sophos for virtual environments configuration guide ...· sophos for virtual environments...

Download Sophos for Virtual Environments Configuration guide ...· Sophos for Virtual Environments Configuration

Post on 09-Jul-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Sophos for VirtualEnvironmentsConfiguration guide --Enterprise Console edition

    1.1Product version:

  • Contents

    1 About this guide........................................................................................................................3

    2 Configure policies.....................................................................................................................4

    2.1 Anti-virus and HIPS policy..........................................................................................4

    2.2 Updating policy.........................................................................................................10

    3 View protected guest VMs......................................................................................................11

    4 Scan guest VMs.....................................................................................................................12

    5 Find out about a threat...........................................................................................................13

    6 Clean up a threat....................................................................................................................14

    6.1 Automatic cleanup....................................................................................................14

    6.2 Manual cleanup........................................................................................................14

    7 Alerts......................................................................................................................................16

    8 Logs........................................................................................................................................17

    9 Technical support....................................................................................................................18

    10 Legal notices........................................................................................................................19

    2

  • 1 About this guideThis guide tells you how to configure Sophos for Virtual Environments.

    The guide assumes that you use Sophos Enterprise Console to manage your security software.

    Note: If you use Sophos Central, look in the Sophos Central Admin Help instead.

    3

    Configuration guide -- Enterprise Console edition

  • 2 Configure policiesYou configure Sophos for Virtual Environments by using Enterprise Console policies.

    When you put your Sophos Security VM in a Sophos Enterprise Console group, policies areapplied that protect and update the guest VMs.

    We recommend that you use the default settings, as they provide the best balance betweenprotection and system performance. However, you can change the settings in these policies:

    Anti-Virus and HIPS

    Updating

    The other Enterprise Console policies don't apply to the Security VM.

    Note: All guest VMs protected by a Security VM use the same policies as the Security VM. Toapply a different policy to some guest VMs, move them to a different Security VM in a differentEnterprise Console group. Then apply a different policy to that group. For instructions on how tomove guest VMs, see the Sophos for Virtual Environments Startup guide -- Enterprise Consoleedition.

    To view a list of all guest VMs managed by a Security VM, see View protected guest VMs (page11).

    2.1 Anti-virus and HIPS policyBy default, the Sophos Security VM:

    Scans files when they are accessed on the guest VMs.

    Blocks access to infected files.

    Cleans up detected threats automatically.

    The anti-virus and HIPS policy settings don't all apply to the Security VM. This section describeswhich scanning options apply and can be configured centrally.

    For more information about the settings, see the Sophos Enterprise Console Help.

    On-access scanning

    On-access scan settings are supported as detailed below. Behavior monitoring is not supported.

    To open the on-access scanning settings pages in Enterprise Console:

    1. In the Policies pane, double-click Anti-virus and HIPS.2. Double-click the policy you want to change.3. In the Anti-Virus and HIPS Policy dialog, look for the On-access scanning panel. Beside

    Enable on-access scanning, click Configure.

    The On-access scan settings dialog is displayed.

    4

    Sophos for Virtual Environments

  • NotesApplies to SecurityVM?

    On-access scan setting

    Scanning tab

    If one or more of the three options Read, Rename, andWriteare enabled then the Security VM will scan in allthree scenarios.

    Important: If all three options are disabled, on-accessscanning is disabled and your system is not protected.

    NoCheck files onRead/Rename/Write

    NoScan for Adware andPUAs/Suspicious files

    NoAllow access to driveswith infected boot sectors

    YesScan inside archive files(not recommended)

    .NoScan system memory

    Extensions tab

    YesScan all files (notrecommended)

    YesScan only executable andother vulnerable files

    YesAdditional file typeextensions to be scanned

    YesScan files with noextension

    YesExclude file types fromscanning

    Exclusions tabs

    To exclude a folder from scanning, you must alwaysspecify the full path to the folder, including the drive letter

    YesWindows Exclusions tab

    or network share name, for example, "C:\Tools\logs\" or"\\Server\Tools\logs\". The Security VM cannot exclude

    5

    Configuration guide -- Enterprise Console edition

  • NotesApplies to SecurityVM?

    On-access scan setting

    folders based only on their name. For example,"\Tools\logs\" won't work.

    For more information about Windows exclusions, forexample, how to use wildcards, see the Sophos EnterpriseConsole Help, in the section about configuring theanti-virus and HIPS policy.

    NoMac Exclusions tab

    NoLinux/UNIX Exclusionstab

    Cleanup tab

    The alternative actions to be applied if cleanup fails haveno effect. The Security VM will always deny access toinfected items.

    YesCleanup ofviruses/spyware

    NoCleanup of suspiciousfiles

    For more information about the settings and which settings to choose, see the Enterprise ConsoleHelp.

    Scheduled scanning

    To set up or edit a scheduled scan:

    In the Anti-Virus and HIPS Policy dialog, look for the Scheduled scanning panel.

    Click Add or Edit.

    You can also specify additional file types to be scanned or exclude items from scanning by clickingExtensions and Exclusions.

    Scheduled scan settings are supported as detailed below.

    NotesApplies to SecurityVM?

    Scheduled scan setting

    Add/Edit > Scheduled scan settings

    What to scan

    6

    Sophos for Virtual Environments

  • NotesApplies to SecurityVM?

    Scheduled scan setting

    YesLocal hard disks

    YesFloppy disk andremovable drives

    YesCD drives

    The Security VM will start the scan at the time and dayrequested. However, by default, it will scan only two guest

    YesWhen scan occurs

    VMs at a time, so as not to impact your system'sperformance. Therefore, it may take longer for thescanning of all guest VMs to complete.

    Add/Edit > Scheduled scan settings > Configure > Scanning and cleanup settings

    Scanning tab

    NoScan files for Adware andPUAs/Suspiciousfiles/Rootkits

    YesScan inside archive files

    System memory will be scanned by default.You cannotconfigure this option.

    NoScan system memory

    NoRun scan at lower priority

    Cleanup tab

    The Security VM doesn't automatically clean up floppydisk drives, CD drives or network locations.

    Actions for infected items if cleanup has not taken placehave no effect. The Security VM will always log the eventwhen cleanup has not taken place.

    YesCleanup ofviruses/spyware

    NoCleanup of adware andPUA

    NoCleanup of suspiciousfiles

    Extensions and Exclusions > Scheduled scan extensions and exclusions

    7

    Configuration guide -- Enterprise Console edition

  • NotesApplies to SecurityVM?

    Scheduled scan setting

    Extensions tab

    YesScan all files (notrecommended)

    YesScan only executable andother vulnerable files

    YesAdditional file typeextensions to be scanned

    YesScan files with noextension

    YesExclude file types fromscanning

    Exclusions tabs

    To exclude a folder from scanning, you must alwaysspecify the full path to the folder, including the drive letter

    YesWindows Exclusions tab

    or network share name, for example, "C:\Tools\logs\" or"\\Server\Tools\logs\". The Security VM cannot excludefolders based only on their name. For example,"\Tools\logs\" won't work.

    For more information about Windows exclusions, forexample, how to use wildcards, see the Enterprise ConsoleHelp.

    NoMac Exclusions tab

    NoLinux/UNIX Exclusionstab

    Sophos Live Protection

    Sophos Live Protection is supported, except for file submission.

    Web protection

    Not supported.

    8

    Sophos for Virtual Environments

  • Authorization

    Authorization, as well as detection, of adware and other potentially unwanted applications (PUAs)is not supported.

    Messaging

    Only email messaging is supported.

    2.1.1 Scanned file extensions

    Files with the following extensions are scanned by default.

    vxd pl Jpz docx 386 wbk pot js dot 3gr wma pps jse drv add wmf ppt lnk eml ani wsf pptm lsp exe asp xl? pptx

Recommended

View more >