Home

Intego VirusBarrier Server 3 User Manual

1. You can also narrow down the display in the console log using the search field at the bottom of the window You can enter a string containing part of a name of a server a product a date type of action or a result As you type the log displays only those log entries that contain your search string Using the VirusBarrier X6 Application on your Server A copy of VirusBarrier X6 is provided with VirusBarrier Server 3 VirusBarrier X6 is not a substitute for VirusBarrier Sever 3 rather it extends the functions of the server program http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 1 mm an Your filters are up to date Installed filters 11 73 09 xe SG Cia ranitiree Trutted Files schedules Scan seringi Malware Protection Antivirus mode Interactive You will be asked what to do when malware is detected Quarantine Schedules Trusted Files Select Full Scan Your subscription ends in 6 manths hy Firewall Check Now Oe aie Antiviral ure Privacy Network Protection Firewall mode No restrictions All network data can be sent and received Anti Phish ing Web Threat Frotection Blocked Addresses 457 27 Mo aeaee For more on using VirusBarrier X6 see the VirusBarrier X6 manual available from the Help menu of VirusBarrier X6 Using VirusBarrier Server 3 from the Command Line V
2. default copy Set as active configuration _ By default at startup _ When active network settings match any B of the following conditions Never H Comments After the area where you can change the configuration s name follows the Save as active configuration section By changing the two criteria in this section you can determine when VirusBarrier Server 3 will automatically switch from One configuration to another The options are e By default at startup which takes effect when you restart your server e When active network settings match which lets you set conditions under which the configuration will change checkbox it will automatically become active when any or all conditions you specify regarding the following networking criteria are true o Never This condition will never be true so the configuration will never turn on automatically o Type Choices are Ethernet AirPort FireWire PPP or Bluetooth o IP Address You can choose a specific IP address or a range A Current button identifies the IP address http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations your server has at the moment o AirPort SSID The common name for a wireless network such as My AirPort You can choose for this condition to be true when the SSID is is not or contains a text string you specify o AirPort BSSI
3. Creating Custom Firewall Rules with Intego VirusBarrier Server 3 New Service untitled service ntitled service Part 1 of 1 Protocol Any rH Option M Allow Broadcast Packets Four different protocol suites are available from the Protocol pop up menu TCP UDP ICMP and IGMP You can also select Any which covers all protocols When you select one of these protocol suites additional options display in the bottom section of the panel with a list of services that you can select from The options depend on the protocol you selected TCP or UDP have the following options e Any port Affects all ports e Single Port Lets you specify a single port either by typing its number or by selecting from over a hundred options in the popup menu VirusBarrier Server 3 automatically fills in the correct number when you select from the popup menu e Range of Ports Lets you enter the beginning and ending port numbers that define a range ICMP or IGMP have the following options e Any Affects all types e Specific Type Lets you specify a single value either by typing its number or by selecting from over twenty options in the popup menu VirusBarrier Server 3 automatically fills in the correct number when you select from http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 the popup menu You can also specify a Code n
4. If the Except read only volumes checkbox is checked VirusBarrier Server 3 will perform the action only on those volumes where it could change the drive being scanned for example to repair an infected file on a disk The second event After virus definition updates lets you tell VirusBarrier Server 3 what to do after the program downloads and installs new virus definitions and threat filters These are updated regularly and especially when new malware is discovered to offer protection against that threat Therefore you should perform a new scan at those times to check for the new malware either manually or by checking this checkbox automatically e The Schedule section lets you determine when VirusBarrier Server 3 will run automated scans Below these settings is a scheduling selector where you can say which folder should be examined and when o The first popup menu lets you choose whether you d like to Scan Quick Scan or Repair the selected files at the scheduled time If you choose Quick Scan you cannot choose specific folders to scan the second menu will disappear Quick scans scan only those locations where malware is commonly installed The files and folders scanned may change as new malware appears and the locations scanned may be different with newer versions of VirusBarrier X6 s virus definitions o The second popup menu lists the areas you are most likely to want to scan The default choice Computer directs VirusBarrier S
5. Serial Numbers Console Log Product WirusBarrier Server 3 Connec all ho SA Aeeded Scheduling Preferences wf Automatically check for updates Weekly aq C cunomze _ Background update This will automatically download and install any available updates at the scheduled time This operation will guit any running applications that need to be updated and restart your computer if needed Next scheduled check Sunday April 11 2010 12 18 AM e Automatically check for updates Tells NetUpdate to automatically connect to the Intego NetUpdate server to check for updates with the frequency you specify The pop up menu lets you quickly set that frequency to daily weekly or monthly In each case the period Starts from when you select something from the pop up menu For example if you were to select daily at 1 pm on a Tuesday the next check would occur at approximately 1 pm on Wednesday Clicking the Customize button lets you be more specific about when the check should occur If you do not check this option at all you can manually check for updates by connecting to your server via Apple Remote Desktop or a VNC client opening the NetUpdate application in the Applications folder and clicking the Check now button e Background update If you check this option then when NetUpdate performs an update it will automatically quit any programs that need to be updated and will restart your server if required e Also proc
6. and blog example com hosted on another Meanwhile small domains often share one IP address with others all hosted as virtual domains on a single computer In such cases a domain lookup gives an IP address that actually leads to the larger unexpected machine name for example apache2 vat market example com As a result entering an IP address could block or allow traffic from unintended domains while entering a domain might not block or allow all desired traffic This is the nature of the Internet domain structure and isn t an error of VirusBarrier Server 3 If you have problems with unexpectedly blocked or permitted traffic try using a domain name instead of an IP address or vice versa Adding Addresses There are two ways to manually add addresses to the Blocked Addresses list or Trusted Addresses list VirusBarrier Server 3 can also add addresses automatically to the Blocked Addresses list in response to attacks as defined by Antivandal policy The first way to add an address to the Blocked Addresses list or Trusted Addresses list is by selecting an IP address in the Log window and choosing Add to Blocked Addresses or Add to Trusted Addresses from the contextual menu For more on this see Using VirusBarrier Server 3 Monitoring Tools You can also manually add addresses to the Blocked Trusted Addresses list by clicking the button at the bottom of the list A window appears http www intego com manuals en vbs 4 Network
7. input Any 9 Internet 3 amp Output k Copy to Clipboard Insert Standara Set le Status Behavior Log Switch Source amp Destination T F F Duplicate Edit Remove The menu offers the following options e Copy to Clipboard Copies the contents of a Rule to the Mac s Clipboard in plain text format You can then paste the rule into a document where it will look something like this 02 ON Input Any Internet gt My Mac All Deny where slashes are tabs e Insert Standard Set Add Standard Set Insert or add a standard set of rules from the same selection as is found in simple mode No restrictions No network Client Local Server Server only or Client only e Status You can toggle the state of a rule turning it On or Off If the rule is scheduled to run at certain times a check mark is displayed next to Scheduled in the submenu e Behavior Toggle the behavior of a rule between Allow or Deny traffic e Log Toggle whether the rule records traffic information in the log e Switch Source amp Destination Reverses a Rule exchanging the source and destination e Duplicate Makes a new copy of the Rule e Edit Opens the Rule Editor for the indicated Rule e Remove Deletes the Rule VirusBarrier Server 3 Preferences and Configurations 2010 Intego All Rights Reserved http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM
8. 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Configuration default EE Protection OFF A on b Scan Settings mt Quarantine Trusted Files Schedules Firewall Antivandal Logs Firewall Rules Trojan Firewall Settings No restrictions Mode GET Ce Advanced a 4 x ap No restrictions amp No network a gt Client local server lt b Server only d gt Client only Your subscription ends in 12 months G Vj When you click the Firewall button VirusBarrier Server 3 presents its Simple mode for controlling Firewall settings There are five preset firewall settings that cover all the situations that you will encounter in normal use each accompanied by an animation that graphically shows the effect of applying the setting The screen closest to you represents your server the globe represents the Internet the screen halfway between the two represents the limit of your local network Here the default setting No restrictions shows how your computer can send and receive information without blockage in either direction The five firewall settings are e No restrictions VirusBarrier Server 3 s firewall allows all incoming and outgoing network data to be sent and received e No network VirusBarrier Server 3 s firewall prevents all data from entering or leaving your server to or from the Internet or a local TCP IP network e Client loca
9. Contextual Menu via the VirusBarrier X6 program that s installed along with VirusBarrier Server 3 Control click or right click on any item a file folder or volume and a contextual menu will open In Mac OS X 10 6 Snow Leopard these menu items are grouped at the bottom of the contextual menu however if you have enough such items you ll find a Services menu item and VirusBarrier Server 3 s menu items will be in the Services sub menu In Mac OS X 10 5 Leopard the VirusBarrier Server 3 menu appears under a More menu http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 ET 46 Fri 12 13PM Q ge Macintosh HD Open Move to Trash Get Info Compress Resumes Burn Resumes to Disc Duplicate Make Alias Copy Resumes Show View Options Label x eeagge Folder Actions Setup Services Scan with VirusBarrier X6 New FileGuard Safe New FileGuard Safe with Contents Submit Suspicious File to Intego Add to VirusBarrier X6 Trusted Files The contextual menu lets you do the following e Scan the selected item and repair it if your settings allow e Send a copy of the item to Intego by selecting Submit Suspicious File to Intego This is especially useful if you have files that you suspect are infected with new or unrecognized viruses If you choose this option
10. Intego s virus experts can examine the file and produce the virus definitions you and other users will need to protect their systems if necessary e Add the item to the Trusted Files list 2010 Intego All Rights Reserved http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 VirusBarrief Server 3 Protecting Your Server from Network Attacks e Firewall Protection e Trojan Horse Protection e Antivandal Protection e Blocked Addresses and Trusted Addresses Go to Main Table of Contents In addition to its powerful anti malware features VirusBarrier Server 3 protects your server from network attacks with tools that fall into two groups e Firewall tools which define the network communications that your server will allow e Antivandal tools which spot and block different types of network attacks These tools protect you against virtually every kind of attack possible including Trojan horses ping attacks and port scans Firewall Protection VirusBarrier Server 3 includes a two way firewall that filters all data packets entering or leaving your server through the Internet or a local TCP IP network It also protects you from Trojan horses by blocking the ports they use To view or change Firewall settings click the Firewall tab http www intego com manuals en vbs 4 Network Protection html 3 14 12 6
11. Networking TCP HTTP web service TCP HTTP web service VirusBarrier Server 3 is not able to resolve the names of all Internet addresses since some addresses have no name equivalents Filtering Data in the Network Log Window At the top of the log window toolbar is a search field that lets you filter data according to several criteria displaying only those entries that contain the selected criteria in the following categories e Source address e Destination address e Source port e Destination port e Interface e Protocol Source Address is the default criterion as the search field shows To search for log data containing any of these criteria click the disclosure triangle next to the Search icon http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools G J E Na Agaress Kind Source Destination Port Source Destination F r i TAES Interface Protocol Select the criterion you want to search for then enter a string in the search field You don t need to enter the entire string the display is dynamic and automatically narrows down log data as you enter characters in the search field Clearing Logs To clear either the Malware or Network log and erase all information it contains click the Clear button in the lower right corner A dialog appears asking you to confirm your request VirusBarrier Traffic Monito
12. Options e Conclusion http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 To create a new rule using the assistant click the Assistant button in the bottom right corner of the window The first assistant screen displays Introduction B Name and Behavior B Direction B Service B Options B Conclusion Click the Next button to begin creating a new rule You can click the Previous button at any time to return to previous Firewall Assistant Introduction This assistant will guide you through the steps required to create a firewall rule If you want more customization or want to edit your rules you must use the Rule Editor Click the Next button below to begin Previous screens or click Close to exit the Assistant Name and Behavior http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Firewall Assistant Name and Behavior Introduction Name and Behavior Enter a name for the rule Direction untitled rule B Service Options This is the name that is displayed in the rule list Conclusion Select the behavior for the rule Allow data The rule will allow data matching its direction and service Deny data The rule will block data matching
13. POP3 port 143 for IMAP4 port 220 for IMAP3 port 389 for LDAP and port 587 for message submission Network Time Protocol UDP on port 123 z Secure Shell TCP on ee 22 using SSH me Virtual Network Computing a graphical remote control a on ports 5900 5999 system Web browsing for example through a browser such as TCP on ports 80 and 8080 Safari through HTTP and on port 443 on HTTPS Well Known Ports A large range of ports with long usage traditions in network TCP and UDP on all ports from communications O to 1023 The remaining services are for specific programs or protocols Be careful when creating rules for specific services When you select a service for a specific program it is possible that this program uses the same port as another program or service Blocking or authorizing a specific service may conflict with other more general rules For example if you wish to block ICQ traffic selecting ICQ as a service will also block AOL Instant Messenger traffic since both programs use the same port Other programs may also share the same ports If you find that you cannot connect to a given service or send or receive traffic try deactivating your rules one by one to see if there is a conflict To create a new service click the button next in the Service section Service All EB 9 The New Service editor displays http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM
14. Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Blocked Addresses Editor iost o Duration co Permanent Note Enter an IP address in the Host field and select the time this address is to remain in the Blocked Addresses list or Trusted Addresses list by entering a number in the Duration field Then select a time unit from the popup menu If you do not know the numerical IP address of the host you wish to add enter its name and click the button VirusBarrier Server 3 queries your DNS server and enters the correct number in the field You can also add comments such as the reason for adding the address in the Note field If you decide you do not wish to add this address to the Blocked Addresses list or Trusted Addresses list click Cancel Using Wildcards You can use wildcards to indicate ranges of IP addresses in the Blocked Addresses list or Trusted Addresses list To do so enter the first part of the IP address you wish to block followed by asterisks For example 192 168 1 will block all IP addresses from 192 168 1 0 to 192 168 1 255 inclusive 192 168 will block IP addresses from 192 168 0 255 0 255 and so on Removing and Moving Addresses To remove an address from the Blocked Addresses or Trusted Addresses list click the address you want to remove then click the button Another way to remove an address is by right clic
15. e Protocol which describes how the connection was attempted i e TCP UDP ICMP or IGMP e Source Port the port from which data was sent e Destination Port the intended port for the data e Flags or TCP flags A acknowledge S synchronize F end of data or R reset e Interface the network interface used to send the data such as Ethernet or AirPort given by BSD Name e Kind a short description of the activity Displaying Subsets of the Network Log The Display section categorizes activities in three groups General Firewall and Networking You can choose to see activities relating to all the groups at once or only activities relating to a specific one Click one of the buttons to change the log view Display General Firewall Networking e All All activity that VirusBarrier Server 3 tracks This is the default setting e General Activity related to the operation of VirusBarrier Server 3 itself such as instances when you launched and quit the program entered items into the Blocked Addresses or Trusted Addresses list and so forth e Firewall Incidents when network activity triggered a firewall rule if logging was turned on for that rule Records of any Trojan horse attacks also appear in the Log if you ve turned on Trojan protection e Networking All connections to networks or the Internet and when IP addresses in the Blocked Addresses list attempt to connect to your computer http www intego com manuals
16. en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Resolving Domain Names in the Network Log ih No a a The Resolve Names section of VirusBarrier Server 3 helps you track down intruders by resolving the domain names of your connections When Resolve Names is checked in the Log panel VirusBarrier Server 3 will attempt to find the names for each of the Internet addresses shown in the log If VirusBarrier Server 3 can find this information it then displays it in name form rather than as numbers Mode Malware Network ig Pa e e e m e 4 3 10 4 3 10 4 3 10 4 3 10 4 3 10 4 3 10 4 3 10 4 3 10 ime 4 41 34 PM 4 41 34 PM 4 41 34 PM 4 41 34 PM 4 41 34 PM 4 41 34 PM 4 38 18 PM 4 38 13 PM Network Address Kind mailbox 3 webfactio mailbox 3 webfactia mailbox 3 webfactio mailboxs webfactio mailbox 3 webfactio mailbox webfactio Www Intego com Connection to Connection to Connection to Connection to Connection to Connection to Connection to ytsl ab vip mud yah Connection to TCP popss TCP POPS TCP popss TCP popss TCP pop3s TCP popss Expert Display f O General Firewall
17. for To access these settings click the Scan Settings tab On that pane the Real Time Scanner tab is selected Configuration default rd E id Protection OFF E ON Quarantine Trusted Files Schedules Firewall Antivandal Logs _ Real Time Scanner Real Time Scanner OFF EE ON Mail Gateway The Real Time Scanner protects your Mac at all times When a malware is found f Put in Quarantine Zone _ Repair _ Send an e mail Configure e mail _ Remove quarantine marker after scanning uninfected files Removing the quarantine marker will reduce the number of alert dialogs produced by the Finder when double clicking on applications Your subscription ends in 12 months G V The Scan Settings pane contains five tabs http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 e Real Time Scanner which controls how VirusBarrier Server 3 runs scans in the background e Archives which tells VirusBarrier Server 3 whether to scan archives and what types of archives to scan e Advanced which provides additional scan settings e Active Scans which gives information on scans currently being performed e Mail Gateway which gives further information on e mail protection that VirusBarrier Server 3 is providing Real T
18. from TCP AFP Apple File Service 4 7 10 11 50 42 AM Connection from TOF VNC 4 7 10 11 50 40 AM Connection fram TCP AFP Apple File Service 4 7 10 11 50 40 AM Connection from TOP AFP Apple File Service 4 7 10 11 50 28 AM Connection to TCP Netlpdate E 4f7 10 11 27 02 AM Connection from TCP AFP Apple File Service 4 7 10 11 27 02 AM Connecion from TCP AFP Apple File Semace E 4 7 10 11 77 01 AM Connection from TOP AFP Apple File Service 4 7 10 11 27 01 AM Connection from TCP AFP Apple File Serice 4 7 10 11 26 47 AM Connection from TCP AFP Apple File Service E 4 7 10 11 26 45 AM Connection from TCP AFF Apple File Serce r arti 117R AM Cananarnnn fran TOP APE dele File Serie Y Fetch Remote Log Entries Chea Your Subscription ends in 12 months o e The top of the log window contains three groups of options that affect how the log appears e The Mode group toggles between the default Standard view and an extended Expert view e The Display group shows subsets of log activity to help you see potential issues more clearly e The Resolve Names group lets you choose whether to view raw IP addresses or domain names using DNS lookup We ll examine each of these sets of options separately Network Log Modes Standard mode shown above is the default for the Log screen This displays only four pieces of information for each Log entry e Type of activity indicated by dot col
19. gt VirusBarrier Server 3 Read remote preferences Success 4 1 10 10 15 10 AM Server NetWpdate Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success Read remote preferences Success VirusBarrier Server 3 Read remote preferences Success VirusBarrier Server J Read remote preferences Success Fi tar ladata Dati pAn Feel arene Ei Cipra VirusBarrier Server 3 VirusBanrier Server J NewWpdate VirusBarrier Server 3 Virws Barrier Server 3 Virus Barrier Server 3 NewWpdate gt VirusBarrier Server 3 3 31 10 7 53 25 PM Server OfS1L 10 7 53 14 PM Scrver 3 31 10 72 53 11 PM Server 3 31 10 7 53 05 FM Seret 3 31 10 7 52 38 PM Server F110 7449 54 PH Server 3 31 10 7 38 54 FM Server 4 1 10 4 46 51 PM Server 37 31 10 4 40 30 PM Sorvar 3731 10 4 56 43 PM Server PRU PE aetes AD Os ot Two icons display in the right hand column of the console log a green icon indicates that the action was successful and a red icon that the action failed Actions such as reading or writing preferences may fail if there is a connection failure with the remote computer when the action is carried out If an action fails the Result column shows an error message explaining why the action was not successful
20. i 471 10 2 17 52 Pw Malware MultifEicar decected in file eicarcom zip 4 1 10 2 17 51 Pw Mahware Multi Eicar detected in file tPQS02H4_2ip part ee Fetch Remote Log Entries Your subseription ends in 12 months EE Clicking a disclosure triangle reveals related entries http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools i Se 12 07 25 PM Malware Multi Eicar detected in file eicar com 4 2 10 12 07 25 PM File eicar com was added to the quarantine zone 4 2 10 12 07 25 PM Malware Multi Eicar detected in file eicar com 4 2 10 11 55 28 AM Scan of Computer scanned 112 462 infected 0 corrupted 0 repaired 0 The Log shows every time that e You Start a scan e You cancel a scan in mid process e You start or stop the real time scanner e VirusBarrier Server 3 finishes a scan with its results e VirusBarrier Server 3 discovers a virus e VirusBarrier Server 3 discovers a corrupted file e VirusBarrier Server 3 repairs an infected file e Files are added to or removed from the Quarantine Zone e Files are added to or removed from the Trusted Files list e Virus definitions are updated The colored dots in the leftmost column show you what types of entries are displayed in the log Green dots indicate information such as starting the real time scanner or updating
21. to the browser it remains in the list even if it is not available when you launch VirusBarrier Server Admin at a later time You can remove a server if you wish by clicking its name to select it then clicking the minus button below the Server list Managing Products via the Browser When you click one of the computers in the Server list a list of available Intego products displays in the Product column You can select one of these products to get information about the product and access its settings Below the Browser s Product column you can see if a program does not need a serial number this is the case for NetUpdate if it is running in demo mode or if it has been serialized Serial Numbers Console Log Server Product Server Heocdare WirusBarrier Server 3 Connect all No S N needed The first time you click on a product that requires a serial number in the Browser VirusBarrier Server Admin will ask you to enter a serial number for the product The following dialog displays http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 Enter Your Serial Number VirusBarrier Server 3 User or Company Name Serial Number Enter your name or company and your serial number then click OK If you want to run the program in demo mode click Evaluate You can also add serial numbers by clicking the Serial Numbers tab at the to
22. virus definitions Orange dots are for warnings such as stopping the real time scanner Red dots indicate threats such as when infected or corrupted files are found The files folders or volumes selected for each scan are named as are all problems found You can choose to only display certain types of information by clicking one of the three log type buttons to hide or display their entries Warnings amp Threats amp fate ee eee ie Sage omg en eee eg Date amp Time F Comment E aAsas 10 1 49 44 PMH Crartina Real Time scanner You can filter search results by entering text in the search field in the window s toolbar As you type text the results will narrow down showing only those log entries that contain the text you have typed TE Network ED PHs mla W z rot Dae amp Time 9 Comment User 4 3 10 3 33 54 PM Mahware Multi Ebcar detected in file elcar com 4 3 10 3 31 45 PM File eicar com was added to the quarantine zone 4 3 10 3 31 45 PM Mahware Multi ERcar detected in file elcar com 4 3 10 3 31 44 PM Malware MultifEicar detected in file aRi9XKc com part 4 2 10 5 06 26 PM File eicar com was removed from the quarantine zone 4 2 10 12 11 19 PM File eicar com was added te the quarantine zone 4 2 10 12 11 15 PM Mahware Multi Ercar detected in file icar com Arita Pe File iarram wae removed fro rhe quarantine Fee The Network Log Th
23. 0 12 09 39 PM TCR 49 150 ag 5 eng Cuigoing COmmecton 4 7 10 11 56 09 AM TEP 49179 079 5 end Ouigeing commection 4 7 10 11 53 34 AM TCP 495176 a079 5 eng Cuigeoing comection 4 7 10 11 51 55 AM TCP 49175 B07 5 eno Quigeaing conection 4 7 10 11 50 43 AM TEF 56117 548 5 eng moomirg Connection E 4 7 10 11 50 47 AM TEF 56116 5500 5 eng Imcomirg connection 4 7 10 11 50 40 AM TCF 56109 548 5 end Incoming connection 4 7 10 11 50 40 AM TOF 55105 548 5 end Incoming connection B 4 7 10 11 50 78 AM TCF 49 166 8079 5 eng Dugong canmecton B 4f7 10 11 27 02 AM TCF 53871 548 5 eng Incoming connection a 7 10 1 27 07 AM TEF 53869 548 end Incoming connection O 4 7 10 11 77 01 AM TCP 53867 jag 5 end Incoming connection 4 7 10 11 27 01 AM TCP 53865 a8 5 eno Incoming connection 4 7 10 11 26 47 AM TCF 53827 548 5 end Incoming connection E 4 7 10 11 76 45 AM TCR 53817 548 5 end Intaming connection alii 116s AM It 1415 TAA Bs foo Inc Amine Paneer Fetch Remote Log Entries Clear Your subscription ends in 12 months 3 e Source which is the originating IP address or domain of the incident For most activities the source will be your server s IP address although for attacks or other incoming connections it will be that of the remote computer If you have checked Resolve Names you will see the domain names for those addresses that VirusBarrier Server 3 was able to resolve e Destination given by default as an IP address
24. 3 18 PM Using Intego VirusBarrier Server 3 For bash alias vbscan Library Intego virusbarrier bundle Contents MacOS virusbarriers For tesh alias vbscan Library Intego virusbarrier bundle Contents MacOS virusbarriers This allows you to run the same command as follows vbscan tacz To change network protection settings use the following option along with the operations objects and data listed below all commands with firewall options require sudo W Execute firewall operations operation object data import export settings file path revert settings add remove blocked_address trusted_address ip_address print blocked_address trusted_address get protection enable disable protection enable disable trojans activate configuration configuration_name print configuration For example to enable firewall protection run the following command with sudo Library Intego virusbarrier bundle Contents MacOS virusbarriers W enable protection Using VirusBarrier Server 3 and AppleScript VirusBarrier Server 3 offers the ability to run scans using AppleScript For more information on the program s AppleScript syntax open the VirusBarrier X6 dictionary on the remote server from Script Editor VirusBarrier X6 is installed in the Applications folder of the server Welcome to Intego VirusBarrier Server 3 Protecting Your Network from Viruses and Malware 2010 Intego All Rights Reserved http www intego c
25. Antivandal Logs G Stop the sean ee el ym Quarantine Trusted Files Schedules Firewall Scan type Path Stheduled ican Your subscription ends in 12 months Co Mail Gateway The Mail Gateway tab allows you to control settings for virus scans of e mail messages and attachments To activate the Mail Gateway move the Activate Mail Gateway support switch to ON In addition to turning on mail protection this deactivates the built in antivirus solution Configuration default He Lee Protection OFF EE ON Logs s Quarantine Trusted Files Schedules Firewall Antivandal Real Time Scanner _ _ Archives Active Scans UAUC Activate Mail Gateway support OFF Ss ON _ Mail Gateway inserts certificates for incoming and outgoing mails From To Subject Date G Repair Delete Deliver Your subscription ends in 12 months Gs http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 The Mail Gateway inserts certificates for incoming and outgoing mails control adds an X SCANNED header to all messages that says they were scanned by Intego VirusBarrier Server 3 Scanner at mydomain If VirusBarrier Server 3 finds an infected attachment and removes it the e mail message containing that attachment will display the text Attachment removed by Intego VirusBa
26. D The MAC address of a wireless network connection point expressed as a String of hexadecimal numbers o Location The Location defined in your server s Network preferences o Always The condition is always true You can add multiple criteria to this section by clicking the sign to the right or remove existing criteria by clicking the sign Configuration Office 2 wired connection Office 2 wired connection Set as active configuration By default at startup M When active network setti ngs match any B of the following conditions Location H is E iki is Ethernet IP Address AirPort SSID AirPort BSSID Location Always Comer The Comments field is a place for any description or notes you d care to add they don t affect operation of the configuration in any way To save your the changes you ve made to the configuration click the Apply button at the bottom right of the VirusBarrier Server Admin window To make your new configuration become active click the Action button and choose Set as Active Configuration You can now make any changes to VirusBarrier Server 3 that you want and they are saved under the current configuration To make another configuration active simply switch to it using the pop up menu then choose Set as Active Configuration from the Action button You can also select another configuration from the Configurations list in the Intego Menu if you are working on the serve
27. Intego VirusBarrier Server 3 User Manual VirusBarrief Server 3 Intego VirusBarrier Server 3 User Manual Welcome to the User Manual for Intego VirusBarrier Server 3 Use the Table of Contents below to go to the different sections of the manual You can come back to this main Table of Contents at any time by clicking the Go to Main Table of Contents link at the top of each page Table of Contents Welcome to VirusBarrier Server 3 Using Intego VirusBarrier Server 3 Protecting Your Server from Viruses and Malware Protecting Your Server from Network Attacks Using VirusBarrier Server 3 Logs and Monitoring Tools VirusBarrier Server 3 Preferences and Configurations Creating Custom Firewall Rules NI GF UW BR W YN 2010 Intego All Rights Reserved http www intego com manuals en vbs virusbarrier server 3 user manual html 3 14 12 6 42 02 PM Welcome to VirusBarrier Server 3 VirusBarrie Server 3 Welcome to Intego VirusBarrier Server 3 e Controlling Malware on a Mac OS X Server e VirusBarrier Server 3 Features e Installing VirusBarrier Server 3 e Running VirusBarrier Server 3 in Evaluation Mode e Connecting VirusBarrier Server 3 to Remote Servers e Updating VirusBarrier Server 3 Virus Definitions e About Your Copy of VirusBarrier Server 3 Go to Main Table of Contents Controlling Malware on a Mac OS X Server System administrators are well aware of the threat of viruses and malware on a ser
28. MultifEbcar devected in file icar caom 4 2 10 12 11 19 PM File eicar com was removed from the quarantine zone 4 2 10 12 07 25 PM File eicar com was added to the quarantine zone 4 2 10 12 07 25 PM Mahware MultifEicar derected in file sitar com 4 2 10 11 55 28 AM E Scan completed on Computer scanned 112 462 infected 0 corrupted 0 re 4 2 10 11 55 28 AM Scan stopped on objects xib 4 2 10 11 53 00 AM E Scan started on Computer i 4 2 10 11 52 33 AM File eicar com was removed from the quarantine zone 4 2 10 11 51 46 AM File eitar com wat added to the quarantine zone 4 2 10 11 51 46 AM Mahware MultifEicar detected in Ale eicar com 4 2 10 11 51 46 AM File ugGFol com part was removed from the quarantine zone B 4 2 10 11 51 46 AM File MugGFol com part __ was added to the quarantine zone 4 2 10 11 51 46 AM Mahware Multi Eicar detected in file XugGFoi com part 4 2 10 11 51 35 AM File ican com was removed from the quarantine zone i 4 2710 11 51 79 AM File ei ar com was added to the quarantine zone Fetch Remote Log Entries Your subscription ends in 12 months EE There are two ways you can display log information In the example above log entries are shown in linear order each one taking up one line You can click the second button at the top left of the window and display log entries in hierarchical order where disclosure trian
29. Trusted Files Schedules Firewall Antivandal Logs _ Firewall Rules Trojan Firewall Settings Client local server Mode Simple GIE O vo aici e Nime Interface Source Destination Serice jal o1 Ary Local Network Ol My Mac i Connected Services amp O amp No network oz v Any QA internet iD My Mac if Connected Services Q 02 iv Any Internet Dy My Mac oF All oo e J Client theal server 04 Any My Mac amp Internet fe All oO connect to your Mac as a server You still have access to the Internet O GE Client only Only computers on your local network can OQ gt Server a on http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 In this example the Client local server setting shown has four rules e The first allows the local network to access your server through all Connected Services that is TCP connections that involve back and forth communications such as serving files from your server e The second rule however forbids such connections from the Internet at large preventing your server from acting as a server to an unknown computer outside your local network e The third rule allows all other communications from the Internet to your server e The fourth rule allows all communications from your server to the Internet The
30. allation packages that must be installed on your server http www intego com manuals en vbs 1 Welcome to VirusBarrier Server 3 html 3 14 12 6 42 39 PM Welcome to VirusBarrier Server 3 They include o RMCClient pkg o CommonServices pkg o Netupdate pkg o VirusBarrier Server 3 pkg You must install the CommonServices pkg package to use any Intego software You can install these files directly on the server if you can access it in this manner by simply double clicking the installer files and following the instructions the standard Apple Installer application carries out the installation The folder also contains a Read Me file for further instructions e Manuals This folder contains links to on line user manuals To install VirusBarrier Server 3 using Apple Remote Desktop 2 x or 3 x Open Apple Remote Desktop Select all the target servers Choose Manage gt Install Packages Select the Intego packages you want to install Click Install uw BW Ww N e To install VirusBarrier Server 3 using command line tools 1 Copy the packages to the remote server using ftp afp or scp 2 Use the installer command line tool to install each package sudo usr sbin installer pkg path to package pkg target 3 Restart the server To uninstall VirusBarrier Server 3 use the uninstallation shell scripts included in the Remote Installation Packages amp Utilities folder of the VirusBarrier Server 3 CD They are e uninstall_a
31. alware with Intego VirusBarrier Server 3 Configuration default He Protection OFF TT on _ Quarantine Trusted Files Schedules Firewall Antivandal Logs Real Time Scanner Advanced Active Scans Mail Gateway _ Real Time Scanner OFF ON The Real Time Scanner protects your Mac at all times When a malware is found Put in Quarantine Zone _ Repair i l r a E E O Send an e mail Configure e mail Remove quarantine marker after scanning uninfected files Removing the quarantine marker will reduce the number of alert dialogs produced by the Finder when double clicking on applications Your subscription ends in 12 months C e If you are on the server you can choose the Intego menu in the menubar then choose VirusBarrier Server 3 gt Real Time Scanner http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 About your Intego Software NetUpdate Next scheduled check Wednesday April 7 2010 7 18 AM ContentBarrier p B FileGuard 3 a Personal Antispam P Personal Backup p Scan Settings Real Time Scanner Scan Archives VirusBarrier Server 3 Firewall Firewall Settings fs Trojan Configurations wv default Open Logs Open VirusBarrier Traffic Monitor Open VirusBarrier X6 Running Scheduled Scans VirusBarrier Server 3 can also be
32. ault choice Check for updates on Intego s server should be used in most cases But if you are working on a network and have multiple user licenses for Intego products you can choose a NetUpdate folder anywhere on your network To do this select Check local or network folder and click the Select button to select a folder or enter the folder s path in the text field If you use a local NetUpdate folder on a remote volume this volume must be mounted on each computer at check time to access the NetUpdate archives To use a local NetUpdate archive folder first download update files to one computer From NetUpdate on your server select the update you want to download by checking it in the update list then select File gt Download Item to and copy or move them to the NetUpdate archive folder you have set Note when updating Intego software via update files located in a local NetUpdate folder NetUpdate needs to check with the Intego server to verify the subscription rights of the program being updated Computers updating Intego software in this manner therefore need to be able to access the Internet e Display This section comprises four checkboxes http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations o If no program updates are available only display subscriptions If this is enabled only subscriptions display in NetUpdate s windo
33. cal network Rule 3 allows traffic from a local network but since it s in 3rd position it is not applied the 1st rule takes precedence For rule 3 to be applied it needs to be moved to the top of the rule list To do this select the rule and drag it to the appropriate position s Name Interface Source Destination Service ivi htetwork ATTY p Locat Network TE tty eter e 1 A Rh Any Gs Internet oy My Mac 02 M Output Any My Mac Q Internet Sf All 03 Network Any amp Local Network m My Mac Editing and Deleting Rules To edit a rule select the rule by clicking it then click the button with the pencil icon at the bottom of the list The Rule Editor will open and you can make any changes you want to this rule When you have finished making changes click OK to save your changes If you decide you do not want to save the changes click Cancel To delete a rule click the rule in the list of rules then click the button at the bottom of the list Using the Rule Contextual Menu http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 VirusBarrier Server 3 lets you make changes to Firewall Rules quickly through a contextual menu You can use this contextual menu to add new rules to edit existing rules or to change rule characteristics on the fly To see this contextual menu right click on a rule U2
34. ch to Dashboard As with the VirusBarrier Traffic Monitor application you can move the window or change the type of activity displayed The VirusBarrier Server 3 Traffic Monitor Screen Saver VirusBarrier Server 3 installs a screen saver that gives you an overview of network activity when your computer is http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools otherwise idle In addition if your Macintosh is running as a server you can use this screen saver to keep an eye on its network activity To use the VirusBarrier Server 3 screen saver open the System Preferences from the Apple menu click on Desktop amp Screen Saver and click the Screen Saver tab Select VirusBarrierSaver in the screen saver list ane Desktop amp Screen Saver gt Show All Desktop Screen Saver Screen Savers Preview ry Arabesque ry Lomputer Name al Flurry ry iTunes Artwork 9 RSS Visualizer Fy Shell ry Spectrum ry Word of the Day Pictures Other E J VirusBarrier5aver Gee Options T Use random screen saver Eil Show with clock Start screen saver Be e a Hot Corners a The preview screen only shows all traffic however it will show traffic broken down by service when actually running Click Options to choose the order in which services are displayed http www intego com manuals en vbs 5 Monitorin
35. ckly create a rule to control information to and from common services and programs To do so click the button at the bottom of the Rule list and hold your mouse button down for a second You ll be able to choose from a popup list of the most common services A rule governing your selection then appears in the Rules list Edit America s Army Call of Duty E The Rule Editor lets you create rules of much greater variety and complexity To see it click the button at the bottom of the list of rules New Rule untitled rule 1 untitled rule Options Log Stop Evaluating Rules oo a Schedule Edit Source Internet he Destination Service Interface VirusBarrier Server 3 s Rule Editor allows network administrators to quickly and easily define and implement a http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 comprehensive security policy It is extremely flexible and allows you to define an unlimited number of rules in seconds To create a rule you need to specify details in six areas e Rule Name Logging Evaluation and Schedule e Rule Source e Rule Destination e Rule Service e Rule Interface e Rule Action Rule Naming Logging Evaluation and Schedules At the top of the Rule Editor is a field where you can name this rule Just below it is t
36. computer while the action is carried out If an action fails the Result column shows an error message explaining why Adding Servers to the Browser VirusBarrier Server Admin uses Bonjour to automatically detect all Mac OS X computers on a local network where the RMC client is installed All servers accessible locally therefore display automatically in the Browser The best way to manage Macs outside your local network with VirusBarrier Server Admin is to create a VPN tunnel between the administration computer and remote servers If you do this remote computers will display in the Server list via Bonjour You can also add Macs to the Server list manually To do this click the plus button below the Server list A dialog displays asking you to enter a server name and address http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 Enter the name and address of the remote server G _ Address You can enter any name you wish for the server this is the visible computer name that will display in the Server Information tab of the browser Enter an IP address for the remote computer You must have direct access to a remote server to add it in this manner if the server is behind a router you must set up port mapping so ports 8500 and 8502 TCP are mapped to the remote server Once VirusBarrier Server Admin has detected a server or once you have added one
37. d network volumes and have scans run automatically when certain events occur such as following updates to virus definitions Automatic Repairs Quarantine or Deletion of Infected Files You can choose how VirusBarrier Server 3 acts when malware is found It can repair infected files automatically quarantine them until an administrator can check them or delete infected e mail messages Scan Logs VirusBarrier Server 3 provides complete logs of all activity including the names and locations of malware and suspicious files it finds It can send e mail notifications to the recipient of your choice alerting you to the presence of infected files as soon as it detects them Firewall Features With VirusBarrier Server 3 s powerful two way firewall you can use basic settings or set up complex rules which allow you to filter network traffic granularly Full logs show incoming and outgoing traffic and the program s Antivandal feature steps in automatically when certain types of attacks are detected NetUpdate VirusBarrier Server 3 works with Intego s NetUpdate which manages program updates and new threat filters automatically You can set the update frequency in NetUpdate itself so the program checks for updates daily weekly or monthly For more details see the Intego Getting Started Manual VirusBarrier Server 3 Features VirusBarrier Server 3 offers General Features e A GUI administration console e Detailed logs of all infected fi
38. dar icon in the rule list Rule Sources and Destinations When defining rules the Source is the entity that sends data the Destination is where the data goes You can choose from a list of four sources and destinations for any rule However VirusBarrier Server 3 will not allow you to choose the same source and destination for a given rule If you try VirusBarrier Server 3 will correct the error Source My Mac B a T 7 Destination Internet These four Sources and Destinations are available by default e My Mac Your computer e Local Network A local network that your computer is connected to http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 AirPort Network A wireless AirPort network that your computer is connected to e Internet The Internet in addition to any local network you may be connected to effectively all networks You can create new sources and destinations to use in your rules This allows you to specify exactly which computers you wish to have your server communicate with To create a new source click the button to the right of the Source or Destination popup menu In our example we ll create a new Source however once it s created it will also show up in the list of possible Destinations V Destination Internet W The New Net
39. e face 7 Part 1 of 1 Type Specific B Port Ethernet B BSD Name en index Typical interfaces are e Airport Wireless networking e Built in Ethernet Wired interface commonly used for networking e Built in FireWire Wired interface commonly used for peripherals such as a hard drive but which can also be used as a network interface The BSD Name and Index number are the identifiers used by the Unix layer of Mac OS X You can set these manually if you need to You probably won t have to and shouldn t change them if you don t understand what they are If other interfaces are present in your server an Other option will also be available Rule Actions Two actions are possible for any rule Allow or Deny Select the action you wish to use for your rule by checking the appropriate radio button at the bottom of the Rule Editor window Allow fe cy C Deny Allow STOP Deny Finally click OK to add this rule to your VirusBarrier Server 3 firewall rules Multi Part Sources Destinations Services and Interfaces Rule sources destinations services and interfaces can have several parts You can for example dictate that traffic from several specific IP addresses be banned listing each one separately in a given Source When you create or edit a source destination service or interface you see a bar at the top of the window that looks like this Part 1 of 1 http www intego com manuals en
40. e network log shows a record of all network activity that VirusBarrier Server 3 has observed as well as all intrusion attempts that VirusBarrier Server 3 has blocked You can apply filters to it on several criteria to highlight issues of interest http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Click the Network button to display the network log window then click Fetch Remote Log Entries to tell VirusBarrier Server Admin to retrieve log entries for the currently selected server Configuration default HH Esa Protection OFF on Schedules T a eS O Source Address Sean Settings Quarantine Trusted Files Firewall Antivandal Mode CD Expert Display GUP General Firewall Networking Resolve Names Yes GOED Dated Time heDWork Address Kind 4 7 10 12 10 13 PM Connection to TCR NetUpdate 4 7 10 12 10 12 PM Connection to TOP HTTP web service 0 O 4 7 10 12 10 09 PM Connection to TCR HTTP web service 4 7 10 12 10 06 PM Connection to TCP HTTP web service 4 7 10 12 10 02 PM Connection to TEP HTTP web service 4 7 10 12 09 39 FM Connection to TCR HTTP web service 4 7 10 11 56 09 AM Connection to TCP NetUpdate 4 7 10 11 53 34 AM Lonnecton to TEF NetUpoate 477 10 11 51 55 AM Connection to TCP NetUpdate 4 7 10 11 50 43 AM Connection
41. e rule to be enabled When you first create a rule the rule will always be active If you wish to have the rule enabled or disabled at certain times select Enabled or Disabled from the popup menu and select one of the time intervals in the list http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Schedule Default rule stare Enabled vied Disable rule Every Week PF On W Monday E From 8 00AM to 9 00 Am E Three options are available in addition to Never e Every Week allows you to change the rule s schedule so it is enabled at a fixed time every week such as every Monday at 8 00 am e Every Day enables the rule at a specific time every day e From allows you to disable or enable the rule for a specific period of time by specifying the beginning and ending time You can schedule additional times for rules to be enabled or disabled using the button For example if you need a rule to be disabled only during office hours on Mondays and Tuesdays you can set these two days in the Schedule window To remove a scheduled time from the list click the button to the right of the item Schedule Default rule state Enabled W Disable rule Every Week HA On 4 Monday HH From 8 00 am E Every Week ie On fa Tuesday EE From 8 00AM Se SS Cancel Scheduled rules are displayed with a calen
42. er other Trojan horses open back doors in your computer that allow hackers to take control of it or steal files In addition VirusBarrier Server 3 recognizes the actions of Windows Trojan horses so if you are running Windows in virtualization with a program such as VMware Fusion or Parallels Desktop and sharing your server s Internet connection in NAT mode you ll be protected To see VirusBarrier Server 3 s Trojan Horse controls click the Trojan tab at the top of the Firewall screen Configuration default r Protection OFF J ON Firewall Rules ECER Trojan Horse Protection OFF i ON Ware TEP UGP Acid Shivers ur Amanda iF Back Orifice i Balde Runner ur Bugbear CarbonKeys Deep Orifice we Beep Throat Gonaldi Evil FTP GateCrasher Hack Girirriengd Hack Hack a Tack HcliBaiser Server X In Command Ingresiock Millenium Wire Mosucker Matrem Trt ir Motus a cececertcrtcetercrcetec bramke All Disabbe A Your subscription ends in 12 months C j To turn on Trojan horse protection set the Trojan Horse Protection slider to ON then click the checkboxes of individual Trojans to select them The Enable All and Disable All buttons at the bottom are handy shortcuts that select or deselect all checkboxes at once You can also enable Trojan blocking for an individual Trojan horse or for all Trojan horses by right clicking on the name of a Trojan and choosing the approp
43. er Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 AnA VirusBarrier Server Admin 1 Serial Numbers Console Log Product E NetUgdare j Virusfarrier Server 3 Consec all Select a product i Server Server Server Information Intego Products Server Log Software Operating System Version 10 6 3 Bulld 100573 Kernel Version Darwin Kernel Version 10 3 0 RMC Client Version 10 4 6 Computer Name Server Visible Computer Name Se Er Hardware _ Bud Speed 600 MHE Computer MacBook Processor Speed 1x intel Core 2 Duo 2 20 GHz Physical Memory 4 00 GB Seria Wumber Network Bullt in Ethernet ID IP Address N Subnet Mask Nji When the Browser tab is active VirusBarrier Server Admin displays the Server list which shows a list of servers that you can manage If you click on a server in the Server list VirusBarrier Server Admin displays detailed information about that computer in the Server Information tab VirusBarrier Server Admin displays the following information about servers e Software this section displays the operating system version and build the kernel version the RMC Client version an RMC Client component must be installed on the server with VirusBarrier Server 3 to ensure remote management the computer name as set on the server and the visible computer name You can change this visible computer name by replacin
44. erver 3 s virus definitions The Serial Number column shows you if any serial numbers are not recognized which also includes serial numbers you have not yet added to VirusBarrier Server Admin for specific products or if a serial number is not needed as is the case for Intego NetUpdate If a product displays Running in demo mode in the Serial Number column then you haven t yet entered its serial number and it is still within the 30 day evaluation period The Server Log tab shows which actions have been performed on the selected server This log displays the Date amp Time the Intego program that has been acted on Product the Type of action and the Result of the action whether it was successful or not r O Server Server Server Information Intego Products VirusBarrier Server Admin actions taken on the selected workstation Date Time Preduct Type Result 3 31 10 11 32 51 AM G NetWpdate Read remote preferences B Success 3 31710 4 01 22 PM VirusBarrier Server 3 Read remote preferences Success 2 31 10 4 36 40 PH VirutBarrier Server 3 Read remote preferences Success 3 31 10 4 36 42 PM NetUpdate Read remote preferences F Success i Two icons display in the right hand column of the Server Log list a green icon indicates that the action was successful and a red icon that the action failed Actions such as reading or writing preferences may fail if there is a connection failure with the remote
45. erver 3 to scan all folders for all users on your server o The third popup menu lets you choose whether you want to perform the operation daily weekly or http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 monthly If you select daily you ll be able to choose the time you prefer select weekly you ll also choose your preferred day select monthly you ll choose which day of the month You can create multi part schedules for example to scan your Users folder every night and your entire server once a week To do so click the button to the right of the schedule item another schedule item will appear beneath it Make changes in that schedule item as you like You can add as many schedule items as you like this way to remove one of them click the button next to it Schedules Eil Enable schedules Scan E Documents daily m Pii Scan E weekly on Saturday at 1 00 AM 5 te The order of schedule items is not important if you ve scheduled two scans to run at the same time they will occur simultaneously To turn off all pending schedules uncheck the Enable schedules button Scan Settings VirusBarrier Server 3 gives you a number of options to tell the program how it should scan your server what types of files it should scan and what types of malware it should look
46. esn t permit you to change the rules or any of their parts To do that you need to enter the Firewall screen s advanced mode To do so click the Firewall tab and then click Advanced http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 WirusBarrier Server 3 SIN recognized Configuration default E EJ Protection OFF a ON _Scan Settings Quarantine _ Trusted Files Schedules Firewall Antivandal Logs Firewall Settings No restrictions Mode fai Interface Source Destination Any Internet O My Mac amp No network C My Mac A internet 4 No restrictions gt Client local server lt gt Server only 0 gt Client only As stata Your subscription ends in 12 months Revert Apply WARNING Changing these settings could dramatically affect your computer s ability to access local networks and the Internet You should only use advanced mode if you fully understand its effects and how it functions In simple mode clicking any of the five preset firewall settings displays an animation in advanced mode you see the details of each setting s rules In addition hovering the cursor over any of the preset settings for a few seconds displays a text that briefly describes what it does Sean Settings Quarantine
47. ess major upgrades If you check this option NetUpdate will also install major upgrades if these upgrades are available to you free of charge Note that you must have Background update checked in order to access this option The Preferences pane has the following controls http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations aa A A Virus Barrier Server Admin Browser Serial Numbers Console Log Netwpdate WeusBarrier Server 3 Connie all ho SN needed Scheduling Preferences identification E mail admingexample com Fiian sesenae Verify os cone Please enter your e mail adress and select a password to identify yourself with the NetUpdate server Updates Check for updates on Intego s server C Check for updates in local or network folder Display Show updates only for installed products iv Show available program upgrades it After checking display an alert whenever updates are available E mail notification and warnings _ Notify when new updates become available Send information about new Intego products ral Warn me when my subscriptions expire e Identification Enter an e mail address and password to identify yourself with the NetUpdate server If you need to change the e mail address you can do so here e Updates You can have NetUpdate check for new software in two locations The def
48. ffic in real time VirusBarrier Traffic Monitor _ j 1 4 k 0 84 AE 45 77 GB Network activity also appears in the VirusBarrier Traffic Monitor icon you see when you switch among applications by pressing Command Tab To return VirusBarrier Traffic Monitor to its window right click on the VirusBarrier Traffic Monitor Dock icon and choose Show in Window When VirusBarrier Traffic Monitor displays in the Dock you can change its display by right clicking on its Dock icon and selecting a different service from its Dock menu http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools 4D Server Apple Rem Desktop AppleShare IP DNS FileMaker FTP HotLine iChat AIM ICO iTunes Music Sharing Mail NetUpaate News Retrospect Telnet Timbuktu Web WebSTAR 4 Adm WebSTAR V Adm All Show in Window Options gt gt Keep in Dock Open at Login Show in Finder Hide Quit The Keep in Dock selection makes the VirusBarrier Traffic Monitor icon a permanent fixture in the Dock even when the program is not running so you can open it just by clicking its Dock icon The Open at Login selection starts the program each time you start a user s session on your server VirusBarrier Traffic Monitor Preferences Several preference settings affect the behavior of VirusBarrier Traffic Monitor To set them go to VirusBarrie
49. five preset firewall settings are locked for convenience and stability you can t change their rules or the order in which they appear But VirusBarrier Server 3 gives you two ways to create additional customized settings through the program s Firewall Assistant and manually In either case the first step is to click the button below the list of settings You ll see a new setting appear named untitled settings Click it and type any name you prefer then press Enter or Return to make the change permanent E3 amp gt Client only Sy My firewall settings Gates Edit a etn Edit Note that you ve only created this setting but have not enabled it yet It s a good idea to not enable firewall settings until you have finished adding all your rules To make it the active setting click the radio button to its left Creating Rules with the Assistant VirusBarrier Server 3 contains an assistant to help you create your own custom firewall rules With this assistant you can create your own rules with just a few mouse clicks While not all of VirusBarrier Server 3 s rule features are available when you create rules with the assistant it can cover most of your needs If you need more customization you can edit rules manually after creating them with the assistant The VirusBarrier Server 3 Assistant walks you through a series of steps to create your rule e Introduction e Name and Behavior e Communication Direction e Service e
50. g Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Display options Services are displayed in the order listed Drag a service to change its order All FTP Web iTunes Music Sharing Mail Apple Rem Desktop AppleShare IP NetUpdate 4D Server DNS Cancel Drag them into the order you want The number of services displayed depends on your screen resolution and the number of screens you have therefore the ones most important to you should be listed first For more on screen saver settings see the Mac OS X help Protecting Your Server from Network Attacks VirusBarrier Server 3 Preferences and Configurations 2009 Intego All Rights Reserved http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Intego VirusBarrier Server 3 Preferences and Configurations VirusBarriel Server 3 VirusBarrier Server 3 Preferences and Configurations e VirusBarrier Server Admin Preferences e NetUpdate Scheduling Preferences e Working with Configurations Go to Main Table of Contents VirusBarrier Server Admin Preferences VirusBarrier Server Admin preferences only offers one option the choice of whether the program asks for an administrator password on launch To access this setting choose VirusBarrier Server Admin gt Preferences and check the option http www intego com manuals en vbs 6 Preferences and Configurations htm
51. g the text in this field e Hardware this section shows the type of computer the processor and bus speed the amount of RAM installed and the computer s serial number e Network this displays the server s Ethernet or MAC address IP address and subnet mask A colored icon appears before the names of the computers in the server list Three colored icons may appear in this column e Green VirusBarrier Server Admin is connected to the server e Red VirusBarrier Server Admin is not connected to the server the server is not available on the local network e Orange VirusBarrier Server Admin is not connected to the server the connection has failed If any servers do not respond you can attempt to reconnect to them by clicking the Connect All button http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 The Intego Products tab which displays when the Browser tab is active and a server is selected shows a list of all Intego products available on the selected server their version numbers and their serial numbers Server Server Server Information integoProducts Server Log The following Intego products can be managed Product Y rsig Serial Abuser KewWpdate 10 5 3 No S N needed ri WirusGarricr Server J 0 6 5 V Dels Mar 30 2010 The Version column shows both the version of the Intego product and the date of the last update to VirusBarrier S
