Escan/english/escan22/eScan Management Console/Managed Computers and Escan/english/escan22/eScan Management Console/Policies/Features Help/EDRPolicy: Difference between pages

From eScan Wiki
(Difference between pages)
Jump to navigation Jump to search
imported>TechContent
No edit summary
 
imported>TechContent
No edit summary
 
Line 1: Line 1:
 
<h3 style='color:#007FFF;font-size:20.0pt;font-family:"Open Sans"'>Advance Security</h3>
 
<p style='font-size:11.0pt;font-family:"Open Sans"'>Following tabs with multiple threat protection options that are present in the EDR Policy:</p>
 
<li style='font-size:11.0pt;font-family:"Open Sans"'>Advance Threat Protection</li>
 
<li style='font-size:11.0pt;font-family:"Open Sans"'>Block Downloads from Internet</li>
<h2 style='color:#007FFF;font-size:22.0pt;font-family:"Open Sans"'><b>Update Agent</b> </h2>
<li style='font-size:11.0pt;font-family:"Open Sans"'>Archive File Protection</li>
<p style='font-size:11.0pt;font-family:"Open Sans"'>eScan lets you use a client computer as an update agent to deploy updates on group of computers. The Update Agent will receive virus definitions and policies from server and distribute it to the assigned group(s). <br>Clicking <b>Update Agent</b> displays the list of computers that are acting as Update Agents for other computers in the group. The window also lets you Add or Remove Update Agents from this list. You can set an Update Agent for multiple groups. </p>
<li style='font-size:11.0pt;font-family:"Open Sans"'>Block Files Using sha256</li>
<h3 style='color:#007FFF;font-size:20.0pt;font-family:"Open Sans"'><b>Adding an Update Agent</b> </h3>
<p style='font-size:11.0pt;font-family:"Open Sans"'>The following section will describe the tabs and options in detail.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'>To add an Update Agent, follow the steps given below:</p>
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Advance Threat Protection</b></h4>
<ol style='font-size:11.0pt;font-family:"Open Sans"'>
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block and whitelist the execution of EXE files downloaded from Internet or present in the USB. Along with its Advanced Threat Protection tab that enables to restrict the WScript and Adobe reader from the execution of child processes.</p>
<li>In Managed computers screen, click <b>Update Agent</b>. Update Agent window appears.</li>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Unsigned Exe Download from Internet</b> <br> This option blocks the execution of untrusted/unknown executable files that are downloaded from the internet.</p>
<li>Click on 3 dots next to Update Agent field, to select the computer. Select Computer widow appears.</li>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Unsigned Exe from USB</b> <br>This option blocks the execution of untrusted/unknown executable files from portable storage devices like USB drives. </p>
<li>Select a computer and click on <b>OK</b>.</li>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Unsigned Exe White list (Cloud)</b> <br>This option allows the execution of whitelisted executable files based on the eScan Cloud database. It is enabled by default. </p>
<li>Click on 3 dots next to Group Name field, to select the <b>Group Name</b>. This is the group to which the selected computer will act as an Update Agent and provide updates.
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Whitelisting for unsigned exe Downloaded From Internet/on USB</b> <br>This option allows the user to whitelist the unknown executable files. After enabling the above listed options, you can configure this option. </p><ol>
</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add an unknown executable file, enter the name of the file and click on Add. The file will be added in the list.</li>
<li>Select the Group and click on <b>OK</b>.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete an executable file, select the particular file from the list and click on Delete.</li>
<li>Click on <b>Add</b>.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the files from the list, click on Remove All.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block WScript From Running Downloaded Apps</b> <br> This option allows you to blocks the execution of any potentially malicious scripts (.js, PowerShell) that running from the downloaded apps.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Adobe Office Child Exe</b> <br> This option allows you to block the generation of any child process (VB macros, exploit code, PowerShell commands) by Adobe Reader and Office apps.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Custom Child Exe</b> <br>This option lets you to add or delete the custom child EXE.<br>After enabling this option, you can configure the following options: </p><ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom child EXE, enter the name and click on Add.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any child EXE, select the file and click on Delete.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the file at once, click on Remove All.</li></ol><br>
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Block Downloads From Internet</b></h4>
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block or restrict the internet downloaded files and files downloaded from email clients.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Internet Downloaded Files</b> <br> This option allows you to directly block the files while downloading from internet.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Exclude Email Clients</b> <br>This option allows the execution of attachment and auto-run executable files that are downloaded via email clients (Outlook, Thunderbird, and more). It is enabled by default. </p>
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Archive File Protection</b></h4>
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows or blocks the running of password-protected archive files (zip, rar, 7zip, and more).</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow All</b> <br>This option is enabled by default and allows running of all the password-protected archive files. </p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow only default archive types</b> <br> This option allows the access of only default archive types and file name with extensions that are added in the list.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken in case of password protected archive file that does not belong to default type or whitelisted file extensions. </p>
<ol>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to the archive files that are not default type or whitelisted file extensions.</li>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the archive files other than default types or whitelisted file extensions.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Add Custom Unsafe Extensions</b> <br>This option allows you to add custom unsafe archive in the list. </p>
<ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom unsafe extension, enter the extension and click on Add.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any custom extension, select the extension and click on Delete.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the extension at once, click on Remove All.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow only excluded extensions</b> <br> This option allows the access of only the archive files extensions that are added in the excluded list.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken in case of password-protected archive file that does not belong to excluded file extensions. </p>
<ol>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to the archive files that are not added in the exclusion list.</li>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the archive files that are not added in the exclusion list.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Ignore Default Extensions</b> <br>This check box will allow the access of default archive extensions by including them in the blacklist. </p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Exclusion List for Custom Extensions</b> <br>This option allows you to add custom extension file type in the list. </p>
<ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom extension, enter the extension and click on Add.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any custom extension, select the extension and click on Delete.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the extension at once, click on Remove All.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block All</b> <br> This option blocks the access of all the password-protected archive files types.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken on the password-protected archive file types. </p>
<ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to all the password-protected archive files.</li>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the password-protected archive files.</li></ol><br>
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Block Files Using sha256</b></h4>
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block the files that are encrypted using SHA256 encryption based on the hash value of it.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Enable SHA256 Protection</b> <br> This option lets you enable the SHA256 protection to block the files having identical hash key.</p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Filter Categories</b> <br>This option will be enabled after selecting the Enable SHA256 Protection option. You can use this option to add or remove SHA256 categories and the hash values that has been added to the particular category. </p>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Category Name</b> </p>
<ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add a filter category, enter the category name and click on Add.</li>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To remove filter category, select the category name and click on Delete.</li></ol><br>
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Hash files</b> <br> To add/remove the hash file in particular category, select the category and then add or delete the file.</p>
<ol>
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add a hash value, select the category in the Category Name column. Enter the hash value and comments (optional) and click on OK.</li>
  <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To remove a hash file, select the category in the Category Name column. Select the hash file and click on Delete.</li></ol><br>

Latest revision as of 09:18, 30 November 2021

Advance Security

Following tabs with multiple threat protection options that are present in the EDR Policy:

  • Advance Threat Protection
  • Block Downloads from Internet
  • Archive File Protection
  • Block Files Using sha256

    • The following section will describe the tabs and options in detail.

    Advance Threat Protection

    This tab allows you to block and whitelist the execution of EXE files downloaded from Internet or present in the USB. Along with its Advanced Threat Protection tab that enables to restrict the WScript and Adobe reader from the execution of child processes.

    Block Unsigned Exe Download from Internet
    This option blocks the execution of untrusted/unknown executable files that are downloaded from the internet.

    Block Unsigned Exe from USB
    This option blocks the execution of untrusted/unknown executable files from portable storage devices like USB drives.

    Unsigned Exe White list (Cloud)
    This option allows the execution of whitelisted executable files based on the eScan Cloud database. It is enabled by default.

    Whitelisting for unsigned exe Downloaded From Internet/on USB
    This option allows the user to whitelist the unknown executable files. After enabling the above listed options, you can configure this option.

    1. Add: To add an unknown executable file, enter the name of the file and click on Add. The file will be added in the list.
    2. Delete: To delete an executable file, select the particular file from the list and click on Delete.
    3. Remove All: To remove all the files from the list, click on Remove All.


    Block WScript From Running Downloaded Apps
    This option allows you to blocks the execution of any potentially malicious scripts (.js, PowerShell) that running from the downloaded apps.

    Block Adobe Office Child Exe
    This option allows you to block the generation of any child process (VB macros, exploit code, PowerShell commands) by Adobe Reader and Office apps.

    Block Custom Child Exe
    This option lets you to add or delete the custom child EXE.
    After enabling this option, you can configure the following options:

    1. Add: To add custom child EXE, enter the name and click on Add.
    2. Delete: To delete any child EXE, select the file and click on Delete.
    3. Remove All: To remove all the file at once, click on Remove All.


    Block Downloads From Internet

    This tab allows you to block or restrict the internet downloaded files and files downloaded from email clients.

    Block Internet Downloaded Files
    This option allows you to directly block the files while downloading from internet.

    Exclude Email Clients
    This option allows the execution of attachment and auto-run executable files that are downloaded via email clients (Outlook, Thunderbird, and more). It is enabled by default.

    Archive File Protection

    This tab allows or blocks the running of password-protected archive files (zip, rar, 7zip, and more).

    Allow All
    This option is enabled by default and allows running of all the password-protected archive files.

    Allow only default archive types
    This option allows the access of only default archive types and file name with extensions that are added in the list.

    Action
    This drop-down option allows you to select the action to be taken in case of password protected archive file that does not belong to default type or whitelisted file extensions.

    1. Access Denied: This option will deny the access to the archive files that are not default type or whitelisted file extensions.
    2. Quarantine archive: This option will quarantine all the archive files other than default types or whitelisted file extensions.


    Add Custom Unsafe Extensions
    This option allows you to add custom unsafe archive in the list.

    1. Add: To add custom unsafe extension, enter the extension and click on Add.
    2. Delete: To delete any custom extension, select the extension and click on Delete.
    3. Remove All: To remove all the extension at once, click on Remove All.


    Allow only excluded extensions
    This option allows the access of only the archive files extensions that are added in the excluded list.

    Action
    This drop-down option allows you to select the action to be taken in case of password-protected archive file that does not belong to excluded file extensions.

    1. Access Denied: This option will deny the access to the archive files that are not added in the exclusion list.
    2. Quarantine archive: This option will quarantine all the archive files that are not added in the exclusion list.


    Ignore Default Extensions
    This check box will allow the access of default archive extensions by including them in the blacklist.

    Exclusion List for Custom Extensions
    This option allows you to add custom extension file type in the list.

    1. Add: To add custom extension, enter the extension and click on Add.
    2. Delete: To delete any custom extension, select the extension and click on Delete.
    3. Remove All: To remove all the extension at once, click on Remove All.


    Block All
    This option blocks the access of all the password-protected archive files types.

    Action
    This drop-down option allows you to select the action to be taken on the password-protected archive file types.

    1. Access Denied: This option will deny the access to all the password-protected archive files.
    2. Quarantine archive: This option will quarantine all the password-protected archive files.


    Block Files Using sha256

    This tab allows you to block the files that are encrypted using SHA256 encryption based on the hash value of it.

    Enable SHA256 Protection
    This option lets you enable the SHA256 protection to block the files having identical hash key.

    Filter Categories
    This option will be enabled after selecting the Enable SHA256 Protection option. You can use this option to add or remove SHA256 categories and the hash values that has been added to the particular category.

    Category Name

    1. Add: To add a filter category, enter the category name and click on Add.
    2. Delete: To remove filter category, select the category name and click on Delete.


    Hash files
    To add/remove the hash file in particular category, select the category and then add or delete the file.

    1. Add: To add a hash value, select the category in the Category Name column. Enter the hash value and comments (optional) and click on OK.
    2. Delete: To remove a hash file, select the category in the Category Name column. Select the hash file and click on Delete.


    Retrieved from "https://wiki.escanav.com/index.php?title=Escan/english/escan22/eScan_Management_Console/Managed_Computers&oldid=22372"