GENERAL FEATURES OF THE ANTIVIRUS PRODUCT

The product is an integrated security management platform that was designed as a modular
solution that runs on virtualized infrastructure. The product must include the following modules:
A. Management console provides the management functionalities.
B. Module for physical desktops, laptops and servers.
C. Module for virtualized environments. An antivirus product created especially for a
virtualized environment.
D. Module for mobile devices that provides security and compliance control for
smartphones and tablets for iOS and Android operating systems.

A. MANAGEMENT CONSOLE
1. Installation and configuration:
1. The installation package will be delivered as a single virtual appliance (virtual image)
with all roles/services. The supported virtualization platforms are:
a. VMware vSphere, View;
b. Citrix XenServer, XenDesktop, VDI-in-a-Box;
c. Microsoft Hyper-V;
d. Red Hat Enterprise Virtualization;
e. Kernel-based Virtual Machine or KVM;
f. Oracle VM.
Other virtualization platforms will be supported if a request is made to the antivirus
product developer.
2. The scanning machines for the virtual environments can be downloaded separately from
the web interface.
3. Any role/service can be installed alone or on the same virtual machine with other
roles/services.
4. Main roles should be similar to: Database Server, Communication Server, Update
Server and Web Server.
5. Additionally may include a balancer module available for cases of multiple machines
installed with the same role (for High Availability, Disaster Recovery, performance, etc.).
2. General features:
1. Flexible licensing (separate key for every service allowing different number of licensed
objects and different expiration dates, history of all entered keys).
2. Simple architecture update - just click on update and all roles and services will be
updated with necessary packages.
3. On-demand packages update allows administrator to choose which client packages will
be updated in order to conserve bandwidth.
4. Notifications - always shown in the main menu, highlighted unread items, sent by mail,
alerts the administrator for major issues: licensing issues, outbreak alerts, and outdated
machines.
3. Dashboard for monitoring and reporting:
1. Based on configurable portlets, where it can be specified the name, type of report, target
of the report, specific options for every report type (ex: for update report which is the
update interval after a computer is considered outdated).
2. Multiple pages.

3. Supports addition, removal, and rearrange order.

4. Network inventory security management tasks:
1. Integrates with Active Directory, Vmware vCenter, Citrix Xen and imports the inventory
for these platforms. For the Active Directory integration, the administrator can define the
synchronization time interval (in hours).
2. Integrates with Microsoft Hyper-V, Red Hat VM, Oracle VM, KVM and the virtual
machines are discovered through Network discovery.
3. Network discovery for nonintegrated machines in Active Directory, Vmware vCenter,
Citrix Xen with the help of Network Discovery, for both physical and virtual workstations
and servers.
4. Real-time search, sort and filtering by hostname, operating system and IP addresses.
5. Remote deployments & uninstall of the antivirus product.
6. Manual & configurable installation packages for the antivirus product.
7. Remote scans tasks, configurable.
8. Remote workstation or server restart task.
9. Centralized task results section with detailed info for every subtask.
10. Assign policies on every level.
11. Powerful policies assignment options: configure policies inheritance, force policies
configuration, etc.
12. Detailed properties of managed objects: Name, IP, Operating System, Group, Assigned
Policy, Latest malware status, latest scan logs.
5. Policies:
1. Single template for every service.
2. Each security service has its configurable policy template with specific options to
activate/ deactivate and configure functionalities like antimalware scanning, two-way
firewall with intrusion detection, network access control, application control, web access
control, encryption, device location, authentication enforcement and actions to be taken
in case of malware and non-compliant devices detected, like remote lock, unlock, wipe..
6. Reports:
1. Large number of reports.
2. Easy to use from one view: summary and details in the same page, active summary
section (filters details by clicking on summary section).
3. Scheduled, can be sent by mail to any number of recipients (its not required to have
also an account in the console).
4. Filters for scheduled reports in order to receive by mail only relevant information for each
user.
5. Archive with all the generated instances of a scheduled report.
6. Export summary to .pdf file, details to .csv file.
7. Quarantine:
1. Remote restores, with configurable location and delete.
2. Download files, available only for virtual machines integrated with vShield.
8. Users:
1. Role based administration.
2. Multiple predefined types: root, administrator, and reporter.
a. Root: manages the solution components;
b. Administrator: manages the security services;

c. Reporter: monitor and create reports.

3. User list importable from Microsoft Active Directory (AD authentication will be used for
login).
4. Detailed configuration for administrative target rights, to select which services and
objects a user is allowed to manage. Automatic log off for any type of user for enhanced
security regarding the information shown in the management console.
9. Logs:
1. Register user actions for compliance.
2. Detailed logs for every user action.
3. Complex search.
10. Security certificates:
1. The access to the management console must be protected (https).
2. The web server, from the central management console must allow importing digital
certificates issued by a licensed certification authority or by their own organization.
Importing certificates to be intuitive and done form the central management console.
3. The management and the communication with mobile devices (iOS) must be done
secured, through digital certificates. These certificates will be signed by a Certification
Authority authorized or by their own organization.
4. It allows you to import the certificate chain of PKI (public key infrastructure).
5. Must support digital certificate encryption keys with the minimum length of 1024 bits.
6. Digital certificates, once imported, must be replaceable in case they expire or are
revoked.
7. The accepted certificates in the import process must be in pfx or p12 format and
protected by a password.
8. The solution must be able to generate digital certificates by itself.
9. The solution must be able to show in the central console information about the
certificates: name, issuing authority, date of issuance and expiration date of certificates
issued.

B. PROTECTION FOR PHYSHICAL WORKSTATIONS AND SERVERS

1. Minimal and eliminatory features:
1. The existence of a single antivirus engine.
2. To minimize resource consumption, antivirus products should allow custom modules
installation (e.g. installing the antivirus product without the web access control module or
without Firewall module).
2. System requirements:
Workstation operating systems: Windows 8, Windows 7, Windows Vista (SP1), Windows
XP (SP3)

Tablet and embedded operating systems: Windows Embedded Standard 7, Windows

Embedded POSReady 7, Windows Embedded Enterprise 7, Windows Embedded
POSReady 2009, Windows Embedded Standard 2009, Windows XP Embedded with
Service Pack 2, Windows XP Tablet PC Edition

Server operating systems: Windows Server 2012, Windows Small Business Server
(SBS) 2011, Windows Small Business Server (SBS) 2008, Windows Server 2008 R2,
Windows Server 2008, Windows Small Business Server (SBS) 2003, Windows Server
2003 R2, Windows Server 2003 with Service Pack 1, Windows Home Server

3. Management and remote installation:

1. Before installation, the administrator can customize installation packages including only
the desired modules: firewall, content control.
2. The installation can be done in several ways:
a. By downloading the antivirus package directly to the workstation where it will be
installed.
b. By installing remotely, directly from the web console.
3. The installation on machines from a remote location will be performed using an existing
installed client in these locations to minimize WAN traffic.
4. The Management Console will report the number of workstations that have the antivirus
installed and the number of the workstations that are unprotected.
5. The management console will include in the dashboard configurable portlets/widgets.
6. The management console will include detailed information about workstations/servers:
name, IP, operating system, installed modules, applied policy, update information etc.
7. From the management console the administrator will be able to send a single policy to
configure the whole antivirus product, for both workstations and servers.
8. For the two types of accounts, Administrator and Reporter, they may be assigned what
groups of users they can change the settings for or generate reports.
9. The Management Console will include a "Log" section where all actions will be
mentioned, with detailed information: login, edit, create, logout, moved etc.
10. Possibility of creating a single package, used for both 32-bit operating systems and 64bit.
11. The administrator will be able to create groups or subgroups where to move the
workstations.
12. Have the possibility to select which client will discover the other computers in the
network.
4. The main features and functionality of antivirus and antispyware module:
1. Automatic real-time scanning can be set to not scan archives or files larger than "x" MB
file size can be defined by the administrator of the solution, can also be defined the
maximum depth (16 levels) for scanning archives.
2. Behavioral heuristics scanning.
3. Demand and on-access scanning of any information storage media (CDs, external hard
drives, shared drive). Also, the scanning process can be stopped if the storage media
devices contain information more than "x" MB.
4. Automatic scanning of emails at the workstation level, regardless of the email client, for
both sent or received.
5. Configuring the paths to be scanned, up to file level.
6. The antivirus product will allow defining the scan exclusion list, for both "on-access" and
"on-demand" scan, for certain folders, disks, files, extensions or processes.
7. With a comprehensive database of spyware signatures and heuristic detection of these
programs, the product will have to offer antispyware protection.
8. In order not to overload system resources, antivirus product must contain a single scan
engine. He will be able to run scheduled scans with low priority and can automatically
shut down after scanning the workstation.

9. For greater protection, antivirus should have 3 types of detection: signature-based,

heuristic based and processes continuous monitoring.
10. For greater protection, antivirus should be able to scan HTTP and SSL as well.
11. For a better management of antivirus installed on workstations, the product will include
the option of setting a password for uninstallation protection.
12. For user safety, the client will include antiphishing module that will have the option of
checking links searched with the search engines (Search Advisor).
5. Firewall:
1. The ability to set the "stealth mode" at the local network level or the Internet level.
2. The module can be installed/uninstalled according to administrator preferences.
3. The module will include the Intrusion Detection System (IDS) configurable on 3 levels.
6. Quarantine:
1. The antivirus product must allow automatic sending of the quarantined files to the virus
lab.
2. Sending quarantined files will be automatically done in a predefined time interval
(number of hours) set by the administrator.
3. Antivirus product must allow automatic deletion of quarantined files older than a certain
period, not occupying unnecessary storage space.
4. The ability to move a file from quarantine to its original location.
5. The quarantine will allow objects to be scanned after each signature update.
7. Data Protection:
1. Allows blocking confidential data (pin card, bank account, etc.) for both HTTP and
SMTP, by creating specific rules.
8. User Control:
1. The console will have integrated a user control module with the following features:
a. Blocking Internet access for specific clients or client groups.
b. Blocking access to certain applications.
c. Blocking Internet access for certain periods of time.
d. Block web pages that contain certain keywords.
e. Allow access to specific web pages specified by the administrator.
f. Restricting access to certain websites by some predetermined categories (e.g.
online dating, violence, etc.).
9. Update:
1. Ability to wait for computer restart after the update, without notifying the user.
2. Cascaded update system using a local update server.
3. Update clients in a remote location through an existing client with update server role
built-in.

C. PROTECTION FOR VIRTUALIZED WORKSTATIONS AND SERVERS

1. Antivirus protection dedicated to virtualized environments minimal
requirements:
1. The product integrates with VMware VShield and offers the possibility of antivirus
scanning without installing an antivirus product on the virtual machine.
2. The central management component of the solution integrates with multiple VMware
vCenters.
3. For all the systems running Windows, Linux or Solaris, the product includes:
a. Process scanning;
b. Memory scanning;
c. Real-time scanning of files;
d. Scan files on demand;
e. Scanning virtual machines even when turned off (only for VMware VShield
integration).
4. Real time and on demand scanning for Linux virtual machines.
5. The product integrates with multiple Citrix Xen Servers (the inventories are imported
in the product).
6. The product integrates with Microsoft Hyper-V, Red Hat Virtualization, Oracle VM si
KVM.
7. Product must include a single virtual scanning machine that:
a. Contains the antivirus signatures;
b. Provides complete protection, up to date, when opening a virtual machine;
c. Provides optimized scanning.
8. The software product that is installed on virtual machines, to facilitate the
transmission of information to be scanned, must occupy about 10 MB of RAM.

2. General features:
1. Methods for detection of viruses, spyware, rootkits, and other malicious programs.
2. The product must allow automatic updating of the security virtual appliance, for
antivirus signatures and for the security virtual appliance operating system.
3. The product must report the current status of security host - VMs
protected/unprotected and security virtual appliances.

3. Minimum system requirements:

A. Virtualization platforms:
VMware vSphere, 5.1, 5.0 P1 (Patch # 474610-1) or 4.1 P3 (433,742-Patch # 3)
including ESXi 4.1 and ESXi 5.0 with:
VMware vCenter Server 5.1, 5.0 or 4.1
VMware VShield Manager 5.1, 5.0
VMware VShield VShield Endpoint Manager installed on host
VMware Tools 8.6.0 build 446312
VMware View 5.1, 5.0
Citrix XenDesktop 5.5, 5.0
XenServer 6.0, 5.6 or 5.5 (including Xen Hypervisor)
Citrix VDI-in-a-Box 5.x
Microsoft Hyper-V Server 2012, 2008 R2 or Windows 2008 R2 (including Hyper-V
Hypervisor)
Oracle VM 3.0

Red Hat Enterprise Virtualization 3.0 (including KVM hypervisor)

B. Operating Systems for Virtual Machines (32/64 bit):
Windows 8, Windows 7, Windows Vista, Windows XP (SP3)
Windows Server 2012, Windows Server 2008, Windows Server 2008 R2
Windows Server 2003, Windows Server 2003 R2
Oracle Solaris 11, 10
Linux distributions:
Red Hat Enterprise Linux 6.2, 6.1, 5.7, 5.6
CentOS 6.2, 6.1, 5.7, 5.6
Ubuntu 11.04, 10.04
SUSE Linux Enterprise Server 11
OpenSUSE 12, 11
Fedora 16, 15
4. The main features and functionality of antivirus module:
1. Automatic scanning of files that are being copied on external support and from LAN
or WAN.
2. Automatic real-time scanning of files can be set to scan only specific file types, with
specific extensions, defined by the administrator.
3. Automatic real-time scanning of files can be set to not scan archives larger than x
Kb, file sizes can be defined by the administrator of the solution.
4. The on demand scanning will include the following options:
a. Scan any storage media connected to the virtual machine;
b. Emails scanning;
5. Configuring the paths to be scanned, to file level;
6. Must allow the administrator to define certain folders, disks, files and extensions to
be excluded from the real time scanning and on demand scanning.
7. In order not to overload system resources, antivirus product must contain a single
scan engine.
8. To allow optimization of the amount of traffic sent to the network through a caching
mechanism on the scanning machine and virtual machine.
9. Agent failover/load balancing connections to scanning machine.
10. Policies can be applied to a VMware vCenter resource pool.

5. Quarantine:
1. Antivirus product must allow automatic deletion of quarantined files older than a
certain period, not occupying unnecessary storage space.
2. The ability to move a file from quarantine to its original location.
3. Ability to download the file directly to administrators workstation (only for VMware
VShield integration).
4. Ability to rescan quarantined files after each signature update.
5. Possibility of automatic sending files from quarantine to manufacturer laboratories at
a time interval set by the administrator.

6. Management and remote installation:

1. The security virtual appliance can be customized before installation. It is automatically
scaled according to several characteristics: number of virtual machines on the host,
networks, IP addresses allocated resources (CPU, memory) etc...
2. The management console will report the number of virtual machines that have installed
or not installed the virus protection solution and machine status: On or Off.

3. The possibility of management console to report whether or not the antivirus module is
enabled on the virtual machine.

D. SECURITY FOR SMARTPHONE DEVICES

1. Minimum System Requirements:
Apple iPhones and iPad tablets (iOS 5.1+)
Google Android smartphones and tablets (2.2+)
2. Features:
1. Allows associating a device with an Active Directory user.
2. Installation is done by sending an email to user, with installation details.
3. Device activation to management console will be performed using a QR code.
4. Installation packages can be downloaded from the Apple App Store and Google
Play.
5. The following actions can be taken:
a. Enforce screen lock and authentication;
b. Unlocking the device;
c. Restore to factory settings;
d. Locate device;
e. Device Scanning (for the Android operating system);
f. Device memory encryption (for the Android operating system).
6. The Management Console will report devices that are: active, inactive, disconnected,
rooted or jailbroken.
3. Security Settings:
1. If a device is not in compliant with the desired settings, the following actions can be
taken:
a. Ignore;
b. Block access;
c. Lock device;
d. Restore factory settings;
e. Remove de device from the Management Console.
2. Locking devices with a password action can be taken. This password can be
configured to contain:
a. Simple or complex password (specific to the Operating System);
b. Numbers and characters;
c. Minimum length defined by administrator;
d. Minimum special characters, defined by administrator;
e. Password expiration period. Period will be defined by administrator;
f. Setting password reuse restriction;
g. The number of incorrect password entries attempts;
h. Period of locking the device after a number of minutes defined by
administrator.
3. Several profiles can be generated, which will establish security rules for Wi-Fi
connectivity or VPN (only for iOS operating system), but also some related to access
to certain websites.

4. Wi-Fi profiles will contain the following options:

a. General SSID will be defined as well as the type of network security;
b. TCP/IP settings for both IPv4 and IPv6 protocols;
c. Proxy settings disabled, automatic or manually configured.
5. The profiles regarding the access to websites (Android operating system) include
features like:
a. Allowing, blocking or programming for specific days and time slots the access
to certain websites;
b. Creating exceptions to block or to allow access to specific websites.
6. The profiles regarding the access to websites (iOS operating system) include options
to enable or to disable:
a. Using of Safari browser;
b. Autocomplete options;
c. Alerting users when accessing malicious websites;
d. JavaScript;
e. Pop-ups;
f. Cookies.