Advanced Administration Guide

Transcript

Advanced Administration Guide *Formerly Panda Managed Office Protection Copyright notice © Panda Security 2010. All rights reserved. Neither the documents nor the programs that you may access may be copied, reproduced, translated or transferred to any electronic or readable media without prior written permission from Panda Security, C/ Gran Via Don Diego Lopez de Haro 4, 48001 Bilbao (Vizcaya) SPAIN. Trademarks Windows Vista and the Windows logo are trademarks or registered trademarks of Microsoft Corporation in the United States and other countries. All other product names may be registered trademarks of their respective companies. © Panda Security 2010. All rigths reserved. 1009-PMOP-50450 Panda Cloud Office Protection Advanced Administration Guide Chapter 1. What is Panda Cloud Office Protection?..................................... 6 What is the 'cloud'? .....................................................................................................7 What is Collective Intelligence?..................................................................................... 7 Information ............................................................................................................................................7 How did detection work before Collective Intelligence?..........................................................................7 How does detection with Collective Intelligence work? ..........................................................................7 Corporate quarantine ................................................................................................... 8 How does the Corporate Quarantine work? ...........................................................................................8 Who should read this guide? ........................................................................................ 9 Contact details ........................................................................................................... 10 Requirements ............................................................................................................. 11 Requirements for accessing the client Web console ..............................................................................11 Minimum requirements for the computers to which the protection is distributed .................................11 Requirements for the computer from which the protection is deployed using the distribution tool .......11 Minimum requirements for the computers to which the protection is distributed using the distribution tool ......................................................................................................................................................12 URLs .....................................................................................................................................................12 Services ...................................................................................................................... 13 Tech support and protection services....................................................................................................13 Services associated to the Hosted Service..............................................................................................13 Key concepts .............................................................................................................. 15 Chapter 2: Access to the web console....................................................... 19 Customer Web Console.............................................................................................. 19 Preferences................................................................................................................. 19 General options....................................................................................................................................19 Default view .........................................................................................................................................19 Group restrictions.................................................................................................................................20 Account management ..........................................................................................................................20 Computer blacklist ...............................................................................................................................20 Chapter 3: License management............................................................... 21 Types of clients........................................................................................................... 21 Subscriber.............................................................................................................................................21 Non-subscriber .....................................................................................................................................21 Warnings related with licenses.................................................................................... 21 Updating the number of licenses ..........................................................................................................21 Panda Cloud Office Protection – Advanced Administration Guide 1 Panda Cloud Office Protection Advanced Administration Guide License expiry date warning..................................................................................................................21 Blacklist ................................................................................................................................................21 Canceling licenses ...................................................................................................... 22 Computers affected..............................................................................................................................22 Managed computers ............................................................................................................................22 Extending licenses using the activation code ............................................................... 22 Possible errors when extending licenses................................................................................................23 Chapter 4: Account management ............................................................. 24 Delegating the management of an account ................................................................ 24 Possible errors on delegating account management .............................................................................24 Merging accounts....................................................................................................... 25 Possible errors when merging accounts ................................................................................................26 Consequences of merging accounts .....................................................................................................27 Chapter 5: Users and permissions ............................................................. 28 Creating and managing users ..................................................................................... 28 Types of permissions................................................................................................... 28 Total control .........................................................................................................................................28 Security administrator...........................................................................................................................29 Monitoring ...........................................................................................................................................29 Chapter 6: Configuring the protection ...................................................... 30 Default profile ............................................................................................................ 30 New profile ................................................................................................................ 31 Creating a profile .................................................................................................................................31 General profile settings............................................................................................... 31 Edit profile - Advanced settings ............................................................................................................33 Edit profile - Advanced update settings ................................................................................................34 Antivirus protection settings ....................................................................................... 35 Local scans ...........................................................................................................................................36 Advanced antivirus settings - File protection .........................................................................................37 Advanced antivirus settings - Email and messaging protection..............................................................39 Firewall protection settings ......................................................................................... 39 Introduction..........................................................................................................................................39 Managed firewall ....................................................................................................... 41 Configuration from the Web console ...................................................................................................41 Panda Cloud Office Protection – Advanced Administration Guide 2 Panda Cloud Office Protection Advanced Administration Guide Personal firewall ......................................................................................................... 73 Configuration from the Web console ...................................................................................................73 Configuration from the local console....................................................................................................75 Rule priority ........................................................................................................................................125 Panda rules.........................................................................................................................................126 System rule examples................................................................................................ 127 Allow Panda Cloud Office Protection Agent (TCP) ..............................................................................127 Allow Panda Cloud Office Protection Agent (UDP)..............................................................................128 Allow HTTP.........................................................................................................................................129 Allow HTTPS .......................................................................................................................................130 Allow POP3 ........................................................................................................................................131 Allow SMTP ........................................................................................................................................132 Allow DNS ..........................................................................................................................................132 Allow DHCP .......................................................................................................................................132 Allow Netbios (TCP)............................................................................................................................132 Allow Netbios (UDP) ...........................................................................................................................134 Deny TCP............................................................................................................................................135 Deny UDP ...........................................................................................................................................136 Chapter 7: Creating groups .................................................................... 137 Creating groups ....................................................................................................... 137 Chapter 8: Installing the protection......................................................... 139 Recommendations prior to installation ...................................................................... 139 Proxy settings if needed to access Collective Intelligence servers .........................................................139 Computer requirements .....................................................................................................................139 Presence of other protection software on computers..........................................................................139 Closing other applications during installation......................................................................................139 Configuring exclusions in the file protection for servers with Exchange Server ....................................139 Installation modes .................................................................................................... 139 Quick installation................................................................................................................................140 Installing the protection with the installation program........................................................................140 Installing the protection with the distribution tool ..............................................................................141 Installation cases....................................................................................................... 142 Installing Panda Cloud Office Protection on computers without any protection installed.....................142 Installing Panda Cloud Office Protection on computers with protection installed ................................143 Automatically uninstalling other protections .......................................................................................143 Chapter 9: Protection status ................................................................... 144 Notifications .......................................................................................................................................144 Licenses ..............................................................................................................................................144 Antivirus protection ............................................................................................................................144 Scheduled scans ....................................................................................................... 145 Panda Cloud Office Protection – Advanced Administration Guide 3 Panda Cloud Office Protection Advanced Administration Guide Results of the scheduled scan jobs......................................................................................................145 List of detections ...................................................................................................... 145 Chapter 10: Monitoring of computers..................................................... 147 Monitoring the protection on computers .................................................................. 147 Computer details................................................................................................................................147 Chapter 11: Quarantine.......................................................................... 149 Exclusions................................................................................................................. 150 Chapter 12: Reports ............................................................................... 151 Generate reports ...................................................................................................... 151 Types of reports..................................................................................................................................151 Report display........................................................................................................... 152 Chapter 13: Uninstallation ...................................................................... 153 Uninstallation from add/remove programs ................................................................ 153 Uninstalling with the distribution tool ....................................................................... 153 Chapter 14. Troubleshooting & FAQ’s ..................................................... 154 Troubleshooting ....................................................................................................... 154 Frequently Asked Questions...................................................................................... 154 How is the Panda Cloud Office Protection Web console accessed? .....................................................154 What are the installation requirements for Panda Cloud Office Protection? ........................................154 What checks must be carried out before installing Panda Cloud Office Protection? ............................155 What are the components of Panda Cloud Office Protection? ............................................................155 What is the Panda Cloud Office Protection administration agent? ......................................................156 What do the P2P and Proxy functions implemented in Panda Cloud Office Protection consist of? ......156 How is Panda Cloud Office Protection installed through the installation program? .............................157 How is Panda Cloud Office Protection installed through the distribution tool?....................................158 Can Panda Cloud Office Protection be installed on a network with AdminSecure protection? ............159 How can a computer be included in the blacklist? ..............................................................................160 How can a computer be restored from the blacklist? ..........................................................................160 Why is no information received from a computer that was in the blacklist but has been restored? .....160 Why are some computers out-of-date after a Panda Cloud Office Protection update?........................160 Annex 1: Examples. Configuration and installation recommendations ...... 162 Example 1. SMB ....................................................................................................... 162 Panda Cloud Office Protection – Advanced Administration Guide 4 Panda Cloud Office Protection Advanced Administration Guide Example 2. Centralized company .............................................................................. 164 Example 3. Decentralized company ........................................................................... 166 Annex 2: Commandline Scripts for Basic Operations................................ 167 Introduction ............................................................................................................. 168 Installation................................................................................................................ 168 Previous steps. Downloading the installation packet ...........................................................................168 Installation steps.................................................................................................................................170 Verifying protection installation ................................................................................ 171 Verification steps ................................................................................................................................172 Uninstalling Panda Cloud Office Protection ............................................................... 172 Uninstallation .....................................................................................................................................172 Updating the signature file ....................................................................................... 173 Steps for updating signature files .......................................................................................................173 Updating settings ..................................................................................................... 173 Steps for updating the settings ...........................................................................................................173 Running an on-demand scan .................................................................................... 173 Previous steps. Downloading settings files ..........................................................................................173 Launching on-demand scans ..............................................................................................................175 Getting the date of the latest signature file ............................................................... 175 Obtaining the signature file date ........................................................................................................175 Getting the status of the antivirus and the firewall .................................................... 176 Getting information on the status of the protection ...........................................................................176 WALTEST.DAT format. ..........................................................................................177 Annex 3: Deploying the protection.......................................................... 179 The administration agent....................................................................................................................179 Peer to Peer (P2P) function .................................................................................................................179 Dinamic proxy ....................................................................................................................................181 Static proxy.........................................................................................................................................182 Installation times ................................................................................................................................182 Deploying Panda Endpoint Agent .......................................................................................................185 Deployment of Panda EndPoint Protection (AV + FW).........................................................................195 Deployment of Panda EndPoint Protection (only AV)...........................................................................202 Deployment of Panda EndPoint Protection (only Firewall) ...................................................................207 Panda Cloud Office Protection – Advanced Administration Guide 5 Panda Cloud Office Protection Advanced Administration Guide Chapter 1. What is Panda Cloud Office Protection? Panda Cloud Office Protection is a complete security solution to protect your computer network and manage security online with none of the hassle. Its protection neutralizes spyware, Trojans, viruses and any other threats. The administration center of Panda Cloud Office Protection is the Client Web Console (referred to in this guide as the Web console), from where you can configure the protection and distribute and install it on the computers you want to protect. It also lets you check the status of the protection and see any detections that have been made. You can also configure the quarantine used to store suspicious items, and decide how such items will be handled. Panda Cloud Office Protection also lets you generate reports on your security status, and export them in the format you want. Once you have established your computers' protection needs, you will be able to create profiles and configure the protection's behavior (antivirus and/or firewall) for the profiles that you have created. Then, you can assign that profile to the computers or computer groups to protect. You can configure the protection installed on computers either before or after installation, but it is advisable to spend some time considering the following points: - What are your specific protection needs? - How many computers do you want to protect? - What criteria will you use to group the computers to protect? - What is the topology of your network? - Do you need to protect mobile users? - What types of users interact with your network? - What permissions do you want to give them? - Who will be in charge of administering security? These needs might vary from one computer to another, or be the same for all computers on the network. Depending on these circumstances you might need to create new profiles or use the Panda Cloud Office Protection default settings. Before installing the protection, check the Recommendations prior to installation. You will find important information about the installation and uninstallation processes, how to configure the protection language, and how to use the quick installation and default installation options. The configuration and installation processes are totally under your control; you will decide at all times which computers to protect, with which protection and the installation method. Once you have selected the computers to protect and the configuration profiles, you must distribute and install the protection. To help you we have prepared some simple instructions on installation modes and cases. We hope you find them useful. Panda Cloud Office Protection – Advanced Administration Guide 6 Panda Cloud Office Protection Advanced Administration Guide What is the 'cloud'? Cloud computing is a technology that allows services to be offered across the Internet. To this effect, the term 'the cloud' is used as a metaphor for the Internet in IT circles. Panda Endpoint Protection is served from the cloud, connecting to Collective Intelligence servers to protect your computer at all times, increasing the detection capacity and not interfering with the performance of the computer. Now all knowledge is in the cloud, and thanks to Panda Endpoint Protection, you can benefit from this. What is Collective Intelligence? Collective Intelligence is a security platform created by Panda Security, offering high-level protection in real time, exponentially increasing the detection capacity of Panda Endpoint Protection. Information Throughout its history, Panda Security has always been in the technological vanguard of the international market thanks to its innovation in anti-malware security, and as a visionary company, it has consistently offered innovations to the market two years ahead of its rivals. In 2006 Panda Security began to develop a set of technologies based on artificial intelligence. This set of techniques, dubbed Collective Intelligence, is able to analyze classified and disinfect 99.5% of the new malware samples received every day at the laboratory, keeping users protected practically in real time. This leaves laboratory technicians to process the remaining 0.5% of malware received. These cases, which tend to be more technologically complex, require more than Collective Intelligence to determine whether or not they are malware. These technologies were first released in 2007 and currently all solutions benefit from this vast knowledge base, offering protection ratios way above the market average. How did detection work before Collective Intelligence? Previously, laboratories received malware samples (new viruses, worms or Trojans) and technicians manually analyzed them before creating the corresponding vaccine. Once published across the Internet, users could download the vaccine to their signature files in order to ensure protection against the new threat. This model ceased to become useful once Panda Security laboratories went from receiving 100 samples a day to 50,000. This would require a whole army of technicians working against the clock to analyze all the new examples of malware received. How does detection with Collective Intelligence work? Collective Intelligence has servers that classify and process all the data provided through the user community about detections on their computers. Panda Endpoint Protection sends requests to Collective Intelligence whenever it requires, ensuring maximum detection capacity without negatively affecting resource consumption on computers. When new malware is detected on a computer in the user community, sends the information to the Collective Intelligence servers in the cloud, automatically and anonymously. The information is processed by the servers, delivering the solution to all other Panda Cloud Office Protection – Advanced Administration Guide 7 Panda Cloud Office Protection Advanced Administration Guide users in the community in real time. Hence the name Collective Intelligence. Given the current context of increasing amounts of malware, Collective Intelligence and services hosted in the cloud are an essential complement to traditional updates to successfully combat the enormous amount of threats in circulation. Corporate quarantine How does the Corporate Quarantine work? The figure below shows the process taking place in a malware-infected computer. Step 1 The Collective Intelligence agent included in the client computer collects information about memory processes and objects and makes queries to the central Collective Intelligence servers, which check if the file is suspicious or not. PandaLabs uses a network of around 4,000,000 sensors to know what type of malware is in circulation and create specific signatures to protect a client’s PC. Step 2 If the file is found to be suspicious, the protection will mark it as such and send it to quarantine until a final verdict is passed on the file status. Step 3 To optimize bandwidth consumption, the protection gets a ‘fingerprint’ of the suspicious file and sends it to the client’s central console, which coordinates the sending of samples to the Collective Intelligence servers. Panda Cloud Office Protection – Advanced Administration Guide 8 Panda Cloud Office Protection Advanced Administration Guide If a file cannot be identified, the Collective Intelligence servers notify the console, which sends the file together with information about it. Step 4 The file reaches the Collective Intelligence servers, where it is analyzed in-depth through a series of more sensitive technologies (sensitive heuristic analysis, signature analysis, emulation, sandboxing, virtualization, white lists, etc). These servers apply proactive techniques which, not being limited by the resources of the users’ PCs (CPU, memory limitations…), can classify new malware samples automatically in a matter of minutes. Step 5 Once the file has been analyzed by our Collective Intelligence servers, two possible responses are returned, with different actions for each of them: The file is Malware Information about the malware type is provided (worm, Trojan…). Also, the protection treats the item according to the data received and the policies established by the administrator. The file is Goodware The item is restored as it is known and it is not dangerous. Conclusion The last few years have witnessed a change in the way cyber-crooks think and act, exposing a series of flaws in the security industry. Firstly, malware creators have found a way to make a profit out of malware creation, which has brought about a change in their motivation. Now they launch targeted attacks much more effective than old massive attacks that affected thousands of computers. This has saturated security laboratories, which cannot cope with the huge number of malware samples that they receive every day. Malware samples cannot be analyzed manually like in the past. Finally, there is false sense of security as massive attacks have been replaced with targeted attacks designed to go unnoticed by the general public and antimalware programs. There are so many new malware samples in circulation that the time that passes between an attack on a user’s computer and the analysis of the sample at the lab is used by hackers to infect other PCs without the users knowing. Thanks to the corporate quarantine, part of the new Collective Intelligence, Panda can reduce the time during which users are left unprotected. Panda detects new malware from the time it appears, transmitting the knowledge to all our clients in real time and protecting them against new threats. Who should read this guide? This Advanced Administration Guide is aimed at network administrators who want to keep their networks free from viruses and other threats. Panda Cloud Office Protection – Advanced Administration Guide 9 Panda Cloud Office Protection Advanced Administration Guide The information contained in this guide will allow you to configure, deploy and install the Panda Cloud Office Protection protection. To this end, in addition to a basic description of the possibilities that Panda Cloud Office Protection has to offer, you will find a series of configuration and installation examples which should prove useful when resolving any queries or problems. Panda Cloud Office Protection provides an optimum, integrated security service for your IT resources thanks to the efforts and experience that Panda Security invests in all its products. Contact details If you want to contact Panda, go to the following address: http://www.pandasecurity.com/about/contact/ Select your country from the drop-down list to find the contact details of your local Panda office. This will allow you to contact Panda Security’s technical and customer services. Panda Cloud Office Protection – Advanced Administration Guide 10 Panda Cloud Office Protection Advanced Administration Guide Requirements Requirements for accessing the client Web console Browser -Internet Explorer 6.0 or later -Mozilla Firefox 3.0 or later -Google Chrome 2.0 or later To prevent any errors with the security certificate in this browser, Use SSL 3.0 and Use TLS 1.0 must be enabled. You can enable these options through Tools > Options > Advanced > Encryption.. Network -Internet connection: direct or through a local area network. -HTTP connection (port 443). Minimum requirements for the computers to which the protection is distributed Workstations -Operating systems: Windows XP (32 and 64-bit), Windows 2000 Professional, Windows Vista (32 and 64-bit) Windows 7 (32 and 64-bit). -RAM: For the antivirus protection: 64 MB, for the firewall: 128 MB -Browser: Internet Explorer 5.5 or later -At least one of the servers or workstations must have an Internet connection. -Processor: Pentium 300 MHz or equivalent. -Hard disk: 280 MB -Windows Installer 3.0 Servers -Operating systems: Windows 2000 Server, Windows Server 2003 (32 and 64-bit), Windows Server 2008 (32 and 64-bit) -RAM: 256 MB -Browser: Internet Explorer 5.5 or later -At least one of the servers or workstations must have an Internet connection. -Processor: Pentium 300 MHz or equivalent. -Hard disk: 280 MB -Windows Installer 3.0 Note that to access theCollective Intelligence servers is necessary to have Internet access. Ensure that computers have access, and if this is done through a proxy, be sure this is properly configured. Requirements for the computer from which the protection is deployed using the distribution tool -Operating system: Windows 7 (32 and 64-bit), Windows Vista (32 and 64-bit), Windows XP Professional (32 and 64-bit), Windows 2000 Professional, Windows Server 2000, Windows Server 2003 (32 and 64-bit), Windows Server 2008 (32 and 64-bit) -Memory: 64 MB -Hard disk: 20 MB -Processor: Pentium 300 MHz or equivalent. Panda Cloud Office Protection – Advanced Administration Guide 11 Panda Cloud Office Protection Advanced Administration Guide -Windows Installer 2.0 -Browser: Internet Explorer 5.5 or later -Access to the Admin$ resource on the computers to which the protection will be distributed. -A user with administrator rights on the computers to which the protection is distributed. Minimum requirements for the computers to which the protection is distributed using the distribution tool -Disable the Windows firewall or configure the exception File and printer sharing (Start > Settings > Control panel > Network connections > Local area connections > (right button) Properties > General > Settings). To have Use simple file sharing disabled (on Windows XP, Tools > Folder Options > View > Use simple file sharing). -On computers with Windows Vista and that are not within a domain with active directory, disable the UAC (Users Account Control): (Control panel > User accounts > Turn User Account Control On or Off > disable the checkbox 'Use User Account Control (UAC) to help protect your computer). URLs To access the Panda Cloud Office Protection servers and be able to download updates, at least one of the protected computers must have access to a series of Web pages. These are: To update the signature file and protection engine http://enterprise.updates.pandasoftware.com/updates_ent/ http://acs.pandasoftware.com/member/installers/ http://acs.pandasoftware.com/member/uninstallers/ http://acs.pandasoftware.com/member/pavsig/ http://acs.pandasoftware.com/free/ To send suspicious files http://hercules.pandasoftware.com/getqesi.aspx http://hercules.pandasoftware.com/getqesd.aspx For communication with the server http://mp-agents.pandasecurity.com/Agents_5_03_00/service.svc https://mp-agents.pandasecurity.com/AgentsSecure_5_03_00/service.svc http://mp-agents.pandasecurity.com/Agents_5_04_00/service.svc https://mp-agents.pandasecurity.com/AgentsSecure_5_04_00/service.svc For communication with Collective Intelligence servers http://cache.pandasoftware.com http://proinfo.pandasoftware.com/connectiontest.html Ports (client intranet) TCP 18226 and UDP 21226 must be opened to allow correct communication between the Panda Cloud Office Protection agents. Panda Cloud Office Protection – Advanced Administration Guide 12 Panda Cloud Office Protection Advanced Administration Guide Services Tech support and protection services The administrator can easily access the services offered with the solution, as they will be integrated in the Web administration console. The services are: - 24h-365d Tech Support by telephone and email. - Daily updates. - Express updates in the event of epidemics. - Virus warnings and information (SOS Virus). - Software updates of the protection for workstations and improvements to the Web console. - Access to the Colective Inteligence servers. Services associated to the Hosted Service The architecture that hosts the Panda Cloud Office Protection service in Panda Security ensures the following: - Load balancing and high availability - Fault tolerance - High performance - Scalability Panda Cloud Office Protection guarantees total confidentiality of the data stored on the system. Communication security The information sent from the customers to the Panda Security Service travels securely via HTTPS and encrypted and compressed HTTP. Panda Cloud Office Protection – Advanced Administration Guide 13 Panda Cloud Office Protection Advanced Administration Guide Customer data in the hosted service Information about Generic event the protected information computer Malware event information Firewall event information Suspicious item event information Computer name Computer identifier Name of the malware detected Target IP CRC or MD5 of the suspicious file IP address Protection identifier File compressed or not Target TCP/UDP port File name Domain or workgroup Identifier of the protection unit Path Source IP Type of item moved to quarantine MAC address Date and time of detection File name Source TCP/UDP port Path Operating system and service pack Type of scan; permanent, on-demand MAC of the local network card. File size RAM Malware type Protocol Date of signature file Action taken after detection File compresse d or not Date/time sent to PandaLabs Date of last communication with server Session user Protection status (enabled, disabled, error) Infected user Panda Cloud Office Protection – Advanced Administration Guide 14 Panda Cloud Office Protection Advanced Administration Guide Duration of data in the service Type of information Client data Information on protected computers Event details (malware or firewall) Suspect item details Statistics x hour Statistics x day Statistics x month Duration in the system Until license expiry + 15 day grace period + 40 days Up to 40 days after the last transmission of information. In normal circumstances the computers send information every day 7 days 30 days 24 hours 31 days 12 months Key concepts Network adaptor The network adapter allows communication between devices connected to each other and also allows resources to be shared between two or more computers. It has a unique identifier. Adware Program that automatically runs, displays or downloads advertising to the computer. Administration agent This is the agent responsible for communication between the administered computers and the Panda Cloud Office Protection servers, as well as managing local processes. Antivirus Programs designed to detect and eliminate viruses and other threats. Signature file This is the file that allows the antivirus to detect threats. It is also known simply as the signature file. Broadcast domain This is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. Client’s Web console The Web console lets you configure, distribute and manage the protection across all network computers, as well as knowing the security status of the network and allowing you to generate and print reports. Quarantine Quarantine is the place where suspicious or non-disinfectable items are stored, as well as spyware and hacking tools detected. Panda Cloud Office Protection – Advanced Administration Guide 15 Panda Cloud Office Protection Advanced Administration Guide Dialer Program that redirects users that connect to the Internet using a modem to a premium-rate number, Premium-rate numbers are telephone numbers for which prices higher than normal are charged. IP address Number that identifies an interface in a network device that uses the IP protocol. MAC address Hexadecimal, 48-bit unique identifier of a network card or interface. It is individual; each device has its own MAC address. Firewall This is a barrier that can protect information in a system or network when there is a connection to another network, for example, the Internet. Peer to Peer (P2P) function In the case of Panda, the P2P feature reduces use of bandwidth for the Internet connection, as computers that have already updated a file from the Internet then share the update with other connected computers. This prevents saturating Internet connections. Proxy function This feature allows Panda Cloud Office Protection to operate in computers without Internet access, accessing through an agent installed on a computer in the same subnet. Group In Panda Cloud Office Protection, this is a set of computers to which the same protection settings profile is applied. There is an initial group or default group in Panda Cloud Office Protection to which the administrator can add all the computers to protect. New groups can also be created. Distribution tool Once downloaded from the Internet and installed on the administrator's PC, the distribution tool lets you remotely install and uninstall the protection on selected network computers. Hacking tool Programs that can be used by a hacker to carry out actions that cause problems for the user of the affected computer (allowing the hacker to control the computer, steal confidential information, scan communication ports, etc). Hoaxes These are spoof messages, normally emails, warning of viruses/threats which do not really exist. Joke These are not viruses, but tricks that aim to make users believe they have been infected by a virus. Blacklist Panda Cloud Office Protection – Advanced Administration Guide 16 Panda Cloud Office Protection Advanced Administration Guide This is a list of computers to which the protection will not be distributed. If a computer in the blacklist already has the protection installed, it will not be updated. Groups of expired computers and computers whose maximum number of installations allowed has been exceeded are also blacklisted. Malware This term is used to refer to all programs that contain malicious code (MALicious softWARE), whether it is a virus, Trojan, worm or any other threat to the security of IT systems. Malware tries to infiltrate or damage computers, often without users knowing, for a variety of reasons. Node In computer networks, each computer on the network is a node, and if talking about the Internet, each server also represents a node. Panda EndPoint Protection Name of the protection distributed and installed by Panda Cloud Office Protection on the computers on the network. Profile A profile is a specific protection configuration. Profiles are assigned to a group or groups and then applied to all computers that make up the group. Phishing A technique for obtaining confidential information fraudulently. The information targeted includes passwords, credit cards and bank account details. Local Process The local processes are responsible for performing the tasks necessary to implement and manage the protection on computers. Protocol System used for interconnection of computers. One of the most commonly-used is TCP-IP. Proxy A proxy server acts as an intermediary between an internal network (an intranet, for example) and an external connection to the Internet. This allows a connection for receiving files from Web servers to be shared. Port Point through which a computer is accessed and information is exchanged (inbound/outbound) between the computer and external sources (via TCP/IP). Rootkits A program designed to hide objects such as processes, files or Windows registry entries (often including its own). This type of software is not malicious in itself, but is used by hackers to cover their tracks in previously compromised systems. There are types of malware that use rootkits to hide their presence on the system. Panda Cloud Office Protection – Advanced Administration Guide 17 Panda Cloud Office Protection Advanced Administration Guide SMTP server Server that uses SMTP -simple mail transfer protocol- to exchange email messages between computers. Spyware A program that is automatically installed with another, (usually without the user’s permission and even without the user realizing), and which collects personal data. Network topology The communication structure of nodes on a network. Trojans Programs that reach computers disguised as harmless programs that install themselves on computers and carry out actions that compromise user confidentiality. Public network This is the type of network you will find in cybercafes or airports, etc. Visibility of computers will be restricted on such networks, and there are restrictions on sharing files, resources and direct carries. Trusted network In this case we are generally talking about office or domestic networks. A computer will be perfectly visible to the other computers on the network. There are no limitations on sharing files, resources or directories. Environment variable This is a string containing information about the environment, such as the drive, path or filename, associated with a symbolic name that can use Windows. The System option in the control panel or the system symbol Set command can define environment variables. Viruses Programs that can enter computers in many ways, with annoying, damaging and even irreparable effects. Panda Cloud Office Protection – Advanced Administration Guide 18 Panda Cloud Office Protection Advanced Administration Guide Chapter 2: Access to the web console Customer Web Console To access the Web console: 1. Enter the Login email address and Password. If your license period has expired, you can renew it by contacting your reseller or sales advisor. 2. Accept the terms and conditions in the License Agreement (you will only be asked to do so once). You will then see the main screen of the Web console. From this screen you can access the following areas: Status, Computers, Installation and settings, Quarantine, and Reports. The Exit option lets you close the session. You can also select the language for viewing the Web console, using the list next to the active language. To create new users and assign them access permissions and management privileges, click Users. To configure the general console settings, click Preferences. Preferences From this window you have control over a number of general settings regarding the Web console: General options If you want the QuickStart guide to be displayed every time you log in to the console, select the Show QuickStart guide on login checkbox. Default view Choose the way in which computers are displayed: by name or by IP address. Enable the option you want. Panda Cloud Office Protection – Advanced Administration Guide 19 Panda Cloud Office Protection Advanced Administration Guide Group restrictions Select this option to limit the number of installations and the groups' expiry dates. Account management If you are a user with total control permissions, you will have access to the account management functions. To do this, click Manage accounts. Computer blacklist You can draw up a list of computers to which the protection will not be distributed. You can always add or remove computers to/from the list. Groups of expired computers and computers whose maximum number of installations allowed has been exceeded are also blacklisted. Panda Cloud Office Protection – Advanced Administration Guide 20 Panda Cloud Office Protection Advanced Administration Guide Chapter 3: License management Types of clients Subscriber Clients who buy licenses with no expiry date. If you are a subscriber client, you will see the following text in the Licenses section in the Status window: "Valid until: Permanent". You won't have to worry about your license expiry date. Non-subscriber Clients whose licenses have an expiry date. If you are a non-subscriber client, you will see the following text in the Licenses section in the Status window: "Valid until: 00/00/0000 ". Warnings related with licenses You have a series of Panda Cloud Office Protection licenses. Depending on your needs, you can install the protection on computers, uninstall it, remove computers from the list of protected computers, add computers to that list, etc. As you use your licenses, the number of available licenses will decrease. Updating the number of licenses If you: Install the protection on a computer One license is subtracted from the total number of available licenses. Remove a computer from the list of protected computers One license is added to the total number of available licenses. A number of computers will be blacklisted. This Reduce by X the number of contracted licenses number will be the amount by which the number of contracted licenses has been exceeded. License expiry date warning In the notification area you will see different warnings in relation to the proximity of the expiry date: whether it has been exceeded, if there are less than 30 days remaining, and if licenses expiring would leave you with fewer licenses available than those actually being used. In both cases you can renew the license by contacting your usual reseller or sales advisor. Panda Cloud Office Protection will display a reminder in the Status window. When the 30-day period is over, you will have an additional 15-day grace period to renew the licenses. After this, you will not be able to renew them. Blacklist A computer can be blacklisted manually or automatically when you try to install the protection on it once the maximum number of installations allowed has been exceeded, or when the license has expired. Automatic blacklisting also occurs when any restrictions placed on a group are exceeded. These restrictions can be configured in the Preferences screen. Blacklisted computers don't update. Also, they are not taken into account in the statistics, reports and scans carried out by Panda Cloud Office Protection. However, the computer license will not be added to the total number of licenses used, but will be subtracted from it. Panda Cloud Office Protection – Advanced Administration Guide 21 Panda Cloud Office Protection Advanced Administration Guide A computer can only be removed from the blacklist when there are licenses available and it has been blacklisted manually. Canceling licenses Where there are several maintenance contracts, this screen shows the most recent expiry date of licenses, the number of licenses that need to be canceled, and the warning that once the expiry date is exceeded the affected computers will be automatically blacklisted. You can choose between canceling the number of licenses that you need in the first computers that had the protection installed or the last. Use the Cancel licenses menu and click Apply. You will see a list of the computers and licenses that need to be released. Computers affected This is the default tab. It displays the list of computers whose licenses will be canceled and therefore will cease to be administered. The information is divided into four columns: Computer, Group, Installation date, and Insertion. This last column displays the term Automatic if the computer has been selected in the Cancel licenses menu, or Manual if it comes from the Managed computers tab. Select the checkbox corresponding to the computer whose license you want to cancel, and then click Exclude. The Options menu lets you filter the search of computers, specifying the time when the protection was installed on computers. Managed computers This tab displays the computers that you administer. If you want to add any of them to the list of affected computers, select the corresponding checkboxes and click Add. The computer will be moved to the list of affected computers. The Insertion column will display Manual. Finally, after the expiry date, the computers and licenses that have been canceled will be sent from the affected computers list to the blacklist. Extending licenses using the activation code This feature lets you decide when you extend your licenses. From the Web console you can access the License activation form to activate the service quickly and simply, using the activation code provided by Panda Security or your distributor when you bought the solution. Follow these steps: 1. Click Activate licences, in the Status screen. You will see the License activation window. 2. Enter the activation code. 3. Click OK. Panda Cloud Office Protection – Advanced Administration Guide 22 Panda Cloud Office Protection Advanced Administration Guide The process of extending licenses is not immediate, and you will have to wait a short time before the extended licenses are displayed in the Licences section of the Status window. In the event of an error, refer to the section on Possible errors in the process of extending licenses. Possible errors when extending licenses The following errors can occur when entering the activation code: The activation code entered is invalid/ doesn’t exist Make sure you have entered the code correctly. The activation code entered is already in use The activation code is already being used. In this case, contact your reseller or sales advisor to get a new code. Could not perform the operation It is possible that the characteristics of the services/licenses that you have contracted do not allow you to use the license extension feature. Other errors Once you have successfully entered the activation code, you may see the following error: Could not register the request This error occurs when the process has failed for an unknown reason. Please try again and if you cannot activate, contact Panda Security tech support. Panda Cloud Office Protection – Advanced Administration Guide 23 Panda Cloud Office Protection Advanced Administration Guide Chapter 4: Account management Delegating the management of an account If you want to delegate the management of the security of your computers to a partner, you can do so using the Delegate service function. The partner to whom you delegate the service will have access to your console. To delegate management of your account to a partner, you will need the partner’s Panda Security identifier. Follow these steps: 1. Click Manage accounts, in the Preferences window. You will see the Account management window. 2. Select Delegate. 3. Enter the partner’s identifier. 4. To confirm that you want to continue with the delegation, click Continue. The process of delegating management is not immediate, and you will have to wait until your data is accessible to the specified partner. In the event of an error, refer to the section on Possible errors when delegating the management of an account. Possible errors on delegating account management The following errors may appear when trying to delegate account management: Invalid identifier Please make sure you have entered these details correctly. You do not have licenses to perform this operation If your licenses have expired you will not be able to access the account management feature. Please contact your reseller or sales advisor to renew the licenses. Could not perform the operation It is possible that the characteristics of the services/licenses that you have contracted do not allow you to use the delegate management feature. Please check with your reseller or sales advisor. Panda Cloud Office Protection – Advanced Administration Guide 24 Panda Cloud Office Protection Advanced Administration Guide Other errors Could not register the request This error occurs when the process has failed for an unknown reason. Please try again and if you cannot activate, contact Panda Security tech support. Merging accounts What does merging accounts involve? If you have several client accounts and you want to merge them in order to manage them centrally, you can do this through the account merging function. This lets you manage all your accounts from a single Web console. It is VERY IMPORTANT that before you merge accounts you understand the consequences. Please refer to the section on Consequences of merging accounts. How are accounts merged? Basically, the process consists of transferring data from the source account (account A) to the target account (account B). This target account must already be active. To merge accounts: 1. Access the Web console of account A (the source account which will be canceled). 2. Click Manage accounts, in the Preferences window. You will see the Account management window. 3. Select Merge. 4. Enter the Login Email and password of account B (the target account to which the data from account A will be transferred). This data was provided in the welcome message when you opened the account. Once you're sure you want to merge the accounts, click Merge. The process of transferring data is not immediate, and so it will take time before you can check this has been successful in the account B Web console. In the event of an error, refer to the section on Possible errors in the merging of accounts. Panda Cloud Office Protection – Advanced Administration Guide 25 Panda Cloud Office Protection Advanced Administration Guide What information is transferred in the process of merging accounts? The merging of accounts involves transferring information about the computers managed from account A. Below you will see all the information that is transferred: 1. All active maintenance contracts that have not expired, i.e, information about active licenses, start and end dates, types of licenses, etc. 2. Settings profiles. All settings profiles from the source account. If there is a profile with the same name in the target account (for example, Sales Profile), the profile from the source account will be renamed with a numeric suffix (Sales Profile-1). The default profile -Default- will be transferred to the target account, but will be considered as just another profile and will lose the status of default profile. 3. Groups of computers. All groups of computers. In the case of groups with the same name, the same criteria will be applied as with profiles in the previous point. The default group -Default- will be transferred to the target account, but will be considered as just another group and will lose the status of default profile. 4. Information about active protection and blacklisted computers. 5. Reports and detection statistics. 6. All items in quarantine, including excluded and restored items. 7. Web console users (with their corresponding permissions) except the default user. Possible errors when merging accounts When accessing the form for merging accounts, you may encounter the following errors: The Login Email and/or password are incorrect Please make sure you have entered these details correctly. Could not perform the operation It is possible that the characteristics of the services/licenses that you have contracted do not allow you to use the merge accounts feature. Please check with your reseller or sales advisor. You do not have licenses to perform this operation If your licenses have expired you will not be able to access the merge account feature. Please contact your reseller or sales advisor to renew the licenses. The specified account is already being merged If the account B (target account) that you have specified is already being merged, you will have to wait for that process to finish before starting. The account with which you have started the session exceeds the maximum number of computers allowed The process of merging accounts is only possible if account A (source account) has less than 10,000 computers. Panda Cloud Office Protection – Advanced Administration Guide 26 Panda Cloud Office Protection Advanced Administration Guide The accounts to be merged belong to different versions of Panda Cloud Office Protection For the merging of accounts A and B to be carried out correctly, they must both correspond to the same version of Panda Cloud Office Protection. It is unlikely that the accounts belong to different versions, other than in situations where a version has been updated. Could not register the request This occurs when the process has failed for an unknown reason. Please try again and if you cannot merge accounts, contact Panda Security tech support. Consequences of merging accounts Before merging accounts, it is VERY IMPORTANT that you are aware of the consequences: 1. The services associated to account A will cease to be active, and the account will be deleted. Obviously, access to the Web console from account A will be denied. 2. In the Web console of account B you will see the data and information about computers managed from account A. To check this, just access the Web console from account B. 3. The protection installed in computers managed from account A will be reassigned automatically, and will be manageable from account B. It will not be necessary to reinstall the protection. The process of transferring data is not immediate, and so it will take time before you can check this has been successful in the account B Web console. In the event of an error, refer to the section on Possible errors in the merging of accounts. Panda Cloud Office Protection – Advanced Administration Guide 27 Panda Cloud Office Protection Advanced Administration Guide Chapter 5: Users and permissions Creating and managing users If the default option offered by Panda Cloud Office Protection does not adapt to the protection needs of your network, you can create new users and assign different types of permissions, depending on what you want each user to manage. In the main screen of the Web Console, click Users. The Users window distributes information in three columns: Name, Permissions, and Status. As you create users, these appear in the list, along with the type of permissions that you have given them and their status (enabled or disabled). You may need to create new user groups and assign them different permissions for management and control of groups. Panda Cloud Office Protection makes this very easy for you. The default user displayed by Panda Cloud Office Protection cannot be removed, and only the comments can be modified. The application displays it in the list as a name (default user). 1. Click Create new user to access the Users - Edition window. Fill out the User name, Email, Password and Repeat password fields. 2. You can add information in the Comments section. 3. In Groups, select the group or groups on which the administrator and monitoring user can operate, in accordance with the permissions you have assigned them. Users with total control permissions can act on all groups. 4. Click OK. In the main Users - Edition window, check that the user has been created and that the name, permission and status appear correctly in the list. To remove a user, select the corresponding checkbox and click Delete. Types of permissions Total control Users can: • Manage configuration of all groups. • Assign computers to groups. • Edit the Comments field in the Computer details screen. • Move computers from one group to another. • View all users created on the system. Panda Cloud Office Protection – Advanced Administration Guide 28 Panda Cloud Office Protection Advanced Administration Guide • Remove users. • Enable/disable phishing detection in the email and messaging protection. • Use the option to extend licenses using the activation code. • Use the option to merge accounts. • Delegate security management to a partner. Security administrator Users can: • Modify their user credentials. • Create users. • Create groups and eliminate the groups they have permissions over. • Edit the Comments field of the computers over which he/she has permissions, in the Computer details screen. • Enable/disable phishing detection for email and messaging protection in the profiles he/she has created or that are assigned to a group to which he/she has permissions. Monitoring Users can: • Modify their user credentials. • View and monitor the protection of the groups assigned to them. Panda Cloud Office Protection – Advanced Administration Guide 29 Panda Cloud Office Protection Advanced Administration Guide Chapter 6: Configuring the protection The protection provided by Panda Cloud Office Protection is designed to be installed and distributed across your IT network. Therefore the protection to be installed will vary depending on the computers to protect and your specific security needs. You can configure the protection before or after installation. To do this, you have to create a profile and then assign it to a group or groups. In this guide the configuration process is explained as a step prior to installing the protection on the computers. When assigning profiles to the groups created, there are several options: one single profile applied to several groups, each group with a different profile, or just one profile and one group. When you create a profile you configure the way that the protection will operate for this specific profile, i.e, you determine which types of scan are carried out on which elements, how often the protection is updated and the action that will be taken when items are placed in quarantine. If you do not need to create any profiles or groups in addition to those Panda Cloud Office Protection includes by default, go to the Installation and settings menu and select the Default group. Then select the installation mode you want to use for installing the protection on your computers. Before starting to install the protection, you can create and configure the profiles you need. Then create groups of computers and assign profiles to the groups, so that each group will have a specific protection profile. Default profile Select Profiles to go to the Installation program profiles window. This window displays existing profiles. Panda Cloud Office Protection – Advanced Administration Guide 30 Panda Cloud Office Protection Advanced Administration Guide The first time you go to this window you will see the Default profile and information about the associated protection. If at anytime you want to change the settings of this profile, click the name of the profile. This will take you to the Edit profile window. Make any changes you require and save them using the Save option. If later you want to restore the original settings of the profile, you can do so using the option Restore default settings in the Edit profile window. New profile Creating a profile If you need to create new profiles, they will be displayed in the Installation program profiles window next to the Default profile with information about the protection included. You can always edit the settings of a profile by clicking on its name and going to the Edit profile window as explained for the default profile. If you try to assign a profile name that is already being used, an error message appears. If you cannot view the profile that already exists, it is probably because you don't have the corresponding permission. For more information refer to the section on Types of permission. To create a new profile, click Create new profile, and go to the Edit profile window. From there you will be able to include settings in the new profile. Configuration of the profile is structured in three sections: General, Antivirus, and Firewall. The whole process is described in the sections General profile settings, Antivirus protection settings, and Firewall protection settings. General profile settings In this section you can select general configuration options related to the profile, and it is therefore important to have a clear idea of the type of profile you want, largely depending on the computers that you want to protect with this profile. Panda Cloud Office Protection – Advanced Administration Guide 31 Panda Cloud Office Protection Advanced Administration Guide Main tab The options in this tab will allow you to name the profile you are creating and decide which protection you want to activate: antivirus, firewall, or both. Select the checkbox corresponding to the protection you want to install. You can also add an additional description to identify the profile and select the language in which you want the protection installed. By clicking Advanced settings you will go to the Edit profile – Advanced settings screen. If you want the protection to update automatically select the corresponding checkbox. If you click Advanced update settings, you will go to the Edit profile – Advanced update settings screen. Suspicious files are sent automatically to Panda Security for analysis. This allows for a rapid response to different threats, therefore reinforcing the security of your computers. It is advisable to enable the option Automatically send items as they enter quarantine. Scheduled scans tab Click New to go to the Edit profile – New scan job window. Firstly, choose a name for the scan job. Then choose the type of scan you want to create: immediate, scheduled or periodic. 1. If when you create a profile you configure an immediate scan, this will take place as soon as you install the protection on the computers. 2. If you select a scheduled scan, you have to decide whether this includes all the computer or if it will only focus on hard disks or email. You will also have to indicate the time and date of the scan. 3. In the case of periodic scans, in addition to the above you will also have to specify the frequency with which the scan takes place. This can be daily, weekly or monthly. Note that to access the Collective Intelligence servers is necessary to have Internet access. Ensure that computers have access, and if this is done through a proxy, be sure this is properly configured in Internet connection section (Edit profile – Advanced settings window) Panda Cloud Office Protection – Advanced Administration Guide 32 Panda Cloud Office Protection Advanced Administration Guide As you create scan jobs, these will be added to the list of Scheduled scans, from which you can edit them or remove them if desired. Warnings tab Here you can configure warnings to be displayed when malware is detected on computers. You can also indicate whether these warnings will be local, by email or both. The difference is that local warnings are displayed on the computer or computers on which the detection occurs, while the email warnings are sent to the selected computers. To do this: 1. First select the checkbox Send warning via email on detection of malicious software. 2. Complete the Message subject field. 3. Enter the email address and specify the SMTP server to be used for sending warnings. If the server requires authentication, enter the corresponding user name and password. 1. Click OK. Apply to tab When you assign the profile to a group or groups, these will appear in this list. Edit profile - Advanced settings You can access this window by clicking on the Advanced settings link in the Main tab of the Edit profile window. Here you can configure aspects related to the installation of the protection on computers, as well as the connection of these computers to the Internet and to the Panda Cloud Office Protection servers. You can also configure options related to the suspicious file quarantine. Panda Cloud Office Protection – Advanced Administration Guide 33 Panda Cloud Office Protection Advanced Administration Guide Installation Specify the directory to install the protection in. Panda Cloud Office Protection shows a default path that you can modify by using an environment variable other than %ProgramFiles%. Internet connection Specify the computer's Internet connection, if it uses a proxy server, and if proxy authentication is required. Server connection options Establish how often you want the computer to send information to the Panda Cloud Office Protection servers about the status of the protection installed. You can change the frequency displayed by default, but it must be a value between 12 and 24 hours. Quarantine options Files in quarantine are analyzed to determine whether they represent a threat or not. If they do not represent a threat, you can restore the files, using the Restore option in the Quarantine window and indicating the path of the directory. Edit profile - Advanced update settings This window it is acceded clicking on Advanced update settings, in the Main tab of Edit profile windows. You can request automatic updates of the protection engine, and change the frequency at which the application checks for updates. By default, the frequency is every 12 hours. You can also select a time band for carrying out the update. Panda Cloud Office Protection – Advanced Administration Guide 34 Panda Cloud Office Protection Advanced Administration Guide It is important to keep the signature file updated, to ensure that the antivirus detects the new threats that appear every day. The option to update the signature file automatically is enabled by default, it is not advisable to disable it. You can modify the interval at which to check it there is an update available -by default the interval is 4 hours-. Antivirus protection settings This menu lets you configure the general behavior of the Antivirus protection for the profile you are creating. The Edit profile window has three menus: General, Antivirus, and Firewall. Below we describe the Antivirus menu. Files Here you can configure the basic operation of the Antivirus with respect to file protection. If you want more detailed settings, click Advanced settings. This will take you to the advanced file protection options. Configure the antivirus file protection according to the types of files that you want to process. Select the malware you want to detect. ecide if you want to disinfect or delete infected files. If neither of these options is possible, the file will be moved to quarantine. Click Ok. The detection of virus will be activates whenever the file protection is it. You can also form the action that wishes that the permanent protection realises in case of taking place a detection of malware: to disinfect or to erase malware detected. If not outside possible no of the two options, the file will be moved to group of quarantine. Mail and messaging In this window you can configure how the antivirus protection will operate with the profile you are creating with respect to email and instant messaging. If you want more detailed settings, click Advanced settings. This will take you to the advanced email and messaging protection options. Panda Cloud Office Protection – Advanced Administration Guide 35 Panda Cloud Office Protection Advanced Administration Guide 1. Indicate if you want to enable permanent email and messaging protection, as well as for compressed files. 2. Select the the type of malware you want to detect. Use the corresponding checkbox. 3. Decide if you want to disinfect or delete infected files. If neither of these options is possible, the file will be moved to quarantine. Internet use Here you can configure the basic operation of the Antivirus in each profile with respect to Internet use. 1. Enable the permanent protection for Internet use. 2. Use the checkbox to indicate if you want the protection to include compressed files. 3. Decide the type of malware you want to detect. The malware will be disinfected automatically. If it cannot be disinfected it will be eliminated. Heuristic The genetic heuristic scan analyzes programs in depth, in audit to determine, using digital genetic traces and program behavior, if any type of malware is present. In this window you can choose in what circumstances you want the heuristic scan to be active (files, email and messaging, Internet use) and which action you want to take on detecting malware. To do this, mark the corresponding checkbox and click Ok. When you have completed the General, Antivirus and Firewall configuration for the new profile, you can check that it has been generated correctly in Installation program profiles. Local scans Panda Endpoint Protection is the name of the protection that Panda Cloud Office Protection deploys and installs on computers. Once installed, you can access different scan options through the Windows right-click menu or through the right-click menu of the protection itself. Right-click scan of a selected item Select a folder, drive, file or any other scannable item and right-click it. You will then see a Windows menu, giving you the option to Scan with Panda Endpoint Protection. The scan will be launched immediately. You can pause the scan and restart it later. When it is finished you will see the result of the scan and you will also be able to print, export or save the report. Local scans through the right-click menu in Panda Endpoint Protection Panda Cloud Office Protection – Advanced Administration Guide 36 Panda Cloud Office Protection Advanced Administration Guide The Panda Endpoint Protection right-click menu can be accessed by right-clicking the application icon at the bottom right of the screen, (normally next to the system clock). Although you can pause, cancel or restart the scan, it is highly advisable to let it finish, to ensure that your PC is clean. From this menu you can scan all of your PC and your email. There are several types of scan: Quick scan Select the option Quick scan from the menu. The scan will start immediately, examining running processes and all loaded libraries, along with the registry keys often used by malware and cookies. This will determine if the computer is infected with active malware at the moment the scan is run. This scan only lasts a few seconds and does not place an excessive load on the computer. Full scan Select Full scan from the pop-up menu. The scan will examine all of your computer to ensure it is free from threats. The duration of the scan will depend on the speed of your computer and the amount of data stored. Mail scan Select Email scan from the pop-up menu. All messages in all your mailboxes will be scanned. This type of scan supports Outlook Express, Windows Mail and Microsoft Outlook. The mail scan option will not be available if the computer on which the protection is installed is a server. Scanning other parts of your computer 1. Select Scan other parts of your computer. 2. In the Other parts of your computer window, select the folders or files you want to scan (this could be more than one). Select the corresponding checkboxes and click OK. Scan summary Once the scan has finished you will see a detailed summary, which will include information about files moved to quarantine, if applicable. If you want you can print the scan report or save it in txt format. Advanced antivirus settings - File protection This screen lets you configure detailed antivirus protection options for a profile, with respect to the file protection. You can do this based on general criteria for all types of files or applying only to those with a certain extension. Similarly, you can also select certain file extensions to exclude. The window is divided into two sections: Extensions to scan and Exclusions. Panda Cloud Office Protection – Advanced Administration Guide 37 Panda Cloud Office Protection Advanced Administration Guide Extensions to scan 1. Select Scan files with any extension or Only scan files with the specified extensions. To do this, enter the extension in the text box (don't forget the initial dot) and click Add. You can delete, clean or restore the list of extensions using the corresponding buttons. 2. In both cases, you can also add files without extensions to the scan, or all Office documents. Use the corresponding checkboxes. Exclusions 1. In the Type menu, select the exclusion you want to establish: Directory, File or Extension. 2. In the Value text box enter the name of the file, extension or directory. 3. Click Add. Click Delete to remove items from the list. Panda Cloud Office Protection – Advanced Administration Guide 38 Panda Cloud Office Protection Advanced Administration Guide Advanced antivirus settings - Email and messaging protection To ensure an optimum level of protection on your computers, it is essential to protect them from threats that can reach systems through email and instant messaging. Panda Cloud Office Protection lets you configure the antivirus protection for email and messaging for each profile. You can do this generally, for all files received, or according to extensions. Select Scan files with any extension or Only scan files with the specified extensions. Enter the extension in the text box and click Add. You can delete, clean or restore the list of extensions using the corresponding buttons. You can also add files without extensions to the scan, or all Office documents. Use the corresponding checkboxes. Firewall protection settings Introduction The firewall protection included in Panda Cloud Office Protection lets administrators choose the operational mode of the protection: Personal or Managed. To configure this, go to Edit profile in the Web console.   Panda Cloud Office Protection – Advanced Administration Guide 39 Panda Cloud Office Protection Advanced Administration Guide     In the profile configuration screen, select Firewall to access the settings.     Here you can select the firewall operational mode. There are two options: Allow configuration of the firewall by the client (Personal mode) The end-user of the protection in each computer is responsible for configuring the firewall. There are a series of rules predefined by Panda which establish permissions for common applications. The user can create or modify the rules from the options available in the local console’s firewall settings. Apply the following firewall settings (Managed mode) Administrators can define the configuration they want to apply to computers. This configuration is carried out from the Web administration console. Below is a description of the different settings available in each mode.      Panda Cloud Office Protection – Advanced Administration Guide 40 Panda Cloud Office Protection Advanced Administration Guide Managed firewall The  following  section  describes  the  settings  available for  firewalls  configured  in  Managed  mode,  both  from  the  Web  administration  console or the local console on the workstation or the server.  Configuration from the Web console  To configure the firewall in Managed mode, select the option Apply the following firewall settings in the Edit Profile screen.       Selecting this option enables the following settings: General: Global firewall protection configuration options. Programs: Configuration of Program rules. Intrusions: Configuration of the types of intrusions detected by the Firewall protection. System: Configuration of the System rules. We now describe the options included in each configuration section:     Panda Cloud Office Protection – Advanced Administration Guide 41 Panda Cloud Office Protection Advanced Administration Guide General This section contains the general firewall settings. The options are as follows: Enable firewall: Through this option, you can enable or disable the firewall protection in the workstations or servers of the selected profile. Network selection: The firewall behavior depends on the type of network the user is connected to. Select the type of network the computers that belong to the selected profile are connected to. The restrictiveness of the firewall will depend on the type of network: Public network: The network is visible to other users and therefore has a low security level. In this type of network, the firewall is configured more restrictively to increase computer security. Trusted network: Private network, not visible to users from the outside. In these cases, network security is already higher and the firewall behaves more permissively, yet without compromising computer security. As you will see later, administrators can define new program and system rules that only apply to computers configured with one network type, or which apply to both. This means that you will be able to define specific rules for each type of available network, or generic rules that apply to all types of networks.     Panda Cloud Office Protection – Advanced Administration Guide 42 Panda Cloud Office Protection Advanced Administration Guide Program rules In this section, you can define the connection permissions for applications running on computers. There is a series of predefined rules which establish permissions for common applications.     Below is a description of the available options: Enable Panda rules: You can enable or disable the set of predefined program rules. This set of rules includes the settings of the communication permissions for common applications, and is updated from Panda through the signature file.       Show: You can select the set of rules to display. Panda rules: The rules defined by Panda will be displayed. These rules cannot be configured by administrators, they can only be viewed, enabled or disabled. Panda Cloud Office Protection – Advanced Administration Guide 43 Panda Cloud Office Protection Advanced Administration Guide       User rules: The rules defined by the administrator will be displayed.     ..............................       In this case, no user rule has been defined for this profile. To create a new rule, click Add and access the next screen.     Panda Cloud Office Protection – Advanced Administration Guide 44 Panda Cloud Office Protection Advanced Administration Guide   Enter the executable file of the application want to create a rule for. You can do this in two ways: By clicking Browse: When you click the button, Windows Explorer will open. This will allow you to select the application you want to create a rule for. This is only possible if the application is installed on the computer from which you are accessing the Web administration console.   Program path: Enter the path of the application (on computers belonging to this profile).       Then, select the Communication permissions that will be granted to the program from the drop-down menu.       The types of connections are: No connection: The application will not be able to communicate. Consequently, all inbound and outbound connections will be denied. Panda Cloud Office Protection – Advanced Administration Guide 45 Panda Cloud Office Protection Advanced Administration Guide Allow inbound and outbound connections: The program will allow outbound and inbound connections (it will allow other programs or users to connect to it). Some programs, such as file exchange programs, require these types of permissions to operate correctly. Allow inbound connections: The program will allow inbound connections (from programs or users), but it will deny outbound connections. Allow outbound connections: The program will allow outbound connections, but will deny inbound connections (from other users or applications).   In order to deny all communications, select No connection and click OK to finish creating the rule.   The rule created will be added to the User rules list.        The User rules list lets you modify the type of communication configured in the rule created, by selecting any of the previously mentioned communication types: No connection Allow inbound and outbound connections Allow inbound connections Allow outbound connections Here there is a new type: Custom: In the previous connection types, inbound and outbound communication permissions are assigned to a program regardless of the communication ports, protocols, etc. If necessary, you can create advanced Panda Cloud Office Protection – Advanced Administration Guide 46 Panda Cloud Office Protection Advanced Administration Guide program connection rules by creating a Custom rule and indicating the ports, protocols, etc. the programs can use.            On selecting Custom as the communication type, the Settings button is enabled.     Click this button to access the Custom permission settings, where the rule settings are displayed.   Panda Cloud Office Protection – Advanced Administration Guide 47 Panda Cloud Office Protection Advanced Administration Guide     In this case, we will show you how to customize a No connection-type rule, which involves two firewall rules. - Deny inbound connections for all zones, protocols, ports and IPs. - eny outbound connections for all zones, protocols, ports and IPs. To customize each of these rules, select the rule to be modified and click Settings…       You will now see the Edit custom permission rule section, displaying the current rule settings. Panda Cloud Office Protection – Advanced Administration Guide 48 Panda Cloud Office Protection Advanced Administration Guide     In this section you can configure the following rule values: Action: This lets you configure the action to be taken by the rule: - Allow application communication. - Deny application communication.       Panda Cloud Office Protection – Advanced Administration Guide 49 Panda Cloud Office Protection Advanced Administration Guide Direction: This lets you configure the communication direction: Inbound: The rule will only apply to inbound communications aimed at the application. Outbound: The rule will only apply to outbound communications generated by the application.       Zone: This lets you define the zone in which the rule will be applied: -Trusted network: The rule will only apply to computers that belong to a profile with a network configured as a Trusted network. -Public network: The rule will only apply to computers that belong to a profile with a network configured as a Public network. - All: The rule will apply to all computers that belong to a profile, regardless of the zone configured.         Panda Cloud Office Protection – Advanced Administration Guide 50 Panda Cloud Office Protection Advanced Administration Guide   Protocol: This lets you define the communication protocol: -TCP: The rule will only apply to the communications carried out by the application through the TCP protocol. -UDP: The rule will only apply to the communications carried out by the application through the UDP protocol. -All: The rule will apply to all the communications carried out by the application through the TCP and UDP protocols.       Panda Cloud Office Protection – Advanced Administration Guide 51 Panda Cloud Office Protection Advanced Administration Guide ‐ Ports: In this section you can select the port(s): - All: It will apply to all the ports used by the application. - Custom: This lets you define the ports that the application rule will apply to. Selecting this option will enable the Custom field, where you can enter the port values: - Single port: Enter the port value (For example: 4662). - List of ports: Enter the list of ports separated by commas (For example: 4662, 4665). - Range of ports: Enter the list of ports separated by a dash (For example: 4662-4665). - Lists and ranges: Use a combination of the previous methods (For example: 4662, 4665-4670, 4675). - Predefined ports: A list of common ports.       - IPs: In this section you can select the IP address(es): - All: It will apply to all the IP addresses the application accesses. - Custom: This lets you define the IP address(es) the rule will apply to if they are accessed by the application. Selecting this option enables the Custom field, where you can enter the IP values: - Single IP: Enter the IP value (For example: 192.168.1.10). - List of IPs: Enter the list of IPs separated by commas (For example: 192.168.1.10, 192.168.1.15). - Range of IPs: Enter the list of IPs separated by a dash (For example: 192.168.1.10-192.168.1.15). - Lists and ranges: Use a combination of the previous methods (For example: 192.168.1.10, 192.168.1.15-192.168.1.20, 192.168.1.25).     Panda Cloud Office Protection – Advanced Administration Guide 52 Panda Cloud Office Protection Advanced Administration Guide     In this case, define a rule to deny inbound connections to port 57884 of the TCP protocol for all the IPs, which only applies to computers on Trusted networks.       Click OK to return to the Custom permission settings section, where a summary of the changes made to the rule is displayed:     Panda Cloud Office Protection – Advanced Administration Guide 53 Panda Cloud Office Protection Advanced Administration Guide     Repeat the same process to configure the rule for outbound connections:       In this case, define a rule to deny outbound connections to port 57884 of the TCP protocol for all the IPs, which only applies to computers on Trusted networks.   Panda Cloud Office Protection – Advanced Administration Guide 54 Panda Cloud Office Protection Advanced Administration Guide     Click OK to return to the Custom permission settings section, where a summary of the changes made to both rules is displayed:       Click OK to finish customizing the rule and return to the Edit profile section, where a list of the defined user rules (including the customized rule) will be displayed:   Panda Cloud Office Protection – Advanced Administration Guide 55 Panda Cloud Office Protection Advanced Administration Guide   Panda Cloud Office Protection – Advanced Administration Guide 56 Panda Cloud Office Protection Advanced Administration Guide To eliminate the rule created, select it from the user rules list, and click Delete.       A message will be displayed requesting confirmation to delete the rule.       If you click Yes, the rule will be deleted. If you click No, you will return to the Edit Profile screen and the rule will remain. Once you have defined the rules to apply to the profile’s computers, you can specify how the firewall behaves for applications without a defined rule:    Panda Cloud Office Protection – Advanced Administration Guide 57 Panda Cloud Office Protection Advanced Administration Guide     You can: - Allow access: The communications of all the applications without a defined rule will be allowed. - Deny access: The communications of all the applications without a defined rule will be denied.     Panda Cloud Office Protection – Advanced Administration Guide 58 Panda Cloud Office Protection Advanced Administration Guide Intrusions In this section you can configure the types of intrusions that will be detected by the firewall. You can enable or disable the detection of the following intrusions: Detection of IDS attacks: Detects intrusion attempts on the computer. Internet worm detector: Detects attacks launched by Trojans trying to spread.       Panda Cloud Office Protection – Advanced Administration Guide 59 Panda Cloud Office Protection Advanced Administration Guide System rules System rules (unlike application rules) affect all network communications. They work at protocol, port and service level, and have priority over application rules. In this section, you can create new rules, view existing rules, modify them or delete them. To make the configuration process easier, a series of rules predefined by Panda is provided.     Below is a description of the available options: Enable Panda rules: You can enable or disable the system rules predefined by Panda. This set of rules includes the settings of the communication permissions for the most popular network services, and can be updated from Panda through the signature file.         Show: Select the set of rules to be displayed: Panda rules: The rules defined by Panda will be displayed. These rules cannot be configured by administrators, they can only be viewed, enabled or disabled.     Panda Cloud Office Protection – Advanced Administration Guide 60 Panda Cloud Office Protection Advanced Administration Guide       User rules: The rules defined by the administrator are displayed.           In this case, no user rule has been defined for this profile. To create a new rule, click Add and go to the next screen.   Panda Cloud Office Protection – Advanced Administration Guide 61 Panda Cloud Office Protection Advanced Administration Guide      In this section you can configure the following rule values: Rule name: Identifier or description of the rule being created.       Action: This lets you configure the action to be taken by the rule: Allow communication. Deny communication.   Panda Cloud Office Protection – Advanced Administration Guide 62 Panda Cloud Office Protection Advanced Administration Guide     Direction: This lets you configure the communication direction: Inbound: The rule will only apply to inbound communications (generated externally and aimed at the computer). Outbound: The rule will only apply to outbound communications outbound communication generated in the computer).       Zone: This lets you define the zone in which the rule will be applied: Trusted network: The rule will only apply to computers that belong to a profile with a network configured as Trusted network. Public network: The rule will only apply to computers that belong to a profile with a network configured as Public network. Panda Cloud Office Protection – Advanced Administration Guide 63 Panda Cloud Office Protection Advanced Administration Guide All: The rule will apply to all computers that belong to a profile, regardless of the zone configured.       Protocol: This lets you define the communication protocol: TCP: The rule will only apply to communications carried out on the computer through the TCP protocol. UDP: The rule will only apply to communications carried out on the computer through the UDP protocol. ICMP services: The rule will only apply to communications carried out on the computer through different services that use the ICMP protocol. IP types: The rule will only apply to communications carried out on the computer through different services that use the IP protocol. .      If you select the TCP or UDP protocol, you can configure the following values: Panda Cloud Office Protection – Advanced Administration Guide 64 Panda Cloud Office Protection Advanced Administration Guide Local ports: Ports used by the local computer to communicate. Remote ports: Ports used by the target computer to communicate.       Panda Cloud Office Protection – Advanced Administration Guide 65 Panda Cloud Office Protection Advanced Administration Guide To configure the ports you can select one of the following values: All: This will apply to all the ports used by the application. Custom: This lets you define the ports that the application rule will apply to. Selecting this option enables the Custom field, where you can enter the port values: Single port: Enter the port value (For example: 4662). List of ports: Enter the list of ports separated by commas (For example: 4662, 4665). Range of ports: Enter the list of ports separated by a dash (For example: 4662-4665). Lists and ranges: Use a combination of the previous methods (For example: 4662, 4665-4670, 4675). Predefined ports: A list of common ports is provided. TCP:       Panda Cloud Office Protection – Advanced Administration Guide 66 Panda Cloud Office Protection Advanced Administration Guide UDP:       If you select the ICMP services protocol, you must select one or several fields displayed in the Services section, or select the value All for the rule to apply to all the ICMP Services.       If you select the IP types protocol, you must select one or several fields displayed in the Protocols to which it applies section, or select the value All for the rule to apply to all the IP Protocols.   Panda Cloud Office Protection – Advanced Administration Guide 67 Panda Cloud Office Protection Advanced Administration Guide     Finally, you can indicate the computers the rule will apply to, specifying the following fields: IPs: In this section you can configure the IP address(es) of the computers the rule will apply to: Single IP: Enter the IP value (For example: 192.168.1.10). List of IPs: Enter the list of IPs separated by commas (For example: 192.168.1.10, 192.168.1.15). Range of IPs: Enter the list of IPs separated by a dash (For example: 192.168.1.10-192.168.1.15). Lists and ranges: Use a combination of the previous methods (For example: 192.168.1.10, 192.168.1.15-192.168.1.20, 192.168.1.25). MAC: In this section you can configure the MACs of the computers the rule will apply to: Single MAC: Enter the MAC value (For example: 00:AF:C8:05:E0:FF). List of MACs: Enter the list of the MACs separated by commas (For example: 00:AF:C8:05:E0:FF, 08:06:AC:15:E2:FF).   Panda Cloud Office Protection – Advanced Administration Guide 68 Panda Cloud Office Protection Advanced Administration Guide     In this example we will show you how to define a rule to deny HTTP communications. This way, you will deny outbound connections to the remote port 80 of the TCP protocol for all the zones. This rule will apply to all the profile computers (without configuring the IP or MAC fields).       Click OK to finish creating the rule and return to the Edit profile section, where a list of the defined user rules (including the custom rule) will be displayed:   Panda Cloud Office Protection – Advanced Administration Guide 69 Panda Cloud Office Protection Advanced Administration Guide   To modify a parameter in the rule created, select the rule from the user rules list and click Settings. When you click the button, you will see the Edit system rule screen, where you can modify any parameter.       If you have a set of rules, the rules will be applied in descending order (from the first to the last). You can change the order by using the Up and Down buttons. To do so, select the rule you want to move and click the corresponding buttons to rearrange the list.   Panda Cloud Office Protection – Advanced Administration Guide 70 Panda Cloud Office Protection Advanced Administration Guide     To eliminate the rule created, select it from the user rules list, and click Delete.       A message will be displayed requesting confirmation to delete the rule.   Panda Cloud Office Protection – Advanced Administration Guide 71 Panda Cloud Office Protection Advanced Administration Guide     If you click Yes, the rule will be deleted. If you click No, you will return to the Edit Profile screen and the rule will remain.   Panda Cloud Office Protection – Advanced Administration Guide 72 Panda Cloud Office Protection Advanced Administration Guide Configuration from the local console    In Managed mode, the firewall can only be configured by the administrator from the Web administration console. The firewall cannot be configured from the local console on workstations or servers with the protection installed. In this case, users can only view the firewall protection status by selecting View firewall status from the right-click menu of the icon in the traybar.       On selecting this option, users will see a message indicating that the firewall settings are managed by the administrator only and they cannot carry out any action regarding the protection. Similarly, the protection status is displayed: Enabled or disabled.       Personal firewall The following section describes the settings options available for firewalls configured in Personal mode, both from the Web administration console or the local console on the workstation or the server. Configuration from the Web console  To configure the firewall in Personal mode, select the option Allow configuration of the firewall by the client in the Edit Profile screen.   Panda Cloud Office Protection – Advanced Administration Guide 73 Panda Cloud Office Protection Advanced Administration Guide     In Personal mode, the firewall is configured through the computer’s local console, not through the Web console. Selecting this option disables all other firewall settings options in the Web administration console.   Panda Cloud Office Protection – Advanced Administration Guide 74 Panda Cloud Office Protection Advanced Administration Guide Configuration from the local console    In Personal mode, the firewall can only be configured by the user of the workstation or server with the protection installed. The protection is configured from the firewall configuration local console. To access the local console, select Configure firewall from the menu displayed on right-clicking the icon in the traybar.       You will then access the firewall configuration local console.     Panda Cloud Office Protection – Advanced Administration Guide 75 Panda Cloud Office Protection Advanced Administration Guide General In this section, you can configure the general firewall settings.        These options are as follows: Enable firewall: Through this option, you can enable or disable the firewall protection of the workstation or server you are working on. If you disable the firewall protection, all the options in the local console will be disabled. Panda Cloud Office Protection – Advanced Administration Guide 76 Panda Cloud Office Protection Advanced Administration Guide Locations: There is a list with the network locations available on the computer. The following information is displayed for each network location: Name: Network location identifier. Zone: Type of network to which it is connected. The firewall behavior depends on the type of network the user is connected to (location awareness). The type of network is selected during the protection installation process but can be modified later on. The restrictiveness of the firewall will depend on the type of network: Public network: The network is visible to other users and therefore has a low security level. In this type of network, the firewall is configured more restrictively to increase computer security. Panda Cloud Office Protection – Advanced Administration Guide 77 Panda Cloud Office Protection Advanced Administration Guide Trusted network: Private network, not visible to users from the outside. In these cases, network security is already higher and the firewall behaves more permissively, yet without compromising computer security. As you will see later, you can define new rules or configure existing ones so that they only apply to computers configured with one type of network, or apply to both. This means you will be able to define specific rules for each type of available network, or generic rules that apply to all types of networks. Type: This describes the type of connection (Ethernet, Wi-Fi, Modem…). The location name and zone are automatically set during the firewall installation with the following criteria: Name: This is automatically generated from the type of connection detected. A number is added to differentiate locations with the same type of connection (E.g.: Ethernet 1, Ethernet 2, WiFi 1). You can change the location name to a more descriptive one (Work, Airport...) Zone: This is automatically established according to the type of IP address assigned to the network adapter connected. The criteria is the following: Private IP address: Trusted location. Public IP address: Public location. As in the case of the name, the automatic zone settings can be modified later on in order to adapt to the location’s real security needs. To modify these values, click Settings in the General tab in the firewall configuration screen. Panda Cloud Office Protection – Advanced Administration Guide 78 Panda Cloud Office Protection Advanced Administration Guide     The screen lets you change both the location name and the zone assigned to it.     Click Details to display information about the adapter you are configuring. This button is also available in the General tab in the firewall configuration console. Panda Cloud Office Protection – Advanced Administration Guide 79 Panda Cloud Office Protection Advanced Administration Guide         If a new network adapter is installed on the computer, the firewall protection will detect and classify it automatically, according to the previous criteria. The following message is displayed to inform users that a new adapter has been detected.       Click Classify to access the screen for configuring the new location. The screen displays the name and zone assigned automatically, although you can alter these values. Panda Cloud Office Protection – Advanced Administration Guide 80 Panda Cloud Office Protection Advanced Administration Guide       In this case, change the zone automatically assigned to the location, configuring it as Public location.     Click Close to apply the changes. Check that the new location has been correctly configured by opening the firewall configuration screen and checking the list of locations in the General tab.   Panda Cloud Office Protection – Advanced Administration Guide 81 Panda Cloud Office Protection Advanced Administration Guide         Panda Cloud Office Protection – Advanced Administration Guide 82 Panda Cloud Office Protection Advanced Administration Guide Program rules    This section lets you configure rules to establish communication permissions for the applications installed on the computer. Below you can see the configuration options available:       In the Programs tab there is a list of the application rules configured in the firewall. This list is filtered to avoid displaying operating system programs. However, if you want to view them, select the Show operating system programs checkbox.               Panda Cloud Office Protection – Advanced Administration Guide 83 Panda Cloud Office Protection Advanced Administration Guide     You can undo all the changes made to the program rules and return to the original product settings by clicking Restore. Panda Cloud Office Protection – Advanced Administration Guide 84 Panda Cloud Office Protection Advanced Administration Guide     A message will be displayed, indicating that any changes made will be lost.       When you accept, all the rules you have created and the changes made will be deleted, and the initial product rules will be restored. To create a new rule, click Add.   Panda Cloud Office Protection – Advanced Administration Guide 85 Panda Cloud Office Protection Advanced Administration Guide   The following screen will be displayed:       Enter the executable file of the application want to create a rule for. You can do this in two ways: Program path: Enter the path of the application for which the rule will be created. Panda Cloud Office Protection – Advanced Administration Guide 86 Panda Cloud Office Protection Advanced Administration Guide By clicking Browse: When you click the button, Windows Explorer will open. This will allow you to select the application you want to create a rule for.       Once you have selected the executable file, click Open to return to the Add Program screen, where the path of the selected executable file will be displayed:       Then, select the Communication permissions that will be granted to the program from the drop-down menu.   Panda Cloud Office Protection – Advanced Administration Guide 87 Panda Cloud Office Protection Advanced Administration Guide     The types of connections are: No connection: The application will not be able to communicate. Consequently, all inbound and outbound connections will be denied. Allow inbound and outbound connections: The program will allow outbound and inbound connections (it will allow other programs or users to connect to it). Some programs, such as file exchange programs, require these types of permissions to operate correctly. Allow inbound connections: The program will allow inbound connections (from programs or users), but it will deny outbound connections. Allow outbound connections: The program will allow outbound connections, but will deny inbound connections (from other users or applications). In this case, to allow all types of communications to the application, select the Allow inbound and outbound connections option, and click OK to finish creating the rule.       Panda Cloud Office Protection – Advanced Administration Guide 88 Panda Cloud Office Protection Advanced Administration Guide The rule created will be added to the Program rules list.        In the Program rules list you can modify the communication type by selecting: No connection Allow inbound and outbound connections Allow inbound connections Allow outbound connections   Panda Cloud Office Protection – Advanced Administration Guide 89 Panda Cloud Office Protection Advanced Administration Guide     In the previous connection types, inbound and outbound communication permissions are assigned to a program regardless of the communication ports, protocols, etc. If necessary, administrators can create advanced program connection rules through the Custom permissions option, indicating the ports, protocols, etc. the programs can use. This option is available when a new rule is created or an existing rule is modified.   Panda Cloud Office Protection – Advanced Administration Guide 90 Panda Cloud Office Protection Advanced Administration Guide Creating a new rule     Modifying an existing rule       Click this button to access the Custom permission screen, where the rule settings are displayed.   Panda Cloud Office Protection – Advanced Administration Guide 91 Panda Cloud Office Protection Advanced Administration Guide     In this case, we will show you how to customize an Allows inbound and outbound connections-type rule. Internally, this involves two different firewall rules. Allow inbound connections for all zones, protocols, ports and IPs. Allow outbound connections for all zones, protocols, ports and IPs. To customize each of these rules, select the rule to be modified and click Settings…        Panda Cloud Office Protection – Advanced Administration Guide 92 Panda Cloud Office Protection Advanced Administration Guide Click this button to access the Application rule settings, where the current rule settings are displayed.       In this section you can configure the following rule values: Action: It allows you to configure the action to be carried out by the rule: Allow application communication. Deny application communication.       Direction: This lets you configure the communication direction: Panda Cloud Office Protection – Advanced Administration Guide 93 Panda Cloud Office Protection Advanced Administration Guide Inbound: The rule will only apply to inbound communications to the application. Outbound: The rule will only apply to outbound communications generated by the application.       Zone: This lets you define the zone in which the rule will be applied:   Trusted network: The rule will only apply to computers that belong to a profile with a network configured as a Trusted network. Public network: The rule will only apply to computers that belong to a profile with a network configured as a Public network. All: The rule will apply to all computers that belong to a profile, regardless of the zone configured.   Panda Cloud Office Protection – Advanced Administration Guide 94 Panda Cloud Office Protection Advanced Administration Guide     Protocol: This lets you define the communication protocol:   TCP: The rule will only apply to the communications carried out by the application through the TCP protocol. UDP: The rule will only apply to the communications carried out by the application through the UDP protocol. TCP/UDP: The rule will apply to all the communications carried out by the application through the TCP and UDP protocols.       Port: In this section you can select the port(s): Panda Cloud Office Protection – Advanced Administration Guide 95 Panda Cloud Office Protection Advanced Administration Guide All: This will apply to all the ports used by the application. Customized: This lets you define the ports that the application rule will apply to. Selecting this option enables the Customized field, where you can enter the port values: Single port: Enter the port value (For example: 4662). List of ports: Enter the list of ports separated by commas (For example: 4662, 4665). Range of ports: Enter the list of ports separated by a dash (For example: 4662-4665). Lists and ranges: Use a combination of the previous methods (For example: 4662, 4665-4670, 4675). Predefined ports: A list of common ports is provided.         IP addresses: In this section you can select the IP address(es): Not specified: If no value is specified in this field, the rule will apply to all the IP addresses the application accesses. Customized: This lets you define the IP address(es) the rule will apply to if they are accessed by the application: Single IP: Enter the IP value (For example: 192.168.1.10). List of IPs: Enter the list of IPs separated by commas (For example: 192.168.1.10, 192.168.1.15). Range of IPs: Enter the list of IPs separated by a dash (For example: 192.168.1.10-192.168.1.15). Lists and ranges: Use a combination of the previous methods (For example: 192.168.1.10, 192.168.1.15-192.168.1.20, 192.168.1.25).   Panda Cloud Office Protection – Advanced Administration Guide 96 Panda Cloud Office Protection Advanced Administration Guide       In this case, define a rule to allow inbound connections to port 57884 of the TCP/UDP protocol for all the IPs, which applies to all zones.       Click OK to return to the Custom permission window, where you will see a summary of the changes made to the rule:     Panda Cloud Office Protection – Advanced Administration Guide 97 Panda Cloud Office Protection Advanced Administration Guide     Repeat the same process to configure the rule for outbound connections by selecting the rule and clicking Settings:       In this case, define a rule to allow outbound connections to port 57884 of the TCP/UDP protocol for all the IPs, which applies to all zones.   Panda Cloud Office Protection – Advanced Administration Guide 98 Panda Cloud Office Protection Advanced Administration Guide     Click OK to finish editing the outbound connection rule and return to the Custom permissions window, where you will see a summary of the changes made to the rule:       Click OK to finish customizing the rule and return to the Programs tab, where you will see the list of the defined user rules (including the customized rule):   Panda Cloud Office Protection – Advanced Administration Guide 99 Panda Cloud Office Protection Advanced Administration Guide     To eliminate the rule created, select it from the user rules list, and click Delete.   Panda Cloud Office Protection – Advanced Administration Guide 100 Panda Cloud Office Protection Advanced Administration Guide     The program rules can be created automatically by selecting the Enable automatic assigning of permissions checkbox.     Panda Cloud Office Protection – Advanced Administration Guide 101 Panda Cloud Office Protection Advanced Administration Guide     If this option is selected, the firewall protection will allow you to create user rules as follows:   Outbound connections: The firewall protection will automatically create rules for the applications that: Run on the computer and require permissions to establish outbound connections. And do not have associated program rules. Inbound connections: In this case the firewall protection will distinguish between trusted and nontrusted applications. Panda trusted applications: The firewall protection will automatically generate a rule for trusted applications. Panda non-trusted applications: The firewall protection will display a local warning where you can allow or deny inbound connections from the application. As with outbound connections, it will apply to applications that: Run on the computer and require permissions to establish inbound connections. And do not have associated program rules. Panda Cloud Office Protection – Advanced Administration Guide 102 Panda Cloud Office Protection Advanced Administration Guide If the checkbox is not selected, the firewall protection will display local warnings, requiring permissions for every application that runs on the computer, does not have associated rules and requires establishing inbound or outbound connections. For example: Select the Enable automatic assigning of permissions checkbox and search for an application without a program rule.        Run the application (a Web browser that requires outbound connections). In this case, the browser will directly access the Internet without user intervention, as the firewall has automatically created the necessary rule. Panda Cloud Office Protection – Advanced Administration Guide 103 Panda Cloud Office Protection Advanced Administration Guide     Run another application without a rule created in the firewall (a P2P program that requires outbound and inbound connections). In this case, the firewall will automatically create the necessary rule for the application to establish outbound connections, and will display a local warning requesting permissions to establish outbound connections. Panda Cloud Office Protection – Advanced Administration Guide 104 Panda Cloud Office Protection Advanced Administration Guide     Local warnings provide the following options: Deny the connection now: The connections will be denied (in this case inbound connections) while the application is running. This action does not create a rule in the firewall. Consequently, the next time the application runs, a local warning requesting permissions will be displayed again. Always deny the connection: The connections will be denied (in this case outbound connections), and a rule is created in the firewall. Consequently, the next time the application runs, no local warnings requesting permissions will be displayed. Allow the connection now: The connections will be allowed (in this case inbound connections) while the application is running. This action does not create a rule in the firewall. Consequently, the next time the application runs, a local warning requesting permissions will be displayed again. Always allow this connection: The connections will be allowed (in this case inbound connections), and a rule is created in the firewall. Consequently, the next time the application runs, no local warnings requesting permissions will be displayed. In this case, select the Always allow this connection option, and click OK:       Panda Cloud Office Protection – Advanced Administration Guide 105 Panda Cloud Office Protection Advanced Administration Guide     This way, an Allow inbound connections rule will be created for the application. And, as the firewall has automatically created the Allow outbound connections rule, the application will have an Allow inbound and outbound connections rule.     Panda Cloud Office Protection – Advanced Administration Guide 106 Panda Cloud Office Protection Advanced Administration Guide         Now, clear the Enable automatic assigning of permissions checkbox and search for an application without a program rule.    Panda Cloud Office Protection – Advanced Administration Guide 107 Panda Cloud Office Protection Advanced Administration Guide     Run an application (a Web browser that requires outbound connections). In this case the browser will not access the Internet, and a local warning will be displayed requesting permissions. Panda Cloud Office Protection – Advanced Administration Guide 108 Panda Cloud Office Protection Advanced Administration Guide           Panda Cloud Office Protection – Advanced Administration Guide 109 Panda Cloud Office Protection Advanced Administration Guide In this case, select Always allow this connection and click OK. This way, an Allow inbound connections rule will be created for the application.       Panda Cloud Office Protection – Advanced Administration Guide 110 Panda Cloud Office Protection Advanced Administration Guide Intrusions In this section you can configure the types of intrusions that will be detected by the firewall. You can enable or disable the detection of the following intrusions: IDS attack detector: Detects intrusion attempts on the computer. Internet worm detector: Detects attacks launched by Trojans trying to spread. .      Panda Cloud Office Protection – Advanced Administration Guide 111 Panda Cloud Office Protection Advanced Administration Guide Services    The service rules defined by Panda are displayed in this section. Users cannot delete them nor create new ones. They can only enable/disable the services and configure the location (Trusted network or Public network).       Panda Cloud Office Protection – Advanced Administration Guide 112 Panda Cloud Office Protection Advanced Administration Guide System rules System rules (unlike application rules) affect all network communications. They work at protocol, port and service level, and have priority over application rules. In this section computer users can create new rules, view existing rules, modify them or delete them. To make the configuration process easier, a series of rules predefined by Panda is provided.       To create a new rule, click Add and access the next screen.   Panda Cloud Office Protection – Advanced Administration Guide 113 Panda Cloud Office Protection Advanced Administration Guide     In this section you can configure the following rule values: Rule name: Identifier or description of the rule that is being created.     Action: This lets you configure the action to be taken by the rule: Allow communication. Deny communication. Panda Cloud Office Protection – Advanced Administration Guide 114 Panda Cloud Office Protection Advanced Administration Guide     Direction: This lets you configure the communication direction: Inbound: The rule will only apply to inbound communications (generated externally and aimed at the computer). Outbound: The rule will only apply to outbound communications (outbound communication generated on the computer).       Panda Cloud Office Protection – Advanced Administration Guide 115 Panda Cloud Office Protection Advanced Administration Guide Zone: This lets you define the zone in which the rule will be applied: Trusted network: The rule will only apply to computers that belong to a profile with a network configured as a Trusted network. Public network: The rule will only apply to computers that belong to a profile with a network configured as a Public network. All: The rule will apply to all computers that belong to a profile, regardless of the zone configured.       Protocol: This lets you define the communication protocol: TCP/UDP: The rule will only apply to communications carried out on the computer through the TCP or UDP protocols. TCP: The rule will only apply to communications carried out on the computer through the TCP protocol. UDP: The rule will only apply to communications carried out on the computer through the UDP protocol. IP: The rule will only apply to communications carried out on the computer through different services that use the IP protocol. ICMP: The rule will only apply to communications carried out on the computer through different services that use the ICMP protocol.     Panda Cloud Office Protection – Advanced Administration Guide 116 Panda Cloud Office Protection Advanced Administration Guide     If you select the TCP, UDP or TCP/UDP protocol, you can configure the following values: Local ports: Ports used by the local computer to communicate. Remote ports: Ports used by the target computer to communicate. To configure the ports you can select one of the following values: All: This will apply to all the ports used by the application. Customized: This lets you define the ports that the application rule will apply to. Selecting this option enables the Customized field, where you can enter the port values: Single port: Enter the port value (For example: 4662). List of ports: Enter the list of ports separated by commas (For example: 4662, 4665). Range of ports: Enter the list of ports separated by a dash (For example: 4662-4665). Lists and ranges: Use a combination of the previous methods (For example: 4662, 4665-4670, 4675). Predefined ports: A list of common ports is provided. Local ports:   Panda Cloud Office Protection – Advanced Administration Guide 117 Panda Cloud Office Protection Advanced Administration Guide     Remote ports:       If you select the IP protocol, you must select one or several fields in the Services section. Panda Cloud Office Protection – Advanced Administration Guide 118 Panda Cloud Office Protection Advanced Administration Guide     If you select the ICMP protocol, you must select one or several fields in the Services section.       Finally, you can indicate the computers the rule will apply to, specifying the following fields: IP addresses: In this section you can configure the IP address(es) of the computers the rule will apply to: Single IP: Enter the IP value (For example: 192.168.1.10). Panda Cloud Office Protection – Advanced Administration Guide 119 Panda Cloud Office Protection Advanced Administration Guide List of IPs: Enter the list of IPs separated by commas (For example: 192.168.1.10, 192.168.1.15). Range of IPs: Enter the list of IPs separated by a dash (For example: 192.168.1.10-192.168.1.15). Lists and ranges: Use a combination of the previous methods (For example: 192.168.1.10, 192.168.1.15-192.168.1.20, 192.168.1.25). MAC addresses: In this section you can configure the MACs of the computers the rule will apply to: Single MAC: Enter the MAC value (For example: 00:AF:C8:05:E0:FF). List of MACs: Enter the list of the MACs separated by commas (For example: 00:AF:C8:05:E0:FF, 08:06:AC:15:E2:FF).       In this example we will show you how to define a rule to deny HTTP communications. This way, you will deny outbound connections to the remote port 80 of the TCP protocol for all the zones. This rule will apply to all the computers (without configuring the IP or MAC fields).   Panda Cloud Office Protection – Advanced Administration Guide 120 Panda Cloud Office Protection Advanced Administration Guide   Click OK to finish creating the rule and return to the System tab:        To modify a parameter in the rule created, select the rule from the list and click Settings. When you click the button, you will see the System rule settings screen, where you can modify any parameter. Panda Cloud Office Protection – Advanced Administration Guide 121 Panda Cloud Office Protection Advanced Administration Guide       Once there is a set of rules defined, they will be applied in descending order (from the first to the last). You can change the order by using the Up and Down buttons. To do so, select the rule you want to move and click the corresponding buttons to rearrange the list. Panda Cloud Office Protection – Advanced Administration Guide 122 Panda Cloud Office Protection Advanced Administration Guide     To eliminate the rule created, select it from the user rules list, and click Delete. Panda Cloud Office Protection – Advanced Administration Guide 123 Panda Cloud Office Protection Advanced Administration Guide     You can undo all the changes made to the system rules and return to the original product settings by clicking Restore.   Panda Cloud Office Protection – Advanced Administration Guide 124 Panda Cloud Office Protection Advanced Administration Guide     A message will be displayed, indicating that any changes made will be lost.       When you accept, all the rules you have created and the changes made will be deleted, and the initial product rules will be restored. Rule priority  The rules used by the firewall protection have the following order of priority:  System rules: User-defined system rules System rules defined by Panda Panda Cloud Office Protection – Advanced Administration Guide 125 Panda Cloud Office Protection Advanced Administration Guide Service rules:  Service rules defined by Panda Application rules User-defined system rules System rules defined by Panda    In each type of rule the priority is established according to the order in the console. This way, the first is applied before the second, the second before the third, and so on. Panda rules These rules are defined and updated from Panda, and configure the firewall with a minimum set of rules to prevent affecting operating system performance. These rules are created during the protection installation process, checking which applications installed on the computer coincide with applications included in the Panda rules. These rules behave differently depending on the type of firewall: Personal firewall: Panda rules can be individually modified or deleted. Managed firewall: You must enable or disable ALL Panda rules (not individually). There is a set of Panda rules that cannot be modified by the user, as they regulate internal processes to ensure the protection operates correctly. Panda Cloud Office Protection – Advanced Administration Guide 126 Panda Cloud Office Protection Advanced Administration Guide System rule examples Below is a set of system rules defined from the Web administration console, which can be used as an example for creating similar rules. Allow Panda Cloud Office Protection Agent (TCP)  This rule allows the necessary TCP connections for the correct performance of the Panda Cloud Office Protection Communications Agent. In this case, outbound connections to the remote ports 18226 and 21226 of the TCP protocol are allowed:       Panda Cloud Office Protection – Advanced Administration Guide 127 Panda Cloud Office Protection Advanced Administration Guide Allow Panda Cloud Office Protection Agent (UDP)    This rule allows the necessary UDP connections for the correct performance of the Panda Cloud Office Protection Communications Agent. In this case, outbound connections to the remote ports 18226 and 21226 of the UDP protocol are allowed:     Panda Cloud Office Protection – Advanced Administration Guide 128 Panda Cloud Office Protection Advanced Administration Guide Allow HTTP  This rule allows the necessary connections for the http protocol, used for Internet connectivity. In this case, outbound connections to the remote port 80 of the TCP protocol are allowed:     Panda Cloud Office Protection – Advanced Administration Guide 129 Panda Cloud Office Protection Advanced Administration Guide Allow HTTPS  This rule allows the necessary connections for the https protocol, used for secure Internet connectivity. In this case, outbound connections to the remote port 443 of the TCP protocol are allowed:     Panda Cloud Office Protection – Advanced Administration Guide 130 Panda Cloud Office Protection Advanced Administration Guide Allow POP3    This rule allows the necessary connections for the POP3 protocol, used to send email. In this case, outbound connections to the remote port 110 of the TCP protocol are allowed:       Panda Cloud Office Protection – Advanced Administration Guide 131 Panda Cloud Office Protection Advanced Administration Guide Allow SMTP  This rule allows the necessary connections for the SMTP protocol, used to receive email. In this case, outbound connections to the remote port 25 of the TCP protocol are allowed:       Allow DNS This rule allows the necessary connections for domain name resolution. In this case, outbound connections to the remote port 53 of the UDP protocol are allowed. Allow DHCP  This rule allows the connections necessary for the automatic assigning of IP through DHCP. In this case, outbound connections to local ports 67-68 of the UDP protocol are allowed:   Allow Netbios (TCP) This rule allows the TCP connections necessary for computer name resolution through the Netbios protocol. In this case, outbound connections to the remote port 139 of the TCP protocol are allowed: Panda Cloud Office Protection – Advanced Administration Guide 132 Panda Cloud Office Protection Advanced Administration Guide     Panda Cloud Office Protection – Advanced Administration Guide 133 Panda Cloud Office Protection Advanced Administration Guide Allow Netbios (UDP)  This rule allows the UDP connections necessary for computer name resolution through the Netbios protocol. In this case, outbound connections to the remote ports 137 and 138 of the UDP protocol are allowed:     Panda Cloud Office Protection – Advanced Administration Guide 134 Panda Cloud Office Protection Advanced Administration Guide Deny TCP  This rule denies outbound TCP connections which have not been allowed in the previously defined rules.       This rule must be defined in an inferior position to those previously explained, as the rules are applied in the order in which they are displayed in the Client Console. If it is defined in a superior position, the rules for allowing outbound TCP communications would become void due to this rule.     Panda Cloud Office Protection – Advanced Administration Guide 135 Panda Cloud Office Protection Advanced Administration Guide Deny UDP  This rule denies outbound UDP connections which have not been allowed in the previously defined rules.     This rule must be defined in an inferior position to those previously explained, as the rules are applied in the order in which they are displayed in the Client Console. If it is defined in a superior position, all the rules for allowing outbound UDP communications would become void due to this rule.         Panda Cloud Office Protection – Advanced Administration Guide 136 Panda Cloud Office Protection Advanced Administration Guide Chapter 7: Creating groups Creating groups Panda Cloud Office Protection lets you group a series of computers and apply the same protection profile to the whole group. Click Installation and settings > Group, to open the main Groups window. As you create groups and associate them to profiles, the groups will appear here, with their name and profile. The information is divided into four columns: Name, Profile, Max. number of installations, and Expiry date. The last two will only be available if you have selected the Assign restrictions to groups option in the Preferences window. By default the application shows the Default group and profile. None of these can be deleted. 1. Click Create new group to access the Edit group window. Enter the name of the group in the corresponding text box. 2. In the Profile menu, select the profile to assign to the group. If you selected the Assign restrictions to groups option in the Preferences window, you will be able to select the expiry date and the maximum number of installations for the group, by using the corresponding checkboxes. 1. Once you have assigned the name and the profile, you can select the computers to belong to the group from Available computers. To do this: Panda Cloud Office Protection – Advanced Administration Guide 137 Panda Cloud Office Protection Advanced Administration Guide 2. Select the computers and click Assign. 3. Click the Computers in group tab, and check that the computers have been correctly assigned to the group. 4. If you want to move any computer from one group to another, select it and choose the group in the Move selected computers to the group drop-down menu. Then click Move. 5. Click OK and the application will display the main Groups window. The group you have just created will appear with its name and profile on the list. 6. If you want to remove any group, select the checkbox of the group you want to remove and click Delete. Remember that if you eliminate any group all corresponding data will be lost. Panda Cloud Office Protection – Advanced Administration Guide 138 Panda Cloud Office Protection Advanced Administration Guide Chapter 8: Installing the protection Recommendations prior to installation Proxy settings if needed to access Collective Intelligence servers If you want your equipment is at all times connected to Collective Intelligence servers, servers is necessary to have Internet access. Ensure that computers have access, and if this is done through a proxy, be sure this is properly configured. Computer requirements Regardless of the installation method to use, it is advisable to check the requirements to be met by the computers the protection is to be installed on. Presence of other protection software on computers It is very important that before installing Panda Cloud Office Protection on computers, you make sure that no other antivirus or security solution is installed. Most of these will be detected and uninstalled automatically by the Panda Cloud Office Protection installer. To consult the list of antivirus products that Panda Cloud Office Protection uninstalls automatically, click here. If yours is not on the list, uninstall it manually (Control panel > Add or remove programs) before installing. Closing other applications during installation It is advisable to close all other applications during installation. This is particularly important with email applications, as if they are not closed during installation this may lead to an error in the email protection. This error would appear when placing the cursor on the Protections column in the Detection details window. To fix this, it would be necessary to restart the computer. The console would then update the protection status, fixing the error. Configuring exclusions in the file protection for servers with Exchange Server To prevent interference between Panda Cloud Office Protection servers and Exchange servers, any servers with Panda Cloud Office Protection should have a series of folders excluded from the file protection. For more information, go to the Tech Support center. Installation modes Panda Cloud Office Protection offers two ways to install the protection: In both cases, the process includes the download and installation of the administration agent(.msi), which in turn starts the process of installing the protection on the computers. If any error occurs when installing the agent, a message is displayed with the error code, a brief description, and a link to the corresponding Help pages. 1. Installing the protection with the installation program You can install the protection on computers either manually or using your own network tools. 2. Installing the protection with the distribution tool Panda Cloud Office Protection – Advanced Administration Guide 139 Panda Cloud Office Protection Advanced Administration Guide After downloading and installing the distribution tool on a computer, you can use it to distribute and install the protection on the other selected computers. This method is advisable when you don't want the user to intervene in the installation process. It is also time efficient as it is not necessary to launch the installation individually on each computer. If, due to your security needs or the configuration of your computer network, you don't need to create new profiles, you can perform a quick installation. In this case you must also choose between the installation methods above, but the installation process will be shorter as you will not be creating additional profiles or groups. It is very important in all cases that, before installing Panda Cloud Office Protection the protection on computers, you make sure that no other antivirus or security solution is installed. To do this, check the Recommendations prior to installation. Quick installation If you don't need to create profiles or groups other than those created by default by Panda Cloud Office Protection –both called Default- , you can carry out a quick installation of the protection. In this case you must also choose between the installation methods above, but the installation process will be shorter as you will not be creating additional profiles or groups. 1. If you want to modify the Default profile settings, click on the name of the profile (Default) in the Installation program profiles window. 2. You will see the Edit profile window. 3. Configure the profile as detailed in the sections on General settings, Antivirus protection settings, and Firewall protection settings. If later you want to restore the default profile, you can do so using the Restore the default settings option in the Edit profile window. 4. In the Installation and settings area, click Installation and select the Default group 5. Select the language and profile you want to assign. 6. Install the protection on the computers you want to protect. Use the installation mode that best adapts to your needs and the characteristics of your IT network. Installing the protection with the installation program Downloading the installation program Before installing the protection, don't forget to check the requirements that the computers must meet. Select the group of computers on which you want to install the protection from the Group drop-down menu. 1. In the Installation and Settings area, click Use installation program and then Download installation program. Panda Cloud Office Protection – Advanced Administration Guide 140 Panda Cloud Office Protection Advanced Administration Guide 2. In the download dialog box, select Save, then, once it has downloaded, run the file from the directory you have saved it to. A wizard will guide you through the installation process. 3. Distribute the protection to the rest of the computers in the network. To do this you can use your own tools or install it manually. Sending the link via email Click Send via email. Automatically, users will receive an email with the download link. Click the link to start downloading the installer. Installing the protection with the distribution tool Downloading the distribution tool Before downloading the distribution tool, check the requirements that the computers must meet. The distribution tool lets you install the protection centrally, avoiding manual intervention from users throughout the process. 1. In Installation and settings, click Download distribution tool. 2. In the download dialog box, select Save, then, once it has downloaded, run the file from the directory you have saved it to. A wizard will guide you through the installation process. Once you have installed the Panda Cloud Office Protection distribution tool, you have to open it in order to deploy the protection on to the computers. You will then see the main window from which you can install and uninstall the protection. Panda Cloud Office Protection – Advanced Administration Guide 141 Panda Cloud Office Protection Advanced Administration Guide Installing the protection When selecting the computers to which to install the protection, the distribution tool lets you do this on the basis of two criteria: by domains or by IP address/computer name. By domain 1. Click Install protection. 2. Click By domains. 3. Indicate the group of computers (optional). 4. In the tree, find the computers to which you want to distribute the protection, and enable the corresponding checkboxes. You can also enter a user name and password with administrator privileges on the selected computers. It is advisable to use a domain administrator password. In this way you won't have to specify the user name and password of every computer. By IP or computer name 1. Click By IP or computer name. 2. Indicate the group of computers (optional). 3. Select the computers to which you want to distribute the protection. You can indicate the computers' names, IP addresses or IP address range, separating this data with commas. Click Add to add them to the list, or Delete to remove them. Example of individual IP : 127.0.0.1 Example of group name: EQUIPO03 Example of a range of IP’s: 192.0.17.5-192.0.17.145 You can also enter a user name and password with administrator privileges on the selected computers. It is advisable to use a domain administrator password. In this way you won't have to specify the user name and password of every computer. For more information about the task, enable the Events log (View menu) Installation using other tools If you often use other network distribution tools you can use them to distribute the protection. Installation cases Installing Panda Cloud Office Protection on computers without any protection installed 1. Access the Web Console and enter your login email and password. 2. Create a new profile (or use the default profile, depending on your needs). 3. Configure the antivirus protection and/or the firewall protection for the new profile. 4. Create a new group (optional). 5. Install the protection. Use the installation method that best adapts to your needs and the characteristics of your computer network. Panda Cloud Office Protection – Advanced Administration Guide 142 Panda Cloud Office Protection Advanced Administration Guide Installing Panda Cloud Office Protection on computers with protection installed The installation process is similar to the previous one. However, it is very important that before installing Panda Cloud Office Protection on computers, you make sure that no other antivirus or security solution is installed. To do this, check the Recommendations prior to installation. In most cases, when installing the new protection and uninstalling the previous protection, you will need to restart the computer once (twice at most). Automatically uninstalling other protections Most other security solutions are detected by Panda Cloud Office Protection when starting the installation process and uninstalled automatically. You can consult a list of the antiviruses that Panda Cloud Office Protection uninstalls automatically by clicking here. If yours is not on the list, uninstall it manually (Control panel > Add or remove programs) before installing. Panda Cloud Office Protection – Advanced Administration Guide 143 Panda Cloud Office Protection Advanced Administration Guide Chapter 9: Protection status The Status area is divided into three sections: Notifications, Licenses and Antivirus protection. Notifications This area is only displayed when there are issues that may be of interest to you, such as the availability of new product versions or warnings about technical incidents, messages about your license status, or any critical issue that requires your attention. When licenses expire your computers will cease to be protected, and so it is advisable to buy more licenses by contacting your reseller or sales advisor. Licenses Here you can see the number of Panda Cloud Office Protection licenses that you have contracted and their expiry date. For more information about license management, go to the License management section. If you have more than one maintenance contract and want to access the complete list of licenses, click See more... If a maintenance contract expires within 30 days and, once expired, the number of licenses consumed exceeds the number of licenses contracted, you can use the option to cancel licenses. To do this, click Select licenses to release and you will go to the License cancellation window. If you are a user with total control permissions, you can cancel licenses on the computer that you select. If you choose this option, the affected computers will cease to be protected, and once the expiry date has been exceeded they will automatically be blacklisted. List of licenses The window is divided into four columns: Expiry date, Contracted (total number of licenses contracted), Type (type of licenses), and Units (details of the protection contracted: antivirus, firewall, or both). As licenses expire they will disappear from the list. Antivirus protection In this section there are two panels displaying the antivirus protection status, depending on the type and source of the detections. To see detections over a given period of time, select an option in the Period menu and click Apply. Detections by type displays detections of each type of threat. Detections by source tells you the origin of the detection. You will find definitions of the different types of threats in the Key concepts section. Click on the images to expand them. You can also print them. If you want to see a list of scheduled scans, click the Scheduled scans link. Click List of detections for more information about detections. Panda Cloud Office Protection – Advanced Administration Guide 144 Panda Cloud Office Protection Advanced Administration Guide The list of detections shows the items detected over the last seven days. Scheduled scans From this screen you can see at all times which scheduled scan jobs have been created for the different settings profiles, and access the results of these jobs. To access this window, click the Scheduled scans link in the Status window. The information is structured in four columns: Name. Displays the name of the scheduled scan job. If you click the job name, you will see the window with the results of the scheduled scan. Profile. This specifies the settings profile to which the scheduled scan belongs. Frequency. This details the type of scan (periodic, immediate, scheduled). Task status. This column uses a series of icons to indicate the status of the scan task (Waiting, In progress, Finished, Finished with errors, Timeout exceeded). You can access the list of icons by placing the cursor on the option Key. Results of the scheduled scan jobs In this window you will see a list of computers subject to the scan jobs, unless the scan status is Waiting. If it is a periodic scan, you can choose between the options See result of last scan or See results of previous scans. The data is displayed in six columns: Computer This indicates which computer was subject to the scan. The computer will be listed by name or IP address, in accordance with your selection in the Preferences window. Group The group to which the computer belongs. Status. In this column there is a series of icons to indicate the status of the computer (Error, Scanning, Finishing, Timeout exceeded). You can access the list of icons by placing the cursor on the option Key. Detections Here you can see the number of detections during the scan. Click the number to access a list of detections. Start date Indicates the task start date and time. End date. Indicates the task end date and time. If you want to consult the configuration of the scheduled scans for this profile, click See settings. List of detections The detection monitoring feature allows you to carry out searches of your network to know when your computers have been in danger, what types of threats have been detected, and which action was taken against them. Panda Cloud Office Protection – Advanced Administration Guide 145 Panda Cloud Office Protection Advanced Administration Guide 1. Use the Options menu to activate the filter which lets you look for computers depending on the group to which they belong and the type of detection. 2. Select the type of threat detected or the source of the detection. You can also select All detections. 3. Click Find. The Computer column shows the list of scanned computers, presented either by name or by their IP address. If you want to change the way they are presented, you can do this from Preferences > Default view. In the Group column you will see the group to which the computer belongs. The Name column indicates the name of the threat, and the Type column provides information about the type of threat. Instances indicates the number of times the detection was made. Finally, Action indicates the action taken by Panda Cloud Office Protection to neutralize the attack, and in Date you can see the date and exact time that the threat was detected. The list of detections shows the items detected over the last seven days. As a general rule, in the Detection monitoring window, when you place the cursor on any of the items in the search list, a yellow tag will appear with information about the item. Finally, you can get more details about the detection. Click the [+] symbol next to the name or the IP of any of the computers, and you will go to the Detection details window. In some cases, you will be able to access information that Panda Security offers on its Web page about certain threats. To do this, click View description. Exporting the list The list of detections made can be exported, either in Excel or in CSV. To do this click on the corresponding icon next to Export to. Both formats include a header which specifies the date and time when the file was created, a summary of the search criteria, and the details of the list. including the source IP address of the infection(s). Panda Cloud Office Protection – Advanced Administration Guide 146 Panda Cloud Office Protection Advanced Administration Guide Chapter 10: Monitoring of computers Monitoring the protection on computers The Computers area lets you know the status of the protection installed on computers on your network. To do this: 1. In My organization, select the group for which you want to view the protection status. 2. In the Options menu you can enable the filter that lets you search for computers depending on the status of the protection. Select the status from the Computer status drop-down menu and click Find. The search results are presented in five columns. The Computer column shows the list of scanned computers, presented either by name or by their IP address. If different computers have the same name and IP address, they will be displayed as different computers in the Web console provided that the MAC address and administration agent identifier are different. If you want to change the way they are presented, you can do this from Preferences > Default view. The Protection update, Signature update, and Protection columns use a series of icons to indicate the update status of the protection and their general situation. You can access the list of icons by placing the cursor on the option Key. In Last connection you can see the exact date and time at which the computer last connected to the update server. If you place the cursor over a computer's name, a yellow tag will be displayed with information about the computer's IP address, the group the computer belongs to and the operating system installed. Computer details If you want to access protection details about a specific computer, click on the computer. You will then see the Computer details window. Panda Cloud Office Protection – Advanced Administration Guide 147 Panda Cloud Office Protection Advanced Administration Guide Use the Comment field if you want to add additional information to identify the computer. If you are a user with monitoring permissions, you will not be able to access this field. For more information refer to the section on Types of permission. To add the computer to the blacklist, click Add to blacklist. To remove it from the database, click Delete from database. Exporting the list The list of computers generated in the search can be exported, either in Excel or in CSV. To do this click on the corresponding icon next to Export to. Both formats include a header specifying the date and time the file was issued, a summary of the search criteria, and data about the computer, group to which it belongs, signature file and protection versions, operating system, and IP address. Panda Cloud Office Protection – Advanced Administration Guide 148 Panda Cloud Office Protection Advanced Administration Guide Chapter 11: Quarantine Panda Cloud Office Protection stores in quarantine suspicious or non-disinfectable items, as well as spyware and hacking tools detected. Once suspicious items have been sent for analysis, there are three possible scenarios: 1. Items are determined as malicious, they are disinfected and then restored to their original location, provided that a disinfection routine exists for them. 2. Items are determined as malicious, but there is no disinfection routine, and they are eliminated. 3. It is established that the items in question are not malicious, and they are directly restored to their original location. In the main Customer Web Console window, click Quarantine to open the corresponding window. It is divided into two sections: a search engine and another section displaying the list of results. In the search area you can filter the items you want to view. There are four filter parameters: Reason Select the type of files to find in the Reason menu. Files are classified according to the reason they were put in quarantine. Group Once you have selected the type of file you want to find, select the group of computers you want to search. Status Once you select the reason, and the group you want to search, narrow the search further by selecting Status. Panda Cloud Office Protection lets you send files and suspicious content for analysis. To do this, mark the checkbox corresponding to the item you want to send, and click Send to Panda. The file will be analyzed by experts who will send a response indicating whether the item contains a threat or not. The Status option indicates whether files have been sent, if they are still pending, or if they cannot be sent. Date 1. Select the period you want. 2. Click Find. If you want to restore any item, select the corresponding checkbox, click Restore and respond affirmatively to the confirmation message. Then, the item will disappear from the search list and you can find it in the Exclusions window. To access this window click Exclusions. If you want to delete any of the items found, select the corresponding checkbox, click Delete and respond affirmatively to the confirmation message. Panda Cloud Office Protection – Advanced Administration Guide 149 Panda Cloud Office Protection Advanced Administration Guide If there are several items with the same type of malware, when restoring or deleting one of them, all the rest will also be restored or deleted. When you place the cursor on any of the items in the search list, a yellow tag will appear with information about the item. The Computer column displays the name of the computer or its IP, depending on what you selected in the Default view, in Preferences. Exclusions When you select an item in the Quarantine window, and choose to restore it, the item will disappear from the Quarantine window and will appear in the Exclusions window. Just as you can exclude items from quarantine, you can also return them to quarantine. To do this, mark the checkbox corresponding to the item you want to return, and click Consider dangerous. Then accept the confirmation dialog box. The item will disappear from the list of exclusions, and will reappear in the quarantine list when it is detected again. Panda Cloud Office Protection – Advanced Administration Guide 150 Panda Cloud Office Protection Advanced Administration Guide Chapter 12: Reports Generate reports Panda Cloud Office Protection lets you generate reports about the security status of your network and any detections made over a given period of time. You can also select the content that appears in the report, whether you want more detailed information and if you want graphs. All of these options are quick and simple to manage. 1. In the main screen of the Web console, click Reports. You will then see the Reports window. This window is divided into two sections, one with a report results filter and another for viewing results. 2. In the Period menu, select the period you want to be reflected in the report (last 24 hours, last 7 days, or last month). 3. In the case of executive or detection reports covering the last 7 days or the last month, the data shown will correspond to the activities that took place between 0:00 (UTC time) seven days or one month ago, and the time when the report has been generated. 4. In the tree below Report scope, select the group or groups to be included in the report. 5. Select a type of report and click Generate report. 6. When the report has been generated, it will be displayed on the right-hand side of the window. Consult the section on Report display. If you place the cursor on the icon, you'll get information about the reports and their content. Types of reports Executive Information: • Status of the protection installed and items detected over the last 24 hours, last seven days or last month. • Also includes Top 10 lists of computers with malware detected and attacks blocked, respectively. • Information about the status of the licenses contracted. • Details of the number of computers in which the protection is being installed at the time of generating the report (including computers with installation errors). Status Information: • It gives an overview of the protection and update status at the time of report generation. • Details of the number of computers in which the protection is being installed at the time of generating the report (including computers with installation errors). Detections Information: • Describes detections made during the last 24 hours, last 7 days, or last month. Panda Cloud Office Protection – Advanced Administration Guide 151 Panda Cloud Office Protection Advanced Administration Guide • Lists the computer, the group, the type of detection, number of detections made, action taken and the date of the detection. Report display 1. When the report has been generated, it will be displayed on the right-hand side of the window. You have a series of controls to move around the pages, as well as carrying out searches and modifying the width of the page. 2. To export the report, select the format from the list and click Export. To export the reports in Internet Explorer, the option Do not save encrypted pages to diskmust be disabled in the Security section of the Advanced tab in Tools > Internet options. 3. Click to refresh the report view. 4. Click to print the report. The first time you want to print a report (only available in Internet Explorer) you will be asked to install an ActiveX control from the SQLServer. Panda Cloud Office Protection – Advanced Administration Guide 152 Panda Cloud Office Protection Advanced Administration Guide Chapter 13: Uninstallation Uninstallation of the Panda Cloud Office Protection protection can be carried out locally through the Add/Remove programs option in the control panel or using the distribution tool. Uninstallation from add/remove programs The protection is uninstalled from each computer where it was installed, using the Add or Remove Programs option, in the Control Panel (Start > Settings > Control Panel). Uninstalling with the distribution tool Uninstallation by domains 1. Open the distribution tool. 2. In the main window, click Uninstall . 3. In the tree, find the computers from which you want to uninstall the protection, and enable the corresponding checkboxes. You can also enter a user name and password with administrator privileges on the selected computers. It is advisable to use a domain administrator password. This way, you won't have to specify the user name and password of every computer. If you want items removed from quarantine during the uninstallation process, and for the computers to be restarted after uninstallation, enable the corresponding checkboxes. Uninstallation by IP address or computer name 1. Open the distribution tool. 2. In the main window of the distribution tool, click Uninstall. 3. Select the computers from which you want to uninstall the protection. You can indicate the computers' names, IP addresses or IP address range, separating this data with commas. 4. Click Add to add them to the list, or Delete to remove them. You can also enter a user name and password with administrator privileges on the selected computers. It is advisable to use a domain administrator password. This way, you won't have to specify the user name and password of every computer. If you want items removed from quarantine during the uninstallation process, and for the computers to be restarted after uninstallation, enable the corresponding checkboxes. Panda Cloud Office Protection – Advanced Administration Guide 153 Panda Cloud Office Protection Advanced Administration Guide Chapter 14. Troubleshooting & FAQ’s Troubleshooting Should you have any queries, go to the tech support page where you will find a list of the most common Panda Cloud Office Protection error codes, and up-to-date information about all of them. Click here or enter the following URL in your Internet browser: http://www.pandasecurity.com/spain/enterprise/support/card?id=50032&idIdioma=1&idSolucion=147&idPro ducto=124 Frequently Asked Questions How is the Panda Cloud Office Protection Web console accessed? Panda Cloud Office Protection is managed online through the Web console. Follow the steps below to access it: 1. Go to the following URL: https://managedprotection.pandasecurity.com 2. Enter the Login Email and Password. 3. Accept the terms and conditions in the License agreement (you will only be asked to do so once). Once you have started the Web console session, the Status tab will be shown. The Exit option lets you close the session. You can also select the language for viewing the Web console, using the list next to the active language. Information about the Web console is available in the Customer Web Console section What is a profile? The Panda Cloud Office Protection settings are based on the creation of profiles and groups of computers to which specific policies are assigned. A policy is a set of settings applicable to one or more groups of computers. All computers belonging to the same group will be assigned the same policy. Configuring a profile 1. Access the Web console. 2. In the Settings tab, select Profiles on the left of the Web console. You will see all of the profiles created, as well as the Default profile. On selecting a profile, the sections that correspond to each profile will be displayed in the left panel: General, Antivirus, and Firewall. What are the installation requirements for Panda Cloud Office Protection? To install Panda Cloud Office Protection, the computers involved in the installation process have to meet a series of requirements. This affects the computers on which the protection will be installed and Panda Cloud Office Protection – Advanced Administration Guide 154 Panda Cloud Office Protection Advanced Administration Guide the computer from which the protection will be deployed. Several conditions must also be met to access the Web console. These requirements are specified in the System requirements section. What checks must be carried out before installing Panda Cloud Office Protection? Before installing Panda Cloud Office Protection you are advised to carry out several checks regarding other protection installed on the computer, Panda Cloud Office Protection-AdminSecure compatibility and keep other applications closed while Panda Cloud Office Protection is installed. All these tips are available in the Recommendations prior to installation section. What are the components of Panda Cloud Office Protection? Panda Cloud Office Protection comprises three main components: - The Web console. - The antivirus unit - The firewall unit. The antivirus and firewall units can be installed jointly or separately. The Web console The Web console allows you to manage the network computer protection. The antivirus unit The antivirus unit is installed from the Web console and includes the following protection: - Files: Permanent protection monitoring access to disks. - Mail and messaging (only workstations): Protection for emails and files received from instant messaging clients. - Internet use (only workstations): Protection that analyzes Internet use and HTTP downloads. - Heuristic: This includes heuristic scanning, which blocks malware that has not been detected by signature-based scanning. This protection provides important detection ratios with a low level of false positives. The firewall unit The firewall unit monitors all Internet connections, blocking or allowing access depending on the rules configured. It implements detection and blocking of IDS intrusions and network virus attacks that Trojans use to spread. Administrators can configure the operational mode of the firewall protection. Centralized administration (from the Web console): Administrators can define the configuration they want to apply to the computers. It is configured from the Web console. Administration from the client (from the Panda Endpoint Protection icon): the end-user of the protection in each computer is responsible for configuring the firewall. There a series of rules predefined by Panda Panda Cloud Office Protection – Advanced Administration Guide 155 Panda Cloud Office Protection Advanced Administration Guide which establish permissions for common applications. Rules can be created or modified from the options available in the firewall settings. What is the Panda Cloud Office Protection administration agent? The administration agent is an item distributed to all computers that use Panda Cloud Office Protection services. Once installed, it triggers the installation of the protection on the computers. It has three main functions: Establish a communication between the local processes on computers and Panda Cloud Office Protection servers. - -Establish a communication between local processes on computers and other agents. Establish a communication between other agents and Panda Cloud Office Protection servers (Proxy function). Further information about the agent and its main functions is available in the Protection deployment section. What do the P2P and Proxy functions implemented in Panda Cloud Office Protection consist of? P2P system The local installation and update processes in Panda Cloud Office Protection (walupg and walupd*) use a certain logic to detect whether the necessary installation or update files are available on another agent on the network. This way, it will get the installation or update files from another computer on the network instead of downloading them from the Internet. This logic is known as a P2P system and its main objective is to reduce bandwidth consumption. The local installation and update processes are: walupg: local process for installing walupd: local process for updating the signature files. and updating the protection. Functioning When a computer downloads a file from the Internet, it can serve it to other computers so that they don’t need to connect to the Internet to get it. When the computer finishes updating the virus signature file or the protection, it broadcasts information about the available files to the other computers on the network. When a computer needs a file, it will first try to obtain it through the P2P system. If this fails, it will try to download it from the Internet. For a computer to serve files to other computers through P2P, it must have at least 128 MB of RAM. Proxy Panda Cloud Office Protection – Advanced Administration Guide 156 Panda Cloud Office Protection Advanced Administration Guide The Panda Cloud Office Protection agent includes the proxy function. The solution accesses the Internet through an agent installed on a computer with an Internet connection. To act as a proxy for other agents, the computer must meet the following requirements: - Direct connection to the Internet - Have at least 128 MB of RAM. This system will only be used when it is not possible to access the Internet directly. Functioning The agent detects it cannot access the Internet and broadcasts a request to find the computers that can act as a proxy. The computers are listed in a file called Proxy.dat (a maximum of 10). The next time the agent cannot access the Internet directly, it will try the first computer on the list. Every request sent to the Proxy.dat file will be addressed at a different computer, to avoid using the same computer all the time. Also, proxies have an availability indicator. When an agent on the proxy list cannot be accessed, its level of availability will decrease. The initial availability value is 3. Once it reaches 0 the computer is removed from the Proxy.dat list. How is Panda Cloud Office Protection installed through the installation program? First the administration agent is installed (.msi) which downloads the protection to trigger the installation on the computers. Panda Cloud Office Protection offers two options for distributing the protection to your computers using the installation program: 1. Downloading the installation file onto the administrator's computer and then carry out the installation on the rest of the network. 2. Sending the link to the installation file to each computer by email so that each user can download it and run it manually. Downloading the installation program 1. Access the Web console. 2. Click the Settings tab. 3. Click Installation in the menu on the left. 4. In Protection settings, open the menu to select the group of computers to which to apply the configuration for the chosen group. Panda Cloud Office Protection – Advanced Administration Guide 157 Panda Cloud Office Protection Advanced Administration Guide 5. In the Installation mode, Installation program section, click the arrow in the Use installation program section. Click File download. 6. Select Download installation program. 7. Click Save in the WAgent.msi file download window. 8. Once the download is complete, run the file from the director in which you have saved it. A wizard will guide you through the installation process. 9. Distribute the protection to the rest of the computers in the network. You can use your own tools (Logon Script, Active Directory, Tivoli, etc), or install it manually. Sending the link via email Click Send via email. Automatically, users will receive an email with the download link. If you prefer, you can copy the direct link on the computers in which you want to install the protection. Panda Cloud Office Protection can also be installed through the distribution tool. Further information about the Panda Cloud Office Protection installation is available in the Installation modes section. How is Panda Cloud Office Protection installed through the distribution tool? The Panda Cloud Office Protection distribution tool lets you install the protection centrally, avoiding manual intervention from users throughout the process. Downloading the distribution tool 1. Access the Web console. 2. Click the Settings tab. 3. Click Installation in the menu on the left. 4. In Type of installation, select Group to install from the drop-down menu. The computers that will be installed will be inserted in this group and the corresponding policy or profile will be applied. 5. Click Download distribution tool 6. Click Save in the Wadistributiontool.msi download window. 7. Run the Wadistributiontool.msi file from the directory in which you have saved it. A wizard will guide you through the installation process. Installing the protection 1. Go to Start > Programs > Panda Distribution tool, or to the shortcut on the Windows Desktop. Panda Cloud Office Protection – Advanced Administration Guide 158 Panda Cloud Office Protection Advanced Administration Guide 2. In the tool console, select Install protection. The Protection installation window will open, which allows you distribute the protection in two ways: Distribution by Domain 1. Enter the group in which you want to include the computers that will be installed. This selection will define the settings policies that will be applied to those computers. 2. In the network tree select the domains or computers on which you want to carry out the installation. 3. Use a user name and password with administrator permissions to carry out the installation. The user name must be entered in domain\user name format. 4. Once the data is entered, click Install to generate the installation jobs. Distribution by IP address or computer name 1. Enter the group in which you want to include the computers that will be installed. This selection will define the settings policies that will be applied to those computers. 2. Add the names of the computers to be installed or their IP addresses, separated by commas. You can also select IP ranges (use the “-“symbol for ranges, e.g. 172.18.15.10 – 172.18.15.50). Use a user name and password with administrator permissions to carry out the installation. The user name must be entered in domain\user name format. 3. Click Install to generate the installation jobs. 4. Check the console to see whether the installation job has been carried out successfully. From then on the protection installation will begin, completely transparently. 5. Restart the computer if prompted. Further information about the Panda Cloud Office Protection installation is available in the Installing the protection section. Can Panda Cloud Office Protection be installed on a network with AdminSecure protection? Before installing Panda Cloud Office Protection on computers with the distributed AdminSecure protection, you must disable the Automatic installation option. If not, when the AdminSecure agent detects the Panda Cloud Office Protection installation, it will uninstall it and will install the AdminSecure protection again. Two things can occur depending on the AdminSecure version: -If the AdminSecure version is later than AdminSecure 4.02 SP2, Panda Cloud Office Protection will be automatically uninstalled through the uninstaller included in AdminSecure. Panda Cloud Office Protection – Advanced Administration Guide 159 Panda Cloud Office Protection Advanced Administration Guide -If the AdminSecure version is previous to AdminSecure 4.02 SP2, it cannot be automatically uninstalled. Consequently, the AdminSecure protection will be installed (even if Panda Cloud Office Protection is installed), causing undesired effects. On disabling the Automatic installation option in AdminSecure, you can either disable it on all computers or just on those in which Panda Cloud Office Protection will be installed. In short, you will configure the computers in which AdminSecure will not be automatically installed, or, in other words, the computers that will be an exception to AdminSecure’s automatic installation rule. To disable the Automatic installation option in AdminSecure: In the AdminSecure console, select Settings > Automatic installation Click Configure exceptions, and use the Add button to select the computers to be excluded from the installation process. How can a computer be included in the blacklist? It can be done manually or automatically. Manually Use the options in the Preferences window. Automatically A computer is automatically included in the blacklist when it tries to install an expired protection license, or when the maximum installations have been exceeded. The computer will not be updated and the information from that computer will be taken into account in the reports and statistics obtained by Panda Cloud Office Protection. How can a computer be restored from the blacklist? To restore the computer and take it out of the blacklist, there must be available licenses. If the computer has been manually included in the blacklist, select it and apply the Restore option in the Preferences window. Why is no information received from a computer that was in the blacklist but has been restored? If a computer is restored and some days pass without it sending information to the server, it could be because the user has not yet been validated. After a maximum of five days, the computer will once again start to send information. Why are some computers out-of-date after a Panda Cloud Office Protection update? Sometimes, after updating the version of Panda Cloud Office Protection, computers that are not updated appear in the Protection update column of the Computers tab. One possible reason for this situation is that the Automatic updates option for the computers’ profile is not enabled. Solution Panda Cloud Office Protection – Advanced Administration Guide 160 Panda Cloud Office Protection Advanced Administration Guide 1. Enable the automatic updates for the profile corresponding to the computers with this error. To do this, follow the steps below: 2. Go to the Installation and settings tab. 3. Select Profiles in the panel on the left. 4. Click one of the out-of-date computers in the list. 5. Edit the profile of the out-of-date computers and select the General settings. 6. Make sure the Enable automatic updates checkbox is selected in the Automatic updates section. 7. Then click Advanced update options. 8. Check that the option Enable automatic updates of the protection engine is enabled in the Protection engine update section. 9. Click OK. Once the automatic updates are enabled, check that after the update period configured in the settings, the protection engine is updated correctly. Panda Cloud Office Protection – Advanced Administration Guide 161 Panda Cloud Office Protection Advanced Administration Guide Annex 1: Examples. Configuration and installation recommendations This guide details a series of examples for installing and configuring the protection. These examples are based on real experiences; situations that occur in different types of companies, with different networks and protection needs. They are only a small sample, as every company has its own peculiarities and conditions. Yet they represent a starting point from which you can begin to configure the protection of your network. The examples presented here are flexible, they can be combined and you can make variations on them. Remember that all configuration and installation choices will be strongly conditioned by the quality of internal communications in the company and its Internet connection. Analyze these examples and use the one that is closest to your situation in order to make the most of the security performance offered by Panda Cloud Office Protection. Example 1. SMB Company description SMB or small company with a local network of 30 computers (a network administrator and workstations). One characteristic of this company is that Internet access is not generalized, with only a few computers connecting to the Web, sometimes only that of the network administrator. In this case it is advisable to use the default configuration and the quick installation option offered by Panda Cloud Office Protection. However, some employees have different requirements from others with respect to internal network connections and the Internet. For example, there are two people responsible for compiling information about the sector in which the company operates. As they must search for information that appears in the press about the company's products and those of competitors, they need free access to the Internet, while employees in the rest of the departments do not. Configuration recommendations The procedure involves creating the necessary profiles (one open and one restricted) and configuring them both. Then create two groups (open and restricted) and distribute computers accordingly. Then assign each group corresponding profile. 1. Create a new profile. Call it ‘open profile’ for example. Panda Cloud Office Protection – Advanced Administration Guide 162 Panda Cloud Office Protection Advanced Administration Guide This profile will be the same as the Default profile, modifications to the configuration can be made at any time, but it can also be deleted when you want. 2. Create another profile. Call it ‘restricted profile’ for example. 3.Configure this profile. To do this, click Add and in the Edit profile – New program rule window, click Browse. Go to the location of the Internet browser you want to block, select the executable file of the browser and click Open. 4. Then, in the Communication menu, select the type of communication you want to apply to the new rule you are creating (by default No connection, which is applied in this case) and click OK. In the Edit profile window, you will see the name of the browser and the communication assigned. 5. Create the groups of computers you need . In this case, create two groups, and call them, for example: open_group and restricted_group. 6. Assign the corresponding computers to each group, depending on the configuration profile (open or restricted) you want to apply. To do this: 7. Select Group. 8. Click Create new group. 9. Specify the name of the group and the profile you want to assign. 10. Select the computers you want to include in the group, and click Assign. In the case of the ‘open group’, instead of creating a specific profile, you can also select the Default profile, and in the General tab, enable the option to allow administration from the client. Panda Cloud Office Protection – Advanced Administration Guide 163 Panda Cloud Office Protection Advanced Administration Guide If you want to block any other type of access in addition to the Internet, for example P2P applications, you can do so from the Programs or System tab of the profile firewall settings. Remember that the rules you configure for specific ports and protocols from the System tab have priority over general rules established in Programs. With respect to the installation mode it is advisable to use the installation program, or send all computers the email with the installation link. A wizard will guide users through the installation process. Computers can be moved from one group to another once the protection is installed. It is also possible to delete a group by clicking on the name and selecting Delete from database, in the Computer details screen. Example 2. Centralized company Company description Centralized company, physically located on different floors, with at least 100 computers grouped into different domains. The company is structured into four departments: Accounts, Sales, Stock and Human resources. There is a server in the Accounts department, configured for: - Email - Web service - shared folders on different network drives. They want to allow free access to the Internet for people in the Sales department. They want to block access to the Internet for people in the Stock department. In Accounts and Human resources they want to block the use of a certain instant messaging application. Configuration recommendations In this case we recommend the creation of three profiles: - One for the server in the Accounts department, - one with restricted Internet access for the Stock department, - and another with the IM application blocked for Accounts and Human Resources. In the case of the Sales department, the option for administering the firewall from the client will be enabled (from Endpoint). Firstly, create a profile for the server (call it for example, server_profile). General settings Panda Cloud Office Protection – Advanced Administration Guide 164 Panda Cloud Office Protection Advanced Administration Guide In this case you can disable the option Show local warning on detecting malicious software, in the Warnings tab. It is also a good idea to configure the updates, but remember that as it is a server, it is advisable that the update process (and consequent server restart if necessary) takes place within a time period that does not prevent normal operation of the corporate network. With this in mind, click Advanced update settings, in the Main tab of the Edit profile window. Specify the period of time and whether you want to authorize automatic restart of the server if necessary. Then click OK. Logically, you will now have to configure the anti-malware and firewall protection so this profile is adequate for a server of these characteristics. Anti-malware protection Files tab: By default the antivirus protection protects all types of files in the server. If you want to exclude any type of file from the protection you can use the advanced settings for the file protection. Heuristic tab: As this is a computer that acts as a server of shared directories on network drives, this normally means that many users will be accessing and administering files and applications, according to the permissions they have. If users only have read permissions there is no problem, but when they also have permissions to copy, edit and modify files, the situation changes. The heuristic scan analyzes the behavior of files and applications in-depth. Firewall protection It is important that the configuration of the firewall protection in a server is carried out carefully, and that the person responsible is an administrator who knows the services for which the server has been configured and the ports that are used. This would prevent any modification to the firewall protection settings in the server from conflicting with the services it offers to workstations. With respect to the workstations, in this example, as it is a large company, two groups will be created per department. These groups will be assigned the previously created profiles. This allows each group to be assigned a type of profile–open or restricted- and facilitates the administration of the computers, moving them from one group to another and installing protection on computers. 1. Create an open profile for each department (sales_open, accounts_open, etc) 2. Create the profile stock_restricted and use the Programs tab in the firewall configuration to block access to the Internet. To do this, click Add and in the Edit profile – New program rule window, click Browse. Go to the location of the Internet browser you want to block, select the executable file of the browser and click Open. Then, in the Communication menu, select the type of communication you want to apply to the new rule you are creating (by default No connection) and click OK. In the Edit profile window, you will see the name of the browser and the communication assigned. 3. Create the profiles accounts_restricted and humanresources_restricted and use the Programs tab in the firewall protection configuration to block access to the instant messaging application in both profiles. Panda Cloud Office Protection – Advanced Administration Guide 165 Panda Cloud Office Protection Advanced Administration Guide To do this, click Add and in the Edit profile – New program rule window, click Browse. Go to the location of the instant messaging application you want to block, select the executable file of the application and click Open. Then, in the Communication menu, select the type of communication you want to apply to the new rule you are creating (by default No connection) and click OK. In the Edit profile window, you will see the name of the application and the communication assigned. 4. Create two groups of computers per department. You could call them sales_open, sales_restricted, stock_open, etc. Assign the computers to the corresponding groups. To do this: -Select Group. -Click Create new group. -Specify the name of the group and the profile you want to assign. -Select the computers you want to include in the group, and click Assign. Although you have created two groups per department, in the case of the Sales department there are no groups assigned the sales_restricted profile, although in the future there may be. However, all basic configuration options for the different departments have been covered, and from here on, the protection administrator will decide the groups to create, eliminate, or modify, etc. With respect to installation, the ideal option is to use the Panda Cloud Office Protection distribution tool to deploy the protection. Once the tool is downloaded and installed on the computer from which deployment will be carried out, you can select the computers to which to distribute the protection on the basis of the domain to which they belong or individually, by IP or name. Computers can be moved from one group to another once the protection is installed. It is also possible to delete a group by clicking on the name and selecting Delete from database, in the Computer details screen. You must make sure you have administrator rights over the domains in which you are going to install the protection. This will prevent you from having to verify your identity on each computer. In any event, before installing the protection, always check the requirements. Example 3. Decentralized company Company description In this case the company is similar to the one in the previous example, but with certain differences that will condition the process of configuring and installing the protection. The company is decentralized, with IT resources spread across several branches and a different amount of computers in each branch. The company is structured into four departments: Accounts, Sales, Stock and Human resources. It has multiple servers and domains. In the Sales department, users normally work which laptops and are often mobile. In some branches, access to the Internet is very slow. They want to block access to the Internet and instant messaging for all departments except the managers of Accounts, Human Resources and Stock. Everyone in the Sales department will have access to Internet and instant messaging. Configuration recommendations Panda Cloud Office Protection – Advanced Administration Guide 166 Panda Cloud Office Protection Advanced Administration Guide 1.Create a profile (call it for example, employees_profile), and in the Programs tab of the firewall protection configuration, block access to the Internet and instant messaging. To do this, click Add and in the Edit profile – New program rule window, click Browse. Go to the location of the Internet browser, select the executable file of the browser and click Open. Then, in the Communication menu, select the type of communication you want to apply to the new rule you are creating (by default No connection) and click OK. In the Edit profile window, you will see the name of the browser and the communication assigned. Repeat the process to block access to instant messaging applications. 2. Create a profile without restrictions (managers_profile). 3. Create another profile (Sales_profile) and apply the option Allow configuration of the firewall from the client in the firewall configuration. 4. Create a group (called for example, Employees) and assign all computers to it except those of the managers of Accounts, Human Resources and Stock. Assign it the employees_profile. 5. Create another group (called for example, Managers) and include the computers of the managers from the departments mentioned above. Assign it the managers_profile. 6. Create a third group called Sales, and include all computers in the Sales department. Assign this group the profile Sales_profile. In this case there are different installation options. As the company is decentralized the difference in the number of computers between each branch could be considerable. In addition, branches may use different distribution tools or their own installation applications. Moreover, slow Internet connections could cause problems with downloads. For these reasons, the recommended installation procedure involves: Using the distribution tool in the case of centralized branches, where there is optimum Internet connection speed and a relatively high number of computers. Using the company's own distribution tools. For the laptop computers in the Sales group, it is advisable to deploy the protection using installation via email. Computers can be moved from one group to another once the protection is installed. It is also possible to delete a group by clicking on the name and selecting Delete from database, in the Computer details screen. Annex 2: Commandline Scripts for Basic Operations Panda Cloud Office Protection – Advanced Administration Guide 167 Panda Cloud Office Protection Advanced Administration Guide Introduction Some managed service providers (MSP) offer remote desktop management services as SaaS. Such remote desktop management solutions include Kaseya, NTRAdmin, Zenith, etc. Integration of Panda Cloud Office Protection with these solutions, at the level of basic management operations, would encourage MSPs to recommend Panda Cloud Office Protection as a desktop protection solution. The aim of this document therefore is to provide the information required to create the commandline scripts for the basic protection operations of Panda Cloud Office Protection. These scripts must be created in each of the Remote Desktop Management SaaS solutions according to their own specifications and following the instructions provided in this document. Basic operations that can be performed are: • Remote installation • Remote verification of installation • Uninstallation • Update of the virus signature file • Update of policies or settings • Running on-demand scans: full, mail, etc. • Getting the date of the last signature file • Getting the status of the antivirus and firewall   Installation Previous steps. Downloading the installation packet Before starting to install, you must get the Panda Cloud Office Protection installation packet: WaAgent.msi. This installation packet could be located in the Remote Desktop Management SaaS repository for the specific client in question. Options for downloading the installation packet The installation packet could either be generic or specific for the client and the security profile. Depending on the option selected, the commandline command used may have to comply with certain specific parameters. The download options are: 1. Download the packet from an account of any client and with the DEFAULT profile. Then, during  installation, use the client ID parameter and the group ID parameter with the security profile for this client. This indicates to which client the protection belongs and the corresponding security profile and group. 2. Download the corresponding installation packet for each client. In this case, there is no need to indicate the client ID. 3. Download the corresponding installation packet for each client and for each group with the client’s security profile. In this case there is no need to indicate the client ID nor the group to which the computer belongs.  Panda Cloud Office Protection – Advanced Administration Guide 168 Panda Cloud Office Protection Advanced Administration Guide Downloading the installation packet (WaAgent.msi) a. Go to the specific client account through the client console of Panda Cloud Office Protection. Fig. 1. Panda Cloud Office Protection client account login    b. Do to the Installation and settings tab. Download the installation packet for this client for the Default group, corresponding to the default security profile, i.e. centralized antimalware and firewall. Fig. 2. Installation and settings in the client account. Group and security profile: DEFAULT.    c. Download the installation packet and save it locally. Panda Cloud Office Protection – Advanced Administration Guide 169 Panda Cloud Office Protection Advanced Administration Guide Fig. 2. Download the installation packet.  Installation steps Step 1. Download the installation packet to the desktops. Step 2. Run the installation command in the directory where you have downloaded the installation packet.  msiexec /i "WaAgent.msi" /qn     The optional parameters are: • The group and therefore the security profile of the computer. The msi file will already have a value assigned in the download. This value can be overwritten, specifying the GROUP parameter. • Client ID for the computer on which the protection is being installed. The msi file will already have a value assigned in the download. This value can be overwritten, specifying the GUID parameter. The GUID is available in the Installation and settings section of the Web console, as the CUST parameter in the shortcuts to the installation packet. Panda Cloud Office Protection – Advanced Administration Guide 170 Panda Cloud Office Protection Advanced Administration Guide • . Lets you specify if the protection installer can be restarted. • ALLOWREBOOT=TRUE Î Allow restart. ALLOWREBOOT=FALSE Î Don't allow restart. Examples - msiexec /i " WaAgent.msi" GROUP=GROUP_ONLYAV GUID=81729831 /qn  - msiexec /i " WaAgent.msi" GROUP=DEFAULT ALLOWREBOOT=TRUE  /qn     Verifying protection installation You can check if Panda Cloud Office Protection is installed by consulting the registry.   HKLM\Software\Panda Security\AdminIE\Protections  Panda Cloud Office Protection – Advanced Administration Guide 171 Panda Cloud Office Protection Advanced Administration Guide Verification steps Step 1. Check whether the following entry exists: HKLM\Software\Panda Security\AdminIE\Protections If it does, go to step two. If it doesn't, then the protection is not installed.  Step 2. Get the WAC value. The data associated to this value represents the location of the installation of the protection. If it exists and it is not empty, then the protection is installed. If it does not exist or it is empty, then the protection is not installed.   Uninstalling Panda Cloud Office Protection To uninstall Panda Cloud Office Protection from a computer you must first uninstall the agent and then the  protection.  Uninstallation Step 1. The command for uninstalling the agent is available by consulting the UnPath value in the HKLM\SOFTWARE\Panda Security\SetupEx\AdminIE registry key. Step 2. The agent uninstallation is run silently: /qn Step 3. The command for uninstalling the protection is available by consulting the UnPath value in the HKLM\SOFTWARE\Panda Security\Setup registry key. Step 4. The protection uninstallation is run silently: /qn Example: MsiExec.exe /X{7DB331FC‐F8D3‐43C1‐A768‐FB0EB1F55D40} /qn    Panda Cloud Office Protection – Advanced Administration Guide 172 Panda Cloud Office Protection Advanced Administration Guide MsiExec.exe /X{78D19BAA‐15F3‐4CFB‐9852‐A4BF165CC938} /qn  Updating the signature file The signature file is updated through the WalUpd local process. Steps for updating signature files CD %ProgramFiles%\Panda Security\WaAgent\WasLpMng WAPLPMNG.exe WALUPD –force  Updating settings If any changes are made to the security profile of the group to which the computer belongs, this will be deployed to the workstation the next time it consults the server. However, it is possible to force the update of the settings through the WalConf local process. Steps for updating the settings CD %ProgramFiles%\Panda Security\WaAgent\WasLpMng WAPLPMNG.exe WALCONF –force     Running an on-demand scan To launch an on-demand scan, the scan settings file must be on the computer. There can be as many settings files as types of on-demand scans. The settings files can only be downloaded once to a client, but then invoked as many times as necessary through the walscan local process. Previous steps. Downloading settings files Step 1. Creating an XML file with the scan settings. There are several different sections in these files. Each section contains information which can be configured from the Web console. The “WhatToAnalize” section lets you specify the type of scan to carry out. Panda Cloud Office Protection – Advanced Administration Guide 173 Panda Cloud Office Protection Advanced Administration Guide Below you will find four configuration files for different types of scans. ScanAll: Settings for scanning all the PC (all hard disks, the system and email). ScanAll ScanAllHD: Settings for scanning all hard disks. Neither the system, nor email is scanned. ScanAllHD ScanSystem: Settings for scanning the system. Neither hard disks nor mail is scanned. ScanSystem ScanMail: Settings for scanning email. Neither hard disks nor the system is scanned. ScanMail These files can be loaded previously to the repository of the corresponding Remote Desktop Management solution, so they can later be copied to the computers on which the scan is to be performed. Remember that the name of this file corresponds to the taskID used as a parameter when launching the on-demand scan. Panda Cloud Office Protection – Advanced Administration Guide 174 Panda Cloud Office Protection Advanced Administration Guide Step 2. Copy the file or files to be run in the scan directory of the product. %Program Files%\Panda Security\WaAgent\Common\DATA\Scans Launching on-demand scans Step 1. Go to the local process manager directory (WasLpMng). Here you will find WapLpMng.exe. Launch the walscan process with the scan configuration file.   CD %ProgramFiles%\Panda Security\WaAgent\WasLpMng  WAPLPMNG walscan –T: ‐P:WAC –A:START Getting the date of the latest signature file The process to determine if the protection is updated with the latest pav.sig, is carried out in the backend of Panda Cloud Office Protection. The agent sends the server the date of the last update and this is contrasted with the date of the last signature file published. In this section we explain the mechanism for getting the date of the last signature file update on the computer. Remember that this information, along with other information about the protection status, is updated continually on the computer in a file called WALTEST.DAT. This is an XML file, and can be treated as such in order to parse its content for such information (see Annex 1). In the section there is information relating to the date of the signature file. You therefore need to get this file and process its content, searching for the tag Obtaining the signature file date               Step 0. Prior to getting the information, it is advisable to launch an update of the signature file as detailed in Section 4. Then refresh the information in waltest.dat by launching the waltest local process.     CD %ProgramFiles%\Panda Security\WaAgent\WasLpMng    WAPLPMNG.exe WALUPD –force  (Update the file pav.sig)   WAPLPMNG waltest ‐force  (Update the file WALTEST.DAT) Step 1. Go to the Waltest local process directory and get the waltest.dat file.           CD %ProgramFiles%\Panda Security\WaAgent\WalTest (find the file: WALTEST.DAT) Panda Cloud Office Protection – Advanced Administration Guide 175 Panda Cloud Office Protection Advanced Administration Guide   Step 2. Look for the tag “”. To do this, you can use a program for parsing XML files, so you'll have to rename the waltest.dat file to XML, or use the FindString DOS command for finding strings in files. Here we explain how to get this information using the FindString command.       FindStr “” waltest.dat (find tag ) ) The information will be similar to the following: 2009-06-25 08:09:24 In this example, the date of the pav.sig is “2009-06-25 08:09:24” Getting the status of the antivirus and the firewall This information, along with other information on the real status of the protection, is continually refreshed in the WALTEST.DAT file. As mentioned above, this is an XML file, and can be treated as such in order to parse its content for such information (see Annex 1). In the section there is information about the status of each of the antivirus protections. Each section refers to each protection. The information available is as follows: Protection installed It is running. It has been enabled in the configuration The values and meanings of the JobIDs are: JobID Meaning 2 File protection (file resident) 4 Email protection (mail resident) 8 Web protection (http) 16 Instant Messaging Protection 32 Firewall Protection Getting information on the status of the protection Step 0. Previously, although it is not necessary, it is advisable to launch an update of the waltest.dat file by running the WalTest local process.               CD %ProgramFiles%\Panda Security\WaAgent\WasLpMng  WAPLPMNG waltest ‐force  (Update the file WALTEST.DAT) CD %ProgramFiles%\Panda Security\WaAgent\WalTest  Step 1. Go to the Waltest local process directory and get the waltest.dat file. Panda Cloud Office Protection – Advanced Administration Guide 176 Panda Cloud Office Protection Advanced Administration Guide CD %ProgramFiles%\Panda Security\WaAgent\WalTest (find the file: WALTEST.DAT)         Step 2. Get the information you require. FindStr "   " waltest.dat  (find info in the file WALTEST.DAT) The information will be similar to the following: 2 true true true 4 true true true 8 true true true 16 true true true 64 true true true In this example, you will see the following: a. File permanent protection (JobID = 2): Installed, running and active. b. Mail permanent protection (JobID = 4): Installed, running and active. c. HTTP permanent protection (JobID = 8): Installed, running and active. d. Instant messaging permanent protection (JobID = 16): Installed, running and active. e. Firewall (JobID = 64): Installed, running and active. WALTEST.DAT format. WAC  5.03.01.0000  false  2009‐06‐26 05:17:05  2  1  true  Panda Cloud Office Protection – Advanced Administration Guide 177 Panda Cloud Office Protection Advanced Administration Guide true  true  true  0  4  1  true  true  true  true  0  8  1  true  true  true  true  0  16  1  true  true  true  true  0  64  2  true  true  true  true  0    Panda Cloud Office Protection – Advanced Administration Guide 178 Panda Cloud Office Protection Advanced Administration Guide Annex 3: Deploying the protection Before going into detail on the files, registry keys and folders created on deploying the protection in computers, we offer information about the administration agent the P2P function, the proxy function and protection installation times. All these factors are important to have more in-depth knowledge of the deployment process. The administration agent The agent is responsible for communication between the administered computers and the Panda Cloud Office Protection servers. Effectively, it ‘talks’ with the agents in the computers in the same group and is responsible for downloading installation programs from the Internet. When the agent installer is run, the Panda Cloud Office Protection installation process is launched, which involves a series of different tasks: downloading settings, installing protection, updating signature files, etc. As a fundamental component in the dialogue between different computers, the agent is a key part of the P2P process described below. Peer to Peer (P2P) function In the case of Panda, the P2P feature reduces use of bandwidth for the Internet connection, as computers that have already updated a file from the Internet then share the update with other connected computers. This prevents saturating Internet connections. The P2P feature is very useful in the deployment of Panda Cloud Office Protection when it comes to downloading the installation program. When one of the computers has downloaded the installation program from the Internet, the others are informed by the communication agents, which have then started the Panda Cloud Office Protection installation process. Instead of accessing the Internet, they get the installation program directly from other computers. Then the protection is installed. This function is also very useful when updating the protection engine and the signature files, and is implemented in the two local processes that need to download files from the Internet: WalUpd and WalUpg Activation is carried out in the configuration files of these processes. WALUPD.ini [GENERAL] UPDATE_FROM_LOCAL_NETWORK=1 WALUPG.ini [GENERAL] UPGRADE_FROM_LOCAL_NETWORK=1 The P2P feature is independent in each of these local processes. The basis of the functionality of the P2P feature is as follows Panda Cloud Office Protection – Advanced Administration Guide 179 Panda Cloud Office Protection Advanced Administration Guide When a computer has updated signature files or any protection (or the agent itself) it sends a broadcast with the information about the files that it has to the rest of the computers on the network. With respect to the sending of information in WALUpg, if a restart is necessary after installing/updating the protection, if the user chooses to restart later, the information on the P2P feature will be sent immediately instead of waiting for the restart. This function is detailed in the following diagram: The computers save the information and use it when they need it. Panda Cloud Office Protection – Advanced Administration Guide 180 Panda Cloud Office Protection Advanced Administration Guide If a computer needs any file, it will first check whether another computer has it before downloading it from the Internet. If so, it will request the file from the other computer. The file is received asynchronously and there is a maximum time that must elapse before retrying. The computer with the file receives a request for the file and sends the message containing the file in response. The computer that requested the file receives it and can continue with the update or upgrade. For computers to send files to others through the P2P function they must have at least 128 MB RAM. Dinamic proxy The agents save a list with information about computers on the network with agents and which can send messages to the Internet. These agents are called proxies. To act as a proxy for other agents, the computer must meet the following requirements: - Direct connection to the Internet - Have at least 128 MB of RAM. When the list of proxies is empty or none of the agents in the list respond (availability = 0), the agent sends a message via broadcast to the subnet asking “Who is Proxy? so that it can send a message to the Internet via a proxy. When it is waiting for data from the list of valid proxies, the proxy module will not attend other requests. The list of proxies has a value associated to each proxy with a maximum number of attempts to connect with another agent before it will be considered invalid. By default the number is three, and when this value reaches zero the agent will be considered invalid as a proxy. If at any time all the proxies in the list are invalid, the list itself will be considered invalid and the search for proxies is launched through the message “Who is proxy?" It is possible that the message is sent correctly to the proxy in the list, but the proxy discovers it does not have an Internet connection. In this case, the remote agent will repeat the sequence described here, resending the message to a proxy in the list, but it will also send via TCP a message to the agent that sent the message saying “I am not Proxy”, to indicate that it should be removed from the list as it does not have a connection to the Internet. This process is repeated until the message is sent correctly to the Internet or it passes through a maximum number of proxies without managing to be sent, in which case the message is lost. You can configure the maximum number of proxies through which a message can pass. By default it will only be sent to one and if the attempt fails the message is lost. The message saves a list of the proxies through which it has passed, to avoid being sent twice to the same proxy without Internet connection. Panda Cloud Office Protection – Advanced Administration Guide 181 Panda Cloud Office Protection Advanced Administration Guide Static proxy If you want all access to the Internet to be made through a specific computer chosen by the administrator, instead of dynamically through certain computers, the communications agent offers the possibility to specify which computer you want to act as a proxy. The computer that acts as a static proxy must fulfill the following requirements: It must have an agent installed It must have direct Internet access It must have at least 128MB RAM. The details of the computer to be used for Internet access must be specified in the configuration file (WASAgent.conf) of each agent. The following values must be indicated in the WaProxy section: USE_STATIC This must be set at TRUE to enable the static proxy function. HOST Name of the computer to use as a static proxy. IP IP of the computer to use as a static proxy. When the agent has to access the Internet it will first try to communicate using the static proxy. If communication with the static proxy is not possible, it will try to establish connection using the usual sequence of communications. If a valid configuration is stored, it will try to communicate using this configuration. Otherwise, it will try to connect directly to the Internet. If it cannot connect directly, it will try through another dynamic proxy, as described in the section above. When the computer acting as a proxy receives a request to access the Internet, it will try to connect directly. If the connection is successful it will send a reply to the agent requesting the connection. Installation times Below we list the different times required for installing the various components of Panda Cloud Office Protection in a computer to administrate, taking into account bandwidth available for the Internet (direct installation) and local network (installation using the local network). Direct installation Test environment The performance tests were carried out in the following test environment. The tests emulated the following bandwidth conditions using software allowing a reduction in available bandwidth: Panda Cloud Office Protection – Advanced Administration Guide 182 Panda Cloud Office Protection Advanced Administration Guide Size of all downloaded items The following items were downloaded from the Internet: Protection installer: 18 MB Signature file: 18 MB. Test plan The study emulated the different bandwidth availability scenarios using specific software, and for each computer and bandwidth parameter, the agent was installed with direct connection to the Internet. The installation tests included the installation of antivirus (AV) and firewall (FW) protection. Results The results obtained are displayed in the following table: Legend: - AV installation: Installation time of antivirus and firewall protection. - AV+SIG installation: Installation time of antivirus and firewall protection and first complete update of the signature file. - HTTP AV download: Time for downloading the protection installer using the browser (Internet Explorer 6.0) - HTTP SIG download: Time for downloading the signature file using the browser (Internet Explorer 6.0) Panda Cloud Office Protection – Advanced Administration Guide 183 Panda Cloud Office Protection Advanced Administration Guide Some tests were not carried out on computer B as they would not have provided any additional information to the results on computer A. Installation via local network Test environment The performance tests were carried out in the following test environment: The tests emulated the following bandwidth conditions using software allowing a reduction in available bandwidth: Size of the items transmitted across the network The following items were transmitted across the network: - Protection installer: 18 MB - Signature file: 18 MB. Test plan The study emulated the different bandwidth availability scenarios using specific software, and for each computer and bandwidth parameter, the agent was installed with a direct connection to the Internet. The installation tests included the installation of the antivirus and firewall protection. Results The results obtained are displayed in the following table: Given that A and B have the same characteristics, only distribution from A to B has been tested. Panda Cloud Office Protection – Advanced Administration Guide 184 Panda Cloud Office Protection Advanced Administration Guide Below you will find detailed information about the files, registry keys, local processes and services created on installing Panda Endpoint Agent on the administered computers. Deploying Panda Endpoint Agent Main architecture modules Panda Endpoint Agent comprises the following four main components: - Administration agent - Local processes - Watchdog - Task scheduler Panda Endpoint Agent folder tree and registry entries In the following diagram, AdminIEClientPath is the root path where the modules are installed. Panda Cloud Office Protection – Advanced Administration Guide 185 Panda Cloud Office Protection Advanced Administration Guide WasAgent – Root installation folder of Panda Endpoint Agent. Common – Folder with the common files, such as WalAgApi.dll, kernel libraries, etc. A sub-folder called Data is created in this folder during execution of local processes. Scheduler – Folder where the task scheduler files will be saved. Config - Folder where the task scheduler tokens will be saved. WalConf – Folder where the WalConf local process files will be saved. WalTest – Folder where the WalTest local process files will be saved. WalLnChr – Folder where the WalLnCh local process files will be saved. WalPsevt - Folder where the WalLPsEvet local process files will be saved. WalReport – Folder where the WalReport local process files will be saved. WalQtine – Folder where the WalQtine local process files will be saved. WalScan – Folder where the WalScan local process files will be saved. WalUpd – Folder where the WalUpd local process files will be saved. WalUpg – Folder where the WalUpg local process files will be saved. WalTask – Folder where the WalTask plugin files will be saved. Panda Cloud Office Protection – Advanced Administration Guide 186 Panda Cloud Office Protection Advanced Administration Guide WalSysCf – Folder where the WalSysCf plugin files will be saved. WasLpMng – Folder where the local process manager files will be saved. Config – Folder where the local process manager tokens will be saved. WalSysUd – Folder where the WalSysUd plugin files will be saved. WalSysIn – Folder where the WalSysIn plugin files will be saved. WAPWInst – Folder where the files of the installation supervision process will be saved. A sub folder called Temp is created under AdminIEClientPath during execution of local processes. WalAgent – Installation root directory of the administration agent. When run, the agent creates a subfolder called Data. WasWD – Installation root directory of the Watchdog module. Panda Cloud Office Protection – Advanced Administration Guide 187 Panda Cloud Office Protection Advanced Administration Guide Windows registry entries tree PandaSoftwareRootKey refers to the Windows registry key HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security. AdminIE - Folder where all Panda Cloud Office Protection registry entries are created. ClientSystem – Registry key containing the Panda Endpoint Agent entries. These entries are: - InstallPath – This contains the root directly in which Panda Endpoint Agent has been installed (“AdminIEClientPath”) SetupEx - Folder in which the registry entries are created which will be used by the Agent installers. AdminIE - Registry key containing the Panda Endpoint Agent entries used by the installers. These entries are illustrated in the following diagram: Panda Cloud Office Protection – Advanced Administration Guide 188 Panda Cloud Office Protection Advanced Administration Guide When run, the agent creates the AgentSystem key under ClientSystem. Within this key several entries are created: All the installer has to do is to delete the AgentSystem key and its entries in the uninstallation process. Distribution of files All administered computers have the administration agent installed. Along with the agent, local processes are also installed. Below we list all the agent paths and files of the administration agent and their local processes: Administration agent The agent is installed in \WasAgent - WasAgent.conf WasAgent.exe WaPIRes.exe Wa_AGPRX.dat LPTokens.dat INTEGRA.dat AgentSystem.DAT proxy.dat (generated during installation but not distributed) During execution of the agent the Data subfolder is created with the following files: - WasAgent.log - WasLpMng.log Panda Cloud Office Protection – Advanced Administration Guide 189 Panda Cloud Office Protection Advanced Administration Guide - WapWinst.log - Counters.ini The AgentSystem registry key is also created under ClientSystem. Within this key several entries are created: - Value1 - Value2 - Value3 If the Internet connection is via Proxy, the connection details requested from the user are stored in AgentSystem.dat in the folder \WasAgent. All must be deleted during uninstallation. WalConf local process Installed in < AdminIEClientPath >\WalConf - WalConf.ini - WalConf.dll The following file is created during execution of this local process: - Walconf.log WalLnChr local process Installed in < AdminIEClientPath >\WalLnChr - WalLnChr.dll The following file is created during execution of this local process: - WalLnchr.log WalQtine local process Installed in < AdminIEClientPath >\WalQtine - WalQtine.ini - WalQtine.dll The following file is created during execution of this local process: WalQtine.log WalReport local process Installed in < AdminIEClientPath >\WalReport - WalReport.dll - WalReport.ini The following file is created during execution of this local process: - WalReport.log Panda Cloud Office Protection – Advanced Administration Guide 190 Panda Cloud Office Protection Advanced Administration Guide WalScan local process Installed in < AdminIEClientPath >\WalScan - WalScan.dll - WalScan.ini The following file is created during execution of this local process: WalScan.log WalTest local process Installed in < AdminIEClientPath >\WalTest - WalTest.dll - WalTest.ini Libxml2.dll – This library only needs to be in this directory if it is not already in a directory that appears in the environment variable PATH. For example if Common is already in PATH, it is not necessary that libxml2.dll is in the WalTest directory. The following files are created during execution of this local process: - WalTest.dat - WalTest.log WalUpd local process Installed in < AdminIEClientPath >\WalUPd - WalUpd.dll - WalUpd.ini - Counters.ini - WalUpd.log (generated during execution) Libxml2.dll – This library only needs to be in this directory if it is not already in a directory that appears in the environment variable PATH. For example if Common is already in PATH, it is not necessary that libxml2.dll is in the WalUpd directory. The following files are created during execution of this local process: - Counters.ini - WalUpd.log The subfolder Data is created and contains the Catalog subdirectory which can have the following files: - WEB_GUID WEB_CATALOG LAST_GUID LAST_CATALOG LOCAL_CATALOG RUMOR_TABLE LOCAL_CATALOG.TMP and the Files subdirectory is created which temporarily holds the files needed for updates. Panda Cloud Office Protection – Advanced Administration Guide 191 Panda Cloud Office Protection Advanced Administration Guide WalUpg local process Installed in < AdminIEClientPath >\WalUPg - WalUpg.dll - WalUpg.ini - PavGenUn.exe Libxml2.dll – This library only needs to be in this directory if it is not already in a directory that appears in the environment variable PATH. For example if Common is already in PATH, it is not necessary that libxml2.dll is in the WalUpg directory. The following files are created during execution of this local process: - Counters.ini WalUpg.log WAUPGTD.dat WAC_Installer.log The subfolder Data is created and contains the Catalog subdirectory which can have the following files: - WEB_GUID WEB_CATALOG LAST_GUID LAST_CATALOG LOCAL_CATALOG RUMOR_TABLE LOCAL_CATALOG.TMP and the Files subdirectory is created which temporarily holds the installers needed for product installations/updates. WalTask plugin Installed in < AdminIEClientPath >\WalTask - WalTask.dll - WalTask.ini Libxml2.dll – This library only needs to be in this directory if it is not already in a directory that appears in the environment variable PATH. For example if Common is already in PATH, it is not necessary that libxml2.dll is in the WalTask directory. The following files are created during execution of this local process: - WalTask.log SCAN_TASKS.DAT WalSysCf plugin Installed in < AdminIEClientPath >\WalSysCf - WalSysCf.dll Panda Cloud Office Protection – Advanced Administration Guide 192 Panda Cloud Office Protection Advanced Administration Guide - WalSysCf.dat Libxml2.dll – This library only needs to be in this directory if it is not already in a directory that appears in the environment variable PATH. For example if Common is already in PATH, it is not necessary that libxml2.dll is in the WalSysCf directory. The following file is created during execution of this local process: - WalSysCf.log WalSysUd plugin Installed in < AdminIEClientPath >\WalSysUd - WalSysUd\WalSysUd.dll Local process manager Installed in < AdminIEClientPath >\WasLpMng - WapLpMng.exe WasLpMng.exe Config\Plugins.tok (in the config sub-directory) WapLpmng.ini WasLpmng.ini The following files are created during the installation process: - WapLpmng.log - WasLpmng.log Task scheduler Installed in < AdminIEClientPath >\Scheduler - PavAt.exe PavSched.exe PavAt3Api.dll Config\tokens.tok (in the config sub-directory) The following files are created during execution of this local process: - Pavsched.cfg (generated during the installation process) - Tasklist.lst (generated installation but not distributed) Watchdog Installed in < AdminIEClientPath >\WasWD - WasWD.exe - WasWD.conf The Data subfolder is created during installation containing the following file: - WASWD.log Panda Cloud Office Protection – Advanced Administration Guide 193 Panda Cloud Office Protection Advanced Administration Guide All must be deleted during uninstallation. Common libraries Installed in < AdminIEClientPath >\Common - APIcr.dll avdetect.ini Libxml2.dll MiniCrypto.dll PavInfo.ini pavsddl.dll PSLogSys.dll Pssdet.dll psspa.dll putczip.dll puturar.dll putuzip.dll WalAgApi.dll WalCount.dll WalMnApi.dll WalMnApi.ini WalMnApi.log WalOsInf.dll WalUtils.dll WalUtils.ini WalUtils.log The Data subfolder is created during execution, which contains the protection policies so that they are available when the protection is installed. The following files are created: - PavInfo - WalUtils.log - WALMNAPI.log Services Panda Endpoint Agent uses four services which have to be installed/uninstalled. These are: - PavSched.exe This is the task scheduler installed with the agent and that allows you to launch and schedule tasks needed for administration. - WasAgent.exe This is the service that receives messages from other agents. It is part of the administration agent. - WasLpMng Panda Cloud Office Protection – Advanced Administration Guide 194 Panda Cloud Office Protection Advanced Administration Guide This is the local process manager. This loads and calls the corresponding dll according to the specified local process token. - WasWD This is the Watchdog. This periodically verifies that all services that have been specified are executing and if not it launches them again. The services are installed, calling the executable through the option -install, and are uninstalled through the option -remove. Deployment of Panda EndPoint Protection (AV + FW) The default installation path is: ‘%PROGRAMFILES%\Panda Security\WAC\’ Directory structure in the installation path. InstallPath Install FileResident drivers I386 X64 X86 Firewall Legacy License psqstore Restore xxxxxxxxxx Rpt Sent Temp Works InstallPath Panda EndPoint Protection installation path. This contains the files needed for Panda EndPoint Protection to operate. Panda Cloud Office Protection – Advanced Administration Guide 195 Panda Cloud Office Protection Advanced Administration Guide Install FileResident Contains the binaries used when installing/uninstalling the units. Binaries for installing the file resident (not created in systems with Windows 2000). drivers Folder from which the installer gets the binaries to install the file resident. I386 Folder from which the installer gets the binaries to install the file resident (only XP X64 Folder from which the installer gets the binaries to install the file resident (only x86). x64). X86 Folder from which the installer gets the binaries to install the file resident (Vista and Server 2008 x86). Firewall Folder from which the installer gets the binaries to install the firewall. Legacy Files included for 32-bit compatibility that cannot be included in the root folder due to name collision. (only in x64) License Directory with the license documents for third-party technology. psqstore Quarantine configuration files and items moved to quarantine. Restore It contains the items restored from quarantine when they’ve been moved by the email protection or when they couldn’t be restored to the original path. Each item is restored to a different folder using the name of the quarantine identifier. Rpt Reports on detections, events, etc. which are sent to the Web console. Sent This contains the reports that are being sent to the Web console. The reports only appear here during the process of sending them (they are then deleted). Temp Temporary configuration files created during the scan. Works Configuration XMLs of the protection. Registry entries in Panda Software Panda Cloud Office Protection – Advanced Administration Guide 196 Panda Cloud Office Protection Advanced Administration Guide PandaSoftware Key in “HKEY_LOCAL_MACHINE\Software\Panda Software” in which the rest of the Panda product keys and values are located. Internet Configuration values for Webproxy technology (responsible for the HTTP and POP mail protection) Panda Antivirus Exchange/Outlook Panda Antivirus Lite Panda Network Manager Panda Service Host Values needed for the Exchange client mail protection. Information to use the AV such as, version, installation path, units installed, etc. Information to use the Firewall. Values needed for the service responsible for managing the firewall. Plugins Incorporates all the plugins loaded at that moment in the service. Presently, there are plugins available for Firewall. Setup Product information, such as, name, version, ID, installation path, etc. Registry entries in Windows\CurrentVersion This section deals with the registry entries ClientShield creates in “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” key. Panda Cloud Office Protection – Advanced Administration Guide the 197 Panda Cloud Office Protection Advanced Administration Guide CurrentVersion Run Uninstall {UID} CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion Run Uninstall System key that indicates the path of the applications launched at the beginning. System key with information about uninstallers of products installed on the system. {UID} Key with the information needed to uninstall the product. Panda Cloud Office Protection – Advanced Administration Guide 198 Panda Cloud Office Protection Advanced Administration Guide Registry entries in Services Registry entries needed for the functioning of the protection drivers and services. Panda Cloud Office Protection – Advanced Administration Guide 199 Panda Cloud Office Protection Advanced Administration Guide Services HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services AmFSM File permanent protection driver (Windows Vista and x64 platforms). APPFLT Firewall driver DSAFLT Firewall driver FNETMON Firewall driver IDSFLT NETFLTDI Firewall driver Firewall driver NETIMFLT* Firewall driver The service name is not a fixed value. Varies depending on the version. The name is NETIMFLT*, where * is the string of variable characters. Panda Software Controller Panda Software Controller service entries. Panda Cloud Office Protection – Advanced Administration Guide 200 Panda Cloud Office Protection Advanced Administration Guide PavDrv PavFnSvr File permanent protection driver Entries of the Panda Function Service PavSrv Resident file service entries PsHost PsHost service entries PsImSvc PskSvc SMSFLT Entries of the Panda IManager Service Entries of the Panda Kernel Service (only in Windows Vista) Firewall driver Registry entries (other) ExchangeClient Extensions ExchangeClient HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client Extensions This key includes the values needed to register the mail resident as an extension of the Outlook Exchange client. Services - Panda Antivirus Service File resident service responsible for searching the system for malware. - Panda Function Service Antivirus management service. - Panda Host Service Service used for managing the firewall. - Panda IManager Service Service for generating warnings and reports concerning the actions of the antivirus (detection of malware, updates, installation/ uninstallation of protection units, etc). - Panda Kernel Service Antivirus kernel service. Only in Windows Vista. - Panda Software Controller Antivirus management service. -Processes Apart from the services mentioned above, the following processes can be run on the system: - Avciman.exe Process used by the warnings and reports service (Panda IManager Service) for generating warnings on the local computer. - Avengine.exe Process used by resident file for malware detection. - AvTask.exe Process responsible for on-demand scans. Panda Cloud Office Protection – Advanced Administration Guide 201 Panda Cloud Office Protection Advanced Administration Guide - Console.exe Window for managing the firewall in personal mode. When the status is administrative mode, the firewall status is displayed. - LSPTest.exe Diagnoses the LSP layers installed by the antivirus so if they are incorrectly installed they will be repaired. - Panicsh.exe Process used for resolving problems in the file resident. - PFDNNT.exe Process used for disinfecting infected files. - PrRepair.exe Tool for restoring the resident in Outlook Exchange mail if it is disabled due to errors. - PsCtrlC.exe It shows the antivirus status in the systray. - PsImReal.exe Generates network warnings and reports to be sent to the Panda Cloud Office Protection Web console. - Webproxy.exe Mail resident for Outook Express and HTTP resident. Deployment of Panda EndPoint Protection (only AV) Deployment of directories Panda Cloud Office Protection – Advanced Administration Guide 202 Panda Cloud Office Protection Advanced Administration Guide InstallPath Install FileResident drivers I386 X64 X86 Legacy License psqstore Restore xxxxxxxxxx Rpt Sent Temp Works InstallPath Panda EndPoint Protection installation path. This contains the files needed for Panda EndPoint Protection to operate. Install FileResident Contains the binaries used when installing/uninstalling the units. Binaries for installing the file resident (not created in systems with Windows 2000). drivers Folder from which the installer gets the binaries to install the file resident. I386 Folder from which the installer gets the binaries to install the file resident (only XP X64 Folder from which the installer gets the binaries to install the file resident (only x86). x64). X86 Folder from which the installer gets the binaries to install the file resident (Vista and Server 2008 x86). Legacy Files included for 32-bit compatibility that cannot be included in the root folder due to name collision. (only in x64) License Directory with the license documents for third-party technology. psqstore Quarantine configuration files and items moved to quarantine. Panda Cloud Office Protection – Advanced Administration Guide 203 Panda Cloud Office Protection Advanced Administration Guide Restore It contains the items restored from quarantine when they’ve been moved by the email protection or when they couldn’t be restored to the original path. Each item is restored to a different folder using the name of the quarantine identifier. Rpt Reports on detections, events, etc. which are sent to the Web console. Sent This contains the reports that are being sent to the Web console. The reports only appear here during the process of sending them (they are then deleted). Temp Temporary configuration files created during the scan. Works Configuration XMLs of the protection. Registry entries in Panda Software Panda Software Internet Panda Antivirus Exchange/Outlook Panda Antivirus Lite Setup PandaSoftware Key in “HKEY_LOCAL_MACHINE\Software\Panda Software” in which the rest of the Panda product keys and values are located. Internet Configuration values for Webproxy technology (responsible for the HTTP and POP mail protection) Panda Antivirus Exchange/Outlook Panda Antivirus Lite Setup Values needed for the Exchange client mail protection. Information to use the AV such as, version, installation path, units installed, etc. Product information, such as, name, version, ID, installation path, etc. Registry entries in Windows\CurrentVersion This section deals with the registry entries ClientShield creates in “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” key. the CurrentVersion Run Uninstall {UID} Panda Cloud Office Protection – Advanced Administration Guide 204 Panda Cloud Office Protection Advanced Administration Guide CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion Run Uninstall System key that indicates the path of the applications launched at the beginning. System key with information about uninstallers of products installed on the system. {UID} Key with the information needed to uninstall the product. Registry entries in Services In this section we describe the registry entries created for the services and drivers of the protection. Services AmFSM Panda Software Controller HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services File permanent protection driver (Windows Vista and x64 platforms). Panda Software Controller service entries. PavDrv File permanent protection driver PavSrv Resident file service entries PsImSvc PskSvc Entries of the Panda IManager Service Entries of the Panda Kernel Service (only in Windows Vista) Registry entries (other) ExchangeClient Extensions ExchangeClient Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client Values for the registration of the file resident as an Exchange client extension. Panda Cloud Office Protection – Advanced Administration Guide 205 Panda Cloud Office Protection Advanced Administration Guide Services - Panda Antivirus Service File resident service responsible for searching the system for malware. - Panda IManager Service Service for generating warnings and reports for the user concerning the actions of the antivirus (detection of malware, updates, installation/ uninstallation of protection units, etc). - Panda Kernel Service Antivirus kernel service. Only in Windows Vista. - Panda Software Controller Antivirus management service. Processes Apart from the services mentioned above, the following processes can be run on the system in an installation of Panda Cloud Office Protection with only the AV. - Avciman.exe Process used by the warnings and reports service (Panda IManager Service) for generating warnings on the local computer. - Avengine.exe Process used by resident file for malware detection. - AvTask.exe Process responsible for on-demand scans. - LSPTest.exe Diagnoses the LSP layers installed by the antivirus so if they are incorrectly installed they will be repaired. - Panicsh.exe Process used for resolving problems in the file resident. - PFDNNT.exe Process used for disinfecting infected files. - PrRepair.exe Tool for restoring the resident in Outlook Exchange mail if it is disabled due to errors. - PsCtrlC.exe It shows the antivirus status in the systray. - PsImReal.exe Panda Cloud Office Protection – Advanced Administration Guide 206 Panda Cloud Office Protection Advanced Administration Guide Generates network warnings and reports to be sent to the Panda Cloud Office Protection Web console. - Webproxy.exe Mail resident for Outook Express and HTTP resident. Deployment of Panda EndPoint Protection (only Firewall) The default installation path is: ‘%PROGRAMFILES%\Panda Security\WAC\’ InstallPath Install Firewall License Rpt Sent Temp Works InstallPath Panda EndPoint Protection installation path. This contains the files needed for Panda EndPoint Protection to operate. Install Contains the binaries used when installing/uninstalling the units. Firewall Folder from which the installer gets the binaries to install the firewall. License Directory with the license documents for third-party technology. Rpt Reports on detections, events, etc. which are sent to the Web console. Sent This contains the reports that are being sent to the Web console. The reports only appear here during the process of sending them (they are then deleted). Temp Temporary configuration files created during the scan. Works Configuration XMLs of the protection. Registry entries in Panda Software Panda Cloud Office Protection – Advanced Administration Guide 207 Panda Cloud Office Protection Advanced Administration Guide Panda Software Panda Antivirus Lite Panda Network Manager Panda Service Host Plugins Setup PandaSoftware Key in “HKEY_LOCAL_MACHINE\Software\Panda Software” in which the rest of the Panda product keys and values are located. Panda Antivirus Lite Panda Network Manager Panda Service Host Information to use the AV such as, version, installation path, units installed, etc. Information to use the Firewall. Values needed for the firewall management service. Plugins Incorporates all the plugins loaded at that moment in the service. Presently, there are plugins available for Firewall. Setup Product information, such as, name, version, ID, installation path, etc. Registry entries in Windows\CurrentVersion This section deals with the registry entries ClientShield creates in “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” key. the CurrentVersion Run Uninstall {UID} CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion Run Uninstall System key that indicates the path of the applications launched at the beginning. System key with information about uninstallers of products installed on the system. {UID} Key with the information needed to uninstall the product. Registry entries in Services Panda Cloud Office Protection – Advanced Administration Guide 208 Panda Cloud Office Protection Advanced Administration Guide Services HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services APPFLT Firewall driver DSAFLT Firewall driver FNETMON Firewall driver IDSFLT NETFLTDI Firewall driver Firewall driver NETIMFLT* Firewall driver The service name is not a fixed value. Varies depending on the version. The name is NETIMFLT*, where * is the string of variable characters. Panda Software Controller PavFnSvr PsHost Panda Software Controller service entries. Entries of the Panda Function Service PsHost service entries PsImSvc Entries of the Panda IManager Service SMSFLT Firewall driver Panda Cloud Office Protection – Advanced Administration Guide 209 Panda Cloud Office Protection Advanced Administration Guide Registry entries (other) ExchangeClient Extensions ExchangeClient HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client Extensions This key includes the values needed to register the mail resident as an extension of the Outlook Exchange client. Services - Panda Function Service Antivirus management service. - Panda Host Service Service that manages the Panda firewall. - Panda IManager Service Service for generating warnings and reports concerning the actions of the antivirus (detection of malware, protection updates, installation/ uninstallation of protection units, etc). - Panda Software Controller Antivirus management service. Processes Apart from the services mentioned above, the following processes can be run on the system. - Avciman.exe Process used by the warnings and reports service (Panda IManager Service) for generating warnings on the local computer. - AvTask.exe Process responsible for on-demand scans. - Console.exe Window for managing the firewall in personal mode. When the status is administrative mode, the firewall status is displayed. - PsCtrlC.exe It shows the antivirus status in the systray. - PsImReal.exe Generates network warnings and reports to be sent to the Panda Cloud Office Protection Web console. Panda Cloud Office Protection – Advanced Administration Guide 210