Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Overview and System Design Guide


2.9.3 Judging security status

Once a security policy is assigned to a managed computer, the security status of the computer is judged based on the security policy settings. During judgment, the management items in the security policy and the device information collected from the managed computer are compared and the violation level is judged.

In a multi-server configuration, each management server can assign security policies only to the computers that are directly under the management server. If the management servers are operated in a NAT environment, or if you want to use a common set of security policies among the management servers, specify the same policies to each management server.

Note that if message notification is set as an action item in a security policy, messages can be automatically sent to the computer depending on the results of the security status judgment. The messages notify of security problems. Therefore, the administrator can reduce the workload required to solve problems by directing users to take actions according to the messages.

Tip

When OS user accounts have been automatically created by some OS components or by certain programs, if the security statuses of unused user accounts are judged, you might not be able to manage the security status correctly. In such a case, you can exclude the unused user accounts from the judgment targets so that the security status can be judged appropriately.

Organization of this subsection

(1) Violation levels judged by a security policy

If you define the judgment conditions and the countermeasures in a security policy and then assign the security policy to the managed computers, the violation level for security is judged based on the level of compliance with the security policy.

In a security policy, set the violation level (for each security judgment item) that will be displayed when the security status is judged as improper. If the security policy is not complied with, the judgment results in the violation level that has been set. The most severe violation level is displayed as the overall violation level of the computer.

The following table shows the types of violation levels in the order from the severe.

Violation level

Icon

Description

Critical

[Figure]

This is the most severe violation level.

This violation level is set when the extent of damage might extend to the whole system and it might have a significant impact on business, such as suspension of business, if an immediate action is not taken.

Important

[Figure]

This violation level is set when negligence of security measures for computers with security vulnerability might have a significant impact on the business.

Warning

[Figure]

This violation level is set when taking security measures will improve system safety even though the impact on business might not be significant.

Unknown

[Figure]

This violation level is set when the judgment results in one of the following:

  • Judgment of the security status has not yet been performed.

    For agents that are connected to the network for the first time, judgment of the security status is not performed if security information has not been received from the agent by the time of the judgment of the security status. In such cases, the number of computers is not counted in the results of the judgment of the security level.

  • The security status cannot be judged because there is insufficient information.

    In this case, you must install an agent on the computer and collect the necessary information so that the security status can be correctly judged.

  • The security status was not judged correctly.

    In this case, the security status cannot be judged correctly because of an internal failure. You must investigate the cause of the failure and take appropriate action, referring to troubleshooting information, such as logs.

  • Computer running Linux or UNIX

    In this case, judgement of the security status is not performed, and the Violation Level becomes always Unknown

Safe

[Figure]

This violation level is set when the computer complies with the security judgment items and judgment conditions.

Out of Target

None

This violation level is set when the judgment items for the security policy are not set.

This violation level is also set when the managed device is one of the following because judgment of the security policy is not performed for them:

  • Computer running an unknown OS

  • Computer with an unknown Windows edition

Judgment conditions for the violation level

The violation level is judged for security judgement conditions, security judgement items, and the computer.The following figure shows how the violation level is judged.

[Figure]

First, the violation level is judged for each security judgment item. If multiple security judgment conditions are set for a security judgment item, the violation level is judged for each judgement condition. The most severe security judgment condition result is determined to be the violation level of the relevant security judgment item.

Then the most severe security judgement item result is determined to be the violation level of the computer.

In this figure, judgment condition 2 of security judgment item 4 is judged as Critical, so security judgment item 4 is determined to be Critical, even though the other judgment conditions are judged as Safe. The computer is determined to be Critical because security judgment item 4 is judged as Critical even though the other judgement items are judged as Safe or Important.

For details about the security judgment conditions and security judgment items, see (1) Items that can be set for a security policy.

Note that you can check whether a computer complies with the security policy in the Computer Security Status view of the Security module.

Important
  • In the list of security policies, the application rate and the number of computers to which a security policy applies are calculated based on the number of devices for which the security status has been judged. Therefore, the application rate shows the ratio of the devices that comply with the security policy to the number of devices for which the security status has been judged by using the applicable security policy.

  • Regarding the number of computers to which a security policy applies, the displayed number of devices indicates devices for which the security status has been judged by using the applicable security policy. Devices for which the security status has not been judged even though they have been assigned a security policy are not included in the calculation of the application rate or the number of computers to which a security policy applies.

  • If "prohibited operations", "operation logs", or both are enabled in a security policy or if all of the judgment items set for the security policy have been removed from the judgment target, judgment of the security status will not be performed and the applicable devices will not be included in the calculation.

Counting the number of days regarding the violation level

The number of sequential days in which no security measures are taken is counted for each device. This information is used to send messages to users who have not taken security measures during a certain period of time, or to block the network connections for relevant devices.

The number of sequential days is incremented by 1 when 24 hours has passed since the time the violation level was judged as Critical, Important, or Warning. The following shows an example of counting the number of sequential days:

In this case, JP1/IT Desktop Management 2 regards that no security measures were taken during the period from 2011/4/1 0:00 to 2011/4/7 12:00 (6 days and 12 hours). The number of sequential days in which no security measures were taken is counted as 7 days.

(2) Timing of security status judgment

The security status is judged on a periodic schedule. It is also judged when key device information is updated or changed.

The following table shows the details of security-status judgment conditions.

Timing

Security policy used for judgment

Computer to be judged

Description

A security policy is assigned.#1

Assigned security policy

  • All devices to which the security policy has been assigned

  • All devices that belong to the group to which the security policy has been assigned#2

Judgment is performed when a security policy is first assigned. It is also performed when and existing security policy is cancelled and a new security policy is assigned to a device or group.

The security policy is updated.#1

Updated security policy

  • All devices to which the updated security policy has been assigned

  • All devices that belong to the group to which the updated security policy has been assigned#2

Judgment is performed when the security policy is updated.

The system administrator updates asset information in the operation window or by using a command.#1

The priority order of the security policies is as follows:

  • Security policy assigned to the device

  • Security policy assigned to the group

Devices related to the assets whose asset information has been updated

If the added management item has been specified for at least one security policy as a user-defined security item, judgment is performed regardless of whether that security policy is used for judgement.

The system administrator changes the hardware asset assigned to the device.#1

The priority order of the security policies is as follows:

  • Security policy assigned to the device

  • Security policy assigned to the group

Devices whose association with hardware assets has been changed

If the added management item has been specified for at least one security policy as a user-defined security item, judgment is performed regardless of whether that security policy is used for judgement.

Device information for the managed computer is updated in the operation window.#1

The priority order of the security policies is as follows:

  • Security policy assigned to the device

  • Security policy assigned to the group

All devices whose device information has been updated

For online management:

Judgment is performed when the changed device information is collected on the management server and then updated.

For offline management:

Judgment is performed when the information collected from the computer by the information collection tool , or tool for applying policy offlineis reported to the management server.

The group to which the managed computer belongs is changed.#1

Security policy assigned to the new group

Devices whose group has been changed#2

If the target group type for the security policy is not a user-defined group:

Judgment is performed when the group to which the device belongs is changed, and a new security policy is assigned to the group.

If the target group type for the security policy is a user-defined group:

Judgment is performed when the user-defined group condition is changed for one of the following reasons:

  • The system administrator changed the user-defined group condition.

  • An added management item specified as the target item of a user-defined group is deleted.

  • An option of the added management items (whose data type is Emulation) specified as the target item of a user-defined group is deleted.

Periodical judgment (0:00 every day, by default#3)

The priority order of the security policies is as follows:

  • Security policy assigned to the device

  • Security policy assigned to the group

All devices

Judgment is performed according to the schedule specified in the Security Schedule view of the Settings module.

#1: If you enabled the large-scale management option when installing the management server, the security status is not judged at this time.

#2: If another security policy is directly assigned to a device, that security policy has priority for the device. Therefore, the device is excluded from this condition.

#3: If you enabled the large-scale management option when installing the management server, the default is set to 18:00 every day.

(3) Judging whether updates have been installed

To judge whether the latest updates have been installed on a computer, you must monitor the Microsoft website, determine whether it is necessary to apply judgment for new updates, and register the necessary information. These are troublesome tasks.

If you sign up for support services, the latest Windows Update information can be automatically acquired from the support service site regularly. The acquired Windows Update information is automatically applied to the security policy. Therefore, the administrator can judge whether the latest Windows Update information has been applied to the computer without the need of checking the versions of the updates. Also, depending on the security policy settings, you can distribute and apply the latest Windows Update information to the computers on which the latest updates have not yet been installed.

To automatically acquire the Windows Update information regularly, you must establish connection settings to the support service site and schedule settings for acquiring Windows Update information in the Settings module.

The following figure shows the flow from acquiring the latest Windows Update information to updating the security policy.

[Figure]

Tip

JP1/IT Desktop Management 2 can acquire the latest information about Critical or Important patches for security problems in Windows or Internet Explorer.

The status of whether updates have been installed is judged to be All updates are installed or Selected updates are installed. In the security policy, set the Windows Update information to be used when the security is judged.

Related Topics:

(4) Judging whether the latest program updates have been installed

You can judge whether the latest program updates have been installed on a computer based on all the program update information registered in the management server. When program update information is added, the listed program updates are added to the judgment targets, so the status of whether the latest program updates have been installed is automatically acquired. You can also specify the program updates that are to be excluded from judgment.

The following table shows the information to be used for judgement.

Information

Description

Latest program update

The latest program update information acquired form the support service site. Specify this to install all program updates.

Note that, in the Update List view of the Security module, you can check the latest program updates acquired form the support service site.

Program updates to be excluded

Information about the program updates to be excluded from judgment. In the Security module, create a group for the program updates, and then specify that group when you set a security policy.

Device information

Information about the program updates collected from the computer to be judged based on the security policy.

When security is judged, the device information of the computers for which the security policy is applied is compared with the latest program update information acquired from the support service site. If both the document number and the security bulletin number do not match, it is judged that the latest program updates have not been installed, and the violation level defined in the security policy is set. If the program updates that are to be excluded from judgment have not been installed, a violation level is not set.

Tip

If the management server cannot connect to the support service site, connect to the support service site by using a computer that can connect to the external network, and then download the latest support information. If you manually copy the downloaded support information to the management server and then execute the updatesupportinfo command, you can register the latest information in the management server. In this way, you can apply the latest program update information to the management server.

Tip

Security judgment for cumulative updates and Security Monthly Quality Rollup for Windows is possible even when the latest update has been released but the update information posted on the support service site has not yet been updated. Security judgment can also be performed taking into consideration the grace period given to apply updates. For details, see the description of Judgment for cumulative updates and Security Monthly Quality Rollup for Windows in the manual JP1/IT Desktop Management 2 Administration Guide.

(5) Judging whether specified program updates have been installed

The status of whether the program updates have been installed on a computer can be judged based on the update information specified by the administrator. The administrator can specify service packs, versions, and updates for Windows, and service packs and updates for Internet Explorer.

The following table shows the information used for judgment.

Information

Description

Program updates specified by the administrator

Information about program updates judged to be dangerous if the service packs , versions, and program updates specified by the administrator have not been installed. In the Security module, create a group for the program updates, and then specify that group when you set a security policy.

Device information

Information about the program updates collected form the computers to be judged based on the security policy.

When the security is judged, the device information of the computers for which the security policy is applied is compared with the program update information specified by the administrator. If both the document number and the security bulletin number do not match, it is judged that the program updates specified by the administrator have not been installed, and the violation level defined in the security policy is set. In the same way, if information does not match when the device information of the computer is compared with the service pack or version information specified by the administrator, the system judges that the program updates specified by the administrator have not been installed, and the violation level defined in the security policy is set.

Related Topics:

(6) Judging the settings for automatic update

The following describes the information and judgement conditions used for judgement of the automatic update settings.

Information used for judgment

Judgment conditions

Judgement is performed by comparing the device information with each item set for the security policy, and the violation level is determined depending on the judgment results.

If automated countermeasures are set (Auto Enforce), security measures are taken as necessary.

Related Topics:

(7) Judging the security status for an anti-virus product

When the security status is judged for an anti-virus product, the status of the anti-virus product on each computer is compared with the latest versions of the virus detecting engine and virus definition file over all the computers to which the security policy is applied. Therefore, keep the version of the anti-virus product up to date on at least one managed computer.

However, the versions of anti-virus products on the computers within an organization are not always updated to the latest version at the same time. The latest version and an older version might coexist for a while. For this reason, you can set a grace period (which defines how many days the computer is allowed to stay in the older status) for the security policy.

The following figure shows the flow when judging whether the anti-virus product is up to date.

[Figure]

The security status of a device added as a managed device is judged based on the latest security policy settings. Therefore, if the following conditions exist, the security status is judged to be the violation level specified in the latest policy settings when the device is added as a managed device.

  1. The grace period set for the judgment condition of an anti-virus product has expired and the security policy is updated.

  2. After the security policy is updated in step 1, a device for which the security status for the anti-virus product is not up to date is added as a managed device.

Supported anti-virus products (anti-virus products to be judged)

For details about the anti-virus products supported by JP1/IT Desktop Management 2, see (14) Supported anti-virus products.

Information used for judgment

Judgment conditions

Judgment is performed by comparing the device information with each item set for the security policy. If all the items and the device information match, it is judged to be Safe. If there is a mismatch, it is judged as the corresponding violation level that has been set.

