Air Gap AntiVirus Guide Version 8.5 Update 2

Similar documents
ZENworks 2017 Patch Management Airgap Solution. 1 About the Airgap Solution. 2 Prerequisites. December 2017

Endpoint Security. powered by HEAT Software. Patch and Remediation Best Practice Guide. Version 8.5 Update 2

Ivanti Patch for SCCM. File Downloader User s Guide

Ivanti Patch for SCCM (Formerly Shavlik Patch) Version History

Toolkit Activity Installation and Registration

KYOCERA Net Admin User Guide

ECM-VNA Convergence Connector

Configuring ApplicationHA in VMware SRM 5.1 environment

CounterACT Check Point Threat Prevention Module

ForeScout CounterACT. Ensure Antivirus Compliance. How-to Guide. Version 8.0

Mail Merge. To Use Mail Merge: Selecting Step by Step Mail Merge Wizard. Step 1:

ForeScout Extended Module for Bromium Secure Platform

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

XDS Connector. Installation and Setup Guide. Version: 1.0.x

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Upgrade to Office 365 ProPlus

Migration from version 7.5 to 9.0. IBM License Metric Tool & Software Use Analysis Questions and Answers ILMT Central Team

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Enable the Always Offline Mode to Provide Faster Access to Files

Manually Configuring IIS

Amazon WorkSpaces Application Manager. Administration Guide

Service Manager. Installation and Deployment Guide

BlueMix Hands-On Workshop Lab A - Building and Deploying BlueMix Applications

Workflow Scheduler Installation Guide. Version Page 1 of 19

IS L02-MIGRATING TO SEP 12.1

ForeScout Extended Module for IBM BigFix

Contents Upgrading BFInventory iii

IBM Endpoint Manager. OS Deployment V3.5 User's Guide

Downloading and Managing Firmware in Cisco UCS Central

Five9 Plus Adapter for Agent Desktop Toolkit

enlight Resource Monitoring Tool for Windows VMs

Moving a File (Event-Based)

Introduction. Mail Merge. Word 2010 Using Mail Merge. Video: Using Mail Merge in Word To Use Mail Merge: Page 1

IBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

SOA Software Intermediary for Microsoft : Install Guide

Configuring Alfresco Cloud with ADFS 3.0

Comodo SecureBox Management Console Software Version 1.9

Service Manager. Database Configuration Guide

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

ZENworks 2017 Audit Management Reference. December 2016

IBM Endpoint Manager. OS Deployment V3.8 User's Guide - DRAFT for Beta V.1.0 (do not distribute)

ForeScout Extended Module for IBM BigFix

METADATA FRAMEWORK 6.3. and High Availability

ForeScout Extended Module for ServiceNow

ForeScout CounterACT. Track Changes to Network Endpoints. How-to Guide. Version 8.0

ZENworks 2017 Patch Management Reference. December 2016

Veriato Recon / 360. Version 9.0.3

Publishing and Subscribing to Cloud Applications with Data Integration Hub

Endpoint Security. powered by HEAT Software. AntiVirus Best Practice Guide. Version 8.5 Update 2

01/02/2016 gowtham informatica reference.blogspot.in/2013/05/informatica server installation and.html

ForeScout Extended Module for ServiceNow

Time Machine Web Console Installation Guide

Comodo IT and Security Manager Software Version 6.9

Replication. Version

CounterACT NetFlow Plugin

Akana API Platform: Upgrade Guide

Upgrade Guide. Version 8.2 May 2, For the most recent version of this document, visit our documentation website.

ForeScout CounterACT. Ensure Instant Messaging and Peer to Peer Compliance. How-to Guide. Version 8.0

TB06-003: Install Procedure for Momentum RIP 7.x & RIP Manager 3.1

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

Comodo IT and Security Manager Software Version 5.4

Sophos Enterprise Console Help. Product version: 5.3

Azure for On-Premises Administrators Practice Exercises

RSA NetWitness Logs. McAfee Endpoint Encryption. Event Source Log Configuration Guide. Last Modified: Friday, June 02, 2017

Content Matrix. Evaluation Guide. February 12,

Horizon Console Administration. 13 DEC 2018 VMware Horizon 7 7.7

Reliable High-Speed Connection to Publication Database for Synchronization

Version Installation Guide. 1 Bocada Installation Guide

CREATING CUSTOMER MAILING LABELS

Comodo IT and Security Manager Software Version 6.4

TIBCO Spotfire Automation Services Installation and Configuration

version 5.4 Installation Guide

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

Comodo SecureBox Management Console Software Version 1.9

ForeScout Extended Module for HPE ArcSight

ForeScout Extended Module for Advanced Compliance

CounterACT Aruba ClearPass Plugin

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

UP L12: Still on SEP 11? Let us show you how to simplify migration to SEP.

ZENworks 2017 What s New Reference. December 2016

Five9 Plus Adapter for NetSuite

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

Installation Guide. OMi Management Pack for Microsoft Skype for Business Server. Software Version: 1.00

Double-Take Move. Double-Take Move System Center Integration Toolkit User's Guide

ForeScout CounterACT. Classify Devices. How-to Guide. Version 8.0

RSA NetWitness Logs. Microsoft Network Policy Server. Event Source Log Configuration Guide. Last Modified: Thursday, June 08, 2017

Perceptive Interact for Microsoft Dynamics AX

Oracle WebLogic Server 12c: Administration I

Comodo IT and Security Manager Software Version 6.6

Assuming you have Icinga 2 installed properly, and the API is not enabled, the commands will guide you through the basics:

ForeScout Extended Module for VMware AirWatch MDM

CounterACT CEF Plugin

ForeScout Extended Module for ArcSight

Workspace Administrator Help File

Upgrade Instructions. NetBrain Integrated Edition 7.1. Two-Server Deployment

Slide 1 CS 170 Java Programming 1 Duration: 00:00:49 Advance mode: Auto

INTEGRATION TO MICROSOFT EXCHANGE Installation Guide

Status Web Evaluator s Guide Software Pursuits, Inc.

Transcription:

Air Gap AntiVirus Guide Version 8.5 Update 2 Endpoint Security powered by HEAT Software

Contents Contents 2 Requirements 3 Air Gap Software Requirements 4 Air Gap Checklist 5 AntiVirus Configuration for Air Gap 6 Air Gap AntiVirus Configuration Overview 7 Creating AntiVirus Files and Folders 8 Updating IIS for AntiVirus 12 Updating the AntiVirus Storage Location 18 AntiVirus Air Gap Updates 21 Air Gap AntiVirus Update Overview 22 Replicating With the Global Subscription Service 23 Creating an AntiVirus Air Gap Update 26 Installing an AntiVirus Air Gap Update 27 Glossary 30 Page 2 of 32

Requirements Before beginning installation, review the requirements to make sure you have all the hardware and software necessary for successful use of Air Gap 8.5 Update 2. Page 3 of 32

Air Gap Software Requirements Setting up Ivanti Endpoint Security in an air gap network requires additional software created specifically for air gap. The Air Gap Toolkit This toolkit includes several tools, utilities, and scripts needed to configure and maintain an Endpoint Security Server that s disconnected from the Internet. The Air Gap Toolkit includes: Air Gap Hotfix Air Gap License Tool AirGapLicenseTool.exe AirGapLicenseToolUI.exe ImportEndpointManifest.exe A couple of scripts that configure your Endpoint Security Server running in the air gap network: AirGapScript.sql Dependencies.sql Ivanti Content Wizard: this tool includes two installable components: A server installer (ICWServer.msi) A client installer (ICWClient.msi) Page 4 of 32

Air Gap Checklist Before you begin, make sure you have the following materials on hand: Hardware 1 TB USB thumb drive. This portable media is used to move software across the air gap. As a security best-practice, format the thumb drive to remove any software already on the drive. Ivanti Software Download the following software from the Ivanti Download Page. The Air Gap Toolkit After you download the software listed above, move it to your USB thumb drive. You ll be using the software on both the Air Gap Provider and the Air Gap Client. Page 5 of 32

AntiVirus Configuration for Air Gap Before you can protect air gap endpoints from viruses, you must make special configurations to your Air Gap Client. These configurations only need to be completed once. After you make them, you won't need to complete this process again until the next Endpoint Security Air Gap release. Page 6 of 32

Air Gap AntiVirus Configuration Overview Before you can use Ivanti AntiVirus in your air gap network, you need to configure a few things on your Air Gap Client. This overview contains a high-level summary of each configuration you'll complete. All AntiVirus configuration takes place on the Air Gap Client. Before you start, review the "Air Gap Checklist" on page 5. Make sure you have all the materials you'll need. 1. "Creating AntiVirus Files and Folders" on the next page Begin AntiVirus configuration by creating files and folders that will be used to store AntiVirus definitions on your Air Gap Client. 2. "Updating IIS for AntiVirus" on page 12 Use Internet Information Services (IIS) Manager to create virtual directories of the files and folders you created in the previous procedure. These virtual directories are where your air gap endpoints will access the latest AntiVirus definitions. 3. "Updating the AntiVirus Storage Location" on page 18 Use the Endpoint Security Console on the Air Gap Client to direct Endpoint Security to your virtual directories. Page 7 of 32

Creating AntiVirus Files and Folders Begin AntiVirus configuration by creating files and folders that will be used to store AntiVirus definitions on your Air Gap Client. To Create AntiVirus Files and Folders 1. Log into the Air Gap Client. 2. From the root of your hard disk, create a folder named C:\avcontent. Page 8 of 32

3. Within the new avcontent folder, create the following folders: v1 v2 4. From the avcontent folder, create a text file named web.config. Page 9 of 32

5. Open web.config. Paste the following code sample in the file: <?xml version="1.0" encoding="utf-8"?> <configuration> <system.webserver> <staticcontent> <mimemap fileextension=".*" mimetype="application/octet-stream" /> <mimemap fileextension=".*." mimetype="application/binary" /> </staticcontent> <directorybrowse enabled="true" /> </system.webserver> </configuration> 6. Save and close the config file. 7. Copy the web.config file and paste it in the following folders. v1 v2 8. Close Windows Explorer. The files and folders required to use AntiVirus in the air gap are created. Page 10 of 32

Continue to "Updating IIS for AntiVirus" on the next page. Page 11 of 32

Updating IIS for AntiVirus Use Internet Information Services (IIS) Manager to create virtual directories of the files and folders you created in the previous procedure. These virtual directories are where your air gap endpoints will access the latest AntiVirus definitions. 1. From the Start Page or Start Menu, search for Internet Information Services. Open it. Internet Information Services (IIS) Manager opens. Page 12 of 32

2. In the Connections pane, click on your Air Gap Client machine name > Sites > Default Web Site. Right-Click Default Web Site and select Edit Bindings. The Site Bindings dialog opens. Page 13 of 32

3. Select the http item from the list and click Edit. 4. Change the Port value to 10000 and click OK. 5. Close the Site Bindings dialog. Page 14 of 32

6. From the tree, right-click Default Web Site and select Add Virtual Directory. Page 15 of 32

7. Add a virtual directory for each of the folders you created in "Creating AntiVirus Files and Folders" on page 8. Give each virtual directory the same alias as the folder name. Create a virtual directory for each of the following folders: avcontent v1 v2 Repeat steps 6 and 7 for each folder. When you're done, the tree should look like this: Page 16 of 32

8. Start the Default Web Site. Select Default Web Site from the tree and then click Start. You've created the virtual directories that are used to store your AntiVirus definitions. Continue to "Updating the AntiVirus Storage Location" on the next page. Page 17 of 32

