Security Management Server Virtual v10.2.
Table of Contents Welcome ............................................................................................................................................................... 1 About Online Help ............................................................................................................................................. 1 Attributions & Copyrights ..................................................................................................................................
Table of Contents Notifications List .......................................................................................................................................... 35 Notification Types .................................................................................................................................... 35 Priority Levels ..........................................................................................................................................
Security Management Server Virtual v10.2.10 AdminHelp Add a User Group .................................................................................................................................. 48 Add Non-Domain Users ............................................................................................................................. 49 View or Modify Domain Policies and Information ....................................................................................
Table of Contents User Endpoints.......................................................................................................................................... 61 User Groups .............................................................................................................................................. 62 User Admin ...............................................................................................................................................
Security Management Server Virtual v10.2.10 AdminHelp View or Modify Endpoint Policies and Information .................................................................................. 74 View Effective Policy ............................................................................................................................... 75 Endpoint Details & Actions ....................................................................................................................... 76 Endpoint Detail ....
Table of Contents Administrators.............................................................................................................................................. 90 Assign or Modify Administrator Roles ....................................................................................................... 90 Administrator Roles .................................................................................................................................. 91 Delegate Administrator Rights ......
Security Management Server Virtual v10.2.10 AdminHelp Client Access License (CAL) Information ............................................................................................... 108 Licensing ............................................................................................................................................. 109 Upload Client Access Licenses ...............................................................................................................
Table of Contents %CSIDL:name% ................................................................................................................................. 132 %HKCU:regpath% ............................................................................................................................. 134 %HKLM:regpath% ............................................................................................................................. 134 %ENV:envname% ...........................................
Security Management Server Virtual v10.2.10 AdminHelp Protection of SystemRoot ............................................................................................................... 175 Encryption Rules for Encryption External Media ................................................................................ 175 What Happens When Policies Tie .......................................................................................................
Table of Contents Global Allow policy example .................................................................................................................. 240 Quarantine List and Safe List policy examples ...................................................................................... 242 Threat Protection Policy Overview ............................................................................................................ 243 Configurable Actions - After Threat is Detected ...............
Welcome About Online Help Version: 10.2.10 Attributions & Copyrights Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118. The software described is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Third Party Software I.
Welcome FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Security Management Server Virtual v10.2.10 AdminHelp III. Portions of this product use OrientDB. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. IV. Portions of this product use Apache Wink. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. V. Portions of this product use Jackson JSON. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VI. Portions of this product use Jetty.
Welcome XIX. Portions of this product make use of Struts Digester, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/), Apache License, Version 2.
Security Management Server Virtual v10.2.10 AdminHelp C. Neither the names of the copyright holders nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Welcome The Licensee may distribute original or modified STLport sources, provided that: o The conditions indicated in the above permission notice are met; o The following copyright notices are retained when present, and conditions provided in accompanying permission notices are met : Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice app
Security Management Server Virtual v10.2.10 AdminHelp XL. Portions of this product make use of ResizableLib. You may obtain a copy of the license at http://opensource.org/licenses/artistic-license-1.0. XLI. Portions of this product make use of Spring Framework. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. XLII. Portions of this product use $File: A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F.
Welcome Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 1. Additional Definitions.
Security Management Server Virtual v10.2.10 AdminHelp You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
Welcome If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. XLVIII. Portions of this product use DropNet. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. XLIX. Portions of this product use Hardcodet WPF NotifyIcon 1.0.8.
Security Management Server Virtual v10.2.10 AdminHelp THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Welcome LXXVII. Portions of this product use Jackson Annotations 2.4.4. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXVIII. Portions of this product use Apache Maven Wagon 2.2. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXIX. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXX.
Security Management Server Virtual v10.2.10 AdminHelp XCVIII. Portions of this product use Azure Active Directory Authentication Library 1.2.9. You may obtain a copy of the license at http://opensource.org/licenses/MIT. XCIX. Portions of this product use AF Networking 2.6.3. You may obtain a copy of the license at http://opensource.org/licenses/MIT. C. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. CI.
Welcome Portions of this product make use of the Mono and the Mono runtime, under MIT, BSD, and CXIX. Apache licenses. You may obtain a copy of the licenses at http://www.monoproject.com/docs/faq/licensing/.
Security Management Server Virtual v10.2.10 AdminHelp Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this product make use of the Mono .NET assemblies under MIT and BSD licenses. CXX.
Welcome NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions of this product make use of mkbundle in Mono under GNU LESSER GENERAL CXXI. PUBLIC LICENSE v3. You may obtain a copy of the license at https://www.gnu.org/licenses/lgpl.txt. GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc.
Security Management Server Virtual v10.2.10 AdminHelp 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library.
Welcome b. 6. Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Security Management Server Virtual v10.2.10 AdminHelp License Information: Copyright (c) 1999 - 2017 Dell Inc. All rights reserved. This software and associated documentation (if any) is furnished under a license and may only be used or copied in accordance with the terms of the license. Dell elects to use only the Apache license for any software where a choice of Apache v2, and Mozilla Public License 1.
Welcome 3. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a.
Security Management Server Virtual v10.2.10 AdminHelp 6. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a.
Welcome Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Get Started Get Started with Dell Data Security • Once your environment has been configured in the Server Configuration Tool, ensure that Dell services are . • Log in to the Management Console. • Add Client Access Licenses, as needed. • Add domains from your directory server. • If you require that users receive non-default policies upon activation, modify policies at the appropriate level. • Add groups and users, as necessary. • Assign administrators, as necessary. • Deploy clients.
Get Started Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends. In the top right, select the Widgets menu to add or remove the following widgets: • • • • • • Notifications Protection Status Threat Protection History Inventory History Summary Statistics The images below reflect what may be seen in the dashboard, depending on widgets enabled.
Security Management Server Virtual v10.2.10 AdminHelp An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Get Started Change Superadmin Password 1. In the masthead at the top of the screen, click the gear icon and select Change superadmin password. 2. Enter the current password. 3. Enter the new password. The new password must be at least 6 characters, contain at least one capital letter and one of these characters: ~@#$%^*()|?!{}[]. 4. Confirm the new password. 5. Click Update. After three failed login attempts, the superadmin account is locked for five minutes.
Components Default Port Values Compatibility Server: TCP/1099 (closed) Compliance Reporter: HTTP(S)/8084 Identity Server: HTTPS/8445 Core Server: HTTPS/8888 Policy Proxy: TCP/8000/8090 Security Server: HTTPS/8443 Forensic Server: HTTPS/8448 Client authentication: HTTPS/8449 (If using Dell Encryption on a server operating system) Management Console: HTTPS/8443 Client communication if using Advanced Threat Prevention: HTTPS/TCP/443 NTP time synchronization: TCP and UDP/123 (for more information, refer to http
Components Note: The purpose of Device Server proxy is to support legacy Encryption clients (pre-v8.0) that communicate with port 8081. Newer Encryption clients (v8.0 and later) are configured by the client installer to communicate with the Security Server (or Security Server proxy) on port 8443. The full Device Server is not installed in v8.1. The Device Server proxy forwards all communications to the Security Server behind the firewall.
Security Management Server Virtual v10.2.10 AdminHelp Policy Proxy Policy Proxy serves as intermediary between Dell Server and Encryption client, delivering information from each to the other. Time Slotting To prevent Dell Server traffic jams, Policy Proxies use a time slotting mechanism that allows them to independently choose well-distributed time slots for communicating with the Dell Server. Polling On every poll, the endpoint authenticates, checks for policy updates, and uploads inventory.
Navigate the Dell Server Navigation The Management Console is a central control center that the administrator can use to deploy and monitor security for the organization. It consists of security and configuration settings that are applied through policy to groups called Populations. The menu pane allows access to the following: Dashboard The Management Console opens to the dashboard.
Navigate the Dell Server To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the Management Console and select About. The About screen indicates that a Dell Server is in Disconnected mode, below the Dell Server version. Disconnected mode is different than a standard connected installation of Dell Server in the following ways.
Security Management Server Virtual v10.2.10 AdminHelp Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends.
Navigate the Dell Server An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Security Management Server Virtual v10.2.10 AdminHelp Notifications List The notifications list provides a configurable summary of news, alerts, and events to display on the dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and Notification Management. Notification Types Select the notification types to include in the list. Notifications of the remaining types are hidden. Types include: Update - News of upcoming product updates.
Navigate the Dell Server Certificate - Certificate expiration notification. Server Exceptions - A Dell Server communication issue is impacting deliveries of the following notifications: Threat Protection, Update, Config, Knowledge Base, and Announcement. After selecting one or more types, click in the neutral space above the list to apply the selections. Select Clear selected items to reset the selections in this list.
Security Management Server Virtual v10.2.10 AdminHelp Agent Inventory Processed - The date and time that the inventory was picked up from the queue and processed (Note: If the Dell Server is under load, the Processed and Received times may be different, but usually they are the same.) Shield - If encryption is installed on the endpoint, an icon displays. Manager (Windows only) - If installed on the endpoint, an icon displays. This includes endpoints with activated PBA, SED, or BitLocker Manager.
Navigate the Dell Server Click a file type for details of the events of that type. File types include: Unsafe - A suspicious file with a high score (-60 to –100) likely to be malware Abnormal - A suspicious file with a lower score (-1 to –59) less likely to be malware Quarantined - A file that is moved from its original location, stored in the Quarantine folder, and prevented from executing on a specific device. Waived - A file allowed to execute on a specific device.
Security Management Server Virtual v10.2.
Navigate the Dell Server Total score 5: High Priority Advanced Threat Prevention Classifications Advanced Threat Prevention can provide details on the static and dynamic characteristics of files. This allows administrators to not only block threats, but also to understand threat behavior to further mitigate or respond to threats. Type of Threat Threats are classified by the type of threat - Malware, Dual Use, and Potentially Unwanted Program.
Security Management Server Virtual v10.2.10 AdminHelp Rootkit Malware that enables access to a computer while protecting itself or other files to avoid detection and/or removal by administrators or security technologies. TDL, Zero Access Rootkit Trojan Malware that disguises itself as a legitimate program or file. Zeus Virus Malware that propagates by inserting or appending itself to other files. Sality, Virut Worm Malware that propagates by copying itself to another device.
Navigate the Dell Server RemoteAccess Technologies that can access another system remotely and administer commands on the remote system, or monitor user activities without user notification or consent. Putty, PsExec, TeamViewer Tool Programs that offer administrative features but can be used to facilitate attacks or intrusions. Nmap, Nessus, P0f Potentially Unwanted Programs The file has been identified as a Potentially Unwanted Program.
Security Management Server Virtual v10.2.10 AdminHelp Score A Score is assigned to each file. Negative scores, from -1 to -100 denote files that are deemed Abnormal or Unsafe. The score represents the confidence level that the file is malware. The higher the negative number, the greater the confidence. File Type The file is assigned a type, based on the score. File Types: Unsafe: A file with a score ranging from -60 to -100.
Navigate the Dell Server User groups Endpoint groups AD users Local users Endpoints Protected Not protected Shields Managers Modified policies Summary Statistics provides a breakdown of endpoints by platform, with a link to a detailed report for the selected platform: Windows Mac All Endpoint OS Report To access this page, click a platform link on the dashboard's Summary Statistics. If you click All and the Platform Report page opens, click view in the OS Report column.
Security Management Server Virtual v10.2.10 AdminHelp To access a Populations page, click Populations in the left pane and select a Population. For example, Populations > Enterprise. Tabs available on each Populations page provide information, allow you to edit details of the Population, and provide configuration options for that Population. The table lists the tabs available for each Population.
Navigate the Dell Server enterprise or for a specific endpoint. To view threat events of a specific endpoint, from the Enterprise Threat Events tab, select the endpoint's device in the Device ID column. To view threat events in the enterprise, follow these steps: 1. In the left pane, click Populations > Enterprise. 2. Click the Threat Events tab. 3. Select the desired severity level and time period to display events. To view threat events on a specific endpoint, follow these steps: 1.
Security Management Server Virtual v10.2.10 AdminHelp The Advanced Threat Events tab displays information about events for the entire enterprise based on information available in the Dell Server. The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available. To export data from the Advanced Threat Events tab, click Export and select Excel or CSV file format. Note: Excel files are limited to 65,000 rows. CSV files have no size limit.
Navigate the Dell Server Users Users are added through reconciliation. Reconciliation is the automated process the Dell Serveruses to compare user data in the Dell Server database with user data in the enterprise directory server and update the Dell Server database when necessary. In the left pane, click Populations > Users and then click a user name, to view details about the user. Click the arrow next to a User Name to view the Common Name, sAM Account Name, and User Principal Name.
Security Management Server Virtual v10.2.10 AdminHelp b. Enter a description for the group. c. Click Add Group. Notes: 1. Universal security groups are only supported for domains that connect through the Global Catalog port. Nested groups are not supported. Add Non-Domain Users To add non-domain users, the non-domain activation feature can be enabled by contacting Dell ProSupport and requesting instructions. View or Modify Domain Policies and Information 1.
Navigate the Dell Server Location - The location (path) of the domain within the enterprise structure. This information is derived from the fully qualified hostname or the computer name and domain portion of the hostname entered when the domain was added. Example: /com/enterpriseserver LDAP Url - URL to the active directory. This field is populated after adding the domain. The information is derived from the completed hostname. Example - LDAP://domainname.
Security Management Server Virtual v10.2.10 AdminHelp Host Name - The fully qualified hostname or the computer name and domain portion of the hostname (for example, ..com) for the enterprise directory server. Port - The port for the directory server. If you do not specify a port, the default port of 389 is used. The secure port, 636, uses an SSL connection instead of clear text. Global catalog ports are 3268 (cleartext) and 3269 (secure).
Navigate the Dell Server b. Enter a description for the group. c. Click Add Group. Notes: 1. Universal security groups are only supported for domains that connect through the Global Catalog port. Nested groups are not supported. Remove User Groups 1. In the left pane, click Populations > User Groups. 2. Click a group name link or enter a filter to search for available groups. The wildcard character (*) is supported. 3. Select a row to highlight it. 4. At the top, click Delete.
Security Management Server Virtual v10.2.10 AdminHelp • Last Reconciled - date and time stamp • AG Enabled - is configured for a user group when selected Members - To view or modify the information of a user in the group, click Members. The list of users in the group displays. Click a user to view the user's Security Policies, Details & Actions, Endpoints, User Groups, and Admin. For instructions on how to view or modify User information, refer to View or Modify User Information.
Navigate the Dell Server Windows Encryption Policy-Based Encryption Secure Post-Encryption Single-pass Overwrite Single-pass Overwrite Cleanup Windows Encryption Policy-Based Encryption Force Logoff/Reboot on Policy Updates Removable Media Encryption Windows Media Encryption Windows Media Encryption Removable Media Encryption Windows Media Encryption EMS Scan External Media Selected Not Selected On On Not Selected Not Selected User Group Details & Actions The User Group Details & Actions
Security Management Server Virtual v10.2.10 AdminHelp Add Users to the Group 1. On the Members tab, click Add Users to Group. 2. Search or select a user, then select the check box to the left of the user name. 3. Click Add Selected Users to Group. OR Select Upload Multiple User from File, then click Browse to select a CSV file and click Upload. Valid CSV requirements: • The file must be in valid CSV format and contain a maximum of 999 endpoints.
Navigate the Dell Server Edit Endpoint Group Priority Endpoint Group Priority can be changed only for Rule-Defined, Admin-Defined, and Active Directory Groups. System-Defined Group priority cannot be modified. In general, the Endpoint Group at the top of the list of Endpoint Groups has highest priority. The Endpoint Group at the bottom of the list has lowest priority.
Security Management Server Virtual v10.2.10 AdminHelp To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. Assign or Modify Administrator Roles View or modify existing administrator privileges. 1. In the left pane, click Populations > Administrators. 2.
Navigate the Dell Server Administrator Roles User Admin Delegate Administrator Roles View Reconciliation Date To view the date and time a user group's or user's information was last reconciled with Active Directory, click the Details & Actions tab for the group or user, and refer to last reconciled. For instructions, refer to View or Modify User Group Policies and Information and View or Modify User Policies and Information.
Security Management Server Virtual v10.2.10 AdminHelp If the query is too large, a dialog prompts you to revise the query. 7. 8. Select users from the directory user list to add to the Domain. The user names are added to the field below the list. Click X to remove the user name or click Add. Remove Users In general, a user cannot be removed in the Management Console. Instead, you must remove the user from Active Directory. Find Users 1. 2. 3. In the left pane, click Populations > Users.
Navigate the Dell Server Reinstate Suspended Users To reinstate a suspended user, follow these steps: 1. In the left pane, click Populations > Users. 2. Click a user name link or enter a filter to search for available users. To Search, enter Common Name, Universal Principal Name, or sAMAccountName. The wildcard character (*) is supported. 3. On the User Detail > Security Policies tab in the Windows Encryption technology group, click the Policy-Based Encryption policy group. 4.
Security Management Server Virtual v10.2.10 AdminHelp User Groups - Click Groups to view information for groups for which the user belongs. Click a user group to view the group's Security Policies, Details & Actions, Members, and Admin. Admin - Click to view, assign, or modify administrator roles assigned to the user. Select or deselect administrator types to modify administrator roles assigned to the user. 4. If modified, click Save.
Navigate the Dell Server Last Encryption Sweep Start - Date/time stamp, per user Sweep End - Date/timestamp, per user Encryption Failure - Click view for a simple list of files that could not be encrypted, per user States (Date/time stamp, per endpoint): Policy Updating User Encryption Profile Updating EMS Encryption Profile Updating User Data Encryption On Deactivation Pending Suspension Pending Suspended User Groups If the user belongs to a user group, this page displays information about the group and p
Security Management Server Virtual v10.2.10 AdminHelp Related topics: Administrator Roles Assign or Modify Administrator Roles Delegate Administrator Roles View Reconciliation Date To view the date and time a user group's or user's information was last reconciled with Active Directory, click the Details & Actions tab for the group or user, and refer to last reconciled. For instructions, refer to View or Modify User Group Policies and Information and View or Modify User Policies and Information.
Navigate the Dell Server Types of Endpoint Groups System - Endpoint Group maintained by Dell Server. System groups include Default Endpoint Group, Opt-In Endpoint Group, Persistent VDI Endpoint Group, and Non-Persistent VDI Endpoint Group. For more information about VDI Endpoint Groups, see VDI Endpoint Groups. Rule-Defined - Dynamic Endpoint Group based on a specification, or rule set, defined by the administrator.
Security Management Server Virtual v10.2.10 AdminHelp 4. Click Modify. 5. Make changes as desired. 6. Click Update Group. VDI Endpoint Groups Upon activation, a VDI endpoint is added to the appropriate VDI Endpoint Group on Dell Server, and policies are sent to the endpoint. Persistent VDI Endpoint Groups and Non-Persistent VDI Endpoint Groups are System Endpoint Groups, which are maintained by Dell Server.
Navigate the Dell Server Windows Encryption Policy-Based Encryption Enable Software Auto Updates Not Selected Not Selected Windows Encryption BitLocker Encryption BitLocker Encryption Off Off Windows Encryption Server Encryption Server Encryption Off Off Threat Prevention Advanced Threat Protection Advanced Threat Protection On On Removable Media Encryption Mac Media Encryption Mac Media Encryption Off Off Port Control Windows Port Control Port Control System Disabled Disabled
Security Management Server Virtual v10.2.10 AdminHelp Conversely, creating an endpoint group based on a platform type would not be useful because policies are already grouped by platform. Endpoint groups are created using a group specification. This specification allows you to define the endpoint characteristics used to add endpoints to a group. You cannot manually add endpoints to endpoint groups.
Navigate the Dell Server TOTALMEMORY Total memory available on the computer TPMENABLED TRUE/FALSE value for TPM, indicating if TPM is enabled TPMPRESENT All TPM clients Operators and Expressions The basic operators are the binary operators that return a Boolean value.
Security Management Server Virtual v10.2.10 AdminHelp Working with Complex Queries Rule Specifications in the Management Console allows users to combine rules to filter a unique set of devices. For queries that contain multiple options, isolate sub-rules in parenthesis to ensure they are run separately before they are combined with the larger specification.
Navigate the Dell Server Endpoint Group Priority can be changed only for Rule-Defined, Admin-Defined, and Active Directory Groups. System-Defined Group priority cannot be modified. In general, the Endpoint Group at the top of the list of Endpoint Groups has highest priority. The Endpoint Group at the bottom of the list has lowest priority. Precedence Ranking The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the Persistent VDI Endpoint Group.
Security Management Server Virtual v10.2.10 AdminHelp To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. View Endpoints in an Endpoint Group This page displays the endpoints included in information for every user of the specified endpoint. 1.
Navigate the Dell Server Details & Actions - To view properties of the Group, click Details & Actions. Viewable information includes: Group Name: Group1 (DOMAIN\Group1) Description: The description provided when the Group was added. (For Rule-Defined groups) Specification: The endpoint group specification that defines endpoints as members of the group. PBA Device Control - The PBA Unlock command for this endpoint group is carried out in the PBA Device Control area.
Security Management Server Virtual v10.2.10 AdminHelp 1. In the left pane, click Populations > Endpoint Groups. 2. Select the group to which to add endpoints. 3. Click the Members tab. 4. Select Add Endpoints to Group, then search for specific endpoints or select endpoints in the list, and click Add Selected Endpoints to Group. OR Select Upload Multiple Endpoints from File, then click Browse to select a CSV file and click Upload.
Navigate the Dell Server Hardware ID - A unique identifier sent to the server from the client. * Click the column header to sort by column label. Click a hostname to view additional details about the endpoint. Click an arrow at the left of a hostname to view the Category, Unique ID, and Processor. Add Endpoint to Group To add an endpoint to an Endpoint Group: 1. In the left pane, click Populations > Endpoints. 2.
Security Management Server Virtual v10.2.10 AdminHelp 1. In the left pane, click Populations > Endpoints. 2. Select the appropriate endpoint type, for example, Workstation. 3. Click a hostname in the list or enter a filter to search for available endpoints. The wildcard character (*) is supported. For Windows and Mac, if you know the endpoint hostname, enter it in Search. Leave the field blank to display all Windows and Mac endpoints.
Navigate the Dell Server Endpoint Details & Actions The Details & Actions page lists the details for the selected endpoint as well as commands, such as Remove Endpoint. Available details and commands vary, depending on the endpoint platform. To access Endpoint Details & Actions, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Search or select a hostname, then the Details & Actions tab. Endpoint Detail Command: Remove - Endpoint is removed. Endpoint removal is permanent.
Security Management Server Virtual v10.2.10 AdminHelp 2. Enter a Recovery Password and click Download. The recovery bundle containing this endpoint's encryption keys is downloaded. You must remember the this recovery password to access the recovery keys.
Navigate the Dell Server GPE Provisioned Status TPM Tab: TPM Present (True or False) TPM Activated (True or False) TPM Owned (True or False) TPM Functional Status (True or False) TPM Spec Version (version number) HCA Tab: HCA Functional Status HCA Provision State Preboot Present (True or False) Preboot Set (True or False) Actions: Effective policies on the specific endpoint and Recovery Keys for the specific endpoint Mac Policy Proxy Group (typically CMGREMOTE) Recovery ID of the specific endpoint Version
Security Management Server Virtual v10.2.10 AdminHelp Interface type Model number of the endpoint Actions: Effective policies on the specific endpoint and Recovery Keys for the specific endpoint Manager Detail (Windows only) Command: Click View Effective Policies to go to the effective policy page for this endpoint. States The client gathers the following information via a Windows Management Instrumentation (WMI) call to the Operating System. It is updated with each inventory update.
Navigate the Dell Server Plugin Functional Status (green check mark or red "x") - This indicates whether the Agent has been enabled via policy. To get more detail on whether each plugin is working as expected, look at Plugin State column. Plugin State: • BitLocker Plugin: Starting - Manager is starting up. Because this is a fairly quick process, it is unlikely an inventory update would capture this so you would probably never see this state in the Management Console.
Security Management Server Virtual v10.2.10 AdminHelp No Policy - Initial policy has not been received so the plugin is not actively enforcing any policy. This is only relevant the very first time you install the Manager client. Manager does not start a plugin until an initial policy is received from the Dell Server, versus starting the plugin with some default policy placed on the client during install.
Navigate the Dell Server The FDE Device Control Table The table lists the commands most recently sent to the PBA Device. To sort the table, click a column header. PBA Device Control (Windows only) Current State of the Endpoint - Unlocked or Locked Commands: PBA commands for a specific endpoint are carried out in the PBA Device Control area. Each command has a priority ranking. A command with a higher priority rank cancels commands of lower priorities in the enforcement queue.
Security Management Server Virtual v10.2.10 AdminHelp Click a hostname or endpoint serial number to display the Endpoint Detail page. 3. A green check mark displays in the Protected column if any of the criteria for Protected status are met. Endpoint Users This page displays information for every user of the specified endpoint. The user information differs for each technology group or policy category. 1. In the left pane, click Populations > Endpoints. 2.
Navigate the Dell Server Severity - Severity of the threat, where Critical is the most dangerous threat to the endpoint, and Information is just a notification of an event that is unlikely to harm the endpoint. (Critical, Major, Minor, Caution, Information) Category - Category of the threat. Upon identification, threats are sorted into these categories: Malware, Web Filtering, Web Protection, and Firewall. Event ID - Unique number assigned to each threat event.
Security Management Server Virtual v10.2.10 AdminHelp Configure the Threat List Add or Remove Columns Click an arrow next to any column header and select Columns to add columns to, or remove columns from, the table. Filter on Column Data To filter the list based on column data, click the down-arrow on any column to display the context menu, and select Filter. The filter options vary, depending on the type of data in the column.
Navigate the Dell Server Process Name - Name of the process identified as an exploit attempt. Process ID - Unique number associated with the exploit attempt. Type - Type of memory exploit: Exploitation, Process Injection, Escalation. Action - Action taken to protect the system from the exploit attempt: Ignore - The agent does not take any action against identified memory violations. Alert - The agent will record the violation and list the incident on this page.
Security Management Server Virtual v10.2.10 AdminHelp Suspend an Encrypted Server When you suspend an encrypted server, you suspend the user associated with the encryption client rather than an individual user who logs on to the endpoint. To suspend a Server Encryption client: 1. In the left pane, click Populations > Users. 2. In Search, enter SERVER-USER and click the . 3. Click the user name of the appropriate user. 4. On the User Detail page, click the Endpoints tab. 5.
Navigate the Dell Server For example, a Wipe command cancels a Lock command that was previously queued to send to the endpoint.
Security Management Server Virtual v10.2.10 AdminHelp 8. Click Yes to confirm that you want to send the Unlock command to the endpoint. Remove Users from Endpoint with Self-Encrypting Drive To remove users from the PBA, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Select the Workstation endpoint type. 3. If you know the full Hostname of the endpoint, enter it in the Search field. However, you may leave the field blank to display all Workstation endpoints. 4.
Navigate the Dell Server 3. If you know the full endpoint hostname, enter it in Search. Leave the field blank to display all Workstation endpoints. 4. Click 5. Click the endpoint hostname on which to wipe the self-encrypting drive. 6. Click the Details & Actions tab. 7. Under SED Device Control, click Wipe. 8. Click Yes to confirm that you want to send the Wipe command to the endpoint. . An endpoint or list of endpoints displays, based on your search filter.
Security Management Server Virtual v10.2.10 AdminHelp Delegate Administrator Roles Administrator Roles Administrator login is integrated with Active Directory to simplify the process of managing administrators and to allow you to leverage your existing user authentication infrastructure. Administrators are assigned roles that define what level of access each administrator is allowed.
Navigate the Dell Server Suspend a User ● Reinstate suspended user ● Deactivate a User ● View policies ● Modify policies ● Commit policies ● Issue commands ● Analyze logs ● ● View Administrators ● Create, change, and delete Administrator accounts ● Delegate Administrator privileges ● Download Endpoint software Download recovery key bundle ● ● ● ● Provision or recover the Advanced Threat Prevention service ● Enroll for Advanced Threat Prevention auto updates ● Set email notifi
Security Management Server Virtual v10.2.
Navigate the Dell Server Manage Reports Settings Set up Compliance Reporter plug-ins ● Open a Report, modify an online Report display, and rename a Report view in Compliance Reporter Manage Reports ● Generate, export, store, print, and email a Report result in Compliance Reporter and Manage Reports ● Add, edit, and delete a Compliance Reporter Report folder ● Access the Manage Reports Tab ● 1 The forensic administrator role provides the rights to use the forensic administrator tools via XAPI.
Security Management Server Virtual v10.2.10 AdminHelp Manage Reports Manage Reports In the left pane, click Reports > Manage Reports. For compliance and monitoring purposes, you can: • Manage reports • View or modify an existing report • Create a new report The Manage Reports page has: • New Report - See Create a new report. • Report Type - Select All (default) or specific report types to display in the Name column. Clear selected items to undo selections. See Report Type.
Navigate the Dell Server • • Single reports • Report templates - Determine frequent report content that you will generate. Select Column and Grouping options that are common to all those reports and save it as a template. See View_or_modify_an_existing_report. Existing report: • To filter a report, perform a query using Search and More. • Owner of a report - Can view their private reports and all public ones. Only the Owner or a Report administrator can modify or rename the report.
Security Management Server Virtual v10.2.10 AdminHelp • Use * for a wildcard. To filter and narrow the search with More... : • Select More... and select a check box. Check boxes differ for each report type. Select one or multiple check boxes to narrow the search. • An additional field displays for that check box option where you can either enter text to search on that column or select from a list of enumerators or a data type for that column. Query example for Log Analyzer report 1.
Navigate the Dell Server • 5. Locale - select a language Click Save. Compliance Reporter Compliance Reporter has its own help system. When Compliance Reporter launches, click the Help link on the top menu. To launch Compliance Reporter: 1. In the left pane of the Management Console, click Compliance Reporter. 2. When Compliance Reporter launches, log in with superadmin credentials or reporting credentials.
Security Management Server Virtual v10.2.10 AdminHelp requireClientCert = false $SPLUNK_HOME\etc\system\local\server.conf [sslConfig] sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem sslPassword = 2. Restart the Splunk server. After the restart, splunkd.log will have entries similar to the following: 07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.
Navigate the Dell Server Advanced Threat Prevention Syslog Event Types Following are event types that are supported with the Syslog/SIEM Advanced Threats option. Application Control This option is visible when the Application Control feature is enabled. Application Control events represent actions occurring when the device is in Application Control mode.
Security Management Server Virtual v10.2.10 AdminHelp Memory Protection Selecting this option logs any Memory Exploit Attempts that might be considered an attack from any of the Tenant’s devices to the Syslog server. There are four types of Memory Exploit actions: • None: Allowed because no policy has been defined for this violation. • Allowed: Allowed by policy. • Blocked: Blocked from running by policy. • Terminated: Process has been terminated.
Navigate the Dell Server • threat_changed: The behavior of an existing threat has changed (examples: Score, Quarantine Status, Running Status). Example Message of Threat Event: Threat Classifications Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs (PUPs). If this option is selected, you subscribe to be notified when these events occur.
Security Management Server Virtual v10.2.10 AdminHelp Specifies the severity of the messages that should display in the Syslog server. This is subjective, and it may be set to whatever level preferred. The value of severity does not change the messages that are forwarded to Syslog. Facility Specifies what type of application is logging the message. The default is Internal (or Syslog). This is used to categorize the messages when they are received by the Syslog server.
Navigate the Dell Server 3. Click Commit Policies. A policy publication/commit occurs when an administrator clicks Commit Policies. The following information displays: Pending Policy Changes - The number of policy changes ready to commit. Date Committed - Date and time the policies were committed. Changed by - User name of the administrator who performed the policy commit. Comment - Any comments that were added when the polices were committed.
Security Management Server Virtual v10.2.10 AdminHelp Encryption External Media encrypts data on removable media, as defined by policy. There may be several conditions where access to encrypted data needs to be regained.
Navigate the Dell Server Once manual authentication is successful, the user is directed to reset their password. Depending on how policies are set, one of the following three options are displayed. The user enters a new password and confirms it, then clicks OK or Cancel. Depending on policies set, the user may be prompted to type this password when using this removable media in other computers.
Security Management Server Virtual v10.2.10 AdminHelp encrypted data. cannot access encrypted data. Occasionally, based on policies set, encryption keys cannot be reinitialized on the computer that the removable media is inserted in. If policy permits, the user can insert the media into any Dell-encrypted computer where the original user is logged in, to reinitialize the encryption keys.
Navigate the Dell Server 3. Click Recover next to the endpoint. 4. Enter a password then click Downloadx86 or Downloadx64. 5. Copy the recovery file to the endpoint and run the file. Windows Recovery For Windows Recovery, follow the instructions in the Recovery Guide. The latest Recovery Guide is available at these locations: Encryption Endpoint Security Suite Enterprise SED Recovery For information about SED authentication failure or SED endpoint recovery, see SED Recovery.
Security Management Server Virtual v10.2.10 AdminHelp licenses). The next step is to review your CALs to ensure that your enterprise has the appropriate number of CALs to client ratio (1-to-1 ratio). If authorized CALs exceed 5% of that specific CAL total, new client activations for that specific product is blocked until the license key is brought into compliance. No other client or Dell Server functions is impacted when a license key is in the over 105% state.
Navigate the Dell Server Upload Client Access Licenses You received CALs separately from the installation files, either at the initial purchase or later if you added additional CALs. 1. In the left pane, click Management > License Management. 2. Under Upload Licenses, click Choose File to browse to the location of the saved CAL.
Security Management Server Virtual v10.2.10 AdminHelp Provision or Recover the Advanced Threat Prevention service - After the service is provisioned, clients are automatically provisioned with Advanced Threat Prevention. For more information, see Provision or Recover Advanced Threat Prevention Service. Enroll to receive Advanced Threat Prevention agent auto updates - After enrollment, clients can automatically download and apply updates from the Advanced Threat Prevention server.
Navigate the Dell Server To enroll to receive agent auto updates: 1. In the left pane of the Management Console, click Management > Services Management. 2. On the Advanced Threats tab, under Agent Auto Update, click On then click Save Preferences. Stop receiving agent auto updates To stop receiving agent auto updates: 1. In the left pane of the Management Console, click Management > Services Management. 2.
Security Management Server Virtual v10.2.10 AdminHelp Notification Management The Notification Management page lets you manage email notifications. To add an email notification: 1. In the left pane, click Management > Notification Management. 2. Click Add and enter the following information: Email: Enter or select your email address. Notification Type: Select the type of alert to add. Priority Level: Select the priority levels of notifications. Email Frequency: Select how often alerts of this type.
Navigate the Dell Server Configure SMTP Settings To receive email notifications, follow the steps in this section to configure SMTP settings. Dell Server email notifications inform recipients of status error states, password updates, availability of Dell Server updates, and client license issues. It is a best practice to restart the services any time a settings change is made. To configure SMTP settings, follow these steps: 1. From the Advanced Configuration menu, select Email Notifications. 2.
Security Management Server Virtual v10.2.10 AdminHelp Stop receiving product notifications To stop receiving product notifications: 1. In the left pane of the Management Console, click Management > Services Management. 2. Select the Product Notifications tab. 3. Click Off then click Save Preferences. Change Superadmin Password 1. In the masthead at the top of the screen, click the gear icon and select Change superadmin password. 2. Enter the current password. 3. Enter the new password.
Navigate the Dell Server To download the latest version of Endpoint Security Suite Enterprise (ESSE): 1. In the left pane, click Management > Downloads. 2. Select the Endpoint Software tab. 3. Click Dell Support to contact Dell for access to Dell Endpoint Security Suite Enterprise.
Manage Policies Manage Security Policies You can apply security policies at the Enterprise, Domain, User Group, User, Endpoint Group, and Endpoint levels. Default policy settings allow your enterprise to get started with Dell security, but you should customize the security and configuration settings. If you've migrated from an earlier version of Dell Server, your policy settings have been migrated for you. Security policies are grouped by technology.
Manage Policies selected language. For more information, see Localize Policies Displayed on the Endpoint Computer and Localizable_policies. The default setting of a localizable policy is overridden. A localizable policy change is not yet committed. To remove a policy override, hover over the red flag next to the policy name. The red flag becomes a red X. Click the red X to revert to the default value. Group precedence You can Modify Group Precedence.
Security Management Server Virtual v10.2.10 AdminHelp 4. Select a language for localizable policies from the list at the top right of the screen. 5. Enter text that is in the language you selected for localizable policies. Navigate the populations and technology groups as necessary to localize all desired policies for that language. 6. Click Save. 7. To update policies in a different language, select the language from the list, enter localized text for all desired policies, and click Save.
Manage Policies Technology Group Policy Windows Encryption > Full Disk Encryption Support Information Text Full Disk Encryption Title Text Legal Notice Text Self Help Questions Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Security Management Server Virtual v10.2.10 AdminHelp Encryption Application Data Encryption List Managed Services Removable Media Encryption > Windows Media Encryption EMS Device Whitelist EMS Access Code Required Message EMS Access Code Failed Message Endpoints Level Technology Group Policy Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Manage Policies Full Disk Encryption (FDE) This technology manages drives using software-based Full Disk Encryption. Authentication by users through a Pre-Boot Authentication environment (before the operating system has booted) is required to unlock the drive. Full Disk Encryption (FDE) Encryption Algorithm Encryption Mode Off On Off Toggle to ON to enable all full disk encryption policies. If this policy is toggled to OFF, no full disk encryption takes place, regardless of other policy values.
Security Management Server Virtual v10.2.10 AdminHelp Policy-Based Encryption This technology uses Dell's proprietary data centric encryption to allow user data and computer encryption. This allows greater protection over individual data than traditional full disk encryption, by limiting access on a computer to only what a user is authorized to view. Policy-Based Encryption Application Data Encryption Key 123 On On Off Toggle to ON to enable all policy-based encryption policies.
Manage Policies because of this policy. SDE Encryption Enabled Not Selected If this policy is not selected, SDE encryption is disabled, regardless of other policy values. Selected means that all data not encrypted by other Intelligent Encryption policies are encrypted per the SDE Encryption Rules policy. Changing the value of this policy requires a reboot. String F#:\ -^%ENV:SYSTEMDRIVE%\System Volume Information -^%ENV:SYSTEMROOT%\;dll.exe.sys.ocx.man.cat.manifest.policy -^%ENV:SYSTEMROOT%\System32 -^%
Security Management Server Virtual v10.2.10 AdminHelp -^3%ENV:SYSTEMDRIVE%\Program Files\McAfee -^3%ENV:SYSTEMDRIVE%\Program Files\Common Files\McAfee -^3%ENV:SYSTEMDRIVE%\Program Files\McAfee -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Common Files\McAfee -^3%ENV:SYSTEMDRIVE%\\Program Files (x86)\Mcafee -^%ENV:SYSTEMDRIVE%\Program Files\Trend Micro\ -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace Common Encrypted Folde
Manage Policies BitLocker Encryption TPM Manager Enabled Disable Sleep Mode Encrypt System Drive Encrypt Fixed Drives Not Managed Managed Not Managed Toggle to Managed to enable BitLocker Manager policy settings. Toggling to Not Managed disables all BitLocker Manager policies, regardless of other policy values. Not Selected Selected Not Selected Selected enables TPM management with BitLocker management.
Security Management Server Virtual v10.2.10 AdminHelp Fixed Drives. Turn Off Encryption causes Manager to decrypt any BitLocker encrypted fixed drives. Encrypt Removable Drives Require Additional Authentication at System Startup Allow BitLocker Encryption Without a Compatible TPM 127 Do Not Manage Do Not Manage Turn On Encryption Turn Off Encryption Do Not Manage ignores Removable Drives. Turn On Encryption allows BitLocker to encrypt Removable Drives.
Manage Policies BitLocker recovery for access. To use this policy, Require Additional Authentication at System Startup must be set to Selected. Configure TPM Startup Configure TPM Startup PIN Configure TPM Startup Key Allow Do Not Allow Require Allow On computers with a compatible TPM, three types of authentication are supported.
Security Management Server Virtual v10.2.10 AdminHelp Configure TPM Startup Key and PIN Encryption Method and Cipher Strength (OS Volumes) Encryption Method and Cipher Strength (Removable Volumes) Encryption Method and Cipher Strength (Fixed Volumes) 129 Do Not Allow Do Not Allow Require Allow To use this policy, Require Additional Authentication at System Startup must be set to Selected.
Manage Policies strength used by BitLocker Drive Encryption for Fixed Volumes. See advanced settings Policy Default Setting Description Server Encryption This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based authentication instead of the typical user-based authentication. This technology allows for protection of devices such as Windows Servers that do not commonly have users logged in.
Security Management Server Virtual v10.2.10 AdminHelp Daily: Runs the task every day at the specified Server Maintenance Schedule Start Time. Weekly: Runs the task weekly on the days specified in Server Maintenance Day of the Week. Monthly: Runs the task monthly on the specified Server Maintenance Day of the Month. Quarterly: Runs the task quarterly on the specified Server Maintenance Day of the Month. Annually: Runs the task annually on the specified Server Maintenance Day of the Month.
Manage Policies -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace Encryption Enabled Selected been tested extensively. Removing these exclusions may result in Windows issues, particularly after applying patch updates. Contact ProSupport for guidance if you are unsure about changing the values. This policy must be selected to use all Common Encryption policies.
Security Management Server Virtual v10.2.
Manage Policies COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the current user. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Security Management Server Virtual v10.2.10 AdminHelp A word about types of encryption: SDE is designed to encrypt the operating system and program files. To accomplish this purpose, SDE must be able to open its encryption key while the operating system is booting without intervention of a password by the user. Its intent is to prevent alteration or offline attacks on the operating system by an attacker. SDE is not intended for user data.
Manage Policies onenotem.exe The text in this policy is translatable. More... You can also specify these process names (separated by commas) via the registry value HKLM\Software\Dell\CMGShield\ApplicationDataEncryptionList. The Encryption client encrypts all new files (not already being encrypted by Common Encrypted Folders and User Encrypted Folders) on the current computer hard drives created by these application processes whenever they are owned by a currentlylogged-on managed user.
Security Management Server Virtual v10.2.10 AdminHelp Outlook Personal Folders Encrypt Temporary Files Encrypt Temporary Internet Files Encrypt User Profile Documents Encrypt Windows Paging File Managed Services Secure PostEncryption Cleanup 137 %\Microsoft\Outlook) with the User data encryption key. Selected When this policy is selected, the paths listed in the environment variables TEMP and TMP are encrypted. TEMP and TMP for the operating system are encrypted with the Common encryption key.
Manage Policies of 1s and 0s, then with its complement, and then with random data. • Seven-pass Overwrite overwrites it with a standard pattern of 1s and 0s, then with its complement, and then with random data five times. This value makes it most difficult to recover the original files from memory, and yields the most secure encryption processing.
Security Management Server Virtual v10.2.10 AdminHelp • Encrypt Temporary Internet Files • Encrypt User Profile Documents (except \All Users\Shared Documents) Select: • Common for User Encrypted Folders to be accessible by all managed users on the computer where they were created (the same level of access as Common Encrypted Folders), and encrypted with the Common encryption algorithm. More...
Manage Policies Polling Interval The interval that the Encryption client attempts to poll Policy Proxy for policy updates, and send inventory information to Policy Proxy. The Encryption client also attempts to poll Policy Proxy each time a user logs on. Selected This policy is available at the Enterprise, Domain, User Group, and User levels. This policy is used only by the Encryption client. Other applications do not have an activation policy setting.
Security Management Server Virtual v10.2.10 AdminHelp If the client is processing a large file that an application needs, and this policy is Selected, it may appear that the application is unresponsive or slow to open (with no message indicating what the issue is). Care should be taken when using this policy.
Manage Policies Encryption Processing Only When Screen is Locked Hide Overlay Icons When True, there is no encryption or decryption of data while the user is actively working. The client will only process data when the workstation screen is locked. When False, encryption processing occurs any time, even while the user is working. User-Optional adds an option to the notification area icon allowing the user to turn this feature on or off.
Security Management Server Virtual v10.2.
Manage Policies This policy is the parent policy to: Allow Data Recovery Agent for Protected Fixed Data Drives Config User Storage of BitLocker 48-digit Recovery Password Config User Storage of BitLocker 256-bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Info to AD DS for Fixed Data Drives BitLocker Recovery Info to Store in AD DS Do Not Enable BitLocker Until Recovery Info is Stored in AD DS for Fixed Data Drives Allow Data Recovery Agent for Protected Fixed
Security Management Server Virtual v10.2.10 AdminHelp DS. The appropriate schema extensions and access control settings on the domain must be first configured before applying this policy. The Choose How BitLocker-protected Fixed Drives Can be Recovered policy must be set to Selected to use this policy. To use this policy, Save BitLocker Recovery Information to AD DS for Fixed Data Drives must be set to Selected.
Manage Policies Default Folder Location to Save Recovery Password Qualified path Important: This policy is not used by BitLocker Manager, because it does not prompt the user when saving recovery passwords. Microsoft defines this policy as: This setting provides the default path that is displayed when the BitLocker drive encryption setup wizard prompts the user to enter the location of a folder to save the recovery password. The text in this policy is translatable.
Security Management Server Virtual v10.2.10 AdminHelp Enable Smart Card Certificate Identifier Smart Card Certificate Identifier Not Selected 1.3.6.1.4.1.311.67.1.1 Selected Not Selected This policy allows or denies an object identifier to be specified for enhanced key usage with a certificate. This policy must be set to Selected to use the policy Smart Card Certificate Identifier. 1.3.6.1.4.1.311.67.1.
Manage Policies Allow Data Recovery Agent for Protected Operating System Drives Configure User Storage of BitLocker 48-digit Recovery Password Configure User Storage of BitLocker 256-bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Info to AD DS for Operating System Drives BitLocker Recovery Information to Store in AD DS (Windows Server 2008 Only) Do Not Enable BitLocker Until Recovery Information is Stored in AD DS for Operating System Drives Allow Data Recove
Security Management Server Virtual v10.2.10 AdminHelp BitLocker Until Recovery Information is Stored in AD DS for Operating System Drives Configure Use of HardwareBased Encryption for Operating System Drives Not Selected Although BitLocker recovery information is automatically stored in the Dell Server, this policy additionally requires BitLocker drive encryption recovery information to be stored in AD DS.
Manage Policies When Not Configured, this policy element will consume the default action to do nothing. Configure Password Complexity for Operating System Drives Minimum Password Length for Operating System Drives Require ASCIIOnly Passwords for Operating System Drives Use Enhanced Boot Configuration Data Profile Allow Allow Require Do Not Allow When set to Require, a connection to a domain controller is necessary to validate the complexity of the password.
Security Management Server Virtual v10.2.10 AdminHelp PCR6,off PCR7,off PCR8,on PCR9,on PCR10,on PCR11,on PCR12,off PCR13,off PCR14,off PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off unlocking a drive on a computer running Windows 7 or Windows Server 2008 R2. More... If you enable this policy before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive.
Manage Policies PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off to unlock the drive. To use this policy, Configure BIOS TPM Platform Validation Profile must be set to Selected. Configure UEFI TPM Platform Validation Profile Not Selected Selected Not Selected Set to Selected to enable boot up UEFI TPM drive unlocking. Selected allows the configuration of how the UEFI TPM security hardware secures the BitLocker encryption key.
Security Management Server Virtual v10.2.
Manage Policies Removable Drives Can be Recovered Allow Data Recovery Agent for Protected Removable Data Drives Configure User Storage of BitLocker 48digit Recovery Password Configure User Storage of BitLocker 256bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard for Removable Media Save BitLocker Recovery Information to AD DS for Removable Data Drives BitLocker Recovery Information to Store in AD DS Manager, even if this value is Not Selected.
Security Management Server Virtual v10.2.
Manage Policies Server Encryption This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based authentication instead of the typical user-based authentication. This technology allows for protection of devices such as Windows Servers that do not commonly have users logged in.
Security Management Server Virtual v10.2.10 AdminHelp Maintenance Day of the Month Infinite Suppress The day of the month the task should run. Example: 17. Not Selected When Selected, an automatic reboot is suppressed indefinitely. Port Control System Disabled Enable or Disable all Port Control System policies. If this policy is set to Disable, no Port Control System policies are applied, regardless of other Port Control System policies. All PCS policies require a reboot before the policy takes effect.
Manage Policies Floppy Drive Control Full Access: Floppy Drive port does not have read/write data restrictions applied Read Only: Allows read capability. Write data is disabled Blocked: Port is blocked from read/write capability This policy is endpoint-based and cannot be overridden by user policy. Enabled PARENT to the next policy. Set this policy to Enabled to use the Subclass Windows Portable Device (WPD): Storage policy.
Security Management Server Virtual v10.2.10 AdminHelp the media home or share it with a colleague. Not selecting roaming automatic authentication also promotes a sense of awareness from a security perspective for users that the data being written to that media is protected. When set to Roaming, the owner of the removable media is automatically authenticated if logged into a computer other than the one where the media was encrypted and the computer is running either the full Encryption client or EMS Service.
Manage Policies remove encryption. The following is an example of a PNPDeviceID, which contains the manufacturer identifier, product identifier, revision, and hardware serial number: To whitelist a removable media device, provide a string value that matches portions of the device’s PNPDeviceID. Multiple device PNPDeviceIDs are allowed.
Security Management Server Virtual v10.2.10 AdminHelp Characters Required in Password EMS Mixed Case Required in Password Selected EMS Number of Characters. Required in Password 8 1-40 characters Minimum number of characters required in the password. EMS Numeric Characters Required in Password Selected Selected requires one or more numeric characters in the password.
Manage Policies More... Message policies must have non-blank values. "Space" and "Enter" characters used to add lines between rows count as characters used. Messages over the 512 character limit are truncated on the client. Optionally customize the message to include specific instructions about how to contact the help desk or security administrator. EMS Encryption Rules String Encryption rules to be used to encrypt/not encrypt certain drives, directories, and folders.
Security Management Server Virtual v10.2.10 AdminHelp These rules have been tested against the following iPods: iPod Video 30gb fifth generation iPod Nano 2gb second generation iPod Mini 4gb second generation Dell does not recommend the use of the iPod Shuffle, as unexpected results may occur. As iPods change, this information could also change, so caution is advised when allowing the use of iPods on Encryption External Media-enabled computers.
Manage Policies #: Refers to all drives f#: Refers to all fixed (non-removable) drives r#: Refers to all removable drives Common Encryption Algorithm AES256 Exe List Application Data Encryption List winword.exe excel.exe powerpnt.exe msaccess.exe winproj.exe outlook.exe acrobat.exe visio.exe mspub.exe winzip.exe winrar.exe onenote.exe onenotem.exe AES 256 or AES 128 Encryption algorithm used to encrypt data at the endpoint (all users) level. System paging files are encrypted using AES 128.
Security Management Server Virtual v10.2.10 AdminHelp ikernel.exe, a third-party installer process wssetup.exe, the Windows Encryption client installer svchost.exe, a Windows system process Encrypt Temporary Files Encrypt User Profile Documents Encrypt Windows Paging File Managed Services Secure PostEncryption Cleanup Secure Windows Credentials 165 Not Selected When this policy is selected, the paths listed in the environment variables TEMP and TMP are encrypted.
Manage Policies information required for computer boot includes HKLM/SYSTEM and all sub-keys. This policy value is automatically set to Selected if SDE is enabled. More... A reboot is required when a change to this policy is delivered. To control this reboot, configure the following policies: Force Reboot on Update, Length of Each Reboot Delay, and Number of Reboot Delays Allowed.
Security Management Server Virtual v10.2.10 AdminHelp For the client to connect to a Policy Proxy specified in this policy, it must be in the same group as the Policy Proxy specified during client installation. Because the client supports up to 255 users per computer, this policy is available only at the Enterprise level. Policy Proxy Polling Interval 720 1-1440 minutes The interval that the client attempts to poll Policy Proxy for policy updates, and send inventory information to Policy Proxy.
Manage Policies TEMPLATES COMMON_STARTMENU COMMON_PROGRAMS COMMON_STARTUP COMMON_DESKTOPDIRECTORY APPDATA PRINTHOOD LOCAL_APPDATA ALTSTARTUP COMMON_ALTSTARTUP COMMON_FAVORITES INTERNET_CACHE COOKIES HISTORY COMMON_APPDATA WINDOWS SYSTEM PROGRAM_FILES PROGRAMFILES MYPICTURES PROFILE SYSTEMX86 PROGRAM_FILESX86 PROGRAMFILESX86 PROGRAM_FILES_COMMON PROGRAM_FILES_COMMONX86 COMMON_TEMPLATES COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO 168
Security Management Server Virtual v10.2.10 AdminHelp RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the current user. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Manage Policies There are four levels (categories) of protection that directories and files can have: 0, 1, 2, and 3. Category 3 is the most protected level. Modifiers – What they are and what they do The ^ character is the “Override” command. It causes the listed policy to override protected directories. It may be followed by a “2” or a “3”, indicating the level of the override. The @ character is the “At” command.
Security Management Server Virtual v10.2.10 AdminHelp • • The Not command (-) can be used with folders. You can make any combination of the supported modifiers for folders. If the Override command (^) is used, the statement can only be an exclusion statement. Examples of folder inclusion/exclusion C:\CustomApplication\DataStore What this does: On the C: drive, this causes every file within the directory of \CustomApplication\DataStore to be encrypted. -C:\Documents and Settings\All Users What this does:
Manage Policies What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an inclusion, 4th statement is an exclusion) On the drive of C:, encrypt all files in folders at the root level and below, except for files residing in the protected directories and files residing in “MyApplicationFolder”. However, override and encrypt files with the extension doc, docx, xls, xlsx, ppt, and pptx in the protected directories, but not in the folder “MyApplicationFolder”.
Security Management Server Virtual v10.2.10 AdminHelp LocalAppData Music Pictures Documents Programs Recent SendTo StartMenu Startup Templates The following CSIDL variables are supported: APPDATA COOKIES DESKTOPDIRECTORY FAVORITES INTERNET_CACHE LOCAL_APPDATA MYMUSIC MYPICTURES PERSONAL PROGRAMS RECENT SENDTO STARTMENU STARTUP TEMPLATES Some examples of variables used in folder and extension policy: %ENV:SYSTEMDRIVE%\CustomApplication What this does: This lists the folder \CustomApplication\ for encryption
Manage Policies ADE encrypts any file written by a protected application, using a category 2 override. This means that any directory that has a category 2 protection or better, or any location that has specific extensions protected with category 2 or better, will cause ADE to not encrypt those files. For example, ADE does not encrypt any files written into /Windows/System32 folder, because this directory has a default protection of category 2.
Security Management Server Virtual v10.2.10 AdminHelp • All encryption rules apply when writing SDE policies. Encryption Rules for SDE Encryption The following is the default SDE policy. Any changes to this policy should be considered carefully. Protection of SystemRoot The protection of the SystemRoot directory is specified so that only the root itself is protected, meaning that the sub-directories of the SystemRoot do not inherit this protection.
Manage Policies Secure Windows Credentials = Not Selected Authentication Authentication Authentication policies allow you to configure user experience and Windows authentication. Policy descriptions also display in tooltips in the Management Console. Policy Default Setting Description Pre-Boot Authentication This technology provides a secure, tamper-proof environment by preventing data from being read from the hard disk or operating system until the user enters the correct PBA login credentials.
Security Management Server Virtual v10.2.10 AdminHelp None Fingerprints Contactless Card One-Time Password See advanced settings Microsoft Passport This technology allows the use of Microsoft Passport, specifically authentication attempts and PIN usage. Microsoft Passport Maximum Windows Passport Authentication Attempts Logon Authentication Method PIN Length Off On Off Toggle to On to enable Microsoft Passport. If this policy is toggled to Off, no Microsoft Passport policies are enabled.
Manage Policies Support Information Text PBA Title Text Sync Users at PBA Activation Legal Notice Text String Please contact your system administrator. String 0-512 characters Text to display on the PBA support information screen. Customize the message to include specific instructions about how to contact the help desk or Security administrator. Not entering text in this field results in no support contact information being available for the user.
Security Management Server Virtual v10.2.10 AdminHelp Self Help Questions (Pre-8.0 clients) Initial Access Code At least 3 selectable questions Specify the questions to present to Windows users during recovery questions setup. Separate each question by a carriage return. These questions are used if the Windows password is forgotten. At least 3 questions must be specified.
Manage Policies Cached User Login Attempts Allowed 10 1-20 times Number of times that a cached user can attempt to log in. Self Help Question/Answer Attempts Allowed 3 1-10 times Number of times the user can attempt to enter the correct answer. Selected This policy simplifies the logon process when multi-factor authentication is enabled at both preboot and Windows logon. If selected (or not configured), authentication is required at preboot only, and users are automatically logged on to Windows.
Security Management Server Virtual v10.2.10 AdminHelp See basic settings Windows Authentication This technology sets definitions around user login, specifically what is required to login (password, smart card, fingerprint), password recovery options, and password requirements (number of attempts allowed, password length).
Manage Policies Recovery Questions for Windows Authentication Allow Recovery Questions Log Events Level At least 3 selectable questions Specify the questions to present to Windows users during recovery questions setup. Separate each question by a carriage return. These questions are used if the Windows password is forgotten. At least 3 questions must be specified.
Security Management Server Virtual v10.2.10 AdminHelp events provide information about the state of several important systems on the computer. They are logged on configurable intervals and generally used when events are remotely collected. The False Accept Rate is the probability of receiving a false acceptance decision when comparing fingerprints scanned from different fingers.
Manage Policies Reminder to Enroll Credentials (Admin) In one day Reminder to Enroll Credentials Expiration Date (Admin) The date (time is always 12 am) when authentication policy is going into full effect. Meaning, the client stops asking the local administrator to enroll credentials and forces them to enroll before they can logon. The default is “now”.
Security Management Server Virtual v10.2.10 AdminHelp this policy is toggled to OFF, Advanced Threat Prevention is disabled, regardless of other policies. File Actions Unsafe Executable Auto Quarantine with Executable Control Enabled Abnormal Executable Auto Quarantine with Executable Control Enabled Selected Selected Not Selected If selected, Unsafe executable files are automatically quarantined or blocked to prevent their execution.
Manage Policies from executing arbitrary code on the computer. This policy must be set to Selected to enable Exploit Protection. If this policy is Not Selected, no Exploit Prevention policies are applied. Action on Malicious Activity for Files and Folders Action on Malicious Activity for Registry On-Access Protection Block and Report Block Only Report Only Block and Report Prevents users from modifying or deleting Threat Protection system files and folders and sets the action to take upon attempt.
Security Management Server Virtual v10.2.10 AdminHelp Warn: Displays a warning to notify users of potential dangers associated with the site. Users must dismiss the warning before continuing. Enforcement Enable File Scanning for File Downloads Enable Secure Search Block Links to Risky Sites in Search Results Selected Selected Not Selected A Selected value scans all files (including .zip files) before downloading.
Manage Policies High 1) Protection status has changed. (Protected means that the Advanced Threat Prevention service is running and protecting the computer and needs no user or administrator interaction.) 2) A threat is detected and policy is not set to automatically address the threat. Medium 1) Execution Control blocked a process from starting because it was detected as a threat.
Security Management Server Virtual v10.2.10 AdminHelp Advanced Threat Prevention This technology is powered by Cylance and protects your operating system by detecting and preventing malware preexecution. Advanced Threat Prevention uses artificial intelligence and predictive mathematical models to quickly and accurately identify what is safe and what is a threat. Advanced Threat Prevention On Off Toggle ON to enable Advanced Threat Prevention.
Manage Policies Memory Protection Enabled Enable Exclude executable files Not Selected Selected String \Windows\System32\CmgShieldService.exe \Windows\System32\EMSService.exe \Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe \Program Files\McAfee\Agent\cmdagent.exe \Program Files\McAfee\Agent\FrmInst.exe \Program Files\McAfee\Agent\macmnsvc.exe \Program Files\McAfee\Agent\macompatsvc.exe \Program Files\McAfee\Agent\maconfig.exe \Program Files\McAfee\Agent\masvc.exe \Program Fil
Security Management Server Virtual v10.2.10 AdminHelp \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfehidin.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfemms.exe \Program Files\McAfee\Endpoint Security\Endp
Manage Policies \Program Files\McAfee\mctray_back.exe \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\R
Security Management Server Virtual v10.2.10 AdminHelp Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfemms.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfevtps.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\vtpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\McChHost.exe \Prog
Manage Policies Exploitation: Stack Protect Exploitation: Overwrite Code Exploitation: Scanner Memory Search Alert Ignore Alert Block Terminate Specify the action to take when a stack protect threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.10 AdminHelp trying to read valid magnetic stripe track data from another process. Typically related to point-of-sale systems (POS). The Scanner Memory Search exploitation affects Windows operating systems. This policy does not apply to Mac clients. Exploitation: Malicious Payload Process Injection: Remote Allocation of Memory 195 Alert Ignore Alert Block Terminate Specify the action to take when a malicious payload is detected.
Manage Policies Process Injection: Remote Mapping of Memory Process Injection: Remote Write to Memory Process Injection: Remote Write PE to Memory Alert Ignore Alert Block Terminate Specify the action to take when a remote attempt to map memory threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.10 AdminHelp Generally this indicates that an attacker is attempting to execute code without first writing that code to disk. The Remote Write PE to Memory process injection affects Windows operating systems. This policy does not apply to Mac clients. Process Injection: Remote Overwrite Code Process Injection: Remote Unmap of Memory 197 Alert Ignore Alert Block Terminate Specify the action to take when a remote overwrite code threat is detected.
Manage Policies Process Injection: Remote Thread Creation Process Injection: Remote APC Scheduled Process Injection: Remote DYLD Injection (Mac OS X only) Alert Ignore Alert Block Terminate Specify the action to take when a remote thread creation threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server Virtual v10.2.10 AdminHelp cause a shared library to be injected into a launched process. Attacks can modify the plist of applications like Safari or replace applications with bash scripts, that cause their modules to be loaded automatically when an application starts. The DYLD Injection process injection affects macOS operating systems. This policy does not apply to Windows clients.
Manage Policies Prevent Service Shutdown from Device Kill Unsafe Running Processes and Sub-Processes Background Threat Detection Watch for New Files Set Maximum Archive File Size to Scan Not Selected Selected Not Selected If selected, the Advanced Threat Prevention service is protected from being shut down either manually or by another process.
Security Management Server Virtual v10.2.10 AdminHelp Incorrect: \Program Files\Dell\ Spaces only must be escaped on Mac-based exclusions. Application Control Application Control Application Control Allowed Folders Enable Change Window Not Selected String Not Selected Selected Not Selected If Selected, specified devices are locked down, restricting any changes. Only applications that exist on a device before the lock-down are allowed to execute on that device.
Manage Policies Block Alert monitors Office macros running in the environment. Recommended for initial deployment. Block allows Office macros to run only from specific folders. This should be used only after testing in Alert mode. Note: Starting with Office 2013, macros are disabled by default. Most of the time, users should not be required to enable macros to view the content of an Office document. Dell recommends enabling macros only for documents from trusted users.
