Vous êtes sur la page 1sur 91

GFI WebMonitor 2009 for ISA Server

Manual

By GFI Software Ltd.

http://www.gfi.com E-mail: info@gfi.com

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of GFI SOFTWARE LTD.

GFI WebMonitor 2009 Last updated April 7, 2009.

Contents
Introduction 9
Introduction to GFI WebMonitor..................................................................................... 9 Editions .......................................................................................................................... 9 How does GFI WebMonitor work? ............................................................................... 10 Key features ................................................................................................................. 11 GFI WebMonitor licensing............................................................................................ 12 GFI WebMonitor product evaluation ............................................................................ 12

Installing GFI WebMonitor

13

Introduction .................................................................................................................. 13 System requirements ................................................................................................... 13 Installation .................................................................................................................... 14 Launching GFI WebMonitor ......................................................................................... 16 Downloading anti-virus signatures ............................................................................... 16 Upgrading from a previous version .............................................................................. 17 Uninstalling...................................................................................................................17

Navigating the GFI WebMonitor console

19

Introduction .................................................................................................................. 19 Navigating the GFI WebMonitor user console ............................................................. 19

Getting started: Using the GFI WebMonitor dashboard

21

Introduction .................................................................................................................. 21 The GFI WebMonitor dashboard ................................................................................. 22

Getting started: Monitoring Internet activity

27

Introduction .................................................................................................................. 27 Active Connections ...................................................................................................... 27 Past Connections ......................................................................................................... 28 Bandwidth consumption............................................................................................... 28 Sites History ................................................................................................................. 29 Top Time Consumption................................................................................... 29 Top Hits Count ................................................................................................ 30 Users History................................................................................................................ 31 Top Surfers ..................................................................................................... 31 Top Hits Count ................................................................................................ 32 Top Policy Breakers........................................................................................ 33 Site History Details....................................................................................................... 34 User History Details ..................................................................................................... 35 Activity Log...................................................................................................................36

Configuring allowed and blocked websites

37

Introduction .................................................................................................................. 37 Configuring the Whitelist .............................................................................................. 37 Preconfigured items ........................................................................................ 37 Adding items to the Permanent Whitelist........................................................ 37

GFI WebMonitor 2009

0BIntroduction 5

Delete items from the Permanent Whitelist .................................................... 38 Adding items to the Temporary Whitelist ........................................................ 38 Removing items from the Temporary Whitelist............................................... 40 Configuring the blacklist............................................................................................... 40 Adding items to the Blacklist ........................................................................... 40 Delete items from the Blacklist........................................................................ 41 Using wildcards ............................................................................................................ 41

WebFilter Edition Site rating and content filtering

43

Introduction .................................................................................................................. 43 Configuring Web Filtering policies ............................................................................... 43 Adding a Web Filtering Policy ......................................................................... 43 Editing a Web Filtering Policy ......................................................................... 48 Disabling a Web Filtering Policy ..................................................................... 48 Enabling a Web Filtering Policy ...................................................................... 48 Deleting a Web Filtering Policy ....................................................................... 49 Default web filtering policy .............................................................................. 49 Configuring advanced web filtering policy conditions .................................................. 49 Adding an advanced web filtering policy condition ......................................... 49 Editing an advanced web filtering policy condition ......................................... 50 Removing an advanced web filtering policy condition .................................... 51 WebGrade Database settings...................................................................................... 51 Enabling/disabling online lookups................................................................... 52 Viewing updated online lookups ..................................................................... 52 Enabling/disabling the database ..................................................................... 52 Configure database updates........................................................................... 52 Checking URL categories ............................................................................... 53

WebSecurity Edition File scanning and download control

55

Introduction .................................................................................................................. 55 Download Control policies ........................................................................................... 55 Adding a new Download Control Policy.......................................................... 56 Editing a Download Control Policy.................................................................. 59 Disabling a Download Control Policy.............................................................. 59 Enabling a Download Control Policy............................................................... 59 Delete a Download Control Policy .................................................................. 59 Default Download Control Policy .................................................................... 60 Adding Content-types ..................................................................................... 60 Configuring Instant Messaging (IM) Control Policies................................................... 61 Adding a new IM Control Policy ...................................................................... 61 Editing an IM Control Policy............................................................................ 64 Enabling/Disabling an IM Control Policy......................................................... 64 Deleting an IM Control Policy.......................................................................... 64 Configuring Virus Scanning Policies ............................................................................ 64 Adding a Virus Scanning Policy ...................................................................... 65 Editing a Virus Scanning Policy ...................................................................... 67 Disabling a Virus Scanning Policy .................................................................. 68 Enabling a Virus Scanning Policy ................................................................... 68 Delete a Virus Scanning Policy....................................................................... 68 Default Virus Scanning Policy......................................................................... 69 Scanning Engines ........................................................................................................ 69 Enabling/disabling the scanning engines........................................................ 69 Configure anti-virus updates ........................................................................... 70 Kaspersky Scanning Engine Options ............................................................. 71 Anti-Phishing Engine.................................................................................................... 71 Enabling/disabling the Anti-Phishing Engine .................................................. 72 Configure Anti-Phishing database updates .................................................... 72 Configure phishing notifications ...................................................................... 73

6 0BIntroduction

GFI WebMonitor 2009

Configuring GFI WebMonitor

75

Introduction .................................................................................................................. 75 Administrative Access Control ..................................................................................... 75 Adding users/IPs to the access permissions list............................................. 75 Deleting users/IPs to the access permissions list........................................... 76 Notifications..................................................................................................................76 Configuring email settings............................................................................... 76 Configuring email recipients............................................................................ 76 Deleting recipients: ......................................................................................... 77 General Settings .......................................................................................................... 77

Handling blocked downloads

79

Introduction .................................................................................................................. 79 Approving or Deleting items......................................................................................... 79 Viewing quarantined items.............................................................................. 79 Approving quarantined items .......................................................................... 80 Deleting quarantined items ............................................................................. 81

Reporting Setup

83

Introduction .................................................................................................................. 83 Enabling Reporting....................................................................................................... 83 The update reporting data now button............................................................ 84 Disabling Reporting...................................................................................................... 85

Miscellaneous

87

Introduction .................................................................................................................. 87 Entering your license key after installation .................................................................. 87

Troubleshooting

88

Introduction .................................................................................................................. 88 Knowledge Base .......................................................................................................... 88 Web Forum .................................................................................................................. 88 Request technical support ........................................................................................... 88 Build notifications ......................................................................................................... 89

Index

91

GFI WebMonitor 2009

0BIntroduction 7

Introduction

Introduction to GFI WebMonitor


GFI WebMonitor is a comprehensive monitoring tool that plugs in and compliments the functionality provided by Microsoft ISA Server to enable you to monitor and filter network users web traffic (browsing and file downloads) in real time. It also enables you to block web connections in progress as well as to scan traffic for viruses, trojans, spyware and phishing material. It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over your network users browsing and downloading habits. At the same time it enables you to ensure legal and best practice initiatives without alienating your network users.

