Security Management Server Virtual v10.2.
Table of Contents Welcome ............................................................................................................................................................... 1 About Online Help ............................................................................................................................................. 1 Attributions & Copyrights ..................................................................................................................................
Table of Contents Notifications List .......................................................................................................................................... 35 Notification Types .................................................................................................................................... 35 Priority Levels ..........................................................................................................................................
Security Management Server Virtual v10.2.11 AdminHelp Add a User Group .................................................................................................................................. 48 Add Non-Domain Users ............................................................................................................................. 49 View or Modify Domain Policies and Information ....................................................................................
Table of Contents User Endpoints ......................................................................................................................................... 61 User Groups .............................................................................................................................................. 62 User Admin ...............................................................................................................................................
Security Management Server Virtual v10.2.11 AdminHelp View or Modify Endpoint Policies and Information .................................................................................. 74 View Effective Policy ............................................................................................................................... 75 Endpoint Details & Actions ....................................................................................................................... 76 Endpoint Detail ....
Table of Contents Administrators.............................................................................................................................................. 90 Assign or Modify Administrator Roles ....................................................................................................... 90 Administrator Roles .................................................................................................................................. 91 Delegate Administrator Rights ......
Security Management Server Virtual v10.2.11 AdminHelp View or Add License Notifications ...................................................................................................... 109 Client Access License (CAL) Information ............................................................................................... 109 Licensing .............................................................................................................................................
Table of Contents Windows Encryption ................................................................................................................................... 121 Variables................................................................................................................................................. 132 %CSIDL:name% ................................................................................................................................. 132 %HKCU:regpath% ..................
Security Management Server Virtual v10.2.11 AdminHelp System Data Encryption (SDE) ................................................................................................................ 174 Encryption Rules for SDE Encryption .................................................................................................. 175 Protection of SystemRoot ...............................................................................................................
Table of Contents Enable Compatibility Mode for Memory Protection................................................................................... 238 Disconnected Mode Policy Examples ......................................................................................................... 240 Global Allow policy example .................................................................................................................. 240 Quarantine List and Safe List policy examples ......................
Welcome About Online Help Version: 10.2.11 Attributions & Copyrights Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118. The software described is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Third Party Software I.
Welcome FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Security Management Server Virtual v10.2.11 AdminHelp III. Portions of this product use OrientDB. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. IV. Portions of this product use Apache Wink. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. V. Portions of this product use Jackson JSON. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VI. Portions of this product use Jetty.
Welcome XIX. Portions of this product make use of Struts Digester, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/), Apache License, Version 2.
Security Management Server Virtual v10.2.11 AdminHelp C. Neither the names of the copyright holders nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Welcome The Licensee may distribute original or modified STLport sources, provided that: o The conditions indicated in the above permission notice are met; o The following copyright notices are retained when present, and conditions provided in accompanying permission notices are met : Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice app
Security Management Server Virtual v10.2.11 AdminHelp XL. Portions of this product make use of ResizableLib. You may obtain a copy of the license at http://opensource.org/licenses/artistic-license-1.0. XLI. Portions of this product make use of Spring Framework. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. XLII. Portions of this product use $File: A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F.
Welcome Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 1. Additional Definitions.
Security Management Server Virtual v10.2.11 AdminHelp You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
Welcome If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. XLVIII. Portions of this product use DropNet. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. Portions of this product use Hardcodet WPF NotifyIcon 1.0.8.
Security Management Server Virtual v10.2.11 AdminHelp THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Welcome LXXVII. Portions of this product use Jackson Annotations 2.4.4. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXVIII. Portions of this product use Apache Maven Wagon 2.2. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXIX. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXX.
Security Management Server Virtual v10.2.11 AdminHelp XCVIII. Portions of this product use Azure Active Directory Authentication Library 1.2.9. You may obtain a copy of the license at http://opensource.org/licenses/MIT. Portions of this product use AF Networking 2.6.3. You may obtain a copy of the license at XCIX. http://opensource.org/licenses/MIT. C. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. CI.
Welcome CXIX. Portions of this product make use of the Mono and the Mono runtime, under MIT, BSD, and Apache licenses. You may obtain a copy of the licenses at http://www.monoproject.com/docs/faq/licensing/.
Security Management Server Virtual v10.2.11 AdminHelp Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this product make use of the Mono .NET assemblies under MIT and BSD licenses. CXX.
Welcome NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions of this product make use of mkbundle in Mono under GNU LESSER GENERAL CXXI. PUBLIC LICENSE v3. You may obtain a copy of the license at https://www.gnu.org/licenses/lgpl.txt. GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc.
Security Management Server Virtual v10.2.11 AdminHelp 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library.
Welcome b. 6. Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Security Management Server Virtual v10.2.11 AdminHelp License Information: Copyright (c) 1999 - 2017 Dell Inc. All rights reserved. This software and associated documentation (if any) is furnished under a license and may only be used or copied in accordance with the terms of the license. Dell elects to use only the Apache license for any software where a choice of Apache v2, and Mozilla Public License 1.
Welcome 3. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a.
Security Management Server Virtual v10.2.11 AdminHelp 6. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a.
Welcome Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Get Started Get Started with Dell Data Security • Once your environment has been configured in the Server Configuration Tool, ensure that Dell services are . • Log in to the Management Console. • Add Client Access Licenses, as needed. • Add domains from your directory server. • If you require that users receive non-default policies upon activation, modify policies at the appropriate level. • Add groups and users, as necessary. • Assign administrators, as necessary. • Deploy clients.
Get Started Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends. In the top right, select the Widgets menu to add or remove the following widgets: • • • • • • Notifications Protection Status Threat Protection History Inventory History Summary Statistics The images below reflect what may be seen in the dashboard, depending on widgets enabled.
Security Management Server Virtual v10.2.11 AdminHelp An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Get Started Change Superadmin Password 1. In the masthead at the top of the screen, click the gear icon and select Change superadmin password. 2. Enter the current password. 3. Enter the new password. The new password must be at least 6 characters, contain at least one capital letter and one of these characters: ~@#$%^*()|?!{}[]. 4. Confirm the new password. 5. Click Update. After three failed login attempts, the superadmin account is locked for five minutes.
Components Default Port Values Compatibility Server: TCP/1099 (closed) Compliance Reporter: HTTP(S)/8084 Identity Server: HTTPS/8445 Core Server: HTTPS/8888 Policy Proxy: TCP/8000/8090 Security Server: HTTPS/8443 Forensic Server: HTTPS/8448 Client authentication: HTTPS/8449 (If using Dell Encryption on a server operating system) Management Console: HTTPS/8443 Client communication if using Advanced Threat Prevention: HTTPS/TCP/443 NTP time synchronization: TCP and UDP/123 (for more information, refer to http
Components Note: The purpose of Device Server proxy is to support legacy Encryption clients (pre-v8.0) that communicate with port 8081. Newer Encryption clients (v8.0 and later) are configured by the client installer to communicate with the Security Server (or Security Server proxy) on port 8443. The full Device Server is not installed in v8.1. The Device Server proxy forwards all communications to the Security Server behind the firewall.
Security Management Server Virtual v10.2.11 AdminHelp Policy Proxy Policy Proxy serves as intermediary between Dell Server and Encryption client, delivering information from each to the other. Time Slotting To prevent Dell Server traffic jams, Policy Proxies use a time slotting mechanism that allows them to independently choose well-distributed time slots for communicating with the Dell Server. Polling On every poll, the endpoint authenticates, checks for policy updates, and uploads inventory.
Navigate the Dell Server Navigation The Management Console is a central control center that the administrator can use to deploy and monitor security for the organization. It consists of security and configuration settings that are applied through policy to groups called Populations. The menu pane allows access to the following: Dashboard The Management Console opens to the dashboard.
Navigate the Dell Server To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the Management Console and select About. The About screen indicates that a Dell Server is in Disconnected mode, below the Dell Server version. Disconnected mode is different than a standard connected installation of Dell Server in the following ways.
Security Management Server Virtual v10.2.11 AdminHelp Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends.
Navigate the Dell Server An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Security Management Server Virtual v10.2.11 AdminHelp Notifications List The notifications list provides a configurable summary of news, alerts, and events to display on the dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and Notification Management. Notification Types Select the notification types to include in the list. Notifications of the remaining types are hidden. Types include: Update - News of upcoming product updates.
Navigate the Dell Server Certificate - Certificate expiration notification. Server Exceptions - A Dell Server communication issue is impacting deliveries of the following notifications: Threat Protection, Update, Config, Knowledge Base, and Announcement. After selecting one or more types, click in the neutral space above the list to apply the selections. Select Clear selected items to reset the selections in this list.
Security Management Server Virtual v10.2.11 AdminHelp Agent Inventory Processed - The date and time that the inventory was picked up from the queue and processed (Note: If the Dell Server is under load, the Processed and Received times may be different, but usually they are the same.) Shield - If encryption is installed on the endpoint, an icon displays. Manager (Windows only) - If installed on the endpoint, an icon displays. This includes endpoints with activated PBA, SED, or BitLocker Manager.
Navigate the Dell Server Click a file type for details of the events of that type. File types include: Unsafe - A suspicious file with a high score (-60 to –100) likely to be malware Abnormal - A suspicious file with a lower score (-1 to –59) less likely to be malware Quarantined - A file that is moved from its original location, stored in the Quarantine folder, and prevented from executing on a specific device. Waived - A file allowed to execute on a specific device.
Security Management Server Virtual v10.2.
Navigate the Dell Server Detected by Execution Control True +5 Total score 5: High Priority Advanced Threat Prevention Classifications Advanced Threat Prevention can provide details on the static and dynamic characteristics of files. This allows administrators to not only block threats, but also to understand threat behavior to further mitigate or respond to threats. Type of Threat Threats are classified by the type of threat - Malware, Dual Use, and Potentially Unwanted Program.
Security Management Server Virtual v10.2.11 AdminHelp Virus Malware that propagates by inserting or appending itself to other files. Sality, Virut Worm Malware that propagates by copying itself to another device. Code Red, Stuxnet Dual Use Dual Use indicates the file can be used for malicious and non-malicious purposes. Caution should be used when allowing the use of these files in your organization.
Navigate the Dell Server basis or globally quarantine or safelist based on company policies. Depending on how much analysis can be performed against a PUP, further subclassification may be possible.
Security Management Server Virtual v10.2.11 AdminHelp The file is given a priority level. The priority level helps administrators determine which threats and devices to address first. For more information, see Advanced Threats by Priority. Advanced Threats Top Ten Click Threats to view the threats found on the largest number of devices. • Click a threat to display additional information about the threat. Details display on a new page.
Navigate the Dell Server Mac All Endpoint OS Report To access this page, click a platform link on the dashboard's Summary Statistics. If you click All and the Platform Report page opens, click view in the OS Report column.
Security Management Server Virtual v10.2.11 AdminHelp Domains ● ● ● User Groups ● ● ● Users ● ● Endpoint Groups ● ● Endpoints ● ● Administrators ● ● ● ● ● ● To access the tabs for each Population: Enterprise - Click Populations > Enterprise. Populations other than Enterprise - Click a Population link, then search for or click a Domain, User Group, User, Endpoint Group, Endpoint, or Administrator link. The tabs available for an administrator may vary, depending on the role.
Navigate the Dell Server Manage Enterprise Advanced Threats Advanced Threats tab If the Advanced Threat Prevention service is provisioned and licenses are available, the Advanced Threats tab provides a dynamic display of detailed events information for the entire enterprise, including a list of the devices on which events occurred and any actions taken on those devices for those events. For information about provisioning the service, see Provision Advanced Threat Prevention Service.
Security Management Server Virtual v10.2.11 AdminHelp On the Domains page, you can add a domain or search and select a domain to View or Modify Domain Information. Add a Domain To add a Domain, follow these steps: 1. In the left pane, click Populations > Domains. 2. On the Domains page, click Add. 3. Complete the fields on the Add Domains page. Domain DNS Suffix - Enter the fully qualified host name or the computer name and domain portion of the hostname (for example, ..
Navigate the Dell Server 4. In Full name, enter the exact text for the user name or use the wildcard character (*). 5. Select Common Name, Universal Principal Name, or sAMAccountName from the list. A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise directory server for every user.
Security Management Server Virtual v10.2.11 AdminHelp Add Non-Domain Users To add non-domain users, the non-domain activation feature can be enabled by contacting Dell ProSupport and requesting instructions. View or Modify Domain Policies and Information 1. In the left pane, click Populations > Domains. 2. Search or select the appropriate Domain Name to display Domain Detail. When you click a Domain, the Domain Detail page displays. 3.
Navigate the Dell Server Status - Describes the health of the domain server (Good, Fair, Poor). Domain Members This page allows you to view, add, or modify information for groups and users within the domain. To access the Domain Members tab, follow these steps: 1. In the left pane, click Populations > Domains. 2. Search or select a Domain Name, then the Members tab.
Security Management Server Virtual v10.2.11 AdminHelp User Name - The user name with rights to read and run queries on the enterprise directory server. The format must be UPN, such as user@domain.com. Password - Enter a password with rights to read and run queries on the enterprise directory server. Alias - A mapping that the Dell Server uses to select which domains to search to locate users that might match the suffix in the UPN. The domain name or other alias.
Navigate the Dell Server Remove User Groups 1. In the left pane, click Populations > User Groups. 2. Click a group name link or enter a filter to search for available groups. The wildcard character (*) is supported. 3. Select a row to highlight it. 4. At the top, click Delete. As another option, click a group name link and select the Details & Actions tab. Click Remove Group. If you remove a user group that has administrative privileges and later re-add the group, it remains an Administrator Group.
Security Management Server Virtual v10.2.11 AdminHelp more information about privileges available to each administrator role, refer to Administrator Roles. 4. If modified, click Save. VDI User Policies To manage policy for users in a VDI environment, create a Windows domain group, associate domain users with that group, and then import the group into Dell Server. This allows Dell Server to manage the users and their policies.
Navigate the Dell Server User Group Details & Actions The User Group Details & Actions tab lists the properties of a selected user group. 1. In the left pane, click Populations > User Groups. 2. Search or select a group name, then the Details & Actions tab. Remove Group The Remove Group command permanently removes this user group from the Dell Server. Details: Group Name - Name of the user group (\). This should match the user group name in the title of the page.
Security Management Server Virtual v10.2.11 AdminHelp Valid CSV requirements: • The file must be in valid CSV format and contain a maximum of 999 endpoints. • The first column must contain valid fully qualified host names. All columns except the first column are ignored. • Only activated endpoints are added to the group. Remove Users from the Group 1. In User Group Detail, search or select a user, then select the check box to the left of the user name. 2. Click Remove Users from Group. 3.
Navigate the Dell Server Precedence Ranking The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the Persistent VDI Endpoint Group. Order of priority: 1. Non-Persistent VDI Endpoint Group 2. Persistent VDI Endpoint Group 3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group 4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Groups 5. Opt-in Endpoint Group 6.
Security Management Server Virtual v10.2.11 AdminHelp To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. Assign or Modify Administrator Roles View or modify existing administrator privileges. 1. In the left pane, click Populations > Administrators. 2.
Navigate the Dell Server Administrator Roles User Admin Delegate Administrator Roles View Reconciliation Date To view the date and time a user group's or user's information was last reconciled with Active Directory, click the Details & Actions tab for the group or user, and refer to last reconciled. For instructions, refer to View or Modify User Group Policies and Information and View or Modify User Policies and Information.
Security Management Server Virtual v10.2.11 AdminHelp Console, ensure that all three names are properly defined for the user in the enterprise directory server. 6. Click Search. Depending on the size, this may take a few minutes to populate. If the query is too large, a dialog prompts you to revise the query. 7. Select users from the directory user list to add to the Domain. The user names are added to the field below the list. 8. Click X to remove the user name or click Add.
Navigate the Dell Server 5. Click Save. 6. Commit Policies. To reactivate a deactivated Windows user, follow the instructions in Reinstate Suspended Users. Reinstate Suspended Users To reinstate a suspended user, follow these steps: 1. In the left pane, click Populations > Users. 2. Click a user name link or enter a filter to search for available users. To Search, enter Common Name, Universal Principal Name, or sAMAccountName. The wildcard character (*) is supported. 3.
Security Management Server Virtual v10.2.11 AdminHelp Last Modified - Date/time stamp Last Reconciled - Date/time stamp Endpoints - Click to view or modify information for the User's endpoints. For instructions on how to modify endpoint information, refer to View or Modify Endpoint Information. User Groups - Click Groups to view information for groups for which the user belongs. Click a user group to view the group's Security Policies, Details & Actions, Members, and Admin.
Navigate the Dell Server Last Gatekeeper Sync - Date/time stamp, per endpoint Effective Policies - Click view for a simple layout view of the effective endpoint policies Actions - Click Recover to proceed to the Recover Data page Last Encryption Sweep Start - Date/time stamp, per user Sweep End - Date/timestamp, per user Encryption Failure - Click view for a simple list of files that could not be encrypted, per user States (Date/time stamp, per endpoint): Policy Updating User Encryption Profile Updating EMS
Security Management Server Virtual v10.2.11 AdminHelp Inherited Group Roles - A read-only list of roles that the user inherited from a group. To modify the roles, click the User Groups tab for that user and select the group name. Delegated Roles - Delegate administrator rights to a user.
Navigate the Dell Server Endpoint Groups On the Endpoint Groups page, you can add or remove an Endpoint Group, edit Endpoint Group priority, or search and select an Endpoint Group to view or modify Endpoint Group information. Types of Endpoint Groups System - Endpoint Group maintained by Dell Server. System groups include Default Endpoint Group, Opt-In Endpoint Group, Persistent VDI Endpoint Group, and Non-Persistent VDI Endpoint Group.
Security Management Server Virtual v10.2.11 AdminHelp 1. In the left pane, click Populations > Endpoint Groups. 2. Select the group to modify. 3. Click the Details & Actions tab. 4. Click Modify. 5. Make changes as desired. 6. Click Update Group. VDI Endpoint Groups Upon activation, a VDI endpoint is added to the appropriate VDI Endpoint Group on Dell Server, and policies are sent to the endpoint.
Navigate the Dell Server Windows Encryption Policy-Based Encryption Secure Windows Hibernation File Not Selected Not Selected Windows Encryption Policy-Based Encryption Prevent Unsecured Hibernation Not Selected Not Selected Windows Encryption Policy-Based Encryption Enable Software Auto Updates Not Selected Not Selected Windows Encryption BitLocker Encryption BitLocker Encryption Off Off Windows Encryption Server Encryption Server Encryption Off Off Threat Prevention Advanced Thre
Security Management Server Virtual v10.2.11 AdminHelp inventory. Once that endpoint group is established, you could then apply a specific policy set to just the endpoints in your specified locale. Conversely, creating an endpoint group based on a platform type would not be useful because policies are already grouped by platform. Endpoint groups are created using a group specification. This specification allows you to define the endpoint characteristics used to add endpoints to a group.
Navigate the Dell Server BITLOCKERPRESENT TRUE/FALSE value for BitLocker Manager, indicating if BitLocker is enabled. TOTALMEMORY Total memory available on the computer TPMENABLED TRUE/FALSE value for TPM, indicating if TPM is enabled TPMPRESENT All TPM clients Operators and Expressions The basic operators are the binary operators that return a Boolean value.
Security Management Server Virtual v10.2.11 AdminHelp LEN(DISPLAYNAME)<=10 Working with Complex Queries Rule Specifications in the Management Console allows users to combine rules to filter a unique set of devices. For queries that contain multiple options, isolate sub-rules in parenthesis to ensure they are run separately before they are combined with the larger specification.
Navigate the Dell Server than one Endpoint Group when policy settings differ between those groups. Policy overrides are used from the group with higher priority when two (or more) separate groups have different priority levels. Edit Endpoint Group Priority Endpoint Group Priority can be changed only for Rule-Defined, Admin-Defined, and Active Directory Groups. System-Defined Group priority cannot be modified. In general, the Endpoint Group at the top of the list of Endpoint Groups has highest priority.
Security Management Server Virtual v10.2.11 AdminHelp To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. View Endpoints in an Endpoint Group This page displays the endpoints included in information for every user of the specified endpoint. 1.
Navigate the Dell Server Details & Actions - To view properties of the Group, click Details & Actions. Viewable information includes: Group Name: Group1 (DOMAIN\Group1) Description: The description provided when the Group was added. (For Rule-Defined groups) Specification: The endpoint group specification that defines endpoints as members of the group. PBA Device Control - The PBA Unlock command for this endpoint group is carried out in the PBA Device Control area.
Security Management Server Virtual v10.2.11 AdminHelp 1. In the left pane, click Populations > Endpoint Groups. 2. Select the group to which to add endpoints. 3. Click the Members tab. 4. Select Add Endpoints to Group, then search for specific endpoints or select endpoints in the list, and click Add Selected Endpoints to Group. OR Select Upload Multiple Endpoints from File, then click Browse to select a CSV file and click Upload.
Navigate the Dell Server * Click the column header to sort by column label. Click a hostname to view additional details about the endpoint. Click an arrow at the left of a hostname to view the Category, Unique ID, and Processor. Add Endpoint to Group To add an endpoint to an Endpoint Group: 1. In the left pane, click Populations > Endpoints. 2. Select the check box next to a hostname in the list or enter a filter to search for available endpoints. The wildcard character (*) is supported.
Security Management Server Virtual v10.2.11 AdminHelp 2. Select the appropriate endpoint type, for example, Workstation. 3. Click a hostname in the list or enter a filter to search for available endpoints. The wildcard character (*) is supported. For Windows and Mac, if you know the endpoint hostname, enter it in Search. Leave the field blank to display all Windows and Mac endpoints. Click a hostname or endpoint serial number to display the Endpoint Detail page. 4.
Navigate the Dell Server Endpoint Details & Actions The Details & Actions page lists the details for the selected endpoint as well as commands, such as Remove Endpoint. Available details and commands vary, depending on the endpoint platform. To access Endpoint Details & Actions, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Search or select a hostname, then the Details & Actions tab. Endpoint Detail Command: Remove - Endpoint is removed. Endpoint removal is permanent.
Security Management Server Virtual v10.2.11 AdminHelp The recovery bundle containing this endpoint's encryption keys is downloaded. You must remember the this recovery password to access the recovery keys.
Navigate the Dell Server TPM Tab: TPM Present (True or False) TPM Activated (True or False) TPM Owned (True or False) TPM Functional Status (True or False) TPM Spec Version (version number) HCA Tab: HCA Functional Status HCA Provision State Preboot Present (True or False) Preboot Set (True or False) Actions: Effective policies on the specific endpoint and Recovery Keys for the specific endpoint Mac Policy Proxy Group (typically CMGREMOTE) Recovery ID of the specific endpoint Version (core/edition) Activati
Security Management Server Virtual v10.2.11 AdminHelp Model number of the endpoint Actions: Effective policies on the specific endpoint and Recovery Keys for the specific endpoint Manager Detail (Windows only) Command: Click View Effective Policies to go to the effective policy page for this endpoint. States The client gathers the following information via a Windows Management Instrumentation (WMI) call to the Operating System. It is updated with each inventory update.
Navigate the Dell Server Plugin State: • BitLocker Plugin: Starting - Manager is starting up. Because this is a fairly quick process, it is unlikely an inventory update would capture this so you would probably never see this state in the Management Console. Disabled - Manager is disabled by policy and not enforcing any previously received policy. Active - Manager is running normally and enforcing policies.
Security Management Server Virtual v10.2.11 AdminHelp Dell Server, via the activation process, plugins are always started with the last policy the client is aware of.
Navigate the Dell Server PBA Device Control (Windows only) Current State of the Endpoint - Unlocked or Locked Commands: PBA commands for a specific endpoint are carried out in the PBA Device Control area. Each command has a priority ranking. A command with a higher priority rank cancels commands of lower priorities in the enforcement queue. For a list of command priority rankings, see Priority of Commands for SelfEncrypting Drives.
Security Management Server Virtual v10.2.11 AdminHelp Endpoint Users This page displays information for every user of the specified endpoint. The user information differs for each technology group or policy category. 1. In the left pane, click Populations > Endpoints. 2. Search or select a hostname, then the Users tab.
Navigate the Dell Server Event ID - Unique number assigned to each threat event. Description - Description of the last preventative action taken to handle the threat. User Name - The DOMAIN\Username associated with the endpoint where the threat was identified. Received - Date/time stamp when the last action was taken to handle a threat. Navigate the Threat Event Data To sort the data, click a column header. Use the controls at the bottom of the page to: Advance to the top of the data.
Security Management Server Virtual v10.2.11 AdminHelp Auto Run - Indicates whether the file was set to automatically run upon startup. Detected By - Indicates whether the file was detected by Execution Control or by Memory Protection. Configure the Threat List Add or Remove Columns Click an arrow next to any column header and select Columns to add columns to, or remove columns from, the table.
Navigate the Dell Server Check box - Select all events by selecting the check box in the column heading row, or select individual events. When you select a check box, Quarantine and Waive are activated. Added - Date and time when the exploit attempt was added. Process Name - Name of the process identified as an exploit attempt. Process ID - Unique number associated with the exploit attempt. Type - Type of memory exploit: Exploitation, Process Injection, Escalation.
Security Management Server Virtual v10.2.11 AdminHelp Sha256 - The file's 256-character Secure Hash Algorithm can be compared with an expected result to indicate whether the file has been tampered with. Score - The threat file's score, indicating the confidence level that the file is malware. The higher the number, the greater the confidence.
Navigate the Dell Server Priority rankings (1 is highest): 1. 2. 3. 4. 5. Wipe Lock Remove Users Unlock Bypass For example, a Wipe command cancels a Lock command that was previously queued to send to the endpoint.
Security Management Server Virtual v10.2.11 AdminHelp 3. If you know the full endpoint hostname, enter it in Search. Leave the field blank to display all Workstation endpoints. 4. Click 5. Click the endpoint hostname with the self-encrypting drive to unlock. 6. Click the Details & Actions tab. 7. Under SED Device Control, click Unlock. 8. Click Yes to confirm that you want to send the Unlock command to the endpoint. . An endpoint or list of endpoints displays, based on your search filter.
Navigate the Dell Server The Wipe command functions as a “restore to factory state” for the self-encrypting drive. In an emergency situation, wipe the computer, making the data permanently unrecoverable. When the wipe command is consumed, all history and details about this endpoint are removed. Ensure that this is the desired behavior before invoking this command. To send the Wipe command, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Select the Workstation Endpoint Type. 3.
Security Management Server Virtual v10.2.11 AdminHelp To view, assign, or modify administrator roles at the User level, see User Admin. Related topics: Administrator Roles User Admin Delegate Administrator Roles Administrator Roles Administrator login is integrated with Active Directory to simplify the process of managing administrators and to allow you to leverage your existing user authentication infrastructure.
Navigate the Dell Server Remove an endpoint ● ● Change Dell Server Options ● ● Suspend a User ● Reinstate suspended user ● Deactivate a User ● View policies ● ● ● Modify policies ● ● ● Commit policies ● ● ● Issue commands ● Analyze logs ● ● ● View Administrators ● Create, change, and delete Administrator accounts ● Delegate Administrator privileges ● Download Endpoint software ● Download recovery key bundle ● ● ● ● ● Provision or recover the Advanced Threat Preven
Security Management Server Virtual v10.2.
Navigate the Dell Server Schedule and rename a report that is set to run at a specified interval in the Compliance Reporter Scheduler and Manage Reports ● ● ● Enter or modify settings in Compliance Reporter and Manage Reports Settings ● ● ● Set up Compliance Reporter plugins ● ● ● Open a Report, modify an online Report display, and rename a Report view in Compliance Reporter Manage Reports ● ● ● Generate, export, store, print, and email a Report result in Compliance Reporter and Manage Repor
Security Management Server Virtual v10.2.11 AdminHelp member of the user group in the Dell Server database. Delegated administrator rights are effective only with regard to Users who are members of the user group in the Dell Server database. Only the superadmin and account administrator can delegate administrator rights. To delegate Administrator rights, follow these steps: 1. In the left pane, click Populations > User Groups. 2. Search for the appropriate group. 3. Click the Admin tab. 4.
Navigate the Dell Server View or Modify an Existing Report On the Manage Reports page, select a report from the Name column to view an instance of that report. The owner can make the report private or public. See View Report. Create a New Report On the Manage Reports page, click Create New Report and select an option. An instance of that report opens to customize the information to display. See View Report.
Security Management Server Virtual v10.2.11 AdminHelp priority level, date and time periods, and occurrences of usernames and hosts. See Log Analyzer. ATP Event Provides reports of events for the entire enterprise based on information available in the Dell Server. See Advanced Threat Events tab filters. EMS Event Provides data about events that occur when removable media is used. BitLocker Manager Customize a report to see if BitLocker is enabled and to view details. See Manager Detail (Windows only).
Navigate the Dell Server To add an email schedule for a report: 1. In the left pane of the Management Console, click Reporting > Manage Reports. 2. In Columns, click a report name then click Schedule. 3. In Schedules, click Add Schedule. 4. In Add Schedule, set the following parameters: 5.
Security Management Server Virtual v10.2.11 AdminHelp To use TLS/SSL,the syslog server must be configured to listen for TLS/SSL messages. The root certificate used for the syslog server configuration must be added to the Dell Server Java keystore. The following example shows necessary configurations for a Splunk server with default certificates. Configurations are specific to individual environments. Property values vary when using non-default certificates. 1.
Navigate the Dell Server Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell Server operating system Java keystore. The certificate is added to the operating system Java keystore and not to the Dell Server application Java keystore. keytool -keystore -alias -importcert -file Add the Splunk server's root certificate (cacert.pem) to /etc/ssl/certs/java/cacerts and restart the Security Management Server Virtual. 4.
Security Management Server Virtual v10.2.11 AdminHelp • When a device is removed. Example Message for Device Removed Event: • When a device’s policy or logging level has changed. Example Message for Device Updated Event: Memory Protection Selecting this option logs any Memory Exploit Attempts that might be considered an attack from any of the Tenant’s devices to the Syslog server. There are four types of Memory Exploit actions: • None: Allowed because no policy has been defined for this violation.
Navigate the Dell Server Threats Select this option to log any newly found threats or changes observed for any existing threat, to the Syslog server. Changes include a threat being Removed, Quarantined, Waived, or Executed. There are five types of Threat Events: • threat_found: A new threat has been found in an Unsafe status. • threat_removed: An existing threat has been Removed. • threat_quarantined: A new threat has been found in the Quarantine status.
Security Management Server Virtual v10.2.11 AdminHelp IP/Domain Specifies the IP address or fully-qualified domain name of the Syslog server that the customer has setup. Consult with your internal network experts to ensure firewall and domain settings are properly configured. Port Specifies the port number on the devices that the Syslog server listens for messages. It must be a number between 1 and 65535.
Navigate the Dell Server Commit Policies Uncommitted policies display in a badge icon in the top left of the Management Console. Click the badge icon to navigate to Management > Commit. To commit polices that have been modified and saved: 1. In the left pane, click Management > Commit. 2. In Comment, enter a description of the change. Best practice: add a comment about the changes that are committed. 3. Click Commit Policies.
Security Management Server Virtual v10.2.11 AdminHelp • Date Range - Enter a Start Date and End Date to limit results to entries that occur between these dates. To insert dates into these fields, click the calendar icons to the right of the fields. • Time Range - If you entered a Date Range, further narrow the entries by entering a Start Time and End Time. To insert times into these fields, click the calendar icons to the right of the fields.
Navigate the Dell Server 11. Ask the user for the Shield ID and verify that it is correct or enter it into Shield ID. Shield IDs do not contain the letters B, O, Q, and S. 12. Ask the user for the 8, 16, or 32-character Endpoint Code (not case sensitive) and enter it into the appropriate field. Endpoint Codes contain only the letters A-F. 13. Ask the user for the Key ID and enter it into the appropriate field (if your organization allows non-domain user activation, the Key ID is required. 14.
Security Management Server Virtual v10.2.11 AdminHelp meet the criteria set by policy, a dialog displays, outlining the password criteria. password. password. If a password does not meet the criteria set by policy, a dialog displays, outlining the password criteria. If a password does not meet the criteria set by policy, a dialog displays, outlining the password criteria. The user may now use the removable media as usual.
Navigate the Dell Server If more than one Dell Server is part of a federation, to perform Encryption External Media Recovery across Dell Servers in the federation, enable federated key recovery: 1. Navigate to \conf\ and open the federatedservers.properties file. 2. Update the server.code property with a new a code, password or passphrase to be shared across Dell Servers in the federation.
Security Management Server Virtual v10.2.11 AdminHelp See the Encryption Enterprise for Mac Administrator Guide, available at dell.com/support for the most up-to-date recovery instructions. License Management License Management To view usage of Client Access Licenses (CALs) that you own and upload new licenses, click Management > License Management. Upload Client Access Licenses You received CALs separately from the installation files, either at the initial purchase or later if you added additional CALs.
Navigate the Dell Server 1. 2. License structure: a. Disk Encryption (DE) – Dell Encryption (Windows and Mac), Encryption External Media , SED Manager, Full Disk Encryption, BitLocker Manager. b. Encryption External Media (EME) c. Threat Protection (TP) - includes Malware Protection and/or Client Firewall and/or Web Protection features d.
Security Management Server Virtual v10.2.11 AdminHelp CAL Information License Management On The Box Licenses See On The Box Licenses for information about the type of licenses in use and the associated Service Tags. 1. In the left pane, click Management > License Management. 2. Select the On The Box Licenses pane. Services Management Services Management From the left pane of the Management Console, select Management > Services Management.
Navigate the Dell Server Clients are automatically provisioned with Advanced Threat Prevention. After provisioning is complete, the Setup link no longer displays. Recover service You will need your backed up certificate to recover the Advanced Threat Prevention service. 1. In the left pane of the Management Console, click Management > Services Management. 2. Click Recover Advanced Threat Prevention Service. 3.
Security Management Server Virtual v10.2.11 AdminHelp Receive product notifications To enroll to receive product notifications: 1. In the left pane, click Management > Services Management. 2. Select the Product Notifications tab. 3. Click On then click Save Preferences. Note: The product notification switch does not display when servers are configured in disconnected mode. Stop receiving product notifications To stop receiving product notifications: 1.
Navigate the Dell Server If the test email passes through the Dell Server successfully, a notification with the following results displays: • • • • Sent From - email used for testing workflow. Server Name - SMTP server used. SMTP Port - SMTP port in use for email notifications. Authentication - true or false value for authentication protected notifications. Related topics: License Management Enable SMTP Server for Email Notifications Use this procedure to enable the SMTP server for email notifications.
Security Management Server Virtual v10.2.11 AdminHelp 12. In the Summary Report, to enable reports of notifications, select the desired interval (daily, weekly, or monthly) and then press the space bar to enter an X in the field. 13. Select OK. Product Notifications You can enroll to receive notifications of product updates, recommended configuration changes, and relevant knowledge base articles. Receive product notifications To enroll to receive product notifications: 1.
Navigate the Dell Server login.cooldown.max.failed.attempts=3 3. Edit the following property to change the length of lockout time after the maximum allowed number of failed login attempts is reached. login.cooldown.minutes=5 4. Save the file, and restart the Security Server. Downloads Endpoint Software To download the latest version of Dell Encryption: 1. In the left pane, click Management > Downloads. 2. Select the Endpoint Software tab. 3. Click Navigate to Download.
Manage Policies Manage Security Policies You can apply security policies at the Enterprise, Domain, User Group, User, Endpoint Group, and Endpoint levels. Default policy settings allow your enterprise to get started with Dell security, but you should customize the security and configuration settings. If you've migrated from an earlier version of Dell Server, your policy settings have been migrated for you. Security policies are grouped by technology.
Manage Policies selected language. For more information, see Localize Policies Displayed on the Endpoint Computer and Localizable_policies. The default setting of a localizable policy is overridden. A localizable policy change is not yet committed. To remove a policy override, hover over the red flag next to the policy name. The red flag becomes a red X. Click the red X to revert to the default value. Group precedence You can Modify Group Precedence.
Security Management Server Virtual v10.2.11 AdminHelp 4. Select a language for localizable policies from the list at the top right of the screen. 5. Enter text that is in the language you selected for localizable policies. Navigate the populations and technology groups as necessary to localize all desired policies for that language. 6. Click Save. 7. To update policies in a different language, select the language from the list, enter localized text for all desired policies, and click Save.
Manage Policies Windows Encryption > Full Disk Encryption Support Information Text Full Disk Encryption Title Text Legal Notice Text Self Help Questions Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Security Management Server Virtual v10.2.11 AdminHelp Application Data Encryption List Managed Services Removable Media Encryption > Windows Media Encryption EMS Device Whitelist EMS Access Code Required Message EMS Access Code Failed Message Endpoints Level Technology Group Policy Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Manage Policies This technology manages drives using software-based Full Disk Encryption. Authentication by users through a Pre-Boot Authentication environment (before the operating system has booted) is required to unlock the drive. Full Disk Encryption (FDE) Encryption Algorithm Encryption Mode Off On Off Toggle to ON to enable all full disk encryption policies. If this policy is toggled to OFF, no full disk encryption takes place, regardless of other policy values.
Security Management Server Virtual v10.2.11 AdminHelp encryption. This allows greater protection over individual data than traditional full disk encryption, by limiting access on a computer to only what a user is authorized to view. Policy-Based Encryption Application Data Encryption Key SDE Encryption Enabled 123 On On Off Toggle to ON to enable all policy-based encryption policies. If this policy is toggled to OFF, no policy-based encryption takes place, regardless of other policy values.
Manage Policies encryption is disabled, regardless of other policy values. Selected means that all data not encrypted by other Intelligent Encryption policies are encrypted per the SDE Encryption Rules policy. Changing the value of this policy requires a reboot. String F#:\ -^%ENV:SYSTEMDRIVE%\System Volume Information -^%ENV:SYSTEMROOT%\;dll.exe.sys.ocx.man.cat.manifest.policy -^%ENV:SYSTEMROOT%\System32 -^%ENV:SYSTEMROOT%\SysWow64 -^%ENV:SYSTEMROOT%\WinSxS -^%ENV:SYSTEMROOT%\Fonts ^3@%ENV:SYSTEMROOT%\SYST
Security Management Server Virtual v10.2.11 AdminHelp -^3%ENV:SYSTEMDRIVE%\Program Files\McAfee -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Common Files\McAfee -^3%ENV:SYSTEMDRIVE%\\Program Files (x86)\Mcafee -^%ENV:SYSTEMDRIVE%\Program Files\Trend Micro\ -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace Common Encrypted Folders String - maximum of 100 entries of 500 characters each (up to a maximum of 2048 characters) A
Manage Policies BitLocker Encryption TPM Manager Enabled Disable Sleep Mode Encrypt System Drive Encrypt Fixed Drives Not Managed Managed Not Managed Toggle to Managed to enable BitLocker Manager policy settings. Toggling to Not Managed disables all BitLocker Manager policies, regardless of other policy values. Not Selected Selected Not Selected Selected enables TPM management with BitLocker management.
Security Management Server Virtual v10.2.11 AdminHelp Fixed Drives. Turn Off Encryption causes Manager to decrypt any BitLocker encrypted fixed drives. Encrypt Removable Drives Require Additional Authentication at System Startup Allow BitLocker Encryption Without a Compatible TPM 127 Do Not Manage Do Not Manage Turn On Encryption Turn Off Encryption Do Not Manage ignores Removable Drives. Turn On Encryption allows BitLocker to encrypt Removable Drives.
Manage Policies BitLocker recovery for access. To use this policy, Require Additional Authentication at System Startup must be set to Selected. Configure TPM Startup Configure TPM Startup PIN Configure TPM Startup Key Allow Do Not Allow Require Allow On computers with a compatible TPM, three types of authentication are supported.
Security Management Server Virtual v10.2.11 AdminHelp Configure TPM Startup Key and PIN Encryption Method and Cipher Strength (OS Volumes) Encryption Method and Cipher Strength (Removable Volumes) Encryption Method and Cipher Strength (Fixed Volumes) 129 Do Not Allow Do Not Allow Require Allow To use this policy, Require Additional Authentication at System Startup must be set to Selected.
Manage Policies strength used by BitLocker Drive Encryption for Fixed Volumes. See advanced settings Policy Default Setting Description Server Encryption This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based authentication instead of the typical user-based authentication. This technology allows for protection of devices such as Windows Servers that do not commonly have users logged in.
Security Management Server Virtual v10.2.11 AdminHelp Daily: Runs the task every day at the specified Server Maintenance Schedule Start Time. Weekly: Runs the task weekly on the days specified in Server Maintenance Day of the Week. Monthly: Runs the task monthly on the specified Server Maintenance Day of the Month. Quarterly: Runs the task quarterly on the specified Server Maintenance Day of the Month. Annually: Runs the task annually on the specified Server Maintenance Day of the Month.
Manage Policies -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace Encryption Enabled Selected been tested extensively. Removing these exclusions may result in Windows issues, particularly after applying patch updates. Contact ProSupport for guidance if you are unsure about changing the values. This policy must be selected to use all Common Encryption policies.
Security Management Server Virtual v10.2.
Manage Policies COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the current user. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Security Management Server Virtual v10.2.11 AdminHelp A word about types of encryption: SDE is designed to encrypt the operating system and program files. To accomplish this purpose, SDE must be able to open its encryption key while the operating system is booting without intervention of a password by the user. Its intent is to prevent alteration or offline attacks on the operating system by an attacker. SDE is not intended for user data.
Manage Policies onenotem.exe The text in this policy is translatable. More... You can also specify these process names (separated by commas) via the registry value HKLM\Software\Dell\CMGShield\ApplicationDataEncryptionList. The Encryption client encrypts all new files (not already being encrypted by Common Encrypted Folders and User Encrypted Folders) on the current computer hard drives created by these application processes whenever they are owned by a currentlylogged-on managed user.
Security Management Server Virtual v10.2.11 AdminHelp Outlook Personal Folders Encrypt Temporary Files Encrypt Temporary Internet Files Encrypt User Profile Documents Encrypt Windows Paging File Managed Services Secure PostEncryption Cleanup 137 %\Microsoft\Outlook) with the User data encryption key. Selected When this policy is selected, the paths listed in the environment variables TEMP and TMP are encrypted. TEMP and TMP for the operating system are encrypted with the Common encryption key.
