protection drivers objectives by the end of today s
play

Protection Drivers Objectives By the end of todays session we will - PDF document

Protection Drivers Objectives By the end of todays session we will 1. use File Access to restrict access to files from applications and manage any known exceptions 2. manage application access and manage any known exceptions 3. block


  1. Protection Drivers Objectives By the end of today’s session we will… 1. use File Access to restrict access to files from applications and manage any known exceptions 2. manage application access and manage any known exceptions 3. block specific applications from network access and manage any known exceptions Powered by Kaseya 1 March, 2007

  2. Locating the Protection Drivers • Click on the “ Audit” Tab at the top of the screen of the Kaseya application • Locate the “ Protection ” Category in the Function List at the left of the application Powered by Kaseya 2 March, 2007

  3. File Access File Access allows the Agent to protect any file on client machines from unauthorized access by a rogue application or user. Any application can be approved or denied access to the file. Additionally, specifying "Ask user to approve unlisted" opens a dialog box and asks the user to approve the application accessing the file. This method effectively learns which applications to approve or deny as you go. Note: You may also block operating system access to the protected file. This prevents the file from being renamed, moved, or deleted therefore completely locking down the file from tampering. • Locate the File Access link under the Protection Category of the Function List Powered by Kaseya 3 March, 2007

  4. • Select the Machine Group ID desired • Enter the file name to which you wish to restrict access • Click the Block button Powered by Kaseya 4 March, 2007

  5. • Enter the file name to which you wish to access control. In the example below, we are utilizing an imaginary file (tstblck.txt) • Enter the application(s) you wish to approve for access to this file. We want the file to be accessible by wordpad only • Click the New button • Click in the desired radio button. Decide whether you wish to ask the user or deny all unlisted • Click the Add button Note: You may also search by Machine ID to bring up all applications found on the machine since the last audit Powered by Kaseya 5 March, 2007

  6. Testing the File Access feature • Open the file with an application not on the approved list. In this example, the file tstblck.txt was blocked and we’re trying to open the file using notepad • The following pop up error message will appear Powered by Kaseya 6 March, 2007

  7. Application Blocker The Application Blocker prevents any application from running on a machine. Applications listed here are blocked when a user double clicks them or tries to run the application at all. The application can be referenced by file name and/or a portion of the full path. For example, adding an application named adaware.exe to the list prevents all occurrences of adaware.exe, on any directory or on any drive, from running. Adding myfolder\adaware.exe prevents occurrences of the application in any directory named myfolder from running. • Click on the Application Blocker link under the Protection function • Select the Machine ID you wish to affect • Enter the application you wish to block in the appropriate field • Click the Block button The application will then appear in the Application Column as indicated Powered by Kaseya 7 March, 2007

  8. Unblocking Applications Use the unblock button to remove the desired application from the “Blocked” list • Select the desired Machine Group ID • Enter the desired application in the appropriate field • Click the Unblock button Powered by Kaseya 8 March, 2007

  9. • In the Dialog box that appears, highlight the Application you wish to unblock • Click the Unblock Button Powered by Kaseya 9 March, 2007

  10. Network Access Network Protection allows you to monitor and control access on a per application and per machine basis. Use it to collect bandwidth utilization consumed by each managed machine on your network. The network access function lets you approve or deny network access on a per application basis. Use the Network Statistics report to view network bandwidth utilization versus time. Drill down and identify peak bandwidth consumers by clicking on the graph's data points. See which application and which machine use bandwidth at any point in time. Applications that do not use the Windows TCP/IP stack in the standard way may conflict with the driver used to collect information and block access (especially older legacy applications). The agent cannot monitor network statistics or block network access if this driver is disabled. The Network Access function will not work unless the driver is enabled on the machine that you are trying to manage network access on. This driver resides between the Network and OS of the machine and it should be tested before deployment on mission critical machines, such as servers . • Click the Network Access link under the Protection function • Select which machine you wish to enable the network driver on by checking the appropriate box Powered by Kaseya 10 March, 2007

  11. • To enable the driver click the Enable at next reboot button • By clicking on the Machine ID link, you will see the list of applications residing on that machine found in the latest audit • If desired, add any applications not found by the Audit in the appropriate field • Determine which Applications you wish to add to your approved list and your unapproved list • Click on the check box of the desired application Powered by Kaseya 11 March, 2007

  12. Note: Use the filters at the top of the screen to search for desired applications as shown below • After selecting the desired applications, return to the Kaseya application and select the appropriate button Powered by Kaseya 12 March, 2007

  13. Testing the Network Access • Open the blocked application and attempt to access the internet • Click Check for updates now to attempt access to the internet Powered by Kaseya 13 March, 2007

  14. • Click on the Connect button • If the Network Access was configured correctly, the Kaseya system will shut down the Adaware application Powered by Kaseya 14 March, 2007

  15. Managing Exceptions To Your List There are three choices to manage exceptions for unlisted applications • Ask User to Approve prompts the user for permission every time an unlisted application tries to access the network • Approve all unlisted automatically approves all applications NOT listed • Deny all unlisted automatically denies all applications NOT listed • Click Apply after deciding action Powered by Kaseya 15 March, 2007

  16. Testing the Managed Exceptions • If the Exceptions were configured correctly above, the following dialog box will appear and prompt for the appropriate action Powered by Kaseya 16 March, 2007

  17. Summary and Client Notes 1. File Access – Allows Agent to protect any file on client machines from unauthorized access by a rogue application or user • • • 2. Network Access - you to monitor and control access on a per application and per machine basis. Use it to collect bandwidth utilization consumed by each managed machine on your network. The network access function lets you approve or deny network access on a per application basis • • • 3. Application Blocker – prevents any application from running on a machine. Applications listed here are blocked when a user double clicks them or tries to run the application at all. • • • Powered by Kaseya 17 March, 2007

Recommend


More recommend