Editions
GFI WebMonitor is available in 3 different editions. Each edition caters for systems administrators that have different requirements: WebFilter Edition: Filters web traffic and website use according to its built-in WebGrade database. This is a configurable website categorization database that determines access according to user/group/IP address/time. WebSecurity Edition: Provides a high degree of web security for downloaded web traffic. This is achieved through its built-in download control module and multiple anti-virus engines and anti spyware scanning modules. UnifiedProtection Edition: Provides both WebFilter Edition and WebSecurity Edition functionalities in a single package.

GFI WebMonitor 2009

0BIntroduction 9

How does GFI WebMonitor work?


GFI WebMonitor operations can be divided in 4 logical stages:

Figure 1 - How does GFI WebMonitor work

Stage 1 - Request initiation: At this stage users request a webpage or a download over the Internet. The incoming traffic generated by the users request is received by Microsoft ISA Server which in turn refers to GFI WebMonitor any web traffic (webpage requests, image downloads, file downloads) received. Stage 2 - Blacklist/Whitelist filtering: This stage comprises an internal GFI WebMonitor blacklist/whitelist filtering mechanism that analyzes user IDs, originating IP address and URL requested. Web traffic requested by blacklisted users and IP addresses or from blacklisted URLs, is rejected immediately. Web traffic requested by whitelisted users and IP addresses or from URLs that are whitelisted are automatically granted access and forwarded to the user. Requests that are neither blacklisted nor whitelisted are forwarded to the WebFilter module for processing.

Stage 3 - WebFilter module: The WebFilter module analyzes the uncategorized web traffic received from the blacklist/whitelist filtering mechanism against a comprehensive list of websites categorized in a wide variety of classes. Web traffic is rejected or approved according to policies set up against website categories included within the WebGrade database. WebGrade database synchronizes the updated

10 0BIntroduction

GFI WebMonitor 2009

URLs with the Internet. For more information refer to the section Webgrade database settings. Policies can be set to reject web traffic to a quarantine; where systems administrators can review and approve/deny according to needs and requirements. When the quarantined web traffic is manually approved, the formerly quarantined URL is put in a temporary whitelist so that users can have access to this web resource. NOTE: The WebFilter module is only available in the WebFilter Edition and the UnifiedProtection Edition of GFI WebMonitor. In the case of the WebSecurity Edition, web traffic is directly sent from the whitelist/blacklist filters to the WebSecurity module. Stage 4 - WebSecurity module: The WebSecurity module analyzes web traffic through the download control module and scans the incoming material for viruses, spyware and other malware. Infected material is automatically rejected or quarantined based on the policies set up. Web traffic is also scanned for phishing material through an updatable database of phishing sites. If this data is found to originate from a known phishing element, it is automatically rejected. The approved web material is then sent to the user through ISA Server. NOTE: The WebSecurity module is only available in the WebSecurity edition and UnifiedProtection editions of GFI WebMonitor. In the case of the WebFilter edition, web traffic is relayed to the user without going through the processes included in the WebSecurity module.

Key features
GFI WebMonitor includes the following features: Real time web activity monitoring. Immediate blocking of web access and downloads in progress. Web traffic security through multiple and updatable anti-virus engines and anti-spyware features. Native integration with Microsoft ISA Server as a web filter. No duplication of Microsoft ISA Server functionality. Easy installation with minimal configuration requirements. Real file type signature checking files with renamed extensions are automatically recognized with their real file type. Email notifications of important events. WebGrade Database enabling all website requests to be checked against an extensive and top-notch categorization database. Download control policies. URL, user and IP whitelist and blacklist that override all WebFilter and WebSecurity policies. Bandwidth use reporting per user/website. Quarantine of hazardous files and content. Web-based interface.

GFI WebMonitor 2009

0BIntroduction 11

GFI WebMonitor licensing


For more information on licensing and evaluation refer to the GFI website at: http://www.gfi.com/products/gfi-webmonitor/pricing/licensing

GFI WebMonitor product evaluation


You may download and try out a fully featured version of GFI WebMonitor without an evaluation key for 10 days. However you can apply for a 30-day product evaluation key by filling in the online registration form on the GFI website (available at http://www.gfi.com/downloads/register.aspx?pid=webmon&vid=5&lid= en) when downloading the product. This will also qualify you for free email support. The 30-day evaluation period key will be emailed to you automatically after you download the product. During the evaluation period all the GFI WebMonitor features are available.

12 0BIntroduction

GFI WebMonitor 2009

Installing GFI WebMonitor

Introduction
This chapter provides you with information related to the installation of GFI WebMonitor 2009.

System requirements
Install GFI WebMonitor on computers that meet the following hardware and software system requirements: WebFilter Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 1 GB Hard disk: 2 GB of available disk space. Processor: 1.8 GHz RAM: 1 GB Hard disk: 10 GB of available disk space.

WebSecurity Edition Minimum hardware requirements

GFI WebMonitor UnifiedProtection Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 2 GB Hard disk: 12 GB of available disk space.

NOTE: The hard disk size specifications specified for each edition are those required to install and operate the GFI WebMonitor edition. Allowance has been made for the downloads cache, processing space required for scanning, and history data files. However, this is only indicative; you may need to allocate additional disk space depending on your environment and number of users being monitored. Software requirements all editions Windows 2000 Server (SP4) or Windows 2003 operating system Microsoft ISA Server 2004 (SP3) or later Internet Explorer 6 or later .NET framework 2.0

NOTE 1: GFI WebMonitor can only be installed on the server machine hosting Microsoft ISA Server. NOTE 2: Internet Explorer 6 or later is recommended to be used for administration when using GFI WebMonitor.

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 13

Installation
Ensure that you run the program as a user that has Administrator privileges on the machine on which GFI WebMonitor is installed. 1. Launch the GFI WebMonitor installation setup and wait for the installation to load. 2. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website and click on the Next button. 3. Read the licensing agreement. To proceed with installation select I accept the terms in the license agreement option and click Next.

Screenshot 1 - Installation Access permissions

4. Specify the user name or the IP address, which can access the GFI WebMonitor Web interface and click Next to continue. NOTE: More than one user or computer can be specified. Entries shall be separated with a semicolon ;

14 1BInstalling GFI WebMonitor

GFI WebMonitor 2009

Screenshot 2 - Installation Customer Information

5. Specify the User Name and Organization respectively. If you have a license key, update the License Key details.

Screenshot 3 - Installation Logon Information

6. Specify the logon credentials of an account with administrative privileges to run the GFI WebMonitor service. Click Next to continue.

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 15

Screenshot 4 - Installation email settings

7. Specify the SMTP mail server details and email address where administrator notifications will be sent. Optionally, click Verify Mail Settings to send a test email. Click Next to continue. 8. Click Next to install in default location or click Browse to change path. 9. Click Install to start the installation, and wait for the installation to complete. 10. Click Finish. NOTE 1: For more information on how to configure ISA Server authentication, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002526. NOTE 2: The username and password provided must have Logon as Service rights; otherwise, it will be switched on automatically for the specified account. The username and password provided will be used to create and run a new service.

Launching GFI WebMonitor


Following the installation, launch GFI WebMonitor from Start Programs GFI WebMonitor GFI WebMonitor. Alternatively, GFI WebMonitors web console can also be launched through a web browser via the URL or IP address that points to the GFI WebMonitor installation on the ISA Server. Example: http://monitor.isa

Downloading anti-virus signatures


By default, anti-virus signatures are not included with the GFI WebMonitor installation. Upon installing GFI WebMonitor, the latest

16 1BInstalling GFI WebMonitor

GFI WebMonitor 2009

signatures for the supported scanning engines are automatically downloaded and installed.

Upgrading from a previous version


You can upgrade GFI WebMonitor if you have GFI WebMonitor 4 installed, by running WebMonitor2009.exe. In order to upgrade to the latest version run WebMonitor2009.exe, and, follow the instructions displayed on screen. NOTE: The upgrade process is similar to the installation instructions. For more information refer to the section named Installation.

Uninstalling
For more information on uninstalling GFI WebMonitor refer to http://kbase.gfi.com/showarticle.asp?id=KBID003241.

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 17

Navigating the GFI WebMonitor console

Introduction
GFI WebMonitors console is a web-based interface through which you can control every aspect of its functionality. Through it you can monitor, block and grant access to all network traffic on your network.

Navigating the GFI WebMonitor user console

Screenshot 5 - Navigating the GFI WebMonitor console

Viewing Pane The viewing pane located on the right hand side of the screen allows the GFI WebMonitor user to view and configure settings according to the node selected in the Navigation Bar.

GFI WebMonitor 2009

2BNavigating the GFI WebMonitor console 19

Navigation Bar This consists of all the sections and features configurable by GFI WebMonitor. Located on the left-hand side of the screen, the available nodes are: Dashboard provides a graphical overview of statistical information. Monitoring web traffic monitoring functions. Whitelist/Blacklist permanent and/or temporary whitelist and blacklist functions. WebFilter Edition manage and control access to different websites categories for users, groups and IPs. WebSecurity manage and control restrictions to web applications for network users, IPs or groups. Configuration Configure settings and administrative features for GFI WebMonitor. Licensing Provides access to the licensing setup and version information. Quarantine Configure and manage quarantined items that were blocked by GFI WebMonitor. Help Provides help on all aspects of GFI WebMonitors functionality.

20 2BNavigating the GFI WebMonitor console

GFI WebMonitor 2009

Getting started: Using the GFI WebMonitor dashboard

Introduction
The Dashboard node enables you to obtain graphical and statistical information related to GFI WebMonitors operation. This includes: Usage and operations statistics Hits over time and bandwidth usage trend charts WebFilter statistics Last blocked requests and security threats.

GFI WebMonitor 2009

3BGetting started: Using the GFI WebMonitor dashboard 21

The GFI WebMonitor dashboard

Screenshot 6 - GFI WebMonitor Dashboard

Access the GFI WebMonitor Dashboard by clicking the Dashboard node in the navigation bar. The dashboard shows the information described in the sections below. NOTE: The GFI WebMonitor Dashboard can be refreshed by clicking on the icon in the top right hand corner.

22 3BGetting started: Using the GFI WebMonitor dashboard

GFI WebMonitor 2009

Dashboard: Statistics

Screenshot 7 Dashboard: Operation Statistics

The information provided by this table enables you to readily obtain information on a number of important operational elements of GFI WebMonitor. Select the hyperlinks next to Current Active Connections to view the Active Connections, which is also accessible from the Monitoring Node. For more information refer to the Active Connections section in this manual. Selecting the hyperlink next to Current items in Quarantine allows viewing a summary of the quarantine folder. For more information refer to the section named Viewing Quarantine Items. AV Scanned Downloads represents the total downloads scanned by the anti-virus engines. For more information refer to the section Scanning Engines in this manual. Select the other hyperlinks within Todays statistics to view further detail on the statistics as summarized below. Feature
AV & Anti-Phishing

Quarantined
Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.

Blocked
Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers.

Download control

Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information refer to the section named Configuring Download Control policies.

Web Filtering

Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.

GFI WebMonitor 2009

3BGetting started: Using the GFI WebMonitor dashboard 23

Dashboard: WebSecurity/WebFilter Status and usage chart

Screenshot 8 Dashboard: WebSecurity and WebFilter status and usage graph

The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not. 2. View a graphical representation of the correlation between the number of hits and bandwidth use.

Dashboard: Hits over time chart

Screenshot 9: Dashboard: Hits over time graph

The hits over time chart is a graphical representation of the number of hits on a day-by-day basis for the current month. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify anomalies.

Dashboard: Bandwidth usage trends chart

Screenshot 10 - Dashboard: Bandwidth Usage Trends graph

The bandwidth usage trends chart is a graphical representation of bandwidth use on a day-by-day basis for the current month. This
24 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009

enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and enables you to identify spikes and anomalies.

Dashboard: Top Categories (Sites) chart

Screenshot 11 - Dashboard: Top Categories (Hits) Chart

The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users.

Dashboard: Top Categories (Bandwidth) chart

Screenshot 12 - Dashboard: Top Categories (Bandwidth) Chart

The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis--vis the website categories browsed by users.

GFI WebMonitor 2009

3BGetting started: Using the GFI WebMonitor dashboard 25

Dashboard: Top blocked categories (Hits) chart

Screenshot 13 - Dashboard: Top Blocked Categories chart

This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked.

Dashboard: Last blocked requests list

Screenshot 14 - Dashboard: Last Blocked Requests list

The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not.

Dashboard: Last blocked security threats list

Screenshot 15 - Dashboard: Last Blocked Security Threats list

The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify security issues as early as possible enabling you to take preventive measures before your network security is breached.
26 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009

Getting started: Monitoring Internet activity

Introduction
Use the Monitoring node and its sub-nodes to examine current and historical web request data collected and processed by Microsoft ISA server. Through these nodes you can view data related to: Active connections Past connections Bandwidth consumption Sites history Users history Activity log

Active Connections
Active connections provide information related to active connections which are processed through Microsoft ISA servers Web Filters.

Screenshot 16 Active connections

Access the Active connections view by clicking on Monitoring Active Connections in the navigation bar. Through this view you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To button in the Status column of interrupt connections, click on the the connection and the download will be terminated. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed within the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not refreshed automatically. on the upper right corner of the view to Click on the refresh button update the information being shown.

GFI WebMonitor 2009

4BGetting started: Monitoring Internet activity 27

Past Connections
The Past connections view shows the last 2000 complete connections processed through Microsoft ISA Server

Screenshot 17 Past connections

Access the Past connections view by clicking on Monitoring Connections in the navigation bar.

Past

The information is sorted by time, with the latest URL accessed listed on top. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed in the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown.

Bandwidth consumption
The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports:

Top Sites - Displays web sites browsed, sorted by bandwidth with the site having the highest bandwidth at the top. Top Users - Displays websites by windows user or IP address. This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticated users the IP address is displayed. Top Categories - Report displays the top categories browsed with the categories carrying the highest bandwidth on top.

NOTE: Within the Top Sites and Top Users reports, you can select the Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button . .

28 4BGetting started: Monitoring Internet activity

GFI WebMonitor 2009

Specific date click on the calendar button , select the required date and click Go to retrieve data for that date.

NOTE 1: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. NOTE 2: The information displayed is not automatically refreshed. Click refresh button information selected. on the upper right of the view to update the

Sites History
The Sites History node enables you to identify: The sites which are most frequently visited by your network users The total browsing time per site.

Top Time Consumption


The Top Time Consumption view lists the sites on which network users spent most time browsing for a specific date. The information displayed includes: Site. The sites which were accessed Surf time. The time spent browsing each site File types. The file types accessed from each site Accessed by User / IP. The users/IPs that accessed the site.

The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header.

Screenshot 18 Sites History: Top Time Consumption

Access the Top Time Consumption view by clicking on Sites History Top Time Consumption in the navigation bar. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button

GFI WebMonitor 2009

4BGetting started: Monitoring Internet activity 29

Next day click on the forward button Specific date click the calendar , select the required date, and, click Go to retrieve information for that date.

NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. You can also click on any of the sites listed to bring up the Site History Details view. For more information refer to the Site History Details section in this chapter.

Top Hits Count


The Top Hits Count view lists the sites that were most frequently accessed by network users on a specific date. The information displayed includes: Sites - The sites that were accessed Hits - The number of times that each site was accessed (i.e., the number of hits) The file types accessed from each site Accessed by User / IP - The users/IPs that accessed the site Graphical representations of site hits over time.

The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top).

Screenshot 19 Sites History: Top Hits Count

Access the Top Hits Count view by clicking on Sites History Hits Count in the navigation bar.

Top

To access graphs showing hits over time per site, select the Show Hits Over Time Charts option. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.

30 4BGetting started: Monitoring Internet activity

GFI WebMonitor 2009

NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information refer to the Site History Details section in this chapter.

Users History
The Users History provides details of which users who spent most time browsing sites and details of sites that were most frequently accessed. Three types of reports are available: Top Surfers Top Hits Count Top Policy Breakers

Top Surfers

Screenshot 20 Users History: Top Surfers

Access the Top Surfers view by clicking on Users History Surfers in the navigation bar.

Top

The Top Surfers view lists the time spent by network users browsing sites on a specific date. The information displayed includes: User / IP. The users/IPs that browsed sites Surf Time. The time spent browsing sites Sites Accessed. The sites which were accessed by each user.

The list can be sorted either by user/IP in ascending order, or by time spent browsing in descending order (the site on which most time was spent is listed on top). To sort by user/IP, click on the User/IP column heading. To sort by time spent on the site, click on the Surf Time column heading.

By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view:
GFI WebMonitor 2009

Previous day click on the back button Next day click on the forward button
4BGetting started: Monitoring Internet activity 31

Specific date click the calendar button , select the required date and click on Go to retrieve data for that date.

NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. You can also click on any of the users/IPs listed to review User History Details.

Top Hits Count

Screenshot 21 Users History: Top Hits Count

Access the Top Hits Count view by clicking on Users History Hits Count in the navigation bar.

Top

The Top Hits Count view lists the users with the highest number of site accesses on a specific date. The information displayed includes: User/IP - The users/IPs that browsed sites. Hits - The number of site accesses made by each user. Sites accessed - The sites which were accessed by each user. Graphical representations of site hits over time.

The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. To sort by user/IP, click on the User/IP column heading. To sort by site accesses, click on the Hits column heading.

To display graphs showing hits over time for each of the sites listed, select the Show Hits Over Time Charts checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.

NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed.
32 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009

You can also click on any of the users/IPs listed to review User History Details. For more information refer to the User History Details section in this chapter.

Top Policy Breakers

Screenshot 22 Users History: Top Policy Breakers

To view the users which breached most policies, navigate to GFI WebMonitor Monitoring Users History Top Policy Breakers. When clicking on one of the users/IPs, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click the calendar button , select the required date, and, click Go to retrieve data for that date.

NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed.

GFI WebMonitor 2009

4BGetting started: Monitoring Internet activity 33

Site History Details

Screenshot 23 Site History Details

Access Site History Details view by clicking on Sites History Top Time Consumption or Top Hits Count) from the navigation bar. From the view pane select one of the listed sites in the Site column. This view shows the following information: User / IP - All users/IPs who have accessed that site on the specified date. Hits -The number of times the site was accessed by each user. The file types accessed from the site by each user. A graphical representation of total site hits over time, for all users. A graphical representation of user site hits over time, for each user listed. A graphical representation of traffic over time for each of the file types shown, for each user.

To display the graph showing total site hits over time for all users, select the Show Hits Over Time Chart checkbox. This graph assists you in identifying the time period(s) for the specified dates during which the site was most frequently accessed by users. To display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review User History Details view. For more information refer to the User History Details section in this chapter.
34 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009

User History Details

Screenshot 24 User History Details

Access User History Details view by clicking on Users History (Top Surfers or Top Hits Count) from the navigation bar. From the view pane select one of the listed users/IPs in the User/IP column. The User History Details view shows the following for a specific user: Site indicates shows the sites accessed on the specified date. Hits indicates the number of times the site was accessed. The file types accessed from the site. A graphical representation of total site hits over time. A graphical representation of specific site hits over time. A graphical representation of traffic over time for each of the file types shown, for a specific site.

To display the graph showing total site hits over time, select the Show Hits Over Time Chart option. This chart helps you to identify the time period(s) for the specified date during which the user accessed the listed sites. To display the graph showing specific site hits over time for the user, hover with the mouse pointer over the number of hits for any one of the sites listed under heading File types. A chart pops up showing the

GFI WebMonitor 2009

4BGetting started: Monitoring Internet activity 35

specified site access pattern and frequency by the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. You can also click on any of the sites listed to review Site History Details. For more information refer to the Site History Details section in this chapter.

Activity Log

Screenshot 25 GFI WebMonitor Activity Log

Access the Activity Log view by clicking on the Activity Log node from the navigation bar. The Activity Log view shows all GFI WebMonitor activity related to: Items which have been blocked or quarantined Processes which have failed. The Activity Log view shows the following: The User/IP who carried out the activity Date and time when the activity took place Description of the activity which took place and the reason why items which have been blocked or quarantined URL accessed. on the upper right of the view to update Click on the refresh button the information being shown.

36 4BGetting started: Monitoring Internet activity

GFI WebMonitor 2009

Configuring allowed and blocked websites

Introduction
Whitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMonitor. If a site is therefore listed in the Blacklist and that same site is also listed in the Whitelist, the site will be blocked.

Configuring the Whitelist


To access the Whitelist click on the Whitelist node in the navigation bar.

Preconfigured items
By default GFI WebMonitor includes a number of preconfigured sites in the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websites to allow automatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected.

Adding items to the Permanent Whitelist


To add an item to the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab.

GFI WebMonitor 2009

5BConfiguring allowed and blocked websites 37

Screenshot 26 GFI WebMonitor Whitelist

2. From the drop-down lists, select whether a User, IP or Site will be added to the whitelist and provide the user(s), group(s) and/or IP(s) for whom the new whitelist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the whitelist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete items from the Permanent Whitelist


To remove an item from the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.

Adding items to the Temporary Whitelist


To add an item to the Temporary Whitelist:
38 5BConfiguring allowed and blocked websites GFI WebMonitor 2009

Screenshot 27 Temporary Whitelist

1. Click on the Whitelist node and select the Temporary Whitelist tab.

Screenshot 28 Temporary Whitelist: Granting temporary access

2. Click on Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. NOTE 1: When granting temporary access to a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the Whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup.

GFI WebMonitor 2009

5BConfiguring allowed and blocked websites 39

NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE 4: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE 5: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view.

Removing items from the Temporary Whitelist


1. Click on the Whitelist node and select the Temporary Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configuring the blacklist


Adding items to the Blacklist
To add an item to the Blacklist: 1. Select Blacklist node from navigation bar.

Screenshot 29 GFI WebMonitor Blacklist

2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for whom the new blacklist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the blacklist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.

40 5BConfiguring allowed and blocked websites

GFI WebMonitor 2009

NOTE 2: When adding a site to the blacklist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete items from the Blacklist


To delete an item from the Blacklist: 1. Select Blacklist node from navigation bar. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting blacklist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Using wildcards
When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below: Example
*.com *.website.com

Description
Allow/block all .com top-level domains Allow/block all sub domains of the website.com domain

GFI WebMonitor 2009

5BConfiguring allowed and blocked websites 41

WebFilter Edition Site rating and content filtering

Introduction
GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI WebMonitor then uses the configured web filtering policies to determine what action to take. This may be one of the following actions: Allow access to site Block access to site and quarantine the related file URL Block access to site and delete related URLs.

Policies can be customized to apply during specific time periods; for example a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor.

Configuring Web Filtering policies


Adding a Web Filtering Policy
To add a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. 2. Select Add Policy. Web Filtering Policies from the

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 43

Screenshot 30 Adding a Web Filtering policy: general settings

3. Click on the General tab. 4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively. 5. In the Policy Schedule area specify the time period(s) during which the new policy will be enforced.

44 6BWebFilter Edition Site rating and content filtering

GFI WebMonitor 2009

Screenshot 31 Adding a Web Filtering policy: web filtering categories

6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: Allow categories: Select categories from the Blocked Categories list and click Allow>. Block categories: Select categories from the Allowed Categories list and click <Block. Quarantine access: Select categories Categories list and click <Quarantine. from the Allowed

NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information refer to the Configuring advanced web filtering policies conditions section.

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 45

Screenshot 32 Adding a Web Filtering policy: web filtering exceptions

7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs which are: Excluded (i.e. allowed) from the policy. This enables users to access sites overriding any policy setup. Included (i.e. blocked) in the new policy. The URLs specified in the included sites will be blocked regardless of the scope of the new policy.

NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy.

46 6BWebFilter Edition Site rating and content filtering

GFI WebMonitor 2009

Screenshot 33 Adding a Web Filtering policy: who it applies to

8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.

Screenshot 34 Adding a Web Filtering policy: Notifications

9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 47

checkbox if required. Complete setup by updating administrators notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrators text box. 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 11. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose policy settings as soon as you leave the view to move to another section in GFI WebMonitor. The newly created policy will now be listed in the main Web Filtering Policies view.

Editing a Web Filtering Policy


To edit a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. 2. Click on the edit icon Web Filtering Policies from the

next to the policy you want to edit.

3. Refer to Adding a Web Filtering Policy section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Disabling a Web Filtering Policy


To disable a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the

2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling a Web Filtering Policy


1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the

2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
48 6BWebFilter Edition Site rating and content filtering GFI WebMonitor 2009

Deleting a Web Filtering Policy


1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the

2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Default web filtering policy


GFI WebMonitor - WebFilter Edition ships with a default web filtering policy which applies to all users. The policy name is listed as Default Web Filtering Policy. This policy can be edited but it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Web Filtering Policy section in this chapter for information related to editing web filtering policies. NOTE 1: All user-created web filtering policies take precedence over the default web filtering policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.

Configuring advanced web filtering policy conditions


Advanced web filtering policy conditions give you greater flexibility in defining which sites should be allowed or blocked. These advanced policy conditions take precedence over categories you may have already specified in the Allowed Categories and Blocked Categories list boxes.

Adding an advanced web filtering policy condition


To create an advanced web filtering policy condition:

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 49

Screenshot 35 Web filtering policy

1. From the Web Filtering tab click on Show Advanced Options. 2. Click on Add Condition to view the Edit Properties dialog where you will create the advanced condition. 3. Specify a combination of categories which will enable you to allow, block or quarantine sites. For example, to block sites which fall under the categories Adult and pornography AND IM Client: a. Select Adult and pornography from Available Categories list box and click on Use Category b. Select IM Client from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition. 4. Click on Save Settings to finalize settings. NOTE 1: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the Adult themes category. Likewise, the site is NOT blocked if it only falls only under the Sexuality category. NOTE 2: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Editing an advanced web filtering policy condition


To edit an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the advanced policy to edit to display the Edit Properties dialog where you can edit the advanced condition. 3. Click OK to apply the changes you made.
50 6BWebFilter Edition Site rating and content filtering GFI WebMonitor 2009

NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Removing an advanced web filtering policy condition


To delete an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the delete icon delete. next to the advanced policy you want to

NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

WebGrade Database settings

Screenshot 36 WebGrade Database settings

Through the WebGrade Database settings view you can: Enable/disable online lookups Enable/disable the database View the database status, version and license details Configure database updates Check the presence or validity of any URL with the active local WebGrade database and send feedback.

1. Access the WebGrade Database settings view by clicking on WebFilter Edition Web Filtering Policies WebGrade Database from the navigation bar. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field.

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 51

3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Complete setup by clicking on Save Settings. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling/disabling online lookups


1. Click on WebFilter Edition Database. Web Filtering Policies WebGrade

2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation.

Viewing updated online lookups


Online lookup enables GFI WebMonitor to synchronize with a global internet database server for reviewed URLs. To review changes after these have been updated: 1. Click on WebFilter Edition. 2. Select Add Policy from the view pane. The Web Filtering Policy is displayed within the view pane. Categories are updated under the Blocked Categories and Allowed Categories headings.

