Security Management Server v10.2.
Table of Contents Welcome ............................................................................................................................................................... 1 About Online Help ............................................................................................................................................. 1 Attributions & Copyrights ..................................................................................................................................
Table of Contents Client Activation .......................................................................................................................................... 34 Management Console ................................................................................................................................... 34 Functionality ................................................................................................................................................ 34 Dashboard ........
Security Management Server v10.2.7 AdminHelp Domains .................................................................................................................................................... 49 Add a Domain........................................................................................................................................ 49 Users .....................................................................................................................................................
Table of Contents Remove Users ........................................................................................................................................... 61 Find Users ................................................................................................................................................. 61 Deactivate/Suspend Users ....................................................................................................................... 61 Reinstate Suspended Users ....
Security Management Server v10.2.7 AdminHelp Remove Endpoints from an Admin-Defined Endpoint Group................................................................ 75 Endpoints ..................................................................................................................................................... 75 Endpoints .................................................................................................................................................. 75 Add Endpoint to Group .
Table of Contents Commands for Self-Encrypting Drives ...................................................................................................... 91 Priority of Commands for Self-Encrypting Drives ................................................................................. 91 Allow PBA Login Bypass ........................................................................................................................ 92 Unlock a Self-Encrypting Drive .........................................
Security Management Server v10.2.7 AdminHelp EU General Data Protection Regulation (GDPR) .................................................................................... 113 View Audit Events (Geolocation) ............................................................................................................... 113 Event Data ..............................................................................................................................................
Table of Contents Stop receiving agent auto updates ..................................................................................................... 129 Events Management - Export Audit Events to a SIEM Server ................................................................. 129 Product Notifications ............................................................................................................................. 129 Receive product notifications .............................................
Security Management Server v10.2.7 AdminHelp Windows Policies that Require Reboot .................................................................................................. 153 Windows Policies that Require Logoff ................................................................................................... 153 Advanced Windows Encryption .................................................................................................................. 153 Variables..............................
Table of Contents Authentication ............................................................................................................................................... 192 Authentication ........................................................................................................................................... 192 Advanced Authentication ........................................................................................................................... 193 Threat Prevention ..
Security Management Server v10.2.7 AdminHelp Client Firewall Policies ....................................................................................................................... 255 Client Firewall options .................................................................................................................... 255 Client Firewall rules ........................................................................................................................ 255 Web Protection Policies...
Table of Contents Configure Access Groups ........................................................................................................................ 283 Legacy policies for Data Guardian ......................................................................................................... 283 Legacy Policies for Data Guardian's Opt-in Mode ...................................................................................... 283 Windows: Additional Office menu options for Data Guardian v2.
Security Management Server v10.2.7 AdminHelp Enterprise has Data Guardian Installed ................................................................................................. 295 Configure Access Groups ........................................................................................................................ 296 Disable Auto access for swept files (Windows and Mac) ....................................................................... 296 Removable Media Encryption ....................
Welcome About Online Help Version: 10.2.7 Attributions & Copyrights Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118. The software described is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Third Party Software I.
Welcome FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Security Management Server v10.2.7 AdminHelp III. Portions of this product use OrientDB. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. IV. Portions of this product use Apache Wink. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. V. Portions of this product use Jackson JSON. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VI. Portions of this product use Jetty.
Welcome XIX. Portions of this product make use of Struts Digester, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/), Apache License, Version 2.
Security Management Server v10.2.7 AdminHelp C. Neither the names of the copyright holders nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Welcome The Licensee may distribute original or modified STLport sources, provided that: o The conditions indicated in the above permission notice are met; o The following copyright notices are retained when present, and conditions provided in accompanying permission notices are met : Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice app
Security Management Server v10.2.7 AdminHelp XL. Portions of this product make use of ResizableLib. You may obtain a copy of the license at http://opensource.org/licenses/artistic-license-1.0. XLI. Portions of this product make use of Spring Framework. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. XLII. Portions of this product use $File: A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F.
Welcome Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 1. Additional Definitions.
Security Management Server v10.2.7 AdminHelp You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
Welcome If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. XLVIII. Portions of this product use DropNet. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. Portions of this product use Hardcodet WPF NotifyIcon 1.0.8.
Security Management Server v10.2.7 AdminHelp THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LIX.
Welcome LXXVII. Portions of this product use Jackson Annotations 2.4.4. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXVIII. Portions of this product use Apache Maven Wagon 2.2. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXIX. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXX.
Security Management Server v10.2.7 AdminHelp XCVIII. Portions of this product use Azure Active Directory Authentication Library 1.2.9. You may obtain a copy of the license at http://opensource.org/licenses/MIT. Portions of this product use AF Networking 2.6.3. You may obtain a copy of the license at XCIX. http://opensource.org/licenses/MIT. C. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. CI.
Welcome CXIX. Portions of this product make use of the Mono and the Mono runtime, under MIT, BSD, and Apache licenses. You may obtain a copy of the licenses at http://www.monoproject.com/docs/faq/licensing/.
Security Management Server v10.2.7 AdminHelp Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this product make use of the Mono .NET assemblies under MIT and BSD licenses. CXX. You may obtain a copy of the licenses at https://mit-license.
Welcome NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions of this product make use of mkbundle in Mono under GNU LESSER GENERAL CXXI. PUBLIC LICENSE v3. You may obtain a copy of the license at https://www.gnu.org/licenses/lgpl.txt. GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc.
Security Management Server v10.2.7 AdminHelp 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library.
Welcome b. 6. Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Security Management Server v10.2.7 AdminHelp License Information: Copyright (c) 1999 - 2017 Dell Inc. All rights reserved. This software and associated documentation (if any) is furnished under a license and may only be used or copied in accordance with the terms of the license. Dell elects to use only the Apache license for any software where a choice of Apache v2, and Mozilla Public License 1.1 license versions are made available with the language indicating that Apache v2, and Mozilla Public License 1.
Welcome 3. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a.
Security Management Server v10.2.7 AdminHelp 6. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a.
Welcome Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Get Started Get Started with Dell Data Security • Once your environment has been configured in the Server Configuration Tool, ensure that Dell services are started. • Log in to the Management Console. • Add Client Access Licenses, as needed. • Add domains from your directory server. • If you require that users receive non-default policies upon activation, modify policies at the appropriate level. • Add groups and users, as necessary. • Assign administrators, as necessary. • Deploy clients.
Get Started Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends. In the top right, select the Widgets menu to add or remove the following widgets: • • • • • • Notifications Protection Status Threat Protection History Inventory History Summary Statistics The images below reflect what may be seen in the dashboard, depending on widgets enabled.
Security Management Server v10.2.7 AdminHelp An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Get Started Start Services Start the following Services: • Dell Compatibility Server • Dell Compliance Reporter • Dell Console Web Services • Dell Core Server • Dell Device Server • Dell Key Server • Dell Message Broker • Dell Policy Proxy • Dell Security Server From the Service Panel: 1. Click Start > Run. Type services.msc and click OK. 2. In the Services (Local) window, highlight Dell Compatibility Server. Right-click the entry and select Start.
Security Management Server v10.2.7 AdminHelp 3. Continue in the manner above until all Dell Services are started. 4. Close the Services window. To stop Services, see Stop Services. Stop Services You may find it necessary to shut down the Services to run backups or perform other system maintenance. While the Server is down, the Policy Proxy cannot poll the Server, which means that it cannot pick up updated security policies, or activate/reactivate endpoints.
Get Started 4. Confirm the new password. 5. Click Update. After three failed login attempts, the superadmin account is locked for five minutes. To change these settings, see Set or Change Account Lockout Settings.
Components Architecture Drawings Architecture with Manager Architecture with Encryption Enterprise for Windows/Manager Default Port Values 29
Components Internal: Active Directory communication: TCP/389 Email communication (optional): 25 To Front End (if needed): Communication from external Policy Proxy to Message Broker: TCP/61616 and STOMP/61613 Communication to Back End Security Server: HTTPS/8443 Communication to Back End Core Server: HTTPS/8888 and 9000 Communication to RMI ports - 1099 Communication to Back End Device Server: HTTP(S)/8443 - If your Dell Server is v7.7 or later. If your Dell Server is pre-v7.7, HTTP(S)/8081.
Security Management Server v10.2.7 AdminHelp Note: The purpose of Device Server proxy is to support legacy Encryption clients (pre-v8.0) that communicate with port 8081. Newer Encryption clients (v8.0 and later) are configured by the client installer to communicate with the Security Server (or Security Server proxy) on port 8443. The full Device Server is not installed in v8.1. The Device Server proxy forwards all communications to the Security Server behind the firewall.
Components Policy Proxy Policy Proxy serves as intermediary between Dell Server and Encryption client, delivering information from each to the other. Time Slotting To prevent Dell Server traffic jams, Policy Proxies use a time slotting mechanism that allows them to independently choose well-distributed time slots for communicating with the Dell Server. Polling On every poll, the endpoint authenticates, checks for policy updates, and uploads inventory.
Navigate the Dell Server Navigation The Management Console is a central control center that the administrator can use to deploy and monitor security for the organization. It consists of security and configuration settings that are applied through policy to groups called Populations. The menu pane allows access to the following: Dashboard The Management Console opens to the dashboard.
Navigate the Dell Server To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the Management Console and select About. The About screen indicates that a Dell Server is in Disconnected mode, below the Dell Server version. Disconnected mode is different than a standard connected installation of Dell Server in the following ways.
Security Management Server v10.2.7 AdminHelp Dashboard The dashboard displays an overview of status information for your enterprise. Access more detailed information directly from the dashboard by clicking its statistics, graphs, and chart legends.
Navigate the Dell Server An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Security Management Server v10.2.7 AdminHelp Notifications List The notifications list provides a configurable summary of news, alerts, and events to display on the dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and Notification Management. Notification Types Select the notification types to include in the list. Notifications of the remaining types are hidden. Types include: Update - News of upcoming product updates.
Navigate the Dell Server Threat Event - An event detected by Threat Protection. Certificate - Certificate expiration notification. Server Exceptions - A Dell Server communication issue is impacting deliveries of the following notifications: Threat Protection, Update, Config, Knowledge Base, and Announcement. After selecting one or more types, click in the neutral space above the list to apply the selections. Select Clear selected items to reset the selections in this list.
Security Management Server v10.2.7 AdminHelp Agent Inventory Received - The date and time that the inventory was received and placed in the queue. Agent Inventory Processed - The date and time that the inventory was picked up from the queue and processed (Note: If the Dell Server is under load, the Processed and Received times may be different, but usually they are the same.) Shield - If encryption is installed on the endpoint, an icon displays.
Navigate the Dell Server The Advanced Threat Prevention Events pane displays a time line of Advanced Threat events over the course of a month, by file type as assigned by Advanced Threat Prevention. Click a file type for details of the events of that type.
Security Management Server v10.2.
Navigate the Dell Server Set to auto run on any device False +0 Detected by Execution Control True +5 Total score 5: High Priority Advanced Threat Prevention Classifications Advanced Threat Prevention can provide details on the static and dynamic characteristics of files. This allows administrators to not only block threats, but also to understand threat behavior to further mitigate or respond to threats.
Security Management Server v10.2.7 AdminHelp removal by administrators or security technologies. Trojan Malware that disguises itself as a legitimate program or file. Zeus Virus Malware that propagates by inserting or appending itself to other files. Sality, Virut Worm Malware that propagates by copying itself to another device. Code Red, Stuxnet Dual Use Dual Use indicates the file can be used for malicious and non-malicious purposes.
Navigate the Dell Server The file has been identified as a Potentially Unwanted Program. This indicates that the program may be unwanted, despite the possibility that users consented to download it. Some PUPs may be permitted to run on a limited set of systems in your organization (EX. A VNC application allowed to run on domain administrator devices). A Dell Server administrator can choose to waive or block PUPs on a per device basis or globally quarantine or safelist based on company policies.
Security Management Server v10.2.7 AdminHelp Note: Occasionally, a file may be classified as Unsafe or Abnormal even though the score displayed doesn’t match the range for the classification. This could result from updated findings or additional file analysis after the initial detection. For the most up-to-date analysis, enable Auto Upload in the Device Policy. Priority Level The file is given a priority level. The priority level helps administrators determine which threats and devices to address first.
Navigate the Dell Server Modified policies Summary Statistics provides a breakdown of endpoints by platform, with a link to a detailed report for the selected platform: Windows Mac Mobile device All Endpoint OS Report To access this page, click a platform link on the dashboard's Summary Statistics. If you click All and the Platform Report page opens, click view in the OS Report column.
Security Management Server v10.2.7 AdminHelp Details & Actions Members Settings ● ● ● ● User Groups ● ● ● Users ● ● Endpoint Groups ● ● Endpoints ● ● Populations Security Policies Enterprise ● Domains Administrators Key Server Endpoint Groups ● ● ● ● ● To access the tabs for each Population: Enterprise - Click Populations > Enterprise.
Navigate the Dell Server 3. Select the desired severity level and time period to display events. To view threat events on a specific endpoint, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Search or select a hostname, then the Threat Events tab.
Security Management Server v10.2.7 AdminHelp Domains Domains On the Domains page, you can add a domain or search and select a domain to View or Modify Domain Information. Add a Domain To add a Domain, follow these steps: 1. In the left pane, click Populations > Domains. 2. On the Domains page, click Add. 3. Complete the fields on the Add Domains page. Domain DNS Suffix - Enter the fully qualified host name or the computer name and domain portion of the hostname (for example, .
