ForeScout CounterACT. Ensure Antivirus Compliance. How-to Guide. Version 8.0

Similar documents
ForeScout CounterACT. Ensure Instant Messaging and Peer to Peer Compliance. How-to Guide. Version 8.0

Ensure Antivirus Compliance

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

Forescout. Control Network Vulnerabilities. How-to Guide. Forescout version 8.1

ForeScout CounterACT. Classify Devices. How-to Guide. Version 8.0

Ensure Instant Messaging and Peer to Peer Compliance

Control Network Vulnerabilities

Classify Assets. How-to Guide. CounterACT Version 7.0.0

Manage External Devices

Classify Mobile Assets

CounterACT Wireless Plugin

Prevent Network Attacks

Control Wireless Networks

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

ForeScout CounterACT. ARF Reports Module. Configuration Guide. Version 1.0.3

ForeScout CounterACT. Configuration Guide. Version 1.2

ForeScout CounterACT. Configuration Guide. Version 1.4

ForeScout CounterACT. Configuration Guide. Version 1.1

ForeScout CounterACT. Configuration Guide. Version 5.0

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Forescout. Asset Reporting Format (ARF) Reports Module. Configuration Guide. Version 1.0.3

ForeScout CounterACT. Windows Vulnerability DB. Configuration Guide. Updated February 2018

ForeScout CounterACT. Deploying SecureConnector as a Service as Part of a Machine Image. How-to Guide. Version 8.0

ForeScout CounterACT. Cisco PIX/ASA Firewall Integration Module. Configuration Guide. Version 2.1

ForeScout CounterACT. Controller Plugin. Configuration Guide. Version 1.0

ForeScout CounterACT. Work with IPv6 Addressable Endpoints. How-to Guide. Version 8.0

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

ForeScout Extended Module for Bromium Secure Platform

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

ForeScout Extended Module for Qualys VM

ForeScout CounterACT. Plugin. Configuration Guide. Version 1.2

ForeScout CounterACT. Configuration Guide. Version 3.1

ForeScout Extended Module for Advanced Compliance

Enterprise Manager/Appliance Communication

Use the Executive Dashboard

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

ForeScout Extended Module for ServiceNow

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

CounterACT NetFlow Plugin

Forescout. Configuration Guide. Version 2.4

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MobileIron

ForeScout CounterACT. Centralized Licensing. How-to Guide. Version 8.0

CounterACT Reports Plugin

ForeScout Extended Module for ServiceNow

CounterACT Check Point Threat Prevention Module

CounterACT Afaria MDM Plugin

Forescout. Engine. Configuration Guide. Version 1.3

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.3

ForeScout Extended Module for VMware AirWatch MDM

Forescout. Plugin. Configuration Guide. Version 2.2.4

ForeScout CounterACT. Security Policy Templates. Configuration Guide. Version

CounterACT CEF Plugin

Forescout. Work with IPv6 Addressable Endpoints. How-to Guide. Forescout version 8.1

ForeScout CounterACT. Configuration Guide. Version 4.1

ForeScout CounterACT. Configuration Guide. Version 1.2

ForeScout Extended Module for IBM BigFix

Forescout. eyeextend for ServiceNow. Configuration Guide. Version 2.0

CounterACT Aruba ClearPass Plugin

Forescout. Configuration Guide. Version 4.4

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.2.4

ForeScout Extended Module for IBM BigFix

CounterACT VMware vsphere Plugin

Forescout. Configuration Guide. Version 1.3

CounterACT Microsoft System Management Server (SMS) System Center Configuration Manager (SCCM) Plugin

ForeScout Extended Module for Symantec Endpoint Protection

ForeScout CounterACT. SecureConnector Advanced Features. How-to Guide. Version 8.0

Forescout. Configuration Guide. Version 3.5

Forescout. Configuration Guide. Version 4.2

ForeScout Extended Module for ArcSight

CounterACT External Classifier Plugin

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

ForeScout CounterACT. Configuration Guide. Version

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Forescout. Plugin. Configuration Guide. Version 1.2.2

ForeScout Extended Module for Tenable Vulnerability Management

CounterACT DHCP Classifier Plugin

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for HPE ArcSight

ForeScout App for IBM QRadar

Forescout. Gradual Upgrade Guide. Version 8.1

ForeScout Amazon Web Services (AWS) Plugin

ForeScout CounterACT. Configuration Guide. Version 1.2

ForeScout CounterACT. Configuration Guide. Version 6.3

ForeScout CounterACT. Configuration Guide. Version 4.3

Forescout. Open Integration Module: Web API. Configuration Guide. Version 1.4

CounterACT VMware vsphere Plugin

Forescout. Configuration Guide. Version 1.1

CounterACT User Directory Plugin

Forescout. Configuration Guide. Version 2.2

ForeScout CounterACT. Configuration Guide. Version 1.8

ForeScout CounterACT Linux Plugin

ForeScout CounterACT. Hardware Inventory Plugin. Configuration Guide. Version 1.0.3

