- Computers & electronics
- Networking
- Netgear
- STM600 - ProSecure Web And Email Threat Management Appliance
- Reference manual
Viewing and Managing the Quarantine Files. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 60. Advanced Filtering Options Settings (Continued)
Setting
Destination
(continued)
Description
Category From the drop-down list to the right of the Limit to drop-down list, select one of the following options:
• Web Categories. The screen displays a table with all Web categories, each one with an individual Add table button that lets you add the category to the Destination table. You can add multiple categories to the Destination table.
• Applications. The screen displays a table with all applications, each one with an individual Add table button that lets you add the application to the Destination table. You can add multiple applications to the Destination table.
6.
In the Report Templates section of the screen, select the check boxes for the reports that you want to generate. For information, see
.
7.
Depending on the whether you selected to generate or schedule a report, perform one of the following actions:
•
If you selected Generate Report, click Generate in the Generate Report section of the screen. For more information, see
Generating Reports for Downloading
•
If you selected Schedule Report, configure the settings in the Schedule Report section of the screen, and click the Add table button. For more information, see
Scheduling Automatic Generation and Emailing of Reports
Viewing and Managing the Quarantine Files
Depending on the selections that you made on the screens of the Email Security and Web
Security main menus (see
Chapter 4, Content Filtering and Optimizing Scans
intercepts and saves emails that are infected by spam and both emails and files that are infected by malware threats (viruses and spyware) to its quarantine files. You can search these files, view the search results through the Web Management Interface, and then take a variety of actions that are described in
Viewing and Managing the Quarantined Spam Table
Viewing and Managing the Quarantined Infected Files Table
You can also specify how many entries are displayed per page (the default setting is 15 entries).
Note:
For information about how to specify the quarantine settings, see
Managing the Quarantine Settings
208 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
You can query and view the spam quarantine file and the malware quarantine file separately and filter the information based on a number of criteria. You can filter the spam quarantine file using the following criteria:
•
Start date and time
•
End date and time
•
Domain name
•
User name
•
Source IP address
•
Sender email address
•
Recipient email address
•
Subject
•
Size of the email
You can filter the malware quarantine file using the following criteria:
•
Start date and time
•
End date and time
•
Protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP)
•
Domain name
•
User name
•
Malware name
•
Client IP address
•
Recipient email address
•
Recipient email address
•
URL or subject
•
Size of the file
Chapter 6. Monitoring System Access and Performance | 209
ProSecure Web/Email Security Threat Management (STM) Appliance
To query the quarantine files:
1.
Select Monitoring > Quarantine from the menu. The Quarantine screen displays (see the following figure).
2.
Depending on the selection that you make from the Quarantine File Type drop-down list, the screen adjusts to display the settings for the selected type of quarantine file. The following figure displays the spam quarantine file settings as an example.
Figure 116.
3.
Select the check boxes and radio buttons, make your selections from the drop-down lists, and complete the fields as explained in the following table:
Table 61. Quarantine File Settings
Setting
File Type
Description (or Subfield and Description)
Select one of the following file types from the drop-down list:
• Spam. Quarantined spam that was detected through distributed spam analysis.
• Malware. All quarantined spyware and viruses.
View All
Search Criteria
Select one of the following radio buttons:
• View All. Display or download the entire selected quarantine file.
• Search Criteria. Query the selected quarantine file by configuring the search criteria that are available for the selected file.
210 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 61. Quarantine File Settings (Continued)
Setting Description (or Subfield and Description)
Search Criteria
(continued)
Start Date/Time From the drop-down lists, select the year, month, day, hours, and minutes for the start date and time.
End Date/Time From the drop-down lists, select the year, month, day, hours, and minutes for the end date and time.
Protocols Select one or more check boxes to specify the protocols that are queried (malware quarantine file only).
Domain
User
Malware Name
The domain name that is queried.
The user name that is queried.
The name of the spyware or virus that is queried (malware quarantine file only).
Display
Client IP
Source IP
Sender Email
The client IP address that is queried (malware quarantine file only).
The source IP address that is queried (spam quarantine file only).
The email address of the sender that is queried (spam quarantine file only).
Recipient Email The email address of the recipient that is queried.
URL/Subject The URL or subject that is queried (malware quarantine file only).
Subject
Size
The subject that is queried (spam quarantine file only).
The file’s minimum and maximum size (in bytes) that are queried.
The maximum number of entries that are displayed on a page. The default setting is
15 entries.
4.
Click Search. Depending on the selected quarantine file (spam or malware), the Quarantine screen displays the Quarantined Spam table or the Quarantined Infected Files table, which are explained in the following sections.
Chapter 6. Monitoring System Access and Performance | 211
ProSecure Web/Email Security Threat Management (STM) Appliance
Viewing and Managing the Quarantined Spam Table
When you query the spam quarantine file, the Quarantine screen with the Quarantined Spam table displays:
Figure 117.
The Quarantined Spam table shows the following columns:
•
Check box. Lets you select the table entry.
•
Date. The date that the email was received.
•
Protocol. The protocol (SMTP) in which the spam was found.
•
Domain. The domain in which the spam was found.
•
User. The user name that was used to log in to the STM.
•
Client IP. The client IP address from which the spam originated.
•
From. The email address of the sender.
•
To. The email address of the recipient.
•
Subject. The email subject line.
•
Size (Bytes). The size of the email in bytes.
The following figure show the Quarantined Spam table with data. (Normally, this data does not fit on screen, and you need to scroll to see all data.)
Figure 118.
After you have selected one or more table entries, take one of the following actions (or click the Return link to return to the previous screen):
•
Send as Spam. The selected spam email files are tagged as spam for distributed spam
analysis, and are sent to the intended recipients.
•
Send as Ham. The selected spam email files are not tagged as spam for distributed
spam analysis, are removed from quarantine, and are sent to the intended recipients.
212 | Chapter 6. Monitoring System Access and Performance
ProSecure Web/Email Security Threat Management (STM) Appliance
•
Delete. The selected spam email files are removed from quarantine and deleted.
Viewing and Managing the Quarantined Infected Files Table
When you query the malware quarantine file, the Quarantine screen with the Quarantined
Infected Files table displays:
Figure 119.
The Quarantined Infected Files table shows the following columns:
•
Check box. Lets you select the table entry.
•
Date. The date that the file was received.
•
Protocol. The protocol (SMTP, POP3, IMAP, HTTP, FTP, HTTPS) in which the spyware
or virus was found.
•
Domain. The domain name that was used to log in to the STM.
•
User. The user name that was used to log in to the STM.
•
Malware name. The name of the spyware or virus.
•
File name. The name of the file in which the spyware or virus was found.
•
Client IP. The client IP address from which the spyware or virus originated.
•
Server IP. The server IP address from which the spyware or virus originated.
•
From. The email address of the sender.
•
To. The email address of the recipient.
•
URL/Subject. The URL or subject that is associated with the spyware or virus.
•
Size (Bytes). The size of the virus or spyware file in bytes.
The following figure shows the Quarantined Infected Files table with data. (Normally, this data does not fit onscreen, and you need to scroll to see all data.)
Chapter 6. Monitoring System Access and Performance | 213
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 120.
After you have selected one or more table entries, take one of the following actions (or click the Return link to return to the previous screen):
•
Resend to Admin. The selected malware files are removed from quarantine, zipped
together as an email attachment, and then send to the recipient that you have specified on the Email Notification Server screen (see
Configuring the Email Notification Server
•
Delete. The selected malware files are removed from quarantine and deleted.
User-Generated Spam Reports
Users logging in through the User Portal Login screen can select to receive a report with intercepted spam emails that were intended for their email address.
To send a spam report to an email address, a user should do the following:
1.
On the User Portal Login screen (see
on page 156), click the here link in the
Check your quarantined mail here section. The Send Spam Report screen displays.
(The following figure shows the STM300).
Figure 121.
2.
Select the start date and time from the Begin Date/Time drop-down lists.
3.
Specify the recipient’s email address in the Send to field.
214 | Chapter 6. Monitoring System Access and Performance
advertisement
Related manuals
advertisement
Table of contents
- 8 What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
- 9 What Can You Do with an STM?
- 9 Key Features and Capabilities
- 10 Stream Scanning for Content Filtering
- 11 Autosensing Ethernet Connections with Auto Uplink
- 11 Easy Installation and Management
- 12 Maintenance and Support
- 12 STM Model Comparison
- 12 Service Registration Card with License Keys
- 13 Package Contents
- 14 Hardware Features
- 14 Front Panel Ports and LEDs
- 20 Rear Panel Features
- 22 Bottom Panel with Product Label
- 23 Choosing a Location for the STM
- 24 Using the Rack-Mounting Kit
- 25 Choosing a Deployment Scenario
- 25 Gateway Deployment
- 26 Server Group
- 27 Segmented LAN Deployment
- 27 Understanding the Steps for Initial Connection
- 28 Qualified Web Browsers
- 28 Logging In to the STM
- 30 Understanding the Web Management Interface Menu Layout
- 32 Using the Setup Wizard to Perform the Initial Configuration
- 33 Setup Wizard Step 1 of 10: Introduction
- 33 Setup Wizard Step 2 of 11: Networking Settings
- 35 Setup Wizard Step 3 of 11: Time Zone
- 37 Setup Wizard Step 4 of 11: Email Security
- 39 Setup Wizard Step 5 of 11: Web Security
- 42 Setup Wizard Step 6 of 11: Email Notification Server Settings
- 43 Setup Wizard Step 7 of 11: Update Settings
- 45 Setup Wizard Step 8 of 11: HTTP Proxy Settings
- 46 Setup Wizard Step 9 of 11: Web Categories
- 48 Setup Wizard Step 10 of 11: Configuration Summary
- 49 Setup Wizard Step 11 of 11: Restarting the System
- 49 Verifying Correct Installation
- 49 Testing Connectivity
- 49 Testing HTTP Scanning
- 50 Registering the STM with NETGEAR
- 51 What to Do Next
- 52 Configuring Network Settings
- 56 Configuring Session Limits and Timeouts
- 57 Configuring the Network Refresh and Permanent MAC Address Bindings
- 59 Managing Permanent MAC Address Bindings
- 60 Configuring the HTTP Proxy Settings
- 61 About Users with Administrative and Guest Privileges
- 62 Changing Administrative Passwords and Timeouts
- 64 Configuring Remote Management Access
- 65 Using an SNMP Manager
- 67 Supported MIB Browsers
- 67 Managing the Configuration File
- 68 Backing Up Settings
- 69 Restoring Settings
- 70 Reverting to Factory Default Settings
- 71 Updating the Software
- 71 Scheduling Updates
- 73 Performing a Manual Update
- 74 Critical Updates That Require a Restart
- 74 Configuring Date and Time Service
- 76 Managing Digital Certificates
- 78 Managing the Certificate for HTTPS Scans
- 79 Managing Trusted Certificates
- 80 Managing Untrusted Certificates
- 81 Managing the Quarantine Settings
- 82 Managing the STM’s Performance
- 84 About Content Filtering and Scans
- 85 Default Email and Web Scan Settings
- 87 Configuring Email Protection
- 87 Customizing Email Protocol Scan Settings
- 88 Customizing Email Anti-Virus Settings
- 94 Email Content Filtering
- 97 Protecting Against Email Spam
- 105 Configuring Web and Services Protection
- 105 Customizing Web Protocol Scan Settings
- 107 Configuring Web Malware Scans
- 109 Configuring Web Content Filtering
- 116 Configuring Web URL Filtering
- 119 HTTPS Scan Settings
- 124 Specifying Trusted Hosts
- 125 Configuring FTP Scans
- 127 Configuring Application Control
- 130 Setting Scanning Exclusions and Web Access Exceptions
- 130 Setting Scanning Exclusions
- 132 Setting Access Exception Rules for Web Access
- 139 Creating Custom Groups for Web Access Exceptions
- 142 Creating Custom Categories for Web Access Exceptions
- 147 About Users, Groups, and Domains
- 148 Configuring Groups
- 149 Creating and Deleting Groups by Name
- 150 Editing Groups by Name
- 151 Creating and Deleting Groups by IP Address and Subnet
- 152 Configuring User Accounts
- 153 Creating and Deleting User Accounts
- 154 Editing User Accounts
- 154 Configuring Authentication
- 155 Understanding the STM’s Authentication Options
- 157 Understanding Active Directories and LDAP Configurations
- 161 Creating and Deleting LDAP and Active Directory Domains
- 164 Editing LDAP and Active Directory Domains
- 164 Understanding the ProSecure DC Agent
- 165 Requirements for the ProSecure DC Agent Software and DC Agent Server
- 165 Downloading ProSecure DC Agent Software, and Creating and Deleting DC Agents
- 167 Creating and Deleting RADIUS Domains
- 169 Editing RADIUS Domains and Configuring VLANs
- 170 Global User Settings
- 172 Viewing and Logging Out Active Users
- 175 Configuring Logging, Alerts, and Event Notifications
- 176 Configuring the Email Notification Server
- 177 Configuring and Activating System, Email, and Syslog Logs
- 182 Configuring Alerts
- 184 Monitoring Real-Time Traffic, Security, Statistics, and Web Usage
- 184 Understanding the Information on the Dashboard Screen
- 190 Monitoring Web Usage
- 192 Viewing System Status
- 194 Querying Logs
- 199 Example: Using Logs to Identify Infected Clients
- 199 Log Management
- 200 Viewing, Scheduling, and Generating Reports
- 200 Report Templates
- 202 Generating Reports for Downloading
- 203 Scheduling Automatic Generation and Emailing of Reports
- 204 Advanced Report Filtering Options
- 208 Viewing and Managing the Quarantine Files
- 215 Using Diagnostics Utilities
- 216 Using the Network Diagnostic Tools
- 217 Using the Realtime Traffic Diagnostics Tool
- 218 Gathering Important Log Information and Generating a Network Statistics Report
- 219 Restarting and Shutting Down the STM
- 222 Basic Functioning
- 222 Power LED Not On
- 222 Test LED or Status LED Never Turns Off
- 223 LAN or WAN Port LEDs Not On
- 223 Troubleshooting the Web Management Interface
- 224 When You Enter a URL or IP Address a Time-Out Error Occurs
- 224 Troubleshooting a TCP/IP Network Using a Ping Utility
- 225 Testing the LAN Path to Your STM
- 225 Testing the Path from Your PC to a Remote Device
- 226 Restoring the Default Configuration and Password
- 227 Problems with Date and Time
- 227 Using Online Support
- 227 Enabling Remote Troubleshooting
- 228 Installing Hot Fixes
- 229 Sending Suspicious Files to NETGEAR for Analysis
- 230 Accessing the Knowledge Base and Documentation