Navigate the Dell Server 2. On the Users page, click Add Users by Domain. 3. In the Add Users by Domain dialog, select a domain from the pull-down list. 4. In Full name, enter the exact text for the user name or use the wildcard character (*). 5. Select Common Name, Universal Principal Name, or sAMAccountName from the list. A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise directory server for every user.
Security Management Server v10.2.7 AdminHelp Universal security groups are only supported for domains that connect through the Global Catalog port. Nested groups are not supported. Add Non-Domain Users To add non-domain users, the non-domain activation feature can be enabled by contacting Dell ProSupport and requesting instructions. View or Modify Domain Policies and Information 1. In the left pane, click Populations > Domains. 2. Search or select the appropriate Domain Name to display Domain Detail.
Navigate the Dell Server LDAP Url - URL to the active directory. This field is populated after adding the domain. The information is derived from the completed hostname. Example - LDAP://domainname.com:portnumber/DC=domainname,DC=com To configure LDAP settings for the domain, click the Settings tab. Status - Describes the health of the domain server (Good, Fair, Poor). Domain Members This page allows you to view, add, or modify information for groups and users within the domain.
Security Management Server v10.2.7 AdminHelp text) and 3269 (secure). Distinguished Name - This field is populated when you tab from the completed hostname or refresh the URL. If necessary, correct the entry to reflect the domain (for example, DC=domainname, DC=com). Secure LDAP - Select this check box for LDAPS. User Name - The user name with rights to read and run queries on the enterprise directory server. The format must be UPN, such as user@domain.com.
Navigate the Dell Server b. Click Search. Depending on the size, this may take a few minutes to populate. c. Select a group from the list to add to the domain. The group name is added to the field below the list. Click the X in the group name to remove the group name. d. 6. Click Add. For ADMIN-DEFINED User Groups, follow these steps: a. Enter the exact text for the group name or use the wildcard character (*). b. Enter a description for the group. c. Click Add Group.
Security Management Server v10.2.7 AdminHelp 3. Click the tab that corresponds with the action to perform: Security Policies - To view or modify policies of the Group, click Security Policies. Details & Actions - To view properties of the Group, click Details & Actions. Viewable information includes: • Group Name: Group1 (DOMAIN\Group1) • Distinguished Name: CN=Group1, OU=Dallas, DC=Organization, DC=com Common Name: Group1 • Last Modified in Directory - date and time stamp • Last Reconciled - date
Navigate the Dell Server Windows Encryption Policy-Based Encryption Encrypt Outlook Personal Folders Not Selected Not Selected Windows Encryption Policy-Based Encryption Encrypt Temporary Files Not Selected Not Selected Windows Encryption Policy-Based Encryption Encrypt Temporary Internet Files Not Selected Not Selected Windows Encryption Policy-Based Encryption Encrypt User Profile Documents Not Selected Not Selected Windows Encryption Policy-Based Encryption Secure Post-Encryption C
Security Management Server v10.2.7 AdminHelp User - Each user in that user group Distinguished Name - CN=Group1, OU=Dallas, DC=Organization, DC=com CN is the common name OU is the organizational unit name DC are domain components Common Name - non-technical name of the user group Add Users to the Group 1. On the Members tab, click Add Users to Group. 2. Search or select a user, then select the check box to the left of the user name. 3. Click Add Selected Users to Group.
Navigate the Dell Server Edit Group Priority The Group priority feature is used to determine policy precedence for effective policies that affect multiple groups. Group priority creates a weight associated with the specific group it is assigned to, and that weight is used to determine which policy setting is applied to an endpoint that is a member of more than one Endpoint Group when policy settings differ between those groups.
Security Management Server v10.2.7 AdminHelp The user group at the top of the list has highest priority. The user group at the bottom of the list has lowest priority. To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save.
Navigate the Dell Server Related topics: Administrator Roles User Admin Delegate Administrator Roles View Reconciliation Date To view the date and time a user group's or user's information was last reconciled with Active Directory, click the Details & Actions tab for the group or user, and refer to last reconciled. For instructions, refer to View or Modify User Group Policies and Information and View or Modify User Policies and Information.
Security Management Server v10.2.7 AdminHelp A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise directory server for every user. If a user is a member of a domain or group but does not display in the domain or group members list in the Management Console, ensure that all three names are properly defined for the user in the enterprise directory server. 6. Click Search. Depending on the size, this may take a few minutes to populate.
Navigate the Dell Server 4. Change the Current Shield State policy to Suspend. 5. Click Save. 6. Commit Policies. To reactivate a deactivated Windows user, follow the instructions in Reinstate Suspended Users. Reinstate Suspended Users To reinstate a suspended user, follow these steps: 1. In the left pane, click Populations > Users. 2. Click a user name link or enter a filter to search for available users. To Search, enter Common Name, Universal Principal Name, or sAMAccountName.
Security Management Server v10.2.7 AdminHelp User Type - possible values are AD or local Last Modified - Date/time stamp Last Reconciled - Date/time stamp Endpoints - Click to view or modify information for the User's endpoints. For instructions on how to modify endpoint information, refer to View or Modify Endpoint Information. User Groups - Click Groups to view information for groups for which the user belongs.
Navigate the Dell Server Last Successful Login - Date/time stamp, per endpoint Last Unsuccessful Login - Date/time stamp, per endpoint Last Gatekeeper Sync - Date/time stamp, per endpoint Effective Policies - Click view for a simple layout view of the effective endpoint policies Actions - Click Recover to proceed to the Recover Data page Last Encryption Sweep Start - Date/time stamp, per user Sweep End - Date/timestamp, per user Encryption Failure - Click view for a simple list of files that could not be en
Security Management Server v10.2.7 AdminHelp DC are domain components Common Name - non-technical name of the user group User Admin This page allows you to assign, modify, or view administrator roles for the user. 1. In the left pane, click Populations > Users. 2. Search or select a user name, then the Admin tab. Administrator Roles - Assign or modify roles for the user and click Save. Inherited Group Roles - A read-only list of roles that the user inherited from a group.
Navigate the Dell Server 1. In the left pane, click Populations > Users. 2. Click a user name link or search for a user and then click a link to display the user detail. Enter Common Name, Universal Principal Name, or sAMAccountName. The wildcard character (*) is supported. 3. On the Security Policies tab, click Policy-Based Encryption. 4. Set the value of Policy-Based Encryption to Off. 5. Click Save. 6. Commit Policies.
Security Management Server v10.2.7 AdminHelp (For Active Directory Groups only) In Choose AD Group, enter the beginning characters of an Active Directory group name (Example: Accounting), and select the desired group. 7. (For Rule-Defined and Active Directory Groups only) Click Preview to view the endpoints to be included in the group. 8. Click Add Group to save the group definition. 9. After the group is added, modify the group priority if necessary. Remove an Endpoint Group 1.
Navigate the Dell Server Windows Encryption Self-Encrypting Drive (SED) Self-Encrypting Drive (SED) Off Off Windows Encryption Hardware Crypto Accelerator Hardware Crypto Accelerator (HCA) (HCA) Off Off Windows Encryption Policy-Based Encryption SDE Encryption Enabled Not Selected Not Selected Windows Encryption Policy-Based Encryption Windows Encryption Policy-Based Encryption Common Encrypted Folders Encrypt Windows Paging File Not
Security Management Server v10.2.7 AdminHelp endpoint is dedicated to a single user. baseline settings,a non-persistent endpoint is available for another user. Endpoint Groups Specification To skip to instructions about how to add an endpoint, see Add Endpoint Groups. At deployment time, all endpoints belong to a default endpoint group, which is generally sufficient for most deployments. This feature is used to assign policy to a specific group of endpoints.
Navigate the Dell Server PROCESSOR SERIALNUMBER System processor information Endpoint serial number The current locale of the endpoint. This is typically only reported by Encryption Enterprise.
Security Management Server v10.2.
Navigate the Dell Server A denotes an asset, while the following 5 digits denotes the asset’s assigned value. The user that was assigned the asset has their SAM account appended to the end. You can capture the assigned number of the asset, and that it is within a certain subsection of assets. This example shows how to look for assets that have a value less than 1000. MID(DISPLAYNAME , 2, 5) < 1001 This example targets user’s computer where their last name begins with ‘r’.
Security Management Server v10.2.7 AdminHelp 4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Groups 5. Opt-in Endpoint Group 6. Default Endpoint Group To change Active Directory/Rule-Defined/Admin-Defined Endpoint Group priority: 1. In the left pane, click Populations > Endpoint Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4.
Navigate the Dell Server When you click a Group Name, the Endpoint Group Detail page displays. 3. If applicable, View or Modify Endpoint Information. View or Modify Endpoint Group Policies and Information 1. In the left pane, click Populations > Endpoint Groups. 2. Click a Group Name or enter a filter to search for available Endpoint Groups. The wildcard character (*) is supported. When you click a Group Name, the Endpoint Group Detail page displays. 3.
Security Management Server v10.2.7 AdminHelp The PBA Unlock command for this endpoint group is carried out in the PBA Device Control area. This command unlocks the PBA screen after it has been locked – either by sending a Lock command or by exceeding the maximum number of authentications attempts allowed by policy. Endpoint Group Members This page lists the endpoints within an endpoint group. Information displays based on the group specification used to create the endpoint group. 1.
Navigate the Dell Server On the Endpoints page, you can add an endpoint to a group, remove an endpoint, or search and select an endpoint to View or Modify Endpoint Information. You can also quickly view the following summary information about each endpoint: *Hostname - Endpoint hostname. *OS/Version - Operating system and version running on the endpoint (Example: Microsoft Windows 10 Enterprise). *Category - Catetory of endpoint (Example: Windows or Mac).
Security Management Server v10.2.7 AdminHelp For Windows and Mac, if you know the hostname of the endpoint, enter it in Search. Leave the field blank to display all Windows and Mac endpoints. For Mobile devices, optionally enter the model name or user's email address. 4. At the top left, click Remove. 5. Click OK to confirm removal of the endpoint. As another option, click an endpoint and select the Details & Actions tab. Under Endpoint Detail, click Remove. Find Endpoints 1.
Navigate the Dell Server Advanced Threat Events - Click Advanced Threat Events view, export, quarantine, or waive unsafe files. Events are grouped by Status (unsafe, quarantined, or abnormal), and the following information is displayed for events: file name, file paths, score, classification, first found time stamp, running, auto run, and detected by. 6. If modified, click Save.
Security Management Server v10.2.7 AdminHelp Host ID - Endpoint identifier Unique ID - Dell assigned unique identifier Hardware ID - A unique identifier sent to the server from the client. Protected - Date and time stamp Mac Category - Mac OS/OS Version - Example: Mac OS X 10.11.0 Processor Serial Number - Manufacturer assigned serial number Host ID - Endpoint identifier Unique ID - Dell assigned unique identifier Hardware ID - A unique identifier sent to the server from the client.
Navigate the Dell Server Model Name (if available) Phone ESN/IMEI (if available) Processor (will display if the data is available) Memory available and total (MBs) (will display if the data is available) Battery remaining% (will display if the data is available) Serial Number - Manufacturer assigned serial number Unique ID - Dell assigned unique identifier Actions - Hide or Remove Endpoint Shield Detail Commands: To view the policies of the endpoint, click View Effective Policies.
Security Management Server v10.2.
Navigate the Dell Server States: Policy Updating: Date and timestamp Device Encryption Updating: Date and timestamp Device Data Encryption On: Date and timestamp Sweep Started: Date and timestamp Sweep Completed: Date and timestamp Inventory Received: Date and timestamp Inventory Processed: Date and timestamp Protected: Protection Status Tab: Disk Name Capacity (storage) Protection Status (Protected, Protecting, Unknown) Interface type Model number of the endpoint Actions: Effective policies on the specific
Security Management Server v10.2.7 AdminHelp Interface - Disk interface (Examples: IDE, SATA) Model - Manufacturer name and model of the disk Click the small black arrow on the left to expand the disk details to view information for each partition of the disk. Logical Disk - The name of the logical disk. ID - The identifying number of the logical disk. Encryption % - The percentage of the partition that has been encrypted. Capacity - The capacity of the partition.
Navigate the Dell Server No TPM Device – The TPM device is not present or is not detectable in the indicated computer. The Manager is not actively enforcing policy related to this plugin, due to this plugin-specific exception. No Policy - Initial policy has not been received so the plugin is not actively enforcing any policy. This is only relevant the very first time you install the Manager client.
Security Management Server v10.2.7 AdminHelp Cloud device commands apply to the selected endpoint and are carried out from the Cloud Device Control section of the device's endpoint page. Unlike policies, commands are pushed to the device to enable an action. Commands: Suspend - Suspends the endpoint device. It does not suspend the user account. Unsuspend - Unsuspends the endpoint device.
Navigate the Dell Server Wipe - The Wipe command functions as a “restore to factory state” for the SED drive. The Wipe command can be used to re-purpose a computer or, in an emergency situation, wipe the computer, making the data permanently unrecoverable. When the wipe command is consumed by the client, all history and details about this endpoint are removed from the Dell Server. Ensure that this is the desired behavior before invoking this command.
Security Management Server v10.2.
Navigate the Dell Server Use the controls at the bottom of the page to: Advance to the top of the data. Go back one page. Go forward one page. Advance to the end of the data. Increase or reduce the items per page. View the range of items currently displayed. Refresh the data. Endpoint Advanced Threats This page allows you to view, export, quarantine, or waive unsafe files that trigger events on the selected endpoint. An event is not necessarily a threat.
Security Management Server v10.2.7 AdminHelp Click an arrow next to any column header and select Columns to add columns to, or remove columns from, the table. Filter on Column Data To filter the list based on column data, click the down-arrow on any column to display the context menu, and select Filter. The filter options vary, depending on the type of data in the column. For example, you may want to filter the list so that it shows only high priority threats.
Navigate the Dell Server Action - Action taken to protect the system from the exploit attempt: Ignore - The agent does not take any action against identified memory violations. Alert - The agent will record the violation and list the incident on this page. Block - If an application attempts to call a memory violation process, the agent will block the process call. The application that made the call is allowed to continue to run.
Security Management Server v10.2.7 AdminHelp When you suspend an encrypted server, you suspend the user associated with the encryption client rather than an individual user who logs on to the endpoint. To suspend a Server Encryption client: 1. In the left pane, click Populations > Users. 2. In Search, enter SERVER-USER and click the 3. Click the user name of the appropriate user. 4. On the User Detail page, click the Endpoints tab. 5. Click the Device ID of the appropriate endpoint. 6.
Navigate the Dell Server Related topics: Send Wipe Command to Self-Encrypting Drive Lock a Self-Encrypting Drive Remove Users from Endpoint with Self-Encrypting Drive Unlock a Self-Encrypting Drive Allow PBA Login Bypass Allow PBA Login Bypass You can allow users to bypass the Preboot Authentication (PBA) screen one time to allow a user into the computer without authenticating on an endpoint equipped with a self-encrypting drive. To send the Bypass Login command, follow these steps: 1.
Security Management Server v10.2.7 AdminHelp Remove Users from Endpoint with Self-Encrypting Drive To remove users from the PBA, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Select the Workstation endpoint type. 3. If you know the full Hostname of the endpoint, enter it in the Search field. However, you may leave the field blank to display all Workstation endpoints. 4. Click the search icon. An endpoint or list of endpoints displays, based on your search filter. 5.
Navigate the Dell Server . An endpoint or list of endpoints displays, based on your search filter. 4. Click 5. Click the endpoint hostname on which to wipe the self-encrypting drive. 6. Click the Details & Actions tab. 7. Under SED Device Control, click Wipe. 8. Click Yes to confirm that you want to send the Wipe command to the endpoint.
Security Management Server v10.2.7 AdminHelp Administrator Roles Administrator login is integrated with Active Directory to simplify the process of managing administrators and to allow you to leverage your existing user authentication infrastructure. Administrators are assigned roles that define what level of access each administrator is allowed. For example, some administrators may only be allowed to implement help desk assisted recovery while others have full access to edit security policies.
Navigate the Dell Server User View policies ● Modify policies ● Commit policies ● Issue commands ● View audit events ● Analyze logs ● ● ● ● ● ● View Administrators ● Create, change, and delete Administrator accounts ● Delegate Administrator privileges ● Download Endpoint software Download recovery key bundle ● ● ● ● Provision or recover the Advanced Threat Prevention service ● Enroll for Advanced Threat Prevention auto updates ● Set email notifications of Client Access Licens
Security Management Server v10.2.
Navigate the Dell Server report that is set to run at a specified interval in the Compliance Reporter Scheduler Schedule and rename a report that is set to run at a specified interval in the Compliance Reporter Scheduler ● Enter or modify settings in Compliance Reporter Settings ● Set up Compliance Reporter plugins ● Open a Report, modify an online Report display, and rename a Report view in Compliance Reporter ● Generate, export, store, print, and email a Report result in Compliance Reporter ● Ad
Security Management Server v10.2.7 AdminHelp Administrator rights for a user group can be delegated to a user. The delegated administrator and users must be members of the user group not only in Active Directory but in the Dell Server database. Administrator rights are available to the delegated administrator only if the delegated administrator is a member of the user group in the Dell Server database.
Navigate the Dell Server • Search - Hover to view columns for performing a search, then enter specific text for those columns. Use * for a wildcard. For additional filtering to provide a detailed search on a specific report, see Use_Search_and_More_to_filter. View or Modify an Existing Report On the Manage Reports page, select a report from the Name column to view an instance of that report. The owner can make the report private or public. See View Report.
Security Management Server v10.2.7 AdminHelp Device Detail Provides reports based on Windows, Mac, iOS, and Android device details. See Endpoint Details & Actions. Shield Detail Customize a report of an endpoint's policies, recovery keys, or details. See Shield_Detail. Notifications Customize a report of news, alerts, and events or email notifications. See Notifications.
Navigate the Dell Server 3. For additional filtering, select More.... and then select one or more options. Additional text fields allow you to limit the text search to that column: • Registered User - Enter text to search specifically on that column. • BitLocker Enabled or TPM Enabled - Boolean search specifically on those columns. • Disk Status and Logical Disk Status - Enumerator searches specifically on those columns. Export File Export to Excel or a .csv file.
Security Management Server v10.2.7 AdminHelp Data Guardian Audit Events Data Guardian audit event logs maintain an audit trail of file activity for Windows, Mac, mobile devices, and the web portal. By alternating between a map visualization and multiple filter options, you can access audit data in various ways, from a global overview to specific geolocations or audit data on a specific file or a specific user.
Navigate the Dell Server • Moniker - By default, information displays for all monikers. Select one or more check boxes to display specific monikers. Click Clear selected items to display all. • Cloud Encryption - applies to: • Cloud Encryption (Mac, mobile and web portal; Windows Data Guardian v2.3 and earlier) • Cloud_Access_Security_Broker (CASB) (web portal 2.9 and higher) • Basic File Protection (web portal 2.9 and higher with CASB, when a .
Security Management Server v10.2.7 AdminHelp • Columns - Filter the amount of data by selecting one or multiple columns to display. If you clear all column check boxes, audit events are listed for all endpoints and all users. Some filters apply to all monikers and some to specific monikers. For a description of column filters, see Options_in_the_Columns_menu. • Search - Hover to view columns for performing a search (device, user, file name, and file key ID), then enter specific text for those columns.
Navigate the Dell Server Column options for Protected Office only Audit Event - Column options Description Data Guardian Action If a service acts on a protected Office file, for example, modifying or deleting a file, the Data Guardian Action column lists the reason. See Protected_Office_Document_or_Basic_File_Protection_audit_events. Column options related to Embargo: From To From - The time that an external user can start viewing a protected file.
Security Management Server v10.2.7 AdminHelp v2.7 and earlier) document to an unprotected file and was blocked. Accessed Blocked Print (Windows only Indicates a file where a user tried to with Data Guardian print a protected Office document v2.7 and earlier) and was blocked. ● Accessed Detected tampering Tampering was detected in the .xen file portion of a protected Office document. This audit event alerts you to the tampering, but the .xen file cannot be repaired.
Navigate the Dell Server Audit Event - Column options Description Login If a user logged in and did a fast user switch, for example, logged in and then rebooted. Logout User logged out of a session. Blocked PrintScreen (Windows only and Data Guardian v2.7 and earlier) Indicates a file where a user tried to capture a screen while a protected Office document was open and is blocked. Blocked Process (Windows only and Data Guardian v2.
Security Management Server v10.2.7 AdminHelp to be encrypted are now decrypted. Cloud Encryption audit events (mobile and web portal; Windows Data Guardian v2.3 and earlier; Mac) This table lists audit events that occur for files or folders stored in the cloud sync client folders. Events may differ slightly for Mac and mobile devices. Greyed out options indicate earlier versions of Windows and Mac Data Guardian. Actions for audit events Cloud Action and Description Windows 2.
Navigate the Dell Server Policies: Protected Office Documents, Content Based Protection, Content Based Protection Rules. To include emails that must comply with a Content Based Protection rule, also enable Email Encryption via Outlook. For a report, select from these column options. Audit Event - Column options Description Content Rule The content rule category, such as Public, Internal Use, or Restricted. Content Rule File The name of the file that was audited or encrypted based on a content rule.
Security Management Server v10.2.7 AdminHelp You can alternate between drilling in at the map level and drilling in at the filter and search level. For example: • Endpoint or endpoint group - If geolocation is enabled, the map displays the location of the events for each endpoint's .xen and protected Office files. If the map indicates protected files in an unexpected location, you can use the audit data to identify who modified the file.
Navigate the Dell Server • Block Copy (for Windows) - indicates a Windows user tried to copy from a protected Office document and was blocked. • Geo Blocked (for Mobile) - indicates a mobile user outside a geofence tried to access a protected document and the attempt was blocked. next to that user or device.
Security Management Server v10.2.7 AdminHelp 1. In Moniker, select Protected Office and Beacon. 2. In the global map view, drill in to a marker cluster in an unexpected location and select a blue marker. 3. Select the Show only visible check box for the columns to list only the files for that audit event. 4. Click next to a Device, User, File Name, or File KeyID.
Navigate the Dell Server More than 100 events Use the + and - icons in the upper left corner of the map to zoom in or out. Drag the map to view different areas of the map. To view individual events for map points representing multiple events, use the + icon in the upper left corner to zoom in on the map point. Click an individual map point within the group of points to view the event. Event Data Event data displays below the map about the events represented on the map.
Security Management Server v10.2.7 AdminHelp Integrating with a SIEM/syslog server allows administrators to run customized analytics on threat and audit data within their environments. The Dell Server supports the export of Advanced Threat Prevention and Data Guardian events. To export audit events to a syslog server or to a local file: 1. In the left pane, click Management > Services Management. 2. Select the Events Management tab. 3.
Navigate the Dell Server 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL) 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2 splunk 07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s protocol 07-10-2017 16:27:02.
Security Management Server v10.2.7 AdminHelp Example Message for Deny Execution from External Drive: Devices Select this option to send device events to the Syslog server. • When a new device is registered, two messages for this event are received: Registration and SystemSecurity. Example Message for Device Registered Event: • When a device is removed. Example Message for Device Removed Event: • When a device’s policy or logging level has changed.
Navigate the Dell Server • Terminated: Process has been terminated. Example Message of Memory Protection Event: Script Control Selecting this option logs any newly found scripts that have been blocked or have triggered an alert to the Syslog server. Syslog Script Control events contain the following properties: • Alert: The script is allowed to run. A script control event is sent to the Dell Server. • Block: The script is not allowed to run. A script control event is sent to the Dell Server.
Security Management Server v10.2.7 AdminHelp Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs (PUPs). If this option is selected, you subscribe to be notified when these events occur. Example Message of Threat Classification: Security Information and Event Management (SIEM) Specifies the type of Syslog server or SIEM that events are to be sent to. Protocol This must match what is configured on your Syslog server. The choices are UDP or TCP.
Navigate the Dell Server 52.20.244.157 52.71.59.248 52.72.144.44 54.88.241.49 AU (my-au.cylance.com): 52.63.15.218 52.65.4.232 EU (my-vs0-euc1.cylance.com and my-vs1-euc1.cylance.com): 52.28.219.170 52.29.102.181 52.29.213.11 Note: This IP Address should remain static. For the latest IP addresses for Syslog messages, contact Dell ProSupport. Management Commit Policies Uncommitted policies display in a badge icon in the top left of the Management Console.
Security Management Server v10.2.7 AdminHelp To view or export logs: 1. In the left pane, click Management > Log Analyzer. 2. Select a Category. The Categories are Admin Actions, Shield for Server Events, Policy, Advanced Threat Events, System Logs, Whitelist, and Full Access List. 3. To narrow the results, select from these optional filters: • Priority - Choose DEBUG, INFO, WARN, ERROR, or FATAL. FATAL returns fewest entries; DEBUG returns the greatest number of entries.
Navigate the Dell Server 3. The user is instructed to contact their administrator and inform them that they need to manually recover Encryption External Media for Windows. 4. As a Dell administrator, log in to the Management Console. 5. In the left pane, click Populations > Users. 6. Enter a filter to search for the user. The wild card character is *. You can enter Common Name, Universal Principal Name, or sAMAccountName. 7. Click 8. Locate the appropriate user and click the Endpoints tab. 9.
Security Management Server v10.2.7 AdminHelp If the policy is set to block all access to removable media until authenticated/encrypted and the user clicks Cancel, they cannot access any files on this removable storage. If a user re-uses a password that has been used too recently, a dialog displays asking them to use a different password. If a password does not meet the criteria set by policy, a dialog displays, outlining the password criteria.
Navigate the Dell Server computer where the original user is logged in, to reinitialize the encryption keys. If policy does not permit this, it must be inserted into the originally encrypting computer, with the originally specified user name. On rare occasions, when encryption key material is lost, the Encryption client cannot automatically locate the necessary information. Use the following process to recover encrypted data. 1.
Security Management Server v10.2.7 AdminHelp If more than one Dell Server is part of a federation, to perform Encryption External Media Recovery across Dell Servers in the federation, enable federated key recovery: 1. Navigate to \conf\ and open the federatedservers.properties file. 2. Update the server.code property with a new a code, password or passphrase to be shared across Dell Servers in the federation.
Navigate the Dell Server See the Encryption Enterprise for Mac Administrator Guide, available at dell.com/support for the most up-to-date recovery instructions. License Management License Management To view usage of Client Access Licenses (CALs) that you own and upload new licenses, click Management > License Management. Upload Client Access Licenses You received CALs separately from the installation files, either at the initial purchase or later if you added additional CALs. 1.
Security Management Server v10.2.7 AdminHelp 1. 2. License structure: a. Disk Encryption (DE) – Dell Encryption (Windows and Mac), Encryption External Media , SED Management, Full Disk Encryption, BitLocker Manager. b. Encryption External Media (EME) c. Dell Data Guardian (CE) d. Threat Protection (TP) - includes Malware Protection and/or Client Firewall and/or Web Protection features e.
Navigate the Dell Server 2. Under Upload Licenses, click Choose File to browse to the location of the saved CAL. Related topics: CAL Information License Management Services Management Services Management From the left pane of the Management Console, select Management > Services Management. The following options are available: Provision or Recover the Advanced Threat Prevention service - After the service is provisioned, clients are automatically provisioned with Advanced Threat Prevention.
Security Management Server v10.2.7 AdminHelp 1. In the left pane of the Management Console, click Management > Services Management. 2. Click Recover Advanced Threat Prevention Service. 3. Follow the guided service recovery dialogs and upload the Advanced Threat Prevention certificate when prompted. Enroll for Advanced Threat Prevention Agent Auto Updates You can enroll to receive Advanced Threat Prevention agent auto updates.
Navigate the Dell Server 3. Click On then click Save Preferences. Note: The product notification switch does not display when servers are configured in disconnected mode. Stop receiving product notifications To stop receiving product notifications: 1. In the left pane of the Management Console, click Management > Services Management. 2. Select the Product Notifications tab. 3. Click Off then click Save Preferences.
Security Management Server v10.2.7 AdminHelp 3. Click Add when complete. To edit an alert: • Select the alert to change, click Edit, make the changes, and press Enter. To delete an alert: • Select the alert to delete, and click Delete. Related topics: License Management Enable SMTP Server for Email Notifications Enable SMTP Server for Email Notifications If using Data Guardian, these settings are automated by using the Server Configuration Tool.
Navigate the Dell Server 2. Select the Registration Access tab. 3. Click Add. 4. Select Registration Access Type: Blacklist - Blocks registration and file access for a user or a domain. Full Access List - Grants registration and file access for a user or domain. If the user or domain is also on the blacklist, no access is granted. 5. Enter either a domain to set access for the entire domain, or email address to set access only for a single user. 6. Click Add.
Security Management Server v10.2.7 AdminHelp Key Revocation The administrator can revoke access to files, at both the user level and the file level. To revoke access: 1. In the left pane, click Management > Data Guardian Management. 2. Select the Key Revocation tab. 3. Select the user or file from which to revoke files. 4. Click Revoke Keys. Key Management The administrator can manage key ownership. The keyid is available here: • Reporting > Audit Events > Columns > File KeyID.
Navigate the Dell Server Portal URL - The URL used to access the enterprise's Data Guardian web portal. After the portal URL is entered and saved, it is displayed on the Management Console's Downloads page. Additionally, it is displayed on the cover page of a protected file if the user does not have access to the key. This portal URL also displays on the Activation page after a new user registers. Change Superadmin Password 1.
Security Management Server v10.2.7 AdminHelp To download the latest version of Dell Data Guardian: 1. In the left pane, click Management > Downloads. 2. Select the Endpoint Software tab. 3. Choose from the following: • Navigate to Download (for Windows or Mac) • Download on the App Store (for iOS) • Get it on Google Play (for Android) The Download tab is only available if the user has been assigned a security and a system administrator role.
Manage Policies Manage Security Policies You can apply security policies at the Enterprise, Domain, User Group, User, Endpoint Group, and Endpoint levels. Default policy settings allow your enterprise to get started with Dell security, but you should customize the security and configuration settings. If you've migrated from an earlier version of Dell Server, your policy settings have been migrated for you. Security policies are grouped by technology.
Manage Policies Icons and their meanings: The master switch for policies in the subgroup is On, which means the policy group is enabled. Policies in the group are sent to clients when policies are committed. Policies in the subgroup are not enabled. At least one default setting in the policy group has been overridden. Group of policy settings that has no master switch. The policy change is not yet committed.
Security Management Server v10.2.7 AdminHelp 2. Click the Security Policies tab. 3. Select the technology group, such as Windows Encryption, or policy group, such as PolicyBased Encryption, to modify. 4. Select a language for localizable policies from the list at the top right of the screen. 5. Enter text that is in the language you selected for localizable policies. Navigate the populations and technology groups as necessary to localize all desired policies for that language. 6. Click Save. 7.
Manage Policies The following policies can be displayed in a selected language on the endpoint computer: Enterprise Level Technology Group Policy Windows Encryption > Full Disk Encryption Support Information Text Full Disk Encryption Title Text Legal Notice Text Self Help Questions Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Security Management Server v10.2.
Manage Policies Legal Notice Text Self Help Questions (Pre-8.
Security Management Server v10.2.7 AdminHelp Full Disk Encryption (FDE) On Off Toggle to ON to enable all full disk encryption policies. If this policy is toggled to OFF, no full disk encryption takes place, regardless of other policy values. On means that all Full Disk Encryption policies are enabled. Changing the value of this policy triggers a new sweep to encrypt/decrypt files.
Manage Policies Choose a key to indicate who can access files encrypted by Application Data Encryption List, and where. More... Common for these files to be accessible to all managed users on the computer where they were created (the same level of access as Common Encrypted Folders), and encrypted with the Common encryption algorithm.
Security Management Server v10.2.7 AdminHelp -^@%ENV:SYSTEMDRIVE%\;vol -^%ENV:SYSTEMDRIVE%\Program Files\PGP Corporation -^3%ENV:SYSTEMDRIVE%\PGPWDE00 -^3%ENV:SYSTEMDRIVE%\PGPWDE01 -^3%ENV:SYSTEMDRIVE%\PGPWDE02 -^3%ENV:SYSTEMDRIVE%\PGPWDE03 -^%ENV:SYSTEMDRIVE%\Program Files\Symantec -^%ENV:SYSTEMDRIVE%\Program Files (x86)\Symantec -^%ENV:SYSTEMDRIVE%\Program Files\Common Files\Symantec Shared -^%ENV:SYSTEMDRIVE%\Program Files (x86)\Common Files\Symantec Shared -^%ENV:SYSTEMDRIVE%\ProgramData\Symantec -^3%EN
Manage Policies If the same folder is specified in both this policy and the User Encrypted Folders policy, this policy prevails. See advanced settings Policy Default Setting Description Bitlocker Encryption This technology manages Microsoft BitLocker policies for full disk and removable media encryption. BitLocker Encryption TPM Manager Enabled Disable Sleep Mode Encrypt System Drive Not Managed Managed Not Managed Toggle to Managed to enable BitLocker Manager policy settings.
Security Management Server v10.2.7 AdminHelp Encrypt Fixed Drives Encrypt Removable Drives Require Additional Authentication at System Startup Allow BitLocker Encryption Without a Compatible TPM 147 Do Not Manage Do Not Manage Turn On Encryption Turn Off Encryption This policy does not encrypt the system drive. To also encrypt the system drive, make sure that Encrypt System Drive Only is also Turn On Encryption. Do Not Manage ignores Fixed Drives.
Manage Policies Configure TPM Startup Configure TPM Startup PIN Configure TPM Startup Key Configure TPM Startup Key and PIN Encryption Method and Cipher Strength (OS Volumes) Allow Do Not Allow Require Allow On computers with a compatible TPM, three types of authentication are supported.
Security Management Server v10.2.7 AdminHelp Encryption Method and Cipher Strength (Removable Volumes) Encryption Method and Cipher Strength (Fixed Volumes) AES-128 AES-128 AES-256 XTS-AES-128 (for use with Windows 10 Anniversary Edition and later) XTS-AES-256 (for use with Windows 10 Anniversary Edition and later) Algorithm and cipher strength used by BitLocker Drive Encryption for Removable Volumes.
Manage Policies other policy values. Selected allows a maintenance schedule to control application of policy that requires a reboot. Server Maintenance Schedule Repeats Port Control System SDE Encryption Enabled Weekly Daily, Weekly, Monthly, Quarterly, Annually The schedule configuration defines when the task should run. Daily: Runs the task every day at the specified Server Maintenance Schedule Start Time. Weekly: Runs the task weekly on the days specified in Server Maintenance Day of the Week.
Security Management Server v10.2.7 AdminHelp triggers a new sweep to encrypt/decrypt files. See advanced settings Variables Some Windows policies support the following variables. A pathname can consist entirely of one or more of these variables, or can include one or more of these variables at any point. To get directory locations that these CSIDL values resolve to, go to http://msdn.microsoft.com/enus/library/bb762494.aspx. All names listed on the MSDN page are CSIDL_.
Manage Policies APPDATA PRINTHOOD LOCAL_APPDATA ALTSTARTUP COMMON_ALTSTARTUP COMMON_FAVORITES INTERNET_CACHE COOKIES HISTORY COMMON_APPDATA WINDOWS SYSTEM PROGRAM_FILES PROGRAMFILES MYPICTURES PROFILE SYSTEMX86 PROGRAM_FILESX86 PROGRAMFILESX86 PROGRAM_FILES_COMMON PROGRAM_FILES_COMMONX86 COMMON_TEMPLATES COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the curr
Security Management Server v10.2.7 AdminHelp • Includes a numeric or text value stored in the registry for the local computer.
Manage Policies Policy Default Setting Description Policy-Based Encryption This technology uses Dell's proprietary data centric encryption to allow user data and computer encryption. This allows greater protection over individual data than traditional full disk encryption, by limiting access on a computer to only what a user is authorized to view. Encrypt with SDE when SED is detected User Encrypted Folders Not Selected When Selected, this policy applies SDE encryption to self-encrypting drives.
Security Management Server v10.2.7 AdminHelp winword.exe powerpnt.exe msaccess.exe wordpad.exe mspaint.exe excel.exe The following hard-coded system and installer process names are ignored if specified in this policy (you can also add to this list via the registry value HKLM\Software\Dell\CMGShield\EUWPrivilegedList): hotfix.exe, a Windows update process update.exe, a Windows update process setup.exe, a third-party installer process msiexec.exe, a third-party installer process wuauclt.
Manage Policies String String - maximum of 100 entries of 500 characters each (up to a maximum of 2048 characters) When a service is managed by this policy, the service is started only after the user is logged in and the Encryption client is unlocked. This policy also ensures that the service managed by this policy is stopped before the Encryption client is locked during logoff. This policy can also prevent a user logoff if a service is unresponsive. More... Syntax is one Service name per line.
Security Management Server v10.2.7 AdminHelp The scan priority levels are used in two ways. 1. These values correspond with the values used by the Microsoft SDK to set thread execution priority. 2. The client uses these values to introduce a delay in the encryption sweep after every single file is processed.
Manage Policies Winlogon\CMGShield\GKConnectionsOverride. The client communicates with Policy Proxies using the GKPORT (the default is 8000). If necessary, change that port via the registry key HKLM\SOFTWARE\Microsoft\WindowsNT\Current Version\Winlogon\CMGShield\GKPort. Inherited values for this policy accumulate. For the client to connect to a Policy Proxy specified in this policy, it must be in the same group as the Policy Proxy specified during client installation.
Security Management Server v10.2.7 AdminHelp Important: Allowing a user to pause encryption could allow the user to prevent the Encryption client from fully encrypting or decrypting data per policy. Suppress File Contention Notification Number of Encryption Processing Delays Allowed Selected This policy controls whether users see notification pop-ups if an application attempts to access a file while the client is processing it. More...
Manage Policies Delays Allowed Allow Encryption Processing Only When Screen is Locked Hide Overlay Icons The number of times the user is allowed to delay reboot for device-based policy. False True, False, User-Optional When True, there is no encryption or decryption of data while the user is actively working. The client will only process data when the workstation screen is locked. When False, encryption processing occurs any time, even while the user is working.
Security Management Server v10.2.7 AdminHelp Fixed Data Drives from Earlier Versions of Windows Do Not Install BitLocker to Go Reader on FAT Formatted Fixed Drives When Selected, fixed data drives with the FAT file system can be unlocked and viewed on computers running Windows Server 2008. This policy does not apply to drives that are formatted with the NTFS file system.
Manage Policies Do Not Enable BitLocker Until Recovery Info is Stored in AD DS for Fixed Data Drives Allow Data Recovery Agent for Protected Fixed Data Drives Configure User Storage of BitLocker 48-digit Recovery Password Configure User Storage of BitLocker 256-bit Recovery Key Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Information to AD DS for Fixed Data Drives BitLocker Recovery Information to Store in AD DS Do Not Enable BitLocker Until Recovery Information is S
Security Management Server v10.2.
Manage Policies the identification field and allowed identification field. The allowed identification field is used in combination with the Deny Write Access to Removable Drives Not Protected by BitLocker policy to help control the use of removable drives in the organization. This policy must be set to Selected to use the policies Set Organizational Unique Identifiers and Set Allowed Organizational Unique Identifiers.
Security Management Server v10.2.7 AdminHelp maximum of 20 digits. Allow Network Unlock at Startup on Operating System Drives Not Selected Selected Not Selected This policy specifies if a user is allowed to use the Network Unlock at Startup feature on operating system drives. Selected Selected Not Selected This policy specifies if a user is allowed to use SecureBoot on operating system drives.
Manage Policies Omit Recovery Options from the BitLocker Setup Wizard Save BitLocker Recovery Information to AD DS for Operating System Drives BitLocker Recovery Information to Store in AD DS (Windows Server 2008 Only) Do Not Enable BitLocker Until Recovery Information is Stored in AD DS for Operating System Drives Configure Use of Hardware-Based Encryption for Operating System Drives Use HardwareBased Encryption for Operating System Drives Use BitLocker Software-Based Encryption on Operating System Dr
Security Management Server v10.2.7 AdminHelp Operating System Drives Configure Specific Crypto Algorithms and Cipher Suites Settings on Operating System Drives Encryption Type for Operating System Drives Configure Use of Passwords for Operating System Drives Configure Password Complexity for Operating System Drives Minimum Password Length for Operating System Drives Require ASCII-Only Passwords for Operating System Drives Use Enhanced Boot Configuration Data Profile 2.16.840.1.101.3.4.1.2;2.16.840.1.
Manage Policies BCD Settings Configure TPM Platform Validation Profile Configure Specific TPM Platform Settings Configure BIOS TPM Platform Validation Profile Exclude specific Boot Configuration settings. To use this policy, Use Enhanced Boot Configuration Data Profile must be set to Enabled. Not Selected Selected Not Selected Set to Selected to enable boot up TPM drive unlocking for Windows 7 and Windows Server 2008 R2.
Security Management Server v10.2.7 AdminHelp PCR0,on PCR1,off PCR2,on PCR3,off PCR4,on PCR5,off PCR6,off PCR7,off PCR8,on PCR9,on PCR10,on PCR11,on PCR12,off PCR13,off PCR14,off PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off This policy setting allows you to configure how the computer's TPM security hardware secures the BitLocker encryption key.
Manage Policies Bitlocker Encryption - Removable Storage Settings Allow User to Apply BitLocker Protection on Removable Drives Allow User to Suspend and Decrypt BitLocker Protection on Removable Data Drives Configure Use of Smart Cards on Removable Data Drives Deny Write Access to Removable Drives Not Protected by BitLocker Allow Access to BitLocker Protected Removable Data Drives from Earlier Versions of Windows Do Not Install BitLocker to Go Reader on FAT formatted Removable Drives Configure Use of Pas
Security Management Server v10.2.7 AdminHelp must be set to Allow or Require.
Manage Policies to Store in AD DS for Removable Data Drives.
Security Management Server v10.2.7 AdminHelp Server Encryption This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based authentication instead of the typical user-based authentication. This technology allows for protection of devices such as Windows Servers that do not commonly have users logged in. Off On Off This policy enables or disables System Data Encryption (SDE) and Common encryption on the client server.
Manage Policies Port Control System policies. All PCS policies require a reboot before the policy takes effect. Port: Express Card Slot Enabled Enable, Disable, or Bypass ports exposed through the Express Card Slot. Port: USB Enabled Enable, Disable, or Bypass port access to external USB ports. Note: USB port-level blocking and HID class-level blocking is only honored if we can identify the computer chassis as a laptop/notebook form-factor.
Security Management Server v10.2.7 AdminHelp (WPD): Storage Full Access: Port does not have read/write data restrictions applied. Read Only: Allows read capability. Write data is disabled. Blocked: Port is blocked from read/write capability. Class: Human Interface Device (HID) Enabled Control access to all Human Interface Devices (keyboards, mice). Note: USB port-level blocking and HID class-level blocking is only honored if we can identify the computer chassis as a laptop/notebook form-factor.
Manage Policies when logged on to any encrypted device, regardless of the Dell Server the user activated against. The user cannot work with encrypted data using any unencrypted device. EMS Device Whitelist String - Maximum of 150 devices with a maximum of 500 characters per PNPDeviceID. Maximum of 2048 total characters allowed. "Space" and "Enter" characters count in the total characters used.
Security Management Server v10.2.7 AdminHelp USBSTOR\DISK&VEN_SEAGATE&PROD_USB&REV_0409\2HC01 5KJ&0 VEN=Vendor; Green highlighted text is for the vendor to be excluded PROD=Product/Model Name; Adding text highlighted blue also excludes all of Seagate’s USB drives REV=Firmware Revision; Adding text highlighted gray also excludes the specific model being used Serial number (in this example); Adding text highlighted yellow excludes just this device OR To find the PNPDeviceID for removable media on Windows 7 or
Manage Policies • Wipe Encryption Keys to delete the encryption keys on the media, making the encrypted data inaccessible until the owner takes the media to an encrypted computer for which he has a login. String EMS Access Code Authentication Failed. Please contact your system Required Message administrator. String - 5-512 characters - Authentication Failed: Please contact your system administrator.
Security Management Server v10.2.7 AdminHelp ;ppt .doc.xls .pptx.docx .xlsx ^R#: \iPod_Control ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Notes ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Photos ;ppt.doc .xls.pptx .docx.xlsx Replacing these five rules with the following rule will force encryption of ppt, pptx, doc, docx, xls, and xlsx files in any directory on the iPod, including Calendars, Contacts, iPod_Control, Notes, and Photos: ^R#:\;ppt.doc.xls .pptx.docx.
Manage Policies -^%ENV:SYSTEMROOT%\System32 applying patch updates. -^%ENV:SYSTEMROOT%\SysWow64 Contact ProSupport for guidance if you are unsure about changing the -^%ENV:SYSTEMROOT%\WinSxS values. -^%ENV:SYSTEMROOT%\Fonts ^3@%ENV:SYSTEMROOT%\SYSTEM32\;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace Encryption Enabled Select
Security Management Server v10.2.7 AdminHelp Dell strongly recommends not listing applications or installers that write system-critical files. Doing so could result in encryption of important system files, which could make a Windows computer unbootable. Common process names: outlook.exe winword.exe powerpnt.exe msaccess.exe wordpad.exe mspaint.exe excel.
Manage Policies Once encryption is complete, this policy determines what happens to the unencrypted residue of the original files: • No Overwrite deletes it. This value yields the fastest encryption processing. • Single-pass Overwrite overwrites it with random data. • Three-pass Overwrite overwrites it with a standard pattern of 1s and 0s, then with its complement, and then with random data.
Security Management Server v10.2.7 AdminHelp is 8000). If necessary, change that port via the registry key HKLM\SOFTWARE\Microsoft\WindowsNT\Current Version\Winlogon\CMGShield\GKPort. Inherited values for this policy accumulate. For the client to connect to a Policy Proxy specified in this policy, it must be in the same group as the Policy Proxy specified during client installation. Because the client supports up to 255 users per computer, this policy is available only at the Enterprise level.
Manage Policies FONTS TEMPLATES COMMON_STARTMENU COMMON_PROGRAMS COMMON_STARTUP COMMON_DESKTOPDIRECTORY APPDATA PRINTHOOD LOCAL_APPDATA ALTSTARTUP COMMON_ALTSTARTUP COMMON_FAVORITES INTERNET_CACHE COOKIES HISTORY COMMON_APPDATA WINDOWS SYSTEM PROGRAM_FILES PROGRAMFILES MYPICTURES PROFILE SYSTEMX86 PROGRAM_FILESX86 PROGRAMFILESX86 PROGRAM_FILES_COMMON PROGRAM_FILES_COMMONX86 COMMON_TEMPLATES COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES 184
Security Management Server v10.2.7 AdminHelp COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the current user. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Manage Policies The Encryption client has several directories that are, by default, protected from encryption. The level of protection varies from folder to folder. If a folder is protected, then the only way to encrypt data within that directory is to use the override modifier described in Modifiers – What they are and what they do. There are four levels (categories) of protection that directories and files can have: 0, 1, 2, and 3. Category 3 is the most protected level.
Security Management Server v10.2.7 AdminHelp Encrypting/Not Encrypting Directories To include or exclude directories using encryption rules, use the following within your rules: • After specifying your directory location, you do not need to list a trailing backslash (\). • If you list a directory for inclusion, every file contained within that directory is encrypted. • The Override command (^) can be used with folders only when specifying an exclusion policy.
Manage Policies files with the extension doc, docx, xls, xlsx, ppt, and pptx in the protected directories and in the folder “MyApplicationFolder”. Example 2 of competing directives: C:\ -C:\MyApplicationFolder ^C:\;doc.xls.ppt.docx.xlsx.pptx -^C:\MyApplicationFolder;doc.xls.ppt.docx.xlsx.
Security Management Server v10.2.
Manage Policies %ENV:SYSTEMDRIVE%\CustomApplication What this does: This lists the folder \CustomApplication\ for encryption on the default drive where Windows is installed. -%ENV:USERPROFILE%\Desktop What this does: This lists the user who is logged in to have their desktop obtain a category 0 protection. Application Data Encryption (ADE) ADE encrypts any file written by a protected application, using a category 2 override.
Security Management Server v10.2.7 AdminHelp encryption by SDE. This allows the SDE key to be used to encrypt data that would not otherwise be possible with the Common or User keys due to time-based availability of the keys. Due to the difference in how the SDE key can be used, there are several caveats to be aware of when considering use of this feature. • The built-in exclusions covered in protected directories do not apply to SDE.
Manage Policies The Removable Drive rule can only be used within an Encryption External Media Encryption Rules policy. Remove System Data Encryption (SDE) To completely decrypt SDE encrypted files, apply the following policies: SDE Encryption Enabled = Not Selected Encrypt Windows Paging File = Not Selected Secure Windows Credentials = Not Selected Authentication Authentication Authentication policies allow you to configure user experience and Windows authentication.
Security Management Server v10.2.7 AdminHelp Administrators Logon Authentication Policy for Users Windows Password None Fingerprints Contactless Card Windows Password and None The possible VALUES are: Windows Password None Fingerprints Contactless Card One-Time Password See advanced settings Microsoft Passport This technology allows the use of Microsoft Passport, specifically authentication attempts and PIN usage.
Manage Policies Support Information Text PBA Title Text Sync Users at PBA Activation Legal Notice Text Self Help Questions (Pre-8.0 clients) String Please contact your system administrator. 0-17 characters Not Selected String 0-512 characters Text to display on the PBA support information screen. Customize the message to include specific instructions about how to contact the help desk or Security administrator.
Security Management Server v10.2.7 AdminHelp Initial Access Code String 1-100 characters Encryption Administrator Password String String 1-100 characters This policy is used to log on to a computer when network access to Dell Server and Active Directory (AD) are both unavailable. The Initial Access Code policy should only be used if absolutely necessary, it is not the recommended method to log in.
Manage Policies Length of Forced Shutdown/Restart Notice Allow PBA to Remember User Name Crypto Erase Password Enable Client Check for PBA Commands 60 seconds Selected String 0-100 characters Not Selected 60-1800 seconds When user has reached the maximum number of authorized shutdown/restart snoozes/delays, this policy sets the number of seconds allowed before forcing a shutdown/restart. TPM requires a reboot. SED requires a shutdown.
Security Management Server v10.2.7 AdminHelp In-session Authentication Policy for Users Recovery Questions for Windows Authentication Allow Recovery Questions 197 Windows Password and None The possible VALUES are: Windows Password None Fingerprints Contactless Card One-Time Password At least 3 selectable questions Specify the questions to present to Windows users during recovery questions setup. Separate each question by a carriage return.
Manage Policies Log Events Level False Accept Rate of Fingerprint Audit Errors Audit Details Level of detail in Windows Event logs. Determines whether events such as fingerprint registration and authentication attempts are logged in the Windows Event log. Each higher level includes all previous levels. Events are logged on the computer where they occur. Normally, the auditing level provides sufficient detail, covering all logon, authentication, fingerprint management, and user management events.
Security Management Server v10.2.7 AdminHelp Reminder to Enroll Credentials (Admin) In one day Reminder to Enroll Credentials Expiration Date (Admin) Now Reminder to Enroll Credentials (User) In one day Reminder to Enroll Credentials Expiration Date (User) Action Upon Smart Card Removal Now Lock Workstation Values for reminders: Disable Reminder At Next Logon In One Day In One Week Every Two Hours The date (time is always 12 am) when authentication policy is going into full effect.
Manage Policies File Actions Unsafe Executable Auto Quarantine with Executable Control Enabled Abnormal Executable Auto Quarantine with Executable Control Enabled Selected Selected Not Selected If selected, Unsafe executable files are automatically quarantined or blocked to prevent their execution.
Security Management Server v10.2.7 AdminHelp Block and Report Prevents users from modifying or deleting Threat Protection system files and folders and sets the action to take upon attempt. Block Only: Blocks activity but does not report to the server. Report Only: Reports activity to the server but does not block activity. Block and Report (default): Blocks and reports activity to the server.
Manage Policies A Selected value scans all files (including .zip files) before downloading. This option prevents users from accessing a downloaded file until Threat Protection marks the file as clean. Downloaded files are sent to Threat Protection for scanning. Threat Protection performs a Reputation Service lookup on the file. If a downloaded file is detected as a threat, Threat Protection takes action on the file and alerts the user.
Security Management Server v10.2.7 AdminHelp Medium 1) Execution Control blocked a process from starting because it was detected as a threat. 2) A threat is detected that has an associated mitigation (for example, the threat was manually quarantined), so the process has been terminated. 3) A process was blocked or terminated due to a memory violation. 4) A memory violation was detected and no automatic mitigation policy is in effect for that violation type.
Manage Policies Advanced Threat Prevention On Off Toggle ON to enable Advanced Threat Prevention. If this policy is toggled to OFF, Advanced Threat Prevention is disabled, and policies are set to defaults for activated devices. This results in Execution Control blocking threats, but Auto Quarantine, Memory Protection, and Script Control will be disabled.
Security Management Server v10.2.7 AdminHelp String \Windows\System32\CmgShieldService.exe \Windows\System32\EMSService.exe \Program Files\Dell\Dell Data Protection\Threat Protection\DellAVAgent.exe \Program Files\McAfee\Agent\cmdagent.exe \Program Files\McAfee\Agent\FrmInst.exe \Program Files\McAfee\Agent\macmnsvc.exe \Program Files\McAfee\Agent\macompatsvc.exe \Program Files\McAfee\Agent\maconfig.exe \Program Files\McAfee\Agent\masvc.exe \Program Files\McAfee\Agent\x86\FrmInst.exe \Program Files\McAfee\A
Manage Policies Platform\VSCore_ENS_10.1\Release\mfehidin.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfemms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfevtps.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mmsinfo.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\vtpinfo.exe \Program Files\McAfee\Endpoint Security
Security Management Server v10.2.7 AdminHelp \Program Files\McAfee\Mue.exe \Program Files\McAfee\policyupgrade.exe \Program Files\McAfee\UpdaterUI.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MaComServer.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\MFEConsole.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\RepairCach
Manage Policies \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfemms.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mfevtps.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\mmsinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\x64\vtpinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Web Control\McChHost.exe \Progr
Security Management Server v10.2.7 AdminHelp Exploitation: Stack Protect Exploitation: Overwrite Code Exploitation: Scanner Memory Search 209 Alert Ignore Alert Block Terminate Specify the action to take when a stack protect threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Manage Policies Exploitation: Malicious Payload Process Injection: Remote Allocation of Memory Process Injection: Remote Mapping of Memory Alert Ignore Alert Block Terminate Specify the action to take when a malicious payload is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server v10.2.7 AdminHelp Process Injection: Remote Write to Memory Process Injection: Remote Write PE to Memory Process Injection: Remote Overwrite Code 211 Alert Ignore Alert Block Terminate Specify the action to take when a remote attempt to write to memory threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server.
Manage Policies Process Injection: Remote Unmap of Memory Process Injection: Remote Thread Creation Process Injection: Remote APC Scheduled Alert Ignore Alert Block Terminate Specify the action to take when a remote memory unmapping threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Security Management Server v10.2.7 AdminHelp Process Injection: Remote DYLD Injection (Mac OS X only) Escalation: LSASS Read Escalation: Zero Allocate Alert Ignore Alert Block Terminate Specify the action to take when a remote DYLD injection threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Block - Block the process call if an application attempts to call a memory violation process.
Manage Policies Kill Unsafe Running Processes and SubProcesses Background Threat Detection Watch for New Files Set Maximum Archive File Size to Scan Not Selected Selected Not Selected If selected, processes and sub-processes are quarantined and terminated regardless of their state when a threat is detected (exe or dll). Although a process or sub-process is terminated, the command prompt window remains open.
Security Management Server v10.2.7 AdminHelp Application Control Application Control Allowed Folders Enable Change Window Not Selected Selected Not Selected If Selected, specified devices are locked down, restricting any changes. Only applications that exist on a device before the lock-down are allowed to execute on that device. Any new applications, as well as changes to the executables of existing applications, are denied. The Advanced Threat Prevention agent updater is also disabled.
Manage Policies Macros PowerShell PowerShell Console Enable Approve Scripts in Folders (and Subfolders) Approve Scripts in Folders (and Subfolders) Quarantine Waive Global Allow Alert Alert Block Alert monitors Office macros running in the environment. Recommended for initial deployment. Block allows Office macros to run only from specific folders. This should be used only after testing in Alert mode. Note: Starting with Office 2013, macros are disabled by default.
Security Management Server v10.2.7 AdminHelp provided by support if it is required. The value of this policy must include the entire contents of the policy.xml file. Copy and paste the contents of policy.xml into the policy editor as shown in this example. Global Quarantine List Global Safe List String String The value of this policy includes a collection of hashes for portable executable that need to be automatically quarantined within the enterprise.
Manage Policies Enable Auto-upload of Log Files Enable Standard UI Not Selected Not Selected Selected Not Selected If selected, log files are automatically uploaded at 12:00 am or when their size reaches 100 MB. If this policy is Not Selected, logs can still be manually uploaded. Selected Not Selected If Selected, the User Interface that will show individual details for threat events that have occurred on the local client is enabled.
Security Management Server v10.2.7 AdminHelp Schedule Selected Schedule Repeats Daily Schedule Start Time String Day of the Week Day of the Month Debug Logging for Malware and Exploit Protection Exploit Protection On-Access Protection Max Seconds for Scan Wednesday 1 Not Selected Selected Not Selected This policy is the "master policy" for all other Client Scheduling policies. If this policy is Not Selected, no Client Scheduling takes place, regardless of other policy values.
Manage Policies Selected Not Selected Rescans all processes that are currently in memory each time: - On-Access Scan is disabled and re-enabled. - The computer starts. When the on-access scanner is enabled, it always scans all processes when they are executed. Because some programs or executables start automatically when the computer starts, enabling this option can slow the computer and increase computer startup time.
Security Management Server v10.2.7 AdminHelp On-Demand Protection - Full Scan Selected Selected Not Selected This policy is the "master policy" for all other On-Demand Protection: Full Scan policies. If this policy is Not Selected, no On-Demand Protection: Full Scan policies are enforced, regardless of other policy values. A Selected value means that On-Demand Protection: Full Scan is enabled. This policy must be set to Selected to enable On-Demand Protection: Full Scan settings.
Manage Policies Reputation Service Sensitivity Exclusions Medium String Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Security Management Server v10.2.7 AdminHelp Threat First Response Threat First Response Fails Exploit First Response Exploit First Response Fails Use Scan Cache System Utilization Scan on Battery Power 223 Clean file Delete file Clean file Delete file Continue scanning Specifies the first action for the scanner to take when a threat is detected. Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats.
Manage Policies Schedule Repeats Daily Schedule Start Time String Day of the Week Day of the Month Wednesday 1 Daily Weekly Monthly The schedule configuration defines when the task should run. Schedule types are Daily, Weekly, and Monthly. Daily: Runs the task every day at the specified Full-Scan Schedule Start Time. Weekly: Runs the task weekly on the days specified in Full-Scan Schedule Day of the Week. Monthly: Runs the task monthly on the specified Full-Scan Schedule Day of the Month.
Security Management Server v10.2.7 AdminHelp Files Migrated to Storage Program Threats Macro Threats Scan Subfolders Reputation Service Sensitivity 225 Not Selected Selected Selected Selected Medium Selected Not Selected Scans files that remote storage manages. When the scanner encounters a file with migrated content, it restores the file to the local computer before scanning. Selected Not Selected Detects executable files that have code that resembles malware.
Manage Policies String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning. Comma separated list of parameters: ,, Possible values: ,, Exclusions String Examples: FileOrFolder,C:\Users,false FileType,xml,false FileType,mp?,false ModifiedAge,120,true AccessedAge,150,false Cre
Security Management Server v10.2.7 AdminHelp Use Scan Cache Selected Selected Not Selected A Selected value enables the scanner to use the existing clean scan results. A Selected value reduces duplicate scanning and improves performance. Below Normal Low Priority Below Normal Normal Enables the operating system to specify the amount of CPU time that the scanner receives during the scan. Each task runs independently, unaware of the limits for other tasks.
Manage Policies within your network allows client computers to obtain signature updates without accessing the Internet. See basic settings Policy Default Setting Description Web Protection This technology protects computers by leveraging a web-based content ranking system to determine if a site that a user is browsing is considered safe or not. This technology also grants the administrator the ability to define what happens when an unsafe site is navigated to (allow, block, warn).
Security Management Server v10.2.
Manage Policies Rating Action for Unrated Sites Rating Action for Red Downloads Rating Action for Yellow Downloads Rating Action for Unrated Downloads Allow Block Allow Warn Specifies the action to apply to sites that are Unrated. Block: Prevents users from accessing the site and displays a message that the site is blocked. Allow: Permits users to access the site. Allow is the default for Unrated sites. Warn: Displays a warning to notify users of potential dangers associated with the site.
Security Management Server v10.2.7 AdminHelp with * are selected and blocked by default when this policy is selected.
Manage Policies Gruesome Content Visual Search Engine Technical/Business Forums Gambling Related Messaging Game/Cartoon Violence Phishing* Personal Network Storage Spam URLs Interactive Web Fashion/Beauty Software/Hardware Potential Illegal Software Content Server Internet Services Media Sharing Incidental Nudity Marketing/Merchandising Parked Domain Pharmacy Restaurants Real Estate Recreation/Hobbies Blogs/Wiki Digital Postcards Historical Revisionism Technical Information Dating/Personals Motor Vehicles P
Security Management Server v10.2.7 AdminHelp See Client Firewall Settings and Rules. Settings and Rules See basic settings Client Firewall Settings and Rules In the Client Firewall policy, Settings and Rules, click View/Edit. In the Settings window, you can set Client Firewall Options and Client Firewall Rules. Return to Client Firewall Policies Client Firewall Options Setting UI Control Description Protection Options Check box Allows all traffic that uses unsupported protocols.
Manage Policies Setting UI Control Description Network Reputation Incoming network - reputation threshold Outgoing network - reputation threshold Setting Drop-down menu High Risk Unverified Do not block Medium Risk Specifies the rating threshold for blocking incoming or outgoing traffic from a network connection. High Risk - This source/destination sends or hosts potentially malicious content/traffic that is considered risky.
Security Management Server v10.2.7 AdminHelp Number of seconds (1-300) before UDP and ICMP echo virtual connections time out Setting Up/down number selector Specifies the time, in seconds, that a UDP or ICMP Echo virtual connection remains active if no more packets matching the connection are sent or received. This option resets to its configured value every time a packet that matches the virtual connection is sent or received. The default number is 60; the valid range is 1–300.
Manage Policies Check box Status Radio button/Check box Actions Drop-down menu Direction Text input field Notes Setting UI Control Select Enable rule to make the rule active. Allow Block Treat match as intrusion Log matching traffic Allow - Allows traffic through the firewall if the item is matched. Block - Stops traffic from passing through the firewall if the item is matched.
Security Management Server v10.2.7 AdminHelp domain name IP address - Specifies the IP address to add to the network. Wildcards are valid. Transport Select the transport protocol from the menu. Transport protocol Drop-down menu Executables The name that you use for the executable to add or edit. Name String The file path to the executable. File path String Description of the executable.
Manage Policies The MD5 hash of the process. String Fingerprint Enable digital signature check Check box Enables or disables the digital signature check that guarantees code has not been altered or corrupted since it was signed with a cryptographic hash. If enabled, specify: Allow any signature — Allows files signed by any process signer. Signed by — Allows only files signed by the specified process signer.
Security Management Server v10.2.7 AdminHelp Process Injection: Remote DYLD Injection (Mac OS X only) Terminate Escalation: LSASS Read Terminate Escalation: Zero Allocate Terminate Watch for New Files Selected Advanced Threat Events tab fields and filters The Advanced Threat Events tab displays information about events for the entire enterprise based on information available in the Dell Server. The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available.
Manage Policies To view additional threat information in the table, click the drop-down arrow on a column header to select and add columns. Columns display metadata about the file, such as Classifications, Cylance Score (confidence level), AV Industry conviction (links to VirusTotal.com for comparison with other vendors), Date first found, Data last found, SHA256, MD5, File information (author, description, version), and Signature details.
Security Management Server v10.2.7 AdminHelp 3. Select Safe to add the selected items to the safelist, or select Remove from list to remove the selected files from the Global Quarantine list. Manually Add File to the Global Quarantine list 1. Click Edit Global List. 2. Click Add File. 3. Enter the file's SHA256 hash number (required). 4. Enter the file's MD5 number, if available. 5. Enter the file name, if available. 6. Enter the reason the file should be quarantined. 7. Click Submit.
Manage Policies Columns display the file name, interpreter (PowerShell or ActiveScript), last found, drive type (such as internal hard drive), SHA256, Number of devices on which the script is found, and Number of occurrences that were blocked or triggered alerts. To filter column data, click the filter icon on a column header and select values to include or exclude.
Security Management Server v10.2.7 AdminHelp Manage Enterprise Advanced Threats - Cylance Score and Threat Model Updates A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the file is malware. The higher the number, the greater the confidence. Threat Model Updates The predictive threat model used to protect devices receives periodic updates to improve detection rates.
Manage Policies Identify Classifications To identify classifications that could impact your organization, Dell recommends the following approach: 1. Apply a filter to the New Status column to display all Unsafe, Abnormal, and Quarantined files. 2. Apply a filter to the Production Status column to display all Safe files. 3. Apply a filter to the Classification column to only show Trusted - Local threats. Trusted - Local files have been analyzed by Cylance and found to be safe.
Security Management Server v10.2.7 AdminHelp Safelist the selected file from the Global Quarantine list to allow it to run on any device in the organization. 1. Select Global Quarantine (n). 2. Select a file. 3. Click Safe. Safe Safelisted files and certificates are permanently treated as safe across all devices. Any certificate that is safelisted is a known safe certificate for the Advanced Threat Prevention tenant.
Manage Policies 1. Select Safe (n). 2. Select Certificates (n). 3. Select the certificate to remove from the safe list. 4. Click Remove from List. Unassigned Unassigned files can be added to the global quarantine or safe list. Add an unassigned file to the global quarantine list Add the selected file to the Global Quarantine list to prevent it from being run on any device in the organization. Adding a file to Quarantine removes it from lists of Unsafe or Unassigned files. 1. Select Unassigned (n).
Security Management Server v10.2.7 AdminHelp 4. Enter the file's MD5 number, if available. 5. Enter the file name, if available. 6. Enter the reason the file should be safelisted. 7. Click Submit. Add the selected file to the Global Quarantine list to prevent it from being run on any device in the organization. Adding a file to Quarantine removes it from lists of Unsafe or Unassigned files. 1. Select Global Quarantine (n). 2. Select a threat. 3. Click Add File 4.
Manage Policies Events - Lists all events related to the Threat Events graph on the dashboard for the last 30 days. This information includes file hash, device name, file path, and the date the event occurred. Indicators - Lists each threat and the associated threat characteristics. Cleared - Lists all files that have been cleared in your organization. This information includes files that were waived, added to the safe list, or deleted from the quarantine folder on a device.
Security Management Server v10.2.7 AdminHelp 4. Right-click Desktop, click Permissions, then take ownership and grant yourself Full Control. 5. Right-click Desktop, then select New > Binary Value. 6. For the name, type CompatibilityMode. 7. Open the registry setting and change the value to 01. 8. Click OK, then close Registry Editor. 9. In the Management Console, enable the Memory Protection Enabled policy. If the Script Control policy was enabled, enable it. 10.
Manage Policies Default Acme uxSYabW9P2nMbGLzuqJhvT9Y Date(-62135596800000+0000)
Security Management Server v10.2.
Manage Policies DOTlqlI7SLKw1uffUEk2QGv54bUQANLhbAvLbLR1b6v352rw3ANgECdQbqXcvKE/jYKUzHSW3qqI PcPnrguYVoJuydKNiJVmoaqPLJ3LC6m7+PdGBuqEdVo+MK/PMJdTVb47zW1RSYX0t9SJ/4xWEByb UMsHXRZTux6nlca5qCxHDiHb50I677Bi+Y0YLddza7iA7z4mPTRmqEX6jEo5ZorZ4kcTIbNHj77p 4kzouYDg3s+o+9KvoxcI0iw8MAOtKrRVZTN24jjSUAETJ66rb3JdzcfJJeb7w4QVOUckL2kfyaS4 ASp80fzpOxJl3hSLw2bnR2n0WukMhj3kWvY+GeXDBfGzHfDGeLV0pF/+hQTPR/XWuOSsnH1wUeJE XS3al6lyhcRCS7XbVPt+85NYGuk2ntf6zmST/v6a3E2exxerUDAmHfCK/0VQKrqlYec1hkH1SbvC Q==
Security Management Server v10.2.
Manage Policies • Contents of the Temp folder. By default, the scanner scans all file types, regardless of extension. Access Protection – Prevents other computers from making a connection and creating or altering autorun (autorun.inf) files from CDs. The rule prevents spyware and adware distributed on CDs from being executed and automatically blocks and reports such issues. Default: Selected (Enabled).
Security Management Server v10.2.7 AdminHelp High - Use this setting for deployment to systems or areas which are regularly infected. This setting results in an average of 20-25 queries per day, per computer. Very High - Dell recommends using this level only for scanning volumes and directories that do not support executing programs or operating systems. Detections found with this level are presumed malicious, but have not been fully tested to determine if they are false positives.
Manage Policies Rating Action for Yellow Sites - Specifies the action to apply to sites that are rated Yellow. Default: Warn. Rating Action for Unrated Sites - Specifies the action to apply to sites that are Unrated. Default: Allow. Rating Action for Red Downloads - Specifies the action to apply to file downloads that are rated Red. Default: Block. Rating Action for Yellow Downloads - Specifies the action to apply to file downloads that are rated Yellow. Default: Warn.
Security Management Server v10.2.7 AdminHelp 8. In Order, set the sequence in which clients will contact the internal update server in relation to other update servers. Dell recommends that you set the Order for internal update servers to precede the Order for external update servers. 9. Select the type of repository or path to the update server: HTTP repository, FTP repository, UNC path, or Local path. 10. Enter the URL or path to the internal update server. 11.
Manage Policies Monitor data To detect potential security risks, monitor audit events and create reports to identify who uses the data and how it is used.
Security Management Server v10.2.7 AdminHelp This technology allows for files to be automatically encrypted prior to being uploaded to supported public clouds; this maintains ownership/control of all data encryption keys. The supported public cloud providers are Dropbox, Dropbox for Business, Box, OneDrive, OneDrive for Business, and Google Drive. Cloud Encryption (Mac; 2.3 and earlier for Windows) Off On Off Toggle On to enable Cloud Encryption policies.
Manage Policies Policy Default Setting Description Protected Office Documents This technology allows for Office documents (Excel, PowerPoint, and Word) to be encrypted at the file level. Encryption travels with the file wherever it goes, inside or outside the network. Off On Off Toggle On to provide users with a menu option for protecting Office documents (.docx, .xlsx, .pptx, .docm, .xlsm, .pptm, and .pdf). On also allows you to enable other Protected Office policies.
Security Management Server v10.2.7 AdminHelp Policy Default Setting Description Mobile Client This technology allows mobile phones and tablets access to encrypted content on supported public clouds, including Dropbox, Box, Google Drive, OneDrive, and OneDrive for Business. Data Guardian Off Off Cloud Protection Office Protected Documents Both Select one option or Both to use Data Guardian with mobile clients.
Manage Policies Policy Default Setting Description Web Portal The Web Portal is a web-based client for creating and editing documents protected by Data Guardian. Edit Permission Selected Selected Not Selected Selected allows users to edit files within the web client. Selected Not Selected Selected allows external users to edit files within the web client. External User Edit Permission Not Selected Main Title Image (Enterprise only) Choose File button Image or logo to display on the login page.
Security Management Server v10.2.7 AdminHelp Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font. Policy Default Setting Description Cloud Encryption This technology allows for files to be automatically encrypted prior to being uploaded to supported public clouds; this maintains ownership/control of all data encryption keys.
Manage Policies Excluded Files (Windows) Server Polling Interval (Windows and Mac) String String C3901A99-1A1B-55B4-AE11-891207B1D341.xen Files excluded from encryption, separated by desktop.ini carriage returns. thumbs.db creddb.cef ~$* .~* ~*.tmp .DDPCE.attr *.lnk 360 minutes String Use this policy if software updates for users is located at an alternate Server URL. Software Update Server URL (Windows) Obfuscate Filenames (Mac; v2.3 and earlier for Windows) Folder Management Enabled (Windows- v2.
Security Management Server v10.2.7 AdminHelp Protected Office Documents (Basic - Windows and Mac) Folder Exclusions for Basic File Protection (Windows and Mac) Off On Off Toggle On to provide users with a menu option for protecting Office documents (.docx, .xlsx, .pptx, .docm, .xlsm, .pptm, and .pdf). On also allows you to enable other Protected Office policies. If this policy is Off, no Office-protected formatting takes place, regardless of other policies.
Manage Policies Print Control (Mac; Windows- v2.7 and earlier) Allowed Allowed Watermark Disabled Controls the Print function of protected Office documents (.docx, .xlsx, .pptx, .docm, .xlsm, .pptm, and .pdf): • Allowed - Print option is enabled for protected Office documents. • Watermark - Print option is enabled for protected Office documents but a watermark with the user's name, domain name, and computer ID displays on each page. Unprotected documents print without the watermark.
Security Management Server v10.2.7 AdminHelp Protected Office Documents Cover Page Notice (Windows and Mac) Protected Office Documents Cover Page Corporate Logo (Windows and Mac) Protected Office Documents Cover Page Dell Server URL (Windows and Mac) Enable Callback Beacon Callback Beacon URL Hidden Audit Trail within Protected Office Document (Windows and Mac) 267 String Enterprise-defined text to be displayed on Officeprotected cover pages. Maximum number of characters is 4096.
Manage Policies On Screen Watermark (Windows - 2.7 and earlier) Encrypt based on Titus Classification (Windows and Opt-in mode) Titus Classification Encryption Mapping (Windows and Opt-in mode) Allow File Exclusions Email Encryption via Outlook Not Selected Selected Not Selected Selected displays a watermark on the client computer screen when any protected Office file is open.
Security Management Server v10.2.7 AdminHelp • Callback Beacon URL Hidden Audit Trail within Protected Office Document On Screen Watermark Server Polling Interval String Selected The Callback Beacon URL policy is set. Specifies the URL to be used when the callback beacon is inserted into Office-protected files. The URL, for example http://server.domain.com:8446, must be externally available, hosted on an HTTP server that is installed as part of Front End Server/Proxy Mode installation.
Manage Policies Protected Office Documents Cover Page Notice Protected Office Documents Cover Page Corporate Logo Protected Office Documents Cover Page Dell Server URL Protected Office Document Tamper Prompt String Enterprise-defined text to be displayed on Officeprotected cover pages. See Set Cover Page Policies. Browse button and Save Logo File button Image to be displayed on the document cover page. See Set Cover Page Policies. The logo image must be a .
Security Management Server v10.2.7 AdminHelp Guide. Callback Beacon URL Hidden Audit Trail within Protected Office Document On Screen Watermark Basic File Protection Basic File Protection Configuration • An administrator must have enrolled to receive Product Notifications. • The Callback Beacon URL policy is set. String Specifies the URL to be used when the callback beacon is inserted into Office-protected files. The URL, for example http://server.domain.
Manage Policies • • Protected Office Documents policies have been enabled, but the user has not yet installed or activated Data Guardian. • User opens a protected Office document or .pdf from the cloud. • User downloads a protected Office document or .pdf to a device that does not have Data Guardian installed. Unauthorized users - The cover page displays, and the person cannot access the content.
Security Management Server v10.2.7 AdminHelp • .txt .vsdx PowerPoint These applications are partially supported: • Add these applications if required by another application: • • • .bmp See .bmp_file. This file extension is partially supported: .odt Currently, when opened with Wordpad, a protected .odt file may not save new content. Add applicable extensions from above. Here are examples: RuntimeBroker.exe:png.rtf.txt.bmp CodeWriter.exe:rtf.txt Microsoft.Photos.
Manage Policies To configure additional file types to be encrypted: 1. In the left pane, click Populations > Enterprise, enable the Protected Office Documents policy. 2. In the Data Guardian > Windows technology group, enable the Basic File Protection policy. Note: This policy applies to the Enterprise population only. Also, if you enable Allow File Exclusions, users must remove files from the Unprotected Documents folder for these file types to be swept and encrypted. 3.
Security Management Server v10.2.7 AdminHelp Note: Do not add Office file extensions to this policy configuration. • NoNetwork – if users io to a network and files hang when users close them, add this to the application to prevent network save. 8. Before deploying Basic File Protection to the enterprise, be sure to test applications and file extensions in a test environment to ensure that the intended file types remain encrypted.
Manage Policies Enter the string in this format: • Variable with a $VALUE format, for example, $HOME/Documents or $HOME/Hidden Note: For Force-protected mode, a sweep occurs in the /Users folder. Inform users of the impact or usability If you define a unique folder name in the Folder Exclusions for Basic File Protection policy so that users can store files of a specific type that should not be encrypted, the policy does not create that folder on the client computers.
Security Management Server v10.2.7 AdminHelp • Windows Photo Viewer (Windows 8.1) This UWP application, is not supported and will not open a .bmp file: • RuntimeBroker.exe:bmp PhotosApp.exe (Windows 8.1) To add a Universal Windows Platform (UWP) application 1. In the Basic File Protection Configuration policy, enter the UWP application name. 2. Also enter the following process names: • RuntimeBroker.exe • sihost.
Manage Policies If the Protected Office Documents policy is Off, no Office-protected formatting takes place, regardless of other policies. Policy Windows and Mac Enterprise > Data Guardian > Protected Office Documents: Protected Office Documents > On Version availability Description for Opt-in mode Windows and Mac - options for encrypting a file: • • Applies to the Enterprise population. Windows Mac A Secure Documents folder is added to the root of each client's Documents folder.
Security Management Server v10.2.7 AdminHelp Content Based Protection policies for Windows in Opt-in mode: Data Guardian > Content Based Protection: • Content Based Protection (previously Data Classification) • Content Based Protection Rules Enforce encryption on sensitive data based on content and a set of rules. Windows Content-based rules can be set at the Enterprise, Endpoint Groups, or Endpoints populations. See Configure Content Based Protection for Data Guardian's Opt-in mode.
Manage Policies For Office-protected documents, Data Guardian adds a Protected Save As option to the File menu list. This table also lists the behavior of other File menu options. File menu option for Office documents Policy for Opt-in mode: Protected Office Documents Protected Office documents Unprotected Office documents Open Files open as usual. Files open as usual.
Security Management Server v10.2.7 AdminHelp Data Guardian's Force-Protected mode provides a higher level of security than Opt-in mode. When you enable encryption for these files in Windows or Mac, you can also set policies for users to view the encrypted files in mobile devices or the web portal. See Set Policies to Protect Office Documents in Mobile Devices or Set Policies to Protect Documents on the web client.
Manage Policies If your enterprise enables encryption for protected Office documents and PDFs, you can select these additional policies. Policy Version availability Description for Force Protected Enterprise > Data Guardian > Protected Office Documents > advanced: Allow File Exclusions > check box selected Windows and Mac Windows For internal users, an Unprotected Documents folder is added to the root of each Mac computer's Documents folder.
Security Management Server v10.2.7 AdminHelp • • Excluded folder if you enable that policy. Unprotected Documents folder at the root of each computer's Documents folder if you enable that policy. Save User clicks Save: the file is protected. If the file is in read-only mode, the Save As window opens. The only option in the Save as type field is Protected (Documents, Presentation, or Workbook). User opens and saves a .xen file - the only option in the Save as type field is Protected. The .
Manage Policies Protected Office documents Unprotected Office documents Print Enabled for user For Office-protected documents, the Print_Control policy determines how this function behaves. Enabled for user Export (Office 2013 and higher) Office 2013/2016 and Export Control policy: Enabled for user • • Allowed: Enabled for user • Disabled: Disabled for user Watermark: Export is disabled. See Protected Export.
Security Management Server v10.2.7 AdminHelp For Data Guardian v2.7 and earlier, you can use these policies and features. Windows: Additional Office menu options for Data Guardian v2.7 and earlier For Data Guardian v2.7 and earlier, this table provides an overview of additional Protected Office policy settings and what displays in the Office File menu. These do not apply to Data Guardian v2.8 and higher. With Force Protected enabled, the user is forced to save any Office document as Protected.
Manage Policies Set Policies to Protect Documents in Mobile Devices For enhanced security on Office documents (.docx, .pptx, .xlsx, .docm, .pptm, .xlsm, or .pdf), you can implement Data Guardian's Protected Office mode. Protected Office documents are uploaded to the cloud, not as .xen files, but with their file extensions (for example, .docx or .pdf). However, the Office documents are encrypted. Basic File Protection policies allow you to configure additional file extensions to be encrypted.
Security Management Server v10.2.7 AdminHelp 4. In the Web_Portal policy group or Global Settings, set additional policies at the Enterprise, Domains, User Groups, or Users levels. Some polices are set at the Enterprise (node level) only. For domains, user groups, or users, click an option to access the Detail page’s Security Policies tab.
Manage Policies o Internal Use - priority 2 o Public - priority 1, the lowest. The lowest priority displays (default) after the rule name, and no rules or actions apply. Important: Optionally, you can delete the rules in the Categories list, but the policy requires a minimum number. See Delete. • Actions: • Encrypt - If you select the Encrypt check box for a non-default rule in the Categories list, the system encrypts the files.
Security Management Server v10.2.7 AdminHelp Return to top Actions To modify: 1. See Configuration_overview. 2. Click the icon to expand a non-default rule name. 3. Select the Encrypt check box if you want the audit report to display files that have met the criteria for encryption. 4. Below the Content Based Protection Rules policy, click Save. Return to top Rules To modify: 1. See Configuration_overview. 2. Click the icon to expand a non-default rule name in the Categories list. 3.
Manage Policies Predefined Elements: • • Credit Card • • • • • • IP Address Do not modify these elements, except for US Name. For US Name, use these fields: First Names, Last Names, Common Words. Email (IPv4 and IPv6 IP addresses are You cannot delete these elements. recognized.) Social Security Number US Address US Date US Name US Phone Number Keywords elements In the Keywords field, type any key words that you want the system to recognize when encrypting files for that rule name.
Security Management Server v10.2.7 AdminHelp 2. In the Elements window, click the add icon (+) next to Elements. 3. In the Content Identifier field, enter a unique identifier. 4. Select a Content Type. Note: Select the KeywordContent for any Keywords elements; the FileTagMetadataContent for any Tag elements, and the CustomRegexContent for any Regex elements. 5. Click Add. 6. Below the Content Based Protection Rules policy, click Save. 7. Modify the Element when it displays in the Element window.
Manage Policies Confidential t_class_3 Restricted t_class_4 For more information, see the TITUS Administration Guide. Management Console Configure the policy on the Management Console: 1. From the TITUS server administrator, obtain the format for each TITUS classification level. 2.
Security Management Server v10.2.7 AdminHelp For Windows 2.4 and higher or Mac 2.9 and higher, Data Guardian's Cloud Encryption protection has been disabled to prevent compatibility issues with newer functions of cloud service providers. To view .xen files already protected with Cloud Encryption, use Data Guardian's Mobile app or web portal. Windows 2.3 and earlier or Mac 2.
Manage Policies Management Console is automatically incremented although an administrator has not modified policy values, at least one updated profile is available. The polling interval for cloud storage provider profile updates is daily at 12:30 a.m. Configure Access Groups Data Guardian's Access Groups (formerly Circle of Trust) enhance security by creating user groups that can collaborate on encrypted data. Users outside a group cannot access or view the data unless the owner of the file grants access.
Security Management Server v10.2.7 AdminHelp • Develop a plan for adding and removing users from a group if internal users join or leave the enterprise. • As a best practice, stagger deployment of Access Groups to user groups. Note: Access groups should be specific groups within the enterprise, not the entire enterprise.
Manage Policies If you have Data Guardian installed, develop a plan for implementing access groups and creating a smooth transition for users who have shared files. Determine a transitional time range for deployment Initially, enable Access Groups and Auto access for swept files for a transitional period. This should be a brief time but owners of a protected, shared file should plan for any impact to that file.
Security Management Server v10.2.7 AdminHelp If you have a transitional period, when it is complete, clear the Auto access for swept files check box. Be aware of the following for an enterprise that already had Data Guardian installed on Windows or Mac.
Manage Policies cannot revoke key access. cannot revoke key access. Internal users outside the access group and external users: Same as above. Internal users outside the access group a Same as above. Internal users outside the access group and external users: Same as above. Internal users outside the access group a Same as above.
Security Management Server v10.2.7 AdminHelp added to the removable media without authenticating can be caught. Files can be added to the media if authentication is declined, but encrypted data cannot be accessed. The files added are not encrypted in this case, so the next time the media is authenticated (to work with encrypted data), any files that may have been added are scanned and encrypted.
Manage Policies Media containing Time Machine backups are not supported. However, media recognized by computers as Time Machine backup destinations are automatically whitelisted, to allow backups to continue. All other removable media with Time Machine backups are handled based on EMS Access to unShielded Media and EMS Block Access to UnShieldable Media policies. Selected allows removable media to be scanned every time it is inserted.
Security Management Server v10.2.7 AdminHelp "security", "fail", "30" "security", "success", "30" "application", "error", "30" "application", "warn", "15" "application", "info", "5" "application", "debug", "5" Defines the amount of time (in days) that Encryption External Media, and PCS event types are maintained in the event log. Each event type is defined by category and level. You may set different retention times for each event level in each category.
Manage Policies EMS Exclude CD/DVD Encryption Not Selected False encrypts CD/DVD devices. EMS Allow Read-access to unShielded Media (5.4.x Only) Selected This policy applies to 5.4.x Windows Encryption clients only. More... If a user chooses not to encrypt media and this policy is set to True, they are able to read or delete existing files on the media that are not encrypted, but the client does not allow any files to be edited on or added to the media unless it is Dellencrypted.
Security Management Server v10.2.7 AdminHelp To whitelist a removable media device, provide a string value that matches portions of the device’s PNPDeviceID. Multiple device PNPDeviceIDs are allowed. For example, to whitelist all Kingston DataTraveler Vault Privacy models, input the string: To whitelist both models of Kingston DataTraveler, the Vault and Vault Privacy models, input the string: Space characters are considered part of the substring to match to a PNPDeviceID.
Manage Policies EMS Password Attempts Allowed 3 EMS Special Characters Required in Password Not Selected 1-10 Number of times the user can attempt to enter the correct password. Selected requires one or more special characters in the password. EMS Access and Device Code Length 16 8, 16, 32 Number of characters access and device codes have. 32 characters is the most secure, while 8 is the easiest to enter.
Security Management Server v10.2.7 AdminHelp -R#:\Notes -R#:\Photos You can also force encryption of specific file types in the directories above. Adding the following rules will ensure that ppt, pptx, doc, docx, xls, and xlsx files are encrypted in the directories excluded from encryption via the previous rules: ^R#:\Calendars ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Contacts ;ppt .doc.xls .pptx.docx .xlsx ^R#: \iPod_Control ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Notes ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Photos ;ppt.
Manage Policies EMS Data Encryption Key User Roaming Common, User, User Roaming Although Common is available, it is not implemented in this release. Choose a key to be used by the Encryption client to encrypt all data encrypted by the Encryption External Media. EMS Alpha Characters Required in Password Selected Selected requires one or more letters in the password. EMS Mixed Case Required in Password Selected Selected requires at least one uppercase and one lowercase letter in the password.
Security Management Server v10.2.7 AdminHelp See Encryption Rules for information. More... Storage devices which incorporate multi-interface connections, such as Firewire, USB, eSATA, etc. may require the use of both EMS and encryption rules to encrypt the endpoint. This is necessary due to differences in how the Windows operating system handles storage devices based on interface type. To ensure encrypting an iPod via EMS does not make the device unusable, use the following rules: -R#:\Calendars -R#:\Contac
Manage Policies to Encryption External Media, Roaming Automatic Authentication allows Dellencrypted media to be automatically authenticated when it is inserted in any Dellencrypted computer the media owner is logged into. When automatic authentication is disabled, users must always manually authenticate to access Dell-encrypted media. Disabling Roaming Authentication helps to prevent users from forgetting their password when they take the media home or share it with a colleague.
Security Management Server v10.2.7 AdminHelp ID, as follows: Capacity:2.06 GB (2,055,019,008 bytes) Removable Media:Yes Detachable Drive:Yes BSD Name:disk2 Product ID:0x5406 Vendor ID:0x0781 (SanDisk Corporation) Version: 0.10 Serial Number:0000188C36725BC8 Speed:Up to 480 Mb/sec Manufacturer:SanDisk Location ID:0x24100000 Current Available (mA):500 Current Required (mA):200 Partition Map Type:MBR (Master Boot Record) S.M.A.R.T. status:Not Supported 4.
Manage Policies Mac Encryption Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font. Policy Default Setting Description Dell Volume Encryption This technology allows the use of either Mac FileVault full disk encryption or Dell's proprietary Dell Volume Encryption. Dell Volume Encryption Encrypt Using FileVault for Mac Workstation Scan Priority On On Off Toggle ON to enable Dell Volume Encryption policies.
Security Management Server v10.2.7 AdminHelp This policy works in conjunction with the Policy Proxy Polling Interval policy. You cannot specify ports in this policy. The Encryption client communicates with Policy Proxies using the GKPORT specified during client installation (the default is 8000). Inherited values for this policy accumulate. For the Encryption client to connect to a Policy Proxy specified in this policy, it must be in the same group as the Policy Proxy specified during client installation.
Manage Policies If Force Restart on Policy Updates is set to Not Selected, this policy is ignored. Advanced Mac Encryption Policy descriptions also display in tooltips in the Management Console. In this table, master policies are in bold font. Policy Default Setting Description Dell Volume Encryption This technology allows the use of either Mac FileVault full disk encryption or Dell's proprietary Dell Volume Encryption.
Security Management Server v10.2.7 AdminHelp Delay Authentication No Auth User List FileVault 2 PBA User List Not Selected If Selected, users are not prompted to activate or authenticate to the Dell Server until required, such as to use media encrypted with Encryption External Media. Dictionary Users matching this dictionary are not required to activate or authenticate to the Dell Server.
Manage Policies See advanced settings Windows Device Control This technology allows for control of all the devices on a Windows computer (disable/enable), and can be customized by device type. Class: Windows Portable Device (WPD) Subclass Windows Portable Device (WPD): Storage Class: Human Interface Device (HID) Enabled PARENT to the next policy. Set this policy to Enabled to use the Subclass Windows Portable Device (WPD): Storage policy.
Security Management Server v10.2.7 AdminHelp UDF Only CHILD of Class: Storage. Class: Storage must be set to Enabled to use this policy. Full Access: Optical Drive port does not have read/write data restrictions applied UDF Only: Blocks all data writes that are not in the UDF format (CD/DVD burning, ISO burning). Read data is enabled. Read Only: Allows read capability.
Manage Policies Policy descriptions also display in tooltips in the Management Console. Policy Default Description Settings This technology allows control over general settings such as polling intervals, support dialogs, in-app feedback, auto updates, data auditing, and client retention periods. Device Lease Period 30 Defines the period of inactivity (in days) before any activated entity (a user, endpoint, or policy proxy) is automatically removed from management.
Security Management Server v10.2.7 AdminHelp See advanced settings Audit Control Policies Selected Selected Not Selected Selected enables Audit Control policies. If this policy is not selected, no Audit Control takes place, regardless of other policies. It also enables the collection of audit data from Data Guardian clients. Data Guardian Geo Location Audit Data Selected Selected Not Selected Selected includes geo tracking location data in audit data. For Windows, this policy is supported on v8.
Manage Policies Policy Default Description Settings This technology allows control over general settings such as polling intervals, support dialogs, in-app feedback, auto updates, data auditing, and client retention periods. DDP Auto Updates Update Check Period 10080 1-43200 minutes (30 days) The period in minutes between checks for updates.
