SurfControl Enterprise Threat Shield version 3.5.0

SurfControl plc

README file

March 2006

1 - WELCOME!
2 - SURFCONTROL ENTERPRISE THREAT SHIELD TECHNOLOGY
3 – INSTALLATION REQUIREMENTS
4 - LICENSE INFORMATION
5 - KNOWN ISSUES

 

SECTION 1 WELCOME!

Welcome to SurfControl Enterprise Threat Shield version 3.5.0  

Threat Shield detects, blocks and removes spyware, Instant Messengers, P2P applications, games, movies and music files. Threat Shield is quick to deploy, easy to manage and is the only solution of its kind specifically designed for enterprise use. Threat Shield offers a complete set of tools for detecting, blocking and removing a whole range of threats:

  • Real-time detection of spyware and other threats to prevent their access to clients or monitored servers.
     

  • Thorough scanning and cleaning of local and network drives to remove existing threats and keep new ones out.
     

  • Not just removing the spyware threat but closing down unauthorized use of Instant messengers and P2P applications that are the source of so many threats to the enterprise.
     

  • Comprehensive databases offering precise, fingerprint based identification of files removes the risk of false positives.
     

SECTION 2 - SURFCONTROL ENTERPRISE THREAT SHIELD TECHNOLOGY
 

What is SurfControl Enterprise Threat Shield?
SurfControl Enterprise Threat Shield is an enterprise ready security solution for Spyware, Instant messengers, P2P applications, Games and media files.  Enterprise wide management is carried out from a simple management console. No software installation is required on client machines. A small agent is placed into memory on each managed computer. This agent contains all the information it needs to scan, detect and block all the threats in its comprehensive database without generating additional network traffic. The Threat Shield Agent also has the capability of protecting a workstation when it is not connected to the Threat Shield server or does not have file-sharing set up (or both). It does this by downloading the files that it requires by HTTP then storing them locally.
 

Four Scanning Technologies:

  • FileWatch - controls stored unauthorized files and applications, including unauthorized music or video files, games, as well as the P2P applications used to download media file
     

  • WriteWatch – controls the introduction (downloading or copying) of unauthorized files or applications into the file system
     

  • .exeWatch - controls the unauthorized usage of applications. It monitors running applications, such as Spyware, P2P applications, or Instant Messengers operating on your network
     

  • BrowseWatch – detects Web sites and Web pages visited during Web browsing, and reports this information to the Threat Shield Server. Enterprise Threat Shield's ability to detect such surfing activity helps to preserve company productivity by ensuring that employees are working in a productive manner and not wasting time


Web-Based Reporting
Provides a Web-based view into all Threat Shield reports. Users can access and run reports from any machine using the Microsoft Internet Explorer Web browser.

Four Dynamic Threat Databases
Comprehensive databases of applications and associated files.New versions of any of these are detected automatically without having to be added to the database.

  • Spyware – Lists spyware, keyloggers, adware, trojans and other related malware
     

  • Instant Messengers – Currently detecting around 579 separate instant messenger applications
     

  • Peer to Peer – Currently detecting around 574 P2P applications and associated files
     

  • Games – Extensive database of high street and downloadable games
     

Policy Based Control
Custom policies allow granular control of groups and users. Equally granular exclusion control allows users, groups, files or folders to be excluded from policies. For example the Instant Messenger database can detect and remove all IM applications. The exclusion list could be used to authorize the use of one IM for a particular part of the organization.

SECTION 3 – INSTALLATION REQUIREMENTS

The only supported Web browser in this release is Microsoft Internet Explorer V5.5 (required for the Threat Shield Reporter).
Threat Shield requires the following to be installed:

  • Microsoft .net framework V1.1

  • Microsoft SQL Server 2000 or higher for reporting. MSDE is available as a separate download from http://www.surfcontrol.com/ for companies without SQL
     

SECTION 4 - LICENSE INFORMATION

The SurfControl Enterprise Threat Shield product will run as an evaluation version for 30 days. A maximum of 70 clients can be managed for this period.For this period the product is fully functional. 
 

SECTION 5 - KNOWN ISSUES

ID:

Installation

18289

Uninstall SETSAgent.msi when WS is disconnected from network - status of WS at SETS manager remains the same
If you uninstall SETSAgent.msi from a workstation and the uninstall information does not reach the  Threat Shield Manager, the status of the uninstalled workstation will be: "workstation stopped it's connection" instead of "unregistered". No operation can be carried out on the workstation from Threat Shield Manager.

Workaround: Reinstall SETSAgent.msi and unistall it again while connected to the server.
 

18778

Adding a stand alone option through the Add/Remove modify procedure will not work

If you install Enterprise Threat Shield without the Stand Alone option selected then attempt to modify the installation via Add/Remove programs, the Stand Alone option will still not be available. Using the Repair option will not make it available either.

 

Workaround - Double-click the install file and choose Modify or Repair when you see this screen.
 

ID:

Threat Shield server

18862

A new database must be included in the Stand Alone.ini file in order to deploy in SA mode

If you create a database outside the Threat Shield Manager (this is not the recommended procedure) then add this database to the Data folder, attempting to deploy the Agent to a client in Stand Alone mode will fail. This can also occur if you change the database name outside of the Manager.
 

A workaround is available -  see Threat Shield Knowledge Base article:
 

19325

A User defined database that is not in a rule will not appear in Stand Alone.ini after a software upgrade

If you are upgrading Enterprise Threat Shield from a previous version to 3.5.0 and adding the Stand Alone functionality, a user defined database that is not part of an active rule, will not appear in the StandAlone.ini. If this database is then added to a rule and the rule activated, you will be unable to deploy Agents in Stand alone mode.

 

Workaround - Make sure that all of user defined databases are attached to active rules before you upgrade Enterprise Threat Shield.
 

18575

 Enterprise Threat Shield and Novell Networks
Activation of the Threat Shield Agent can be erratic when installed on Novell Networks, even if a login script is used. This is usually the greatest issue with deployment.

Workaround - Define a Novell share on the server with read access for the Agent to the Enterprise Threat Shield folder.
 

18970

ThreatShieldService does not respond to a 'stop' command
If you attempt an uninstall and the service cannot stop then the Enterprise Threat Shield uninstall process shows an 'Uninstall completed successfully' dialog even though the service can still be seen as 'stopping'.
 

Workaround - Restart the machine.
 

ID:

Threat Shield Manager

19537

Threat Shield Manager crashes if blank information is entered in the Change Account Information dialog box.

If you attempt to change account information and leave the edit fields in the 'Change Account Information' dialog box blank, then an unknown exception error message will show. On clicking OK, Enterprise Threat Shield Manager will close without warning.

Workaround - Do not enter blank information into the Change Account Information dialog box.
 

ID:

Threat Shield Agent

18321

 Stand Alone Agent logging issue when server is disconnected from network and different users login to the client
 When a stand alone agent is connected to the server, it will send the violation history of the current user only and not the other users who used the workstation during the disconnected period.

Need a complete re-design of the users information transfer to resolve this issue And therefore not undertaken for this release.

 

A workaround is available - see Threat Shield Knowledge Base article:
 
20130

Monitoring USBs and other removable devices with WriteWatch.

WriteWatch will not work with USBs and other removeable devices.