52. gles group related entries Protection OFF A on Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Network m Comment User mo argo Laga PH Maring Real Time scanner il O Filter Display 472 10 3 20 11 Pe Starting Real Time scanner i 472 10 12 11 15 PM Mahware MultifEicar detected in file eitan oam bgi l0 1207 25 PM Mahware MultifEicar derected in file eitar com i 2 10 11 55 28 AM E Scan of Computer scanned 112 462 infected 0 corrupted 0 repaired 0 4 2 10 11 52 33 AM File eitar com was removed from the quarantine zone i 42 10 11 51 46 AM Mahware MultifEicar detected in file eitan cam Pr 4 2 10 11 51 46 AM Malware Multi Eicar detected in file MugGFoi com part i amp 4 2 10 11 51 29 AM Mahwane Multi Eicar devected in file icar com e b 4a f2 10 11 51 26 AM Mahware MultifEicar detected in file eitan com 4 2 10 10 51 23 AM Mahware Multi Eicar detected in file jeffcom A 4a f2 10 11 46 13 AM Mahware MultifEicar detected in file eicar com 4 2 10 11 46 11 AM Mahware MultifEicar detected in file O iSe6E com part E 4 2 10 11 39 24 AM Starting Real Time scanner iF 4 2 10 11 11 54 AM E Sean of Computer scanned 70 321 infected 0 corrupted O repaired 0 i 4 2 10 11 11 47 AM Scan of Computer scanned 68 371 infected Q corrupted O repaired 0 4 1 10 2 25 14 PM Stopping Real Time scanner
53. he Log checkbox If you check the Log box an entry is added to the VirusBarrier Server 3 log any time this rule acts a small red dot to the right of the rule s name in the Rules list indicates that the rule is logged If this box is not checked this rule is not logged Name untitled rule 1 Options _ Log Schedule Edit If the Log checkbox is checked the Stop Evaluating Rules checkbox will be available and is checked by default These two settings in tandem are a powerful way to troubleshoot a network without hampering its traffic WARNING If you can t figure out why some of your rules aren t taking effect look at the rules above it and ensure that the Stop Evaluating Rules checkbox is off for each of them To edit the Schedule click the Edit button The Schedule window displays Schedule Default rule state Enabled ned Disable rule Cancel oks The Default rule state is set to Enabled which means that your rule is activated If you set it to Disabled VirusBarrier Server 3 does not use this rule You may want to have certain rules active in one configuration and not another For more on using configurations see the Working with Configurations section of Chapter 6 Intego VirusBarrier Server 3 Preferences and Configurations If your default rule state is Enabled you can set specific times for the rule to be disabled If your default rule state is Disabled you can set specific times for th
54. iguration that sends you e mail messages when any intrusions occur for when you are not at your computer You see configurations when the Browser pane is active VirusBarrier Server 3 comes with one configuration called default You can t delete this configuration Poh AAL QW ae Fe e AA ii Serial Numbers Con Server A Server l NetUpdate S VirusBarrie Connect all Configuration default E24 Quarantine Trusted Files Schedules Real Time Scanner Acti Real Time Scanner OFF ON The action button next to the list lets you duplicate edit remove and hide configurations http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations Configuration My configuration Set as Active Configuration Duplicate Configuration S Edit Configuration Remove Configuration Real Time Scan Real Time Scanner OFF E ON gt The Raal Tima Sranner protects vour Mar at all times Creating Editing and Deleting Configurations You create a new configuration by clicking the action button and selecting Duplicate Configuration from the pop up menu that appears This new configuration has the same name as the one you duplicated with the word copy appended Rename it by clicking the action button and selecting Edit Configuration from the pop up menu A window appears Configuration
55. ime Scanner Settings In normal operation you will not need to disable the Real Time Scanner this is only useful for troubleshooting when you have a problem or to speed up the transfer of files that you know to be safe You can disable the Real Time Scanner either by moving the switch to OFF or from the Intego menu by selecting VirusBarrier Server 3 gt Real Time Scanner When malware is found Your options are e Put in Quarantine Zone this ensures that the file cannot be opened or read See the Quarantine Zone section below for more about using the Quarantine Zone e Repair this tells VirusBarrier Server 3 to attempt to remove the malware If for any reason the file cannot be repaired it will be placed in the Quarantine Zone In addition you can choose to have VirusBarrier Server 3 send you an e mail whenever it discovers a virus To set this up check the Send an e mail checkbox then click the Configure e mail button next to it Enter the necessary information for your e mail account in Mail Settings dialog that displays The last section of the Real Time Scanner settings tab Remove quarantine marker after scanning uninfected files tells VirusBarrier Server 3 to remove the Mac OS X dialog warning that asks you whether you re sure you want to open downloaded files Archive Settings VirusBarrier Server 3 can look inside several popular types of archives scanning not only the archive file itself but also the files that it co
56. ing Broadcast Attacks i al Port Stans E rmail SYN Flooding Settings Configure ree Policy Ml Use same pedicy for all types of protection H Options Your subscription ends in L2 month eee e Stealth mode prohibit ping replies If this is checked your computer will be invisible to other computers on the Internet or on a local network You will not however be anonymous any requests you send to other hosts will include your computer s IP address e Stop unknown protocols If this is checked VirusBarrier Server 3 automatically blocks any unknown protocols e Deny Apple Remote Desktop Control If this is checked VirusBarrier Server 3 blocks all access to your server by Apple Remote Desktop software e Allow PORT mode FTP transfers If this is checked you will be able to make FTP transfers when functioning in Client Only firewall mode The second part of this screen allows you to be notified by e mail when an attack is detected see the previous section for more information Unifying Policy Options Each type of intrusion has settings that determine what actions are taken when that type of intrusion is detected The Use same policy for all types of protection checkbox unifies all notifications and actions With this box unchecked you could for example choose to receive an e mail when a buffer overflow attack is detected but not when an intrusion attempt occurs Checking the box tells VirusBarrier Server 3 that you want
57. irusBarrier Server 3 also give you the option of scanning files and volumes from the command line The following describes the use of this command Library Intego virusbarrier bundle Contents MacOS virusbarriers rtcCaz lt pathname_to_scan gt The following options are available a Scans all files or other mount points in Volumes o Counts files before scanning C Counts files but does not scan oa Ok Performs a quick scan ace Repairs infected files s Uses Turbo Mode since the previous scan T Scans all but trusted files o Scans compressed archives including those lt pathname_to_scan gt This is required it can be a lt current_directory_pathname gt This is optional directory if a relative path is used as the first Example lt current_directory_pathname gt including those symlinked to other volumes scans only those files that have not been modified in e mail attachments relative or absolute path it is the current working argument Library Intego virusbarrier bundle Contents MacOS virusbarriers tacz This scans all volumes for which the user has read permission archives and counting the number of files to scan before beginning you can scan all files the command preceded by sudo and authenticate scanning If you run You can also define aliases to simplify the use of this command http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 4
58. its direction and service Click the Next button below to continue Previous o Enter a name for your rule in the name field then select the behavior for the rule Allow data or Deny data If you select Allow data the rule will allow data matching its direction and service to pass If you select Deny data the rule will block data matching its direction and service Communication Direction This screen lets you choose the communication direction and which host initiates the communication http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Firewall Assistant Communication Direction Introduction Name and Behavior This rule will affect connections with Direction B Service B Options B Conclusion any other computer C com puters on my local network C computers on the default AirPort network computers on this custom network and when the connection is initiated by E my Mac Fh __ the other computer Click the Next button below to continue a Previous First in the This rule will affect connections with section select a remote host You have four choices for the remote host e Any other computer Any computer other than your server e Computers on my local network Any computer on the same local network as your server e Computers on the default AirPort network An
59. kinds of intrusions e Protects against network attacks e Protects against ping floods port scans and more e Simple and advanced firewall modes e Offers customizable firewall rules e Logs display real time network activity with domain name resolution e Blocked Addresses and Trusted Addresses lists store friendly and malicious IP addresses e Offers a choice of defense policies with advanced options for intrusion protection e Individualized security policies for network attack prevention Installing VirusBarrier Server 3 VirusBarrier Server 3 requires Mac OS X 10 5 or later or Mac OS X Server 10 5 or later running on an Xserve or any other Mac configured as a server E mail scanning is only available on Mac OS X Server s built in e mail server VirusBarrier Server 3 comes as a set of pkg files which you can install on remote servers using Apple Remote Desktop or command line tools Before installing you must accept the terms and conditions presented in the License file Your CD has three folders e VirusBarrier Server Admin This is the program you will use on a remote computer or on your server to administer VirusBarrier Server 3 on the server To install VirusBarrier Server Admin open the VirusBarrier Server Admin folder then double click the VirusBarrier Server Admin mpkg file and follow the instructions You will have to restart your computer after this installation e Packages amp Utilities This folder contains remote inst
60. king it then selecting Remove from the resulting contextual menu From this contextual menu you can also move an address from the Blocked Addresses list to the Trusted Addresses list or vice versa http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Addresses in the list below will be blocked for both incoming Intruder 4 Remaining Time 192 168 1 200 0 00 08 38 H 192 168 1 255 h Copy to Clipboard Rea Edit Leal Ti Remove e Switch to Trusted Addresses 3 Editing an Address There are three ways to edit an address in the Blocked Addresses or Trusted Addresses list e Click the address you would like to edit then click the Edit button at the bottom left side of the pane e Double click the address or e Right click the address then select Edit from the contextual menu The Blocked Trusted Addresses Editor window appears You can change the address add or change comments or change the amount of time you want the item to remain on the Blocked Trusted Addresses list Protecting Your Server from Viruses and Malware Using VirusBarrier Server 3 Monitoring Tools 2010 Intego All Rights Reserved http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Using Intego VirusBarrier Server 3 Logs and Monito
61. l 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations Preferences Security Fal Ask for administrator password on launch NetUpdate NetUpdate allows you to check for program updates via the Internet rea a Check now a Last Check 3 30 10 8 09 PM VirusBarrier Server Admin updates Installed Version 3 0 Last Check Version 10 5 9 These preferences also give you access to NetUpdate a program that checks if any Intego programs have been updated This program is installed at the same time as VirusBarrier Server Admin or other Intego programs It checks for updates for all Intego programs at the same time and can download and install updates for the programs installed on your computer To check for updates click Check Now For more on using NetUpdate see the Intego Getting Started Manual NetUpdate Scheduling Preferences Through the VirusBarrier Server Admin program you can set how Intego NetUpdate checks for new versions of your Intego software To do so 1 Click the Browser tab 2 Click your server in the upper left pane 3 Click NetUpdate in the upper right pane The Scheduling pane provides access to the following controls http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations ANALA VirusBarrier Server Admin
62. l server VirusBarrier Server 3 s firewall allows your server to function as a client and local network server Your server can access the Internet as a client computer but not as a server and as both a client and server on a local network e Server only VirusBarrier Server 3 s firewall allows your server to function only as a server all client functions including your ability to surf the Internet from this computer are blocked e Client only VirusBarrier Server 3 s firewall allows your server to function only as a client on a local network or the Internet The server and file sharing functions of your server are blocked These five settings are sufficient for most uses but if you want more granular control over the firewall you need to switch to VirusBarrier Server 3 s Advanced mode Advanced Mode VirusBarrier Server 3 also offers an advanced firewall mode you can use to create your own rules to choose exactly which types of traffic you want to allow or block to and from your server For more on using Advanced Mode see Creating Custom Firewall Rules http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Trojan Horse Protection VirusBarrier Server 3 knows how to spot the actions of the most common Trojan horses and stop them in their tracks Some such programs send information about users browsing habits to a central serv
63. les sent automatically to administrators e Full logs allow users to audit all network activity e Stores logs in the Apple system log facility e Automatic updates of program and threat filters via Intego NetUpdate http www intego com manuals en vbs 1 Welcome to VirusBarrier Server 3 html 3 14 12 6 42 39 PM Welcome to VirusBarrier Server 3 Malware Protection e Detects and eliminates all known Mac viruses and malware e Scans files for Windows and Unix viruses e Protects against Trojan horses e Protects against adware hacker tools dialers keyloggers and more e Repairs infected files e A full quarantine zone to isolate infected files e Scans all files written to or opened on the server e Scheduled scans of local and network volumes e Automatic scans after virus definitions are updated or when volumes are mounted e Command line control for remote scans e Trusted Files zone to disable Real Time scanning on selected files or folders e Scans of all e mail sent and received via the Mac OS X Server e mail server e Notifications of infected e mails sent automatically to administrators e Scans compressed files and archives e Archive scanning can be activated by archive type e Scanning for Windows viruses can be deactivated e Suspicious file analysis by the Intego Virus Monitoring Center e Turbo Mode technology for faster scans Network protection e Controls incoming and outgoing TCP IP traffic and data e Protects against all
64. ll command which uninstalls all components of VirusBarrier Server 3 e uninstall _VirusBarrier command which uninstalls only the VirusBarrier X6 client program e uninstall _VirusBarrier_Server command which uninstalls only the VirusBarrier Server Admin program You can run these scripts by double clicking them on the server from which you want to uninstall the software or by running them from Terminal Running VirusBarrier Server 3 in Evaluation Mode VirusBarrier Server 3 offers an evaluation mode to allow you to discover how the program works before purchasing it When VirusBarrier Server 3 runs in evaluation mode it functions for 30 days during which it will not repair any files Connecting VirusBarrier Server Admin to Remote Servers For VirusBarrier Server Admin to be able to connect to remote servers it must be able to accept connections through ports 8500 and 8502 TCP If servers use a firewall including that which is part of VirusBarrier Server 3 this port must be open for VirusBarrier Server Admin to be able to access the servers http www intego com manuals en vbs 1 Welcome to VirusBarrier Server 3 html 3 14 12 6 42 39 PM Welcome to VirusBarrier Server 3 Updating VirusBarrier Server 3 Threat Filters VirusBarrier Server 3 uses Intego NetUpdate which is installed with the program to provide updates to the program s threat filters as well as to the program itself For information on using NetUpdate see the Intego Getti
65. ll reduce the number of alert dialogs produced By the Finder wh n double clicking of applications Your subscription ends in 12 months Revert Apply These screens which are very similar to those in VirusBarrier X6 give you access to the many ways that VirusBarrier Server 3 can protect computers on your network Details on changing these settings are found in the remaining sections of this manual Turning Protection Off If you ever want to turn off both malware and network protection on a copy of VirusBarrier Server 3 you can do so by dragging the slider from ON to OFF when a server and a copy of VirusBarrier Server 3 are selected as shown above Using the Console Log The Console Log tab shows you a list of all actions you have carried out with VirusBarrier Server Admin on all servers Like the Server Log tab in the Browser this log shows which actions have been performed on the selected server This log displays the Result the Type of action the Date amp Time and the Product or Intego program that has been acted on It also shows which server these actions were performed on http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 _Browser Serial Numbers _ Gonsole Loge Date Time m Server Product Type Result a 1 10 10 20 20 AMH irvi VirutBarrier Server 3 Read remote preferences Success 4 1 10 10 17 36 AM Server
66. lood sensitivity measured in milliseconds ms permitted between ping attempts If your computer is on a network it is normal that your network administrator ping your computer from time to time But if your computer is isolated pings are rarer One exception is if you have a DSL or cable connection your ISP might ping your computer to check if it is on line e Ping Broadcast Attacks No advanced settings e Port Scans A slider lets you adjust the sensitivity from low to high in increments according to an internal calculation e SYN Flooding Sensitivity measured in number of attempted connections allowed per second Options Click the Options button in the bottom left corner of the Antivandal Policy screen to adjust additional filtering settings The options appear in the pane to the right http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Configuration default of te Protection OFF ME oN Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs Antivandal Policy Blocked Addresses Trusted Addresses Number of detected attacks 0 Since First VirusBarrier launch i Buffer Overflow Attacks Fitserinw M intrusion Attempts _ Stealth Mode prohibit ping replies inl Stop unknown protocols gf Ping ATTACKS a Deny Apple Remote Desktop Control Allow PORT mode FTP transfers _ P
67. nables or disables protection for that intrusion type By default clicking on the name of any intrusion type shows the notification and action policies for all intrusion types in the mini pane to the right You can implement separate policies for each intrusion type by changing a setting in the Antivandal options See the section Unifying Policy Options below for details The two settings allow you to determine how long an address should be considered blocked and whether you should be informed of the action via e mail If you ve requested e mail notification you must configure your e mail settings to receive any alert notifications by e mail In the Policy section you do that by clicking Options then clicking the Configure button Enter the necessary information for your e mail account in Mail Settings dialog that displays Before it sends an e mail message VirusBarrier Server 3 waits for 30 seconds to see whether there are other intrusion attempts and bundles them all together into one message rather than sending separate e mail messages for each one While an intrusion type is selected clicking the Advanced tab in the right side pane brings up additional options that are specific to that intrusion type These are e Buffer Overflow Attacks No advanced settings e Intrusion Attempts You can separately set the number of incorrect password attempts permitted for AppleShare IP ASIP FTP HTTP IMAP POP and SMTP e Ping Attacks Ping f
68. ng Started Manual About Your Copy of VirusBarrier Server Admin alr VirusBarrier Server Admin Version 3 0 VirusBarrief Server Admin Contact Support To get information about your copy of VirusBarrier Server 3 choose VirusBarrier Server Admin gt About VirusBarrier Server Admin It gives information about VirusBarrier Server such as the version number your support number a number you will need for technical support and a clickable link to send e mail to Intego s support department Technical support Technical support is available for registered purchasers of Intego products with valid subscriptions from the Intego Support page Using VirusBarrier Server 3 2010 Intego All Rights Reserved http www intego com manuals en vbs 1 Welcome to VirusBarrier Server 3 html 3 14 12 6 42 39 PM Using Intego VirusBarrier Server 3 VirusBarrief Server 3 Using Intego VirusBarrier Server 3 e Launching VirusBarrier Server Admin e Using the Browser e Adding Servers to the Browser e Managing Products via the Browser e VirusBarrier Server 3 Protection Settings e Using the Console Log e Using the VirusBarrier X6 Application on your Server e Using VirusBarrier Server 3 from the Command Line e Using VirusBarrier Server 3 and AppleScript Go to Main Table of Contents Launching VirusBarrier Server Admin After you ve installed VirusBarrier Server 3 on the server you wish to manage and i
69. now create the rule named Direction Service Options Conclusion The Assistant can also create a copy of this rule set to act on data transfers in the opposite direction untitled rule Create a rule in the opposite direction Previous aioe This screen offers one final option if you check Create a rule in the opposite direction the assistant creates a matching rule with the source and destination switched Click Configure to create your rule and exit the assistant When you have finished you will see that your rule or rules if you checked Create a rule in the opposite direction displays in the VirusBarrier Server 3 list of firewall rules Scan Settings _Quarantine__Trusted Files _Schedules_jsFirewalls Antivandal Logs Firewall Rules Firewall Settings My firewall settings Mode Simple F F ae a Name Interface Source Destination Service eee 01 M untitled rule Any O My Mac GS Internet 7 All w ae O qP No network g Client local server g P Server only O gp Client only g My firewall settings 4 Edit Edis Assistant http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 If you wish to further customize the rule or edit it see the section Editing Rules in the Working with Rules section below Creating Rules Manually You can qui
70. nstalled VirusBarrier Server Admin on your administrator s computer open VirusBarrier Server Admin located in Applications Server The program displays the Browser tab http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 VirusBarrier Server Admin Serial Numbers Console Log Consect all Select a product VirusBarrie Server Admin VirusBarrier Server Admin contains three tabs each of which provides access to information or management functions e Browser lets you browse servers and select the VirusBarrier Server 3 programs installed From this tab you can make changes to settings view logs and quarantine information monitor and manage updates via Intego NetUpdate and control all the malware and network protection features of VirusBarrier Server 3 e Serial Numbers lets you view the serial numbers used for VirusBarrier Server 3 on the servers you manage e Console Log provides a log of all actions made from the VirusBarrier Server Admin application Using the Browser The VirusBarrier Server Admin browser gives you an overview of servers and Intego products that you can manage You can view information for specific servers you can check which Intego products are installed and verify their serial numbers and you can check logs to see what actions have been applied to specific servers http www intego com manuals en vbs 2 Using VirusBarri
71. ntains To see these settings click the Archives tab Seam Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs _ Real Time Scanner Advanced Active Scans Mail Gateway Scan archives OFF pm ON e Archie Kind 4 Apple Single Las ind Binkiex gici M4 Ezp bzip MI Disk Images dmg al Generic Packer MI GZip gzip ine Maciinury bin MA Pax pax cpio M Patz pgz inl Tar tar A Tark 1bz MA TarGz tgz A Tard tz iM Unix Compress z r7 inf Uuenccding uw Default archive timeout Choos 2 timeout setting for archive expansion Virusharrier X6 will only partially scan archives that take longer than this tite to be extracted Archive timeout 60 seconds All Disable All Your subscription ends in 12 month http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 By default VirusBarrier Server 3 will scan all archive types that it understands however you could choose to scan only certain archive types by unchecking different types of archives in the Archive Kind list The Default archive timeout setting lets you tell VirusBarrier Server 3 to stop scanning archives that take more than a certain amount of time to uncompress and scan By default this is set to 60 seconds However any files that have been uncompressed before the end of thi
72. om manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 VirusBarrief Server 3 Protecting Your Server from Viruses and Malware e Real Time Scanning e Running Scheduled Scans e Scan Settings e Quarantine Zone e Trusted Files e The VirusBarrier Server 3 Contextual Menu Go to Main Table of Contents VirusBarrier Server 3 s anti malware protection works in several ways Its Real Time Scanner constantly watches over your server protecting it and the files it contains from viruses and malware The Real Time scanner ensures that your server is protected at all times by scanning every file that is created copied modified or saved It does not however scan other files This is why we suggest you run a full scan of all your files when you install VirusBarrier Server 3 and after each update to the program s virus definitions Real Time Scanning VirusBarrier Server 3 s Real Time Scanner scans your server whenever its contents change Scans occur instantly so you never have to worry about being protected To turn on the Real Time Scanner either e Click the Scan Settings tab in the Browser window then click the Real Time Scanner tab In the resulting pane move the Real Time Scanner switch from Off to On http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and M
73. or o Green Informational entry o Yellow Notable event such as an outgoing connection incorrect login blocked outgoing data etc o Red Network attack blocking of address in the Blocked Addresses list Anti Spyware blocking etc e Date amp Time of activity according to your server s clock setting e Network Address given by default as an IP address If you ve checked Resolve Names see below you ll see the domain names for those addresses that VirusBarrier Server 3 was able to resolve e Kind a short description of the activity Expert mode gives an extended view showing the following additional fields where applicable http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Configuration default HH e Protection OFF on Schedules Firewall Antivandal Trusted Files Sean Settings Quarantine Lod Standard G 277 Display AN General Firewall Networking Resolve Names Tes Gite en ye a Date amp Time Suiece Destination Protocol Sre Port Dest Port Flags interface Kind 4 7 10 12 10 13 PM TCF 49214 079 E end Ouigeing commection 4 7 10 12 10 12 PM TCP 49200 S 5 end Outgoing connection 0 4 7 10 12 10 09 PM TCP 49196 80 5 end Cutgeing connection 4 7 10 12 10 06 PM TCR 49183 g 5 end Cuigeing comecton 4 7 10 12 10 02 PM TCP 49181 80 5S end Cwigeing commection 4 7 1
74. p of the VirusBarrier Server Admin window and clicking the icon at the bottom of the window the procedure is the same Once you ve entered the appropriate serial numbers for the Intego products you are managing you can make changes to any of these programs from the Browser To do this select a server then a product This presents an interface that allows you to apply settings and carry out certain actions To learn how to keep your Intego programs up to date via the Browser see the NetUpdate Scheduling Preferences section of Chapter 6 VirusBarrier Server 3 Protection Settings Selecting VirusBarrier Server 3 from the Product column shows you the following http www intego com manuals en vbs 2 Using VirusBarrier Server 3 html 3 14 12 6 43 18 PM Using Intego VirusBarrier Server 3 VirusBarrier Server Admin Serial Numbers Console Log NetUpdate 2 WirusBarrier Server 3 l Connect all S N recognized Configuration default we ES Protection OFF ss O ON Quarantine Trusted Files Schedules Firewall Antivandal Logs Real Time Scanner i Advanced Active Scans Mail Gateway PS a ee BE on E ee E FS Se OP ed Se ee M a a T Real Time Scanner OFF E ON The Real Time Scanner protects your Mac at all times When a malware is found Put in Quarantine Zone O Repair Send an e mail Configure e mail 3 _ Remove quarantine marker after scanning uninfected files Removing the quarantine marker wi
75. pQ WebSTAR V Admin aca Music Sharin Well Known Ports a i ii World of Warcraft labber Xcode dist build Yahoo Messenger While most preprogrammed Services clearly map to a specific program some selections in this list such as Web pertain to a class of communications instead Here are some of those non specific Services Name pemn ings All communications regardless of protocol or port All protocols on all ports Apple Remote A program that allows an administrator Mac to control Port 3283 over UDP Desktop another Mac over a network connection Connected Services All TCP communications A TCP session maintains a All TCP communications on connection between computers so it s always clear that it any port was initiated by the Mac and can therefore be trusted By comparison a UDP session is a series of communications without a memory of who initiated it File Transfer Protocol TCP ports 20 or 21 iChat AV An instant messaging program with video and sound Port 5060 over UDP IRC Internet Relay Chat TCP on port 194 for IRC and all TCP traffic between ports http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 6665 and 6669 inclusive iTunes Music A way to share your iTunes music library over your local Port 3689 over TCP Sharing network E mail communications TCP port 25 for SMTP port 110 for
76. r The VirusBarrier Server 3 installer also places an application called VirusBarrier Traffic Monitor in your Applications folder You can launch this program by double clicking its icon or from the Intego Menu by choosing VirusBarrier Server 3 gt Open VirusBarrier Traffic Monitor The VirusBarrier Traffic Monitor application provides a small floating window that lets you keep an eye on network activity at all times You can move this window location by clicking it and dragging to a new place on your screen 0 50 0 86 kis k s 45 22 GE 5 55 GE All By default VirusBarrier Traffic Monitor displays the total network traffic for all services You can change what kind of traffic is displayed by clicking All at the bottom of the VirusBarrier Traffic Monitor window and selecting a service from the popup menu http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools 0 27 kis 45 22 GB All 4D Server Apple Rem Desktop AppleShare IP DNS FileMaker FTP HotLine iChat AIM ICQ iTunes Music Sharing Mail NetUpdate News Retrospect Telnet Timbuktu Web WebSTAR 4 Adm WebSTAR Y Adm 7 All Right clicking anywhere in the VirusBarrier Traffic Monitor window offers you the option to put the gauge in Mac OS X s Dock While there the activity gauges continue to show you network tra