Security Management Server Virtual v10.2.10 AdminHelp Waive Global Allow Global Quarantine List Global Safe List String String The value of this policy includes a collection of hashes for portable executable that need to be allowed to run within the Endpoint Group or on the specific Endpoint. This policy will force allow files based on a SHA256 hash of the specific portable executable.
Manage Policies quarantined. 3) A file has been identified as a threat but waived on the computer. 4) The status of a current threat has changed (for example, Threat to Quarantined, Quarantined to Waived, or Waived to Quarantined).
Security Management Server Virtual v10.2.10 AdminHelp Threat Protection Action on Malicious Activity for Files and Folders Action on Malicious Activity for Registry Action on Malicious Activity for Processes Exclude Processes Off On Off Toggle to ON to enable Threat Protection. If toggled to OFF, no Threat Protection policies are applied. Threat Protection includes Malware Protection, Web Protection, and Client Firewall.
Manage Policies Schedule Repeats Daily Schedule Start Time String Day of the Week Wednesday Day of the Month Debug Logging for Malware and Exploit Protection Exploit Protection On-Access Protection Max Seconds for Scan 1 Not Selected Daily Weekly Monthly The schedule configuration defines when the task should run. Schedule types are Daily, Weekly, and Monthly. Daily: Runs the task every day at the specified Schedule Start Time.
Security Management Server Virtual v10.2.10 AdminHelp Scan Processes on Enable Scan Trusted Installers Scan When Copying Between Local Folders Reputation Service Sensitivity 207 Not Selected Selected Not Selected Rescans all processes that are currently in memory each time: - On-Access Scan is disabled and re-enabled. - The computer starts. When the on-access scanner is enabled, it always scans all processes when they are executed.
Manage Policies executing programs or operating systems. Detections found with this level are presumed malicious, but have not been fully tested to determine if they are false positives. Use this setting for on-demand scans on non-operating system volumes. This setting results in an average of 20–25 queries per day, per computer. On-Demand Protection Full Scan Selected Selected Not Selected This policy is the "master policy" for all other OnDemand Protection: Full Scan policies.
Security Management Server Virtual v10.2.10 AdminHelp Unwanted Programs Decode MIME Files Scan Archives Files Migrated to Storage Program Threats Macro Threats Scan Subfolders 209 Selected Not Selected Selected Not Selected Selected Selected Selected Selected Not Selected Enables the scanner to detect potentially unwanted programs. The scanner uses configured information to detect potentially unwanted programs.
Manage Policies Reputation Service Sensitivity Medium Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Security Management Server Virtual v10.2.10 AdminHelp Exclusions Threat First Response Threat First Response Fails Exploit First Response 211 String String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning.
Manage Policies Exploit First Response Fails Use Scan Cache Delete file Clean file Delete file Continue scanning Specifies the action for the scanner to take when an unwanted program is detected if the first action fails. Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Security Management Server Virtual v10.2.10 AdminHelp On-Demand Protection Quick Scan Boot Sectors Unwanted Programs Decode MIME Files Scan Archives Files Migrated to Storage Program Threats Macro Threats Scan Subfolders 213 Selected Selected Not Selected This policy is the "master policy" for all other OnDemand Protection: Quick Scan policies. If this policy is Not Selected, no On-Demand Protection: Quick Scan policies are enforced, regardless of other policy values.
Manage Policies Reputation Service Sensitivity Medium Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Security Management Server Virtual v10.2.10 AdminHelp String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning. Comma separated list of parameters: ,, Possible values: ,, Exclusions String Examples: FileOrFolder,C:\Users,false FileType,xml,false FileType,mp?,false Modified
Manage Policies Exploit First Response Fails Use Scan Cache Delete file Clean file Delete file Continue scanning Specifies the action for the scanner to take when an exploit is detected if the first action fails. Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Security Management Server Virtual v10.2.10 AdminHelp distributed on CDs from being executed and will automatically block and report the issue. Selected Selected Not Selected This policy enables scanning JavaScript and VBScript scripts to prevent unwanted scripts from executing. Note: If Script Scan Protection is disabled when Internet Explorer is launched, and then is enabled, it doesn't detect malicious scripts in that instance of Internet Explorer.
Manage Policies Prevention.
Security Management Server Virtual v10.2.10 AdminHelp Rating Action for Red Sites Rating Action for Yellow Sites Rating Action for Unrated Sites Rating Action for Red Downloads Rating Action for Yellow Downloads 219 Block Block Allow Warn Specifies the action to apply to sites that are rated Red. Block: Prevents users from accessing the site and displays a message that the site is blocked. Block is the default for Red sites. Allow: Permits users to access the site.
Manage Policies Rating Action for Unrated Downloads Allow Block Allow Warn Specifies the action to apply to file downloads that are Unrated. Block: Prevents users from downloading the file and displays a message that the download is blocked. Allow: Permits users to proceed with the download. Allow is the default for Unrated downloads. Warn: Displays a warning to notify users of potential dangers associated with the download file.
Security Management Server Virtual v10.2.
Manage Policies Text Translators Web Meetings For Kids History Moderated Text/Spoken Only Controversial Opinions Residential IP Addresses Browser Exploits* Consumer Protection Illegal UK Major Global Religions Malicious Downloads* Potentially Unwanted Programs See basic settings Policy Default Setting Description Client Firewall This technology protects computers by allowing administrators to determine which network traffic is permitted to pass between end user computers and the network.
Security Management Server Virtual v10.2.10 AdminHelp are started. Allow bridged traffic Enable IP spoof protection Enable firewall intrusion alerts Setting Check box Allows traffic with a local MAC address. The MAC address is an address in the list of VMs that Firewall supports, not the local system's MAC address. Use this option to allow traffic through a bridged environment with virtual machines.
Manage Policies legitimate source or destination of content/traffic. Medium Risk - This source/destination shows behavior that is considered suspicious. Any content/traffic from the site requires special scrutiny. Outgoing network - reputation threshold Setting Drop-down menu UI Control High Risk Unverified Do not block Medium Risk Specifies the rating threshold for blocking incoming or outgoing traffic from a network connection.
Security Management Server Virtual v10.2.10 AdminHelp DNS Blocking Domain name Button/text input field Defines domain names to block. When applied, this setting adds a rule near the top of the firewall rules that blocks connections to the IP addresses resolving to the domain names. Add - To add a domain name to block, click Add, then enter a domain name. You can use the * and ? wildcards. For example, *domain.com. Separate multiple domains with a comma (,) or a carriage return.
Manage Policies Actions Direction Notes Setting Radio button/Check box Allow Block Treat match as intrusion Log matching traffic Allow - Allows traffic through the firewall if the item is matched. Block - Stops traffic from passing through the firewall if the item is matched. Treat match as intrusion - Treats traffic that matches the rule as an attack and generates an event that is sent to the Reputation Service. The Block action for the rule must be selected for an event to be generated.
Security Management Server Virtual v10.2.10 AdminHelp To add a network, click Add, then specify the following: Name - Specifies the network address name (required). Type - Select either Local Network or Remote Network. Specify Networks Button/Drop-down menu/text input field Click Add, then specify the following: Network type - Specifies the origin or destination of traffic.
Manage Policies Description of the executable. File description String The MD5 hash of the process. Fingerprint Enable digital signature check String Check box Enables or disables the digital signature check that guarantees code has not been altered or corrupted since it was signed with a cryptographic hash. If enabled, specify: Allow any signature — Allows files signed by any process signer. Signed by — Allows only files signed by the specified process signer.
Security Management Server Virtual v10.2.
Manage Policies The Protection tab provides information about files and scripts that are potentially harmful. Threats The table lists all events found across the organization. An event may also be a threat but is not necessarily so. View additional information about a specific threat either by clicking on the threat name link to view details displayed on a new page or by clicking anywhere in the row of the threat to view details at the bottom of the page.
Security Management Server Virtual v10.2.10 AdminHelp 4. Enter a reason why the file should be listed as safe, and click Yes. Note: Occasionally, a “good” file may be reported as unsafe (this could happen if the features of that file strongly resemble those of malicious files). Waiving or safelisting the file can be useful in these instances. Edit Global List - Add or remove files from the global quarantine list. 1. Click Edit Global List. 2. Select the items to change. 3.
Manage Policies If the file has been uploaded for analysis, the Detailed Threat Data pane may display a comprehensive summary of the static and dynamic characteristics of the file including additional file metadata, file structure details, and dynamic behaviors such as files dropped, registry keys created or modified, and URLs with which it attempted to communicate. Note: If no results display in the Detailed Threat Data pane, the file has not yet been uploaded for analysis.
Security Management Server Virtual v10.2.10 AdminHelp 4. Click Upload Certificate. 5. Click OK once the upload is successful. For instructions about how to safelist a certificate, see Manage Enterprise Advanced Threats - Global List. Manage Enterprise Advanced Threats - Cylance Score and Threat Model Updates A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the file is malware. The higher the number, the greater the confidence.
Manage Policies Production Status = Null (not seen or scored), New Status = Abnormal or Unsafe • • Your Organization considers the file as Safe Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine In the above scenarios, the recommendation is to Safelist the files to allow in your organization. Identify Classifications To identify classifications that could impact your organization, Dell recommends the following approach: 1.
Security Management Server Virtual v10.2.10 AdminHelp Remove the selected file from the Global Quarantine list to allow it to run on any device in the organization. 1. Select Global Quarantine (n). 2. Select a file. 3. Click Remove from List. Safelist a file from the global quarantine list Safelist the selected file from the Global Quarantine list to allow it to run on any device in the organization. 1. Select Global Quarantine (n). 2. Select a file. 3. Click Safe.
Manage Policies 4. Click Add Certificate. 5. Select the category that fits the certificate. 6. Enter a reason why the certificate should be listed as safe, and click Submit. Note: You must upload a certificate for it to be available to safelist. For more information, see Manage Enterprise Advanced Threats - Certificate. Remove a certificate from the safe list 1. Select Safe (n). 2. Select Certificates (n). 3. Select the certificate to remove from the safe list. 4. Click Remove from List.
Security Management Server Virtual v10.2.10 AdminHelp of that file strongly resemble those of malicious files). Waiving or safelisting the file can be useful in these instances. Manually Add File to the Safe list 1. Select Unassigned (n). 2. Click Add File. 3. Enter the file's SHA256 hash number. (required) 4. Enter the file's MD5 number, if available. 5. Enter the file name, if available. 6. Enter the reason the file should be safelisted. 7. Click Submit.
Manage Policies Select Threat Data Report on the Options tab to enable threat data export to .csv files. The following types of data are available for export: Threats - Lists all threats discovered in your organization. This information includes file name and File Status (unsafe, abnormal, waived, and quarantined). Devices - Lists all devices in your organization that have an Agent installed. This information includes device name, operating system version, agent version, and policy applied.
Security Management Server Virtual v10.2.10 AdminHelp To enable Compatibility Mode with a registry setting: 1. In the Remote Management Console, disable the Memory Protection Enabled policy. If the Script Control policy is enabled, disable it. 2. Save the policy changes, and Commit_Policies. 3. Using the Registry Editor on the client computer, go to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop. 4. Right-click Desktop, click Permissions, then take ownership and grant yourself Full Control. 5.
Manage Policies 5. Save the policy changes, and Commit_Policies. Disconnected Mode Policy Examples Examples for Global Allow, Quarantine List, and Safe List policies are shown below. Global Allow policy example
Security Management Server Virtual v10.2.10 AdminHelp temp\files\exe1.exe stuff\folder\exe2.
Manage Policies qY86SkJs437CS7+pW+nz82lXuFqNP4pZaG2xf2iepTDo89dAMQJGWEoCnlR1z0lPI8782TLLRm5O KytCrhUMut+P28K8LuPOTdTgSCnf2uVrcecQTz/BZOyqX5B6vy7g1P2H0HmEV1uVfhWMjABRoSK+ aI5VXd5qNRaY4zfn0w5Z6LOiIYDtvESgkLuw0bzHrsf5ADKEkwv9Ig09DxhDYzLdJlZp/DNMsnJG tvntZ/cezXbGtzJuGSFq7lem5L00cavDQ3vRo3GlfettwN2CT9Z2MssLJhweTS8utTabMBFfIsM8 dx3sdN26lAsx9rDyR7fLn4BJ2WnMXv8FRoTZJ3oXxOQFUsCM1Rnhw7ottTaLEiPf7Rd4jdxbsErB nK1CYfyYAePaD6ycle1h6bYMyWxUUD2ZqyVBiu3La/4MKalmI9V2IzEsYObxp9RRXkY3HcTzPHk5 e8Zp+YbPQAr88RNpC277sCRiBWYlb00OH/
Security Management Server Virtual v10.2.
Manage Policies By default, the scanner scans all file types, regardless of extension. On-Demand Protection - Quick Scan – Based on a schedule set in policy, the on-demand scanner runs a quick check of areas of the computer that are most susceptible to threats. Default: Selected (Enabled). By default, every time Quick Scan runs, it scans the following for threats: • Memory of all running processes. • Files that the Windows Registry references. • Contents of the Windows folder.
Security Management Server Virtual v10.2.10 AdminHelp Disable - Samples are not submitted to the Reputation Service lab. Very Low - A detection is made available to Threat Protection when the Reputation Service lab publishes it instead of waiting for the next file update. Average of 10-15 queries per day, per computer. Low - This setting is the minimum recommendation for laptops or desktops and servers with a strong security footprint.
Manage Policies Red – Malicious Yellow – Potentially malicious Green - Safe Through the following policies, you can assign actions to implement when a user accesses a website or attempts a download, based on website ratings: Rating Action for Red Sites - Specifies the action to apply to sites that are rated Red. Default: Block. Rating Action for Yellow Sites - Specifies the action to apply to sites that are rated Yellow. Default: Warn.
Security Management Server Virtual v10.2.10 AdminHelp 5. 6. 7. Click Add. Enter a Name for the internal update server. To enable connections to the internal update server, select Enabled. To enable later, clear the Enabled check box. 8. In Order, set the sequence in which clients will contact the internal update server in relation to other update servers. Dell recommends that you set the Order for internal update servers to precede the Order for external update servers. 9.
Manage Policies work with encrypted data), any files that may have been added are scanned and encrypted. EMS Access to unShielded Media EMS Block Access to UnShieldable Media Read Only Block, Read Only, Full Access This policy interacts with the Port Control System - Class: Storage > Subclass Storage: External Drive Control policy. If you intend to set this policy to Full Access, ensure that Subclass Storage: External Drive Control is not set to Read Only or Blocked. More...
Security Management Server Virtual v10.2.10 AdminHelp place, regardless of other policies. HFS Plus is supported and must be enabled. For instructions to enable HFS Plus, see the Encryption Enterprise for Mac Administrator Guide. Media containing Time Machine backups are not supported. However, media recognized by computers as Time Machine backup destinations are automatically whitelisted, to allow backups to continue.
Manage Policies External Media is True, but this policy is False, data can be read from the unencryptable media, but write access to the media is blocked. If EMS Encrypt External Media is False, then this policy has no effect and access to unencryptable media is not impacted. See advanced settings Policy Default Setting Description Media Encryption Settings This technology allows definition of what media encryption events to retain in logs.
Security Management Server Virtual v10.2.10 AdminHelp Advanced Removable Media Encryption A note about Removable Media Encryption policies: Mac Media Encryption policies are device-based policies. This is different behavior than Windows Media Encryption, which are user-based. Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font.
Manage Policies String - Maximum of 150 devices with a maximum of 500 characters per PNPDeviceID. Maximum of 2048 total characters allowed. "Space" and "Enter" characters count in the total characters used. This policy allows the specification of removable media devices to exclude from encryption [using the device's Plug and Play device identifier (PNPDeviceID)], thereby allowing users full access to the specified removable media devices. More...
Security Management Server Virtual v10.2.10 AdminHelp excludes all of Seagate’s USB drives REV=Firmware Revision; Adding text highlighted gray also excludes the specific model being used Serial number (in this example); Adding text highlighted yellow excludes just this device OR To find the PNPDeviceID for removable media on Windows 7 or later: 1. Insert the removable media device. 2. Open the Control Panel and go to Administrative Tools > Computer Management. 3.
Manage Policies Optionally customize the second sentence of the message to include specific instructions about how to contact a help desk or security administrator for authentication failures. EMS Cooldown Time Delay 30 0-5000 seconds Number of seconds the user must wait before attempting to enter the access code after failing the specified number of times.
Security Management Server Virtual v10.2.10 AdminHelp .xls.pptx .docx.xlsx Replacing these five rules with the following rule will force encryption of ppt, pptx, doc, docx, xls, and xlsx files in any directory on the iPod, including Calendars, Contacts, iPod_Control, Notes, and Photos: ^R#:\;ppt.doc.xls .pptx.docx.xlsx These rules disable or enable encryption for these folders and file types for all removable devices - not just an iPod. Use care when defining rules to exclude an iPod from encryption.
Manage Policies Attempts Allowed Number of times the user can attempt to enter the access code.
Security Management Server Virtual v10.2.10 AdminHelp ^R#:\Calendars ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Contacts ;ppt .doc.xls .pptx.docx .xlsx ^R#: \iPod_Control ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Notes ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Photos ;ppt.doc .xls.pptx .docx.xlsx Replacing these five rules with the following rule will force encryption of ppt, pptx, doc, docx, xls, and xlsx files in any directory on the iPod, including Calendars, Contacts, iPod_Control, Notes, and Photos: ^R#:\;ppt.doc.xls .pptx.
Manage Policies String - Maximum of 150 devices with a maximum of 500 characters per PNPDeviceID. Maximum of 2048 total characters allowed. "Space" and "Enter" characters count in the total characters used. This policy allows the specification of removable media devices to exclude from encryption [using the device's Plug and Play device identifier (PNPDeviceID)], thereby allowing users full access to the specified removable media devices. More...
Security Management Server Virtual v10.2.10 AdminHelp Manufacturer:SanDisk Location ID:0x24100000 Current Available (mA):500 Current Required (mA):200 Partition Map Type:MBR (Master Boot Record) S.M.A.R.T. status:Not Supported 4.
Manage Policies This technology allows the use of either Mac FileVault full disk encryption or Dell's proprietary Dell Volume Encryption. Dell Volume Encryption Encrypt Using FileVault for Mac Workstation Scan Priority On On Off Toggle ON to enable Dell Volume Encryption policies. If this policy is toggled to OFF, no Dell Volume Encryption takes place, regardless of other policies. Not Selected If selected, FileVault is enabled to encrypt all volumes including System Volumes and Fusion Drives.
Security Management Server Virtual v10.2.10 AdminHelp You cannot specify ports in this policy. The Encryption client communicates with Policy Proxies using the GKPORT specified during client installation (the default is 8000). Inherited values for this policy accumulate. For the Encryption client to connect to a Policy Proxy specified in this policy, it must be in the same group as the Policy Proxy specified during client installation.
Manage Policies delay as follows (a maximum delay would involve the user responding to each delay prompt immediately prior to the 5-minute mark): (Number of Reboot Delays Allowed x Length of Each Reboot Delay) + (5 minutes x [Number of Reboot Delays Allowed + 1]). Number of Restart Delays Allowed 3 If Force Restart on Policy Update is set to Selected, this value is the number of times the user can delay the restart.
Security Management Server Virtual v10.2.10 AdminHelp policy is for FV2 encryption. Ignore – Default behavior, Dell encrypted volumes are reported as protected if the policy requires FV2 encryption. Report – Conflicted volumes are reported as unprotected. Convert – Dell encrypted volumes are converted to FV2 volumes and reported as unprotected while converting.
Manage Policies System policies are applied, regardless of other Port Control System policies. All PCS policies require a reboot before the policy takes effect. Enabled Enable, Disable, or Bypass ports exposed through the Express Card Slot. Port: USB Enabled Enable, Disable, or Bypass port access to external USB ports. USB port-level blocking and HID class-level blocking is only honored if we can identify the computer chassis as a laptop/notebook formfactor.
Security Management Server Virtual v10.2.10 AdminHelp Advanced Port Control Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font. Policy Default Setting Description Windows Port Control This technology allows for control of all the physical ports on a Windows computer (disable/enable/bypass), and can be customized by port type. Full Access CHILD of Class: Storage. Class: Storage must be set to Enabled to use this policy.
Manage Policies Control Storage must be set to Enabled to use this policy. Full Access: Floppy Drive port does not have read/write data restrictions applied Read Only: Allows read capability. Write data is disabled Blocked: Port is blocked from read/write capability This policy is endpoint-based and cannot be overridden by user policy. Port: PCMCIA Enabled Enable, Disable, or Bypass port access to PCMCIA ports.
Security Management Server Virtual v10.2.10 AdminHelp removed, the entity is no longer included in reports, statistics, and other administrative views. If the activated entity communicates with the Dell Server after the inactivity period has expired, it returns to being in a managed state. The Dell Server always keeps encryption keys in escrow, even for removed endpoints. This ensures recoverability of data through various workflows, such as reactivation and forensic analysis.
Manage Policies Advanced Global Settings Global Settings policies are available at the Enterprise, Endpoint Groups, and Endpoints levels. All Global Settings policies are endpoint-based, meaning the policies follow the endpoint, not the user. Audit Control policies are available at the Enterprise, Endpoint Groups, Endpoints, User Groups, and Users levels. Policy descriptions also display in tooltips in the Management Console.
