Sophos Endpoint Security and Control Windows Embedded test guide

Sophos Endpoint Security and Control Windows Embedded test guide
Sophos Endpoint Security
and Control
Windows Embedded test
guide
Product version: 10.2
Document date: February 2013
Contents
1 About this guide........................................................................................................................................3
2 Prepare for testing.....................................................................................................................................3
3 Install security software............................................................................................................................4
4 Test threat detection..................................................................................................................................5
5 Test application control............................................................................................................................5
6 Test data control........................................................................................................................................6
7 Test device control.....................................................................................................................................7
8 Legal notices..............................................................................................................................................8
2
Windows Embedded test guide
1 About this guide
This guide is for network administrators who want to protect computers running the following
Windows Embedded platforms:
■
Windows Embedded POSReady
■
Windows Embedded for Point of Service (WEPOS)
■
Windows Embedded Standard
■
Windows XP Embedded (Windows XPe)
Embedded versions of Windows can be compiled with many different customizations, so this
guide does not attempt to discuss whether each can be protected successfully. Instead, it tells you
how to run checks after installation to see whether Sophos security software is functioning properly.
This guide assumes that you have previously used Sophos Enterprise Console for installing and
managing Sophos software on your network.
It describes how to:
■
Install Sophos security software on computers running Windows Embedded.
■
Test that the software is being updated.
■
Test threat detection.
■
Test application, data and device control.
Important: If you complete all the tests in this guide successfully, Sophos will make commercially
reasonable efforts in accordance with its standard business practices to provide technical support.
For current support policy, see Sophos support knowlegebase article 63797
(http://www.sophos.com/en-us/support/knowledgebase/63797.aspx).
2 Prepare for testing
Before you start:
■
Select endpoint computers running Windows Embedded to use as test computers.
■
Ensure that you have the EICAR virus detection test file installed or ready to install on your
test computers.
■
Ensure you have Windows Live Messenger available to install on the test computers during
application control testing.
Note: Windows Embedded computers have highly variable configurations. Therefore, you may
need to modify some of these tests somewhat, for example when testing device control, choose
actual hardware present or available to connect.
3
Sophos Endpoint Security and Control
3 Install security software
Before testing, you need to:
■
Install the security software on test computers.
■
Check that the software is being updated.
3.1 Install software
You install Sophos Endpoint Security and Control for Windows in the same way that you would
install it on any other Windows endpoint computer.
You can do either of the following:
■
Automatic installation. In Enterprise Console, find the test computers and ensure they have
a valid updating policy. Select the computers, right-click and click Protect computers.
■
Manual installation. At the test computers, browse to the folder from which endpoint
computers get updates and run the Sophos installation program.
Note: The folder from which computers get updates can be found by looking in Enterprise Console,
Bootstrap Locations on the View menu.
3.2 Check updating
You should check that the test computers are receiving Sophos updates.
At the test computers:
1. On the taskbar notification area, right-click the Sophos Protection icon and select Update now.
Wait for the update to be completed.
2. Open Sophos Endpoint Security and Control.
3. On the home page, in the Status panel check that the Last Updated time has changed.
4
Windows Embedded test guide
4 Test threat detection
4.1 Check that detection works
To check that Sophos Endpoint Security and Control can detect threats, perform an EICAR test
as follows.
1. On the test computers, attempt to copy an EICAR standard anti-virus test file onto the computer
(or run EICAR if it is already on the computer).
The test computers should display a virus alert.
2. Check that the test computer's Quarantine manager shows the EICAR file as a detected threat.
4.2 Check alerts
Go to Enterprise Console and:
■
Check in the computer list view that the Status and Error and Alert Details tabs show an alert
and the virus name.
Now you must clear the alerts.
4.3 Clear alerts
1. On the test computers, clear the alert from the Quarantine manager.
2. In Enterprise Console, clear the alert in the Resolve Alerts and Errors dialog.
5 Test application control
5.1 Configure application control
1.
2.
3.
4.
In Enterprise console, open an application control policy.
Configure the policy to block an application such as Windows Live Messenger.
Apply the policy to the test computers.
In Enterprise Console, check that the policy change is being applied, and that the test computers
comply with the policy.
5
Sophos Endpoint Security and Control
5.2 Check that application control works
1. On the test computers, right-click the Sophos Protection icon and select Update now.
2. Attempt to install and open the application (e.g. Windows Liver Messenger).
3. Check that an alert is shown. The application should be shown in the Quarantine manager as
a blocked application.
4. In the Enterprise Console Application Control tab, check the Application control event count.
5.3 Clear alerts and reset policy
1. On the test computer(s), clear the alerts from the Quarantine manager
2. In Enterprise Console, change the application control policy back to its original settings (remove
Windows Live Messenger from the banned application list).
3. In Enterprise Console, check that the endpoint application control policy shows "Same as
policy".
4. On the test computer(s), check that the controlled application can now be installed/run.
6 Test data control
6.1 Configure data control
1.
2.
3.
4.
5.
6.
In Enterprise Console, create a data control policy and open it.
On the Policy Rules tab, click Manage rules.
In the Data Control Rule Management dialog box, click Add Content Rule.
Enter a Rule name. Under Rule Content click the link in "Where the file contains".
In the Content Control List Management dialog box, select a CCL and click OK.
Under Rule Content, click the "Select destination" link and check Removable Storage. Click
OK.
7. On the Data Control Rule Management dialog box, select the rule you created and click OK.
8. Close all dialogs and apply the policy to the test computers.
6.2 Check that data control works
1. On the test computers, open Sophos Endpoint Security and Control.
2. On the home page, in the Status panel, check that data control is shown as enabled.
3. Click the Data control log icon. Check that data control scanning has started.
6
Windows Embedded test guide
7 Test device control
7.1 Configure device control
1. In Enterprise Console, open a device control policy.
2. Configure the policy to block Modems and Wireless.
3. Ensure that the policy is applied to the test endpoint computers.
In the Computer details, the Device Control Policy Compliance column should show "Awaiting
policy transfer" and then "Same as policy".
4. Check that the endpoint is now compliant with the policy.
7.2 Check that device control works
1. On the endpoint computers, connect modem & wireless devices.
A balloon warning should be displayed for each blocked device
2. Open Sophos Endpoint Security and Control. On the home page, click the Device control log
and check that the device is blocked.
3. Check that the Windows Device Manager shows that the device has been disabled.
4. Use the wireless device to attempt to contact a wireless network
Windows should show that the device is blocked and cannot detect networks.
5. Use the Windows Device Manager to test the modem device. Check that the modem cannot
be tested.
7.3 Reset device control policy
1. In Enterprise Console, set the device control policy as follows:
■
■
2.
3.
4.
5.
6.
Modem: Full access.
Wireless: Full access.
Apply the policy to the test computers.
Check that the computers comply with the policy.
On the test computers, click the Device control log icon and check that the device is enabled.
On the endpoint, check that the wireless device can detect wireless networks.
Use the Windows Device Manager to test the modem device. Check that the device self test is
successful.
7
Sophos Endpoint Security and Control
8 Legal notices
Copyright © 2010–2013 Sophos Limited. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the
documentation can be reproduced in accordance with the license terms or you otherwise have
the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
8
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising