GFI Web Monitor Manual v2009

GFI WebMonitor 2009 for ISA Server
Manual
By GFI Software Ltd.
http://www.gfi.com E-mail: info@gfi.com
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of GFI SOFTWARE LTD.
GFI WebMonitor 2009 Last updated April 7, 2009.
Contents
Introduction 9
Introduction to GFI WebMonitor..................................................................................... 9 Editions .......................................................................................................................... 9 How does GFI WebMonitor work? ............................................................................... 10 Key features ................................................................................................................. 11 GFI WebMonitor licensing............................................................................................ 12 GFI WebMonitor product evaluation ............................................................................ 12
Installing GFI WebMonitor
13
Introduction .................................................................................................................. 13 System requirements ................................................................................................... 13 Installation .................................................................................................................... 14 Launching GFI WebMonitor ......................................................................................... 16 Downloading anti-virus signatures ............................................................................... 16 Upgrading from a previous version .............................................................................. 17 Uninstalling...................................................................................................................17
Navigating the GFI WebMonitor console
19
Introduction .................................................................................................................. 19 Navigating the GFI WebMonitor user console ............................................................. 19
Getting started: Using the GFI WebMonitor dashboard
21
Introduction .................................................................................................................. 21 The GFI WebMonitor dashboard ................................................................................. 22
Getting started: Monitoring Internet activity
27
Introduction .................................................................................................................. 27 Active Connections ...................................................................................................... 27 Past Connections ......................................................................................................... 28 Bandwidth consumption............................................................................................... 28 Sites History ................................................................................................................. 29 Top Time Consumption................................................................................... 29 Top Hits Count ................................................................................................ 30 Users History................................................................................................................ 31 Top Surfers ..................................................................................................... 31 Top Hits Count ................................................................................................ 32 Top Policy Breakers........................................................................................ 33 Site History Details....................................................................................................... 34 User History Details ..................................................................................................... 35 Activity Log...................................................................................................................36
Configuring allowed and blocked websites
37
Introduction .................................................................................................................. 37 Configuring the Whitelist .............................................................................................. 37 Preconfigured items ........................................................................................ 37 Adding items to the Permanent Whitelist........................................................ 37
GFI WebMonitor 2009
0BIntroduction 5
Delete items from the Permanent Whitelist .................................................... 38 Adding items to the Temporary Whitelist ........................................................ 38 Removing items from the Temporary Whitelist............................................... 40 Configuring the blacklist............................................................................................... 40 Adding items to the Blacklist ........................................................................... 40 Delete items from the Blacklist........................................................................ 41 Using wildcards ............................................................................................................ 41
WebFilter Edition Site rating and content filtering
43
Introduction .................................................................................................................. 43 Configuring Web Filtering policies ............................................................................... 43 Adding a Web Filtering Policy ......................................................................... 43 Editing a Web Filtering Policy ......................................................................... 48 Disabling a Web Filtering Policy ..................................................................... 48 Enabling a Web Filtering Policy ...................................................................... 48 Deleting a Web Filtering Policy ....................................................................... 49 Default web filtering policy .............................................................................. 49 Configuring advanced web filtering policy conditions .................................................. 49 Adding an advanced web filtering policy condition ......................................... 49 Editing an advanced web filtering policy condition ......................................... 50 Removing an advanced web filtering policy condition .................................... 51 WebGrade Database settings...................................................................................... 51 Enabling/disabling online lookups................................................................... 52 Viewing updated online lookups ..................................................................... 52 Enabling/disabling the database ..................................................................... 52 Configure database updates........................................................................... 52 Checking URL categories ............................................................................... 53
WebSecurity Edition File scanning and download control
55
Introduction .................................................................................................................. 55 Download Control policies ........................................................................................... 55 Adding a new Download Control Policy.......................................................... 56 Editing a Download Control Policy.................................................................. 59 Disabling a Download Control Policy.............................................................. 59 Enabling a Download Control Policy............................................................... 59 Delete a Download Control Policy .................................................................. 59 Default Download Control Policy .................................................................... 60 Adding Content-types ..................................................................................... 60 Configuring Instant Messaging (IM) Control Policies................................................... 61 Adding a new IM Control Policy ...................................................................... 61 Editing an IM Control Policy............................................................................ 64 Enabling/Disabling an IM Control Policy......................................................... 64 Deleting an IM Control Policy.......................................................................... 64 Configuring Virus Scanning Policies ............................................................................ 64 Adding a Virus Scanning Policy ...................................................................... 65 Editing a Virus Scanning Policy ...................................................................... 67 Disabling a Virus Scanning Policy .................................................................. 68 Enabling a Virus Scanning Policy ................................................................... 68 Delete a Virus Scanning Policy....................................................................... 68 Default Virus Scanning Policy......................................................................... 69 Scanning Engines ........................................................................................................ 69 Enabling/disabling the scanning engines........................................................ 69 Configure anti-virus updates ........................................................................... 70 Kaspersky Scanning Engine Options ............................................................. 71 Anti-Phishing Engine.................................................................................................... 71 Enabling/disabling the Anti-Phishing Engine .................................................. 72 Configure Anti-Phishing database updates .................................................... 72 Configure phishing notifications ...................................................................... 73
6 0BIntroduction
GFI WebMonitor 2009
Configuring GFI WebMonitor
75
Introduction .................................................................................................................. 75 Administrative Access Control ..................................................................................... 75 Adding users/IPs to the access permissions list............................................. 75 Deleting users/IPs to the access permissions list........................................... 76 Notifications..................................................................................................................76 Configuring email settings............................................................................... 76 Configuring email recipients............................................................................ 76 Deleting recipients: ......................................................................................... 77 General Settings .......................................................................................................... 77
Handling blocked downloads
79
Introduction .................................................................................................................. 79 Approving or Deleting items......................................................................................... 79 Viewing quarantined items.............................................................................. 79 Approving quarantined items .......................................................................... 80 Deleting quarantined items ............................................................................. 81
Reporting Setup
83
Introduction .................................................................................................................. 83 Enabling Reporting....................................................................................................... 83 The update reporting data now button............................................................ 84 Disabling Reporting...................................................................................................... 85
Miscellaneous
87
Introduction .................................................................................................................. 87 Entering your license key after installation .................................................................. 87
Troubleshooting
88
Introduction .................................................................................................................. 88 Knowledge Base .......................................................................................................... 88 Web Forum .................................................................................................................. 88 Request technical support ........................................................................................... 88 Build notifications ......................................................................................................... 89
Index
91
GFI WebMonitor 2009
0BIntroduction 7
Introduction
Introduction to GFI WebMonitor

GFI WebMonitor is a comprehensive monitoring tool that plugs in and compliments the functionality provided by Microsoft ISA Server to enable you to monitor and filter network users web traffic (browsing and file downloads) in real time. It also enables you to block web connections in progress as well as to scan traffic for viruses, trojans, spyware and phishing material. It is the ideal solution to transparently and seamlessly exercise a substantial degree of control over your network users browsing and downloading habits. At the same time it enables you to ensure legal and best practice initiatives without alienating your network users.
Editions
GFI WebMonitor is available in 3 different editions. Each edition caters for systems administrators that have different requirements: WebFilter Edition: Filters web traffic and website use according to its built-in WebGrade database. This is a configurable website categorization database that determines access according to user/group/IP address/time. WebSecurity Edition: Provides a high degree of web security for downloaded web traffic. This is achieved through its built-in download control module and multiple anti-virus engines and anti spyware scanning modules. UnifiedProtection Edition: Provides both WebFilter Edition and WebSecurity Edition functionalities in a single package.
GFI WebMonitor 2009
0BIntroduction 9
How does GFI WebMonitor work?

GFI WebMonitor operations can be divided in 4 logical stages:
Figure 1 - How does GFI WebMonitor work
Stage 1 - Request initiation: At this stage users request a webpage or a download over the Internet. The incoming traffic generated by the users request is received by Microsoft ISA Server which in turn refers to GFI WebMonitor any web traffic (webpage requests, image downloads, file downloads) received. Stage 2 - Blacklist/Whitelist filtering: This stage comprises an internal GFI WebMonitor blacklist/whitelist filtering mechanism that analyzes user IDs, originating IP address and URL requested. Web traffic requested by blacklisted users and IP addresses or from blacklisted URLs, is rejected immediately. Web traffic requested by whitelisted users and IP addresses or from URLs that are whitelisted are automatically granted access and forwarded to the user. Requests that are neither blacklisted nor whitelisted are forwarded to the WebFilter module for processing.
Stage 3 - WebFilter module: The WebFilter module analyzes the uncategorized web traffic received from the blacklist/whitelist filtering mechanism against a comprehensive list of websites categorized in a wide variety of classes. Web traffic is rejected or approved according to policies set up against website categories included within the WebGrade database. WebGrade database synchronizes the updated
10 0BIntroduction
GFI WebMonitor 2009
URLs with the Internet. For more information refer to the section Webgrade database settings. Policies can be set to reject web traffic to a quarantine; where systems administrators can review and approve/deny according to needs and requirements. When the quarantined web traffic is manually approved, the formerly quarantined URL is put in a temporary whitelist so that users can have access to this web resource. NOTE: The WebFilter module is only available in the WebFilter Edition and the UnifiedProtection Edition of GFI WebMonitor. In the case of the WebSecurity Edition, web traffic is directly sent from the whitelist/blacklist filters to the WebSecurity module. Stage 4 - WebSecurity module: The WebSecurity module analyzes web traffic through the download control module and scans the incoming material for viruses, spyware and other malware. Infected material is automatically rejected or quarantined based on the policies set up. Web traffic is also scanned for phishing material through an updatable database of phishing sites. If this data is found to originate from a known phishing element, it is automatically rejected. The approved web material is then sent to the user through ISA Server. NOTE: The WebSecurity module is only available in the WebSecurity edition and UnifiedProtection editions of GFI WebMonitor. In the case of the WebFilter edition, web traffic is relayed to the user without going through the processes included in the WebSecurity module.
Key features
GFI WebMonitor includes the following features: Real time web activity monitoring. Immediate blocking of web access and downloads in progress. Web traffic security through multiple and updatable anti-virus engines and anti-spyware features. Native integration with Microsoft ISA Server as a web filter. No duplication of Microsoft ISA Server functionality. Easy installation with minimal configuration requirements. Real file type signature checking files with renamed extensions are automatically recognized with their real file type. Email notifications of important events. WebGrade Database enabling all website requests to be checked against an extensive and top-notch categorization database. Download control policies. URL, user and IP whitelist and blacklist that override all WebFilter and WebSecurity policies. Bandwidth use reporting per user/website. Quarantine of hazardous files and content. Web-based interface.
GFI WebMonitor 2009
0BIntroduction 11
GFI WebMonitor licensing

For more information on licensing and evaluation refer to the GFI website at: http://www.gfi.com/products/gfi-webmonitor/pricing/licensing
GFI WebMonitor product evaluation

You may download and try out a fully featured version of GFI WebMonitor without an evaluation key for 10 days. However you can apply for a 30-day product evaluation key by filling in the online registration form on the GFI website (available at http://www.gfi.com/downloads/register.aspx?pid=webmon&vid=5&lid= en) when downloading the product. This will also qualify you for free email support. The 30-day evaluation period key will be emailed to you automatically after you download the product. During the evaluation period all the GFI WebMonitor features are available.
12 0BIntroduction
GFI WebMonitor 2009
Installing GFI WebMonitor
Introduction
This chapter provides you with information related to the installation of GFI WebMonitor 2009.
System requirements
Install GFI WebMonitor on computers that meet the following hardware and software system requirements: WebFilter Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 1 GB Hard disk: 2 GB of available disk space. Processor: 1.8 GHz RAM: 1 GB Hard disk: 10 GB of available disk space.
WebSecurity Edition Minimum hardware requirements
GFI WebMonitor UnifiedProtection Edition Minimum hardware requirements Processor: 1.8 GHz RAM: 2 GB Hard disk: 12 GB of available disk space.
NOTE: The hard disk size specifications specified for each edition are those required to install and operate the GFI WebMonitor edition. Allowance has been made for the downloads cache, processing space required for scanning, and history data files. However, this is only indicative; you may need to allocate additional disk space depending on your environment and number of users being monitored. Software requirements all editions Windows 2000 Server (SP4) or Windows 2003 operating system Microsoft ISA Server 2004 (SP3) or later Internet Explorer 6 or later .NET framework 2.0
NOTE 1: GFI WebMonitor can only be installed on the server machine hosting Microsoft ISA Server. NOTE 2: Internet Explorer 6 or later is recommended to be used for administration when using GFI WebMonitor.
GFI WebMonitor 2009
1BInstalling GFI WebMonitor 13
Installation
Ensure that you run the program as a user that has Administrator privileges on the machine on which GFI WebMonitor is installed. 1. Launch the GFI WebMonitor installation setup and wait for the installation to load. 2. Choose whether you want the installation wizard to search for a newer build of GFI WebMonitor on the GFI website and click on the Next button. 3. Read the licensing agreement. To proceed with installation select I accept the terms in the license agreement option and click Next.
Screenshot 1 - Installation Access permissions
4. Specify the user name or the IP address, which can access the GFI WebMonitor Web interface and click Next to continue. NOTE: More than one user or computer can be specified. Entries shall be separated with a semicolon ;
14 1BInstalling GFI WebMonitor
GFI WebMonitor 2009
Screenshot 2 - Installation Customer Information
5. Specify the User Name and Organization respectively. If you have a license key, update the License Key details.
Screenshot 3 - Installation Logon Information
6. Specify the logon credentials of an account with administrative privileges to run the GFI WebMonitor service. Click Next to continue.
GFI WebMonitor 2009
Screenshot 4 - Installation email settings
7. Specify the SMTP mail server details and email address where administrator notifications will be sent. Optionally, click Verify Mail Settings to send a test email. Click Next to continue. 8. Click Next to install in default location or click Browse to change path. 9. Click Install to start the installation, and wait for the installation to complete. 10. Click Finish. NOTE 1: For more information on how to configure ISA Server authentication, refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002526. NOTE 2: The username and password provided must have Logon as Service rights; otherwise, it will be switched on automatically for the specified account. The username and password provided will be used to create and run a new service.
Launching GFI WebMonitor

Following the installation, launch GFI WebMonitor from Start Programs GFI WebMonitor GFI WebMonitor. Alternatively, GFI WebMonitors web console can also be launched through a web browser via the URL or IP address that points to the GFI WebMonitor installation on the ISA Server. Example: http://monitor.isa
Downloading anti-virus signatures

By default, anti-virus signatures are not included with the GFI WebMonitor installation. Upon installing GFI WebMonitor, the latest
16 1BInstalling GFI WebMonitor
GFI WebMonitor 2009
signatures for the supported scanning engines are automatically downloaded and installed.
Upgrading from a previous version

You can upgrade GFI WebMonitor if you have GFI WebMonitor 4 installed, by running WebMonitor2009.exe. In order to upgrade to the latest version run WebMonitor2009.exe, and, follow the instructions displayed on screen. NOTE: The upgrade process is similar to the installation instructions. For more information refer to the section named Installation.
Uninstalling
For more information on uninstalling GFI WebMonitor refer to http://kbase.gfi.com/showarticle.asp?id=KBID003241.
GFI WebMonitor 2009
Navigating the GFI WebMonitor console
Introduction
GFI WebMonitors console is a web-based interface through which you can control every aspect of its functionality. Through it you can monitor, block and grant access to all network traffic on your network.
Navigating the GFI WebMonitor user console
Screenshot 5 - Navigating the GFI WebMonitor console
Viewing Pane The viewing pane located on the right hand side of the screen allows the GFI WebMonitor user to view and configure settings according to the node selected in the Navigation Bar.
GFI WebMonitor 2009
2BNavigating the GFI WebMonitor console 19
Navigation Bar This consists of all the sections and features configurable by GFI WebMonitor. Located on the left-hand side of the screen, the available nodes are: Dashboard provides a graphical overview of statistical information. Monitoring web traffic monitoring functions. Whitelist/Blacklist permanent and/or temporary whitelist and blacklist functions. WebFilter Edition manage and control access to different websites categories for users, groups and IPs. WebSecurity manage and control restrictions to web applications for network users, IPs or groups. Configuration Configure settings and administrative features for GFI WebMonitor. Licensing Provides access to the licensing setup and version information. Quarantine Configure and manage quarantined items that were blocked by GFI WebMonitor. Help Provides help on all aspects of GFI WebMonitors functionality.
20 2BNavigating the GFI WebMonitor console
GFI WebMonitor 2009
Getting started: Using the GFI WebMonitor dashboard
Introduction
The Dashboard node enables you to obtain graphical and statistical information related to GFI WebMonitors operation. This includes: Usage and operations statistics Hits over time and bandwidth usage trend charts WebFilter statistics Last blocked requests and security threats.
GFI WebMonitor 2009
3BGetting started: Using the GFI WebMonitor dashboard 21
The GFI WebMonitor dashboard
Screenshot 6 - GFI WebMonitor Dashboard
Access the GFI WebMonitor Dashboard by clicking the Dashboard node in the navigation bar. The dashboard shows the information described in the sections below. NOTE: The GFI WebMonitor Dashboard can be refreshed by clicking on the icon in the top right hand corner.
22 3BGetting started: Using the GFI WebMonitor dashboard
GFI WebMonitor 2009
Dashboard: Statistics
Screenshot 7 Dashboard: Operation Statistics
The information provided by this table enables you to readily obtain information on a number of important operational elements of GFI WebMonitor. Select the hyperlinks next to Current Active Connections to view the Active Connections, which is also accessible from the Monitoring Node. For more information refer to the Active Connections section in this manual. Selecting the hyperlink next to Current items in Quarantine allows viewing a summary of the quarantine folder. For more information refer to the section named Viewing Quarantine Items. AV Scanned Downloads represents the total downloads scanned by the anti-virus engines. For more information refer to the section Scanning Engines in this manual. Select the other hyperlinks within Todays statistics to view further detail on the statistics as summarized below. Feature
AV & Anti-Phishing
Quarantined
Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.
Blocked
Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers. Selecting the hyperlink under Blocked, allows you to review the Top Policy Breakers Report. For further information refer to the section named Top Policy Breakers.
Download control
Selecting the hyperlink under Quarantined allows you to manage Downloads, For further information refer to the section named Configuring Download Control policies.
Web Filtering
Selecting the hyperlink under Quarantined to the screen allows you to configure quarantined items. For further information refer to the section named Viewing Quarantined Items.
GFI WebMonitor 2009
Dashboard: WebSecurity/WebFilter Status and usage chart
Screenshot 8 Dashboard: WebSecurity and WebFilter status and usage graph
The WebSecurity/WebFilter status and usage chart enables you to: 1. Know whether the WebSecurity and WebFilter components are active or not. 2. View a graphical representation of the correlation between the number of hits and bandwidth use.
Dashboard: Hits over time chart
Screenshot 9: Dashboard: Hits over time graph
The hits over time chart is a graphical representation of the number of hits on a day-by-day basis for the current month. This enables you to identify a pattern of how website hits fluctuate on a day-by-day basis and to identify anomalies.
Dashboard: Bandwidth usage trends chart
Screenshot 10 - Dashboard: Bandwidth Usage Trends graph
The bandwidth usage trends chart is a graphical representation of bandwidth use on a day-by-day basis for the current month. This
24 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
enables you to identify patterns and trends of how bandwidth is utilized on a day-by-day basis and enables you to identify spikes and anomalies.
Dashboard: Top Categories (Sites) chart
Screenshot 11 - Dashboard: Top Categories (Hits) Chart
The top categories (sites) chart is a graphical representation of the top hits (HTTP requests) split by categories. This enables you to gain knowledge on which categories of sites are being visited by web users.
Dashboard: Top Categories (Bandwidth) chart
Screenshot 12 - Dashboard: Top Categories (Bandwidth) Chart
The top categories (bandwidth) chart is a graphical representation of bandwidth use split by categories. This enables you to identify how your bandwidth is being utilized vis--vis the website categories browsed by users.
GFI WebMonitor 2009
Dashboard: Top blocked categories (Hits) chart
Screenshot 13 - Dashboard: Top Blocked Categories chart
This chart is a graphical representation of the blocked HTTP requests according to the reason why these were blocked. It effectively enables you to identify the main reasons of why requests were blocked.
Dashboard: Last blocked requests list
Screenshot 14 - Dashboard: Last Blocked Requests list
The last blocked request list displays the latest list of users/IPs who have had blocked requests. This enables you to identify problems with blocked requests regardless of whether these blocked requests are reported to you or not.
Dashboard: Last blocked security threats list
Screenshot 15 - Dashboard: Last Blocked Security Threats list
The last blocked Security Threats list displays a list of threats/viruses detected by GFI WebMonitor and the users/IPs where these occurred. This enables you to identify security issues as early as possible enabling you to take preventive measures before your network security is breached.
26 3BGetting started: Using the GFI WebMonitor dashboard GFI WebMonitor 2009
Getting started: Monitoring Internet activity
Introduction
Use the Monitoring node and its sub-nodes to examine current and historical web request data collected and processed by Microsoft ISA server. Through these nodes you can view data related to: Active connections Past connections Bandwidth consumption Sites history Users history Activity log
Active Connections
Active connections provide information related to active connections which are processed through Microsoft ISA servers Web Filters.
Screenshot 16 Active connections
Access the Active connections view by clicking on Monitoring Active Connections in the navigation bar. Through this view you can terminate active Internet connections. (e.g., interrupt file downloads that are taking up too much bandwidth). To button in the Status column of interrupt connections, click on the the connection and the download will be terminated. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed within the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not refreshed automatically. on the upper right corner of the view to Click on the refresh button update the information being shown.
GFI WebMonitor 2009
4BGetting started: Monitoring Internet activity 27
Past Connections
The Past connections view shows the last 2000 complete connections processed through Microsoft ISA Server
Screenshot 17 Past connections
Access the Past connections view by clicking on Monitoring Connections in the navigation bar.
Past
The information is sorted by time, with the latest URL accessed listed on top. NOTE 1: When ISA Server authentication is used, the Windows account user name is displayed in the User column. Otherwise the user name is displayed as unauthenticated. NOTE 2: The information displayed is not automatically refreshed. Click on the refresh button on the upper right of the view to update the information being shown.
Bandwidth consumption
The Bandwidth Consumption node allows you to monitor bandwidth usage through the following reports:

Top Sites - Displays web sites browsed, sorted by bandwidth with the site having the highest bandwidth at the top. Top Users - Displays websites by windows user or IP address. This report is sorted with the user who consumes the most bandwidth at the top. For unauthenticated users the IP address is displayed. Top Categories - Report displays the top categories browsed with the categories carrying the highest bandwidth on top.
NOTE: Within the Top Sites and Top Users reports, you can select the Show Hits Over Time Charts to view a graph that reports the number of hits by time of day. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button . .
28 4BGetting started: Monitoring Internet activity
GFI WebMonitor 2009
Specific date click on the calendar button , select the required date and click Go to retrieve data for that date.
NOTE 1: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. NOTE 2: The information displayed is not automatically refreshed. Click refresh button information selected. on the upper right of the view to update the
Sites History
The Sites History node enables you to identify: The sites which are most frequently visited by your network users The total browsing time per site.
Top Time Consumption

The Top Time Consumption view lists the sites on which network users spent most time browsing for a specific date. The information displayed includes: Site. The sites which were accessed Surf time. The time spent browsing each site File types. The file types accessed from each site Accessed by User / IP. The users/IPs that accessed the site.
The list can be sorted either alphabetically by site in ascending order, or by surf time in descending order (the site on which most time was spent is listed on top), by selecting the appropriate header.
Screenshot 18 Sites History: Top Time Consumption
Access the Top Time Consumption view by clicking on Sites History Top Time Consumption in the navigation bar. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button
GFI WebMonitor 2009
Next day click on the forward button Specific date click the calendar , select the required date, and, click Go to retrieve information for that date.
NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed. You can also click on any of the sites listed to bring up the Site History Details view. For more information refer to the Site History Details section in this chapter.
Top Hits Count

The Top Hits Count view lists the sites that were most frequently accessed by network users on a specific date. The information displayed includes: Sites - The sites that were accessed Hits - The number of times that each site was accessed (i.e., the number of hits) The file types accessed from each site Accessed by User / IP - The users/IPs that accessed the site Graphical representations of site hits over time.
The list can be sorted either alphabetically in ascending order by site, or in descending order of popularity (the site with most hits is listed on top).
Screenshot 19 Sites History: Top Hits Count
Access the Top Hits Count view by clicking on Sites History Hits Count in the navigation bar.
Top
To access graphs showing hits over time per site, select the Show Hits Over Time Charts option. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.
GFI WebMonitor 2009
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. To view further details on the sites visited by users, click on the users listed on User/IP heading. For more information refer to the Site History Details section in this chapter.
Users History
The Users History provides details of which users who spent most time browsing sites and details of sites that were most frequently accessed. Three types of reports are available: Top Surfers Top Hits Count Top Policy Breakers
Top Surfers
Screenshot 20 Users History: Top Surfers
Access the Top Surfers view by clicking on Users History Surfers in the navigation bar.
Top
The Top Surfers view lists the time spent by network users browsing sites on a specific date. The information displayed includes: User / IP. The users/IPs that browsed sites Surf Time. The time spent browsing sites Sites Accessed. The sites which were accessed by each user.
The list can be sorted either by user/IP in ascending order, or by time spent browsing in descending order (the site on which most time was spent is listed on top). To sort by user/IP, click on the User/IP column heading. To sort by time spent on the site, click on the Surf Time column heading.
By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view:
GFI WebMonitor 2009
Previous day click on the back button Next day click on the forward button
Specific date click the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed. You can also click on any of the users/IPs listed to review User History Details.
Top Hits Count
Screenshot 21 Users History: Top Hits Count
Access the Top Hits Count view by clicking on Users History Hits Count in the navigation bar.
Top
The Top Hits Count view lists the users with the highest number of site accesses on a specific date. The information displayed includes: User/IP - The users/IPs that browsed sites. Hits - The number of site accesses made by each user. Sites accessed - The sites which were accessed by each user. Graphical representations of site hits over time.
The list can be sorted either by User/IP in ascending order, or by hits in ascending or descending order. By default, the user with the most site accesses is listed on top. To sort by user/IP, click on the User/IP column heading. To sort by site accesses, click on the Hits column heading.
To display graphs showing hits over time for each of the sites listed, select the Show Hits Over Time Charts checkbox. Charts displayed indicate the number of hits by time of day for the specified date by user/IP. By default, this view lists todays default date. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click on the calendar button , select the required date and click on Go to retrieve data for that date.
NOTE: If no data for a specific date is available, an error message stating that data was unable to be retrieved will be displayed.
32 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
You can also click on any of the users/IPs listed to review User History Details. For more information refer to the User History Details section in this chapter.
Top Policy Breakers
Screenshot 22 Users History: Top Policy Breakers
To view the users which breached most policies, navigate to GFI WebMonitor Monitoring Users History Top Policy Breakers. When clicking on one of the users/IPs, an activity log showing the Time, Category, URL, and, IP address is displayed. By default, this view lists the data of the day. To view data for other days, use the controls on the upper right of the view: Previous day click on the back button Next day click on the forward button Specific date click the calendar button , select the required date, and, click Go to retrieve data for that date.
NOTE: If no data for a specific date is available (e.g. a future date is selected), an error message stating that data was unable to be retrieved is displayed.
GFI WebMonitor 2009
Site History Details
Screenshot 23 Site History Details
Access Site History Details view by clicking on Sites History Top Time Consumption or Top Hits Count) from the navigation bar. From the view pane select one of the listed sites in the Site column. This view shows the following information: User / IP - All users/IPs who have accessed that site on the specified date. Hits -The number of times the site was accessed by each user. The file types accessed from the site by each user. A graphical representation of total site hits over time, for all users. A graphical representation of user site hits over time, for each user listed. A graphical representation of traffic over time for each of the file types shown, for each user.
To display the graph showing total site hits over time for all users, select the Show Hits Over Time Chart checkbox. This graph assists you in identifying the time period(s) for the specified dates during which the site was most frequently accessed by users. To display the graph showing total site hits over time for a specific user, hover with the mouse pointer over the number of hits for any one of the users/IPs listed. A chart pops up showing the access pattern and frequency of the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific user, hover with the mouse pointer over one of the file types shown for any one of the users/IPs listed. You can also click on any one of the users/IPs listed review User History Details view. For more information refer to the User History Details section in this chapter.
34 4BGetting started: Monitoring Internet activity GFI WebMonitor 2009
User History Details
Screenshot 24 User History Details
Access User History Details view by clicking on Users History (Top Surfers or Top Hits Count) from the navigation bar. From the view pane select one of the listed users/IPs in the User/IP column. The User History Details view shows the following for a specific user: Site indicates shows the sites accessed on the specified date. Hits indicates the number of times the site was accessed. The file types accessed from the site. A graphical representation of total site hits over time. A graphical representation of specific site hits over time. A graphical representation of traffic over time for each of the file types shown, for a specific site.
To display the graph showing total site hits over time, select the Show Hits Over Time Chart option. This chart helps you to identify the time period(s) for the specified date during which the user accessed the listed sites. To display the graph showing specific site hits over time for the user, hover with the mouse pointer over the number of hits for any one of the sites listed under heading File types. A chart pops up showing the
GFI WebMonitor 2009
specified site access pattern and frequency by the user during the day. To display the graph showing download/upload traffic over time for a specific file type, for a specific site, hover with the mouse pointer over one of the file types shown for any one of the sites listed. You can also click on any of the sites listed to review Site History Details. For more information refer to the Site History Details section in this chapter.
Activity Log
Screenshot 25 GFI WebMonitor Activity Log
Access the Activity Log view by clicking on the Activity Log node from the navigation bar. The Activity Log view shows all GFI WebMonitor activity related to: Items which have been blocked or quarantined Processes which have failed. The Activity Log view shows the following: The User/IP who carried out the activity Date and time when the activity took place Description of the activity which took place and the reason why items which have been blocked or quarantined URL accessed. on the upper right of the view to update Click on the refresh button the information being shown.
GFI WebMonitor 2009
Configuring allowed and blocked websites
Introduction
Whitelists and blacklists are content scanning policies that override all policy settings set up in WebFilter and WebSecurity Editions. The Whitelist is a list of sites, users and IPs approved by the administrator to be excluded from all policies configured in GFI WebMonitor. Besides the Permanent Whitelist, there is also a Temporary Whitelist, used to temporarily approve access to a site for a user or IP. Since all WebFilter and WebSecurity policies are overridden, the Whitelist feature should be used with extreme caution. The Blacklist is a list of sites, users and IPs which should always be blocked irrespective of the policies are overridden, the Whitelist feature policies configured in GFI WebMonitor. The Blacklist takes priority over the Whitelist in GFI WebMonitor. If a site is therefore listed in the Blacklist and that same site is also listed in the Whitelist, the site will be blocked.
Configuring the Whitelist

To access the Whitelist click on the Whitelist node in the navigation bar.
Preconfigured items
By default GFI WebMonitor includes a number of preconfigured sites in the Permanent Whitelist. These include GFI websites to allow automatic updates to GFI WebMonitor and Microsoft websites to allow automatic updates to Windows. Removing any of these sites may preclude important updates from being automatically effected.
Adding items to the Permanent Whitelist

To add an item to the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab.
GFI WebMonitor 2009
5BConfiguring allowed and blocked websites 37
Screenshot 26 GFI WebMonitor Whitelist
2. From the drop-down lists, select whether a User, IP or Site will be added to the whitelist and provide the user(s), group(s) and/or IP(s) for whom the new whitelist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the whitelist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete items from the Permanent Whitelist

To remove an item from the Permanent Whitelist: 1. Click on the Whitelist node and select the Permanent Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.
Adding items to the Temporary Whitelist

To add an item to the Temporary Whitelist:
38 5BConfiguring allowed and blocked websites GFI WebMonitor 2009
Screenshot 27 Temporary Whitelist
1. Click on the Whitelist node and select the Temporary Whitelist tab.
Screenshot 28 Temporary Whitelist: Granting temporary access
2. Click on Add and select whether temporary access will be granted to a user or IP. Provide the details of the User or IP to be granted temporary access as well as the URL and the number of hours. NOTE 1: When granting temporary access to a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2:When adding a site to the Whitelist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup.
GFI WebMonitor 2009
NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. NOTE 4: The number of hours during which the user or IP has access to a site are applicable from the moment Save Settings is clicked. NOTE 5: Time remaining before access is revoked can be viewed in the For (hours) column in the Temporary Whitelist view.
Removing items from the Temporary Whitelist

1. Click on the Whitelist node and select the Temporary Whitelist tab. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting whitelist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose whitelist settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configuring the blacklist

Adding items to the Blacklist
To add an item to the Blacklist: 1. Select Blacklist node from navigation bar.
Screenshot 29 GFI WebMonitor Blacklist
2. From the drop-down lists, select whether a User, IP or Site will be added to the blacklist and provide the user(s), group(s) and/or IP(s) for whom the new blacklist item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the blacklist, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name.
40 5BConfiguring allowed and blocked websites
GFI WebMonitor 2009
NOTE 2: When adding a site to the blacklist, you can use wildcards. For more information refer to the Using wildcards section in this chapter. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 3: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete items from the Blacklist

To delete an item from the Blacklist: 1. Select Blacklist node from navigation bar. 2. Click on the delete icon next to the item you want to delete. 3. Complete deleting blacklist items by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Using wildcards
When adding a site to the whitelist or blacklist, you can use wildcards as shown in the examples below: Example
*.com *.website.com
Description
Allow/block all .com top-level domains Allow/block all sub domains of the website.com domain
GFI WebMonitor 2009
WebFilter Edition Site rating and content filtering
Introduction
GFI WebMonitor uses WebFilter and the WebGrade database to manage Internet access of users, groups or IPs based on site categories. The category of a particular site is determined through the WebGrade Database; if a site is listed in the database, GFI WebMonitor then uses the configured web filtering policies to determine what action to take. This may be one of the following actions: Allow access to site Block access to site and quarantine the related file URL Block access to site and delete related URLs.
Policies can be customized to apply during specific time periods; for example a policy can enable users to access news and entertainment related sites during lunch breaks but not during working hours. Pre-defined site categories include pornography, adult themes, games, violence and others. The database is updated on a regular basis and updates are automatically downloaded to GFI WebMonitor.
Configuring Web Filtering policies

Adding a Web Filtering Policy
To add a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. 2. Select Add Policy. Web Filtering Policies from the
GFI WebMonitor 2009
6BWebFilter Edition Site rating and content filtering 43
Screenshot 30 Adding a Web Filtering policy: general settings
3. Click on the General tab. 4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively. 5. In the Policy Schedule area specify the time period(s) during which the new policy will be enforced.
44 6BWebFilter Edition Site rating and content filtering
GFI WebMonitor 2009
Screenshot 31 Adding a Web Filtering policy: web filtering categories
6. Select the Web Filtering tab. Define the categories applicable to the new policy and the actions to take: Allow categories: Select categories from the Blocked Categories list and click Allow>. Block categories: Select categories from the Allowed Categories list and click <Block. Quarantine access: Select categories Categories list and click <Quarantine. from the Allowed
NOTE: You can also configure advanced category conditions by selecting the Show Advanced Options. For more information refer to the Configuring advanced web filtering policies conditions section.
GFI WebMonitor 2009
Screenshot 32 Adding a Web Filtering policy: web filtering exceptions
7. Select the Exceptions tab and in the Excluded Sites and Included Sites fields specify any URLs which are: Excluded (i.e. allowed) from the policy. This enables users to access sites overriding any policy setup. Included (i.e. blocked) in the new policy. The URLs specified in the included sites will be blocked regardless of the scope of the new policy.
NOTE: The Exceptions tab is similar to a whitelist/blacklist feature that overrides any rules within the policy.
GFI WebMonitor 2009
Screenshot 33 Adding a Web Filtering policy: who it applies to
8. Click on the Applies To tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.
Screenshot 34 Adding a Web Filtering policy: Notifications
9. Click on the Notifications tab and select Notify the following administrators when the site category infringes this policy
GFI WebMonitor 2009
checkbox if required. Complete setup by updating administrators notification email address and notification e-mail text. If required, check Notify the user accessing the site if the site category infringes this policy, and provide the body text for the notification email in the Send the following notification to the administrators text box. 10. If you require the user to be notified when the policy you are creating is triggered, select Notify the user accessing the site if the site category infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 11. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose policy settings as soon as you leave the view to move to another section in GFI WebMonitor. The newly created policy will now be listed in the main Web Filtering Policies view.
Editing a Web Filtering Policy

To edit a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. 2. Click on the edit icon Web Filtering Policies from the
next to the policy you want to edit.
3. Refer to Adding a Web Filtering Policy section in this chapter, for a description of the fields which can be edited. 4. Click on Save Settings to finalize editing a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Disabling a Web Filtering Policy

To disable a Web Filtering Policy: 1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the
2. Uncheck the box from the Enabled column for the policy you want to disable and click on Save Settings to finalize disabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling a Web Filtering Policy

1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the
2. Check the box from the Enabled column for the policy you want to enable and click on Save Settings finalize enabling a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
48 6BWebFilter Edition Site rating and content filtering GFI WebMonitor 2009
Deleting a Web Filtering Policy

1. Click on WebFilter Edition navigation bar. Web Filtering Policies from the
2. Click on the delete icon for the policy you want to delete and click on Save Settings finalize deleting a policy. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Default web filtering policy

GFI WebMonitor - WebFilter Edition ships with a default web filtering policy which applies to all users. The policy name is listed as Default Web Filtering Policy. This policy can be edited but it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Web Filtering Policy section in this chapter for information related to editing web filtering policies. NOTE 1: All user-created web filtering policies take precedence over the default web filtering policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.
Configuring advanced web filtering policy conditions

Advanced web filtering policy conditions give you greater flexibility in defining which sites should be allowed or blocked. These advanced policy conditions take precedence over categories you may have already specified in the Allowed Categories and Blocked Categories list boxes.
Adding an advanced web filtering policy condition

To create an advanced web filtering policy condition:
GFI WebMonitor 2009
Screenshot 35 Web filtering policy
1. From the Web Filtering tab click on Show Advanced Options. 2. Click on Add Condition to view the Edit Properties dialog where you will create the advanced condition. 3. Specify a combination of categories which will enable you to allow, block or quarantine sites. For example, to block sites which fall under the categories Adult and pornography AND IM Client: a. Select Adult and pornography from Available Categories list box and click on Use Category b. Select IM Client from Available Categories list box and click on Use Category c. Select Block and Delete from the Perform this action: drop down list and click OK to apply the condition. 4. Click on Save Settings to finalize settings. NOTE 1: With this advanced policy, sites are not blocked if a site is listed under individual categories. In the example above, a site is NOT blocked if it only falls under the Adult themes category. Likewise, the site is NOT blocked if it only falls only under the Sexuality category. NOTE 2: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Editing an advanced web filtering policy condition

To edit an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the advanced policy to edit to display the Edit Properties dialog where you can edit the advanced condition. 3. Click OK to apply the changes you made.
50 6BWebFilter Edition Site rating and content filtering GFI WebMonitor 2009
NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Removing an advanced web filtering policy condition

To delete an advanced web filtering policy condition: 1. From the Web Filtering tab click on Show Advanced Options. 2. Click on the delete icon delete. next to the advanced policy you want to
NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
WebGrade Database settings
Screenshot 36 WebGrade Database settings
Through the WebGrade Database settings view you can: Enable/disable online lookups Enable/disable the database View the database status, version and license details Configure database updates Check the presence or validity of any URL with the active local WebGrade database and send feedback.
1. Access the WebGrade Database settings view by clicking on WebFilter Edition Web Filtering Policies WebGrade Database from the navigation bar. 2. Check/uncheck Manage WebGrade Local Database updates automatically and update the time within the hours field.
GFI WebMonitor 2009
3. If required check Send an email notification to the administrator on successfully updating the WebGrade Database 4. Complete setup by clicking on Save Settings. NOTE: Not clicking on Save Settings will lose all changed policy settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling/disabling online lookups

1. Click on WebFilter Edition Database. Web Filtering Policies WebGrade
2. Check and uncheck the Enable online lookup for URLs not resolved by local database enables or disables this feature. NOTE: This option is enabled by default when the user updates the installation.
Viewing updated online lookups

Online lookup enables GFI WebMonitor to synchronize with a global internet database server for reviewed URLs. To review changes after these have been updated: 1. Click on WebFilter Edition. 2. Select Add Policy from the view pane. The Web Filtering Policy is displayed within the view pane. Categories are updated under the Blocked Categories and Allowed Categories headings.
Enabling/disabling the database

To enable or disable the database: 1. Click on WebFilter Edition Database Web Filtering Policies WebGrade
2. Check/uncheck the checkbox in the Enabled column enables or disables the WebGrade Database. NOTE: When the WebGrade database is disabled, the Web Filtering policies cannot access the site categories.
Configure database updates

Through the checkboxes within the WebGrade Database Updates area in the WebGrade Database settings view you can: Configure whether the WebGrade Database should be updated automatically or manually Configure the frequency with which available updates should be installed Configure if an email notification should be sent upon successful updating of the WebGrade Database Manually update the WebGrade Database by clicking Update Now.
GFI WebMonitor 2009
Checking URL categories

The Check URL category tool enables you to key in a URL and check for its category within your active local WebGrade database. If the category is not found or if the category listed in the local WebGrade database does not match with the websites category, you can report it for update. To check a URL category: 1. Key in a URL in the check URL field 2. Click Check URL category. The category in the active local WebGrade database is displayed beneath the URL field. To report a missing or incorrect category, update the URL, click on Submit Feedback, and fill out the form displayed in your browser, and, click Submit.
GFI WebMonitor 2009
WebSecurity Edition File scanning and download control
Introduction
GFI WebMonitors WebSecurity features scan and usage control restrictions for various applications to users, IPs or groups on your network. The control policies are: Download Control Policies Software download controls IM Control Policies Control use and access of MSN / Windows Live Messenger Virus Scanning Policies configure which downloaded files should be scanned for viruses and spyware. Anti-Phishing Engine Configure protection to network users from phishing sites.
Download Control policies

GFI WebMonitor identifies the real file type of the file being downloaded and then applies Download Control Policies to determine what action to take. This may be one of the following actions: Allow the file to be downloaded Block the file from being downloaded and quarantine the file URL Block the file from being downloaded and delete all related URLs
For allowed downloads, GFI WebMonitor then applies the configured Virus Scanning Policies and determines its virus scanning options.
Screenshot 37 - Download Control Policies
GFI WebMonitor 2009
7BWebSecurity Edition File scanning and download control 55
Adding a new Download Control Policy

To add a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on Add Policy. 3. In the General tab provide a new policy name and description in the Policy Name field and the Policy Description text box respectively. Download Control Policies from
Screenshot 38 - Add new download control policy: Download control tab
4. Click on the Download Control tab to configure the actions to be taken on the various file types.
Screenshot 39 - Add new download control policy: Add new content type 56 7BWebSecurity Edition File scanning and download control GFI WebMonitor 2009
5. To add a new file type select Add Content-Type button and enter the new Content-Type and a Description. Click Add.
Screenshot 40 - Add new download control policy: Change Action dialog
6. Click on any file type from the list to display the Change Action dialog and configure the actions to be taken for that file type. From the Perform this action: drop down list select the applicable action to be taken. The available options are: Allow Block and Quarantine Block and Delete
Click OK to apply the action.
Screenshot 41 - Download control policies: Applies to tab
GFI WebMonitor 2009
7. From the Applies To tab, specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. NOTE 2: When adding a user or a group, ISA Server authentication is used to validate the user or group name.
Screenshot 42 Download control policies: Notification tab
8. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Enter the administrators email address and notification email text, by updating the text for the notification email in the Send the following notification to the administrators text box. 9. If you require the users to be notified when the policy you are creating is breached, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be validated. 10. Complete the new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings will lose all settings.
58 7BWebSecurity Edition File scanning and download control
GFI WebMonitor 2009
The policy created will be listed in the main Download Control Policies view.
Editing a Download Control Policy

To edit a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on the edit icon Download Control Policies from
next to the policy you want to edit.
3. Refer to Adding a Download Control Policy section in this chapter for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Disabling a Download Control Policy

To disable a download control policy: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from
2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling a Download Control Policy

To enable a previously disabled download control policy: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from
2. Check the checkbox in the Enabled column for the policy you want to disable. 3. Complete enabling a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete a Download Control Policy

To delete a download control policy: 1. Click on WebSecurity Edition the navigation bar. 2. Click on the delete icon Download Control Policies from
next to the policy you want to delete.
3. Complete deleting a download policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor 2009
Default Download Control Policy

GFI WebMonitor - WebSecurity Edition ships with a default download control policy which is configured to apply to all users. The policy name is listed as Default Download Control Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Download Control Policy section in this chapter for information related to editing download control policies. NOTE 1: All user-created download control policies takes precedence over the default download control policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.
Adding Content-types
GFI WebMonitor - WebSecurity Edition includes a large number of common file types. To add a file type which is not in the predefined list: 1. Click on WebSecurity Edition the navigation bar. Download Control Policies from
2. Click on Add Policy, select Download Control tab and click on Add Content-type.
Screenshot 43 - Add new content type
3. Key in the content-type in the Content-Type field in the format type/subtype and click on Add. 4. Complete keying in anew contact type by clicking on Save Settings NOTE 1: Files for user added content-types are not real file type checked as is the case with preconfigured file types. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor 2009
Configuring Instant Messaging (IM) Control Policies

GFI WebMonitor enables administrators to control the use of MSN Messenger and Windows Live Messenger. These controls can be configured from WebSecurtiy Edition IM Control Policy node. The Default IM Control Policy is the control applicable to all users, however specific controls to particular users, groups or IPs can be configured as described below.
Adding a new IM Control Policy

To add a new IM control policy: 1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click Add Policy and select the General tab.
Screenshot 44 - Add new IM Policy assign a name and description
3. Key in the new policy name in the Policy Name field and optionally enter a brief description in the Policy Description text box.
Screenshot 45 - Add new IM Policy Set IM Controls
GFI WebMonitor 2009
4. From the IM Control tab, choose to block or allow instant messaging communications: Block all MSN / Windows Live Messenger communications all communications via MSN or Windows Live Messenger is blocked. Allow MSN / Windows Live Messenger communications the use of MSN or Windows Live Messenger is allowed.
Screenshot 46 - Add new IM Policy - Applies To tab
5. From the Applies To tab key in user(s), group(s), and/or IP(s) for whom the new policy applies and click Add. Repeat for all the user(s), group(s), and/or IP(s) required. NOTE: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user names and groups.
GFI WebMonitor 2009
Screenshot 47 - Add new IM Policy Notifications tab
6. From the Notifications tab, select Notify the following administrators when this IM Policy is breached to send an email notification to the configured email address(es) when a user tries to access blocked IM policies. 7. Add the administrator(s) email address(es) to be notified in the Email Address box. 8. In the Send the following notification to the administrators text box, edit the email message text which will be sent in the email notification 9. Select Notify the user breaching this IM policy checkbox to send an email notification to the user who breaches the IM policy. Edit the email message text in the Send the following notification to the user performing the download. NOTE: Notification is sent only if user is validated through ISA Server authentication. 10. Complete the new IM policy setup by clicking Save Settings. NOTE: Failing to click on Save Settings will lose all settings The new policy will be listed in the main IM Control Policies view.
GFI WebMonitor 2009
Editing an IM Control Policy

1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the edit icon next to the policy you want to edit. 3. Navigate in the control policy tabs and edit settings accordingly. 4. Click Save Settings when finished. NOTE: If the settings are not saved, all configurations are lost when navigating to other sections.
Enabling/Disabling an IM Control Policy

1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. In the Enabled column, check or uncheck the policy you want to enable or disable respectively. 3. Click Save Settings when finished.
Deleting an IM Control Policy

1. From the GFI WebMonitor navigation bar, click on WebSecurity Edition IM Control Policies. 2. Click on the delete icon next to the policy you want to delete. 3. Click Save Settings when finished.
Configuring Virus Scanning Policies

For allowed downloads, GFI WebMonitor applies virus scanning controls which include any of the following: Display download progress and status Scan the downloaded file with any of the supported virus scanners Take any of the following action when a virus is detected: o o o Issue a warning, but allow access to the downloaded file Block access to the downloaded file and quarantine Block access to the downloaded file and delete it
Screenshot 48 - Virus Scanning Policies
GFI WebMonitor 2009
Adding a Virus Scanning Policy

To add a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. 2. Click on Add Policy . 3. Click on the General tab. Virus Scanning Policies from the
Screenshot 49 - Add new virus scanning policy
4. Provide new policy name and description in the Policy Name field and the Policy Description text box respectively.
Screenshot 50 - Add new virus scanning policy: Virus scanning tab
GFI WebMonitor 2009
5. Click on the Virus Scanning tab and click on the file type you want to scan for viruses. From the Change Action dialog box select the Display download progress and status option (if required) and choose the virus scanners to scan the file type with. Also, choose the action to undertake if a virus is found. The available options are: Warn and Allow Block and Quarantine Block and Delete
Screenshot 51 - Add new virus scanning policy: Applies to tab
6. Click OK, select Applies Tab and specify the user(s), group(s) and/or IP(s) for whom the new policy applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. NOTE 2: When adding a group ISA Server authentication is used to validate the group name.
GFI WebMonitor 2009
Screenshot 52 - Add new virus scanning policy: Notification tab
7. Click on the Notifications tab and select Notify the following administrators when the download content infringes this policy checkbox if required. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 8. If you require users to be notified when the policy you are creating is triggered, select the option Notify the user performing the download when the downloaded content infringes this policy checkbox and provide the notification email text. NOTE 1: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 9. Complete new policy setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor. The policy you have just created will be listed in the main Virus Scanning Policies view.
Editing a Virus Scanning Policy

To edit a virus scanning policy:
GFI WebMonitor 2009
1. Click on WebSecurity Edition navigation bar. 2. Click on the edit icon edit.
Virus Scanning Policies from the
next to the virus scanning policy you want to
3. Refer to Adding a Virus Scanning Policy section in this chapter, for a description of the fields which can be edited. 4. Complete new policy setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Disabling a Virus Scanning Policy

To disable a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. Virus Scanning Policies from the
2. Uncheck the checkbox in the Enabled column for the policy you want to disable. 3. Complete disabling a virus scanning policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Enabling a Virus Scanning Policy

To enable a virus scanning policy: 1. Click on WebSecurity Edition navigation bar. Virus Scanning Policies from the
2. Check the checkbox in the Enabled column for the policy you want to enable. 3. Complete enabling a download policy by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Delete a Virus Scanning Policy

To delete a Virus Scanning Policy: 1. Click on WebSecurity Edition navigation bar. 2. Click on the delete icon Virus Scanning Policies from the
next to the policy you want to delete.
3. Complete deleting a virus scanning policy by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor 2009
Default Virus Scanning Policy

GFI WebMonitor WebSecurity Edition ships with a default virus scanning policy which is configured to apply to all users. The policy name is listed as Default Virus Scanning Policy. This policy can be edited, however it cannot be disabled or deleted. If you want to edit the default policy, refer to the Editing a Virus Scanning Policy section in this chapter for information related to editing virus scanning policies. NOTE 1: Any user-created virus scanning policy takes precedence over the default virus scanning policy. NOTE 2: Certain fields in the default policy cannot be edited. These include Policy Name, Policy Description and fields in the Applies To tab.
Scanning Engines
Through the Virus & Spyware Protection view you can: Enable/Disable one or more of the supported engines View the licensing status Configure anti-virus engine/signature updates for each one of the scanning engines
To access the Virus & Spyware Protection view click on WebSecurity Edition Virus Scanning Policies Virus & Spyware Protection from the navigation bar.
Enabling/disabling the scanning engines

To enable or disable one or more of the scanning engines: 1. Click on WebSecurity Edition & Spyware Protection. Virus Scanning Policies Virus
Screenshot 53 - Virus & Spyware Protection
2. Check or uncheck the checkboxes in the Enabled column to enable or disable scanning with the virus scanner for which the virus scanner is checked or unchecked. NOTE: Disabling a virus scanning engine denotes that GFI WebMonitor cannot use that engine. 3. Complete Virus scanning engine setup by clicking on Save Settings
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 69
NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configure anti-virus updates

Through the configuration view for each one of the supported scanning engines you can: View the scanning engine status, version and license details Check or uncheck checkboxes that enable automatic or manual scanning engine/signature updates Configure the frequency with which available updates should be installed Check or uncheck checkboxes that enable the configuration of an email notification message that should be sent upon successful updating of scanning engines/signatures Manually update scanning engines/signatures by clicking Update Now.
Screenshot 54 - BitDefender Properties
Screenshot 55 - Norman Anti-Virus Properties
GFI WebMonitor 2009
Kaspersky Scanning Engine Options

From the configuration view for the Kaspersky scanning engine you can specify whether Virus Scanning Policies should be triggered when files are identified as: Suspicious Corrupted Hidden
Screenshot 56 - Kaspersky Anti-Virus Properties
1. Click on WebSecurity Edition Virus Scanning Policies & Spyware Protection Kaspersky Anti-Virus.
Virus
2. Check or uncheck checkboxes that enable action for files identified as Suspicious, Corrupted or Hidden. 3. Complete setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Anti-Phishing Engine
Through the Anti-Phishing Engine view you can: Enable/Disable anti-phishing View the anti-phishing feature licensing status Configure anti-phishing database updates
To access the Anti-Phishing Engine view click on WebSecurity Edition Anti-Phishing Engine from the navigation bar.
GFI WebMonitor 2009
Enabling/disabling the Anti-Phishing Engine

To enable or disable the Anti-Phishing Engine: 1. Click on WebSecurity Edition 2. Click on the General tab. Anti-Phishing Engine.
Screenshot 57 - Anti Phishing engine properties
3. Check or uncheck the Block access to phishing sites checkbox to enable or disable anti-phishing features. NOTE 1: Disabling the anti-phishing engine implies that GFI WebMonitor cannot use that engine to block phishing sites. 4. Complete anti-phishing engine setup by clicking on Save Settings NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configure Anti-Phishing database updates

Through the checkboxes within the Anti-Phishing Updates area in the Anti-Phishing Engine settings view you can: Configure whether the Anti-Phishing Database should be updated automatically or manually. Configure the frequency with which available updates should be installed. Configure if an email notification should be sent upon successful updating of the Anti-Phishing Database; Manually update the Anti-Phishing Database by clicking Update Now. Anti-Phishing Engine.
GFI WebMonitor 2009
To configure Anti-Phishing database updates: 1. Click on WebSecurity Edition
2. Click on the General tab. 3. Specify the required settings in the Anti-Phishing Updates area. 4. Complete Anti-Phishing Database updates setup by clicking on Save Settings. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configure phishing notifications

Through the Notifications tab in Anti-Phishing Engine settings view you can specify whether email notifications are to be sent when a site being accessed is a known phishing site. To enable phishing notifications: 1. Click on WebSecurity Edition Anti-Phishing Engine.
Screenshot 58 - Anti-Phishing notification tab
2. Click on the Notifications tab and check the Notify the following administrators when the site accessed is a known phishing site checkbox. Complete setup with the administrators notification email address and notification e-mail text. Also provide the body text for the notification email in the Send the following notification to the administrators text box. 3. If you require the user to be notified when a phishing site is accessed, check the Notify the user accessing the site if the site
GFI WebMonitor 2009 7BWebSecurity Edition File scanning and download control 73
accessed is a known phishing site checkbox and provide the notification email text. NOTE: The notification is sent only if ISA Server authentication is possible and the user can be thus validated. 4. Complete phishing notifications setup by clicking on Save Settings NOTE: Failing to click on Save Settings means that you will lose phishing notification settings as soon as you leave the view to move to another section in GFI WebMonitor.
GFI WebMonitor 2009
Configuring GFI WebMonitor
Introduction
GFI WebMonitor enables you to configure a default set of parameters used by the WebFilter and WebSecurity editions. These parameters are configured through three nodes or by selecting the appropriate option within the viewing pane: Administrative Access Control: Configure who can access GFI WebMonitor web interface for configuration and monitoring. Notifications: Configure alerting options for email notifications on important events. General Settings: Configure the data retention, download cache and temporary whitelist policies. Reporting: Configure the database settings for reporting.
Administrative Access Control

Access to GFI WebMonitor is based on IP or ISA Server authenticated username. Only users/IPs in the authorized list are allowed access.
Adding users/IPs to the access permissions list

To add a user or IP to the access permissions list: 1. From the GFI WebMonitor navigation bar select Configuration Administrative Access Control.
Screenshot 59 Configuring administrative access control
2. From the drop-down lists, select whether a User or IP will be added to the access list and provide the user(s), and/or IP(s) for whom the
GFI WebMonitor 2009
8BConfiguring GFI WebMonitor 75
new access item applies. Repeat for all user(s), group(s) and/or IP(s) required. NOTE 1: When adding a user to the access control list, specify the username in the format DOMAIN\user. ISA Server authentication is used to validate the user name. 3. Click on Add to add the new item to the list and on Save Settings to finalize setup. NOTE 2: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Deleting users/IPs to the access permissions list

To remove a user or IP to the access permissions list: 1. Click on the Administrative Access Control node. 2. Click on the delete icon next to the user/IP you want to delete. 3. Click on Save Settings to finalize deleting users/IPs. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Notifications
Notifications are sent by email to administrators on important events including: Items being quarantined WebGrade Database, anti-virus signature update failures WebGrade Database, anti-virus signature update success Approaching expiry of WebGrade Database and anti-virus signature update licenses.
Configuring email settings

To configure email settings: 1. Click on Notifications node 2. Go to the Send administrative emails using the following settings and specify the email address from which notifications will be sent as well as the SMTP server and SMTP port. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Configuring email recipients

To add recipients to whom notifications are sent: 1. From the GFI WebMonitor navigation bar select Configuration Notifications node
76 8BConfiguring GFI WebMonitor
GFI WebMonitor 2009
Screenshot 60 Configuring notifications
2. Key in an email address in the Email Address field and click Add. 3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
Deleting recipients:
1. Click on Notifications node 2. Click on the delete icon delete. next to the email address you want to
3. Click on Save Settings to finalize email settings setup. NOTE: Failing to click on Save Settings means that you will lose settings as soon as you leave the view to move to another section in GFI WebMonitor.
General Settings
Through the General Settings node you can specify settings such as the amount of hours to keep downloaded files in cache, and the default time in hours a site is kept in the temporary whitelist after it has been approved from the quarantine. 1. From the GFI WebMonitor navigation bar select Configuration General Settings node
GFI WebMonitor 2009
8BConfiguring GFI WebMonitor 77
Screenshot 61 - Configuring General Settings
1. In the Data Retention area specify how long, in days, will browsing activity data be kept in GFI WebMonitor databases. This data is used for monitoring and reporting. 2. In the Download Cache are specify how long (in hours), will downloaded files be kept in a local cache. Keeping these files in the cache will speed up subsequent requests for the same file. NOTE: Set the value to zero hours if you want to disable the cache. 3. In the Temporary Whitelist area specify how long (in hours), will items approved from the quarantine be kept in the Temporary Whitelist. This is the amount of time available to the user during which the approved URL is accessible.
78 8BConfiguring GFI WebMonitor
GFI WebMonitor 2009
Handling blocked downloads
Introduction
GFI WebMonitor includes a quarantine feature; a restricted, safe and controlled storage area where potentially harmful download files are stored. Policies may be set where downloaded files/URLs are blocked and stored in quarantine. Downloaded files may be quarantined as a result of one or more configured policies in the following categories being triggered: Download Control Policies Web Filtering Policies Virus Scanning Policies Establish the reason for which a download file is being quarantined Determine whether the file is harmful or harmless and should be deleted or approved.
Administrators should review the quarantine to:
If approved for access, quarantined items are transferred to a Temporary Whitelist. Users can be then granted access to the downloaded files through the Temporary Whitelist. There are four different views for quarantined items: Those transferred to quarantine today Those transferred to quarantine yesterday Those transferred to quarantine this week All items transferred to quarantine
Approving or Deleting items

Viewing quarantined items
The following information is shown for all items listed in the quarantine: Quarantined On. Date and time when the item was quarantined. The user/IP who accessed the item which is now quarantined. Download URL - details of the quarantined item. Quarantine reason - The reason why the item was quarantined.
To view quarantined items: 1. Click on the Quarantine node in the navigation bar, and select one of views available to either review all items or those for a specified period:
GFI WebMonitor 2009
9BHandling blocked downloads 79
Today Yesterday This Week All Items
Screenshot 62 - Quarantine
2. Click on each one of the available tabs to view a list of items quarantined for each respective policy category: Download Control Policies tab Web Filtering Policies tab Virus Scanning Policies tab
Lists are sorted in descending order, with the latest item being quarantined shown at the top of the list. 3. Click on the details icon to view details for that item. 4. Click Go Back To List to move back to the list of quarantined items. 5. Use the navigation icons of quarantined items. to navigate through a long list
Approving quarantined items

To approve one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon
80 9BHandling blocked downloads
GFI WebMonitor 2009
Screenshot 63 - Approving a quarantined item
4. Click Approve Item to make the downloaded file available to users or Approve All Items to make all items in a quarantine available to users. NOTE 1: The user email address is shown only if the user has been authenticated through ISA Server authentication, and has a valid Active Directory email field. NOTE 2: Using the checkbox associated with each entry in the quarantine enables multiple file whitelisting. NOTE 3: Exert extreme caution with this feature. In approving an item from the Quarantine, you are excluding the web site from all policies configured in GFI WebMonitor for the particular user. Approving a potentially harmful file may therefore lead to your network being compromised. Approved items are transferred to the Temporary Whitelist. Refer to the Configuring allowed and blocked websites chapter for more information on the whitelist. NOTE 4: Quarantined items which are not approved after 2 days are automatically deleted.
Deleting quarantined items

To delete one or more items in quarantine: 1. Click on Quarantine node from the navigation bar and select one of the available views, depending on when the item was quarantined. 2. Click on the policy tab where the quarantined item is stored. 3. Click on the details icon 4. If you decide that the downloaded file should be deleted, click Delete Item 4. Click Delete Selected Item to make the downloaded file available to users or Delete All Items to make all items in a quarantine available to users. NOTE 1: Using the checkbox associated with each entry in the quarantine enables multiple file deletion.
GFI WebMonitor 2009
9BHandling blocked downloads 81
NOTE 2: Quarantined items which are not approved after 2 days are automatically deleted.
82 9BHandling blocked downloads
GFI WebMonitor 2009
Reporting Setup
Introduction
GFI WebMonitor enables you to store data in a database for statistical information analysis using GFI WebMonitor ReportPack. In this section you will find information about: How to enable or disable information gathering Configuring reporting options
Enabling Reporting
To enable information gathering for reporting purposes: 1. From the GFI WebMonitor navigation bar select Configuration Reporting node
GFI WebMonitor 2009
10BReporting Setup 83
Screenshot 64 - GFI WebMonitor Reporting setup
2. Click on the Enable Reporting checkbox to enable reporting features. 3. Key in the SQL Server, User/Password combination and Database name which enables GFI WebMonitor to connect and audit data to the database in the respective order. You can use the Get Database List button to retrieve a list of databases available. 4. Click on Save Settings to save reporting setup. NOTE: For security purposes, passwords can only be configured from the machine where GFI WebMonitor is installed.
The update reporting data now button

Daily at midnight, GFI WebMonitor automatically transfers any data logged to the Microsoft SQL server backend database as configured when enabling the reporting features. There are instances however when you would want to trigger the data retrieval process manually, such as: When upgrading GFI WebMonitor a the version that supports reporting. When migrating data stored in files in a storage location to a central database
84 10BReporting Setup
GFI WebMonitor 2009
To test configuration settings.
In these cases, amongst others, clicking on the Update reporting data now triggers the retrieval process. NOTE: Data is always collected for complete 24 hour periods from midnight to midnight. Clicking Update reporting data now does not collect data for partial periods between midnight and the time when this button is clicked.
Disabling Reporting
To disable reporting features: 1. Click on the Reporting node. 2. Uncheck the Enable Reporting checkbox and click Save Settings to disable reporting.
GFI WebMonitor 2009
10BReporting Setup 85
Miscellaneous
Introduction
In this section you will find information on updating GFI WebMonitor license
Entering your license key after installation

After installing GFI WebMonitor you can enter your license key without re-installing or re-configuring the product. To achieve this: 1. Click on the Licensing node from the navigation bar. 2. Key in the license key provided by GFI Software for one of the three GFI WebMonitor editions in the License Key field. 3. Click on Save Settings.
GFI WebMonitor 2009
11BMiscellaneous 87
Troubleshooting
Introduction
The troubleshooting chapter explains how you should go about resolving any software issues that you might encounter. The main sources of information available to users are: The manual most issues can be solved by reading this manual. GFI Knowledge Base articles Web forum Contacting GFI Technical Support
Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most upto-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.
Web Forum
User to user technical support is available via the web forum. The forum can be found at: http://forums.gfi.com/.
Request technical support

If you have referred to this manual and our Knowledge Base articles, and you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone. Online: Fill out the support request form on: Follow the http://support.gfi.com/supportrequestform.asp. instructions on this page closely to submit your support request. Phone: To obtain the correct technical support phone number for your region please visit: http://www.gfi.com/company/contact.htm.
NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at: https://customers.gfi.com/login.aspx. We will answer your query within 24 hours or less, depending on your time zone.
88 12BTroubleshooting
GFI WebMonitor 2009
Build notifications
We recommend that you subscribe to our build notifications list. This way, you will be immediately notified about new product builds. To subscribe to our build notifications, visit: http://www.gfi.com/pages/productmailing.htm.
GFI WebMonitor 2009
12BTroubleshooting 89
Index
Site History Details 28, 32, 34 Sites History 25, 27, 28, 32 Software requirements 11 System requirements 11
T
Troubleshooting 86
.
.NET 11
U
UnifiedProtection 7, 9, 11 User History Details 30, 31, 32, 33 Users History 25, 29, 30, 33
A
Access Permissions 73 Active connections 25, 26 Active Connections 25 Activity Log 25, 34 alerts 14 Anti-Phishing 69, 70, 71 anti-virus 9, 14, 67, 68, 74
W
WebFilter 7, 8, 9, 11, 18, 35, 41, 46, 47, 49, 50, 73 WebGrade 7, 8, 9, 41, 49, 50, 74 WebSecurity 7, 9, 11, 18, 35, 53, 54, 57, 58, 63, 66, 67, 69, 70, 71, 73 whitelist 8, 9, 18, 36, 37, 38, 39, 73, 79 wizard 12
B
blacklist 8, 9, 18, 38, 39
D
download control 7, 9, 53, 54, 55, 57, 58
E
Evaluation 10
G
General Options 73 graph 32, 33, 34
H
hardware requirements 11
I
installation 14 ISA Server 7, 8, 9, 11, 14, 25, 26, 36, 37, 38, 45, 46, 56, 64, 65, 72, 73, 74, 79
L
License 85 licensing 12
P
Past Connections 25, 26
GFI WebMonitor 2009
12BTroubleshooting 91

GFI Web Monitor Manual v2009

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GFI Web Monitor Manual v2009

Uploaded by

Copyright:

Available Formats

GFI WebMonitor 2009 for ISA Server

By GFI Software Ltd.

http://www.gfi.com E-mail: info@gfi.com

GFI WebMonitor 2009 Last updated April 7, 2009.

Installing GFI WebMonitor

Navigating the GFI WebMonitor console

Introduction .................................................................................................................. 19 Navigating the GFI WebMonitor user console ............................................................. 19

Getting started: Using the GFI WebMonitor dashboard

Introduction .................................................................................................................. 21 The GFI WebMonitor dashboard ................................................................................. 22

Getting started: Monitoring Internet activity

Configuring allowed and blocked websites

GFI WebMonitor 2009

WebFilter Edition Site rating and content filtering

WebSecurity Edition File scanning and download control

GFI WebMonitor 2009

Configuring GFI WebMonitor

Handling blocked downloads

Introduction .................................................................................................................. 87 Entering your license key after installation .................................................................. 87

GFI WebMonitor 2009

Introduction to GFI WebMonitor

GFI WebMonitor 2009

How does GFI WebMonitor work?

Figure 1 - How does GFI WebMonitor work

GFI WebMonitor 2009

GFI WebMonitor 2009

GFI WebMonitor licensing

GFI WebMonitor product evaluation

GFI WebMonitor 2009

Installing GFI WebMonitor

WebSecurity Edition Minimum hardware requirements

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 13

Screenshot 1 - Installation Access permissions

14 1BInstalling GFI WebMonitor

GFI WebMonitor 2009

Screenshot 2 - Installation Customer Information

Screenshot 3 - Installation Logon Information

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 15

Screenshot 4 - Installation email settings

Launching GFI WebMonitor

Downloading anti-virus signatures

16 1BInstalling GFI WebMonitor

GFI WebMonitor 2009

Upgrading from a previous version

GFI WebMonitor 2009

1BInstalling GFI WebMonitor 17

Navigating the GFI WebMonitor console

Navigating the GFI WebMonitor user console

Screenshot 5 - Navigating the GFI WebMonitor console

GFI WebMonitor 2009

2BNavigating the GFI WebMonitor console 19

20 2BNavigating the GFI WebMonitor console

GFI WebMonitor 2009

Getting started: Using the GFI WebMonitor dashboard

GFI WebMonitor 2009

3BGetting started: Using the GFI WebMonitor dashboard 21

The GFI WebMonitor dashboard

Screenshot 6 - GFI WebMonitor Dashboard

22 3BGetting started: Using the GFI WebMonitor dashboard

GFI WebMonitor 2009

Screenshot 7 Dashboard: Operation Statistics

GFI WebMonitor 2009