Enabling/disabling the database


To enable or disable the database: 1. Click on WebFilter Edition Database Web Filtering Policies WebGrade

2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories.

Configure database updates


Through the checkboxes within the WebGrade Database Updates area in the WebGrade Database settings view you can: Configure whether the WebGrade Database should be updated automatically or manually Configure the frequency with which available updates should be installed Configure if an email notification should be sent upon successful updating of the WebGrade Database Manually update the WebGrade Database by clicking Update Now.

52 6BWebFilter Edition Site rating and content filtering

GFI WebMonitor 2009

Checking URL categories


The Check URL category tool enables you to key in a URL and check for its category within your active local WebGrade database. If the category is not found or if the category listed in the local WebGrade database does not match with the websites category, you can report it for update. To check a URL category: 1. Key in a URL in the check URL field 2. Click Check URL category. The category in the active local WebGrade database is displayed beneath the URL field. To report a missing or incorrect category, update the URL, click on Submit Feedback, and fill out the form displayed in your browser, and, click Submit.

GFI WebMonitor 2009

6BWebFilter Edition Site rating and content filtering 53

WebSecurity Edition File scanning and download control

Introduction
GFI WebMonitors WebSecurity features scan and usage control restrictions for various applications to users, IPs or groups on your network. The control policies are: Download Control Policies Software download controls IM Control Policies Control use and access of MSN / Windows Live Messenger Virus Scanning Policies configure which downloaded files should be scanned for viruses and spyware. Anti-Phishing Engine Configure protection to network users from phishing sites.

Download Control policies


GFI WebMonitor identifies the real file type of the file being downloaded and then applies Download Control Policies to determine what action to take. This may be one of the following actions: Allow the file to be downloaded Block the file from being downloaded and quarantine the file URL Block the file from being downloaded and delete all related URLs

For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options.

Screenshot 37 - Download Control Policies

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 55

Adding a new Download Control Policy


To add a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on Add Policy. 3. In the General tab provide a new policy name and description in the Policy Name field and the Policy Description text box respectively. Download Control Policies from

Screenshot 38 - Add new download control policy: Download control tab

4. Click on the Download Control tab to configure the actions to be taken on the various file types.

Screenshot 39 - Add new download control policy: Add new content type 56 7BWebSecurity Edition File scanning and download control GFI WebMonitor 2009

5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add.

Screenshot 40 - Add new download control policy: Change Action dialog

6. Click on any file type from the list to display the Change Action dialog and configure the actions to be taken for that file type. From the Perform this action: drop down list select the applicable action to be taken. The available options are: Allow Block and Quarantine Block and Delete

Click OK to apply the action.

Screenshot 41 - Download control policies: Applies to tab

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 57

7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. NOTE 2: When adding a user or a group, ISA Server authentication is used to validate the user or group name.

Screenshot 42 Download control policies: Notification tab

8. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Enter the administrators email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the users to be notified when the policy you are creating is breached, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be validated. 10. Complete the new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings will lose all settings.

58 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

The policy created will be listed in the main Download Control Policies view.

Editing a Download Control Policy


To edit a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on the edit icon Download Control Policies from

next to the policy you want to edit.

3. Refer to Adding a Download Control Policy section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Disabling a Download Control Policy


To disable a download control policy: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from

2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling a Download Control Policy


To enable a previously disabled download control policy: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from

2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete a Download Control Policy


To delete a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on the delete icon Download Control Policies from

next to the policy you want to delete.

3. Complete deleting a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 59

Default Download Control Policy


GFI WebMonitor - WebSecurity Edition ships with a default download control policy which is configured to apply to all users. The policy name is listed as Default Download Control Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Download Control Policy section in this chapter for information related to editing download control policies. NOTE 1: All user-created download control policies takes precedence over the default download control policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.

Adding Content-types
GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type which is not in the predefined list: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from

2. Click on Add Policy, select Download Control tab and click on Add Content-type.

Screenshot 43 - Add new content type

3. Key in the content-type in the Content-Type field in the format type/subtype and click on Add. 4. Complete keying in anew contact type by clicking on Save Settings NOTE 1: Files for user added content-types are not real file type checked as is the case with preconfigured file types. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

60 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Configuring Instant Messaging (IM) Control Policies


GFI WebMonitor enables administrators to control the use of MSN Messenger and Windows Live Messenger. These controls can be configured from WebSecurtiy Edition IM Control Policy node. The Default IM Control Policy is the control applicable to all users, however specific controls to particular users, groups or IPs can be configured as described below.

Adding a new IM Control Policy


To add a new IM control policy: 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click Add Policy and select the General tab.

Screenshot 44 - Add new IM Policy assign a name and description

3. Key in the new policy name in the Policy Name field and optionally enter a brief description in the Policy Description text box.

Screenshot 45 - Add new IM Policy Set IM Controls

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 61

4. From the IM Control tab, choose to block or allow instant messaging communications: Block all MSN / Windows Live Messenger communications all communications via MSN or Windows Live Messenger is blocked. Allow MSN / Windows Live Messenger communications the use of MSN or Windows Live Messenger is allowed.

Screenshot 46 - Add new IM Policy - Applies To tab

5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user names and groups.

62 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Screenshot 47 - Add new IM Policy Notifications tab

6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email notification to the configured email address(es) when a user tries to access blocked IM policies. 7. Add the administrator(s) email address(es) to be notified in the Email Address box. 8. In the Send the following notification to the administrators text box, edit the email message text which will be sent in the email notification 9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download. NOTE: Notification is sent only if user is validated through ISA Server authentication. 10. Complete the new IM policy setup by clicking Save Settings. NOTE: Failing to click on Save Settings will lose all settings The new policy will be listed in the main IM Control Policies view.

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 63

Editing an IM Control Policy


1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the edit icon next to the policy you want to edit. 3. Navigate in the control policy tabs and edit settings accordingly. 4. Click Save Settings when finished. NOTE: If the settings are not saved, all configurations are lost when navigating to other sections.

Enabling/Disabling an IM Control Policy


1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. In the Enabled column, check or uncheck the policy you want to enable or disable respectively. 3. Click Save Settings when finished.

Deleting an IM Control Policy


1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the delete icon next to the policy you want to delete. 3. Click Save Settings when finished.

Configuring Virus Scanning Policies


For allowed downloads, GFI WebMonitor applies virus scanning controls which include any of the following: Display download progress and status Scan the downloaded file with any of the supported virus scanners Take any of the following action when a virus is detected: o o o Issue a warning, but allow access to the downloaded file Block access to the downloaded file and quarantine Block access to the downloaded file and delete it

Screenshot 48 - Virus Scanning Policies

64 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Adding a Virus Scanning Policy


To add a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. 2. Click on Add Policy . 3. Click on the General tab. Virus Scanning Policies from the

Screenshot 49 - Add new virus scanning policy

4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively.

Screenshot 50 - Add new virus scanning policy: Virus scanning tab

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 65

5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: Warn and Allow Block and Quarantine Block and Delete

Screenshot 51 - Add new virus scanning policy: Applies to tab

6. Click OK, select Applies Tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.

66 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Screenshot 52 - Add new virus scanning policy: Notification tab

7. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 8. If you require users to be notified when the policy you are creating is triggered, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE 1: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 9. Complete new policy setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. The policy you have just created will be listed in the main Virus Scanning Policies view.

Editing a Virus Scanning Policy


To edit a virus scanning policy:
7BWebSecurity Edition File scanning and download control 67

GFI WebMonitor 2009

1. Click on WebSecurity Edition navigation bar. 2. Click on the edit icon edit.

Virus Scanning Policies from the

next to the virus scanning policy you want to

3. Refer to Adding a Virus Scanning Policy section in this chapter, for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Disabling a Virus Scanning Policy


To disable a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. Virus Scanning Policies from the

2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a virus scanning policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Enabling a Virus Scanning Policy


To enable a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. Virus Scanning Policies from the

2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Delete a Virus Scanning Policy


To delete a Virus Scanning Policy: 1. Click on WebSecurity Edition navigation bar. 2. Click on the delete icon Virus Scanning Policies from the

next to the policy you want to delete.

3. Complete deleting a virus scanning policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

68 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Default Virus Scanning Policy


GFI WebMonitor WebSecurity Edition ships with a default virus scanning policy which is configured to apply to all users. The policy name is listed as Default Virus Scanning Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Virus Scanning Policy section in this chapter for information related to editing virus scanning policies. NOTE 1: Any user-created virus scanning policy takes precedence over the default virus scanning policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.

Scanning Engines
Through the Virus & Spyware Protection view you can: Enable/Disable one or more of the supported engines View the licensing status Configure anti-virus engine/signature updates for each one of the scanning engines

To access the Virus & Spyware Protection view click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection from the navigation bar.

Enabling/disabling the scanning engines


To enable or disable one or more of the scanning engines: 1. Click on WebSecurity Edition & Spyware Protection. Virus Scanning Policies Virus

Screenshot 53 - Virus & Spyware Protection

2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. NOTE: Disabling a virus scanning engine denotes that GFI WebMonitor cannot use that engine. 3. Complete Virus scanning engine setup by clicking on Save Settings
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 69

NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configure anti-virus updates


Through the configuration view for each one of the supported scanning engines you can: View the scanning engine status, version and license details Check or uncheck checkboxes that enable automatic or manual scanning engine/signature updates Configure the frequency with which available updates should be installed Check or uncheck checkboxes that enable the configuration of an email notification message that should be sent upon successful updating of scanning engines/signatures Manually update scanning engines/signatures by clicking Update Now.

Screenshot 54 - BitDefender Properties

Screenshot 55 - Norman Anti-Virus Properties

70 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Kaspersky Scanning Engine Options


From the configuration view for the Kaspersky scanning engine you can specify whether Virus Scanning Policies should be triggered when files are identified as: Suspicious Corrupted Hidden

Screenshot 56 - Kaspersky Anti-Virus Properties

1. Click on WebSecurity Edition Virus Scanning Policies & Spyware Protection Kaspersky Anti-Virus.

Virus

2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Complete setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Anti-Phishing Engine
Through the Anti-Phishing Engine view you can: Enable/Disable anti-phishing View the anti-phishing feature licensing status Configure anti-phishing database updates

To access the Anti-Phishing Engine view click on WebSecurity Edition Anti-Phishing Engine from the navigation bar.

GFI WebMonitor 2009

7BWebSecurity Edition File scanning and download control 71

Enabling/disabling the Anti-Phishing Engine


To enable or disable the Anti-Phishing Engine: 1. Click on WebSecurity Edition 2. Click on the General tab. Anti-Phishing Engine.

Screenshot 57 - Anti Phishing engine properties

3. Check or uncheck the Block access to phishing sites checkbox to enable or disable anti-phishing features. NOTE 1: Disabling the anti-phishing engine implies that GFI WebMonitor cannot use that engine to block phishing sites. 4. Complete anti-phishing engine setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configure Anti-Phishing database updates


Through the checkboxes within the Anti-Phishing Updates area in the Anti-Phishing Engine settings view you can: Configure whether the Anti-Phishing Database should be updated automatically or manually. Configure the frequency with which available updates should be installed. Configure if an email notification should be sent upon successful updating of the Anti-Phishing Database; Manually update the Anti-Phishing Database by clicking Update Now. Anti-Phishing Engine.
GFI WebMonitor 2009

To configure Anti-Phishing database updates: 1. Click on WebSecurity Edition

72 7BWebSecurity Edition File scanning and download control

2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configure phishing notifications


Through the Notifications tab in Anti-Phishing Engine settings view you can specify whether email notifications are to be sent when a site being accessed is a known phishing site. To enable phishing notifications: 1. Click on WebSecurity Edition Anti-Phishing Engine.

Screenshot 58 - Anti-Phishing notification tab

2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 3. If you require the user to be notified when a phishing site is accessed, check the Notify the user accessing the site if the site
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 73

accessed is a known phishing site checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 4. Complete phishing notifications setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose phishing notification settings as soon as you leave the view to move to another section in GFI WebMonitor.

74 7BWebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Configuring GFI WebMonitor

Introduction
GFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane: Administrative Access Control: Configure who can access GFI WebMonitor web interface for configuration and monitoring. Notifications: Configure alerting options for email notifications on important events. General Settings: Configure the data retention, download cache and temporary whitelist policies. Reporting: Configure the database settings for reporting.

Administrative Access Control


Access to GFI WebMonitor is based on IP or ISA Server authenticated username. Only users/IPs in the authorized list are allowed access.

Adding users/IPs to the access permissions list


To add a user or IP to the access permissions list: 1. From the GFI WebMonitor navigation bar select Configuration Administrative Access Control.

Screenshot 59 Configuring administrative access control

2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the

GFI WebMonitor 2009

8BConfiguring GFI WebMonitor 75

new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the access control list, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Deleting users/IPs to the access permissions list


To remove a user or IP to the access permissions list: 1. Click on the Administrative Access Control node. 2. Click on the delete icon next to the user/IP you want to delete. 3. Click on Save Settings to finalize deleting users/IPs. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Notifications
Notifications are sent by email to administrators on important events including: Items being quarantined WebGrade Database, anti-virus signature update failures WebGrade Database, anti-virus signature update success Approaching expiry of WebGrade Database and anti-virus signature update licenses.

Configuring email settings


To configure email settings: 1. Click on Notifications node 2. Go to the Send administrative emails using the following settings and specify the email address from which notifications will be sent as well as the SMTP server and SMTP port. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Configuring email recipients


To add recipients to whom notifications are sent: 1. From the GFI WebMonitor navigation bar select Configuration Notifications node

76 8BConfiguring GFI WebMonitor

GFI WebMonitor 2009

Screenshot 60 Configuring notifications

2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

Deleting recipients:
1. Click on Notifications node 2. Click on the delete icon delete. next to the email address you want to

3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.

General Settings
Through the General Settings node you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration General Settings node

GFI WebMonitor 2009

8BConfiguring GFI WebMonitor 77

Screenshot 61 - Configuring General Settings

1. In the Data Retention area specify how long, in days, will browsing activity data be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. 2. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the cache will speed up subsequent requests for the same file. NOTE: Set the value to zero hours if you want to disable the cache. 3. In the Temporary Whitelist area specify how long (in hours), will items approved from the quarantine be kept in the Temporary Whitelist. This is the amount of time available to the user during which the approved URL is accessible.

78 8BConfiguring GFI WebMonitor

GFI WebMonitor 2009

Handling blocked downloads

Introduction
GFI WebMonitor includes a quarantine feature; a restricted, safe and controlled storage area where potentially harmful download files are stored. Policies may be set where downloaded files/URLs are blocked and stored in quarantine. Downloaded files may be quarantined as a result of one or more configured policies in the following categories being triggered: Download Control Policies Web Filtering Policies Virus Scanning Policies Establish the reason for which a download file is being quarantined Determine whether the file is harmful or harmless and should be deleted or approved.

Administrators should review the quarantine to:

If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: Those transferred to quarantine today Those transferred to quarantine yesterday Those transferred to quarantine this week All items transferred to quarantine

Approving or Deleting items


Viewing quarantined items
The following information is shown for all items listed in the quarantine: Quarantined On. Date and time when the item was quarantined. The user/IP who accessed the item which is now quarantined. Download URL - details of the quarantined item. Quarantine reason - The reason why the item was quarantined.

To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to either review all items or those for a specified period:

GFI WebMonitor 2009

9BHandling blocked downloads 79

Today Yesterday This Week All Items

Screenshot 62 - Quarantine

2. Click on each one of the available tabs to view a list of items quarantined for each respective policy category: Download Control Policies tab Web Filtering Policies tab Virus Scanning Policies tab

Lists are sorted in descending order, with the latest item being quarantined shown at the top of the list. 3. Click on the details icon to view details for that item. 4. Click Go Back To List to move back to the list of quarantined items. 5. Use the navigation icons of quarantined items. to navigate through a long list

Approving quarantined items


To approve one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon

80 9BHandling blocked downloads

GFI WebMonitor 2009

Screenshot 63 - Approving a quarantined item

4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE 1: The user email address is shown only if the user has been authenticated through ISA Server authentication, and has a valid Active Directory email field. NOTE 2: Using the checkbox associated with each entry in the quarantine enables multiple file whitelisting. NOTE 3: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to the Temporary Whitelist. Refer to the Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE 4: Quarantined items which are not approved after 2 days are automatically deleted.

Deleting quarantined items


To delete one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon 4. If you decide that the downloaded file should be deleted, click Delete Item 4. Click Delete Selected Item to make the downloaded file available to users or Delete All Items to make all items in a quarantine available to users. NOTE 1: Using the checkbox associated with each entry in the quarantine enables multiple file deletion.

GFI WebMonitor 2009

9BHandling blocked downloads 81

NOTE 2: Quarantined items which are not approved after 2 days are automatically deleted.

82 9BHandling blocked downloads

GFI WebMonitor 2009

Reporting Setup

Introduction
GFI WebMonitor enables you to store data in a database for statistical information analysis using GFI WebMonitor ReportPack. In this section you will find information about: How to enable or disable information gathering Configuring reporting options

Enabling Reporting
To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration Reporting node

GFI WebMonitor 2009

10BReporting Setup 83

Screenshot 64 - GFI WebMonitor Reporting setup

2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password combination and Database name which enables GFI WebMonitor to connect and audit data to the database in the respective order. You can use the Get Database List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For security purposes, passwords can only be configured from the machine where GFI WebMonitor is installed.

The update reporting data now button


Daily at midnight, GFI WebMonitor automatically transfers any data logged to the Microsoft SQL server backend database as configured when enabling the reporting features. There are instances however when you would want to trigger the data retrieval process manually, such as: When upgrading GFI WebMonitor a the version that supports reporting. When migrating data stored in files in a storage location to a central database

84 10BReporting Setup

GFI WebMonitor 2009

To test configuration settings.

In these cases, amongst others, clicking on the Update reporting data now triggers the retrieval process. NOTE: Data is always collected for complete 24 hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked.

Disabling Reporting
To disable reporting features: 1. Click on the Reporting node. 2. Uncheck the Enable Reporting checkbox and click Save Settings to disable reporting.

GFI WebMonitor 2009

10BReporting Setup 85

Miscellaneous

Introduction
In this section you will find information on updating GFI WebMonitor license

Entering your license key after installation


After installing GFI WebMonitor you can enter your license key without re-installing or re-configuring the product. To achieve this: 1. Click on the Licensing node from the navigation bar. 2. Key in the license key provided by GFI Software for one of the three GFI WebMonitor editions in the License Key field. 3. Click on Save Settings.

GFI WebMonitor 2009

11BMiscellaneous 87

Troubleshooting

Introduction
The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: The manual most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support

Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most upto-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.

Web Forum
User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.

Request technical support


If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. Online: Fill out the support request form on: Follow the http://support.gfi.com/supportrequestform.asp. instructions on this page closely to submit your support request. Phone: To obtain the correct technical support phone number for your region please visit: http://www.gfi.com/company/contact.htm.

NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone.

88 12BTroubleshooting

GFI WebMonitor 2009

Build notifications
We recommend that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.

GFI WebMonitor 2009

12BTroubleshooting 89

Index

Site History Details 28, 32, 34 Sites History 25, 27, 28, 32 Software requirements 11 System requirements 11

T
Troubleshooting 86

.
.NET 11

U
UnifiedProtection 7, 9, 11 User History Details 30, 31, 32, 33 Users History 25, 29, 30, 33

A
Access Permissions 73 Active connections 25, 26 Active Connections 25 Activity Log 25, 34 alerts 14 Anti-Phishing 69, 70, 71 anti-virus 9, 14, 67, 68, 74

W
WebFilter 7, 8, 9, 11, 18, 35, 41, 46, 47, 49, 50, 73 WebGrade 7, 8, 9, 41, 49, 50, 74 WebSecurity 7, 9, 11, 18, 35, 53, 54, 57, 58, 63, 66, 67, 69, 70, 71, 73 whitelist 8, 9, 18, 36, 37, 38, 39, 73, 79 wizard 12

B
blacklist 8, 9, 18, 38, 39

D
download control 7, 9, 53, 54, 55, 57, 58

E
Evaluation 10

G
General Options 73 graph 32, 33, 34

H
hardware requirements 11

I
installation 14 ISA Server 7, 8, 9, 11, 14, 25, 26, 36, 37, 38, 45, 46, 56, 64, 65, 72, 73, 74, 79

L
License 85 licensing 12

P
Past Connections 25, 26

GFI WebMonitor 2009

12BTroubleshooting 91