Updating the AntiVirus Storage Location Use the Endpoint Security Console on the Air Gap Client to direct Endpoint Security to your virtual directories. To Update the AntiVirus Store Location 1. Log into the Endpoint Security Console for your Air Gap Client. 2. From the Navigation Menu, select Tools > Subscription Updates. 3. Click Configure. Page 18 of 32

4. Select the AntiVirus tab and scroll down to AntiVirus content storage location. 5. Remove all URLs listed. Page 19 of 32

6. Add the following URL as a storage location: http://localhost:10000/avcontent/ 7. Click Save to close the Subscription Updates dialog. Close the Endpoint Security Console. Your Air Gap Client is configured for AntiVirus. You can begin creating Air Gap Update with AntiVirus content. Continue to "Air Gap AntiVirus Update Overview" on page 22. Page 20 of 32

AntiVirus Air Gap Updates This chapter guides you through the standard Air Gap AntiVirus workflow. An Air Gap Update is a bundle of new Endpoint Security content that is moved from the Air Gap Provider to the Air Gap Client. Updates include the software that is used to secure your endpoints in an air gap network. Updates can include any of the following content: Windows Patch Content Linux Patch Content AntiVirus Definitions We recommend making Air Gap Updates that include AntiVirus definitions at least once a week, or when particularly dangerous malware is discovered. Page 21 of 32

Air Gap AntiVirus Update Overview The usual air gap AntiVirus workflow consists of creating an Air Gap update from your Provider and then installing it on your Air Gap Client. Before you start, review the "Air Gap Checklist" on page 5. Make sure you have all the materials you'll need. 1. "Replicating With the Global Subscription Service" on the next page Begin by initiating a replication with the Global Subscription Service (GSS), which is a cloud service for your Endpoint Security Server. You can download the latest: License information System updates Patch content AntiVirus definitions Although this process isn't absolutely required because the Air Gap Provider automatically replicates once daily by default, we recommend replicating before creating an Air Gap Update. Complete this procedure from the Air Gap Provider. 2. "Creating an AntiVirus Air Gap Update" on page 26 Creating an Air Gap Update for AntiVirus is as simple as copying a few files and folders to a USB thumb drive. Complete this procedure from the Air Gap Provider. 3. "Installing an AntiVirus Air Gap Update" on page 27 Install the AntiVirus Air Gap Update by connecting your USB thumb drive to the Air Gap Client and copying over your AntiVirus definitions. Complete this procedure from the Air Gap Client. Page 22 of 32

Replicating With the Global Subscription Service Begin by initiating a replication with the Global Subscription Service (GSS), which is a cloud service for your Endpoint Security Server. You can download the latest: License information System updates Patch content AntiVirus definitions Although this process isn't absolutely required because the Air Gap Provider automatically replicates once daily by default, we recommend replicating before creating an Air Gap Update. To Replicate With the GSS 1. From the Air Gap Provider, log into the Endpoint Security Console. Page 23 of 32

2. From the Navigation Menu, select Tools > Subscription Updates. 3. Click Update Now. 4. Make sure AntiVirus Engine & Definition Update is selected and then click OK. Page 24 of 32

5. Watch the window and wait for antivirus replication to complete. Continue to "Creating an AntiVirus Air Gap Update" on the next page. Page 25 of 32

Creating an AntiVirus Air Gap Update Creating an Air Gap Update for AntiVirus is as simple as copying a few files and folders to a USB thumb drive. Complete this procedure from the Air Gap Provider. 1. Make sure that your USB thumb drive is connected to the Air Gap Provider. 2. Open Windows Explorer and browse to C:\Program Files (x86)\heat Software\EMSS\Content\AntiVirus\Definitions\ 3. Open a second instance of Windows Explorer and browse to the USB thumb drive. 4. Copy the following folders from the Definitions folder and paste them in your USB thumb drive. av32bit av64bit v1 v2 av32bit_highversionnumber av64bit_highversionnumber 5. Close Windows Explorer. The AntiVirus Air Gap Update is created. Continue to "Installing an AntiVirus Air Gap Update" on the next page. Page 26 of 32

Installing an AntiVirus Air Gap Update Install the AntiVirus Air Gap Update by connecting your USB thumb drive to the Air Gap Client and copying over your AntiVirus definitions. Complete this procedure from the Air Gap Client. 1. Make sure that your USB thumb drive is connected to the Air Gap Client. 2. Open Windows Explorer and browse to your USB thumb drive. 3. Open a second instance of Windows Explorer and browse to C:\avcontent. 4. Copy the following folders to C:\avcontent. av32bit av64bit v1 v2 av32bit_highversionnumber av64bit_highversionnumber 5. Close Windows Explorer. Page 27 of 32

6. Confirm that the latest AntiVirus definitions are installed. a. Navigate to Tools > Subscription Updates. b. Click Configure. Page 28 of 32

c. Select the AntiVirus tab. Verify that AntiVirus engine and definition versions are updated. The latest AntiVirus definitions are installed on your Air Gap Client. You can now install them on your air gap endpoints. Page 29 of 32

Glossary A Air Gap A highly secure computing environment where a network of computers is isolated from other networks, and most often, from the Internet. This practice significantly reduces the attack surface of endpoints within the air gap, and is used most often in industries that handle sensitive information, such as the defense industry. Air Gap Client An Endpoint Security Server in an air gap environment that secures the endpoint in your air gapped network. The Air Gap Client is not connected to the Internet. Since the Client has no Internet connection, it relies on the Air Gap Provider to move system updates and content over the air gap. Air Gap Hotfix A utility that moves Endpoint Security binaries and modules on to an Air Gap client. This utility copies all the files necessary to complete an air gap install or upgrade, and then the user opens Installation Manager to complete the module installation. Air Gap License Tool A utility used to import a license for an Endpoint Security Server operating in an air gap network. Air Gap Provider An Endpoint Security Server that's connected to the Internet in an air gap environment. This server downloads Endpoint Security system components and content from the Internet. These components and content is then moved across the air gap to the Air Gap Client, which then uses this content to secure your air gap endpoints. Page 30 of 32

Air Gap Toolkit A bundle of software that includes tools, utilities, and scripts needed to configure and maintain an Endpoint Security Server that s disconnected from the Internet. AirGapScript.sql A script that disables the replication process on an air gap Endpoint Security Server (also known as an Air Gap Provider). The script prevents the Air Gap Provider from trying to communicate and download content from the cloud. C caching The process of downloading patch content binaries from the Global Subscription Service. You can cache either Windows or Linux content. Credentials Manager A utility that connects to different Linux vendors and passes on the credentials that you've purchased from the vendor. When you replicate with the Global Subscription Service or cache Linux content, Endpoint Security passes your credentials to the vendors so that Endpoint Security download Linux patch metadata and binaries. D Dependencies.sql A script that installs Endpoint Security prerequisites on a server that doesn't have Internet access. G Global Subscription Service A cloud server that hosts Endpoint Security system data, patch content, and antivirus content. Page 31 of 32

I ImportEndpointManifest.exe A utility used to enable new versions of the Endpoint Security Agent included in an air gap update. Use this tool after installing or upgrading an air gap Endpoint Security Server (also known as an Air Gap Client). Ivanti Content Wizard A utility used to create your own patches for Endpoint Security. This tool lets you add patches and additional files that check for prerequisites. In air gap networks, Ivanti Content Wizard is used to bundles patches and then move them into your air gap network. R Replication The synchronization process between the Endpoint Security Server and the Global Subscription Server. During this process, Endpoint Security downloads the latest Endpoint Security system updates, patch content, and antivirus content. Depending on how much content you are licensed for, initial replication can take as long as an hour. Subsequent replications are much faster. Page 32 of 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback