Description
WatchGuard Training Endpoint Security Essentials Study Guide Adaptive Defense 360, Patch Management, Full Encryption, Advanced Reporting Tool, and Data Control Revision Date: June 2021
2
WatchGuard Technologies, Inc.
About This Guide The Endpoint Security Essentials Study Guide is a guide to help you study for the Endpoint Security Essentials certification exam. Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Guide revised: 6/14/2021
Copyright, Trademark, and Patent Information Copyright © 2021 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright, trademark, and licensing information can be found in the Copyright and Licensing Guide, available online at http://www.watchguard.com/help/documentation/.
About WatchGuard WatchGuard® Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.
2
Address 505 Fifth Avenue South Suite 500 Seattle, WA 98104
Support www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.521.3575
Sales U.S. and Canada +1.800.734.9905 All Other Countries +1.206.613.0895
WatchGuard Technologies, Inc.
Contents How to Use This Study Guide
5
Introduction to Endpoint Security Technology
7
About Endpoint Security Adaptive Defense 360 Protection Model Panda Adaptive Defense 360
8 11 16
Overview
17
Get Started with Adaptive Defense 360
18
Device Management
21
Install Adaptive Defense 360
25
View Status
27
Settings Management
32
Troubleshooting Tools
47
Product Features by Platform
50
Patch Management
53
Patch Management Requirements
54
Patch Management Settings
55
Patch Management Status Dashboard
56
Full Encryption
59
Encryption Concepts
60
Supported Authentication Types
61
Supported Storage Devices
62
Full Encryption Requirements
63
Full Encryption Settings
64
Full Encryption Dashboard
66
Advanced Reporting Tool
67
Overview
68
Web Console
70
Search Data
72
Advanced Reporting Applications
75
Endpoint Security Essentials Study Guide
3
Configure Alerts Data Control
88
Data Control Overview
89
Data Control Architecture
92
Data Control Requirements
94
Data Control Settings
95
Data Control Dashboard
97
About the Endpoint Security Essentials Exam Sample Exam Questions Additional Resources
4
80
99 103 106
WatchGuard Technologies, Inc.
How to Use This Study Guide
How to Use This Study Guide This guide covers the Endpoint Security Essentials course and is a resource to help you study for the certification exam. Use this guide in conjunction with instructor-led training, online video training and demos, and the online documentation to prepare to take the exam. For a list of recommended documentation and video resources to help you prepare for the exam, see Additional Resources. For information about the exam content and format, see About the Endpoint Security Essentials Exam.
Document Conventions This document uses these formatting conventions to highlight specific types of information:
This is a key point. It highlights or summarizes the key information in a section.
This is a note. It highlights important or useful information.
This is a best practice. It describes the recommended configuration for a feature.
Endpoint Security Essentials Study Guide
5
How to Use This Study Guide
USE CASE: This is a use case. It describes how you could configure the product or feature in a real-world scenario.
This is a caution. Read carefully. There is a risk that you could lose data, compromise system integrity, or impact device performance if you do not follow instructions or recommendations.
6
WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
Introduction to Endpoint Security Technology In this section, you learn about the basics of endpoint security, traditional protection models, and the advantages of the Adaptive Defense 360 advanced protection model. This includes: n
About Endpoint Security
n
Adaptive Defense 360 Protection Model
For a list of additional resources on these topics, see Additional Resources.
Endpoint Security Essentials Study Guide
7
Introduction to Endpoint Security Technology
About Endpoint Security An endpoint is any device connected to the network, such as a desktop, laptop, mobile device, or server. Hackers focus on endpoints because they store the most sensitive data and have a high potential of vulnerabilities to exploit. These exploits enable malicious users to find a weakness and get access to the endpoint, then move laterally to attack other systems in your network.
n
The primary focus of hackers is the endpoint because of the high potential of vulnerabilities to exploit to get access to the network and attack other endpoints and resources.
n
The traditional approach to endpoint protection does not detect and respond effectively to new security threats.
n
Advanced endpoint protection uses a combination of traditional methods and powerful cloud-based analysis and file classification to actively identify and prevent new threats.
Endpoint Security Threats Endpoint security threats continue to evolve and proliferate. These threats include:
8
n
Zero-day attacks — New threats that have never been seen before. Traditional protection systems cannot detect or defend against zero-day threats because they have an isolated view of only known malware activity and have limited local resources. Traditional models do not have signatures or evidence of behavior to detect zero-day threats.
n
Fileless malware — Malicious software that runs in memory instead of as a physical file on the endpoint's hard drive.
n
Living-Off-The-Land (LOTL) attacks — Attacks where a malicious user gains access to an endpoint and uses legitimate installed software, such as Microsoft Word, Java, Adobe Acrobat Reader, or PowerShell, to perform further attacks.
n
Exploits — Common productivity tools, software applications, browsers, and OS components that malicious users can exploit. For example, hackers often attack Microsoft IIS web server because of its ability to create multiple web server processes. Microsoft Office macros can enable malicious users to perform screen and key logging on unsuspecting users.
n
Ransomware — Malicious software that encrypts and locks the contents of a computer and demands a ransom for the encryption key to unlock the data. Ransomware is a persistent and pervasive threat that can spread quickly to the entire network. Ransomware enters a network most frequently through email and unpatched vulnerabilities on clients and servers, and is often targeted at a specific company, department, or user.
WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
About Endpoint Protection, Detection and Response There are two main types of endpoint protection: Endpoint Protection Platform (EPP) EPP is a solution deployed on endpoint devices (typically agent software) to prevent malware attacks and detect malicious activity. It is based primarily on signature file detection techniques. Endpoint Detection and Response (EDR) EDR combines traditional preventive methods with innovative advanced technologies for the prevention, detection, and automatic response to advanced threats, as well as investigation capabilities. The best EDR systems enable you to not only classify executables, but also their behavior. Continuous realtime monitoring enables the analysis and categorization of all executables, and the ability to take immediate action in response to new threats. Endpoint detection and response provides the contextual information to recognize and classify a vast array of potentially anomalous activities on endpoints. It also provides remedial actions or triggers alerts for the administrator.
Traditional Endpoint Security Methods The traditional approach to protect endpoints from security threats uses: n
Signature files that only match known existing viruses and malware
n
Security features that might require manual configuration
n
Alerts sent only about events known to be malware
n
Minimal monitoring of any process activity after the malware infects the endpoint
Traditional methods for endpoint protection include: n
Personal firewalls or managed network firewalls
n
Permanent anti-malware software, on-demand and scheduled scans on endpoints
n
Managed allowlists and blocklists based on hardware address
n
Collective intelligence and pre-execution heuristics
n
Web access and content controls
n
Anti-spam, anti-phishing, anti-tampering, and email content filters
The main issue with traditional security methods is that over 300,000 new viruses and malware are created every day. The huge growth in the amount of malware in circulation is in itself a massive brute-force attack on security vendors. Cybercriminals look to increase the window of opportunity for newly developed threats by saturating the resources employed by security companies to scan malware. This increases the time between the appearance of a new virus and the release of the appropriate antidote by security companies. Every security strategy must be based on minimizing malware dwell time. The longer malware exists on the network, the more time it has to complete its objective, such as industrial espionage and data theft.
Endpoint Security Essentials Study Guide
9
Introduction to Endpoint Security Technology A majority of this malicious code is designed to run in the background on a user's computer for a long period of time, which can conceal the presence of malware on compromised systems. This behavior renders the traditional approach to endpoint protection gradually ineffective because it cannot detect and respond effectively to new security threats.
Advanced Protection For the best effectiveness against current and emerging endpoint security threats, you must deploy a combination of local signature-based technologies, context-based behavioral analysis with the power of cloud-based processing, and effective remediation to stop the threats. Advanced protection provides these benefits:
10
n
Based on behavioral intelligence from machine learning and cloud analytics
n
Provides comprehensive endpoint activity analysis and visibility
n
Protects against all known and unknown threat types, such as malware, fileless attacks, and other malicious behavior
n
Managed service that continuously monitors and categorizes all running applications and processes
n
Performs prevention, detection, and remediation services
n
Provides detailed forensic information, security audits, and real-time alerts
WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
Adaptive Defense 360 Protection Model n
Adaptive Defense 360 uses a multi-layer model that combines traditional signature and heuristic scans with advanced cloud-based analysis, process monitoring and classification, and threat remediation.
n
100% Attestation Service (also known as the Zero-Trust application service) makes sure that no applications or processes are trusted until they are analyzed and correctly classified.
The Panda Adaptive Defense 360 protection model comprises multiple layers of endpoint security technology, including a unique 100% Attestation Service (Zero-Trust application service), all delivered by powerful cloud-based analytics servers and a single lightweight software agent that runs on the endpoint. Adaptive Defense 360 can defend against and perform active remediation of attacks, and allow only software classified as trusted to run on your network endpoints. Adaptive Defense 360 provides both an Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) to: n
Detect compromised systems, early-stage attacks, and suspicious activities.
n
Detect malwareless and fileless attacks.
n
Provide optimized technology to detect known attacks.
n
Provide protection if a previous layer is breached and stop lateral movement attacks inside your network.
Endpoint Security Essentials Study Guide
11
Introduction to Endpoint Security Technology
Adaptive Defense 360 Core Pillars The Adaptive Defense 360 protection model is based on these core pillars: n
Visibility — Data visibility enables you to see what happens on each endpoint and to detect changes, trends, and anomalies that reflect emerging security threats.
n
Detection — Adaptive Defense 360 monitors running processes and performs real-time blocking of zero-day attacks, targeted attacks, and other advanced threats designed to bypass traditional antivirus and anti-malware solutions. It collects a large amount of data to support the artificial intelligence that performs context-based behavioral analysis, predictions, and threat hunting.
n
Response — Adaptive Defense 360 uses the collected forensic data to complete in-depth analysis of every attempted attack. A variety of advanced tools remediate attacks.
n
Prevention — To prevent future attacks, Adaptive Defense 360 actively changes the settings of each protection module and patches any vulnerabilities discovered in installed operating systems and applications on the endpoint.
Big Data Analytics Infrastructure Adaptive Defense 360 hosts a cloud-based server infrastructure that receives a constant telemetry flow from every endpoint. This telemetry consists of the actions performed by the executable programs monitored by the protection module, and includes their static attributes and execution context information. Adaptive Defense 360 uses machine learning and other technology to automate real-time inspection of the telemetry sent by every endpoint. 99.98% of samples are classified automatically, and the rest are classified by a malware specialist. The analysis is done in real environments to avoid anti-scan techniques frequently used by malware. Adaptive Defense 360 uses artificial intelligence techniques to: n
Scan this data in the cloud
n
Evaluate the behavior of each executable program
n
Classify each running process
The protection module installed on each endpoint receives the classification and performs the actions required to protect the endpoint. Cloud data analysis is much more advanced than the methodology used by traditional solutions that can only detect known viruses and malware and send any unknown files to the antivirus vendor for manual analysis. Adaptive Defense 360 analyzes every process that runs on protected endpoints, including legitimate software processes. Continuously monitoring every process makes sure that malware that masquerades as legitimate software is correctly classified. Many targeted attacks and other advanced threats operate in stealth mode to evade detection by traditional protection servers.
12
WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
100% Attestation Service The 100% Attestation Service (also known as the Zero-Trust application service) is a combination of security solutions and technologies that operate across the network to analyze endpoints, users, data, applications, and cloud communications. It classifies all processes run on Windows computers without ambiguity or false positives or negatives. It is one of the Adaptive Defense 360 protection layers. n
The service relies on contextual analysis of corporate assets, users, applications, and data utilization patterns to minimize risk to endpoints.
n
The service denies any execution of a program until it is confirmed as trusted. This enables you to shift away from unconditional trust (or some level of confidence in network, users, and application activity) to a secure zerotrust methodology.
n
The service uses a combination of an agent installed on the user's computer and cloud-hosted technologies to automatically classify most running processes. Malware experts analyze and manually classify the remaining small percentage of unknown files. This approach enables the service to classify 100% of executable files that run on endpoints, with no false positives or false negatives.
How Adaptive Defense 360 Analyzes Endpoint Processes Adaptive Defense 360 monitors all the actions triggered by processes that run on protected endpoints and catalogs each event based on more than 2,000 unique object characteristics. Adaptive Defense 360 can detect anomalies and threats in these system components: n
Creation and execution of a process or injection of a process in another event
n
Creation of a new file by a process, or the opening, editing, or deletion of an existing file
n
Creation of a new communication socket, use of a protocol, and direction and origin of a communication
n
Creation, modification, or deletion of Microsoft Windows registry keys
n
The use of administrative credentials, log in and log out events, installation of processes, and service activity
In addition, threat hunting services use artificial intelligence to monitor application behavior to detect fileless attacks and other advanced threats. These techniques actively process the data gathered by endpoint detection and response services to discover new threats. These services can detect activity such as: n
Brute force RDP attacks.
n
The use of Microsoft PowerShell with obfuscated parameters.
n
Anomalous interactions with Microsoft Active Directory.
n
Local compiled programs.
n
Documents with macros or Internet links.
n
Registry modifications to run executables when Microsoft Windows starts.
n
Code injection into legitimate processes.
n
Application and user profiling to detect deviations. For example, detection of a user on this computer who has never executed a specific type of tool before.
Endpoint Security Essentials Study Guide
13
Introduction to Endpoint Security Technology
Adaptive Defense 360 Protection Model Layers Panda Adaptive Defense 360 uses a protection model based on the following layers of technology: n
Signature file and Heuristic scanners
n
Contextual detections
n
Anti-Exploit Technology
n
100 % Attestation Service / Zero-trust application service
n
Threat Hunting Service
Signature Files and Heuristic Scanners Detects known attacks through traditional signature files, and detects malware behavior with heuristic scan methods. n
Uses virus and malware signature files to detect known malicious files
n
Performs generic and heuristic detection of malware behavior
n
Blocks specific ransomware URLs
Contextual Detections Detects fileless attacks that do not use physical malware. This includes: n
Script-based attacks
n
Web browser vulnerabilities
n
Attacks that use existing legitimate software tools
n
Common targeted applications, such as Java, Adobe Reader, Adobe Flash, and Microsoft Office
Anti-exploit Technology Complements contextual detection and patch management through the detection of fileless attacks that exploit existing vulnerabilities. This detection is based on the anomalous behavior of exploited processes.
14
WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology 100% Attestation Service / Zero-Trust Application Service Included in the product by default for Windows computers to allow the execution of only those programs certified by Panda Security. It uses a combination of local technologies on the user computer and cloud-hosted technologies in a big data infrastructure. These technologies are capable of automatically classifying 99.98% of all running processes. The remaining percentage is manually classified by malware experts. This approach enables Adaptive Defense 360 to classify 100% of all binaries run on customer computers without false positives or false negatives. All executable files found on user computers that are unknown to Adaptive Defense 360 are sent to our big data analytics infrastructure for analysis. Threat Hunting Service Actively detects compromised systems, early-stage attacks, and suspicious activities. Malicious users continually launch sophisticated attacks, and many threats remain undetected for months if no proactive threat search procedure looks for traces of attacks.
Endpoint Security Essentials Study Guide
15
Panda Adaptive Defense 360
Panda Adaptive Defense 360 Adaptive Defense 360 (AD360) combines next-generation antivirus protection (NGAV), endpoint detection and response (EDR), and other security features into one platform. In this section, you learn about: n
Adaptive Defense 360 and the Aether platform
n
How to install Adaptive Defense 360
n
How to set up Adaptive Defense 360
n
Status dashboards
n
How to configure settings
n
Remediation tools and troubleshooting
For a list of additional resources on these topics, see Adaptive Defense 360 Additional Resources.
Endpoint Security Essentials Study Guide
16
Panda Adaptive Defense 360
Overview Adaptive Defense 360 protects the security of all workstations and servers in an organization, without intervention from network administrators. The Aether platform is the ecosystem where Adaptive Defense 360 runs.
Panda Adaptive Defense 360 is a managed service that enables organizations to: n
Protect IT assets
n
Review any security problems detected
n
Develop prevention and response plans against unknown and advanced persistent threats (APTs)
Supported Platforms Adaptive Defense 360 on the Aether platform is compatible with Windows, Linux, Android, and macOS.
17
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Get Started with Adaptive Defense 360 To get started with Adaptive Defense 360, you must: n
Activate Adaptive Defense 360 and create or link a Panda account
n
Open the Adaptive Defense 360 management console
Activate Adaptive Defense 360 After you purchase Adaptive Defense 360, you must activate it on the WatchGuard website. Log in with your WatchGuard portal user name and password. If you are a partner, click Support Center. To start the activation process, select My WatchGuard > Activate Products, type or paste your activation key, and then follow the activation steps. If this is the first time you activate a Panda product, the activation process prompts you to link your Panda account and your WatchGuard account. If you do not have a Panda account, you create one as part of the activation process.
About the Panda Account The Panda account provides administrators with a mechanism to manage login credentials and access Panda Security services purchased by the organization. With a Panda account, the administrator creates and activates the access method to Panda Cloud and in turn, to the Panda product web consoles.
Partner Licensing Process The first time you activate a license for a Panda product, you should consider the following: n
If you have a WatchGuard Partner account, you must link your Panda account and your WatchGuard account. If you do not have a Panda account, you create one as part of the activation process.
n
If you have a Panda Partner account, you must create a WatchGuard Partner account before you activate your license. To get started, go to https://secure.watchguard.com/BecomeAPartner.
n
Your license is activated immediately as a pool license. For pool licenses, the expiration date is determined when you assign the license.
For more information, see this Knowledge Base article, WatchGuard Partners: How do I activate licenses for a Panda product from the WatchGuard website?
Customer Licensing Process Customers activate Adaptive Defense 360 licenses in the WatchGuard Support Center. The first time you activate a license for a Panda product, you must link your Panda account and your WatchGuard account. If you do not have a Panda account, you create one as part of the activation process.
Endpoint Security Essentials Study Guide
18
Panda Adaptive Defense 360
It can take up to 48 hours for an end-user license to become active. The expiration date for this license is based on the activation date.
To access your product's web console, from Panda Cloud, select the Products on Aether platform tile. For more information, see this Knowledge Base article, WatchGuard Customers: How do I activate licenses for a Panda product from the WatchGuard website?
Open the Adaptive Defense 360 Management Console After you complete activation, go to the Panda Cloud login page: https://www.pandacloudsecurity.com/PandaLogin/. Log in with your Panda Security account. To open the Adaptive Defense 360 management console, select the Adaptive Defense 360 tile.
Navigate the Console The Adaptive Defense 360 management console includes settings to manage your user account and to choose the information you see. Multiple Groups To filter information in the window and only show information collected from computers in the groups you select, in the upper-right corner, click Multiple groups.
This enables you to focus on a specific group or groups of computers (for example, a group of servers or computers at a specific location). General Settings The General Settings menu is available to the right of Multiple groups.
From the General settings menu, you can select these options:
19
n
Online Help
n
Administration Guide
n
Technical Support
n
Suggestion Box
n
License Agreement
n
Adaptive Defense 360 Release Notes
n
Language
n
About
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360 To change the language of the console, from the General settings menu, select Language. To view the version of Adaptive Defense 360, as well as the version of the protection agents for different platforms, from the General settings menu, select About. User Account The User Account menu is available to the right of the General settings menu.
From the User Account menu, you can select these options: n
Set up my profile — Change the information in your account.
n
Change account — Change the user and password you use to log in.
n
Log out — Log out of the management console and return to the Panda Cloud login page.
Endpoint Security Essentials Study Guide
20
Panda Adaptive Defense 360
Device Management Use the Computers page to view, group, and manage your devices.
You use the management console to organize and display managed computers in order to quickly find a device. Before you deploy, we recommend that you: n
Create the structure of your state
n
Uninstall third-party antivirus programs
After you deploy, verify URLs that must be opened with URL Checking in the PSInfo tool. To manage a network device through the management console, the device must have the Aether agent installed. Adaptive Defense 360 delivers the Aether agent in the installation package for all compatible platforms. Devices that do not have an Adaptive Defense 360 license but do have the Aether agent installed appear in the management console. For these devices, protection is either disabled (if a license has been released) or not installed (if a license has never been assigned before). Scan tasks and other Adaptive Defense 360 resources will not run. Adaptive Defense 360 does scan computers with expired licenses for threats, but does not update the signature file and does not apply advanced protection. In this condition, Adaptive Defense 360 is not an effective solution to combat threats.
To keep the network protected, we strongly recommend that you renew contracted services.
The Computers page has two panes. The left pane includes the Filters and My Organization tabs and the right pane displays the details page.
21
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Left Pane Use the Filters tab and My Organization tab to view and organize managed computers.
Endpoint Security Essentials Study Guide
22
Panda Adaptive Defense 360
Filters Tab On the Filters tab, you can dynamically group computers on the network based on settings and conditions that describe the characteristics of devices. You can use logical operators to produce complex filters. For example, you can organize your computers by operating system, software, or by custom filter with specific rules for settings, protection status, hardware, software, range of IP addresses, groups, or latest proxies used by the agent.
My Organization Tab An administrator can manually assign computers to a group. Use the My Organization tab to create a multi-level structure of groups, subgroups, and computers. The organizational tree can be a custom tree, the company Active Directory tree, or a combination of the two.
The Active Directory tree is generated automatically. To integrate a computer into a custom group or into an Active Directory path, you must install an agent on the computer. You can move computers from one path to another as required.
Right Pane When you select a computer from the list of computers, the right pane displays details of the hardware and software installed, as well as the security settings assigned to it.
The details pane includes these sections:
23
n
General — Displays information to help identify the computer.
n
Notifications — Details of any potential problems.
n
Details — Summary of the hardware, software, and security settings of the computer.
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360 n
Hardware — Hardware installed on the computer, its components and peripherals, as well as resource consumption and use.
n
Software — Software packages installed on the computer, as well as versions and changes.
n
Settings — Security settings and other settings assigned to the computer.
n
Toolbar — Operations available for the managed computer.
If the window is not large enough, some tools are hidden.
Endpoint Security Essentials Study Guide
24
Panda Adaptive Defense 360
Install Adaptive Defense 360 Installation requirements for Adaptive Defense 360 differ for different platforms.
Before you install Adaptive Defense 360, make sure you meet these requirements: System Requirements For a list of system requirements, see the appropriate Knowledge Base article: n Windows — Installation requirements of products based on Aether Platform for Windows n
Linux — Installation requirements of products based on Aether Platform for Linux platforms
n
macOS — Installation requirements of products based on Aether Platform for macOS platforms
n
Android — Installation requirements of products based on Aether Platform for Android platforms
Communications Requirements If you have a firewall, proxy server, or other network restrictions, to install and operate Adaptive Defense 360, you must allow access for communications from the server or console to these servers: n
Updates and Upgrades server
n
Collective Intelligence server
For more information, see the list of URLs and ports you must allow in this Knowledge Base article: URLs and ports required for products based on Aether Platform to communicate with server. Discovery and Remote Installation Requirements Aether Platform-based products include tools to locate unprotected workstations and servers and to initiate a remote unattended installation from the management console. For more information about the requirements for discovery and remote installation, see this Knowledge Base article: Requirements for the discovery of computers and remote installation in products based on Aether Platform.
Remote installation is only compatible with Windows platforms.
25
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Installation Methods You can use these methods to install Adaptive Defense 360: n
Local — Install from MSI file, installer URL, or manually
n
Remote (Windows only) — Install with discovery and deployment
n
Centralized tools — Install from the command line through Panda Systems Management or Active Directory
n
Gold image (Windows only) — For more information, see this Knowledge Base article: How to create an image for Windows persistent and non-persistent environments (VDI) with products based on Aether Platform.
Uninstall Adaptive Defense 360 You can either uninstall the Adaptive Defense 360 software locally from the control panel of the operating system on each computer, or remotely from the console (Windows computers only). When you uninstall Adaptive Defense 360, the associated counters, such as malware detected, blocked URLs, filtered mails, and blocked devices, are removed from the management console. When you reinstall the software, the counters are restored.
Endpoint Security Essentials Study Guide
26
Panda Adaptive Defense 360
View Status Use the Status page to select dashboards and lists to quickly view information about the computers you manage.
Dashboards Adaptive Defense 360 collects information and presents it graphically in dashboards in the management console. You can open dashboards from the left pane menu. Click the data on a dashboard to view more details.
These dashboards are available: n
27
Security — Shows the security status of the IT network. o Offline Computers: Shows computers that have not connected to the Panda Security cloud for a specified amount of time. o
Outdated Protection: Shows computers whose signature file is more than three days older than the latest one released by Panda Security. It also displays the computers whose antivirus engine is more than seven days older than the latest one released Panda Security.
o
Protection Status: Shows computers where Adaptive Defense 360 is working properly and those where there are errors or problems with installation or the protection module.
o
Programs Blocked by the Administrator: Shows the number of execution attempts recorded across the IT network and blocked by Adaptive Defense 360 based on the settings defined by the network administrator.
o
Programs Allowed by the Administrator: Shows programs that the administrator allows when a user cannot wait for an unknown item that is classified as a threat to run.
o
Classification of All Programs Run and Scanned: Shows the percentage of goodware and malware items seen and classified on the customer network during the time period specified by the administrator.
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360 o
EDR Activity: Shows the details of malware, PUP and Exploit detections, plus the Currently blocked programs being classified.
o
Exploit Activity: Shows the number of vulnerability exploit attacks suffered by the Windows computers on the network.
o
Exclusions: Shows exclusions, such as Allow blocked items being classified, processes classified as threats, and detection of malware, PUPs, etc.
n
Web access and spam — Shows information about blocked and filtered Internet content and unsolicited email.
n
Patch management — Shows updates for the operating system and third-party software installed on your computers.
n
Full encryption — Shows the encryption status of the computer's internal storage.
n
Licenses — Shows the status of your licenses. This includes Computer with a license, Computer without a license, and Excluded.
Endpoint Security Essentials Study Guide
28
Panda Adaptive Defense 360
Licenses Dashboard When you install the software on a computer on the network, if there are unused licenses, the system assigns a free license to the computer automatically. You can also assign licenses manually. To view details of contracted licenses, on the Licenses dashboard, click Assigned.
When you uninstall a product from one of your computers, or when a license expires, the system automatically recovers the license and returns it to the license pool. You can release licenses manually from the Licenses dashboard when you remove the product license from the Details tab for a computer.
For more information, see the Support article: https://www.pandasecurity.com/en/support/card?id=700021.
29
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
My Lists More detailed information is available from the My Lists section in the left pane.
Each list displays information in a table. Most dashboard sections have an associated list, so you can quickly see the information graphically and then get more in-depth data from the lists.
You can add lists to the left pane for quick access.
Endpoint Security Essentials Study Guide
30
Panda Adaptive Defense 360
Scheduled Reports Adaptive Defense 360 can send reports, by email, that include security information from the computers it protects. This makes it easy to share information with other people and departments in your organization, and to keep a history of events beyond the data storage capacity limits of the management console. These reports can help you to monitor security status closely without the involvement of administrators. Automated email reports provide stakeholders with information about all security events. You can create reports based on a previously created list, directly generate an executive report, or create a report for an existing list of filtered devices. To add scheduled reports and lists, on the Status page, select Scheduled reports from the left pane.
31
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Settings Management Use the Settings page to manage general settings and security settings.
General Settings In the General section, you can manage settings such as users, preferences, network settings and services, and alerts.
Users On the Users page, you manage users, roles, and permissions.
Use the Users page to: n
Create users
n
Define roles for users
n
View the activity logged for a user
n
Require users to use two-factor authentication
To force users to enable and use two-factor authentication, the user account from that enforces two-factor authentication must have the Manage users and roles permissions and access to all computers on the network.
Endpoint Security Essentials Study Guide
32
Panda Adaptive Defense 360
Per-computer Settings On the Per-computer Settings page, you set preferences and enable automatic updates.
Use the Per-computer Settings page to: n
Show or hide the agent icon on managed computers.
n
Enable and schedule automatic updates for: n Aether Platform communications agent n
Adaptive Defense 360 protection engine
n
Signature file for traditional antivirus protection
For more information, see the interactive video, How to Configure a Group of Computers of the Network Not to Upgrade Automatically.
n
Configure security against unauthorized protection tampering.
These security options are enabled by default: n Request password to uninstall Aether from computers
33
n
Allow the protections to be temporarily enabled or disabled from the computer's local console (password required)
n
Enable anti-tamper protection (prevents users and certain types of malware from stopping the protections)
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Network Settings On the Network Settings page, you can configure settings templates or configuration profiles.
Use the Network Settings page to: n
Set the language of the Panda agent for one or more computers. You must first create a network settings profile.
n
Add the proxy computers you want your computers to use or disable the use of a proxy.
n
Enable or disable the real-time communication feature.
n
Designate one or more computers on the network with the cache role to automatically download and store all files required for updates. This enables computers with Adaptive Defense 360 to update the signature file, agent, and the protection engine without Internet access.
Proxy Types Adaptive Defense 360 supports various Internet access methods which you can configure to connect to the Panda Security cloud. When an access method is no longer accessible, Adaptive Defense 360 tries the next method in the list until it finds one that is valid. If Adaptive Defense 360 gets to the end of the list, it returns to the start and continues until it has tried all connection methods at least once. Adaptive Defense 360 supports these connection types:
Endpoint Security Essentials Study Guide
34
Panda Adaptive Defense 360
Proxy Type
Description
Do not use proxy
Direct access to the Internet. Computers access the Panda Security cloud directly to download updates and send status reports. If you select this option, the Adaptive Defense 360 software uses the computer settings to communicate with the Internet.
Corporate proxy
Access the Internet through a proxy installed on the company network. n
Address — The proxy server IP address.
n
Port — The proxy server port.
n
The proxy requires authentication — Select this option if the proxy requires a user name and password.
n
User name — The user name of an existing proxy account.
n
Password — The password of the proxy account.
Automatic proxy discovery using Web Proxy Autodiscovery Protocol (WPAD)
Use DNS or DHCP to query the network to get the discovery URL that points to the PAC configure file. If needed, you can specify the HTTP or HTTPS resource that hosts the PAC configuration file.
Panda Adaptive Defense 360 proxy
Access the Internet through the Adaptive Defense 360 agent installed on a computer on the network. This option enables you to centralize all network communications through a computer with the Panda agent installed.
To configure the network settings for proxy and cache, you must first add the proxy or cache computers on the Network Services page. For more information, see the interactive video, How to Add and Configure a Cache Computer.
35
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Network Services On the Network Services page, you can set a Panda proxy server.
The Panda agent installed on Windows computers on your network can have three different roles: n
Proxy — Enables computers without direct Internet access to use the proxy installed on your network. If no proxy is accessible, you can assign the proxy role to a computer with Panda Adaptive Defense 360 installed.
n
Discovery — Installs and deploys Panda Adaptive Defense 360 across your network through the discovery feature.
n
Cache — Automatically downloads and stores all files required by other computers with Panda Adaptive Defense 360 installed. This saves bandwidth, because each computer does not have to download updates separately.
Endpoint Security Essentials Study Guide
36
Panda Adaptive Defense 360
VDI Environments To facilitate license assignment, on the VDI Environments page, you can specify the maximum number of computers that can be simultaneously active in a non-persistent virtualization environment. Virtual Desktop Infrastructure (VDI) is a desktop virtualization solution that hosts virtual machines in a data center accessed by users from a remote terminal with the aim to centralize and simplify management and reduce maintenance costs. There are two types of VDI environments: n
Persistent VDIs — Storage space assigned to each user persists between restarts, including the installed software, data, and operating system updates.
n
Non-persistent VDIs — Storage space assigned to each user is deleted when the VDI instance is restarted, returning to its initial state and undoing all changes made.
With a non-persistent VDI, storage space assigned to each user is deleted when the VDI instance restarts. The VDI instance returns to its initial state and all changes are undone.
37
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
My Alerts Email alerts are messages that Adaptive Defense 360 sends to a specified recipient email address when an event occurs.
On the My Alerts page, you can select which alerts to receive and specify the email address to receive them.
Endpoint Security Essentials Study Guide
38
Panda Adaptive Defense 360
Security Settings In the Security section, you can also manage security settings for: n
Workstations and servers
n
Program blocking
n
Android devices
n
Patch management
Workstation and Servers On the Workstation and Servers page, you add and edit security settings for computers and servers. Enter a name and description for the settings and then select the computers you want to apply the settings to.
General Settings In the General sub-section, you specify alerts, update options, uninstalled security products, and exclusions. Local Alerts Enable malware, firewall, and device control alerts. The administrator can enter text to display in local alerts for computer isolation, detections (antivirus), detections (by behavior), advanced security policies, and program blocking. Updates Configure options related to product updates.
39
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360 Uninstall Other Security Products Configure whether to uninstall other security products. Exclusions Configure these types of exclusions: n
File exclusions — Exclude files stored on the hard disk by extension, file name, or directory. Separate exclusions with commas (,). For more information, see the Knowledge Base articles on general exclusions and Panda and TDR Host Sensor exclusions.
n
Email exclusions — Make exclusions recommended by Microsoft to improve the performance of Exchange Server. You can also exclude email attachments by file extension.
Advanced Protection In the Advanced Protection sub-section, you can enable advanced protection to track the activity of every program on your computers, and immediately detect and block malicious programs. Advanced protection includes direct monitoring by Panda lab technicians. Operating modes for advanced protection (Windows only) Audit — Reports on detected threats but does not block or disinfect the malware detected. Hardening — Removes malicious and potentially malicious programs. Blocks unknown programs from the Internet, from other computers on the network, or from external storage drives until the Panda lab determines whether they are malware. Allows any other unknown program to run while it is analyzed by the lab. Lock — Prevents all unknown programs from running until they are classified. You can also report blocking to computer users and add a custom message to alerts. Detect malicious activity (Linux only) There are three modes: Audit, Block, and Do not detect. To avoid possible issues on some computers, detected malicious actions are not blocked by default.
Unless you know that the detected malicious activity is a legitimate action, we recommend that you set the mode to Block.
Anti-exploit Anti-exploit protection prevents access to computers on the corporate network by malicious programs. There are two modes: Audit and Block. Audit Reports detected exploits in the administrative console. Does not take action against the detected programs or display any information to the user of the computer. Block Blocks exploit attacks. This might force the compromised process to end.
Endpoint Security Essentials Study Guide
40
Panda Adaptive Defense 360 Report blocking to the computer user — Notifies the user and automatically ends the compromised process, if required. Ask the user for permission to end a compromised process — Prompts the user to end the compromised process, if necessary. Every time a compromised computer needs to restart, the user must provide confirmation, regardless of whether the Ask the user for permission to end n compromised process option is selected.
Anti-exploit protection is disabled by default to improve compatibility with any third-party security solution installed on the network that uses similar technology. With this protection disabled, Adaptive Defense 360 does not detect and block vulnerability exploit attacks and metasploit malware. Other security modules do detect and block dangerous actions that threaten the system.
To make sure that anti-exploit protection works correctly with third-party security solutions installed, we recommend that you enable it gradually on your computers.
Privacy Adaptive Defense 360 can include the full name and path of files sent to the cloud for analysis in reports and forensic analysis tools. If you do not want to send this information to the Panda Security cloud, you can disable this option. Adaptive Defense 360 can also show the user who was logged in to the computer on which a detection occurred. If you do not want to send this information to the Panda Security cloud, disable this option. Network Usage Adaptive Defense 360 sends every unknown executable file found on user computers to the Panda Security cloud for analysis. This has no impact on the performance of the network. By default, each agent can transfer a maximum of 50 MB of files in an hour. Adaptive Defense 360 sends unknown files to the cloud only once for all users. Bandwidth management mechanisms minimize the impact on the network. To allow unlimited file transfers, set the value to 0.
41
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Antivirus In the Antivirus sub-section, you can configure these settings: n
Antivirus – Enable or disable antivirus protection for files, email, and web browsing.
n
Threats to detect – Detect viruses, detect hacking tools and PUPs, block malicious actions, and detect phishing.
n
File types – Scan compressed files in emails, on disk, and all files regardless of their extension when they are created or modified.
Firewall (Windows computers) Panda Adaptive Defense 360 provides three tools to filter the network traffic that protected computers send and receive. System Rules Rules that allow or deny data traffic that has specific communication characteristics, such as ports, IP addresses, or protocols. Program Rules Rules that allow or prevent communication from programs installed on user computers to other computers. Intrusion Detection System Rules that detect and reject malformed traffic patterns that can affect the security or performance of protected computers. In the Firewall section, you select these settings: n
Let computer users configure the firewall – Enable end users to manage the firewall protection from their local console.
n
Network type – Laptops and mobile devices can connect to networks with different security levels, from public Wi-Fi networks, such as those in Internet cafés, to managed and limited-access networks, such as the one in your office. Set the default behavior of the firewall to: o Manually select the type of network that the computers in the configured profile usually connect to. o
Enable Panda Adaptive Defense 360 to select the most appropriate network type.
n
Program rules – Specify which programs can communicate with the local network and Internet.
n
Connection rules – Define TCP/IP traffic filtering rules. Adaptive Defense 360 extracts the values of some fields in the headers of each packet that protected computers send and receive, and checks them against the rules you define. If the traffic matches a rule, Panda Adaptive Defense 360 takes the specified action.
Device Control (Windows computers) The Device Control sub-section enables you to configure how the protected computer behaves when it connects or uses a removable or mass storage device. To configure exceptions, select the allowed device and click the Exception icon.
Endpoint Security Essentials Study Guide
42
Panda Adaptive Defense 360
Web Access Control The Web Access Control sub-section enables you to control access to the Internet. For example, you can allow web access at specific times of the day, deny access to websites in different categories, and always allow or deny access to specific URLs and domains.
43
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Antivirus for Exchange Servers Adaptive Defense 360 protects Microsoft Exchange email servers with two features: Mailbox protection and Transport protection. Mailbox Protection This protection applies to Exchange servers with the Mailbox role, and scans folders and mailboxes in the background or when the server receives messages and stores them in user folders. Mailbox protection can manipulate items contained in the body of scanned messages. It can replace any dangerous item it finds with a clean one and move dangerous items to quarantine. Mailbox protection scans the Exchange server user folders in the background. This protection uses smart scans to avoid a rescan of scanned items. Every time a new signature file is published, the protection scans all mailboxes and the quarantine folder in the background. Transport Protection This protection applies to Exchange servers with the Client Access, Edge Transport, and Mailbox roles, and scans the traffic that goes through the Exchange server. This protection cannot manipulate items contained in the body of scanned messages. The body of dangerous messages is treated as a single component. Every action Adaptive Defense 360 takes — delete the message, quarantine it, let it through without any action, etc. — affects the entire message:
Anti-Spam for Exchange Servers In the Anti-Spam for Exchange Servers sub-section, you can enable anti-spam protection. When you do this, you are prompted to add exclusion rules to improve the performance of your mail servers. You can specify the action to perform on spam messages, such as let the message through, delete the message, or flag with SCL (Spam Confidence Level). You can also configure lists of email addresses and domains that you always want to allow or delete.
Content Filtering for Exchange Servers The Content Filtering for Exchange Servers sub-section enables you to filter email messages based on the file extension of attachments. For example, you might want to always delete messages with attachments that have an .EXE or .ZIP file extension.
Endpoint Security Essentials Study Guide
44
Panda Adaptive Defense 360
Program Blocking On the Program Blocking page, you can prevent the execution of programs that are dangerous or that you do not want your users to run. For example, you might decide to block programs that use too much bandwidth, pose a security threat, or affect user or computer performance. You can identify programs to block by name or MD5 code.
45
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Android Devices On the Android Devices page, you can specify security settings for Android devices.
Updates In the Updates sub-section, you can enable Aether updates over Wi-Fi only.
Antivirus In the Antivirus sub-section, you can enable always-on protection and specify whether to scan applications from unknown sources before you install them. To add an exclusion, you can enter the name of the Android executable (com.example.myapp).
Anti-Theft In the Anti-Theft sub-section, you can enable features that prevent data loss and help users to locate devices in the event of loss or theft.
For information on the Patch Management page and Data Protection section, see the Panda Patch Management and Panda Full Encryption learning modules.
Endpoint Security Essentials Study Guide
46
Panda Adaptive Defense 360
Troubleshooting Tools Troubleshooting tools for Adaptive Defense 360 include remediation tools, the Troubleshooting Guide, PSInfo, the Knowledge Base, and other documentation.
Remediation Tools Access remediation tools from the menu in the upper-right corner of the Computers tab. Remediation tools are also available from the menu beside each computer or device.
To view remediation tools that require action in the management console, on the Computers page, select a computer and select the more options icon. Available options show in the menu that appears. Scan now / Schedule scan Enables scheduled and immediate scans. Restart Enables the administrator to restart computers remotely. Automatic disinfection Performed by real-time advanced protection and antivirus protection products. When malware is detected, the products clean the affected items with an appropriate disinfection method. When no method exists, the malware is quarantined. Allowing external access to the console Gives the Panda support team access to the management console.
47
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360 Isolate computer Enables administrators to isolate computers on demand to prevent the spread of threats and the extraction of confidential data. Report a problem Contacts the support team through the management console and automatically sends all the information required for diagnosis. Reinstall protection / Reinstall agent Reinstalls protection or the agent remotely from the management console. Available for both Windows workstations and servers.
Troubleshooting Guide This online guide provides technicians with information to support customer and partner Adaptive Defense queries. https://www.pandasecurity.com/enterprise/downloads/docs/product/Webhelp/#t=000.htm
Panda Support Information (PSInfo) and other Support Tools The Panda Security Information Tools (PSInfo) collects information for the analysis and investigation of issues related to all Panda products
When you submit a case, make sure that you provide PSInfo with the PSInfo tool.
To run the tool locally on an endpoint, go to: https://www.pandasecurity.com/psinfo From the Aether console, select the specific computer and click Report a problem. The PSInfo window includes two tabs: n
General — Collects computer data.
n
Tools — Access different tools to resolve issues with the product, including: URL Checker Inspects URLs required to communicate with Panda servers. Use for installation, update and upgrade issues. Enable/Disable Advanced Logs Required for in-depth analysis of certain issues with the product. Force Sync Use to check connectivity between the endpoint and the console.
Endpoint Security Essentials Study Guide
48
Panda Adaptive Defense 360 Repair Protection Use to solve protection errors. Generic Uninstaller Removes any trace of the protection. Advanced Firewall Technology Use for issues related to the firewall protection. AD Sample Test File Use to carry out tests of the Advanced Protection detection capabilities. Additional Tools PSErrorTrace: Use for installation, scans, or third-party issues NNSDiag: Use for firewall issues WinDBG: Use to create a post-mortem dump to analyze process crashes
Knowledge Base and Documentation Answers to frequently asked questions about Adaptive Defense 360 are from the Knowledge Base articles on the Panda Support website. Key articles include: n
Getting Started Guide
n
System Requirements for Windows
n
URLs and Ports Required
n
Best Practices for Upgrades
WatchGuard partners and customers can also review the Administration Guide and find information in the Panda Support Center: https://www.pandasecurity.com/en/support/watchguard-customers/
49
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Product Features by Platform Features available in Aether-based products differ by computer platform.
This table lists available features and the platforms that support them. Available Features
Windows
Linux
macOS
Android
11
11
11
16
15 min
15 min
15 min
Immediately after scan completes
General Web console Information in dashboards Filter-based computer organization Group-based computer organization Languages supported in the local console Lists and Reports Frequency of sending detections to the server
List of detections Executive reports Scheduled executive reports Protections Real-Time permanent antivirus protection Advanced protection (Adaptive Defense) Anti-Tamper protection Anti-Exploit protection Firewall
Endpoint Security Essentials Study Guide
50
Panda Adaptive Defense 360
Available Features
Windows
Linux
macOS
Android
Device control URL filtering Settings Security settings for workstations and servers
NA
Password for uninstalling the protection and taking actions locally Ability to establish multiple proxies
NA
Ability to work as a Panda proxy
NA
Ability to use the Panda proxy
NA
Ability to work as a repository or cache
NA
Ability to use the repository or cache
NA
Discovery of unprotected computers Email alerts in the event of an infection Email alerts when finding an unprotected computer Remote Actions Taken from the Web Console Real-Time actions On-Demand scans Scheduled scans Remote installation of the Panda agent Ability to reinstall the agent and the protection Computer restart
51
WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Available Features
Windows
Linux
macOS
Android
Computer isolation Program blocking by hash and program name Ability to report incidents (PSInfo) Updates and Upgrades Signature updates Protection upgrades Ability to schedule protection upgrades
Endpoint Security Essentials Study Guide
Google Play
52
Patch Management
Patch Management Patch Management is a built-in module on the Aether platform that finds computers on the network with known software vulnerabilities and updates them automatically. It minimizes the attack surface and protects your workstations and servers from malware that exploits software flaws.
To manage the Patch Management module correctly, in Patch Management settings, select Disable Windows Update on Computers.
In this section, you learn about: n
Requirements
n
How to configure settings
n
Status dashboard
For further information, see Additional Resources.
53
WatchGuard Technologies, Inc.
Patch Management
Patch Management Requirements Patch Management supports Windows operating systems. Patch Management detects both third-party applications with uninstalled patches or in EOL (end-of-life) stage as well as all patches and updates published by Microsoft for its products (operating systems, databases, Office applications, etc.).
Endpoint Security Essentials Study Guide
54
Patch Management
Patch Management Settings To view Patch Management settings in the Adaptive Defense 360 Aether console, select Settings, then from the left pane, select Patch Management.
The Patch Management Settings dashboard contains these settings:
55
n
Disable Windows Update on Computers — To manage updates exclusively without interference from local Windows Update settings, enable the Disable Windows Update on Computers toggle.
n
Automatically Search for Patches — To enable patch search functionality, enable the Automatically Search for Patches toggle. If the toggle is not enabled, the lists in the module do not display uninstalled patches.
n
Search Frequency — To specify how frequently Patch Management searches the database for uninstalled patches, from the drop-down menu, select a frequency.
n
Patch Criticality — To specify which patches Patch Management searches for, enable the toggles under Patch criticality.
WatchGuard Technologies, Inc.
Patch Management
Patch Management Status Dashboard To access the Patch Management Status dashboard in the Adaptive Defense 360 console, select Status, then from the left pane, select Patch Management.
The Patch Management Status dashboard shows: n
n
n
n
n
Patch Management Status o Enabled o
No information
o
Error installing
o
Error
o
No license
Time Since Last Check o > days o
> 7 days
o
> 30 days
End-of-Life Programs o Currently in EOL o
In EOL (currently or in 1 year)
o
With known EOL date
Available Patches o
Security Patches — Critical, Important, Moderate, Unspecified
o
Other Patches (non-security-related)
o
Service Pack
Last Patch Installation Tasks
Endpoint Security Essentials Study Guide
56
Patch Management
Available Patches In the Available Patches section of the dashboard, below the three types of patches, you can select View All Available Patches to open the Available Patches page.
To view recent high and critical vulnerabilities for which exploits are available, select Currently Exploited Vulnerabilities at the top of the page. To show filter options for available patches, on the Available Patches page, click Filters.
Available Patches filters include: n
Computer type — Workstation, Laptop, Server
n
CVE (Common Vulnerabilities and Exposures) — ID that describes the vulnerability associated with a patch
n
Computer — Name of the computer with outdated software
n
Program — Name of the outdated program or Windows operating system with uninstalled patches
n
Patch — Name of the patch or update and any additional information (release date, Knowledge Base number, etc.)
n
Criticality — Other patches (non-security related), Critical (security-related), Important (security-related), Moderate (security-related), Low (security-related), Unspecified (security-related), Service Pack
n
Installation — Pending, Requires Manual Download, Pending (manually downloaded), Pending Restart
Below the filters, select a computer from the list, then click
57
at the end of the row to see options.
WatchGuard Technologies, Inc.
Patch Management
The menu options are: n
Install — Creates a quick task to immediately install the patch on the computer.
n
Schedule Installation — Creates a scheduled task to install the patch on the computer.
n
Isolate Computer — Isolates the computer from the network.
n
View all Available Patches for the Computer — Show all available patches for the computer that have not been installed.
n
View which Computers have the Patch Available — Shows all computers that have the patch available for installation.
Below Available Patches on the Patch Management dashboard, you can select View Installation History to view your patch installation history.
Endpoint Security Essentials Study Guide
58
Full Encryption
Full Encryption This sections describes how to use Full Encryption to manage encryption on network computers protected by Adaptive Defense 360. Full Encryption uses BitLocker software installed on some versions of Windows 7 and higher to encrypt and decrypt the data stored on the computer drives. Full Encryption installs BitLocker automatically on compatible server versions. This section covers the following topics: n
Encryption concepts
n
Supported authentication types
n
Supported storage devices
n
Requirements
n
How to configure settings
n
Dashboard
For further information, see Additional Resources.
59
WatchGuard Technologies, Inc.
Full Encryption
Encryption Concepts The following concepts are key for proper use of Full Encryption. TPM TPM (Trusted Platform Module) is a chip included in the motherboards of some desktops, laptops, and servers. TPM chips protect sensitive data, stored passwords, and other information used to log in. PIN and Extended/Enhanced PIN A PIN (Personal Identification Number) is a sequence of 8 to 20 numbers that serves as a simple password. A PIN is necessary to start a computer with an encrypted drive. Without a PIN, the boot sequence does not complete and it is impossible to access the computer. If the hardware is compatible, Full Encryption uses an extended or enhanced PIN that combines letters and numbers to increase the complexity of a password. Passphrase A passphrase is an 8 to 255 alphanumeric password, equivalent to an extended PIN. USB Key A USB key enables you to store an encryption key on a USB device formatted with NTFS, FAT, or FAT32. When connected to a computer, the USB key bypasses the entry of a password to start up the computer. Recovery Key When Full Encryption detects an irregular situation on a computer it protects, or if you forget the password, the computer asks you for a 48-digit recovery key. The recovery key is a managed password — a network administrator can obtain the recovery key and send it to the user. System Partition A system partition is a small, unencrypted portion of the hard disk in a computer that is required for the computer to correctly complete the startup process. Full Encryption automatically creates a system partition if it does not already exist. Encryption Algorithm The encryption algorithm in Full Encryption is AES-256. Computers with drives that users encrypted with other algorithms are also compatible.
Endpoint Security Essentials Study Guide
60
Full Encryption
Supported Authentication Types Full Encryption allows different combinations of authentication methods, based on the OS version and whether the device includes a TPM chip: n
TPM + PIN — Compatible with all supported versions of Windows. The TPM chip must be enabled in the BIOS and a PIN must exist.
n
Only TPM — Compatible with all supported versions of Windows. The TPM chip must be enabled in the BIOS (automatically enabled in Windows 10).
n
USB Key — Requires a USB device and that the computer can access USB drives during start up.
The USB Key authentication method is required on Windows 7 computers without a TPM chip.
n
61
Passphrase — Available on Windows 8 and higher computers without a TPM chip.
WatchGuard Technologies, Inc.
Full Encryption
Supported Storage Devices Full Encryption encrypts these mass storage devices: n
Fixed storage drives on the computer (system and data)
n
Virtual hard drives (VHD) — only used space (as more space is used Full Encryption automatically encrypts the data)
n
Removable hard drives
n
USB drives
Full Encryption does not encrypt these storage devices: n
Dynamic hard disks
n
Very small partitions
n
Other external storage devices
Endpoint Security Essentials Study Guide
62
Full Encryption
Full Encryption Requirements Full Encryption supports the following operating systems and hardware.
Supported Operating Systems n
Windows 7 (Ultimate, Enterprise)
n
Windows 8/8.1 (Pro, Enterprise)
n
Windows 10 (Pro, Enterprise, Education)
n
Windows Server 2008 R2 and higher (includes Server Core editions)
Hardware Requirements
63
n
TPM v1.2 (and higher when using TPM authentication method)
n
USB key and a computer that can read USB devices from the BIOS in Windows 7
WatchGuard Technologies, Inc.
Full Encryption
Full Encryption Settings To access the Full Encryption settings, select Settings, then from the left pane, select Encryption .
Encrypt all Hard Disks on Computers n
If the computer is encrypted with Full Encryption and Encrypt all Hard Disks on Computers is disabled, all encrypted drives are decrypted.
n
If the computer is encrypted but not with Full Encryption, and Encrypt all Hard Disks on Computers is disabled, there is no change.
n
If the computer is encrypted but not with Full Encryption, and Encrypt all Hard Disks on Computers is enabled, the internal encryption settings change to coincide with the encryption methods supported by Full Encryption.
Ask for Password Access to the Computer This setting enables password authentication when the computer starts. Based on the operating system and whether the computer has TPM hardware, the user must provide these types of passwords: n
Computers with TPM — A PIN type password
n
Computers without TPM — A passphrase
If this option is set to No and the computer does not have access to a compatible TPM security processor, the disks will not be encrypted.
Do Not Encrypt Computers that Require a USB Drive for Authentication This setting prevents the use of USB devices supported by Full Encryption for authentication.
Endpoint Security Essentials Study Guide
64
Full Encryption Encrypt Used Disk Space Only To minimize the encryption time, you can restrict encryption to the sectors of the hard disk that are in use. Sectors released after a user deletes a file remain encrypted, but the space that was free before the encryption of the hard disk remains unencrypted and accessible to third parties that use tools to recover deleted files. Prompt for Removable Storage Drive Encryption Opens a window that prompts the user to encrypt the external mass storage devices and USB keys connected to the computer.
65
WatchGuard Technologies, Inc.
Full Encryption
Full Encryption Dashboard To access the Full Encryption dashboard, select Status, then from the left pane, select Full Encryption.
The Full Encryption dashboard shows the encryption status for all computers, which computers support encryption, which computers are encrypted, and which authentication methods are applied: n
n
n
n
n
Status o Enabled o
No information
o
Error
o
Disabled
o
Error installing
o
No license
Computers Supporting Encryption o Workstation o
Laptop
o
Server
Encrypted Computers o Encrypted Disks o
Encrypted by the user
o
Encrypted by the user (partially)
o
Encrypted (partially)
o
Encrypting
Authentication Method Applied o Security Processor (TPM) o
Security Processor (TPM) + Password
o
Password
Lists — for more information about how to create and use lists, see View Status.
Endpoint Security Essentials Study Guide
66
Advanced Reporting Tool
Advanced Reporting Tool In this section, you learn how to use the Advanced Reporting Tool to analyze the data that Adaptive Defense 360 collects, monitor your network, and configure alerts to notify you of security incidents. In this section, you learn about: n
Advanced Reporting Tool Overview
n
Web Console
n
Search Data
n
Advanced Reporting Applications
n
n
Security Incidents
n
Application Control
n
Data Access Control
Configure Alerts
For a list of additional resources on these topics, see Additional Resources.
67
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Overview For network administrators, it can be difficult to monitor the vast amount of data, logs, alarms, and notifications from different systems and respond to immediate security threats from zero-day malware. The Advanced Reporting Tool is a real-time monitor service that uses the information collected from your endpoints by Adaptive Defense 360. It automatically generates security intelligence data and provides tools to detect and analyze security threats. The Advanced Reporting Tool can also determine what network users do with their computers, such as application installation and execution, and bandwidth usage.
Key Benefits The key benefits of the Advanced Reporting Tool include: Search n
Quickly perform advanced searches of the data generated by Adaptive Defense 360 to maximize visibility of all events that occur on your network
n
Access historical data to analyze resource security and usage indicators
n
Get in-depth information to identify security risks and insider misuse of the network infrastructure
Diagnose n
Reduce the number of tools and data sources required to understand security issues on endpoint devices and the use of corporate assets
n
Extract resource usage and user behavior patterns to help shape your organization's usage and security policies
n
Send real-time alerts and notifications about security events on your endpoints and network
n
Detect security issues and behavior or internal misuse of your networks as they happen
n
Define custom alerts based on your own criteria
Alert
Report n
Generate detailed customized reports to help you analyze your company’s security infrastructure
n
Identify misuse of corporate assets and find behavioral anomalies
n
Show the status of key security indicators and track their evolution over time as you apply corrective actions
Endpoint Security Essentials Study Guide
68
Advanced Reporting Tool
Advanced Reporting Applications You can view advanced, preconfigured application dashboards that provide key indicators, search options, and default alerts for these functional areas: n
Security Incidents — Shows malware detected across the network and related information about specific infected endpoints.
n
Application Control — Offers detailed information about the applications installed and run on your users' computers.
n
Data Access Control — Displays information about data that leaves your network so you can detect data leaks and theft.
Alerts You can configure alerts based on events that indicate a security breach or an infringement of your corporate data management policy. The alert features include:
69
n
Default alerts that indicate high-risk situations, and the ability to create custom alerts based on your own specific criteria.
n
Several delivery methods available to send alerts to recipients, such as email, HTTP-JSON, Service Desk, Jira, Pushover, PagerDuty, and Slack.
n
Anti-flooding settings to prevent alert floods.
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Web Console The Advanced Reporting Tool web console helps you to visualize the security status of your network, based on the data gathered by Adaptive Defense 360. Customized data panels and widgets enable you to view and analyze your security data based on your own requirements and criteria.
Endpoint Security Essentials Study Guide
70
Advanced Reporting Tool The main menu provides these options:
71
n
Home — Return to the web console home page.
n
Data Search — Search the accumulated Adaptive Defense 360 knowledge data tables. For more information, see Search Data.
n
Administration — Manage alerts and your alert policies. For more information, see Configure Alerts.
n
Advanced Reporting — Display the Advanced Reporting Applications. These applications provide interactive dashboards that analyze and display data gathered by Adaptive Defense 360: n
Security Incidents — Displays the security status and incidents detected on the network. For more information, see Security Incidents.
n
Application Control — Displays data about installed and executed applications on your network. For more information, see Application Control.
n
Data Access Control — Displays information about the bandwidth used and the documents accessed by applications installed on your network. For more information, see Data Access Control.
n
Alerts — Display a page with information about generated alerts. For more information, see Configure Alerts.
n
Preferences — Configure options for users that access the web console.
n
Social Intelligence — Browse queries shared by users in this domain and other domains.
n
Log out — Log out of the web console.
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Search Data The search capabilities of the Advanced Reporting Tool enable you to: n
Perform advanced searches of the data generated by Adaptive Defense 360
n
Maximize visibility of all events that occur on your network
n
Quickly find in-depth information on security risks
Use the filters and data operations to quickly search for specific incidents, vulnerabilities, applications, and computers. You can create alerts based on your data search query.
From the main menu, click
to start your data search.
Adaptive Defense 360 organizes all the information it collects into knowledge tables. This page shows the knowledge tables available for you to search.
The knowledge tables you can search are: Table
Description
alert
Shows the incidents displayed in the Activity panel of the Adaptive Defense dashboard.
install
Logs all the information generated when the Adaptive Defense 360 agent installs on users' computers.
monitoredopen
Logs the data files accessed by applications on users' computers, and the processes that accessed user data.
monitoredregistry
Logs every attempt to modify the registry, and includes registry access related to permissions, passwords, certificate stores, and other areas.
Endpoint Security Essentials Study Guide
72
Advanced Reporting Tool
Table
Description
notblocked
Logs items that Adaptive Defense 360 did not scan because of exceptional situations, such as service timeout on start, configuration changes, and so on.
ops
Logs all operations performed by processes seen on the network.
processnetbytes
Logs the data usage of processes seen on the network.
registry
Logs all operations performed on registry entries typically used by malicious programs to persist after a computer restarts.
socket
Logs all network connections established by the processes seen on the network.
toastblocked
Contains a record for each process blocked because Adaptive Defense 360 has not yet returned a relevant classification.
urldownload
Contains information on HTTP downloads performed by processes seen on the network.
vulnerableappsfound
Logs every vulnerable application found on each computer on the network.
Click a knowledge table name to show the data in that table. This example shows the vulnerable applications knowledge table (vulnerableappsfound).
Each row in the table is a monitored event. A set of fields provides the details of each event, such as when the event occurred, the computer where it was detected, IP address information, and more. Use the operations toolbar to filter the results or perform other data operations.
For example, based on the criteria you specify, you can create a new column, filter the data, and group data together.
73
WatchGuard Technologies, Inc.
Advanced Reporting Tool You can also create alerts directly from your search query. For more information, see Configure Alerts. This example filters the data to show only Windows computers, based on the endpoint machine name.
Endpoint Security Essentials Study Guide
74
Advanced Reporting Tool
Advanced Reporting Applications The Advanced Reporting applications are preconfigured application dashboards that provide you with specific information about your network in these areas: n
Security Incidents
n
Application Control
n
Data Access Control
Security Incidents The Security Incidents application dashboard enables you to analyze malware activity on your users' computers, and generate baseline data for forensic analysis of malware incidents.
You can use security incident data to monitor malware detections and execution, and update your organization’s security policies as required.
The Security Incidents application dashboard shows: n
Malware, exploits, potentially unwanted programs (PUPs), and anomalous processes detected and their execution status.
n
Endpoints with most infection attempts and detected malware.
n
Endpoints with vulnerable applications.
This dashboard also provides visibility into the executed applications that are not authorized by your organization's IT policies:
75
n
Most and least frequently executed applications, such as script-based applications (PowerShell, Linux shell, Windows cmd shell)
n
Remote access applications, such as TeamViewer and VNC
n
Unwanted freeware applications, such as Emule and torrent
WatchGuard Technologies, Inc.
Advanced Reporting Tool
The Security Incidents dashboard includes these sections: Key Security Indicators Provides an overview of malware activity on your network. This includes the types of malware, PUPS, and exploits detected, the endpoints affected, and if the malware was successfully executed. Detailed Information Provides detailed information about the security incidents caused by malware on your endpoints.
Endpoint Security Essentials Study Guide
76
Advanced Reporting Tool
Application Control The Application Control dashboard offers detailed information about the applications installed and executed on your users' computers.
Use Application Control data to identify applications that are unwanted, unauthorized, unlicensed, have known vulnerabilities, consume a high amount of bandwidth, or are scripting, remote access, or system tools.
You can track the resource usage patterns of your users to enforce and enhance your organization's security policies: n
Find corporate and non-corporate applications that run on your network
n
Find vulnerable applications installed on the network that can lead to infection or impact network performance
n
Manage Microsoft Office license controls
n
Show which applications consume the highest bandwidth
The Application Control dashboard includes these sections: IT Applications Shows which applications have executed on your users' computers, and provides basic control of Microsoft Office licenses in use on your network. Vulnerable Applications Indicates the vulnerable applications installed or executed on your users' computers. Use this chart to prioritize these computers when you update software with known vulnerabilities.
77
WatchGuard Technologies, Inc.
Advanced Reporting Tool Bandwidth Consuming Applications Displays the volume and percentage of bandwidth consumed by the applications that run on the network. You can use this information to identify applications with above average consumption and optimize bandwidth use across your network. Special Applications and Tools Displays scripting, remote access, administrator and system tools as well as unwanted free software applications that run on the network. This chart also details which applications were run on specific computers and by specific users, and how many times the application executed.
Data Access Control The Data Access Control application dashboard displays the data that leaves your network and enables you to detect data leaks and theft of confidential information.
Data Access Control provides information that enables you to track bandwidth usage, identify data leaks, and monitor file access and execution activity.
The application can show you: n
Files that network users most commonly access and run.
n
Calendar charts and maps that show the data sent over the last year.
n
Which users access specific computers on the network.
n
Countries that receive the highest number of connections from your network that can indicate malware activity.
The Data Access Control dashboard includes these sections:
Endpoint Security Essentials Study Guide
78
Advanced Reporting Tool Outbound Network Traffic Displays information about the volume of data sent from your network. The charts show the absolute and relative amounts of data transferred, as well as geolocation maps to show the destinations where the largest amount of data was sent. User Activity Displays information about network activity by authenticated users. Bandwidth Consumers Displays the application processes and users that used the most inbound and outbound network bandwidth. Data File Accessed Displays the files most accessed by your network users, and includes file access and execution statistics by user and file extension.
79
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Configure Alerts With the Advanced Reporting Tool, you can configure alerts based on events that indicate a security risk or the infringement of your corporate data management policy. Alerts help you to react quickly to immediate security risks, without the need to continuously monitor Adaptive Defense 360 from the management console.
You can define the events that generate an alert, the delivery methods, the frequency of alerts (to avoid notification floods), and powerful filters to modify alerts before they are sent. This helps you identify the most critical security events you want the Advanced Reporting Tool to notify you about.
You can customize the alerts system to configure the conditions that generate an alert, the frequency of alerts, and the delivery method to alert recipients. To set up a new alert, you must: Create an Alert Define the type of event from the knowledge table that generates an alert. Configure Delivery Methods Determine the delivery method and specify the necessary information, such as an email address for email notifications. Create an Anti-Flooding Policy Specify maximum thresholds for alert generation to avoid floods of repeated alerts. Create and Assign a Sending Policy Use a sending policy to define these parameters for alert delivery: n
Anti-flooding policy
n
Delivery schedule and method
Create Post Filters Enables you to edit an alert before the Advanced Reporting Tool sends it.
Endpoint Security Essentials Study Guide
80
Advanced Reporting Tool
Create an Alert Alerts are tasks that monitor active queries to find and report on specific events or conditions. The system provides several default alerts that are generated by malware detection, bandwidth consumption, and outbound data detection.
Default Alerts You can manage the default alerts and the custom alerts you create. To manage alerts, select Administration > Alert Configuration.
Custom Alerts To create custom alerts, you can use the Data Search page to search for data and then apply a query filter based on your specified criteria. From the main menu, click
81
to start your data search.
WatchGuard Technologies, Inc.
Advanced Reporting Tool Open the required data table, then query the data with the operations and filters necessary to identify the alert condition. For more information, see Search Data.
Click
, then select New Alert Definition from the settings drop-down list.
Configure the alert parameters, such as the alert notification message summary, description, category tag, priority, and the frequency (period and threshold) settings.
Endpoint Security Essentials Study Guide
82
Advanced Reporting Tool
For example, if you configure the frequency with a period of 5 minutes and a threshold of 30, the Advanced Reporting Tool does not send an alert until 30 events occur in the 5 minute period. If 60 events occur in that 5 minute period, a second alert is generated. When the period is complete, the event counter resets.
83
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Configure Delivery Methods You can create a delivery method for the recipients of generated alerts, and then associate the delivery method with sending policies to specify how to send alerts and to which recipients. You can send alerts in various ways, such as email, HTTP-JSON, Service Desk, Jira, Pushover, PagerDuty, and Slack. To configure delivery methods, select Administration > Alert Configuration, then select the Delivery Methods tab.
Create an Anti-Flooding Policy An anti-flooding policy defines a limit to the number of alert notifications to send if the alert is generated frequently over a short period of time. This prevents recipients from receiving repeated notifications about an alert. The default anti-flooding policy sends a single alert to a recipient up to five times in a period of one hour. If the event persists, the recipient receives a reminder after another hour. To configure the anti-flooding policy, select Administration > Alert Configuration, select the Alert Policies tab, then select Anti-Flooding Policy.
Endpoint Security Essentials Study Guide
84
Advanced Reporting Tool
Create and Assign a Sending Policy An alert sending policy enables you to define how, when, and how often to send alerts to specific recipients. To configure the sending policy, select Administration > Alert Configuration, select the Alert Policies tab, then select Sending Policy.
85
WatchGuard Technologies, Inc.
Advanced Reporting Tool
Create Post Filters Click the Post Filters tab to apply actions to generated alerts that meet your specific filter conditions. Actions include modify the priority, mark the alert as read, or classify the alert as a false positive. For example, you can change the priority of an alert to High if the event is a high priority security event that you want to be quickly notified about, such as a high number of port scans in a specific period of time. A single alert can have one or several post filters. To configure post filters, select Alerts from the menu, then click the Post Filters tab. Find an occurrence of the alert you want to create the post filter for. From the Actions column, open the menu, then select New Filter.
These are the actions you can perform when the alert meets your specified criteria: n
Mark as read — Marks the alert as Watched.
n
Change priority — Changes the priority level.
n
False positive — Marks the alert as a false positive.
n
Change notify method — Changes the delivery method for the alert.
n
Delete — Deletes the alert from alert history and does not distribute it.
Endpoint Security Essentials Study Guide
86
Advanced Reporting Tool
Alert Management To view and manage your generated alerts, select Alerts from the menu.
Click the Alerts Dashboard tab to see the Alerts Overview widget that displays informative charts about generated alerts, and the Alerts History widget that shows a list of generated alerts. Click a filter or time range to filter the alerts. You can also click on a column to sort the alerts.
87
WatchGuard Technologies, Inc.
Data Control
Data Control Data Control is only supported in certain European countries. Although Data Control is included in Endpoint Security Essentials technical training, there are no questions about Data Control on the Endpoint Security Essentials technical certification exam. If Data Control is not supported in your country, you do not need to complete this section.
This section describes how to use Data Control to collect detailed information about files that include PII (Personally Identifiable Information). The Threat Intelligence Platform receives information from Data Control, processes and enriches it, then sends it to the Advanced Visualization Tool for advanced visualization and presentation. This section also covers these topics: n
Data Control overview
n
Data Control architecture
n
Requirements
n
How to configure settings
n
Data Control dashboard
For further information, see Additional Resources.
Endpoint Security Essentials Study Guide
88
Data Control
Data Control Overview Features Data Control includes these features:
Data Discovery n
Creates an inventory of unstructured files that includes personally identifiable information, along with the number of times that each information type appears in order to assess its relevance
n
Provides information about the characteristics of all files discovered
Data Monitoring n
Monitors actions carried out on PII files (data in use)
n
Provides up-to-date inventory of the PII files found on each computer on the network (data at rest)
n
Shows the history of attempts to copy or transfer files between computers (data in motion) as well as the means used in the operation (email client, Web browser, FTP, etc.)
Data Visualization n
Real-time synchronization to the Data Control server to show the results of the discovery and continuous monitoring of files
n
Tools to interpret the events recorded on PII
How Data Control Works Data Control discovers personal information, monitors and sends events, updates dashboards and knowledge tables, and detects file exfiltration and infiltration operations.
89
WatchGuard Technologies, Inc.
Data Control
Discover Personal Information Discovery of personal information runs on the computers protected by Adaptive Defense 360. The agent scans all mass storage devices connected to the workstation or server (local hard drives, external hard drives, USB drives, and RAM disks) for unstructured files that contain personal information. This search launches when the Data Control module is enabled for the first time from the Adaptive Defense 360 console. Data Control can discover these types of personal information: n
Bank account numbers
n
IP addresses
n
Addresses and ZIP/postal codes
n
Locations (cities) and countries
n
First names and last names
n
Drivers license numbers
n
Personal ID numbers
n
Passport numbers
n
Social security numbers
n
Phone numbers
n
Credit card numbers
Supported Countries n
Germany
n
Austria
n
Belgium
n
Denmark
n
Spain
n
Finland
n
France
n
Hungary
n
Ireland
n
Italy
n
Norway
n
Netherlands
n
Portugal
n
Sweden
n
Switzerland
n
United Kingdom
Endpoint Security Essentials Study Guide
90
Data Control
Supported Mass Storage Devices n
Local hard disks
n
USB storage devices
n
Virtual RAM drives
n
CD-ROMS, DVDs, Blu-Ray discs, etc.
Supported File Types n
Office
n
OpenOffice
n
PDF
n
TXT
n
HTML
n
CSV
Supported Program Extensions, Packers, and Compression Programs For a full list of supported program extensions, packers, and compression programs, see Additional Resources.
Monitor and Send Events For every action that a process takes on a PII file, Data Control stores a single event with detailed information about the elements involved.
Update Dashboards and Knowledge Tables Based on the information sent by the Adaptive Defense 360 agents, the Data Control server evaluates if the reported files contain personal data. If it is a PII file, Data Control accumulates all events received to feed the various dashboard widgets. Data Control adds the data received into the PII knowledge tables so you can filter, search, and analyze the data. This data is stored for 12 months to enable forensic analysis with tools in the Data Control console.
Detect of file Exfiltration and Infiltration Operations Data Control monitors specific actions taken by processes that could send or receive data. Machine learning algorithms assess the probability that those operations are part of an unauthorized data exfiltration/infiltration attempt. Data Control classifies the operation, and notifies the high probability of a security incident to the administrator (based on administrator set up of notifications).
91
WatchGuard Technologies, Inc.
Data Control
Data Control Architecture Data Control consists of these components: n
Adaptive Defense Server (1)
n
Computers/devices protected by Adaptive Defense 360 (2)
n
Advanced Visualization Tool server and web management console (3)
n
Network administrator (4)
n
Dashboards/applications (5)
n
Accumulated knowledge tables/PII knowledge tables (6)
Adaptive Defense Server A high-availability server farm that harvests all events related to PII files generated on users’ computers and servers. Computers/Devices Protected by Adaptive Defense 360 Generates security intelligence through machine learning technology on big data repositories. This security intelligence and the events collected from the protected computers are sent directly to the Data Control server. Advanced Visualization Tool Server and Web Management Console Generates the widgets, dashboards, and graphical applications that present the collected data in an ordered and easy-to-understand way. Network Administrator The Network Administrator computer used to manage Data Control. Dashboards/Applications Relevant information for the IT team appears on the dashboard accessible from the web management console: n
PII file inventory — Provides a daily snapshot of files discovered on workstations and servers on the network and compares their evolution over time.
Endpoint Security Essentials Study Guide
92
Data Control n
Files and machines with PII — Identifies PII files on the network, and shows the computers they are on and the actions taken.
n
User operations on PII files — Shows the operations that users take on PII files, and provides details of the physical device they are on (hard disk, USB drive, etc.)
n
Risk of PII extraction — Shows actions that could represent a leak of personal data.
Accumulated Knowledge Tables/PII Knowledge Tables Data Control stores the personal identifiable information (PII) in a single table with the following features:
93
n
Raw data storage — Data Control monitors workstations and servers, along with security intelligence information generated by the Adaptive Defense 360 server.
n
Continuous storage — All processes are continuously monitored and the information sent for storage.
n
Real-time storage — Data Control uses real time storage in the PII Knowledge Table as the base to generate applications and charts in the Adaptive Visualization Tool, and enables you to filter and transform that data into groups, organization, searches, etc..
WatchGuard Technologies, Inc.
Data Control
Data Control Requirements Data Control requires specific platforms and software.
Supported Platforms Data Control supports these Microsoft Windows operating systems: n
Windows XP SP3 and higher
n
Windows Server 2003 SP1 and higher
Data Control does not support Linux and macOS.
Microsoft Filter Pack Component Microsoft Office includes the Microsoft Filter Pack component. Only IFilter components that correspond to Microsoft Office suite products installed on users’ computers are automatically installed. To install Microsoft IFilter Pack separately, see https://www.microsoft.com/en-us/download/details.aspx?id=17062.
Endpoint Security Essentials Study Guide
94
Data Control
Data Control Settings Key Concepts Indexing Process The indexing process inspects and stores the contents of files supported by Data Control, and generates an inventory of PII files to enable content-based searches of files. Indexing processes have a low impact on computer performance but might take considerable time. For this reason, you can schedule the start of the indexing task or limit its scope to expedite the process and improve the results returned by searches. PII File Inventory After a computer is indexed and all entities and PII files identified, Data Control generates an inventory, accessible to the administrator, with the names of the files and their characteristics. File Searches Data Control find files by name, extension, or content on the indexed storage drives of computers on the network. Searches run in real time — as soon as you launch a search task, it deploys to the target computers and starts to send results before the task completes.
Open Data Control Settings To open the Data Control settings, click Settings, then from the left pane, select Data Control.
Personal Data (inventory, searches, and monitoring)
95
n
Generate and keep an up-to-date inventory of personal data — Shows the PII files detected on the network in the dashboard widgets and in lists. For the PII files stored on a specific computer to appear in the console, the inventory process must have completed on that computer. You can exclude files.
n
Monitor personal data on disk — Monitors the process actions executed on the PII files stored on computers.
WatchGuard Technologies, Inc.
Data Control n
Allow data searches on computers — Enables you to search for files by name or contents, if they are previously indexed. When you select this option, Data Control starts to index the files stored on user computers.
n
Monitor personal data in email — Monitors the actions executed on personal data stored in email.
Rule-based File Monitoring This section enables you to monitor files based on defined rules. Advanced Indexing Options You can choose between two types of indexing operations based on whether you want to generate an inventory of PII files across the network or search files by content. n
Index text only — only text is indexed unless it is part of an entity recognized by Data Control. With this option selected, searches by content will be more limited. Index text only is recommended if you only want to generate an inventory of PII files across the network.
n
Index all content — text and alphanumeric characters are indexed. Index all content is recommended if you want to perform accurate content searches and generate an inventory of PII files across the network.
Write to removable storage drives This enables you to specify which computers in the network can write to external USB storage media.
Endpoint Security Essentials Study Guide
96
Data Control
Data Control Dashboard To open the Data Control dashboard, select Status, then from the left pane, select Data Control.
The Data Control dashboard shows: n
Deployment Status — Shows computers where Data Control runs correctly and computers with errors. The colored circles and associated counters show the status of the computer. The Deployment Status panel shows computer status in graphical and percent form.
n
Offline Computers o > 3 days
n
o
> 7 days
o
> 30 days
Update Status o Updated o
n
n
n
97
Pending restart
Indexing Status o Indexed o
Indexing
o
Not indexed
Features Enabled on Computers o Searches o
Monitoring
o
Inventory
Files Deleted by the Administrator o Pending Deletion o
Deleted
o
Pending Restore
WatchGuard Technologies, Inc.
Data Control n
Files with Personal Data
n
Computers with Personal Data
n
Files by Personal Data Type o Personal ID Numbers o
Passport Numbers
o
Credit Card Numbers
o
Bank Account Numbers
o
Driver's License Numbers
o
Social Security Numbers
o
Email Addresses
o
IPs
o
First and Last Names
o
Addresses
o
Phone Numbers
Endpoint Security Essentials Study Guide
98
About the Endpoint Security Essentials Exam
About the Endpoint Security Essentials Exam The Endpoint Security Essentials exam tests your knowledge of the endpoint security advanced protection model and how to install, configure, and operate the WatchGuard products: Adaptive Defense 360, Patch Management, Full Encryption, and Advanced Reporting Tool. This exam is appropriate for students with a basic understanding of network administration.
Data Control is only supported in certain European countries. Although Data Control is included in Endpoint Security Essentials technical training, there are no questions about Data Control on the Endpoint Security Essentials technical certification exam.
Key Concepts To successfully complete the Endpoint Security Essentials exam, you must understand these key concepts:
Endpoint Security Technology Knowledge n
Threats
n
Protection models
n
Multi-layered detection technologies
Endpoint Security Product Knowledge n
General understanding of Adaptive Defense 360
n
General understanding of Advanced Reporting Tool
n
General understanding of Patch Management
n
General understanding of Full Encryption
Endpoint Security Essentials Study Guide
99
About the Endpoint Security Essentials Exam
Exam Description Content 50 multiple choice (select one option), multiple selection (select more than one option), true/false, and matching questions Passing score 75% correct Time limit Two hours Reference material You cannot look at printed or online materials during the exam. Test environment This exam is proctored through Kryterion, with two testing options: n
Onsite, at a Kryterion test center
n
Online, with a Kryterion online proctor
Prerequisites The Endpoint Security Essentials technical exam focuses heavily on applied knowledge and troubleshooting of the product. We strongly recommend you take available courses and practice with the product before you take the exam.
Prepare for the Exam WatchGuard provides training and online courseware to help you prepare for the Endpoint Security Essentials exam. In addition to this study guide, and the training and courseware described below, we strongly recommend that you install and explore the products before you begin the exam.
Instructor-Led Training To get hands-on experience, we recommend that you attend an instructor-led training class. Classes are often held inregion, sponsored by sales or a local WatchGuard distributor. We also offer complimentary VILT technology-based training classes for partners. WatchGuard end-users can register for a class with our network of WatchGuard Certified Training Partners (WCTPs). n
Partners — Register for training here (login required)
n
End-users — View the current WCTP training schedule on the WatchGuard website
Self-Study Course WatchGuard offers online and video-based courseware that you can study to help you prepare for the exam. To prepare for this exam, complete the Endpoint Security Essentials course.
100
WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam The Endpoint Security Essentials courseware is available on the WatchGuard Portal (login required). To see the content: n
Partners — Log in to the Learning Center and go to Technical Training > Endpoint Security > Endpoint Security Essentials.
n
End users — Go to the Courseware page in WatchGuard Support Center.
Assessment Objectives The Endpoint Security Essentials Exam evaluates your knowledge of the categories in the list below. For each category, the Weight column indicates the approximate percentage of exam questions from that category.
Some exam questions require skills or knowledge from more than one category. The weight does not correspond exactly to the percentage of exam questions.
Category
Knowledge Areas
Weight
Endpoint Security Technology Basics
Understand the cyberthreat context and the evolution in Endpoint Security technologies that define our protection model.
15%
Adaptive Defense 360
Advanced Reporting Tool Basics
n
Threats
n
Protection models
n
Multi-layered detection technologies
Understand the Adaptive Defense 360 protection cycle, learn how to install, deploy, and configure the protection and manage the security of your network from the web console. n
Requirements and deployment methods
n
Security dashboards and lists
n
Device management
n
Settings management
n
Automatic and manual remediation tools
n
Product features by platform
Interpret the Advanced Reporting Tool dashboards and the specific information they provide about your network. n
Web console data panels and widgets to view and analyze security data
n
Advanced searches of the data generated by Adaptive Defense 360 and other events
n
Preconfigured application dashboards to analyze security incidents, control of IT, vulnerable, bandwidth-consuming or special application or tools
Endpoint Security Essentials Study Guide
45%
15%
101
About the Endpoint Security Essentials Exam
Patch Management Basics
Full Encryption Basics
102
n
Data Access Control application dashboard to track bandwidth usage, identify data leaks, and monitor file access and execution activity
n
Alerts and custom settings based on specific criteria
Understand how to use Patch Management to find and update computers on the network with known software vulnerabilities. n
Requirements
n
Dashboards, lists, end-of-life programs, available patches, filters, and actions menus.
n
Download, install, and uninstall patches.
n
Settings (Windows updates, automatic search, frequency, criticality, etc.)
Understand how to use Full Encryption to manage encryption on network computers protected with Adaptive Defense 360. n
Encryption Concepts (TPM, PIN, passphrase, USB, key, recovery key, etc.)
n
Supported authentication types
n
Supported storage devices
n
Requirements (operating system versions and hardware)
n
Settings
n
Dashboards and lists
20%
20%
WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam
Sample Exam Questions The Endpoint Security Essentials exam includes multiple choice, multiple selection, true/false, and matching questions. This section provides examples of the types of questions to expect on the exam. Answers to each question appear on the last page.
Questions 1. Which of the following statements about Full Encryption are false? (Select four.) a. The recovery keys are 32 characters long. b. All encrypted volumes have the same recovery key. c. The console does not display the recovery keys for computers encrypted by users. d. The computer asks you for the recovery keys if you forgot the password. e. The recovery keys are stored locally on each computer. f. The recovery keys can be reset by booting into Safe Mode. 2. To install Adaptive Defense 360, you must make sure your network computers have required ports open. a. True b. False 3. With Adaptive Defense 360, you can schedule reports but not run reports on demand. a. True b. False 4. You activate new Adaptive Defense 360 licenses from WatchGuard Support Center. a. True b. False 5. Adaptive Defense 360 includes several remediation actions for a computer or group of selected computers. From this list, select the valid remediation options. (Select five.) a. Scan computer b. Reinstall protection c. Send to quarantine d. Restart computer e. Isolate f. Reinstall agent g. Disinfect h. Log off user
Endpoint Security Essentials Study Guide
103
About the Endpoint Security Essentials Exam 6. With Patch Management, what AD360 configuration option can you use to prevent the installation of a patch on a specific computer? a. Isolate computer b. Uninstall patch c. Quarantine computer d. Exclude computer e. Schedule installation 7. In Advanced Reporting Tool, which of these settings do you configure in a sending policy for alerts? (Select three.) a. Anti-flooding policy b. Post filter c. Delivery schedule d. Delivery method 8. You can install Adaptive Defense 360 and Patch Management on the same computer. a. True b. False 9. Fileless malware is extremely dangerous because it encrypts the user drive. a. True b. False 10. A customer in your organization reported that they see a Protection Error when they open Adaptive Defense 360 on their local computer. What PSInfo tools can you use to try to resolve the error? (Select two.) a. Force Sync b. Repair Protection Enable/Disable Advanced Logs c. Panda URL Checker d. PSErrorTrace e. Advanced Firewall Technology
Answers Many exam questions test knowledge in more than one area.
1. a, b, e, and f 2. True 3. False 4. True 5. a, b, d, e, and f 6. d
104
WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam 7. a, c, and d 8. True 9. False 10. a and b
Endpoint Security Essentials Study Guide
105
Additional Resources
Additional Resources This guide provides a summary of the basic information covered in training classes, videos, and product documentation. To increase your skills and knowledge, we recommend that you get hands-on practice with the products and review other technical resources. This appendix provides a list of additional resources but you should explore the product documentation for additional details beyond the suggested topics. To see the videos: n
Partners — Log in to the Learning Center and go to Technical Training > Endpoint Security > Endpoint Security Essentials.
n
End users — Go to the Courseware page in WatchGuard Support Center.
For a list of additional resources for each section of this guide, see: n
Endpoint Security Technology Additional Resources
n
Adaptive Defense 360 Additional Resources
n
Patch Management Additional Resources
n
Panda Partner Center Additional Resources
Endpoint Security Technology Additional Resources Administration Guide: n
Overview chapter https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
What is Panda Adaptive Defense 360? https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=001.htm
Endpoint Security Essentials Study Guide
106
Additional Resources
Adaptive Defense 360 Additional Resources Information on Adaptive Defense 360 is available from the Administration Guide, Online Help, and Knowledge Base. Panda Adaptive Defense 360 Administration Guide https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
To interpret the information in the management console accurately and draw conclusions that help to bolster corporate security, certain technical knowledge of the Windows environment is required with respect to processes, the file system, and the registry, as well as understanding the most commonly used network protocols. The primary audience for the guide is network administrators who manage corporate IT security.
Online Help http://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.ht m Knowledge Base https://www.pandasecurity.com/en/support/busqueda_completa_ enterprise?idIdioma=2&idSolucion=212&idProducto=196&idArea=1
Overview Administration Guide: n
Overview chapter https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
http://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.ht m
Knowledge Base: n
107
What is Aether Platform?
WatchGuard Technologies, Inc.
Additional Resources
Get Started with Adaptive Defense 360 Administration Guide: n
Panda Account chapter https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Knowledge Base: n
Information regarding non-validated accounts for Panda Cloud products and services
n
How to enable and configure Two Factor Authentication in Panda Adaptive Defense and Endpoint Protection products?
n
Frequently Asked Questions regarding the Panda Account in Panda Cloud products
n
How can I access the Web console of Adaptive Defense and Endpoint Protection products?
Install Adaptive Defense 360 Administration Guide: n
Part 3: Deployment and Getting Started section https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/v10/en/index.ht m#t=033.htm
Knowledge Base:
Installation and Uninstallation n
How to create an image for Windows persistent and non-persistent environments (VDI) with products based on Aether Platform
n
How to uninstall products based on Aether platform in Windows, Linux, macOS and Android
n
Can I install Adaptive Defense 360 on Aether on computers with Adaptive Defense and Endpoint Protection products?
n
How does the automatic discovery of computers work in Aether-based products?
n
How to fix errors in the protection and agent of products based on Aether Platform?
n
How to install the agent of products based on Aether Platform in Windows, Linux, MacOS and Android?
n
Which programs are automatically uninstalled by Adaptive Defense and Endpoint Protection products?
Requirements n
Installation requirements of products based on Aether Platform for Linux platforms
n
Installation requirements of products based on Aether Platform for Windows
n
Requirements for the cache role settings in products based on Aether Platform
Endpoint Security Essentials Study Guide
108
Additional Resources n
List of compatible browsers to access the console of products based on Aether Platform
n
Installation requirements of products based on Aether Platform for macOS platforms
n
URLs and ports required for products based on Aether Platform to communicate with server
n
Requirements for the discovery of computers and remote installation in products based on Aether Platform
n
Requirements for the proxy and language settings in products based on Aether Platform
n
Installation requirements of products based on Aether Platform for Android platforms
Videos: n
Installing Panda Adaptive Defense 360
n
How to carry out the computer discovery & remote installation with Aether Platform
View Status Administration Guide: n
Part 2: The Management Console > Status Area Overview section https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
n
Part 6: Viewing and Managing Threats https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=126.htm
n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=130.htm
n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=178.htm
Knowledge Base: n
What happens when the licenses of an Aether-based product expire?
n
How to assign and release product licenses with Aether-based products?
n
How can I see the computer details in Aether Platform?
n
How can I see at a glance the security status of my network with products based on Aether Platform?
Videos: n
Main dashboard: Panda Adaptive Defense 360 on Aether Platform
n
Using lists in the Aether Platform console
View Computers Administration Guide:
109
WatchGuard Technologies, Inc.
Additional Resources n
Managing Computers and Devices chapter https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=047.htm
Knowledge Base: n
How can you manage the computers and devices of your organization? Filters, My organization and Active Directory
n
How do manual and automatic assignment of settings work in products based on Aether Platform?
n
How does the automatic assignment to groups by IP work in Aether?
n
What is the RAM unit to be entered when you create a filter in Aether Platform?
Videos: n
How to create filters in Aether Platform
n
Creating a software or hardware filter in Aether Platform
Settings Administration Guide: n
Managing Settings and Alerts chapters https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=074.htm
n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=207.htm
Knowledge Base: n
How can I find out the version of my Aether-based product?
n
How does the Advanced Protection for Windows, Linux and macOS in products based on Aether work?
n
What are the security settings for workstations and servers of Aether-based products?
n
How does the anti-exploit technology included in Panda Adaptive Defense and Endpoint Protection products work?
n
What are the predefined categories of the web access control of products based on Aether?
n
What is the layer detection model of Panda Adaptive Defense?
n
What is real time in Aether Platform?
Videos:
Endpoint Security Essentials Study Guide
110
Additional Resources n
Configuring management users
n
How to change the settings of a specific computer
n
How real-time works on Aether Platform
n
Setting up a two-factor authentication for your Panda login
n
Setting profiles in the Aether Platform console
n
Setting up a new user role and user account in the Aether Platform console
Remediation Tools Administration Guide: n
Part 7: Security Incident Remediation chapter https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf
Online Help: n
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h tm#t=205.htm
Videos: n
Isolating an endpoint in Aether Platform console
Troubleshooting Knowledge Base:
Installation Errors n
Error messages during the installation or upgrade of products based on Aether Platform
n
Communication error when installing a product based on Aether
n
Error messages upon discovering computers and installing remotely in Aether-based products
n
Error 12175 during the installation of the protection of products based on Aether Platform
Errors Accessing the Console n
Information regarding non-validated accounts for Panda Cloud products and services
Other Issues with the Product n
How to report issues related to products based on Aether Platform from the console?
Upgrade and Update Errors
111
n
Issues with the upgrade caused by the fast boot option
n
How to fix knowledge or signature update errors in Adaptive Defense and Endpoint Protection products
WatchGuard Technologies, Inc.
Additional Resources
Product Features by Platform Knowledge Base:
Windows n
How to integrate a TDR Host Sensor with a host running Panda Security
n
Creating exclusions for products based on Aether Platform
n
List of Adaptive Defense/Endpoint Protection details to exclude from system or computer restore software
n
How to set up a password against unauthorized protection tampering?
Android n
How to report an issue in Android devices protected with products based on Aether Platform?
n
How to install the protection from an EMM compatible with the Android Enterprise features in products based on Aether
Endpoint Security Essentials Study Guide
112
Additional Resources
Patch Management Additional Resources Information about Patch Management is available from the Administration Guide and Knowledge Base. Adaptive Defense 360 Administration Guide, Chapter 15 https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf Knowledge Base https://www.pandasecurity.com/en/support/busqueda_completa_ enterprise?idIdioma=2&idSolucion=219&idProducto=203&idArea=1
Full Encryption Additional Resources Information about Full Encryption is available from the Administration Guide and Knowledge Base. Administration Guide https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf Knowledge Base https://www.pandasecurity.com/en/support/busqueda_completa_ enterprise?idIdioma=2&idSolucion=220&idProducto=204&idArea=1
Data Control Additional Rescources Information about Data Control is available from the Administration Guide and Knowledge Base. Administration Guide https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o AP-guide-EN.pdf Knowledge Base https://www.pandasecurity.com/en/support/busqueda_completa_ homeusers?idIdioma=2&idSolucion=218&idProducto=202&idArea=1
Advanced Reporting Tool Additional Resources Information on the Advanced Reporting Tool is available from the Administration Guide, Online Help, and Knowledge Base.
113
WatchGuard Technologies, Inc.
Additional Resources Advanced Reporting Tools Administration Guide http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOLGuide-EN.pdf Knowledge Base https://www.pandasecurity.com/en-us/support/advanced-reporting-tool.htm Videos https://www.youtube.com/watch?v=knHOKAijof8
Overview and Web Console Administration Guide: n
Chapter 2: Introduction; Chapter 3: The Web Console http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOLGuide-EN.pdf
Knowledge Base: n
System requirements for the Advanced Reporting Tool
Data Search Online Help: n
Search data
n
Building a query
n
Working in the search window
Knowledge Base: n
How to add external data to an existing table in Advanced Reporting Tool
n
How to get updated information about a file's classification in Advanced Reporting Tool
Advanced Reporting Administration Guide: n
Chapter 4: Introduction to the Applications; Chapter 5: Configured Applications http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOLGuide-EN.pdf
Knowledge Base: n
Special applications and tools tables in the Advanced Reporting Tool
Alerts Administration Guide:
Endpoint Security Essentials Study Guide
114
Additional Resources n
Chapter 6: Alerts http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOLGuide-EN.pdf
Online Help: n
Alerts and notifications
n
Create new alerts
n
Configure Alerts
n
Manage triggered alerts
Knowledge Base: n
How to modify and disable the Advanced Reporting Tool predefined alerts
Panda Partner Center Additional Resources Panda Partner Center Administration Guide http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf Online Help http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm
Overview Administration Guide: n
Part 1: Introduction to Panda Partner Center and Access and Authorization in Panda Partner Center chapter http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=001.htm
n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=015.htm
License Management Administration Guide: n
Product and License Management chapter http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=029.htm
Status Administration Guide:
115
WatchGuard Technologies, Inc.
Additional Resources n
Part 2: The Management Console and Client Management chapter > Monitoring Clients section http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=007.htm
n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=027.htm
Clients Administration Guide: n
Client Management chapter http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=023.htm
Settings Administration Guide: n
Part 4: Device and Security Management http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=059.htm
n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=066.htm
Reports Administration Guide: n
Reports chapter http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help: n
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=077.htm
Endpoint Security Essentials Study Guide
116
View more...
Comments