77. r Traffic Monitor gt Preferences or press Command comma while VirusBarrier Traffic Monitor is running http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Monitor Window Appearance Gauge Thermometer Light Window Level Float above other windows Mouse Behavior _ Ignore mouse clicks You will not be able to move the window or change the service being monitored when this option is enabled e Appearance Choose from Gauge Thermometer or Light 3 71 3 71 AE kis 4577 GE 555 CE All e Window Level Float above other windows makes VirusBarrier Traffic Monitor always appear in the foreground above all other applications e Mouse Behavior Ignore mouse clicks prevents you from moving VirusBarrier Traffic Monitor s window or changing the service it monitors The VirusBarrier Traffic Monitor Widget VirusBarrier Server 3 installs the VirusBarrier Traffic Monitor widget that loads into Mac OS X s Dashboard to show you network activity when you are in Dashboard To display the VirusBarrier Traffic Monitor widget activate Dashboard Click the button to display all the widgets available on your computer Select VirusBarrier Traffic Monitor from the list Its icon looks like this If you add it to your active widgets you will see VirusBarrier Traffic Monitor whenever you swit
78. r server to have more priority choose Low The Skip Boot Camp volumes setting tells VirusBarrier Server to not scan Boot Camp volumes during scans Three options affect On Demand scanner behavior e Scan files owned by other users allows VirusBarrier Server 3 to scan files owned by all users If you select this option and you re not already logged in as the server s administrator you ll immediately be required to enter an administrator password if you don t have that password the checkbox will revert to its unchecked state If you don t check this option and VirusBarrier Server 3 finds an infected file owned by a different user or by the system VirusBarrier Server 3 s alert and Quarantine Zone window will display a crossed out pencil icon signifying that you will need to enter an administrator s user name and password to perform any action on the file e Scan e mails VirusBarrier Server 3 scans incoming and outgoing e mails both for their content and any http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 attachments they contain during manual scans You can t turn off this function the check box serves asa reminder that VirusBarrier Server 3 will examine e mail messages e Scan iPhone iPod touch and iPad tells VirusBarrier Server 3 to show any iPhone iPod touch or iPad that is connected to your server To scan these de
79. r whose configuration you wish to change For more information about the Intego Menu see the Intego Getting Started Manual To delete the active configuration select Remove Configuration from the pop up menu You ll see a dialog box that asks you to confirm the deletion VirusBarrier Server 3 will switch to the default configuration after deletion of the http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Intego VirusBarrier Server 3 Preferences and Configurations current one Using VirusBarrier Server 3 Monitoring Tools Creating Custom Firewall Rules 2010 Intego All Rights Reserved http www intego com manuals en vbs 6 Preferences and Configurations html 3 14 12 6 46 01 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 VirusBarrief Server 3 Creating Custom Firewall Rules e Custom Firewall Rules e Creating Rules with the Assistant e Creating Rules Manually e Working with Rules Go to Main Table of Contents Custom Firewall Rules Each of the five firewall settings described in chapter 4 Protecting Your Server from Network Attacks is actually a collection of rules each of which in turn is defined by naming permitted or forbidden sources destinations services and interfaces To see your Firewall rules choose a server click on VirusBarrier Server 3 then click on the Firewall tab By default you see the Simple mode which do
80. racter hexadecimal numbers to the network by Ethernet Rule Services Service refers to a combination of protocol type port or ports used and protocol specific criteria These items taken together typically describe a program or class of program that sends and receives information For example information sent by the TCP protocol over port 80 using HTTP would be a Web service VirusBarrier Server 3 comes with over 50 common services preprogrammed so you can easily stop or allow traffic that appears to be of a specific type http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 v All 4D Server ActiveSync America s Army AOL Instant Messenger Mail Medal of Honor MP3 Streaming MSN Messenger Napster Apple Remote Desktop F NetBIOS AppleShare IP NetMeeting BitTorrent NetUodate Blizzard Downloader ees re Call of Duty i group ee NTP Connected Services CU SeeMe Quake Ill QuickDN Manager CVS Yi RealPlayer Diablo ER DNS Registered Ports Retrospect Doom 3 j 2 c Return to Castle Wolfenstein Dungeon Siege te Skype ree SquidCam FileMaker ssh FileWave Booster FileWave lt Server FileWave XServer Admin Star Wars Empire at War SubEthaEdit SubEthaEdit 2 x Ba Telnet Ghost Recon i Timbuktu HotLine Po Unreal Tournament 2K iChat AV VNC Ica 3 WBEM iPhoto Rendezvous IRC Web iS
81. remaining updated every second Otherwise this column says Permanent Host to indicate that the IP address will be there until you remove it manually Blocked Trusted Address Information Clicking an item in the Blocked Trusted Address lists shows some additional information on the right side of the panel Double clicking the item opens a new window with the same information Configuration default 4 EJ Protection OFF _ ON Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs Antivandal Policy Pipi tnn Trusted Addresses Addresses in the list below will be blocked for both incoming and outgoing traffic mr Remaining Time THESEN 0 00 18 18 Host 192 168 1 200 7 wi 192 168 1255 Permanent Host a En Reason Enter Bocked Addresses list manually Total Time 0 00 20 00 Arrival 4 2 10 5 08 46 PM Departure 4 2 10 5 28 46 PM Edit Your subscription ends in L2 months Goss e Host The host s IP address If you opened a new window by double clicking the item you can manually change the IP address listed By clicking the DNS lookup button the you can toggle from the numerical IP address to the actual domain name of the offender if there is one You can display this address in large type by moving your cursor over the word Host clicking and selecting Large Type from the contextual menu that appears e Reason Why the IP address was added to the Blocked Addresses list Thi
82. rflow Attacks 4 Inte mpi El Intrusion Attempts Pur in Blocked Addresses for x Permanent H w Ping Attacks _ Send e mail i Ping Broadcast Attacks iv Port Scans Ml SYN Flooding Options Your subscription ends in 12 month amp e Buffer Overflow Attacks Attacks that may occur when certain software has flaws in the way it handles memory allowing malicious users to get into your server e Intrusion Attempts Attempts to access your server through a preset number of incorrect password requests within a given period of time Different settings are available for AppleShare IP ASIP FTP HTTP IMAP POP and SMTP e Ping Attacks Your server receives a number or frequency of ping requests so great that responding would Cause a Strain on your server e Ping Broadcast Attacks Ping requests to broadcast addresses where a single ping is multiplied throughout your local network e Port Scans Attempts by remote computers to search your server s ports for vulnerabilities You may want to leave this unchecked if your computer is functioning as a server e SYN Flooding Multiple TCP requests sent by an attacker who then doesn t complete the final stage of the exchange causing the target computer to consume resources http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Clicking the checkbox next to each of these e
83. riate command from the contextual menu that displays C Evil FTP GateCrasher Hack b Enable _ GirlFriend Hack Hack a Tack HellRaiser Server X Enable All JO If In Commanad Jf IL Ingreslock Millenium Worm J http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Antivandal Protection VirusBarrier Server 3 s Antivandal watches over data entering your server and filters it looking for signs of intrusion This filtering is transparent the only time you ll see signs of it working is if it detects suspicious data in which case an alert displays Otherwise Antivandal silently monitors your server s network activity at all times To go to the Antivandal screen click the Antivandal tab The Antivandal Policy tab controls how data entering your computer is filtered The Blocked Addresses and Trusted Addresses tabs store specific hosts or IP addresses that you deem suspicious or trustworthy Antivandal Policy The Antivandal Policy panel provides tools to prevent six types of intrusions Configuration amp default req te Protection OFF P ws b ON Sean Settings Quarantine Trusted Files Schedules Firewall i i Logs _ Antivandal W Blocked Addresses Trusted Addresses Number of detected attacks 0 Since First VirusBarrier launch ic Advanced amp Buffer Ove
84. ring Tools VirusBarrief Server 3 Using Intego VirusBarrier Server 3 Logs and Monitoring Tools e The Malware Log e The Network Log e VirusBarrier Traffic Monitor Go to Main Table of Contents VirusBarrier Server 3 contains logs and monitoring tools to help you see which actions the program has carried out on malware to record network activity and intrusion attempts and to give you an overview of your server s activity in real time The Logs window displays two buttons at the top left Malware and Network View either of these two logs by clicking the appropriate button The Malware Log The malware log shows a record of malware activity that VirusBarrier Server 3 has observed including all manual and scheduled scans and the results of these scans As with the network log you can filter it to highlight issues of interest To access the malware log click the Malware button http www intego com manuals en vbs 5 Monitoring Tools html 3 14 12 6 45 29 PM Using Intego VirusBarrier Server 3 Logs and Monitoring Tools Protection OFF i ON Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Q Filter User 4 3 10 1 49 44 Pa Maring Real Time scanner B 4 2 10 5 06 28 Pw File eicar com was removed fram the quarantine zone 0 4 2 10 3 20 11 Pw Starting Real Time scanner 4 2 10 12 11 19 PM File eicar com was added to the quarantine zone e 2710 12 11 19 PM Mahwane
85. rks parts of certain files can cause Macs to crash in certain cases Checking this can protect your Mac from crashes caused by this type of corrupted file A final section lets you tell VirusBarrier Server 3 to look for two other types of malware e Hacker tools are malicious programs that may not directly harm your Mac but that may be used by hackers to attack other computers It is especially useful to check this option if your server is publicly accessible e Keyloggers are programs that record all your keystrokes While some such programs may be malicious others may be installed intentionally to monitor computer users If this is checked users being monitored may be alerted to the existence of such software on their Mac Active Scan Settings This tab will show any currently active scans such as those set in a schedule launched following an event such as a mounted volume or a virus definition update see above manual scans run locally using VirusBarrier X6 or command line scans run locally or remotely C If you don t see a scan that s running click the button to refresh the screen If you wish to stop any scan that is running select it then click Stop the Scan This cannot be done for manual scans http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 Configuration E default H ED Protection OFF EE ON _
86. rrier Server 3 name of attachment Quarantine Zone If you don t want to repair files automatically you can have VirusBarrier Server 3 put them in its Quarantine Zone When files are quarantined they can t be opened or read ensuring that they cannot infect your server This is useful for administrators who want to check files before running VirusBarrier Server 3 s repair functions As mentioned in the section about Scan Settings you can tell VirusBarrier Server 3 to place malware in the Quarantine Zone when found You can then check these files and decide what to do Configuration default ey SE Protection OFF ME ON Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs Threaz Path Date Modified Kind elcar com halultis Eicar Macintosh HD ADT d 2O10 l MS DOS Appli Your subscription ends in L2 months C To act on any of the files select one of them and then click the appropriate button at the bottom right of the window to e Delete from Disk which removes the file from your server e Consider Safe which tells VirusBarrier Server 3 that you think this file is not infected and adds the file to VirusBarrier Server 3 s Trusted Files list This may occur for false positives However be very careful when you click this button only do so if you are sure the file is safe If not it may infect your entire server If you display the Quarantine Zone in list mode a Threat column will tell you which
87. s text doesn t appear in the Trusted Addresses list as all items there are added manually e Total Time The amount of time the host is to remain in the Blocked Trusted Address list Clicking the words Total Time changes the display to show Remaining Time clicking again shows Elapsed Time indicating how long the offender has been in the Blocked Addresses list Clicking Elapsed Time will display the Total Time once again e Arrival When the address was added to the Blocked Trusted Addresses list http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Departure If you specified an amount of time for an IP address to remain in the Blocked Trusted Addresses list the time it will be released is given here e Note Any comments you have entered for this IP address VirusBarrier Server 3 will also automatically add comments to this field when it puts an item in the Blocked Addresses list A Note About DNS Lookups In various places throughout VirusBarrier Server 3 s interface you ll see a question mark in a dark circle Clicking it toggles nearby information from a numerical IP address to its associated domain name and back again Q Be aware that IP addresses do not always have a one to one relationship to domain names For example a large domain might have www example com hosted on one IP address forums example com hosted on another
88. s timeout will be scanned Advanced Scan Settings Configuration default ri gt Protection OFF i ON Quarantine Trusted Files Schedules Firewall Antivandal Logs Real Time Scanner Archives Eticii Active Scans Mail Gateway Use these advanced settings to adjust the behavior of the malware scanners CPU and disk priority for scan operations Normal 4 Skip Boot Camp volumes On Demand scanner behavior Scan files owned by other users sian sition i iPod touch devices Scan for Jac OS X malware Mi Mac OS Classic malware IM Windows malware ivi Linux malware Mi Malicious scripts wl Corrupted resource forks Consider these items as threats _ Hacking tools _ Keyloggers Your subscription ends in 12 months Goo This tab lets you be more specific about how VirusBarrier Server 3 examines your server for malware The options are e CPU and disk priority for scan operations You can choose Low Normal or High from a popup menu This setting tells VirusBarrier Server 3 to adjust its scanning so other applications don t get slowed down This setting affects both the processor CPU for the scan and the reading of your hard disk s Note that this also applies to scans set to run automatically when you mount external disks or after you update VirusBarrier Server 3 s filters So if you want those scans to complete more quickly you should choose Normal or High if you don t care how long they take or want you
89. se from a list of services that correspond to popular applications and protocols Select the service you want to use by clicking its name in the list Options This screen lets you choose additional options for your rule http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Firewall Assistant Options Introduction Name and Behavior Select additional options for this rule Direction Service _ Log rule usage Options When data packets match the rule the Firewall records this in its Conclusion log to show that the rule was used to filter the packet Disable the rule The rule will be created but the Firewall will not use it until you enable it Click the Next button below to continue Previous k d Two options are available on this screen e Log rule usage The firewall records each time this rule is used in its log e Disable the rule VirusBarrier Server 3 creates the rule but disables it You can enable it manually Conclusion This screen creates the rule according to the settings you have selected in the assistant http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Firewall Assistant Conclusion Introduction 6 Name and Behavior The assistant will