If automated countermeasures are set, security measures are taken as necessary.

Related Topics:

(8) Judging the security status for prohibited software

The following describes the information and the judgement conditions used for judgment of prohibited software.

Information used for judgment

Judgment conditions

For prohibited software, the violation level is judged for each installed software program. If an information item set for prohibited software matches the name and version of an installed software program, the software program is judged to have the set violation level. If either of the name or version of an installed software program or both of them do not match any information items set for prohibited software, the software program is judged to be Safe. A software name is judged by partial match. A version is judged by Starts-with match.

Note that if prohibited software is not set in Security Configuration Items, the software program is judged to be Safe.

Important

If automated countermeasures are set, startup of the relevant software programs might be restricted or the software programs might be uninstalled. Multiple software programs might be the target of the automated countermeasures, because a software name is judged by partial match and a version is judged by Starts-with match.

Important

Do not specify a software program as both mandatory software and prohibited software when automated countermeasures are set. If you do so, the program will be alternately installed and uninstalled as the security judgments for mandatory software and prohibited software are implemented.

Important

If a software program that cannot be uninstalled is set as a prohibited software program in Programs and Features of the Windows Control Panel, uninstallation cannot be performed by automated countermeasures.

(9) Judging the security status for mandatory software

The following describes the information and the judgement conditions used for judgment of mandatory software.

Information used for judgment

Judgment conditions

The judgment targets are the devices whose OS information (OS, and service pack or version) matches one set for mandatory software. For mandatory software, the violation level is judged for each installed software program. If an information item set for mandatory software matches the name and version of an installed software program, the software program is judged to be Safe. If either of the name or version of an installed software program or both of them do not match any information items set for mandatory software, the software program is judged to have the set violation level. A software name is judged by partial match. A version is judged by Starts-with match.

Note that if a mandatory program is not set in Security Configuration Items, the software program is judged to be Unknown.

If automated countermeasures are set, the relevant software programs might be installed as necessary.

Important

Do not specify a software program as both mandatory software and prohibited software when automated countermeasures are set. If you do so, the program will be alternately installed and uninstalled as the security judgments for mandatory software and prohibited software are implemented.

Important

If the OS itself is set as mandatory software, installation cannot be performed by automated countermeasures.

(10) Judging the security status for prohibited services

The following describes the information and the judgement conditions used for judgment of prohibited services.

Information used for judgment

Judgment conditions

The violation level is judged for each prohibited service set in the security policy, and determined by the judgment result. If the name of a running service matches a name registered as a prohibited service, the service is judged to have the violation level set in the security policy. If the name does not match, the service is judged to be Safe.

If automated countermeasures are set, the relevant service is stopped and disabled as necessary.

If no security policy is assigned to a computer managed offline, the service is judged to be Safe

(11) Difference of security judgment between different configurations for management

Whether individual configuration items for security judgment can be judged differs for agent-installed computers and an agentless computers. For agent-installed computers, it also differs for online management and offline management. For agentless computers, it also differs depending on the authentication method.

The following table shows whether judgment is available for individual configuration items for each configuration for management.

Configuration Item

Agent installed

Agentless

Windows

UNIX

Mac OS

Administrative Share

SNMP

ARP/ICMP

Active Directory

API

Windows

Mac OS

Other OS

Windows Update

Automatic Update

Y

N

Y

Y

N

N

N

Y

Y

N

All updates are installed

Y

N

N

Y

N

N

N

Y

N

N

Selected updates are installed

Y

N

N

Y

N

N

N

Y

N

N

Antivirus Software

Install

Y

N

N

Y

N

N

N

N

N

N

Scan Engine Version

Y

N

N

Y

N

N

N

N

N

N

Virus Definition File Version

Y

N

N

Y

N

N

N

N

N

N

Auto Protect

Y

N

N

Y

N

N

N

N

N

N

Last Scanned Date/Time

Y

N

N

Y

N

N

N

N

N

N

Software Use

Mandatory Software

Y

N

Y

Y

N

N

N

Y

Y

N

Unauthorized Software

Y

N

Y

Y

N

N

N

Y

Y

N

Windows Services

Y #1

N

N

N

N

N

N

N

N

N

OS Security

Guest Account

Y

N

Y

Y

N

N

N

Y

Y

N

Password Strength

Y

N

N

Y

N

N

N

Y

N

N

Password Never Expires

Y

N

N

Y

N

N

N

Y

N

N

Days Since Last Password Change

Y

N

Y

Y

N

N

N

Y

Y

N

Auto Logon

Y

N

Y

Y

N

N

N

Y

Y

N

Power On Password

Y

N

N

Y

N

N

N

Y

N

N

Password (Screen Saver)

Y

N

Y#2

Y

N

N

N

Y

Y

N

Startup Time (Screen Saver)

Y

N

N

Y

N

N

N

Y

N

N

Shared Folder

Y

N

N

Y

N

N

N

Y

N

N

Administrative Share

Y

N

N

Y

N

N

N

Y

N

N

Anonymous Access

Y

N

N

Y

N

N

N

Y

N

N

Firewall#3

Y

N

Y

Y

N

N

N

Y

Y

N

DCOM

Y

N

N

Y

N

N

N

Y

N

N

Remote Desktop

Y

N

N

Y

N

N

N

Y

N

N

User-Defined Security Settings

Y

N

Y

Y

N

N

N

Y

Y

N

Legend: Y: Can be judged. N: Cannot be judged.

Note: Automated countermeasures for security cannot be performed for an agent for UNIX or Mac, offline management, and agentless management.

#1: For offline management, the security settings for the services cannot be judged. If no security policy is assigned, the security status is judged to be Safe.

#2 For Mac OS, the judgement results indicate the results for all user accounts, instead of for each user account.

#3: The computers for which network monitor is enabled are not judged for Firewall.

Tip

For agentless computers, security judgment can be performed only by using authentication through Windows administrative share. Therefore, when you manage the security for an agentless computer, configure the computer so that authentication is performed through Windows administrative share.

Related Topics:

(12) Judging user-defined security settings

You can add any policy settings related to the computer's security settings as user-defined security settings to security policies. If you want to perform security judgment using conditions not provided by JP1/IT Desktop Management 2, add user-defined security settings.

When user-defined security settings are added, the security status of the computer is judged based on the specified judgment conditions. If action items are set in a security policy with user-defined security settings added, the system can send messages to the user and control network access based on the violation level indicated by the judgment result. You can view the judgment result of the security status in the Computer Security Status view of the Security module.

Overview of security judgment based on user-defined items

Judgment with the user-defined security settings is performed according to the target item, judgment conditions, and judgment value specified for a user-defined item. If the judgment conditions are satisfied, the security status of the device is judged as improper and the violation level changes to the value specified for Violation level. Note that a violation level other than Violation level can also be specified for devices for which the target item has no value.

Target item

The target item for the security judgment. If there are multiple data items for the target item, judgment is performed if at least one of them meets a judgment condition. The judgment result of the data item that first meets a condition will be displayed.

The target items you can select are system information in device information, hardware information in device information, and management items for hardware asset information added by the system administrator. For details about the target items that can be specified, see (1) Items that can be set for a security policy.

Judgment condition

The condition that the target item value compared with the judgment value must satisfy to judge the security status as improper.

Judgment value

The value that is compared with the value for the target item to determine whether the security status for the item is improper.

Important

The target items for user-defined security settings can be specified only from the added management items in the hardware asset information that system administrator has added. You cannot specify items provided by the system.

Example of setting the user-defined item

The following provides an example of setting the user-defined item to prohibit users with administrator permissions from logging on, and judge the security status to be Critical if a violation is detected.

User-defined item

Setting example

User-defined item name

Prohibit Administrator permission

Definition

Type of device information

System information

Target item

Name of the last logon user

Judgment condition

Equals the judgment value

Judgment value

Administrator

Action when target item has no value

Safe

Violation level

Critical

Judgment conditions and judgment values that can be specified for user-defined items

Judgment conditions and judgment values that can be specified for user-defined items vary depending on the data type of the target item. The following table lists the judgment conditions and judgment values that can be specified for each data type of the target item.

Data type of the target item

Judgment condition

Judgment value

Text

Equals the judgment value

Character string

The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.

Does not equal the judgment value

Contains the judgment value

Begins with the judgment value

Ends with the judgment value

Number

Equals the judgment value

Numbers from 0 to 9, and a decimal point (.)

The following units can also be used to specify a value.

  • B (byte)

  • KB (kilobyte)

  • MB (megabyte)

  • GB (gigabyte)

  • TB (terabyte)

  • PB (petabyte)

  • Minute

Does not equal the judgment value

Equal to or greater than the judgment value

Less than or equal to the judgment value

Greater than the judgment value

Less than the judgment value

Enumeration

Equals the judgment value

Values displayed in the pull-down menu

The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.

Does not equal the judgment value

Tip

When no value is entered in numerical target items (such as VRAM size or core clock speed) in the system information or hardware information, the value is dealt as 0. In such cases, the judgment result is not the risk level set for no value but the result judged between the judgment value and 0 under the judgment conditions.

(13) Security judgment for user accounts

When multiple user accounts are registered in an OS, some OS settings are defined for each user account. For certain setting items, the security status can be judged for each user account. This enables you to extract problematic user accounts (regarding security) and secure the computers.

The following items are judged for each user account:

For these items, if all user accounts are in adequate status, the violation level of the device becomes Safe. If there is a problem with a user account, the violation level of the device changes to inadequate status. If the status is inadequate, the problematic user accounts are displayed in the Computer Security Status view (under the Security module). If automated countermeasures are set for a security policy, countermeasures are enforced only for the problematic user accounts.

Important

Security judgment is not performed for user accounts in either of the following statuses because password information cannot be collected for those user accounts:

  • Disabled user accounts

  • Locked-out user accounts

In addition, security judgment for the screen saver is not performed for the following user accounts because information about the screen saver cannot be acquired for those accounts:

  • User accounts that have not been logged in for 30 days or more since the last login

If message notification is set in Action Items for a security policy, a message prompting you to enforce countermeasures may be automatically displayed depending on the violation level. All user accounts receive the message. However, for the items that are judged for each user account, the description of the countermeasures is added only to the message for the problematic user accounts.

(14) Supported anti-virus products

JP1/IT Desktop Management 2 supports the anti-virus products shown below. The security status can be judged only for those anti-virus products.

Important

The products and versions shown below are the ones as of the release of the JP1/IT Desktop Management 2 product this manual covers.

You can check the latest information about supported anti-virus products on the support service site.

Tip

You can view the product versions shown below on the Installed Software Details tab of the Device Inventory view.

Tip

The security status cannot be judged for unsupported anti-virus products. However, whether a product has been installed can be judged if the product is registered as mandatory software in the security policy.

Anti-virus products for which information can be collected

Japanese versions of anti-virus products

Product name and version

Name displayed in the operation window

Norton AntiVirus#1, #2, #3

2005

Norton AntiVirus 2005

2006

Norton AntiVirus 2006

2007

Norton AntiVirus 2007

2008

32-bit

Norton AntiVirus 2008

64-bit

Norton AntiVirus 2008 64-bit

2009

32-bit

Norton AntiVirus 2009

64-bit

Norton AntiVirus 2009 64-bit

2010

32-bit

Norton AntiVirus 2010

64-bit

Norton AntiVirus 2010 64-bit

2011

32-bit

Norton AntiVirus 2011

64-bit

Norton AntiVirus 2011 64-bit

2012

32-bit

Norton AntiVirus 2012

64-bit

Norton AntiVirus 2012 64-bit

32-bit

Norton AntiVirus

64-bit

Norton AntiVirus 64-bit

2014

32-bit

Norton AntiVirus 2014

64-bit

Norton AntiVirus 2014 64-bit

Symantec AntiVirus Corporate Edition

10.0

32-bit

Symantec AntiVirus Corporate Edition 10.0

64-bit

Symantec AntiVirus 64-bit

10.1

32-bit

Symantec AntiVirus Corporate Edition 10.1

64-bit

Symantec AntiVirus 64-bit

10.2

32-bit

Symantec AntiVirus Corporate Edition 10.2

64-bit

Symantec AntiVirus 64-bit

Symantec Client Security

3.0

32-bit

Symantec Client Security

64-bit

Symantec AntiVirus 64-bit

3.1

32-bit

Symantec Client Security

64-bit

Symantec AntiVirus 64-bit

Symantec Endpoint Protection

11.0

32-bit

Symantec Endpoint Protection 11.0

64-bit

Symantec Endpoint Protection 11.0 64-bit

12.1 (12.1.4)

32-bit

Symantec Endpoint Protection 12.1

64-bit

Symantec Endpoint Protection 12.1 64-bit

12.1.5

32-bit

Symantec Endpoint Protection 12.1

64-bit

Symantec Endpoint Protection 12.1 64-bit

12.1.6 MP5

32bit

Symantec Endpoint Protection 12.1

64bit

Symantec Endpoint Protection 12.1 64bit

14.0

32bit

Symantec Endpoint Protection 14.0

64bit

Symantec Endpoint Protection 14.0 64bit

14.0.0 MP2

32bit

Symantec Endpoint Protection 14.0

64bit

Symantec Endpoint Protection 14.0 64bit

McAfee Total Protection Service#2, #3

5.0

McAfee Total Protection Service

McAfee SaaS Endpoint Protection#3

5.2

McAfee SaaS Endpoint Protection

6.0

32-bit

McAfee SaaS Endpoint Protection

64-bit

McAfee SaaS Endpoint Protection 64-bit

McAfee VirusScan Enterprise

8.5i

32-bit

McAfee VirusScan Enterprise 8.5i

64-bit

McAfee VirusScan Enterprise 8.5i 64-bit

8.7i

32-bit

McAfee VirusScan Enterprise 8.7i

64-bit

McAfee VirusScan Enterprise 8.7i 64-bit

8.8, 8.8 Patch 8

32-bit

McAfee VirusScan Enterprise 8.8

64-bit

McAfee VirusScan Enterprise 8.8 64-bit

McAfee Endpoint Security#2, #3, #4

10.1

32bit

McAfee Endpoint Security 10.1

64bit

McAfee Endpoint Security 10.1 64bit

10.2

32bit

McAfee Endpoint Security 10.2

64bit

McAfee Endpoint Security 10.2 64bit

10.5

32bit

McAfee Endpoint Security 10.5

64bit

McAfee Endpoint Security 10.5 64bit

ウイルスバスター

2011 クラウド#3

32-bit

ウイルスバスター 2011 クラウド

64-bit

ウイルスバスター 2011 クラウド 64-bit

2012 クラウド#3

32-bit

ウイルスバスター 2012 クラウド

64-bit

ウイルスバスター 2012 クラウド 64-bit

ウイルスバスター クラウド#3

32-bit

ウイルスバスター クラウド

64-bit

ウイルスバスター クラウド 64-bit

7.0

32-bit

ウイルスバスター クラウド 7.0

64-bit

ウイルスバスター クラウド 7.0 64-bit

8.0

32-bit

ウイルスバスター クラウド 8.0

64-bit

ウイルスバスター クラウド 8.0 64-bit

11.0

32-bit

ウイルスバスター クラウド 11.0

64-bit

ウイルスバスター クラウド 11.0 64bit

12.0#1

32bit

ウイルスバスター クラウド 12.0

64bit

ウイルスバスター クラウド 12.0 64bit

ウイルスバスター コーポレートエディション

8.0#3, 10.0#3, 10.5#5, 10.6, 11.0, 11.0 SP1 Critical Patch 6077, 11.0 SP1 Critical Patch 6206, XG Critical Patch 1440, XG SP1

32-bit

For the 32-bit version of Windows:

ウイルスバスター Corp.

For the 64-bit version of Windows:

ウイルスバスター Corp. 64-bit

64-bit

ウイルスバスター コーポレートエディション アドバンス

8.0#3, 10.0#3

32-bit

64-bit

ウイルスバスター コーポレートエディション サーバ版

8.0#3, 10.0#3

32-bit

64-bit

ウイルスバスター コーポレートエディション サーバ版 アドバンス

8.0#3, 10.0#3

32-bit

64-bit

ウイルスバスター ビジネスセキュリティサービス

5.7.1193

32-bit

ビジネスセキュリティサービス

64-bit

ビジネスセキュリティサービス 64-bit

Trend Micro ビジネスセキュリティ#3

6.0

32-bit

For the 32-bit version of Windows:

ビジネスセキュリティクライアント

For the 64-bit version of Windows:

ビジネスセキュリティクライアント 64-bit

64-bit

ウイルスバスター ビジネスセキュリティ#3

7.0

32-bit

64-bit

9.0, 9.0 SP3, 9.0 SP3 Critical Patch 4340, 9.5

32-bit

64-bit

ServerProtect for Windows NT/NetWare#6

5.7

32-bit

For the 32-bit version of Windows:

ServerProtect

For the 64-bit version of Windows:

ServerProtect 64-bit

64-bit

5.8

32-bit

64-bit

Forefront Client Security#3

1.5.1937.14, 1.5.1993.0, 1.5.1996.1

32-bit

Forefront Client Security

64-bit

Forefront Client Security 64-bit

Kaspersky Open Space Security Server#7

6.0.4

32-bit

Kaspersky Anti-Virus 6.0 for Windows Workstations

64-bit

Kaspersky Anti-Virus 6.0 for Windows Workstations 64-bit

Kaspersky Open Space Security Workstation#7

6.0.4

32-bit

Kaspersky Anti-Virus 6.0 for Windows Servers

64-bit

Kaspersky Anti-Virus 6.0 for Windows Servers 64-bit

Kaspersky Endpoint Security 8 for Windows#7

8

32-bit

For the 32-bit version of Windows:

Kaspersky Endpoint Security 8 for Windows

For the 64-bit version of Windows:

Kaspersky Endpoint Security 8 for Windows 64-bit

64-bit

8.1

32-bit

64-bit

Kaspersky Endpoint Security 10 for Windows#2, #7

10.2, SP1 (10.2.4.674)

32-bit

For the 32-bit version of Windows:

Kaspersky Endpoint Security 10 for Windows

For the 64-bit version of Windows:

Kaspersky Endpoint Security 10 for Windows 64bit

64-bit

ESET Endpoint Antivirus#1, #2, #3

5.0

32-bit

ESET Endpoint Antivirus

64-bit

ESET Endpoint Antivirus 64-bit

ESET File Security for Microsoft Windows Server#1, #2, #3

4.5

32-bit

ESET File Security for Microsoft Windows Server

64-bit

ESET File Security for Microsoft Windows Server 64-bit

ESET NOD32 Antivirus#1, #2, #3

4.0

32-bit

For the 32-bit version of Windows:

ESET NOD32 Antivirus

For the 64-bit version of Windows:

ESET NOD32 Antivirus 64-bit

64-bit

4.2

32-bit

64-bit

5.0

32-bit

64-bit

5.2

32-bit

64-bit

6.0

32-bit

64-bit

7.0

32-bit

64-bit

8.0

32-bit

64-bit

Sophos Endpoint Security and Data Protection

9.0

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus

For the 64-bit version of Windows:

Sophos Anti-Virus 64-bit

64-bit

9.5

32-bit

64-bit

Sophos Security Suite small business solutions

4.0

32-bit

Sophos Computer Security small business solutions

64-bit

Sophos Anti-Virus small business solutions

Sophos Endpoint Protection - Enterprise

10

32-bit

64-bit

Sophos Endpoint Protection - Advanced

32-bit

64-bit

Sophos Endpoint Protection - Basic

32-bit

64-bit

Sophos Endpoint Security and Control for Windows

10.3

32-bit

64-bit

10.3.7

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus 10.3.7

For the 64-bit version of Windows:

Sophos Anti-Virus 10.3.7 64-bit

64-bit

10.3.11

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus 10.3.11

For the 64-bit version of Windows:

Sophos Anti-Virus 10.3.11 64-bit

64-bit

10.3.13

32-bit

Sophos Anti-Virus 10.3.13

64-bit

Sophos Anti-Virus 10.3.13 64-bit

10.6.3.537, 10.7

32-bit

Sophos Anti-Virus 10

64-bit

Sophos Anti-Virus 10 64bit

F-Secure Client Security#1, #2, #3

9.0

32-bit

For the 32-bit version of Windows:

F-Secure Client Security

For the 64-bit version of Windows:

F-Secure Client Security 64-bit

64-bit

9.1

32-bit

64-bit

9.11

32-bit

64-bit

9.20

32-bit

64-bit

9.31

32-bit

64-bit

9.32

32-bit

64-bit

11.50

32-bit

64-bit

11.60

32-bit

64-bit

#1: The version of the virus search engine cannot be collected.

