Endpoint Protector
Contents
1. Web Browser E mail Instant Messaging Cloud Services File Sharing Social Media Others Internet Explorer a Outlook Attachments A ICQ a Google Drive Client a F EasyLock A Chrome F F Outlook Body F AIM E iCloud Client J F Windows DVD Maker J F Mozilla Firefox Mozilla Thunderbird IF Skype E Dropbox Desktop a FileZilla M Opera E Windows Live Mail M Windows Live Messeng F iCloud Photo Stream g GoToMeeting a E Safari f F Outlook Express g F Yahoo Messenger SugarSync File Manag HTC Sync for Android F AOL Desktop 9 6 Windows Mail Gaim F uTorrent InfraRecorder Aurora Firefox AOL Mail Pidgin BitComet iTunes K Meleon Courier Trillian Microsoft Skydrive c F iTunes Apple F Maxthon X IBM Lotus Notes v IF Google Talk v LimeWire v F iTunes ConHost v All All All All F All There are five main categories of transfer destinations to control e Controlled device types comprises the list of all removable devices registered to Endpoint Protector Note For Controlled Device Types category Endpoint Protector will monitor file transfers both to and from removable media e Clipboard refers to all content captured through Copy amp Paste and Cut amp Paste operations 67 Endpoint Protector User Manual e Disable Print Screen refers to the screen capture option e Scan Network Share refers to content uploaded to l2. g ip A 3 Endpoint Settings Active Directory Import Step 2 Content Offline Temporary Password Se f Active Directory Reports and Analysis a Builtin a amp M Computers System Alerts a v zo 2 Domain Controllers Directory Services sol ee Ie Foreign SecurityPrincipals Active Directory Import a Program Data Active Directory Sync E 6 E System Active Directory Deployment ac I Test System Maintenance wea Users Q System Configuration B System Parameters O sme Back Import Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 If the import procedure was successful you will see the message Import completed Welcome Super Administrator Logout ENDPOINT i Reporting and Administration Tool Engish PROTECTOR eporting a mini i CoQ Advanced Search Dashboard Active Directory Import Shon ail departments Endpoint Management Endpoint Rights Endpoint Settings Active Directory Import Step 2 Content Offline Temporary Password SS Active Directory Reports and Analysis Hf Builtin a6 V Computers ap E aE Domain Controllers ForeignSecurityPrincipals System Alerts Directory Services D z A ry Oe le Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Active Directory Import Active Directory Sync Active Directory Deployment System Maintenance System Configuration System Parameters S
3. _ _ _ G3 Jun 2011 15 11 00 root B AA r lt auer 3 011 00 root TAAGO a System Parameters Oo u Se O3Jun 2011 1511 00 root Faxe lt _ OS Jun 2011 15 11 00 root Farge Support m 03 Jun 2011 15 11 00 root FAAO gt Jun 2011 18 11 00 ot FAAO e e Jun 20 oo root EA 4 xX ae nee 2 Jun 2011 15 11 00 BAIO 22 results 2 w per page TALT creste Endpoint Protector Copyright 2004 2011 CoSoSys Lid All nghts reserved Ready Version 4 0 08 Grouping computers and client users will help the administrator to manage the rights or settings for these entities in an efficient way This can be done from the Group Rights and Group Settings tabs When creating a new group there is the possibility to add multiple users computers simultaneously by using the checkboxes and the option Check all matched items 26 Endpoint Protector User Manual PROTECTOR Reporting and Administration Tool English yo Q Advanced Search Welcome Super Administrator Logout aa ENDPOINT 4 _ Dashboard Add a New Group Show all departments Endpoint Management SpE F a a COSOSYSPC Devices jonan Computers A naa Users m E Gro cososysPc E p Endpoint Rights lt e AH Endpoint Settings j Content Aware Protection z Q Search Mobile Device
4. Data Security Privileges allows you to restrict Sensitive Data sections access only to Super Administrators If this option is selected then only super administrators are able to view the Reports and Analysis section If this option is not selected then super administrators and also administrators are able to view the Reports and Analysis section 12 8 System Policies This module provides a useful shortcut to default server and device rights settings By accessing this module you can quickly and easily configure the Endpoint Protector 4 Server settings such as Log Upload Interval in minutes Local Shadow Size in MB Local Log Size in KB etc and default device group behavior for each device type separately There is also an option to manage the server s disk space The Administrator can enable a functionality called Automatic Log Cleanup Once enabled by click System Policies gt Automatic Disk Cleanup the server will start to overwrite old logs when it reaches a predefined percent value By doing this the server will never reach a hard drive Space limit Welcome Logout ENDPOINT 4 ye Reporting and Administration Tool English Q B PROTECTOR iii M Advanced Search Dashboard Default System Policies Show all departments Endpoint Management F ME eso vang Hode es Endpoint Rights Refresh Interval sec 12 aE Mode Normal y 4 Endpoint Settings 5 Content Aware Protec
5. Filter v p Endpoint Rights RES Device Rights User Rights Name Description Actions Computer Rights Global Rights _ gR Effective Rights ee o R File Whitelist E X Endpoint Settings _ e lee EA k Offline Temporary Password E EA E Reports and Analysis Ef pe pum E4 A System Alerts peo c SEE EA Ef EJ Directory Services O o EiS a ua aa EA s Ef System Maintenance pue R 7 Jz gt EA Q System Configuration E Ea ra a System Parameters Ef S E_ EA O Support SS x SESE SEE EA 22 results 20 per page Woe 12 Jd D Edt An Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 The administrator can use the Edit All action here to edit rights for all groups at once D Edit All 34 Endpoint Protector User Manual 4 5 Global Rights This module applies rights to computers in the entire system A A ry 2 PROTECTOR Dashboard Endpoint Management Endpoint Rights Device Rights User Rights Computer Rights Group Rights Global Rights Effective Rights File Whitelist Endpoint Settings Offline Temporary Password Reports and Analysis System Alerts Directory Services System Maintenance System Configuration System Parameters Support Reporting and Administration Tool Cc a Advanced Search ie Management of G
6. Enable Settings Certificates m Use certificates for encrypted connections and identification dear SS state certcates AutoComplete 2 AutoComplete stores previous entries on webpages and suggests matches for you Feeds and Web Slices Feeds and Web Slices provide updated content from websites that can be read in Internet Explorer and other programs 158 Endpoint Protector User Manual From the Certificates list select Trusted Root Certification Authorities and click on the Import button Issued To Issued By Expiratio GalAddTrust External AddTrust External CA 5 30 2020 USERTrust al Certum CA Certum CA 6 11 2027 Certum EalClass 3 Public Prima Class 3 Public Primary 8 2 2028 VeriSign Class 3 Ga Class 3 Public Prima Class 3PublicPrimary 1 8 2004 VeriSign al Copyright c 1997 Copyright c 1997 Mi 12 31 1999 Microsoft Timest Gal DigiCert High Assur DigiCert High Assuran a DigiCert Enirust net Secure Enitrust net Secure Se GalEquifax Secure Cer Equifax Secure Certifi GalGlobalsign Root CA GlobalSign Root CA Import Export Remove Certificate intended purposes Learn more about certificates 159 Endpoint Protector User Manual A Welcome to the Certificate Import Wizard pops up Just click the Next button Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust
7. For a better organization and manageability a computer can be assigned as belonging to a Group several computers within the same office a group of computers which will have same access rights or settings or to a Department an alternative organization to groups For more details about departments please see paragraph 11 3 System Departments 3 4 Groups This module is responsible for editing groups Edit Manage Rights Manage Settings and Delete are the commands available from this section Welcome Super Administrator Logout ENDPOINT 4 si ae PROTECTOR Reporting and Administration Tool Engish iw Q Advanced Sears Dashboerd Our f Endpoint Management Fiter Devices Computer Results Users Groups Kame Description Department Modihed st Modified by Action Re Endpoint Rights Defaut Department 3Jun 201 oo root ic a Endpoint Setti oo e un 201 root BAAG r is _ esS _ i a 63 2011 1511 00 root B a 4 fea Offline Temporary Password FAX e O o ee MM OSJun 2011 1511 00 ot EA QAO E Reports and Analysts gt 11 00 ot BAAO n EE Err S e Jun 2011 16 11 00 root Fare A System Alerts ee a OdJun 2011 15 11 00 root PAA ee a O3 Jun 2011 15 11 00 root FAAO Directory Services T a 03 Jun 2011 15 11 00 root TAAGO aas 03 Jun 2011 1511 00 ot TFAG M z DAOA POON gt jun 2011 15 FA A Q System Configuration
8. ssssssssssssssrnnrsrnnrnrnsrnrrrrnrnrrnrrrnnne 104 11 System Maintenance sssssssssessssrssn 109 ILL FIG Malin CMa Ces rnrn nener EEEE EEN ENEE 109 dee sO SECM SNAPS NOLS daaetiuetteetavawinedsvaciandsradceecadaeetesedeeniae 110 1300 BACKUP serrr cuss euevuwaienes evawivangueterevevexeunaeuasererewanaenesant 112 11 3 1 Backup Scheduler Automatic Log Backup eeeeeees 113 11 4 Content Aware Log BackUp sssssssssssssssrnrusnnnnenrnnrnenenns 115 11 4 1 Automatic Scheduler Automatic CAP Log Backup 116 12 System Configuration s ssessssessssss 118 I2 e CERES O ON ON E a E E E EE EA A E E 118 12 2 Client Software Upgrade ssssssesssnsnrenrnnrrrnnrnrenrnnrrrennne 119 TZ CENE UNIOS Call Sass asnan SEEEN ESENE 120 12 4 EasyLock Software Download ssssesssserssrsrrersrrererrrrrenrne 121 12a Sy tem AMIN atO S onsas E 122 12 60 System DepartmentS sssassssasssesssnessssasnsossnananasnanesnnne 123 12 7 System Security Client Uninstall Protection ccceee 125 EZ Os SCC FP ON CCS cranecenecawauerercuguercuaieneieweubucheweugusxevcuorereuas 126 12 VSG SCCUINGS E E A A E E E E 128 12 10 System LICENSING arsrsrsrrinrsr niina Er rnar rSn Er rE naD 129 1210 APP UZ T MO a EAE E 131 Letas TAa MOG iener E T A ENA 132 12 10 IMPO LICENSE erresira 132 V Endpoint Protector User Manual 13 System Parameters cccececeeeeeeneneees 135 LO DOVE AYDO i E E E 135 Laa ROE aE gass
9. 07 Mar 2014 14 08 2 System Maintenance root Content Aware Regex EDT Regular Expression Name Regular Expression Name 07 Mar 2014 14 08 2 root Content Aware Regex CREATE Regular Expression Name 07 Mar 2014 14 038 2 om System Configuration root Content Aware Protection CAP EDIT i 07 Mar 2014 14 02 2 root Configuration signedEnvelope Certificate Signing Request CSR 07 Mar 2014 14 01 2 System Parameters EAEE ce root User Authentification SIGN IN User Logging 07 Mar 2014 13 55 5 Support root User Authentification SIGN IN User Logging 07 Mar 2014 13 50 2 root User Authentification SIGN IN User Logging 07 Mar 2014 13 40 3 root User Authentification SIGN IN User Logging 07 Mar 2014 13 37 0 root Administrators EDIT First Name Email 07 Mar 2014 06 20 5 root User Authentification SIGN IN User Logging 07 Mar 2014 06 20 2 root User Authentification SIGN OUT User Sign Out 07 Mar 2014 06 20 2 rr Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance The logs can be exported in a csv file while the filter can help find the desired information quickly and easily 82 Endpoint Protector User Manual 8 7 Online Computers Welcome Super Administrator Logout m Baii SROTECTOR 4 Reporting and Administration Tool Engish Q Advanced Search p3 Dashboard Online Computers Show all departments Endpoint Management i
10. 10 72KB eR 192 168 56 1 2014 09 09 12 18 35 2014 09 05 08 21 36 Windows OD Sas ee 30 46 KB Wiar EE 192 168 56 1 2014 09 09 12 18 14 2014 09 05 08 21 14 Windows O im a M g System Maintenance System Configuration System Parameters Support 44 results 20 x per page Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved M 4 123 gt Ready Version 4 4 0 4 81 Endpoint Protector User Manual 8 6 Admin Actions Every important action performed by administrators in the interface is recorded Clicking the view details button will open the Admin Actions Details page where further details about the specific event is shown with the status of the modified feature before and after the change took place Welcome Logout Reporting and Administration Tool English vy Q ENDPOINT 4 PROTECTOR Advanced Search Admin Actions Showing departments Default Department FA 4 Endpoint Management p Endpoint Rights Reais A Endpoint Settings Administrator Section Action Type Before After Created at v Content Aware Protection CAP root Computer Settings EDIT IP IP 07 Mar 2014 15 35 1 root Computer Rights EDIT Computer Name Computer Name 07 Mar 2014 15 34 5 Mobile Device Management root Content Aware Policies POLICY APPLIED TO Policy Name Policy Name 07 Mar 2014 15 31 4 kes Offline Temporary Password root
11. 20 per page Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 The administrator can see which devices are connected to what computers and also the client user who is accessing them The administrator can also use the action buttons View Logs and Manage Rights to quickly administer the device EIS 85 Endpoint Protector User Manual 8 10 Computer History This module shows all computers that were at least once connected to the server With the help of the Export button the logs can be saved to a csv file while pressing the View Machine log will show the Logs Report page filtered for the respective Computer a li ji Reporting and Administration Tool Welcome Logout English l Q Advanced Search Dashboard Computers History Endpoint Management Filter p Endpoint Rights Results Showing departments Default Department RH Endpoint Settings Computer Name Content Aware Protection CAP Mobile Device Management y Offline Temporary Password Reports and Analysis 5 results 20 per page Aamin AcUONS Online Computers Online Users Online Devices Computer History User History Device History Statistics A Alerts Directory Services amp Appliance System Maintenance Q System Configuration System Parameters so Endpoint Protector 4 Copyright 2004 2014 CoSoSy
12. 50 per page 3 System Maintenance Export t Back System Configuration System Parameters Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved All tabs described below will have a filter option at the beginning of each table This will add or remove columns based on the content considered relevant Logs Report Filter Results Event name Show Hide Columns Ready Version 4 4 0 4 76 Endpoint Protector User Manual 8 1 Logs Report The most powerful and detailed representation of activity recordings can be achieved using this module It allows the administrator to see exactly what actions took place at what time This information also contains the computer name user and device used and also the action taken and the files accessed The granular filter included in this module is designed to make finding information quick and easy Logs Report Filter a Client Computer Domain Name Client User Device Device Type v Event name v Date Time Server Date TimefClient 6 Reset Q Apply filter The administrator has the possibility of exporting either the search results or the entire log report as a CSV file which can later be printed out for detailed analysis As an additional data security measure this module may be protected by an additional password set by the Super Administrator Protected Area x lt Additional Password Protection Th
13. CIETO Support a BIEDA F48ae 19 results so e per page crase Endpoint Protector Copyright 2004 2011 CoSoSys Lid All rights reserved Ready Version 4 0 08 This module has a self completing mechanism as soon as a user has some activity on the system and he is new in the system he will be added to the system database FAXEi Actions available in this group are Edit Manage Rights User History Export User History and Delete There are two users created by default during the installation process of Endpoint Protector 27 Endpoint Protector User Manual noUser is the user linked to all events performed while no user was logged in to the computer Remote users names who log into the computer will not be logged and their events will be stored as events of noUser Another occurrence of noUser events would be to have an automated script software which accesses a device when no user is logged in to the specific computer autorunUser indicates that an installer has been launched by Windows from the specific device It is the user attached to all events generated by the programs launched from the specific device when Autoplay is enabled in the Operating System The users can be arranged in groups for easier management at a later point Users can also be imported into Endpoint Protector from Active Directory through the Active Directory Plug in For details please see paragraph 10 1 Active
14. ENDPOINT PROTECTOR cososyvs I Endpoint Protector User Manual Table of Contents L INCrOCGUCTION cc cece ceeceteeeeeeeeeeeeteeeeeeeeeanes 1 1 1 What is Endpoint Protector cccccccseeeeeeeeeeeeeeeeeseneeneeneeges 2 L2 MIn FEQGUICS a a EAE E A dons 4 1 2 1 Centralized web based Device Management Dashboard 4 1 2 2 Control your data flow File Tracing File Shadowing A 1 2 3 Audit Trail Device Activity LOGGING ccccccee neces eeeeeeees 5 1 2 4 Audit Trail Reporting and Analysis Tools ccccceceeeeeeees 5 1 2 5 Sensitive Content Filtering ssssssssssssssnnrsnsnsnnrsnsnrnsrersene 5 1 2 6 File WAM CMS Canteen taransaucartncnetssapwencetasmmedeandnraseatocandehatebensei 5 1 2 7 Easy Enforcement of Your Security POlici S ccceeeeeeeeees 5 1 2 8 Network Offline Mode to Support Your Field Employees 5 1 2 9 Enforced Encryption protecting sensitive data in transit Trusted Device 6 1 2 10 Client Uninstall Protection s ssssssssssssrssennrnnrsnrnnenrensenna 6 1 2 11 Client Stop Protection Tamper Protection cccceeeeeeeseess 6 1 212 Backup OCNCGMHED qiert sccsesernansreunamesiessossrtaninnenery sen ere eee 6 1 3 Controlled Device Types Ports ccc cccccceee eee e eee eeeeeeeeeeenees 7 LA CONGU TON e cyeecteecgeeedyenteectseeeeedteeccceeteaauec 9 2 Server Functionality Server Components 10 2 1 Endpoint Protector Web
15. Endpoint Protector User Manual 13 2 Rights This list contains the rights which can be assigned on the system at any time ENDPOINT 4 PROTECTOR Dashboard Qo Cl Endpoint Management Endpoint Rights a g B a Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance System Configuration LACES BOR iag L Lao System Parameters Device Types Rights Events File Types Support 8 Reporting and Administration Tool Welcome Logout Advanced Search List of Possible Rights Show all departments Block WiFi if wired network is present 8results 50 ea per page Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Results Name Description Deny Access Deny Access Allow Access Allow Access Read Only Access Read Only Access Allow Access if TD Level 1 Allow Access if device is Trusted Device Level 1 Allow Access if TD Level 2 Allow Access if device is Trusted Device Level 2 Allow Access if TD Level 3 Allow Access if device is Trusted Device Level 3 Allow Access if TD Level 4 Allow Access if device is Trusted Device Level 4 Block WiFi if wired network connection is present Ready Version 4 4 0 4 137 Endpoint Protector User Manual 13 3 Events This list contains the events which will be logged for further reference Welcome Logout ENDPOINT 4
16. Endpoint Rights Namea User Logged Domain Workgroup l MAC Address Location Status Actions Pp A Endpoint Settings n eS E Onine E E T Onine 5 Offline Temporary Password 7 2 computers online 20 w per page iI Reports and Analysis Logs Report File Tracing File Shadowing Online Computers Online Users Online Devices Statistics Graphics System Alerts Directory Services System Maintenance System Configuration System Parameters O amp gt Bb Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 Offers real time monitoring of the client computers registered on the system which have an established connection with the server depends on the Refresh Interval if the Refresh Interval for computer X is 1 minute than the computer X was communicating with the server in the last 1 minute The administrator has the possibility of accessing the log for a certain computer by pressing the View Logs action button E Pressing this button will take you to the logs report where it will only display the actions of that specific computer for which the button was pushed 8 8 Online Users Shows a list of users that are connected to the Endpoint Protector Server in real time 83 Endpoint Protector User Manual 2users online 20 w per page A sen nr a system Par mete O vom Endpoint Protector Copyrigh
17. Ensuring Server Disk Space remains available for logs to be stored and policies are properly applied and alert can be setup when disk Space reaches 70 80 or 90 Device Control Logs Amount An alert can be sent each time the Number of Device Control Logs Stored reaches a specific amount The option to choose either from an interval between 10 000 rows or 10 000 000 rows or define a desired value are available Content Aware Logs Amount An alert can be sent each time the Number of Content Aware Logs Stored reaches a specific amount The option to choose either from an interval between 10 000 rows or 10 000 000 rows or define a desired value are available Note Both the APNS Certificate and Update and Support system alerts can be disabled from General Dashboard gt System Status 93 Endpoint Protector User Manual 9 2 Define Alerts Device Control Alerts Welcome Logout l Advanced Search Dashboard List of Alerts Show all departments Endpoint Management Result rita lla Reporting and Administration Tool Enin es Endpoint Rights Client Computer Group Device Type Device Event Actions A Endpoint Settings Any My testing Computer 1 Any Any Any Connected x Any My testing Computer 2 Any Any Any Blocked FZO Content Aware Protection CAP 2results 20 _ per page Mobile Device Management Offline Temporary Password Reports and Analysis A Alerts Defin
18. 192 168 0 96 2014 03 11 17 29 19 2014 03 11 16 29 25 Windows B am 108 33 KB PNG Image D E 192 168 0 96 2014 03 11 17 29 17 2014 03 11 16 29 23 Windows B Online Computers SEES 14 24KB PNG Image ses OES 192 168 0 96 2014 03 11 17 29 11 2014 03 11 16 29 17 Windows BA Oelie 106 85 KB PNG Image gt 192 168 0 21 2014 03 11 14 59 40 2014 03 11 13 59 44 Windows i M 226 28 KB PNG Image gt 192 168 0 21 2014 03 11 14 58 30 2014 03 11 13 58 34 Windows B A Alerts E eee 36 B gt z 192 168 0 20 2014 03 11 12 06 27 2014 03 11 11 06 30 Macintosh E i i e a 36B 192 168 0 20 2014 03 11 12 03 12 2014 03 11 11 03 14 Macintosh Me c 36B 192 168 0 20 2014 03 11 12 02 03 2014 03 11 11 02 06 Macintosh amp Appliance SS SSE SS 36B z 192 168 0 20 2014 03 11 12 00 19 2014 03 11 11 00 21 Macintosh BA E 36B 192 168 0 20 2014 03 11 11 58 28 2014 03 11 10 58 30 Macintosh System Maintenance e a ee 36B 192 168 0 20 2014 03 11 11 40 35 2014 03 11 10 40 37 Macintosh eee 2058 data 192 168 0 115 2014 03 11 11 39 19 2014 03 11 10 39 19 Macintosh EJ oA System Configuration e a 36B 192 168 0 20 2014 03 11 11 37 27 2014 03 11 10 37 30 Macintosh J 46 63 KB iens file gt 192 168 0 21 2014 03 11 11 35 16 2014 03 11 10 35 20 Windows ell coral hae oe 9B 192 168 0 21 2014 03 11 11 35 15 2014 03 11 10 35 19 Windows B l
19. C a cbd5c5895db6336e15312eb126d27d21 1 22MB application x ace test for exceptions from sys policies Web Browser Mozilla Firefox Te ca2dbdece86e29101bf9f7bc06693b39 1013KB image gif test for exceptions from sys policies Web Browser Mozilla Firefox Te 0de7cc7a79396fbd6d08cc27c6f09895 140 65 KB image gif test for exceptions from sys policies Web Browser Mozilla Firefox e 730ddd0fe402efc1d41f33e574f6c08d 3 08 KB text x tex test for exceptions from sys policies Web Browser Mozilla Firefox e 69d6ba69f6ce6 f14d10f40dedcf8abfd 10 72KB text x shellscript test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 Sse text x python test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 m text x python test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 Stele text x c test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 e text x python test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 IE Set application encrypted x ac test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 SE SSS application encrypted x ac test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 Sse ee 65853869e8417352d09d25a66b243f4e 571 B application encrypted x ac Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 The administrator has the possibility of exporting both the search results and the entire log
20. Extensions must start with dot and end in a semicolon Example mp3 vob exe z Settings 3 System Maintenance Log Interval min 1 E System Configuration Local Log Size MB 9999 System Parameters Shadow Interval min 1 Shadow Size MB 9999 O Support Min File Size for Shadowing KB 0 Max File Size for Shadowing KB 512 Notifier Language English z Use Custom Client Notifications for this Language o Logging estaia 30 Jul 2007 20 07 02 Created by root Modified at 06 Sep 2014 10 37 29 Modified by root G Save t Back Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 50 Endpoint Protector User Manual 6 4 Custom Client Notifications This feature allows the administrator to edit the notification messages that appear from the Agent of Endpoint Protector for all available languages Custom Client Notifications can be globally enabled from the Endpoint Settings tab It can be individually checked on computers or groups Welcome Logout ENDPOINT 4 PROTECTOR Reporting and Administration Tool English v S Q Advanced Search Dashboard Management of Global Settings Show all departments Endpoint M t e oint Managemen insa croup p Endpoint Rights ie Global Description Global Group including all the machin RK Endpoint Settings ption TS Computer Settings Mode Group Settings Global Settings Refresh Interval sec 1
21. Flash Drives to handle and transfer confidential data To ensure the protection of data carried by users on authorized devices the Endpoint Protector administrator can allows users to copy work data only to a password protected encrypted area of an authorized device a so called Trusted Device In this way confidential corporate data is protected in case of hardware loss Endpoint Protector creates an audit trail that shows the use and activity of portable storage devices in corporate networks Thus administrators have the possibility to trace and track file transfers through endpoints and then use the audit trail as legal evidence for data theft For more details on Endpoint Protector please see the Data Sheet available on the company s website http www EndpointProtector com 4 Endpoint Protector User Manual 1 2 Main Features Your confidential sensitive data is only as safe as your endpoints are Designed for medium and large enterprises Endpoint Protector offers powerful features in order to control monitor and enforce network and endpoint security Endpoint Security for Windows Macintosh and Linux Workstations Notebooks and Netbooks Endpoint Protectors full feature set is available for Windows A reduced feature set is available for Macintosh OS X and Linux Ubuntu 10 04 LTS and openSUSE 11 4 Protects PCs from threats posed by removable portable storage and endpoint devices like USB Flash Drives MP3 P
22. 0 198 DATATRAVELER_2 0 St USB Storage Device SS 6585386968417352d09d25a66b243f4e 571B ace file gt Directory Services File Copy a 192 168 0 198 DATATRAVELER_2 0 USB Storage Device SSn Ste Se 75fd125bd481db68a4e89449c0fc8f84 7 26KB ace file File Delete 192 168 0198 DATATRAVELER_2 0 Se USB Storage Device P Python File Appliance File Delete S 192 168 0 198 DATATRAVELER_2 0 USB Storage Device m Python File System Maintenance as EJ a System Parameters O Support System Configuration 4174 results 20 per page ov Export b Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 Similar with the Logs Reports section you may need to enter an additional password set by the administrator in order to be able to access the list of files A special mention is given here to the File Hash column The Endpoint Protector application computes an MD5 hash for most of the files on which the File Tracing feature applies to By this way we ensure that threats coming from the changing of the content inside of files is mitigated 78 Endpoint Protector User Manual 8 3 File Shadowing Displays the list of file shadows and files that have been transferred from a protected computer to a portable device The list of files may be protected by an additional password set by the administrator In this case you will be prompted to insert the additional passw
23. 10 5 Snow Leopard x Mac OS X 10 4 Tiger es Offline Temporary Password Linux Ubuntu OpenSUSE Ky Reports and Analysis To install the Endpoint Protector Client on your dient computers please download it from the following location as Alerts To install the client software please provide the Endpoint Protector Server IP and Port i Endpoint Protector Server IP 192 168 7 70 Directory Se z Endpoint Protector Server Port 443 To install the client software under a certain department please provide the Department Code Appliance Department Code defdep 3 System Maintenance 32bit version Version 4 2 9 2 Windows System Configuration Windows 64bit version Version 4 2 9 2 Install Outlook Add on Yes No Client Software Mac OS X 10 5 Leopard Version 1 4 0 6 Client Software Upgrade Mac OS X 10 4 Tiger Version 1 0 9 0 Client Uninstall Linux Ubuntu 10 4 LTS Version 1 0 0 1 Download EasyLock Software Linux Ubuntu 12 4 LTS Version 1 0 3 1 Linux Ubuntu 14 4 LTS Version 1 0 5 1 System Administrators G j C Linux OpenSUSE 11 4 Version 1 0 0 1 System Departments System Security System Policies System Settings Endpoint Protector Client for Windows can be deployed over Active Directory System Licensing For more information please refer to Endpoint Protector User Guide a System Parameters O Support x Download selected version Endpoint Pr
24. 2 Client removal on MAC OS X To remove the Endpoint Protector Client you need to run double click in Finder the remove epp command file that was attached to the Endpoint Protector client package that you downloaded You will be prompted to enter the root password to perform administrative tasks 17 7 3 Client removal on Linux OS To remove the Endpoint Protector Client you need to run from the console terminal the uninstall sh file that was attached to the Endpoint Protector client package that you downloaded Note For exact uninstall instructions corresponding to your Linux distribution please consult the readme file available in the System Configuration Client Installation window by clicking the Read this before installing link 18 Installing Root Certificates to your Internet Browser 18 1 For Microsoft Internet Explorer Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 If there is no certificate in your browser you will be prompted with Certificate Error page like the screenshot below Certificate Error Naviga on Bla Windows Internet Explorer Gz Sing x EEE D amp mb Pagey Safetyv Toos yy Favorites B Cathicats Error eae Blocked tm There is a problem with this website s security certificate The security certificate presented by this website was not issu
25. 78 8 4 Content Aware Report ssssssesssrsrrnrrnrnrnrnrnrnrnnrnrnrrrrrnrnne 79 8 5 Content Aware File SHAGOWING ceeeeseeeeeeeeeeeeeeeeeeeeeeeeas 80 8G PACAP FACTO ox eee cae eee 81 Gale ONING COMIDURCIS sac cncevsscctseesiccicectausaduccectaaustcoasiestsetscaases 82 O0 ONING USOT i EEE EEEE E E EEEE EEES 82 8 9 ONNE DEVICES ssena ee 84 86 10 Computer HiIStOr Y sisssisniisssisnisinedaniiineia naina 85 OU er A O eaaa OE E E R ER 86 8 12 Device H StOTY ssssssssssnssnnnsrnnrrrnnrnrnrrnrnrnnrnrnnrnrnernrnrrnenro 87 Gedo A LIC eena e terran Wee eae alan EEEREN 88 SNA SE A E E A E E 89 9 1 Define System Alerts axactvncurintwnuueecevanianiiseeusaeisanmacereeices 91 IV Endpoint Protector User Manual 9 2 Define Alerts Device Control Alerts cccccceeeeeeeeeeeeeees 93 9 3 Define Content Aware Alerts cccccccceeesseeeeececseeeeeeeeenes 95 9 4 Define MDM Alerts stcwevcccesecccaduancyceeweuevendueeescedeceds sede snenecd 96 9 5 System Alerts H StOTY s ssssssssssnnsannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnanas 97 96 Alerts HISLONY aces avatentweatanewenutantecumieataenetestuawerertuenetertaeunes 98 9 7 Content Aware Alerts HIStOry ccccccsecseuseuveseeuseusenseuseusenss 99 9 8 MDM Alerts MISCO Y vie cwcncwexewenivanGercancneeewensaewercrenenenswaveuses 100 ts DrSc A OO aneri orup TEE LaTe 101 10 1 Active Directory IMpOrt sassssassnasnsnasusessnsonnnannnsnnnnennnao 101 10 2 Active Directory SYNC
26. Alerts Alerts History System Parameters Here you can determine the functionality of the entire system This module includes sections such as Device and File Types Rights and Events System Parameters Device Types Rights Events File Types 2 3 Accessing the Administration and Reporting Tool To access the Administration and Reporting Tool simply open a browser and enter the IP address of the Endpoint Protector Server the Endpoint Protector Appliance IP or the Server Host Name In case you enter the IP address please note that you must use the HTTPS Hypertext Transfer Protocol Secure prefix followed by the IP address of the Endpoint Protector Server 15 Endpoint Protector User Manual Example https 127 0 0 1 index php In case of using the Endpoint Protector Appliance the default IP address is https 192 168 0 201 If you use Internet Explorer we recommend that you add this page to Internet Explorer s trusted sites To do this follow the steps in paragraph 18 Installing Root Certificates to your Internet Browser 2 4 Login Credentials Username and Password The default username and password for Endpoint Protector 4 Administration and Reporting Tool are USERNAME root PASSWORD epp2011 To change the username and password and to create additional administrators please see paragraph 11 2 System Administrators 2 5 General Dashboard Some of the most important activities logge
27. Client XXXX XXKX KXKK KKKK Endpoint Endpoint Protector Client KIXK XXXX XKXX XXXX Endpoint Endpoint Protector Client XKXXX XXXX XXXX XXXX Endpoint Endpoint Protector Client Mobile Mobile Endpoint License Mobile Mobile Endpoint License Mobile Mobile Endpoint License Mobile Mobile Endpoint License Mobile Mobile Endpoint License Mobile Mobile Endpoint License 1 Year Updates amp Support for Mobile Device Management 1 Year Updates amp Support for Device Control amp Content Aware Protection 1 Year Updates amp Support for Device Control S 100 Licenses can be imported also by using the Paste Licenses option which allows to manually copy amp paste licenses into the system This option is recommended for online purchases when licenses are delivered directly in your e mail Faste Licenses The List Licenses button displays the list of imported license keys including the computers to which they were asisgned and the validity period List Licenses 134 Endpoint Protector User Manual ENDPOINT 4 PROTECTOR R BOBBED Eyes Gis Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Dashboard Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis System Maintenance System Configuration Client Software Client Software Upgrade Client
28. Content Aware Protection CAP CREATE ma 07 Mar 2014 15 30 4 root User Authentification SIGN OUT User Sign Out 07 Mar 2014 15 27 5 q Reports and Analysis root Administrators CREATE Username 07 Mar 2014 15 27 4 i root System Security SET DATA SECURITY PRIVILEGES Restrict Sensitive Data Access only to s Restrict Sensitive Data Access only to s 07 Mar 2014 15 27 2 Logs Report Ea root Device Rights EDIT Device Name Device Name 07 Mar 2014 15 10 5 Fie Tracing E root Device Rights EDIT Device Name Device Name 07 Mar 2014 15 10 4 File Shadowing a ET 2 Cadel dose Cent root Device Rights EDIT Device Name Device Name 07 Mar 2014 15 10 3 keds hier root Content Aware Regex CREATE Regular Expression Name 07 Mar 2014 15 00 4 Online Computers root Client Software DOWNLOAD Downloaded Endpoint Protector Client Sof 07 Mar 2014 14 59 2 Online Users root User Authentification SIGN IN User Logging 07 Mar 2014 14 58 5 Ta M root User Authentification SIGN IN User Logging 07 Mar 2014 14 35 1 A Alerts root Content Aware Regex DELETE Domain Whitelist Name 07 Mar 2014 14 32 0 root Content Aware Regex DELETE Domain Whitelist Name 07 Mar 2014 14 32 0 a 9 cig aac LE root Client Software DOWNLOAD Downloaded Endpoint Protector Client Sof 07 Mar 2014 14 16 0 amp Appliance root User Authentification SIGN IN User Logging 07 Mar 2014 14 14 3 root Content Aware Regex EDIT Regular Expression Name Regular Expression Name
29. Directory Import 3 6 Custom Classes This module is responsible for creating new classes of devices for an easier management inside the system It is a powerful function especially for devices belonging to the same vendor and or being the same product same VID and or PID Custom Class Name USB Storage Device deny Description USB Storage Device deny class Right Deny Access Device Type USB Storage Device EKE Device Class Note In the fields bellow enter the information in the following order Device Type VID PID Description USB Storage Device z aaaa BBBB custom device Devices G Save Back By selecting Endpoint Management gt Custom Classes the administrator is able to create and edit custom classes by adding new entities to the existing ones List of Custom Classes Results Name Description Right Actions CD ROM Allow CD ROM Allow class Allow Access FAQ USB Storage Device deny USB Storage Device deny class Deny Access gR Fil 2 results 50 per page o Create t Back 28 Endpoint Protector User Manual When creating a new custom class or editing an existing one the administrator may provide a unique name and a short description followed by the specification of the rights that will be automatically applied to all included devices Edit Custom Class Name CD ROM Allow Description CD ROM Allow class Allow Access o t Back G Save G Save and Add Note The right
30. ENDPOINT 4 ds PROTECTOR Reporting and Administration Tool Engish Q T Dashboard Endpoint Management Device Offine Temporary Password Computer Offline Temporary Password Content Aware Protection Offine Temporary Password Ce Endpoint Rights End Setti E Choose computer TEST PC e Content Aware Protection CAP Other Options amp Mobile Device Management oo 7 Duration 30 min Offline Temporary Password Offline Temporary Password Generate Cove Reports and Analysis j A Alerts Password GBB directory services System Maintenance Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid Al rights reserved Ready Version 4 4 0 2 The administrator can allow the use of all the endpoints on an offline computer He does this by generating a Computer Offline Temporary Password After selecting the computer and duration the password will be generated by clicking on the Generate Code button The obtained password will be communicated to the user for temporarily allowing the use of all the endpoints as explained in paragraph 5 5 5 4 Content Aware Protection Offline Temporary Welcome tt Logout fe ENDPOINT 4 regana e Engish CQ PROTECTOR a nna nN ee an fi Fe Dashboard Generate Offline Temporary Password al Endpoint Management Device Offine Temporary Password Computer Offine Temporary Password Content Aware Protection Offline Temporary Password s End
31. GIF lv ico BMP I TIFF More File Types Office Files fy al 7 Word 7 Excel V PowerPoint V PDF Infopath 7 Outlook More File Types Archive Files vy al lv zip 7 ZiP password J 7z W RAR ACE V TAR More File Types Programming Files J All W amp cpp jav T py Z sh csh Y bat cmd V pas 7 xml dtd More File Types Other Files iv Al WZ AutoCAD fies 7 Text files V DRM Files sys dil f Fasoo Files 7 Journal files More File Types Media Files vy al mov I mp3 V m4a mp4 iv wa wma V avi More File Types Sa t Back Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 A policy can be enforced to detect amp report all transfers of sensitive content data and or block all transfers Block amp Report A Report only Note The Block amp Report action will block all file transfers on the selected network entity We recommend using the Report only action initially to detect but not block data transfers This way no activity will be interrupted and you can gain a better view of data use across your network By default data control is turned off To activate the defined content rules a newly created policy must be enabled ON The policy status can be changed later by using the simple ON OFF switch from the policy icon On 66 Endpoint Protector User Manual Note An enabled ON Policy will be enforced only af
32. Handhelds PDAs This category includes Nokia N Series Blackberry and Windows CE compatible devices Windows Mobile devices etc iPods iPhones iPads These devices can be enabled disabled via Endpoint Protector MP3 Player Media Player Devices These devices can be enabled disabled via Endpoint Protector External HDDs portable hard disks These devices can be enabled disabled via Endpoint Protector FireWire Devices These devices can be enabled disabled via Endpoint Protector PCMCIA Devices These devices can be enabled disabled via Endpoint Protector Biometric Devices These devices can be enabled disabled via Endpoint Protector Bluetooth These devices can be enabled disabled via Endpoint Protector Printers Applies to serial USB and LPT connection methods These devices can be enabled disabled via Endpoint Protector ExpressCard SSD These devices can be enabled disabled via Endpoint Protector 9 Endpoint Protector User Manual 1 4 Conclusions As information theft and data leakage are a reality of today s business world effectively preventing all possible security breaches is becoming an ultimate concern for enterprise security experts Endpoint security comes to complete your existing security policies aiming to render it full proof As new circumvention and data compromising techniques come to diminish the benefits of new devices and gadgets Endpoint Protector
33. Password Oanncoos iss Offline Temporary Password Save Ky Reports and Analysis Data Security Privileges as Alerts Restrict Sensitive Data Access only to super administrators Directory Services Save ma Appliance Additional Security Password for Sensitive Data Protection 3 System Maintenance Current Password Oe System Configuration New Password j 2 eeeeeee0 Client Software New Password confirm eeeeeeee Client Software Upgrade Client Uninstall Save Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing GE System Parameters Q support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 Endpoint Protector 4 offers a new configuration option Proxy Settings Proxy Server Settings IP Usenmame Password Note This information refers to networks with configured Proxy server to allow access to Endpoint Protector Live Update Due to the increasing number of companies that have a Proxy server in their network to control external access it appeared the need to provide a way of configuring this information also in Endpoint Protector 129 Endpoint Protector User Manual The necessary configuration details are IP the Proxy Server IP Username Password Proxy access credentials not mandatory Attention If these d
34. Protector User Manual When applying two policies to the same PC it is possible to block one type of file for example PNG files when they are uploaded through Mozilla Firefox while with a second policy to report only PNG files when they are uploaded through Internet Explorer In the same way it is possible to report only files that contain confidential words from a selected dictionary that are sent through Skype while with the second policy to block the same files if they are sent through Yahoo Messenger Similarly it is possible to create combinations that block a file type or a file that contains predefined content custom content regular expression for one application while letting it through and report it only for another The following rules are used in the application of one or more Content Aware Policies on a computer user group department for each separately selected item e g a specific file type predefined information or a custom content dictionary Policy A with Policy B with Policy C with Endpoint Protector Priority 1 Priority 2 Priority 3 Action IGNORED IGNORED IGNORED Information will not be blocked or reported IGNORED IGNORED REPORTED Information will be reported IGNORED REPORTED REPORTED Information will be reported REPORTED REPORTED REPORTED Information will be reported IGNORED IGNORED BLOCKED Information will be blocked IGNORED BLOCKED BLOCKED Information will be block
35. Rights User Rights Computer Rights Group Rights Global Rights Effective Rights File Whitelist Endpoint Settings Reports and Analysis System Alerts Directory Services System Maintenance System Configuration System Parameters Os fey BPTaX Support Reporting and Administration Tool Edit User Rights A Currently the system is using both computer and user rights computer rights have priority Welcome Super Administrator Logout toon Te Advanced Search Show all departments Offline Temporary Password USB Storage Device Internal CD or DVD RW Internal Card Reader Internal Floppy Drive Local Printers Windows Portable Device Digital Camera BlackBerry Mobile Phones Sony Ericsson etc SmartPhone USB Sync SmartPhone Windows CE SmartPhone Symbian Webcam Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved User User Name First Name gt Last Name Device Types Allow Access m Preserve global setting v Preserve global setting v Preserve global setting Preserve global setting x Preserve global setting x Preserve global setting x Preserve global setting Preserve global setting x Preserve global setting e Preserve global setting ime Preserve global setting e Preserve global setting we iPhone iPad iPod Serial ATA Controller WiFi Bluetooth FireWire Bus Serial Port PCMCIA Device Card Reader Device
36. Services Appliance AZ System Maintenance ys System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 To create a new system alert go to Define System Alerts and click Create pm G Create There are several types of alerts available as shown below Create System Alert System Event Name Event Description Event Options ontent Aware Logs Amount 92 Endpoint Protector User Manual APNS certificate APNS certificates expire and have to be renewed on a regular basis These alerts eliminates the risks of having to re enroll all the mobile devices by sending an e mail reminder 60 30 or 10 days prior Updates and Support To ensure the Endpoint Protector Appliance is up to date a reminder can be sent regarding each module maintenance status Device Control Content Aware Protection and Mobile Device Management Endpoint Licenses As each network is constantly growing to eliminate the risks of having unprotected endpoints an alert can be generated It can be defined if the percentage of already used Endpoint Licenses reaches 70 80 or 90 Client Uninstall For a better management of a large network an alert can be sent each time an Endpoint Protector Client is uninstalled This is particularly helpful when there are several assigned Administrators Server Disk Space
37. System Parameters USB Storage Device US8_FLASH_DRIVE Allow Access No inherted from Global Potcies Global Buetooth Allow Access No inherted from Global Potcies Giodal O Support Local Printers Allow Access No inherted from Global Potcies Global Webcam Allow Access No inmerted from Globe Potcies Global USB Storage Device ADATA USB Flash Drive Allow Access No inderted from Global Policies Global Pad Allow Access No inherted from Global Policies Global Pod Allow Access No inherted from Global Polcies Global Mobile Phones Sony Ericsson etc Allow Access No nherted from Global Policies Global a Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 2 4 6 2 Effective Rights for Devices This module displays the rights applied for the selected device a ee Advanced Search E3 Dashboard ective Rights Show all departments al Endpoint Management te Endpoint Rights A Currently the system is using both computer and user rights user rights have priority Device Rights Effective Rights Endpoints Effective Rights Devices Effective Rights Content Aware Protection User Rights Computer Rights Fiter Select a device type USS Storage Device Global Rights Effective Rights Select a device ADATA USB Flash Drive File Whitelist A Endpoint Settings Besat Q fork Se Content Aware Protection CAP Results f Mobile Device Management The rights are displayed from lower to highest priority and t
38. Uninstall Download EasyLock Software System Administrators System Departments System Security System Policies System Settings Coenen System Parameters Support Reporting and Administration Tool English Welcome Logout JC Q Advanced Search List of Avaliable Licenses Show all departments eA l IB ORORORORFRARF OO AnA nnne FF OBO RBRARARAARFARRR0g0g oon DO oo ee WH Nebigesseaegreiasee Soon oanetowN 6 B R 2 8 BNB R E R a g an IWOOOOOOOHOOHOOOCHHOHOOHOOOOCOHOOOOOCOOLO License Key TRIA L000 0794 0118 TRIA LMDM 0367 0393 TRIA LMDM 0878 0730 TRIA LMDM 0128 0543 TRIA LMDM 0991 0650 TRIA LMDM 0446 0446 TRIA LCAP 0024 0958 TRIA LCAP 0565 0321 TRIA LCAP 0510 0789 TRIA LCAP 0397 0112 TRIA LCAP 0763 0973 TRIA LCAP 0742 0830 TRIA LCAP 0748 0572 TRIA LCAP 0251 0995 TRIA LCAP 0297 0836 TRIA LCAP 0532 0668 TRIA LCAP 0453 0689 TRIA LCAP 0463 0532 TRIA LCAP 0321 0379 TRIA LCAP 0418 0040 TRIA LCAP 0776 0000 TRIA LCAP 0585 0801 TRIA LCAP 0959 0150 TRIA LCAP 0122 0469 TRIA LCAP 0940 0520 TRIA LCAP 0582 0703 TRIA LCAP 0494 0324 TRIA LCAP 0534 0242 TRIA LCAP 0897 0786 TRIA LCAP 0237 0194 TRIA LCAP 0623 0769 TRIA LCAP 0863 0076 TRIA LCAP 0459 0326 TRIA LCAP 0609 0780 TRIA LCAP 0706 0027 ma nan anna nenn Valid until 02 Oct 2014 10 54 01 Active Active Active Active Active Active Active Active Active Active Active Active Active Active Activ
39. ZA Z _ 0 9a ZA Z _ a ZA Z2 1 2 4 Example that matches an IP 25 0 5 2 0 4 0 9 01 0 9 0 9 25 0 5 2 0 4 0 9 01 0 9 0 9 3 73 Endpoint Protector User Manual Note If possible avoid using Regular Expressions as their complexity typically increases the resources usage Using a large number of regular expressions as filtering criteria typically increases CPU usage Also improper regular expressions or improper use can have negative implications This feature is provided as is and requires advanced knowledge of the Regular Expression syntax The regular expressions feature is provided with no direct support and it is the responsibility of the customers to learn and implement regular expressions and to thoroughly test Regular Expressions can be tested for accuracy Insert into the Add Content for Testing Regular Expression box a general example of something on which the regex applies to and press the Test button If the Regular Expression has no errors inside of it then the same content should appear into the Matched Regular Expression box as shown below Edit Regular Expression Information Regular Expression Na anii Default Regular Expression Regular Expression Description Expression To Verify An E mail Address Regular Expression Content 40 9a zA Z 0 9a 2A Z _ a zA Z 12 44 Add Content For Testing Regular Expression Matched Regular Exp
40. a folder in which the authorized files will be kept and he must set this address in the Folder field File Whitelist Show all departments Folder c TempWeb Only files selected for hashing will be saved in the Whitelist N Refresh Upload Files After copying the required files into the previously created folder he must simply press the Refresh button for a list to be generated Finally he must check the box next to each file to enable it and click the Save button The files will be hashed and will receive permission to be copied This feature is only available to the Super Administrator user and cannot be modified by regular administrators Note This only works for outbound transfers Files copied from external sources onto client protected computers will still be processed using the existing system policy This module allows the super administrator to generate a temporary password fOr e a specific device on a computer e the Content Aware Protection feature on a computer e the entire computer It can be used when there is no network connection between the client computer and the Server Note Once a device is temporarily authorized any other rights settings saved afterwards for this device will not take immediate effect until the time period is passed and the connection with the Server is re established A password is unique for a certain device and time period In conclusion the Same pass
41. created policy will highlight the specific selected filters Note Content Aware Policies apply also to File Whitelist This means that all files that were previously whitelisted will be inspected for sensitive content detection reported and or blocked according to the defined policy 65 Endpoint Protector User Manual 7 2 4 Setting up Content Aware Policies To setup a Content Aware Policy go to Content Aware Protection gt Content Aware Policies and click on the Create Your Own Policy icon or push the Add Policy button This will open the Add a new Policy window which will allow setting the parameters of the newly created policy Welcome Logout ENDPOINT k ee Reporting and Administration Tool English Q B PROTECTOR Advanced Search Dashboard Add a new Policy Endpoint Management Policy Os Type QIP Endpoint rights Os Type Windows Mac OS x Content Aware Protection CAP poticy Name ee Dashboard Policy Description test Content Aware Policies Policy Action Report only Block amp Report V Hide CAP Client Notifications 9 Custom Content Dictionaries ERS Policy Status Enabled ON Disabled OFF Content Aware Domain Whitelists Threshold 1 Content Aware Regex Control Transfers To go Mobile Device Management iva tier een 7 Controlled Storage Device Types J Clipboard J Disable Print Screen D F Scan Network Share E Reports and Analysis V Applicatio
42. exceed the specified limit Minimum File Size for Shadowing in KB Represents the minimum file size that should be shadowed If a value is set here than files smaller in size than that value will not be shadowed Maximum File Size for Shadowing in KB Represents the maximum file size that should be shadowed If a value is set here then files larger in size than that value will not be shadowed The shadow directory can be selected from the System Configuration module under the System Settings tab Default System Settings Storage Folders Log Dir Shadow Dir Since shadow size can reach large amounts we strongly recommend that a separate large capacity Hard Disk is used for shadow storage 56 Endpoint Protector User Manual Note Shadowing Files can be delayed due to network traffic and Endpoint Protector Settings for different computers or file sizes Shadowed files are usually available after a few minutes For large base installations such as 250 1000 endpoints we strongly advise to activate File Shadowing for up to 15 of your appliance virtual or hardware total endpoint capacity E g for an A1000 Hardware Appliance File Shadowing should be set to maximum of 150 endpoints for optimal performance 6 7 CAP File Shadowing Endpoint Protector s File Shadowing feature works together with Content Aware Protection creating exact copies of confidential files transferred by users The creation
43. lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next 160 Endpoint Protector User Manual Browse for the Certificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate File to Import Specify the file you want to import Note More than one certificate can be stored in a single file in the following formats Personal Information Exchange PKCS 12 PFX P12 Cryptographic Message Syntax Standard PKCS 7 Certificates P7B Microsoft Serialized Certificate Store SST Learn more about certificate file formats 161 Endpoint Protector User Manual In the Certificate Store window select Place all certificates in the following store radio button ceinponWans O Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate 0 Automatically select the certificate store based on the type of certificate Certificate store Trusted Root Certification Authorities Learn more about certificate stores 162 Endpoint Protector User Manual Another Completing the Ce
44. of shadow copies can be triggered by the following events content threat detected content threat blocked CAP Shadowing can be turned on or off from the System Configuration gt System Policies module of the Endpoint Protector Reporting and Administration Tool Please note however that this feature is of no use without the Content Aware Protection feature File Tracing and Shadowing File Tracing File Shadowing CAP File Shadowing Detect Copy Source Network Share Tracing Exdude Extensions from Shadowing doci xda Exdude Extensions from CAP Scanning doc xls bmp Note Files with extensions in these lists will be ignored from File Shadowing CAP Extensions must start with dot and end in a semicolon Example mp3 vob exe Note CAP File Shadowing can be disabled for specific file types using the Exclude Extensions from CAP Scanning option 57 Endpoint Protector User Manual 6 8 Network Share Tracing Endpoint Protector s network share tracing feature allows monitoring of data traffic between protected clients and other computers on the local network they are connected to It shows what files were copied to which location at what time and by which user It also shows other actions that took place such as file written renamed and deleted The logs will be available in the Reports amp Analysis gt File Tracing Tab Under the device name the computer on the
45. report as a CSV file which can later be printed out for detailed auditing As an additional data security measure this module may be protected by an additional password set by the Super Administrator For more details please see section 8 1 Logs Report 80 Endpoint Protector User Manual Show all departments Content Aware Report Filter Event Name Client Computer Client User Destination Type Destination File Name Content Policy Ttem Type Matched Item Item Details Date Time Server Date Time Client 8 5 Content Aware File Shadowing Displays the list of file shadows and files that have been detected by a Content Aware policy The list of files may be protected by the additional password set by the administrator for all the Reports and Analysis sections In this case you will be prompted to insert the additional password when entering this section Welcome Logout B ENDPOINT a Reporting and Administration Tool Engish ow PROTECTOR Advanced Search sao Fd Endpoint Management Filter X p Endpoint Rights Results 4 Endpoint Settings F AN File Name File Size User Computer IP Address Date Time Client Date Time Server v OS Type Actions Content Aware Protection CAP ee 1269KB B a 192 168 0 20 2014 09 10 16 31 52 2014 09 06 12 38 23 Macintosh B Qs 220 KB me 192 168 56 1 2014 09 10 10 12 22 2014 09 06 06 15 20 Windows g Mobile Device Management O Smee n a 245 5
46. se K S B PROTECTOR Reporting and Administration Tool English Q Advanced Search Dashboard List of Events Show all departments Endpoint Management E ere nang n p Endpoint Rights Event Name Description Logging Quick Logging Actions RH Endpoint Settings Connected Device Connected v Y B Disconnected Device Disconnected SY SY E Content Aware Protection CAP Enabled Device Enabled F yy Eg Dab Device Disabied v v z g Mobile Device Management Fie Read as F P y es Siena Tamperary F File Write File written to device v Zt EA File Read Write File read and write from device A avs EA laa Reports and Analysis File Rename File from device renamed SY SY R File Delete File deleted from device SY i gR fag Alerts Device TD Device is trusted Y Y B Device not TD Device is not trusted P P EA Directory Services aia iene I Z Z Enable Read Only Device Read Only Enabled v e gR Appliance n Enable if TD Level 1 Device Enabled if TD Level 1 Pa SY EA 3 System Maintenance Enable if TD Level 2 Device Enabled if TD Level 2 eo oS EA Enable if TD Level 3 Device Enabled if TD Level 3 SY WV EA System Configuration Enable if TD Level 4 Device Enabled if TD Level 4 Vs P Eg AD Import AD Import Y vV gR a System Parameters AD Synchronization AD Synchronization v7 Z gR punts Blocked Blocked on the client side J wr EA ce Unblocked Allowed on the client side er oz gR Events Offline Temporary Password used Offline Temporary Password used SY SY gR F
47. the Connected event from the events list In this case the Client and Group fields do not influence the triggering of the alert so there is no need to fill them out Setting up a value for the Group field means that the alert will be triggered when the selected event occurs for any clients or computers in that group If you try to delete any items Users Groups Computers etc that have been used in setting up an alert you will receive a notification and you will not be able to delete them Could not delete the selected Client machine Could not delete the selected Client machine Make sure t does not have any associated items 95 Endpoint Protector User Manual 9 3 Define Content Aware Alerts To create a new Content Aware Alert corresponding to the policies defined in the Content Aware Protection module go to Define Content Aware Alerts submenu option and click Create Create Welcome Logout ad g ENDPOINT 4 a in Ae on English 7 PROTECTOR Reporting and Administration Tool g x Q Advanced Search p3 Dashboard Create Content Aware Alert Show all departments Endpoint Management Alert field p Endpoint Rights a a E a Endpoint Settings ne iay ai Group Any z Content Aware Protection CAP pean pam H Mobile Device Management Content Policy Any Event Content Threat Blocked _ ky Offline Temporary Password Alert administrators P Reports and Analysis Adm
48. the Delete History button Welcome Logout ENDPOINT peona o 4 Reporting and Administration Tool English Q PROTECTOR i Advanced Search Dashboard System Alerts History j Endpoint Management X FB Erone manag E p Endpoint Rights Results X Endpoint Settings System Alert Name System Event System Event Option Created at v Content Aware Protection CAP Client Uninstall cc Client Uninstall 6 September 2014 12 00 device control 100 test Device Control Logs Amount 100 rows 5 September 2014 0 00 CJ Mobile Device Management Client Uninstall cc Client Uninstall 4 September 2014 12 00 Client Uninstall cc Client Uninstall 2 September 2014 0 00 eg Offline Temporary Password 4 results sol per page Ky Reports and Analysis Delete History as Alerts Define System Alerts System Alerts History Define Alerts Alerts History Define Content Aware Alerts Content Aware Alerts History Define MDM Alerts MDM Alerts History Directory Services eee Appliance 3 System Maintenance E System Configuration n System Parameters Q supor Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 98 Endpoint Protector User Manual 9 6 Alerts History A history of the alerts is kept in this tab for later auditing Each event that triggers an alert will be saved here Administrators can search for data more easily with the implemented filter while if not need
49. using the Backup List option Welcome Logout aieiaiei i Reporting and Administration Tool Engish z mm Endpoint Management ee eee Endpoint Rights logsStatsCap_2013_09_27 11_25_08 csv Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance Ce ED A ry m D File Maintenance System Snapshots Log Backup Content Aware L System Configuration System Parameters Support Ow amp Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Dashboard Content Aware Log Backup Show all departments Back Ready Version 4 4 0 1 Appliance 12 System Configuration This module also contains advanced settings which influence the functionality and stability of the system 12 1 Client Software In this section the administrator can download and install the Endpoint Protector Client corresponding to the used operating system Please note that our Server and Client are communicating through port 443 Welcome Logout ENDPOINT lt ee Reporting and Administration Tool English Q B PROTECTOR iii Ss Advanced Search Dashboard Endpoint Protector Server Download Client Software Show all departments Endpoint Management Endpoint Protector Client Installation Endpoint Rights Note Endpoint Protector Client version higher tha
50. 0 1 Appliance 112 Endpoint Protector User Manual lia Log Backup This module allows you to delete old logs from the database and save them in a CSV document Welcome Logout Qe ENDPOINT 4 i ini i English b ae PROTECTOR Reporting and Administration Tool Eng lt Q Advanced Search Dashboard Log Backup Show all departments Endpoint Management Te es Endpoint Rights This option allows you to delete old logs from the database and save them in an CSV Comma Separated Values file Please choose from the list below which logs you would like to backup i C All 588 records KR Endpoint Settings Older than 30 days 0 records Older than six months 0 records Content Aware Protection CAP Older than one year 0 records Note A maximum number of 225000 log records can be deleted at once Mobile Device Management Deleting all logs might temporarily affect the correct display of online computers online devices and graphics reports kg Offline Temporary Password Reports and Analysis A Alerts EJ Directory Services E Appliance System Maintenance Make Backup Backup List Backup Scheduler File Maintenance System Snapshots Log Backup Content Aware Log Backup Q System Configuration a System Parameters oe Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Here you can select the logs you wish to back up Simply sel
51. 1 0 4 1 0 9 5 3g a en Eee Mac OS X 10 5 Snow Leopard No 1 1 0 0 1 0 9 5 PS Mac OS X 10 5 Snow Leopard No 1 0 9 1 none Pg O Support Next Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 The button under the Actions column allows setting the default Endpoint Protector Client version that will be available for download under the Client Software section Note Downgrading from a currently installed Endpoint Protector Client version to an older one cannot be performed automatically 120 Endpoint Protector User Manual 12 3 Client Uninstall The EPP Clients installed on the computers can be remotely uninstalled from this tab The computers will receive the uninstall command at the same time they receive the next set of commands from the server If the computer is offline it will receive the uninstall command the first time it will come online When the uninstall button is pressed the computer s will be greyed out until the action will be performed The uninstall command can be cancelled if it was not already executed Welcome Logout Me ENDPOINT 4 a AA ro PROTECTOR Reporting and Administration Tool Engish E Qa Advanced Search p3 Dashboard Client Uninstall List of Computers Show all departments Endpoint Management es Endpoint Rights Re RH Endpoint Settings E Computer IP Department Workgroup Domain Default User Location Last Time Version License Modified
52. 2 Custom Client Notifications Mode Normal v Content Aware Protection File Tracing and Shadowing Mobile Device Management File Tracing M kg Offline Temporary Password File Shadowing 0O Detect Copy Source O Reports and Analysis E P si Network Share Tracing O A System Alerts Settings EJ Directory Services Log Interval min 1 E Appliance Local Log Size KB 10 Shadow Interval min 60 System Maintenance Shadow Size MB 512 Q System Configuration Min File Size for Shadowing KB 0 Max File Size for Shadowing KB 512 System Parameters Notifier Language English v O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved v Ready Version 4 3 0 6 Appliance The administrator will have three options for each device type in part to leave the default messages to customize the message or to hide the message 51 Endpoint Protector User Manual The administrator can select from the Device Types fields the devices types on which he wants the settings to be applied The editable languages are available in Results section ENDPOINT PROTECTOR r Dashboard Endpoint Management Endpoint Rights Endpoint Settings Ke W Computer Settings Group Settings Global Settings Custom Client Notifications Content Aware Protection Mobile Device Management Offline Temporary Password Reports and Analysis System Alerts Directory Services Appliance System Maintenance
53. 5 Offline Functionality for Endpoint Protector Client 154 17 6 DHCP Manual IP GddreSSvciiinicorescnsnwssivesacednvecrsnwenavemedwnn 155 L727 MGM REMOVA gxccenetencetnctence octet enevecetecerocetonarenereceeoactoncet 155 17 7 1 Client Removal on Windows OS spec ccectenceassescceeencereeae sents 155 17 7 2 Client removal on MAC OS X ccccececcccecaceceucusucacausususavans 155 VI Endpoint Protector User Manual 17 7 3 Client removal on Linux OS ncccavecucssccesasstiaensessxaeenacessesdes 155 18 Installing Root Certificates to your Internet BroOWSerF wiscccccccccccuucccueuuseeeeuueveenuanenngs 156 18 1 For Microsoft Internet Explorer wesseecesiecsusatcecessadavanaseeseouns 156 18 2 For Mozilla FirefoX sssssssnnnsnnnnnnnnnnnnnnnnnnnnnnnrnnnnrrrnnrras 165 19 Terms and Definitions ccceceeeeeee 167 19 1 Server Related cccccccceceececeueeceueeseueusaueusaveuseveusetaunenanes 167 19 2 CUeNE REIACCE wcucucocscocacucecusacenecucudeuseuanceousessaucncusacusemececs 168 LOs SUDDO oxscaccicegececcrcossesuesoesouseenedous 170 21 Important Notice Disclaimer 171 Portable storage devices such as USB flash drives external HDDs digital cameras and MP3 players iPods are virtually everywhere and are connected to a Windows PC Macintosh or Linux computer via plug and play within seconds With virtually every PC MAC or Linux workstation having easily accessible USB FireWire and other ports the t
54. All E Default Domain Whitelist To add delete and edit Domain Whitelists Go to Content Domain URL Whitelists The Regular Expressions shows the list of the created regular expressions and the administrator can select up to five 5 expressions Policy Content File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Regular Expressions Policy Action will apply to selected Custom Content for ALL File Types regardless of the selected File Type Filter EO All E Default Regular Expression To add delete and edit Regular Expression Go to Regular Expressions 70 Endpoint Protector User Manual Once a policy is created it will be displayed inside the Policies List To enforce a content aware policy inside the network one must select the specific policy that they want to apply by clicking on it and check the corresponding boxes to the network entity on which they want to apply the content rules If a Content Aware Policy was already enforced on a computer user group or department when clicking on it the corresponding network entities on which it was applied will be highlighted The administrator can be notified of each occurrence of an event described in a newly created policy by setting up a Content Aware alert for that specific policy from System Alerts gt Content Aware Alerts 7 3 Custom Content Dictionaries Custom Content Dictionaries are custom defined lists of terms an
55. C Linux OpenSUSE 11 4 Version 1 0 0 1 System Departments System Securi up T ty x Download selected version System Policies System Settings Endpoint Protector Client for Windows can be deployed over Active Directory System Licensing For more information please refer to Endpoint Protector User Guide a System Parameters Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 119 Endpoint Protector User Manual Note The Windows 32 bit and 64 bit client installers both offer the option to download the package with or without a Microsoft Outlook add on This option fixes any incompatibility that may arise between Microsoft Outlook and Endpoint Protector 12 2 Client Software Upgrade This section allows selecting and performing an automatic update of the installed Endpoint Protector Client version Starting with Windows Client Version 4 2 3 0 a restart PC is mandatory in case of Client Software Upgrade is performed from Web UI Welcome Logout ENDPOINT i ee Midi a Reporting and Administration Tool English Q eB PROTECTOR es A Advanced Search Dashboard Software Update Show all departments Fl Endpoint Management Step 1 Select the update you want to apply Updates available for the Endpoint Protector Client es Bapa LE Only Windows Client Software higher than 4 0 1 4 can be updated using this feature Only Macintosh 10 5 Client Software higher tha
56. CE 3 DEVICE 4 DEVICE 5 DEVICE 6 ne ee nies ican mines ee e PRONE n EE MTA E EED EEE eee m ALLOWED a OES ee ALLOWED ALLOWED Pee e aren ee ceed OD ATE ican 15 Modes for Users Computers and Groups Endpoint Protector features several functionality modes for users computers and groups These modes are accessible for each item users computers groups from the System Policies module of Endpoint Protector using the Edit button Mormal w Transparent Stealth Panic Hidden Icon Silent You can change these at any given time There are six modes from which you can choose Normal Mode default setting of Endpoint Protector Transparent Mode Stealth Mode Panic Mode Hidden Icon Mode Silent Mode 142 Endpoint Protector User Manual 15 1 Transparent Mode This mode is used if you want to block all devices but you don t want the user to see and know anything about EPP activity no system tray icon is displayed no system tray notifications are shown everything is blocked regardless if authorized or not Administrator receives alerts dashboard also shows alerts for all activities 15 2 Stealth Mode Similar to Transparent mode Stealth mode allows the administrator to monitor all of the users and computers activities and actions with all devices allowed no system tray icon is displayed no system tray notifications are shown everything is allowed nothing is blocked regard
57. CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 To install EasyLock on an USB Flash drive one has to copy the file to the root folder of a partition associated with that device For Windows computers the file is EasyLock exe and for Macs the file is EasyLock app 16 2 1 Managing Trusted Devices from EPP server console Access to Trusted Devices can be configured from the Global Rights module of Endpoint Protector 4 under Rights tab Access the drop down box next to USB Storage Device and select the desired level of Trusted Devices you wish to grant access to More information about EasyLock http www endpointprotector com en index ph roducts easylock 150 Endpoint Protector User Manual Management of Global Rights A Currently the system is using both computer and user rights user rights have priority Groups Hame Global Description Global Group induding all the entities Device Types USB Storage Device Allow Access iPhone internal CD or DVD RW Deny Access iPad Allow Access internal Card Reader Read Only Access iPod Allow Access if TD Level 1 internal Floppy Drive Allow Access if TD Level 2 Serial ATA Controller Allow Access if TD Level 3 Local Printers Allow Access if AA WiFi Windows Portable Device Deny Access e Bluetooth Digital Camera Deny Access a FireWire Bus BlackBerry Deny Access iw Serial Port Mobile Phones Sony Ericsson etc Deny Access A PCMCIA Device SmartPhone USB
58. DRIVE ADATA USB Storage Device SEES EA EJ Directory Services USB_FLASH_DRIVE USB_FLASH_DRIVE ADATA USB Storage Device F System Maintenance USB_FLASH_DRIVE USB_FLASH_DRIVE ADATA USB Storage Device SS EA USB_FLASH_DRIVE USB_FLASH_DRIVE ADATA USB Storage Device B a EA Q System Configuration Port_ 0004 Hub_ 0004 Port_ 0004 Hub_ 0004 Ironkey Inc USB Storage Device a EA g FREEAGENT FREEAGENT SEAGATE USB Storage Device SS EA System Parameters DISK DISK EASY USB Storage Device gt a EA O Support 9 results 50 w per page Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 The rule of inheritance is as follows from most important to least important Computer Rights gt Group Rights gt Global Rights The rights are overwritten in this order Example If global rights indicate that no computer on the system has access to a specific device and for one computer that device has been authorized then that computer will have access to that device 30 Endpoint Protector User Manual Restore Global Rights m e Ra e button can be used to revert to a lower level of rights Once this button is pushed all rights on that level will be set to preserve global settings and the system will use the next level of rights Example If the action is done on group rights the entities from that group will use from that point onwards the global rights No
59. Enter the desired user name and password for the new account then set if the account is active or not or whether is a super admin or not Permissions and groups Is active I Is super admin B Is active if this option is not enabled the selected user cannot log in to the Endpoint Protector console Use this option in case you want to create temporary admin or super admin privileges to a certain user and then remove them or if you want to disable an administrator but do not want to delete his credentials from the server Is Super Admin Super Administrators have more rights than administrators Super Administrator can create delete and modify administrator and super administrator settings while standard administrators do not have this right The most important difference is that only super administrators are able to view the Reports and Analysis section if the option Data Security Privileges is selected 146 Endpoint Protector User Manual 15 7 Working with logs and reports Endpoint Protector creates a device activity log in which it records actions from all clients and devices connected along with all administrative actions such as device authorizations giving a history for devices PCs and users for future audits and detailed analysis Logs Report The most powerful and detailed representation of activity recording can be achieved using this module This allows the administrator to see exactly which device computer a user
60. FF Pressing this button OFF will stop all Endpoint Protector related activities completely This means that all devices even those previously blocked will now be usable logging of traffic will stop as well as file shadowing Content Aware Protection ON OFF Pressing this button OFF will stop all Content Aware Protection related activities completely This means that all files that are sensitive or are containing sensitive data will not be detected and will not be reported Custom Classes ON OFF Pressing this button ON will enable custom classes The administrator can create in the Endpoint Management Custom Classes tab separate rights for devices that will override all rights set for those devices in the Endpoint Rights tab The Re read command will force all computers to re read their rights at the next refresh interval 17 Endpoint Protector User Manual 2 7 Live Update This section allows checking and applying the latest Endpoint Protector Server updates Please note that this feature communicates through port 80 The two options available are e Configure Live Update allows selecting one of the two options for performing the live update check manually or automatically and enabling or disabling the Automatic Reporting to the Live Update Server Live Update Settings Check Automatically for Updates Check Manually for Updates Live Update Reporting Note Endpoint Protector Server will
61. In this module the administrator can modify global settings such as the log upload interval local log and shadow size as well as manage computer and computer group s settings The functionality mode Normal Stealth Transparent etc can also be set from here Content Aware Protection Separate module which allows creating and enforcing strong content aware policies for a better control of what data leaves the company network via any removable media or the Internet Content Aware Protection Content Aware Policies Custom Content Dictionaries Reports and Analysis Designed to offer the administrator information regarding the past and current activity on the system Server and Clients It includes several sections such as Online Computers Online Users Statistics Graphics etc Several information formats are available for view and export 14 Endpoint Protector User Manual Reports and Analysis Logs Report File Tracing File Shadowing Online Computers Online Users Online Devices Statistics Graphics Similar to the Dashboard this module displays usage statistics on past and current activities but with more details System Alerts Allows the creation of System Alerts notifications set up by administrators which will alert them if a certain device was connected or accessed a certain user performed a certain action etc Please see paragraph 8 Alerts for more details A System Alerts Define System
62. KB Wur SE 192 168 56 1 2014 09 10 10 12 22 2014 09 06 06 15 20 widows B Co eee 220 KB me 192 168 56 1 2014 09 10 09 52 33 2014 09 06 05 55 31 Windows aay Offline Temporary Password SS ee Oe 220 KB a SS 192 168 56 1 2014 09 09 18 01 19 2014 09 05 14 04 18 widows B l Co eee 220 KB m 192 168 56 1 2014 09 09 17 53 31 2014 09 05 13 56 31 Windows an Reports and Analysis SS ee 132 KB ee SS 192 168 0 198 2014 09 09 16 05 58 2014 09 05 12 08 58 Windows Se a O cae 132 KB m 192 168 56 1 2014 09 09 16 05 58 2014 09 05 12 08 58 Windows B File Tracing rn SS 19 33 KB eR 192 168 56 1 2014 09 09 14 22 46 2014 09 05 10 25 46 Windows File Shadowing 1 QS eee 22 34 KB ir E 192 168 56 1 2014 09 09 13 18 41 2014 09 05 09 21 42 Windows Content Aware Report 10 72KB Wae ERR 192 168 56 1 2014 09 09 13 18 41 2014 09 05 09 21 42 Windows SEL EIS LSE O Se ee 3 98 KB wn S 192 168 56 1 2014 09 09 13 18 41 2014 09 05 09 21 42 Windows Sra See ee 3 08KB SRE 192 168 56 1 2014 09 09 13 18 41 2014 09 05 09 21 42 Windows Se 7 ODO ne 3 43 KB m 192 168 56 1 2014 09 09 13 16 53 2014 09 05 09 19 53 Windows B AF Alerts we 140 65K5 a SRE 192 168 56 1 2014 09 09 13 16 31 2014 09 05 09 19 32 Windows E See 3 08 KB 192 168 56 1 2014 09 09 13 16 23 2014 09 05 09 19 24 Windows Directory Services SS 10 72KB SRR 192 168 56 1 2014 09 09 13 16 15 2014 09 05 09 19 16 Windows O e ae m 192 168 56 1 2014 09 09 12 54 32 2014 09 05 08 57 32 Windows kina Te
63. Lock is supported by A Endpoint Settings Windows 8 all versions Windows 7 all versions Content Aware Protection CAP Bassler pel Windows 2000 Service Pack 4 CJ Mobile Device Management Mac OS 10 5 es Offline Temporary P To install EasyLock please make sure that you copy it directly in the root of your USB device You can download EasyLock from the following location Windows 32bit and 64bit version Version 2 0 79 1 Ky Reports and Analysis Mac OS 10 5 Version 2 0 79 1 as Alerts Endpoint Protector allows activating File Tracing on the data copied with EasyLock on your portable device For more information please refer to Endpoint Protector User Manual Directory Services Appliance x System Maintenance E System Configuration Client Software Client Software Upgrade Client Uninstall Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing a System Parameters Q support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 122 Endpoint Protector User Manual 12 5 System Administrators This list contains all the administrators who have access to the Administration and Reporting Tool As described earlier in this document the administrators can be regular administrators which have some limitations and super administrators which have full access to the system incl
64. M drives HL DT ST DYDRAM GH O ADATA USB_FLASH DRIVE Apple Inc iPhone 4 4 Th Code for Admintstrator Password To authorize a device contact your administrator Contact info 40 0740000001 Adrmnistatoites ample com Last server connection at Fri Nov 01 18 05 49 2013 Endpoint Protector Version 4 2 3 0 The user will tell the administrator the code for the device and the administrator will tell the user the password after generating it on the Server see above paragraph for password generation 43 Endpoint Protector User Manual The password will be inserted in the correspondent field and applied by clicking Enter For Computer and Content Aware Protection authorization the administrator will tell the user the password he previously generated The user will simply enter it in the Password field and apply it by clicking Enter 5 6 Setting the Administrator Contact Information The Administrator contact information can be edited under System Configuration module System Settings panel edit Main Administrator Contact Details then click Save Main Administrator Contact Details Phone 40 0740000001 E mail Administrator example com Note This contact information is referring to Offline Temporary Password only For Alerts you must setup the e mail address from System Administrators gt Edit info Save 6 Endpoint Settings The settings are attributes whi
65. MTD Card Reader Device SCSI ZIP Drive Preserve global setting x Preserve global setting v Preserve global setting Preserve global setting Preserve global setting r Preserve global setting x Preserve global setting x Preserve global setting e Preserve global setting x Preserve global setting ie Preserve global setting m Preserve global setting ie aa Ready Version 4 0 0 8 32 Endpoint Protector User Manual 4 3 Computer Rights This module will allow administrators to specify what device types and also what specific device s can be accessible from a single or all computers ee Welcome Super Administrator Logout 4 Administrati Enn E A Pe PROTECTOR itii sei ki iii Advanced Search Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Dashboard Edit Computer Rights Show all departments Endpoint Management A Currently the system is using both computer and user rights computer rights have priority Endpoint Rights Device Rights Computer User Rights Computer Rights Computer Name Group Rights Global Rights Location Effective Rights File Whitelist Device Types A Endpoint Settings USB Storage Device Allow Access A iPhone Preserve global setting v ky Offline Temporary Password Internal CD or DVD RW Preserve global setting v iPad Preserve global setting E Reports and Analysis internal Card Reader Deny Access iPod P
66. Management pg F Al Name Domain GQ Check all matched items k Offline Temporary Password G 1 matched found from a total of 17 computers Reports and Analysis Users in this Group A System Alerts f Users w Directory Services F a a CoSoSys SS ji SIs la amp Appliance S System Maintenance s mae PN W CoSoSys 2 System Configuration as System Parameters Pj a o _ O so Q Search F Al Name Domain Check all matched items G 1 matched found from a total of 19 users Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 3 0 3 Appliance 3 5 Users The client users are the end users who are logged on a computer on which the Endpoint Protector Client software is installed WG Frorecron ET dashboard gl Endpoint Management Reporting and Administration Tool Advanced Seerch Fiter Devices Results Computers roa Username irst Hame Last Name Oepartment Phone E mail Modt ed Modified by Actons Gg Endpoint pigres _ ESEL KE A Endpoint Settings sain FaAbge EJ an e Page z o aoan A anaes _ _ 01 Jun 2044 12 35 00 BATTO BBB Reports and Analyss Ee Sie bt s _ ZEJO ve ectory services ERSEL ES _ o 02 Jun 2041 11 46 00 PISE System Maintenance a 01 Jun 2041 17 44 00 a Si ite Sytem Configuration p _ ee BAEO an 03 Jun 2014 14 21 00
67. OM1 Standard p 0 0 COM_ACPI_PNP0501_1_6 07 Mar 2014 03 00 ov E Reports and Analysis Internal CD or DVD RW ASUS CB 5216A ATA Device mmm EEE ASUS CB 5216A ATA Device Standard CD 0 0 CDROMASUS_CB 5216A_1 07 Mar 2014 03 00 V n Internal CD or DVD RW Security Pack Media EEE EEE Security Pack Media Verbatim 0 0 Verbatim Security Pa 07 Mar 2014 01 58 ov Online Computers 7 Local Printers HP LaserJet P1005 1 4 0 B Git HP LaserJet P1005 1 4 0 0 0 usb Hewlett Packar 07 Mar 2014 01 38 E Online Users Internal Card Reader SDXC Card Reader i Gimmie SDXC Card Reader Apple 14e4 16bc c82a140f8b92 07 Mar 2014 01 38 oy E Online Devices Local Printers HP Officejet 5600 series am HP Officejet 5600 series 0 0 usb HP Officejet 2 06 Mar 2014 10 09 V E Computer History 10 results 20 r page uateaes i 20 per page Device History Statistics ou A ens EJ Directory Services La Appliance System Maintenance K System Configuration a System Parameters sm Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved P Ready Version 4 4 0 3 Appliance 88 Endpoint Protector User Manual 8 13 Statistics The Statistics module will allow you to view system activity regarding data traffic and device connections The integrated filter makes generating reports easy and fast Simply select the field of interest and click the Apply filter button qa Welcome
68. Protector modules Device Control Content Aware Protection respectively Mobile Device Management Each of these modules can be used in Trial Mode for a period of up to 30 days Then a perpetual permanent license is required to be purchased and imported for the feature to remain active Although the Device Control module appears by default as active in the Web Administration Interface a license is required to enable the communication between Server and Client The Content Aware Protection and Mobile Device Management features are displayed as blocked by default and require an additional Activation request to be performed by the administrator The Features Status section offers an overview of the current features licensing status Updates amp Support licenses are optional licenses that once purchased and imported into the system allow access to the latest Updates available for both Client and Server side and enable premium Support and Technical Assistance The Updates and Support licenses can be purchased for a period varying from 1 month up to 36 months with a separate option for 120 months As opposed to Endpoint and Feature licenses Updates amp Support licenses are not permanent and they require periodic renewal for being able to get access to our Live Update Server Note When first activating one or more features an Updates amp Support license for a period of minimum 1 year is required After the Updates amp Support license expi
69. Rights module contains the following sections Device Rights User Rights Computer Rights Group Rights Global Rights Effective Rights and File Whitelist CS Endpoint Rights Device Rights Depending on the network policy administrators can use the following settings Preserve Global settings Deny access to devices Allow access to devices Enable read only access Trusted Device Level 1 to Level 4 21 Endpoint Protector User Manual Allow Access if TD Level 4 3 2 1 Give Deny Access to Devices With this option the administrator can give or deny complete access to a certain device making it usable or obsolete for a certain group computer or user The administrator can configure these settings for each device individually and can also choose for what computer s user s and group s they will apply to The File Whitelisting feature allows the super administrator to control the transfer of only authorized files to previously authorized portable storage devices To configure File Whitelisting please see paragraph 4 7 File Whitelist Once configured you can enable this feature for devices users computers and groups To do this simply access the Endpoint Rights module and select device computer user or group rights depending on the rights priority configuration of your server es Endpoint Rights Device Rights User Rights Computer Rights Group Rights Global Rights Effective Rights File Whi
70. Service s sesssssssnsnrsnsnsnensnernens 11 2 2 Administration and Reporting Tool sessssssssssssrsrsrsrrrrrrerene 11 2 3 Accessing the Administration and Reporting Tool 14 2 4 Login Credentials Username and Password csecceeeeeeeeees 15 2 9 GENEral DasNDOANd sxctecetnecteneccastevetenetoce a aae 15 eOk SYSE OLMUS eiaaewateweseussewciewevewsveuerauudewetguquenerevatoueiewanes 16 Zid CVS NI DG Ae seere 17 3 Endpoint Management ccceeceeeeeeeeeees 19 Jete DEVICES irri inniinn i han iii iis 19 Sez Device FPUNCUOMAULY wiaccscacsanatecuseeascetacuascecacunseeesicesaseseaases 20 3 2 1 Give Deny Access to De VICES cccccceeeeeeeeeeeeeeeeeeeeneeaaes 21 3 2 2 Enable Device Read Only ACCESS cccceccccsnsceeeensenneennneees 23 522 0 TrustedDevice Level 1 to Level 4 cc cc cece ccc cececececeueusenas 23 II Endpoint Protector User Manual 3 2 4 WiFi Block if wired network iS PreSeNnt cceeeeee eee ees 23 3 3 COMPULESS 0 ccc ecccc cece eee eee e eee ee eeeeeeeeeeeeeeteeeeeeeaeeeetegeneneags 24 Se GOUD caine nee na conan teens E E E E EEE 25 Dade E e cccecesacvestaasesaciatasteececsemesinaeisaniaacemacceccctestaaeesienaaansas 26 SiGe CUON CASSES ranna EEEE seqreveusvareres searerenes 27 4 Endpoint Rights ncceisneqoreernsesosresaseresceuaas 29 Ads DEVIC RIOMES saririnis nirai a aa 30 da2 WSC RIGGS sivcrtssatevtaanedar inanin irani i aai 31 43 COMIPULCK RIONUS svuvavanase
71. Super Administrator Logout DPOI 4 Dees Engish PROTECTOR Reporting and Administration Tool Engish ame Dashboard Statistics Show all departments Endpoint Management south Coes eS tase Report Most Active Device Connections w A Endpoint Settings Period Last Week ED On Computers w ky Offline Temporary Password Q Apply filter Reports and Analysis Results Logs Report File Tracing Computer Name Default User Group IP Total Connections File Shadowing Online Computers z SS 13 Online Users menen 3 Online Devices a Statistics 2 results Graphics Z system Alerts a Directory Services System Maintenance Q System Configuration a System Parameters O Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved System Statistics Version 4 0 0 8 Endpoint Protector allows you to set notifications Alerts for Sensitive Content Transfers Devices Computers Groups and Users making monitoring them easier An Alert will trigger an E MAIL that will be sent to the selected administrator s that are intended to receive the alerts You can set up device related activity alerts in the System Alerts gt Define System Alerts module in Endpoint Protector The Define Content Aware Alerts option will allow administrators to set special alerts for sensitive content detection and transfer blocking Before you can create an E MAIL alert you must configure the server host an
72. Sync Deny Access fims Card Reader Device MTD SmartPhone Windows CE Deny Access im Card Reader Device SCSI SmartPhone Symbian Deny Access ZIP Drive Webcam Deny Access Already existing devices Save 16 2 2 File Tracing on EasyLock 2 TrustedDevices Endpoint Protector 4 allows tracing of files copied in an encrypted way with EasyLock 2 on portable devices This option can be activated from inside the System Settings window located under the System Configuration tab Easy Lock 2 Settings File Tracing Offiine File Tracing Im By checking the File Tracing option all data transferred to and from devices using EasyLock 2 is recorded and logged for later auditing The logged information is automatically sent to Endpoint Protector Server if Endpoint Protector Client is present on that computer this taking place regardless of the File Tracing option being enabled or not for that specific computer In case that Endpoint Protector Client is not present the information is stored locally in an encrypted format on the device and it will be sent at a later time from any other computer with Endpoint Protector Client installed 151 Endpoint Protector User Manual The additional Offline File Tracing option is an extension to the first option offering the possibility to store information directly on the device before being sent to the Endpoint Protector Server The list of copied files is sent only next time the de
73. System Configuration System Parameters Support O fe DEIER O i Reporting and Administration Tool English Welcome Logout ae Advanced Search Main Content Show all departments Device Types To view all supported devices and rights go to Device Types in System Parameters A All O Unknown Device O iPad O USB Storage Device O iPod O Internal CD or DVD RW O Serial ATA Controller O Internal Card Reader O WiFi O internal Floppy Drive O Bluetooth O Local Printers O FireWire Bus O Windows Portable Device Media Transfer Protocol E Serial Port O Digital Camera O PCMCIA Device O BlackBerry O Card Reader Device MTD O Mobile Phones Sony Ericsson etc O Card Reader Device SCSI O SmartPhone USB Sync O ZIP Drive O SmartPhone Windows CE 0O Teensy Board O SmartPhone Symbian CJ Thunderbolt O Webcam O Network Share O iPhone O Results Name Code Customized Tokens Enabled Tokens Actions English en 18 18 E French fr 0 0 E German de 0 0 E Romanian ro 0 0 E Polish pl 0 0 E lananaca ia n n El v Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved To edit the messages for a specific language click on Actions Version 4 3 0 6 Appliance Results Name Code Customized Tokens Enabled Tokens Actions English en 18 18 E French fr 0 0 E German de 0 0 E Namanian ra n n al 52 Endpoint Protector User Manual In this example below we set
74. T ia eae denen EAEE nC Ean as T lt PROTECTOR eporting an ministration 100 v Dashboard Content Aware Policies Show all departments Endpoint Management Polici ss Endpoint Rights n es meer Show Help VY Endpoint Setti nopan ngs Confidential Financial Sales Testing IT Create your own Content Aware Protection Priority 1 Priority 2 Priority 3 Priority 4 Priority 5 Predefined Content File Types File Types File Types File Types Create new Policy with your Content Aware Policies er rcs EPEN own settings 7 n Predefined Content Custom Content Predefined Content Predefine ntent Custom Content Dictionaries Click on Policy to select it Custom Content Custom Content amp Mobile Device Management le click on Ti i On On Double clic itle to edit a ky Offline Temporary Password il Reports and Analysis Add New Duplicate R Edit Delete A System Alerts Policies Apply To EJ Directory Services Show Help Ca _ amp Departments ri Groups Computers amp Users System Maintenance E Default Department E Test Group A F test F p 2 System Configuration E Test Dep Paul 0D m a System Parameters J e O Support F 7 oo F Ss ZI All All m All All Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Ready Version 4 0 5 0 Appliance The available actions are Add New Duplicate Edit and Delete A new policy can be created also by clicking on the Create
75. Visa Personal Information V All F Address J Date Driving License E mail Health Insurance Number J IBAN J ID Passport Phone Number J SSN Country Specific Format for Driving License V All J Korea Country Specific Format for Health Insurance Number All 7 Korea Country Specific Format for ID V All Germany Singapore Country Specific Format for Passport V Al V Korea Country Specific Format for Phone Number 7 Al Korea J International Country Specific Format for SSN All United States United Kingdom W Romania France Korea Taiwan Austria Canada Spain V Germany Switzerland The Custom Content Filter displays a list of Content Aware dictionaries By selecting one or more dictionaries the Content Aware Protection agent will detect any occurrence of one more or all terms contained in the Dictionary list 69 Endpoint Protector User Manual File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Policy Action will apply to selected Custom Content for ALL File Types regardless of the selected File Type Filter Case Sensitive Whole Words Only All M Confidential Dictionary To add delete and edit Dictionaries Go to Custom Content Dictionaries By checking the Case Sensitive option the a
76. abase etc 11 Endpoint Protector User Manual 2 1 Endpoint Protector Web Service The Web Service of Endpoint Protector is responsible for the communication between Endpoint Protector Server and the Client computers Starting with the registration of the client computers the Web Service sends the settings and rights of each computer and also receives the log information from each client and stores that information in the database The Web Service is started as long as the Web server is running and it is ready to respond to each client request 2 2 Administration and Reporting Tool This part of the Server is designated as a tool for customizing the behavior of the entire system Server and Clients and to offer the administrator s the person handling this tool the necessary information regarding the activity on the system Access to this part of the Web server is restricted by a username password pair The users accessing the Web application are referred to as Administrator in this document This administrator can be a regular administrator or super administrator The difference between the two is the level of access to some administrative parts of the application The regular administrator cannot change critical system parameters cannot create delete other administrators and has restricted access to some areas of Endpoint Protector 12 Endpoint Protector User Manual Dashboard Lets you view statistics of the server su
77. able the WiFi connection while a wired network connection is present The WiFi connection will be available when the wired network is not present 24 Endpoint Protector User Manual 3 3 Computers This is the module responsible for managing the client computers Welcome Super Administrator Logout ENDPO 4 Pe PROTECTOR Reporting and Administration Tool Engish x Q Dashboard a Endpoint Management Filter Devices Computers Users Groupe Computer fame iP Department Workgroep Domain User Location Last Tene Online Version License Modified at Modified by Actions ee Endpoint Rights WORKGROUP 03 Jun 2011 17 36 4 0 0 2 PC Vald for 365 days O3Jun 2011 15 19 00 root FQaAGnge Endpoint Settin WORKGROUP 03 Jun 2011 17 36 4 0 0 3 PC Valid for 365 days 03 Jun 2011 15 11 00 root FAAJI A P 9s ma WORKGROUP _ 03 Jun 2011 17 27 4 0 0 2 FC Valid for 364 days 03 Jun 2011 15 19 00 root PAA pATO ta Cline Tener Foner WORKGROUP 03 Jun 2011 17 24 1 0 5 9 Mac Valid for 120 days PAaAaABhg a WORKGROUP 02 Jun 2011 18 20 4 0 0 3 PC Vald for 385 days 03 Jun 2011 15 11 00 root FQaashge E Reports and Analysis Pending 3 Jun 2011 18 11 00 root FQaX0nhg lt workgroup Pending 03 Jun 2011 18 11 00 root FQaXA8ng A System Alerts Fendrg O3Jun 2011 15 14 00 root ZAA gGEJO 8 its l l Directory Services results 20 xj per pagel c System Main
78. al period can be activated by pushing the Start Free Trial button which will automatically assign 30 days trial licenses for up to 50 computers The trial licenses are assigned on a first in first served basis In case that one or more computers with assigned trial licenses are inactive for a certain interval of time the administrator can manually release those licenses which will automatically be reassigned to other online computers Start Free Trial 12 10 3 Import Licenses The Import Licenses option gives you the possibility to browse for an Excel file that contains licenses After you have selected the file click Upload Import Licenses Paste Licenses Licenses List 133 Endpoint Protector User Manual Attention The Excel document has to be formatted in a specific way Only the first column in the excel sheet is taken into consideration and the first line in the excel sheet is ignored Insert Page Layout Formulas Data Review View B Arial General Conditional Formatting gInserty E Aw ia 9 Format as Table v g Delete m Z Paste F U pi A pad See Sort amp Find amp ee E Cell Styles He Format 2 Filter Select Clipboard G F Alignment F Number F Styles Cells Editing A C Endpoint Protector Client License Keys for Import License T Software XXXX XXXX XXXKX KXKK Endpoint Endpoint Protector Client XKXXX XXXX XXKXX XXXX Endpoint Endpoint Protector
79. alysis 8 June 2011 12 59 08 Jun 2011 13 02 yy 8 June 2011 16 25 ae A System Alerts 23 June 2011 15 28 23 Jun 2011 15 34 ZEa resul EJ Directory Services Hi sole per page System Maintenance freee Lo System Configuration Client Software System Administrators System Departments System Security System Policies System Settings System Licenses EasyLock Software a System Parameters O smn Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 2 1 The actions available here are Edit Edit Info and Delete E eG Select the option Edit info for the desired user and complete the required fields After you are done click Save Now you are set up to receive E MAIL alerts 91 Endpoint Protector User Manual 9 1 Define System Alerts ae IL A t a ER 4 Reporting and Administration Tool English Advanced Search ae Cd Endpoint Management Results es Endpoint Rights Name Event Actions RK Endpoint Settings Client Uninstall cc Client Uninstall FZO device control 100 test Device Control Logs Amount ZO Content Aware Protection CAP APNS expire Pee ZO go E es FEAE 3results 50 z per page Offline Temporary Password honed E Reports and Analysis fag Alerts Define System Alerts System Alerts History Define Alerts Alerts History Define Content Aware Alerts Content Aware Alerts History Define MDM Alerts MDM Alerts History Directory
80. amViewer HTC Sync for Android phones Total Commander LogMeIn EasyLock GoToMeeting Windows DVD Maker FileZilla ALFTP GoToMeeting The last step in defining a new policy consists in selecting the content to detect from the three separate tabs for Content Filters The File Type Filter contains a list of supported file types grouped in six categories e Graphic Files JPEG PNG GIF ICO BMP TIFF EPS CorelDraw etc e Office Files Word DOC DOCX Excel XLS XLSX PowerPoint PPT PPTX PDF Infopath XSN RTF OneNote ONE Outlook PST OST etc e Archive Files ZIP 7z RAR ACE TAR etc 68 Endpoint Protector User Manual e Programming Files C CPP JAVA PY SH CSH BAT CMD PAS XML DTD TEX F etc e Media Files MP3 M4A WAV WMA AVI AIF M3U MPA etc e Other Files EXE SYS DLL SO etc For each category the most common file types are displayed To be able to view and select more file types click on the More File Types option at the end of each file type enumeration File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Policy Action will apply to selected File Types Graphic Files Iv All JV JPEG Vv PNG V GIF Jv Ico JV BMP JV TIFF More File Types Office Files IV All M Word M Excel M PowerPoint M PDF V Infopath J Outlook More File Types Archive Files V All ZIP ZIP password D 7z V RAR V ACE JV TAR More File Types Programming Fil
81. anagement Internal Floppy Drive Internal Floppy Drive Y Y Local Printers Local Printers connected to Computer Y Y Y les Offline Temporary Password Windows Portable Device Media Transfer Windows Portable Device Media Transfer JY Digital Camera Digital Camera Y Y E Reports and Analysis BlackBerry BlackBerry hand held Device SY Mobile Phones Sony Ericsson etc Mobile Phones Sony Ericsson etc SY fas Alerts SmartPhone USB Sync SmartPhone connected through USB Y 3 2 SmartPhone Windows CE Windows CE Device ed Drey ee SmartPhone Symbian Nokia N Series Y Appliance Webcam Web Camera SY Y iPhone iPhone SY Y x System Maintenance aia v ai iPod iPod vY v System Configuration Serial ATA Controller Serial ATA Controller Y WiFi Wireless Network Y Y H System Parameters Bluetooth Bluetooth Devices Y ae FireWire Bus FireWire Bus Y Y Device Types Serial Port Serial Port JY Rights PCMCIA Device PCMCIA Device Are Events Card Reader Device MTD Card Reader Device based on Memory Techn S File Types Card Reader Device SCSI Card Reader Device based on SCSI Adapter Y Support ZIP Drive ZIP Drive Y Teensy Board USB based Microcontroller Development Sy Y Thunderbolt Thunderbolt va SY Network Share Network Share SY Infrared Dongle Infrared Dongle SY Parallel Port LPT Parallel Port LPT Y 31 results 50 x per page Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 136
82. at Modifie All Name Online by Content Aware Protection CAP Mobile Device Management ky Offline Temporary Password Reports and Analysis a 192 168 0 96 Default Department WORKGROUP 17 Mar 2014 08 59 4 2 7 9 PC Licensed 14 Mar 2014 16 57 01 root i 192 168 0 69 Default Department WORKGROUP C 14 Mar 2014 17 01 4 2 7 9 PC Unlicensed 14 Mar 2014 17 01 02 root A Alerts 7 results 20 per page GB _ Directory Services a m t e Appliance System Maintenance Client Unintall t Back Q System Configuration Client Software Client Software Upgrade Client Uninstall Download EasyLock Software System Administrators a System Parameters O soon Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 2 Appliance Note The uninstall command works for Windows client version 4 2 8 1 or newer 121 Endpoint Protector User Manual 12 4 EasyLock Software Download The EasyLock software can be downloaded directly from this section and copied to the root folder of the selected USB Drive It supports computers running on both Windows and Mac OS X 10 5 Welcome Logout ENDPOINT 4 Reporting and Administration Tool English Qa PROTECTOR Advanced Search Dashboard Endpoint Protector Server Download EasyLock Software Show all departments eu Cae Endpoint Management EasyLock Installation es Endpoint Rights Easy
83. ch are inherited Settings are designed to be applied on computers groups and globally to all computers The rule of inheritance is the following from the most important to the least important Computer Settings settings applied to exactly one computer Welcome Super Administrator Logout ots BROTECTOR i Reporting and Administration Tool TOO E Advanced Search pa Dashboard Management of Computers Settings Show all departments gl Endpoint Management an Endpoint Rights s Endpoint Settings Computer Name Location Log interval min Local Log Size MB Shadow Interval min Shadow Size MB Shadow Files with Sizes KB Actions Computer Settings Group Settings Global Settings k 1 10 1 999999 0 999999 Offline Temporary Password System Alerts Directory Services 8 results 50 per page es Reports and Analysis AN i S System Maintenance A System Configuration a System Parameters Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 3 45 Endpoint Protector User Manual Group Settings settings applied on a group Welcome Super Administrator Logout Wag ENDPOINT n ae Storesror ROpOriNG aed AAMINEKENON TOA Ca Dashboard Endpoint Management Endpoint Rights Endpoint Settings amp a Computer Settings Group Settings Global Settings Offline Temporary Password Reports and Analysis System Alerts Directory Services Sy
84. ch as the number of clients and devices currently connected total number of computers log and shadow size last logged action newest added client latest news about the product and the company licensing status etc and also provides shortcuts to the essential management tools Welcome tt Logout ENDPOINT 4 he PROTECTOR Reporting and Administration Tool Engish Q Dashboard Eratem Overview System Status Live Update I Endpoint Management votes Re Endpoint Rights es A ast Sy m A Endpoint Settings mum aoe ae A System States Fonture Eni Gate 4 SE ae ESS more O Content Aware Protection ca TERA ARREA Users Content Aware ctv Device Contro 20 Dec 2043 m E S Protect gt Fs t Block fb Mobile Device Management an m ine t Block gt en IOSiAndroid Mobile Devices s ma iad Offline Temporary Password Se 1 Block Ww Latest News O18 es gt e aoe 5 Reports and Ana pa _ Date Title A System Alerts E Statistics most active ax A Latest Alerts ail Computer Device Destination User Event Computers Directory Services TER EJ Shortcuts ax gt USB_FLASH_DRIVE Fie Write System Maintenance TRANSCEND 268 Fie Decrypt offine Devices TSSTcorp OVD AW TS L6338 Fie Decrypt offline Management Computers Devices Users R RLISCATS c Enab Q System Configuration Content Aware Protection iOS Android Mobile Devic Content Aware Settings Computer Settings Group Settings Users vtection a Sys
85. csccssenccececccccusneneeecseccusuaneeesssscuseeueessssseuees 53 O70 FIG SNC O WING eeir E NTE 54 III Endpoint Protector User Manual 6 7 CAP File Shadowing cccccccueeunnnecueeeeeeeceseenaucccueenuneecresnngs 56 6 8 Network Share Tracing scctsecctcaicacusemesnsagasaneereraeucaguaeeecesaan 57 7 Content Aware Protection cccceeeeeeeeeees 59 7 1 Activation of Content Aware Protection s ssssssssesssessessses 60 7 2 Content Aware Policies sriacscccscusscusscusscusscusscusssusscuascesseuasse 61 7 2 1 Priorities for Content Aware PolicieS ssssssssssssssrssrsssrs 62 7 2 2 How Content Aware Policies Work ccceseeeeee eee e eee e enna 62 7 2 3 Types OF CONTENT Aware PolicieS sssassasssrsnsrsrrssrsnnans 64 7 2 4 Setting up Content Aware Policies ccccceeeeeeeeeeeeeeeeeeees 65 Pode CUStom Content Dictionaries seaevtwexcnerteensen trees buccenectecews 70 7 4 Content Aware URL WMIGGIISUS sicsvceewaceweeswaceraeanacenaeawacenacens 71 7 5 Content Aware Domain Whitelists ccccceeeee eee reer rere rere ees 71 7 6 Content Aware Regex Regular ExpreSSiOns ccceeeeeeeeeee 72 7 7 How Content Aware Protection works for monitored Applications ONIE SIVIC EE anen EE E EEE OEE EEO 74 8 Reports and AnalySIS ccecceececeeeeeaeeees 75 Gd LOGS ROPOT Ci prsiisoigieiisriyii isi ei i ai ai 76 O2 FO TOCNO oea A 77 8 3 Fe SHAGOWING swiwcecscwemiranaravaneserapineseresarenarananeverancunneresons
86. ction is valid on the top of the page Click Next to continue Note This operation might take some time depending on the volume of data that needs to be synchronized 107 Endpoint Protector User Manual In the next step simply select what items you would like to synchronize by clicking the checkbox next to them define a sync interval and select Sync EN NT Welcome Super Administrator Logout DPOI 4 f stony ae PROTECTOR Reporting and Administration Tool Engish a Dashboard Active Directory Synchronization Show all departments E Endpoint Management Connection is valid an Endpoint Rights KH Endpoint Settings Active Directory Sync Step 2 Content Offline Temporary Password a6 Active Directory Builtin Reports and Analysis 7 Computers Domain Controllers A System Alerts N as ForeignSecurityPrincipals EJ Directory Services G9 _ Program Data weal System Active Directory Import l Test Active Directory Sync Directory 5 E E Users Active Directory Deployment System Maintenance System Configuration System Parameters Oe amp amp Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Sync Interval in minutes Back Sync Ready Version 4 0 0 8 You will see the message Sync object added EN NT Welcome Super Administrator Logout Advanced Search aes Dashboard Active Directory Synchronization Show a
87. d All rights reserved Ready Version 4 4 0 2 Appliance We mentioned earlier that computers can be grouped so that editing of settings should be easier and more logical 49 Endpoint Protector User Manual 6 3 Global Settings This module holds the global settings which influence all computers within the system If there are no settings defined for a computer and it does not belong to a group these are the settings it will inherit If the computer belongs to a group then it will inherit the settings of that group Welcome Logout ENDPOINT 4 m s Reporting and Administration Tool English Qa PROTECTOR j Advanced Search Dashboard COET of Global Settings Show all departments Endpoint Management ee Global eS Endpoint Rights Kame Description Global Group induding all the machines A Endpoint Settings Mode Computer Settings Group Settings Refresh Interval sec 12 Global Settinas Mode r Custom Client Notifications Content Aware Protection CAP File Tracing and Shadowing g Mobile Device Management File Tracing 7 File Shadowing m lgs Offline Temporary Password CAP File Shadowing A Ky Reports and Analysis peted Copy Saure Network Share Tracing v fag Alerts Exdude Extensions from Shadowing PY Directory Services Exdude Extensions from CAP Scanning Py java ace rar Appliance Note Files with extensions in these lists will be ignored from File Shadowing CAP
88. d provide a user name and password to that mail server You can do that by accessing System Settings in the System Configuration module E mail Server Settings Note The test e mail will be sent to mam Hostname smtp gmail com Example smtp cososys com SMTP Port 465 Example 25 Gmail uses port 465 for SSL and 587 for TLS STARTTLS Require SMTP Authentication m Username Example Your full email address including cososys com Password eeecececcee Your SMTP password Encryption Type SSL Example None SSL or TLS STARTTLS Send test e mail to my account Iv Proxy Server Settings IP SES Username You can also verify if your settings are correct by checking the box next to Send test E MAIL to my account You also have to configure the E MAIL of your current user with which you are accessing Endpoint Protector by default root To do this go to System Configuration gt System Administrators 90 Endpoint Protector User Manual Welcome Super Administrator Logout Ag ENDPOINT i y NORS po PROTECTOR Reporting and Administration Tool Engish wi a Advanced Search Dashboard List of Administrators Show all departments al Endpoint Management Filter es Endpoint Rights Results m4 Endpoint Settings User Name Created at Last Login Actions kJ Offline Temporary Password 01 Jul 2011 11 11 yee oon 8 June 2011 12 53 08 Jun 2011 12 55 Fa Reports and An
89. d by EPP can be monitored under this tab The image below is self explanatory Welcome Logout Oe ENDPOINT i Reporti d Administration Too Engish PROTECTOR eporting an ministration 100 nglis vit Q Advanced Search p3 Dashboard Endpoint Protector Dashboard GENERAL General Dashboard System Overview Endpoints and Mobile Devices Most Active Users of connected devices General System Status Live Update 2 6 Status System Featur Endpoint Management Updates Active No upc Trial Mode Device 1 1 1 Support Trial Mode Conter an Endpoint Rights 5 Trial Mode Mobile Active Directory Last Sync N A A Endpoint Settings E fi i N 2 Computer Management CAP Policies Mob Content Aware Protection CAP Windows Macs Linux iOS Android i m Mobile Device Management kg Offline Temporary Password Most Active Users of transfers blocked Passcode Protected Mobile Devices Latest News E Reports and Analysis 18 Nov 2013 14 A Alerts 8 EJ Directory Services ta Appliance i Endpoint Protector releases support f Endpoint Protector is now ready for OS X their network prevent data losses and data 67 No passcode Upgrade to our newest version if you are u 33 Passcode preset 0 Unmanaged T Check all news System Maintenance System Configuration System Parameters Device Control Logs Device Control Alerts CAP Logs CAP Alerts MDM Profile Removed Devices MDM Devices not connect
90. d expressions to be detected as sensitive content by Endpoint Protector The list of custom content dictionaries is available under Content Aware Protection gt Custom Content Dictionaries The available actions for each dictionary are Edit Export Dictionary and Delete eq ies A new dictionary can be created by clicking on the Add New button To populate the content of a newly created dictionary items of at least three characters might be entered either manually separated by comma semicolon or new line or directly imported from an Excel file by pressing the Import Dictionary button An example of a Custom Content Dictionary with financial terms is shown below List of Dictionaries Dictionary Name Dictionary Description Created at Created by Modified at Modified by Words items Actions Confidential Dictionary List of Confidential Terms root root 102 Eg o Add New Dictionary Information Dictionary Name Confidential Dictionary Dictionary Description List of Confidential Terms Dictionary Content separated by new line comma or Agak Rahasia semicolon Armee intern od dienstlich Interne au service jj Begrenset Beperkte Verspreiding Bizalmas Classified information Clearance Confidencial Confidential Confidentiel d fense Diffusion restreinte G Save import Dictionary ea Export As Delete t Back 71 Endpoint Protector User Manual Once a new dictionary is created it will be automatically displayed i
91. d maintenance Even further one Regular administrator should only be responsible for his entities Welcome Logout B EOR 4 Reporting and Administration Tool English X Advanced Search Dashboard List of Departments Show all departments kad Endpoint Management Results Qp Endpoint Rights Department Name Description Department Code Actions RH Endpoint Settings Default Department New entities will belong to this departm defdep iy Secret Department Secret secdep BR Content Aware Protection CAP Public Department public pubdep ZO go Mobile Device Management 3results 50 im per page es Offline Temporary Password L gege l E Reports and Analysis fag Alerts Directory Services Appliance System Maintenance System Configuration Client Software Client Software Upgrade Client Uninstall Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 A new department can be defined by using the Create button Add a New Department Show all departments Details Department Name Testing Description This is the Testing Department Unique Code 335efr save Save Add Back 124 Endpoint Protector User Manual Even if the term Department is simple if we want to make a s
92. d to this computer Remove the device now or contact the computer s administrator for authorization Kingmax USB2 0 FlashDisk 17 4 Client Policy Update The Client has a built in feature to ensure the latest policies are received The Update Policies Now is available by right clicking on the Endpoint Protector system tray icon as shown below About Endpoint Protector End User License Agreement Update Policies Now Offline Temporary Password ul pe LMF sath ee ey 8 26 2014 17 5 Offline Functionality for Endpoint Protector Client Depending on the global settings the Endpoint Protector Client will store a local file tracing history and a local file shadow history that will be submitted and synchronized with the Endpoint Protector Server upon next connection to the network 155 Endpoint Protector User Manual 17 6 DHCP Manual IP address Endpoint Protector Client automatically recognizes changes in the network s configuration and updates settings accordingly meaning that you can keep your laptop protected at the office DHCP and at home Manual IP address too without having to reinstall the client or modify any changes 17 7 Client Removal 17 7 1 Client Removal on Windows OS The Endpoint Protector Client cannot be uninstalled without specifying the password set by the administrator s in the Reporting and Administration Tool There is also the option to remotely uninstall clients from the 17 7
93. de the network r4 it is important to prevent these actions before Mobile Device Management they happen and to report them With Content Aware Protection in Endpoint ky Offline Temporary Password CONTENT AWARE Protector files are now inspected for sensitive content before they leave the network Reports and Analysis PROTECTION by ENDPOINT PROTECTOR A System Alerts Activate your free 30 day trial of Content Aware Protection in Endpoint Protector today EJ Directory Services or get your subscription immediately a Appliance Enable Feature System Maintenance Q System Configuration L System Parameters O Support Endpoint Protector 4 Copyright 2004 2012 CoSoSys Ltd All rights reserved Version 4 0 5 0 Appliance The Content Aware Protection feature requires separate licensing in addition to the Endpoint Protector license for Device Control 61 Endpoint Protector User Manual 7 2 Content Aware Policies Content Aware Policies are sets of rules for sensitive content detection and blocking enforced on selected network entities users computers groups departments A content aware policy is made up of four elements e Policy Type defines for which type of OS the policy applies Windows or Macintosh e Policy Action defines the type of action to be performed reporting of sensitive content detection or blocking and reporting of sensitive content transfers e Policy Filter specifies the content to be detec
94. dow Size MB 512 Min File Size for Shadowing KB 0 Max File Size for Shadowing KB 512 Notifier Language English Use Custom Client Notifications for this Language Logging Created at 30 Jul 2007 20 07 02 Created by root Modified at 14 Mar 2014 15 32 02 Modified by root G Save l k Back Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Welcome Logout English Advanced Search Management of Global Settings Show all departments A pE Ready Version 4 4 0 2 Appliance 46 Endpoint Protector User Manual Restore Global Settin Restore Global Settings 2 fesiets ct os button can be used to revert to a lower level of settings Once this button is pushed the system will use the next level of settings Example If the action is done on group settings the entities in the group will use from that point onwards the global settings The settings and the rights for computers are sent to the client computer at an exact interval of time set in this section Refresh Interval in seconds represents the time interval at which the client will send a notification to the server with the intent to inform the server of its presence in the system The server will respond by checking the settings and rights and updating them if needed so the client can behave accordingly Log Upload Interval in minutes represents the maximum time interval at which the client will s
95. ds iItems Actions Default Domain Whitelist Default Domain Whitelist root root 2 g ol amp Add New Edit Domain Whitelist Content Content Aware Domain Whitelists works only for Outlook and Thunderbird on Windows Domain Whitelist Name Default Domain Whitelist Domain Whitelist Description Default Domain Whitelist Domain Whitelist Content endpointprotector com support cososys com G Save import Whitelist g Export As Delete Once a new domain whitelist is added it will be automatically displayed inside the Domain Whitelists tab 7 6 Content Aware Regex Regular Expressions By definition Regular Expressions are sequences of characters that form a search pattern mainly for use in pattern matching with strings An administrator can create a regular expression in order to find a certain recurrence in the data that is transferred across the protected network Content Aware Regular Expressions Show all departments Name 4 Description Expression Created at Createdby Modifiedat Modified by Actions Default Regular Expression Expression To Verify An E mail Address 0 9a zA Z _ J 0 9a ZA Z _ a zA root root EA 3 Add New Edit Regular Expression Information Regular Expression Name Default Regular Expression Regular Expression Description Expression To Verify An E mail Address Regular Expression Content 0 9a zA Z _ 0 9a zA Z _ a zA Z 2 4 G Save Delete Example that matches an e mail O 9a
96. e Active Active Active Active Active License Type v Updates amp Support Trial Mobile Endpoint License Mobile Endpoint License Mobile Endpoint License Mobile Endpoint License Mobile Endpoint License Assigned Computer uy Assigned Mobile Device OO OH O OH OO OH O OH OHHH OH HHBHHOO Ready Version 4 4 0 4 13 System Parameters This module of Endpoint Protector is designed for super administrators The advanced settings available here determine the functionality of the entire system Many of these parameters should be left untouched on the default installation settings Introducing wrong values can limit the functionality and performance of the entire system 13 1 Here is a list of all device types currently supported by Endpoint Protector along with a short description for all of the items Device Types Welcome Logout ENDPOINT iii ie 5 n ae PROTECTOR Reporting and Administration Tool English v Q Advanced Search Dashboard List of Device Types Show all departments Endpoint Management Results es Endpoint Rights Name Description Windows Mac Linux mH Endpoint Settings Unknown Device Unknown Device Y Y Y USB Storage Device USB Storage Device USB Flash Drives U3 SY SY SY Content Aware Protection CAP Internal CD or DVD RW Internal CD or DVD RW lt S od SY Internal Card Reader Internal Card Reader SD Cards Memory C Y Y Y E Mobile Device M
97. e Alerts Define Content Aware Alerts Define MDM Alerts Alerts History Content Aware Alerts History MDM Alerts History Directory Services amp Appliance System Maintenance Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance To create a new alert go to Define Alerts and click Create a Create Alert Group All Groups w User Test A Computer gt y Device type USB Storage Device A Device Any a Event Connected fi Administrators Note In order to have a complete list please make sure administrators have their e mail addresses set up from from Dashboard gt My Account Gsave Gsave aad Back J Then select the Group Client Computer Device type or Device depending if you mean a single device or all devices of a certain type and the event that will trigger the notification The filter is designed to make finding information quick and easy 94 Endpoint Protector User Manual You can also select one or more administrators to receive the same notification s This is useful in case there is more than one administrator for Endpoint Protector Example if you want to be notified when a certain device is connected to a certain computer you must set up an alert choosing the specific device and computer that you wish to be notified of and selecting
98. e I Understand the Risks Click Add Exception Security Warning window pops up 166 Endpoint Protector User Manual Just click Get Certificate button and then the Confirm Security Exception button ne Sc ep ooo lillian a be D i A You are about to override how Firefox identifies this site A Legitimate banks stores and other public sites will not ask you to do this Server Lain Certificate Status This site attempts to identify itself with invalid information Wrong Site Certificate belongs to a different site which could indicate an identity theft Unknown Identity Certificate is not trusted because it hasn t been verified by a recognized authority Permanently store this exception Confirm Security Exception Close and restart the browser Here you can find a list of terms and definitions that are encountered throughout the user manual Appliance Appliance refers to the Endpoint Protector Appliance which is running the Endpoint Protector Server Operating System Databases etc Computers refers to PC s workstations thin clients notebooks which have Endpoint Protector Client installed File Tracing this feature will track all data that was copied to and from prior authorized portable storage devices File Shadowing this feature saves a copy of all even deleted files that were used in connection with controlled devices on a network storage server Devices refers to a list of K
99. e Log Backup Show all departments Endpoint Management A p Endpoint Rights This option allows you to delete old Content Aware logs from the database and save them in an CSV Comma Separated Values file Please choose from the list below which logs you would like to backup k All 28 records Endpoint Settings Older than 30 days 0 records Older than six months 0 records Content Aware Protection CAP Older than one year 0 records Note A maximum number of 225000 log records can be deleted at once m Mobile Device Management kg Offline Temporary Password Reports and Analysis A Alerts EJ Directory Services cuna Make Backup Backup List Backup Scheduler E Appliance System Maintenance File Maintenance System Snapshots Log Backup Content Aware L Q System Configuration a System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Here you can select the logs you wish to backup Simply select an option and click Make Backup Welcome Logout amp ed si ila i Reporting and Administration Tool English z Q Advanced Search Dashboard Content Aware Log Backup Show all departments Endpoint Management G Backup completed es Endpoint Rights A Endpoint Settings Content Aware Log Backup All logs have been deleted Number of deleted logs 28 Content Aware Protection CAP Click here to manage the log backup file
100. e additional security password can be set from the System Configuration module under the System Security tab and it applies to all the Reports and Analysis sections Additional Security Password For Sensitive Data Protection Current Password New Password New Password confirm Save 77 Endpoint Protector User Manual 8 2 File Tracing Displays the list of file properties traced of files that have been transferred from a protected computer to a portable device or another computer on the network and vice versa It also displays the original location of the transferred files if Detect Source Copy is activated from System Policies or Global Settings B Advanced Search Dashboard File Tracing Show all departments Welcome Logout ENDPOINT PROTECTOR Reporting and Administration Tool English Endpoint Management Filter p Endpoint Rights Results A Endpoint Settings Event Computer IP Address Device User Device Type File Name File Hash File File Type Size Content Aware Protection CAP File Read E 192 168 0 108 NT LAN Manager Network Share D 0a006each34d3386bad77101alebeed8 532 2 KB VLC media File Delete 5 192 168 0 198 DATATRAVELER_2 0 USB Storage Device Slee java file CJ Mobile Device Management File Copy SSPE 192 168 0 198 DATATRAVELER_2 0 Smet USB Storage Device Sees ee ee 3d74e350e6797b7dca1f121f76456eab 3 43KB java file File Delete 5 192 168 0 198 DATATRAVELER_2 0 USB Storage D
101. ecial hardware that is available primarily through security focused resellers 16 1 How a Level 1 Trusted Device Works User connects Device to Endpoint Protector protected Client PC Device is blocked by Endpoint Protector default action Device is checked for authorization If device is an authorized Trusted Device Level 1 the EasyLock software on Device will automatically open User can transfer files via Drag amp Drop in EasyLock from the PC to the Trusted Device Data transferred to devices is encrypted via 256bit AES User cannot access the device using Windows Explorer or similar applications e g Total Commander User does not have the possibility to copy data in unencrypted state to the Trusted Device Trusted Device implies that the devices offer a safe risk free environment to transfer sensitive data and tracking or shadowing files and file transfers is not needed for these devices Administrator can audit what user with what device on what PC has transferred what files Note EasyLock will auto play only on Windows OS 149 Endpoint Protector User Manual 16 2 EasyLock Software for Trusted Devices Level 1 EasyLock allows portable devices to be identified as Trusted Devices and protects data on the device with government approved 256bit AES CBC mode encryption With the intuitive Drag amp Drop interface files can be quickly copied to and from the device EasyLock can be downloaded di
102. ect an option and click Make Backup Welcome Logout amp O EOE j Reporting and Administration Tool Engis 4 C Q Advanced Search Dashboard Log Backup Show all departments el Endpoint Management G Backup completed ts Endpoint Rights KH Endpoint Settings log Backep All logs have been deleted Number of deleted logs 588 Content Aware Protection CAP Click here to manage the log backup files Mobile Device Management Offline Temporary Password Reports and Analysis Alerts w Directory Services Appliance System Maintenance Back File Maintenance System Snapshots Log Backup Content Aware Log Backup o System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance You should see the message Backup Completed in the top center of your browser You can download and view the logs by selecting the click here link 113 Endpoint Protector User Manual 11 3 1 Backup Scheduler Automatic Log Backup You can back up your log files also automatically by using the Backup Scheduler option Welcome Logout r PROTECTOR i Reporting and Administration Tool engisn El Q p3 Dashboard Log Backup Show all departments Endpoint Management Badas Scheid p Endpoint Rights This option allows you to schedule an automatic backup routine in order to delete old log
103. ectory Services Appliance System Maintenance System Configuration System Parameters Device Types Rights Events File Types Support File Types Reporting and Administration Tool Welcome Logout Advanced Search List of File Types Show all departments Results Extension Mime Type Description Actions doc Microsoft Word Document EAE RO PNG Image PNG image EAE OpenDocument Text OpenDocument Text EAD Setup Information Setup Information EA Application Application EAE Identifier file Identifier file ye data file data file ZO Hp3948 file Hp3948 file EAC Configuration Settings Configuration Settings ZO Microsoft Word Dokument Microsoft Word Dokument Ze tmp file tmp file Ze ace file ace file gR oft file oft file ZO p fie p fie EAE pas file pas file E tex file tex file Ae GIF Image GIF Image B Python File Python File FO rar file far file EA sh file sh file EA java file java file EA VLC media file bin VLC media file bin FZO docx docx FO 24 results 50 x per page Create Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 Most companies like to limit their employee s access to data especially if it is confidential Through Endpoint Protector you can enforce your security policies and keep confidential data away from the hands of curious employees You can Start setting your policies in the Rights sectio
104. ed BLOCKED BLOCKED BLOCKED Information will be blocked IGNORED REPORTED BLOCKED Information will be reported IGNORED BLOCKED REPORTED Information will be blocked REPORTED IGNORED BLOCKED Information will be reported BLOCKED IGNORED REPORTED Information will be blocked REPORTED BLOCKED IGNORED Information will be reported BLOCKED REPORTED IGNORED Information will be blocked 64 Endpoint Protector User Manual Attention The information left unchecked when creating a policy will be considered as Ignored by Endpoint Protector and NOT AS ALLOWED 7 2 3 Types of Content Aware Policies Depending on the selected content to detect a policy can be classified in e File Type Filter Policy detects blocks all transfers of preselected file types including preselected file types archived in zip files with no password protection e Predefined Content Policy detects blocks all file transfers containing Credit Card and or Personal Identifiable information e Custom Content Policy detects blocks all file transfers containing terms from a preselected Custom Content Dictionary Combined policies can be created by selecting several filter types for the same policy An example of a combined Content Aware Policy for the Sales Department to detect specific file types and custom terms is shown below Priority 3 File Types Custom Content Depending on the selected content to monitor the icon corresponding to the newly
105. ed anymore the logs can be deleted by pressing Delete History the button ENDPOINT PROTECTOR oe og ABBDoex7i EJ i 4 Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Define System Alerts System Alerts History Define Alerts Alerts History Define Content Aware Alerts Content Aware Alerts History Define MDM Alerts MDM Alerts History Directory Services Appliance System Maintenance System Configuration System Parameters Support Reporting and Administration Tool English vit Welcome Logout Q Advanced Search Alerts History Y PPOPPPPP PUPPET PPP LEE 1E TU iw 3 3 S g Delete History Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Device Type USB Storage Device Serial ATA Controller Serial ATA Controller Back Device Mass Storage Device Intel R 7 Series C216 Chipset Family SA Intel R 7 Series C216 Chipset Family SA Wireless Network Adapter 802 11 a b g n Bluetooth Device HP Officejet 5600 series Bluetooth Device Wireless Network Adapter 802 11 a b g n iPad iPad iPad iPad iPad iPad iPad iPad iPad iPad iPad iPad Event Connected Connected Connected Connected Connected Connected Connected Connected Connected Connected Connected Con
106. ed by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage Continue to this website not recommended More information gt Internet Protected Mode Off fa 100 157 Endpoint Protector User Manual Continue your navigation by clicking x Continue to this website not recommended Now go to the Certificate file you downloaded from the Appliance Setup Wizard gt Appliance Server Certificate gt and install the Certificate Click the Certificate Error button just next to the IE address bar as shown By clicking the Certificate Error button a pop up window appears Just click the View certificates in that pop up window Another pop up Certificate window will appear with three tabs namely General Details and Certification Path Select the General tab and then click Install Certificate button or go to Tools gt Internet Options gt Content gt Certificates Parental Controls Control the Internet content that can Parental Controls be viewed Content Advisor Ratings help you control the Internet content that can be viewed on this computer
107. ed for long time O Support Event name Client Computer IP Address Domain Name Client User Device Type Device Date Time Device not TD USB Storage Device DataTraveler 2 0 2013 12 09 13 41 28 La Blocked lt _ l USB Storage Device DataTraveler 2 0 2013 12 09 13 41 18 Connected lt USB Storage Device DataTraveler 2 0 2013 12 09 13 41 18 Disconne cted a USB Storage Device DataTraveler 2 0 2013 12 09 13 41 12 Device not TD E USB Storage Device DataTraveler 2 0 2013 12 09 13 38 45 Blocked EE USB Storage Device DataTraveler 2 0 2013 12 09 13 38 36 Connected a USB Storage Device DataTraveler 2 0 2013 12 09 13 38 36 Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 2 Appliance 16 Endpoint Protector User Manual More specific dashboards are available at Endpoint Management Content Aware Protection and Mobile Device Management 2 6 System Status Under the System Status tab from the Dashboard module you can access the System Lockdown Endpoint Protector ON OFF Content Aware Protection ON OFF Custom Classes ON OFF buttons On System Lockdown Pressing this button will cause Endpoint Protector to instantly deny access to all devices in the system stopping also ongoing data transfers depending on device type Log files are still created of what was accessed or modified before the Lockdown button was pushed Endpoint Protector ON O
108. end the locally stored log information to the server This time interval can be smaller than the default value in case the log size is greater than the Local Log Size setting Local Log Size in kilobytes represents the maximum size of the log which can be stored by the client on the client pc If this value is reached then the client will send this information to the server This mechanism is optimal when a client computer has a lot of activity because it will send the information very quickly to the server so the administrator can be informed almost instantly about the activities on that computer Shadow Upload Interval in minutes represents the maximum time interval at which the client will send the locally stored shadow information to the server Local Shadow Size in megabytes represents the maximum size of shadowed files stored by the client on a client PC When this value is reached the client will start overwriting existing files in order for it to not exceed the specified limit Minimum File Size for Shadowing in kilobytes represents the minimum file size that should be shadowed If a value is set here than files smaller in size than that value will not be shadowed Maximum File Size for Shadowing in kilobytes represents the maximum file size that should be shadowed If a value is set here then files larger in size than that value will not be shadowed 47 Endpoint Protector User Manual 6 1 Computer Setti
