Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Manual
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of GFI SOFTWARE LTD.
Contents
Introduction 9
Introduction to GFI WebMonitor..................................................................................... 9 Editions .......................................................................................................................... 9 How does GFI WebMonitor work? ............................................................................... 10 Key features ................................................................................................................. 11 GFI WebMonitor licensing............................................................................................ 12 GFI WebMonitor product evaluation ............................................................................ 12
13
Introduction .................................................................................................................. 13 System requirements ................................................................................................... 13 Installation .................................................................................................................... 14 Launching GFI WebMonitor ......................................................................................... 16 Downloading anti-virus signatures ............................................................................... 16 Upgrading from a previous version .............................................................................. 17 Uninstalling...................................................................................................................17
19
21
27
Introduction .................................................................................................................. 27 Active Connections ...................................................................................................... 27 Past Connections ......................................................................................................... 28 Bandwidth consumption............................................................................................... 28 Sites History ................................................................................................................. 29 Top Time Consumption................................................................................... 29 Top Hits Count ................................................................................................ 30 Users History................................................................................................................ 31 Top Surfers ..................................................................................................... 31 Top Hits Count ................................................................................................ 32 Top Policy Breakers........................................................................................ 33 Site History Details....................................................................................................... 34 User History Details ..................................................................................................... 35 Activity Log...................................................................................................................36
37
Introduction .................................................................................................................. 37 Configuring the Whitelist .............................................................................................. 37 Preconfigured items ........................................................................................ 37 Adding items to the Permanent Whitelist........................................................ 37
0BIntroduction 5
Delete items from the Permanent Whitelist .................................................... 38 Adding items to the Temporary Whitelist ........................................................ 38 Removing items from the Temporary Whitelist............................................... 40 Configuring the blacklist............................................................................................... 40 Adding items to the Blacklist ........................................................................... 40 Delete items from the Blacklist........................................................................ 41 Using wildcards ............................................................................................................ 41
43
Introduction .................................................................................................................. 43 Configuring Web Filtering policies ............................................................................... 43 Adding a Web Filtering Policy ......................................................................... 43 Editing a Web Filtering Policy ......................................................................... 48 Disabling a Web Filtering Policy ..................................................................... 48 Enabling a Web Filtering Policy ...................................................................... 48 Deleting a Web Filtering Policy ....................................................................... 49 Default web filtering policy .............................................................................. 49 Configuring advanced web filtering policy conditions .................................................. 49 Adding an advanced web filtering policy condition ......................................... 49 Editing an advanced web filtering policy condition ......................................... 50 Removing an advanced web filtering policy condition .................................... 51 WebGrade Database settings...................................................................................... 51 Enabling/disabling online lookups................................................................... 52 Viewing updated online lookups ..................................................................... 52 Enabling/disabling the database ..................................................................... 52 Configure database updates........................................................................... 52 Checking URL categories ............................................................................... 53
55
Introduction .................................................................................................................. 55 Download Control policies ........................................................................................... 55 Adding a new Download Control Policy.......................................................... 56 Editing a Download Control Policy.................................................................. 59 Disabling a Download Control Policy.............................................................. 59 Enabling a Download Control Policy............................................................... 59 Delete a Download Control Policy .................................................................. 59 Default Download Control Policy .................................................................... 60 Adding Content-types ..................................................................................... 60 Configuring Instant Messaging (IM) Control Policies................................................... 61 Adding a new IM Control Policy ...................................................................... 61 Editing an IM Control Policy............................................................................ 64 Enabling/Disabling an IM Control Policy......................................................... 64 Deleting an IM Control Policy.......................................................................... 64 Configuring Virus Scanning Policies ............................................................................ 64 Adding a Virus Scanning Policy ...................................................................... 65 Editing a Virus Scanning Policy ...................................................................... 67 Disabling a Virus Scanning Policy .................................................................. 68 Enabling a Virus Scanning Policy ................................................................... 68 Delete a Virus Scanning Policy....................................................................... 68 Default Virus Scanning Policy......................................................................... 69 Scanning Engines ........................................................................................................ 69 Enabling/disabling the scanning engines........................................................ 69 Configure anti-virus updates ........................................................................... 70 Kaspersky Scanning Engine Options ............................................................. 71 Anti-Phishing Engine.................................................................................................... 71 Enabling/disabling the Anti-Phishing Engine .................................................. 72 Configure Anti-Phishing database updates .................................................... 72 Configure phishing notifications ...................................................................... 73
6 0BIntroduction
75
Introduction .................................................................................................................. 75 Administrative Access Control ..................................................................................... 75 Adding users/IPs to the access permissions list............................................. 75 Deleting users/IPs to the access permissions list........................................... 76 Notifications..................................................................................................................76 Configuring email settings............................................................................... 76 Configuring email recipients............................................................................ 76 Deleting recipients: ......................................................................................... 77 General Settings .......................................................................................................... 77
79
Introduction .................................................................................................................. 79 Approving or Deleting items......................................................................................... 79 Viewing quarantined items.............................................................................. 79 Approving quarantined items .......................................................................... 80 Deleting quarantined items ............................................................................. 81
Reporting Setup
83
Introduction .................................................................................................................. 83 Enabling Reporting....................................................................................................... 83 The update reporting data now button............................................................ 84 Disabling Reporting...................................................................................................... 85
Miscellaneous
87
Troubleshooting
88
Introduction .................................................................................................................. 88 Knowledge Base .......................................................................................................... 88 Web Forum .................................................................................................................. 88 Request technical support ........................................................................................... 88 Build notifications ......................................................................................................... 89
Index
91
0BIntroduction 7
Introduction
Editions
GFI WebMonitor is available in 3 different editions. Each edition caters for systems administrators that have different requirements: WebFilter Edition: Filters web traffic and website use according to its built-in WebGrade database. This is a configurable website categorization database that determines access according to user/group/IP address/time. WebSecurity Edition: Provides a high degree of web security for downloaded web traffic. This is achieved through its built-in download control module and multiple anti-virus engines and anti spyware scanning modules. UnifiedProtection Edition: Provides both WebFilter Edition and WebSecurity Edition functionalities in a single package.
0BIntroduction 9
Stage 1 - Request initiation: At this stage users request a webpage or a download over the Internet. The incoming traffic generated by the users request is received by Microsoft ISA Server which in turn refers to GFI WebMonitor any web traffic (webpage requests, image downloads, file downloads) received. Stage 2 - Blacklist/Whitelist filtering: This stage comprises an internal GFI WebMonitor blacklist/whitelist filtering mechanism that analyzes user IDs, originating IP address and URL requested. Web traffic requested by blacklisted users and IP addresses or from blacklisted URLs, is rejected immediately. Web traffic requested by whitelisted users and IP addresses or from URLs that are whitelisted are automatically granted access and forwarded to the user. Requests that are neither blacklisted nor whitelisted are forwarded to the WebFilter module for processing.
Stage 3 - WebFilter module: The WebFilter module analyzes the uncategorized web traffic received from the blacklist/whitelist filtering mechanism against a comprehensive list of websites categorized in a wide variety of classes. Web traffic is rejected or approved according to policies set up against website categories included within the WebGrade database. WebGrade database synchronizes the updated
10 0BIntroduction
URLs with the Internet. For more information refer to the section Webgrade database settings. Policies can be set to reject web traffic to a quarantine; where systems administrators can review and approve/deny according to needs and requirements. When the quarantined web traffic is manually approved, the formerly quarantined URL is put in a temporary whitelist so that users can have access to this web resource. NOTE: The WebFilter module is only available in the WebFilter Edition and the UnifiedProtection Edition of GFI WebMonitor. In the case of the WebSecurity Edition, web traffic is directly sent from the whitelist/blacklist filters to the WebSecurity module. Stage 4 - WebSecurity module: The WebSecurity module analyzes web traffic through the download control module and scans the incoming material for viruses, spyware and other malware. Infected material is automatically rejected or quarantined based on the policies set up. Web traffic is also scanned for phishing material through an updatable database of phishing sites. If this data is found to originate from a known phishing element, it is automatically rejected. The approved web material is then sent to the user through ISA Server. NOTE: The WebSecurity module is only available in the WebSecurity edition and UnifiedProtection editions of GFI WebMonitor. In the case of the WebFilter edition, web traffic is relayed to the user without going through the processes included in the WebSecurity module.
Key features
GFI WebMonitor includes the following features: Real time web activity monitoring. Immediate blocking of web access and downloads in progress. Web traffic security through multiple and updatable anti-virus engines and anti-spyware features. Native integration with Microsoft ISA Server as a web filter. No duplication of Microsoft ISA Server functionality. Easy installation with minimal configuration requirements. Real file type signature checking files with renamed extensions are automatically recognized with their real file type. Email notifications of important events. WebGrade Database enabling all website requests to be checked against an extensive and top-notch categorization database. Download control policies. URL, user and IP whitelist and blacklist that override all WebFilter and WebSecurity policies. Bandwidth use reporting per user/website. Quarantine of hazardous files and content. Web-based interface.
0BIntroduction 11
12 0BIntroduction
Introduction
This chapter provides you with information related to the installation of GFI WebMonitor 2009.
System requirements
Install GFI WebMonitor on computers that meet the following hardware and software system requirements: WebFilter Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 1 GB Hard disk: 2 GB of available disk space. Processor: 1.8 GHz RAM: 1 GB Hard disk: 10 GB of available disk space.
GFI WebMonitor UnifiedProtection Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 2 GB Hard disk: 12 GB of available disk space.
NOTE: The hard disk size specifications specified for each edition are those required to install and operate the GFI WebMonitor edition. Allowance has been made for the downloads cache, processing space required for scanning, and history data files. However, this is only indicative; you may need to allocate additional disk space depending on your environment and number of users being monitored. Software requirements all editions Windows 2000 Server (SP4) or Windows 2003 operating system Microsoft ISA Server 2004 (SP3) or later Internet Explorer 6 or later .NET framework 2.0
NOTE 1: GFI WebMonitor can only be installed on the server machine hosting Microsoft ISA Server. NOTE 2: Internet Explorer 6 or later is recommended to be used for administration when using GFI WebMonitor.
Installation
Ensure that you run the program as a user that has Administrator privileges on the machine on which GFI WebMonitor is installed. 1. Launch the GFI WebMonitor installation setup and wait for the installation to load. 2. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website and click on the Next button. 3. Read the licensing agreement. To proceed with installation select I accept the terms in the license agreement option and click Next.
4. Specify the user name or the IP address, which can access the GFI WebMonitor Web interface and click Next to continue. NOTE: More than one user or computer can be specified. Entries shall be separated with a semicolon ;
5. Specify the User Name and Organization respectively. If you have a license key, update the License Key details.
6. Specify the logon credentials of an account with administrative privileges to run the GFI WebMonitor service. Click Next to continue.
7. Specify the SMTP mail server details and email address where administrator notifications will be sent. Optionally, click Verify Mail Settings to send a test email. Click Next to continue. 8. Click Next to install in default location or click Browse to change path. 9. Click Install to start the installation, and wait for the installation to complete. 10. Click Finish. NOTE 1: For more information on how to configure ISA Server authentication, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002526. NOTE 2: The username and password provided must have Logon as Service rights; otherwise, it will be switched on automatically for the specified account. The username and password provided will be used to create and run a new service.
signatures for the supported scanning engines are automatically downloaded and installed.
Uninstalling
For more information on uninstalling GFI WebMonitor refer to http://kbase.gfi.com/showarticle.asp?id=KBID003241.
Introduction
GFI WebMonitors console is a web-based interface through which you can control every aspect of its functionality. Through it you can monitor, block and grant access to all network traffic on your network.
Viewing Pane The viewing pane located on the right hand side of the screen allows the GFI WebMonitor user to view and configure settings according to the node selected in the Navigation Bar.
Navigation Bar This consists of all the sections and features configurable by GFI WebMonitor. Located on the left-hand side of the screen, the available nodes are: Dashboard provides a graphical overview of statistical information. Monitoring web traffic monitoring functions. Whitelist/Blacklist permanent and/or temporary whitelist and blacklist functions. WebFilter Edition manage and control access to different websites categories for users, groups and IPs. WebSecurity manage and control restrictions to web applications for network users, IPs or groups. Configuration Configure settings and administrative features for GFI WebMonitor. Licensing Provides access to the licensing setup and version information. Quarantine Configure and manage quarantined items that were blocked by GFI WebMonitor. Help Provides help on all aspects of GFI WebMonitors functionality.
Introduction
The Dashboard node enables you to obtain graphical and statistical information related to GFI WebMonitors operation. This includes: Usage and operations statistics Hits over time and bandwidth usage trend charts WebFilter statistics Last blocked requests and security threats.
Access the GFI WebMonitor Dashboard by clicking the Dashboard node in the navigation bar. The dashboard shows the information described in the sections below. NOTE: The GFI WebMonitor Dashboard can be refreshed by clicking on the icon in the top right hand corner.
Dashboard: Statistics
The information provided by this table enables you to readily obtain information on a number of important operational elements of GFI WebMonitor. Select the hyperlinks next to Current Active Connections to view the Active Connections, which is also accessible from the Monitoring Node. For more information refer to the Active Connections section in this manual. Selecting the hyperlink next to Current items in Quarantine allows viewing a summary of the quarantine folder. For more information refer to the section named Viewing Quarantine Items. AV Scanned Downloads represents the total downloads scanned by the anti-virus engines. For more information refer to the section Scanning Engines in this manual. Select the other hyperlinks within Todays statistics to view further detail on the statistics as summarized below. Feature
AV & Anti-Phishing
Quarantined
Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.
Blocked
Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers.
Download control
Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information refer to the section named Configuring Download Control policies.
Web Filtering
Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.
The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not. 2. View a graphical representation of the correlation between the number of hits and bandwidth use.
The hits over time chart is a graphical representation of the number of hits on a day-by-day basis for the current month. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify anomalies.
The bandwidth usage trends chart is a graphical representation of bandwidth use on a day-by-day basis for the current month. This
24 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and enables you to identify spikes and anomalies.
The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users.
The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis--vis the website categories browsed by users.
This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked.
The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not.
The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify security issues as early as possible enabling you to take preventive measures before your network security is breached.
26 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
Introduction
Use the Monitoring node and its sub-nodes to examine current and historical web request data collected and processed by Microsoft ISA server. Through these nodes you can view data related to: Active connections Past connections Bandwidth consumption Sites history Users history Activity log
Active Connections
Active connections provide information related to active connections which are processed through Microsoft ISA servers Web Filters.
Access the Active connections view by clicking on Monitoring Active Connections in the navigation bar. Through this view you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To button in the Status column of interrupt connections, click on the the connection and the download will be terminated. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed within the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not refreshed automatically. on the upper right corner of the view to Click on the refresh button update the information being shown.
Past Connections
The Past connections view shows the last 2000 complete connections processed through Microsoft ISA Server
Access the Past connections view by clicking on Monitoring Connections in the navigation bar.
Past
The information is sorted by time, with the latest URL accessed listed on top. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed in the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown.
Bandwidth consumption
The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports:
Top Sites - Displays web sites browsed, sorted by bandwidth with the site having the highest bandwidth at the top. Top Users - Displays websites by windows user or IP address. This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticated users the IP address is displayed. Top Categories - Report displays the top categories browsed with the categories carrying the highest bandwidth on top.
NOTE: Within the Top Sites and Top Users reports, you can select the Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button . .
Specific date click on the calendar button , select the required date and click Go to retrieve data for that date.
NOTE 1: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. NOTE 2: The information displayed is not automatically refreshed. Click refresh button information selected. on the upper right of the view to update the
Sites History
The Sites History node enables you to identify: The sites which are most frequently visited by your network users The total browsing time per site.
The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header.
Access the Top Time Consumption view by clicking on Sites History Top Time Consumption in the navigation bar. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button
Next day click on the forward button Specific date click the calendar , select the required date, and, click Go to retrieve information for that date.
NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. You can also click on any of the sites listed to bring up the Site History Details view. For more information refer to the Site History Details section in this chapter.
The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top).
Access the Top Hits Count view by clicking on Sites History Hits Count in the navigation bar.
Top
To access graphs showing hits over time per site, select the Show Hits Over Time Charts option. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information refer to the Site History Details section in this chapter.
Users History
The Users History provides details of which users who spent most time browsing sites and details of sites that were most frequently accessed. Three types of reports are available: Top Surfers Top Hits Count Top Policy Breakers
Top Surfers
Access the Top Surfers view by clicking on Users History Surfers in the navigation bar.
Top
The Top Surfers view lists the time spent by network users browsing sites on a specific date. The information displayed includes: User / IP. The users/IPs that browsed sites Surf Time. The time spent browsing sites Sites Accessed. The sites which were accessed by each user.
The list can be sorted either by user/IP in ascending order, or by time spent browsing in descending order (the site on which most time was spent is listed on top). To sort by user/IP, click on the User/IP column heading. To sort by time spent on the site, click on the Surf Time column heading.
By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view:
GFI WebMonitor 2009
Previous day click on the back button Next day click on the forward button
4BGetting started: Monitoring Internet activity 31
Specific date click the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. You can also click on any of the users/IPs listed to review User History Details.
Access the Top Hits Count view by clicking on Users History Hits Count in the navigation bar.
Top
The Top Hits Count view lists the users with the highest number of site accesses on a specific date. The information displayed includes: User/IP - The users/IPs that browsed sites. Hits - The number of site accesses made by each user. Sites accessed - The sites which were accessed by each user. Graphical representations of site hits over time.
The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. To sort by user/IP, click on the User/IP column heading. To sort by site accesses, click on the Hits column heading.
To display graphs showing hits over time for each of the sites listed, select the Show Hits Over Time Charts checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed.
32 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
You can also click on any of the users/IPs listed to review User History Details. For more information refer to the User History Details section in this chapter.
To view the users which breached most policies, navigate to GFI WebMonitor Monitoring Users History Top Policy Breakers. When clicking on one of the users/IPs, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click the calendar button , select the required date, and, click Go to retrieve data for that date.
NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed.
Access Site History Details view by clicking on Sites History Top Time Consumption or Top Hits Count) from the navigation bar. From the view pane select one of the listed sites in the Site column. This view shows the following information: User / IP - All users/IPs who have accessed that site on the specified date. Hits -The number of times the site was accessed by each user. The file types accessed from the site by each user. A graphical representation of total site hits over time, for all users. A graphical representation of user site hits over time, for each user listed. A graphical representation of traffic over time for each of the file types shown, for each user.
To display the graph showing total site hits over time for all users, select the Show Hits Over Time Chart checkbox. This graph assists you in identifying the time period(s) for the specified dates during which the site was most frequently accessed by users. To display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review User History Details view. For more information refer to the User History Details section in this chapter.
34 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
Access User History Details view by clicking on Users History (Top Surfers or Top Hits Count) from the navigation bar. From the view pane select one of the listed users/IPs in the User/IP column. The User History Details view shows the following for a specific user: Site indicates shows the sites accessed on the specified date. Hits indicates the number of times the site was accessed. The file types accessed from the site. A graphical representation of total site hits over time. A graphical representation of specific site hits over time. A graphical representation of traffic over time for each of the file types shown, for a specific site.
To display the graph showing total site hits over time, select the Show Hits Over Time Chart option. This chart helps you to identify the time period(s) for the specified date during which the user accessed the listed sites. To display the graph showing specific site hits over time for the user, hover with the mouse pointer over the number of hits for any one of the sites listed under heading File types. A chart pops up showing the
specified site access pattern and frequency by the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. You can also click on any of the sites listed to review Site History Details. For more information refer to the Site History Details section in this chapter.
Activity Log
Access the Activity Log view by clicking on the Activity Log node from the navigation bar. The Activity Log view shows all GFI WebMonitor activity related to: Items which have been blocked or quarantined Processes which have failed. The Activity Log view shows the following: The User/IP who carried out the activity Date and time when the activity took place Description of the activity which took place and the reason why items which have been blocked or quarantined URL accessed. on the upper right of the view to update Click on the refresh button the information being shown.
Introduction
Whitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMonitor. If a site is therefore listed in the Blacklist and that same site is also listed in the Whitelist, the site will be blocked.
Preconfigured items
By default GFI WebMonitor includes a number of preconfigured sites in the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websites to allow automatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected.
2. From the drop-down lists, select whether a User, IP or Site will be added to the whitelist and provide the user(s), group(s) and/or IP(s) for whom the new whitelist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the whitelist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
1. Click on the Whitelist node and select the Temporary Whitelist tab.
2. Click on Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. NOTE 1: When granting temporary access to a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the Whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup.
NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE 4: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE 5: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view.
2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for whom the new blacklist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the blacklist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.
NOTE 2: When adding a site to the blacklist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Using wildcards
When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below: Example
*.com *.website.com
Description
Allow/block all .com top-level domains Allow/block all sub domains of the website.com domain
Introduction
GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI WebMonitor then uses the configured web filtering policies to determine what action to take. This may be one of the following actions: Allow access to site Block access to site and quarantine the related file URL Block access to site and delete related URLs.
Policies can be customized to apply during specific time periods; for example a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor.
3. Click on the General tab. 4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively. 5. In the Policy Schedule area specify the time period(s) during which the new policy will be enforced.
6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: Allow categories: Select categories from the Blocked Categories list and click Allow>. Block categories: Select categories from the Allowed Categories list and click <Block. Quarantine access: Select categories Categories list and click <Quarantine. from the Allowed
NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information refer to the Configuring advanced web filtering policies conditions section.
7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs which are: Excluded (i.e. allowed) from the policy. This enables users to access sites overriding any policy setup. Included (i.e. blocked) in the new policy. The URLs specified in the included sites will be blocked regardless of the scope of the new policy.
NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy.
8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.
9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy
checkbox if required. Complete setup by updating administrators notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrators text box. 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 11. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose policy settings as soon as you leave the view to move to another section in GFI WebMonitor. The newly created policy will now be listed in the main Web Filtering Policies view.
3. Refer to Adding a Web Filtering Policy section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
48 6BWebFilter Edition Site rating and content filtering GFI WebMonitor 2009
2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
1. From the Web Filtering tab click on Show Advanced Options. 2. Click on Add Condition to view the Edit Properties dialog where you will create the advanced condition. 3. Specify a combination of categories which will enable you to allow, block or quarantine sites. For example, to block sites which fall under the categories Adult and pornography AND IM Client: a. Select Adult and pornography from Available Categories list box and click on Use Category b. Select IM Client from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition. 4. Click on Save Settings to finalize settings. NOTE 1: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the Adult themes category. Likewise, the site is NOT blocked if it only falls only under the Sexuality category. NOTE 2: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Through the WebGrade Database settings view you can: Enable/disable online lookups Enable/disable the database View the database status, version and license details Configure database updates Check the presence or validity of any URL with the active local WebGrade database and send feedback.
1. Access the WebGrade Database settings view by clicking on WebFilter Edition Web Filtering Policies WebGrade Database from the navigation bar. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field.
3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Complete setup by clicking on Save Settings. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation.
2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories.
Introduction
GFI WebMonitors WebSecurity features scan and usage control restrictions for various applications to users, IPs or groups on your network. The control policies are: Download Control Policies Software download controls IM Control Policies Control use and access of MSN / Windows Live Messenger Virus Scanning Policies configure which downloaded files should be scanned for viruses and spyware. Anti-Phishing Engine Configure protection to network users from phishing sites.
For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options.
4. Click on the Download Control tab to configure the actions to be taken on the various file types.
Screenshot 39 - Add new download control policy: Add new content type 56 7BWebSecurity Edition File scanning and download control GFI WebMonitor 2009
5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add.
6. Click on any file type from the list to display the Change Action dialog and configure the actions to be taken for that file type. From the Perform this action: drop down list select the applicable action to be taken. The available options are: Allow Block and Quarantine Block and Delete
7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. NOTE 2: When adding a user or a group, ISA Server authentication is used to validate the user or group name.
8. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Enter the administrators email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the users to be notified when the policy you are creating is breached, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be validated. 10. Complete the new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings will lose all settings.
The policy created will be listed in the main Download Control Policies view.
3. Refer to Adding a Download Control Policy section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
3. Complete deleting a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Adding Content-types
GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type which is not in the predefined list: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from
2. Click on Add Policy, select Download Control tab and click on Add Content-type.
3. Key in the content-type in the Content-Type field in the format type/subtype and click on Add. 4. Complete keying in anew contact type by clicking on Save Settings NOTE 1: Files for user added content-types are not real file type checked as is the case with preconfigured file types. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
3. Key in the new policy name in the Policy Name field and optionally enter a brief description in the Policy Description text box.
4. From the IM Control tab, choose to block or allow instant messaging communications: Block all MSN / Windows Live Messenger communications all communications via MSN or Windows Live Messenger is blocked. Allow MSN / Windows Live Messenger communications the use of MSN or Windows Live Messenger is allowed.
5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user names and groups.
6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email notification to the configured email address(es) when a user tries to access blocked IM policies. 7. Add the administrator(s) email address(es) to be notified in the Email Address box. 8. In the Send the following notification to the administrators text box, edit the email message text which will be sent in the email notification 9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download. NOTE: Notification is sent only if user is validated through ISA Server authentication. 10. Complete the new IM policy setup by clicking Save Settings. NOTE: Failing to click on Save Settings will lose all settings The new policy will be listed in the main IM Control Policies view.
4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively.
5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: Warn and Allow Block and Quarantine Block and Delete
6. Click OK, select Applies Tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.
7. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 8. If you require users to be notified when the policy you are creating is triggered, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE 1: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 9. Complete new policy setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. The policy you have just created will be listed in the main Virus Scanning Policies view.
1. Click on WebSecurity Edition navigation bar. 2. Click on the edit icon edit.
3. Refer to Adding a Virus Scanning Policy section in this chapter, for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a virus scanning policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
3. Complete deleting a virus scanning policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Scanning Engines
Through the Virus & Spyware Protection view you can: Enable/Disable one or more of the supported engines View the licensing status Configure anti-virus engine/signature updates for each one of the scanning engines
To access the Virus & Spyware Protection view click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection from the navigation bar.
2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. NOTE: Disabling a virus scanning engine denotes that GFI WebMonitor cannot use that engine. 3. Complete Virus scanning engine setup by clicking on Save Settings
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 69
NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
1. Click on WebSecurity Edition Virus Scanning Policies & Spyware Protection Kaspersky Anti-Virus.
Virus
2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Complete setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Anti-Phishing Engine
Through the Anti-Phishing Engine view you can: Enable/Disable anti-phishing View the anti-phishing feature licensing status Configure anti-phishing database updates
To access the Anti-Phishing Engine view click on WebSecurity Edition Anti-Phishing Engine from the navigation bar.
3. Check or uncheck the Block access to phishing sites checkbox to enable or disable anti-phishing features. NOTE 1: Disabling the anti-phishing engine implies that GFI WebMonitor cannot use that engine to block phishing sites. 4. Complete anti-phishing engine setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 3. If you require the user to be notified when a phishing site is accessed, check the Notify the user accessing the site if the site
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 73
accessed is a known phishing site checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 4. Complete phishing notifications setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose phishing notification settings as soon as you leave the view to move to another section in GFI WebMonitor.
Introduction
GFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane: Administrative Access Control: Configure who can access GFI WebMonitor web interface for configuration and monitoring. Notifications: Configure alerting options for email notifications on important events. General Settings: Configure the data retention, download cache and temporary whitelist policies. Reporting: Configure the database settings for reporting.
2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the
new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the access control list, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Notifications
Notifications are sent by email to administrators on important events including: Items being quarantined WebGrade Database, anti-virus signature update failures WebGrade Database, anti-virus signature update success Approaching expiry of WebGrade Database and anti-virus signature update licenses.
2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Deleting recipients:
1. Click on Notifications node 2. Click on the delete icon delete. next to the email address you want to
3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
General Settings
Through the General Settings node you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration General Settings node
1. In the Data Retention area specify how long, in days, will browsing activity data be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. 2. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the cache will speed up subsequent requests for the same file. NOTE: Set the value to zero hours if you want to disable the cache. 3. In the Temporary Whitelist area specify how long (in hours), will items approved from the quarantine be kept in the Temporary Whitelist. This is the amount of time available to the user during which the approved URL is accessible.
Introduction
GFI WebMonitor includes a quarantine feature; a restricted, safe and controlled storage area where potentially harmful download files are stored. Policies may be set where downloaded files/URLs are blocked and stored in quarantine. Downloaded files may be quarantined as a result of one or more configured policies in the following categories being triggered: Download Control Policies Web Filtering Policies Virus Scanning Policies Establish the reason for which a download file is being quarantined Determine whether the file is harmful or harmless and should be deleted or approved.
If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: Those transferred to quarantine today Those transferred to quarantine yesterday Those transferred to quarantine this week All items transferred to quarantine
To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to either review all items or those for a specified period:
Screenshot 62 - Quarantine
2. Click on each one of the available tabs to view a list of items quarantined for each respective policy category: Download Control Policies tab Web Filtering Policies tab Virus Scanning Policies tab
Lists are sorted in descending order, with the latest item being quarantined shown at the top of the list. 3. Click on the details icon to view details for that item. 4. Click Go Back To List to move back to the list of quarantined items. 5. Use the navigation icons of quarantined items. to navigate through a long list
4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE 1: The user email address is shown only if the user has been authenticated through ISA Server authentication, and has a valid Active Directory email field. NOTE 2: Using the checkbox associated with each entry in the quarantine enables multiple file whitelisting. NOTE 3: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to the Temporary Whitelist. Refer to the Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE 4: Quarantined items which are not approved after 2 days are automatically deleted.
NOTE 2: Quarantined items which are not approved after 2 days are automatically deleted.
Reporting Setup
Introduction
GFI WebMonitor enables you to store data in a database for statistical information analysis using GFI WebMonitor ReportPack. In this section you will find information about: How to enable or disable information gathering Configuring reporting options
Enabling Reporting
To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration Reporting node
10BReporting Setup 83
2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password combination and Database name which enables GFI WebMonitor to connect and audit data to the database in the respective order. You can use the Get Database List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For security purposes, passwords can only be configured from the machine where GFI WebMonitor is installed.
84 10BReporting Setup
In these cases, amongst others, clicking on the Update reporting data now triggers the retrieval process. NOTE: Data is always collected for complete 24 hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked.
Disabling Reporting
To disable reporting features: 1. Click on the Reporting node. 2. Uncheck the Enable Reporting checkbox and click Save Settings to disable reporting.
10BReporting Setup 85
Miscellaneous
Introduction
In this section you will find information on updating GFI WebMonitor license
11BMiscellaneous 87
Troubleshooting
Introduction
The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: The manual most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support
Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most upto-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.
Web Forum
User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.
NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone.
88 12BTroubleshooting
Build notifications
We recommend that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.
12BTroubleshooting 89
Index
Site History Details 28, 32, 34 Sites History 25, 27, 28, 32 Software requirements 11 System requirements 11
T
Troubleshooting 86
.
.NET 11
U
UnifiedProtection 7, 9, 11 User History Details 30, 31, 32, 33 Users History 25, 29, 30, 33
A
Access Permissions 73 Active connections 25, 26 Active Connections 25 Activity Log 25, 34 alerts 14 Anti-Phishing 69, 70, 71 anti-virus 9, 14, 67, 68, 74
W
WebFilter 7, 8, 9, 11, 18, 35, 41, 46, 47, 49, 50, 73 WebGrade 7, 8, 9, 41, 49, 50, 74 WebSecurity 7, 9, 11, 18, 35, 53, 54, 57, 58, 63, 66, 67, 69, 70, 71, 73 whitelist 8, 9, 18, 36, 37, 38, 39, 73, 79 wizard 12
B
blacklist 8, 9, 18, 38, 39
D
download control 7, 9, 53, 54, 55, 57, 58
E
Evaluation 10
G
General Options 73 graph 32, 33, 34
H
hardware requirements 11
I
installation 14 ISA Server 7, 8, 9, 11, 14, 25, 26, 36, 37, 38, 45, 46, 56, 64, 65, 72, 73, 74, 79
L
License 85 licensing 12
P
Past Connections 25, 26
12BTroubleshooting 91