SonicWALL 4.5 Manuale Utente
14
Enforced Client Product Guide
Introduction
How does the software work?
1
The detection definition (
DAT
) files on the Internet site are regularly updated to add protection
against new threats. When the client software connects to the update site on the Internet, it
retrieves:
retrieves:
Regular
DAT
files, which contain the latest definitions for viruses, potentially unwanted
programs, and cookies and registry keys that might indicate spyware.
Outbreak
DAT
files, which are high-priority detection definition files released in an
emergency situation (see
).
Upgrades to the software if a newer version exists.
Policy updates.
At any time, users can update manually by double-clicking
in the system tray.
Note
Uploading security information
Client computers upload detection and status data hourly to the SecurityCenter website. This
information is available to administrators in reports they can view on the SecurityCenter (see
information is available to administrators in reports they can view on the SecurityCenter (see
).
Outbreak response
When an outbreak of a new threat is identified by Avert Labs, they issue an outbreak
DAT
, which
is a special detection definition (
DAT
) file marked as
Medium
or
High
importance. It is specially
encoded to inform the first computer receiving it to share the update immediately with other
client computers on the network. By default, client computers check for an outbreak
client computers on the network. By default, client computers check for an outbreak
DAT
every
hour.
Rumor technology
When one computer shares updates with other computers on the local area network (LAN),
rather than requiring each computer to retrieve updates from the update website individually, the
Internet traffic load on the network is reduced. This process of sharing updates is called Rumor.
rather than requiring each computer to retrieve updates from the update website individually, the
Internet traffic load on the network is reduced. This process of sharing updates is called Rumor.
1 Each client computer checks the version of the most recent catalog
file on the Internet site.
This catalog file contains information for every component in Enforced Client, and is stored
in a digitally signed, compressed .
in a digitally signed, compressed .
CAB
file format.
If the version is the same as the catalog file on the client computer, the process stops here.
If the version is different from the catalog file on the client computer, the client computer
attempts to retrieve the latest catalog file from its peers. It queries if other computers on
the LAN have already downloaded the new catalog file.
attempts to retrieve the latest catalog file from its peers. It queries if other computers on
the LAN have already downloaded the new catalog file.
2 The client computer retrieves the required catalog file (directly from the Internet site or from
one of its peers) and uses it to determine if new components are available for Enforced Client.
3 If new components are available, the client computer attempts to retrieve them from its peers.
It queries if computers on the LAN have already downloaded the new components.
Update support for some operating systems is ending. After support ends, client computers
running those operating systems will no longer be protected against new threats. See
running those operating systems will no longer be protected against new threats. See
for more information.