Manage Policies of 1s and 0s, then with its complement, and then with random data. • Seven-pass Overwrite overwrites it with a standard pattern of 1s and 0s, then with its complement, and then with random data five times. This value makes it most difficult to recover the original files from memory, and yields the most secure encryption processing.
Security Management Server Virtual v10.2.11 AdminHelp • Encrypt Temporary Internet Files • Encrypt User Profile Documents (except \All Users\Shared Documents) Select: • Common for User Encrypted Folders to be accessible by all managed users on the computer where they were created (the same level of access as Common Encrypted Folders), and encrypted with the Common encryption algorithm. More...
Manage Policies Polling Interval The interval that the Encryption client attempts to poll Policy Proxy for policy updates, and send inventory information to Policy Proxy. The Encryption client also attempts to poll Policy Proxy each time a user logs on. Selected This policy is available at the Enterprise, Domain, User Group, and User levels. This policy is used only by the Encryption client. Other applications do not have an activation policy setting.
Security Management Server Virtual v10.2.11 AdminHelp If the client is processing a large file that an application needs, and this policy is Selected, it may appear that the application is unresponsive or slow to open (with no message indicating what the issue is). Care should be taken when using this policy.
Manage Policies Encryption Processing Only When Screen is Locked Hide Overlay Icons When True, there is no encryption or decryption of data while the user is actively working. The client will only process data when the workstation screen is locked. When False, encryption processing occurs any time, even while the user is working. User-Optional adds an option to the notification area icon allowing the user to turn this feature on or off.
Security Management Server Virtual v10.2.
Manage Policies Allow Data Recovery Agent for Protected Fixed Data Drives Config User Storage of BitLocker 48-digit Recovery Password Config User Storage of BitLocker 256-bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Info to AD DS for Fixed Data Drives BitLocker Recovery Info to Store in AD DS Do Not Enable BitLocker Until Recovery Info is Stored in AD DS for Fixed Data Drives Allow Data Recovery Agent for Protected Fixed Data Drives Configure User Storage
Security Management Server Virtual v10.2.11 AdminHelp settings on the domain must be first configured before applying this policy. The Choose How BitLocker-protected Fixed Drives Can be Recovered policy must be set to Selected to use this policy. To use this policy, Save BitLocker Recovery Information to AD DS for Fixed Data Drives must be set to Selected.
Manage Policies Save Recovery Password Encryption Method and Cipher Strength Enable Organizational Unique Identifiers because it does not prompt the user when saving recovery passwords. Microsoft defines this policy as: This setting provides the default path that is displayed when the BitLocker drive encryption setup wizard prompts the user to enter the location of a folder to save the recovery password. The text in this policy is translatable.
Security Management Server Virtual v10.2.11 AdminHelp Card Certificate Identifier Smart Card Certificate Identifier Not Selected This policy allows or denies an object identifier to be specified for enhanced key usage with a certificate. This policy must be set to Selected to use the policy Smart Card Certificate Identifier. 1.3.6.1.4.1.311.67.1.1 1.3.6.1.4.1.311.67.1.1 This policy provides for an object identifier to be specified for enhanced key usage with a certificate.
Manage Policies Configure User Storage of BitLocker 48-digit Recovery Password Configure User Storage of BitLocker 256-bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Info to AD DS for Operating System Drives BitLocker Recovery Information to Store in AD DS (Windows Server 2008 Only) Do Not Enable BitLocker Until Recovery Information is Stored in AD DS for Operating System Drives Allow Data Recovery Agent for Protected Operating System Drives Configure User S
Security Management Server Virtual v10.2.11 AdminHelp Information is Stored in AD DS for Operating System Drives Configure Use of HardwareBased Encryption for Operating System Drives stored in the Dell Server, this policy additionally requires BitLocker drive encryption recovery information to be stored in AD DS. The appropriate schema extensions and access control settings on the domain must be configured before using this policy.
Manage Policies Configure Password Complexity for Operating System Drives Minimum Password Length for Operating System Drives Require ASCIIOnly Passwords for Operating System Drives Use Enhanced Boot Configuration Data Profile Allow Allow Require Do Not Allow When set to Require, a connection to a domain controller is necessary to validate the complexity of the password.
Security Management Server Virtual v10.2.11 AdminHelp PCR8,on PCR9,on PCR10,on PCR11,on PCR12,off PCR13,off PCR14,off PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off More... If you enable this policy before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive.
Manage Policies PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off Profile must be set to Selected. Configure UEFI TPM Platform Validation Profile Not Selected Selected Not Selected Set to Selected to enable boot up UEFI TPM drive unlocking. Selected allows the configuration of how the UEFI TPM security hardware secures the BitLocker encryption key. This policy does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
Security Management Server Virtual v10.2.
Manage Policies Recovered Allow Data Recovery Agent for Protected Removable Data Drives Configure User Storage of BitLocker 48digit Recovery Password Configure User Storage of BitLocker 256bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard for Removable Media Save BitLocker Recovery Information to AD DS for Removable Data Drives BitLocker Recovery Information to Store in AD DS for Removable Data Drives data drives are recovered in the absence of the required credentials. More...
Security Management Server Virtual v10.2.11 AdminHelp applying this policy. To use this policy, Choose How BitLocker-protected Removable Drives Can be Recovered must be to Selected. To use this policy, Save BitLocker Recovery Information to AD DS for Removable Data Drives must be set to Selected.
Manage Policies This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based authentication instead of the typical user-based authentication. This technology allows for protection of devices such as Windows Servers that do not commonly have users logged in. Server Encryption Allow Software Server Encryption Off On Off This policy enables or disables System Data Encryption (SDE) and Common encryption on the client server.
Security Management Server Virtual v10.2.11 AdminHelp Month Infinite Suppress Not Selected When Selected, an automatic reboot is suppressed indefinitely. Port Control System Disabled Enable or Disable all Port Control System policies. If this policy is set to Disable, no Port Control System policies are applied, regardless of other Port Control System policies. All PCS policies require a reboot before the policy takes effect.
Manage Policies Read Only: Allows read capability. Write data is disabled Blocked: Port is blocked from read/write capability This policy is endpoint-based and cannot be overridden by user policy. Enabled PARENT to the next policy. Set this policy to Enabled to use the Subclass Windows Portable Device (WPD): Storage policy. Setting this policy to Disabled disables the Subclass Windows Portable Device (WPD): Storage policy - no matter what its value. Control access to all Windows Portable Devices.
Security Management Server Virtual v10.2.11 AdminHelp awareness from a security perspective for users that the data being written to that media is protected. When set to Roaming, the owner of the removable media is automatically authenticated if logged into a computer other than the one where the media was encrypted and the computer is running either the full Encryption client or EMS Service.
Manage Policies the manufacturer identifier, product identifier, revision, and hardware serial number: To whitelist a removable media device, provide a string value that matches portions of the device’s PNPDeviceID. Multiple device PNPDeviceIDs are allowed.
Security Management Server Virtual v10.2.11 AdminHelp EMS Mixed Case Required in Password Selected EMS Number of Characters. Required in Password 8 1-40 characters Minimum number of characters required in the password. EMS Numeric Characters Required in Password Selected Selected requires one or more numeric characters in the password. EMS Password Attempts Allowed 3 EMS Special Characters Required in Password Not Selected Selected requires one or more special characters in the password.
Manage Policies count as characters used. Messages over the 512 character limit are truncated on the client. Optionally customize the message to include specific instructions about how to contact the help desk or security administrator. EMS Encryption Rules String Encryption rules to be used to encrypt/not encrypt certain drives, directories, and folders. A total of 2048 characters are allowed. "Space" and "Enter" characters used to add lines between rows count as characters used.
Security Management Server Virtual v10.2.11 AdminHelp iPod Mini 4gb second generation Dell does not recommend the use of the iPod Shuffle, as unexpected results may occur. As iPods change, this information could also change, so caution is advised when allowing the use of iPods on Encryption External Media-enabled computers. Because folder names on iPods are dependent on the model of the iPod, Dell recommends creating an exclusion encryption policy which covers all folder names, across all iPod models.
Manage Policies Common Encryption Algorithm AES256 Exe List Application Data Encryption List winword.exe excel.exe powerpnt.exe msaccess.exe winproj.exe outlook.exe acrobat.exe visio.exe mspub.exe winzip.exe winrar.exe onenote.exe onenotem.exe AES 256 or AES 128 Encryption algorithm used to encrypt data at the endpoint (all users) level. System paging files are encrypted using AES 128. Encryption algorithms in order of speed, fastest first, are AES 128, AES 256, 3DES.
Security Management Server Virtual v10.2.11 AdminHelp Encrypt Temporary Files Encrypt User Profile Documents Encrypt Windows Paging File Managed Services Secure PostEncryption Cleanup Secure Windows Credentials 165 Not Selected When this policy is selected, the paths listed in the environment variables TEMP and TMP are encrypted. TEMP and TMP for the operating system are encrypted with the Common encryption key.
Manage Policies More... A reboot is required when a change to this policy is delivered. To control this reboot, configure the following policies: Force Reboot on Update, Length of Each Reboot Delay, and Number of Reboot Delays Allowed. Block Unmanaged Access to Domain Credentials Selected This policy prevents unmanaged applications from accessing the Windows domain credentials when a user is logged in.
Security Management Server Virtual v10.2.11 AdminHelp policy is available only at the Enterprise level. Policy Proxy Polling Interval 720 1-1440 minutes The interval that the client attempts to poll Policy Proxy for policy updates, and send inventory information to Policy Proxy. The client also attempts to poll Policy Proxy each time a user logs on. See basic settings Variables Some Windows policies support the following variables.
Manage Policies COMMON_PROGRAMS COMMON_STARTUP COMMON_DESKTOPDIRECTORY APPDATA PRINTHOOD LOCAL_APPDATA ALTSTARTUP COMMON_ALTSTARTUP COMMON_FAVORITES INTERNET_CACHE COOKIES HISTORY COMMON_APPDATA WINDOWS SYSTEM PROGRAM_FILES PROGRAMFILES MYPICTURES PROFILE SYSTEMX86 PROGRAM_FILESX86 PROGRAMFILESX86 PROGRAM_FILES_COMMON PROGRAM_FILES_COMMONX86 COMMON_TEMPLATES COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES 168
Security Management Server Virtual v10.2.11 AdminHelp %HKCU:regpath% • Includes a numeric or text value stored in the registry for the current user. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Manage Policies Modifiers – What they are and what they do The ^ character is the “Override” command. It causes the listed policy to override protected directories. It may be followed by a “2” or a “3”, indicating the level of the override. The @ character is the “At” command. It will cause the listed policy to be applied at the specified folder location only (subdirectories of that folder are not subject to that policy). The - is the “Not” command.
Security Management Server Virtual v10.2.11 AdminHelp • The Override command (^) can be used with folders only when specifying an exclusion policy. • The At command (@) can be used with folders. • The Not command (-) can be used with folders. • You can make any combination of the supported modifiers for folders. If the Override command (^) is used, the statement can only be an exclusion statement. Examples of folder inclusion/exclusion C:\CustomApplication\DataStore What this does: On the C: drive,
Manage Policies ^C:\;doc.xls.ppt.docx.xlsx.pptx -^C:\MyApplicationFolder;doc.xls.ppt.docx.xlsx.pptx What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an inclusion, 4th statement is an exclusion) On the drive of C:, encrypt all files in folders at the root level and below, except for files residing in the protected directories and files residing in “MyApplicationFolder”.
Security Management Server Virtual v10.2.11 AdminHelp Favorites InternetCache LocalAppData Music Pictures Documents Programs Recent SendTo StartMenu Startup Templates The following CSIDL variables are supported: APPDATA COOKIES DESKTOPDIRECTORY FAVORITES INTERNET_CACHE LOCAL_APPDATA MYMUSIC MYPICTURES PERSONAL PROGRAMS RECENT SENDTO STARTMENU STARTUP TEMPLATES Some examples of variables used in folder and extension policy: %ENV:SYSTEMDRIVE%\CustomApplication What this does: This lists the folder \CustomAppl
Manage Policies Application Data Encryption (ADE) ADE encrypts any file written by a protected application, using a category 2 override. This means that any directory that has a category 2 protection or better, or any location that has specific extensions protected with category 2 or better, will cause ADE to not encrypt those files. For example, ADE does not encrypt any files written into /Windows/System32 folder, because this directory has a default protection of category 2.
Security Management Server Virtual v10.2.11 AdminHelp • If a file is targeted for encryption by any key other than SDE in addition to SDE, then SDE does not encrypt the file. • All encryption rules apply when writing SDE policies. Encryption Rules for SDE Encryption The following is the default SDE policy. Any changes to this policy should be considered carefully.
Manage Policies SDE Encryption Enabled = Not Selected Encrypt Windows Paging File = Not Selected Secure Windows Credentials = Not Selected Authentication Authentication Authentication policies allow you to configure user experience and Windows authentication. Policy descriptions also display in tooltips in the Management Console.
Security Management Server Virtual v10.2.11 AdminHelp Logon Authentication Policy for Users Windows Password and None The possible VALUES are: Windows Password None Fingerprints Contactless Card One-Time Password See advanced settings Microsoft Passport This technology allows the use of Microsoft Passport, specifically authentication attempts and PIN usage.
Manage Policies Support Information Text PBA Title Text Sync Users at PBA Activation Legal Notice Text String Please contact your system administrator. String 0-512 characters Text to display on the PBA support information screen. Customize the message to include specific instructions about how to contact the help desk or Security administrator. Not entering text in this field results in no support contact information being available for the user.
Security Management Server Virtual v10.2.11 AdminHelp Self Help Questions (Pre-8.0 clients) Initial Access Code At least 3 selectable questions Specify the questions to present to Windows users during recovery questions setup. Separate each question by a carriage return. These questions are used if the Windows password is forgotten. At least 3 questions must be specified.
Manage Policies Cached User Login Attempts Allowed 10 1-20 times Number of times that a cached user can attempt to log in. Self Help Question/Answer Attempts Allowed 3 1-10 times Number of times the user can attempt to enter the correct answer. Selected This policy simplifies the logon process when multi-factor authentication is enabled at both preboot and Windows logon. If selected (or not configured), authentication is required at preboot only, and users are automatically logged on to Windows.
Security Management Server Virtual v10.2.11 AdminHelp See basic settings Windows Authentication This technology sets definitions around user login, specifically what is required to login (password, smart card, fingerprint), password recovery options, and password requirements (number of attempts allowed, password length).
Manage Policies Recovery Questions for Windows Authentication Allow Recovery Questions Log Events Level At least 3 selectable questions Specify the questions to present to Windows users during recovery questions setup. Separate each question by a carriage return. These questions are used if the Windows password is forgotten. At least 3 questions must be specified.
Security Management Server Virtual v10.2.11 AdminHelp events provide information about the state of several important systems on the computer. They are logged on configurable intervals and generally used when events are remotely collected. The False Accept Rate is the probability of receiving a false acceptance decision when comparing fingerprints scanned from different fingers.
Manage Policies Reminder to Enroll Credentials (Admin) In one day Reminder to Enroll Credentials Expiration Date (Admin) The date (time is always 12 am) when authentication policy is going into full effect. Meaning, the client stops asking the local administrator to enroll credentials and forces them to enroll before they can logon. The default is “now”.
Security Management Server Virtual v10.2.11 AdminHelp this policy is toggled to OFF, Advanced Threat Prevention is disabled, regardless of other policies. File Actions Unsafe Executable Auto Quarantine with Executable Control Enabled Abnormal Executable Auto Quarantine with Executable Control Enabled Selected Selected Not Selected If selected, Unsafe executable files are automatically quarantined or blocked to prevent their execution.
Manage Policies from executing arbitrary code on the computer. This policy must be set to Selected to enable Exploit Protection. If this policy is Not Selected, no Exploit Prevention policies are applied. Action on Malicious Activity for Files and Folders Action on Malicious Activity for Registry On-Access Protection Block and Report Block Only Report Only Block and Report Prevents users from modifying or deleting Threat Protection system files and folders and sets the action to take upon attempt.
Security Management Server Virtual v10.2.11 AdminHelp Warn: Displays a warning to notify users of potential dangers associated with the site. Users must dismiss the warning before continuing. Enforcement Enable File Scanning for File Downloads Enable Secure Search Block Links to Risky Sites in Search Results Selected Selected Not Selected A Selected value scans all files (including .zip files) before downloading.
Manage Policies High 1) Protection status has changed. (Protected means that the Advanced Threat Prevention service is running and protecting the computer and needs no user or administrator interaction.) 2) A threat is detected and policy is not set to automatically address the threat. Medium 1) Execution Control blocked a process from starting because it was detected as a threat.
Security Management Server Virtual v10.2.11 AdminHelp Advanced Threat Prevention This technology is powered by Cylance and protects your operating system by detecting and preventing malware preexecution. Advanced Threat Prevention uses artificial intelligence and predictive mathematical models to quickly and accurately identify what is safe and what is a threat. Advanced Threat Prevention On Off Toggle ON to enable Advanced Threat Prevention.
Manage Policies Memory Protection Enabled Enable Exclude executable files Not Selected Selected String \Windows\System32\CmgShieldService.exe \Windows\System32\EMSService.exe \Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe \Program Files\McAfee\Agent\cmdagent.exe \Program Files\McAfee\Agent\FrmInst.exe \Program Files\McAfee\Agent\macmnsvc.exe \Program Files\McAfee\Agent\macompatsvc.exe \Program Files\McAfee\Agent\maconfig.exe \Program Files\McAfee\Agent\masvc.exe \Program Fil
Security Management Server Virtual v10.2.11 AdminHelp \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfehidin.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfemms.exe \Program Files\McAfee\Endpoint Security\Endp
Manage Policies \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\R
Security Management Server Virtual v10.2.11 AdminHelp Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfemms.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfevtps.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\vtpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\McChHost.exe \Prog
Manage Policies Exploitation: Stack Protect Exploitation: Overwrite Code Exploitation: Scanner Memory Search Alert Ignore Alert Block Terminate Specify the action to take when a stack protect threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.11 AdminHelp trying to read valid magnetic stripe track data from another process. Typically related to point-of-sale systems (POS). The Scanner Memory Search exploitation affects Windows operating systems. This policy does not apply to Mac clients. Exploitation: Malicious Payload Process Injection: Remote Allocation of Memory 195 Alert Ignore Alert Block Terminate Specify the action to take when a malicious payload is detected.
Manage Policies Process Injection: Remote Mapping of Memory Process Injection: Remote Write to Memory Process Injection: Remote Write PE to Memory Alert Ignore Alert Block Terminate Specify the action to take when a remote attempt to map memory threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.11 AdminHelp Generally this indicates that an attacker is attempting to execute code without first writing that code to disk. The Remote Write PE to Memory process injection affects Windows operating systems. This policy does not apply to Mac clients. Process Injection: Remote Overwrite Code Process Injection: Remote Unmap of Memory 197 Alert Ignore Alert Block Terminate Specify the action to take when a remote overwrite code threat is detected.
Manage Policies Process Injection: Remote Thread Creation Process Injection: Remote APC Scheduled Process Injection: Remote DYLD Injection (Mac OS X only) Alert Ignore Alert Block Terminate Specify the action to take when a remote thread creation threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.11 AdminHelp cause a shared library to be injected into a launched process. Attacks can modify the plist of applications like Safari or replace applications with bash scripts, that cause their modules to be loaded automatically when an application starts. The DYLD Injection process injection affects macOS operating systems. This policy does not apply to Windows clients.
Manage Policies Prevent Service Shutdown from Device Kill Unsafe Running Processes and Sub-Processes Background Threat Detection Watch for New Files Set Maximum Archive File Size to Scan Not Selected Selected Not Selected If selected, the Advanced Threat Prevention service is protected from being shut down either manually or by another process.
Security Management Server Virtual v10.2.11 AdminHelp Incorrect: \Program Files\Dell\ Spaces only must be escaped on Mac-based exclusions. Application Control Application Control Application Control Allowed Folders Enable Change Window Not Selected String Not Selected Selected Not Selected If Selected, specified devices are locked down, restricting any changes. Only applications that exist on a device before the lock-down are allowed to execute on that device.
Manage Policies Block Alert monitors Office macros running in the environment. Recommended for initial deployment. Block allows Office macros to run only from specific folders. This should be used only after testing in Alert mode. Note: Starting with Office 2013, macros are disabled by default. Most of the time, users should not be required to enable macros to view the content of an Office document. Dell recommends enabling macros only for documents from trusted users.
Security Management Server Virtual v10.2.11 AdminHelp Waive Global Allow Global Quarantine List Global Safe List String String The value of this policy includes a collection of hashes for portable executable that need to be allowed to run within the Endpoint Group or on the specific Endpoint. This policy will force allow files based on a SHA256 hash of the specific portable executable.
Manage Policies quarantined. 3) A file has been identified as a threat but waived on the computer. 4) The status of a current threat has changed (for example, Threat to Quarantined, Quarantined to Waived, or Waived to Quarantined).
Security Management Server Virtual v10.2.11 AdminHelp Threat Protection Action on Malicious Activity for Files and Folders Action on Malicious Activity for Registry Action on Malicious Activity for Processes Exclude Processes Off On Off Toggle to ON to enable Threat Protection. If toggled to OFF, no Threat Protection policies are applied. Threat Protection includes Malware Protection, Web Protection, and Client Firewall.
Manage Policies Schedule Repeats Daily Schedule Start Time String Day of the Week Wednesday Day of the Month Debug Logging for Malware and Exploit Protection Exploit Protection On-Access Protection Max Seconds for Scan 1 Not Selected Daily Weekly Monthly The schedule configuration defines when the task should run. Schedule types are Daily, Weekly, and Monthly. Daily: Runs the task every day at the specified Schedule Start Time.
Security Management Server Virtual v10.2.11 AdminHelp Scan Processes on Enable Scan Trusted Installers Scan When Copying Between Local Folders Reputation Service Sensitivity 207 Not Selected Selected Not Selected Rescans all processes that are currently in memory each time: - On-Access Scan is disabled and re-enabled. - The computer starts. When the on-access scanner is enabled, it always scans all processes when they are executed.
Manage Policies executing programs or operating systems. Detections found with this level are presumed malicious, but have not been fully tested to determine if they are false positives. Use this setting for on-demand scans on non-operating system volumes. This setting results in an average of 20–25 queries per day, per computer. On-Demand Protection Full Scan Selected Selected Not Selected This policy is the "master policy" for all other OnDemand Protection: Full Scan policies.
Security Management Server Virtual v10.2.11 AdminHelp Unwanted Programs Decode MIME Files Scan Archives Files Migrated to Storage Program Threats Macro Threats Scan Subfolders 209 Selected Not Selected Selected Not Selected Selected Selected Selected Selected Not Selected Enables the scanner to detect potentially unwanted programs. The scanner uses configured information to detect potentially unwanted programs.
Manage Policies Reputation Service Sensitivity Medium Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Security Management Server Virtual v10.2.11 AdminHelp Exclusions Threat First Response Threat First Response Fails Exploit First Response 211 String String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning.
Manage Policies Exploit First Response Fails Use Scan Cache Delete file Clean file Delete file Continue scanning Specifies the action for the scanner to take when an unwanted program is detected if the first action fails. Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Security Management Server Virtual v10.2.11 AdminHelp On-Demand Protection Quick Scan Boot Sectors Unwanted Programs Decode MIME Files Scan Archives Files Migrated to Storage Program Threats Macro Threats Scan Subfolders 213 Selected Selected Not Selected This policy is the "master policy" for all other OnDemand Protection: Quick Scan policies. If this policy is Not Selected, no On-Demand Protection: Quick Scan policies are enforced, regardless of other policy values.
Manage Policies Reputation Service Sensitivity Medium Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Security Management Server Virtual v10.2.11 AdminHelp String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning. Comma separated list of parameters: ,, Possible values: ,, Exclusions String Examples: FileOrFolder,C:\Users,false FileType,xml,false FileType,mp?,false Modified
Manage Policies Exploit First Response Fails Use Scan Cache Delete file Clean file Delete file Continue scanning Specifies the action for the scanner to take when an exploit is detected if the first action fails. Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Security Management Server Virtual v10.2.11 AdminHelp distributed on CDs from being executed and will automatically block and report the issue. Selected Selected Not Selected This policy enables scanning JavaScript and VBScript scripts to prevent unwanted scripts from executing. Note: If Script Scan Protection is disabled when Internet Explorer is launched, and then is enabled, it doesn't detect malicious scripts in that instance of Internet Explorer.
Manage Policies Prevention.
Security Management Server Virtual v10.2.11 AdminHelp Rating Action for Red Sites Rating Action for Yellow Sites Rating Action for Unrated Sites Rating Action for Red Downloads Rating Action for Yellow Downloads 219 Block Block Allow Warn Specifies the action to apply to sites that are rated Red. Block: Prevents users from accessing the site and displays a message that the site is blocked. Block is the default for Red sites. Allow: Permits users to access the site.
Manage Policies Rating Action for Unrated Downloads Allow Block Allow Warn Specifies the action to apply to file downloads that are Unrated. Block: Prevents users from downloading the file and displays a message that the download is blocked. Allow: Permits users to proceed with the download. Allow is the default for Unrated downloads. Warn: Displays a warning to notify users of potential dangers associated with the download file.
Security Management Server Virtual v10.2.
Manage Policies Text Translators Web Meetings For Kids History Moderated Text/Spoken Only Controversial Opinions Residential IP Addresses Browser Exploits* Consumer Protection Illegal UK Major Global Religions Malicious Downloads* Potentially Unwanted Programs See basic settings Policy Default Setting Description Client Firewall This technology protects computers by allowing administrators to determine which network traffic is permitted to pass between end user computers and the network.
Security Management Server Virtual v10.2.11 AdminHelp are started. Allow bridged traffic Enable IP spoof protection Enable firewall intrusion alerts Setting Check box Allows traffic with a local MAC address. The MAC address is an address in the list of VMs that Firewall supports, not the local system's MAC address. Use this option to allow traffic through a bridged environment with virtual machines.
Manage Policies legitimate source or destination of content/traffic. Medium Risk - This source/destination shows behavior that is considered suspicious. Any content/traffic from the site requires special scrutiny. Outgoing network - reputation threshold Setting Drop-down menu UI Control High Risk Unverified Do not block Medium Risk Specifies the rating threshold for blocking incoming or outgoing traffic from a network connection.
Security Management Server Virtual v10.2.11 AdminHelp DNS Blocking Domain name Button/text input field Defines domain names to block. When applied, this setting adds a rule near the top of the firewall rules that blocks connections to the IP addresses resolving to the domain names. Add - To add a domain name to block, click Add, then enter a domain name. You can use the * and ? wildcards. For example, *domain.com. Separate multiple domains with a comma (,) or a carriage return.
Manage Policies Radio button/Check box Actions Direction Notes Setting Allow Block Treat match as intrusion Log matching traffic Allow - Allows traffic through the firewall if the item is matched. Block - Stops traffic from passing through the firewall if the item is matched. Treat match as intrusion - Treats traffic that matches the rule as an attack and generates an event that is sent to the Reputation Service. The Block action for the rule must be selected for an event to be generated.
Security Management Server Virtual v10.2.11 AdminHelp To add a network, click Add, then specify the following: Name - Specifies the network address name (required). Type - Select either Local Network or Remote Network. Specify Networks Button/Drop-down menu/text input field Click Add, then specify the following: Network type - Specifies the origin or destination of traffic.
Manage Policies Description of the executable. File description String The MD5 hash of the process. Fingerprint Enable digital signature check String Check box Enables or disables the digital signature check that guarantees code has not been altered or corrupted since it was signed with a cryptographic hash. If enabled, specify: Allow any signature — Allows files signed by any process signer. Signed by — Allows only files signed by the specified process signer.
Security Management Server Virtual v10.2.
Manage Policies The Protection tab provides information about files and scripts that are potentially harmful. Threats The table lists all events found across the organization. An event may also be a threat but is not necessarily so. View additional information about a specific threat either by clicking on the threat name link to view details displayed on a new page or by clicking anywhere in the row of the threat to view details at the bottom of the page.
Security Management Server Virtual v10.2.11 AdminHelp 4. Enter a reason why the file should be listed as safe, and click Yes. Note: Occasionally, a “good” file may be reported as unsafe (this could happen if the features of that file strongly resemble those of malicious files). Waiving or safelisting the file can be useful in these instances. Edit Global List - Add or remove files from the global quarantine list. 1. Click Edit Global List. 2. Select the items to change. 3.
Manage Policies If the file has been uploaded for analysis, the Detailed Threat Data pane may display a comprehensive summary of the static and dynamic characteristics of the file including additional file metadata, file structure details, and dynamic behaviors such as files dropped, registry keys created or modified, and URLs with which it attempted to communicate. Note: If no results display in the Detailed Threat Data pane, the file has not yet been uploaded for analysis.
Security Management Server Virtual v10.2.11 AdminHelp 1. Navigate to Populations > Enterprise > Advanced Threats tab > Certificate tab. 2. Click Browse. 3. Select a certificate and click Open. 4. Click Upload Certificate. 5. Click OK once the upload is successful. For instructions about how to safelist a certificate, see Manage Enterprise Advanced Threats - Global List.
Manage Policies Production Status = Safe, New Status = Abnormal or Unsafe • • Your Organization considers the file as Safe Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine Production Status = Null (not seen or scored), New Status = Abnormal or Unsafe • • Your Organization considers the file as Safe Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine In the above scenarios, the recommendation is to Safelist the files to allow in your organization.
Security Management Server Virtual v10.2.11 AdminHelp 6. Enter the reason the file should be quarantined. 7. Click Submit. Remove a file from the global quarantine list Remove the selected file from the Global Quarantine list to allow it to run on any device in the organization. 1. Select Global Quarantine (n). 2. Select a file. 3. Click Remove from List.
Manage Policies 1. Select Safe (n). 2. Select Certificates (n). 3. Select the certificate to list as safe. 4. Click Add Certificate. 5. Select the category that fits the certificate. 6. Enter a reason why the certificate should be listed as safe, and click Submit. Note: You must upload a certificate for it to be available to safelist. For more information, see Manage Enterprise Advanced Threats - Certificate. Remove a certificate from the safe list 1. Select Safe (n). 2.
Security Management Server Virtual v10.2.11 AdminHelp 4. Select the category that fits the file. 5. Enter a reason why the file should be listed as safe, and click Yes. Note: Occasionally, a “good” file may be reported as unsafe (this could happen if the features of that file strongly resemble those of malicious files). Waiving or safelisting the file can be useful in these instances. Manually Add File to the Safe list 1. Select Unassigned (n). 2. Click Add File. 3.
Manage Policies With SIEM integration, to export data about threats, select Threat Data Report on the Options tab. For instructions and a description of exportable data, see Threat Data Report. Threat Data Report Select Threat Data Report on the Options tab to enable threat data export to .csv files. The following types of data are available for export: Threats - Lists all threats discovered in your organization.
Security Management Server Virtual v10.2.11 AdminHelp Compatibility Mode allows applications to run on the client computer while Memory Protection or Memory Protection and Script Control policies are enabled. Compatibility Mode is enabled through a registry setting or a command on the client computer. Compatibility Mode does not apply to Mac clients. To enable Compatibility Mode with a registry setting: 1. In the Remote Management Console, disable the Memory Protection Enabled policy.
Manage Policies 4. In the Management Console, enable the Memory Protection Enabled policy. If the Script Control policy was enabled, enable it. 5. Save the policy changes, and Commit_Policies. Disconnected Mode Policy Examples Examples for Global Allow, Quarantine List, and Safe List policies are shown below. Global Allow policy example
Security Management Server Virtual v10.2.11 AdminHelp temp\files\exe1.exe stuff\folder\exe2.
Manage Policies BgcXq7XUWxuJUTbo1Fv2jsCHYpd/hg1d+3SkNbI9qykHmK9gnCH2r7IHPlK5zvR9Y1eVxTshl6Jo xQMDD+M0VkrL3tHqlS1mJi9NI979dd8GiYnAqtkFsMg+FhOT2PkVkBSzLgkCF+rHWoeDdo+MVX79 X9XjJqT1kRwSM2p30IPi4g+NH6X/YPs6Fz7wb95jMx6ILX/L7pHGOdM0fSeSfwO/XIOyk5FhogOJ qY86SkJs437CS7+pW+nz82lXuFqNP4pZaG2xf2iepTDo89dAMQJGWEoCnlR1z0lPI8782TLLRm5O KytCrhUMut+P28K8LuPOTdTgSCnf2uVrcecQTz/BZOyqX5B6vy7g1P2H0HmEV1uVfhWMjABRoSK+ aI5VXd5qNRaY4zfn0w5Z6LOiIYDtvESgkLuw0bzHrsf5ADKEkwv9Ig09DxhDYzLdJlZp/DNMsnJG tvntZ/cezXbGtzJuGSFq7lem5L00cavDQ3
Security Management Server Virtual v10.2.
Manage Policies • All drives on the computer and their subfolders. By default, the scanner scans all file types, regardless of extension. On-Demand Protection - Quick Scan – Based on a schedule set in policy, the on-demand scanner runs a quick check of areas of the computer that are most susceptible to threats. Default: Selected (Enabled). By default, every time Quick Scan runs, it scans the following for threats: • Memory of all running processes. • Files that the Windows Registry references.
Security Management Server Virtual v10.2.11 AdminHelp level, the higher the number of malware detections. However, allowing more detections might result in more false positive results. The following values can be set: Disable - Samples are not submitted to the Reputation Service lab. Very Low - A detection is made available to Threat Protection when the Reputation Service lab publishes it instead of waiting for the next file update. Average of 10-15 queries per day, per computer.
Manage Policies Web Protection monitors web browsing and downloads to identify threats and enforce action set by policy when a threat is detected, based on ratings for websites. When you set the master policy, Web Protection, to On, you can set other policies for Web Protection. The Reputation Service analyzes each website and assigns a color-coded safety rating based on test results.
Security Management Server Virtual v10.2.11 AdminHelp or VSSETUP_64.EXE /SetRelayServerEnable=1 2. Restart the internal update server. 3. In the Management Console, navigate to Populations > Enterprise and select Malware Protection on the Security Policies tab. 4. In Malware Protection advanced settings, click Source Sites for Updates. 5. Click Add. 6. Enter a Name for the internal update server. 7. To enable connections to the internal update server, select Enabled.
Manage Policies scanned every time it is inserted. When this policy is Not Selected and the Windows Media Encryption policy is Selected, only new and changed files are encrypted. More... A scan occurs at every insertion so that any files added to the removable media without authenticating can be caught. Files can be added to the media if authentication is declined, but encrypted data cannot be accessed.
Security Management Server Virtual v10.2.11 AdminHelp Policy Default Setting Description Mac Media Encryption This technology works on Mac computers using Dell Encryption External Media to encrypt data on removable devices, which can be accessed using a user-defined password. These policies allow configuration of the Encryption External Media password requirements and the removable media allowed. Mac Media Encryption Off Toggle On to enable Mac Removable Media Encryption policies.
Manage Policies removable media and this policy is set to Read-Only, you cannot read or delete existing files on the unencrypted media, but no files can be edited on, or added to, the media unless it is encrypted. EMS Block Access to UnShieldable Media Selected Block access to any removable media that is less than 55 MB and thus has insufficient storage capacity to host Encryption External Media (such as a 1.44MB floppy disk).
Security Management Server Virtual v10.2.11 AdminHelp severe levels. Removable Media Policies that Require Logoff • Windows Media Encryption • EMS Scan External Media • EMS Encryption Algorithm • EMS Exclude CD/DVD Encryption • EMS Data Encryption Key Advanced Removable Media Encryption A note about Removable Media Encryption policies: Mac Media Encryption policies are device-based policies. This is different behavior than Windows Media Encryption, which are user-based.
Manage Policies authentication is Disabled, users must always manually authenticate to access encrypted media. Not Selecting Roaming automatic authentication helps to prevent users from forgetting their password when they take the media home or share it with a colleague. Not selecting Roaming automatic authentication also promotes a sense of awareness from a security perspective for users that the data being written to that media is protected.
Security Management Server Virtual v10.2.11 AdminHelp 1. 2. 3. Insert the removable media device into an encrypted computer. Open the EMSService.log in C:\Programdata\Dell\Dell Data Protection\Encryption\EMS. Find PNPDeviceID= For example: 14.03.18 18:50:06.834 [I] [Volume "F:\"] PnPDeviceID = USBSTOR\DISK&VEN_SEAGATE&PROD_USB&REV_0409\2HC015KJ&0 VEN=Vendor; Green highlighted text is for the vendor to be excluded PROD=Product/Model Name; Adding text highlighted blue also excludes all of Seagate’s USB drive
Manage Policies • Wipe Encryption Keys to delete the encryption keys on the removable storage, making the encrypted data inaccessible until the owner takes the media to an encrypted computer for which he has a login. EMS Access Code Required Message String - 5-512 characters - Authentication Failed: Please contact your system administrator. Message that displays when a user needs to contact you for an access code (after authentication failure). More... String Authentication Failed.
Security Management Server Virtual v10.2.11 AdminHelp .xlsx ^R#: \iPod_Control ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Notes ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Photos ;ppt.doc .xls.pptx .docx.xlsx Replacing these five rules with the following rule will force encryption of ppt, pptx, doc, docx, xls, and xlsx files in any directory on the iPod, including Calendars, Contacts, iPod_Control, Notes, and Photos: ^R#:\;ppt.doc.xls .pptx.docx.
Manage Policies in Password EMS Password Attempts Allowed EMS Special Characters Required in Password 3 Not Selected 1-10 Number of times the user can attempt to enter the correct password. Selected requires one or more special characters in the password. EMS Access and Device Code Length 16 8, 16, 32 Number of characters access and device codes have. 32 characters is the most secure, while 8 is the easiest to enter.
Security Management Server Virtual v10.2.11 AdminHelp unusable, use the following rules: -R#:\Calendars -R#:\Contacts -R#:\iPod_Control -R#:\Notes -R#:\Photos You can also force encryption of specific file types in the directories above. Adding the following rules will ensure that ppt, pptx, doc, docx, xls, and xlsx files are encrypted in the directories excluded from encryption via the previous rules: ^R#:\Calendars ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Contacts ;ppt .doc.xls .pptx.docx .xlsx ^R#: \iPod_Contr
Manage Policies forgetting their password when they take the media home or share it with a colleague. Disabling Roaming Authentication also promotes a sense of awareness from a security perspective for users that the data being written to that media is protected. EMS Access Encrypted Data on unShielded Device EMS Device Whitelist Selected Selected allows the user to access encrypted data on removable storage whether the endpoint is encrypted or not.
Security Management Server Virtual v10.2.11 AdminHelp Removable Media:Yes Detachable Drive:Yes BSD Name:disk2 Product ID:0x5406 Vendor ID:0x0781 (SanDisk Corporation) Version: 0.10 Serial Number:0000188C36725BC8 Speed:Up to 480 Mb/sec Manufacturer:SanDisk Location ID:0x24100000 Current Available (mA):500 Current Required (mA):200 Partition Map Type:MBR (Master Boot Record) S.M.A.R.T. status:Not Supported 4.
Manage Policies Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font. Policy Default Setting Description Dell Volume Encryption This technology allows the use of either Mac FileVault full disk encryption or Dell's proprietary Dell Volume Encryption. Dell Volume Encryption Encrypt Using FileVault for Mac Workstation Scan Priority On On Off Toggle ON to enable Dell Volume Encryption policies.
Security Management Server Virtual v10.2.11 AdminHelp 2. GKConnections (this registry entry is set automatically by the Encryption client, based on the this policy) 3. GK This policy works in conjunction with the Policy Proxy Polling Interval policy. You cannot specify ports in this policy. The Encryption client communicates with Policy Proxies using the GKPORT specified during client installation (the default is 8000). Inherited values for this policy accumulate.
Manage Policies restart prompt for five minutes each time. If the user does not respond to the prompt, the prompt is dismissed and next delay begins. If the fiveminute timer expires and no restart delays remain, the computer restarts immediately.
Security Management Server Virtual v10.2.11 AdminHelp first, are AES 128, AES 256. NOTE: This policy applies to Dell Encryption, not FileVault encryption. Firmware Password Mode FileVault 2 Policy Conflict Behavior Required Required, Optional Specify if the firmware password in older hardware is optional or required for Dell Volume Encryption. Ignore Ignore, Report, Convert Specify behavior when volume is Dell encrypted and policy is for FV2 encryption.
Manage Policies Windows Port Control This technology allows for control of all the physical ports on a Windows computer (disable/enable/bypass), and can be customized by port type. Windows Port Control Disabled Enable or Disable all Port Control System policies. If this policy is set to Disable, no Port Control System policies are applied, regardless of other Port Control System policies. All PCS policies require a reboot before the policy takes effect.
Security Management Server Virtual v10.2.11 AdminHelp USB port-level blocking and HID class-level blocking is only honored if we can identify the computer chassis as a laptop/notebook formfactor. We rely on the computer's BIOS for the identification of the chassis. See advanced settings Advanced Port Control Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font.
Manage Policies system for computer data storage for a broad range of media. To encrypt data written to CD/DVD media: Set EMS Encrypt External Media = True, EMS Exclude CD/DVD Encryption = False, and Storage Class: Optical Drive Control = UDF Only. Subclass Storage: Floppy Drive Control Read Only CHILD of Class: Storage. Class: Storage must be set to Enabled to use this policy. Full Access: Floppy Drive port does not have read/write data restrictions applied Read Only: Allows read capability.
Security Management Server Virtual v10.2.11 AdminHelp automatically removed from management. The inactivity period is based on the number of days since the Dell Server last received inventory information from the activated entity. Once removed, the entity is no longer included in reports, statistics, and other administrative views. If the activated entity communicates with the Dell Server after the inactivity period has expired, it returns to being in a managed state.
Manage Policies Client Retention Storage See 512 Megabytes of storage space Specifies the maximum storage space used by the client for audit data without transmission. advanced settings Advanced Global Settings Global Settings policies are available at the Enterprise, Endpoint Groups, and Endpoints levels. All Global Settings policies are endpoint-based, meaning the policies follow the endpoint, not the user.