90. set to run automatically at pre arranged times To do so click the Schedules tab while in the Browser window The Schedules pane appears There are three sections Display Events and Schedules http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 Configuration default re er Protection OFF on Stan Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs VirusBarrier Server 3 can perform scans automatically when certain events occur or according to schedules Display K Display scheduled scans in Task Manager Events When volumes are mounted Do Nothing He After virus definition updates Do Nothing ve Schedules _ Enable schedules Scan 2 m Computer j daily at 100 PME Your subscription ends in 12 months Co Vj e The Display section has only one checkbox Display scheduled scans in Task Manager When checked you ll see a small window appear whenever your server executes scheduled scans when unchecked such scans will occur without notification unless a virus is found e The Events section lets you direct VirusBarrier Server 3 to automatically run a scan do repairs or do nothing when certain events occur The first event When volumes are mounted is triggered whenever you mount a new storage device whether local such as a hard drive or remote such as a network drive
91. take VirusBarrier Server 3 can also be set to run scheduled scans of http www intego com manuals en vbs 1 Welcome to VirusBarrier Server 3 html 3 14 12 6 42 39 PM Welcome to VirusBarrier Server 3 both local and network volumes VirusBarrier Server 3 also offers full protection for all e mail that is sent or received via Mac OS X Server s built in e mail server It automatically scans all e mail messages that pass through the server checking e mails for infected attachments If it finds malware the e mails carrying them are quarantined and notifications can be sent to administrators informing them of this activity VirusBarrier Server 3 s Antivandal offers a number of powerful tools to prevent network attacks such as ping floods intrusion attempts port scans and more Administrators can use the program s Blocked Address and Trusted Addresses lists to blacklist and whitelist specific IP addresses or ranges VirusBarrier Server 3 includes a copy of Intego VirusBarrier X6 which installed on your server allows you to set some additional options and gives you access to certain functions on the server Controlling Malware on a Mac OS X Server VirusBarrier Server 3 works in several ways While it watches over your server at all times protecting you from viruses and malware you can use the included VirusBarrier X6 client program to manually scan any disk or network volume at any time You can also set up scheduled scans of both local an
92. to get the same sort of response no matter what type of intrusion occurs When you activate this option you ll see a dialog box that asks which settings should become the model that other intrusion types will follow http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 Select the protection whose policy will be applied to the others Buffer Overflow Attacks Intrusion Attempts Ping Attacks Ping Broadcast Attacks Port Scans SYN Flooding Blocked Addresses and Trusted Addresses The Blocked Addresses list ensures that once an attempted attack or intrusion has been foiled communication between the attacking machine and your server won t occur for a period of time that you define The Trusted Addresses list is the opposite of the Blocked Addresses list it lists friendly computers that are allowed to connect to your server While the Blocked Addresses list protects you from foes the Trusted Addresses list opens the door to your friends VirusBarrier Server 3 s Antivandal tool will not block access to computers listed in the Trusted Addresses list nor will it set off alerts for any actions they carry out However computers in the Trusted Addresses list will still be affected by all active Firewall rules The interface for the Trusted Addresses window is essentially the same as for the Blocked Addresses window so we ll e
93. types of malware your files are infected by Trusted Files http www intego com manuals en vbs 3 Antivirus Protection html 3 14 12 6 44 06 PM Protecting Your Server from Viruses and Malware with Intego VirusBarrier Server 3 VirusBarrier Server 3 offers the option to add files folders or volumes to a list of Trusted Files VirusBarrier Server 3 will assume that these files are all safe and will not scan them You should only use this for files that have already been scanned by VirusBarrier Server 3 Configuration default ey ae Protection OFF A ON Scan Settings Quarantine Trusted Files Schedules Firewall Antivandal Logs Trusted files and folders will not be scanned by the Real Time or On Demand Scanners i Resumes PREFE school papers Your subscription ends in L2 months C To add files to the Trusted Files list click the small button at the bottom left corner of the screen enter credentials to access the computer in question navigate to the item you d like to add then click the Choose button Adding a folder or volume tells VirusBarrier Server 3 to trust all files contained in the selected item including in any subfolders it contains now or may contain in the future To remove an item from the Trusted Zone click it to select it then click the button The VirusBarrier Server 3 Contextual Menu You have access to a number of VirusBarrier Server 3 s protections directly from the Finder using a
94. umber if necessary For each of these an option is available to Allow Broadcast Packets If checked packets sent to all computers on a local network are included in this service Options IM Allow Broadcast Packets Fal Destination Port Destination Port is a final option available only for services utilizing the UDP protocol If it is checked packets are filtered according to the function of the Destination Port If left unchecked packets are filtered according to the function of the source Port Rule Interfaces The Interface is the network adapter that the data passes through This can be an Ethernet card a wireless AirPort card or any other type of network interface You can choose from a list of preprogrammed interfaces that exist on your computer or you can create your own interfaces by clicking the button Interface Any r d H Qq The New Interface editor displays New Interface untitled interface untitled inte rface Part 1 of 1 Type Any The Type pop up menu has two options The first Any uses all available network interfaces The second Specific lists those interfaces that are available to you depending on your computer s hardware and software and gives you some additional options http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 New Interface untitled interface untitled int
95. vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 e Create a new part Click the button e Move among parts Click the arrow icons Note that the text in the middle will tell you where you are and how many parts exist in total When you reach the last part clicking the right arrow takes you back to the first one e Delete a part To delete a part it must be visible Click one of the arrow icons until the part you wish to delete is displayed Click the button then confirm the deletion in the dialog box that follows Deleting Sources Destinations Services and Interfaces You can delete any sources that you have created To do so select the source and then click the button Service My service B F i A dialog box displays asking if you really want to remove that network Click Remove to delete the source network or Cancel if not Working with Rules Rule Order Rules you add to VirusBarrier Server 3 s firewall are applied from first to last so you need to make sure that your rules are in the correct order to function properly Name Interface Source Destination Service 01 Input Any QA Internet My Mac Sf All TOF 02 M Output Any O My Mac K Internet oy All co 03 Network Any E Local Network My Mac All Go In this example the first rule blocks data coming from the Internet which includes all networks even a lo
96. ver While malware on a client computer can damage files on that computer and eventually propagate throughout a network via files that are emailed or sent over a network a virus On a server could damage all the computers on the network Viruses on a file server that don t affect the server itself if it is running a different operating system from client computers can still propagate as users copy files to their computers Beyond viruses many types of malware such as worms and Trojan horses can infect servers potentially granting remote access to malicious users Mac OS X servers are used in a variety of environments from Mac only networks to networks containing a mixture of Macs Windows PCs and computers running Unix or Linux systems Protecting a Mac OS X server against viruses requires that not only Mac viruses be detected but also Windows viruses Word and Excel macro viruses and Unix and Linux viruses VirusBarrier Server 3 provides this protection ensuring that infected files that get onto your server don t go any further VirusBarrier Server 3 also provides network protection with a powerful two way firewall and contains features that block network attacks VirusBarrier Server 3 automatically scans every file that is copied to a Mac OS X Server computer where it is installed as well as any files that are launched on the server If it finds viruses the infected files are quarantined and administrators can determine which actions to
97. vices you must use the VirusBarrier X6 client program that is installed with the server software The Scan for section lets you choose to have VirusBarrier Server 3 scan certain types of files or applications e Mac OS X malware this is dimmed because it is always active VirusBarrier Server 3 always scans for Mac OS X malware This includes all types of malware that affects Mac OS X such as Word and Excel macro viruses the other categories are types of malware that cannot harm Mac OS X e Mac OS Classic malware malware that only affects Classic Mac OS If you or your users still use any Mac OS Classic applications you can check this if not leave it unchecked e Windows malware checking this tells VirusBarrier Server 3 to look for viruses that affect Windows Although these files can t damage your server they could infect Windows computers on your network and they could affect you if you use Windows on your Apple computer through a program such as Apple Boot Camp VMware Fusion or Parallels Desktop VirusBarrier Server 3 does not however scan Windows virtual disks e Linux malware if this is checked VirusBarrier Server 3 will scan for malware that affects the Linux operating system e Malicious scripts checking this tells VirusBarrier Server 3 to scan for malicious scripts such as PHP shell scripts JavaScripts Perl etc e Corrupted resource forks while this type of corrupted file is not necessarily malware corrupted resource fo
98. w o Show updates only for installed products suppresses display of Intego products that you don t own o Show available program upgrades tells you when Intego has an version of the program that is substantially improved beyond normal updates and requires a fee to perform the upgrade o After checking display an alert whenever updates are available will display an alert in the NetUpdate window whenever an update is available for your Intego products o Email Notification Three email notification options are available on this pane Notify when new updates become available If you check this option you will receive email messages whenever new updates to Intego products are released Send information about new Intego products Checking this box means that you allow Intego to use the email address you register to send you occasional messages presenting its new products Warn me when my subscription expire This setting helps you remember to renew your Intego subscription so you re never without the most up to date protection Working with Configurations VirusBarrier Server 3 lets you save multiple configurations Each configuration contains all the settings and preferences you have applied to VirusBarrier Server 3 in its different screens and preferences You may also want a specific set for less protection when you are connected only to a local network and additional protection when you re serving files to the Internet You may want to have a conf
99. work editor displays New Network untitled network untitled network Part 1 of 1 Type Anywhere B Enter a name that will help you remember the network If for example you re blocking IP addresses whose last octet is in the range of 100 155 you might name the Source Destination IPs from 100 155 The pop up menu offers a selection from seven types of network http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 o Anywhere My Mac My local network Machine Network Address Range Ethernet ID Anywhere None as this source covers all networks My Mac Your computer The IP address es of your server displays in the Address field and cannot be changed My local network The local network your The IP address es of your server and subnet mask of your local computer is connected to network display in the Address field and cannot be changed A specific IP address Any IP address If you enter a domain name VirusBarrier Server 3 will resolve it to a single IP address Network A specific network Any Subnet IP address and Subnet mask As above VirusBarrier Server 3 will resolve domain names to a single IP address Address Range A group of IP addresses Beginning and ending addresses VirusBarrier Server 3 will resolve domain names to a single IP address A single device connected An Ethernet ID as six two cha
100. xamine them both at the same time pointing out differences as necessary Here s the Blocked Addresses window t Protection OFF ON Configuration default Sean Settings Quarantine Trusted Files Schedules Firewall pAntivandal Logs Trusted Addresses Blocked Addresses l Antivandal Policy j Addresses in the list below will be blocked for both incoming and outgoing traffic r ee oe 192 168 1 200 O 00 19 27 w 192 165 1255 Permanent Host Blocked Addresses Your subscription mds i 12 months Go http www intego com manuals en vbs 4 Network Protection html 3 14 12 6 44 40 PM Protecting Your Server from Network Attacks with Intego VirusBarrier Server 3 The panel on the left displays information about the various IP addresses that are currently in the Blocked Addresses list or Trusted Addresses list if any e Checkbox You can temporarily disable a Blocked Trusted Address by unchecking this box which is checked by default when you add a host to either list When disabled clicking it enables the item again This checkbox only appears if the IP address is set to be blocked permanently e Intruder Host The second column shows the intruding IP address in the Blocked Addresses list or friendly IP address in the Trusted Addresses list e Remaining Time If you ve set this IP address to be blocked or allowed for a specific period of time this column shows how much time is
101. y computer on your default AirPort network if you have one e Computers on this custom network If you have created any custom networks using the standard rule editor you can select one of them here See the Creating Rules Manually section to learn how to set up a custom network Next select the computer that initiates the connection e My Mac The computer using this rule e The other computer The remote host as was defined in the first part of this screen Service This screen lets you choose the service that the rule affects http www intego com manuals en vbs 7 Creating Custom Firewall Rules html 3 14 12 6 46 48 PM Creating Custom Firewall Rules with Intego VirusBarrier Server 3 Firewall Assistant Service Introduction Name and Behavior This rule will affect connections via Direction all services Service TCP services connected services B Options Conclusion ih i a J this service 4D Server ActiveSync America s Army AOL Instant Messenger Apple Remote Desktop AppleShare IP BitTorrent Click the Next button below to continue i a 1 Previous ee You can choose from three types of services e All services All network services e TCP services connected services Services that require that a connection be open and maintained between two computers such as HTTP FTP Telnet SSH POP3 AppleShare etc This covers all TCP connections e This service You can choo

Intego VirusBarrier Server 3 User Manual

Contents

Download Pdf Manuals

Related Search

Related Contents