Web Protection Quick Start Guide

Update the Agent

Web Protection required Agent v9.6.0 RC or later for the standard version and Agent 10.4.4 for the upgraded engine.

Where an Agent is already installed on the target device you can easily update to the required version in one of two ways:

Manual Update

From the Agent menu select the version to upgrade to and run the downloaded executable on each server or workstation to update.

Dashboard Update

The automatic update option is available on a per-machine basis. Highlight the required server or workstation on the Dashboard, then from the Server or Workstation drop-down (or Edit menu) go to Edit Server or Edit Workstation, General Settings. In the Agent Version section select the required release from the Update Agent drop-down.

Whichever method is used to update the Agent, all existing configuration settings are retained and the next time the Agent reports in it will begin the download and installation process for the update package.

For supported Windows versions and the associated Monitoring Agent (where applicable), please refer to Supported Operating Systems: Windows.

New Installations

The Advanced Monitoring Agent can also be installed on new servers and workstations by selecting and downloading the required version from the Agent menu then run this on each server and workstation to run Web Protection.

Alternatively, select Download Site Installation Package to generate a silent installer for installation on multiple workstations via Group Policies or the one-click Remote Worker installer for workstations not connected to Active Directory.

In addition to the Dashboard and Advanced Monitoring Agent URLs, each device's Web Protection engine requires access to the URLs available in the Requirements, URLs and Permissions section.

Configure Web Protection Policies

Every aspect of Web Protection from the website white and black lists, category of website to allow or block, schedule (for example during office hours) as well as whether to deploy a Web Bandwidth Check is controlled via Web Protection Policies.

Default policies are available for Laptops, Desktops and Servers with the ability to manage your own custom policies (as well as edit the defaults) via Settings, Web Protection and Protection Policy

wp2_settings_drop

wp_policy_main1

To create a custom policy, click New, enter the Policy Name for identification and from the Base Policy On drop-down select an existing policy to act as a template.

This opens the Protection Policy dialog containing the following configuration sections:

Section

Description

General

Policy, behavior, block message and end user interaction. Agent 10.4.4 introduced end-user task bar icons including the option to display block notifications.

Block Page

Provides detailed information to the end user to explain why the website they have attempted to access was blocked. To facilitate, we have included the following substitution strings that can be used within the message:

Supported Substitution Strings

Notes

!url!!

Website URL (if known)^

!policy!!

Name of applied policy rule*

!category!!

Name of category*

!reputation!!

Website reputation score

* English only

^ Introduced from Agent 10.4.4

Where an HTTPS website is blocked it shows an SSL error rather than the Block Page message.

Any text entered in the Block Message counts towards the 2000 character limit.

Reputation Block Range

Allows you to finely tune the security policy based on your risk tolerance. Websites are blocked when their reputation is within the entered range.

Website are classified as: High Risk (1-20) | Suspicious (21-40) | Moderate Risk (41-60) | Low Risk (61-80) | Trustworthy (81-100)

The default value is 40, blocking all High Risk and Suspicious websites.

Regardless of its reputation, a website is allowed when it is in the Whitelist

Installation Settings *

Agent language and branding settings

Web Security

Allow, Block or Schedule access based on website Category

Category Filtering

Allow, Block or Schedule access based on website Category

Whitelist

Allow specific URLs - from Agent 10.4.4 URLs may also be added to the Whitelist from the Website section of the Web tab

Blacklist

Block specific URLs - from Agent 10.4.4 URLs may also be added to the Blacklist from the Website section of the Web tab

Schedule

Specify during which hours website categories are allowed or blocked. This refers to the local time of the computer the Agent is installed on.

Checks

Configure the Web Bandwidth Check to monitor website download traffic on the device and fail where this exceeds the entered threshold

Reporting *

Enter the URLs to exclude from the Web tab

* Options only supported in the Web Protection engine included from Agent 10.4.4

Amend the sections as required and once completed click Save to create the custom policy.

As well as Add, this dialog can also be used to Edit and Delete Web Protection Policies.

* URL Format

To specify a site and all of its sub-sections for a Website Whitelist or Blacklist enter the URL in the format www.domain.name. Where only certain sections of the website are to be included these can be specified in the URL, for example www.domain.name/section101

Wildcards are only supported at the beginning of the URL, for example * mydomain.name or *. mydomain.name.

Enable Web Protection and select Protection Policies

Enable Web Protection for all Servers and Workstations or servers and workstations at the specified Clients and Sites from the Settings menu, Web Protection, Settings.

Web Protection is Policy driven and by default servers and workstations will inherit policy from site, which will in turn inherit from client, which will in turn inherit policies set for all servers and workstations.

Once enabled choose the Protection Policy to apply to the selection from the drop-down in the Server Policies or Workstation Polices section.

Assign different policies based on the workstation type, Desktop or Laptop, with default policies supplied for Desktop, Laptop and Server.

wp2_settings_drop

wp_off_global

For specific servers or workstations Web Protection can be enabled, or disabled, via the Web Protection tab of the Edit Device dialog, available from the Server or Workstation drop-down or by right-clicking on the device.

From here you can change the Setting as required - On, Off or Inherit and select the required policy

server_edit

wp_enable_one_one

Web Protection is managed when logged on to the Dashboard using an account with enhanced privileges - Superuser or (non-Classic) Administrator level access, a login with the required Web Protection permissions enabled or the Agent Key (where Dashboard access is enabled

Web Protection is only available on Windows and requires Windows Vista SP2 or higher for workstations and Windows Server 2008 SP2 or higher for servers.

View Results

The Web Protection recent (Today and 7-day) results are available on the Dashboard in the device's Web tab or historic data (up to 30 days) in the Report menu’s Web Protection Reports, including the Overview Report and Web Protection Report Builder

We are aware that due to data privacy considerations you may prefer not to display the visited URLs in the Web tab or Web Protection Reports for your clients. If this is the case, please contact your Remote Monitoring & Management account manager who will disable this option for your account. In certain regions, the URL data is turned off by default in accordance with local privacy laws.

Web Tab

Information on the websites visited for each device is displayed under the Web tab on the Dashboard. This can be grouped from the drop-down by Website, Day or Category, when selecting Website or Category there is also the option to select the time period: 30 Days | 7 Days | 1 Day. The returned data may be further sorted by clicking on the column heading.

wp2_category_tab

Web Protection Overview Report

The Web Protection Overview Report, available from the Reports menu on the Dashboard, displays information on the websites visited by specific clients and sites down to those accessed from individual devices.

The following options are available when generating the Web Protection Overview Report:

Option

Selection

Client

Specify Client

Site

All Sites or specify Site

Device

All Devices or specify Device

Start Date

Date the report begins

End Date

Date the report ends (must be within 33 days of the Start Date)

Content

Information contained in the Report

Summary

All Activity, Web Security, Web Filtering, Web Bandwidth

10 most: Active Devices, Visited Categories and Visited Websites

Web Security

Blocked Requests By Category, Web Security by Device, Web Security by Category, Web Security by URL (Top 100)

Web Filtering

Web Requests, Web Filtering by Device, Web Filtering by Category, Web Filtering by URL (Top 100)

Web Bandwidth

Web Bandwidth, Web Bandwidth by Device, Web Bandwidth by Category, Web Bandwidth by URL (Top 100)

wp_overview_report_example

Depending on the selected Content options, the Web Protection Overview Report may contain a mixture of charts and tables. Click on any point on the chart to display more detailed information on the highlighted indicator.

Web Protection Report Builder

Depending on the situation there may be times when it is necessary to generate a bespoke report - for example listing all devices that have accessed a specified website or category type down to all the available data for an individual machine and this can be achieved by using the Web Protection Report Builder available from the Reports menu.

The Web Protection Report Builder allows you to configure the report to match your precise requirements with three configurable sections:

Scope

Select the Client, Site, Device information and time-period to generate the report for

Filters

Filter by Category or Website, include Blocked Requests Only and set the Upload and Download bandwidth thresholds if required.

Output

The Report Format, CSV or HTML as well as the summary display filter (By Day, By Device or By Site, By Category or By Website) is selected in the Output section.

wp_rp_main

wp_rp_example_sum

Website Lookup

When investigating website there may be times when you wish to check its categorization and reputation and this can be achieved in the Dashboard by going to the Settings menu, Web Protection and Website Lookup. Where you believe a website has been miscategorized there is the facility to a Report categorization error to update the records. A Website Lookup can also be performed when setting up the Whitelist or Blacklist within the Web Protection Policy.

wp2_settings_drop wp_ws_lookup

Snooze Web Protection (from Agent 10.4.4)

There may be times when it is useful to snooze Web Protection (for example perform maintenance tasks on the device) and this is available for the Web Protection engine included from Agent 10.4.4.

Select either one or a number of devices (via multi-select - Crtl+click or Shift+click) in the north panel of the Dashboard, right-click on the target device and from the menu go to Web Protection, Snooze Web Protection. This option is also available from the Server or Workstation drop-down.

Enter the length of time in minutes or use the buttons to increase or decrease the value as required clicking OK once complete. Please note the maximum number of minutes to snooze the device for is 60.

To restart Web Protection before the snooze window ends, for example when the maintenance task is complete, select the device(s) then go to Web Protection, Cancel Snooze

Refresh Web Protection Data

To update the Web Protection data outside of the hourly upload schedule we have included the Refresh option under Web Protection in the Server or Workstation drop-down. Once selected the device will retrieve the latest set of statistics from the selected device.

web_protection_drop

Disable Web Protection

Web Protection can be disabled for the overall device type (Server or Workstations) or for specific Clients and Sites from the Settings menu, Web Protection, Settings. Choose the required entity and from the Setting drop-down select Off.

Web Protection can also be disabled on a device by device basis. Highlight the machine in the north panel of the Dashboard and from the Server or Workstation drop-down or by right-clicking on the device select Edit Device and from the Setting drop-down select Off.

Whichever method is used to disable Web Protection this is communicated back to the Agent the next time it reports back to the Dashboard and Web Protection, along with any associated Checks, is removed.