Isa PPWManual

Manual
POLI CY PATROL WEB

MANUAL
Policy Pat rol Web
Version 1.0
This manual, and the software described in this manual, are copyrighted. No part of this manual or the
described software may be copied, reproduced, translated or reduced to any electronic medium or machine-
readable form without the prior written consent of Red Earth Software except that you may make one copy of
the program solely for back-up purposes.

Policy Patrol
is a registered trademark of Red Earth Software
. All product names referenced in this

documentation belong to the respective companies.

Copyright 2001-2006 by Red Earth Software. All rights reserved.

i
Table of Cont ent s
Introduction ............................................... 5
Why is web filtering necessary?.................................5
Policy Patrol Web.....................................................5
Policy Patrol features ...............................................6
How Policy Patrol addresses web threats ....................6
What makes Policy Patrol unique? .............................6
About the Policy Patrol range ....................................7
Pre-installation........................................... 9
System requirements...............................................9
Gathering necessary information ...............................9
Configure Authentication in ISA Server.....................10
Remove existing cache...........................................12
Installation............................................... 14
Installation ...........................................................14
Policy Patrol Configuration Wizard ...........................17
Import users from Active Directory......................19
Import users from an NT domain ........................20
Import users from a text file...............................20
Policy Patrol Services .............................................21
Remote administration...........................................21
Users & quotas ......................................... 25
Licensing users .....................................................25
Import users from Active Directory......................25
Import users from an NT domain ........................26
Import users from a text file...............................26
Setting bandwidth limits ....................................28
Setting time limits.............................................28
Editing user quotas ................................................28
Monitoring user quotas...........................................29
Configuring quota rules ..........................................30
How quotas are calculated ......................................31
User security............................................. 33
User access rights..................................................33
Component rights ..................................................35
Folder rights .........................................................36
Inheritance of folder rights .................................37
Configuring rules....................................... 39
Configuring a new rule ...........................................39
Configuring a Web Page rule ...................................40
Step 1. Rule Type..............................................40
Step 2. Rule Users.............................................40
Step 3. Rule Traffic & Protocols ...........................40
Step 4. Rule Conditions......................................41
Step 5. Rule Exceptions .....................................46
Step 6. Rule Actions ..........................................46
Step 7. Rule Scheduling .....................................49
Step 8. Rule Name ............................................50
Configuring a File rule ............................................50
Step 1. Rule Type..............................................50
Step 2. Rule Users.............................................50
Step 3. Rule Traffic & Protocols ...........................51

C O N T E N T S

i i
Step 7. Rule Scheduling.....................................58
Step 8. Rule Name ............................................58
Configuring a Quota rule ........................................58
Step 1. Rule Type .............................................58
Step 2. Rule Users ............................................59
Step 7. Rule Scheduling.....................................62
Step 8. Rule Name ............................................62
Editing existing rules..............................................62
Copying rules........................................................63
Ordering rules.......................................................63
Creating Filters ......................................... 65
Creating a Word/Phrase filter ..................................65
Case sensitivity.................................................66
Score ..............................................................66
Multiple count...................................................66
Apply when ......................................................66
Import/Export ..................................................67
Remove duplicates ............................................67
Creating a File filter ...............................................67
Creating an IP filter ...............................................68
Editing filters ........................................................69
Copying filters.......................................................70
Creating Templates................................... 71
Creating an Email notification template ....................71
Creating a Tag template.........................................73
Editing templates ..................................................74
Copying templates.................................................74
Fields...................................................................74
User fields........................................................74
Web page fields ................................................75
File fields .........................................................75
Quota fields......................................................75
Date/Time fields................................................75
Other fields ......................................................76
HTML Block pages ..................................... 79
Creating block pages..............................................79
Sample block pages ...............................................79
Blocked access page ..............................................79
Creating schedules.................................... 81
Create a schedule ..................................................81
Editing a schedule..................................................82
Copying a schedule................................................82
URL categories .......................................... 83
Creating a URL category .........................................83
Setting bandwidth limits.....................................84
Setting time limits.............................................85
Editing categories ..................................................85
Monitoring................................................. 87
Bandwidth monitoring ............................................87
Session monitoring ................................................87
Instantly block access for users...........................88
Monitoring permissions...........................................88
Virus checking........................................... 91
Kaspersky
TM
Anti-Virus ...........................................91
Configure Kaspersky
TM
Anti-Virus.............................92
Copying your Kaspersky key ...................................93
Advanced options...................................... 95
System configuration .............................................95
System notifications ..........................................95
Bandwidth........................................................96
Caching............................................................96
System Parameters................................................97
Sample rules ............................................. 98
Sample rules.........................................................98
File rules ..........................................................98

C O N T E N T S

i i i
Quota rules ......................................................99
Web page rules............................................... 100
Troubleshooting...................................... 103
Knowledge Base.................................................. 103
Policy Patrol Web is not filtering anything........... 103
Policy Patrol Web has suddenly stopped working. 103
Will my anti-virus or backup software interfere with
Policy Patrol Web?........................................... 103
My anti-virus settings display unkown ............... 104
The email notification is not sent....................... 104
Network message did not pop up ...................... 104
Merge field is not working ................................ 104
My rule that searches for words/phrases never
triggers.......................................................... 104
I cannot enable my rule................................... 104
Why are the times in Sessions and Quotas not
always the same? ........................................... 104
How can I copy the Policy Patrol configuration to
another machine? ........................................... 104
Support Wizard ................................................... 105
Contacting Red Earth Software.............................. 106

5
Int roduct ion
olicy Patrol Web is a comprehensive web filtering tool that helps
companies regulate and optimize their Internet resources by avoiding
inappropriate browsing, illegal downloads, non-productive surfing, virus
outbreaks and confidentiality leaks.
Why is web filt ering necessary?
By blocking undesirable websites, controlling file downloads and applying user
quotas, Policy Patrol Web helps companies regulate and optimize the usage of
their Internet resources. Policy Patrol includes a powerful rules wizard that
allows you to create customized user-based web filtering rules by specifying
conditions, exceptions and actions. Real-time monitoring allows administrators
to see who is currently online and which websites they are visiting. If
necessary, user sessions can be blocked in real-time. In addition, advanced
user permissions allow Administrators to delegate quota and rule management
to other designated users.
Business benefits of using Policy Patrol Web:
Save bandwidth
Avoid congestion
Protect work environment
Improve productivity
Ensure compliance
Stop confidentiality breaches
Avoid illegal downloads
Policy Pat rol Web
Policy Patrol Web is an add-on for Microsoft ISA Server 2000/2004 and filters
all traffic going through ISA Server.
Chapter
1
P

I N T R O D U C T I O N

6
Policy Pat rol feat ures
Policy Patrol Web offers the following features:
URL checking
Web access management
Web content filtering
File checking
Anti-virus
Quota management
Real-time monitoring
Spyware blocking
How Policy Pat rol addresses web t hreat s
Although the Internet empowers users to work more efficiently and to quickly
find information needed for their jobs, providing employees with Internet
access also comes with certain dangers. Policy Patrol addresses the following
threats arising from employees accessing the Internet:
Web t hr eat PPW
Lost productivity

Network congestion

Hostile work environment

Damage to reputation

Confidentiality breaches

Regulatory compliancy

Illegal downloads

Growing storage space

Security hole

What makes Policy Pat rol unique?
Policy Patrol distinguishes itself from other web filtering products by offering
unmatched flexibility in configuring rules based on users, conditions,
exceptions, and actions. In addition to the usual filtering capabilities, Policy
Patrol Web offers more unique features such as time and bandwidth quota
management and real-time monitoring. Finally, the product offers enterprise
level security by allowing administrators to set individual user permissions for
viewing and creating rules, templates and filters and for viewing and optionally
ending online user sessions.

I N T R O D U C T I O N

7
About t he Policy Pat rol range
The Policy Patrol suite of products is designed to help companies optimize and
regulate their email, web and IM usage. In combination with sound Internet
and messaging policies, Policy Patrol helps protect companies from a range of
threats such as legal liability, lost productivity, damage to reputation,
regulatory compliancy, confidentiality breaches and more. Policy Patrol is used
by companies such as Nissan, USA.net, Targus, Canadian Pacific Railway, Lotto,
Fujitsu Services (Central Government customer), Daewoo and many more. The
following Policy Patrol editions are available: Policy Patrol Email, Policy Patrol
Web and Policy Patrol IM.

9
Pre-inst allat ion
his chapter describes the system requirements for Policy Patrol Web and
any necessary preparations that you need to make prior to installing the
software.
Syst em requirement s
Policy Patrol requires the following to be installed:
Windows 2000 Server/Advanced Server or Windows Server 2003
Microsoft ISA Server 2000/2004
Microsoft .NET Framework 1.1 (If you do not have this installed you can
download Policy Patrol including the .NET Framework or download the
Microsoft .NET Framework from the Microsoft website:
http://msdn.microsoft.com/netframework/technologyinfo/howtoget/).
We recommend using at least a Pentium IV with a 3 GHz processor and 500 MB
RAM.
Gat hering necessary informat ion
Before proceeding to install and configure Policy Patrol, make sure you have
the following information:
Name or IP address of your mail server
Bandwidth upload/download capacity
Chapter
2
T

P R E - I N S T A L L A T I O N

10
Configure Aut hent icat ion in ISA Server
For Policy Patrol Web to work you must have integrated authentication enabled
in Microsoft ISA Server (this is because Policy Patrol uses integrated
authentication to identify users and apply rules). To check whether this has
been configured, follow the next steps:
If you have ISA Server 2000:
1. Open up Microsoft ISA Server > ISA Management and go to Server
and Arrays > <server name> > Properties. Select the Outgoing
Web Requests tab. Make sure the option Ask unauthenticated
users for identification is ticked.

2. Click on your server in the Identification list and select Edit. Make sure
that Integrated is selected as the authentication method.

3. To check whether authentication is working, go to Monitoring >
Sessions. Now open up a browser and go to a website. In the Sessions
list you should see the user name displayed as follows:
DOMAIN\UserName. If you see Anonymous instead of the user name,


11
this means that authentication is not working. Check steps 1 and 2
above again.
If you have ISA Server 2004:
1. Open up Microsoft Internet Security and Acceleration Server 2004, go to
Configuration > Networks and double-click on Internal. Go to the
Web Proxy Tab. Make sure that the options Enable Web proxy
clients and Enable HTTP are ticked.

2. Click on the Authentication button. Make sure the method
Integrated is selected and the option Require all users to
authenticate is ticked.


12

3. To check whether authentication is working, go to Monitoring >
Sessions. Now open up a browser and go to a website. In the Sessions
list you should see the user name displayed as follows:
DOMAIN\UserName. If you see Anonymous instead of the user name,
this means that authentication is not working. Check steps 1 and 2
above again.
Not e
Policy Patrol Web will not filter any traffic if ISA Server is not configured
for integrated authentication. In addition, Policy Patrol Web can only
filter web requests from web browsers that support integrated
authentication, such as Internet Explorer, Netscape and Mozilla Firefox.
Remove exist ing cache
Before you begin using Policy Patrol Web, you must delete the users cached
files on the client. If you do not remove the client cache, the cached web pages
will not be content checked by Policy Patrol Web since they will be read from
the cache and will not pass through Microsoft ISA Server. You only need to do
this once when you install Policy Patrol Web. Once the program is installed,
client caching will be automatically blocked from the server.
To remove the cache on the client machine:
1. Open Windows Explorer.


13
2. Go to Tools > Internet Options.
3. In the General Tab > Temporary Internet Files, click on the button
Delete Files.

4. A message will pop up. Tick the option Delete all offline content and
click OK. All cached web pages will now be deleted.

By default Policy Patrol will block caching of HTML pages, so you will only have
to remove the cache on the client machine once. However if you wish to block
all client caching (including images) you can change this setting in the System
Configuration. For more information, consult the chapter Advanced options.

14
Inst allat ion
his chapter describes the steps for installing Policy Patrol. It also
discusses the different steps of the Policy Patrol Configuration Wizard
and the Policy Patrol services.
Inst allat ion
Not e
Policy Patrol Web must be installed on the same machine as Microsoft
ISA Server.
Follow the next steps to install Policy Patrol Web on the Microsoft ISA Server
machine:
1. Double-click on PPW.exe. The Install Program will start up. If you do
not have Microsoft .NET Framework 1.1 installed (and the Policy Patrol
download did not include it), the installation program will ask you to
install it first. To download the Microsoft .NET Framework, go to
http://msdn.microsoft.com/netframework/technologyinfo/howtoget/ or
download Policy Patrol including the .NET Framework from
http://www.policypatrol.com/.
2. In the Welcome screen, click Next.
3. Read the License Agreement and select I accept the license
agreement. Click Next.
Chapter
3
T

I N S T A L L A T I O N

15

4. Enter your user name and organization name. If you want anyone who
is logged on to the computer to be able to access Policy Patrol, select
Anyone who uses this computer. If you only wish yourself to be able
to access the program, select Only for me (user name). Click Next.

5. Select the destination folder for the Policy Patrol installation. By default
the program is installed in C:\Program Files\Red Earth Software\Policy
Patrol Web. If you wish to change the location, click Browse and select
another folder. When you are ready, click Next.


16
6. Select the installation type. If you select Complete, the complete
program will be installed. If you only wish to install the Administration
console (for remote administration), select Admin console. Click Next
to continue.

7. Enter a user name and password for the Anti-virus Updater (scheduled
task). The account must have Administrative rights and the user name
must be entered in the following format: DOMAIN\UserName.

8. Alternatively, you can click on the Browse button and select a server
and user account. Click Next.

9. Confirm that you wish to proceed with the installation by clicking Next.
10. Policy Patrol will now start copying the files. When Policy Patrol is ready,
click Finish to exit the wizard.


17
Policy Pat rol Configurat ion Wizard
After installation, the Policy Patrol Configuration Wizard will start up and guide
you through the following steps:
1. In the welcome screen, click Next.
2. Enter your license type. If you are evaluating, leave Policy Patrol Web
30-day evaluation enabled. If you have purchased Policy Patrol, select
I already have a Policy Patrol Web serial number and enter your serial
number in the dialog. You can also enter your serial number after
installation in the Policy Patrol Administration console > <Server> >
Security > Licenses. When you are ready, click Next.

3. Configure System Notifications. System Notifications are used to inform
Administrators of licensing issues. In addition, the recipient addresses
are used as the Administrator address(es) when configuring email
notifications. Enter the name or IP address of your mail server. Leave
the Port on 25 unless you know that the mail server is using another
port. In the From: field, enter the sender of the email. In the To:, Cc:
and Bcc: fields, enter the recipients for the system notifications. To
check whether you have entered the settings correctly, click on the
Test button. A test message will now be sent to the email addresses
you specified. When you are ready, click Next.


18

4. Specify bandwidth capacity. Select your total upload bandwidth and
total download bandwidth. These numbers are used to display real-time
bandwidth usage in Monitoring. When you are ready, click Next.

5. Configure URL categories. These categories can be used in rules and for
quota limits. You can also create and edit categories later in the
Administration console. Note that the Uncategorized category will
always be listed and cannot be removed. To create a new category,
click Add. The Category wizard will start up. Enter the URLs in the list.
Click Next. Now select the default quota settings for the category.
These settings will be applied to all users unless you specifically change
the quota settings for the user(s) from Users & quotas in the
Administration console. You can configure a bandwidth limit and time
limit. For more information on quota limits, please consult chapter 4
Users & Quotas. Click Next. Enter a name and description for the
Category. Click Finish. If you wish to create more categories, click Add
again. When you are ready, click Next.


19

6. Select users. Select the users you wish to license and monitor web
traffic for. Click Add to add users to the list. The User wizard will start
up. You can either enter the user name, email address and manager
email address, or you can click on the Import button in the toolbar to
import users.

The Import user wizard will start up. Select to import users from the
Active Directory, NT Domain or Text file:
Import users from Act ive Direct ory
To import users from the Active Directory, follow the next steps:
Select Active Directory and click Next.
Browse to the folder that contains your users. The available users
will appear. Select which users you wish to license by selecting the
users in the list and clicking >. The selected users will appear in the
right pane. To select all users click >>. If you wish to remove a
user, you can select the user in the Selected users list and click <.
To remove all users click <<. Click Finish.


20

The User Wizard will automatically retrieve the user name, email
address and any configured managers for the selected users from
the Active Directory. If you wish to make any changes or enter
manager email addresses for users, you can do so here. Manager
email addresses are used for notifications in rules. If you wish to
remove any users from the list, select the users and press Delete.
When you are ready, click Next.
Import users from an NT domain
To import users from an NT domain follow the next steps:
Select NT domain and click Next.
The available users will be listed in the left pane. To automatically
generate email addresses (to be used for notifications), tick the
checkbox Auto generate email addresses and enter your email
domain, for instance company.com. For each user that you select,
the User wizard will enter the email address in the following format:
UserName@EmailDomain. Select which users you wish to license by
selecting the users in the list and clicking >. The selected users will
appear in the right pane. To select all users click >>. If you wish to
remove a user, you can select the user in the Selected users list and
click <. To remove all users click <<. Click Finish.
If you selected to auto generate email addresses, the User Wizard
will now display the selected users with their email addresses. If you
did not select to auto generate email addresses and you wish to
make use of email notifications, you must enter an email address for
each user. Furthermore, if you wish to make use of manager email
notifications, you must enter the email address of the user
managers. If you wish to remove any users from the list, select the
users and press Delete. When you are ready, click Next.
Import users from a t ext file
To import users from a text file, follow the next steps:
Select Text file and click Next.


21
Select the text file you wish to use and click Open. The users in the
text file must be in the following format: Domain\User name,Email
address,Manager email address (where email address and manager
email address are optional), e.g. Domain\John
Doe,john_doe@company.com,Manager@company.com. Each user
must be entered on a separate line and there should not be any
spaces behind the commas.
The available users will be listed in the left pane. Select which users
you wish to license by selecting the users in the list and clicking >.
The selected users will appear in the right pane. To select all users
click >>. If you wish to remove a user, you can select the user in
the Selected users list and click <. To remove all users click <<.
Click Finish.
If your text file did not include email addresses and you wish to
make use of email notifications, you must enter the email address
for each user. If you wish to make use of manager email
notifications, you must enter a manager email address for each
user. If you wish to remove any users from the list, select the users
and press Delete. When you are ready, click Next.
7. Configuration complete. Click Finish to exit the configuration wizard.
You can now continue to configure Policy Patrol from the Administration
console.
Policy Pat rol Services
Policy Patrol Web installs a number of services on the machine:
Policy Patrol Web Data Manager (if you stop this service you will no
longer be able to access the Policy Patrol Administration console)
Policy Patrol Web Remote Manager (this service enables remote
administration)
Remot e administ rat ion
If you wish to administer Policy Patrol from a remote machine, you can install
only the Administration console on the remote machine and connect to the
server with Policy Patrol installed. If you have more than one Policy Patrol
installation, you will be able to connect to each installation from the same
machine. Requirements for the remote machine:
Windows 2000 Professional/Server/Advanced Server, Windows Server
2003 or Windows XP Professional.
Microsoft .NET Framework 1.1 (If you do not have this installed you can
download Policy Patrol including the .NET Framework)


22
To install the Policy Patrol Administration console on a remote machine, follow
the next steps:
1. Double-click on PPW.exe. The Install Program will start up. If you do
not have Microsoft .NET Framework 1.1 installed (and the Policy Patrol
download did not include it), the installation program will ask you to
install it first. To download the Microsoft .NET Framework, go to
http://msdn.microsoft.com/netframework/technologyinfo/howtoget/ or
download Policy Patrol including the .NET Framework from
http://www.policypatrol.com/.
2. In the Welcome screen, click Next.
3. Read the License Agreement and select I accept the license
agreement. Click Next.

4. Enter your user name and organization name. If you want anyone who
is logged on to the computer to be able to access Policy Patrol, select
Anyone who uses this computer. If you only wish yourself to be able
to access the program, select Only for me (user name). Click Next.

5. Select the destination folder for the Policy Patrol installation. By default
the program is installed in C:\Program Files\Red Earth Software\Policy


23
Patrol Web. If you wish to change the location, click Browse and select
another folder. When you are ready, click Next.

6. Select Admin console as the installation type. Click Next to continue.

7. Select which version of Microsoft ISA Server you installed Policy Patrol
Web on. Click Next.


24
8. Confirm that you wish to proceed with the installation by clicking Next.
9. Policy Patrol will now start copying the files. When Policy Patrol is ready,
click Finish to exit the wizard. To start configuring Policy Patrol, go to
Start > Programs > Policy Patrol Web > Administration. Select <server
name> and click Connect.
To connect to the Policy Patrol Web installation:
1. Click on Add installation.
2. Enter the installation name and the computer name or IP address of the
Policy Patrol installation. Click OK.

3. Select the newly added installation from the list and click Connect.
Not e
When managing Policy Patrol remotely, you will have to enter the path to
folders (instead of browsing) and you will not be able to enter or change
serial numbers or run the support wizard.

25
Users & quot as
his chapter describes how to select licensed users and apply time and
bandwidth quotas to URL categories. In addition it describes how to
monitor and manage user quotas.
Licensing users
Policy Patrol user licensing is extremely flexible in that it allows you to only
license the users that you wish to create rules for. The Policy Patrol
configuration wizard has already licensed the users you selected. If you wish to
add more users, go to Users & quotas and click on Add. The User Wizard will
start up and guide you through the following steps:
1. Select users: You can either manually enter your users by entering a user
name, email address and manager email address. Alternatively you can
import users from Active Directory, an NT domain or a text file.
Import users from Act ive Direct ory
To import users from the Active Directory, follow the next steps:
Click on the Import button in the toolbar.
Select Active Directory and click Next.
Browse to the folder that contains your users. The available users
will appear. Select which users you wish to license by selecting the
users in the list and clicking >. The selected users will appear in the
right pane. To select all users click >>. If you wish to remove a
user, you can select the user in the Selected users list and click <.
To remove all users click <<. Click Finish.
Chapter
4
T

U S E R S A N D Q U O T A S

26

The User Wizard will automatically retrieve the user name, email
address and any configured managers for the selected users from
the Active Directory. If you wish to make any changes or enter
manager email addresses for users, you can do so here. Manager
email addresses are used for notifications in rules. If you wish to
remove any users from the list, select the users and press Delete.
Import users from an NT domain
To import users from an NT domain follow the next steps:
Select NT domain and click Next.
The available users will be listed in the left pane. To automatically
generate email addresses (to be used for notifications), tick the
checkbox Auto generate email addresses and enter your email
domain, for instance company. com. For each user that you select,
the User wizard will enter the email address in the following format:
UserName@EmailDomain. Select which users you wish to license by
selecting the users in the list and clicking >. The selected users will
appear in the right pane. To select all users click >>. If you wish to
remove a user, you can select the user in the Selected users list and
click <. To remove all users click <<. Click Finish.
If you selected to auto generate email addresses, the User Wizard
will now display the selected users with their email addresses. If you
did not select to auto generate email addresses and you wish to
make use of email notifications, you must enter an email address
for each user. Furthermore, if you wish to make use of manager
email notifications, you must enter the email address of the user
managers. If you wish to remove any users from the list, select the
users and press Delete. When you are ready, click Next.
Import users from a t ext file
To import users from a text file, follow the next steps:


27
Select Text file and click Next.
Select the text file you wish to use and click Open. The users in the
text file must be in the following format: Domain\User name,Email
address,Manager email address (where email address and manager
email address are optional), e.g. Domain\John
Doe,john_doe@company.com,Manager@company.com. Each user
must be entered on a separate line and there should not be any
spaces behind the commas.
The available users will be listed in the left pane. Select which users
you wish to license by selecting the users in the list and clicking >.
The selected users will appear in the right pane. To select all users
click >>. If you wish to remove a user, you can select the user in
the Selected users list and click <. To remove all users click <<.
Click Finish.
If your text file did not include email addresses and you wish to
make use of email notifications, you must enter the email address
for each user. If you wish to make use of manager email
notifications, you must enter a manager email address for each
user. If you wish to remove any users from the list, select the users
and press Delete. When you are ready, click Next.
2. User quotas: You will be able to select bandwidth and time quota limits for
the selected user(s) for each configured URL category. If you later want to
change the quota settings for particular users, you can do this from the
user properties (see paragraph Editing user quotas).


28
Not e
The category Uncategorized includes all websites that have not been
included in a URL category.
Set t ing bandwidt h limit s
If you wish to set a bandwidth limit for the category, tick the checkbox Use
bandwidth limit next to the appropriate category. Enter the amount of KB
or MB you wish to limit the bandwidth usage to. By creating a quota rule
you can specify what should happen if the limit is reached (see later in this
chapter). Optionally you can specify a bandwidth warning level in KB or MB.
The bandwidth warning level can for instance be used to inform the user
that their bandwidth limit will soon be reached or to notify a manager or
administrator. Finally, select a daily or weekly bandwidth interval. If you
select a daily interval, the bandwidth usage will be counted per day. If you
select a weekly interval the bandwidth usage will be counted per week. For
instance, if you wish to limit the bandwidth usage of the Sports & News
category to 250 KB per user per day, select Use bandwidth limit and
enter 250 KB. Select per day as the bandwidth interval.
Set t ing t ime limit s
If you wish to set a time limit for the category, tick the checkbox Use time
limit next to the appropriate category. Enter the number of hours and
minutes you wish to limit the browsing time to. By creating a quota rule
you can specify what should happen if the limit is reached (see later in this
chapter). Optionally you can specify a time warning level in hours and
minutes. The time warning level can for instance be used to inform the user
that their time limit will soon be reached or to notify a manager or
administrator. Finally, select a daily or weekly time interval. If you select a
daily interval, the time usage will be counted per day. If you select a weekly
interval the time usage will be counted per week. For instance, if you wish
to limit the time usage of the Web email category to 30 minutes per user a
week, select Use time limit and enter 00.30. Select per week as the time
interval.
Edit ing user quot as
If you want to edit quota limits for an existing user, select the user in the list
and click Properties. Go to the User quotas tab and make the appropriate
changes. When you are done, click OK.


29

If you wish to make the same changes for several users, select the appropriate
users by using the SHIFT or CTRL key and click on the Properties button. Go
to the User quotas tab. Any changes you make will be applied to all the
selected users.

Monit oring user quot as
By clicking on the + sign next to each user, you will be able to see the amount
of bandwidth and time used for each category and any configured bandwidth
and time limits. The bandwidth and time usage are shown per day or per week
as is specified in the interval. If no limits have been set, the usage is shown
using the interval that is specified in the Category Properties > Quotas >
Interval.
The color of the circle preceding the category indicates whether the quota limit
has been reached:
Green circle: No quota limits have been reached.


30
Yellow circle: Quota warning level has been reached.
Red circle: Quota limit has been reached.
Not e
Quota usage is shown with a 3 minute delay. This means that when a user
browses to a web page, the quota usage will only appear after 3 minutes.
Tip
Even if you do not want to apply quotas to users, you can still monitor
quotas to obtain useful information about your users browsing activities.
Configuring quot a rules
By configuring a quota rule you can specify what should happen if a quota is
reached. For instance you can send a notification message or you can block
further browsing and display an HTML page. To do so, follow the next steps:
1. Go to Rules > <folder> and click New.
2. Select Quota rule and click Next.
3. Select the users you wish to apply the rule to. You can optionally
exclude IP addresses. Click Next.
4. In Conditions, select Trigger rule if following conditions are met.
Expand user quotas and select one of the following options: Quota
warning level is reached or Quota limit is reached.


31

5. Enter any exceptions if applicable. Click Next.
6. Select a primary action: Allow access, Block access or Redirect to URL.
If you select to block access, a sample HTML block page will be shown.
For more information on how to customize this page, consult the
paragraph Blocked access page in Chapter 9. If you wish to send an
email notification, click on Notifications and select Email
notification. Click on the link in the description and select the
recipients of the notification and the appropriate notification template.
7. Specify any scheduling options if you wish. Click Next.
8. Enter a name and description for the rule and click Finish.
How quot as are calculat ed
Bandwidth quotas are calculated using the actual bandwidth download/upload
figures from Microsoft ISA Server. Time quotas are calculated by adding up the
total time for each user session. A user session starts when the user connects
to a website or downloads/uploads a file and ends if there has been inactivity
for more than 5 minutes. If the user then starts browsing again after 5
minutes, a new session is started.

33
User securit y
olicy Patrol security is implemented at three levels; user access rights,
component rights and folder rights. This chapter discusses how all three
security levels can be implemented.
User access right s
When you connect to a Policy Patrol installation, you will be asked for log on
credentials. You can log on with the current credentials or specify another user
name and password.

By default only the members of the Administrator group are allowed to connect
to Policy Patrol installations. To define which users have access rights, follow
the next steps:
1. Select <server name>, expand Security and click on User security.
Chapter
5
P

U S E R S E C U R I T Y

34

2. To add a user with access rights to Policy Patrol, click on Add. Select the
users you wish to add and click OK. To remove a user from the list, select
the user and click Remove.
3. To give the user Administrator rights, select the user and tick the check box
Administrator rights. The user icon will now include a small lock to
indicate that it has administrative rights. Policy Patrol Administrators have
full access to all components and folders and cannot be denied any
permissions. It is strongly recommended to make at least one user an
Administrator so that this user will always be able to access all options in
Policy Patrol.
Not e
If you wish to grant a user from another domain access rights, you can right-
click in the Security list and select Add other. This will allow you to specify a
user by entering the user name in DOMAIN\Username format.


35
Component right s
Now that you have set the access rights to the Administration console, you can
specify which Policy Patrol components (i.e. tree nodes) each user has access
to. By default, each user has access to all components. To change the access
rights for a certain component, follow the next steps:
1. Right-click the component (for instance Rules) and choose Component
properties

2. Go to the Security tab. By default the (Everyone) group has full access to
the component. To change permissions, select the group and change the
Allow/Deny permissions. The following rights can be applied:
Ri ght Desc r i pt i on
View View items
Create Create new items
Edit Edit existing items
Delete Delete items
Folder owner Change folder permissions

If you only wish certain users to have rights to the component, click on Add
and select the user(s) with the permissions. Select Allow or Deny for the
relevant rights. Then select Everyone and click Deny for all rights.
If you wish all users to have access to the component apart from a couple
of exceptions, click on Add and select the users to be denied access. Select
the user(s) and tick the Deny check boxes.
A Folder owner has the right to change the component permissions for the
component. Therefore, if you wish to deny permissions for a user, you must
also select Deny for the Folder owner right.


36
Remember that each component needs to have at least one Folder owner
and that Administrators cannot be denied any permissions.
When you have finished editing permissions, click OK.
Not e
The permissions in the monitoring component differ slightly from the other
components. Therefore permissions in the Monitoring component are
discussed in the chapter Monitoring.
Folder right s
Policy Patrol makes use of folders for structuring purposes and to provide the
possibility of controlling user access and rights to different folders. Policy Patrol
includes a number of sample folders but you can also create your own folders.
To create a new folder, right-click the component and choose New folder If
you wish to create a subfolder, you must right-click on the parent folder and
choose the option New folder By default all users are given full rights to all
folders. To change the permissions for a folder, follow the next steps:
1. Right-click the folder and select Folder properties.

the folder. To change permissions, select the group and change the
View View items


37
Create Create new items
Edit Edit existing items
Delete Delete items

If you only wish certain users to have rights to the folder, click on Add and
select the user(s) with the permissions. Select Allow or Deny for the
If you wish all users to have access to the folder apart from a couple of
exceptions, click on Add and select the users to be denied access. Select
A Folder owner has the right to change the folder permissions for the folder.
Therefore, if you wish to deny permissions for a user, you must also select
Deny for the Folder owner right.
Remember that each folder needs to have at least one Folder owner and
that Administrators cannot be denied any permissions.
Inherit ance of folder right s
If you create a subfolder, the subfolder will inherit the permissions of the
top folder. If you edit the rights for a folder that contains subfolders, the
same changes will be applied to the subfolders.
Not e
Policy Patrol Administrators have full rights to all components and folders
and cannot be denied any permissions. If you wish to block access for a user
with Administrator rights, you must first remove the Administrator rights for
the user in <server name> > Security > User security.

39
Configuring rules
olicy Patrol Web includes a powerful rules wizard that allows you to
specify users, conditions, exceptions and actions. This chapter describes
how to configure your rules in Policy Patrol.
Configuring a new rule
To configure a new rule, go to Rules and select the folder in which you wish to
create your rule. If you wish to create a new folder, right-click on Rules and
select New folder In the folder click on the New button.
Not e
Remember that you must first select a folder before you can create a new
rule.
The rules wizard will appear. In the Welcome screen, click Next. The rules
wizard will now ask you which type of rule you wish to create. There are three
types of rules:
Web page rule (content checks http and https pages)
File rule (checks ftp and http file downloads and http uploads)
Quota rule (applies when quota warning levels/limits are reached)
Each type of rule is described in the paragraphs below.
? Info
The wizard is divided into two panes. The rule options are displayed in the
top pane. Each time you select an option, a description of it is placed in the
Chapter
6
P

C O N F I G U R I N G R U L E S
40
bottom pane. If you still need to set a certain value, the description will
include a red link. Click on this link to configure the respective option. Once
a value is set, the link color will change to blue. If you have not yet set all
values when you click finish to create your rule, a warning will pop up. You
will still be able to create the rule, but the rule will not be enabled until you
set all values.
Configuring a Web Page rule
Go to Rules > <folder> and click New. The rules wizard will guide you
through the following steps:
St ep 1. Rule Type
Select Web page rule and click Next.
St ep 2. Rule Users
To apply the rule globally, select All users. To apply the rule to certain users,
select Users listed below and click Add Select the users for the rule and
click OK. To remove users, select the user(s) and click Remove. If you wish to
add IP address exceptions click on Exclude and enter the IP address(es) to
exclude in Start IP. If you wish to enter an IP range, enter a Start and End IP.
Click OK. When you are ready click Next.

St ep 3. Rule Traffic & Prot ocols
Select whether you wish to filter http:// or https:// pages. You can only
select one protocol per rule since the conditions differ for each protocol. Http://
rules can include content and URL conditions, but https:// rules can only
include URL conditions. Click Next.

41

St ep 4. Rule Condit ions
Here you must specify which conditions should be met for the rule to trigger. If
the rule should trigger for all web pages (for instance if you just want to block
access at certain times of the day), leave No conditions selected and click
Next. If the rule should only trigger for certain web pages, select Trigger rule
if following conditions are met (for instance if you want to block access to
certain URL categories or to web pages that contain certain words).
If any of the conditions must be met, select Match any of the conditions. For
instance, if you wish to block web pages with streamed or active content, select
this option. If all the conditions must be met, select Match all of the
conditions. Select this option if for instance you wish to block access to pages
that contain offensive words and are included in a selected URL category.
If you selected to filter http:// in step 3 the following conditions are available:

42

URL
IP address exists in filter: This condition checks whether the IP
address exists in a filter. To prevent users from bypassing the filter,
Policy Patrol will also check URLs by converting the URL to an IP
address by way of a reverse DNS lookup. Click on the filter link in
the description. Browse to the appropriate folder, select the IP filter
and press the > button. The filter will now appear in the right pane.
Repeat this for all the filters you wish to check (you can select
multiple filters by using the SHIFT key). If you wish to create a new
filter for the rule, click New. If you wish to view the properties of
the selected filter, click Properties. When you are ready, click
OK.
URL is from category: This condition checks whether the URL is
listed in a category. To prevent users from bypassing the filter,
Policy Patrol will also check IP addresses by converting the IP
address to a URL using a reverse DNS lookup. Click on the category
link in the description. Select the category and press the > button.
The category will now appear in the right pane. Repeat this for all
the categories you want to check (you can select multiple categories
by using the SHIFT key). If you wish to create a new category for
the rule, click New. If you wish to view the properties of the
selected category, click Properties. When you are ready, click
OK.
URL is IP address: Select this option if you wish to check whether
a user is entering an IP address instead of a URL in the browser
address bar.

43
Word/phrase from URL exists in filter: Select this option if you
wish to check for the presence of words in the URL. Click on the
filter link in the description. Browse to the appropriate folder, select
the Word/phrase filter and press the > button. The filter will now
appear in the right pane. Repeat this for all the filters you wish to
check (you can select multiple filters by using the SHIFT key). If you
wish to create a new filter for the rule, click New. If you wish to
view the properties of the selected filter, click Properties. When
you are ready, click OK.
Web page
Word/phrase from web page exists in filter: Select this option
if you wish to check for the presence of words in a web page. Click
on the filter link in the description. Browse to the appropriate folder,
select the Word/phrase filter and press the > button. The filter will
now appear in the right pane. Repeat this for all the filters you wish
to check (you can select multiple filters by using the SHIFT key). If
you wish to create a new filter for the rule, click New. If you wish
to view the properties of the selected filter, click Properties. If
you want to check for HTML tags, tick the option Check HTML
tags. If you do not check this option, Policy Patrol Web will remove
the HTML tags before searching for words and phrases. When you
are ready, click OK.

Not e
Since checking for words/phrases is processor intensive, it is
better to order these rules below other rules based on URL
conditions or categories.
Web page has streamed content: Select this option if you wish
to check for the presence of streamed content in a web page.

44
Web page has active content: This option checks for the
presence of active content in a web page. Click on the active content
link in the description. Specify which active content must be filtered:
ActiveX content is present: Select this option to check for ActiveX
content. ActiveX can potentially include malicious content
(Depending on the security settings most web browsers warn when
ActiveX is being downloaded and will allow the user to specify
whether to install and run the ActiveX Control).
Java content is present: Select this option to check for the
presence of Java code (Depending on the security setting most web
browsers warn when Java code is being downloaded and will allow
the user to specify whether to install and run the Java application).
Java Script content is present: Select this option to check for
Java script embedded in a web page. Be careful when selecting this
option since Java Script is used in many websites.
VB Script content is present: Select this option to check for VB
Script embedded in a web page.
Web page contains virus or spyware: This option checks
whether the web page contains a virus or spyware, including
Pornware, Adware and Riskware. Click on the virus or spyware link
and select whether you wish to check for known and/or suspected
viruses or spyware. Note that this option requires a license for the
Kaspersky Anti-Virus add-on.

If you selected to filter https:// in step 3, the following conditions are available:

45

URL
OK.
OK.

46
Not e
When checking an https:// URL, Policy Patrol can only retrieve
the top domain.

address bar.
When you are ready specifying the conditions to be met, click Next.
St ep 5. Rule Except ions
If the rule has no exceptions, leave the option No exceptions enabled. To
specify exceptions, select Do not trigger rule if following exceptions are
met. The options will now be the same as in step 4. Exceptions can for instance
be useful if you never want to block access to certain sites (e.g. your own site
and other trusted sites required for work purposes).
If any of the exceptions must be met, select Match any of the exceptions.
For instance, if you wish to exclude web pages with streamed or active content,
select this option. If all the conditions must be met, select Match all of the
exceptions. Select this option if for instance you wish to exclude pages that
contain offensive words and are included in a selected URL category. When you
are ready specifying exceptions, click Next.
St ep 6. Rule Act ions
Policy Patrol includes two different types of actions: primary and secondary
actions. The primary actions are mutually exclusive, i.e. you can only choose

47
one primary action. Secondary actions are additional actions and are not
mutually exclusive. Therefore you can configure as many secondary actions as
you wish.

Primary actions
Three primary actions are available:
1. Allow Access: This option will provide access to the web page as normal.
2. Block Access: This option will block access to the web site. Optionally you
can configure an HTML page to be shown (only available if you selected
http:// as the protocol). This page could for instance inform the user why
they are not allowed to view the particular web page. To configure a page
to be shown, click on the link do not display HTML page and select Show
the following HTML page. Click on , select the HTML file and click
Open. For more information on how to create HTML pages, please consult
the chapter HTML block pages.
3. Redirect to URL: Select this option to redirect the browser to an
alternative web page. The user will be redirected to this page once every
minute. Click on the URL link in the description and enter the URL to guide
users to (there is no need to enter http://). For instance, you might want to
redirect users to a web page on your Intranet.
Secondary actions
The following secondary actions are available:
Notifications
Send email notification: Select this option if you wish Policy Patrol to
send an email notification message. Click on the email notification link

48
in the description and enter or select a From: address. If you wish a
display name to appear in the notification message, enter display
name <email address>, for instance: "J ohn Doe"
<J ohn. Doe@company. com>.

Now specify who should receive the notification (user, manager,
administrator, or other) and select the template to be used for each
recipient by clicking on the button. Note that the managers email
address is specified in Users & Quotas (Select User > Properties). If you
wish to use a new template, click New. If you wish to see the
properties of the template, click Properties.

Not e
This option requires your mail server settings to be specified in
<server name> > Advanced > System configuration > System
notifications tab. If you wish to send a notification externally, you
must allow the Policy Patrol machine to send out email (relay) via
your mail server.

49
Send network message: Select this option to send a network
message. Click on the network message link in the description. If you
want to send a message to the user that triggered the rule, select Send
message to user and click on to select a template. If you want to
send a message to specified users, select Send message to following
user(s), enter the user name or IP address of the computer(s) you
wish to send a network message to and click on to select a template.
If you want to enter multiple IP addresses you can separate them by a
semi-colon (;).

1. Categories & filters
Add URL to category: Select this option if you wish Policy Patrol to
add the URL of the web page to a URL category. Click on the category
link in the description and select the category that you wish to add the
URL to. If you wish to create a new category, click New. If you wish
to see the properties of the category, click Properties. Select
whether you wish to add the top domain (i.e. www.cnn.com), the
domain and sub domains (i.e. www.cnn.com/sports) or the complete
path (i.e. www.cnn.com/sports/newsitem3455.htm).

Add IP to filter: Select this option if you wish Policy Patrol to add the
IP address to an IP filter. Click on the filter link in the description and
select the IP filter to add the IP address to. If you wish to create a new
filter, click New. If you wish to see the properties of the filter, click
Properties.
St ep 7. Rule Scheduling
A rule can be scheduled to run on certain days, times, and dates. If you do not
wish to schedule the rule, select No scheduling and click Next. If you wish to
schedule the rule, select Use the following schedule and select the schedule

50
from the drop down list. If you wish to create a new schedule, click New. If you
wish to see the properties of a schedule, click Properties. For more
information on how to create schedules, please consult the chapter Creating
Schedules.

Tip
It can be useful to schedule a rule if for instance you wish to allow access
to certain websites during non-working hours and lunch breaks, but not
during working hours.
St ep 8. Rule Name
In the final step, enter a name for the rule and any comments. Uncheck the
Enable this rule box if you do not want the rule to be enabled right away.
Click Finish to create the rule.
Configuring a File rule
St ep 1. Rule Type
Select File rule and click Next.
St ep 2. Rule Users

51

St ep 3. Rule Traffic & Prot ocols
Select whether you wish to filter http:// and/or ftp:// traffic. Next, specify
whether you wish to check Upload and/or Download traffic. Note that for the
ftp protocol you can only filter download traffic. Click Next.

the rule should trigger for all files (for instance if you want to block access at
certain times of the day), leave No conditions selected and click Next. If the
rule should only trigger for certain files, select Trigger rule if following
conditions are met (for instance if you only wish to block files or a certain
type or size).

52
If any of the conditions must be met, select Match any of the conditions. For
instance, if you wish to check file downloads/uploads of a certain type or size. If
all the conditions must be met, select Match all of the conditions. Select this
option if, for instance, you wish to block file downloads from certain URL
categories.

URL
OK.
OK.

53
address bar.
File
File name/type exists in filter: This option checks whether a file
name or type exists in a filter. Click on the filter link in the
description. Browse to the appropriate folder, select the File filter
OK.

File is of size: Select this option to check the size of a file. Click on
the size link in the description and specify whether the file should be
greater than, less than, between or not between certain
values.

54

File contains virus or spyware: This option checks whether the
file contains a virus or spyware, including Pornware, Adware and
Riskware. Click on the virus or spyware link and select whether you
wish to check for known and/or suspected viruses or spyware. Note
that this option requires a license for the Kaspersky Anti-Virus add-
on.

File is spoofed: By checking this condition Policy Patrol will check
whether the file has been changed to disguise the actual file format.
Note that this option is only available for http:// and ftp://
downloads, not for http:// uploads. You can select three options:
Multiple extensions: Sometimes files that contain viruses are
given double extensions, for instance vi r us. t xt . exe. If you check
this option, Policy Patrol will check for files with multiple extensions.
CLSID extension: Some viruses are spread by giving files CLSID
extensions. This makes the file seem to be of a different or unknown
file format, but when opened will activate a predetermined
application. For instance, a virus executable could be named
vi r us. t xt and given a CLSID extension. This will make the file
look like a txt file (although the icon will be for an unknown file
format). However, when the user double-clicks on the file the
program will execute. If you tick this option, Policy Patrol will check
for files that have been given a CLSID extension.
Binary text file: Some files might be disguised as text files to avoid
being blocked by filters. For instance, pictures could be renamed as
a .txt file. In this case the text files will not contain text, but binary
code. By checking this option, Policy Patrol will check whether text
files contain binary code.

55

File contains word/phrase from filter: Select this option if you
wish to check for the presence of words in a file (Policy Patrol can
check text and html files). Click on the filter link in the description.
Browse to the appropriate folder, select the Word/phrase filter and
press the > button. The filter will now appear in the right pane.
OK.
When you are ready specifying the conditions to be met, click Next.
met. The options will now be the same as in step 4. Exceptions can for instance
be useful if you never want to block file uploads or downloads to and from
certain sites (e.g. your own site and other trusted sites required for work
purposes).
If any of the exceptions must be met, select Match any of the exceptions.
For instance, if you wish to exclude file downloads/uploads of a certain type or
size. If all the exceptions must be met, select Match all of the exceptions.
Select this option if, for instance, you wish to exclude file downloads from
certain URL categories. When you are ready specifying exceptions, click Next.
you wish.

