Page tree
Skip to end of metadata
Go to start of metadata

G DATA Business Solutions Manual



G DATA Business Solutions

Antivirus Business - Client Security Business - Endpoint Protection Business





G DATA Administrator

Starting G DATA Administrator

Start G DATA Administrator by clicking the G DATA Administrator option in the program group Start > (All) Programs > G DATA > G DATA Administrator. In the following login screen, enter your login data:

  • Language: Select the display language.
  • Server: Enter the name of the computer on which G DATA ManagementServer was installed. To the right, a status indicator displays whether the ManagementServer is ready. If an error occurred, clicking the status indicator displays a log file.
  • Authentication
    • Windows authentication: Log in using your Windows administrator credentials.
    • Integrated authentication: Log in using G DATA ManagementServer's integrated authentication system. Integrated authentication accounts can be set up using the function Manage users.
  • User name: Enter your Windows administrator user name or your integrated authentication user name.
  • Password: Enter your Windows administrator password or your integrated authentication password.


After entering your login data, click OK to log in.

Click the arrow next to the question mark menu to reveal two additional options. About G DATA Administrator shows version information. Reset settings allows you to reset all settings that relate to the use of Administrator, such as display options.

Using G DATA Administrator

The Administrator interface is organized as follows:

  • The Overview panel offers global status information and shortcuts to items such as reports, logs and updates.
  • The Clients/ManagementServers panel displays all clients and ManagementServers that can be managed.
  • Configuration can be carried out using the modules that are accessible via dedicated tabs on the right. The availability of modules depends on the current selection in the Clients/ManagementServers panel and on your solution.
  • The menu bar offers access to global settings as well as additional menus that are only displayed when specific modules are selected.

Overview panel

The Overview panel displays an at-a-glance overview of unread reports, logs and other status information. Clicking the icons offers quick access to the respective modules with pre-configured filter settings to display only the requested data. The availability of icons depends on your G DATA solution.

  • Info: General information and error reports.
  • Security: Infection reports.
  • Requests: Requests from the PolicyManager, PatchManager and Firewall modules and from Android app control.
  • Patches: High priority patches that have not yet been installed.
  • Client logs: Client logs, such as changed settings and scan job status information.
  • Server logs: ManagementServer information and error reports.
  • Postfix: Sendmail/Postfix module reports.
  • Squid: Squid module reports.
  • Exchange: MailSecurity for Exchange reports.
  • Unauthorized clients: Clients that have connected to the ManagementServer but have not yet been authorized by the administrator.
  • Unauthorized servers: Subnet servers that have connected to the ManagementServer but have not yet been authorized by the administrator.
  • Unauthorized Exchange clients: Exchange clients that have connected to the ManagementServer but have not yet been authorized by the administrator.
  • Signatures: Version information for the virus signatures on the ManagementServer.
  • Program: ManagementServer version information.


Clients/ManagementServer panel

The Clients/ManagementServers panel displays all clients and servers that are managed by G DATA Administrator. Select the Clients tab to display clients or the ManagementServers tab to display ManagementServers (primary servers, secondary servers and subnet servers).

Clients and ManagementServers are displayed in a node-based list. As in Windows Explorer, nodes that contain subordinated nodes appear with a small plus symbol. If you click on them, the structure expands and enables the view of the underlying nodes. Clicking the minus symbol collapses the list.

In the toolbar, you will see the most important client and server management commands, some of which are also displayed in the Organization menu. The availability of these options depends on the clients/ManagementServers that have been selected:

  • Refresh
  • Expand/collapse all: Expand or collapse all items in the network tree.
  • Show disabled clients
  • Add group
  • Delete
  • Enable client: Add a Windows or Linux client to the Clients tab by entering its name or IP address.
  • Installation overview
  • Send installation link to mobile clients: Send an installation link to Android and iOS clients.

Clients view

The Clients tab lists the various types of clients under five top-level nodes:

  • All ManagementServers: Windows, Linux, Mac and Android clients.
  • Exchange: Clients with the MailSecurity for Exchange plugin.
  • Sendmail/Postfix: Linux clients with the Sendmail/Postfix module.
  • Squid: Linux clients with the Squid module.
  • iOS Mobile Device Management: iOS clients.

Before clients can be managed, they need to be added to the Clients tab and deployed. The procedure depends on the type of client, the network size and the configuration:

The following types of icons are shown on the Clients tab:

  • Top-level node
  • ManagementServer
  • Group
  • Group (Active Directory link)
  • Client
  • Client (disabled)
  • Laptop client
  • Mobile client
  • Linux server
  • Linux client
  • MailSecurity for Exchange client
  • Non-selectable devices: Devices like network printers fall under this category.

When a client, group or ManagementServer is selected, the corresponding client modules are displayed as tabs in the module area. Depending on the type of node you select, different modules are available. For example, when you select a desktop client, the tab Client settings will be enabled. For Android clients, on the other hand, you get access to the Android settings tab.

Client settings can be imported and exported. Right-click on a client and choose Export settings to export settings from the Client settings and PolicyManager modules to a .dbdat file. To import settings, select a client or group, choose Import settings and select the scope and the settings file.

Clients - Installation overview

The Installation overview window can be used to keep track of installation progress. It opens automatically when a remote installation task is added, or can be opened by clicking the Installation overview button in the Clients/ManagementServer panel's toolbar.

The Installation overview window lists all clients that have pending and completed remote installation tasks. The Type column shows the type of installation (for example G DATA Security Client; G DATA Internet Security for Android; Subnet server). After a remote installation has been completed, the Status column will be updated. For clients that have been added via Active Directory synchronization, the Next installation attempt column shows the time at which the remote installation will be started.

Right-clicking an entry offers the following options:

  • Refresh: Refresh the list.
  • Delete entry: Remove the selected entry from the list.
  • Show installation log: Show the installation log for the selected entry.
  • Try again: Retry a failed installation attempt.

Clients - Send installation link to mobile clients

The window Send installation link to mobile clients lets you send an installation e-mail to mobile clients. Depending on the selection on the Clients tab, the window will contain options for Android or iOS clients.

Opening the e-mail on the mobile client lets users install G DATA Internet Security for Android (when deploying Android clients) or enable Device Management (when deploying iOS clients). After completing the respective procedure, the mobile client(s) will show up on the Clients tab.

In order to send mobile clients an installation link, G DATA ManagementServer needs to be able to send e-mails. Make sure to enter your login data for an SMTP server under General settings > Email > Email settings.

Android clients

In order to send an installation link to Android clients, the following information should be entered:

  • Password: If you have not yet entered a mobile authentication password under General settings > Android > Authentication for mobile clients, enter it here.
  • Recipient(s): Enter one or more e-mail addresses, separated by line breaks or commas.
  • Subject: Enter the subject of the installation email.
  • Content: Enter the body text of the installation email. It must contain the preconfigured placeholders for installation links.

Click OK to send the installation link.

iOS clients

When deploying Device Management to iOS clients, several settings allow you to customize the appearance of the Device Management request to the end user:

  • Name: Enter the Device Management name.
  • Description: Enter the Device Management description.
  • Organisation: Enter your organization's name.
  • End User License Agreement: Enter an End User License Agreement.
  • Recipient(s): Enter one or more e-mail addresses, separated by line breaks or commas.

Click OK to send the installation link.

Before sending an installation link to an iOS client, make sure you have entered your ActionCenter login data in the ActionCenter module.

Clients - Active Directory

G DATA Administrator's Active Directory support imports computer objects from local domains' organizational units. Create a new group, right click it, and select the option Assign AD item to group. In the dialog window that opens, select Assign to AD group and choose the LDAP server. The Select button will provide a list of available servers. It is also possible to connect to another domain by clicking Add. The option Automatically install G DATA Security Client on newly added computers will initiate a remote installation of G DATA Security Client for every computer that is added to the Active Directory domain, as long as it meets the remote installation requirements. Enter User name and Password for a domain account with sufficient permissions on clients, as well as the installation Language.

By default, G DATA ManagementServer synchronizes its data with the Active Directory server every six hours. This value can be changed under General settings > Synchronization.

Active Directory changes are automatically synchronized with Management Server. However, if clients are moved between domains, the Active Directory link of the Management Server group for the previous domain must be manually unassigned. After assigning an Active Directory item from the new domain to a Management Server group, the clients will then be automatically synchronized to the appropriate node on the Clients tab.

Clients - Menu Organization

When the Clients tab has been selected, the Organization menu is displayed in the menu bar, offering access to settings related to client organization.

Refresh

The Refresh function updates the list in the Clients/ManagementServers panel.

Show disabled clients

Using the option Show disabled clients, clients that have not (yet) been enabled can be shown. Disabled clients are shown as grayed out icons.

Add group

Clients can be combined into groups to apply settings to multiple clients at once. Easily distinguishable security zones can be defined since all settings can be made for both single clients and for entire groups. Select a ManagementServer or group, and then click the Add group option. After entering a group name, clients can be assigned to the new group by dragging and dropping them onto it. To move a large number of clients into a group, use the Clients > Overview module. Select the clients that should be moved, right-click and choose Move clients.

Edit group

The Edit group option opens a window where the Add and Remove buttons can be used to add clients to groups or remove them from groups. This option is only available when a group has been selected on the Clients tab.

Delete

Individual clients can be removed from the client list with the Delete command. G DATA Security Client is not uninstalled by removing the client from the list.

To delete a group, all of its included clients must be either disabled or moved to other groups as necessary. Only empty groups can be deleted.

Find computer(s)

The Find computer(s) window can be used to add clients to the Clients tab and enable them. Clients can be found by IP address and enabled directly from within the dialog window. The Find computer(s) window will contact all computers in a specified IP range. The range can be defined using a Start IP and End IP (such as 192.168.0.1 and 192.168.0.255), or a Subnet address (in CIDR notation, such as 192.168.0.0/24). To make sure that only available clients are listed, select Only search for available clients (Ping). Click Start search to start the network search. Computers will be listed as soon as they are found. If the search process is taking too long, it can be canceled by clicking Cancel search.

All computers that respond to the IP check are listed, including their IP address and computer name. Using the Enable button, the respective clients can be added to the Clients tab. The search result includes enabled clients, if applicable - these can be disabled by clicking Disable.

Organization - Rule wizard

When clients connect to ManagementServer for the first time, they are automatically added to the group New clients if no group has been defined when enabling the client or creating the installation package. The Rule wizard can be used to create rules that regularly move new clients to predefined groups.

Rules can be managed using the New, Edit and Delete buttons and the arrow buttons next to the rule list. The Import and Export buttons can be used to import/export the rules as .json files.

Under Settings, the general settings for the execution of the rules can be defined:

  • Schedule: The rules are executed Hourly, Daily or Weekly.
  • Time: Define the exact point of time at which the rules are executed.
  • Apply group settings: After being moved, clients are automatically assigned the settings from the group to which they were moved.
  • Only move clients from the group "New clients": The rules only apply to clients from the group New clients. If this option is deselected, the rules apply to all clients. This can cause clients to be moved around multiple times and should usually be left selected.
  • Execute now: Execute the rules immediately.

Using a number of settings, you can define rules that automatically move clients between groups:

  • Rule type: Select whether the clients are selected by Computer name, IP address, Domain or Default gateway.
  • Client placeholder: Enter the search string that is used to select clients. You can use placeholders. For example, enter Sales_* to select all clients with the name prefix Sales_ (when using the Computer name setting) or 192.168.0.[1-100] to select all clients with IP addresses between 192.168.0.1 and 192.168.0.100 (when using the IP address setting).
  • Client type: Select which client types are moved (All, Workstation, Server, Android device or Laptop).
  • Groups: Enter one or more groups or select them by double-clicking on a group in the tree view. When multiple groups have been entered, the selected clients will be divided equally over the groups.

Organization - Installation package

Create installation package for Windows clients

This function can be used to create an installation package for G DATA Security Client. Use the package to install G DATA Security Client locally. See the chapter Local installation (Windows) for more details.

Create installation script for Linux/Mac clients

This function can be used to create an installation script for G DATA Security Client for Linux and G DATA Security Client for Mac. Use the script to install G DATA Security Client locally. See the chapters Local installation (Linux) and Local installation (Mac) for more details.

ManagementServer view

G DATA ManagementServer lies at the core of the G DATA architecture: it administers the clients, automatically requests the latest software and virus signature updates from the G DATA update server and controls the virus protection within the network. G DATA ManagementServer uses the TCP/ IP protocol to communicate with the clients. For clients that are temporarily disconnected from G DATA ManagementServer, jobs are automatically accumulated and synchronized when communication is re-established. G DATA ManagementServer has a central Quarantine folder. Suspicious files can be encrypted and secured, deleted, disinfected or forwarded to the G DATA Security Labs if necessary. G DATA ManagementServer is managed using G DATA Administrator.

When you exit G DATA Administrator, G DATA ManagementServer continues to be active in the background and manages the processes you have set up for the clients.

G DATA Administrator Modules

Depending on the current selection in the Clients/ManagementServers panel, either the client modules or the server modules are shown as tabs on the right side of the window. Click any tab to open the corresponding module.

Most modules have a toolbar. In addition to module-specific functions, the following buttons are usually displayed:

  • Refresh: Refresh the current list or view.
  • Delete: Delete the currently selected item(s).
  • Print: Print (selected) items from the current module.
  • Print preview: Display a print preview.
  • Time frame: Limit the displayed items to a specific time frame.

For most modules, there are also general options to control layout and list contents:

  • To sort a list, click any of its column headers.
  • To add or remove columns from the list display, right-click any column header, click Select columns and then (de)select the columns that should be displayed.
  • To reduce the number of items per page, enter the maximum Number per page at the bottom right of the screen.
  • For free form text filtering, click any of the filter icons in the column headers and enter your filter criteria.
  • Drag one or more column headers to the bar above the column headers to create a group based on those columns. Groups can be nested in various ways to create different views.

Each module's settings always apply to the clients, servers or groups highlighted in the Clients/ ManagementServers panel. If a ManagementServer or group has been selected, clients or groups within the group may have different values set for one or more settings. The affected settings will be marked as such. When saving the settings, each client with deviating settings will retain its own value. Only if the value is changed will it be applied to the whole group. Subordinated clients or groups that have settings that deviate from the group settings are displayed by name in the panel Clients/groups with deviating settings. Select a client and click Display settings to select that specific client in the Clients/ManagementServers panel and display its settings or click Revert to group settings to apply the group settings to that client.

When administering a group that contains Windows clients as well as Linux or Mac clients, settings that have no effect on Linux or Mac clients are displayed in green.

Settings are only saved and transferred to the selected client(s)/server once the Apply button has been clicked. At the bottom of most modules, the Information status field shows whether the  settings have been successfully transferred. Click the Discard button to discard the changes.

Client Modules

Client Dashboard

The Dashboard area provides you with information about the current state of the clients in the network.

G DATA Security Status

Under G DATA Security Status you can set all the basic security settings for the clients or groups you have selected in the Clients section.

By clicking on the respective entry, you can perform actions here directly or switch to the respective task area. As soon as you have optimized the settings of a component with the attention symbol, the symbol in the status area changes back to the green symbol.

For a quick detailed overview, the Clients - Overview is more suitable.

Client Connections

The Client Connections section provides a time-based overview of the connections that the respective clients have had with G DATA ManagementServer. Care should be taken to ensure that all clients connect to G DATA ManagementServer on a regular basis. To better control the connections, each client sends a heartbeat every hour. If this fails, the client is probably offline. If the heartbeat is sent, but the client does not update the virus signature updates, for example, there is a communication failure.


Clicking on the pie chart takes you to the client overview, where the security status is already pre-filtered according to the selected area.

Top 10 Clients - Warnings

The Top 10 Clients - Warnings overview helps to find problematic clients. The chart shows the clients with the most virus reports. While G DATA successfully fends off these infections, the fact that certain clients are often attacked by malware may indicate problems. Perhaps one of the other protection mechanisms is misconfigured, or the end user is particularly at risk due to targeted malware attacks or careless (surfing) behavior. Here, the client's security configuration should be checked. If the end user's (mis)behavior is a possible cause, PolicyManager policies can be used to restrict access to dubious resources.

Clicking on the displayed client name takes you directly to the security events for this client.

Report Status

The chart shows infections, errors, and Firewall and PolicyManager requests. Excessive errors from any of the modules or other notable spikes in the graph can be checked via the individual reports in the Security Events module.

Module Clients

The Clients module offers client management functions, such as information about whether the clients are running normally and if the virus signatures and program files are fully up to date.


Clients - Overview

From the Overview panel, you obtain an overview of all managed clients and can also simultaneously carry out any client administration. Using the Security status column, you can easily keep track of every client's current security status.

To manage the clients, you can use the following options from the toolbar above the list:

  • Delete: Remove a client from the Clients list. As this option does not uninstall G DATA Security Client from the client, it should only be used for client machines that have already been decommissioned or removed from the network. If an active client is inadvertently removed from the list, it will reappear upon its next connection to ManagementServer (group-specific settings, however, are lost).
  • Update virus signatures now: Updates the virus database on the client with current signatures from G DATA ManagementServer.
  • Update virus signatures automatically: Enables automatic updating of the virus database. Clients periodically check whether updated virus signatures are available on G DATA ManagementServer and run an automatic update.
  • Update program files now: Updates the program files on the client with the current files from G DATA ManagementServer. A client reboot may be necessary after updating the program files.
  • Update program files automatically: Enables automatic updating of program files. Clients periodically check whether a new version is available on G DATA ManagementServer and execute an automatic update.
  • Installation overview

You can display various columns in the overview, for more tips and explanations on operation, see G DATA Administrator Controls.

The Heartbeat is a tool to find communication failures. If the Heartbeat fails, the client is switched off or has no network connection, for example. If the Heartbeat is present but the client is not loading signature or program updates, there is a communication problem with the ManagementServer.

The Heartbeat is always activated from version 15.1. It is displayed when it is selected in Select columns.

Right-clicking on a client gives you the following options

  • Install G DATA Security Client
  • Install G DATA Security Client for Linux
  • Uninstall G DATA Security Client
  • Installation overview
  • Reset to default: Reset the security settings for the selected client(s) to the group settings.
  • Move clients: This function allows you to move the selected client(s) to an existing group. After selecting this function, a dialog window displays all existing groups. To move a client to a group, select the group and click OK.
  • Assign G DATA server: While you have the option of assigning specific subnet servers to clients with the function Servers > Overview, you can also select a subnet server for individual clients.
  • Update virus signatures now
  • Update virus signatures automatically
  • Update program files now
  • Update program files automatically
    • Reboot after program update: Define what should happen after client program file updates:
    • Open message box on client: Inform the user that they should restart his/her client computer at a convenient time.
    • Create report: Create a report in the Security events module.
  • Force reboot: Automatically force a restart.
  • Delete (only in the context menu)
  • Authorize (only in the context menu): Authorize the selected client(s). In order to prevent unauthorized access to the ManagementServer, clients that are deployed through a local installation need to be authorized before they are fully served.
  • Remove Authorization As of version 15.1, it is possible to remove the authorization of a client.
  • Properties (only in the context menu): Display properties for the selected client (General, Network info, Security risks and Hardware).

Clients - Software

The software inventory allows you to monitor software use across the whole network. Software can be added to a blacklist or whitelist to support software management in the network.

The software overview can be managed with the following toolbar buttons:

  • Refresh
  • Print
  • Print preview
  • Display all: Display all software that has been installed on the clients.
  • Display only software on the blacklist: Only show software that you have added to the blacklist.
  • Display only software that is not on the whitelist: Only show software that is installed on the network clients, but has not been checked yet by the system administrator. Using this view, you can quickly add software to the blacklist or whitelist by right clicking on it.

The list area lists installed software for all clients selected in the Clients panel. To fill the blacklist or whitelist, click the button Global blacklist or Global whitelist. Click Add to add a new blacklist or whitelist entry. The option Determine attributes lets you select the program you want to put on the blacklist or whitelist and enter its attributes. To set an attribute as rule, tick an attribute's checkbox. This allows you to put software from specific vendors, or specific program versions, on the lists. When you already know the program's attributes, you can also directly add them to the blacklist or whitelist, without using the Determine attributes dialog.

By default, the Software inventory is filtered to only show currently installed applications. To show all applications, including those that were previously installed but are no longer present, click Reset all filters to reset the display filter.

Clients - Hardware

The Hardware inventory view shows you information about the hardware that is in use by clients.

The hardware overview can be managed with the following toolbar buttons:

  • Refresh
  • Print
  • Print preview

Clients - Messages

You can send messages to individual clients or client groups to quickly and conveniently inform users. The messages are displayed as a small popup on the bottom right of the client desktop.

To create a message, simply click the Send message button. In the dialogue window, select the clients you want to send the message to. If you want a message to be sent only to a specific end user on the selected client(s), enter their User name. Type your information in the Message field and click the OK button.

Module iOS clients

When you have selected one or more iOS clients in the Clients panel, the Clients module only displays details pertaining to the selected iOS client(s):

  • Client: Device name.
  • Security status: Shows the current security status and displays a warning if no profile has been assigned or if the profile is pending.
  • Profile: Displays the currently assigned profile. Select a profile from the list to change the profile or select - No profile - to remove the current profile.
  • Last access: Timestamp for the most recent connection between the iOS client and G DATA ActionCenter.
  • IMEI: Device IMEI identification number.
  • Capacity: Device storage capacity in GB.
  • Version: iOS version number.
  • Telephone number: Device telephone number.
  • Email address: The email address to which the installation link was sent.
  • Product name: Device product name.

Right-click a client to select one of the following context options:

  • Delete device management: Disable mobile device management on the device.
  • Delete: Remove the device from the list. Before removing the device from the list, use Delete device management to disable mobile device management.
  • Resend activation email: Resend the installation link to clients with an inactive or pending MDM installation.

Module iOS settings

The iOS settings module offers easy access to G DATA Administrator's iOS management capabilities.

iOS-settings - General

Using the General tab, you can enter a note for the selected client(s) and assign a profile:

  • Description: Enter a note, for example information about the device or its configuration. The note is only displayed in G DATA Administrator.
  • Active profile: Displays the currently assigned profile. Select a profile from the list to change the profile or select - No profile - to remove the current profile.

In addition to the note and profile settings, the General tab also displays settings that have been configured when Device Management was deployed to the device. This includes the Device Management name, description, organization and the End User License Agreement.

iOS-settings - Profiles

Using profiles you can deploy security policies to (groups of) iOS devices. Use the Add profile toolbar button to define a new profile by entering its Name and a Description (optional). Each profile can contain up to five policies, each focusing on a specific branch of settings. Under Add policy, select one of the following five policies and click the plus sign to add it to the profile:

  • Functionality restrictions: Disable specific functions of the iOS device (such as camera usage, Siri or iCloud).
  • App restrictions: Disable specific apps or app settings (such as YouTube, iTunes Store or Safari).
  • Media content restrictions: Disable specific types of media content, based on various rating Systems.
  • Passcode settings: Enforce iOS passcode standards (such as minimum length, minimum complexity and a maximum number of failed attempts).
  • WLAN: Allow the iOS device to connect to a specific wireless network.

Select a policy to edit its settings. Click Apply to save the profile and all its policies. If you are editing a profile that has already been assigned to a device, the updated profile will be synchronized with the device and a report will be added to the Logs (iOS) module as soon as the device has applied it. Profiles can be imported and exported by clicking the respective buttons. Profile settings are saved as a JSON file.

iOS-settings - AntiTheft

The Anti-Theft tab lets you trigger one of three anti-theft actions on the selected iOS device:

  • Lock device: The device's lock screen will be enabled (including passcode protection, if a passcode has been set).
  • Reset device: The device will be wiped. Warning: this removes all data and also disables Device Management.
  • Remove passcode: The device's passcode will be removed.

Click Execute function to carry out the selected action. The status will be reported under Logs (iOS).

Unable to render {include} The included page could not be found.

Module Sendmail and Postfix

The Linux Mail Security Gateway module is available as an optional module.

The Sendmail/Postfix module offers access to settings for Linux Mail Security Gateway.

Sendmail/Postfix - Settings

Under Settings, the antivirus protection can be configured:

  • Reaction: Define the reaction to infected emails (Delete infected attachments or Move email to quarantine).
  • Subject prefix: Add a prefix to the email subject (e.g. [VIRUS]).
  • Message in body: Add a notification to the email body (e.g. This email contains a virus).

Sendmail/Postfix - AntiSpam

Using the AntiSpam settings, the Linux Mail Security Gateway module automatically filters incoming email for spam.

Spam messages are categorized in three distinct categories: Suspected spam, High spam probability and Very high spam probability. For each of those categories, you can customize the action that the plugin will take:

  • Reaction
    • Deliver email: The email message will be delivered to the recipient.
    • Delete message: The email message will be deleted.
  • Subject prefix: Add a prefix to the subject of the email message, such as a [SPAM?] tag.
  • Message in body: Add text to the body of the email message.
  • Create reports: Add a report to the Security events module.

In addition to the three spam categories, you can define a whitelist and a blacklist. Email messages from addresses or domains on the whitelist are never checked for spam; addresses and domains on the blacklist are always treated according to the configuration for Very high spam probability. The whitelist and blacklist can be exported and imported as .json files.

Module Squid

The Linux Web Security Gateway module is available as an optional module.

The Squid module can be used to configure settings for the Linux Web Security Gateway. Under Antivirus protection, the following settings can be configured:

  • Enabled: Enable the antivirus protection for Squid.
  • Use AntiPhishing: Enable cloud lookups to enhance protection.
  • Create reports: Add a report to the Security events module when a virus is found.

Under Blacklist, click Add to add a Domain, Proxy client IP address or MIME type to the blacklist. Entries on the blacklist are always blocked.

Module Client settings

The Client settings module manages settings for individual clients or groups of clients. Using the General, Monitor, Email, Web and AntiSpam options you can extensively configure protection for network clients.

Client settings - General

The General tab allows you to configure general settings for the selected clients.

G DATA Security Client

The G DATA Security Client section covers basic client functionality.

  • Note: Enter any notes or remarks that apply to this client.
  • Tray icon: Choose when the client icon should be displayed in the system tray: Never, Display in first session only (for terminal servers and Windows Fast user switching) or Always display (in all sessions). If the icon is not displayed, the functionality of Security Client is severely limited (for example, Idle scan cannot be used and the user has no access to the Client functions).
  • Assigned to: By default, clients are assigned to the main ManagementServer. The dropdown list displays the main ManagementServer and its subnet servers and can be used to quickly assign a client to a specific (subnet) server.

Updates

The Updates section lets you define virus signature and program file update settings.

  • Update virus signatures automatically: Enables automatic updating of the virus signatures. At every synchronization interval the clients check whether new virus signatures exist on the G DATA ManagementServer. If new virus signatures are available, they are automatically installed on the client.
  • Update program files automatically: Enables automatic updating of the program files. At every synchronization interval the clients check whether updated program files exist on the G DATA ManagementServer. If updated program files are available, they are automatically installed on the client. A client reboot may be necessary after the update. Dependent on the setting under Reboot after update, the client user has the option of postponing the completion of the update.
  • Reboot after update: Select Open message box on client to inform a user that they should restart their client computer at a convenient time. Create report will create a report in the Security events module, or select Force reboot to automatically force a restart.
  • Participate in the Malware Information Initiative to improve detection rates: Enable participation in the Malware Information Initiative. The G DATA SecurityLabs continuously research new technologies to protect our customers against malware (viruses, worms and malicious programs). The more information is available, the higher the efficacy of the technologies. However, much information is available only on systems that have been attacked or infected. In order to include even such information in the analyses, the G DATA Malware Information Initiative was founded. In this context,  alware-related information is sent to the G DATA SecurityLabs.

Signature update settings

Define where clients obtain their virus signature updates:

  • Load signature updates from the ManagementServer: Clients will obtain virus signature updates from their ManagementServer. They will check for updates at every synchronization interval.
  • Load online signature updates independently: Clients will obtain updates from the central G DATA update servers. The update check can be scheduled under Settings and scheduling.
  • Load online signature updates independently, if no connection to the ManagementServer can be established: This option is recommended for mobile workstations such as laptops. When the client has a connection to the ManagementServer, it will download its updates from there. If there is no connection to the ManagementServer, the virus signatures are automatically downloaded from the G DATA update servers. The update check can be scheduled under Settings and scheduling.

Proxy server

Specify which proxy settings the client or group should use.

If enabled, the user can use their own proxy settings, but this should only be allowed in exceptional cases. Enabling the option may compromise the security of the client.

The proxy server can also be configured differently from the system-wide settings without applying the user's proxy settings.

Client functions

Under Client functions, you can set permissions for local users to change Security Client settings. User rights can be very extensive or restrictive, as your network policy demands.

  • Allow the user to run virus checks: In case of a suspected virus infection, the user can run a local virus check, independent of the ManagementServer schedule. Results of this virus check will be transferred to the ManagementServer during the synchronization. Additionally, this lets users change settings for local virus checks.
  • Allow the user to download signature updates: If you enable this function, the user of the client computer is allowed to download virus signatures over the Internet, without connecting to the ManagementServer. This is especially important if the client has a laptop that is often used outside the network perimeter.
  • Allow the user to change monitor options: If this function is enabled, the client user has the option to change the Monitor settings.
  • Allow the user to change email options: If this function is enabled, the client user has the option to change the Email and AntiSpam settings.
  • Allow the user to change web options: If this function is enabled, the client user has the option to change the Web settings.
  • Allow the user to display the local quarantine: If you allow the local quarantine to be displayed, the user can, if necessary, disinfect, delete or restore data that was moved into quarantine. In doing so, note that a virus is not removed by restoring a file from quarantine. This option should therefore only be made accessible to experienced users.
  • Protect client settings with a password: To prevent improper manipulation of local settings, there is the option of only permitting options to be changed when a password is entered. This allows you, for example, to prevent end users from changing settings. The password is set specifically for the selected client or group and it should only be shared with authorized users.

Scan jobs

You can define exceptions that are not to be checked during the execution of scan jobs. Archives and restore partitions, for example, can be defined as exception directories. You can also define file extensions as exceptions. Exceptions can be defined for complete groups. If the clients in a group have defined different exception directories, new directories can be added or existing ones can be deleted. The directories specially defined for individual clients are preserved. The same procedure also goes for monitor exceptions.

Idle scan

To allow the client to perform a virus scan when the computer is idle, tick Idle scan enabled. By clicking the Edit button, you can define the scan scope, which includes all local hard drives by default.

Client-settings - Monitor

The Monitor panel allows you to configure the most important aspects of client protection. The monitor should not be disabled, as it provides real-time protection against malware. It is therefore recommended that the monitor is only switched off if there is a justified reason for doing so, e.g. error detection or troubleshooting. It is possible to define exceptions for the monitor. If an application suffers from performance loss due to use of the monitor, exceptions can be added for the relevant program files or processes; excluded files are then no longer checked by the monitor. Setting up monitoring exceptions can represent a security risk.

Settings

Monitor settings can be used to configure the monitor and define exceptions.

  • Monitor status: Switch the monitor on or off. In general you should leave the monitor switched on, as it is the foundation of permanent and  uninterrupted virus protection.
  • Use engines: The G DATA software works with two independently operating virus scanning engines. Using both engines guarantees optimum results for preventing viruses. Using just one engine can have performance advantages.
  • Reaction to infected files: Specify the action to be taken if an infected file is detected. There are various options that may or may not be suitable, depending on what the respective client is used for:
    • Block file access: Neither read nor write access will be granted for an infected file.
    • Disinfect and move to quarantine: The file is moved to quarantine and an attempt is made to remove the virus.
    • Move file to quarantine: The infected file is moved to quarantine. The system administrator can then try to manually disinfect the file.
    • Delete infected file: This function serves as a strict measure for effectively containing a virus. In the rare case of a false-positive virus message, this may lead to data loss.
  • Infected archives: Specify here how infected archives are to be treated. When specifying these settings, you should bear in mind that a virus in an archive will only be harmful when it is unpacked from the archive.
  • Scanning mode: Define when files should be scanned. Read access scans every file directly when it's read. Read and write access adds a scan on writing, to protect against viruses that are copied from another possibly unprotected client or from the Internet. On execution scans files only when they are executed.
  • Monitor network access: Enable network access monitoring.
  • Heuristics: Through heuristic analysis, viruses are not only detected on the basis of the constantly updated virus databases, but also on characteristics typical of viruses. This method provides additional security, but may also produce a false alarm in rare cases.
  • Check archives: Checking compressed data in archives is a very time-consuming process and can generally be omitted if the G DATA virus monitor is always enabled on your system. The monitor can detect a previously hidden virus while the archive is being unzipped and can automatically prevent it from spreading. To avoid decreasing performance with unnecessary checks of large archive files that are rarely used, you can set a size limit (number of kilobytes) for archives that should be checked.
  • Check email archives: This option should generally be disabled, as scanning email archives takes a long time, and if an infected email is found, the entire mailbox is moved to quarantine or deleted - depending on the virus scan settings. Email in the mail archive may no longer be available in such a case. As the monitor also blocks execution of email attachments, disabling this option does not create a security hole. Moreover, when using Outlook, incoming and outgoing mails are scanned using an integrated plug-in.
  • Check system areas on startup/Check system areas on media change: System areas (such as boot sectors) in your computer should be included in virus checks. Here, you can specify whether these should be checked on system start-up and/or whenever a media change occurs (new DVD, etc.). Generally, you should have at least one of these two functions activated.
  • Check for dialers / spyware / adware / riskware: You can use the G DATA software to check your system for dialers and other malware programs (spyware, adware, riskware). This includes programs that establish unrequested expensive Internet connections and are potentially every bit as damaging as a virus in terms of economical impact. For example, spyware can silently record end user surfing behavior or keystrokes (including passwords) and forward this to third parties via the Internet.
  • Notify user when a virus has been found: If this option is enabled, when a virus is found by the monitor, a notification window is displayed, informing the user that a virus has been found on the system. The file that has been found, its path and the name of the malware found are displayed.

Under Exceptions, you can exclude specific directories from virus checks, for example to omit folders with archives that are seldom used in order to integrate them into a special scan job. Files and file types can also be excluded from the virus check. The following exceptions can be configured:

  • Directory: Select a folder (including any subfolder contained within it) that you do not want to be checked by the monitor.
  • Drive: Select a drive (partition, hard disk) that you do not want to be checked by the monitor.
  • File: Enter the name of a file that you do not want to be checked by the monitor. You can use wildcards.

Wildcards work as follows: the question mark symbol (?) represents individual characters. The asterisk symbol (*) represents entire character strings. For instance, in order to exclude all files with the file extension exe, enter *.exe. To exclude files with different spreadsheet formats (e.g. .xls, .xlsx), simply enter *.xls?. Or, to exclude files of various types that have identical initial file names, enter (e.g.) text*.*. This would involve files called text1.txt, text2.txt, text3.txt, etc.

  • Process: If a specific process should not be monitored by the monitor, enter the complete path and filename of the process (e.g.  :\Windows\system32\cmd.exe).

You can repeat this procedure as many times as you wish, and you can delete or modify the existing exceptions in the Exceptions window.

Behavior monitoring

Behavior monitoring provides further protection against malicious files and processes. Unlike the monitor, it is not signature-based, but analyzes the actual behavior of a process. To undertake a classification, behavior monitoring uses various criteria, such as write access to the registry and the possible creation of auto-start entries. If sufficient criteria lead to the conclusion that a program is exhibiting suspicious behavior, the action set under If a threat is detected will be carried out. The options Log only, Halt program, and Halt program and move to quarantine are available here.

Whenever behavior monitoring carries out an action, a report is added to the Security events tab. If a program has falsely been identified as a threat, the corresponding report can be used to create a whitelist entry. Whitelist entries can be viewed and removed by clicking Edit global whitelist.

ExploitProtection

Exploits specifically look for vulnerabilities in third party software on the client. ExploitProtection constantly checks the behavior of the installed software for irregularities. If any unusual behavior is detected in a software process, the action that has been defined under If an exploit is detected is carried out: Log only or Prevent execution. If Notify user if an exploit is detected has been enabled, the user will also receive a notification.

Whenever ExploitProtection carries out an action, a report is added to the Security events tab. If a program has falsely been identified as a threat, the corresponding report can be used to create a whitelist entry. Whitelist entries can be viewed and removed by clicking Edit global whitelist.

USB Keyboard Guard

USB Keyboard Guard protects clients against BadUSB attacks. Maliciously reprogrammed USB devices, such as cameras, USB sticks or printers, can act as keyboards when they are plugged in to a computer. To prevent those devices from automatically carrying out unauthorized commands, USB Keyboard Guard will ask the user for confirmation if it detects a USB device that identifies itself as a keyboard. If the user indeed plugged in a keyboard, it can be safely authorized. If the device identifies itself as a keyboard but the user plugged in something else, it should not be authorized, as it may be malicious.

Regardless of the user's decision, a report will be added to the Security events tab. If a device has been authorized, the administrator can decide to block it nonetheless by right-clicking on the report and revoking the authorization.

Anti-Ransomware

Whereas regular malware infects devices to use them as part of a botnet or to steal credit card information, ransomware developers try to make money by extorting the user directly. In order to extract a ransom, ransomware locks the device or even encrypts data until the victim pays up. In addition to signature- and behavior-based detection, the Anti-Ransomware function detects the specific actions of ransomware, such as file encryption, and blocks them before it can do any more harm. When ransomware is detected, the action set under In case of a threat will be carried out. The options Log only and Move to quarantine are available. If Notify user in case of a threat has been enabled, the user will also receive a notification.

Whenever Anti-Ransomware carries out an action, a report is added to the Security events tab. If a program has falsely been identified as a threat, the corresponding report can be used to create a whitelist entry. Whitelist entries can be viewed and removed by clicking Edit global whitelist.

Client-settings - Email

Virus protection for email can be set up on every G DATA Security Client. The default ports for the POP3, IMAP, and SMTP protocols will be monitored. Additionally, a special plugin for Microsoft Outlook automatically checks all incoming email for viruses and prevents infected email from being sent.

Incoming email

The Incoming email section defines options for scanning incoming emails.

  • Reaction to infected files: Specify the action to be taken if an infected file is detected. There are various options here that may or may not be suitable, depending on what the respective client is used for.
  • Check received email for viruses: By enabling this option, all emails that the client receives will be checked for viruses.
  • Check unread email at program startup (Microsoft Outlook only): This option is used to scan emails for viruses that the client may receive while it is offline. All unread email in your Inbox folder and subfolders are checked as soon as you open Outlook.
  • Attach report to received infected emails: As soon as one of the emails sent to the client contains a virus, you will receive the following message in the body of this email beneath the actual email text WARNING! This mail contains the following virus followed by the name of the virus. In addition, you will find a [VIRUS] notification before the actual subject. If you enabled the option Delete text/attachment, you will also be notified that the infected part of the email was deleted.

Outgoing email

The Outgoing email section defines options for scanning outgoing emails.

  • Check email before sending: To make sure that you do not send out any infected emails, the G DATA software offers the option of checking outgoing emails for viruses before sending them. If an email actually contains a virus, the message The mail [subject header] contains the following virus: [virus name] is displayed and the relevant email is not sent.
  • Attach report to outgoing emails: A report is displayed in the body of each outgoing email below the actual mail text. It reads Virus checked by G DATA ANTIVIRUS, provided that you have enabled the Check email before sending option. G DATA engine version info and virus news can also be added (Engine version/Virus news).

Scan options

The Scan options section configures the scan parameters for incoming and outgoing emails.

  • Use engines: The G DATA software works with two independently operating virus scanning engines. Using both engines guarantees optimum results for preventing viruses. Using just one engine can have performance advantages.
  • OutbreakShield: OutbreakShield detects and neutralizes threats from malicious programs in mass emails before the relevant up-to-date virus signatures become available. OutbreakShield uses the Internet to monitor increased volumes of suspicious emails, closing the window between a mass mail outbreak and its containment with specially adapted virus signatures, practically in real time. Under Edit, you can specify whether OutbreakShield uses additional signatures to increase detection performance. In addition, you can enter access data here for the Internet connection or a proxy server, which allows OutbreakShield to carry out an automatic signature download from the Internet.

Warnings

The Warnings section configures warning messages for recipients of infected emails.

  • Notify user when a virus has been found: Recipients of an infected message will automatically be notified through a virus warning pop-up.

Outlook protection

Outlook protection enables email scans using an integrated plugin.

  • Protect Microsoft Outlook with an integrated plugin: Activation of this function inserts a new function in the client's Outlook program under the Tools menu, called Scan folder for viruses. Regardless of the G DATA Administrator settings, an individual client user can scan the currently selected email folder for viruses. In the email display window, you can use Check email for viruses in the Tools menu to run a virus check of the file attachments. When the process has been completed, an information screen appears in which the result of the virus check is summarized. Here you can see whether the virus analysis was completed successfully, get information about the number of emails and attachments scanned and about any read errors, as well as any viruses found, and how they were dealt with.

Port monitoring

By default, the standard ports for POP3 (110), IMAP (143) and SMTP (25) are monitored. If your system's port settings are different, you can customize the settings accordingly.

Outlook protection

Outlook Protection enables email scans in Outlook using an integrated plug-in.

Protect Microsoft Outlook with an integrated plug-in: When this function is activated, a new function called Scan folder for viruses is added to the client's Outlook in the Tools menu.


Regardless of the G DATA Administrator settings, the user of the individual client can scan the currently selected mail folder for viruses. Right-click on the folder to be scanned. Select G DATA at the bottom of the menu and then Check for viruses.

Client-settings - Web

The Web panel allows you to define in-depth scan settings for internet traffic and online banking.

If you choose not to check Internet content, the Monitor will engage anyway when a user tries to access infected downloaded files. That means that the system on the respective client is also protected without checking Internet content, as long as the virus monitor is active.

Internet traffic (HTTP)

The section Internet traffic (HTTP) covers scan settings for HTTP traffic.

  • Process Internet traffic (HTTP): HTTP web content is checked for viruses while browsing. Infected web content is not run at all and infected pages are not displayed. If the network is using a proxy to access the Internet, the server port the proxy is using must be entered. Web content control (available in G DATA Endpoint Protection Business) also uses these settings.
  • Avoid browser timeout: Since G DATA software processes web content before it is displayed in the Internet browser, there will be a certain amount of latency, depending on the data traffic. It is possible for an error message to appear in the Internet browser because the browser does not receive data immediately. This error message can be suppressed by enabling Avoid browser timeout. As soon as all browser data have been checked for viruses, they will be transmitted to the Internet browser.
  • Limit file size for downloads: You can disable the HTTP check for web content that is too large. The contents will still be monitored by the virus monitor to check if suspected malicious routines become active. The advantage of enabling the size limit is that there are no delays caused by virus checks when downloading large files.
  • Global whitelist for web protection: Exclude certain web sites from the internet traffic check.

BankGuard

Banking trojans are becoming an ever greater threat. The BankGuard technology secures online banking by checking the validity of network libraries, to make sure the browser is not being manipulated by a banking trojan. This proactive protection works in more than 99% of the cases and even protects from unknown trojans. BankGuard should be activated for all clients that use Internet Explorer, Firefox, and/or Chrome.

Client-settings - AntiSpam

The AntiSpam module is available as part of the Client Security Business, Endpoint Protection Business and Managed Endpoint Security solutions.

If you check the option Use spam filter, client email traffic will be checked for possible spam mails. You can configure a warning message that will be added to the subject line when an email is identified as spam or falls under suspicion of being spam.

If the Microsoft Outlook plugin has been enabled, incoming spam mails will be moved to the AntiSpam folder. For other e-mail clients, spam mails can be automatically moved to a dedicated spam folder by defining a filter rule that matches the spam warning in the subject. To configure AntiSpam settings when using Microsoft Exchange, see Exchange settings > AntiSpam.

Module Exchange settings

G DATA Exchange Mail Security is available as an optional module.

The Exchange settings module offers access to settings for the Exchange plugin of G DATA MailSecurity. The module becomes available as soon as the plugin is installed on Exchange Server 2007 SP1, 2010, 2013, 2016 or 2019.

Exchange settings - General

The General section lets you configure update settings, antivirus protection and scan settings for the Exchange plugin of MailSecurity.

Update virus signatures automatically

Like regular clients, Exchange clients can be updated automatically.

  • Update virus signatures automatically: Enables automatic updating of the virus signatures. At every synchronization interval the Exchange clients check whether new virus signatures exist on the G DATA ManagementServer. If new virus signatures are available, they are automatically installed on the client.
  • Update program files automatically: Enables automatic updating of the program files. At every synchronization interval the Exchange clients check whether updated program files exist on the G DATA ManagementServer. If updated program files are available, they are automatically installed on the client.

Antivirus protection

Enable antivirus protection by checking the On-access scan checkbox. The On-access scan checks all emails, attachments and other objects for malware as soon as they are received or sent. If any malicious content is found, the measures defined under Scan settings are carried out.

Scan settings

The scan settings are similar to those used for Monitor and Scan jobs.

  • Use engines: Define whether both scan engines should be used or only one. The recommended setting is to use both scan engines.
  • If an infected file is found: The Exchange plugin can take care of infected files in various ways similar to the Monitor.
  • File types: To speed up the scanning process, scans can be limited to program files and documents. However, it is recommended to check all files.
  • Use heuristics: Heuristics enable detection of malware based on typical malware characteristics, as an addition to traditional signature-based recognition.
  • Check archives: Archives can be checked for malware inside of them. If malware is found, the archive as a whole will be disinfected or removed, possibly including clean files. If you have configured quarantine measures, the complete email message (including the archive) will be quarantined.

Exchange-settings - AntiSpam

The AntiSpam option of the Exchange plugin makes sure that spam messages are filtered before they even reach the recipient. It is only available on Exchange servers that are running the Hub Transport role.

Spam messages are categorized in three distinct categories: Suspected spam, High spam probability and Very high spam probability. For each of those categories, you can customize the action that the Exchange plugin will take:

  • Reaction
    • Deliver email: The email message will be delivered to the recipient.
    • Move email to Quarantine: The email message will be moved to the Quarantine folder.
    • Reject email: The email message will be rejected.
    • Move email to Spam folder: The email message will be moved to the Spam folder.
  • Subject prefix: Add a prefix to the subject of the email message, such as a [SPAM?] tag.
  • Message in body: Add text to the body of the email message.
  • Create reports: Add a report to the Security events module.

In addition to the three spam categories, you can define a whitelist and a blacklist. Email messages from addresses or domains on the whitelist are never checked for spam; addresses and domains on the blacklist are always treated according to the configuration for Very high spam probability. The whitelist and blacklist can be exported and imported as .json files.

Module Android settings

The Android settings module offers easy access to G DATA Administrator's Android management capabilities.

Android settings - General

Settings

Password: Under Change Password, set a general password for all Android clients. The password must consist of four to five digits that are not consecutive (e.g. 1452; 14789; 11310).

The password can be set separately for each client.


Updates

The Updates section covers settings related to updates.

  • Automatically: You can configure whether the Android client should automatically check for software and virus signatures. If updates are not downloaded automatically, the user can still initiate a manual update. If you choose automatic updates, you can set the Interval and limit the updates to happen only when there is Wi-Fi connectivity.

Web protection

The Web protection blocks phishing websites from being opened in the Android browser and in Chrome. Since some data traffic is required to check the list of phishing websites, web protection can be configured to only look up websites when there is Wi-Fi connectivity. The Web protection section therefore includes the possibility to limit web protection to wireless networks.

  • Web protection: Enable Web protection to protect Android clients when they access the internet. Web protection can be enabled for all web traffic or only when there is wireless
    connectivity.

Virus check

The Virus check section lets you define parameters for on-demand and on-access virus scans.

  • When installing apps: Enable an automatic virus check for newly installed applications.
  • Periodically: Enable a periodic virus check. Tick the checkbox Periodically and specify the Interval.
  • Power save mode: Postpone the periodic virus check if the device is in power save mode.
  • Only while recharging: Run the periodic virus check only when the device is being charged.
  • Type: Scan System (full scan) or only Installed applications.

Synchronization

The Synchronization option defines how often the Android client synchronizes its data with the ManagementServer. You can set an interval and configure synchronization to happen only when there is Wi-Fi connectivity or also when using a mobile network data plan.

Android settings - Policies

By assigning each mobile device a phone type, you can enforce policies. This allows you to block certain device functions from being used on corporate devices and to protect the corporate network.

General settings

Under General settings, select the Phone type for the selected device(s). This decides which settings profile will be used by G DATA Internet Security for Android:

  • Corporate: G DATA Internet Security for Android will use settings from the corporate profile, which is regularly synchronized with G DATA ManagementServer. The user is not allowed access to any settings. This is the recommended setting for corporate devices.
  • Private: G DATA Internet Security for Android will use settings from the private profile, which is not synchronized with G DATA ManagementServer. The user is allowed access to all settings in G DATA Internet Security for Android.
  • Mixed: The user can freely switch between the corporate and private profiles.

Warning: When enabling Private or Mixed mode, the user will gain access to functionality that cannot be managed centrally. Using Corporate mode is recommended for all managed Android devices.

Regardless of the phone type, the following functions can be managed:

  • Allow camera access: Allow access to the device's camera (Android 4.0 and higher).
  • Encryption required: Require full device encryption to be enabled (Android 3.0 and higher).
  • Allow rooted devices: Allow devices that have been rooted. If disabled, rooted devices are blocked using the remote maintenance password defined under Lost/Stolen. If disabled, rooted devices cannot access the wireless network defined under Allow WLAN access if requirements are met.

Allow WLAN access if requirements are met

For devices that have been rooted, access to a specific wireless network can be blocked. This allows you to permit access to the corporate wireless network only for devices that can be securely managed.

Enter the SSID for the corporate network for which access should be enabled. If the network is encrypted, enter the Password and select the Encryption type.

Android settings - Lost or stolen

The Lost/Stolen tab offers a range of functions that help protect devices and their data if they go missing. Devices that are stolen or lost can be remotely locked, wiped, located or muted by sending an SMS from a trusted phone number. Using Firebase Cloud Messaging, these anti-theft functions can also be triggered manually at any time.

Before specifying any anti-theft measures, some general settings should be entered. The Remote maintenance password consists of numbers and functions as a PIN code. When sending SMS commands to the device, the password has to be included to ensure that only authorized users can send commands. The command to remotely reset the maintenance password can only be sent from the Trusted phone number. Some of the SMS commands trigger a report or other notification, which will be sent to the device from which the command was issued. Optionally, they can also be sent to an Email address for notifications. If you enable one or more of the Theft detection options, any available location information will also be sent to this email address.

SMS commands

This function is only available until version 14.3.0 due to changed andoid guidelines.

Under SMS commands, you can define anti-theft actions that can be triggered by SMS. These actions can be triggered by sending the respective command to the device, including the remote maintenance password.

  • Locate device: The device will report its location via SMS. If an email address has been entered under Lost/Stolen, location data will be sent there as well. To trigger this function, send an SMS containing the text password locate.
  • Delete personal data: The device will be reset to its factory settings. All personal data will be wiped. To trigger this function, send an SMS containing the text password wipe.
  • Play ringtone: The device will play a ringtone until Internet Security for Android is started. This will assist in locating lost devices. To trigger this function, send an SMS containing the text password ring.
  • Mute device: If you do not want the device to call attention to itself with ring tones or other signals, it can be muted. This does not include the ring tone that is used to locate lost devices. To trigger this function, send an SMS containing the text password mute.
  • Lock screen: The device screen can be locked to prevent the device from being used. To trigger this function, send an SMS containing the text password lock. If no lock screen password has been set, the remote maintenance password will be used.
  • Set lock screen password: Set a password to unlock the device after sending the lock command. To trigger this function, send an SMS containing the text password set device password:  devicepassword. Make sure to send the lock command to lock the device after setting the password.

To remotely reset the remote maintenance password, send an SMS from the phone number that you specified under Trusted phone number containing the text remote password reset: newpassword.

Theft detection

When deploying Internet Security for Android, it remembers which SIM card is in the device at that time. If this card is changed at any time, for example if the device was stolen and resold, certain actions can be carried out automatically.

  • Lock screen: same functionality as the option under SMS commands.
  • Locate device: same functionality as the option under SMS commands.

Emergency action

Using the internet-based Firebase Cloud Messaging framework, emergency actions can be triggered on Android devices. This has the advantage of working even if a device is being used without a SIM card. Firebase Cloud Messaging must be configured under General settings > Android before using any emergency actions.

Select any of the following actions and click Execute action to send the command to the device:

  • Locate device: same functionality as the option under SMS commands.
  • Mute device: same functionality as the option under SMS commands.
  • Play ringtone: same functionality as the option under SMS commands.
  • Set lock screen to following PIN: same functionality as the option under SMS commands.
  • Enable lock screen with PIN: same functionality as the option under SMS commands.
  • Reset device to factory defaults: same functionality as the option under SMS commands.

Android settings - Apps

The Apps panel lets you configure access to apps on managed devices. To block or allow apps, first decide whether the filter should work in Blacklist or Whitelist Mode. In Blacklist mode, all apps on the blacklist will be blocked or password protected; all others will be accessible. In Whitelist mode, all apps on the list will be allowed or password protected; all others will be blocked. The Password (a  PIN code) is used to access blocked apps. You can also choose to enter a Recovery email address to which the password will be sent in case you forget it.

Under Available apps, all apps that have been installed on the currently selected device(s) are listed. For each app, you can see its Name, Version and Size. Using the arrow controls apps can be moved to the white-/blacklist. For apps on the white-/blacklist, you can enabled or disable Password protection.

Android settings - Phone book

This function is only available until version 14.3.0 due to changed andoid guidelines.

The Phone book panel allows for advanced contacts management. Contacts can be added to a phone book within the Internet Security app and they can be hidden from the device's built-in phone book. In combination with the Apps feature, the Phone book can be configured as a centrally managed replacement for the Android phone book, creating a managed contacts environment for scenarios where the communication possibilities of a mobile device should be limited to a pre-approved subset of contacts.

The main list shows all contacts that have been added to Internet Security's phone book. For each contact, the First name, Last name, Phone number(s) and Address are listed. Using the Visibility dropdown menu, you can decide whether the contact should be Visible in the Android phone book, Hidden from the Android phone book, or if its calls and SMS messages should be hidden (Communication hidden).

To add a contact to the phone book, click Add contact. The Contact database window will show all contacts that have been defined. Select one or more contacts and click Choose to add the contacts to the phone book. To remove a contact from the phone book, click Remove contact.

To add a contact to the contact database, click the button Create contact in the toolbar or Import contacts to import contacts from an Active Directory Organizational Unit (OU). When creating a contact, you should at least enter a First name or Last name. Additionally, one or more addresses can be added, as well as email addresses, phone numbers, fax numbers, and organizations. To remove a contact from the contact database, select it and click the Delete icon in the toolbar or the option Delete in the context menu.

Android settings - Calls and SMS

This function is only available until version 14.3.0 due to changed andoid guidelines.


Incoming calls/SMS

Under Incoming calls/SMS, you can define how Internet Security should treat incoming communication. Uncheck Allow anonymous calls despite filter to block all anonymous incoming calls. Enabling the additional option Add phone book to the filter entries will allow contacts with an entry in the Android or Internet Security phone books through the filter, in addition to any whitelisted contacts.

Under Filter mode, you can define specific measures for incoming calls and SMS messages. Select Blacklist to allow all communication, except from the contacts that are on the list. Select Whitelist to block all communication, except from the contacts that are on the list. By clicking Add contact, you can add any contact from the contact database to the list. Click Remove contact to remove a contact from the list.

Outgoing calls

Under Outgoing calls, you can define how Internet Security should treat outgoing phone calls. Enabling the additional option Add phone book to the filter entries will allow contacts with an entry in the Android or Internet Security phone books to be contacted, in addition to any whitelisted contacts.

Under Filter mode, you can define specific measures for outgoing calls. Select Blacklist to allow all communication, except from the contacts that are on the list. Select Whitelist to block all communication, except from the contacts that are on the list. By clicking Add contact, you can add any contact from the contact database to the list. Click Remove contact to remove a contact from the list.

If an attempt is made to call a blocked contact, the user will be informed and offered the possibility to request the contact to be permitted. The permission request will be added to the Security events module. It can be used by the administrator to directly add a blacklist or whitelist exception for the contact.

Module Tasks

In the Tasks module you can define client and group tasks (jobs). There are two different job types: single jobs and periodic jobs. Single jobs are performed once at a specific time; for periodic jobs, a schedule is defined. You can define as many different jobs as you would like. For performance reasons, it generally makes sense that jobs do not overlap in time.

In the Tasks area, the following data are listed for every job:

  • Name: The job name you entered. You can enter a name of any length.
  • Type: The type of job, such as a scan job or a software recognition job.
  • Client: The clients for which the job was created. You can only create jobs for enabled clients.
  • Group: If you create a group job, the group name will be displayed, rather than the individual clients.
  • Status: The status or the results of a job. For example, you can see whether the job has just run or has been completed, and also find out if any viruses were found.
  • Last execution: When the respective job was last run.
  • Interval: This column shows the cycle with which the job will be repeated according to the defined schedule.
  • Scope: Find out which media (e.g. local hard disks) are included in the job.

To edit tasks, select the Properties command from the context menu (by right-clicking).

The following options are available in the toolbar above the task list:

  • Refresh
  • Delete
  • Single scan job: Define a single scan job for clients or client groups. In the configuration dialog, the time, scope, and additional scan settings can be defined on their respective tabs.
  • Periodic scan job: Define a periodic scan job.
  • Backup job: Define a backup job for clients or client groups (optional Backup module).
  • Restore job: This function allows you to restore backups to clients or groups (optional Backup module).
  • Patch applicability job: List software and patches that have been installed on clients (optional PatchManager module).
  • Software distribution job: Schedule software and patch distribution (optional PatchManager module).
  • Run now: Re-run single scan jobs which have already been run or canceled. For periodic scan jobs, this function runs the job immediately, regardless of schedule.
  • Logs: View the logs relating to a particular client's jobs.
  • Display group jobs in detail: Displays all associated entries with group jobs. The option is only available if a group is selected in the computer list.

When the Tasks module is selected, an additional menu entry named Tasks becomes available in the menu bar. The following options are included:

  • Display group jobs in detail
  • Run now: Re-run single scan jobs which have already been run or canceled. For periodic scan jobs, this function runs the job immediately, regardless of schedule.
  • Cancel: Cancel a running job.
  • Delete: Delete selected jobs.
  • Restore backup: Restore backups to clients or groups (optional Backup module).
  • Add: Create a job.

Tasks - Single scan job 

The New scan job window lets administrators define a single or periodic scan job. A complete job configuration consists of three aspects: Job scheduling, Scanner settings and Analysis scope, each covered by their respective window tabs.

Which options are available on the tabs depends on the type of client that the job is being planned for. For example, when planning a job for an Exchange server (if Exchange Mail Security has been installed), options that deal with threats specific to desktop clients are not available.

Job scheduling

The Job scheduling tab lets you plan the scan job:

  • Job name: Specify which name the scan job should have. You can enter meaningful names here such as Archive scan or Monthly scan to clearly label the job so that it can be found again in the table overview.
  • Schedule (Periodic scan job): For periodic scan jobs, this option specifies when and at what intervals the virus check should occur. If you select On system startup the scheduling defaults no longer apply and the G DATA software will run the scan each time your computer is restarted. For Daily jobs, you can specify under Weekdays on which specific days of the week the job should be carried out.
  • Time: Use this option to set a specific start time. For single scan jobs without start time, the scan job will be started immediately after creation.
  • Settings
    • Allow the user to halt or cancel the scan job: Permissions can be granted to the users for pausing or aborting the job via the system tray context menu.
    • Notify the user when a virus has been found: Displays a notification on the client when a virus is found.
    • Report scan progress to the ManagementServer (every 2 minutes): Enable this option to report the status of a scan job to the server.
    • Shut down client after scan job, if no user is logged on: The client can be shut down automatically after the scan job is finished.
    • Run scan job later if a client is not powered up at the scheduled time: If a computer is not switched on at the scheduled time of a periodic scan job, the scan job can be started later by ticking this option.
  • User context (optional): If the scan job includes network shares, they should be entered as a UNC path instead of using mapped network drives. If the client's machine account (e.g. Client001$) has no permissions to access a share, enter a User name and Password for an account with the appropriate permissions here.

Scanner

The Scanner tab shows the settings with which the scan job will be executed. The following options are available:

  • Use engines: The G DATA software works with two independently operating virus scanning engines (see Client settings > Monitor).
  • If an infected file is found: Specify what should happen if an infected file is detected (see Client settings > Monitor).
  • Infected archives: Specify here how infected archives are to be treated (see Client settings > Monitor).
  • File types: Here you can define the file types G DATA should check for viruses. Please bear in mind that checking all files on a computer can take considerable time.
  • Priority scanner: You can use the levels High, Medium and Low to specify whether the virus check should have high priority on the client (in which case the analysis is relatively quick and other applications may run more slowly during the analysis) or low priority (the analysis requires more time, so that other applications can continue to run relatively unaffected). Which priority to choose mostly depends on the point of time at which the virus check will be carried out.
  • Settings: Specify the additional virus analyses you want the G DATA software to perform. The default options are the recommended ones, but depending on the type of application, the time gained by omitting these checks may outweigh the slightly reduced level of security. Most of the settings are identical to those found on the panel Client settings > Monitor, but the following ones are specific to scan jobs:
    • Check for rootkits: A rootkit attempts to evade conventional virus detection methods. You can use this function to specifically search for rootkits, without checking all hard drives and files.
    • Use all available CPUs: With this option, you can distribute the virus checking load on systems with multiple processor kernels over all the processors with the result that the virus checking runs considerably quicker. The downside to this option is that less processing power is available for other applications. This option should only be used if the scan job is executed at times when the system is not regularly used (e.g. at night).

Analysis scope

Using the Analysis scope tab, you can limit the scan job to specific directories (when planning a scan job for a client) or mailboxes (when planning a scan job for an Exchange server). The folder selection window allows you to pick folders from both the PC on which Administrator is running and on clients. When including network shares, they should be defined as a UNC path instead of using mapped drives. The Analysis scope can be used to exclude folders, for example those with rarely used archives (which can then be checked in a separate scan job).

Tasks - Periodic scan job

The New scan job window lets administrators define a single or periodic scan job. A complete job configuration consists of three aspects: Job scheduling, Scanner settings and Analysis scope, each covered by their respective window tabs.

Which options are available on the tabs depends on the type of client that the job is being planned for. For example, when planning a job for an Exchange server (if Exchange Mail Security has been installed), options that deal with threats specific to desktop clients are not available.

Job scheduling

The Job scheduling tab lets you plan the scan job:

  • Job name: Specify which name the scan job should have. You can enter meaningful names here such as Archive scan or Monthly scan to clearly label the job so that it can be found again in the table overview.
  • Schedule (Periodic scan job): For periodic scan jobs, this option specifies when and at what intervals the virus check should occur. If you select On system startup the scheduling defaults no longer apply and the G DATA software will run the scan each time your computer is restarted. For Daily jobs, you can specify under Weekdays on which specific days of the week the job should be carried out.
  • Time: Use this option to set a specific start time. For single scan jobs without start time, the scan job will be started immediately after creation.
  • Settings
    • Allow the user to halt or cancel the scan job: Permissions can be granted to the users for pausing or aborting the job via the system tray context menu.
    • Notify the user when a virus has been found: Displays a notification on the client when a virus is found.
    • Report scan progress to the ManagementServer (every 2 minutes): Enable this option to report the status of a scan job to the server.
    • Shut down client after scan job, if no user is logged on: The client can be shut down automatically after the scan job is finished.
    • Run scan job later if a client is not powered up at the scheduled time: If a computer is not switched on at the scheduled time of a periodic scan job, the scan job can be started later by ticking this option.
  • User context (optional): If the scan job includes network shares, they should be entered as a UNC path instead of using mapped network drives. If the client's machine account (e.g. Client001$) has no permissions to access a share, enter a User name and Password for an account with the appropriate permissions here.

Scanner

The Scanner tab shows the settings with which the scan job will be executed. The following options are available:

  • Use engines: The G DATA software works with two independently operating virus scanning engines (see Client settings > Monitor).
  • If an infected file is found: Specify what should happen if an infected file is detected (see Client settings > Monitor).
  • Infected archives: Specify here how infected archives are to be treated (see Client settings > Monitor).
  • File types: Here you can define the file types G DATA should check for viruses. Please bear in mind that checking all files on a computer can take considerable time.
  • Priority scanner: You can use the levels High, Medium and Low to specify whether the virus check should have high priority on the client (in which case the analysis is relatively quick and other applications may run more slowly during the analysis) or low priority (the analysis requires more time, so that other applications can continue to run relatively unaffected). Which priority to choose mostly depends on the point of time at which the virus check will be carried out.
  • Settings: Specify the additional virus analyses you want the G DATA software to perform. The default options are the recommended ones, but depending on the type of application, the time gained by omitting these checks may outweigh the slightly reduced level of security. Most of the settings are identical to those found on the panel Client settings > Monitor, but the following ones are specific to scan jobs:
    • Check for rootkits: A rootkit attempts to evade conventional virus detection methods. You can use this function to specifically search for rootkits, without checking all hard drives and files.
    • Use all available CPUs: With this option, you can distribute the virus checking load on systems with multiple processor kernels over all the processors with the result that the virus checking runs considerably quicker. The downside to this option is that less processing power is available for other applications. This option should only be used if the scan job is executed at times when the system is not regularly used (e.g. at night).

Analysis scope

Using the Analysis scope tab, you can limit the scan job to specific directories (when planning a scan job for a client) or mailboxes (when planning a scan job for an Exchange server). The folder selection window allows you to pick folders from both the PC on which Administrator is running and on clients. When including network shares, they should be defined as a UNC path instead of using mapped drives. The Analysis scope can be used to exclude folders, for example those with rarely used archives (which can then be checked in a separate scan job).

Tasks - Backup jobs

Backup is available as an optional module.

Using backup jobs, administrators can plan backup tasks for client data in order to centrally safeguard essential files.

Job scheduling

A Job name for the backup job must be entered. It is recommended that you use a self-explanatory name to make it easier to identify individual backup jobs. You can set up Full backups or Partial backups (differential) at defined times. A partial backup only saves files that have been altered since the last full backup. In this case, the backup job will need less time, but restoring a partial backup takes longer because it needs to be rebuilt from multiple backup files.

Enable Do not run backup when running on battery to prevent burdening mobile computers running in battery mode with a backup job. The backup will be postponed until the client is connected to a power supply. For Daily jobs, you can specify under Weekdays on which specific days of the week the job should be carried out.

Server-side backup storage paths as well as quota notifications can be configured under General settings > Backup.

File/directory selection

The File/directory selection tab lets you select which folders from which clients or groups will be backed up. Under Backup scope, add folders from any of the clients. Exclude files allows you to define files and folders to be excluded from the backup. There are several general options, such as Temporary internet Files and Thumbs.db, but you can also define custom file types by adding their extension to the file type list.

If the generated backup should be saved in a particular directory prior to transmission to the ManagementServer, this can be indicated under Cache. If the option Use client standard path is enabled and an absolute path is indicated, the backup will be buffered in the specified directory. If this option is not enabled, G DATA Security Client will always buffer the backup on the partition containing the most free disk space. The directory G DATA\Backup will be created in the root directory of the
partition.

Tasks - Restore jobs

Backup is available as an optional module.

Restore jobs can be planned in several ways. In the Tasks menu, select New > Restore job to plan a new restore job. The Restore job toolbar button opens the same window, allowing you to select a backup to restore. Alternatively, you can look up the backup in the list of backup jobs. Right click a job and click Restore backup to open the Restore backup window.

The Restore backup window shows some basic information about the selected backup job. It contains one or more backups, depending on how often the job was run. For every backup, the list shows Backup time, Client, Type of backup, Number of files and Size (in MB). In the Restore on client dropdown, you can select the client to which the backup should be restored (this does not need to be the client from which the files were backed up). Select the appropriate backup and click OK to open the Restore settings window.


The restore settings can be configured on two tabs. File selection allows you to browse through the backup. Click Only restore selected files from the archive to enable the folder tree in which you can select the files to be restored. Click Restore all files within the archive to disable the folder tree and restore all files instead. The Options tab lets you configure restore job settings. You can add a descriptive title to the restore job under Job name. Files can be restored to the directory they were backed up from if you select Restore files to original directory, or to another directory if you select one under Target directory. Finally, you can decide what should happen to file conflicts under Overwrite existing files. Upon confirming the recovery settings, a restore job will be added to the Tasks module. It will be carried out immediately.

Tasks - Patch applicability jobs

PatchManager is available as an optional module.

Patch applicability jobs can be planned to check if one or more patches are applicable to clients or groups.

Patch applicability jobs can be scheduled using the following options:

  • Execution: Decide when the patch applicability job should be run:
    • Scheduled: Run the patch applicability job according to a Schedule, which can be defined using one of the following parameters: Immediately, Once, Hourly, Daily, Weekly, Monthly or On Internet connection.
    • As soon as available: Run the patch applicability job each time a new patch is released.

To select the patches for which applicability should be checked, use one of the two Scope options:

  • Specific patch: Choose one or more patches from a list.
  • Using attributes: Use Attributes to select a range of patches using keywords. To add a specific attribute (Vendor, Product name, Urgency, Language) as a filter criterium, tick the checkbox and enter a keyword. This way you can check applicability for patches from a specific publisher or only for specific versions. Wildcards like ? and * can be used. Enable the option Patches only if the job should not check full software packages and upgrades for applicability.

Select Automatically install applicable patches to make sure that each time a patch is found to be applicable, it is installed automatically.

If the Patch applicability job is being planned from PatchManager's Status overview module, the job applies to the patch and clients that were selected there. If it is being planned from the Patch configuration module, you need to select the client(s) for which applicability should be checked. If it is being planned from the Tasks module, you need to select the patch(es) for which applicability should be checked - the job will be run on the currently selected group or client.

Tasks - Software distribution jobs

PatchManager is available as an optional module.

To distribute applicable patches to clients or groups, you can define a software distribution job. Software distribution jobs can be managed and scheduled using the Planning options:

  • Immediately: The software distribution job will be run immediately.
  • Immediately after the boot process: The software distribution job will be run after the nextboot.
  • Immediat ely after logging in: The software distribution job will be run after the next time anend user logs in to the client.
  • Only load at specified time: Schedule the job to be run at a specific time (the other scheduling options will not come into effect until this point in time has been reached).
  • Load with delay: Schedule a delay in starting the job. That way, the boot process and distribution job won't influence client performance at the same time.

If the Software distribution job is being planned from PatchManager's Status overview module, the job applies to the patch and clients that were selected there. If it is being planned from the Patch configuration module, you need to select the client(s) on which the patch should be installed. If it is being planned from the Tasks module, you need to select the patch(es) that need to be installed - they will be installed on the currently selected group or client.

Tasks - Rollback jobs

PatchManager is available as an optional module.

Using rollback jobs you can uninstall previously deployed patches. Right-click the respective distribution job in the Tasks overview and choose Rollback. Alternatively, select the specific client and patch in PatchManager's Status overview panel and choose Rollback from the context menu.

The Update rollback window lets you enter a Job name to easily identify the rollback job. After entering the name, click OK to add the job to the Tasks list. It will be executed immediately.

Module PolicyManager

The PolicyManager module is available as part of the Endpoint Protection Business and Managed Endpoint Security solutions.

PolicyManager includes application, device, and web content control as well as monitoring of Internet usage time. These functions allow comprehensive implementation of company guidelines for the use of internal company PCs. Using the PolicyManager a system administrator can define whether and to what extent external mass storage or visual media can be used. Similarly, one can also define which websites may be visited and which programs may be used on the company PCs.

PolicyManager - Application control

Application control can be used to restrict the use of specific programs.

Under Status, specify whether the limitations should apply to all users (including administrators) or only to users who do not have administrator rights on the client.

Under Mode, specify whether the application control list should be a whitelist or a blacklist:

  • Whitelist: Only the applications listed here can be used on the client computer.
  • Blacklist: Applications listed here cannot be used on the client computer.

A new rule can be defined using the New button. Rules are categorised as one of three types:

  • Vendor: Manufacturer information contained in program files can be used to allow or block use of these applications. You can either enter the vendor's name here yourself or select a specificfile via the ... button, using which the manufacturer information can be read and imported.
  • File: Block or allow specific program files for the particular client. You can either enter the filename to generally forbid or allow access to files with this name or click the button Determine file attributes to define a file based on its properties. If necessary, you can use an asterisk (*) as a placeholder at the start and/or end of the File name, Product name and Copyright properties.
  • Directory: You can enable or block complete directories for clients (if necessary, including their subdirectories).

PolicyManager - Device control

Device control can be used to restrict access to external storage media. Users can be prevented from using USB sticks or other external storage media utilizing the USB port, as well as CD/DVD drives and even webcams.

Under Status, specify whether the limitations should apply to all users (including administrators) or only to users who do not have administrator rights on the client.

Under Devices, device usage can be restricted per Device type using the following settings:

  • Permission
    • Read/write: Full access to the device is allowed.
    • Read: Media can only be read; saving data is not permitted.
    • Deny access: Both read and write access to the device are not permitted. The device cannot be accessed by the user.
  • Temporary permission: If a device has been temporarily permitted through a PolicyManager request in the Security events module, the time frame is displayed here. Click the X icon to cancel the temporary permission.

By using the Exceptions settings, you can allow access to devices to which you had previously limited access in some way or another (Read / Deny access). When you click the Add button a dialog window opens in which you can define a new exception:

  • Device: Select the type of device for which you are adding an exception.
  • Rule enabled: The exception is only active if this checkbox is selected.
  • Type
    • Device type exception: The exception will be defined for the selected Device type as a whole.
    • Hardware ID/medium ID exception: The exception will be defined for a specific instance of the selected Device type (e.g. a specific DVD or USB stick), to be specified under Hardware ID/medium ID.
  • Permission: Select the type of permission to be allowed.
  • Hardware ID/medium ID: If you have selected Hardware ID/medium ID except ion, enter the respective ID here. Click the ... button to determine a specific hardware or medium ID:
    • Select source: Select (Local search...) to look for hardware and media IDs on computer on which G DATA Administrator is installed. Alternatively, select a client from the list to look for IDs on the respective client computer.
    • Device: Select Use medium ID to display IDs of media (e.g. CD/DVD) or Use hardware ID to display IDs of hardware.
  • Configure Windows users/groups: If the exception should be limited to specific Windows users of groups, enter them here. Multiple entries should be separated by commas or line breaks.
  • Note: Add a note to the exception (e.g. to be able to tell similar exceptions apart).

PolicyManager - Web content control

Web content control is used to provide users with Internet access within the scope of their duties while preventing visiting non-desirable websites or websites in particular subject areas. You can select or block certain areas by checking or unchecking a checkbox for the client in question. The categories cover a large number of subject areas and are constantly updated by G DATA. Network administrator costs associated with maintaining white- and blacklists thus no longer apply.

Under Status, specify whether the limitations should apply to all users (including administrators) or only to users who do not have administrator rights on the client.

Under Global exceptions, it is possible to ensure that certain websites are blocked or allowed company-wide across the entire network, regardless of any settings that have been made under Allowed categories. To do this, click Add, select Allow or Block, enter the Address (without protocol) and click OK to add the exception. Click Edit to edit an existing exception or Delete to delete exception(s).

PolicyManager - Internet usage time

On the Internet usage time panel, general use of the Internet can be restricted to certain times. Setting up time quota for Internet usage is also possible.

Under Status, specify whether the limitations should apply to all users (including administrators) or only to users who do not have administrator rights on the client. On the right side, you can use theavailable controls to specify the quota available for Internet usage. Daily, weekly or monthly quotas can be issued; for example, the specification 0420:05 corresponds to an Internet usage time of 4 days, 20 hours and 5 minutes.

When there are conflicting settings for Internet usage, the smallest value is used. If you set atime limit of four days per month, but a weekly limit of five days, then the software will automatically limit Internet usage to four days.

If users try to access the Internet beyond their permitted amount of time, an information screen appears telling them that they have exceeded their allotted time. The area with time restrictions allows you to, in addition to limiting Internet usage times, block particular time periods. The blocked time periods are shown in red; the allowed time periods are shown in green. In order to allow or block a time period, highlight it using the mouse. A context menu then appears next to the cursor in which you have two options: Allow time and Block time. If users try to access the Internet during the blocked periods, an information screen will appear in the browser informing them that they do not have Internet access during that period.

Module Firewall

The Firewall module is available as part of the Client Security Business, Endpoint Protection Business and Managed Endpoint Security solutions.

Firewall - Overview

The Overview tab allows you to configure firewall settings for the selected clients.

Settings

The Settings section covers general firewall settings:

  • Enable G DATA Firewall: Enable/disable the firewall. Note: From version 14 onwards, clients that do not yet have the firewall component installed, need to be updated to the new version before the firewall can be enabled.
  • Report blocked applicat ions: If the client computer is connected to G DATAManagementServer, the system administrator will be notified in the Security events module when applications have been blocked by the client firewall.
  • Rule set: Select the rule set that should be used by the client:
    • Autopilot mode: The rules are automatically configured by G DATA and the firewall carries out its tasks in the background, without interrupting the user. In Autopilot mode, the firewall optimizes its rule set autonomously over time.
    • Any of the rule sets that have been created on the Rule sets panel.

Run in internal network

Under Run in internal network, define settings that apply when the client is used within the ManagementServer network:

  • Allow user to enable/disable the firewall: As network administrator, you can allow the user of the client to temporarily disable the firewall. This option is only available if the client is inside the company network and should only be enabled for competent users.

Run outside internal network

Under Run outside internal network, define settings that apply when the client is used outside theManagementServer network:

  • Use off-site configuration for mobile clients: To optimally protect mobile computers whenever they are outside of the G DATA ManagementServer network, the firewall rule set can be automatically replaced by an off-site rule set. As soon as the mobile computer is reconnected to the G DATA ManagementServer network, the regular rule set is automatically restored. Note: The off-site configuration can only be used if the firewall is not being operated in autopilot mode when running in the internal network. If a client uses autopilot in the internal network, that setting is also used when the client is outside the internal network.
  • Rule set: Select the off-site rule set that should be used by the client:
    • Autopilot mode (see Firewall > Overview > Settings).
    • Any of the rule sets that have been created on the Rule sets panel.
  • Allow user to change the off-site configuration: Allow users to configure their firewall when they are outside of the network. As soon as the mobile computer reconnects to the G DATA ManagementServer network, the changes made will be replaced with the rules put in place by the network administrator.

Firewall - Rule sets

On the Rule sets panel you can create rule sets for various network zones. Each rule set can contain any number of firewall rules.

The currently selected rule set is listed under Rule set. Rule sets can be managed using the New, Delete, Import and Export buttons. Under Settings, the following settings can be configured:

  • Name: The name of the selected rule set.
  • Note: A description of the selected rule set.
  • Stealth mode enabled: Block requests to the computer that try to verify a port's accessibility. This makes it difficult for attackers to obtain system information.

Firewall - New rule set

Enter a Name for the rule set and an optional Note. Select Stealth mode enabled to block requests
to the computer that try to verify a port's accessibility.

Under Select the rules from the default rule set that should be used, pick one or more predefined
rules to add to the rule set. After clicking OK, the rule set will be shown in the Rule sets overview.

Firewall - New rule/Edit rule

Under Rules, use the New or Edit buttons to add a rule to the current rule set or to edit an existing rule.

Name: For pre-defined and automatically generated rules, this field displays the program name to which the rule applies.

Rule enabled: Enable/disable a rule without actually deleting it.

Note: This indicates how the rule was created. Pre-defined rule is listed next to preset rules; Generated in response to alert is listed next to rules that arise from the dialogue from the Firewall alarm; and, for rules that you generate yourself via the advanced dialogue, you can insert your own comment.

Connection direction: Specify if the selected rule applies to inbound or outbound connections, or both.

Access: Allowed or denied access for the program within this rule set.

Protocol: Select the connection protocols you want to permit or deny access. You can universally block or enable protocols or link use of a protocol to one or more specific applications (Assign application). Similarly, you can use the Assign port button to specify the ports that you do or do not wish to use.

Time frame: Set up time-related access to network resources to ensure, for example, that the network can only be accessed during a normal working day and is blocked at all other times.

IP space: It is advisable to regulate network use by restricting the IP address range, especially for networks with fixed IP addresses. A clearly defined IP address range  significantly reduces the risk of attack from a hacker.

Firewall - Rule wizard

The Rule wizard helps you add rules to the selected rule set or to modify existing rules.

The following actions are available in the Rule wizard:

  • Grant or deny access for a specific application: Select a targeted application and permit or prohibit access to the network as part of the selected rule set. Simply use the wizard to select the desired program (program path), then indicate under Connection direction whether the program is to be blocked for inbound connections, outbound connections, or both. This enables you, for example, to prevent your MP3 player software from forwarding data about your listening habits (outbound connections) or to ensure that program updates are not downloaded automatically (inbound connections).
  • Open or close a specific port: The wizard provides the option of blocking ports completely orenabling them for a particular application only (e.g. CRM software).
  • Add one or more default rules: Add rules from the default rule set to the selected rule set.
  • Copy an existing rule

Module PatchManager

PatchManager is available as an optional module.

PatchManager allows you to control patch deployment for all managed machines from one single interface. You can use PatchManager to manage updates for software from Microsoft and other parties. Each patch can be checked for applicability, blocked, distributed or rolled back, grouped or individually.

PatchManager - Overview

The Status overview panel provides a detailed view of patches and their deployment status within the network. It lists all of the available patches, alphabetically, once for every client. The extensive list lets you check whether clients have been provided with all relevant patches and allows you to directly schedule patch deployment. A set of charts shows at-a-glance information about pending patches and can be used to quickly assess whether there are any important patches that need to be installed.

By default, the list of patches is grouped by Status, Priority, Vendor and Product, to quickly assess whether essential patches have been installed yet or not. The default display filter settings exclude full software installers from the list, as well as any blocked entries. Click Reset all filters to reset the display filter. Patches that replace a previous patch can be expanded: click the plus sign to display all superseded patches.

Per patch and client, several types of patching jobs can be planned. Right-click one or more patches and select one of the following options:

  • Check patches for applicability: Plan a job that checks if the selected patches apply to the selected client(s) using the Patch applicability job window.
  • Install patches: Plan a job that installs one or more patches on the selected client(s) using the Software distribution window.
  • Rollback: Plan a rollback job for patches that have already been deployed to the selected client(s) using the Rollback window.
  • Block patches: Block one or more patches that should not be distributed to clients. Blocked patches will be ignored when carrying out automated applicability and distribution jobs. When manually planning an applicability or distribution job, blocked patches are hidden by default.
  • Unblock patches: Unblock one or more patches.
  • Properties: View more information, including a full description and license.

The Status column displays the status of every patch and its planned or running patching jobs (e.g. Scanning while a job is being carried out or Not applicable when the patch does not apply).

PatchManager - Settings

The Settings panel controls several options related to patch deployment.

  • Enable PatchManagement: Enable or disable PatchManager.
  • Mode: Decide whether PatchManager should run any automated applicability or installation jobs:
    • Manually: PatchManager will not run any automated applicability or installation jobs.
    • Automatically check patches with high priority for applicability: Whenever a high priority patch is released, PatchManager will automatically run an applicability job on all clients. This saves the effort of planning separate patch applicability jobs.
    • Automatically install patches with high priority: Whenever a high priority patch is released, PatchManager will automatically run an installation job on all clients (which installs the patch if it is applicable). Patch deployments can potentially cause compatibility problems. It is recommended to test patches on a non-production system before deploying them to production clients.
  • Allow the user to view and request patches: Allow end users to view available patches and submit a request for deployment.
  • Allow the user to refuse patch installation: Allow end users to (temporarily) refuse patch installation. You can select how many refusals are allowed until installation is forced, and how often patch installation should be attempted.

PatchManager - Patch configuration

The Patch configuration panel lists all available patches and lets you configure them. A set of charts shows statistics about patches, products, and vendors.

By default, the list of patches is grouped by Vendor, Product and Priority, allowing you to quickly find patches by product. The default display filter settings exclude full software installers from the list, as well as any blocked entries. Click Reset all filters to reset the display filter. Patches that replace a previous patch can be expanded: click the plus sign to display all superseded patches.

Per patch, several types of patch jobs can be planned. Right-click one or more patches and select one of the following options:

  • Check patches for applicability: Plan a job that checks if the selected patch(es) apply to client(s) using the Patch applicability job window.
  • Install patches: Plan a job that installs one or more patches on client(s) using the Software distribution window.
  • Block patches: Block one or more patches that should not be distributed to clients. Blocked patches will be ignored when carrying out automated applicability and distribution jobs. When manually planning an applicability or distribution job, blocked patches are hidden by default.
  • Unblock patches: Unblock one or more patches.
  • Properties: View more information, including a full description and license.

The Priority column displays the priority of every patch. The default priority is based on the PatchManager database, but can be edited (Low, Normal, or High).

Module Logs

The Logs module displays client-side Security events such as virus reports and PolicyManager requests, and Infrastructure logs such as changed settings and scan job status information.

Logs - Security events

The Security events panel includes virus results, PolicyManager requests, PatchManager reports, and firewall reports, as well as system messages about installations, reboots, etc. The event type is displayed in the Status column (e.g. Virus found or Quarantine: file moved to quarantine).

If you have configured scan jobs to only log viruses, you can execute virus countermeasures manually by selecting one or more entries from the list and choosing a command from the context menu (right mouse button), the Security events menu or the toolbar. Countermeasures available include removing and quarantining infected files.

You can customize the table to display more or fewer columns. For instructions on how to do this, see G DATA Administrator controls.

The Security events menu and the right-click context menu offer the following functions:

  • View: Indicate whether you would like to see all reports, or only a subset of report types:
    • Hide dependent reports: If identical reports are available (based on the Client, Reported by and File / Mail / Content fields), you can hide the duplicate entries using this option. Only the most current entry is shown.
    • Hide read reports: Hide reports that have already been read.
  • Remove virus from file (only for virus reports): Attempt to remove the virus from the original file.
  • Move file to quarantine (only for virus reports): Move the selected files into the quarantine folder. The files will be encrypted and saved in the quarantine folder on the G DATA ManagementServer, and the original files will be deleted. The encryption ensures that the virus cannot cause any damage. For each quarantined file, there is a corresponding report. If you delete the report, the quarantined file is also deleted. You can send a file from the quarantine folder to the G DATA Security Labs for examination. Open the context menu of a quarantine report with a right-click. In the report dialog, click the OK button after entering the submission reason.
  • Delete file (only for virus reports): Deletes the original file on the client.
  • Define monitor exception (only for monitor reports; only in the context menu): Create a monitor whitelist entry based on the report (see Client settings > Monitor > Settings).
  • Define ExploitProtection exception (only for ExploitProtection reports; only in the context menu): Create an ExploitProtection whitelist entry based on the report (see Client settings > Monitor > ExploitProtection).
  • Revoke keyboard authorization: Revokes the authorization for a keyboard that was detected by USB Keyboard Guard and authorized by the end user.
  • Quarantine: clean and move back (only for quarantine reports): An attempt is made to remove the virus from the file. If this succeeds, the cleaned file is moved back to its original location on the client. If the virus cannot be removed, the file will not be moved back.
  • Quarantine: move back (only for quarantine reports): Moves the file from the quarantine folder back to the client. Warning: The file will be restored to its original state and will still be infected.
  • Quarantine: send to G DATA Security Labs (only for quarantine reports): If you discover a new virus or an unknown phenomenon, always send us the file via the Quarantine function. We will, of course, treat the data you have sent us with the utmost confidentiality and discretion.
  • Quarantine: delete file and report (only for quarantine reports): Delete the selected report and remove the file from the quarantine.
  • Add URL to whitelist (only for Web content control reports): Add the requested URL to the global whitelist.
  • Add URL to blacklist (only for Web content control reports): Add the requested URL to the global blacklist.
  • Delete report: Deletes the selected reports. If reports to which a quarantine file belongs are to be deleted, you must confirm the deletion once more. In this case, the quarantined files are also deleted.
  • Export reports (only in the context menu): Export the selected report(s) or the entire list as an XML file.
  • Mark as read (only in the context menu): Mark the selected reports as read.
  • Mark as unread (only in the context menu): Mark the selected reports as unread.
  • Details/Actions (only in the context menu): Some events allow you to directly plan a job. For example, if a client has requested a patch rollback, you can right click on the rollback request and select Details/Actions. In the Distribute software (rollback) window you can then directly plan a rollback job, without having to open the PatchManager module to select the patch and client.


Release blocked applications

Users can request a share for blocked applications, which will appear in the security events.

To share an application, click the Application(s) blocked entry.

Select the type of sharing and confirm it with Perform action.

You can still enter a message text or use the standard text.

If you want to activate the application for several users, but not all users should see the message, then enter the user who should receive the message under User Name (optional).

Confirm your entries with OK.

Comments can be written for the safety events.

The comment column can be displayed via Select columns.

A comment can be written by double-clicking in the comment column. Alternatively, right-click on the line to open the menu and select Edit comment.

A free text field opens. When a comment is opened later, the history for the entry is displayed.

Logs - Infrastructure logs

The Infrastructure logs panel displays client status information such as scan job status updates, virus signature updates and changes to settings.

The right-click context menu offer the following functions:

  • Refresh
  • Delete
  • Mark as read: Mark the selected reports as read.
  • Mark as unread: Mark the selected reports as unread.
  • Export: Export the selected report(s) or the entire list as an XML file.

The toolbar of the Infrastructure logs tab offers the following options and filter settings:

  • Refresh
  • Delete
  • Print
  • Print preview
  • Hide read reports: Hide reports that have already been read.
  • Time frame

Module Statistics

In the Statistics module, you can check statistical information about virus occurrences and client/ Exchange Server email infections, as well as the security status of the managed network. Various views are available: the data can be displayed as text or shown graphically (column or pie chart). The relevant view can be selected under Display mode. It contains data on the status of the Clients (not available if an Exchange server has been selected), the Detection method, the Virus hit list and the Hit list of neutralized infections.

ManagementServer Modules

Module Server

Server - Overview

The Overview panel can be used to check on server status information and to install and manage subnet servers. It displays the following server properties:

  • Name: The server name.
  • Type: The server type (Main server, Subnet server, Secondary server).
  • Server: The name of the governing ManagementServer (only for subnet servers and secondary servers).
  • Number of clients: The number of clients currently assigned to the selected server.
  • Last access: The timestamp of the last synchronization with the main ManagementServer (only for subnet servers).
  • Status as per: The last signature update attempt.
  • Version: Version number and date.
  • Status: Server status information, such as its update status.
  • Program update: If an update is available for a subnet server, the status is displayed here.

The toolbar and the right-click context menu contain the following options:

  • Refresh
  • Server setup wizard
  • Delete: Remove one or more subnet server(s) from the list. This does not remove the actual software from the subnet server.
  • Synchronize (context menu only): Initiate a manual synchronization of the selected subnet server(s).
  • Assign clients: Assign existing clients or groups to subnet servers that bundle the communication of these clients with the main server to optimize network utilization. The allocation of clients or groups to subnet servers functions separately from the grouping of clients in the Clients/ManagementServers panel. That means that clients that have been assigned to different subnet servers can still be grouped together.
  • Install subnet server: Add a new subnet server. In the following dialog window, enter the Computer name of the prospective subnet server. Next, enter a user account with administrator permissions on the subnet server. Confirm with OK to initiate the remote installation, which can be tracked using the Installation overview window. A remote subnet server installation is subject to the same prerequisites as a remote installation of G DATA Security Client. Subnet servers use Microsoft SQL Server 2014 Express, which does not support Windows Vista and Windows Server 2008/2003. On such systems, subnet servers can be installed through the subnet server option of the local installation of G DATA ManagementServer.
  • Uninstall server: Initialize a remote deinstallation of the selected subnet server, which can be tracked using the Installation overview window. A remote deinstallation can only be carried out on authorized subnet servers.
  • Authorize server: To prevent unauthorized access to server data, locally installed subnet servers need to be authorized. Only after authorization will the ManagementServer start synchronizing data with the subnet server.
    • Subnet servers that are installed remotely using the function Install subnet server are automatically authorized. Only locally installed subnet servers and subnet servers that have been upgraded from version 12 or earlier need to be authorized manually.
  • Permit program update (context menu only): Subnet servers with ManagementServer version 12 require a manual installation of a database server, before they can be updated to version 14. On such systems, install Microsoft SQL Server 2014 Express (Windows Server 2008 R2/Windows 7 and newer) or Microsoft SQL Server 2008 R2 Express (Windows Server 2003/2008/Windows Vista) first, then use this option to permit the program update. After the update, use GdmmsConfig.exe on the subnet server to configure the connection to the database. More information can be found in the Reference Guide.
  • Properties (context menu only): Display properties for the selected server, including the version of the ManagementServer, virus signatures and client program files.

Server - Manage users

As system administrator, you can authorize additional users to configure G DATA ManagementServer through G DATA Administrator. Click Add, then enter the User name, the Account type (Integrated authentication, Windows user, Windows user group), the Permissions for this user (Read only, Read/Write, Read/Write/Restore backups) and enter a Password.

Server - Tenant management

The system administrator may create additional user accounts for the G DATA administrator interface in the following way:

Klick Add and enter the Tenant, a Unique identifier, the corresponding User and a Description, if necessary.

The green plus sign allows for the quick creation of a new user account, for which you need to choose User name, Account type, Permissions and a Password.

After the creation of a tenant a new, correspondingly named node in the Clients/ManagementServer panel is established which contains a base structure similar to a fresh installation. The previously existing structure with the existing clients is transferred to the Standard node. Clients can be moved from the Standard node to the new tenant.

Beware: The client names need to be unique among all tenant nodes! It is for example not possible to have a client with the name "PC-WORKSHOP" both in tenant A and tenant B.

Modules and options that can be configured individually for each tenant will display a drop-down menu to choose the tenant for which the option is to be set. In this way, individual Reports or recipients for email notifications can be defined.

The creation of an Installation package also allows for the selection of the tenant, and the newly installed client will be integrated into the proper tenant node immediately.

To sign in to G DATA Administrator with a tenant account, select Integrated authentication in the login screen. The Clients/ManagementServer panel will then only display the node of that tenant, and it is not possible to access any other tenant node or the Standard tenant.

Using a tenant account does not allow the usage of any ManagementServer modules except the ReportManager.

Furthermore, the following G DATA modules and components cannot be used in combination with the Tenant management:

Server - Infrastructure logs

The Infrastructure logs panel displays server status information such as signature update and program file update information. The toolbar and context menu options are identical to those in the client module Logs > Infrastructure logs.

As of version 15.1, failed login attempts to G DATA Administrator are displayed with the username and IP address entered.

Module General settings

General settings - Cleanup

The Cleanup settings allow you to configure whether various items should automatically be deleted after a specified period of time:

  • Automatically delete infrastructure logs: Delete infrastructure logs that are older than the set number of days.
  • Automatically delete scan logs: Delete scan log files that are older than the set number of days.
  • Automatically delete security events: Delete security reports that are older than the set number of months.
  • Automatically delete report history: Delete generated ReportManager reports that are older than the set number of months.
  • Automatically delete clients following inactivity: Delete clients that have not logged on for a set number of days.
  • Automatically delete patch files: Delete patch files that have not been used for more than the set number of days.

General settings - Synchronization

In the Synchronization area, you can define the synchronization interval between the ManagementServer and clients, subnet servers and Active Directory:

  • Clients
    • Main server synchronization interval and checking for new updates: Enter the time interval in which the clients connect to the ManagementServer to check for new updates or settings. The default value is five minutes.
    • Notify client if settings have been changed on the server: Tick this setting to notify clients immediately of new settings, regardless of synchronization interval.
    • Limit the number of concurrent connections to the server: Specify how many clients can simultaneously connect to the ManagementServer. The number of Clients depends on the specifications of the server and network infrastructure. If you are experiencing performance issues, reducing the number may improve server performance.
  • Subnet server
    • Interval for synchronizing: Define the interval for synchronization between main ManagementServer and subnet server(s).
    • Send new reports to the main server immediately: Enable this option to transfer new reports to the main server immediately, regardless of the synchronization interval.
  • Active Directory
    • Synchronize Active Directory regularly: Enable regular synchronization between ManagementServer and Active Directory. Synchronization is only carried out if at least one group has been assigned an Active Directory Organizational Unit.
    • Interval: Define the interval with which G DATA ManagementServer should synchronize Active Directory content. If you select a daily interval, you can define the exact time of the day at which the synchronization should take place.

General settings - Backup

Backup is available as an optional module.

To make sure that backups are carried out successfully, enough free disk space needs to be available on the client (backup cache) and on the server (backup storage). For server and clients you can define threshold values for warning messages and error messages. When the amount of free disk space on the client or the server drops below the warning threshold, a warning message will be added to the Security events module, and the client cache will be automatically cleaned up, retaining the latest archive but removing all others (if they have been uploaded to the ManagementServer). When the amount of free disk space on the client or the server drops below the error threshold, an error message will be added to the Security events module. Server backup storage and client cache will be automatically cleaned up. If there is still not enough free disk space on the server, backups will not be carried out.

Under Server backup paths a path can be entered where all backups being generated are stored. If no path is entered here, all backups are stored under C:\ProgramData\G Data\AntiVirus ManagementServer\Backup or C:\Documents and Settings\All Users\Application Data\G Data \AntiVirus ManagementServer\Backup.

As all backups generated by the G DATA software are encrypted, there is also the option of exporting backup passwords and saving them for later use. The Import backup archives button enables access to backups that are stored in other folders.

General settings - Email

G DATA ManagementServer can automatically send alarm notifications when certain events occur. Enable email notification by selecting the appropriate Reports (Virus results, Permission requests, etc.). Select the intended recipient under Recipient group(s). You can use the Limit to prevent an excessive amount of email traffic in the event of a massive virus attack. After selecting a recipient, click Trigger test alarm to send a test alarm.

Click the pen icon to open the Email settings window to define mail groups and mail server authentication.

Email settings

Enter the SMTP server and Port (normally 25) that G DATA ManagementServer should use to send email. In addition a (valid) sender address is required so emails can be sent. If your SMTP server requires authentication, click SMTP authentication to configure it. You can set up SMTP AUTH to authenticate directly on the SMTP server, or SMTP after POP3, if the SMTP server requires it.

Under Mail groups you can manage recipient lists, such as Management or Administrators.

General settings - Android

The Android panel features settings for the authentication of Android clients as well as Firebase Cloud Messaging.

Under Authentication for Android clients, enter a Password with which Android devices will have to authenticate with the ManagementServer. To be able to use emergency actions, you have to enter the Sender ID and API key (Server key) of your Firebase Cloud Messaging account. Free accounts for this push notification framework can be registered at firebase.google.com. Consult the Reference Guide for more information about Firebase Cloud Messaging.

Module Updates

All clients have their own local copy of the virus signature database, so that virus protection is also guaranteed when no connection to the G DATA ManagementServer or the Internet is available. Updating virus signatures (as well as program files) on clients takes place in two steps, which can both be automated. In the first step, the latest files from the G DATA update server are downloaded to the G DATA ManagementServer. The Updates module lets you configure this process. Subsequent distribution of the updates to the clients can be configured under Client settings > GeneralUpdates.

Updates - Signature updates

On the Signature updates panel, you can configure the process of downloading signature updates from the G DATA update server to G DATA ManagementServer.

The following information and settings are available under Status:

  • Version engine A: The current version of the virus signatures for engine A on G DATA ManagementServer.
  • Version engine B: The current version of the virus signatures for engine B on G DATA ManagementServer.
  • Last execution: Timestamp for the last execution of the virus signature update process.
  • Status: The status of the virus signature update process.
  • Update status: Update the Status field.
  • Run update now: Carry out an immediate update of the virus signature database on G DATA ManagementServer.

Under Automatic updates, the virus signature update can be scheduled. To do this, check the box next to Run update periodically and specify when and with what cycle the update is to be carried out. To enable automatic updating, your G DATA ManagementServer must be connected to the Internet and you must have entered the user name and password that you have received upon registration under Updates > Access data and settings. If the server connects to the Internet via a proxy server, your proxy credentials must also be entered there.

Updates can be distributed centrally (from the ManagementServer or subnet server to clients) or, if you activate Peer to Peer update distribution, decentralised (allowing already updated clients to distribute updates to other clients). Be sure to check the port requirements for this option.

Updates - Program updates

In the Program Updates section, you configure the download of client program files from the G DATA update server to ManagementServer. Program file updates should be installed automatically so that all clients can use the full scope of G DATA CyberDefense products.


The following information and settings are displayed under Program Files (Client):

  • Current version: The current version of the client program files stored on the ManagementServer.
  • Last run: The last run of the update process.
  • Status: The status of the update process.
  • Update Status: Updates the status.
  • Start update now: Starts an immediate update of the client program files on G DATA ManagementServer.

In the Automatic updates section, you can schedule the update of client program files. The settings are identical to those under Signature updates.

G DATA ManagementServer itself can only be updated via a Start menu item. To do this, call up the Internet Update entry in the G DATA ManagementServer program group in the Start menu.


Program file updates are not issued every hour, so the update interval can be set to a daily or weekly request. Scheduling program file updates is also recommended for servers that are not permanently connected to the Internet. The Internet connection option will only perform an update if G DATA ManagementServer detects that the server has an Internet connection. The only reason not to have program files updated automatically by G DATA ManagementServer is if the Internet connection is not always available. To prevent files from being automatically distributed to clients, appropriate configurations are required in the Client Settings module.

A program update can also be started manually on the client. Proceed as follows:

Clients > Clients > Overview > search/filter desired clients in the list > right click on the clients > Update program files now


Program file updates always require a reboot of the client computer.



MailSecurity for Exchange

As with G DATA Security Client, MailSecurity for Exchange performs an automatic upgrade when a new version is available on ManagementServer. To ensure that the latest version of the Exchange plug-in is used, the Internet Update tool of ManagementServer has the Update program files (client) feature. If the Exchange plug-in updates its program files automatically according to the configuration, this will be done the next time it connects to the ManagementServer. Alternatively, an upgrade can be performed manually using G DATA Administrator.

Updates - Staged distribution

In the Staged distribution area, you can specify whether to apply program updates to all clients simultaneously or in stages. A staged distribution reduces the server and network load that occurs during a program update.

If you choose staged distribution, you can specify whether the distribution is automatic or you can specify yourself which clients are to receive program updates first, which clients come after, and the extent to which the distribution is subdivided into different distribution stages.

The first level always includes five clients.

If you do not want to use staged distribution, it is possible to disable the automatic program update option within G DATA Administrator and then distribute it via the context menu on a group or individual basis.


To do this, select the desired client or client group. Right-click to open the menu. Click on Update program files automatically to remove the check mark and thus disable the automatic program updates.


Alternatively, you can also make the settings via the client settings General under Updates.

Updated client software may need to be tested to ensure compatibility with all client configurations on the network. Although minor version changes usually have no side effects, a staged rollout is recommended. Staged distribution can be enabled in the Updates module. Only when the program file has been successfully updated on the clients of one stage, it will be installed on the clients of the next stage.

The number of stages can be defined manually. The larger the network, the more stages are recommended to ensure a smooth installation. It is also possible to configure after how many days the next stage is updated. With the default value of three days, clients can be checked for problems to stop the distribution of a particular update if serious problems occur. The staged distribution settings can be changed by editing the Config.xml configuration file.

Program file updates always require a reboot of the client computer.

For some client roles, this must be carefully planned so that the computer is not restarted during an important task. In these cases, the Restart after update setting controls client behavior. The end user can be notified that their computer needs to be restarted. This restart can be forced or a report can be generated in the Security Events section so that the administrator can manually intervene and restart the computer at a later time.

Updates - Access data and settings

With your online registration you received access data for updating the virus databases and program files. Enter these under User name and Password. Select the nearest Region to ensure optimal speed when downloading updates.

The Version check (enabled by default) should always be switched on because it improves update speed. If, however, problems arise with virus signature databases, switch off the version check. During the next update, the integrity of all virus signature database files will be checked and files will be redownloaded if necessary.

Proxy settings opens a window in which proxy server credentials can be entered. You should only enter these if an update cannot be executed without a proxy server.

G DATA software can use the Internet Explorer proxy connection data (from version 4). First configure Internet Explorer and check whether the test page of our update server is accessible: https://dlarray-europ-pool-1.gdatasecurity.de/api/status. In the Proxy settings window, switch off the option Use
proxy server. Under User account, enter the account for which you have configured Internet Explorer (the account with which you have logged in to your computer).

Updates - Signature rollback

In rare cases, a virus signature update can lead to a false alarm or similar problems. It can make sense to block the latest virus signature update and use a previous one instead. Under Rollbacks you can indicate how many of the virus signature updates you would like to hold as a reserve for engine rollbacks. The default value here is the last five signature updates for each engine.

Should the latest update for one of the engines result in problems, the network administrator can block it for a certain time interval and distribute a prior signature update to the clients and subnet servers.

On clients that are not connected to G DATA ManagementServer (e.g. notebooks used in business travel), no rollbacks can be carried out. A block of new updates from the server to the client cannot be retracted without contacting G DATA ManagementServer.

With the affected engine selected in the Engine dropdown list, its most recent engine updates are listed under Blocked updates. Select the update(s) that should be blocked and click OK. Those updates will no longer be distributed, and clients that have previously received them will be rolled back to the most recent non-blocked update (when they connect to the ManagementServer). Optionally, new updates can be included in the block: tick Block new updates until and select a date.

Modul ReportManager

The ReportManager creates reports with information from various areas of the G DATA security solution. The reports are sent by e-mail to selected recipients, but can also be accessed directly via G DATA Administrator.


Export the list as a CSV file

Update the table

Remove selected report

Create new report
ImportImport existing configurations (.dbdat)
ExportExport Report Settings as .dbdat

You can call up all reports that have already been sent by clicking on the plus sign on the left in the overview. You can see the date and time when the respective report was created and sent. Double-click on the date to open the respective report in G DATA Administrator.

Right-click on the report to open the menu to perform the following actions:

UpdateUpdate the table
RemoveRemove selected report
DuplicateCreate a copy of the selected report
Execute immediatelyImmediately receive the selected report. To view it, click on the plus sign on the left and then double-click on the entry with the current date.
HistoryIn a larger overview window you can see all the reports that have been sent. Double-click on the date to open the respective report.
PropertiesOpens the report definition. Among other things, you can adjust the time of execution, recipient and modules.

The G DATA Defense Report cannot be edited or deleted. However, it can be duplicated for editing.


Create or edit a new report


Module License management

Using the License management panel you can have an overview of the G DATA software licenses that are currently in use. If you need additional licenses, you can get in contact with G DATA at any time by selecting a license and clicking Extend license.

Using the button Export you can export the license information to a text file.

Module ActionCenter

G DATA Administrator connects to G DATA ActionCenter in order to manage iOS devices and to enable network monitoring. Create an account and enter the User name and Password here.

The use of G DATA ActionCenter requires a valid G DATA license. Make sure that you have entered your Internet Update User name and Internet Update Password under Updates > Access data and settings.

G DATA Administrator menu bar

  • Admin: Start the server setup assistant or sign out / quit G DATA Administrator.
  • Organisation (see Clients/ManagementServer > Clients > Organisation)
  • Clients (see Clients > Overview)
  • View: Show or hide the Overview area.
  • ?: Show the online help or version information.

Server setup wizard

The Server setup wizard lets you configure some of the most important settings of G DATA ManagementServer. It is automatically run the first time you start G DATA Administrator, but can also be started afterward under Servers > Overview and through the Admin menu.

All clients that are to be managed by the G DATA software must first be "enabled". To do this, highlight the clients to be enabled and click the Enable button. Some computers may not be included in the list (e.g. because they have not been switched on for a long time or have not set up File and Printer Sharing). To enable these clients, enter the name of the computer in the Computer input field. After clicking on Enable, the computer will appear in the client list. When all computers to be protected have been enabled, click on Next to move on to the next step. If you have enabled any clients, in the next step the checkbox Automatically install client software on the enabled computers is checked. If distribution of the software on the client computers is to occur at a later time, this option must be disabled by unticking it.

The next wizard steps help you configure some of the most commonly used settings:

  • Internet update: Configure virus signature and program file updates. More information can be found in the Updates module.
  • Email notification: Configure mail server settings, email groups and alarm notifications. More information can be found under General settings > Email.
  • Settings for mobile devices: Configure mobile device management for Android. More information can be found under General settings > Android.
  • Setting for access to G DATA ActionCenter: ActionCenter credentials are required to enable iOS device management and network monitoring. More information can be found in the ActionCenter module.

Click Finish to close the wizard. If you checked the option Automatically install client software on the enabled computers, the Server setup wizard will conclude by initiating the remote installation of G DATA Security Client for all selected machines.

G DATA Portable Administrator

The G DATA Portable Administrator allows the management of one or several G DATA ManagementServers (version 14.3 or later), regardless, whether the ManagementServer is present in the local network or in the cloud.

This feature is especially useful for managing a variety of differing G DATA versions.

Simply save the G DATA Portable Administrator on e.g. a USB stick and manage your G DATA solutions easily - even on the go.

A launcher loads the appropriate administrator version of the used G DATA Management Server in advance.

The download is available here: https://secure.gd/dl-b2b-launcher

G DATA MobileAdministrator

G DATA MobileAdministrator is the mobile-friendly control panel for G DATA ManagementServer. It canbe used to quickly edit and update settings through an interface that has been optimised for mobile devices. The most important and frequently used options are presented in a responsive design that adapts to various mobile environments.

Starting G DATA MobileAdministrator

After completing the installation, G DATA MobileAdministrator can be started from any browser. Start your browser and navigate to the URL that has been provided at the end of the installation process.The URL consists of the IP address or computer name of the machine on which IIS is running and MobileAdministrator has been installed, and the folder suffix (such as http://10.0.2.150/GDMobileAdmin/).

The MobileAdministrator login page supports the same login methods as G DATA Administrator and G DATA WebAdministrator. You will be prompted to enter Language, Server, Authentication, User name and Password. Choose Windows authentication to log in with your Windows (domain) credentials or Integrated authentication to use credentials that have been defined within the Administrator's Manage users window. If you want your credentials and language settings to be remembered next time, tick the checkbox Bookmark user data. Tap Login to log in.

G DATA MobileAdministrator - Dashboard

The Dashboard of G DATA MobileAdministrator allows you to view the most important statistics at a glance. Comparable to the Dashboard of G DATA Administrator, it provides an overview of the status of G DATA ManagementServer and its clients. Additionally, you can view statistics about client connections and repelled infections.

Select G DATA Security Status to view extensive information about the status of server and clients. MobileAdministrator will show you how many machines have the G DATA Security Client installed, aswell as information about (outdated) virus signatures and program components such as monitor, email checking, OutbreakShield and firewall. Engine rollbacks can be managed by opening the virus signatures subsection. The status of ManagementServer itself can be viewed by expanding Server status.

Statistics are available under Client connections and Top 10 clients - Neutralized infections. Tap Report status to check on infection, request and error reports.

G DATA MobileAdministrator - Reports

The Reports view presents virus, firewall and PolicyManager reports. It is a mobile-optimized representation of the same information that is available in the Security events module of G DATA Administrator.

Select the period (Time frame) for which you want to view reports (1 day, 7 days or 1 month). MobileAdministrator will return the different categories for which reports are available. Tap a category to view the individual reports available. Reports can be filtered by name. Any report can beopened to check on further details and take action, if necessary.

G DATA MobileAdministrator - Clients

MobileAdministrator offers a concise overview of all clients that are managed by G DATA ManagementServer. Per client, in-depth information is available and several security settings can be edited.

The Clients overview provides a list of all machines that are being managed by G DATAManagementServer. The list can be filtered by name. By selecting an individual machine, you can check several statistics about versions and updates. Additionally, several security settings can be edited. Enable or disable monitor, HTTP traffic processing, idle scan or firewall by ticking or unticking the appropriate checkboxes. Policy settings such as Application control, Device control, Webcontent control, and Internet usage time can also be controlled from this view. Tap Save to save the machine's settings.

G DATA MobileAdministrator - ReportManager

ReportManager is the mobile version of the ReportManager module in G DATA Administrator. It allows you to configure, schedule and preview reporting jobs.

To add a new job, tap Add planning. Existing reporting jobs are listed in the main view of ReportManager and can be edited by tapping them. The job view lets you edit all aspects of the job. Enter a Name, define the Language and select Recipient groups or enter Additional recipients. The job can be scheduled by selecting an Interval and defining time and date. Under Selected module, you can choose the reporting modules to be included in the report. These are identical to the modules that are available in G DATA Administrator. Edit, add or delete modules and tap Save to return to the job view. If necessary, Preview the report, then Save it. Redundant or unnecessary jobs can be deleted.

G DATA WebAdministrator

After completing the installation, G DATA WebAdministrator can be started by double-clicking the desktop icon. Alternatively, start your browser and navigate to the URL that has been provided at the end of the installation process. The URL consists of the IP address or computer name of the machine on which IIS is running and WebAdministrator has been installed and the folder suffix, such as http://10.0.2.150/GDAdmin/. If you have not yet installed the Microsoft Silverlight browser plugin, you will be prompted to download it.

The WebAdministrator login page is very similar to the full G DATA Administrator software. You will be prompted to enter Language, Server , Authentication, User name and Password. The servername should be filled in by default, but can be altered if necessary. Choose Windows authentication to log in with your Windows credentials or Integrated authentication to use credentials that have been defined within the Administrator's Manage users window. Fill in your user name and password and click OK to log in.

The interface of G DATA WebAdministrator strongly resembles G DATA Administrator. After a successful login, you will be presented with the central Dashboard, which provides an overview of the G DATA ManagementServer(s) in your network and the associated clients. The functionality of WebAdministrator is identical to G DATA Administrator. Please refer to the appropriate chapter for an in-depth overview.

G DATA Security Client for Windows

G DATA Security Client provides protection to Windows clients and runs the G DATAManagementServer jobs allocated to it in the background. The clients have their own virus signaturesand scheduler, so that tasks can also be run in offline mode (e.g. for notebooks that do not have acontinuous connection to G DATA ManagementServer).After the inst allat ion of the client software, a system tray icon is available to the user of theclient to carry out tasks independently of administrative schedules. Which options are availableneeds to be approved and defined using the Client set t ings module of G DATA Administrator.Using the right mouse button, click the G DATA Security Client icon to open a context menu whichoffers access to all Security Client functions.

G DATA Security Client for Windows - Virus check

With this option, a user can carry out a targeted virus check on the computer using G DATA SecurityClient, even outside of the virus checking schedule specified in G DATA Administrator.

The user can check removable devices, CDs/DVDs, memory, the Autostart area, and individual files ordirectories. In this way, notebook users who only rarely connect their computers to the company network can prevent a virus attack in a targeted manner. Clients can use the Options window to configure actions that should be taken when a virus is found, such as moving virus-infected files to a local quarantine folder.

The user can also easily check files or directories from Windows Explorer by selecting the files or directories and using the Check for viruses (G DATA AntiVirus) option in the context menu.

While a virus scan is running, whether it has been initiated locally or is part of a scan job, the context menu is expanded with the following entries:

  • Virus check priority: Set the priority of the virus check. With High, the virus check is carried out quickly, but it can significantly slow down other programs on the computer. With the Low setting, on the other hand, the virus check takes a comparatively long time, but other applications on the client computer are not slowed down significantly (only available for local scan jobs).
  • Pause virus check: Pause a locally started virus check. Scan jobs that were initiated by G DATA ManagementServer can only be stopped if the administrator has enabled the Allow user to halt or cancel the scan job option when setting up the job.
  • Cancel virus check: Cancel a locally started virus check. Scan jobs that are have been initiated by G DATA ManagementServer can only be cancelled if the administrator has enabled the Allow user to halt or cancel the scan job option when setting up the job.
  • Display scan window: Display the progress and results of the virus check (only available for local scan jobs).

The Virus check system tray menu option can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.


G DATA Security Client for Windows - Disable monitor

Using the Disable monitor command, the user can switch off G DATA monitor for a specified time (from 5 minutes up to until the next computer restart). Switching off the monitor temporarily may be useful during extensive file copying procedures, as this would considerably speed up the process. However, extra care should be taken as real-time virus checking is switched off during this interval.

The Disable monitor system tray menu option can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Windows - Options

Using the Options window, the user can configure security for the Monitor, Email, Virus check (local), Web filtering and Spam filter components. In this way, all client protection mechanisms ofthe G DATA software can be disabled. This option should therefore only be accessible to technically experienced users. The settings on these tabs are explained in detail in the chapter Client settings.

The various tabs of the Options window can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Windows - Quarantine

Each G DATA Security Client creates a local quarantine folder to which infected files are moved. Triggers for this are set in the monitor. Files in the quarantine cannot execute any damaging routines.

Infected files are automatically packed and encrypted when moved to quarantine. Files which are larger than 1 MB are stored in the local quarantine of the G DATA Security Client in order to avoid unnecessary strain on the network in the event of a massive virus attack. All files smaller than 1 MB are transferred to the quarantine folder of the G DATA Management Server. Infected files which are smaller than 1 MB and which the G DATA Security Client has no connection to the G DATA ManagementServer are stored in the local quarantine folder and are transferred to the quarantine folder there the next time the G DATA ManagementServer is contacted.

These settings cannot be changed. For more information about the quarantine folders, see Default storage locations and paths.

Infected files can be disinfected in the quarantine folder. If this does not work, the files can also be deleted from there and, if necessary, moved back from quarantine to their original location.

Administrator rights for the G DATA ManagementServer are required to trigger the disinfect, move back or delete functions.


When moving back from quarantine a virus is not removed! You should only select this option if the program cannot run without the infected file or is needed for data recovery.


The Quarantine system tray menu option can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Windows - Updates and Patches

PatchManager is available as an optional module.

The Updates/Patches window reveals a patch/update overview for the client pc, divided over two tabs.

The Installed tab shows all patches and updates that have been installed on the system. Double click a patch to view an extended description. If a patch or update seems to be causing problems, users can select it and click Uninstall to request the administrator to remove it. The Status will change to Waiting for response and the administrator will receive a report with a rollback request.

To perform a local check, regardless of software recognition jobs planned on the ManagementServer, click Check for updates. Security Client will then check all patches for applicability on the local system.

The Available tab lists patches, updates and software packages that are applicable to the client system. Double click an item to view an extended description. To request installation, click Install. The Status will change to Waiting for response and the administrator will receive a report with a software distribution request.

The Updates/Patches system tray menu option can be enabled or disabled in G DATA Administrator under PatchManager > Settings.

G DATA Security Client for Windows - Internet update

G DATA Security Client can be used to download virus signature updates from the Internet if no connection to G DATA ManagementServer is available (see Client settings > General > Updates).

The Internet update system tray menu option can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Windows - Disable firewall

Security

Disabled via Firewall deactivates the firewall, even if the client is still in the ManagementServer network. A password is required to deactivate the firewall. The password is defined under the client settings in the G DATA Administrator. The check mark for "Password protection for changing options" must be set there.

If the firewall is switched off, it can be switched on again via the Activate firewall option.


Mode

The autopilot is the standard setting for all clients of the G DATA Firewall. This option configures the firewall so that it executes its tasks completely in the background. End users are not confronted with any prompts and administrators only have to perform a minimum number of administrative tasks.

The Disable firewall system tray menu option can be enabled or disabled in G DATA Administrator under Firewall > Overview > Run in internal network by checking Allow user to enable/disable the firewall.

G DATA Security Client for Windows - Firewall

The Firewall module is available as part of the Client Security Business, Endpoint Protection Business and Managed Endpoint Security solutions.

The Firewall option loads the firewall's interface. As long as the client is in the G DATAManagementServer network, the firewall will be administered centrally by the server. When the client connects to another network, for example if a laptop is using a private network at home, the firewall interface can be used to configure an off-site configuration.

The Firewall system tray menu option can be enabled or disabled in G DATA Administrator under Firewall > Overview > Run outside internal network by checking Allow user to change the off-site configuration.

G DATA Security Client Firewall - Status

The Status module of the firewall shows information about the current status of the firewall. By double-clicking any of the entries, you can carry out actions directly or switch to the respectiveprogram area.

  • Security: Enable or disable the firewall. This option is only available if it has been enabled inG DATA Administrator (Firewall > Overview > Run in internal network > Allow user to enable/disable the firewall).
  • Mode: The firewall can be operated in automatic (autopilot) mode or in manual (rule sets) mode. Changing this option client-side is only possible if the client is being used outside the ManagementServer network and if it has been enabled in G DATA Administrator (Firewall > Overview > Run outside internal network > Allow user to change the off-site configuration).
  • Networks: Open the Networks panel, which shows the networks that your computer is connected to as well as the rule sets that are used.
  • Prevented attacks: When the firewall registers an attack on your computer, it is prevented and logged here.
  • Application radar: Show which programs are currently being blocked by the firewall. If you want to allow one of the blocked applications to use the network, select it and then click the Allow button.

G DATA Security Client Firewall - Networks

The Networks module lists all networks to which your computer is connected, as well as which rule set is protecting the respective network. Select a network and click Edit to view details and to configure the settings for this network. Network settings can only be edited if that has been specifically allowed (Firewall > Overview > Run in internal network > Allow user to enable/disable the firewall) or if the device is being used in off-site mode (Firewall > Overview > Run outside internal network > Allow user to change the off-site configuration).

  • Network info: Shows information about the network, including IP address, subnet mask, default gateway, DNS and WINS server.
  • Firewall enabled on this network: Enable or disable firewall protection.
  • Internet connection sharing: Allow Internet Connection Sharing (ICS).
  • Enable automatic configuration (DHCP): Allow DHCP configuration.
  • Rule set : Choose any of the defined Rule sets to be applied to this connection. Click Edit rule set to open the Rule Wizard.

G DATA Security Client Firewall - Rule sets

In the Rule sets module you can create and edit rule sets (groups of firewall rules that can be applied to networks).

  • New: Create a new rule set. In the following dialog, enter a Rule set name and decide if the rule set should be pre-populated with rules from the default rule sets for untrusted, trusted or blocked networks.
  • Delete: Delete the selected rule set. The default rule sets cannot be deleted.
  • Edit: Edit the selected rule set using the Rule Wizard.

The Rule sets module contains default rule sets for the following network types:

  • Direct Internet connection: This covers rules that involve direct Internet access.
  • Untrusted networks: This generally covers open networks with Internet access.
  • Trusted networks: Home and company networks are generally trusted.
  • Blocked networks: This rule set can be used if access to a specific network should be blocked.

G DATA Security Client Firewall - Rule Wizard

The Rule Wizard allows you to define new rules for the selected rule set or to modify existing rules. The Rule Wizard is especially suitable for users unfamiliar with firewall technology. For a granular control over individual rules, use the Advanced Rule Set Editor.

The Rule wizard offers various rules. All of them can be used to quickly allow or deny a specific type of traffic. For most rules, a specific Direction can be defined, which governs whether the program is tobe blocked for inbound connections, outbound connections or both.

  • Share or block applications: Select a specific application on the hard disk to explicitly permit or deny it access to the network governed by the rule set.
  • Share or block network services: Blocking one or more ports is a quick way of eliminating vulnerabilities that could be used for attacks by hackers. The wizard provides the option ofblocking ports completely or for a particular application only.
  • File/printer sharing: Allow or block file and printer sharing.
  • Share or block domain services: Allow or block network domain services.
  • Shared use of the Internet connection: Allow or block Internet connection sharing (ICS).
  • Share or block VPN services: Allow or block Virtual Private Network (VPN) services.
  • Advanced Rule Set Editor (expert mode): Open the Advanced Rule Set Editor.

G DATA Security Client Firewall - Advanced Rule Set Editor

The Advanced Rule Set Editor allows for the creation of highly specific rules. It can be used to create all of the rules that are also available through the Rule Wizard, but also supports custom settings.

The Advanced Rule Set Editor window resembles the Rule sets pane of G DATA Administrator's Firewall module. It can be used to create, edit, delete, and rank rules within the rule set. In addition to the options available in G DATA Administrator, the Advanced Rule Set Editor offers the followingoptions:

  • Action if no rule applies: Specify what happens when no existing rule applies to a filtered communication type: Allow, Deny or Ask user.
  • Adaptive mode: The adaptive mode supports applications that use feedback channel technology (e.g. FTP and numerous online games). These applications connect to a remote computer and negotiate a feedback channel with it, which the remote computer then uses to reverse connect to the application. If the adaptive mode is enabled, the firewall detects this feedback channel and permits it without querying it separately.
  • Reset: Delete all rule set modifications as well as all auto-learned rules.

By double-clicking a rule or clicking the Edit button, individual rules can be edited. The individual rule editor corresponds to the Edit rule window in G DATA Administrator.

G DATA Security Client Firewall - Log

The Log module shows a detailed overview of all incoming and outgoing connections. It can be used to check the connection protocol, initiating application, direction, local port, remote host, remote port and reason for the decision about allowing or blocking the connection.

Click Delete to delete the selected log entry or Delete all to clear the log file completely. The Details button shows additional information about the selected log entry.

Right-click any log entry to access context-sensitive options.

In addition to the Details view, these options include creating a new rule based on the log entry, editing the rule that led to the connection being blocked or allowed, and setting a filter view for the Log module.

G DATA Security Client Firewall - Settings

The Settings window can be used if the appropriate permissions have been enabled in G DATA Administrator (Firewall > Overview > Run in internal network > Allow user to enable/disable the firewall and Firewall > Overview > Run outside internal network > Allow user to change the off-site configuration).

  • Security: Enable or disable the firewall.
  • Mode: The firewall can be operated in automatic (autopilot) mode or in manual (rule sets) mode.

G DATA Security Client for Mac

G DATA Security Client for Mac provides protection to Mac OS X clients. It runs scheduled virus scans and on-demand local scans and provides on-access protection through the Monitor module.

After the installation of the client software, a tray icon is available to the user. Which settings are available needs to be approved and defined using the Client settings module of G DATA Administrator.

Click the tray icon to open a context menu which offers access to the following settings:

All modules are protected against unintended changes to settings. Click the lock in the left bottom corner of the window to allow settings to be changed. If root permissions are required, the user will be prompted to enter user name and password.

G DATA Security Client for Mac - Status

The Status module offers an at-a-glance overview of the current protection status of the client. The status icons can be used to assess whether there is an immediate risk for the client or if the client is completely secure.

  • Monitor: The current status of the Monitor. Using the drop-down menu, it can be (temporarily) disabled.
  • Latest scan: The time and date of the last Virus scan. Use the Scan computer now button to immediately start a complete virus scan.
  • Latest update: The time and date of the last update. Use the Update now button to immediately start a virus signature update.

G DATA Security Client for Mac - Monitor

The monitor performs a background virus scan on all files that are accessed and takes action when it detects a virus. The following settings can be configured:

  • Status
    • Enable monitor: Enable the monitor (recommended).
    • Disable monitor: Permanently disable monitor. Disabling the monitor is a security risk.
    • Disable monitor until the next reboot: Disable the monitor. After the next reboot, the monitor will be automatically enabled.
    • Disable monitor for ...minutes: Disable the monitor for a specific number of minutes. The monitor will be automatically enabled afterward.
  • Reaction to infected files: Define what should happen when the Monitor detects an infected file (see Client settings > Monitor > Settings):
    • Disinfect
    • Log only
    • Delete
    • Quarantine
    • Ask user: Show a notification to the end user and ask which action should be taken.
  • If disinfection fails: If the option Disinfect has been selected but the file cannot be disinfected, an alternate action will be carried out.
  • Reaction to infected archives: Define what should happen when the Monitor detects an infected archive.
  • File types (see Tasks > Scan jobs > Scanner)

Under Advanced, the following advanced settings can be configured (see Client settings > Monitor > Settings):

  • Heuristics
  • Check boot sector
  • Check archives
  • Archive size limit
  • File size limit: Define a maximum size. Files that are larger will not be scanned.

Use the file and folder list under Exceptions to exclude specific items from the scan.

The Monitor module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Mac - Virus scan

The Virus scan can be used to scan the complete computer or specific files or folders for malware. When a virus is found, the client will automatically take the action defined under Settings. ManagementServer will be notified and a report will be added to the Security events module of G DATA Administrator.

Select one of the following three options and click Start virus scan:

  • Scan complete computer : Scan all files and folders on the computer.
  • Scan boot sector: Scan the boot sector.
  • Scan files and folders: Scan specific files and folders. The scope can be defined under Scan scope.

Under Settings, the virus scan settings and exceptions can be configured (see Monitor).

The Virus scan module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Mac - Update

The Update module makes sure that G DATA Security Client for Mac has the latest virus signatures in order to offer optimal protection.

The date and time of the last signature update are displayed under Last update. Signature version information is displayed also. Click Update virus signatures to start a virus signature update right away.

The virus signature update settings can be configured under Settings:

  • Virus signature update source: Configure whether the client should download virus signatures from ManagementServer or directly from the G DATA update servers (see Client settings > General > Updates).
  • Schedule: Define a signature update schedule (Manually, Hourly or Daily).
  • Proxy server: Enter a proxy server that should be used to connect to the G DATA update servers.
  • Access data: Enter the access data that should be used to authenticate with the G DATA update servers.

The Schedule, Proxy server and Access data settings are only used if the Virus signature update source setting has not been set to Download virus signature updates from ManagementServer. See Client settings > General > Updates for more information.

The Update module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions (Allow the user to download signature updates).

G DATA Security Client for Mac - Quarantine

The Quarantine module displays items that have been moved to the quarantine by the Monitor or by a Virus scan.

Per item, the following properties are displayed:

  • File name: The name and path of the infected item.
  • Virus name: The name of the virus that infected the item.
  • File size: The file size of the item.

Select one or more items and click one of the following buttons:

  • Disinfect and move back: Remove the virus from the item and move the item back to its original location.
  • Move back: Move the item back to its original location. Warning: If the item is not disinfected first, it might infect the system!
  • Delete: Delete the item from the Quarantine.

The Quarantine module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Mac - About G DATA Security Client

The About window displays status information about G DATA Security Client for Mac:

  • Version: The currently installed client version.
  • ManagementServer: The name of the ManagementServer to which the client connects.
  • Security software status: The current status of the client background services.

G DATA Security Client for Linux

G DATA Security Client for Linux runs as a background service and provides virus scan capabilities. For Linux servers, additional modules for Samba, Sendmail/Postfix and Squid are available (see Installing G DATA Security Client for Linux).

G DATA Security Client for Linux consists of a graphical user interface component and a command line application.

G DATA Security Client for Linux - Graphical user interface

A shortcut to the graphical user interface of G DATA Security Client for Linux will be placed in the Applications menu or a similar place, depending on the Linux distribution. Alternatively, start the interface by running /opt/gdata/bin/gdavclient-qt.

After starting the interface, click the G DATA Security Client for Linux icon to open its interface. Which options are available can be configured using the Client settings module of G DATA Administrator.

Right-click the tray icon to open a context menu which offers access to the following settings:

All modules can be protected against changes to settings (see Client settings > General > Client functions). If password protection has been enabled, click the lock in the left bottom corner of the window and enter the password to be able to change settings.

G DATA Security Client for Linux - Status

The Status module offers an at-a-glance overview of the current protection status of the client. The status icons can be used to assess whether there is an immediate risk for the client or if the client is completely secure.

  • Latest scan: The time and date of the last Virus scan. Use the Scan computer now button to immediately start a complete virus scan.
  • Latest update: The time and date of the last Update. Use the Update now button to immediately start a virus signature update.

G DATA Security Client for Linux - Virus scan

The Virus scan can be used to scan the complete computer or specific files or folders for malware. When a virus is found, the client will automatically take the action defined under Settings. ManagementServer will be notified and a report will be added to the Security events module of G DATA Administrator.

Select one of the following three options and click Start virus scan:

  • Scan complete computer: Scan all files and folders on the computer.
  • Scan boot sector: Scan the boot sector.
  • Scan files and folders: Scan specific files and folders. The scope can be defined under Scan scope.

The following settings can be configured (see Client settings > Monitor > Settings):

  • Reaction to infected files: Define what should happen when the virus scan detects an infected file:
    • Log only
    • Disinfect
    • Delete
    • Quarantine
    • Ask user: Show a notification to the end user and ask which action should be taken.
  • If disinfection fails: If the option Disinfect has been selected but the file cannot be disinfected, an alternate action will be carried out.
  • Reaction to infected archives: Define what should happen when the virus scan detects an infected archive.
  • File types (see Tasks > Scan jobs > Scanner)

Under Advanced, the following advanced settings can be configured (see Client settings > Monitor > Settings):

  • Heuristics
  • Check boot sector
  • Check archives
  • Archive size limit
  • File size limit: Define a maximum size. Files that are larger will not be scanned. Use the file and folder list under Exceptions to exclude specific items from the scan.

The Virus scan module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Linux - Update

The Update module makes sure that G DATA Security Client for Linux has the latest virus signatures in order to offer optimal protection.

The date and time of the last signature update are displayed under Last update. Signature version information for both virus engines is displayed under Engine A and Engine B. Click Update virus signatures to start a virus signature update right away.

The virus signature update settings can be configured under Settings:

  • Virus signature update source: Configure whether the client should download virus signatures from ManagementServer or directly from the G DATA update servers (see Client settings > General > Updates).
  • Schedule: Define a signature update schedule (Manually, Hourly or Daily).
  • Proxy server: Enter a proxy server that should be used to connect to the G DATA update servers.
  • Access data: Enter the access data that should be used to authenticate with the G DATA updateservers.

The Schedule, Proxy server and Access data settings are only used if the Virus signature update source setting has not been set to Download virus signature updates from ManagementServer. See Client settings > General > Updates for more information.

The Update module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions (Allow the user to download signature updates).

G DATA Security Client for Linux - Quarantine

The Quarantine module displays items that have been moved to the quarantine by the Virus scan.

Per item, the following properties are displayed:

  • File name: The name and path of the infected item.
  • Virus name: The name of the virus that infected the item.
  • File size: The file size of the item.

Select one or more items and click one of the following buttons:

  • Disinfect and move back: Remove the virus from the item and move the item back to its original location.
  • Move back: Move the item back to its original location. Warning: If the item is not disinfected first, it might infect the system!
  • Delete: Delete the item from the Quarantine.

The Quarantine module can be enabled or disabled in G DATA Administrator under Client settings > General > Client functions.

G DATA Security Client for Linux - About G DATA Security Client

The About window displays status information about G DATA Security Client for Linux and can only be opened through the tray icon. It displays the following information:

  • Version: The currently installed client version.
  • ManagementServer: The current state of the connection to ManagementServer.
  • Security software status: The current status of the client background services.

G DATA Security Client for Linux - Command-line interface

As an alternative to the graphical user interface, command-line tools are available to configure and run G DATA Security Client for Linux. Gdavclient-cli is the preferred way of initiating a command-line virus scan and updating the virus signatures. Alternatively, gdavclientc can configure and run scans, display version information, update the virus signatures and manage the scan server daemon service. Both applications must be run as root to ensure full access to the file system.

G DATA Security Client for Linux - gdavclient-cli

By default, gdavclient-cli is located in the folder /usr/bin. The syntax for gdavclient-cli looks as follows: gdavclient-cli [<options>] <files/path>. The following options can be used:

  • --status: Displays status for the gdavclientd and gdavserver daemons.
  • --version: Displays version information.
  • --mmsconnection: Displays information about the connection to G DATA ManagementServer.
  • --last scan: Displays the latest scan log.
  • --last update: Displays information about the latest virus signature update.
  • --update: Updates the virus signatures.
  • --sysinfo: Creates a file called gdatahwinfo-<Date>.tar.gz, which contains debug files such as logs and configuration files.

When a path or file(s) have been specified, gdavclient-cli initiates a virus scan.

G DATA Security Client for Linux - gdavclientc

By default, gdavclientc is located in the folder /usr/bin. It is independent from G DATA ManagementServer and loads its configuration values from /etc/gdata/gdav.ini. The syntax for gdavclientc looks as follows: gdavclientc [<options>] <command>. The following commands can be used:

  • scan:<pat h>: Initiate a scan of the file(s) at <path>. <path> can be an absolute or relative path to a file or a folder (which will be scanned recursively). Use of wildcards (*, ?) is allowed.
  • scanboot: Perform a boot sector scan. All non-optical media that are listed under /proc/partitions will be scanned.
  • abort : Abort the current scan.
  • start : Start gdavserver.
  • stop: Stop gdavserver.
  • restart: Stop and restart gdavserver.
  • updateVDB<:engine>: Initiate a virus signature update for EngineA or EngineB. After theupdate has completed, the scan server should be restarted using the restart command.
  • dump: Show the current configuration.
  • set:<key >=<value>: Set a specific option in the configuration of gdavserver, overwriting the existing option (which was read from /etc/gdata/gdav.ini). Options are only set temporarily and will be lost when stopping gdavserver.
  • get :<key >: Show the current value of a specific option from the configuration of gdavserver.
  • reload: Reload all values from /etc/gdata/gdav.ini.
  • engines: List the names of all scan engines that are used.
  • baseinfo: Show version information.
  • coreinfo: Show virus engine version information.
  • pid: Show the gdavserver PID.

If you use the scan: command to run a virus scan, the following options can be used:

  • -s: In addition to the regular scan output, a summary of scan results will be displayed.
  • -x : In addition to the regular scan output, a summary of scan results will be displayed (XMLformat).

Unable to render {include} The included page could not be found.

G DATA ActionCenter

G DATA ActionCenter offers cloud-enabled G DATA services. Its functionality has been divided into several modules. For business solutions the ActionCenter offers Network Monitoring as optional module.

Using network monitoring, administrators can keep an eye on the status of their network infrastructure. By defining metrics, a wide range of statistical information can be collected from clients and viewed through the Dashboard.

Creating and linking an account

At the login page of ActionCenter, click Register to open the registration page. After entering and confirming an Email address, entering a Password and agreeing to the terms and conditions, click Register to submit your data. An email containing a confirmation link will be sent to the emailaddress.

After confirming the account by clicking the confirmation link, the user name and password should be configured in G DATA Administrator in the ActionCenter module in order to establish the link between G DATA ManagementServer and G DATA ActionCenter.

ActionCenter Settings

Permissions

The Permissions page can be used to manage permissions that have been granted under Network monitoring > Server overview. The ActionCenter accounts with permissions are listed under the headings of the respective ManagementServers. Click Remove to revoke the permissions for the selected account.

Email groups

Email groups bundle one or more email address and are used for reporting and notifications, such as the threshold alerts of the Network monitoring module. The Email groups page displays all email groups and their associated email addresses.

To create a new email group, click Add email group, enter a Name, select the intended Language and then click Add. To add an email address to a group, select the group and then, under Edit group Group name, enter an Email address and click Add email to "Group name" . This step can be repeated to add multiple email addresses to the same group.

Module Network Monitoring

Dashboard

The Dashboard shows up-to-date statistics for all metrics, as well as an overview of all servers and devices that can be managed. When a metric is favorited, a summary widget is added to the Dashboard containing the associated device name, latest value and a trend diagram.

At the center of the Dashboard, status information is displayed. Under OK, all metrics that are not reporting any threshold violations are listed. When a metric reports a value above or below apreviously defined threshold, its status is changed to Warning. After two more threshold violations, the status is changed to Critical. Per status, metrics are displayed by category. This allows for agranular overview of which device category is currently affected.

The Logs section displays log entries for all metrics. Log entries are added when a metric reports its first value, when it reports an error and when it changes its state (for example from OK to Critical). Clicking a log entry opens the associated Metric page.

When managing multiple servers, the drop-down list at the top of the Dashboard can be used to create and select Dashboard views. Click Create dashboard, enter a Name for the Dashboard and assign one or more ManagementServers.

Metrics overview

A metric is created by assigning a metric template to one or more devices. Based on the parameters in the metric template, the metric will regularly report the specified statistics from the specified device(s). Click Create metrics to create a new metric.

The Metrics overview page lists all metrics. Clicking a metric opens the associated Metric page. The metrics list can be filtered by state or category. For each entry in the list, the following information is displayed:

  • ManagementServer: The ManagementServer governing the device to which the metric template has been assigned.
  • Device: The device to which the metric template has been assigned.
  • State: The current status of the metric (OK, Warning, Critical or Unknown).
  • Metric: The name of the metric template which was used to create the metric.
  • Category: The category of the metric template which was used to create the metric.
  • Target: The target device of the metric template which was used to create the metric.

Metric

The Metric page displays the details of the selected metric. At the top of the page, its Name, Device and ManagementServer are displayed, as well as its current status. Using the Favorite option, the metric can be pinned to the Dashboard.

The diagram view can be customized to get an instant overview of trend data. The default setting shows the values for the last 6 hours. Using the drop-down menu, this range can be changed.

Under Overview, several parameters are displayed:

  • Measuring interval: The interval with which the metric sends new values to ActionCenter.
  • Last value: The most recent value including a timestamp.
  • Minimum: The lowest value ever recorded.
  • Maximum: The highest value ever recorded.
  • Threshold (only displayed if a threshold has been set): The current threshold value.
  • Over threshold (only displayed if a threshold has been set): The percentage of recorded values that was higher than the threshold value.
  • Under threshold (only displayed if a threshold has been set): The percentage of recorded values that was lower than the threshold value.

Under Metric log, all log entries for the metric are displayed. Log entries are added when a metric reports its first value, when it reports an error and when it changes its state (for example from OK to Critical).

Add metrics

Creating a metric involves assigning one or more metric templates to one or more devices. The Add metrics page offers a four-step process:

  1. Choose metric templates. Select one or more templates. The templates are listed by category.
  2. Choose devices. Select one or more devices. The devices are displayed in a folder structure, grouped by ManagementServer. At the top level of the folder structure, the ManagementServers themselves can be selected (in case a metric template from the ManagementServer category has been chosen in step 1).
  3. Verify chosen devices. Make sure that all devices to which the chosen template(s) should be applied have been selected.
  4. Summary. Click Create metric to create the corresponding metric(s) and return to the Metrics overview.

Manage metric templates

A metric template contains the parameters for a specific network monitoring scenario. Templates can be assigned to one or more devices, creating metrics.

The Manage metric templates page lists all metric templates. For each entry in the list, the following information is displayed:

  • Name: The name of the template.
  • Comment: Information that helps distinguish templates.
  • Category: The category of the template (Devices, Local processes, Network, ManagementServer, Network printer or SNMP devices).
  • Metric: Defines the type of information that is being monitored, depending on which Category has been selected.
  • Used by : The number of devices to which a metric using this template has been assigned.

Create metric template

To create a metric template, a number of required and optional parameters should be entered:

  • Category: Select the template category (Devices, Local processes, Network, ManagementServer, Printer or SNMP devices).
  • Metric: Select the type of information that should be monitored, depending on which Category has been selected.
  • Name: The name of the template.
  • Comment: Information that helps distinguish templates.

Depending on the Category and Metric, one or more of the following settings will be displayed:

  • Target: The target on which the selected information will be collected. This value cannot be changed and is set to localhost by default, meaning that the information will be collected on the device to which the metric template will be assigned.
  • Hostname: The host name of the device on which the selected information will be monitored. This does not necessarily need to be the device to which the metric template will be assigned. Multiple hostnames can be added; when the metric template is assigned to a device, multiple metrics will be created.
  • URL: The URL for which the selected information will be monitored. Multiple URLs can be added; when the metric template is assigned to a device, multiple metrics will be created.
  • SQL Server Instance: The SQL Server instance on which the selected information will bemonitored. Click the magnifying glass to view a list of available SQL Server instances per ManagementServer.

Optional settings also depend on the selected Category and Metric, and include one or more of the following:

  • Threshold value: Set a threshold value.
  • Measured value condition: Dictates how the threshold value is interpreted. The metric state will change from OK to Warning and then to Critical when the measured value is below or above the threshold.
  • CPU: Enter the CPU for which the selected information will be monitored or enter _Total to monitor all CPUs.
  • Drive letter: Enter the drive for which the selected information will be monitored or enter_Total to monitor all drives.
  • Process name: Enter the process name for which the selected information will be monitored or enter _Total to monitor all processes.
  • Network adapter name: Enter the network adapter for which the selected information will be monitored or enter * to monitor all network adapters.
  • SQL Server Database: Enter the database for which the selected information will be monitored or enter _Total to monitor all databases.
  • Request timeout: Enter the request timeout for Ping requests.
  • Expected HTTP status code: When the HTTP request returns a different status code from the one defined here, it is treated as a threshold violation, changing the metric state.

SNMP Community: Enter the SNMP community string that is required by the target device. The community string is set by the manufacturer of the device and can often be found in the device's documentation.

Under Alerts settings, email alerts can be configured:

  • Alert condition: An alert will be sent when the metric state changes to Critical only or when it changes to either Critical or Warning.
  • Notify only selected email groups: The alert will be sent to the selected email groups, which can be defined using the Email groups page.

Edit metric template

The Edit template page can be used to edit existing metric templates. All settings correspond to the ones that were set when the template was created. Some are displayed as read-only and cannot be changed:

  • Category
  • Metric
  • Used by
  • Target
  • Host name
  • URL

All other settings can be freely edited. Click Save template to save the changes. Changes made to an existing template will be applied to all metrics that are based on the selected template.

Devices overview

The Devices overview lists all devices that are managed by the ManagementServers that have been linked to the ActionCenter account. The list can be filtered by clicking Filter and selecting the appropriate ManagementServer from the folder structure.

Each device is listed with its name and all associated metrics. Clicking a metric opens the associated Metric page.

Server overview

The Server overview displays all ManagementServers that have been linked to the ActionCenter account. Per server, the number of associated devices, metrics and printers is listed. The overview can be filtered by clicking any of the tags under Filter.

Clicking a server opens the Server info page, which allows access to the following information and settings:

  • Hostname: The host name of the server.
  • Version: The version number of ManagementServer.
  • Last access: The timestamp of the last synchronization between this server and ActionCenter.
  • Metrics: The number of metrics associated with this server.
  • Devices: The number of devices associated with this server.
  • Printers: The number of printers associated with this server.
  • Comment: Information that helps distinguish servers.
  • API access: Enabled by default. Disabling API access does not remove the server from ActionCenter but prevents it from reporting values.
  • Tags: Add one or more tags that can be used to filter the Server overview list.

Click Set permissions to grant read-only permissions for this server to another ActionCenter account. Enter the account's email address under Email and click Send invitation to send an invitation email. After logging in to ActionCenter using the provided link and accepting the invitation, the recipient will have read-only access to all network monitoring functionality for this server. Permissions can be viewed and revoked using the Permissions page.

If the email address is not yet associated with an ActionCenter account, the recipient will be prompted to create an account. Afterward, the invitation can be accepted.

Click Delete server to remove the server from ActionCenter. This will also remove all associated devices, metrics and logs.

G DATA Security Labs

If you discover a new virus or an unknown phenomenon, always send us the file via the Quarantine function, which can be found in G DATA Administrator under Security events. Right click on any reported file and choose Quarantine: Send to G DATA Security Labs. We will, of course, treat the data you have sent us with the utmost confidentiality and discretion.

G DATA technical support

Installation and use of G DATA software is easy and self-explanatory. However, if you encounter a problem, just get in touch with our competent support staff:

Before contacting Support, please check the configuration of your computer and network. The following information is important:

  • The version number of G DATA Administrator, which can be found in the help menu.
  • The serial number or the Internet Update user name. The serial number can be found in the order confirmation. When in doubt, contact your reseller or distributor.
  • The exact version number of the operating system (client/server).
  • Additional hardware and software components (client/server).
  • Any errors that may have occurred (error messages, including error codes) in their exact wording.

By providing these details, contact with our Support staff will be easier, quicker and more successful. If possible, please make sure that you can readily access a PC on which G DATA  administrator is available.

G DATA Endpoint Protection Business FAQ

FAQ - Installation

After client installation, some applications run significantly slower than before.

The G DATA monitor oversees all file accesses in the background and performs virus checks. This normally leads to a delay that is barely perceptible. If an application opens many files or opens some files very often, a significant delay can occur. To avoid this, first temporarily disable the monitor to find out whether the delays are being caused by it. If the affected computer accesses files on a server, you must also temporarily disable the monitor on the server. If the monitor is the cause, the problemcan usually be resolved by defining an exception (files that are not to be checked). For this purpose, the files that are frequently accessed must be identified. You can identify this data with a program such as MonActivity. If necessary, contact our support team.

You can also increase performance by using just one engine rather than two for virus checks. This primarily applies to older systems and can be defined in the Client settings.

I have installed the G DATA software without registering it . How can I register the software?

To register the software after the installation, open Internet update under Start > All Programs > G DATA > G DATA Management Server. Click Online registration to open the registration form and enter the registration number. You can find the registration number in the order confirmation. In case of doubt, contact your dealer or the relevant distributor. On entering the registration number, your solution is activated. The access data generated is displayed following successful registration. Be sure to make a note of these access credentials! Following successful registration, it is no longer possible to re-enter the license key. If you have problems entering your registration number, please check whether you have entered it correctly. Depending on the font used, a capital "I" (for India) is often misread as the number "1" or the lowercase letter"l" (for Lima). The same applies to: "B" and "8", "G" and "6", "Z" and "2". If you have purchased G DATA Client Security Business, G DATA Endpoint Protection Business, or PatchManager as add-on module, and did not activate it on installation, the Firewall, PatchManager, and PolicyManager tabs are only enabled following successful activation. Until then, only the G DATA Antivirus Business functions are available.

Troubleshooting the MailSecurity for Exchange update when using Exchange Server 2007

When upgrading MailSecurity for Exchange on Microsoft Exchange Server 2007, Microsoft .NETFramework 3.5 or higher needs to be present. If Microsoft .NET Framework 3.5 or higher is not present, GDVSService will fail to start after the upgrade has been carried out. Installing Microsoft .NET Framework 3.5 or higher before or after upgrading MailSecurity for Exchange will ensure full functionality.

Updating MailSecurity for Exchange version 12

Due to changes in the installation procedure, MailSecurity for Exchange installations that were initially deployed at version 12 cannot be updated to version 14, even if they have previously been updated to version 13.0 or 13.1. In that case, the previous version of MailSecurity for Exchange should be uninstalled before installing version 14. In addition, it should be ensured that MailSecurity for Exchange is installed on all Exchange servers that are running the Mailbox or Hub Transport roles.

MailSecurity, Exchange Server 2000 and AVM Ken!

If you are using AVM Ken! and would like to install G DATA MailSecurity on the same computer as the Ken! server, our support team can supply detailed instructions. If you are using Exchange Server 2000 and would like to install G DATA MailSecurity on the same computer as the Exchange Server, or you would like to change the ports for incoming and outgoing mail on the Exchange server, our support team can supply detailed instructions.

Installation in a network with multiple Domain Controllers

When installing MailSecurity for Exchange in a network with multiple Active Directory Domain Controllers, the setup wizard requires the tool Repadmin.exe to be present. Repadmin.exe is available as part of the Active Directory Domain Services role, the Active Directory Lightweight Directory Services role and the Active Directory Domain Services Tools (Remote Server Administration Tools). Before starting the installation wizard of MailSecurity for Exchange, make sure one or more of these components are present.

FAQ - Error messages

Client: "Program files were changed or are corrupt"

In order to ensure optimal virus protection, the integrity of the program files is regularly checked. If an error occurs, the report Program files were changed or are corrupt is listed in the Security events module. Delete the report and download the current update of the program files (G DATA SecurityClient) from the G DATA update server. Subsequently, perform an update of the program files on the affected clients. Please contact our support team if the error occurs again.

Client: "The virus database is corrupt"

In order to ensure optimal virus protection, the integrity of the virus database is regularly checked. If an error occurs, the report The virus database is corrupt is listed in the Security events module. Delete the report and download the current update of the virus database from the G DATA update server. Then, perform an update of the virus database on the affected clients. Please contact our support team if the error occurs again.

Installation: "Microsoft Exchange Server 2007 SP1 is required to install G DATA MailSecurity"

If you receive the error message "Microsoft Exchange Server 2007 SP1 is required to install G DATAMailSecurity", the minimum requirements for installing the G DATA MailSecurity Exchange plugin have not been fulfilled. For the installation, Microsoft Exchange 2007 with Service Pack 1 is required. It must be installed before G DATA MailSecurity. See also Installation and System requirements.

FAQ - Linux

Installation

The installation of G DATA Security Client for Linux and G DATA Security Client for Mac uses a ManagementServer-based repository. When deploying a Linux or Mac client, the relevant binaries will be copied from the ManagementServer repository to the client. If they are not yet available in the repository, they will be downloaded from the G DATA update servers, added to the repository on the ManagementServer and subsequently deployed to the client.

Background processes

To check whether both G DATA Security Client for Linux processes are running, enter the following in aterminal window:

linux:~# ps ax|grep av

The response should contain the following processes:

/usr/local/sbin/gdavserver

/usr/local/sbin/gdavclientd

You can start the processes with:

linux:~# /etc/init.d/gdavserver start

linux:~# /etc/init.d/gdavclient start

You can stop the processes with:

linux:~# /etc/init.d/gdavserver stop

linux:~# /etc/init.d/gdavclient stop

To do this, you must have root permissions.

Log files

Remote installations of G DATA Security Client for Linux are logged in /var/log/gdata_install.log. Thegdavclientd process logs information and errors to /var/log/gdata/avclient.log. The gdavserver process logs information and errors to /var/log/gdata/gdavserver.log, which helps troubleshooting the connection to G DATA ManagementServer. If you wish to see more information, edit the configuration files /etc/gdata/gdav.ini and /etc/gdata/avclient.cfg and set the LogLevel value to 7 (add it if it does not exist yet).

Warning: A high LogLevel generates a lot of messages and causes the log files to quickly increase in size. Under normal operating conditions, always set the LogLevel to a low value.

Scan server test

Use the gdavclientc command line tool to test the functioning of the gdavserver scan server. Version information can be retrieved using the baseinfo and coreinfo commands. Run a test scan using the scan:<path> command. See the chapter gdavclientc for more details.

Connection with G DATA Management Server

Communication with the G DATA ManagementServer is configured in /etc/gdata/avclient.cfg. Check whether the IP address of ManagementServer was entered correctly. If not, delete the incorrect entry and enter the IP address of the ManagementServer directly or re-enable the Linux client via the G DATA Administrator.

FAQ - Other

How can I check whether the clients connect to G DATA ManagementServer?

The Last access column in the Clients module contains the date on which the client last reported to the G DATA ManagementServer. In the default setting, the clients report to the G DATA ManagementServer every five minutes (if there are no scan jobs currently running). The following reasons may cause a failed connection:

The client is disabled or disconnected from the network.

A TCP/IP connection cannot be established between the client and the G DATA ManagementServer. Check the network and port forwarding settings.

The client cannot determine the IP address of the server, i.e., the name resolution is not functioning. The connection can be tested using the telnet command at the prompt. Port 7161 must be accessible on the server and ports 7167 / 7169 must be accessible on the client. Check the connection using the telnet <servername> <portnumber> command.

Note that under Windows 7 and Server 2008 (R2), the telnet command is notavailable by default. Enable the relevant Windows function or add it to the server as a new feature. If the connection from the client to the server is intact, an array of cryptic characters appears in the prompt. If the connection from the server to the client is intact, an empty input window appears.

My mailbox was moved to the quarantine

This can happen when an infected email is found in the mailbox. To move the file back: close the mail program on the affected client and delete any possibly newly created archive file. Then use the G DATA Administrator to open the associated report and click on Quarantine: move back. Please contact our support team if moving back fails.

Connect to the ManagementServer via its IP address instead of its name

The server name will be requested during the installation, but can be replaced by the IP address if you want to connect to the ManagementServer via its IP address instead of its name. You can also replace the server name with the IP address after G DATA ManagementServer has already been installed. To do this, edit the file Config.xml (located in the installation folder of G DATA ManagementServer) and change the value for MainMms to the IP address. More information about Config.xml can be found in the Reference Guide.

To make sure that the connection from the server to the clients can also be established via the IPaddress, the clients must be enabled in G DATA Administrator with their IP address. This can be done either manually or by ActiveDirectory synchronization. If the clients are installed directly from the installation medium, the installation program asks for both the server name and the name of the computer. Enter the appropriate IP address here.

How do I enable an SSL Server Certificate in IIS 7 and higher?

To facilitate secure communication between clients and WebAdministrator/MobileAdministrator, it is recommended to enable an SSL Server Certificate in Internet Information Services (IIS).

To enable an SSL Server Certificate in IIS 7 and higher (Windows Server 2008 and newer), open Internet Information Services (IIS) Manager. Using Windows Server 2008, IISManager can be found under Star t > All Programs > Administrative Tools. Alternatively, click Start > Run and enter the command inetmgr. Select your server in the Connections panel. In the middle of the screen, navigate to the IIS category and double click on Server Certificates. On the Actions panel, click Create Self-Signed Certificate. After entering a proper name for the certificate, it will be created and listed in the Server Certificates panel. Note that the default expiration date of the certificate is exactly one year ahead of the date of creation.

To apply the certificate to site communication, select the appropriate site in the Connections panel. On the Actions panel at the right, choose Bindings. Click Add to add a new binding. Select https as Type and select the certificate you just added in the SSL certificate dropdown. Click OK to add the binding.

Accessing WebAdministrator and MobileAdministrator through a secure connection is now possible by replacing the http:// prefix in your browser with https://, for example https://servername/gdadmin. Because of the self-signed certificate, your browser may issue a warning before allowing you to open WebAdministrator or MobileAdministrator. The communication, however, will still be fully encrypted.

How do I enable an SSL Server Certificate in IIS 5 or 6?

To facilitate secure communication between clients and WebAdministrator/MobileAdministrator, it is recommended to enable an SSL Server Certificate in Internet Information Services (IIS).

To enable an SSL Server Certificate in IIS 5 (Windows XP) or IIS 6 (Windows Server 2003), you can use the Microsoft tool SelfSSL, which is available in the IIS 6.0 Resource Kit Tools (a free download from the Microsoft website). By performing a Custom setup, you can select the tools that you want to install. Select Self SSL 1.0. After installation, open the SelfSSL command prompt through Start > Programs > IIS Resources > Self SSL. You can assign a self-signed certificate to your website by entering a single command: selfssl /N:CN=localhost /K:2048 /V:365 /S:1 /T. Press Enter. Confirm the certificate creation by pressing Y . This will create a certificate for the default IIS site on the local server, and add localhost to the list of trusted certificates. The key length will be 2048 and the certificate will be valid for 365 days. If your site is not the default site of IIS, look up its Identifier in Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager and change the parameter /S:1 accordingly.

Accessing WebAdministrator and MobileAdministrator through a secure connection is now possible by replacing the http:// prefix in your browser with https://, for example https://servername/gdadmin. Because of the self-signed certificate, your browser may issue a warning before allowing you to open WebAdministrator or MobileAdministrator. The communication, however, will still be fully encrypted.

Unable to render {include} The included page could not be found.

  • No labels