#2: The status for Auto Protect (resident setting) cannot be collected.

#3: The last scanned date and time cannot be collected.

#4: If you select the Threat Prevention option when installing McAfee Endpoint Security, security information can be acquired. However, information cannot be acquired immediately after McAfee Endpoint Security is installed. Also, the latest information cannot be acquired immediately after a McAfee Endpoint Security definition is updated. To acquire the latest information, after updating a McAfee Endpoint Security definition, restart the agent OS.

#5: The last scanned date and time can be collected only when Patch 1 or later has been applied.

#6: If the scan was canceled, the date and time the scan was canceled is collected as the last scanned date and time.

#7: If a complete scan is performed, the last scanned date and time can be collected only when all hard disks, system memory, and startup objects are scanned.

English versions of anti-virus products

Product name and version

Name displayed in the operation window

Norton AntiVirus#1, #2, #3

2010

32-bit

Norton AntiVirus 2010

64-bit

Norton AntiVirus 2010 64-bit

2011

32-bit

Norton AntiVirus 2011

64-bit

Norton AntiVirus 2011 64-bit

32-bit

Norton AntiVirus

64-bit

Norton AntiVirus 64-bit

Symantec AntiVirus Corporate Edition

10.0

32-bit

Symantec AntiVirus Corporate Edition 10.0

64-bit

Symantec AntiVirus 64-bit

10.1

32-bit

Symantec AntiVirus Corporate Edition 10.1

64-bit

Symantec AntiVirus 64-bit

10.2

32-bit

Symantec AntiVirus Corporate Edition 10.2

64-bit

Symantec AntiVirus 64-bit

Symantec Client Security

3.0

32-bit

Symantec Client Security

64-bit

Symantec AntiVirus 64-bit

3.1

32-bit

Symantec Client Security

64-bit

Symantec AntiVirus 64-bit

Symantec Endpoint Protection

11.0

32-bit

Symantec Endpoint Protection 11.0

64-bit

Symantec Endpoint Protection 11.0 64-bit

12.1

32-bit

Symantec Endpoint Protection 12.1

64-bit

Symantec Endpoint Protection 12.1 64-bit

12.1.4

32-bit

Symantec Endpoint Protection 12.1

64-bit

Symantec Endpoint Protection 12.1 64-bit

12.1.5

32-bit

Symantec Endpoint Protection 12.1

64-bit

Symantec Endpoint Protection 12.1 64-bit

12.1.6 MP5

32bit

Symantec Endpoint Protection 12.1

64bit

Symantec Endpoint Protection 12.1 64bit

14.0

32bit

Symantec Endpoint Protection 14.0

64bit

Symantec Endpoint Protection 14.0 64bit

14.0.0 MP2

32bit

Symantec Endpoint Protection 14.0

64bit

Symantec Endpoint Protection 14.0 64bit

McAfee Total Protection Service#2, #3

5.0

McAfee Total Protection Service

McAfee SaaS Endpoint Protection#3

5.2

McAfee SaaS Endpoint Protection

6.0

32-bit

McAfee SaaS Endpoint Protection

64-bit

McAfee SaaS Endpoint Protection 64-bit

McAfee VirusScan Enterprise

8.5i

32-bit

McAfee VirusScan Enterprise 8.5i

64-bit

McAfee VirusScan Enterprise 8.5i 64-bit

8.7i

32-bit

McAfee VirusScan Enterprise 8.7i

64-bit

McAfee VirusScan Enterprise 8.7i 64-bit

8.8, 8.8 Patch 7

32-bit

McAfee VirusScan Enterprise 8.8

64-bit

McAfee VirusScan Enterprise 8.8 64-bit

McAfee Endpoint Security#2, #3, #4

10.1

32bit

McAfee Endpoint Security 10.1

64bit

McAfee Endpoint Security 10.1 64bit

10.5

32bit

McAfee Endpoint Security 10.5

64bit

McAfee Endpoint Security 10.5 64bit

PC-cillin

2010

32-bit

PC-cillin 2010

64-bit

PC-cillin 2010 64-bit

Titanium Internet Security#3

2011

32-bit

Titanium Internet Security 2011

64-bit

Titanium Internet Security 2011 64-bit

2012

32-bit

Titanium Internet Security 2012

64-bit

Titanium Internet Security 2012 64-bit

2013

32-bit

Titanium Internet Security 2013

64-bit

Titanium Internet Security 2013 64-bit

2015

32-bit

Titanium Internet Security 2015

64-bit

Titanium Internet Security 2015 64-bit

2017

32-bit

Titanium Internet Security 2017

64-bit

Titanium Internet Security 2017 64bit

2018#1

32bit

Titanium Internet Security 2018

64bit

Titanium Internet Security 2018 64bit

Worry-Free Business Security-Standard

7.0#1, #2, #3, #5, 8.0#3, 9.0 SP3#3, 9.0 SP3 Patch 1#3 , 9.0 SP3 Critical Patch 4340#3, 9.5#3

32-bit

For the 32-bit version of Windows:

Worry-Free Business Security

For the 64-bit version of Windows:

Worry-Free Business Security 64-bit

64-bit

Worry-Free Business Security-Advanced

7.0#1, #2, #3, #5, 8.0#3, 9.0 SP3#3, 9.0 SP3 Patch 1#3 , 9.0 SP3 Critical Patch 4340#3 , 9.5#3

32-bit

64-bit

OfficeScan Corporate Edition

8.0#3, 10#3, 10.5#6, 10.6, 11.0, 11.0 SP1, XG , XG Critical Patch 1556, XG SP1

32-bit

For the 32-bit version of Windows:

OfficeScan Corp.

For the 64-bit version of Windows:

OfficeScan Corp. 64-bit

64-bit

ServerProtect for Windows NT/Netware

5.7

32-bit

For the 32-bit version of Windows:

ServerProtect

For the 64-bit version of Windows:

ServerProtect 64-bit

64-bit

5.8

32-bit

64-bit

Forefront Client Security#3

1.5.1937.14, 1.5.1993.0, 1.5.1996.1

32-bit

Forefront Client Security

64-bit

Forefront Client Security 64-bit

Kaspersky Open Space Security Server

6.0.3#1, #2, #3, 6.0.4#7

32-bit

Kaspersky Anti-Virus 6.0 for Windows Servers

64-bit

Kaspersky Anti-Virus 6.0 for Windows Servers 64-bit

Kaspersky Open Space Security Workstation

32-bit

Kaspersky Anti-Virus 6.0 for Windows Workstations

64-bit

Kaspersky Anti-Virus 6.0 for Windows Workstations 64-bit

Kaspersky Endpoint Security 8 for Windows#7

8, 8.1

32-bit

For the 32-bit version of Windows:

Kaspersky Endpoint Security 8 for Windows

For the 64-bit version of Windows:

Kaspersky Endpoint Security 8 for Windows 64-bit

64-bit

Kaspersky Endpoint Security 10 for Windows#2, #7

10.2, SP1 (10.2.4.674) , 10.3.0.6294

32-bit

For the 32-bit version of Windows:

Kaspersky Endpoint Security 10 for Windows

For the 64-bit version of Windows:

Kaspersky Endpoint Security 10 for Windows 64-bit

64-bit

ESET NOD32 Antivirus#1, #2, #3

4.0, 4.2, 5.0, 5.2

32-bit

ESET NOD32 Antivirus

64-bit

ESET NOD32 Antivirus 64-bit

ESET Endpoint Antivirus#1, #2, #3

6.5

32bit

ESET Endpoint Antivirus

64bit

ESET Endpoint Antivirus 64bit

Sophos Endpoint Security and Data Protection

9.0, 9.5

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus

For the 64-bit version of Windows:

Sophos Anti-Virus 64-bit

64-bit

Sophos Security Suite small business solutions

4.0

32-bit

Sophos Computer Security small business solutions

64-bit

Sophos Anti-Virus small business solutions

Sophos Endpoint Protection - Enterprise

10

32-bit

64-bit

Sophos Endpoint Protection - Advanced

10

32-bit

64-bit

Sophos Endpoint Protection - Basic

10

32-bit

64-bit

Sophos Endpoint Security and Control for Windows

10.3.7

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus 10.3.7

For the 64-bit version of Windows:

Sophos Anti-Virus 10.3.7 64-bit

64-bit

10.3.11

32-bit

For the 32-bit version of Windows:

Sophos Anti-Virus 10.3.11

For the 64-bit version of Windows:

Sophos Anti-Virus 10.3.11 64-bit

64-bit

F-Secure Client Security#1, #2, #3

9.0, 9.31, 9.32

32-bit

For the 32-bit version of Windows:

F-Secure Client Security

For the 64-bit version of Windows:

F-Secure Client Security 64-bit

64-bit

Avira Professional Security#2, #8, #9

14.0.4

32-bit

For the 32-bit version of Windows:

Avira Professional Security

For the 64-bit version of Windows:

Avira Professional Security 64-bit

64-bit

14.0.7

32-bit

64-bit

#1: The version of the virus search engine cannot be collected.

#2: The status for Auto Protect (resident setting) cannot be collected.

#3: The last scanned date and time cannot be collected.

#4: If you select the Threat Prevention option when installing McAfee Endpoint Security, security information can be acquired. However, information cannot be acquired immediately after McAfee Endpoint Security is installed. Also, the latest information cannot be acquired immediately after a McAfee Endpoint Security definition is updated. To acquire the latest information, after updating a McAfee Endpoint Security definition, restart the agent OS.

#5: The version of the virus definition file cannot be collected.

#6: The last scanned date and time can be collected only when Patch 1 or later has been applied.

#7: If a complete scan is performed, the last scanned date and time can be collected only when all hard disks, system memory, and startup objects are scanned.

#8: If you perform a Manual Update, the information is not updated. In a similar manner, the information is not updated in the case the version is the same as the Manual Update when you perform an downloaded update after performing a Manual Update.

#9: The information is updated when a scan is performed using one of the following profiles:

  • Local Drives

  • Local Hard Disks

  • Complete system scan

Chinese versions of anti-virus products

[Figure]

[Figure]

[Figure]

Judgment conditions for Auto Protect (resident setting ) of anti-virus products

You can collect the status of Auto Protect (resident setting) from most anti-virus products. The status of whether an anti-virus product is resident or non-resident is judged by the setting of the anti-virus product. The following shows the judgment conditions for whether anti-virus products are resident or non-resident.

Japanese versions of anti-virus products

Product name

Condition for judging whether the product is resident or non-resident

Norton AntiVirus

--

Symantec AntiVirus Corporate Edition

The product is resident when Enable Auto-Protect is on.

Symantec Client Security

Symantec Endpoint Protection

The product is resident when Enable File System Auto-Protect is on.

McAfee Total Protection Service

--

McAfee SaaS EndpointProtection

The product is resident when On-access scanning is enabled.

McAfee VirusScan Enterprise

The product is resident when Enable on-access scanning at system startup is on.

ウイルスバスター

The product is resident when ウイルス/スパイウェアの監視 is on.

ウイルスバスター 2011 クラウド

The product is resident when Real-time Scan is on.

ウイルスバスター コーポレートエディション

If Enable ウイルス/不正プログラム検索 (Enable Virus Scan for version 8.0, or Enable Real-time Scan for version 10.0) is set to off in Setting Real-time Scan on the management server running ウイルスバスター コーポレートエディション and then the settings are applied to the clients, real-time scan on the clients stops. At this time, the product becomes non-resident.

ウイルスバスター コーポレートエディション アドバンス

If Enable Real-time Scan (Enable Virus Scan for version 8.0) is set to off in Setting Real-time Scan on the management server running ウイルスバスター コーポレートエディション and then the settings are applied to the clients, real-time scan on the clients stops. At this time, the product becomes non-resident.

ウイルスバスター コーポレートエディション サーバ版

ウイルスバスター コーポレートエディション サーバ版 アドバンス

ビジネスセキュリティ

If リアルタイムのウイルス対策/スパイウェア対策を有効にする is set to off in the security settings and the settings are applied to a computer, real-time scan on the computer stops. At this time, the product becomes non-resident.

ServerProtect for Windows NT/Netware

If Enable Real-time Scan is set to off in Enable Real-time Scan on the information server and the settings are applied to general servers, real-time scan on general servers stops. At this time, the product becomes non-resident.

Forefront Client Security

The product is resident when Use real time protection is on.

Kaspersky Open Space Security Server

The product is resident when Enable protection is on.

Kaspersky Open Space Security Workstation

The product is resident when Enable protection is on.

Kaspersky Endpoint Security 8 for Windows

The product is resident when Pause of Pause protection and control is off.

Kaspersky Endpoint Security 10 for Windows

--

ESET Endpoint Antivirus

--

ESET File Security for Microsoft Windows Server

--

ESET NOD32 Antivirus

--

Sophos Endpoint Security and Data Protection

The product is resident when Execute on-access scanning for this computer is on.

Sophos Security Suite small business solutions

Sophos Computer Security small business solutions

Sophos Anti-Virus small business solutions

Sophos Endpoint Protection - Enterprise

Sophos Endpoint Protection - Advanced

Sophos Endpoint Protection - Basic

Sophos Endpoint Security and Control for Windows

F-Secure Client Security

--

Legend: --: The status of whether the product is resident or non-resident cannot be collected.

English versions of anti-virus products

Product name

Condition for judging whether the product is resident or non-resident

Norton AntiVirus

--

Symantec AntiVirus Corporate Edition

The product is resident when Enable Auto-Protect is on.

Symantec Client Security

Symantec Endpoint Protection

The product is resident when Enable File System Auto-Protect is on.

McAfee Total Protection Service

--

McAfee SaaS EndpointProtection

The product is resident when On-access scanning is on.

McAfee VirusScan Enterprise

The product is resident when Enable on-access scanning at system startup is on.

OfficeScan Corporate Edition

For version 8.0, 10, 10.5, or 10.5Patch1, the product is resident when Enable virus/malware scan is on. For version 10.6, if Enable virus/malware scan is set to off in Real-time Scan Settings on the management server and the settings are applied to client, real-time scan on client stops. At this time, the product becomes non-resident.

PC-cillin

The product is resident when Protection Against Viruses & Spyware is on.

Titanium Internet Security

Worry-Free Business Security-Standard

The product is resident when Enable real-time Antivirus/Anti-spyware is on (for version 8.0).

Worry-Free Business Security-Advanced

OfficeScan Corporate Edition

In versions 8.0, 10, 10.5, 10.5 Patch1, and 11.0, the product is resident when Enable virus/malware scan is on. For version 10.6, if Enable virus/malware scan is set to off in Real-time Scan Settings on the management server and the settings are applied to client, real-time scan on client stops. At this time, the product becomes non-resident.

ServerProtect for Windows NT/Netware

If Enable Real-time Scan is set to off in Real-time Scan on the information server and the settings are applied to general servers, real-time scan on general servers stops. At this time, the product becomes non-resident.

Forefront Client Security

The product is resident when Use real time protection is on.

Kaspersky Open Space Security Server

The product is resident when Enable File Anti-Virus is on (for version 6.0.3) or when Enable protection is on (for version 6.0.4).

Kaspersky Open Space Security Workstation

The product is resident when Enable File Anti-Virus is on (for version 6.0.3) or when Enable protection is on (for version 6.0.4).

Kaspersky Endpoint Security 8 for Windows

The product is resident when Pause of Pause protection and control is off.

Kaspersky Endpoint Security 10 for Windows

--

ESET NOD32 Antivirus

--

Sophos Endpoint Security and Data Protection

The product is resident when Enable on-access scanning for this computer is on.

Sophos Security Suite small business solutions

Sophos Computer Security small business solutions

Sophos Anti-Virus small business solutions

Sophos Endpoint Protection - Enterprise

Sophos Endpoint Protection - Advanced

Sophos Endpoint Protection - Basic

F-Secure Client Security

--

Avira Professional Security

--

Legend: --: The status of whether the product is resident or non-resident cannot be collected.

Chinese versions of anti-virus products

[Figure]

Tip

If you use an antivirus software product from Sophos, there might be a case that virus definition file versions differ depending on the update methods of virus definition files. As a result, the security judgment result for a virus definition file version might not be judged Safe even though the same virus definition file is applied. To avoid the problem, when using antivirus software products from Sophos and judging the security of a virus definition file version, make sure to update the virus definition files by using the same method on all devices where this security policy is applied.

Tip

If you have not upgraded the agents, the security judgment result for a virus definition file version of an anti-virus product from Sophos becomes Unknown. For anti-virus products from Sophos, to perform security judgment with the virus definition file version, upgrade the agents.

(15) Updating the information on the supported anti-virus products

Information on supported anti-virus products can be updated automatically, or by offline update. If you update the information on supported anti-virus products, the list of anti-virus products in the security policy becomes up to date, which allows you to select a new anti-virus product as the security policy judgment target.

After updating the information on the supported anti-virus products, either edit the existing security policies to correct selection of an anti-virus product as the judgement target, or create a new security policy and assign it to the computers.

Automatic update of the anti-virus products information

To automatically update information on anti-virus products, configure the Product Update view of the Settings module so that the device connects to the support service site. A support information file is automatically downloaded from the support service site after a certain period of time after a new anti-virus product is released, and the information on anti-virus products is updated. A support service contract is required to connect to the support service site.

Offline update of the anti-virus products

After manually downloading a support information file from the support service site, update the information on anti-virus products from the operation window, or by using a command offline. Use this method when the management server environment cannot connect to the support service site.

Offline update from the operation window

You can perform offline update from the Action menu in the Update List view of the Security module, the Managed Software view of the Assets module, and the Software Inventory view of the Inventory module.

Offline update by a command

You can perform offline update by executing the updatesupportinfo command.

(16) Excluding user accounts from security status judgment targets

If multiple user accounts are registered in an OS, the security status is judged for each user account for the following security configuration items:

OS user accounts might be automatically created depending on the components of the OS or on certain programs. The security status might not be correctly managed if the security status is also judged for such unused user accounts.

In such a case, you can create a judgment-excluded user settings file so that certain user accounts will not be judged.

Tip

JP1/IT Desktop Management 2 automatically excludes some user accounts that are automatically created, from the judgment targets. If an unknown user account has been judged when you check the security status, create a judgment-excluded user settings file.

(17) Format of a user settings file excluded from security status judgment

Specify the file name as follows: jdn_except_users.dat.

After creating the file, place it in JP1/IT-Desktop-Management-2- Manager-installation-folder\mgr\conf.

Create a user settings file excluded from security status judgment in the following format:

OS user account name 1

OS user account name 2

Specify a single user account name for each line. To specify multiple user accounts, you can specify them by using multiple lines.

Leading and trailing single-byte spaces in user account names are ignored.

For a user account name, specify a character string not exceeding 20 single-byte characters, which can consist of alphanumeric characters and symbols. Note, however, that the following symbols cannot be used:

" / \ [ ] : ; | = , + * ? < >

In addition, you cannot specify a user account name by using only periods (.) or single-byte spaces.

Tip

You can use an asterisk (*) as a wildcard to specify all user account names for which the initial characters match the entered string, for example, HOGE*. You can specify an asterisk (*) only at the end of a character string. User account names consisting only of asterisks (*) are ignored.