ForeScout CounterACT Version 8.0.1

CounterACT Security Policy Templates

Transcription:

ForeScout CounterACT Ensure Antivirus Compliance How-to Guide Version 8.0

Table of Contents About Ensuring Antivirus Compliance... 3 Prerequisites... 3 Create and Apply an Antivirus Policy... 4 Evaluate Host Compliance... 9 Generate Reports... 10 Additional CounterACT Documentation... 11 Documentation Downloads... 11 Documentation Portal... 11 CounterACT Help Tools... 12 Version 8.0 2

About Ensuring Antivirus Compliance ForeScout CounterACT provides powerful tools that let you continuously track and control Antivirus installations to ensure that your hosts are in compliance with your organization s Antivirus policies. Follow the step-by-step procedures in this guide to: Use a wizard-based CounterACT template to create an Antivirus Compliance policy. The policy detects hosts at which Antivirus applications are: not installed not running not up-to-date The policy places hosts in groups that reflect their status. You can view these groups at the Console. Review an extensive range of information about each device and about the users connected to them. Generate real-time and trend reports on Antivirus network compliance. After running a policy to detect non complaint hosts, you can optionally enable automated remediation and self-remediation to handle non-compliant hosts. The policy described in this guide inspects only Windows machines. To inspect Macintosh machines, use this general procedure to a create Macintosh Update Compliance policy. This How-to guide provides basic configuration instructions designed for a quick setup. For more information on the extended configuration options, refer to the CounterACT Administration Guide. Prerequisites Verify that your CounterACT system was set up using the Initial Setup Wizard. Refer to the CounterACT Administration Guide for details. Verify that the Corporate Hosts and Windows groups appear in the Console, Filters pane. If not, run the Asset Classification and Corporate/Guest Control template policies to create these groups. Refer to the CounterACT Administration Guide for details. Version 8.0 3

Create and Apply an Antivirus Policy Follow these steps to detect the Antivirus application status on network endpoints using a policy template. Select the Antivirus Compliance Template 1. Log into the CounterACT Console. 2. On the Console toolbar, select the Policy tab. The Policy Manager opens. 3. In the Policy Manager, select Add. The Policy Wizard opens, guiding you through policy creation. 4. Under Templates, expand the Compliance folder and select Antivirus Compliance. 5. Select Next. The Name pane opens. Version 8.0 4

Name the Policy 1. In the Name pane, a default policy name appears in the Name field. 2. Accept the default name or create a new name, and add a description. 3. Select Next. The Scope pane and the IP Address Range dialog box open. Choose the Hosts to Inspect 4. Use The IP Address Range dialog box to define which endpoints are inspected. The following options are available: All IPs: Include all IP addresses in the Internal Network. Segment: Select a previously defined segment of the network. To specify multiple segments, select OK or Cancel to close this dialog box, and select Segments from the Scope page. Unknown IP addresses: Apply the policy to endpoints whose IP addresses are not known. Endpoint detection is based on the endpoint MAC address. Not applicable for this policy template. Viewing or modifying the Internal Network is performed separately. Select Tools>Options>Internal Network. Version 8.0 5

5. Select OK. The added range appears in the Scope list. 6. Select Next. The Antivirus pane opens. Choose Vendors to Manage/Define Period 1. New vendors may be added to this list in between CounterACT version releases. To automatically include newly supported vendors/versions in the inspection, select Any vendor. 2. To select specific vendors to detect, select Specify vendors and select the individual vendors. The value in the Antivirus updated field indicates how recently the last Antivirus signature update must have been performed on the host. If the update was performed previous to this, the host is not considered compliant. The Antivirus application must be running to be detected. 3. Select Next. The Sub-Rules pane opens. Finish Policy Creation The policy sub-rules are displayed in the Sub-Rules pane. Rules instruct CounterACT how to detect hosts (Conditions) and handle hosts (Actions). Version 8.0 6

The Add to Group action automatically places non-compliant endpoints into the following groups: Antivirus Not Installed Antivirus Not Running Antivirus Not Updated Other actions for handling the non-compliant endpoints policy are disabled by default. Activate these actions only after you run the policy and review the generated groups. 1. Select Finish. The policy automatically appears highlighted in the Policy Manager, where it can be activated. Activate the Policy 1. On the Console toolbar, select the Policy tab. 2. In the Policy Manager, select the policy you created. Version 8.0 7

3. Select Apply. 4. A series of confirmation dialog boxes opens. Select Yes or OK accordingly. On completion, the policy is activated. CounterACT detects Antivirus applications that are either not installed, not running or have not been updated. 5. On the Console toolbar, select the NAC tab. 6. In the Filters pane, expand the Groups folder and scroll to view the detected AntiVirus groups. Version 8.0 8

Evaluate Host Compliance After activating the policy, you can view an extensive range of details about antivirus host compliance. To evaluate antivirus host compliance: 1. On the Console toolbar, select the NAC tab. 2. In the Views pane, expand the Policy folder and select your AntiVirus Compliance policy. 3. In the Detections pane, select an antivirus host. Host information is displayed in the Details pane. 4. In the Filters pane, expand the Groups folder and select the Antivirus Not Installed, Antivirus Not Running or Antivirus Not Updated group. The hosts detected without antivirus installed, running or updated are displayed in the Detections pane. 5. To customize the information displayed about antivirus hosts, right-click a column heading, select Add/Remove Columns, and select the information of interest to you. You can also reorder the columns. Version 8.0 9

Generate Reports After the policy runs, you can generate reports with real-time and trend information about non-compliant hosts. You can generate and view the reports immediately, or schedule report generation. The Reports Portal provides tools to customize reports and schedule automatic report generation. For more information about this portal, see the CounterACT Administration Guide. To generate a report: 1. Select Web Reports from the Console Reports menu. The Reports portal opens. 2. Select Add. The Add Report Template dialog box opens. 3. Select the Policy Trend or Compliance Status report template, and select Next. A report configuration page opens. 4. Define the report specifications in each field. 5. Schedule report generation (optional). 6. Select Save (optional) to save the report settings and assign them a name. The report name appears in the Reports list for future use. 7. Select Run to generate and display the report. In the following example, the Policy Compliance Trend report was selected. This report gives you a breakdown of compliance with your Antivirus policy over time. Version 8.0 10

Additional CounterACT Documentation For information about other CounterACT features and modules, refer to the following resources: Documentation Downloads Documentation Portal CounterACT Help Tools Documentation Downloads Documentation downloads can be accessed from one of two ForeScout portals, depending on which licensing mode your deployment is using. Per-Appliance Licensing Mode - Product Updates Portal Centralized Licensing Mode - Customer Portal Software downloads are also available from these portals. To learn which licensing mode your deployment is using, see Identifying Your Licensing Mode in the Console. Product Updates Portal The Product Updates Portal provides links to CounterACT version releases, Base and Content Modules, and Extended Modules, as well as related documentation. The portal also provides a variety of additional documentation. To access the Product Updates Portal: 1. Go to https://updates.forescout.com/support/index.php?url=counteract. 2. Select the CounterACT version you want to discover. Customer Portal The Downloads page on the ForeScout Customer Portal provides links to purchased CounterACT version releases, Base and Content Modules, and Extended Modules, as well as related documentation. Software and related documentation will only appear on the Downloads page if you have a license entitlement for the software. The Documentation page on the portal provides a variety of additional documentation. To access documentation on the ForeScout Customer Portal: 1. Go to https://forescout.force.com/support/. 2. Select Downloads or Documentation. Documentation Portal The ForeScout Documentation Portal is a searchable, web-based library containing information about CounterACT tools, features, functionality and integrations. Version 8.0 11

If your deployment is using Centralized Licensing Mode, you may not have credentials to access this portal. To access the Documentation Portal: 1. Go to www.forescout.com/docportal. 2. Use your customer support credentials to log in. 3. Select the CounterACT version you want to discover. CounterACT Help Tools Access information directly from the CounterACT Console. Console Help Buttons Use context sensitive Help buttons to quickly access information about the tasks and topics you are working with. CounterACT Administration Guide Select CounterACT Help from the Help menu. Plugin Help Files 1. After the plugin is installed, select Options from the Tools menu and then select Modules. 2. Select the plugin and then select Help. Documentation Portal Select Documentation Portal from the Help menu. Identifying Your Licensing Mode in the Console If your Enterprise Manager has a ForeScout CounterACT See license listed in the Console, your deployment is operating in Centralized Licensing Mode. If not, your deployment is operating in Per-Appliance Licensing Mode. Select Options > Licenses to see whether you have a ForeScout CounterACT See license listed in the table. Contact your ForeScout representative if you have any questions about identifying your licensing mode. Version 8.0 12

Legal Notice 2018 ForeScout Technologies, Inc. All rights reserved. ForeScout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their respective owners. 2018-04-15 14:09 Version 8.0 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback