.
There are some common functions provided in each log. For example, after selecting one of the log
records, right click to select Print, Print Preview, Export, Delete, and Property.
Common Log Function
Print / Print
Preview
Print can be taken of every page log or can be reviewed to preview the output
before printing.
Export
Export the current or selected page logs to HTML / CSV / XLS format. There are
two options: Records of Current Page and All Matched Records
Delete
Right click to select Delete from the log to delete the target log. There are three
options: Selected Records, Records of Current Page and All Matched Records
Property
Double click the selected log to view the details of the log
Startup / Shutdown
Login / Logoff
Dialup
Every time when the user dialup, the corresponding action will be logged
Patches
Deployment
Input specified date, time and range to filter the search result
Type
By default it is set to All. The specified types can also be selected such as
startup/shutdown, login/logoff, Dialup, Patch or Deployment
Description
Input any content to query the target log, and it also supports wildcard input
Application Log
To view the application logs Go to LogApplications. Administrator can view all applications
event such as start, stop, window change, and title change login, and logoff event.
Log Types
Start / Stop
Windows Changes
When user changes the application, system records the windows changes log
Title Changes
When user uses an application, it may have different windows or titles such as
browser
NOTE
Window / Title changes are not logged by default; the settings can be changed through Basic
PolicyEvent Log to record window and title changes.
Administrator can input time and range, type in path or window title, and enter specific application or
application class to filter the search result. Input string supports wildcard character.
Search Conditions
Path / Title
Application
Input the application name directly or specify the application class for part of
query conditions
1.
2.
Application Logs
Path
The details of file operation path. When user copies, moves, rename the file, the details
of source and destination of the file path are also displayed.
Disk Type
Specifies the location of the document which may be on the fixed disk, network drive,
removable storage or CD-ROM. When user copies, moves, rename the file, the details of
source and destination of the disk types are also displayed.
Application
Caption
Search Conditions
Time and Range
Input specified date, time and range to filter the search result
Operating Type
By default, it is set to All. Specified type can be selected from the drop-down menu
which consists of Create, Copy, Move, Rename, Restore, Delete, Access, Modify and
Upload/Send
Drive
By default, it is set to All. Specified drive can be selected from the drop-down menu
which includes Fixed, Floppy, CDROM, Removable
Filename
Size
Application
Input the application name directly or specify the application class for part of query
conditions
1.
System administrator can input the application name directly e.g. qq.exe or
*game*.exe
2.
Check this option to query the document log with backup only
Source Filename
Path
Input specified date, time and range to filter the search result
Operating Type
By default, it is set to All. Specified type can be selected from the drop-down
menu which includes Create, Rename, Delete and Modify
Name
Remote IP / Name
Printing Log
To view the printing logs, go to LogPrinting and administrator can view the printing log of the
agent including usage of local printer, shared printer, network printer, and virtual printer.
Log Contents
The printing log content includes Printer Type, Time, Computer, User, Printing Task, Printer Name, Pages,
Caption and Application
Printing Task
Printer Name
Pages
Caption
Application
Administrator can input time and range, printer type, printer name, computer name, printing task title,
page size range, and application to print to filter the search result. Input string supports wildcard
character.
Search Conditions
Time and Range
Input specified date, time and range to filter the search result
Printer Type
By default, it is set to All. Specified printer type can be selected from the drop-down
menu which includes Local, Shared, Network and Virtual printers
Printer
Specify the printer and filter the query to get the statistics to know the printer usage
Computer
Task
Pages
Specify the pages to filter the query to monitor the printer usage
Application
Input the application name directly or specify the application class for part of query
conditions
3.
System administrator can input the application name directly e.g. qq.exe or
*game*.exe
4.
Printing Log
Removable-storage Log
Select LogRemovable-storage to view the log of all agent computers removable storage plug-in
and plug-off actions.
Log Contents
The removable-storage log content includes Type, Time, Computer, User, Disk Type, Volume ID, Description
and Volume Label.
Volume ID
The volume ID is a unique ID of every removable-storage device. This data can also be
found in Removable-storage class.
Description
Volume Label
Input specified date, time and range to filter the search result
Removable Storage
Specify the removable-storage class for part of query conditions. Select the button
to specify the application class
Operation Type
By default, it is set to All. Specified removable-storage type can be selected from the
drop-down menu which includes Plug-in and Plug-out actions
Log Contents
The asset log contents include Operating Type, Time, Computer, Type and Description
Operating Type
Type
Description
Input specified date, time and range to filter the search result
Type
By default, it is set to All. Specified removable-storage type can be selected from the
drop-down menu which includes Hardware Changes and Software Changes
Operation Type
By default, it is set to All. Specified removable-storage type can be selected from the
drop-down menu including Add, Delete or Change functionalities
Description
Specify the asset description to filter the query. Supports wildcard input.
Policy Log
Select LogPolicies and administrator can view the entire log triggered by policy settings.
Log Contents
The policy log content includes Alert Level, Time, Computer, User, Policy and Description
Alert Level
There are three alert levels: Low, Important and Critical. The alert level settings can be
done in each policy
Policy
Description
Administrator can input time and range, lowest alert level, policy type, and content to filter the
search result. Input string supports wildcard character.
Search Conditions
Time and Range
Input specified date, time and range to filter the search result
By default, it is set to All. Specified alert level can be selected from the drop-down
menu including Low, Important and Critical alert
Policy Type
By default, it is set to All. Specified policy type can be selected from the drop-down
menu
Content
Specify the policy description to filter the query. Supports wildcard input.
System Log
Select LogSystem and administrator can view the server start and stop status, illegal intrusion,
and agent connection errors.
Administrator can input time and range and content to filter the search result. Input string supports
wildcard character.
NOTE
If any of the agents cannot connect to Endpoint Data Protection server, System administrator can check
the System log to find out the reasons.
System Logs
Chapter 5
Policy
Policy Introduction
Administrator can limit the use of computer and network resource on agent computer by setting
policies to control staffs computer usage and improve productivity.
Common Policy Properties
Name
Time
This is time range that the policy is effective. It can be self-defined time type.
Time types are set in ToolsTime Types. If no suitable time type is
available, select Custom and set the time range from the popup time matrix.
Mode
There are some modes which can be selected to be executed: Block, Allow,
Inaction and Ignore.
Allow: Allows to perform an operation. According to the hierarchy (user
policy has higher priority than computer policy; self policy has higher priority
than group priority; policy on top has higher priority than the policy below).
When a policy is found in higher priority, it will be executed and the policies
in lower priority will be ignored.
Block: Block an operation. According to the hierarchy, policy in higher
priority is executed and the policies below it are ignored.
Inaction: Neither allows or block an operation, but it can trigger events such
as warning or alert. According to the policy matching principal, once the
current Inaction policy is completed, the following policies will not be
executed.
For example, the first policy is setting the mode for USB device as Inaction
and the second policy is prohibiting USB device. When USB device is
plugged in, the first policy matched. Since the mode is Inaction, it will not be
blocked but the following second policy will not be matched.
Ignore: Neither allows or block an operation, but it can still trigger events
such as warning or alert. According to the policy matching principle, system
continues to search the following related policies.
For example, the first policy is setting all *.doc with Ignore mode and alert;
the second policy is prohibiting copy *.doc files. When accessing the doc
files, the first policy matched (i.e. alert popup) and then the following second
policy will also be matched too (i.e. determine the accessing action is copy
or not. If it is copy, action is prohibited.)
Action
While the policy is in execution, there are 3 types of actions which are also
taking place: alert, warning, and lock computer.
By default, the expiry date is set to Always. In other words, the policy is
always active, and never gets expired.
button to set
A policy will always be effective before its expiry date. Click
the expiry date. In the Setting windows, check the Apply and input the expiry
time. The system does not allow user to set expire date earlier than the
current date. If the policy is expired, the fonts in the policy will be displayed
in dark grey and the Expiring Time will be displayed in red.
Only
Offline
Basic Policy
By Using Basic policy, administrator can regulate the computer operation rights, and can also
restrict the end users by not allowing them to change the system settings, thereby preventing
malicious activity and strengthening the security.
To make the Basic policy work is to amend the system registry. Basic policy and Device policy are
different from other policies. They are state keeping policy, not a real-time invoked policy.
Basic policy supports: Control Panel, Computers Management, System, Network, IP/MAC Binding
and ActiveX controls
Control Panel
Control Panel
Add printers
Delete printers
Computers Management
Device Manager
Disk Management
Service Management
Other computer
Managements
Restrict user to use: Event Viewer, Performance Logs and Alerts and
Shared Folders located in Computer Management
Regedit
CMD
Restrict user to use CMD. For Windows 98, it is command, and for
others it is cmd
Run in registry
If the mode is block for this option, the process under Run will not run
when the OS starts up. Log off or restart is required for
effectiveness.
RunOnce in registry
RunOnce means that the process only run once when OS starts up,
and it will not run again in the next startup. If the mode is block for this
option, the process under RunOnce will not run. Log off or restart is
required for effectiveness.
Network
Modify Network Property
Restrict user to modify the network property. The button Properties will be
disabled in the LAN Status windows
If the mode is block, My Network Places will be hidden. Log off or restart
is required for effectiveness
Default Netshare
Netshare
Add Netshare
IP/MAC Binding
Change IP/MAC Property
1. Use this option to prohibit user to change the IP settings. Once the
prohibited policy is set, the current settings of IP/MAC are saved.
If any changes found, it will be resumed to reserved IP/MAC
settings.
2. If IP is required to change, the prohibited policy should be deleted
first
ActiveX
Chart ActiveX
Media ActiveX
Game ActiveX
Some online games may require installation of ActiveX. Prohibit this option
to stop user from playing online game
Flash ActiveX
This ActiveX is required for playing FLASH. Prohibit this option so that the
FLASH file cannot be played properly
Others
System Restore
Basic Policy
CDROM
Burning Device
The burning disks action, but the device still can read
Tape
Moveable Device
Includes USB Flash drive, removable drive, memory stick, smart card, MO
and ZIP drive control
But does not include the devices with IDE, SCSI and SATA interface
Communication Device
COM
LTP
USB Controller
SCSI Controller
1394 Controller
Infrared
Bluetooth
MODEM
Direct Lines
Direct connection control between two computers using USB cable , COM
port or Serial cables
Dial
Dial-up Connection
USB Device
USB Keyboard
USB Mouse
USB Modem
USB CDROM
USB Storage
Network Devices
Wireless LAN Adapter
Others
Audio
Virtual CDROM
Any new devices plugged-in. If the mode is block, all new devices cannot
be used
Device Policy
Application Policy
Many Enterprises prohibit their staff to install their own application software such as BT, chatting
and online games software. Application policy control can limit the use of unwanted applications.
To add a policy, by default, the application is <All>. There are two methods to specify the
application:
Application Policy
1.
For e.g. thunder.exe. If the user changes the application name to thunder123.exe the policy is not
effective anymore because the input only matched with a string. To avoid this problem, use the
following method 2.
2.
Caution:
Application Policy Warning
Prohibiting all applications will cause many processes to be terminated immediately once the policy is applied.
Warning message will be given before blocking all applications.
Logging Policy
By default, system has a preset policy to log all logs except Windows Title. Depending on different
Enterprises requirements, System administrator can add a policy to uncheck some logs that are not
required to monitor.
Policy Properties:
Mode
Startup/Shutdown
Login/Logoff
Dial
Policy Control
Hardware Changes
Software Changes
Application
Visible
Window
Application
Window Title Change
Application
Document
Disk Type
File Name
Application
Printing
Printer Type
Application
Shared Files
File Name
IP Range
Mail
Sender
Recipients
Mail Size
(>=KB)
Not Record
Attachment
Instant Message
Application Statistics
Web Statistics
Alert Policy
Alert policy is used to monitor the changes from hardware, software and other system settings, and
if any changes are made in the system, it will give alert to System administrator in real time. This
facilities the System administrator to understand the real time situation of each computer in the
network and make appropriate measures to increase the maintainability.
Alert Policy includes the following alert function: Hardware change, Plug in, Plug off, Plug in Storage
Device, Plug off storage Device, Plug in communication device, Plug off communication device,
Software changes, System service change, Startup change, System time change, Computer name
change and Network configuration change.
Policy Properties
Hardware change
Plug in
Plug off
Software changes
Mail Policy
Mail policy is used to prevent Enterprise internal information/data leakage in the course of sending
email.
Mail policy is used to control outgoing email but cannot control incoming email. Also, Endpoint Data
Protection cannot control webmail and Lotus emails whatever is incoming or outgoing.
Note*- The mail policy is only effective for computer (group) but not user (group)
Policy Properties
Sender
Controls the sender email address. Supports wildcard and multiple inputs,
use , and ; as separators
Recipients
Subject
Has attachments
Attachment
Controls the email with specified attachment name. Input rules are same as
Sender
Mail size
(>=)
IM File Policy
IM Policy is used to control the communications using IM tools and monitor/control all outgoing files
sent through the IM tools to prevent information leakage through the IM channels.
The following IM tools are supported to limit the outgoing files sent through IM tools: QQ, MSN,
SKYPE, TM, UC, RTX, Yahoo!, POPO, ALI, ICQ etc.
Policy Properties:
File Name
Only enabled under the block mode. Used to limit the outgoing file size.
Input range: 0 100000 (KB)
Backup
If checked, all outgoing files will be backup. The backup files can be
retrieved from Event log Document, check the option has Backup and
select the operating type as Upload/Send for faster searching
Minimum Size
(>=KB)
Maximum Size
(<=KB)
If Backup is checked, the file size can specify to decide the file will be
backed up or not. If it is out of the specified range, the file will not be
backed up
IM Policy Properties
Read
Modify
Delete
Disk Type
File Name
Caution:
Printing Policy
Printing policy is used to control the use of different kinds of printers such as local, shared, network
and virtual printers to prevent the information leakage.
Policy Properties:
Printer Type
4 kinds of printer types: Local, Shared, Network and Virtual Printer (e.g. PDF
creator)
Printer
description
Set the printer name. System administrator can specify the internal network
printers e.g. \\server\* represents all printers in \\server
Application
Removable-Storage Policy
To prevent information leakage through removable devices, System administrator can apply
removable-storage policy to assign different rights to removable storages. Also, the files can be
encrypted when writing to the removable storages. Only authorized computer agents can decrypt
the files.
To manage specified removable storages, go to Tools Classes Management
Removable-Storage to see how to customize the Removable-storage classes
Policy Properties:
- Free to read any files from removable storages
- The following 3 options (i.e. Decrypt when reading, Write and
Encrypt when writing) are enabled when this is checked
Read
Write
Removable Storage
Chapter 6
Monitoring
Instant Message Monitoring
System administrators are able to monitor Instant Message history of Agent computers by selecting
MonitoringInstant Message. Supported instant message tools include: Tencent QQ, TM, MSN
Messenger, ICQ (Does not support web-based ICQ yet), Yahoo! Messenger, Sina UC, 163 POPO
(outgoing message only), Skype (support both since v3.0.2108), Tencent RTX, Lotus Sametime,
and Alibaba AtiTalk.
Instant Message
The Instant Message log includes: IM tools, Computer, Local user, Contact User, Begin Time, End
Time, no. of Statement and the Instant Message contents
IM Tool
Computer
Local User
Contact User
Begin Time
End Time
Statement
IM Content
Save IM Contents
To save the IM contents, select the desired records (press Ctrl for multiple selections) and then right
click to select Save As HTML File to save the IM contents in htm or html format. If multiple records
are selected, each one will be saved in individual file.
Search conditions
Tool
User ID or
Nickname
Query the IM contents with specified local user ID (or nickname) or another
partys account ID (or nickname)
Content
Query the IM contents with specified keywords e.g. *mail* The input
contents will be highlight with red color in the results
IM Search Conditions
Email Monitoring
Email contents can be logged from every agent. Support email types: Normal mail, Exchange mail,
Web mail and Lotus mail. Note that only normal and Exchange mail types can log all incoming and
outgoing emails whereas web mail and Lotus mail types can only log the outgoing mail.
Mail Monitoring
Subject
Subject of email
Sender
Recipient
Recipients email address including CC and BCC email address. The details
can be reviewed in the property windows
Attachment
Size
represents the mail has attachment. By default, system will backup all
email attachments (System administrator can add a Logging policy to not
button
backup the attachment.For more details refer Section 6.7). Click
to retrieve the attachments.
Email size
Content
Select one of the email first,and the details will be showed at the bottom part.
Save emails
To save the email contents, select the desired records (press Ctrl for multiple selections) and then
right click to select Save As EML File to save the email contents in eml format. If multiple records
are selected, each one will be saved in individual file.
Search Conditions
Type
Send/Receive
By default, it is set to All. You can either query send or receive only
Email address
Subject
Query email with specified keywords input about the email subject
Content
Query the email contents with specified the keywords input e.g. *mail*
The input contents will be highlight with red color in the results
Attachment
Attachment name:
Size
Chapter 7
Assets Management
Assets Management
Assets Management collects all agent computers software and hardware information to facilitate
enterprise to manage, audit and maintain their computer assets efficiently.
Select AssetsAssets to open the assets management window. The window includes Title bar,
Menu bar, Toolbar, Navigation bar, Data panel and status bar.
Asset Management
Instance
Instance of asset class. For each memory it has attributes such as Device Locator,
Capacity and Type etc.
- If the object is either Hardware or Software, both could have Classific and Instance Properties.
- All custom assets have only Instance properties.
Assets Property
Select CPU in the asset tree in the left panel, then select OperationNew Property or click
the button
2.
to add property.
In the Asset Property window, check the Instance Property option, input Repair date in
Asset Property field and select Date in the Value Type field. Click OK to confirm.
Asset Property
After the Instance Property is added, the property is showed with * symbol and represents that it is a
custom property. All custom properties can be renamed by (OperateRename) or deleted by
(OperateDelete) but the default properties cannot be renamed or deleted.
Asset Properties
Custom Asset
System administrator can customize asset to create a database to save all other assets information.
How to add a custom asset?
E.g. Suppose Office has 3 printers. Then System administrator can add a custom asset called
Printer.
1.
Select OperateNew Asset to input Printer and then also add the corresponding Instance
properties such as Model, Department, Buy Date, Price, Warranty etc.
Custom Asset
For all custom assets, System administrator required to add the property value manually.
Hardware Query
Select AssetsHardware to check all hardware assets of agent computers or input conditions to
filter the query results.
Query Asset Information
By default, all agent computers CPU, Memory, Disk Drive and Network Adapter are listed. Double
click one of the computers in the list to view the details of individual agent.
By default it shows the hardware information in the individual Asset Information windows.. Select
ShowAll or ShowSoftware to view other assets information.
In the asset property, the default property is Brief. This information focuses on the asset Instance
property. While in all classific property, the default property is Summary which shows the summary
of all instances.
NOTE
When viewing the asset information, the custom asset value can be added directly. Select
OperationNew Property to open the Asset Property window and to add the asset property values.
Query Conditions
Click the button
to open the Query Conditions windows. System administrator can set one or
more query conditions to filter the results.
Range
button to specify
By default, it is set to {The Whole Network}. Select
the target group
Clicking this button the Condition windows get opened. Each condition
includes: asset properties and logic e.g. Memory-Number == 2 or CPU-Name
include AMD
Delete existing conditions
View and edit existing condition
Query Conditions
Caution
Query conditions of Instance Property and Classific Property
If a condition includes asset As Instance property first, the following conditions cannot include another
Asset Bs Instance properties (all other Instance properties will be hidden automatically). In this case
only classific property conditions can be added for the following input conditions.
Result List
Hardware Assets
Caution
Add the custom properties
The result list must include CPU-Repair date; also any one of the CPU instance properties must be
included. Otherwise, the property value may not be added. The reason is that CPU-Repair date belongs
to the Instance property, and we cannot add the same value for all instance properties for a computer.
Hardware Change
Hardware Change logs all hardware changes made from agent computers including add, delete
and change. Select AssetsHardware Changes to view the hardware changes log.
Hardware Change Contents
The content includes: Type, Time, Computer, Asset and Description
Type of asset change: Add, Delete or Change
Type
Asset classes such as CDROM, CPU BIOS etc.
Asset
Description More detailed information about the asset is shown in this column
Hardware Change Contents
Hardware Change
Query Conditions
Go to FileNew Query to open the search panel, and System administrator can set different
conditions to filter.
Time &
Range
Asset Type
By default, it is set to All. Select Asset Type from the drop-down menu to
specify the type to filter the query result.
Content
Software Query
Select AssetSoftware to switch to the software asset. By default, the query is Computer and
Operating System. System administrator can set other query condition to query the required results.
The software query method is similar to Hardware Query.
Software Change
Software Change logs all software changes made by agent computers including add, delete and
change. Select AssetSoftware Change to check all software change logs.
The software change log content includes: Type, Time, Computer, Asset and Description which are
similar to Hardware Change.
Query Conditions
Time &
Range
Asset Type
By default, it is set to All. Select Asset Type from the drop-down menu
to specify the type to filter the query result. It includes Operating
System, Application, Antivirus, Windows and Patches of Microsoft
Products.
Content
Other Assets
System administrators are required to key in the asset property values after completing the custom
asset management.
to enter the propertys value one by one to record the Printer information.
Patches Management
Patch Management function scans patch status of all agent computers and based on the agent
computer requirements it installs patches automatically and manually to enhance the security.
NOTE
Combine the use of CTRL and SHIFT keys to set the download policies for multiple patches or computers.
Control functions
System administrator can set the order of download scanning file or patches in the Console
Download Scanning
File
Scan Now
If only one agent computer needs to scan the patch, right click the
computer and select Scan for system patches, then only the
specified computer will be scanned.
Computer Range
Patch Mode
Patch Log Contents
Under Patch mode, all patches scanned from agent computers will be listed including
Ordinal, Severity Rating, Bulletin ID, Patch ID, Name, Not Installed, Auto downloading
and Download State
Severity Rating
Bulletin ID
Patch ID
Patch ID
Name
Not Installed
Auto
downloading
Download State
Detailed
Information
Options - Patches
Computer Mode
Computer Mode Contents
Under computer mode check all agent computers information and patches installation
situation including Computer, IP address, Operating System, Last Scanned Time and
Auto installing
Agent Computer belonging to group and computer Name
Computer
IP address
OS
Last Scanned
Time
Auto Installing
Vulnerability Check
Vulnerability check function automatically scans the internal network computers and process
analysis to help System administrator to check and trace the vulnerability problems. Follow the
resulting suggestion to take timely response measures to enhance the security of all internal
computers.
Under Asset Management, select VulnerabilitiesSystem Vulnerabilities or Computer Mode.
to execute the vulnerability scanning immediately.
Click the vulnerability management button
Click the computer button to view a computer group or individual computer vulnerability information.
Vulnerability Mode
Under vulnerability mode (VulnerabilitiesSystem Vulnerabilities) can check the list of
vulnerability information of corresponding agent computers. The list includes the following
information: Ordinal, Severity Rating, Name, Vulnerability, Pass and other detailed information.
Severity Rating
Name
Vulnerability
Pass
Other detailed
information
Computer Mode
Under VulnerabilitiesComputer mode administrator can view and check the agent computer
information and corresponding vulnerability information including Computer, IP Address, OS, Last
Scanning Time and Auto Installing. Double click any vulnerability from the list to see the details and
find out the suggested solutions.
Software Deployment
System administrator can install software, run an application, and deploy files to agent through
Endpoint Data Protection console. Software can be installed to the agent by simply creating a
deploy task. System administrator can view the deployment status from the console. With the
software deployment function, System administrator also can organize and deploy software to the
networked agent computers more efficiently and consistently.
Select AssetsDeployment for software deployment. Deployment is divided into two stEndpoint
Data Protection: packages creation and tasks creation.
Deploy Package
Package Deployment
System administrator requires creating a deployment package first. Deployment package includes
required deployment conditions which can be saved in server and used repeatedly.
to create a new package or right click deploy package list to create a new
Click the new button
one. The deployment conditions include: General conditions, File Conditions, Checkup
conditions and Necessary conditions.
General Conditions Settings
Input basic information: package name, operating system, and language
By default, it is set as New Package. System administrator
Name
can rename it but cannot be empty.
Created and Modified
Time
Operating System
Language
Deploy Mode
Install
Execute
(once)
Deploy
File
Run Mode
There are three modes: Install, Execute (once) and Deploy File
Distribute application software installation program to agents and
process installation.
Execute the distributed program once only in agent side.
Deploy file(s) to agent, the default destination path is {sd}\deploy files,
and it can be changed manually.
Notes that {sd} means System Drive. If OS is located in D:\windows, it is
D: For more details please refer to the following table 9.19.
Run mode means there are some interactions required between the
Necessary
conditions
NOTE
The followings are the system default shortcut using in condition input:
tmp
win
sys
pf
sd
cf
View
Delete package. Only the package with the status can be deleted
Edit packet. Only the package with status can be edited
The basic information includes: Name, Modified, Editor, Size and Status.
Double click to see the details
Other Operations
Make sure all files and folders for the installation package are located in the same folder and
select the required files at once. It is considered as a new file list and replaces the existing on
every click of
.
When deploy mode is install or execute (once) select the main file in command line. When deploy
mode is deploy files, select the destination path for the files to deploy to.
The default run mode is to run on users desktop which will interact with users during the
installation process. User will not be able to see the installation process if this option is
unchecked.
Task Distribution
Except to create distribution packet, tasks distribution is also required to create to specify target
agent computers. Click the button
to create a task.
Task distribution settings include: Task Name, Package Name, Max Retry and Target computers.
Task Name
Package
Name
Max Retry
Target
By default, it is set to New Task. System administrator can edit the name
but it cannot be empty
to select the required package which administrator
Click the button
created in package part
The task will retry if it is failed. By default, it is set to 10. If 0 is input, it
means unlimited retry
Click the button
Task Distribution
Clicking OK will start the deploy task immediately. Select the task to view the task status. Task
cannot be deleted during deployment. User can right click on the task and select stop to stop the
task. Right click on a computer and select Cancel to cancel the task on the computer.
Delete task distribution. Task cannot be deleted during deployment. User can right
click on the task and select stop to stop the task. And can then delete the task.
Edit task distribution. Task cannot be edited during deployment. User can right click
on the task and select stop to stop the task. And can then edit the task.
Task Distribution Operations
Deploy Task
Chapter 8
Encrypted Disk (Endpoint Security Module)
By default, the type of all removable storages used in company is unclassified. System administrator
can format non-encrypted disks into encrypted disks through the Removable-Storage windows.
Encrypted disks only can be used in computers with agents installed; therefore it blocks the virus from
entering the LAN through removable storages.
Disk Encryption
Firstly, plug in removable disks which are needed to be encrypted. Secondly, go to Tools Classes
Management Removable-storage to open the Removable-storage Classes windows. Then select
Operation Local removable storage to open Local removable storage disk information windows to
see the connecting devices information.
1. If the icon is
, it represents that the removable storage is not saved in the
removable-storage database.
2.
Click this button to confirm and save the removable-storage information. System
administrator can classify disk, add notes, format and encrypt disk while saving.
5. Click this button to format and encrypt the selected disk. Once the selected disk is formatted
and encrypted, all saved information will be deleted and the disk can only be used in those
computers with agents installed.
Caution
1. Encryption function is only valid for users who registered Endpoint Data Protection with
register IDs. Otherwise, this button is gray and disable.
2. If the disk is successfully encrypted, the icon will be
saved. If saved, the icon will be .
2. Plug in any encrypted disks. Then select Operation Local Removable-storage to open
Local removable storage disk information window to see the connecting devices
information. Administrator can format any encrypted disks into non-encrypted disks.
Select an encrypted disk and this button will light up. Click it to format the encrypted disk
into a non-encrypted disk. Once succeeded, the disk icon will be
and its volume ID will be
changed too.
4.
For console computers, encrypted disks can be plugged out safely on the Local
removable storage disk information windows of Endpoint Data Protection console rather
than on the System Tray of Windows.
For agent computers, encrypted disks only can be safely plugged out by this way: Go to My
Computer and right click the encrypted disk to select Eject.
Removable-storage Information
By default, there are two types of removable storage: Encrypted Disk and Non-Encrypted Disk. If
the Disk Type is empty, it represent that the connecting device is non-encrypted.
Account Management
Select from menu bar, Tools Accounts(M),.Select an account on the left pane of Accounts
Management interface, then select Authorities tab to view Manage Encrypted disk and Format
as Encrypt disk options.
Manage Encrypt disk: Limit the operation rights on Managing Encrypt Disk, and it is used in class
management.
Format as Encrypt disk: Format encrypted disks into non-encrypted disks or format non-encrypted
disks into encrypted disks.
Admin account is a super administrator which has the highest rights to use all functions while other
accounts do not have the permission to use these two functions unless they are granted.
Removable-Storage Log
Select Log Removable-storage to view the log of plug-in and plug-out actions of all removable
storages in agent computers. If the Disk Type is empty it represents the removable storage type is
non-encrypted disk.
Removable-Storage Policy
System administrator can apply removable-storage policy to assign different rights to removable
storages, as shown in the following illustration:
By Default, Encrypted Disk Type is All including two types: Encrypted Disk and Non-encrypted
Disk. Select Encrypted Disk in the drop-down list box which indicates that this policy is only
effective for encrypted disks.
System administrator can limit the operation authorities of specified removable storage by checking
the checkboxes of Read, Decrypt when Reading, Write, and Encrypt when Writing. For details,
please refer to Removable-Storage Policy. The use of encrypted disks is the same as
non-encrypted disks.
Chapter 9
Database Backup & Data Recovery
The difference between Main Backup and Data Backup are: The Main Backup can be used to
recover the Endpoint Data Protection server in case of Database crashed or other accidents that
caused the server to not work properly or complete migration. We strongly recommend to do
complete full backup once after the server is in production stage since all computer and user
groupings, classes management, policy settings etc. are settled.
The meaning of Data Backup is to backup the data such as document, mail, printing and key data.
We strongly recommend System administrator backup data regularly to prevent the hard
disk storage getting full. However, only backup data cannot help for server migration or recovery.
Database Backup
Backup Main Database
In order to prevent Database file crashed or other accidents that made the server to not work
properly, we strongly recommend System Administrator to fully backup the database regularly.
How to perform the Database Backup
Stop the Endpoint Data Protection server first and related services (OCULAR V3 SERVER and
OCULAR V3 UPDATE) in System Services.
NOTE
SQL Server Management Studio is not available with MSDE.
For Further Details, Download the below link:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C243A5AE-4BD1-4E3D-94B8-5A0F62BF
7796&displaylang=en
In the Object Explorer, expend the Databases. You can see a Database called OCULAR3
Right click the Database OCULAR3. Then select Tasks Back Up to backup the database.
In the Back Up Database OCULAR3 window, add a destination path with backup file
name e.g. Endpoint Data Protection_full_backup.bak. Click the button OK to confirm.
Backup Database
Right click the Database OCULAR3. Then select Tasks Detach to detach the database.
Detach Database
After detaching the database successfully, System administrator can backup the following files
and save into the backup folder:
File
Extension
*.MDF &
*.NDF
*.INI
*.DAT
Files
Backup all *.mdf and *.ndf files such as:
OCULAR3_Data.mdf, OCULAR3_Log.LDF,
OCULAR3_SCREEN_Data.NDF, OCULAR3_MAIL_Data.NDF,
OCULAR3_DOC_Data.NDF
Backup all *.ini files such as:
Update.ini, OServer3.ini, AssetQuery.ini
Backup all *.dat files such as:
Unins000.dat
Backup Main Files
The database OCULAR has to be attached again after the backup completed in SQL Server
Studio Management:
Attach Database
Backup Other Data
Another data such as emails, and documents can backup easily. System administrators just need to
copy those folders to desired backup storage device.
Chapter 10
Tools
Account Management
Admin account is a super administrator which has the highest rights to use all functions. Using
admin login account he can create other user accounts to access Endpoint Data Protection with
different access rights.
Select from menu bar, ToolsAccounts, and System administrator can view the existing users or
create new users.
Account Management
Create user account, also can input the Description
Delete user account. Notes that Admin account cannot be deleted
Accounts Management has 4 settings including General, Authorities, Computer Groups and
User Groups
General
Authorities
Computer Groups/User
Groups
Control
Statistic
Log
Policy
Monitoring
Assets Management
Patches
Vulnerability
Deployment
Class
Delete
Backup
Setting
Generate agents confirmed
code
Manage Encrypt Disk
Format as Encrypt Disk
Computer Management
To facilitate System administrator to mange installed agents and query the licenses information
easily, System administrator can use the Computer Management Console (Tools Computers) to
check out the information. The list contains the following information: Name, Computer, Agent ID, IP
Address, MAC Address, Group of Agent, First Appeared Time, Last Appeared Time, Agent Installed
Version Number and Agent Installation Date
Computers Management
List of Computer Information:
Represents a license is granted to the agent.
If this icon does not appear in the highlighted agent, it means that the
licenses range is over. No more available license can be granted to that
agent.
The name of agent displayed in the Console
The computer name of agent
Agent ID generated by Endpoint Data Protection Server
Agents IP address
Agents MAC address
Agents belonging to group
Name
Computer
ID
IP Address
MAC Address
Group of
Agent
The first appeared time of the agent
First
Appeared
The last appeared time of the agent
Last
Appeared
Agents current installed version
Version
Agents installation date
Install Date
Computer Management List of Computer Information
By IP address
By First
Appeared
By Last
Appeared
By Agent ID
By Name
Operations
Delete
Uninstall
After the above action is selected, click OK to confirm the action. Otherwise, if only Delete or
Uninstall button is clicked no action would take place unless the OK button is clicked.
Alert Message
Select from ToolsAlert, and all real-time invoked policies alert messages are logged in the popup
windows. When some agents invoked some policies and if popup alert bubble is checked in
ToolsOptions,,the alert bubble will popup in the right-bottom corner. Click the alert bubble to see
the details of alert message.
In the alert message windows, the maximum display records are 500. This setting can be set from
ToolsOptionsConsole SettingsAlertAlert Dialog to change the maximum display
records.
Notice that when Console is closed or re-login, these messages will be cleared. To review the
history, go to LogPolicy Logs.
Classes Management
System administrator can set different classes including Application Class, Web Class,
Removable-storage Class, Time Type Class, Network IP Address Class and Network IP Port Class
to facilitate the query, statistics and policy settings.
Application Class
Go to ToolsClasses ManagementApplications to open the Application Classes windows. By
default, there are two classes: Unclassified and Windows Application
Unclassified
Windows
Application
Application Classes
System administrator can create different classes and classify the applications from Unclassified
into customized classes.
New
Move to
Search
Caution:
About Unclassified and Windows Applications classes
Unclassified and Windows Applications classes cannot be deleted and sub-classes can be created.
Removable-storage Class
Go to ToolsClasses ManagementRemovable-storage to open the Removable-storage
Classes windows. By default, there is a class called Unclassified, and System administrator is
required to create classes manually.
There are two methods to gather the Removable-storage information:
1. From Agent
2. From
Console
Server Management
Select ToolsServer Management. System administrator can check the server information using
Console including: Basic Information, Database file, Directory and Disk Space.
Server Management
Basic Information
Startup Time
Running
Communication
Database File
Directory
Disk Space
Server Management
Agent Tools
Confirm-code Generator
In case of any emergency when the agent cannot communicate with server.
Scenario: no Internet connection
Some strict policies such as cannot decrypt presentation PowerPoint or prohibit using USB devices
are still running. In this case, how the System administrator help to release policies or uninstall
agent from the client computer is using Confirm-code generator. The following are the procedures to
release all policies or uninstall agent under approval.
On the agent machine, click StartRun and type agt3tool to open the agent tool.
Agent Tool
Select Clear all policies and then click the Generate button
A window Check confirm code will popup, and the agent user is required to report the
Operate Code to System administrator
Confirm-Code Generator
System administrator is required to click Generate button to get the code generated by system
System administrator tells the generated confirm code to agent user and ask him/her to input
the confirm code.
Options
Select ToolsOptions, and System administrator can check or amend existing Console and Server
settings. The following tables show all default values
Server Options
Console Settings
Log
The max records shown in logs on each page is set to 20
Option for user to quit console program or minimize windows
to system tray area
Search logs
Quick
Settings
Information
Monitor
Maintenance
Remote control
Alert
Alert Dialog
Settings
Server Settings
Patch
Default
Settings
Data-Removal
Range
Connection
Directory
Performance
Error-Report
Chapter 11
Audit Console
Logon to Audit Console
Audit Console major audits all Endpoint Data Protection Console. System Administrators/Users logs
all operations done by them in the Console such as Account Login/Logoff; when they
create/modify/delete policies etc. operations. The Audit administrator can easily view that
information in the Audit Console.
How to logon to Audit Console
1. Open the Endpoint Data Protection Console from Start All Programs Cyberoam Endpoint
Data Protection Suite Cyberoam DPMS Console.
2. Logon into audit console using audit as logon name. By default, the password is blank.
The administrator panel lists all administrators, Endpoint Data Protection Console users, and the
corresponding operation logs displayed in the data panel once the user selected from the
administrator panel.
Endpoint Data Protection Audit Console provides print and export functions to reserve the useful
logs, and also provide delete function to delete the audit data
Print / Print
Preview
Export
Delete
Select from File Print / Print Preview to print the current log page
Select from File Export to export the audit log or right click from the
Data Panel to select Export 1) Records of Current Pages 2) All
Matched Records
Select from File Delete to delete the audit log or right click from the
Data Panel to select Delete 1) Selected Records 2) Records of
Current Page or 3) All Matched Records
Audit Console Common Functions
Computer
IP Address
Manager
Description
Audit Log
Audit Query
Date Range
For the designated date range, the default start time and end time are not clicked,
that is, all log data are searched and display as results. To specify the date range,
click the start time and end time:
Icon
Manager Name
Description
Descriptions
Select the date as the start time from the calendar
Select the date as the end time from the calendar
Restore to default setting
Search with specified administrator
According to the description of the audit log information to query specified logs
Audit Query