56

Primary actions
1. Allow Access: This option will provide access to the file as normal.
2. Block Access: This option will block access to the file. The file will start
downloading until it reaches 50% and then the file download will be
aborted. The saved file will not be valid since it will not be complete.
Not e
Policy Patrol Web implements a trickle download approach so as not to
interfere with the users downloading experience. When half of the file
is downloaded, Policy Patrol checks whether the file meets the
conditions of any configured rules and applies the rules accordingly.
alternative web page. Click on the URL link in the description and enter the
URL to guide users to (there is no need to enter http://). For instance, you
might want to redirect users to a web page on your Intranet.
Secondary actions
Notifications

57
name <email address>, for instance "J ohn Doe"
<J ohn. Doe@company. com>. Now specify who should receive the
notification (user, manager, administrator, or other) and select the
template to be used for each recipient. Note that the managers email
address is specified in Users & Quotas (Select user > Properties). If you
Not e
must allow the Policy Patrol machine to send out email (relay) via
your mail server.
semi-colon (;).

2. Categories & filters
Add URL to category: Select this option if you wish Policy Patrol to
add the URL to a URL category. Click on the category link in the
description and select the category that you wish to add the URL to. If
you wish to create a new category, click New. If you wish to see the

58
properties of the category, click Properties. Select whether you wish
to add the top domain (i.e. www.cnn.com), the domain and sub
domains (i.e. www.cnn.com/sports) or the complete path (i.e.
www.cnn.com/sports/newsitem3455.htm).

Add IP to filter: Select this option if you wish Policy Patrol to add the
IP address to an IP filter. Click on the filter link in the description and
select the IP filter to add the IP address to. If you wish to create a new
filter, click New. If you wish to see the properties of the filter, click
Properties.
from the drop down list. If you wish to create a new schedule, click New. If you
wish to see the properties of a schedule, click Properties. For more
information on how to create schedules, please consult the chapter Creating
Schedules.
Tip
It can be useful to schedule a rule if for instance you wish to block large
file uploads and downloads during business hours.
St ep 8. Rule Name

Configuring a Quot a rule
St ep 1. Rule Type
Select Quota rule and click Next.

59
St ep 2. Rule Users

the rule should always trigger, leave No conditions selected and click Next. If
the rule should only trigger in certain circumstances, select Trigger rule if
following conditions are met. If any of the conditions must be met, select
Match any of the conditions. If all the conditions must be met, select Match
all of the conditions.

User quotas

60
Quota warning level is reached: Select this option to trigger the
rule when the user reaches his/her quota warning level. If the user
has both a bandwidth and time warning level configured, the rule
will trigger when the first warning level is reached.
Quota limit is reached: Select this option to trigger the rule when
the user reaches his/her quota limit. If the user has both a
bandwidth and time limit configured, the rule will trigger when the
first limit is reached.
met. The options will now be the same as in step 3. When you are ready
specifying exceptions, click Next.
you wish.

Primary actions
1. Allow Access: This option will provide access to the web page as normal.
2. Block Access: This option will block access to the web site. Optionally you
can configure an HTML page to be shown. This page could for instance
inform the user why they are not allowed to view the particular web page.
To configure a page to be shown, click on the link do not display HTML

61
page and select Show the following HTML page. Click on , select the
HTML file and click Open. For more information on how to create HTML
pages, please consult the chapter HTML block pages.
alternative web page. Click on the URL link in the description and enter the
URL to guide users to (there is no need to enter http://). For instance, you
might want to redirect users to a web page on your Intranet.
Secondary actions
Notifications
name <email address>, for instance "J ohn Doe"
<J ohn. Doe@company. com>. Now specify who should receive the
notification (user, manager, administrator, or other) and select the
template to be used for each recipient. Note that the managers email
address is specified in Users & Quotas (Select user > Properties). If you

Not e
must allow the Policy Patrol machine to send out email. (relay) via
your mail server.

62
semi-colon (;).

from the drop down list. If you wish to create a new schedule, click New. For
more information on how to create schedules, please consult the chapter
Creating Schedules.
St ep 8. Rule Name
Not e
Remember that you must order quota limit rules above quota warning
rules (see paragraph below on how to order rules). Otherwise only the
warning rule will trigger, and the limit rule will never trigger.
Edit ing exist ing rules
To edit an existing rule, go to Rules, select the appropriate folder and select
the rule to be edited. Then click on the Properties button. A dialog with
several tabs will appear. Make the changes in the appropriate tabs. If you want
to change the name of a rule, right-click the rule in the list and select Rename.

63
When you are ready changing the name, press [Enter]. Rules can be moved by
right-clicking the rule and selecting Move.

Copying rules
To copy an existing rule, right-click the rule and select Duplicate. The rule will
now be duplicated. The name will be displayed as follows: Copy of <original
rule name>.
Ordering rules
Policy Patrol allows you to order rules. To change the order of rules, go to
Rules > Rule ordering. Select the rule in the list and press the Move up or
Move down button.

The way in which rules are ordered can be important for processing speed. For
instance, it is quicker for Policy Patrol to check a list of IP addresses or URLs
than it is to check for words in a web page. Therefore it makes more sense to
order fast rules above slow rules.

64
To help you order rules efficiently, consider the speed of the rule by checking
the following:
Is the rule user-based? A user-based rule is slower to process than a
global rule.
Does the rule have conditions? In general, URL conditions and
categories are fast to process. Searching for words in a web page or
file is slower than searching for words in the file name or URL.
However, the speed will also depend on the size of the filters.
Since Policy Patrol Web stops processing further rules once a rule has triggered,
the order of rules can also influence the action taken. For instance, if you have
a quota rule that sends an email notification when the warning limit is reached,
and another rule that blocks access when the quota limit is reached, you must
order the quota limit rule above the warning rule. If you did not order the quota
limit rule above the quota warning rule, only the warning rule will trigger since
it will always trigger before the limit rule (presuming that the quota warning
limit is always lower than the actual quota limit).

65
Creat ing Filt ers
ilters are lists of values that Policy Patrol must check for. Policy Patrol
Web includes Word/Phrase, File and IP filters. This chapter explains how
to create each type of Policy Patrol filter.
Creat ing a Word/Phrase filt er
Word/Phrase filters contain lists of words and phrases that Policy Patrol must
check for. The program includes a number of sample Word/Phrase filters. You
can edit these sample filters, or create your own filters. To create your own
Word/Phrase filter:
1. Go to Filters, select the appropriate folder and click New.
2. When asked which type of filter you wish to create, select Word/Phrase
Filter. Click Next.
3. Enter the word(s) or phrases to be included in the filter. You can use the
wildcards ? and *, where ? stands for any single character, and * stands for
any number of characters. However, note that you cannot start or end a
word with the * wildcard. The following options are available:

Chapter
7
F

C R E A T I N G F I L T E R S
66
Case sensit ivit y
For each word you can specify whether it should be case sensitive or not. If
you check the Case sensitive option, this means that Policy Patrol will only
check for the word in the same case.
Score
If you wish to use word score, tick the option Enable word score. In
Threshold, enter the total word score threshold that should be met in
order to trigger the rule. Now enter the individual scores for each word. For
instance, if you specify that the word score threshold is 10, and you enter
the words porn and sex and assign each word a score of 5, both words
must be found in the web page in order for the rule to trigger. You can also
apply a negative word score. For instance, this might be useful to eliminate
some words that can be used innocently. For instance you might assign the
word breast a word score of 5, and assign the words baby or chicken a
minus 5 score. If you do not wish to use word score in the filter, uncheck
Enable word score.
Not e
Remember that if you enable word score you must enter a threshold
value greater than 0. If you leave the threshold set to 0, the rule will never
trigger since a threshold of 0 is considered invalid.
Mult iple count
If you wish every instance of the word to be counted, check the box
Multiple count. For example, if this box is enabled and you browse to a
web page that contains the word erotic three times, and you applied a
word score of 5 to this word, the total word score would be 15. If you did
not check this box, the word will only be counted once and the total score
would be 5.
Apply when
You can select whether to apply when Whole word(s) are matched or
when Whole or part of word(s) are matched. The first option allows
you to specify more precisely which words must trigger a rule. For instance,
if you select that Whole or part of word(s) are matched and you enter
the word sex in the filter, this will also include the words Sussex and
sextant. If you select Whole word(s) are matched, the rule will trigger
on the word sex but not on Middlesex.

67
Not e
The options Whole word(s) are matched and Whole or part of
word(s) are matched do not apply when checking URLs since a word
in a URL never starts with or is never followed by a space. Therefore, the
option Whole or part of word(s) are matched will always apply when
checking for words in URLs.
Import /Export
You can import lists from .txt files by clicking on Import, browsing to the
appropriate file and clicking Open. The format should be as follows:
Word[TAB]Case sensitive[TAB]Regular expression[TAB]Score[TAB]Multiple
count. The word/phrase and score values must be entered. For the other
options, either 0 or 1 must be entered. For instance, if you wish to add the
non-case sensitive word porn with a word score of 5 and multiple count,
you must enter it in the text file as follows: por n 0 0 5
1. For every word or phrase you need to start a new line. If you import
words or phrases from more than one file, the additional words or phrases
will be added to the list. If you have two lists with some common words,
Policy Patrol will not add the common words twice, but will only add the
additional ones. To export the words in the filter, click Export, enter a file
name and select OK.
Remove duplicat es
If you wish to remove duplicates in the filter, click on the remove duplicates
button in the toolbar.
When you are ready adding words, click Next.
4. Enter a name for the filter and a description. When you are done, click
Finish to create the filter.
Creat ing a File filt er
File filters include names and types of files that Policy Patrol must check for.
Policy Patrol includes a number of sample file filters. You can edit these sample
filters, or create your own filters. To create a new File filter:
2. When asked which type of filter you wish to create, select File Filter. Click
Next.

68

3. Enter the file names or extensions for the filter. You can choose to enter an
extension, the exact file name or only enter a word that must be found in
the file name. When entering the data you can make use of the wildcards *
and ?, where * stands for any amount of characters and ? stands for one
character. To enter an extension, place a * in front of the extension, .e.g
*. exe for executable files. If you wish to search for file names no matter
which extension they have, enter the name followed by .*, e.g. r eadme. *.
This will find the files readme.exe, readme.doc and readme.txt. If you want
to search for files that include a certain word, you can do so by entering the
word in between *. For instance, if you enter *pr i ce* in the filter, this will
apply to the files pricelist.doc and ukpricelist.htm. If you want to include all
files, enter *. *. Note that the entries are not case sensitive. You can import
lists from .txt files by clicking on Import, browsing to the appropriate file
and clicking Open. In the text file to import, each entry should be on a
separate line. To export the entries click Export, enter a file name and
select OK. When you are ready adding file names and extensions, click
Next.
Creat ing an IP filt er
IP filters contain lists of IP addresses and IP address ranges to check for. To
create a new IP address filter:
2. When asked which type of filter you wish to create, select IP Filter. Click
Next.

69

3. Enter the IP addresses in the list. You can enter a single IP address by only
entering a Start IP. If you wish to check for an IP address range, enter a
Start and End IP address.
You can import lists from .txt files by clicking on Import, browsing to the
appropriate file and clicking Open. In the text file to import, each IP
address/IP address range should be entered on a separate line as follows:
Start IP,End IP. So for a single IP address, this would be 10. 0. 0. 10. For an
IP address range, this would be 10. 0. 0. 10, 10. 0. 0. 15. To export the filter,
click Export, enter a file name and select OK. If you want to remove
double entries in the filter, click on Remove duplicates. When you are
ready, click Next.
Edit ing filt ers
To edit an existing filter, select the filter and click Properties. A tabbed dialog
will appear. You will be able to add or delete entries and change the description
for the filter. The Modified tab will show when and who made the last changes
to the filter. If you edit a filter that is already being used in a rule, the filter will
automatically be updated for the rule. You can change the filter name by right-
clicking on the filter in the list and selecting Rename. When you have changed
the name, press [Enter]. Filters can be moved by right-clicking and selecting
Move. To remove a filter, right-click the filter and select Remove. Remember
that you cannot delete any filters that are being used in a rule.

70
Not e
If you rename a filter that has already been configured for a rule, the rule
will continue to work for the filter, but the filter name in the description
will still be the old name. To update the filter name, you need to open the
rule properties and open the dialog where the filter is selected. Click OK
to save the new name in the rule.
Copying filt ers
To copy an existing filter, right-click the filter and select Duplicate. The filter
will now be duplicated. The name will be displayed as follows: Copy of <original
filter name>.

71

Creat ing Templat es
emplates are pre-configured texts that can be used in Policy Patrol
rules. The program includes two types of templates: Email notifications
and Tags. This chapter explains how to create each type of Policy Patrol
template.
Creat ing an Email not ificat ion t emplat e
Notification templates are used for sending email notification messages. Policy
Patrol includes a number of sample notification templates. You can edit these
sample templates or create your own. To create a new Notification template:
1. Go to Templates, select the appropriate folder and click New.
2. When asked which type of template you wish to create, select Email
notification Template. Click Next.
3. Enter the subject for the notification email. You can include fields in the
subject by clicking on the Insert Field button to the right the subject line.
For more information on available fields, see the Fields paragraph.
Chapter
8
T

C R E A T I N G T E M P L A T E S
72

The notification message body can be in plain text, HTML or both. Select
both if you are not sure whether the recipient can read HTML messages.
Although nowadays most clients can read HTML, there are still some older
clients that can only read plain text emails. If you select both, make sure
that text is entered in both tabs. To copy text from one tab to the other,
click on the Copy to.. button on the far right of the toolbar. When you
select the Plain text tab, all formatting options will be disabled. You can
insert fields in the body of the message by clicking on the Insert Field icon
in the toolbar and selecting the relevant field.
The text can be formatted by selecting font type, size or color and applying
bold, italicized or underlined styles. To add a link, click on the Insert link
button. In URL: enter the URL to link to. Enter the text to be displayed in
Title and enter the description in Description.

You can insert gif and jpeg pictures by clicking on the Insert image
button. In Image file, enter the path to the picture (Remember that the
picture must reside on the local Policy Patrol machine). In Alt, enter the
text that you wish to appear as a tool tip. If you want a border to be applied
to the image, set a border width.

73

If you wish to add HTML tags, for instance to add tables or bullets, you can
edit the HTML source by clicking on the View HTML source button.
To add an attachment to the notification, click on Add. Select the
attachment and click Select.
You can import texts from .txt and .html documents by clicking Import.
Similarly, you can export the text to a .txt or .html file by clicking Export.
4. Enter the template name and a description. Click Finish to create the
template.
Creat ing a Tag t emplat e
Tags are used for network messages and event log descriptions. Policy Patrol
includes a number of sample tags. You can edit these sample templates or
create your own. To create your own Tag template:
1. Go to Templates, select the appropriate folder and click New.
2. When asked which type of template you wish to create, select Tag
Template. Click Next.

74
3. Enter the text for the tag. You can also use fields by clicking on the Insert
field button. For more information on the available fields, see the Fields
paragraph. Click Next.
4. Enter the template name and a description. Click Finish to create the
template.
Edit ing t emplat es
To edit an existing template, select the template and click Properties. A
tabbed dialog will now appear. You will be able to edit the template and change
the description. The Modified tab will show when and who made the last
changes to the template. To rename a template, right-click on the name in the
list and select Rename. When you have changed the name, press [Enter].
Templates can be moved by right clicking the template and selecting Move. To
remove a template, right-click the template and select Remove. Remember
that you cannot delete any templates that are being used in a rule.
Not e
If you rename a template that has already been configured for a rule, the
rule will continue to work for the template, but the template name in the
description will still be the old name. To update the template name, you
need to open the rule properties and open the dialog where the template
is selected. Click OK to save the new name in the rule.
Copying t emplat es
To copy an existing template, right-click the template and select Duplicate.
The template will now be duplicated. The name will be displayed as follows:
Copy of <original template name>.
Fields
Policy Patrol includes User, Web page, Quota, Date/time and Other fields. Each
type of field is described below.
User fields
User fields relate to the user(s) that trigger the rule. Below is a list of available
user fields.
Fi el d Desc r i pt i on

75
User name Name of the user
User domain Domain for the user
User IP address IP address of the user

Web page fields
Web page fields relate to the web page that triggers the rule. Below is a list of
available web page fields.
Category Category of the web page
URL URL of the web page

File fields
File fields include information about the file that triggers the rule.
File name The name of the file
File size The size of the file

Quot a fields
Quota fields relate to the quota settings for the user(s). Below is a list of
available Quota fields.
Time limit Time limit specified
Time remaining Time remaining until limit is reached
Time used Time used until present
Time limit (warning) Time warning level specified
Time remaining (warning) Time remaining until warning is reached
Time interval Selected time interval
Bandwidth limit Bandwidth limit specified
Bandwidth remaining Bandwidth remaining until limit is reached
Bandwidth used Bandwidth used until present
Bandwidth limit (warning) Bandwidth warning level specified
Bandwidth remaining
(warning)
Bandwidth remaining until warning is
reached
Bandwidth interval Selected bandwidth interval

Dat e/Time fields
These fields relate to the date and time the message was sent. Below is a list of
available Date/Time fields.

76
Time Time that the message was sent.
Date sent Date the message was sent. By default the date is
entered in the default format of the Policy Patrol
machine. To change the format, see table below.

To change the date field format, enter the date mask in between the square
brackets after the field. For instance, if you enter %[]Date[MMMM d, yyyy]%,
the date will be displayed as February 9, 2004.
Mask Meani ng
d Day of the month with no leading zero for single digit days
dd Day of the month with leading zero for single digit days
ddd Day of the week as three-letter abbreviation, i.e. Mon
dddd Day of the week as its full name, i.e. Monday
M Month as digits with no leading zero for single-digit months
MM Month as digits with leading zero for single-digit months
MMM Month as three letter abbreviation, i.e. Jan
MMMM Month as its full name, i.e. January
y Year as last two digits without leading zero, i.e. 4
yy Year as last two digits with leading zero, i.e. 04
yyyy Year represented by full four digits

Ot her fields
Below is a list of other fields.
Rule triggered Name of the rule that triggered
Words triggered If a word/phrase condition triggered the rule, this
field lists the words found including their score.

Tip
If you are not sure whether a field will exist in every instance, you can
specify a field prefix that will only be entered if the field is replaced. For
instance, if you wish to specify a website category but not each website is
categorized, you could enter the prefix in between the first square brackets
of the field as follows: %[Prefix]Field name[]%. For instance: %[Website
category:]Category[]%. This will mean that the text Website category: will
only be added if the website is categorized.
It is also possible to specify a default value in case a field does not exist.
For instance, if a web site is not categorized you could enter Not
categorized. To do this, you must enter the default value in between the last

77
square brackets of the field as follows: %[]Field name[Default value]%. For
example: %[]Category[Not categorized]%.
Note that you cannot enter fields as a prefix or default value.

79
HTML Block pages
lock pages are HTML pages that can be displayed when access to a web
page is forbidden. Optionally, block pages can contain merge fields such
as user, web page, quota, date and other fields.
Creat ing block pages
An HTML block page can be created in any HTML editor. Optionally the page
can include merge fields. For a description of available fields, consult the Fields
paragraph in Chapter 8. Remember that the field names must be entered in the
web page as follows: %[]Field name[]%. HTML block pages must be saved in
\Program Files\Red Earth Software\Policy Patrol Web\Processor\HTML
templates.
Sample block pages
Policy Patrol includes a number of sample block pages that you can use or edit
to include your own company messages. The sample pages can be found in
\Program Files\Red Earth Software\Policy Patrol Web\Processor\HTML
templates.
Blocked access page
When a user is denied access from the Monitoring node, the HTML block page
Blocked-access.htm will appear. If you wish to customize this page, you can
edit the page from \Program Files\Red Earth Software\Policy Patrol
Web\Processor\HTML templates. Note that this HTML page cannot contain any
merge fields and that you cannot rename the file.
Chapter
9
B

81
Creat ing schedules
his chapter discusses how to create schedules that can be used to
enable rules at certain times of the day or on certain dates. This can be
useful to for instance apply different rules during working hours than
non-working hours.
Creat e a schedule
To create a new schedule:
1. Click New. The Schedule wizard will appear.
2. Specify the schedule settings. If you wish to include certain days and times
of the week, select the option Specify days of the week and select the
days and hours the schedule must include. The selected hours will be
displayed in blue. If you wish to specify half hours and quarter hours, select
the Half hour or Quarter hour option from the Interval drop-down box.
Note that the number that you select is when the schedule begins, e.g. if
you select full hour and specify 8 until 13, the schedule will run from 8.00
until 14.00.

Chapter
10
T

C R E A T I N G S C H E D U L E S
82
To apply a schedule on certain dates, select Specify date (range). Specify
whether the schedule must apply when the date equals, is after, is
before, is between or is not between specific date(s). Enter the
appropriate date(s). If you select after or before, the rule will not run on the
actual date selected, but after or before it. For instance, if you select that a
schedule must apply after January 1
st
, it will start on January 2
nd
. If you
select before January 1
st
, the schedule will apply on any date before, but
not including January 1
st
. If you select between or not between, the
schedule will apply/not apply between and including the dates selected. For
example, if you configure a schedule and select is not between January 1
st

and January 3
rd
, it will not run on January 1
st
, January 2
nd
and January 3
rd
.
If you create a schedule and select is between January 1
st
and January 3
rd
,
it will apply on January 1
st
, January 2
nd
and January 3
rd
. If you wish the
schedule to apply on the same dates each year, select Ignore year.
3. Enter a name and description for the Schedule. Click Finish.
Edit ing a schedule
To edit an existing schedule, select the schedule in the list and click
Properties. Make the appropriate changes and click OK. To rename a
schedule, right click the schedule and click Rename. Make the changes and
press [Enter]. To remove a schedule, right-click the schedule and select
Remove. Remember that you cannot delete any schedules that are being used
in a rule.

Copying a schedule
To copy an existing schedule, right-click the schedule and select Duplicate.
The schedule will now be duplicated. The name will be displayed as follows:
Copy of <original schedule name>.

83
URL cat egories
olicy Patrol includes URL categories that allow you to create lists of
URLs. This chapter explains how to create the categories and how to
edit them.
Creat ing a URL cat egory
To create a new category, follow the next steps:
1. Go to URL Categories > <Folder> and click New.
2. Enter the URLs that you wish to include in the category. You can include a
domain (www.company.com), a sub domain (www.company.com/news) or
a complete path to a page (www.company.com/news/article5074.htm).
There is no need to enter http:// in front of the entries. You can use a *
wild card, but not the ? wild card, since a ? can occur in a URL. The * wild
card stands for any number of characters, so for instance if you wish to
check for shopping.msn.com, travel.msn.com as well as www.msn.com,
you must enter *. msn. com. If you wish to check for www.google.com,
www.google.co.uk and www.google.de, you must enter www.google.*.
Note that you cannot include more than one * wildcard per entry. You can
import URLs from .txt files by clicking on the Import button in the toolbar.
Each URL must be entered on a separate line. To export your URLs click on
the Export button. To remove duplicates click on the Remove duplicates
button. When you are ready, click Next.
Chapter
11
P

U R L C A T E G O R I E S
84

3. Specify the default quota settings for the category. These will be applied to
all (new) users. If you wish to set different limits for different users, you
can do so from Users & Quotas > select user(s) > Properties. For more
information on how to do this, see Chapter 4 Editing user quotas.

Set t ing bandwidt h limit s
If you wish to set a bandwidth limit for the category, tick the checkbox Use
bandwidth limit. Enter the amount of KB or MB you wish to limit the
bandwidth usage to. By creating a quota rule you can specify what should
happen if the limit is reached (see Chapter 4 Configuring quota rules).
Optionally you can specify a bandwidth warning level in KB or MB. The
bandwidth warning level can for instance be used to inform the user that
their bandwidth limit will soon be reached or to notify a manager or
administrator. Finally, select a daily or weekly bandwidth interval. If you
select a daily interval, the bandwidth usage will be counted per day. If you
select a weekly interval the bandwidth usage will be counted per week. For
instance, if you wish to limit the bandwidth usage of the Sports & News
category to 250 KB per user per day, select Use bandwidth limit and
enter 250 KB. Select per day as the bandwidth interval.

85
Set t ing t ime limit s
If you wish to set a time limit for the category, tick the checkbox Use time
limit. Enter the number of hours and minutes you wish to limit the
browsing time to. By creating a quota rule you can specify what should
happen if the limit is reached (see Chapter 4 Configuring quota rules).
Optionally you can specify a time warning level in hours and minutes. The
time warning level can for instance be used to inform the user that their
time limit will soon be reached or to notify a manager or administrator.
Finally, select a daily or weekly time interval. If you select a daily interval,
the time usage will be counted per day. If you select a weekly interval the
time usage will be counted per week. For instance, if you wish to limit the
time usage of the Web email category to 30 minutes per user a week,
select Use time limit and enter 00.30. Select per week as the time
interval.
Select the interval that should be applied when a user has no quota limits
set. Since the bandwidth and time usage is displayed for all users in
Monitoring, this interval will be used to display the usage for users and
categories without quotas.
4. Enter a category name and description and click Finish.
Not e
The category Uncategorized includes all websites that are not included
in a custom URL filter. Note that this category cannot be deleted.
Edit ing cat egories
To edit an existing category, select the category in the list and click
Properties. A dialog with four tabs will appear. In the first tab you will be able
to change the contents of the category. You will see a column behind the
entries called Added by Web filter. If the entry was automatically added by a
Policy Patrol Web rule, this box will be checked. Note that you cannot check or
uncheck this box yourself. In the second tab (Default quota settings) you will
be able to change the default quota settings. If you make a change in the quota
settings for the category, you will be asked whether you wish to apply the
change for all users. Remember that if you configured different quota limits for
particular users, these will be overwritten if you click Yes. The third tab
(Description) will include the description of the category. The fourth tab
(Modified) will show when and who made the last changes to the category.
When you are ready, and click OK.

86

87
Monit oring
onitoring allows you to gain real-time insight into users online
sessions and the amount of bandwidth being consumed. Policy Patrol
also allows you to immediately terminate a user session if necessary.
Bandwidt h monit oring
Policy Patrol allows you to check bandwidth usage in real-time. Two pie charts
will display the total amount of used and unused bandwidth for uploading and
downloading. Remember that to calculate the free bandwidth you must enter
your total upload and download bandwidth in <server name> > Advanced >
System Configuration > Bandwidth Tab.
Session monit oring
Session monitoring allows you to gain real-time insight into users current
online sessions. For each user currently online, Policy Patrol will show the User
name, last visited URL, Category, bandwidth used and time online since the
start of the session. If you click on the plus sign next to the user, the program
will display the last 10 URLs visited during the session as well as the respective
time and bandwidth usage.
Not e
Sessions and last visited URLs are shown with a 3 minute delay. This means
that when a user starts up a new web browsing session the user will only
appear in the list after 3 minutes.

Chapter
12
M

M O N I T O R I N G

88

Inst ant ly block access for users
If you wish to instantly block access for a user, select the user and click Block
access. You will be able to specify for how long you wish to block Internet
access. When access is blocked a block page will be shown. To customize the
block page, you can edit the HTML page Blocked-access.htm in \Program
Files\Red Earth Software\Policy Patrol Web\Processor\HTML templates\Blocked-
access.htm.

Not e
If an https:// page or file download is blocked, no block page will be shown.
Monit oring permissions
Policy Patrol allows you to specify which users have the right to view other
users sessions, and whether they have the permissions to temporarily block
access to the Internet. By default, each user has full access to the Monitoring
component. To change the access rights for a certain component, follow the
next steps:

M O N I T O R I N G

89
1. Right-click the Monitoring component and choose Component
properties
the component. To change permissions, select the group and change the
View View sessions
Create Not applicable
Edit Block access
Delete Not applicable

If you only wish certain users to have rights to Monitoring, click on Add and
select the user(s) with the permissions. Select Allow or Deny for the
If you wish all users to have access to the component apart from a couple
of exceptions, click on Add and select the users to be denied access. Select
A Folder owner has the right to change the component permissions for the
component. Therefore, if you wish to deny permissions for a user, you must
also select Deny for the Folder owner right.
Remember that each component needs to have at least one Folder owner
and that Administrators cannot be denied any permissions.
When you have finished editing permissions, click OK.

91
Virus checking
olicy Patrol Web offers an additional anti-virus module that you can use
to scan web pages and files for viruses. In addition, it can detect and
block Spyware, including Riskware, Pornware and Adware.
Kaspersky
TM
Ant i-Virus
Kaspersky Anti-Virus detects and removes known viruses, even if they are
included in compressed, encrypted or archived files. Furthermore, Kaspersky
Anti-Virus includes a sophisticated Code Analyzer that detects harmful
instructions in a code and can therefore block viruses, email exploits and
malicious scripts & macros even if they are still unknown. The Code Analyzer
has proven to be up to 92% effective. Kaspersky Labs is one of the world's
leading developers of data-security software and its virus database is updated
twice daily. This ensures that with Kaspersky Anti-Virus even the newest
viruses can be neutralized quickly. For more information about Kaspersky labs,
visit their website at: http://www.kaspersky.com.
Chapter
13
P

V I R U S C H E C K I N G
92

Configure Kaspersky
TM
Ant i-Virus
Open the Policy Patrol Administration console and select the Kaspersky Anti
virus node. The license expiry date will be listed as well as the date and time
that the anti-virus engine was last updated. Note that the settings will show
unknown until you have browsed to a website at least once.
By default, Kaspersky updates are scheduled to run daily at 8 pm. To change
the scheduling of the updater, click on the Schedule button (Note that this
option is only available on the Policy Patrol machine itself, not when connecting
remotely). Select the Schedule tab and make the necessary changes. Click
OK.

V I R U S C H E C K I N G
93

Once Kaspersky is installed, Policy Patrol will start scanning all web pages and
files for viruses. However, you will still need to configure a rule that specifies
what should be done when a virus is detected.
Copying your Kaspersky key
If you have purchased the Kaspersky Anti-virus module, you will receive your
key via email. You must copy this key to C:\Program Files\Red Earth
Software\Policy Patrol Web\Processor\av\Kaspersky\klav.

95
Advanced opt ions
olicy Patrol Web includes some advanced options that can be configured
in System Configuration and System Parameters. This chapter explains
the different settings available.
Syst em configurat ion
System configuration options are found in <server name> > Advanced >
System configuration. The following tabs are available:
Syst em not ificat ions
In this tab you must specify your mail server and system notifications options.
The mail server settings will also be used for email notifications. Enter or select
your mail server and enter the SMTP Port. By default the Port is 25. In the
From: field, enter the sender of the email. In the To:, Cc: and Bcc: fields, enter
the recipients for the system notifications. For internal recipients you can also
click on and select the recipient from the user list. The recipient addresses
entered here will also be taken as the Administrator address(es) when
configuring notifications. To test whether the settings are correct, click on the
Test button. A test message will be sent.

Chapter
14
P

A D V A N C E D O P T I O N S

96
Bandwidt h
In this tab you must specify your companys total upload and download
bandwidth. These figures are used for monitoring general bandwidth usage.

Caching
Here you can select the caching options. You can select Block client caching
of HTML pages (recommended) or Block all client caching i.e. HTML pages
and images (only recommended for fast Internet connections).

Not e
Caching for HTML pages must always be disabled. This is because otherwise
some Policy Patrol rules might not be applied since the pages have already
been cached and will not be filtered by Policy Patrol.

A D V A N C E D O P T I O N S

97
Syst em Paramet ers
Policy Patrol system parameters are similar to registry keys and must not be
changed unless you are asked to do so by Policy Patrol technical support staff.

98
Sample rules
olicy Patrol includes several sample rules to help you enforce your
Internet usage policy as soon as possible. The sample rules are included
in the Rules > Sample rules folder.
Sample rules
The program includes a number of sample web filtering rules. To view the
rules, go to Rules > Sample Rules. By default all sample rules are disabled,
so to start filtering web traffic you must first select the rule in the list, right-click
and choose Enable. Sample rules are applied to all users. To apply rules to
selected users, double-click on the rule, go to the Users tab and select the
users that the rule should apply to. Some rules use a sample block page. These
pages can be edited and customized in any HTML editor. The sample block
pages are located in \Program Files\Red Earth Software\Policy Patrol
Web\Processor\HTML templates. The rules are sorted in three sub folders: File,
Quota and Web page:
File rules
Block dangerous file downloads: This rule blocks potentially dangerous http
and ftp file downloads and sends a network message and an email
notification to the user. Remember that you must enter a correct From:
address in notifications, by double-clicking on the rule and clicking on the
user link in the description. You must also enter your company name in the
email notification Block dangerous file downloads.
Block downloaded files with viruses or spyware: This rule blocks http and
ftp file downloads that contain viruses or spyware and sends a network
message and an email notification to the user. Remember that you must
enter a correct From: address in notifications, by double-clicking on the rule
and clicking on the user link in the description. You must also enter your
company name in the email notification Virus or Spyware found in file.
Chapter
15
P

S A M P L E R U L E S
99

Block large file downloads: This rule blocks http and ftp file downloads that
are larger than 5 MB and sends a network message and an email
notification to the user. Remember that you must enter a correct From:
address in notifications, by double-clicking on the rule and clicking on the
user link in the description. You must also enter your company name in the
email notification Large file download blocked.
Quot a rules
Block access when quota limit is reached: This rule blocks access when the
users quota limit is reached and sends an email notification to the user.
The rule is scheduled to run only during business hours (8.00-18.00), so
that after business hours web browsing is not limited. If you want to change
the business hours schedule, you can do so from Schedules. Remember
that you must enter a correct From: address in notifications, by double-
clicking on the rule and clicking on the user link in the description. You must
also enter your company name in the email notification Quota limit has
been reached. Note that this rule should be ordered above the quota rule
Network message when quota warning is reached, otherwise this rule will
never trigger (since the warning will always be reached before the limit). To
set the rule order, select the Rules component and click on Rule order.

100
Network message when quota warning is reached: This rule sends a
network message to the user when the quota warning level is reached. The
rule is scheduled to run only during business hours (8.00-18.00), so that
after business hours web browsing is not limited. If you want to change the
business hours schedule, you can do so from Schedules.
Web page rules
Block access to http:// web mail sites: This rule blocks access to http://
URLs listed in the web mail URL category and shows an HTML block page.
Please contact technical support (support@redearthsoftware.com) for a
sample web mail URL category filter.
Block access to https:// web mail sites: This rule blocks access to https://
URLs listed in the web mail URL category and sends a network message
and email notification to the user. Please contact technical support
(support@redearthsoftware.com) for a sample web mail URL category filter.
Remember to add the company name in the template Web mail site
blocked.
Block access to inappropriate URL category: This rule blocks access to all
web sites with URLs in the inappropriate URL category and sends an email
notification to the user and Administrator. The inappropriate URL category
is automatically filled by the rule Block access to inappropriate websites.
Remember that you must enter a correct From: address in notifications, by
double-clicking on the rule and clicking on the user, administrator(s) link in
the description. You must also enter your company name in the email
notifications Inappropriate website blocked (user) and Inappropriate
website from URL category (Admin).

Block access to inappropriate websites: This rule blocks access to websites
that contain words in the URL or Web page from the Porn, Gambling,
Violence or Racist filters. In addition it sends an email notification to the
user and Administrator and adds the URL to the Inappropriate URL

101
category. Remember that you must enter a correct From: address in
notifications, by double-clicking on the rule and clicking on the user,
administrator(s) link in the description. You must also enter your company
name in the email notifications Inappropriate website blocked (user) and
Inappropriate website blocked (Admin).
Block access to job websites: This rule blocks access to websites that
contain words in the URL or Web page from the Jobs filter.
Block access to sites with viruses or spyware: This rule blocks all web pages
that contain viruses or spyware and sends an email notification to the user.
Remember that you must enter a correct From: address in notifications, by
double-clicking on the rule and clicking on the user link in the description.
You must also enter your company name in the email notification Virus or
Spyware found in web page.
Block non-business sites during working hours: This rule blocks access
during working hours to websites that contain words in the URL or Web
page from the Shopping, Sports, Financial, Travel or News filters, with the
exception of white listed URLs. In addition it adds the URL to the Non-
business URL category. You can enter white listed URLs by going to URL
categories and selecting the properties for the White list category. The
rule is scheduled to run only during business hours (8.00-18.00), so that
after business hours web browsing is not limited. If you want to change the
business hours schedule, you can do so from Schedules.
Only allow access to white listed URLs: This rule blocks access to all web
pages unless they are listed in the URL category White list. To enter white
listed URLs go to URL categories, select the properties for the White list
category and enter the URLs.

Regulate access to Non-business URL category: This rule blocks access during
working hours to all web sites with URLs in the Non-business URL category,
except those listed in the white list. The Non-business URL category is
automatically filled by the rule Block non-business sites during working hours.

102
You can enter white listed URLs by going to URL categories and selecting the
properties for the White list category. The rule is scheduled to run only during
business hours (8.00-18.00), so that after business hours web browsing is not
limited. If you want to change the business hours schedule, you can do so from
Schedules.

103
Troubleshoot ing
his chapter deals with Policy Patrol troubleshooting. If you have a
problem you can consult the Policy Patrol online knowledge base,
run the Policy Patrol Web Support Wizard.
Knowledge Base
If you have a question or problem with Policy Patrol you can consult our
extensive online knowledge base at http://www.policypatrol.com/kb.asp.
Some of the questions and answers are listed below. If you do not find
your answer, please send an email to support@redearthsoftware.com.
Policy Pat rol Web is not filt ering anyt hing
1. Have you configured integrated authentication in ISA Server? See
Chapter 2 for instructions on how to do this.
2. Have you removed the cache on the client before using Policy Patrol
Web? If you do not remove the cache, Policy Patrol will not be able to
filter any pages in the cache. You only need to do this once when you
install Policy Patrol Web. Once the program is installed, client caching
will be automatically blocked from the server.
3. Is your Policy Patrol license still valid? Check this from <server
name> > Security > Licenses.
Policy Pat rol Web has suddenly st opped working
Policy Patrol Web will automatically stop working when memory usage is
more than 90% and the available free physical memory is less than 80
MB. As soon as the resources are available again Policy Patrol Web will
start filtering web traffic.
Will my ant i-virus or backup soft ware int erfere wit h Policy Pat rol Web?
No, as long as you do not scan or backup the \Program Files\Red Earth
Software\Policy Patrol Web\Server\Data directory since this will cause
the program to function improperly.
Chapter
16
T

T R O U B L E S H O O T I N G
104
My ant i-virus set t ings display unkown
The Kaspersky anti-virus settings will only be displayed after you have
browsed to at least one website.
The email not ificat ion is not sent
Have you configured your mail server settings in <server name> >
Advanced > System configuration > System notifications? If it is
an external email address; have you allowed the Policy Patrol Web
machine to relay mail through your mail server? Note that an identical
email notification email to the same user is only sent once per minute.
Net work message did not pop up
Note that an identical network message to the same user is only sent
once per minute.
Merge field is not working
Check the field in the Template to see whether you might have applied
formatting to part of the field. If you dont select the whole field this will
cause the fields not to be replaced.
My rule t hat searches for words/phrases never t riggers
Check whether you have enabled word score in the selected Word/Phrase
filter, and have left the word score threshold in the filter at 0. In this case
the rule will never trigger since a threshold of 0 is considered invalid.
I cannot enable my rule
This happens when you still need to configure one or more option(s).
Open the rule properties and click on the red links in the description to
select the required options.
Why are t he t imes in Sessions and Quot as not always t he same?
The time counters in Sessions and Users & Quotas are refreshed at an
interval of 3 minutes. The intervals do not run at the same time, which
means that the quotas and sessions can display different times. Also, if
there is no browsing for 5 minutes, the session is closed. If you start
browsing again, a new session is opened and time is counted from 0
again. The quota time figure however, will add the new session time to
the time that was already used.
How can I copy t he Policy Pat rol configurat ion t o anot her machine?
1. Stop the Policy Patrol Data Manager service on the source installation
(make sure that the Policy Patrol Administration console is closed) by
going to Start > Settings > Control Panel > Administrative Tools >
Services. Select Policy Patrol Data Manager and click Stop.
2. Stop the Web Proxy in Microsoft ISA Server on the source installation
by going to Start > Run > enter cmd and click OK. If you have ISA
Server 2000 enter: net st op w3pr oxy [Enter]. If you have ISA
Server 2004 enter: net st op f wsr v [Enter].
3. Copy the files starting with PPWF_ in \Program Files\Red Earth
Software\Policy Patrol Web\Server\Data.

105
4. On the destination machine, stop the Policy Patrol Data Manager
service (make sure that the Policy Patrol Administration console is
closed) by going to Start > Settings > Control Panel > Administrative
Tools > Services. Select Policy Patrol Data Manager and click
Stop.
5. Stop the Web Proxy in Microsoft ISA Server on the destination
machine by going to Start > Run > enter cmd and click OK. If you
have ISA Server 2000 enter: net st op w3pr oxy [Enter]. If you have
ISA Server 2004 enter: net st op f wsr v [Enter].
6. Paste the previously copied files to the \Program Files\Red Earth
Software\Policy Patrol Web\Server\Data directory on the destination
machine.
7. Restart the Policy Patrol Data Manager service on both machines
by going to Start > Settings > Control Panel > Administrative Tools >
Services. Select Policy Patrol Data Manager and click Start.
8. Restart the Web proxy in Microsoft ISA Server on both machines by
going to Start > Run > enter cmd and click OK. If you have ISA
Server 2000 enter: net st ar t w3pr oxy [Enter]. If you have ISA
Server 2004 enter: net st ar t f wsr v [Enter]. The destination
machine will now have the same configuration as the source
machine.
Support Wizard
If you are experiencing a problem with Policy Patrol Web, you can use
the Policy Patrol Support Wizard to gather all the relevant information
and send a message to Red Earth Software technical support. To run
the Support Wizard:

1. Go to Help > Support Wizard. The Support Wizard will start
up.
2. In the welcome screen, click Next.
3. Enter your contact details and a problem description. Try to
describe the problem as accurately as possible, providing any
information that could be useful for troubleshooting the
problem.

106

4. Next, Policy Patrol will gather your configuration files and send
your support request off to Red Earth Software technical
support. Click Finish to exit the wizard.
Not e
The support wizard can only be run from the server, not from a
remote administration console.
Cont act ing Red Eart h Soft ware
If you require any assistance, please contact us at one of the
following offices:

Red Earth Software, Inc. Red Earth Software (UK) Ltd
4906 El Camino Real, Ste 209 20 Market Place
Los Altos, CA 94022-1444 Kingston-upon-Thames
United States Surrey KT1 1JP
Toll-free: 1-800-921-8215 United Kingdom
Phone: (650) 967 1011 Tel: +44-(0)20-8605 9074
Fax: (650) 887 0470 Fax: +44-(0)20-8605 9075
Sales: sales@redearthsoftware.com Sales: sales@redearthsoftware.co.uk
Support: support@redearthsoftware.com
Support: support@redearthsoftware.co.uk

Red Earth Software Ltd
Sonic House, Suite 301
43 Artemidos Avenue
6025 Larnaca
Cyprus
Tel: +357-24 828515
Fax: +357-24-828516
Sales: sales@redearthsoftware.com
Support: support@redearthsoftware.com

107

Policy Patrol
is a registered trademark of Red Earth Software
. Copyright 2001- 2006 by Red Earth Software.

108

Index

A
Actions 46, 55, 60
Active content 44
Active Directory 19, 20, 25, 26
Administrator address(es) 17, 95
Authentication 10, 11, 12, 104
B
Bandwidth limit 18, 28, 84
Bandwidth monitoring 87
Binary text file 54
Bold 72
C
Caching 96
Case sensitive 66, 67, 68
Client cache 12
CLSID extension 54
Component rights 33
Conditions 41, 51, 59
Configuration Wizard 17
D
Date/Time fields 75
Default value 76, 77
E
Exceptions 40, 46, 51, 55, 59, 60
Export 67, 68, 69, 73
F
FAQs 104
Field prefix 76
File conditions 53
File Filter 67
File name 67, 68
File rule 50
File size 53
Folder owner 35, 36, 37, 89
Folder rights 33
Font color 72
Font size 72
Font type 72
Frequently asked questions 104
Ftp 51
H
HTML block page 79
HTML source 73
Http 40
Https 40
I
Import 67, 68, 69, 73
Insert Field 71, 72
Insert image 72
Installation 14
IP filter 68
Italics 72
K
Kaspersky 91

I N D E X
109
Knowledge Base 104
M
Match all of the conditions 41, 52, 59
Match any of the conditions 41, 52, 59
Microsoft .NET Framework 9, 21
Monitoring permissions 88
Move 63, 69, 74
Multiple count 66
Multiple extensions 54
N
Network message 49, 57, 62
Notification message 47, 48, 57, 61, 71, 72, 73
NT domain 20, 25, 26
O
Ordering rules 63
Other fields 76
P
Primary actions 46, 47, 55, 56, 60
Q
Quota fields 75
Quota rule 58
R
Redirect URL 47, 56, 61
Regular Expression 67
Remote administration 21
Remove duplicates 67, 83
Rename 62, 69, 74
S
Schedules 81
Secondary actions 46, 47, 55, 56, 60, 61
Services 21
Session monitoring 87
Spoofed file 54
Streamed content 43
System Configuration 95
System Notifications 17
System requirements 9
T
Tag 74
Tag template 73
Templates 71, 74
Time limit 18, 28, 60, 85
U
Underline 72
URL categories 25, 41, 52, 83
URL conditions 40, 43, 64
User access rights 33
User fields 74
User quotas 28
Users 25, 40, 50, 51, 59
V
Virus 54
W
Web page fields 75
Web page rule 40
Whole or part of word(s) are matched 66, 67
Whole word(s) are matched 66, 67
Windows 2000 9, 21
Word score 66, 67, 105
Word score threshold 105
Word/Phrase filter 65, 105

Isa PPWManual

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Isa PPWManual

Transféré par

Droits d'auteur :

Formats disponibles

Manual

POLI CY PATROL WEB

is a registered trademark of Red Earth Software

. All product names referenced in this

is a registered trademark of Red Earth Software

. Copyright 2001- 2006 by Red Earth Software.

Vous aimerez peut-être aussi