Справочник Пользователя для SonicWALL 5.8.1
Security Services > Client AV Enforcement
1219
SonicOS 5.8.1 Administrator Guide
Configuring Client Anti-Virus Policies
The following features are available in the Client Anti-Virus Policies section:
•
Disable policing from Trusted to Public - Unchecked, this option enforces anti-virus
policies on computers located on Trusted zones. Choosing this option allows computers on
a trusted zone (such as a LAN) to access computers on public zones (such as DMZ), even
if anti-virus software is not installed on the LAN computers.
policies on computers located on Trusted zones. Choosing this option allows computers on
a trusted zone (such as a LAN) to access computers on public zones (such as DMZ), even
if anti-virus software is not installed on the LAN computers.
•
Switch McAfee AV to Kaspersky AV for clients on Kaspersky enforcement list -
Selecting this option causes McAfee Anti-Virus to be uninstalled on any client machines
that are included in the Kaspersky Client AV Enforcement List, and installs Kaspersky Anti-
Virus on those machines.
Selecting this option causes McAfee Anti-Virus to be uninstalled on any client machines
that are included in the Kaspersky Client AV Enforcement List, and installs Kaspersky Anti-
Virus on those machines.
•
Days before forcing update - This option defines the maximum number of days that a user
may access the Internet before the SonicWALL requires the latest virus date files to be
downloaded.
may access the Internet before the SonicWALL requires the latest virus date files to be
downloaded.
•
Force update on alert - SonicWALL, Inc. broadcasts virus alerts to all SonicWALL
appliances with an Anti-Virus subscription. Three levels of alerts are available, and you may
select more than one. When an alert is received with this option selected, users are
upgraded to the latest version of VirusScan ASaP before they can access the Internet. This
option overrides the Maximum number of days allowed before forcing update selection. In
addition, every virus alert is logged, and an alert message is sent to the administrator.
appliances with an Anti-Virus subscription. Three levels of alerts are available, and you may
select more than one. When an alert is received with this option selected, users are
upgraded to the latest version of VirusScan ASaP before they can access the Internet. This
option overrides the Maximum number of days allowed before forcing update selection. In
addition, every virus alert is logged, and an alert message is sent to the administrator.
–
Low Risk - A virus that is not reported in the field and is considered unlikely to be found
in the field in the future has a low risk. Even if such a virus includes a very serious or
unforeseeable damage payload, its risk is still low.
in the field in the future has a low risk. Even if such a virus includes a very serious or
unforeseeable damage payload, its risk is still low.
–
Medium Risk - If a virus is found in the field, and if it uses a less common infection
mechanism, it is considered to be medium risk. If its prevalence stays low and its
payload is not serious, it can be downgraded to a low risk. Similarly it can be upgraded
to high risk if the virus becomes more and more widespread.
mechanism, it is considered to be medium risk. If its prevalence stays low and its
payload is not serious, it can be downgraded to a low risk. Similarly it can be upgraded
to high risk if the virus becomes more and more widespread.
–
High Risk - To be assigned a high risk rating, it is necessary that a virus is reported
frequently in the field. Additionally, the payload must have the ability to cause at least
some serious damage. If it causes very serious or unforeseeable damage, high risk
may be assigned even with a lower level of prevalence.
frequently in the field. Additionally, the payload must have the ability to cause at least
some serious damage. If it causes very serious or unforeseeable damage, high risk
may be assigned even with a lower level of prevalence.
Enforcing Client Anti-Virus for Address Groups
SonicWALL Client Anti-Virus currently supports Windows platforms. In order to access the
Internet, computers with other operating systems must be exempt from Anti-Virus policies. To
ensure full network protection from virus attacks, it is recommended that only servers and
unsupported machines are excluded from protection, and that third party Anti-Virus software is
installed on each machine before excluding that machine from Anti-Virus enforcement.
Internet, computers with other operating systems must be exempt from Anti-Virus policies. To
ensure full network protection from virus attacks, it is recommended that only servers and
unsupported machines are excluded from protection, and that third party Anti-Virus software is
installed on each machine before excluding that machine from Anti-Virus enforcement.
Under Client Anti-Virus Enforcement, you can specify which clients use McAfee, which use
Kaspersky, and which are excluded from client AV enforcement. To configure these
enforcement lists, perform the following steps:
Kaspersky, and which are excluded from client AV enforcement. To configure these
enforcement lists, perform the following steps:
Step 1
For McAfee enforcement, click the Configure button for McAfee Client AV Enforcement List.