109. er than 3months 0 records kg Offline Temporary Password Older than 2months 0 records Older than i month 0 records Older than 2 weeks 0 records Reports and Analysis Older than 1 week 0 records Older than 2days 0 ds A Alerts Older than 1day 0 records B p Note A maximum number of 525000 log records can be backed up at once EJ Directory Services Last Automatic Log Backup never a Appliance Deleting all logs might temporarily affect the correct display of online computers online devices and graphics reports System Maintenance File Maintenance Save Back System Snapshots Log Backup Content Aware Log Backup Q System Configuration a System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Here you can schedule an automatic backup routine by setting two trigger conditions Backup time interval allows you to select a certain time interval for repeating the backup operation Backup size limit allows you to select a maximum size for the logs to be backed up In case that you don t wish to set a specific value for one or both of these options please leave the specific field s blank After specifying the logs to be backed up automatically based on their creation time please click Save in order for your options to be applied 117 Endpoint Protector User Manual You can view the created backups by
110. es IV All V c cpp java V py M sh csh V bat cmd JV pas JV xml dtd More File Types Other Files Iv All 7 AutoCAD files M Text files V DRM Files JV exe sys dll IV so V Unidentified More File Types Media Files Iv All V mov V mp3 V ma M wav V wma IV avi More File Types G Save a Back Delete Note As many files e g Programming Files are actually TXT files we recommend more precaution when selecting this file type to avoid any undesired effects The Predefined Content Filter displays a list of predefined items to detect from credit card information to Personal Identifiable Information The Content Aware Protection module offers the option of Localization meaning that you can select specific formats for a list of countries for information such as Driving License ID Phone Number and Social Security Number By leaving unchecked this option all formats will be detected by the Content Aware Protection agent Policy Content File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Regular Expressions Policy Action will apply to selected Predefined Content for ALL File Types regardless of the selected File Type Filter Credit Cards 7 All V Amex W Diners Discover W JCB Mastercard
111. es ee E E E E esa cueaueiseeeaseus 136 DD DOIN CS aa A 137 LAFE TYDE tunaacccsdessaecsansaucscqataneseussaanatessaceeestaussacesausaaues 138 14 Setting up Policies ssassansenrenrrernnns 139 15 Modes for Users Computers and Groups141 15 1 Transparent Mode ccccccceeecceeeeeeeeseeeeeeeeeseeugeueeeeettseagges 142 E62 oea ModE erce r aeS EERE TREE teas EEEE 142 15 3 Panic Mode ssssssssssssssssrresrrrnrrrnnrrrnnrrnrrrnnrrrnrrrsnrrnerrrnne 142 L54 Addn Icon MOGS a sacccadtenaunadevecentctuanuseeessnaneduemessaesnaurad 143 Laa en MOO enr E EE E E re re re tr tree 143 15 6 Adding new administrator S s sesesesessssnnnnnrnrenrnrnrnrernene 144 15 7 Wo orking with logs and reports wiccnccercscssccvensnsnctensaraenecests 146 16 Enforced Encryption with Trusted Devices 147 16 1 How a Level 1 Trusted Device WOrkS cccccceeeeeeeeeeeeeees 148 16 2 EasyLock Software for Trusted Devices Level 1 a 149 16 2 1 Managing Trusted Devices from EPP server console 149 16 2 2 File Tracing on EasyLock 2 TrustedDeViCes ccceeeeeeees 150 17 Endpoint Protector Client 000 152 17 1 Endpoint Protector Client Installation cccccceeeeeeeeeeees 152 17 2 Endpoint Protector Client Security cccccsecseuneuvesseuneusenss 153 17 3 Client Notifications Notifier s sessssesensnrsarennrrnrensrsnrnas 154 17 4 Client Policy Update ssesessssenensnnensnsnnnnnnnnrnnnnnnnnrnnnerrnnnas 154 17
112. es from a selected client computer Log Backup Files allows archiving and deleting previously backed up log files 110 Endpoint Protector User Manual To archive a previously selected set of files click the Save as Zip button while to permanently remove a set of files from the Endpoint Protector Server use the Delete button 11 2 System Snapshots The System Snapshots module allows you to save all device control rights and settings in the system and restore them later if needed After installing the Endpoint Protector 4 Server we strongly recommend that you create a System Snapshot before modifying anything In this case you can revert back to the original settings if you configure the server incorrectly To create a System Snapshot access the module from System Configuration and click Make Snapshot Welcome Logout TEER 4 Reporting and Administration Tool Engish a Qa Advanced Search Endpoint Management Snapshot Details p Endpoint Rights iina MySnapshot A Endpoint Settings pee aaor Content Aware Protection CAP Mobile Device Management kg Offline Temporary Password E Reports and Analysis Details Number of machines in the system 6 Number of groups in the system 3 Number of rights defined for existing devices 3 Alert Currently the system is using both computer and user rights computer rights have priority AX erts Snapshot Only rights Only settin
113. es window section and can be directly installed by pressing on the Apply Updates button The latest installed updates can be checked by pressing on the View Applied Updates button e Offline Patch Uploader offers the possibility to upload updates in offline mode without an internet connection Note Contact support endpointprotector com to request the Offline Patch 3 Endpoint Management 3 1 Devices In this module the administrator can manage all devices in the system Endpoint Protector has an automatic system implemented meaning that it will automatically add any unknown devices connected to client computers to the database thus making them manageable When an unknown device is connected to one of the client computers the device s parameters are stored in the system database as device data Vendor ID Product ID and Serial Number The user who first used the device is stored as the default user of the device This however can be changed anytime later Welcome Super Administrator Logout 4 we SROTECTOR Reporting and Administration Tool Engis Lw a Dashboard Endpoint Management t Piter va Users Goups Status TO Device Type Device Name identification Description De Last Location Last User Last Connection 0 D Humbe Actions Ce Endpaint Rights w USB Storage Device FREEAGENT FREEAGENT SEAGATE 02 Jun 2011 16 19 Se _ aig Serial ATA Controler Standard AHCI 1 0 Se
114. etails are not filled in Endpoint Protector will connect directly to liveupdate endpointprotector com Data sent to this server is not security sensitive being limited only to your version language 12 10 System Licensing This module allows the administrator to manage the licensing of Endpoint Protector and offers a complete overview of the current licenses status Welcome Logout ENDPOINT ii s y 5 Reporting and Administration Tool English gt Q B PROTECTOR biii Advanced Search Dashboard Endpoint Protector Licensing System Show all departments Fa Endpoint Management System Status Updates and Support a p Endpoint Rights Show Help RK Endpoint Settings Number of total licenses present in the system 55 P r System Status End Date Content Aware Protection CAP Updates Yes g Mobile Device Management Device Control 02 Oct 2014 10 54 01 4 Support Content Aware Protection CAP 02 Oct 2014 10 54 01 iss Offline Temporary Password lobile Device Management 02 Oct 2014 10 54 04 Reports and Analysis aa oi sia g Buy Now as Alerts Feature Status a Directory Services Show Help a Appliance Feature Status End Date Total Used Online 3 Sysem Maintenance Device Control Trial Mode 02 Oct 2014 10 54 01 50 7 2 Device Control and Content Aware Protection CAP for Windows Trial Mode 02 Oct 2014 10 54 01 50 7 2 System Configuration Device Control and Content Aware Protection CAP for Windows and Mac OSX Tria
115. evice Python File eg Offline Temporary Password File Copy 192 168 0 198 DATATRAVELER_2 0 St USB Storage Device SS af1839a10c65cb23da6097339f13939b 19B Python File File Delete 55 192 168 0 198 DATATRAVELER_2 0 USB Storage Device DOS Python File an Reports and Analysis File Delete 192 168 0 198 DATATRAVELER_2 0 m USB Storage Device Ree java file A File Copy E 192 168 0 198 DATATRAVELER_2 0 USB Storage Device Dee e26cac7b7SafiSe8c089f334ff0f3eaa 7 47 KB Python File Logs siaii T File Copy SPSS 192 168 0 198 DATATRAVELER_2 0 Sat USB Storage Device ae ee 3d74e350e6797b7dca1f121f76456eab 3 43KB java file i File Delete 5 192 168 0 198 DATATRAVELER_2 0 USB Storage Device See ace file EE Report File l 192 168 0 198 DATATRAVELER_2 0 USB Storage Device DS at Python File Pe pee i File Copy m zem 192 168 0 198 DATATRAVELER_2 0 USB Storage Device DS ae e26cac7b75af15e8c089f334ff0f3eaa 7 47 KB Python File Aa A File Copy 192 168 0 198 DATATRAVELER_2 0 Sa USB Storage Device SSS Se _ See 80f572ee491e457ffc94b1c4e8faf670 224B ace file Online Computers File Delete 192 168 0 198 DATATRAVELER_2 0 USB Storage Device Se ace file ne n File Copy SSS 192 168 0 198 DATATRAVELER_2 0 Sm USB Storage Device Car 80f572ee491e457fic94bic4esfaf670 2248 ace file Alerts File Copy m 192 168 0 198 DATATRAVELER_2 0 USB Storage Device Se D O7e06f0F4179f2485c98a9aldc47203f 216 B ace file File Copy 192 168
116. evice is checked for authorization Files can be transferred ta authorized device File transfer to and from device is recorded Actions such as 128bit AES SL file deletion or file renaming are recorded as well Communication Administrator can audit what user with what device on what PC has transfered what files File Server stores optional Endpoint Protector duplicate of files Server Device User Client PC and file ae Database stores related data File MWames User W Is recorded Actiity File Action ain Devices File Properties 1 2 3 Audit Trail Device Activity Logging A device activity log is recorded for all clients and devices connected along with all administrative actions such as device authorizations giving a history for devices PCs and users for future audits and detailed analysis 1 2 4 Audit Trail Reporting and Analysis Tools Endpoint Protector 4 is equipped with powerful reporting and analysis tools to make the data audit process easy and straightforward 1 2 5 Sensitive Content Filtering Scans and reports all transfers of sensitive data on and from any removable media or via the Internet 1 2 6 File Whitelist Allows only previously authorized files to be copied to portable storage devices 1 2 7 Easy Enforcement of Your Security Policies Simplified device management policies with customizable templates for defining User Group permissions allow easy enforcement and maintenance of you
117. gent can differentiate the uppercase and lowercase letters when inspecting the content If the Whole Words Only option is marked terms from the inspected content are detected only if they are an identical match with the ones that appear in the dictionary e g age is in the Dictionary variations like aged agent agency etc won t be reported blocked The URL Whitelist displays a list of URL whitelists By selecting one or more whitelists the Content Aware Protection agent will not scan uploads or attachments to the web addresses present in the whitelists Whitelisting works for Internet Explorer File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Policy Action will apply only to the following applications if selected Internet Explorer 0 All 7 Default URL Whitelist To add delete and edit URL Whitelists Go to Content Aware URL Whitelists The Domain Whitelist displays a list of domain whitelists By selecting one or more whitelists the Content Aware Protection agent will not scan mails sent to the recipients or domains present in the whitelists Whitelisting works for Microsoft Outlook and Mozilla Thunderbird Policy Content File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Regular Expressions 7 Policy Action will apply only to the following applications if selected Outlook and Thunderbird EO
118. gs Both EJ Directory Services amp Appliance System Maintenance File Maintenance System Snapshots Log Backup Content Aware Log Backup Q System Configuration System Parameters Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Enter a name for the snapshot and a description Select also what you wish to store in the snapshot Only Rights Only Settings or Both Finally click Save 111 Endpoint Protector User Manual fe ENDPOINT 4 PROTECTOR Dashboard Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance A Ca 5 File Maintenance System Sn ots Log Backup Content Aware Log Backup System Configuration System Parameters Oie Support Reporting and Administration Tool List of Available Snapshots Welcome Logout Advanced Search Show all departments G The current system state has been saved Filter v Results Name Description Created at v Created by Actions MySnapshot3 And a third one 27 September 2013 10 57 root O MySnapshot2 This is another snapshot 27 September 2013 10 57 root v MySnapshot This is a snapshot 27 September 2013 10 56 root v 3results 20 per page Ma
119. heft of data or accidental loss of data is for individuals a mere child s play Data theft or data loss or infecting companies computers or network through a simple connection is easy and doesn t take more than a minute Network administrators have little chance to prevent this from happening or to catch the responsible user s Now Endpoint Protector through its Device Control module helps companies to stop these threats As a complete Data Loss Prevention solution Endpoint Protector not only controls all device activity at endpoints but monitors and scans all possible exit points for sensitive content detection Its second module Content Aware Protection ensures that no critical business data leaves the internal network either by being copied on devices or sent via the Internet without authorization reporting all sensitive data incidents 2 Endpoint Protector User Manual 1 1 What is Endpoint Protector Endpoint Protector will help you secure your PCs endpoints within your network and screen all possible exit ways for sensitive content detection You will be able to restrict the use of both internal and external devices which can be used for data storage and transfer and to manage PC MAC and Linux ports Endpoint Protector through its two main modules Device Control and Content Aware Protection gives network administrators the control needed to keep network endpoints safe Control use of all USB and other storage de
120. hey are in a raw form Offline Temporary Password Device Type Device Right Using File Whitelist Observation Defined On Reports and Analysis USB Storage Device ADATA USS Flash Orive Allow Access No Defined on Computer macbook A ners Export to POF Directory Services System Maintenance Q System Configuration a System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Lid All rights reserved No Background Tasks Version 4 4 0 2 36 Endpoint Protector User Manual 4 6 3 Effective Rights for Content Aware Protection This module displays the Content Aware Protection rules on a specific user computer at that time EN NT 4 Welcome tti Logout an DPOI 2 GE PROTECTOR Reporting and Administration Tool Engish Qa EB Dashboard Endpoint Management Currently the system is using both computer and user rights user rights have priority Ce Endpoint Rights Device Rights Effective Rights Endpoints Effective Rights Devices Effective Rights Content Aware Protection esr Filter Computer Rights Group Rights Select a computer TEST PC x Global Rights Effective Rights Select a user Test s Fie Whitest A Endpoint Settings fat Q Aanu Ser 2 Content Aware Protection CAP Results m Mobile Device Management A The rights are displayed from lower to highest priority and they are in a raw form Offline Temporary Password Device Type Device Right Using File Whitelist Observation Defined On Rep
121. i or in case the device is not already in the database he can introduce the device code communicated by the client user see paragraph 5 5 After selecting the duration the password will be generated by clicking Generate Code button Another way to generate a password is by right clicking on a managed computer or device from the Endpoint Management tab and select the Offline Temporary Password action Actions FAABEwW Offline Temporary Password SS Ewe Once selected generating a password can be done according to the details filled in aS per the image below 40 Endpoint Protector User Manual Generate Offline Temporary Password Computer Details Computer Name SSS IP Te oeg MAC Address o Domain Workgroup WORKGROUP Devices Search for device 2 or Enter device code case sensitive e OO od Other Options Duration 30min Generate Code Generated Password Password LE The obtained password will be communicated to the user for temporarily allowing his specific device With the Refresh Device Codes option the Administrator can verity the authenticity of a given device code if it was previously listed in the Endpoint Management gt Devices list Other Options 30 min Duration Generate Code Refresh Device Codes Generated Password Password 41 Endpoint Protector User Manual 5 3 Computer Offline Temporary Password
122. ile Types User Login User Login Y v B O cat File Encrypt File Encrypt using EasyLock v2 P y EA File Decrypt File Decrypt using EasyLock v2 v v B File Encrypt offline File Encrypt offline using Easy Lock v SY SY E File Decrypt offline File Decrypt offline using Easy Lock v F oy Eg Content Threat Detected Content Aware Protection Threat Detect P a R Content Threat Blocked Content Aware Protection Threat Blocke a SA gR File Copy A file was copied to or from a removable SY SY EA Scanning Data at Rest Found Object from Scanning Data at Rest P F EA User Logout User Logout v Y B 32 results 50 x per page Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 Note Changing this list without CoSoSys acknowledgement can limit system functionality and performance however such customizations implementations can be performed by request by one of our specialists as part of our Professional Services offered to customers 138 Endpoint Protector User Manual 13 4 This list contains common file type extensions and a description for each of them making them easier to recognize when creating audits ENDPOINT PROTECTOR 0 0 k i EJ e SERED OX E Dashboard Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Dir
123. imilarity between Endpoint Protector and Active Directory or any other Director Service software the equivalent of this term is Organization Unit Of course Organization Unit is not identical with Department and again Endpoint Protector leaves the power to the actual Super Administrator to virtually link one or more Organization Units to an Endpoint Protector Department For more details please see paragraph 10 1 AD Deployment Several aspects regarding departments are detailed below 1 Each main entity must belong to a department except with the scenario when the super administrator deletes the Default Department At computer registration the Department Code is provided If a department having the given code is found then the computer will register and it will belong to that department All the main entities information received from a computer in department X will also belong to department X Example Computer Test PC is registered to department developers In this case user Test logged on that computer will be assigned to the same department together with the devices connected on the computer Test PC Note In case that at registration no department code is provided or a wrong department code is provided the department code is considered invalid and that computer will be assigned to the default department defdep 2 Super Administrators example root will still have access to all the main entities regardless of
124. in the system with default values from installation 48 Endpoint Protector User Manual 6 2 Group Settings This module will allow the administrator to edit group settings Welcome Logout aidh i Reporti d Administration Tool E PROTECTOR eporting an ministration 100 nglish v Advanced Search Dashboard Edit Group Settings Show all departments I Endpoint Management Group p Endpoint Rights Name My Group Description This is my group RH Endpoint Settings Mode Computer Settings Group Settings Refresh Interval sec 300 Mode Normal Custom Client Notifications Content Aware Protection CAP File Tracing and Shadowing m Mobile Device Management File Tracing E File Shadowing E ky Offline Temporary Password CAP File Shadowing P Reports and Analysis Detect Copy Source T Network Share Tracing T A Aers Settings TJ Directory Services Log Interval min 300 Ca Appliance Local Log Size MB 10 System Maintenance Shadow Interval min 60 pee Shadow Size MB 512 2 System Configuration Min File Size for Shadowing KB o Max File Size for Shadowi a System Parameters sacl Notifier Language English z O Support Use Custom Client Notifications for this Language Logging Created at 17 Mar 2014 08 35 47 Created by root Modified at 17 Mar 2014 08 35 47 Modified by root G Save Restore Global Settings t Back e Endpoint Protector 4 Copyright 2004 2014 CoSoSys Lt
125. ination Type Destination File Name File Hash File Size Matched Item Content Aware Protection CAP Undefined Policy screen capture screen capture image Undefined Policy screen capture screen capture image g Mobile Device Management RO Web Browser Mozilla Firefox SEE 80f48c1 435fe040d336650301719132 7 77MB application x dosexec RO Web Browser Mozilla Firefox Sr Se Se f3e7a015c1d541528085d3f9581ab41f 220 KB application x dosexec eg Offline Temporary Password RO Web Browser Mozilla Firefox a ee 46860396033a0d3b326cbc8a8719577a 245 5KB application x dosexec RO file type explorer S OR ee f3e7a015c1d541528085d3f95381ab41f 220 KB application x dosexec an Reports and Analysis RO filetype explorer Se f3e7a015c1d541528085d3f9581ab41f 220KB application x dosexec RO file type explorer TO Da IE f3e7a015c1d541528085d3f9581ab41f 220 KB application x dosexec ee a Ro file type explorer SS eee Se 732a2aad77ea6dS6e7a534086881e230 9 58MB application x dosexec a p RO file type explorer i ea 83af340778e7c353b9a2d2a788c3a13a 132 KB application x dosexec ae 5 RO file type explorer adipsia a 6368baa2c6d3ae01ce29106c48847def 3 9 MB application x dosexec f P meer RO file type explorer OR a E E 6368baa2c6d3ae01ce29106c48847def 3 9 MB application x dosexec E RO file type explorer e ee 414bSbb94daSe1250ad043cfd7acS053 7 MB application x dosexec Online Computers RO file type explorer ST Reis ere are a a 732a2aad77 ea6d56e7a5340868381e230 9 58MB application x d
126. ing and Administration Tool 5 Dashboard Endpoint Management Filter Qp Endpoint Rights Results A Endpoint Settings Event Client Computer IP Address Domain Client Device Type Device Files Date Time Server Date Time Client OS Actions name Name User a Type O Content Aware Protection CAP Blocked SESE 192 168 0 198 ss internal CD or DVD RW MATSHITA DVD RAM UJ8C2 S ATA Device 0 10 Sep 2014 10 57 26 10 Sep 2014 12 00 55 Windows Blocked SSS 192 168 0 198 Webcam USB2 0 HD UVC WebCam 0 10 Sep 2014 10 57 26 10 Sep 2014 12 00 55 Windows E g Mobile Device Management Unblocked 192 168 0 198 WiFi Atheros AR9485WB EG Wireless Network Ada 0 10 Sep 2014 10 57 26 10 Sep 2014 12 00 55 Windows E Unblocked LDS 192 168 0 198 aa WiFi Atheros AR9485WB EG Wireless Network Ada 0 10 Sep 2014 10 57 25 10 Sep 2014 12 00 54 Windows E es Offline Temporary Password Blocked SES 192 168 0 198 Serial ATA Controller Standard AHCI 1 0 Serial ATA Controller 0 10 Sep 2014 10 57 23 10 Sep 2014 12 00 52 Windows H Connected SSS 192 168 0 198 w Webcam USB2 0 HD UVC WebCam 0 10 Sep 2014 10 57 23 10 Sep 2014 12 00 52 Windows E O Reports and Analysis Connected 192 168 0 198 ae Internal CD or DVD RW MATSHITA DVD RAM UJ8C2 S ATA Device 0 10 Sep 2014 10 57 23 10 Sep 2014 12 00 52 Windows E Logs Report Connected 192 168 0 198 WiFi Atheros AR9485WB EG Wireless Network Ada 0 10 Sep 2014 10 57 22 10 Sep 2014 12 00 51 Windows E File Tracing Con
127. inistrators I root A Alerts 7 Marketing admin 7 Financial admin Define Alerts Define Content Aware Alerts Define MDM Alerts Alerts History Content Aware Alerts History MDM Alerts History EJ Directory Services amp Appliance G Sa G Save Add oe Back System Maintenance 2 System Configuration i System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Then select the Group Client Computer User that you want to monitor the Content Aware Policy to be considered and the event that will trigger the notification The filter is designed to make finding information quick and easy Example if you want to be notified when a file containing credit card information is attached to an E MAIL on one of the Financial Departments computers you must set up an alert choosing the Financial Department as the monitored entity the Content Aware Policy that inspects documents for that type of information and finally selecting the Content Threat Detected event from the events list Note Before creating the alert you must make sure that the selected Content Aware Policy is enabled on the chosen Computer User Group or Department 96 Endpoint Protector User Manual 9 4 Define MDM Alerts To create a new MDM alert go to the Define MDM Alerts tab and press the Create button Welcome Logout feta i Reporti
128. istration Tool Engish l QQ Advanced Search Fel Dashboard Endpoint Management a Currently the system is using both computer and user rights user rights have priority Device Rights Effective Rights Endpoints Effective Rights Devices Effective Rights Content Aware Protection User Rights Computer Rights Group Rights Select a computer TESTPC x Global Rights Effective Rights Selecta user Test File Whitelst Reset Apply fiter A Endpoint Settings Q Content Aware Protection CAP Results Device 9 A The rights are displayed from lower to highest priority and they are in a raw form Offline Temporary Password Device Type Device Right Using File Whitelist Observation Defined On Reports and Analysis Unknown Device Allow Access No inherted from Global Polcies Global A Alerts Prone Phone 3GS Allow Access No inherted from Global Policies Global Prone Allow Access No inherted from Global Potcies Global Directory Services USB Storage Device Allow Access No innerted from Global Policies Gibal USB Storage Device _USB_SCS _CD ROM Allow Access No inherted from Global Policies Global System Maintenance Wri Allow Access No innerted from Global Policies Gibba internal CD or DVD RW Allow Access No inberted from Global Policies Global Q System Configuration USB Storage Device V SECURE Allow Access No inherted trom Global Potcies Global Serial Port Communications Port COM1 Allow Access No inherted from Global Policies Global a
129. ive Directory Deployment System Maintenance Back Next Test Connection System Configuration System Parameters Os amp amp Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 Enter the Active Directory domain controller server name the domain name and a username and password in the format as in the examples presented in the form 106 Endpoint Protector User Manual You can also check if your settings are correct by clicking the Test Connection button Welcome Super Administrator Logout ENDPOINT 4 i n ini ion English an PROTECTOR Reporting and Administration Tool Engish w Q Advanced Search Dashboard Active Directory Synchronization Show all departments Endpoint Management Connection is valid es Endpoint Rights RK Endpoint Settings Active Directory Sync Step 1 Define Connection Offline Temporary Password Domain Controller Server Name SSS Example w2003server Domain Example example cososys com E a Coya User SS Example admin example cososys com A System Alerts Password tence EJ Directory Services Active Directory Import Active Directory Sync Active Directory Deployment System Maintenance Q System Configuration Back Next Test Connection a System Parameters O Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 You should see a message Conne
130. ke Snapshot Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Your snapshot will appear in the list of System Snapshots Ready Version 4 4 0 1 Appliance To restore a previously created snapshot click the Restore button next to the desired snapshot Restore Confirm restoration by clicking the Restore button again in the next window fie ENDPOINT 4 PROTECTOR Dashboard Endpoint Management Endpoint Rights Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance gt BB gt TaROX File Maintenance System Sn ts Log Backup Content Aware Log Backup System Configuration System Parameters Olmo Support Reporting and Administration Tool A By restoring a snapshot all currently defined rights and settings will be overwritten Welcome Logout English z Q Advanced Search Restore Snapshot Show all departments Snapshot Details Name MySnapshot Description This is a snapshot Details Settings for 7 machines and 2 groups There are 3 rights defined for existing devices System uses both user and computer rights priority for computer rights Options Restore Only rights Only settings Both G Restore t Back Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4
131. kept in this tab for later auditing Each event that triggers an MDM alert will be saved here Administrators can search for data more easily with the implemented filter while if not needed anymore the logs can be deleted by pressing the Delete History button Welcome Logout ENDPOINT j A E o PROTECTOR Reporting and Administration Tool een n Ca Advanced Search Dashboard Mobile Device Management Alerts History Show all departments Endpoint Management v p Endpoint Rights Reials KH Endpoint Settings Event Name Type os Device Name Created at v Content Aware Protection CAP Uninstall App Any Any 12 March 2014 13 02 Uninstall App Any Any 12 March 2014 9 35 Mobile Device Management Uninstall App Any Any 11 March 2014 16 35 3 results r page kg Offline Temporary Password 20 pa paos DEA Delete History t Back A Alerts Define Alerts Define Content Aware Alerts Define MDM Alerts Alerts History Content Aware Alerts History MDM Alerts History M Directory Services Appliance System Maintenance o System Configuration i System Parameters Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance 10 Directory Services 10 1 Active Directory Import This module allows you to import Computers Groups and Users from Active Directory where available Welcome Super Administrator Logout ote SRATE OR Re
132. l Mode 02 Oct 2014 10 54 01 50 7 2 Mobile Device Management Trial Mode 02 Oct 2014 10 54 01 5 2 2 Client Software Client Software Upgrade G Ili Infi ti a Client Uninstall Download EasyLock Software Show Help System Administrators System Departments Mode Period Endpoints Mobile Endpoints Device Control Content Aware Protection CAP Mobile Device Management Updates Support System Security System Policies Trial 30 Days 50 5 Yes Win amp Mac Yes Yes Yes System Settings 7 T Ean System Li i Appetizer Limited 1 Year 5 Yes Win only Limited Yes Limited Yes No System Licensing a System Parameters g Buy Licenses import Licenses Paste Licenses List Licenses B smon Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 The Endpoint Protector licensing system comprises three types of licenses Endpoint licenses for Mobile and Fixed endpoints Feature licenses and Updates amp Support licenses Endpoint licenses are used for registering the Endpoint Protector Client enabling the communication with the Endpoint Protector Server They are available as either 30 days Trial licenses or perpetual permanent licenses Once registered with a valid Endpoint license the Endpoint Protector Client remains 130 Endpoint Protector User Manual active for an unlimited period of time regardless of the status of the other license types Feature licenses are used for activating one of the three Endpoint
133. layers iPods digital cameras and other devices that could be intentionally or accidentally used to leak steal lose virus or malware infect your data Even self executing devices like a USB Flash Drive with a CD ROM autorun feature such as U3 Drives will not be accessible and thereby pose no threats 1 2 1 Centralized web based Device Management Dashboard Network administrators have the ability to centrally manage and authorize the use of devices The Endpoint Protector 4 Dashboard is designed to meet the needs of both management and security staff and offer access to real time information charts and reports about organization wide controlled device and data transfer activity All in an integrated single view and Web based Administration and Reporting Tool 1 2 2 Control your data flow File Tracing File Shadowing This thorough record of information streams at the network s endpoints is Supporting audits of data flow and controlling the impact of data leakage The File Tracing feature will track all data that was copied to and from prior authorized portable storage devices The File Shadowing feature saves a copy of all even deleted files that were used in connection with controlled devices on a network storage server 5 Endpoint Protector User Manual Devices E J Connected by User to Client _ 3 H P a Transfer is traced SCE Transfer and activity is recorded User connects Device ta Clent PC D
134. le Tracing creating exact copies of files accessed by users The creation of Shadow copies can be triggered by the following events file copy file write and file read Events such as file deleted file renamed etc do not trigger the function Same as File Tracing Shadowing of files can be turned on or off from the System Configuration gt System Policies module of the Endpoint Protector Reporting and Administration Tool Please note however that this feature cannot be used without the File Tracing feature Default System Policies Mode Refresh Interval sec 300 Mode Normal File Tracing and Shadowing File Tracing File Shadowing CAP File Shadowing Detect Copy Source Network Share Tracing Exdude Extensions from Shadowing doc yds Exdude Extensions from CAP Scanning doc xls bmp Note Files with extensions in these lists will be ignored from File Shadowing CAP Extensions must start with dot and end in a semicolon Example mp3 vob exe Note File Shadowing can be disabled for specific file types using the Exclude Extensions from Shadowing option Advanced settings such as minimum file size to be shadowed and shadowing upload interval can also be configured in this section Default Client Settings Log Upload Interval min 30 Local Log Size KB 10 Shadow Upload Interval min 60 Local Shadow Size MB 512 Minimum File Size for Shadowing KB 0 Maximu
135. less of what activity file shadowing and file tracing are enabled to see and monitor all user activity Administrator receives alerts dashboard shows also alerts for all activities 15 3 Panic Mode Under special circumstances Panic Mode can be set manually by the administrator in order to block all access to devices system tray icon is displayed notifications are displayed everything is blocked regardless if authorized or not Administrator receives alert dashboard also shows alerts when PCs are going in and out of Panic mode 143 Endpoint Protector User Manual 15 4 Hidden Icon Mode The Hidden Icon Mode is similar to the Normal mode the difference consisting in the fact that the Agent is not visible to the user no system tray icon is displayed no system tray notifications are shown all set rights and settings are applied 15 5 Silent Mode The Silent Mode is similar to the Normal mode the difference consisting in the fact that the notifications do not pup up to the user system tray icon is displayed no system tray notifications are shown all set rights and settings are applied 144 Endpoint Protector User Manual 15 6 Adding new administrator s You can add an unlimited number of system administrators depending on the size and manageability of your network While fewer administrators are recommended for easier data loss prevention it is easier to manage a large ne
136. ll departments Endpoint Management G Sync objects added eS Endpoint Rights KR Endpoint Settings Active Directory Sync Step 2 Content or Offline Temporary Password a amp J Active Directory Builtin Reports and Analysis 7 Computers Domain Controllers A System Alerts ForeignSecurityPrincipals i Directory Services w Program Data a f System Active Directory Import Test Active Directory Sync iare Active Directory Deployment B System Maintenance System Configuration System Parameters Oe ls Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Sync Interval in minutes 5 Back View Sync List Ready Version 4 0 0 8 108 Endpoint Protector User Manual You can set up multiple synchronizations from multiple locations at once These can be viewed and canceled in the View Sync List wie ENDPOINT 4 Welcome Super Administrator Logout amp PROTECTOR Reporting and Administration Tool Engish Active Directory Synchronization 5 l Show all departments Endpoint Management G Sync objects added p Endpoint Rights A Endpoint Settings Active Synchronizations 2m 3 P i i ky Offline Temporary rd Sync Interval Domain Controller User Last Sync Actions 5 minutes SE E O 2011 06 07 11 08 00 Reports and Analysis A System Alerts EJ Directory Services Active Directory Import Active Directory Sync Active Directory Deployment S
137. lobal Rights Show all departments A Currently the system is using both computer and user rights computer rights have priority Name Global Description Global Group induding all the entities Device Types USB Storage Device Allow Access iPhone Deny Access Internal CD or DVD RW Deny Access e iPad Deny Access e internal Card Reader Deny Access e iPod Deny Access e internal Floppy Drive Deny Access E Serial ATA Controller Deny Access e Local Printers Deny Access e WiFi Allow Access e Windows Portable Device Deny Access e Bluetooth Deny Access iw Digital Camera Deny Access l FireWire Bus Deny Access BlackBerry Deny Access Serial Port Deny Access Mobile Phones Sony Ericsson etc Deny Access m PCMCIA Device Deny Access iw SmartPhone USB Sync Deny Access Card Reader Device MTD Deny Access e SmartPhone Windows CE Deny Access z Card Reader Device SCSI Deny Access e SmartPhone Symbian Deny Access Em ZIP Drive Deny Access Webcam Deny Access Ee Already existing devices Fa Save Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 35 Endpoint Protector User Manual 4 6 Effective Rights 4 6 1 Effective Rights for Endpoints This module displays the rights applied for all device types at that moment in time for the entire system or a specific user computer NT 4 Welcome tt Logout ds SROTECTOR Reporting and Admin
138. low Access E Internal Card Reader Deny Access Bluetooth Allow Access ll Internal Floppy Drive Deny Access FireWire Bus Deny Access i Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 To store your setup simply click Save 127 Endpoint Protector User Manual Note The Automatic Log Cleanup option can also be activated from the Dashboard gt System Status HDD Disk Space Safety Logs Rotation Click to disable Log Rotation aT You have used up 1 of the storage resources available on the appliance Automatic Log Cleanup will start when your HDD Disk Space will reaches 128 Endpoint Protector User Manual 12 9 System Settings In the System Settings module you can modify Endpoint Protector 4 Server Rights functionalities by giving priority to either User Rights or Computer Rights Pease see the Setting up policies chapter of this document for more information on this area Welcome Logout ENDPOINT 4 s 7 s B PROTECTOR Reporting and Administration Tool English x Q Dashboard System Security Show all departments m Endpoint Management kz A You do not have an uninstall password defined eS Endpoint Rights RK Endpoint Settings A You do not have a security password for sensitive data defined Content Aware Protection CAP Security Password for Uninstall Protection g Mobile Device Management
139. low Access if TD Level 3 Allow Access if TD Level 4 Block if wired network is present Parameters Use File Whitelist Save Cancel Once you select a portable device and choose Allow Access for it you will also have the option to enable File Whitelisting for that device Click Save to store your changes The device s you selected will appear in the Already Existing Devices section Standard 2s 23 Endpoint Protector User Manual To add more devices simply repeat the steps mentioned above To change or delete added devices use either Rights Wizard or Remove action buttons Xx 3 2 2 Enable Device Read Only Access With this option the administrator can enable read only access to devices preventing the deletion or alteration of data on the device s The administrator can configure each device individually and can also choose for what computer s user s and group s it will apply to 3 2 3 TrustedDevice Level 1 to Level 4 The TrustedDevices technology integrated within Endpoint Protector is available in four security levels depending on the degree of protection offered by a device devices using EasyLock are TD level 1 For more information on TrustedDevices and EasyLock refer to section 15 Enforced Encryption with TrustedDevice in this user manual 3 2 4 WiFi Block if wired network is present With this option the administrator can dis
140. m File Size for Shadowing KB 512 55 Endpoint Protector User Manual Refresh Interval in seconds Represents the time interval at which the client will send a notification to the server with the intent to inform the server of its presence in the system The server will respond by checking the settings and rights and updating them if needed so the client can behave accordingly Log Upload Interval in minutes Represents the maximum time interval at which the client will send the locally stored log information to the server This time interval can be smaller than the default value in case the log size is greater than the Local Log Size setting Local Log Size in kilobytes represents the maximum size of the log which can be stored by the client on the client pc If this value is reached then the client will send this information to the server This mechanism is optimal when a client computer has a lot of activity because it will send the information very quickly to the server so the administrator can be informed almost instantly about the activities on that computer Shadow Upload Interval in minutes Represents the maximum time interval at which the client will send the locally stored shadow information to the server Local Shadow Size in MB Represents the maximum size of shadowed files stored by the client on a client PC When this value is reached the client will start overwriting existing files in order for it to not
141. m size for the logs to be backed Up In case that you don t wish to set a specific value for one or both of these options please leave the specific field s blank After specifying the logs to be backed up automatically based on their creation time please click Save in order for your options to be applied 114 Endpoint Protector User Manual You can view the created backups by using the Backup List option Welcome Logout Advanced Search Dashboard Log Backup Show all departments Endpoint Management oSA Endpoint Rights logsStats_2013_09_27 11_01_40 csv ats PROTECTOR Reporting and Administration Tool fengisn gt Endpoint Settings Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance gt BBCTaROXF File Maintenance System Snapshots Log Backup Content Aware Log Backup System Configuration System Parameters Support Oime Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance 115 Endpoint Protector User Manual 11 4 Content Aware Log Backup This module allows you to delete old content aware logs from the database and save them in a CSV document Welcome Logout Qe ENDPOINT 4 i ini i Enis gt PROTECTOR Reporting and Administration Tool g Advanced Search Dashboard Content Awar
142. n 1 0 9 5 can be updated using this feature RH Endpoint Settings OS Type Default Version Release Notes Applicable on versions Actions Content Aware Protection CAP Windows Yes 4 2 9 2 4 015 Mac OS X 10 5 Snow Leopard Yes 1 4 0 6 1 0 9 5 x g Mobile Device Management Mac OS X 10 4 Tiger Yes 1 0 9 0 none x Ubuntu 14 4 LTS Yes 1 0 5 1 none x iss Offline Temporary Password gt Ubuntu 12 4 LTS Yes 1 0 3 1 none Js T Reports and Analysis Ubuntu 10 4 LTS Yes 10 0 1 none OpenSUSE 11 4 Yes 1 0 0 1 none Ps as Alerts Windows No 428 1 4 0 1 5 2 i Windows No 42 66 4 0 1 5 Hm Se EEEa Windows No 4257 4 0 15 x Appliance Windows No 4 2 3 0 4 0 1 5 Windows No 4 1 7 0 4 0 15 PAg 3 System Maintenance Windows No 4 1 4 4 4 0 1 5 Pg Windows No 4 1 3 7 4 0 1 5 bd System Configuration Windows No 4 1 23 4 0 15 x jee Windows No 4 1 1 4 4 0 1 5 gt ient Software Upgrade Windows No 4 1 0 7 4 0 1 5 2 Client Uninstall Windows No 4 0 6 0 4 0 1 5 PAS Download EasyLock Software Mac OS X 10 5 Snow Leopard No 1 3 0 4 1 0 9 5 Pg System Administrators Mac OS X 10 5 Snow Leopard No 123 1 1 0 9 5 X SAER Depr nni Mac OS X 10 5 Snow Leopard No 1 226 1 0 95 Spe ti 5 Mac OS X 10 5 Snow L No 1 2 1 6 1 0 9 5 x System Pola Mac 5 Snow Leopard SEI 0 9 gt Syota Seting Mac OS X 10 5 Snow Leopard No 1 1 1 0 1 0 9 5 pg System Licensing Mac OS X 10 5 Snow Leopard No 1
143. n 4 1 0 0 is required for Content Aware Protection The Endpoint Protector Client can be installed on Endpoint Settings Windows 8 32bit and 64bit Windows 7 32bit and 64bit Content Aware Protection CAP Windows Vista 32bit and 64bit Windows XP 32bit and 64bit Mobile Device Management Windows Server 2003 2008 32bit and 64bit Mac OS X 10 5 Snow Leopard Mac OS X 10 4 Tiger Offline Temporary Password Linux Ubuntu OpenSUSE Reports and Analysis To install the Endpoint Protector Client on your dient computers please download it from the following location Alerts To install the client software please provide the Endpoint Protector Server IP and Port 3 Endpoint Protector Server IP 192 168 7 70 PERTTELI Endpoint Protector Server Port 443 7 To install the client software under a certain department please provide the Department Code armee Department Code defdep System Maintenance Windows 32bit version Version 4 2 9 2 Windows 64bit version Version 4 2 9 2 Install Outlook Add on Yes No SK BBE BHEHBeox7D System Configuration Client Software Mac OS X 10 5 Leopard Version 1 4 0 6 Client Software Upgrade Mac OS X 10 4 Tiger Version 1 0 9 0 Client Uninstall Linux Ubuntu 10 4 LTS Version 1 0 0 1 Download EasyLock Software Linux Ubuntu 12 4 LTS Version 1 0 3 1 Linux Ubuntu 14 4 LTS Version 1 0 5 1 System Administrators em
144. n of Endpoint Protector There are four sections here that need to be mentioned Device Rights Computer Rights Group Rights and Global Rights You can find descriptions of these items in the previous paragraphs Before configuring computers and devices there are certain aspects of Endpoint Protector you Should be aware of Computer Rights Group Rights and Global Rights form a single unit and they inherit each others settings meaning that changes to any one of these modules affect the other ones There are three levels of hierarchy Global Rights Group Rights and Computer Rights the latter being the deciding factor in rights management The Device Rights module surpasses all settings from Computer Rights Group Rights and Global Rights If you give permission to a device to be available to clients it will be usable under any circumstances 140 Endpoint Protector User Manual For example in Global Rights assign Allow for device X If in Computer Rights the same device does not have permission to be used the device will not be usable Same applies vice versa if the device lacks permission to be used in Global Rights and has permission under Computer Rights the device will be usable to the client The same applies for Global Rights and Group Rights if under Global Rights the device does not have permission to be used and under Group Rights permission exists the device will be available to the client DEVICE 1 DEVICE 2 DEVI
145. nected Connected Connected Connected Connected Connected Connected Connected Connected Created at 10 September 2014 16 29 10 September 2014 15 50 10 September 2014 15 50 10 September 2014 15 37 10 September 2014 15 37 10 September 2014 15 24 10 September 2014 15 24 10 September 2014 15 24 10 September 2014 11 42 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 10 September 2014 11 40 M 4 12345 gt Ready Version 4 4 0 4 99 Endpoint Protector User Manual 9 7 Content Aware Alerts History A history of the content aware alerts is kept in this tab for later auditing Each event that triggers a content aware alert will be saved here Administrators can search for data more easily with the implemented filter while if not needed anymore the logs can be deleted by pressing the Delete History button Welcome Logout Pe ENDPOINT a Reporting and Administration Tool English Qa PROTECTOR Advanced Search ao x Endpoint Management Filter X p Endpoint Rights oles RH Endpoint Settings Event Name Client Computer Client Destination Type Destination File Name Content Policy Item Type A User Content Aware Protection CAP Content Threat Detected WESsem m date Storage Device Se SS Tony 1 Undefi
146. nected 192 168 0 198 ae Serial ATA Controller Standard AHCI 1 0 Serial ATA Controller 0 10 Sep 2014 10 57 22 10 Sep 2014 12 00 51 Windows E File Shadowing J Blocked 192 168 0 198 zm Internal CD or DVD RW MATSHITA DVD RAM UJ8C2 S ATA Device 0 04 Sep 2014 09 27 30 04 Sep 2014 10 30 59 Windows E Content Aware Report Blocked 192 168 0 198 Serial ATA Controller Standard AHCI 1 0 Serial ATA Controller 0 04 Sep 2014 09 27 30 04 Sep 2014 10 30 59 Windows Content Aware Fie Shadowing Blocked SANS 192 168 0 198 Webcam USB2 0 HD UVC WebCam 0 04 Sep 2014 09 27 30 04 Sep 2014 10 30 59 Windows E a oe Unblocked SSS 192 168 0 198 WiFi Atheros AR9485WB EG Wireless Network Ada 0 04 Sep 2014 09 27 30 04 Sep 2014 10 30 59 Windows E E x Connected SSS m 192 168 0 198 ina Serial ATA Controller Standard AHCI 1 0 Serial ATA Controller 0 04 Sep 2014 09 27 24 04 Sep 2014 10 30 53 Windows E fag Alerts Connected E 192 168 0 198 Webcam USB2 0 HD UVC WebCam 0 04 Sep 2014 09 27 21 04 Sep 2014 10 30 50 Windows E Connected LS 192 168 0 198 Internal CD or DVD RW MATSHITA DVD RAM UJ8C2 S ATA Device 0 04 Sep 2014 09 27 21 04 Sep 2014 10 30 50 Windows E Directory Services Connected SESSE 192 168 0 198 WiFi Atheros AR948SWB EG Wireless Network Ada 0 04 Sep 2014 09 27 21 04 Sep 2014 10 30 50 Windows Acad Connected SSS 192 168 0 198 Serial ATA Controller Standard AHCI 1 0 Serial ATA Controller 0 04 Sep 2014 09 27 21 04 Sep 2014 10 30 50 Windows E goi 18 results
147. ned Content Ji Content Threat Blocked D SSS See screen capture See Undefined Policy Predefined Content g Mobile Device Management Content Threat Blocked SEME screen capture oe Undefined Policy Predefined Content Content Threat Blocked See Web Browser Mozilla Firefox SES RO File Type a iss Offline Temporary Password Content Threat Blocked SEESE Web Browser Mozila Firefox rR RO File Type E Content Threat Blocked SES See Web Browser Mozilla Firefox Se i Dee RO File Type a aa Reports and Analysis Content Threat Blocked SSUES See filetype explorer SS OR Oe RO File Type a Content Threat Blocked SNE See file type explorer Oe ee RO File Type a Alerts Content Threat Blocked SSS fije type explorer lt a O RO File Type a Content Threat Blocked E See file type explorer eee er RO File Type a Define System Alerts system Alerts History Content Threat Blocked SSUES See filetype explorer SS eee RO File Type a ea Content Threat Blocked EE See file type explorer Oe ee oe RO File Type a Alerts History Content Threat Blocked SSS See filetype explorer _ SS See ORO File Type a e OAE hee este Content Threat Blocked SD SSS See file type explorer SS Coe eee RO File Type a Content Aware Alerts History Content Threat Blocked SSS See filetype explorer SS Oe ee RO File Type a Define MDM Alerts Content Threat Blocked SENIE See file type explorer See RO File Type a MDM Alerts History Content Threat Blocked SSS See filetype explorer SS Cee a RO File Type a Content Threat Bl
148. nesauascauaeeesequciessaseascanataqusesenaganaean 32 A A GOUD RIGNUS icscovniwsyawiwicewuwasindaswisieaweranisdwesvaatewewwesewawawuts 33 A GlODaAl RIGGS ariris 34 4 6 Effective RiIg htS ssssssesessssrsnrnrrnrnnnrrsnrnnenrnnnnrrnrnnrrrnnrne 39 4 6 1 Effective Rights for Endpoints s sessssssssssrssrsrrsnesrsrena 35 4 6 2 Effective Rights for Devices ccccccsseeeensseeneennneeeeeeenssegs 35 4 6 3 Effective Rights for Content Aware Protection ccceeeee 36 AZs FAVE WNEI E sececeentecececececscececestteetcestcectcectcecsaecececscececesece 36 5 Offline Temporary Password cceceeeeeees 38 5 1 Generating the Offline Temporary Password sssesesssserersrsss 38 5 2 Device Offline Temporary PASSWOP scccceeessseseeeeeeeeenees 39 5 3 Computer Offline Temporary Password ccccceseeuceueeueuueenes 41 5 4 Content Aware Protection Offline Temporary Password 41 5 5 Offline Device Computer and Content Aware Protection AUONZI LIOI poroci ee 42 5 6 Setting the Administrator Contact Information 43 6 Endpoint SettingS ccccecseceeeeeeeeeeesaeeees 44 Orde COMDULEr SeCCUINGS anrr EUERE 47 Oe GhOUD SeUUINGS sersasenenensseuasenessueneuaseneneyaeaueayeseuanenesenaneneas 48 6 3 Global SettingS ccc ccccc cece eee eeeeeee seen ee eeeeeeeeeeeeeeeeeaaaees 49 6 4 Custom Client Notifications sicctecsdecedeesiesscucedeas dees dwssdecaduusc 50 6 5 File Tracing 1 ccc
149. network that receives the file will appear followed in brackets by Network Share information Results Event Computer IP Address Device User Device Type File Name File Size File Type File Delete 192 168 0 69 Network Share Network Share Application File Rename 192 168 0 69 Network Share Network Share Text Document File Write 192 168 0 69 Network Share Network Share 122 B Text Document Additionally by selecting the option Detect Copy Source the original file path for copied files to from removable storage devices will be visible in Reports amp Analysis gt File Tracing Administrators have the ability to enable or disable the file tracing feature This can be done within the Endpoint Protector Administration and Reporting Tool Access the System Configuration module and select System Policies In order to activate Network Share Tracing you need as a precondition to have also File Tracing enabled Default System Policies Mode Refresh Interval sec 60 Mode Normal File Tracing and Shadowing File Tracing File Shadowing L Detect Copy Source E Network Share Tracing If you wish to disable the network share tracing feature simply uncheck the box next to it and click Save 58 Endpoint Protector User Manual Note For large base installations such as 250 1000 endpoints we strongly advise to activate Network Share Tracing for up to 15 of your appliance virtual or ha
150. ng and Administration Tool Jengishn x Q n PROTECTOR PRS 9 Advanced Search Dashboard Create Mobile Device Management Alert Show all departments Endpoint Management Alert field p Endpoint Rights ie ay E A Endpoint Settings a a Any ie Event Uninstall App xl Content Aware Protection CAP Alert administrators ml Mobile Device Management G Administrators C root ky Offline Temporary Password TT Marketing admin I Financial admin Reports and Analysis A Alerts Define Alerts Define Content Aware Alerts Define MDM Alerts Alerts History ca rane ary Note In order to have a complete list please make sure administrators have their e mail addresses set up from System Configuration gt System Administrators gt Edit Info Directory Services G Save G Save Add a Back E Appliance System Maintenance System Configuration id System Parameters a O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Alerts can be created for IOS MDM profile removal Android application removal SIM card changed and carrier changed 97 Endpoint Protector User Manual 9 5 System Alerts History A history of the system alerts is kept in this tab for later auditing Each event that triggers a system alert will be saved here Administrators can search for data more easily with the implemented filter while if not needed anymore the logs can be deleted by pressing
151. ngs This module will allow the administrator to edit the settings for each computer Welcome Super Administrator Logout ENDPOINT i Reporting and Administration Tool Engish A C q PROTECTOR Advanced Search Show all departments Dashboard Edit Settings for Computer Endpoint Management Computer Endpoint Rights Default User IP Endpoint Settings X p W MAC Address Computer Settings Computer Name Group Settings Global Settings Location Offline Temporary Password Mode Reports and Analysis Refresh Interval sec System Alerts Mode Directory Services File Tracing and Shadowing System Maintenance File Trading File Shadowing System Configuration eo System Parameters Settings O fe Bole Support Log Interval min Local Log Size MB Shadow Interval min Shadow Size MB Min File Size for Shadowing KB Max File Size for Shadowing KB Notifier Language Logging Created at Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved SS 10 Normal w iv E 1 10 1 999999 o 999999 S Engish 06 Jun 2011 14 24 00 vr Ready Version 4 0 0 3 Defining custom settings for all computers is not necessary since a computer is perfectly capable of functioning correctly without any manual settings defined It will do this by either inheriting the settings of a group it s in or if not possible the global settings which are mandatory and exist
152. nown portable storage devices ranging from USB storage devices to digital cameras LTP storage devices and biometric devices Groups can be groups of devices users or computers Grouping any of these items will significantly help the server administrators to easily manage rights and settings for them Departments an alternative way to Groups to organize main entities devices users Or computers which involves also the administrators of Endpoint Protector 168 Endpoint Protector User Manual 19 2 Client Related Endpoint can be a Personal Computer a Workstation you use at the office or a Notebook An endpoint can call and be called It generates and terminates the information stream Trusted Devices portable storage devices that carry a seal of approval from the Endpoint Protector Server and can be utilized according to their level 1 4 For more information please see Enforced Encryption with Trusted Devices section Client refers to the client user who is logged in on a computer and who facilitates the transaction of data Rights applies to computers devices groups users and global rights it stands for privileges that any of these items may or may not possess Online computers refers to PC s Workstations and or Notebooks which have Endpoint Protector Client installed and are currently running and are connected to the Endpoint Protector server Connected devices are devices which are connected t
153. ns Online Services Attachments File Transfers a Alerts Web Browser E mail Instant Messaging Cloud Services File Sharing Social Media Others o 7 5 Fd Internet Explorer ja FJ Outlook Attachments ja W ICQ a Y Google Drive Client a 7 Easylock ja 7 Chrome W Outlook Body p iv AIM a Y iCloud Client l Windows DVD Maker E am Appli T Mozilla Firefox E m Mozilla Thunderbird iv Skype T uTorrent y ALFTP Fo V Opera MW Mozilla Thunderbird WV Windows Live Messeng I BitComet V Filezills Spine EEE W Safari 7 IBM Lotus Notes v 6 Yahoo Messenger VY Daum Cloud GoToMeeting V7 AOL Desktop 9 6 iv IBM Lotus Notes v 7 T Gaim W KT Olleh uCloud iv HTC Sync for Android ae ee 7 Aurora Firefox 7 IBM Lotus Notes v 8 J Pidgin 7 Naver N Dri J InfraRecorder CD D 7 K Meleon ss R7 _IBM Lotus Notes v 8 xi _ Trillian a 7 Azureus x iTunes vs a System Parameters fy al fy all g al All All O Support Policy Content File Type Filter Predefined Content Filter Custom Content Filter URL Whitelists Domain Whitelists Regular Expressions Policy Action will apply to selected File Types Graphic Files iv all JPEG iv PNG V
154. nside the Custom Content tab when creating a new or editing an existing Content Aware Policy The Content Aware Protection module comes with a predefined set of dictionaries 7 4 Content Aware URL Whitelists URL Whitelists are custom defined lists of web addresses where uploading of confidential information will be allowed by the Endpoint Protector This feature works on Internet Explorer Content Aware URL Whitelists Show all departments URL Whitelists URL Whitelist Name URL Whitelist Description Created at Created by Modified at Modified by Words items Actions Default URL Whitelist Default URL Whitelist root root 0 gR 3 Add New Edit Dictionary Information URL Whitelist Name Default URL Whitelist URL Whitelist Description Default URL Whitelist URL Whitelist Content separated by new line comma or semicolon G Save import Whitelist E Export As Delete Once a new URL whitelist is added it will be automatically displayed inside the URL Whitelists tab 7 5 Content Aware Domain Whitelists Domain Whitelists are custom defined e mail addresses to which sending of confidential information will be allowed by the Endpoint Protector This feature works on Microsoft Outlook and Mozilla Thunderbird 72 Endpoint Protector User Manual Content Aware Domain Whitelists Show all departments Domain Whitelists Domain Whitelist Name Domain Whitelist Description Created at Created by Modified at Modified by Wor
155. nt Threat Blocked SSS See Web Browser Mozilla Firefox me test for exceptions from sys policies File Type te Content Threat Blocked S See Web Browser Mozilla Firefox e test for exceptions from sys policies File Type te Content Threat Blocked SSS See USB Storage Device DATATRAVELER_2 0 Sate test for exceptions from sys policies File Type te Content Threat Blocked VLADUT NOTEBOOK Vladut USB Storage Device DATATRAVELER_2 0 E pythontest py test for exceptions from sys policies File Type te Content Threat Blocked VLADUT NOTEBOOK Vladut USB Storage Device DATATRAVELER_2 0 E text_x c java test for exceptions from sys policies File Type te Content Threat Blocked VLADUT NOTEBOOK Vladut USB Storage Device DATATRAVELER_2 0 E pythontest py test for exceptions from sys policies File Type te Content Threat Blocked VLADUT NOTEBOOK Vladut USB Storage Device DATATRAVELER_2 0 E application_encrypted x ace ace test for exceptions from sys policies File Type a Content Threat Blocked VLADUT NOTEBOOK Vladut USB Storage Device DATATRAVELER_2 0 E application_encrypted x ace ace test for exceptions from sys policies File Type a ba Mamiani Thee ni Mie ehed VA AMT ATEAN yedi ON Oieee me Nese MaATATN AIP AN Puen eee em mm nt d a AA ee ee fan cecncninnn fenne mscn moeien Pan Ta Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 100 Endpoint Protector User Manual 9 8 MDM Alerts History A history of the MDM alerts is
156. ntact Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved No Background Tasks Version 4 4 0 4 One of our team members will contact you in the shortest time possible Even if you do not have a problem but miss some feature or just want to leave us general comment we would love to hear from you Your input is much appreciated and we welcome any input to make computing with portable devices safe and convenient Each Endpoint Protector Server has the default SSH Protocol 22 open for Support Interventions and there is one 1 System Account enabled epproot protected with a password The SSH Service can be disabled at customers request Security safeguards by their nature are capable of circumvention CoSoSys cannot and does not guarantee that data or devices will not be accessed by unauthorized persons and CoSoSys disclaims any warranties to that effect to the fullest extent permitted by law 2004 2014 CoSoSys Ltd Endpoint Protector Basic EPPBasic Endpoint Protector My Endpoint Protector are trademarks of CoSoSys Ltd All rights reserved Windows is registered trademark of Microsoft Corporation Macintosh Mac OS X are trademarks of Apple Corporation All other names and trademarks are property of their respective owners
157. nual names action s taken logged user etc allows for pin pointing malicious behavior and users The system s design also allows the CoSoSys team to perform easy customizations and extensions requested by clients Better automation and express reports can be developed accordingly to customer demands In the same time this structure is easy to update and maintain making the usability even greater Endpoint Protector is the only solution that gives companies of any size the ability to let users take advantage of the increasingly important functionality of USB and other ports without losing control over data and compliance This endpoint security device control solution is designed to control usage of all portable storage and to keep track of what data users are taking from and to their work computers on any kind of portable storage devices Furthermore Endpoint Protector enables network administrators to monitor and report what data is introduced into the corporate network from a portable storage device such as prohibited materials MP3s movies or games or harmful data like a virus that could jeopardize the networks integrity As not all portable storage devices are used with the intent to harm the company many legitimate reasons commonly justify the need of such devices to increase network users productivity Thus Endpoint Protector allows authorized use of certain device types or specific devices such as the companies own USB
158. o online computers Events are a list of actions that hold major significance in Endpoint Protector There are currently 17 events that are monitored by Endpoint Protector Connected the action of connecting a device to a computer running Endpoint Protector Client Disconnected the action of safely removing a device from a computer running Endpoint Protector Client Enabled refers to devices the action of allowing a device access on the specified computer s group s or under the specified user s Disabled refers to devices the action of removing all rights from the device making it inaccessible and therefore unusable File read a file located on a portable device was opened by a user or the file was automatically opened if the portable device was autorun by the operating system File copy a file was copied onto or from a portable device File write a file located on a portable device was opened and edited changes were saved to the file File renamed a file located on a portable device has been renamed 169 Endpoint Protector User Manual File delete a file located on a portable device has been deleted Device TD means that a device is registered as a Trusted Device and has access to files accordingly Device not TD means that a device is not trusted and does not have automatic access to files Delete refers to computers users groups alerts and devices the acti
159. ocal networks e Applications Online Services Attachments File Transfers comprises Web Browsers E MAIL Clients IM File Sharing Social Media Others Type Web Browsers List of Applications Internet Explorer Mozilla Firefox Chrome Opera Safari SeaMonkey Maxthon AOL Destop 9 6 K Meleon Aurora Firefox E MAIL Clients Microsoft Office Outlook Mozilla Thunderbird Windows Live Mail Outlook Express Windows Mail AOL Mail Opera Mail SeaMonkey Mail Courier IBM Lotus Notes GroupWise Client Instant Messaging AIM eBuddy MySpace IM ICQ Google Talk Skype Windows Live Messenger Yahoo Messenger mIRC Trillian MyChat LingoWare Chit Chat For Facebook Nimbuzz Facebook Messenger Microsoft Communicator 2007 Facemoods Gaim LAN Chat Enterprise OpenTalk TurboIRC WinSent Messenger Pink Notes Plus fTalk XChat ooVoo TweetDeck Pidgin Instant Messenger NateOn Messenger QQ International Twhirl Daum MyPeople Cloud Services File Sharing Google Drive Client iCloud Dropbox Microsoft SkyDrive eMule Kazaa Shareaza Morpheus eDonkey DC BitTorrent Azureus BitComet uTorrent iMesh Daum Cloud KT Olleh uCloud Naver NDrive Microsoft Skydrive client Limewire FTP Command ownCloud client Pogoplug Backup Pruna P2P Sendspace Evernote FileCloud Sync client Social Media Others InfraRecorder iTunes Nokia PC Suite 2008 2011 Samsung Kies Sony Ericsson PC Companion Te
160. ocked SEEE See file type explorer Cee ee RO File Type a Directory Services Content Threat Blocked SSS See filetype explorer SS eee RO File Type a palace Content Threat Blocked SSUES See file type explorer a eee RO File Type a Content Threat Blocked SE See E mail Mozilla Thunderbird SoS test for exceptions from sys policies File Type in x System Maintenance Content Threat Blocked SEE USB Storage Device DATATRAVELER_2 0 memm test for exceptions from sys policies File Type te Content Threat Blocked SSS See Web Browser Mozilla Firefox Seas Sa test for exceptions from sys policies File Type te System Configuration Content Threat Blocked SSUES Web Browser Mozilla Firefox eee ee test for exceptions from sys policies File Type te Content Threat Blocked S Seeee Web Browser Mozilla Firefox a ee test for exceptions from sys policies File Type te B System Parameters Content Threat Blocked SSNS Web Browser Mozilla Firefox TT E ee test for exceptions from sys policies File Type te Content Threat Blocked See Web Browser Mozilla Firefox aoa ee test for exceptions from sys policies File Type te O Support Content Threat Blocked SSS See Web Browser Mozilla Firefox Same a test for exceptions from sys policies File Type a Content Threat Blocked SSS See Web Browser Mozilla Firefox i test for exceptions from sys policies File Type in Content Threat Blocked SSUES See Web Browser Mozilla Firefox SS Te test for exceptions from sys policies File Type in Conte
161. of 1 year 12 10 1 Appetizer Mode The Appetizer Mode can be activated by pushing the Start Appetizer button which will automatically assign 1 year Device Control and Content Aware Protection licenses for up 5 computers Additionally it will enable a 1 year subscription for Mobile Device Management by Endpoint Protector for up to 5 iOS and Android smartphones and tablets Stat Appetizer The Appetizer license is a limited license valid for 1 year with automatic renewal which includes also 1 year of updates with automatic renewal The following limitations apply No Support Included Device Control no limitations Content Aware Protection The options for E mail Web Browsers and Cloud Services File Sharing Clipboard Monitor and Print Screen Monitor are disabled Mac OS X compatibility is also disabled Mobile Device Management mobile device tracking is disabled Note License terms may change without prior notice Several Requirements are necessary for using Appetizer Licenses 132 Endpoint Protector User Manual Licensee has to be small business or registered professional e g a company such as a Ltd or a registered professional such as a law firm or architectural association Valid company e mail address Online activation of virtual appliance after setup in your network Online self enrollment of MDM services e g for Apple Push Notification Certificate 12 10 2 Trial Mode The tri
162. on of removing any of these items from the list Enable read only refers to devices the action of allowing access to devices but disabling the ability to write on them User s can copy files from device s but cannot write anything onto the device Enable if TD Level 1 4 refers to Trusted Devices grants the device access if the device is a level one two three or four Trusted Device Offline Temporary Password used refers to computers the action of temporarily allowing access to a specific device on a certain client computer 20 Support In case additional help such as the FAQs or E MAIL support is required please visit our Support website directly at http www cososys com help html You can also write an E MAIL to our Support Department under the Contact Us tab from the Support module Welcome Logout ENDPOINT 4 3 se i Wy PROTECTOR Reporting and Administration Tool Engish z Dashboard Contact Support Endpoint Management pi g Support Form es Endpoint Rights Sender E mail Company Name CSS Endpoint Settings Subject Content Aware Protection CAP Content Please describe here your problem or your suggestions Mobile Device Management Hox Offline Temporary Password aa Reports and Analysis as Alerts Directory Services Appliance 3 System Maintenance System Configuration a System Parameters D Support User Manual MDM User Manual AD Deployment Guide Co
163. ord If they do not know the password the Client removal cannot continue This password can be set by accessing System Configuration System Security entering a password in the Password field and clicking on Save Welcome Logout ENDPOINT 4 acacia P Reporting and Administration Tool English vE Q B PROTECTOR Advanced Search Dashboard Show all departments Endpoint Management A You do not have an uninstall password defined eS Endpoint Rights KR Endpoint Settings You do not have a security password for sensitive data defined Content Aware Protection CAP g Mobile Device Management eg Offline Temporary Password Ky Reports and Analysis Data Security Privileges as Alerts Restrict Sensitive Data Access only to super administrators Directory Services Save 5 Appliance Additional Security Password for Sensitive Data Protection 3 System Maintenance Current Password eeeeee System Configuration New Password eee eeee Client Software New Password confirm eeeeeeee Client Software Upgrade Client Uninstall Save Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing a System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 126 Endpoint Protector User Manual The second option
164. ord when entering this section Additionally the shadowed files can be saved locally on the Server by the Endpoint Protector administrator Welcome Logout Oe ENDPOINT 4 z n PROTECTOR Reporting and Administration Tool English X Advanced Search A Endpoint Management ae p Endpoint Rights R RH Endpoint Settings File Name File Size File Type Users Computer IP Address Date Time Client Date Time Server OS Type Actions All Content Aware Protection CAP oe 73 32 KB PNG Image el LS 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B er 121 16 KB PNG Image ee EES 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B Mobile Device Management 94 95KB PNG image S E 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B a PE 3 eee 108 33 KB PNG Image ee EEN 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B a 67 26 KB PNG Image eT SSS 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B Reports and Analysis puu 14 24KB PNG Image D LS 192 168 0 96 2014 03 12 10 06 21 2014 03 12 09 06 30 Windows B e 67 26KB PNG Image LSS 192 168 0 96 2014 03 11 17 29 30 2014 03 11 16 29 35 Windows B Logs Report rr 94 95KB PNG Image ae 192 168 0 96 2014 03 11 17 29 22 2014 03 11 16 29 28 Windows B meag a EEE 121 16 KB PNG Image E _ _ EEE 192 168 0 96 2014 03 11 17 29 20 2014 03 11 16 29 26 Windows E E porn f puu 73 32KB PNG Image S TENE
165. orts and Analysis Unknown Device Allow Access No Inherited trom Global Policies Global A Alerts Phone Phone 3GS Allow Access No inherited from Giobal Policies Global Phone Allow Access No Inherted trom Giodal Policies Global EJ Directory Services USB Storage Device Alow Access No Inherited from Global Policies Global USB Storage Device _USB_SCSI_CD ROM Allow Access No inherted trom Global Policies Global System Maintenance WiFi Alow Access No inherited trom Global Policies Giobs internal CD or DVD RW Allow Access No inherited from Global Polices Global Q System Configuration USB Storage Device V SECURE Allow Access No Inherted trom Giodal Policies Global Serial Port Communications Port COM1 Allow Access No Inherited from Global Polices Global a System Parameters USB Storage Device USB_FLASH_ORIVE Alow Access No Inherted trom Global Poices Global Bluetooth Allow Access No inherited from Giodal Policies Global O Support Local Printers Allow Access No Inherted from Giodal Polices Global Webcam Allow Access No Inherted trom Global Policies Global USE Storage Device ADATA USE Flash Drive Allow Access No inherited from Giobal Policies Global Pod Allow Access No inherted trom Global Policies Global Poad Allow Access No Inherited from Global Policies Global Mobile Phones Sony Ericsson ete Allow Access No Inherted from Giobal Polices Global USB Storage Device USB2 0_FLASHDSK Allow Access No inherted trom Global Policies Global X Endpoint Protecto
166. osexec a ere ne RO file type explorer Oe 83af340778e7c353b9a2d2a788c3a13a 132 KB application x dosexec as Alerts RO file type explorer Cee 1f23ae997eae575de679e8f37c3174b2 15 3MB application x dosexec RO file type explorer eee be258009e663442f8d0512bffcc050a7 20 59MB application x dosexec Directory Services RO file type explorer SS Se a 84e8b1d544f91c4d2f98ac0d66d3a8b0 9 07MB application x dosexec RO file type explorer SS Oi a T E 6368baa2c6d3ae01ce29106c48847def 3 9 MB application x dosexec h Appliance test for exceptions from sys policies E mail Mozilla Thunderbird Sems mE 79fb3436099fe00487bc874fd0313d13 19 33 KB image x icon test for exceptions from sys policies USB Storage Device DATATRAVELER_2 0 Stato text x c System Maintenance test for exceptions from sys policies Web Browser Mozilla Firefox i 0b4c5b394dfb23ee1a92a8ce9e0530bf 22 34KB text x tex test for exceptions from sys policies Web Browser Mozilla Firefox E 69d6ba69f6ce f14d10f40dedcf8abfd 10 72KB text x shellscript System Configuration test for exceptions from sys policies Web Browser Mozilla Firefox Se se 7e861912881c4ee677a7865f5648bff2 3 98KB textix tex test for exceptions from sys policies Web Browser Mozilla Firefox SS ae Se 730ddd0 fe402efc1d41f33e574f6c08d 3 08KB text x tex a Sac test for exceptions from sys policies Web Browser Mozilla Firefox SSS 3d74e350e6797b7dca1f121f76456eab 3 43KB text x c O Support test for exceptions from sys policies Web Browser Mozilla Firefox
167. otector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 Active Directory can be used for Endpoint Protector Client deployment as well This feature can be found in the Endpoint Protector System Configuration menu Active Directory Note For Linux clients please consult the readme file available under the Read this before installing link for exact installation instructions corresponding to the previously selected Linux distribution 17 2 Endpoint Protector Client Security The Endpoint Protector Client has a built in security system which makes stopping the service nearly impossible This mechanism has been implemented to prevent the circumvention of security measures enforced by then network administrator 154 Endpoint Protector User Manual 17 3 Client Notifications Notifier The Endpoint Protector Client depending in the mode it is currently running on will display a notification from the taskbar icon when an unauthorized device is connected to the PC Not only does it log any attempts to forcefully access the system it can also trigger the Panic mode amp Security Warning Endpoint Protector An unauthorized device was connected to this PC Remove the device now or contact the PCs administrator for authorization s In case of a Mac the notification will look like bellow A 78 Fri 9 39 AM Wey ew Security Warning An unauthorized device was connecte
168. point Rights S Computers Endpoint Settings Choose computer TESTPC Content Aware Protection CAP Other Options m Mobile Device Management mn Duration mn Offline Temporary Password Offine Temporary Password Generate cove Reports and Analysis G ted P 4 A Alerts Password BB irector Services System Maintenance Q System Configuration a System Parameters som Endpoint Protector 4 Copyright 2004 2013 CoSeSys Lid All rights reserved Ready Version 4 4 0 2 42 Endpoint Protector User Manual The administrator can allow the transfer of sensitive data on an offline computer He does this by generating a Content Aware Protection Offline Temporary Password After selecting the computer and duration the password will be generated by clicking on Generate Code button The obtained password will be communicated to the user for temporarily allowing transfer of sensitive data as explained in paragraph 5 5 5 5 Offline Device Computer and Content Aware Protection Authorization In order to select a device and enter a password the user needs to click on the Endpoint Protector icon from the system tray The user will select the device from the list and contact the administrator at the displayed contact information ee Offline Device Authorization ENDPOINT PROTECTOR Select Device HF HP Lasenet P1005 JMicron JMB36X Controller O ADATA USB_FLASH_ DRIVE GENERIC 7 SD MMC Standard CO AO
169. porting and Administration Tool Engish Q Advanced Search pa Dashboard Active Directory Import Show all departments Endpoint Management Active Directory Import Wizard Endpoint Rights This option will allow you to import Computers Groups and Users from Active Directory where available Requirements Endpoint Settings Credentials to Domain Controller Offline Temporary Password Reports and Analysis System Alerts B gt eExX 7 Directory Services Active Directory Import Active Directory Sync Active Directory Deployment System Maintenance Next System Configuration System Parameters Oe Pd Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 If you have the requirements simply click Next 102 Endpoint Protector User Manual Welcome Super Administrator Logout Qe ENDPOINT 4 Reporting and Administration Tool English j PROTECTOR iii ae Q Advanced Search Dashboard Active Directory Import Show all departments al Endpoint Management Active Directory I t Step 1 Define C t Cs Endpoint Rights Domain Controller Server Name Eee Example w2003server Endpoint Settings Domain Example example cososys com User Example admin example cososys com ky Offline Temporary Password Password eeeeeee E Reports and Analysis A System Alerts EJ Directory Services Active Director
170. r 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 2 4 7 File Whitelist This module allows the super administrator to control the transfer of only authorized files to previously authorized portable storage devices a ENDPOINT 4 Reporting and Administration Tool feist Ie SCS PROTECTOR i Advanced Search Endpoint Management Fold inning Whitelist files Endpoint Rights Folder c TempWeb women Only files selected for hashing will be saved in the Whitelist User Rights 1 Computer Rights _ Refresh Upload Files Group Rights Global Rights Files Effective Rights File Whitelist Status Filename File Path File Extension Last Modified Size Endpoint Settings Vv doc 1 June 2011 16 13 25 EEST 38 5 kB Offline T d E e ae a _Ss ES log 2 June 2011 16 12 16 EEST 12 02 MB e cau 5 L k m SSz _ _ log 4 June 2011 10 52 25 EEST 0B F o LOU aor and an ri test 4 June 2011 09 30 14 EEST 8B 4files found Check All Uncheck All System Alerts ujea J Directory Services System Maintenance System Configuration System Parameters Support A A rc amp 2 nj Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 37 Endpoint Protector User Manual The super administrator can manage exactly what files can be copied to removable devices and which cannot In order to use this feature the administrator must create
171. r latest security policies across your network 1 2 8 Network Offline Mode to Support Your Field Employees Offline Temporary Password to allow time limited access to a specific device when the client computer is disconnected from the network 6 Endpoint Protector User Manual Protected PCs that are temporary or frequently disconnected from the network like laptops stay protected based on the last locally saved policy All notifications are transmitted at the next network connection 1 2 9 Enforced Encryption protecting sensitive data in transit Trusted Device The technology behind Trusted Devices is designed to certify that in the corporate environment all the endpoint devices are not only authorized and controlled via endpoint software and security policies but also certified and trusted for protecting sensitive and confidential data in transit in case of a Trusted Device This will assure that in the event a device is stolen or lost all the data stored on it is encrypted and therefore not accessible for other parties 1 2 10 Client Uninstall Protection Endpoint Protector 4 offers a password based solution that prevents the users from uninstalling the Endpoint Protector Clients thus ensuring continuous data protection 1 2 11 Client Stop Protection Tamper Protection Endpoint Protector 4 prevents users from stopping the Endpoint Protector Clients at any time 1 2 12 Backup Scheduler Endpoint Protector 4 p
172. rator Logout aa ENDPOINT 4 i ini j English PROTECTOR Reporting and Administration Tool Engli x Advanced Search Dashboard Active Directory Synchronization Show all departments Endpoint Management Endpoint Rights Endpoint Settings Active Synchronizations offline Temporary Pa rd Sync Interval Domain Controller User Last Sync Actions 5 minutes 2011 06 07 11 08 00 E Reports and Analysis System Alerts Directory Services Be Active Directory Import Active Directory Sync Active Directory Deployment System Maintenance Q System Configuration Back Refresh System Parameters vm Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 or if you have the requirements simply click Next to set up your synchronization settings l Welcome Super Administrator Logout ENDPOINT a Reporting and Administration Tool Eoen e PROTECTOR eporting a mini n Engt Advanced Search r Dashboard Active Directory Synchronization Show all departments Endpoint Management Active Directory Sync Step 1 Define Connection Endpoint Rights Domain Controller Server Name Example w2003server Endpoint Settings Domain Example example cososys com User peee Example admin example cososys com Offline Temporary Password Password LTTTITTT Reports and Analysis System Alerts Directory Services BeDEX 7UE Active Directory Import Active Directory Sync Act
173. rdware total endpoint capacity E g for an A1000 Hardware Appliance Network Share Tracing should be set to maximum of 150 endpoints for optimal performance The option Network Share Tracing works only if File Tracing is activated as well However Network Share Tracing should be used at a minimum level for optimal performance This module allows the administrator to setup and enforce strong content filtering policies for selected users computers groups or departments and take control over the risks posed by accidental or intentional file transfers of sensitive company data such as e Personally Identifiable Information PII social security numbers SSN driving license numbers E MAIL addresses passport numbers phone numbers addresses dates etc e Financial and credit card information credit card numbers for Visa MasterCard American Express JCB Discover Card Dinners Club bank account numbers etc e Confidential files sales and marketing reports technical documents accounting documents customer databases etc To prevent sensitive data leakage Endpoint Protector closely monitors all activity at endpoints and other exit ways e Transfers on portable storage and other media devices USB Drives external hard disks CDs DVDs SD cards etc either directly or through encryption software e g EasyLock e Transfers on local networks e Transfers via Internet E MAIL clients file sharing application Web Browse
174. re allows monitoring of data traffic between protected clients and portable devices It shows what files were copied to which location at what time and by which user It also shows other actions that took place such as file renamed deleted accessed modified etc Additionally by selecting the option Detect Copy Source the original file path for copied files to from removable storage devices will be visible in Reports amp Analysis gt File Tracing under the File Name tab ex C Users Me Myfile txt gt F Myfile txt It is an essential feature for administrators since they can keep track of all data that s being transferred to and from devices All traffic is recorded and logged for later auditing Administrators have the ability to enable or disable the file tracing feature This can be done from within the Endpoint Protector Administration and Reporting Tool Access the System Configuration module and select System Policies Default System Policies Mode Refresh Interval sec 15 Mode Mormal w File Tracing and Shadowing File Tracing File Shadowing Detect Copy Source If you wish to disable the file tracing feature simply uncheck the box next to it and click Save Note The option Detect Copy Source works only if File Tracing is activated 54 Endpoint Protector User Manual 6 6 File Shadowing Endpoint Protector s File Shadowing feature works simultaneously together with Fi
175. rectly from the EasyLock Software panel under the System Configuration module Welcome Logout ENDPOINT 4 3 tthe wil nanea Reporting and Administration Tool English Q B PROTECTOR iiis z dvanced Search Dashboard Endpoint Protector Server Download EasyLock Software Show all departments Fal Endpoint Management EasyLock Installation p Endpoint Rights Tiaki tedby KH Endpoint Settings Windows 8 all versions Windows 7 all versions P 7 Windows Vista all versions Content Aware Protection CAP E anil ahs Windows 2000 Service Pack 4 g Mobile Device Management Mac OS 10 5 es Offline Temporary Password To install EasyLock please make sure that you copy it directly in the root of your USB device You can download EasyLock from the following location Windows 32bit and 64bit version Version 2 0 79 1 T Reports and Analysis Mac OS 10 5 Version 2 0 79 1 fag Alerts Endpoint Protector allows activating File Tracing on the data copied with EasyLock on your portable device For more information please refer to Endpoint Protector User Manual Directory Services Appliance 3 System Maintenance System Configuration Client Software Client Software Upgrade Client Uninstall Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing B System Parameters O Support Endpoint Protector 4 Copyright 2004 2014
176. report each night the current system status to our Live Update Server Enable Automatic Report Disable Automatic Report Cy C j Save e Check Now searches for the latest Endpoint Protector Server updates Welcome Super Administrator Logout fe ENDPOINT i eran E 3 PROTECTOR Reporting and Administration Tool English H Q Advanced Search p3 Dashboard Endpoint Protector Server Live Update Show all departments System Overview E System Status Important Notice Live Update I Endpoint Management Endpoint Protector is required to connect now over HTTPS to www endpointprotector com to receive information If you do not agree with an Internet connection you can choose not to proceed es Endpoint Rights Software Update ry i Endpoint Settings Most recent check for updates 24 Feb 2013 14 25 01 Content Aware Protection Updates were installed 06 Feb 2013 15 45 01 Mobile Device Management Configure Live Update Check Now Offline Patch Uploader ky Offline Temporary Password EEE ee Reports and Analysis No updates available FON System Alerts View Applied Updates GB Directory services amp Appliance System Maintenance Q System Configuration System Parameters som Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 3 0 3 Appliance 18 Endpoint Protector User Manual In case that new updates are found they are displayed under the Available Updat
177. res the feature remains active and purchasing additional Updates amp Support licenses becomes optional For example if you wish to license Endpoint Protector for 100 workstations and use the Content Aware Protection module for 1 year you will require 100 Endpoint licenses 1 Content Aware Protection license which includes an Updates amp Support license for Device Control and Content Aware Protection valid for 1 year After the validity period expires the feature remains active while any updates and support services are not available anymore If you wish to manage also a fleet of 10 devices for 6 months you will additionally require 10 Mobile Endpoint licenses 1 Mobile Device Management license which includes an Updates amp Support license for Mobile Device Management for 6 months 131 Endpoint Protector User Manual Note As opposed to Device Control and Content Aware Protection a valid Updates amp Support license for Mobile Device Management is required for the feature to remain active as the Mobile Device Management service requires a working connection to our Cloud All license types can be purchased directly by using the Buy Licenses option W Buy Licenses A separate free licensing option called Appetizer Mode is available for small networks of up to 5 computers and or 5 iOS and Android devices Appetizer licenses enable access to each of the three Endpoint Protector modules for a period
178. reserve global setting v Internal Floppy Drive Preserve global setting Serial ATA Controller Preserve global setting A System Alerts Local Printers Preserve global setting e WiFi Preserve global setting w EJ Directory Services Windows Portable Device Preserve global setting w Bluetooth Preserve global setting w System Maintenance iaiki Preserve global setting w eee Preserve global setting w BlackBerry Allow Access iw Serial Port Preserve global setting w Q System Configuration Mobile Phones Sony Ericsson etc Preserve global setting w PCMCIA Device Preserve global setting w a System Parameters SmartPhone USB Sync Preserve global setting e Card Reader Device MTD Preserve global setting i SmartPhone Windows CE Preserve global setting w Card Reader Device SCSI Preserve global setting w Support SmartPhone Symbian Preserve global setting x ZIP Drive Preserve global setting w Webcam Preserve global setting Already Existing Devices save 4 Back Ready Version 4 0 0 8 33 Endpoint Protector User Manual 4 4 Group Rights This module is similar to the previous one only difference is that the rights here are applied to a group instead of a single computer Aig ENDPOINT lt Wetome Super Adrnsttor Logout we PROTECTOR Reporting and Administration Tool Adva arch os Dashboard Management of Rights per Groups Show all departments al Endpoint Management
179. ression test test com 74 Endpoint Protector User Manual 7 7 How Content Aware Protection works for monitored Applications Online Services The following table shows a list of actions and content that are screened inspected or left unscreened uninspected by the Content Aware Protection feature APPLICATION Web Browsers SCREENED Uploaded Files Webmail Attachments NOT SCREENED Webpage Content Downloaded Content Blog Posts E MAIL Clients File Attachments Microsoft Outlook E MAIL Content Microsoft Outlook Forwarded and Saved Attachments Microsoft Outlook E mailed directly from Windows Explorer Microsoft Outlook Copied Attachments from one E MAIL to another Mozilla Thunderbird E MAIL Content E MAIL Content for other E MAIL Services Forwarded Attachments Saved Attachments Attachments e mailed directly from Windows Explorer Copied Attachments from one E MAIL to another Instant Messaging File Transfers IM Message Content Shared Picture Files Sent Files File Sharing File Uploads Saved Files Social Media Other File Transfers Blog Posts Other limitations may apply 8 Reports and Analysis This module is designed to offer the administrator feedback regarding system functionality and information related to devices users and computers in the entire system Welcome Logout English X Q Advanced Search Logs Report ENDPOINT PROTECTOR Report
180. rial ATA Controter Standard AHC 1 0 Serial ATA Controter _ 02 Jun 20 19 Qa A ee intemal COD or DVD RW Optiarc DVD RW AD 52405 ATA Device Optierc DVD RW AD S240S ATA Device St 03 Jun 20 9 amiga Offline Temporary Password w Serial Port Communications Port COM Communications Port COM1 Standard p 03 Jun 20 01 9g E Storage De LASH DAVE S8_FLASH_DRIVE AD 02 Jun 20 19 abd EES Reports and Analysis Local Printers HP LaserJet 3020 3030 HP LaserJet 3020 3030 63 Jun 2041 11 02 9g v USB Storage Device USB_FLASH_DAIVE US8_FLASH_DRIVE ADATA Ot Jun 2011 44 32 ag LYS Sytem Alerts v intemal CD or DVD RW DVDRW GS23N Medis DVDAW GS23N Madia HL DT ST _ 01 Jun 2011 44 23 ama w B Storage D USB_SD_READER S8_SD_READER GENERIC 02 Jun 2044 16 13 gag Directory Services w intemai CD or OVD RW ASUS DAW 18146L ASUS DRY 15148L Standard CD ROM ave ee 2 01 Jun 2011 96 53 a gg L w intemal Floppy Orve Standard floppy disk drives Standard floppy st dnves Standar 01 Jun 2015 06 83 9Eg System Maintenance E 92 D 8 pa usaf DROVE ADAT 03 Jun 2011 10 20 ama Q System Configuration v USB Storage Device Port_ 0004 Hub_ 0004 Port_ 0004 Hub_ 0004 ronkey inc _ 02 Jun 2011 16 23 e amg D or DVD NECY DE CORIO ECV DE CDRI0 Sta D em 03 Jun 20 95g G System Parameters v memal Aoppy Orve Standard floppy disk drives Standard flopp
181. rom there Do not run it directly from the browser File Download Security Warning Do you want to run or save this file es Name EPPClientSetup_x86_32 msi Type Windows Installer Package 4 24MB Fron SE Can save potentially harm your computer f you do not trust the source do not 0 While files from the Intemet can be useful this file type can run or save this software What s the risk 153 Endpoint Protector User Manual Before downloading the Endpoint Protector Client please make sure that you specify the IP of your Endpoint Protector Server and the unique code of the Department in which you want to include it In case that no unique code is entered the client will be assigned to the Default Department Welcome Logout ENDPOINT k Reporting and Administration Tool English Q Way PROTECTOR Advanced Search Dashboard Endpoint Protector Server Download Client Software Show all departments Fad Endpoint Management Endpoint Protector Client Installation p Endpoint Rights Note Endpoint Protector Client version higher than 4 1 0 0 is required for Content Aware Protection S The Endpoint Protector Client can be installed on A Endpoint Settings Windows 8 32bit and 64bit Fao Windows 7 32bit and 64bit Content Aware Protection CAP Vista 32bit and 64bit Windows XP 32bit and 64bit CJ Mobile Device Management Windows Server 2003 2008 32bit and 64bit Mac OS X
182. rovides an automatic log backup solution in order to prevent the server from overloading 7 Endpoint Protector User Manual 1 3 Controlled Device Types Ports Endpoint Protector supports a wide range of device types which represent key sources of security breaches These devices can be authorized which makes it possible for the users to view create or modify their content and for administrators to view the data transferred to and from the authorized devices Removable Storage Devices Normal USB Flash Drives U3 and Autorun Drives Disk on Key etc USB 1 1 USB 2 0 USB 3 0 Wireless USB LPT Parallel ports By controlling the Parallel ports of a PC using Endpoint Protector the network administrator can deny or allow users access to storage devices connected to these ports APPLIES ONLY TO STORAGE DEVICES Floppy disk drives Access to floppy disk drives can be managed through Endpoint Protector and can be turned on off completely Memory Cards SD Cards MMC Cards and Compact Flash Cards etc These devices can be enabled disabled via Endpoint Protector Card Readers internal and external These devices can be enabled disabled via Endpoint Protector CD DVD Player Burner internal and external These devices can be enabled disabled via Endpoint Protector Digital Cameras These devices can be enabled disabled via Endpoint Protector 8 Endpoint Protector User Manual Smartphones
183. rs Instant Messaging Social Media e Transfers to the cloud iCloud Google Drive Dropbox Microsoft SkyDrive e Transfers through Copy amp Paste Cut amp Paste e Print screens 60 Endpoint Protector User Manual 7 1 Activation of Content Aware Protection Content Aware Protection comes as an optional feature with Endpoint Protector that requires a yearly based separate subscription to be able to use it The feature is displayed as deactivated inside the Endpoint Protector Reporting and Administration tool After a subscription is created the Content Aware Protection feature can be enabled by simply selecting the Content Aware Protection option from the left side menu and clicking on the Enable Feature button The Content Aware Protection feature and all its options will be then activated for your system Welcome Logout PROTECTOR ii Reporting and Administration Tool Engish Advanced Search p3 Dashboard Content Aware Protection Configure Feature Show all departments Endpoint Management OA Poe es Endpoint Rights For Data Loss Prevention it is essential to Endpoint Settings control the content in files that users try to transfer outside the secure company network Content Aware Protection If users attempt to copy sensitive content such as credit card details to a removable Content Aware Policies storage device or to send it via e mail Custom Content Dictionaries webmail or other means outsi
184. rtificate Import Wizard pops up Just click the Finish button Completing the Certificate Import Wizard The certificate will be imported after you dick Finish You have specified the following settings Melee ae Trusted Root Certific Certificate C Wsers Anca Deskte 163 Endpoint Protector User Manual A Security Warning window pops up Just click Yes _ Security Warning You are about to install a certificate from a certification authority CA claiming to represent CoSoSys LTD Endpoint Protector CA Windows cannot validate that the certificate is actually from CoSoSys LTD Endpoint Protector CA You should confirm its origin by contacting CoSoSys LTD Endpoint Protector CA The following number will assist you in this process Thumbprint shal ECF18C78 BSFEF644 OFAFB amp 85C D1991CBA 12DD6D05 Warning If you install this root certificate Windows will automatically trust any certificate issued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk If you click Yes you acknowledge this risk Do you want to install this certificate You have now successfully installed the Certificate 164 Endpoint Protector User Manual Close the Internet Explorer browser and try accessing the Endpoint Protector Administration and Reporting Tool IP address again P Device Control Blocked Devices O AJ Authorized Devices 0 Enforced Encryption Encryp
185. s Mobile Device Management am ky Offline Temporary Password Reports and Analysis A Alerts EJ Directory Services amp Appliance p System Maintenance Back File Maintenance System Snapshots Log Backup Content Aware Log Ba Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance You should see the message Backup Completed in the top center of your browser 116 Endpoint Protector User Manual You can download and view the logs by selecting the click here link 11 4 1 Automatic Scheduler Automatic CAP Log Backup You can back up your log files also automatically by using the Backup Scheduler option Welcome Logout SROTEGTOR 4 Reporting and Administration Tool fengsch O a p3 Dashboard Content Aware Log Backup Show all departments Endpoint Management PAoa p Endpoint Rights This option allows you to schedule an automatic backup routine in order to delete Content Aware old logs to maintain performance from the database The logs will be saved in CSV Comma Separated Values files T Backup Trigger conditions Endpoint Settings Backup time interval every month z Backup size limit 35000 Rows O Content Aware Protection CAP E E PA obile Device Management All 0 records Momie Reio asa Older than 6 months 0 records Old
186. s O PE 784 8 192 168 0 21 2014 03 11 11 35 09 2014 03 11 10 35 13 Windows B Ea _ _ E 613B QuickTime Preferences mm 192 168 0 21 2014 03 11 11 35 09 2014 03 11 10 35 13 Windows Ee OOo ae 28B gt 192 168 0 21 2014 03 11 11 35 09 2014 03 11 10 35 13 Windows B oe 36B o 192 168 0 20 2014 03 10 17 33 49 2014 03 10 16 33 50 Macintosh EJ oo 14 23KB png 192 168 0 89 2014 03 10 16 23 40 2014 03 10 15 23 40 Macintosh 205B data _ 192 168 0 115 2014 03 10 15 24 15 2014 03 10 14 24 15 Macintosh H _ _ d Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance 79 Endpoint Protector User Manual 8 4 Content Aware Report This module provides detailed logs of all Content Aware activity It allows the administrator to see exactly what data incidents were detected corresponding to the Content Aware Policies applied and at what time This information also contains the computer name user and transfer destination type the action taken and the file inspected The included granular filter is designed to make finding information quick and easy Dashboard Welcome Logout Q Advanced Search Content Aware Report Show all departments ENDPOINT PROTECTOR Reporting and Administration Tool English ao oo Endpoint Management Filter eS Endpoint Rights Results A Endpoint Settings Content Policy Dest
187. s to maintain performance from the database The logs will be saved in CSV Comma Separated Values files Backup Trigger conditions KH Endpoint Settings Backup time interval every 2weeks z Backup size limit 500000 rows Content Aware Protection CAP Backup values Mobile Device M t All 0 records hee Seacoast Older than 6 months 0 records rds Older than 3 months 0 records ky Offline Temporary Password Older than 2months 0 records Older than 1month 0 records A C Older than 2 weeks 0 records a Older than 1 week 0 records Older than 2 days 0 records A Alerts Older than 1day 0 records 7 i Note A maximum number of 525000 log records can be backed up at once EJ Directory Services Last Automatic Log Backup 20 12 04 19 13 26 01 a Appliance Deleting all logs might temporarily affect the correct display of online computers online devices and graphics reports System Maintenance File Maintenance Save Back System Snapshots Log Backup Content Aware Log Backup Q System Configuration System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Ready Version 4 4 0 1 Appliance Here you can schedule an automatic backup routine by setting two trigger conditions Backup time interval allows you to select a certain time interval for repeating the backup operation Backup size limit allows you to select a maximu
188. s Ltd All rights reserved Domain WorkGroup WORKGROUP WORKGROUP WORKGROUP WORKGROUP WORKGROUP IP 192 168 0 21 192 168 0 20 192 168 0 89 192 168 0 20 192 168 0 20 Computer Location Last Time Online Actions 07 Mar 2014 17 17 v E 07 Mar 2014 17 05 ov E 07 Mar 2014 16 52 ov E 07 Mar 2014 05 32 v E 07 Mar 2014 05 32 ov Ready Version 4 4 0 3 Appliance 86 Endpoint Protector User Manual 8 11 User History This module shows all users that were at least once connected to the server With the help of the Export button the logs can be saved to a csv file while pressing the View User log will show the Logs Report page filtered for the respective User Welcome Logout sll j Reporting and Administration Tool Engish m C a Advanced Search E Dashboard User History Showing departments Default Department Endpoint Management p Endpoint Rights RH Endpoint Settings User Name First Name Last Name Phone E mail Actions Yv fi Content Aware Protection CAP Mobile Device Management ERI Min AERE Offline Temporary Password Reports and Analysis 5 results sof per page Aamin AcCuUONS Online Computers Online Users Online Devices Computer History User History Device History Statistics A Alerts EJ Directory Services ta Appliance System Maintenance lt 2 System Configuration a System Parameters sor Endpoin
189. s set for a Custom Class will override all the other existing rights for the devices included in the newly created class and they will apply for any Endpoint Protector Client PC Example For the case above we created a Custom Class CD ROM Allow and set Allow access rights to devices of type CD ROM DVD ROM Let s say that CD ROMs have Deny access rights set on Client PC CIPO Once the custom class CD ROM Allow is created and Custom Classes is enabled all the CD ROMs DVD ROMs will have access even if on the Client PC CIPO they have Deny access The modules in this area will allow the administrator to define which device can be used on computers groups and which client users have access to them Welcome Super Administrator Logout ae ROTC ENOR i Reporting and Administration Tool aen i Sia Dashboard Endpoint Management aa es Endpoint Rights Device Name Device Rights Device Type USB Storage Device e User Rights 7 y VID Computer Rights Group Rights PID Global Rights Effective Rights Serial Number File Whitelist a Reset Q Apply fiter VY Endpoint Settings p g Results Offline Temporary Password Device Name v Device Description Device Type VID PID Serial Number Actions Reports and Analysis sig USB_SD_READER USB_SD_READER GENERIC USB Storage Device _ Ef em Alert A Ad SES USB_FLASH_DRIVE USB_FLASH_DRIVE ADATA USB Storage Device SS EA 5 USB_FLASH_DRIVE USB_FLASH_
190. secures your company s technologically enabled mobility Thus by easily protecting all exposed endpoints from inbound and outbound threats you can enjoy enhanced portability efficiency and productivity As it enables your employees to use devices you have already invested in and it protects your company from losses generated by attacks from outside and within all financial costs entailed by implementing Endpoint Protector such as purchase implementation and usage training expenses are fully justified by the yielded return on investment The functionality is designed to be around several physical entities Computers PCs MACs and Linux workstations with Endpoint Protector Client installed Devices the devices which are currently supported by Endpoint Protector e g USB devices digital photo cameras USB memory cards etc Client user the user who will use the devices and the computers The server side of Endpoint Protector has different parts working close together Web Service responsible of communicating with the clients and storing the information received from them The Administration and Reporting Tool responsible for managing the existing devices computers users groups and their behavior in the entire system Endpoint Protector Appliance Hardware Only applies if you have purchased the Endpoint Protector Hardware Appliance is the hardware running the Endpoint Protector Server containing Operating System Dat
191. stem Maintenance System Configuration System Parameters Support Oi 6w Bola Management of Groups Settings Show all departments i i EEU I F HN i E TH E N O J 5 aii 2 5 f amp Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Global Settings settings applied for all the computers Log Interval min Local Log Size MB Shadow Interval min Shadow Shadow Actions Size MB Files with Sizes KB cg ie g Eg ES g Eg g Eg ES Ef Eg Eg Eg Ef Eg Eg Ef g Ef Le Ji 14 gt Jf Ready Version 4 0 0 8 Qe ENDPOINT PROTECTOR Dashboard Endpoint Management Endpoint Rights Endpoint Settings X P h E Computer Settings Group Settings Global Settings Custom Client Notifications Content Aware Protection CAP Mobile Device Management Offline Temporary Password Reports and Analysis Alerts Directory Services Appliance System Maintenance System Configuration System Parameters Support O Ce BREB gt LaF O Reporting and Administration Tool Group Name Global Description Global Group induding all the machines Mode Refresh Interval sec 300 Mode Normal File Tracing and Shadowing File Tracing File Shadowing CAP File Shadowing Detect Copy Source Network Share Tracing Settings Log Interval min 300 Local Log Size MB 10 Shadow Interval min 60 Sha
192. t 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 84 Endpoint Protector User Manual 8 9 Online Devices Offers information regarding the devices system Qe ENDPOINT PROTECTOR C Dashboard El Endpoint Management p Endpoint Rights RH Endpoint Settings Offline Temporary Password Reports and Analysis Logs Report File Tracing File Shadowing Online Computers Online Users Online Devices Statistics Graphics A System Alerts GP Directory Services D System Maintenance Q System Configuration System Parameters O Support is Reporting and Administration Tool Connected Devices connected to the computers on the Welcome Super Administrator Logout Engish Advanced Search Show all departments Results Computer User IP Device Type Device Name VID PID Serial No Actions Namea Logged a SSE Card Reader Device SCSI NVIDIA nForce Serial ATA Controller Esm EA _ gt Internal Floppy Drive Standard floppy disk drives LASSE E a See SET Serial Port Communications Port COM3 a O E a ST Serial Port Communications Port COM1 ES 4 USB Storage Device TS1GJFV30 SS E lt SB Storage Device USB_SD_READER E e intenalCDorDVDRW ASUS DRW 1814BL SS a eee CEG USB Storage Device USB_FLASH_DRIVE SS Ea a M S SEEN USB Storage Device Port_ 0004 Hub_ 0004 r ES 9 devices connected
193. t Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 3 Appliance 87 Endpoint Protector User Manual 8 12 Device History Similar to Computer and User history all devices that were at least once connected to the server can be found here Logs can be exported to a csv file by pressing the Export button while View Device Log will show the Logs Report page filtered for the respective device Welcome Logout PROTECTOR Reporting and Administration Tool 9 x Q Advanced Search Dashboard Devices History Showing departments Default Department I Endpoint Management an Endpoint Rights Resis RK Endpoint Settings Device Type Device Name Last Last Computer Description TD VID PID Serial Number Last Actions identification User Connection v Content Aware Protection CAP USB Storage Device Security Pack SOE Security Pack Verbatim 13fe 3327 070007A814070660BA39 07 Mar 2014 16 12 v E USB Storage Device DataTraveler 2 0 DataTraveler 2 0 Kingston 951 1665 60A44C3FB294FD412968 07 Mar 2014 15 11 ov E Mobile Device Management USB Storage Device ADATA USB Flash Drive ADATA USB Flash Drive ADATA 125f c08a 132212022221001D 07 Mar 2014 03 45 V E PE E A rd USB Storage Device ADATA USB Flash Drive _ ADATA USB Flash Drive ADATA 125f cb10 1373113251460A45 07 Mar 2014 03 17 E asd Serial Port Communications Port COM1 EE Communications Port C
194. te All already existing devices that were added on that level will be deleted when the restore is used 4 1 Device Rights This module is built around the devices allowing the administrator to enable or disable them for specific computers groups or users Welcome Super Administrator Logout Me ENDPOINT 4 itp English J ae PROTECTOR Reporting and Administration Tool Eng x Q Advanced Search es Dashboard Edit Device Rights Show all departments Endpoint Management es Endpoint Rights Device Rights User Rights Computer Rights dacii eae Group Rights Global Rights Device Description S838 25 SSS Effective Rights Last User File Whitelist A Endpoint Settings Groups ky Offline Temporary Password Reports and Analysis Computers A System Alerts Allow Access Standard PAA E GP _ Directory Services System Maintenance deis Q System Configuration m ae ae K a System Parameters save 4_ Back O Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 After selecting a computer you select the computers and group of computers for which the device has specified rights 31 Endpoint Protector User Manual 4 2 User Rights This module is built around the user allowing administrators to manage rights of access to devices per users fe ENDPOINT PROTECTOR z Dashboard I Endpoint Management Endpoint Rights Device
195. ted including file type filtering predefined content filtering and custom content filtering e Policy Control Points establishes the transfer destinations to be monitored For example a policy can be setup for the Financial Department of the company to block Excel reports sent via E MAIL or to report all transfers of files containing personally identifiable and financial information e g credit card numbers E MAILS phone numbers social security numbers etc Financial Priority 4 File Types Predefined Content Custom Content Additionally each company can define its own sensitive content data lists as Custom Content Dictionaries corresponding to their specific domain of activity targeted industry and roles To ease this task the Content Aware Protection module comes with a predefined Custom Content Dictionary that covers the most used sets of confidential terms and expressions Exactly like for Device Control policies the Content Aware policies continue to be enforced on a computer even after it is disconnected from the company network The administrator can easily create and manage Content Aware Policies application inside the network from the Content Aware Protection gt Content Aware Policies submenu option 62 Endpoint Protector User Manual Welcome Logout fe ENDPOIN
196. ted Data Transfer with EasyLock Reporting and Analysis 000000 Tracking and Locating Ja Content Aware Protection Strong DLP Policy Mobile Device Management App Management _C_ _ _ V _ ________ Strong Security Policy Password Device Remote Nuke 1 Enforcement Hi e Encryption Wipe Lock Data Loss Prevention Device Control Content Aware Protection CAP Mobile Device Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved No Background Tasks Version 4 4 0 4 165 Endpoint Protector User Manual 18 2 For Mozilla Firefox Open the Browser Open Endpoint Protector Administration and Reporting Tool IP address Your Appliance static IP Address example https 192 168 0 201 Untrusted Connection e am SB Googie This Connection is Untrusted You have asked Firefox to connect securely to 192 168 0 166 but we can t confirm that your connection is secure Normally when you try to connect securely sites will present trusted identification to prove that you are going to the right place However this site s identity can t be verified What Should I Do If you usually connect to this site without problems this error could mean that someone is trying to impersonate the site and you shouldn t continue Technical Details I Understand the Risks From the above screenshot This Connection is Untrusted choos
197. telist Select the device user computer or group you wish to manage rights for and click the plus button at the bottom of the page under Already Existing Devices save 4_ Back 22 Endpoint Protector User Manual Once you do that the Device Wizard will appear allowing you to select the device s you wish to manage Please note that you need to allow access to the storage device in order to enable the File Whitelisting for it Device Wizard Last devices connected Name Communications Port ASUS DRW 201451 ATA Standard floppy dis Standard AHCI 1 0 Se Intel R Active Mana USB_FLASH_DRIVE USB_FLASH_DRIVE FM 10_ PRO S EES STE SST ESS gt Select All Remove Selection Rights Deny Access Allow Access Read Only Access Allow Access if TD Level 1 Allow Access if TD Level 2 Allow Access if TD Level 3 Allow Access if TD Level 4 Block if wired network is present Save Cancel Selecting a device will allow you to select one of the rights for that device Device Wizard Last devices connected Name Communications Port ASUS DRW 2014S1 ATA Standard floppy dis Standard AHCI 1 0 Se Intel R Active Mana USB_FLASH_DRIVE USB_FLASH_DRIVE FM 10_PRO Search Serial Number Select All Remove Selection Rights Deny Access Allow Access Read Only Access Allow Access if TD Level 1 Allow Access if TD Level 2 Al
198. tem Paremeters Rights omputer Rights Device Rights Group Rights Block Reporting Computer History Device History User History Block O vm Block more Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd Al rights reserved No Background Tasks Version 43 0 1 Endpoint Management Used for administration of Devices Computers Groups and Client Users Endpoint Management Devices Computers Users Groups In this module the administrator can edit manage rights and settings for or even delete devices computers or groups He can also create groups and add or remove client users Endpoint Rights Used to determine and define rules of access Six Subsections are found here Devices Rights User Rights Computers Rights Group Rights Global Rights Effective Rights and File Whitelist 13 Endpoint Protector User Manual Cs Endpoint Rights Device Rights User Rights Computer Rights Group Rights Global Rights Effective Rights File Whitelist This is the most important module of Endpoint Protector In this module the administrator can set up and enforce security policies by assigning specific rights to devices computers computer groups and global device access Please refer to section 4 Endpoint Rights for more information Endpoint Settings Used for setting the behavior of computers groups of computers or all the computers Endpoint Settings Computer Settings Group Settings Global Settings
199. tenance create Q System Configuration a System Parameters O Support Endpoint Protector Copyright 2004 2011 CoSeSys Lid Al rights reserved Ready Version 40 05 The client computers have a registration mechanism This self registration mechanism is run once after the Endpoint Protector Client software is installed on a client computer The client software will then communicate to the server its existence in the system The server will store the information regarding the client computer in the system database and it will assign a license to the client computer if none available a demo license will be created and assigned which will expire after 30 days NOTE The self registration mechanism acts whenever a change in the computer licensing module is made and also each time the application client is reinstalled The owner of the computer is not saved in the process of self registration Computers can also be imported into Endpoint Protector from Active Directory using the Active Directory Plug in For details please see paragraph 10 1 Active Directory Import The available actions here are FAABER Edit Manage Rights Manage Settings Offline Temporary Password Computer History Export Computer History and Delete The Manage 25 Endpoint Protector User Manual Rights Manage Settings Offline Temporary Password and Computer History are links to their respective modules which will be explained in their own chapter
200. ter selecting the network entities to be monitored A powerful Content Aware Policy option consists of setting up a threshold number A threshold is defined by the number of actions or events up to which the policy does not block a defined action For example suppose that you have set up a Block amp Report policy on the transfer of Social Security Numbers on some types of Internet browsers A threshold setup of two 2 will block all transfers on those browsers which contain two or more individual SSN numbers but not one 1 A set value of two will permit and only report individual transfers of one single string of monitored sensitive information Note Enabling the threshold option will produce no effect when Policy Action is set on Report Only The threshold option applies strictly on the Predefined Content filter of the Content Aware Protection module To complete the policy definition the transfer destinations to be monitored must be selected and the content to be detected must be specified Control Transfers To Controlled Device Types Clipboard Q F Disable Print Screen Q F Applications Online Services Attachments File Transfers
201. the message This device is not allowed all Original Title Security Warning V Body An unauthorized device was connected to this PC Remove the device now or contact the PCs administrator for authorization Title Panic Mode C Body 1 entered the panic mode Your devices have been blocked Tite Security Warning C Body The print screen functionality is disabled Title Restart needed C Body 1 detected that you need to restart your system for the latest device rights to be applied Tite Security Warning C Body An unauthorized device was disconnected from this PC Title Endpoint Protector TrustedDevice enabled C Body Endpoint Protector TrustedDevice enabled Tile Trial Information C Body 1 is expired Tide Trial Information O Body You are currently using a 30 day trial version It will expire in 61 2 Tiie Content Threat Detected G Save Di Back 0O Body File transfer 1 You attempted to copy sensitive information Contact the PCs administrator for more information Text 2 was matched in file 93 as as Message from Endpoint Protector Message from Endpoint Protector This device is not allowed og Some administrators might want not to display some notifications while showing others This can be done by not ticking the box for the specific message 53 Endpoint Protector User Manual 6 5 File Tracing Endpoint Protector s file tracing featu
202. their departments and will be able to change departments When logged on as Super Administrator the text Show all departments will be displayed on the right top part of the main content layout of the Web interface 3 As only the Super Administrator has the possibility to create regular users he is also responsible for assigning regular administrators to handle one or more departments Regular Administrator will see and manage in the Web interface only the main entities belonging to the assigned departments 4 From a security stand point of view A Regular Administrator should only see his department s entities and nothing more 125 Endpoint Protector User Manual A Regular Administrator should only control his department s entities and nothing more IMPORTANT If you do not want to have any departments based organization within the Endpoint Protector deployment please make sure that you always assign the default Department to all new created Regular Administrators within the Endpoint Protector Web Interface 12 7 System Security Client Uninstall Protection The Client Uninstall Protection feature protects the Endpoint Protector Client from being uninstalled by using a password based mechanism The Administrator of the system defines this password from within the Reporting and Administration Tool of Endpoint Protector 4 When somebody tries to uninstall the Endpoint Protector Client they will be prompted for the passw
203. tion CAP mer slate Pa g Mobile Device Management Lici File Shadowing v les Offline Temporary Password CAP File Shadowing v Detect Copy Source v Ky as ee Network Share Tracing v as Alerts Exdude Extensions from Shadwing PY Exdude Extensions from CAP Scanning Py java ace rar Directory Services Note Files with extensions in these lists will be ignored from File Shadowing CAP Extensions must start with dot and end in a semicolon Example mp3 vob exe Appliance Disk Space System Maintenance Automatic Log Cleanup System Configuration Start Cleanup when HDD Disk Space reaches lent Software Default Client Settings Client Software Upgrade Log Upload Interval min 1 Download EasyLock Software Local Log Size MB ocal ize 2000 System Administrators System Departments Shadow Interval min 1 System Security Shadow Size MB 150 System Policies Minimum File Size for Shadowing KB 1 _ System Settings up i Maximum File Size for Shadowing KB 5120 System Licensing Notifier Language English x GE System Parameters Use Custom Client Notifications for this Language m B wor Default Rights To view all supported devices and rights go to Device Types in System Parameters Unknown Device Deny Access iPod Deny Access x USB Storage Device Deny Access Serial ATA Controller Deny Access PA Internal CD or DVD RW Deny Access WiFi Al
204. tion from the Endpoint Protector 4 Server otherwise they will be unusable There are four levels of security for Trusted Devices Level 1 Minimum security for office and personal use with a focus on software based encryption for data security Offers companies already regulatory compliance Any USB Flash Drive and most other portable storage devices can be turned into a Trusted Device Level 1 with EasyLock Software from CoSoSys No hardware upgrade is required Level 2 Medium security level with biometric data protection or advanced software based data encryption Requires special hardware that includes security software and that has been tested for Trusted Device Level 2 Hardware is widely available in retail stores Level 3 High security level with strong hardware based encryption that is mandatory for sensitive enterprise data protection for regulatory 148 Endpoint Protector User Manual compliance such as SOX HIPAA GBLA PIPED Basel II DPA or PCI 95 46 EC Requires special hardware that includes advanced security software and hardware based encryption and that has been tested for Trusted Device Level 3 Level 4 Maximum security for military government and even secret agent use Level 4 Trusted Devices include strong hardware based encryption for data protection and are independently certified e g FIPS 140 These devices have successfully undergone rigorous testing for software and hardware Requires sp
205. twork with more To add an administrator or Super Administrator in Endpoint Protector you must login as a super administrator and access the System Configuration module then the Administrators panel Here you can see a list of current Administrator and Super Administrators Welcome Logout ENDPOINT 4 PROTECTOR Reporting and Administration Tool Engish it Q Advanced Search Dashboar Endpoint Management a es Endpoint Rights E Endpoint Settings User Name Created at Last Login Actions Offline Temporary Password OES ZE 1 result 50 per page Reports and Analysis Create a Directory Services System Maintenance amp Q System Configuration Client Software Client Software Upgrade Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing System Parameters O Support Endpoint Protector 4 Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 2 5 Appliance To add another Administrator or Super Administrator click the Create button 145 Endpoint Protector User Manual Administrator User User Information User Name My Admin Password PyTiiiiit Password Confirmation eeccccece Permissions and Departments Is active Iv Is super admin E Departments Default Department Information Last Login Save Save Add _ Back G G
206. uding advanced features Welcome Logout ENDPOINT 4 caren SO Reporting and Administration Tool English Q B PROTECTOR jiii A Advanced Search Dashboard List of Administrators Show all departments oo Endpoint Management x BB poe nor rer aS Endpoint Rights Results A Endpoint Settings User Name Created at Last Login Super Admin Actions Content Aware Protection CAP root 11 Sep 2014 09 16 v EALE vladut root 4 September 2014 13 03 P eg 163 g Mobile Device Management 2results 50 per page iss Offline Temporary Password Create E Reports and Analysis as Alerts Directory Services Appliance 3 System Maintenance System Configuration Client Software Client Software Upgrade Client Uninstall Download EasyLock Software System Administrators System Departments System Security System Policies System Settings System Licensing a System Parameters O Support Endpoint Protector 4 Copyright 2004 2014 CoSoSys Ltd All rights reserved Ready Version 4 4 0 4 For more information on administrators please see paragraph 12 1 Adding new administrator s 123 Endpoint Protector User Manual 12 6 System Departments This module allows creating System Departments The available options are Edit and Delete B O The main reason for using this feature is to target Large Installation where one Super Administrator cannot handle the Endpoint Protector Server configuration an
207. upport aG f Program Data aia System af Test wea Users Back Import Ready Version 4 0 0 8 104 Endpoint Protector User Manual 10 2 Active Directory Sync Special requirements Endpoint Protector Timer or the Windows Scheduler setup to call the synchronization PHP script This module allows you to synchronize the entities in Endpoint Protector with the entities in Active Directory Computers Users and Groups Welcome Super Administrator Logout Me ENDPOINT 4 i ART PROTECTOR Reporting and Administration Tool Engish Q Advanced Search p5 Dashboard Active Directory Synchronization Show all departments Endpoint Management Endpoint Rights This option will allow you to import Computers Groups and Users from Active Directory where available Active Directory Synchronization Wizard Requirements Endpoint Settings Credentials to Domain Controller Offline Temporary Password Reports and Analysis System Alerts BrP mwas Directory Services Active Directory Import Active Directory Sync Active Directory Deployment System Maintenance Next View Sync List System Configuration System Parameters OLES Support Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 You can either examine existing synchronizations by clicking the View Sync List button 105 Endpoint Protector User Manual N Welcome Super Administ
208. used on a specific time interval and whether the shadowing for that user device is enabled or not There is a special filter designed to make it easier to find this information Online Users Online users are end users who have logged on to a client computer Online Computers Online Computers are client computers which have been set up to communicate with the Endpoint Protector server by installing the Endpoint Protector Client Here you can see a list of computers which are currently powered on and you can view the actions they have taken Online Devices Connected Devices are devices which are currently plugged in to one of the online client computers Here again you have the possibility to view an activity log this time of the device Statistics The statistics module can generate reports on registered computers devices and users based on traffic connections or overall activity You can set a period for this report last week month or year Protecting Data in Transit is essential to ensure no third party has access to data in case a device is lost or stolen The Enforced Encryption solution gives administrators the possibility to protect confidential data on portable devices in case of loss or theft If a Trusted Device fails to get authorization from the Endpoint Protector 4 Server it will not be usable How does it work Enforcing Encryption can be done by utilizing Trusted Devices Trusted Devices must receive authoriza
209. vice is plugged in and only if Endpoint Protector Client is present and communicates with Endpoint Protector Server this allowing the transfer and offering a performance based improvement to the overall system functionality Additionally Easy Lock 2 performs File Shadowing for the files that are transferred if Endpoint Protector Client is present and the File Shadowing option is enabled on the computer on which the events occur This is a real time event and no shadowing information is stored on the device at any given time Note File Tracing on EasyLock 2 Trusted Devices must be enabled separately from inside the System Settings window Enabling global File Tracing will not automatically activate the File Tracing option on EasyLock 2 Trusted Devices and vice versa Bare in mind that The File Tracing feature on EasyLock 2 Trusted Devices is available at the moment only for Windows OS The Endpoint Protector Client is the application which once installed on the client Computers PC s communicates with the Endpoint Protector Server and blocks or allows devices to function as well as sends out notifications in case of unauthorized access To install the Endpoint Protector Client on your client computers you can download it directly from the Endpoint Protector Server Web interface under the System Configuration gt Client Software tab Note You need to Save the Endpoint Protector Client first on a location and then install it f
210. vices Tracking of what data is saved to storage devices Tracking of what data is copied from and to storage devices Scanning of all data transfers for sensitive content detection Complete monitoring of all possible data exit points Authorize the use of USB storage devices Securing data on USB storage devices Powerful reporting tool and audit Endpoint Protector Lp Devices i a i L P gt Client PC is booted user logs on Kernel Driver PC is registered as online machine in EPP Server and issued Certificate for secure communication N Client PC receives latest Policies and stores them locally until policy is updated or device activity is registered Digital Certificate Connected devices are checked for permissions and activity is 128bit AES SSL logged Communication All file activity to and from device can be traced If PC is disconnected from network the latest policies remain in place Endpoint Protector Administration and Reporting Tool S3191 Od Sees Database i J Endpoint Protector Server Windows 2003 or Linux Distribution Microsoft SOL or MySQL The modular and intuitive Web based administration interface has been designed to offer fast access to controlling computer devices and user behavior in a large network It also offers several ways to track any kind of portable device related activity registered on the system A detailed report including timestamps file 3 Endpoint Protector User Ma
211. word cannot be used for a different device or for the same device twice The password will give permission to the device computer or sensitive data transfer for the specified amount of time The time intervals which can be selected are 30 minutes 1 hour 2 hours 4 hours 8 hours 1 day 2 days 5 days 14 days and 30 days 39 Endpoint Protector User Manual 5 2 Device Offline Temporary Password Welcome tti Logout pAg ENDPOINT 4 R vaine aa PROTECTOR Reporting and Administration Tool Engish 7 Q Advanced Search Dashboard Generate Offline Temporary Password Show all departments Endpoint Management Device Offline Temporary Password Computer Offline Temporary Password Content Aware Protection Offine Temporary Password ee Endpoint Rights Computers Endpoint Settings Choose computer TESTPC g O Content Aware Protection CAP Devices fb Mobile Device Management pan Search for device gt Offline Temporary Password or Offine T p Enter device code case sensitive E Reports and Analysis Other Options Alerts n A Duration 30 min lt EJ Directory Services G Generate Code System Maintenance Generated Password e System Configuration Password a System Parameters so Endpoint Protector 4 Copynght 2004 2013 CoSoSys Lid All rights reserved Ready Version 44 0 2 The administrator can either search for an existing device using the search e iaf Search for device N wizard Search for device F
212. y Gist drives Standar T 03 Jun 20 a ag i w Seral Port Communications Port CON2 Communications Port COM2 Standard p 3 Jun Selig Support w Phone Phone Phone Appie inc e z 03 Jun 20 9 qee a Sea USB Storage Dev D DSK E 03 aha w Card Reader Device SC vu CSI Controte Mware SCS Controber Mylex Busiogi mmm 03 Jun 2011 13 34 lt aha WresuMs 50 w per page create Endpoint Protector Copynght 2004 201 CoSoSys Lid Al rights reserved Ready Version 4008 20 Endpoint Protector User Manual These are the actions available to the administrator in this module IEI Edit Manage Rights Device History Export Device History Delete Manage Rights and Device History are actually shortcuts to the Devices Rights and Logs Report modules and will be explained in one of the following chapters The status column indicates the current rights for the devices ka Red means that the device is blocked in the system O Green means that the device is allowed on computers or users Q Yellow means that device is allowed on some users or computers with restrictions 3 2 Device Functionality Endpoint Protector can handle a wide variety of devices and device types and offers several methods of usage for each device in particular These can be found by accessing the Endpoint Rights module of Endpoint Protector and selecting one of the relevant Rights tabs The Endpoint
213. y Import Active Directory Sync Active Directory Deployment System Maintenance Back Next Test Connection o System Configuration a System Parameters ss Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 3 Enter the Active Directory domain controller server name the domain name and a username and password in the format as in the examples presented in the form First you can push the Test Connection button to test if the connection is established successfully If the connection is valid push the Next button This operation might take some time depending on the volume of data that needs to be imported Note When having to import a very large number of entities from the Active Directory we recommend using the Domain Search In filter from the AD Import page in order to get only the relevant information displayed for import Due to browser limitations importing the whole AD structure may impede the display of the import tree if it contains a very large number of entities 103 Endpoint Protector User Manual In the next step simply select what items you would like to import by clicking the checkbox next to them and finally select Import E ENDPOINT Welcome Super Administrator Logout 4 s eee i PROTECTOR Reporting and Administration Tool Engish wl Ca Dashboard Active Directory Import Show all departments Endpoint Management Endpoint Rights
214. your own policy icon An existing policy can be edited also by double clicking the upper part of the policy icon By selecting a policy the departments groups computers and users on which the selected policy applies will be highlighted for an easier policy management The administrator can then uncheck previously enabled entities for monitoring or check new ones All the changes performed on the page are applied after clicking Save 7 2 1 Priorities for Content Aware Policies One or more Content Aware Policy can be enforced on the same computer user group or department To avoid any conflicts between the applied rules a prioritization of policies is performed through a left to right ordering The leftmost policy has the highest priority Priority 1 while the rightmost policy has the lowest priority Changing priorities for one or more policies can be performed by moving the policy to the right or to the left with a simple click on the left arrow for higher priority or on the right arrow for lower priority 7 2 2 How Content Aware Policies Work Content Aware Protection is a very versatile tool where granular implementation of the desired actions regarding report and or block and report of files can be performed A Content Aware Policy is a set of rules for reporting or blocking amp reporting the selected information All the other options left unchecked will be considered as Ignored by Endpoint Protector 63 Endpoint
215. ystem Maintenance Q System Configuration System Parameters O Support Refresh Back Endpoint Protector Copyright 2004 2011 CoSoSys Ltd All rights reserved Ready Version 4 0 0 8 11 System Maintenance 11 1 File Maintenance This module allows the administrator to retrieve organize and clean up files used by Endpoint Protector Server Welcome Logout ahs arepane Reporting and Administration Tool engisn J Q Advanced Search E Dashboard File Maintenance Show all departments El Endpoint Management File Maintenance es Endpoint Rights Endpoint Protector Server stores several files for its functionality Use this feature to retrieve organize and clean up these files vy A Endpoint Settings Content Aware Protection CAP Shadow Files Delete File Whitelist Temporary Logs Files Mobile Device Management Log Backup Files ky Offline Temporary Password E Reports and Analysis Alerts EJ Directory Services amp Appliance i System Maintenance File Maintenance System Snapshots Log Backup Content Aware Log Backup Q System Configuration a System Parameters O Support Endpoint Protector 4 Copyright 2004 2013 CoSoSys Ltd All rights reserved Version 4 4 0 1 Appliance The available options are Temporary Log Files allows archiving and deleting log files from a selected client computer Shadow Files allows archiving and deleting shadowed fil
Download Pdf Manuals
Related Search