diff --git a/docs/endpointprotector/5.9.4.2/admin/agent.md b/docs/endpointprotector/5.9.4.2/admin/agent.md index 9507df774e..c0e4ce0526 100644 --- a/docs/endpointprotector/5.9.4.2/admin/agent.md +++ b/docs/endpointprotector/5.9.4.2/admin/agent.md @@ -13,13 +13,19 @@ You can download the Endpoint Protector Agent directly from the Endpoint Protect information about downloading the Endpoint Protector Agent, refer to the [Client Software](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md#client-software) topic. -**NOTE:** You can use tools like Active Directory or JAMF to deploy the Endpoint Protector Agent in +:::note +You can use tools like Active Directory or JAMF to deploy the Endpoint Protector Agent in large networks. +::: -**NOTE:** Starting with Endpoint Protector Server version 5.8.0.0, an additional security feature is + +:::note +Starting with Endpoint Protector Server version 5.8.0.0, an additional security feature is available to protect the integrity of the Agent. This feature, accessible via Device Control on the Global Settings page, is known as the Tamper Mode setting. It is designed to prevent unauthorized termination or modification of the Endpoint Protector Agent. +::: + ## Agent Installation @@ -27,11 +33,17 @@ For Windows and Mac, your input in installing the Endpoint Protector Agent is mi Installation folder and Server information are already pre-configured, and downloadable from the Endpoint Protector Server. -**NOTE:** For Linux installation instructions, read the readmeLinux.txt file available under the Read +:::note +For Linux installation instructions, read the readmeLinux.txt file available under the Read this before installing link. +::: + -**NOTE:** You can also install the Agent from a repository for Endpoint Protector Linux Agents +:::note +You can also install the Agent from a repository for Endpoint Protector Linux Agents starting with version 1.4.0.4., as described in the topic below. +::: + The following are several examples of supported distributions: @@ -124,11 +136,14 @@ and **allow** the Endpoint Protector Client Extension. At this point, the macOS Endpoint Protector Client installation is completed. -**NOTE:** If EPPNotifier is not visible or notifications do not display after the installation or +:::note +If EPPNotifier is not visible or notifications do not display after the installation or upgrade of the Endpoint Protector Client on macOS, please resolve this issue by restarting your machine. In situations where the Endpoint Protector Client is installed and then uninstalled on macOS, you may still see EPPNotifier in the Notification settings. To remove it from the list, simply right-click and select "Reset notifications." +::: + ### Debian Based Distributions @@ -210,5 +225,8 @@ This could be: - `wsl.exe --help` – This entry will target the specific command `wsl.exe --help`. - `wsl --list`– This entry will target the `wsl --list` command. -**NOTE:** Endpoint Protector Client cannot directly control the usage of WSL Bash command-line tools +:::note +Endpoint Protector Client cannot directly control the usage of WSL Bash command-line tools on Windows. + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/alerts.md b/docs/endpointprotector/5.9.4.2/admin/alerts.md index e8c821ea60..a279dbb037 100644 --- a/docs/endpointprotector/5.9.4.2/admin/alerts.md +++ b/docs/endpointprotector/5.9.4.2/admin/alerts.md @@ -9,9 +9,12 @@ sidebar_position: 100 From this section, you can define E-mail Alerts for the main events detected by Endpoint Protector: System Alerts, Device Control Alerts, Content Aware Alerts, and Enforced Encryption Alerts. -**NOTE:** Before creating alerts, make sure the Endpoint Protector E-mail Server Settings have been +:::note +Before creating alerts, make sure the Endpoint Protector E-mail Server Settings have been configured from the System Configuration, System Settings section. You also have the option to verify these settings by sending a test E-mail. +::: + For each Administrator to appear in the list of recipients for the Alerts, this has to be provided under the Administrator details from the System Configuration, System Administrators section. @@ -35,8 +38,11 @@ Follow the steps to add a new Alert. - Updates and Support – set an alert regarding each module’s maintenance status (Device Control, Content Aware Protection, and eDiscovery) - **NOTE:** You can disable the Update and Support system alert from General Dashboard, System + :::note + You can disable the Update and Support system alert from General Dashboard, System Status. + ::: + - Endpoint Licenses – set an alert to be notified of the percentage of used Endpoint Licenses and eliminate the risks of having unprotected endpoints as each network is constantly growing. Define @@ -136,8 +142,11 @@ Follow the steps to create a content aware alert. The alert sent on the email will also include a CSV file with a report of the threats found. -**NOTE:** Before creating the alert, ensure the selected Content Aware Policy is enabled on the +:::note +Before creating the alert, ensure the selected Content Aware Policy is enabled on the chosen Computer, User, Group, or Department. +::: + ![Creating a Content Aware Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingcontentawarealertinfo.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/appliance.md b/docs/endpointprotector/5.9.4.2/admin/appliance.md index e9d280c900..862dc952d2 100644 --- a/docs/endpointprotector/5.9.4.2/admin/appliance.md +++ b/docs/endpointprotector/5.9.4.2/admin/appliance.md @@ -30,7 +30,10 @@ In this section you can set a preferential time zone and/or sync the appliance t - How often to synchronize – select from the drop-down a time interval when to synchronize of go with the default selection -**NOTE:** The appliances are prefigured to sync once a week with pool.ntp.org. +:::note +The appliances are prefigured to sync once a week with pool.ntp.org. +::: + - Current server time – the field displays the current server time - Automatic NTP Synchronization – opt in or out to trigger the NTP synchronization automatically @@ -46,8 +49,11 @@ In this section you can set a preferential time zone and/or sync the appliance t In this section you can change the network settings for the appliance to communicate correctly in your network. -**NOTE:** Once you change the IP address, close and open again the Internet browser and then access +:::note +Once you change the IP address, close and open again the Internet browser and then access the Endpoint Protector Administration and Reporting Tool with the new IP address. +::: + ![ Change the network settings for the appliance to communicate correctly in your network](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/ipconfg.webp) @@ -63,7 +69,10 @@ From this section, you can register and then verify the Endpoint Protector Clien signature. The client registration certificate is an additional security measure enabling certificate-based authentication. -**CAUTION:** The Client Registration Certificate feature is not available for Linux! +:::warning +The Client Registration Certificate feature is not available for Linux! +::: + **Step 1 –** Enable the custom certificate setting and then upload the certificate chain, Root CA and Intermediate; @@ -84,8 +93,11 @@ just for testing the signature (for example the Endpoint Protector Client certi **Step 3 –** Click **Save** and allow 2 minutes for the information to be validated. You will view a successful message confirming the custom certificate was added and the test certificate is valid. -**NOTE:** The client registration authentication certificate and the Endpoint Protector server +:::note +The client registration authentication certificate and the Endpoint Protector server certificate must be issued by the same CA. +::: + For this feature to work, there must be cryptographic identities signed by the root CA deployed on the endpoints. @@ -102,16 +114,25 @@ From this section, you can configure Server Certificate Validation, which ensu used for all communication requests on Endpoint Protector clients are validated. This feature is crucial for maintaining secure communication between various Endpoint Protector products. -**NOTE:** All certificate validation statuses will be reported to the Endpoint Protector Server and +:::note +All certificate validation statuses will be reported to the Endpoint Protector Server and stored for debugging purposes in Endpoint Protector Client logs. +::: -**CAUTION:** Please use this feature responsibly, as improper certificate usage with certification + +:::warning +Please use this feature responsibly, as improper certificate usage with certification validation might disrupt Endpoint Protector Client to Endpoint Protector Server communication. For a successful connection, both server and client certificate validation must be enabled. +::: + -**NOTE:** Starting from the 5.9.0 or later, enabling this option activates Endpoint Protector Server +:::note +Starting from the 5.9.0 or later, enabling this option activates Endpoint Protector Server Certificate Validation for all Endpoint Protector Client communication. This strengthens security by ensuring trusted and valid certificates are used. +::: + ### Appliance Operations @@ -123,7 +144,10 @@ In this section you can perform appliance operations such as Reboot or Shutdown. In this section you can manage user access to the Appliance through the SSH protocol. -**_RECOMMENDED:_** Set this option to **Enable** before requesting Support access. +:::info +Set this option to **Enable** before requesting Support access. +::: + ![Manage user access to the Appliance through the SSH protocol](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/sshserver.webp) @@ -136,7 +160,10 @@ enables Endpoint Protector to transfer activity events to a SIEM server for anal In this section, you can add, edit or delete an existing SIEM Server integration. To edit or delete a SIEM Server you need to select an available SIEM server integration. -**CAUTION:** You can configure a maximum number of 4 SIEM Server integrations. +:::warning +You can configure a maximum number of 4 SIEM Server integrations. +::: + ![Add, edit or delete an existing SIEM Server integration](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemserverintegration.webp) @@ -145,30 +172,42 @@ To create a SIEM Server, click **Add New** and provide the following information - SIEM Status – toggle switch to enable/disable the SIEM server - Disable Logging – toggle switch to enable/disable logging - **NOTE:** If you disable logging, logs will be stored on the Endpoint Protector server or on the + :::note + If you disable logging, logs will be stored on the Endpoint Protector server or on the SIEM server when SIEM is installed. + ::: + - Server Name – add a server name - Server Description – add a description - Server IP or DNS – add the IP or DNS - Server Protocol – select the UDP or TCP server protocol - **NOTE:** Based on the protocol you select you can enable [SIEM Encryption](#siem-encryption). + :::note + Based on the protocol you select you can enable [SIEM Encryption](#siem-encryption). + ::: + - Server Port – add a port - Exclude Headers - toggle switch to enable/disable log headers - **NOTE:** If you disable log headers, you will only export data to SIEM. + :::note + If you disable log headers, you will only export data to SIEM. + ::: + - Log Types – select from the available options the logs to send to the SIEM Server ![SIEM Intergration - Adding a New Server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemintegrationnewserver.webp) -**CAUTION:** Please be aware that the SIEM integration feature in Endpoint Protector comes with +:::warning +Please be aware that the SIEM integration feature in Endpoint Protector comes with certain limitations. To make use of the latest features of this SIEM integration, your environment must meet specific criteria. It should have been installed from image version 5.6.0.0 or a more recent version, and maintain an active HTTPS connection. Please note that SIEM integration is only accessible in environments that meet these stringent prerequisites. +::: + ### SIEM Encryption @@ -176,8 +215,11 @@ When using the TCP protocol, you have the option to encrypt communication to eac order to do so, enable the Encryption setting and then Upload the root CA that was used to sign the server certificate for the SIEM server in .pem format. -**CAUTION:** The certificate used on the SIEM server must be signed by the same CA as the one +:::warning +The certificate used on the SIEM server must be signed by the same CA as the one uploaded to the Endpoint Protector Server. +::: + Endpoint Protector will check the following: @@ -189,8 +231,11 @@ certificate; if any certificate of the chain is invalid, the connection will b Make sure you update the certificate files when they expire. -**NOTE:** If you applied the latest patch using the option, and cannot view the SIEM encryption +:::note +If you applied the latest patch using the option, and cannot view the SIEM encryption setting, please contact Customer Support. +::: + ### SIEM Export log formats @@ -325,7 +370,7 @@ The standard format for the E-Discovery fields is as follows: #### Other SIEM Logs -User Login/User Logout +**User Login/User Logout** The standard format for the Other SIEM Logs fields is as follows: diff --git a/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md b/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md index 41dd906921..3cffbca66f 100644 --- a/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md +++ b/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md @@ -17,8 +17,11 @@ accidental or intentional file transfers of sensitive company data, such as: - Confidential files: sales and marketing reports, technical documents, accounting documents, customer databases, etc. -**CAUTION:** Endpoint Protector cannot scan encrypted files or applications that use encryption to +:::warning +Endpoint Protector cannot scan encrypted files or applications that use encryption to secure communication. +::: + To prevent sensitive data leakage, Endpoint Protector closely monitors all activity at various exit points: @@ -39,13 +42,19 @@ Content Aware Protection comes as the second level of data protection available Protector. The module is displayed but requires a simple activation by pressing the Enable button. If not previously provided, the contact details of the Main Administrator will be required. -**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured +:::note +Any details provided will only be used to ensure the Live Update Server is configured correctly and that the Content Aware Protection module was enabled successfully. +::: + ![The module is displayed but requires a simple activation by pressing the Enable button](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/activation.webp) -**NOTE:** The Content Aware Protection module is separate from Device Control or eDiscovery modules, +:::note +The Content Aware Protection module is separate from Device Control or eDiscovery modules, and requires separate licensing. +::: + ## Dashboard diff --git a/docs/endpointprotector/5.9.4.2/admin/cap_module/cappolicies.md b/docs/endpointprotector/5.9.4.2/admin/cap_module/cappolicies.md index 2ba86b5fa6..429d5687ff 100644 --- a/docs/endpointprotector/5.9.4.2/admin/cap_module/cappolicies.md +++ b/docs/endpointprotector/5.9.4.2/admin/cap_module/cappolicies.md @@ -27,9 +27,12 @@ reports sent via E-mail or to report all transfers of files containing personal financial information (e.g., credit card numbers, E-mail, phone numbers, social security numbers etc.). -**NOTE:** Content Aware Policies also apply to the File Allowlist. As a result, all files that were +:::note +Content Aware Policies also apply to the File Allowlist. As a result, all files that were previously allowed will now be inspected for sensitive content and, depending on the policy configuration, either reported, blocked, or allowed. +::: + Similar to Device Control policies, Content Aware policies remain enforced on a computer even after it is disconnected from the company network. @@ -55,7 +58,10 @@ Protection policies, an increase from the previous limit of 48. To create a Content Aware Policy, provide the following information: -**NOTE:** Depending on the specific application and OS, some limitations may apply. +:::note +Depending on the specific application and OS, some limitations may apply. +::: + - OS Type - select the operating system to which the policy applies, Windows, macOS, or Linux - Policy Name – add a name for the policy @@ -71,13 +77,19 @@ To create a Content Aware Policy, provide the following information: - Block and Remediate - this policy will deny all transfers of data that include sensitive content but allow the user to remediate the action by using a justification -**NOTE:** Initially, we recommend using the Report only action to gain a better view of data use +:::note +Initially, we recommend using the Report only action to gain a better view of data use across your network and not interrupt your activity. +::: + - Policy Type - select the policy type, Standard, Outside Hous, or Outside Network -**NOTE:** To enforce the Outside Hours and Outside Network options, after you save the policy, +:::note +To enforce the Outside Hours and Outside Network options, after you save the policy, enable the setting on the specific device from Device Control, Global settings, Group or Computers. +::: + - Policy Template – select a custom notification from the drop-down list or create one from System Parameters, Device Types and Notification, @@ -90,19 +102,28 @@ enable the setting on the specific device from Device Control, Global settings, - File size threshold – enter the file size (in MB) starting from which the file transfer is either blocked or reported -**NOTE:** If a File Size Threshold is set, it will be applied to the whole policy, regardless of +:::note +If a File Size Threshold is set, it will be applied to the whole policy, regardless of what file types or custom contents are checked inside the policy. The value used in the File Size Threshold must be a positive, whole number. +::: + - Apply Policy if File Size Threshold is Matched – enable this setting to apply the policy in combination with the threshold. The content selected from the Denylist will be blocked taking into consideration the threshold. -**NOTE:** This setting does not apply for File Name and File Location. +:::note +This setting does not apply for File Name and File Location. +::: + -**NOTE:** The Threshold option applies only to multiple filters, including Predefined Content, Custom +:::note +The Threshold option applies only to multiple filters, including Predefined Content, Custom Content, and Regular Expressions. As a general rule, it is recommended that Block & Report policies that use the Threshold should be placed with higher priority than Report Only policies. +::: + ### Regular and Global Threshold Use Cases @@ -133,18 +154,27 @@ platforms and channels. The following exit points are available for monitoring. - Web Browsers (e.g., Internet Explorer, Chrome, Firefox, Safari, etc.) - E-mail (e.g., Outlook, Thunderbird, Lotus Notes, etc.) -**CAUTION:** Universal Windows Platform applications, including the Windows 10 Mail application, run +:::warning +Universal Windows Platform applications, including the Windows 10 Mail application, run in an isolated environment, restraining the use of add-ons. This will prevent Content Aware policies with Windows Mail set as Exit Point to block restricted file transfers. +::: + - Instant Messaging (e.g., Skype, Pidgin, Google Talk, etc.) - Cloud Services / File Sharing (e.g., Google Drive Client, iCloud, Dropbox, DC++, etc.) - Social Media / Others (e.g., iTunes, Total Commander, GoToMeeting, etc.) -**NOTE:** Select Adobe Flash Player from the Web Browser category to block sites that use Adobe +:::note +Select Adobe Flash Player from the Web Browser category to block sites that use Adobe Flash Active X. +::: + + +:::note +To distinguish OneDrive for Business from OneDrive, enable Deep Packet Inspection (DPI). +::: -**NOTE:** To distinguish OneDrive for Business from OneDrive, enable Deep Packet Inspection (DPI). ![Monitor transfers from the following exit points](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/policyexistpoints.webp) @@ -156,15 +186,24 @@ From the storage devices tab, you can select to monitor transfers: - for all Storage Devices - enable the **Apply policy to all storage devices** setting to enforce content policies on all storage devices, regardless of Custom Classes. -**NOTE:** For Windows, file transfers will be monitored both to and from removable media. +:::note +For Windows, file transfers will be monitored both to and from removable media. +::: + -**CAUTION:** On Linux the paste functionality only works when the default gnome session is Xorg. On +:::warning +On Linux the paste functionality only works when the default gnome session is Xorg. On other gnome sessions the paste functionality is disabled (ex: wayland). +::: + ![From the storage devices tab, you can select to monitor transfers](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/policyexitstoragedevices.webp) -**NOTE:** The **Block CD/DVD Burning** feature is only available for Windows, built-in or +:::note +The **Block CD/DVD Burning** feature is only available for Windows, built-in or third-party burning features. +::: + To restrict the user from saving sensitive content on a CD or DVD using the built-in Windows features, follow these steps: @@ -192,24 +231,33 @@ policy to all storage devices setting** **Step 4 –** From the Policy Denylist section, select the threats you want the policy to detect -**NOTE:** The feature will apply to CD/DVD burning options Like a USB flash drive and With a CD/DVD +:::note +The feature will apply to CD/DVD burning options Like a USB flash drive and With a CD/DVD player, using either Drag and Drop or Copy and Paste actions. +::: + ### Clipboard The Clipboard functionality enables you to monitor all content captured through Copy & Paste or Cut & Paste operations. -**NOTE:** The Clipboard functionality applies only to confidential content that is defined inside the +:::note +The Clipboard functionality applies only to confidential content that is defined inside the Policy Denylists section for the Source Code tab, Predefined Content, Custom Content, or Regular Expressions. +::: + The Clipboard functionality provides a certain degree of granularity and can be enabled: - Clipboard – enable this setting to monitor all content from a computer, regardless of the defined exit points. - **NOTE:** This setting only applies to Copy operations. + :::note + This setting only applies to Copy operations. + ::: + When performing a Copy operation, the Endpoint Protector Client will inspect the clipboard content and if confidential information is detected, the content will be deleted. As such, the Paste @@ -217,7 +265,10 @@ operation will not work because the clipboard content was deleted. - Source code – enable this setting to detect the defined in the policy. - **NOTE:** This setting applies to Copy or Paste operations. + :::note + This setting applies to Copy or Paste operations. + ::: + The Endpoint Protector Client will inspect the clipboard content for source codes and if source code is detected and monitored in a Content Aware policy (e.g., C++ is selected in a Content Aware @@ -232,8 +283,11 @@ enabled) 2. image files copied with CTRL+C shortcut and pasted to clipboard (this will paste the file URL to clipboard) - **NOTE:** If multiple files are copied and the content contains at least one image, the file + :::note + If multiple files are copied and the content contains at least one image, the file content will be blocked. + ::: + Similar to code source detection, the Detect images setting applies if the file type is blocked in Content Aware Protection policy (if the user will copy a PNG file, the file will be blocked if the PNG @@ -245,13 +299,19 @@ be moved if shadow is enabled or deleted if not after scan. - To inspect certain applications and set Paste restrictions, enable the **Apply Paste restrictions to all monitored applications** setting - **NOTE:** This setting restricts the Paste operations for the defined Policy Exit Points. + :::note + This setting restricts the Paste operations for the defined Policy Exit Points. + ::: + When performing a Copy operation, the Endpoint Protector Client will inspect the clipboard content and if confidential information is detected, the content will be allowed, instead, it will block a Paste operation if the application is monitored in a Content Aware policy. -**CAUTION:** The Paste operation is allowed when the user changes the window to other applications. +:::warning +The Paste operation is allowed when the user changes the window to other applications. +::: + For example; in a Content Aware policy, Firefox is monitored, Chrome is not monitored and the Apply Paste restrictions to all monitored applications setting is enabled. The user performs a Copy @@ -261,7 +321,10 @@ is blocked, and the Paste operation on Chrome is allowed - To inspect extended applications and set Paste restrictions, enable the **Extend Paste restrictions to below applications** setting - **NOTE:** This setting restricts the Paste operation for the defined applications. + :::note + This setting restricts the Paste operation for the defined applications. + ::: + Use this setting to extend the applications not listed in a Content Aware policy and block the Paste operations. @@ -271,9 +334,12 @@ application from the list to monitor the Paste operation on the Microsoft Word a On-demand, Endpoint Protector can add other applications. -**CAUTION:** On certain Linux environments, like those utilizing Wayland protocol by default, paste +:::warning +On certain Linux environments, like those utilizing Wayland protocol by default, paste control is limited due to Wayland's lack of support for detecting the focused window. To ensure security, content blocking occurs during the copy operation. +::: + ![The Clipboard functionality enables you to monitor all content captured through Copy & Paste or Cut & Paste operations](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/policyexitclipboard.webp) @@ -292,5 +358,8 @@ Below are additional setting found under Policy Exit Points: 3. **Print Screen** applies to the screen capture options. 4. **Printers** apply to both local and network shared printers. -**_RECOMMENDED:_** When enabled, it is recommended to enable the **Advanced Printer** and **MTP +:::info +When enabled, it is recommended to enable the **Advanced Printer** and **MTP Scanning** option in Settings (Global, Groups, Computers, etc.) + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/cap_module/contentdetection.md b/docs/endpointprotector/5.9.4.2/admin/cap_module/contentdetection.md index 313f10131c..d4a2ca28c4 100644 --- a/docs/endpointprotector/5.9.4.2/admin/cap_module/contentdetection.md +++ b/docs/endpointprotector/5.9.4.2/admin/cap_module/contentdetection.md @@ -46,8 +46,11 @@ The Context Detection Rules allows you to specify the minimum or maximum number for one or more threat types previously defined in the Content Detection Rule and reducing false positive detections. -**CAUTION:** You can create Context Detection Rules only if you define a Content Detection Rule using +:::warning +You can create Context Detection Rules only if you define a Content Detection Rule using an OR operator. +::: + To create a new Context Detection Rules click **Add**, fill in the following and then **Save**: @@ -60,19 +63,28 @@ To create a new Context Detection Rules click **Add**, fill in the following an - Excluded Context – select the AND/OR operator and then select from the drop-down list the custom content, RegEx or HIPPA you want to be excluded from the rule - **NOTE:** Custom content used in Content Detection rules will not be displayed in the included + :::note + Custom content used in Content Detection rules will not be displayed in the included and excluded context drop-down lists. + ::: + - Apply context rule for - select if you want to apply the rule to All items or At least 1 item. - **NOTE:** You can create a maximum number of 15 Context Detection Rules. + :::note + You can create a maximum number of 15 Context Detection Rules. + ::: + ![Creating new Context Detection Rules ](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/contentdetectionrules.webp) -**CAUTION:** To address conflicts between per-policy and Global Contextual Rules, Endpoint Protector +:::warning +To address conflicts between per-policy and Global Contextual Rules, Endpoint Protector clients no longer receive Global Contextual Rules if at least one policy has its individual Contextual Rule set. This marks the deprecation of Global Contextual Rules, emphasizing the prioritization of individual policy configurations. +::: + ## Policy Denylists and Allowlists @@ -80,8 +92,11 @@ The policy denylist and allowlist specify the content to be detected – it incl filtering, predefined content filtering, custom content filtering, file allowlists, regular expressions and domain allowlists, deep packet inspection, etc. -**NOTE:** Upgrade to Endpoint Protector 5.9.4+ to take advantage of increased denylist/allowlist +:::note +Upgrade to Endpoint Protector 5.9.4+ to take advantage of increased denylist/allowlist capabilities: 1000 lists (previously 10/100) and 50,000 entries per list. +::: + ### Policy Denylists @@ -90,8 +105,11 @@ You can use the following Denylists: - File Type - since many files (e.g.: Programming Files) are actually .TXT files, we recommend more precaution when selecting this file type to avoid any unexpected effects. - **NOTE:** File type detection will not always work accurately for some very large + :::note + File type detection will not always work accurately for some very large password-protected Microsoft Office files. + ::: + - Source Code - An N-gram based detection method is used to increase the accuracy of these file types. However, as various source code is closely linked together (e.g.: C, C++, etc.), these also @@ -103,19 +121,25 @@ regardless of the git application used. This will result in completely blocking Packet Inspection Allowlists can be used to allow a specific Git, linked to a specific domain (e.g.: internalgit.mydomain.com). -**NOTE:** All Git traffic is encrypted therefore, allowing a specific domain will result in any file +:::note +All Git traffic is encrypted therefore, allowing a specific domain will result in any file transfers to be allowed, regardless of content or other policy restrictions defined. +::: + If Git is selected from Restricted Apps, no Endpoint Protector client notifications and logs will be generated for the Git-related actions (fetch, clone, push, pull). -Italian SSN and ID Usage +**Italian SSN and ID Usage** Starting with Endpoint Protector server version 5.7.0.0, Italian SSN was added to the PII list. Similar to Italian ID, if selected from the list of PIIs, the SSN will detect the same entity. -**_RECOMMENDED:_** When using Italian SSN and ID, we recommend you upgrade to the latest Endpoint +:::info +When using Italian SSN and ID, we recommend you upgrade to the latest Endpoint Protector agent version. +::: + To maintain compatibility with older agent versions after the server upgrade, Italian ID will remain under section ID and server upgrade will retain previous settings, including Italian ID. @@ -151,13 +175,19 @@ Security Numbers, Addresses, and much more. ![HIPAA Compliance](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/hipaacompliance.webp) -**NOTE:** For a HIPAA policy to be effective and more accurate, it is recommended to utilize +:::note +For a HIPAA policy to be effective and more accurate, it is recommended to utilize Contextual Detection Rules in conjunction with Predefined Content and Custom Content filters. To enhance precision, users should also enable ‘Whole Word Only’ under Custom Content. The ICD-11 dictionary focuses solely on specific terms, not insurance codes. +::: + -**NOTE:** It is advisable to set appropriate thresholds and combinations of arguments to minimize +:::note +It is advisable to set appropriate thresholds and combinations of arguments to minimize false positives for shorter disease descriptions +::: + ### Policy Allowlists @@ -171,13 +201,19 @@ You can use the following Allowlists: - URL Name - Deep Packet Inspection -**NOTE:** For detailed information on Denylists and Allowlist, refer to the +:::note +For detailed information on Denylists and Allowlist, refer to the [Denylists and Allowlists](/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md) topic. +::: + -**CAUTION:** The Content Aware Protection Policies continue to report and/or block sensitive data +:::warning +The Content Aware Protection Policies continue to report and/or block sensitive data transfers from protected computers even after they are disconnected from the company network. Logs will be saved within the Endpoint Protector Client and will be sent to the Server once the connection has been reestablished. +::: + ![Policy Allowlists](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/policyallowlists.webp) @@ -201,8 +237,11 @@ available ones: - Computers - Users -**NOTE:** If a Content Aware Policy was already enforced on a computer, user, group, or department, +:::note +If a Content Aware Policy was already enforced on a computer, user, group, or department, when clicking on it, the corresponding network entities on which it was applied will be highlighted. +::: + You can also define a list of entities that will be excluded from the policy by selecting from the Excluded section. @@ -241,9 +280,12 @@ To remediate the threat, the user has to follow these steps: number to view the maximum time interval) - click **Authorize** -**NOTE:** You can manage more settings for the Self Remediate feature from System Preferences and - [User Remediation](/docs/endpointprotector/5.9.4.2/admin/systempar.md#user-remediation) sections. +:::note +You can manage more settings for the Self Remediate feature from System Preferences and [User Remediation](/docs/endpointprotector/5.9.4.2/admin/systempar.md#user-remediation) sections. +[User Remediation](/docs/endpointprotector/5.9.4.2/admin/systempar.md#user-remediation) sections. +::: + User Remediation for Content Aware Protection can remediate file transfers via web domains. @@ -314,15 +356,21 @@ predefined information, or a custom content dictionary): | REPORTED | BLOCKED | IGNORED | Information will be reported. | | BLOCKED | REPORTED | IGNORED | Information will be blocked. | -**CAUTION:** The information left unchecked when creating a policy will be considered as Ignored by +:::warning +The information left unchecked when creating a policy will be considered as Ignored by Endpoint Protector and not as Allowed. +::: + The deep packet inspection feature has been expanded to email scanning based on domain allowing. ![Applying multiple Content Aware Policies](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/capeditpolicy.webp) -**_RECOMMENDED:_** HIPAA should be considered a Content Aware Policy that, besides the options in +:::info +HIPAA should be considered a Content Aware Policy that, besides the options in the HIPAA tab, also has the below configuration: +::: + - All the File Types recognized should be included. - All Personal Identifiable Information should be Country Specific to the United States (Address, diff --git a/docs/endpointprotector/5.9.4.2/admin/cap_module/deeppacket.md b/docs/endpointprotector/5.9.4.2/admin/cap_module/deeppacket.md index bb4356f455..abfb0e2877 100644 --- a/docs/endpointprotector/5.9.4.2/admin/cap_module/deeppacket.md +++ b/docs/endpointprotector/5.9.4.2/admin/cap_module/deeppacket.md @@ -9,18 +9,27 @@ sidebar_position: 40 The Deep Packet Inspection functionality provides a certain degree of granularity, allowing you to fine-tune the content inspection functionality to the network specifications. -**NOTE:** Enabling Deep Packet Inspection could impact upload speed of inspected files. Use our +:::note +Enabling Deep Packet Inspection could impact upload speed of inspected files. Use our network extension instead of Packet Filter as a possible workaround (i.e., turn Intercept VPN Traffic on). +::: -**CAUTION:** Newer Linux Ubuntu versions have 'snap'-based applications installed by default, + +:::warning +Newer Linux Ubuntu versions have 'snap'-based applications installed by default, affecting Endpoint Protector Client functionality. This may result in missing file-related events in DPI file resolution. The reliance on 'snap'-based applications also affects file-related web browser activities, exacerbating this limitation. Consider non-’snap’-based applications (where possible) as alternative configurations for optimal functionality. +::: + -**CAUTION:** To ensure consistent DPI behavior after enabling or disabling the feature or upgrading +:::warning +To ensure consistent DPI behavior after enabling or disabling the feature or upgrading the Endpoint Protector, a restart of your computer is required. +::: + ## Deep Packet Inspection Certificate @@ -45,8 +54,11 @@ generated. **Step 4 –** Reboot the endpoint to enforce a new Certificate. -**NOTE:** Issuing the Deep Packet Inspection Certificate on Windows is handled automatically and +:::note +Issuing the Deep Packet Inspection Certificate on Windows is handled automatically and transparently by the Endpoint Protector Client. No additional steps are required. +::: + ![Configuring the Deep Packet Inspection - Auto-refresh Certificate feature](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/autorefreshcert.webp) @@ -56,8 +68,11 @@ Due to the latest changes in the macOS 11.0 that affect Deep Packet Inspection, Certificate is needed in order for the Deep Packet Inspection feature to work on the mentioned macOS version. -**NOTE:** Deep Packet Inspection will only work on macOS 11.0 and newer if Deep Packet Inspection +:::note +Deep Packet Inspection will only work on macOS 11.0 and newer if Deep Packet Inspection Certificate is added for the Endpoint Protector Client. +::: + This certificate can be downloaded from System Configuration, System Settings, and Deep Packet Inspection Certificate and added manually or automatically through deployment solutions. @@ -88,9 +103,12 @@ select **Always Trust**. **Step 6 –** **Save** the changes. -**CAUTION:** Please be aware that regenerating the Server Certificate Stack will require macOS and +:::warning +Please be aware that regenerating the Server Certificate Stack will require macOS and Linux users to manually add the new certificate into the keychain. On Windows, the certificate will be updated automatically. +::: + ## Deep Packet Inspection Certificate on Linux @@ -99,26 +117,29 @@ specific steps to ensure compatibility. The certificate enables Endpoint Protect inspection for printing and file transfers to MTP devices. The process differs slightly for Debian-based and Red Hat-based systems. -**NOTE:** Ensure the cacert.pem certificate is downloaded from the Endpoint Protector Server and +:::note +Ensure the cacert.pem certificate is downloaded from the Endpoint Protector Server and properly configured for your Linux distribution. +::: + Follow the steps below, specific to your Linux distribution, to configure the certificate manually. -Debian-based Systems (e.g., Ubuntu) +**Debian-based Systems (e.g., Ubuntu)** **Step 1 –** Download the archived certificates from the Endpoint Protector Server. **Step 2 –** Unzip the certificate file: -unzip ClientCerts.zip +**unzip ClientCerts.zip** **Step 3 –** Copy the cacert.pem file to the trusted certificate directory and rename it to .crt: -sudo cp cacert.pem /usr/local/share/ca-certificates/cacert.crt +**sudo cp cacert.pem /usr/local/share/ca-certificates/cacert.crt** **Step 4 –** Update the system's certificate store: -sudo update-ca-certificates +**sudo update-ca-certificates** Red Hat-based Systems (e.g., RHEL, Fedora) @@ -126,15 +147,15 @@ Red Hat-based Systems (e.g., RHEL, Fedora) **Step 2 –** Unzip the certificate file: -unzip ClientCerts.zip +**unzip ClientCerts.zip** **Step 3 –** Copy the cacert.pem file to the appropriate directory for trusted anchors: -sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/ +**sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/** **Step 4 –** Update the system's certificate store: -sudo update-ca-trust +**sudo update-ca-trust** Additional Resources @@ -144,9 +165,12 @@ For more details on certificate installation and management on Linux, see the fo - [Configuring the CA Trust List on Red Hat](https://www.redhat.com/en/blog/configure-ca-trust-list) - [Managing CA Certificates on Linux](https://www.baeldung.com/linux/ca-certificate-management) -**CAUTION:** Ensure the certificate is added correctly for the Endpoint Protector Client to function +:::warning +Ensure the certificate is added correctly for the Endpoint Protector Client to function properly. If the Server Certificate Stack is regenerated, Linux users must manually reconfigure the certificate using the steps above. +::: + ## Deep Packet Inspection Ports and Settings @@ -166,21 +190,30 @@ In this section you can also manage the following settings: Mattermost or Google Spreadsheet, Facebook Post, Facebook Comment, and Instagram Comment online applications. - **NOTE:** For comprehensive visibility while using 'Teams over web' in a MS Edge browser, make + :::note + For comprehensive visibility while using 'Teams over web' in a MS Edge browser, make sure to enable **Edge** under **Policy Exits Points** > **Applications** > **Web Browser** in the CAP policy. + ::: - **CAUTION:** In blocking mode, Instant Messaging events related to platforms such as Slack and + + :::warning + In blocking mode, Instant Messaging events related to platforms such as Slack and Google Chat might be generated multiple times. This behavior is attributed to the tools' inherent retry mechanisms when a message is blocked. Endpoint Protector is designed to block all such retry attempts for enhanced security. + ::: + - Detailed Slack Reporting – to access this setting, ensure Text Inspection is enabled and use Reporting V2 from **System Configuration** > **System Settings**. Once enabled, you can view Destination Details for Slack on the Content Aware Report page in the Reports and Analysis section. - **NOTE:** This setting requires an active Internet connection for the Endpoint Protector Client. + :::note + This setting requires an active Internet connection for the Endpoint Protector Client. + ::: + - Block unsupported protocols in New Outlook – Enable this setting to block the send email functionality in the New Outlook without interacting with the Outlook legacy functionality. @@ -188,16 +221,22 @@ In this section you can also manage the following settings: - Monitor webmail – Enable this setting to scan the subject and body for Gmail, Outlook and Yahoo on the browser. Attachments will be monitored regardless of this setting. - **CAUTION:** When using Yahoo, the email recipients whitelist for attachments will work only if + :::warning + When using Yahoo, the email recipients whitelist for attachments will work only if the attachment is uploaded after the recipients are added. If the recipients are modified after the attachment has been added, the file will not be scanned again and validated against the new recipients list. Inconsistent behavior may be experienced on Linux machines. + ::: + You can also use the Monitor webmail feature to detect source code for web browsers emails in subject and body. For email applications, source code can be detected in subject, and for the body, source code cannot be enabled for detection without breaking other functionality. - **NOTE:** Always use Monitor webmail with Extended Source Code Detection setting enabled. + :::note + Always use Monitor webmail with Extended Source Code Detection setting enabled. + ::: + - Allowed domains for Google Business accounts - You can use this setting to allow the users to access specific Google domains for professional usage when Deep Packet Inspection is enabled. @@ -208,9 +247,12 @@ In this section you can also manage the following settings: The new entry will be displayed on the Allowed Business accounts list, from where you can delete by clicking **X**. - **CAUTION:** Endpoint Protector will block access to all Google domains (business and private) + :::warning + Endpoint Protector will block access to all Google domains (business and private) used for Gmail, Google Drive, Google Docs, etc. that are not listed here. If the list remains empty, no Google domain will be blocked. + ::: + ![Allowed domains for Google Business accounts](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/alloweddomainsgoogle.webp) @@ -253,8 +295,11 @@ Endpoint Protector Server UI: ![Monitor Webmail JSON Format Parser Usage](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/webmailjson.webp) -**_RECOMMENDED:_** It is advised, that due to recent changes applied by cloud providers, to not +:::info +It is advised, that due to recent changes applied by cloud providers, to not apply any changes in the JSON parser, unless Monitor Webmail is not working +::: + ### Note on Peer Certificate Validation Usage @@ -276,13 +321,19 @@ validation is performed by the proxy or gateway so that security is not compromi From this section, you can enable or disable the Deep Packet Inspection functionality for each application that is subject to this functionality. -**NOTE:** Only the applications that support Deep Packet Inspection are available in the list below. +:::note +Only the applications that support Deep Packet Inspection are available in the list below. +::: + ![Deep Packet Inspection Applications](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/dpiapplications.webp) -**NOTE:** The Deep Packet Inspection functionality needs to be first enabled from **Device +:::note +The Deep Packet Inspection functionality needs to be first enabled from **Device Control** > **Settings** (Global, Groups, Computers, etc.). For detailed information on, refer to the [Device Control](/docs/endpointprotector/5.9.4.2/admin/dc_module/dcmodule.md) topic. +::: + ## Certificate status matrix @@ -312,6 +363,12 @@ The following table lists when Endpoint Protector Server reports specific state | Windows | 0 | | Not added | | Windows | 1 | | Trusted | -**NOTE:** Linux has dedicated certificate stores. +:::note +Linux has dedicated certificate stores. +::: + + +:::note +On Windows, if the certificate is added, it is automatically trusted. -**NOTE:** On Windows, if the certificate is added, it is automatically trusted. +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/dc_module/customclasses.md b/docs/endpointprotector/5.9.4.2/admin/dc_module/customclasses.md index f32a654591..a8a4d38bdb 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dc_module/customclasses.md +++ b/docs/endpointprotector/5.9.4.2/admin/dc_module/customclasses.md @@ -68,8 +68,11 @@ The device rights surpass all computer, group, and global rights. The user rights are on the same level as the computer rights. The priority can be set from the System Settings section. -**NOTE:** For detailed information, refer to the +:::note +For detailed information, refer to the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic. +::: + Select an option to grant access for clients based on the Department Code. You can also view the Default Department code – defdep. @@ -78,8 +81,11 @@ Select an option to grant access for clients based on the Department Code. You can also view the Default Department code - defdep. -**NOTE:** For detailed information, refer to the +:::note +For detailed information, refer to the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic. +::: + ![Select an option to grant access for clients based on the Department Code](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/departmentusage.webp) @@ -105,7 +111,7 @@ You can choose to log out or continue your session, resetting the session timeou ![Choose to log out or continue your session, resetting the session timeout interval](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/sessiontimeout.webp) -Endpoint Protector Rights Functionality +**Endpoint Protector Rights Functionality** ![Rights Functionality ](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/rightsfunctionality.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/dc_module/devicesandcomputers.md b/docs/endpointprotector/5.9.4.2/admin/dc_module/devicesandcomputers.md index 0e0e19bcd6..0c2aefa899 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dc_module/devicesandcomputers.md +++ b/docs/endpointprotector/5.9.4.2/admin/dc_module/devicesandcomputers.md @@ -18,8 +18,11 @@ You can view the right for each device based on the color code from the Status c - Green indicates the device is allowed on computers or for users - Yellow indicates the device is allowed for some users or computers with restrictions -**NOTE:** Any new device connected to a protected computer is automatically added to the database +:::note +Any new device connected to a protected computer is automatically added to the database and assigned to its first user which can be changed later. +::: + ![View, sort, and export in Excel, PDF or CSV format any devices from the system](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/devices.webp) @@ -40,8 +43,11 @@ Endpoint Protector Server to another and aims to correlate the device rights and You can also import the devices directly from Active Directory. -**NOTE:** For detailed information on Active Directory, refer to the +:::note +For detailed information on Active Directory, refer to the [Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryserv.md) topic. +::: + ### Priority order @@ -49,8 +55,11 @@ If you do not configure the devices, the rights are inherited from the default set per Device Types (USB Storage Device, Digital Camera, iPod, Thunderbolt, Chip Card Device, etc.). -**NOTE:** For detailed information, refer to the +:::note +For detailed information, refer to the [Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryserv.md) topic. +::: + If you configure device rights granularly for all entities, the priority order will be the following, starting with the highest: @@ -108,9 +117,12 @@ Client software is installed on a client computer. The Client will then communic its existence in the system. The Server will store the information regarding the Computer in the database and it will assign a License. -**NOTE:** The self-registration mechanism acts whenever a change in the Computer licensing module is +:::note +The self-registration mechanism acts whenever a change in the Computer licensing module is made, and also each time the application Client is reinstalled. The owner of the computer is not saved in the process of self-registration. +::: + For more details about Licensing, go to the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic. @@ -122,7 +134,10 @@ essential. By default, the computer is assigned to the first user that handles the computer. This can later be changed and is updated automatically based on whoever logs into the computer. -**NOTE:** Computer MachineUUID may not be taken for Virtual Machines due to System Limitations. +:::note +Computer MachineUUID may not be taken for Virtual Machines due to System Limitations. +::: + You can manually create a new computer at any time by providing the computer parameters and information mentioned above or import computers from Active Directory. @@ -151,9 +166,12 @@ create fallback policies for Outside Network and Outside Hours circumstances. For detailed information on Device Types and Specific Devices (Standard, Outside Network, and Outside Hours), refer to the Devices and Computers topic. -**NOTE:** Use Restore Global Rights to revert to a lower level of rights. Once enabled, all rights +:::note +Use Restore Global Rights to revert to a lower level of rights. Once enabled, all rights on that level will be set to preserve global settings and the system will use the next level of rights. +::: + All Existing Devices that were added on that level will be deleted when the restore is used. @@ -194,8 +212,11 @@ of identification, as seen below: ![Displays List of computers](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/computers.webp) -**NOTE:** The computers that can be targeted by this action are strictly Windows Servers with +:::note +The computers that can be targeted by this action are strictly Windows Servers with Terminal Server roles properly configured +::: + Make sure that there is at least one Terminal Server license available when the action Mark as Terminal Server is performed. If the Terminal Server is successfully marked, a new device type will @@ -214,8 +235,11 @@ By contrast, a Deny Access right set to the RDP Storage will not allow any user Terminal Server by RDP to transfer files to and from their local disk volume or shared storage devices such as USBs. -**NOTE:** Enable **Use User Rights** in the settings bar from System Configuration, System Settings, +:::note +Enable **Use User Rights** in the settings bar from System Configuration, System Settings, Endpoint Rights Functionality for the rights policy to apply on user logins with user priority. +::: + Secondly, the menu from Device Control > Users > Rights will present an additional device type for all the users in Endpoint Protector, namely Thin Client Storage (RDP Storage). diff --git a/docs/endpointprotector/5.9.4.2/admin/dc_module/globalrights.md b/docs/endpointprotector/5.9.4.2/admin/dc_module/globalrights.md index 8124a9b279..66c7322713 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dc_module/globalrights.md +++ b/docs/endpointprotector/5.9.4.2/admin/dc_module/globalrights.md @@ -9,8 +9,11 @@ sidebar_position: 30 From this section, you can manage the entire system and specify what rights and settings apply globally, to all Endpoint Protector entities. -**NOTE:** If device rights or other settings will be configured granularly for entities, the priority +:::note +If device rights or other settings will be configured granularly for entities, the priority order, starting with the highest, will be as follows: +::: + ![priortyorder](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/priortyorder.webp) @@ -64,12 +67,18 @@ Encryption are TD level 1). For detailed information on Trusted Device™ and Enforced Encryption, refer to the [Trusted Device™](../ee_module/eemodule.md) topic. -**NOTE:** With the WiFi – Block if wired network is present option you can disable the WiFi +:::note +With the WiFi – Block if wired network is present option you can disable the WiFi connection, while a wired network connection is present. The WiFi connection will be available when the wired network is not present. +::: + -**NOTE:** On macOS version 14 (Sonoma) and higher, Bluetooth devices are managed only when the +:::note +On macOS version 14 (Sonoma) and higher, Bluetooth devices are managed only when the device is connected and visible under ‘My Devices’ in the Bluetooth section of ‘System settings’. +::: + ![Bluetooth Device Management on Mac](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/macbluetooth.webp) @@ -93,8 +102,11 @@ remain the serial number. For example; in the below image, you can view the 3 devices detected by Endpoint Protector have different VID, PID and device code, but they all have the same serial number. -**NOTE:** The Endpoint Protector Client does not distinguish between USB devices (e.g. USB hard +:::note +The Endpoint Protector Client does not distinguish between USB devices (e.g. USB hard drive vs USB Webcam) by Device name/VID/PID. +::: + ![Manage USB access through the virtual environment.](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/vmusb.webp) @@ -126,9 +138,12 @@ adding devices: ![ Add multiple devices at the same time.](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/multipledevices.webp) -**NOTE:** Although this feature can work in situations where the Serial Number range does not follow +:::note +Although this feature can work in situations where the Serial Number range does not follow a noticeable pattern, this is not recommended. In this type of situation, some devices will be ignored by Endpoint Protector and will not have the expected effect. +::: + - Bulk List of Devices – will allow at Step 2 to add up to 1000 devices at the same time. There are two methods to choose from, either importing a list or simply pasting the information. @@ -141,7 +156,10 @@ detailed information on using the File Allowlist, refer to the File ## Outside Network -**NOTE:** To use this setting, the feature needs to be enabled in the Global Settings section. +:::note +To use this setting, the feature needs to be enabled in the Global Settings section. +::: + From this section, you can define fallback policies that will apply when outside the network. All of the functionalities are identical to the Standard section. @@ -150,7 +168,10 @@ the functionalities are identical to the Standard section. ## Outside Hours -**NOTE:** To use this setting, the feature needs to be enabled in the Global Settings section. +:::note +To use this setting, the feature needs to be enabled in the Global Settings section. +::: + From this section, you can define fallback policies that will apply when outside working hours. All of the functionalities are identical to the Standard section. diff --git a/docs/endpointprotector/5.9.4.2/admin/dc_module/globalsettings.md b/docs/endpointprotector/5.9.4.2/admin/dc_module/globalsettings.md index d959f394fe..8f100f8db0 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dc_module/globalsettings.md +++ b/docs/endpointprotector/5.9.4.2/admin/dc_module/globalsettings.md @@ -12,8 +12,11 @@ From this section, you can apply settings globally to all Endpoint Protector ent these are the settings it will inherit. - If the computer belongs to a group, then it will inherit that group’s settings. -**NOTE:** Several settings from this section also relate to other modules apart from the Device +:::note +Several settings from this section also relate to other modules apart from the Device Control module (Content Aware Protection, eDiscovery, etc.). +::: + ![Apply settings globally to all Netwrix Endpoint Protector entities](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalsettings.webp) @@ -24,7 +27,10 @@ the Client’s behavior for each specific entity (Global, Groups, and Computers - Client Mode – select a mode to change Endpoint Protector Client behavior. - **NOTE:** Learn more from the [Client Mode](#client-mode) section. + :::note + Learn more from the [Client Mode](#client-mode) section. + ::: + - Notifier Language – Configure the Endpoint Protector Client to automatically match the OS language of the user for notifications. When set to "Automatic," the client adjusts its language to the @@ -57,17 +63,22 @@ the Client’s behavior for each specific entity (Global, Groups, and Computers - Policy Refresh Interval (sec) – enter the time interval at which the Client checks with the Server and updates with the latest settings, rights, and policies. - **NOTE:** The policy refresh cycles may be influenced by Azure Active Directory sync intervals + :::note + The policy refresh cycles may be influenced by Azure Active Directory sync intervals (or Active Directory syncs) if Endpoint Protector is configured to sync entities. Please consider the sync intervals of your Azure Active Directory or Active Directory sync processes when determining an appropriate policy refresh interval. + ::: - Log Interval (min) – enter the time interval at which the Client attempts to re-send the Logs to the Server. - Shadow Interval (min) – enter a time interval between 0-720 minutes at which the Endpoint Protector Client sends the file Shadows to the Endpoint Protector Server. - **NOTE:** Set the interval to 0 to send the file shadows instantly. + :::note + Set the interval to 0 to send the file shadows instantly. + ::: + - Recovery Folder Retention Period (days) – this setting is specific for Mac and Linux computers. It acts as a quarantine folder before a transferred file has been fully inspected for content, @@ -96,10 +107,13 @@ the Client’s behavior for each specific entity (Global, Groups, and Computers such as PDF, Docx, etc. With Monitor Webmail setting enabled, you can also detect source code in emails in subject and body using web browsers. - **NOTE:** Source Code Detection may encounter challenges when dealing with small code snippets. + :::note + Source Code Detection may encounter challenges when dealing with small code snippets. This can occur due to the potential overlap among various programming languages. It's important to consider these limitations when configuring and utilizing Source Code Detection for optimal results. + ::: + - User edited information - if enabled, the User can edit the user and computer information from within the Endpoint Protector Client. @@ -121,7 +135,10 @@ the Client’s behavior for each specific entity (Global, Groups, and Computers for Windows, enable this setting to allow the user to format or rename a USB device that has TD1-x access permission. - **NOTE:** For this setting to work successfully, enable the Minifilter Driver setting. + :::note + For this setting to work successfully, enable the Minifilter Driver setting. + ::: + - User Remediation Pop-up – this setting is available when the [User Remediation](/docs/endpointprotector/5.9.4.2/admin/systempar.md#user-remediation) feature is active and enables @@ -154,8 +171,11 @@ Select from the drop-down list a client mode to define the Endpoint Protector C other modes imply. Normal mode does not apply to Content Aware Protection; all other client modes, except Silent mode, are specific to Device Control. - **NOTE:** If the Normal Mode does not suit your needs, consider the Hidden or Silent modes as + :::note + If the Normal Mode does not suit your needs, consider the Hidden or Silent modes as the best alternatives. + ::: + 2. Transparent – use this mode to block all devices whilst maintaining users unaware of any restrictions or presence of the Endpoint Protector Client. Transparent mode does not apply to @@ -180,8 +200,11 @@ Select from the drop-down list a client mode to define the Endpoint Protector C and file-tracing. Stealth mode does not apply to Content Aware Protection; all other client modes, except Silent mode, are specific to Device Control. - **NOTE:** As everything is allowed, there will be no disruptions in the daily activities of the + :::note + As everything is allowed, there will be no disruptions in the daily activities of the users. + ::: + Selecting this mode will: @@ -195,8 +218,11 @@ Select from the drop-down list a client mode to define the Endpoint Protector C activity is detected by the Endpoint Protector Admin. Panic mode does not apply to Content Aware Protection; all other client modes, except Silent mode, are specific to Device Control. - **_RECOMMENDED:_** It is recommended to use this mode for selected users/groups/computers only, + :::info + It is recommended to use this mode for selected users/groups/computers only, as it will block all devices and generate a high volume of logs. + ::: + Selecting this mode will: @@ -232,9 +258,12 @@ Select from the drop-down list a client mode to define the Endpoint Protector C - Not display system tray notifications - Apply all set rights and settings as per their configuration -**NOTE:** Certain Linux distributions (like SLED) lack system tray support, resulting in the absence +:::note +Certain Linux distributions (like SLED) lack system tray support, resulting in the absence of an Endpoint Protector Notifier icon. To receive Endpoint Protector notifications in these systems, keep the Endpoint Protector Notifier window open. +::: + ## DPI Configuration @@ -249,7 +278,10 @@ In this section, you can manage the following settings: - Intercept VPN Traffic – if you enable this setting, you allow the Endpoint Protector Client to intercept VPN traffic on macOS using the network extension framework - **NOTE:** Learn more from the [Intercept VPN Traffic](#intercept-vpn-traffic) topic. + :::note + Learn more from the [Intercept VPN Traffic](#intercept-vpn-traffic) topic. + ::: + - Endpoint Protector Behavior with Network Extension Off – select a behavior type from the available entries @@ -262,9 +294,12 @@ In this section, you can manage the following settings: - Ignore Hostname - when checked, the certificate hostname property will not be validated against the server hostname. - **CAUTION:** Disabling setting ‘Peer Certificate Validation’ will not impact Endpoint Protector + :::warning + Disabling setting ‘Peer Certificate Validation’ will not impact Endpoint Protector functionality. It should only be disabled when an alternative network traffic inspection product, such as a Secure Web Gateway Solution, is validating website certificates. + ::: + - Display Dialog Boxes for DPI Dropped Connections - enable this setting to display Dialog windows on endpoint machines, containing more details. @@ -273,8 +308,11 @@ In this section, you can manage the following settings: - Block Unsecured Connection - if enabled, unsecured access through HTTP will be blocked and user access restricted. - **NOTE:** The Block Unsecured Connection feature is only available when the Deep Packet + :::note + The Block Unsecured Connection feature is only available when the Deep Packet Inspection feature is enabled. + ::: + - DPI Bypass Traffic – this setting automatically bypasses non-inspectable traffic and sends an event for allowed traffic. @@ -296,8 +334,11 @@ In this section, you can manage the following settings: scenario. - ‘Certificate Pinning’ also falls under this category. - **NOTE:** Learn more about + :::note + Learn more about [Using Wireshark for Network Traffic Analysis](#using-wireshark-for-network-traffic-analysis). + ::: + 2. Bypass Unknown TLS Handshakes @@ -347,17 +388,26 @@ In this section, you can manage the following settings: with both settings ‘Bypass Invalid Peer Certificates’ and ‘Peer Certificate Validation’ enabled, illustrates such situations (the website will be accessible). - **CAUTION:** Please be aware that the current Default DPI list and the new Default DPI bypass + :::warning + Please be aware that the current Default DPI list and the new Default DPI bypass list are exclusively utilized when manually checked within CAP (Content Aware Protection) policies. + ::: + - **NOTE:** Learn more about Timeout Period for Bypassed Websites, and Handling of Bypassed + :::note + Learn more about Timeout Period for Bypassed Websites, and Handling of Bypassed Domains and Applications. + ::: + - DPI Bypass Event Logging – this setting will automatically send DPI Bypass events/reasons to Endpoint Protector Server when connections are being bypassed on endpoints. - **NOTE:** Learn more about [Bypass Log Reporting Frequency](#bypass-log-reporting-frequency). + :::note + Learn more about [Bypass Log Reporting Frequency](#bypass-log-reporting-frequency). + ::: + ![If enabled, network and browser traffic can be inspected for content](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/dpiconfiguration.webp) @@ -366,9 +416,12 @@ In this section, you can manage the following settings: If you enable this setting, the Endpoint Protector Client will intercept VPN traffic on macOS using the network extension framework. -**NOTE:** The Intercept VPN Traffic feature is only available when the Deep Packet Inspection feature +:::note +The Intercept VPN Traffic feature is only available when the Deep Packet Inspection feature is enabled. It will only work for macOS from version 11.0 onwards and only if Deep Packet Inspection Certificate is also added. +::: + To use this feature, follow these steps: @@ -401,7 +454,10 @@ To use this feature, follow these steps: ![Proxy Configuration pop-up window](/img/product_docs/endpointprotector/5.9.4.2/install/agent/proxypop-up.webp) -**NOTE:** When network extension is successfully enabled, a Client Integrity OK log is generated. +:::note +When network extension is successfully enabled, a Client Integrity OK log is generated. +::: + **Step 8 –** Go to **System Configuration** > **System Settings** > **Deep Packet Inspection Certificate**, and then download the CA Certificate. @@ -493,17 +549,23 @@ Shadowing on all supported Removable Devices: printers, clipboards, etc. - E-mail Body -**CAUTION:** File Shadowing cannot be used without File Tracing. +:::warning +File Shadowing cannot be used without File Tracing. +::: + File Shadowing can be delayed due to network traffic and Endpoint Protector Settings for different computers or file sizes. Shadowed files are usually available after a few minutes. Shadow creation may not occur for newly created files; however, the system diligently tracks file activities and generates File Shadowing for subsequent file events as expected. -**NOTE:** For your deployment, we strongly advise activating File Shadowing for not more than 15% of +:::note +For your deployment, we strongly advise activating File Shadowing for not more than 15% of your total endpoint capacity (e.g., for a 1000 endpoint deployment, File Shadowing should be set to a maximum of 150 endpoints for optimal performance). For more users, please contact customer support for recommended settings. +::: + - Exclude Extensions from Tracing – you can disable File Tracing for specific file types. @@ -518,13 +580,19 @@ for recommended settings. - Both (Outgoing & Incoming) allows you to monitor all types of transfers that are made between removable devices and the local machine. - **NOTE:** The File Tracing Direction setting only applies for transfers between removable + :::note + The File Tracing Direction setting only applies for transfers between removable devices, computers, and network shares and works only on Windows and macOS starting with version 11.0. + ::: - **NOTE:** MTP (Media Transfers Protocols) file transfer is currently supported only on Windows + + :::note + MTP (Media Transfers Protocols) file transfer is currently supported only on Windows client machines. It allows you to transfer files in one direction, from your PC to your Android device. + ::: + - Exclude Extensions from Shadowing – use this setting to disable File Shadowing for specific file types. @@ -547,14 +615,20 @@ for recommended settings. a document, the DLL scans the printed document content, and if sensitive data is detected, Endpoint Protector can block the print operation. - **NOTE:** This feature increases accuracy and reduces false positives for File Tracing and File + :::note + This feature increases accuracy and reduces false positives for File Tracing and File Shadowing. It is available only for Windows and will require a computer restart. + ::: + - Block Print from Browsers – Enable this setting to prevent users from printing web pages from any supported browser on Windows. - **NOTE:** The Content-Aware Protection (CAP) feature is available only for Chrome and Edge via a + :::note + The Content-Aware Protection (CAP) feature is available only for Chrome and Edge via a dedicated extension. For other browsers, this setting will block print functionality. + ::: + - Block Print if CAP Cannot Process File – This setting determines the action if CAP cannot access the file content. By default, printing is allowed. This option applies only to Chrome and Edge @@ -568,11 +642,14 @@ for recommended settings. ![File Tracing and Shadowing Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/blockprintone.webp) -**CAUTION:** Newer Linux Ubuntu versions have 'snap'-based applications installed by default, +:::warning +Newer Linux Ubuntu versions have 'snap'-based applications installed by default, affecting Endpoint Protector Client functionality. This may result in missing file-related events in File Tracing and File Shadow artifacts. The reliance on 'snap'-based applications also affects file-related web browser activities, exacerbating this limitation. Consider non-’snap’-based applications (where possible) as alternative configurations for optimal functionality. +::: + ## Block Print from Browsers @@ -580,22 +657,34 @@ Enable this setting to restrict the user from printing web pages from various br available, define the specific browsers, and create and enforce a Content Aware Policy that includes Printers from the Policy Exit Points section. -**NOTE:** This setting is available only for Windows. +:::note +This setting is available only for Windows. +::: -**CAUTION:** After enabling the Block Print from Browsers setting and applying the configuration on + +:::warning +After enabling the Block Print from Browsers setting and applying the configuration on the Client to enforce it, please be aware that open browser tabs will need to be reloaded, or a browser restart will be required for the changes to take effect. +::: + -**CAUTION:** Since version 5.9.4.1, Endpoint Protector Clients require binding to the new Endpoint +:::warning +Since version 5.9.4.1, Endpoint Protector Clients require binding to the new Endpoint Protector web printing extensions. Customers using GPO configuration, should ensure that the browser extension ID configured in the GPO is updated. The old extensions will soon be deprecated. Customers using this feature and older Endpoint Protector Clients than version 5.9.4.1 should immediately enforce an Endpoint Protector Client upgrade process. After updating the GPO configurations and completing the Endpoint Protector Client upgrade process, a full computer reboot is required for the changes to take effect. +::: + -**CAUTION:** Upgrading the Endpoint Protector Client with the browser plug-in enabled will require a +:::warning +Upgrading the Endpoint Protector Client with the browser plug-in enabled will require a full computer restart. +::: + ![blockprinttwo](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/blockprinttwo.webp) @@ -606,18 +695,30 @@ seamless protection, the Endpoint Protector Browser Connection extension install scanning capabilities during web document printing, integrating seamlessly on both server and client sides. -**NOTE:** The extension does not function in 'in Private/Incognito' mode. If it fails to load, it +:::note +The extension does not function in 'in Private/Incognito' mode. If it fails to load, it reverts to full Block-mode with Printing, providing comprehensive protection. +::: + -**NOTE:** To ensure the extensions' stability and prevent user interference, use Group Policy +:::note +To ensure the extensions' stability and prevent user interference, use Group Policy Objects (GPO), the exclusive and recommended method for installing on both Google Chrome and Microsoft Edge. +::: + -**CAUTION:** Use the Group Policies to set PDF files to be downloaded instead of opened in the web +:::warning +Use the Group Policies to set PDF files to be downloaded instead of opened in the web browser for the block print from the browser to function accurately. +::: -**CAUTION:** Group Policy Objects (GPO) are the only supported method to prevent users from + +:::warning +Group Policy Objects (GPO) are the only supported method to prevent users from disabling or uninstalling the Google Chrome and Microsoft Edge extension. +::: + ### Configuring GPO for Browser Extensions @@ -654,9 +755,12 @@ users from removing it, follow these steps: ![Configuring GPO for Browser Extensions](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/grouppolicyeditortwo.webp) -**CAUTION:** Make sure to thoroughly test the configuration in a controlled environment to ensure the +:::warning +Make sure to thoroughly test the configuration in a controlled environment to ensure the intended behavior. Always keep endpoint security policies updated and aligned with organizational security standards. +::: + ## Ignore Virtual Printers @@ -667,7 +771,10 @@ analytics and administration teams. With this option, users can focus on trackin they exit your organization's environment and not when they have been created, streamlining monitoring efforts and improving efficiency. -**NOTE:** This feature only applies for Windows. +:::note +This feature only applies for Windows. +::: + ## Configure Max File Size @@ -684,8 +791,11 @@ Additionally, in the Windows environment, a default time-out of 10 seconds is ap strict 10-second time-out is enforced due to Apple OS architecture, which terminates processes that do not respond promptly. Linux currently operates without a specific time-out limitation. -**NOTE:** This setting only applies to Content Aware Protection policies and does not affect +:::note +This setting only applies to Content Aware Protection policies and does not affect eDiscovery Policies and Max File Size for File Shadows. +::: + ![ Tailor Content Aware Protection scanner’s file size settings according to their specific needs. ](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/maxfileconfg.webp) @@ -702,11 +812,17 @@ Control and Content Aware modules. Once these settings are made, the fallback device type rights can be set Globally, per Groups, Users, or Computers. -**CAUTION:** When triggered, fallback policies supersede the standard device rights. Regarding +:::warning +When triggered, fallback policies supersede the standard device rights. Regarding fallback policies, the Outside Network Policies supersede the Outside Hours Policies. +::: -**NOTE:** For [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md), the Outside Network + +:::note +For [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/cap_module/capmodule.md), the Outside Network and Outside Hours Policy Type also needs to be selected. +::: + ![Manage Outside Network and Outside Hours Policies, for both Device Control and Content Aware modules](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/outsidehoursnetwork.webp) @@ -735,9 +851,12 @@ There are three actions to choose from when the Transfer Limit is reached: - Lockdown – this setting blocks all devices, regardless if they have been defined within the Device Control policies, including the network interfaces and therefore, any type of transfer -**NOTE:** To re-establish the Server-Client communication before the Transfer Limit Time Interval +:::note +To re-establish the Server-Client communication before the Transfer Limit Time Interval expires, a Transfer Limit Reached Offline Temporary Password is available. For detailed information, refer to the Offline Temporary Password chapter. +::: + You can enable a Transfer Limit Reached Alert and schedule a Transfer Limit Reached Report on a daily, weekly, or monthly basis. @@ -753,8 +872,11 @@ By enabling this feature, the Endpoint Protector Client will create the log fil and if Deep Packet Inspection is enabled, it will collect supplementary Deep Packet Inspection logs along with sslsplit logs. -**NOTE:** We recommend using the Debug level mode as it contains more than error and warning type +:::note +We recommend using the Debug level mode as it contains more than error and warning type information. +::: + ![Use this feature to collect logs for a specific issue](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/debuglogging.webp) @@ -762,7 +884,7 @@ information. To use the debug feature and collect logs, follow these steps: -Manual Logging +**Manual Logging** On the Global > Computer > User Settings page, configure the following settings: @@ -776,7 +898,10 @@ data**. **Step 4 –** **Save.** -**NOTE:** Read the [Data Obfuscation Rules](#data-obfuscation-rules) section for more information. +:::note +Read the [Data Obfuscation Rules](#data-obfuscation-rules) section for more information. +::: + ![Used to debug feature and collect logs](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/debugloggingtwo.webp) @@ -792,7 +917,7 @@ data**. ![Netwrix Endpoint Protector Client Debug Mode](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/clientdebugmode.webp) -Automatic Logging +**Automatic Logging** You can also substitute the user action from the Manual Logging procedure by using the automatic logging option. @@ -846,7 +971,10 @@ Specific use cases: 2. For SSNs, the last 4 characters are displayed 3. For Brazil ID (CPF), the first 3 and the last 2 characters are obfuscated -**NOTE:** Data is not obfuscated for the file-type threat, file-size threat, and date threat. +:::note +Data is not obfuscated for the file-type threat, file-size threat, and date threat. +::: + ![Data Obfuscation Example](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/dataobfuscationone.webp) @@ -879,6 +1007,9 @@ You can set a maximum number of 10 000 logs to be displayed per report. To expor the log number exceeds the maximum 10 000 limit, use the Create export option or narrow the search using filters. -**NOTE:** The information you set on this setting will also be applied for eDiscovery. +:::note +The information you set on this setting will also be applied for eDiscovery. +::: + ![Set the maximum number of logs that can be displayed](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/displaysettings.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/dc_module/usersandgroups.md b/docs/endpointprotector/5.9.4.2/admin/dc_module/usersandgroups.md index 8f22c415c6..f984514b06 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dc_module/usersandgroups.md +++ b/docs/endpointprotector/5.9.4.2/admin/dc_module/usersandgroups.md @@ -34,7 +34,10 @@ There are two users created by default during the installation process of Endpoi the user attached to all events generated by the programs launched from the specific device when Autoplay is enabled in the Operating System. -**CAUTION:** Depending on the OS, additional system users can appear: +:::warning +Depending on the OS, additional system users can appear: +::: + - \_mbsetupuser (for macOS, during updates) - 65535, 62624, etc. (for Linux, during locked screens) @@ -56,9 +59,12 @@ These are generally the only device rights used. In addition to the Standard device control rights, if enabled from the Global Settings, the administrator can create fallback policies for Outside Network and Outside Hours circumstances. -**NOTE:** The Restore Global Rights button can be used to revert to a lower level of rights. Once +:::note +The Restore Global Rights button can be used to revert to a lower level of rights. Once this button is pushed all rights on that level will be set to preserve global settings and the system will use the next level of rights. +::: + All Existing Devices that were added on that level will be deleted when the restore is used. @@ -95,8 +101,11 @@ A group is identified by information like Name and Description, as well as base You can manually create a new group at any time by providing the group information mentioned above. Groups can also be imported into Endpoint Protector from Active Directory. -**NOTE:** For detailed information on Active Directory, refer to the +:::note +For detailed information on Active Directory, refer to the [Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryserv.md) topic. +::: + The Actions column offers multiple options related to the group’s management like Edit, Manage Rights, Manage Settings, History, and Delete. @@ -118,8 +127,11 @@ To use Smart Groups, follow these steps: **Step 1 –** Enable Smart Groups from System Configuration, System Settings, on the Smart Groups section, scroll to the bottom of the page and click **Save**. -**NOTE:** By enabling the Smart Group feature, Computers and Users will not be automatically +:::note +By enabling the Smart Group feature, Computers and Users will not be automatically assigned to the Default Group unless you create a Smart Group. +::: + ![ Membership can be defined based on element name patterns](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/smartgroups.webp) @@ -134,9 +146,15 @@ the following and then click **Save**: Define the rules Computers or Users are added to the Smart Groups based on the naming pattern rules: XYZ\*, \*XYZ\*,\*XYZ. -**CAUTION:** The rules set are key-sensitive! +:::warning +The rules set are key-sensitive! +::: + + +:::note +Once created, you can manage the group's priority by drag and drop actions. +::: -**NOTE:** Once created, you can manage the group's priority by drag and drop actions. ![Adding users to smart groups](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/groupinformation.webp) @@ -146,7 +164,10 @@ The Smart Groups rule will not remove items from the regular groups to assign th Entities are added to the Smart group through the synchronization process. After you created the Smart Group, click **Sync** to start the synchronization at a given interval every 1 minute. -**NOTE:** The Synchronization process will not change settings for the regular groups. +:::note +The Synchronization process will not change settings for the regular groups. +::: + If a new Computer is registered and matches one of the rules, the Computer will automatically be assigned to that Group. @@ -185,16 +206,22 @@ active/online). Default Groups are groups of Computers and Users that do not belong to Smart Groups. These are Computers and Users that do not follow the name pattern set for Smart Groups. -**NOTE:** Default Groups are available only if Smart Groups are enabled. To use Default Groups, +:::note +Default Groups are available only if Smart Groups are enabled. To use Default Groups, follow these steps: +::: + **Step 1 –** Enable Default Groups for Computers and Users from System Configuration > System Settings > on the Smart Groups section, scroll to the bottom of the page and click **Save**. ![Enabling Default Groups for Computers and Users from System Configuration](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/enablesmartgroups.webp) -**CAUTION:** You are not required to manually create Default Groups – by enabling them, the Default +:::warning +You are not required to manually create Default Groups – by enabling them, the Default Groups for Users and Computers will be automatically created. +::: + ![Manage all the groups in the system](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/listofgroups.webp) @@ -247,12 +274,18 @@ create fallback policies for Outside Network and Outside Hours circumstances. For detailed information on Device Types and Specific Devices (Standard, Outside Network, and Outside Hours), refer to the Users and Groups topic. -**NOTE:** Use Restore Global Rights to revert to a lower level of rights. Once enabled, all rights +:::note +Use Restore Global Rights to revert to a lower level of rights. Once enabled, all rights on that level will be set to preserve global settings and the system will use the next level of rights. +::: + -**NOTE:** All Existing Devices that were added on that level will be deleted when the restore is +:::note +All Existing Devices that were added on that level will be deleted when the restore is used. +::: + ![Specify what Device Types and also what Specific Devices can be accessible.](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/devicetypes.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md index f0269cbfbb..04e6dfe307 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md @@ -23,11 +23,14 @@ inspect them using content filters. MIME Type Allowlists are available for both the Content Aware Protection and eDiscovery modules and apply to Custom Content, Predefined Content, and Regular Expressions. -**NOTE:** By default, graphic files, media files, some password-protected archive files and some system +:::note +By default, graphic files, media files, some password-protected archive files and some system files are automatically defined within the MIME Type Allowlists. While this can be changed, we recommend only doing so after gaining a deeper understanding of the type of data transferred used, or stored by the users in your system, and the subsequent logs increase in the Endpoint Protector Server. +::: + ![MIME Type Allowlists ](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/mimetypeallowlists.webp) @@ -62,13 +65,16 @@ Location Denylists and Allowlists throughout the system. By default, the File Lo apply to all files located in the specific folder but also to any other files located in containing subfolders. -**NOTE:** In addition to defining the File Location Allowlist, the browser or application used to +:::note +In addition to defining the File Location Allowlist, the browser or application used to transfer files also needs to be selected from within the Content Aware Protection Policy. +::: + You can use wildcard patterns in the file location allow list, to specify wildcard matching. To match a desktop folder on Windows use the pattern "?:\Users\\\*\Desktop\". -Wildcards Usage Examples for File Location +**Wildcards Usage Examples for File Location** | Wildcards Type | File Location | Results matched | Results not matched | | -------------- | ------------------ | ---------------------------------------------------------------------------------- | ----------------------------------------------------------------------- | @@ -96,14 +102,20 @@ Location Allowlists will only apply for the selected computer groups after 15 mi Network Share Allowlists are custom-defined lists of network share addresses where transfers of confidential information will be allowed by Endpoint Protector. -**NOTE:** Network Share Allowlists are available only for the Content Aware Protection module. +:::note +Network Share Allowlists are available only for the Content Aware Protection module. +::: + You can use wildcard patterns in the Network Share Allowlist to specify wildcard matching. The Network Share Allowlist can perform matching the whole file name, not only on the directory name, when wildcard patterns are used. -**CAUTION:** The Network Share must be set to Allow Access and Scan Network Share must be checked +:::warning +The Network Share must be set to Allow Access and Scan Network Share must be checked inside a Content Aware Protection Policy. +::: + ![Network Share Allowlists ](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/networkshareallowlists.webp) @@ -116,8 +128,11 @@ line, comma, or semicolon and then select the **groups** and **computers**. Network Share Allowlists will not apply to groups of users, only to groups of computers. Network Share Allowlists will only apply for the selected computer groups after 15 minutes. -**CAUTION:** Do not type the network share path with backslashes (\\) 192.168.0.1\public\users\test; +:::warning +Do not type the network share path with backslashes (\\) 192.168.0.1\public\users\test; fileserver\documents\example +::: + ![New Network Share Allowlists](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/newnetworkshareallowlists.webp) @@ -126,7 +141,10 @@ Share Allowlists will only apply for the selected computer groups after 15 minut E-mail Domain Allowlists are custom-defined e-mail addresses to which sending of confidential information will be allowed by Endpoint Protector. -**NOTE:** E-mail Domain Allowlists are available only for the Content Aware Protection module. +:::note +E-mail Domain Allowlists are available only for the Content Aware Protection module. +::: + ![E-mail Domain Allowlists](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/emaildomainallowlists.webp) @@ -144,7 +162,7 @@ when creating or editing a Content Aware Protection policy. You can use wildcard patterns in the e-mail domain to specify wildcard matching as displayed in the following example. -Wildcards Usage Examples for E-mail Domain +**Wildcards Usage Examples for E-mail Domain** | E-mail Domain name | Results matched | Results not matched | | ------------------ | -------------------------------------------- | ------------------------- | @@ -163,8 +181,11 @@ You can add a new allowlist or edit, delete or export from the Actions column. You can create or import up to 100 lists of dictionaries, each dictionary comprising up to 50000 web domains. -**NOTE:** Dictionaries comprising up to 100 web domains can be edited, but for more extensive +:::note +Dictionaries comprising up to 100 web domains can be edited, but for more extensive dictionaries, you will need to import them again. +::: + To create a new allowlist, under the list of available allowlists, click Add, provide a name and description and then type or paste items at least three characters separated by a new line, comma, @@ -172,9 +193,15 @@ or semicolon. You can import content using the sample file provided on the form Example: example.endpointprotector, \*example.com, \*example\*, https://website.com, etc. -**CAUTION:** “?” cannot be used to replace a character. +:::warning +“?” cannot be used to replace a character. +::: + + +:::note +Due to Gmail usage, take the following into consideration: +::: -**NOTE:** Due to Gmail usage, take the following into consideration: - You need to allow **mail.google.com** for adding e-mail attachments or files using the drag and drop option @@ -185,7 +212,7 @@ available when creating or editing a Content Aware Protection policy. ![New Deep Packet Inspection Allowlists](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/newdpiallowlists.webp) -Wildcards Usage Examples for Deep Packet Inspection +**Wildcards Usage Examples for Deep Packet Inspection** | Domain name | Results matched | Results not matched | | ------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------------ | @@ -196,4 +223,7 @@ Wildcards Usage Examples for Deep Packet Inspection | https://cisco.com | https://cisco.com/drives/downloads/ http://cisco.com/drives/downloads/ | https://sub.cisco.com/drives/download s/ https://cisco.com.ca/downloads/ | | https://cisco.com\* | https://cisco.com.ca/downloads/ http://cisco.com.ca/downloads/ | https://sub.cisco.com.ca/downloads/ https://bad.cisco.com/downloads/ | -**NOTE:** Using wildcards will search for domain names, not URLs. +:::note +Using wildcards will search for domain names, not URLs. + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md index 455771d9e5..4d12e23670 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md @@ -21,8 +21,11 @@ and **description** and then type or paste items at least three characters separ comma, or semicolon. You can import content using the sample file provided on the form and then select the option based on the number of uploaded items. -**NOTE:** Dictionaries of under 100 items can be edited, while larger dictionaries have to be +:::note +Dictionaries of under 100 items can be edited, while larger dictionaries have to be uploaded again. +::: + Once the denylist is created, it will be displayed on the Custom Content list and will be available when creating or editing a Content Aware Protection or eDiscovery policy. @@ -56,8 +59,11 @@ Examples: Matching and Non-Matching for File Extensions like “.epp”: Once the denylist is created, it will be displayed on the File Name list and will be available when creating or editing a Content Aware Protection or eDiscovery policy. -**CAUTION:** For Content Aware Protection, the File Name Denylists work only for Block & Report type +:::warning +For Content Aware Protection, the File Name Denylists work only for Block & Report type Policies. The Case Sensitive and Whole Words Only features do not apply. +::: + ![File Name Denylists ](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/filename.webp) @@ -76,8 +82,11 @@ Location Denylists and Allowlists throughout the system. By default, the File Lo apply to all files located in the specific folder but also to any other files located in containing subfolders. -**NOTE:** In addition to defining the File Location Denylist, the browser or application used to +:::note +In addition to defining the File Location Denylist, the browser or application used to transfer files also needs to be selected from within the Content Aware Protection Policy. +::: + From this section, you can view and add file location denylists and from the Actions column, you can edit, delete or export an existing denylist. @@ -86,15 +95,18 @@ To create a new denylist, under the list of available denylists, click **Add**, and **description**, add the items separated by a new line, comma, or semicolon and then select the **groups** and **computers**. -**NOTE:** File Location Denylist will not apply to groups of users, only to groups of computers. +:::note +File Location Denylist will not apply to groups of users, only to groups of computers. File Location Denylist will only apply for the selected computer groups after 15 minutes. +::: + ![File Location New Denylist](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/filelocationnewdenylists.webp) You can use wildcard patterns in the File Location Denylists to specify wildcard matching. To match a desktop folder on Windows, use the pattern "?:\Users\\\*\Desktop\". -Wildcards Usage Examples for File Location +**Wildcards Usage Examples for File Location** | Wildcards Type | File Location | Results matched | Results not matched | | -------------- | -------------- | ------------------------------------------------------ | -------------------------------------------------------------- | @@ -132,10 +144,13 @@ You can create a regular expression to find a certain recurrence in the data th across the protected network. Regex Denylists are available for both the Content Aware Protection and eDiscovery modules. -**CAUTION:** If possible, avoid using Regular Expressions, as their complexity typically increases +:::warning +If possible, avoid using Regular Expressions, as their complexity typically increases the resources usage. Using a large number of regular expressions as filtering criteria typically increases CPU usage. Also, improper regular expressions or improper use can have negative implications. +::: + From this section, you can view and add regex expressions and from the Actions column, you can edit or delete an existing denylist. @@ -153,9 +168,12 @@ Matched content box, as shown below: - To match an IP – (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3} -**NOTE:** This feature is provided “as is” and requires advanced knowledge of the Regular Expression +:::note +This feature is provided “as is” and requires advanced knowledge of the Regular Expression syntax. No direct support is offered and it is the responsibility of the customers to learn and implement regular expressions and to thoroughly test. +::: + ![You can test a regular expression for accuracy using the right-side option](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/regexnewdenylist.webp) @@ -164,7 +182,10 @@ implement regular expressions and to thoroughly test. Domain and URL Denylists are custom-defined lists of web addresses identified by Endpoint Protector. Access to domains and URLs from these lists will be denied. -**NOTE:** Domain and URL Denylists are available only for the Content Aware Protection module. +:::note +Domain and URL Denylists are available only for the Content Aware Protection module. +::: + ![Domain and URL Denylists ](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/domainurldenylists.webp) @@ -178,8 +199,11 @@ You can import content using the sample file provided on the form. You can create or import up to 100 lists of dictionaries, each dictionary comprising up to 50000 web domains. -**NOTE:** Dictionaries comprising up to 100 web domains can be edited, but for more extensive +:::note +Dictionaries comprising up to 100 web domains can be edited, but for more extensive dictionaries, you will need to import them again. +::: + You can define the content by adding the file name, file name and extension, or just the extension - pdf, test1example.pdf. example.endpointprotector.com, \*example.com, \*example\*example, @@ -195,13 +219,19 @@ when creating or editing a Content Aware Protection policy. E-mail Domain Denylists are custom-defined e-mail addresses and domains applicable to groups and computers that block the user from sending emails. -**CAUTION:** This feature blocks the user from sending emails regardless of content and type. As the +:::warning +This feature blocks the user from sending emails regardless of content and type. As the denylist applies to the computer, not the policy, it blocks emails sent from the applications you select that have Report Only or Block and Remediate policies with no remediation possible. +::: + -**NOTE:** This feature is only available for Content Aware Protection when Deep Packet Inspection is +:::note +This feature is only available for Content Aware Protection when Deep Packet Inspection is enabled and only impacts applications that retrieve the email recipients and are selected on Content Aware Protection Policy. +::: + ![E-mail Domain Denylists](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/e-maildomaindenylists.webp) @@ -238,13 +268,19 @@ MIP-labeled files. MIP labels can be used along other CAP conditions, including content-aware and label-aware data scanning. This enable granular control over data protection based on MPIP classifications. -**NOTE:** While Endpoint Protector can currently recognize MIP-encrypted files by their GUID (if +:::note +While Endpoint Protector can currently recognize MIP-encrypted files by their GUID (if they follow the latest MIP format used by office web tools labeling), content-aware scanning for these files is not yet supported. +::: + -**NOTE:** Endpoint Protector Server in Microsoft Entra (formerly Azure AD) applications is +:::note +Endpoint Protector Server in Microsoft Entra (formerly Azure AD) applications is unnecessary. Endpoint Protector relies on information with labeled files. This might change in future releases. +::: + ![Confguration for Microsoft Information Protection (MIP) ](/img/product_docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/mipclassification.webp) @@ -259,17 +295,20 @@ to gain visibility and control over the usage of particular applications. Example: Consider the scenario of controlling the startup mode of an application, as illustrated by the example below for Google Chrome: -chrome.exe --incognito +**chrome.exe --incognito** With CLI commands denylists, you can define criteria for command line arguments that match specific application behaviors. This allows you to create CAP policies tailored to your organization's needs, ensuring that the launch and behavior of applications align with your security and compliance requirements. -**NOTE:** Certain native command line utilities such as `ls`, `md`, `cd`, which are embedded in the +:::note +Certain native command line utilities such as `ls`, `md`, `cd`, which are embedded in the Operating System Core, may not be captured by CAP visibility. These commands are integral to the functioning of the operating system and are typically excluded from CAP policies, and are not an egress channel. +::: + Follow the steps to define CLI command denylist policies. @@ -286,8 +325,11 @@ control and monitoring of application usage. Follow these steps and leverage CLI commands denylists to enhance your organization's security posture and ensure that applications are used in compliance with your policies and regulations. -**NOTE:** The Endpoint Protector Client has limited visibility into activity within PowerShell and +:::note +The Endpoint Protector Client has limited visibility into activity within PowerShell and PowerShell ISE environments, as well as basic command-line operations on macOS and Linux systems (actions like `touch`, `cp`, `cd`, `mv`, and `mkdir`). To ensure Denylists entries match processes with default parameters, use the wildcard character "\*" at the end of the Application Name field (e.g, `notepad.exe *`. + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md index c797b832e1..6fcd3c1c3f 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md @@ -10,7 +10,7 @@ From this section, you can create Denylists and Allowlists that can be used in b Aware Protection and eDiscovery modules. Once defined, these lists can be enabled for a specific policy. -Denylists and Allowlists Availability +**Denylists and Allowlists Availability** | Type | Name | Windows Platform | macOS Platform | Linux Platform | Content Aware Protection Module | eDiscovery Module | | -------------- | ---------------------- | ------------------------------- | -------------- | -------------- | ------------------------------- | ----------------- | @@ -30,8 +30,14 @@ Denylists and Allowlists Availability | Allowlists | Deep Packet Inspection | Yes | Yes | Yes | Yes | No | | URL Categories | URL Categories | Yes | Yes | Yes | Yes | No | -**_RECOMMENDED:_** Endpoint Protector 5.9.4+ supports larger lists, but extensive use can impact +:::info +Endpoint Protector 5.9.4+ supports larger lists, but extensive use can impact performance. Use the minimum number of lists with reasonable entries for optimal performance. +::: -**NOTE:** The Allowlist/Network Shares retain the old limit of 15 dictionaries, with 10 items per + +:::note +The Allowlist/Network Shares retain the old limit of 15 dictionaries, with 10 items per dictionary. + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md index 0cfd085d4c..6a899d2bf7 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md @@ -11,7 +11,10 @@ limit the Deep Packet Inspection monitoring of the web traffic. If no Deep Packe URL Category is set on a policy, the Endpoint Protector Client will monitor all web domains by default. -**CAUTION:** URL Categories only apply when the Deep Packet Inspection feature is active. +:::warning +URL Categories only apply when the Deep Packet Inspection feature is active. +::: + Blocking content based on URL categories can lead to data loss if not used correctly because it will restrict a policy to a few domain names. Policies must be constantly updated as new URLs need to be diff --git a/docs/endpointprotector/5.9.4.2/admin/directoryserv.md b/docs/endpointprotector/5.9.4.2/admin/directoryserv.md index e43e6aee2d..e4a8633894 100644 --- a/docs/endpointprotector/5.9.4.2/admin/directoryserv.md +++ b/docs/endpointprotector/5.9.4.2/admin/directoryserv.md @@ -19,10 +19,13 @@ Password. ![Manage connections from the Directory Services](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/newconnection.webp) -**NOTE:** When having to import a very large number of entities, we recommend using the Base Search +:::note +When having to import a very large number of entities, we recommend using the Base Search Path to get only the relevant information displayed. Due to browser limitations, importing the whole AD structure may impede the display of the import tree if it contains a very large number of entities. +::: + To ensure the information is correct, click Test to test the new connection. @@ -39,7 +42,10 @@ other entities. From the Directory Browser section, you can select the entities that need to be synced. -**NOTE:** You can view only Organizational units (OU) and Groups in the Directory Browser. +:::note +You can view only Organizational units (OU) and Groups in the Directory Browser. +::: + ![From the Directory Browser section, you can select the entities that need to be synced.](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/directorybrowser.webp) @@ -53,7 +59,7 @@ You can create and manage connections from the Directory Services, Microsoft Ent section, Groups from the Microsoft Entra ID will have their users synchronized with the Endpoint Protector Server. Group membership will be retrieved recursively by the API platform itself. -Example +**Example** - Group 1 - User 1, User 2, User 3 - Group 2 - Group 1, User 4 @@ -87,7 +93,10 @@ left side, then on New Registration. **Step 5 –** On the Supported account type select **Default Directory**. -**CAUTION:** Do not fill in the Redirect URI field! +:::warning +Do not fill in the Redirect URI field! +::: + **Step 6 –** Click **Register**. @@ -126,7 +135,10 @@ API. **Step 5 –** Take note of the Secret ID value and make sure to copy it to the clipboard and also to store it safely because it will be needed further on. -**NOTE:** Notice that when navigating back, the secret ID will be hidden. +:::note +Notice that when navigating back, the secret ID will be hidden. +::: + ![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfive.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/ed_module/edmodule.md b/docs/endpointprotector/5.9.4.2/admin/ed_module/edmodule.md index 3df053111a..ee6bf0fc18 100644 --- a/docs/endpointprotector/5.9.4.2/admin/ed_module/edmodule.md +++ b/docs/endpointprotector/5.9.4.2/admin/ed_module/edmodule.md @@ -24,11 +24,17 @@ eDiscovery comes as the third level of data protection available in Endpoint Pro is displayed but requires a simple activation by pressing the Enable button. If not previously provided, the contact details of the Main Administrator will be required. -**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured +:::note +Any details provided will only be used to ensure the Live Update Server is configured correctly and that the eDiscovery module was enabled successfully. +::: -**CAUTION:** The eDiscovery module is separate from Device Control or Content Aware Protection + +:::warning +The eDiscovery module is separate from Device Control or Content Aware Protection modules, and requires separate licensing. +::: + ![eDiscovery Activation](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/activation.webp) @@ -52,7 +58,10 @@ An eDiscovery Policy is made up of five main elements: - Policy Allowlists – the content that can be ignored - Entities – the departments, groups, or computers it applies to -**NOTE:** Once the eDiscovery Policies are created, select the type of eDiscovery Scan. +:::note +Once the eDiscovery Policies are created, select the type of eDiscovery Scan. +::: + eDiscovery Scans are sets of rules for Policies, defining when to start the data discovery. There are several types of scans: @@ -74,8 +83,11 @@ be done by using: - Stop scan: stops the scan (but does not affect the logs) - Stop scan and clear scan: stops the scan and clears the logs -**NOTE:** Use Global Stop and Clear in situations where all the eDiscovery Scans need to be stopped +:::note +Use Global Stop and Clear in situations where all the eDiscovery Scans need to be stopped and all the Logs cleared. +::: + ### Creating an eDiscovery Policy and Scan @@ -110,10 +122,13 @@ For detailed information on Denylists and Allowlist, refer to the After the eDiscovery Policy has been created, Scanning Actions can be assigned. These include Start clean scan, Start incremental scan, Stop scan, and Clear logs. -**NOTE:** Exactly like Content Aware Protection Policies, the eDiscovery Policies and Scans continue +:::note +Exactly like Content Aware Protection Policies, the eDiscovery Policies and Scans continue to detect sensitive data stored on protected computers even after they are disconnected from the company network. Logs will be saved within the Endpoint Protector Client and will be sent to the Server once the connection has been reestablished. +::: + ## eDiscovery Scan Result and Actions diff --git a/docs/endpointprotector/5.9.4.2/admin/ee_module/eemodule.md b/docs/endpointprotector/5.9.4.2/admin/ee_module/eemodule.md index b6fd57ba8f..21424c27f5 100644 --- a/docs/endpointprotector/5.9.4.2/admin/ee_module/eemodule.md +++ b/docs/endpointprotector/5.9.4.2/admin/ee_module/eemodule.md @@ -20,14 +20,20 @@ configured or via a Master Password set by the Endpoint Protector administrator can be opened by any user only after it is decrypted, therefore requiring the user to copy the information out of Enforced Encryption. -**CAUTION:** Enforced Encryption is not compatible with devices that have a write-protection +:::warning +Enforced Encryption is not compatible with devices that have a write-protection mechanism in place, preventing the modification or deletion of data. The write-protection mechanism can be enforced using a hardware component (for example a switch on the USB device) or a software component. +::: -**NOTE:** While Endpoint Protector can detect any Enforced Encryption USB encrypted device as a + +:::note +While Endpoint Protector can detect any Enforced Encryption USB encrypted device as a Trusted Device™ Level 1, to use the Enforced Encryption feature, a specific Enforced Encryption version must be used. This is available for the Endpoint Protector User Interface. +::: + Enforced Encryption works on read-only mode if the device was formatted on Windows, the Enforced Encryption configured on Windows or some files were encrypted on Windows. On macOS, these files can be @@ -49,15 +55,21 @@ executed from the root of the device. Due to extended security features for manu Enforced Encryption will have to be redownloaded from the Endpoint Protector interface each time it will be used to encrypt a new USB storage device. -**NOTE:** Starting with Endpoint Protector 5.2.0.0, manual deployment can also be made by the user +:::note +Starting with Endpoint Protector 5.2.0.0, manual deployment can also be made by the user if the device is set on Allow Access, by pressing the small USB icon- Encrypt Device with Enforced Encryption. +::: + Both Enforced Encryption deployments are straightforward and require the user only to configure a password. -**NOTE:** On Macs, USB storage devices with multiple partitions are not supported by Enforced +:::note +On Macs, USB storage devices with multiple partitions are not supported by Enforced Encryption and Trusted Device™ Level 1. +::: + ## Enforced Encryption Settings @@ -101,8 +113,11 @@ Protector Client is present and the File Shadowing option is enabled on the comp events occur – through the Device Control module. This is a real-time event and no shadowing information is stored on the device at any given time. -**NOTE:** Enabling global File Tracing will not automatically activate the File Tracing option on +:::note +Enabling global File Tracing will not automatically activate the File Tracing option on Enforced Encryption Trusted Device™ and vice versa. +::: + ### Enforced Encryption Clients @@ -141,8 +156,11 @@ be unusable. There are four levels of security for Trusted Device™: will be automatically deployed on USB storage devices plugged into computers where the Endpoint ProtectorEndpoint Protector Client is present. -**NOTE:** If a Trusted Device™ Level 1 right is enabled and a Trusted Device™ level 2, 3 or 4 is +:::note +If a Trusted Device™ Level 1 right is enabled and a Trusted Device™ level 2, 3 or 4 is connected, the right will apply accordingly. +::: + The table below provides a list of Trusted Device™: diff --git a/docs/endpointprotector/5.9.4.2/admin/otpassword.md b/docs/endpointprotector/5.9.4.2/admin/otpassword.md index 22b9f03883..345562e232 100644 --- a/docs/endpointprotector/5.9.4.2/admin/otpassword.md +++ b/docs/endpointprotector/5.9.4.2/admin/otpassword.md @@ -43,9 +43,12 @@ Code will be valid for that specific amount of time, starting with the moment i only thing to consider is that the Offline Temporary Password Code needs to be redeemed the same day it was generated. -**NOTE:** The Universal Offline Temporary Password feature can also be turned on. If enabled, it can +:::note +The Universal Offline Temporary Password feature can also be turned on. If enabled, it can be used by any user, on any computer, for any device or file transfers – it eliminates security restrictions for one hour. It can be used multiple times, by any user that knows it. +::: + The Universal Offline Temporary Password can be made visible only for Super Administrators. If this setting is enabled, Normal and Offline Temporary Password Administrators will not be able to see and @@ -58,9 +61,12 @@ Once an Offline Temporary Password has been authorized, any other rights and set on the Endpoint Protector Server will not take immediate effect. The Offline Temporary Password has to expire and the connection with the Server re-established. -**NOTE:** The Transfer Limit Reset Offline Temporary Password is only available if the feature is +:::note +The Transfer Limit Reset Offline Temporary Password is only available if the feature is enabled. The main purpose of this type of Offline Temporary Password is to re-establish the Server-Client communication before the Transfer Limit Reset Time Interval has expired. +::: + ## Generating the Offline Temporary Password @@ -86,8 +92,11 @@ Once the OTP Code has been generated, it will be displayed on the right side of As it needs to be provided to the person that made the request, Endpoint Protector offers two quick ways of doing this, either by sending a direct e-mail or by printing it out. -**NOTE:** You can edit the Administrator contact information that is displayed to a user from System +:::note +You can edit the Administrator contact information that is displayed to a user from System Configuration, System Settings, as the Main Administrator Contact Details. +::: + Similar to generating an Offline Temporary Password for a specific device, when generating one for all devices or all file transfers, the Computer Name and the Username fields are not both mandatory. The diff --git a/docs/endpointprotector/5.9.4.2/admin/reports.md b/docs/endpointprotector/5.9.4.2/admin/reports.md index 94145ee104..1dce758433 100644 --- a/docs/endpointprotector/5.9.4.2/admin/reports.md +++ b/docs/endpointprotector/5.9.4.2/admin/reports.md @@ -23,8 +23,11 @@ included in this section. Additionally, the main Device Control logs can be view ![Logs Report Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/logsreport.webp) -**NOTE:** Use the Filters option to view and sort different log types and then export the result +:::note +Use the Filters option to view and sort different log types and then export the result list. +::: + ## File Tracing @@ -49,11 +52,14 @@ tracking local transfers or interactions with removable devices and network shar provides a clear overview. It's an essential resource for configuring data protection policies in the Endpoint Protector environment, ensuring strong security and compliance. -**NOTE:** This matrix refers to clients from the 5.9.0.0 release and higher. +:::note +This matrix refers to clients from the 5.9.0.0 release and higher. +::: + Please see the table below for a detailed view of the events. -File Tracing Events Matrix by Direction +**File Tracing Events Matrix by Direction** | Direction | Windows | macOS | Linux | | ------------------------------------ | ---------- | ---------- | ---------- | diff --git a/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md b/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md index dddeff9658..cc857ad60a 100644 --- a/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md +++ b/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md @@ -17,7 +17,7 @@ the TLS protocol. ## Endpoint Protector Client -TLS 1.3 Compatibility +**TLS 1.3 Compatibility** | OS | Older version | Newer version | Endpoint Protector Client Features | | ------- | ---------------------------------------------------------------- | ---------------------------------------------- | --------------------------------------------------------------------------------- | @@ -27,7 +27,7 @@ TLS 1.3 Compatibility ## Endpoint Protector Server -TLS 1.3 Compatibility +**TLS 1.3 Compatibility** | Older than 5.7.0.0 | | | ------------------------- | -------------------------------------------------------------------------------------------------- | diff --git a/docs/endpointprotector/5.9.4.2/admin/serverlogin.md b/docs/endpointprotector/5.9.4.2/admin/serverlogin.md index 9f6faeddce..a79d8613ff 100644 --- a/docs/endpointprotector/5.9.4.2/admin/serverlogin.md +++ b/docs/endpointprotector/5.9.4.2/admin/serverlogin.md @@ -19,7 +19,10 @@ password. If you are logging in for the first time, use the default credentials: - Username: root - Password: epp2011 -**NOTE:** Please ensure to update your login credentials after the first login to enhance security. +:::note +Please ensure to update your login credentials after the first login to enhance security. +::: + ![ Input your assigned username and password to log in to the Server](/img/product_docs/endpointprotector/5.9.4.2/admin/serverlogin.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md index c5e0e38094..7aa95e513c 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md @@ -20,12 +20,12 @@ From this section you can view, create, manage and delete administrators. To create a new Administrator, under the table with existing administrators, click Create and then provide the following information: -Administrator Details +**Administrator Details** - Add the username and password, email, first and last name, phone number and then select the UI language -Account Settings +**Account Settings** - Account is active – manage the account status - Login Attempt Restrictions – enforce a 5 to 10 minutes timeout for 5 to 10 unsuccessful login @@ -34,8 +34,11 @@ Account Settings - Require password change at next login – request the administrator to change password at first login; once the password is changed, this setting is automatically disabled. -**CAUTION:** The Require password change at next login setting is ignored in the following +:::warning +The Require password change at next login setting is ignored in the following situations: +::: + 1. When the Enforce all administrator password security at next login setting is also enabled from System Configuration, System Security, then Require password change at next login is ignored and @@ -47,7 +50,7 @@ situations: - Schedule Exports Alert – receive alerts on any scheduled exports - Ignore AD Authentication – allow using AD credentials to login Endpoint Protector -Super Administrator Details +**Super Administrator Details** - Super Administrator – enable this section to grant the Administrator access to all Departments and Endpoint Protector sections @@ -119,7 +122,10 @@ To create a new Administrators Group, click Create and then provide the followin - Name – add a name for the new Administrators Group - Roles – select one or more roles from the list -**CAUTION:** The Read Only role cannot be combined with any other roles! +:::warning +The Read Only role cannot be combined with any other roles! +::: + - Description – add a description of the new Administrators Group - Select Administrators – add one or more Administrators to this group @@ -127,8 +133,11 @@ To create a new Administrators Group, click Create and then provide the followin You can also add Administrators to an Administrator Group when creating an Administrator from System Configuration, Systems Administrators section, on the Managed Administrators Groups field. -**NOTE:** The Support section will always be available in Endpoint Protector regardless of the role +:::note +The Support section will always be available in Endpoint Protector regardless of the role you assign to the Administrator Group. +::: + ![Administrators Groups](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/administratorsgroups.webp) @@ -145,9 +154,12 @@ Within the Endpoint Protector, there are several different user roles, each with permissions. The Super Administrator role is the most powerful and has access to all features, whilst other roles have more restricted access based on their job tasks. -**NOTE:** Each of the aforementioned roles can be assigned to a department. When in read-only mode, +:::note +Each of the aforementioned roles can be assigned to a department. When in read-only mode, users are only given viewing options. This guarantees that they can obtain essential information but are unable to alter the system. +::: + ## Two Factor Authentication @@ -176,15 +188,21 @@ The functionality becomes useful mainly in large installations, with a high numb and, where strict regulatory compliance rules are in place. Under these circumstances, departments can be created, allowing each Normal Administrators to only manage their own entities. -**CAUTION:** This functionality should not be confused with Groups of computers and users, nor with +:::warning +This functionality should not be confused with Groups of computers and users, nor with administrators’ roles. +::: + ![System Departments](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemdepartments.webp) To create a new department click Create and then provide a name, description and unique code. -**NOTE:** If you provide a wrong department code or none at all, the department code is considered +:::note +If you provide a wrong department code or none at all, the department code is considered invalid and that computer will be assigned to the default department (defdep). +::: + ![Create a new department click Create and then provide a name, description and unique code](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/newdepartment.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md index 2b03c318ce..8bb1a13459 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md @@ -16,7 +16,10 @@ reliability of the Endpoint Protector solution. From this section, you can download and install the Endpoint Protector Client corresponding to your operating system. -**NOTE:** The Server and Client communicate through port 443. +:::note +The Server and Client communicate through port 443. +::: + When using a custom WebUI port, please contact [Netwrix Support](https://www.netwrix.com/support.html) to assist in configuring the Nginx @@ -25,8 +28,11 @@ configuration file. The Windows Client installers allow the option to download the package with or without add-ons. This option fixes any incompatibility that may arise between Endpoint Protector and the specific solutions. -**CAUTION:** Only the latest Endpoint Protector Clients are available for download. You cannot set +:::warning +Only the latest Endpoint Protector Clients are available for download. You cannot set another default Endpoint Protector Client version from the Client Software Upgrade section. +::: + To improve the Endpoint Protector installation process, use the Endpoint Protector tool that allows you to run installation-related actions, identify your current Linux distribution, and view Endpoint @@ -39,13 +45,19 @@ Use the following commands: - rn - release notes - l - distribution list -**NOTE:** Contact Customer Support to provide the tool as well as assistance. +:::note +Contact Customer Support to provide the tool as well as assistance. +::: + ![Download and install the Endpoint Protector Client corresponding to your operating system](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/clientsoftware.webp) -**NOTE:** Endpoint Protector Client versions are displayed in the format X.X.X.XXXX on endpoints. +:::note +Endpoint Protector Client versions are displayed in the format X.X.X.XXXX on endpoints. This version will be saved in the Endpoint Protector Server database, although the web console will truncate the last 3 digits. +::: + ### Bypass Proxy Settings @@ -53,7 +65,7 @@ You have the ability to bypass proxy settings for all operating systems. #### Windows and macOS -Endpoint Protector Wizard Installer +**Endpoint Protector Wizard Installer** Select the option to **Use Manual Proxy Settings** from the Endpoint Protector Wizard installer and then provide the following information: @@ -64,7 +76,7 @@ then provide the following information: - Username – add proxy server username - Password – add proxy server password -CLI commands +**CLI commands** You can also apply manual proxy settings using CLI commands: @@ -90,8 +102,11 @@ You can also use CLI Commands below to install Endpoint Protector Client in spec - SUPPRESSRD – suppress FileRead/FileDelete events for NS and Removable devices - DISABLECAP – disabling loading of CAP drivers (CAP will not work) -**NOTE:** For macOS, please contact the Netwrix Support team to obtain the latest version of the +:::note +For macOS, please contact the Netwrix Support team to obtain the latest version of the installer script, which allows customization of installation parameters. +::: + #### Linux @@ -121,7 +136,7 @@ follow these steps: **Step 6 –** For the first proxy setup, EPPCLIENT_HTTPS_PROXY, add the proxy server information in the address:port:user:password format. -Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password +**Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password** **Step 7 –** Save the changes, and then run the installation without having a VPN connection: @@ -138,19 +153,28 @@ From this section, you can upgrade the Endpoint Protector Client and manage the Client Software Upgrade feature is only available for Windows and macOS Clients. To upgrade your Linux Clients, submit a request using the[online form](https://www.endpointprotector.com/linux). -**NOTE:** When updating your operating system to the latest macOS Ventura, eppclient.log and +:::note +When updating your operating system to the latest macOS Ventura, eppclient.log and eppsslsplit.log will be deleted from private/var/log. +::: + -**CAUTION:** The feature is not compatible for Endpoint Protector instances that are running on +:::warning +The feature is not compatible for Endpoint Protector instances that are running on 32-bit versions of Windows. +::: + ![Client Software Upgrade](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/clientsoftwareupgrade.webp) -**NOTE:** Endpoint Protector Client versions are displayed in the format X.X.X.XXXX on endpoints. +:::note +Endpoint Protector Client versions are displayed in the format X.X.X.XXXX on endpoints. This version will be saved in the Endpoint Protector Server database, although the web console will truncate the last 3 digits. In case Endpoint Protector Client versions are identical (first 4-digits), Endpoint Protector Server will still compare the full version number against each other, identifying the most recent version. +::: + ### Create New Upgrade Job @@ -164,19 +188,25 @@ steps: **Step 2 –** Select the groups and/or computers to perform or exclude from the upgrade and then click **Next**. You will view a summary of your selection above the table with endpoints. -**NOTE:** Only computers that use the operating system you previously selected will be upgraded. If +:::note +Only computers that use the operating system you previously selected will be upgraded. If you selected a group that has an endpoint using a different operating system, it will not be upgraded. If you selected a mixed group, with both computers and users, only the computers will be upgraded. +::: + ![Select the groups and/or computers to perform or exclude from the upgrade](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/selectendpointsupgrade.webp) **Step 3 –** Edit the default job title, add a description and confirm the upgrade job details by clicking **Start Upgrade job**. You will view the upgrade as an entry on the Upgrade jobs section. -**NOTE:** The upgrade process for the Endpoint Protector Client is impacted by a dedicated cron. +:::note +The upgrade process for the Endpoint Protector Client is impacted by a dedicated cron. Running every 5 minutes, the cron sets the upgrade process status to Pending and every 15 minutes checks and updates process status to Completed or Completed with failures. +::: + ![Edit the default job title, add a description and confirm the upgrade job details](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/upgradejobdetails.webp) @@ -188,8 +218,11 @@ cancel, pause, retry, archive or delete an entry on the list. To continue upgrading canceled Client Upgrade jobs, use the **Retry** option from the Actions column. -**NOTE:** If you deleted or archived a Client Upgrade job, then the endpoints become available for +:::note +If you deleted or archived a Client Upgrade job, then the endpoints become available for selection in other jobs. +::: + ![Manage Upgrade Jobs](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/manageupgradejobs.webp) @@ -207,9 +240,12 @@ The uninstall command can be canceled if it was not already executed. ![Client Uninstall](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/clientuninstall.webp) -**NOTE:** If the server and Endpoint Protector client can't communicate due to missing server +:::note +If the server and Endpoint Protector client can't communicate due to missing server certification validation (when the certification validation setting is enabled), uninstall commands can't be executed from the Endpoint Protector Server. In such cases, if you're unable to manually install the certificate on the Endpoint Protector Client computer, you can temporarily disable the certification validation setting on the Endpoint Protector Server and synchronize the Endpoint Protector Client to retrieve an uninstall command. + +::: diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md index 77d79fd0e8..9e4612bc10 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md @@ -19,8 +19,11 @@ The Single Sign On section includes the following: Protector Super Administrator is allowed. This will bypass Azure Single Sign On login in the situation when it stops working. To view the URL, enable the Display Failover Login URL setting. -**NOTE:** You can provide Super Administrator status to all imported users by enabling the Import +:::note +You can provide Super Administrator status to all imported users by enabling the Import users as super administrators setting. +::: + - Service Provider represents the identity of the Endpoint Protector Server. The information is required when configuring the Endpoint Protector application in Azure. Select if the login is based diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md index 9d12001b39..c0b01f61be 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md @@ -29,8 +29,11 @@ will be selected by default. After the above steps have been completed, a Single Sign On subsection is displayed in the System Configuration section. -**NOTE:** The Failover Login User you selected cannot be deleted from Endpoint Protector Server +:::note +The Failover Login User you selected cannot be deleted from Endpoint Protector Server while it is selected. Single Sign On cannot be activated without a Failover Login User. +::: + **Step 3 –** Select the **Provider** to view Single Sign On subsections. diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md index c87c77eaf3..5b60ffa0f6 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md @@ -13,10 +13,13 @@ flexible license management. ![System Licensing](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.webp) -**NOTE:** As of Endpoint Protector Version 5.9.0.0, a new subscription-based licensing system has +:::note +As of Endpoint Protector Version 5.9.0.0, a new subscription-based licensing system has been introduced. This change removes the licensing restrictions on Premium features, granting unrestricted access to features like Contextual Detection for all customers. This adjustment aligns with the revised licensing model, categorizing all features as standard and accessible to all users. +::: + Endpoint Protector Licensing is based on two main aspects: @@ -68,7 +71,10 @@ including a checkbox for "Serial Number" (defaulted to 'show'). This resolves is computer names and facilitates more effective management via Serial Number integration, reinforced by MachineUUIDs. -**NOTE:** If a computer's Serial Number is absent, it will be substituted with MachineUUID to ensure +:::note +If a computer's Serial Number is absent, it will be substituted with MachineUUID to ensure endpoint machine reliability, now featuring in the license page column across all OS platforms. +::: + ![Licensing Table](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/licensingtable.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md index 78d0217018..4989305a44 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md @@ -18,8 +18,11 @@ Additionally, you can set password expiration policies. From this section, you can set a password that will be required when the user performs an Endpoint Protector Client uninstall action. -**NOTE:** At the top of the page, you will view a message informing you if a password is set for +:::note +At the top of the page, you will view a message informing you if a password is set for this action. +::: + ![Security Password for Uninstall Protection](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/uninstallprotectionone.webp) @@ -38,8 +41,11 @@ the **Restrict Sensitive Data Access only to super administrators** checkbox. From this section, you can set a password for sensitive data to provide additional security. -**NOTE:** At the top of the page, you will view a message informing you if a password is set for +:::note +At the top of the page, you will view a message informing you if a password is set for this action. +::: + ![Additional Security Password for Sensitive Data Protection](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/passwordsensitivedataprotectionone.webp) @@ -57,25 +63,37 @@ your changes to add an extra layer of security, for a more secure and controlled ![Backend Console Setup Password](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/backendconsolesetuppassword.webp) -**CAUTION:** This feature is designed for Ubuntu 22. With backend password settings enabled and +:::warning +This feature is designed for Ubuntu 22. With backend password settings enabled and applied: +::: + - On Ubuntu 14 and Ubuntu 18, pressing 'Exit' refreshes the menu without requiring the password again. - On Ubuntu 22, pressing 'Exit' prompts for the password again. -**NOTE:** To enforce password protection, a reboot of the Endpoint Protector Server appliance is +:::note +To enforce password protection, a reboot of the Endpoint Protector Server appliance is required. Please be aware of this when changing passwords. +::: + + +:::note +ASCII character set is supported for passwords. +::: -**NOTE:** ASCII character set is supported for passwords. ## Security Password for System Administrator From this section, you can require all administrators to use their security password at the next login session. -**NOTE:** Once you have enabled the “Enforce all administrator password security at next login” +:::note +Once you have enabled the “Enforce all administrator password security at next login” setting, the feature cannot be disabled. +::: + If enabled, only complex passwords can be defined, complying with the below rules: @@ -83,9 +101,12 @@ If enabled, only complex passwords can be defined, complying with the below rul - must contain small and capital letters, numbers and special characters - consecutive characters and numbers in ascending order cannot be used -**CAUTION:** The Enforce all administrator password security at next login setting will have +:::warning +The Enforce all administrator password security at next login setting will have priority over Advanced User Password Settings as this setting also applies to non-admin, such as Reporter, Read-only users, etc. +::: + ![Security Password for System Administrator](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/securitypasswordsystemadministrator.webp) @@ -109,7 +130,10 @@ If you enforce a password that expires, provide the following information: These are mandatory requirements when creating a new Administrator from the System Administrators section. -**CAUTION:** After you provide all information for the Advanced User Password Settings section, all +:::warning +After you provide all information for the Advanced User Password Settings section, all users are required to change their passwords at the next login, not only admins. +::: + ![Advanced User Password Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/advanceduserpasswordsettings.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md index 5bb4c6ebf7..add0b4d6ef 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md @@ -16,7 +16,10 @@ protocols, user access, and integrations to meet your organization’s needs. Select an option to grant access for clients based on the Department Code. You can also view the Default Department code - defdep. -**NOTE:** See the System Settings topic for additional information. +:::note +See the System Settings topic for additional information. +::: + ![Department Usage](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/departmentusage.webp) @@ -53,8 +56,11 @@ or computer rights. Manage settings related to Smart Groups, Default Groups for Computers or Users. -**NOTE:** Smart Groups are dynamic groups for which membership can be defined based on element name +:::note +Smart Groups are dynamic groups for which membership can be defined based on element name pattern. +::: + - Enable Smart Groups – when this setting is disabled, it will convert Smart Groups to regular groups with no entities assigned and will remove the Default Group for Computers and the Default @@ -62,12 +68,18 @@ pattern. - Enable Default Group for Computers – this will create a default group for computers containing all computers that are not part of a Smart Group. -**NOTE:** By disabling this setting, you will delete the Default Group for Computers. +:::note +By disabling this setting, you will delete the Default Group for Computers. +::: + - Enable Default Group for Users – this will create a default group for users containing all users that are not part of a Smart Group. -**NOTE:** By disabling this setting, you will delete the Default Group for Users. +:::note +By disabling this setting, you will delete the Default Group for Users. +::: + ![Smart Groups](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/smartgroups.webp) @@ -80,8 +92,11 @@ and port. - Use custom port: Specify a custom port for generating the client update download link, instead of using the default port 443. -**NOTE:** Note: Ensure that your specified hostname and port settings comply with your network +:::note +Note: Ensure that your specified hostname and port settings comply with your network policies and any security requirements. +::: + ![Client Update Mechanism](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/clientupdatemechanism.webp) @@ -103,8 +118,11 @@ Manage the following log settings: - Set the Maximum number of rows in millions to export the Logs Report in .csv format. -**NOTE:** By setting the maximum number of rows to 1.0, you will export 1 million logs in the Logs +:::note +By setting the maximum number of rows to 1.0, you will export 1 million logs in the Logs Report .csv export as one row corresponds with one log. +::: + When having partitions for logs on the server, make sure the dates are also selected when making the export. @@ -112,15 +130,21 @@ export. - Reporting V2 – enabled by default, use this setting to modify the Content Aware Report log structure and display information in Destination details, Email sender, and Email subject columns. -**NOTE:** For Endpoint Protector Server versions older than 5.7.0.0, the Reporting V2 setting is not +:::note +For Endpoint Protector Server versions older than 5.7.0.0, the Reporting V2 setting is not enabled by default. +::: + The structure enabled by this setting will also be reflected in SIEM. - **NOTE:** Set the Maximum number of reported threats per event that will be displayed in the Content Aware Report log structure, the expanded Log Details section, on the Count column. -**NOTE:** You can set a number of reported threats between 100 and 1000. +:::note +You can set a number of reported threats between 100 and 1000. +::: + ![Log Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/logsettings.webp) @@ -159,12 +183,18 @@ Enable the Ignore Thresholds setting to allow Endpoint Protector to log all sens from scanned files from 1 to 100 000 threats limit set in the Maximum number of reported threats field, for the Content Aware Protection Block policies applied. -**NOTE:** This will increase the amount of logging and potentially affect client and server +:::note +This will increase the amount of logging and potentially affect client and server performance. +::: -**CAUTION:** The Limit Reporting Content Aware Protection setting has priority over Ignore + +:::warning +The Limit Reporting Content Aware Protection setting has priority over Ignore Thresholds setting. If Limit Reporting Content Aware Protection is enabled, the reporting will stop when the threshold is reached. +::: + The maximum number of reported threats will be automatically modified as follows: @@ -196,7 +226,7 @@ below) is met with one or more matches per identifier. Eg. ( E-mail AND SSN US) OR CC Visa -Example - Scenario 1 +**Example - Scenario 1** - Content Aware Protection Policy: @@ -225,8 +255,11 @@ Protector Server - or 1 E-mail + 3 SSN US + 6 CC Visa - Etc. -**NOTE:** Identifiers which are not part of the Boolean logic in a Content Aware Protection policy +:::note +Identifiers which are not part of the Boolean logic in a Content Aware Protection policy will not be reported! +::: + Generally, a Content Aware Protection policy (Block & Report) will trigger when the Boolean logic of the policy is satisfied. However, with ‘Ignore Thresholds’ enabled and with 1+ ‘AND’ operator(s) in @@ -247,7 +280,7 @@ DEVICE CONTROL - Global Settings) is disabled, the scan engine will continue the entire file is scanned, but will only report 10 threats, set with ‘Maximum number of reported threats’ under ‘Ignore Thresholds’. -Example - Scenario 2 +**Example - Scenario 2** - Content Aware Protection Policy: @@ -295,7 +328,7 @@ DEVICE CONTROL - Global Settings) is disabled, the scan engine will continue the entire file is scanned, but will only report 4 threats, set with ‘Maximum number of reported threats’ under ‘Ignore Thresholds’. -Example - Scenario 3 +**Example - Scenario 3** - Content Aware Protection Policy: @@ -335,7 +368,7 @@ scan engine will consider the ‘Maximum number of reported threats’ under ‘ “Limit Reporting” (under DEVICE CONTROL - Global Settings) is disabled. Reporting stops when 10 threats are found. -Example - Scenario 4 +**Example - Scenario 4** - Content Aware Protection Policy: @@ -401,14 +434,23 @@ Certificate Stack**. The Server certificate will be regenerated in a couple of minutes, and the user will be logged out. -**NOTE:** Please download the Deep Packet Inspection certificate again on both macOS and Linux, and +:::note +Please download the Deep Packet Inspection certificate again on both macOS and Linux, and ensure that it is trusted in the respective keychain on each system. +::: + -**NOTE:** Regenerating the CA certificate requires manually adding it to the macOS keychain, as well +:::note +Regenerating the CA certificate requires manually adding it to the macOS keychain, as well as to Linux systems. +::: + -**CAUTION:** Do not use this setting if no instance of macOS 12.0 (or higher) is registered on the +:::warning +Do not use this setting if no instance of macOS 12.0 (or higher) is registered on the Endpoint Protector server. +::: + ![Server Certificate Stack](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/servercertstack.webp) @@ -419,15 +461,21 @@ Login User** to use when single sign on is not functional. ![Single Sign On](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon.webp) -**NOTE:** See the [Single Sign On](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md) topic for additional information. +:::note +See the [Single Sign On](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md) topic for additional information. +::: + ## Active Directory Authentication Enable the **Active Directory Authentication** setting to import an Active Directory group of administrators into Endpoint Protector as Super Administrators. -**NOTE:** By enabling the Active Directory Authentication, you allow the administrators to use their +:::note +By enabling the Active Directory Authentication, you allow the administrators to use their Active Directory credentials to log into Endpoint Protector. +::: + To import an Active Directory group of administrators, follow these steps: @@ -445,10 +493,13 @@ confirm the process was successful. **Step 4 –** Click **Sync AD Administrators**. -**CAUTION:** Once the Active Directory Administrators Group has been defined, only users that are +:::warning +Once the Active Directory Administrators Group has been defined, only users that are part of this AD group will be synced and imported as Super Administrators for Endpoint Protector. Any additional administrators (with different access control levels) can be created manually from the System Administrators section. +::: + ![Active Directory Authentication](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/activedirectoryauthentication.webp) @@ -458,7 +509,10 @@ the System Administrators section. Manage Email server settings based on the email type you use - native or SMTP. -**NOTE:** To enable this feature, you need an Internet connection. +:::note +To enable this feature, you need an Internet connection. +::: + Manage email server settings based on your email type—native or SMTP, with support for TLS 1.3. @@ -477,8 +531,11 @@ Configure Proxy server settings by managing the following: Once you provide all the information, click Test to confirm the settings are working successfully. -**NOTE:** If a Proxy Server is not configured, Endpoint Protector will connect directly to +:::note +If a Proxy Server is not configured, Endpoint Protector will connect directly to liveupdate.endpointprotector.com. +::: + ![Proxy Server Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemconfiguration/proxyserversettings.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md b/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md index f1b36ee859..343e704309 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md @@ -11,7 +11,10 @@ Interface from the assigned IP address. The default Endpoint Protector Appliance IP address is https://192.168.0.201 -**NOTE:** Always use the IP address with HTTPS (Hypertext Transfer Protocol Secure). +:::note +Always use the IP address with HTTPS (Hypertext Transfer Protocol Secure). +::: + Use the default login credentials for the root account. To obtain the password, submit a support ticket through the @@ -36,8 +39,11 @@ As an additional security measure, a session timeout is implemented for 300 seco inactivity. If you are not active for this amount of time, you are notified the session will expire and logged out unless you select to continue the session. -**NOTE:** You can customize the session timeout and timeout counter from the +:::note +You can customize the session timeout and timeout counter from the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic. +::: + ![The Configuration Wizard provides you with several steps to define basic settings](/img/product_docs/endpointprotector/5.9.4.2/admin/dashboard/configwizard.webp) @@ -65,8 +71,11 @@ modules (Device Control, Content Aware Protection, or eDiscovery). From the System Status subsection, you can enable the HDD Disk Space and Log Rotation. -**NOTE:** If this setting is enabled, when the Server’s disk space reaches a certain percentage +:::note +If this setting is enabled, when the Server’s disk space reaches a certain percentage (starting from 50% up to 90%), old logs will be automatically overwritten by the new ones. +::: + ![Enable the HDD Disk Space and Log Rotation.](/img/product_docs/endpointprotector/5.9.4.2/admin/dashboard/diskspace.webp) @@ -84,8 +93,11 @@ From the System Backup subsection, you can enable the System Backup. From this section, you can check and apply the latest security and Endpoint Protector Server updates. -**NOTE:** This feature communicates through port 80. Whitelist the liveupdate.endpointprotector.com +:::note +This feature communicates through port 80. Whitelist the liveupdate.endpointprotector.com (IP: 178.63.3.86) domain. +::: + ![Check and apply the latest security and Server updates](/img/product_docs/endpointprotector/5.9.4.2/admin/dashboard/liveupdate.webp) @@ -110,25 +122,37 @@ update** and then use the calendar to select the date and confirm your selectio Use the Offline Patch upload option to select the offline patches from your computer and successively install them to the latest Endpoint Protector version. -**NOTE:** To request the Offline Patch, submit a support ticket through the +:::note +To request the Offline Patch, submit a support ticket through the [Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html). +::: + ![Select the offline patches from your computer and successively install them to the latest](/img/product_docs/endpointprotector/5.9.4.2/admin/dashboard/offlinepatch.webp) -**CAUTION:** Before upgrading your Endpoint Protector server to the 5.7.0.0 server version from a +:::warning +Before upgrading your Endpoint Protector server to the 5.7.0.0 server version from a pre-5206 version and adjacent OS image, you need to enable database partitions. For assistance, submit a support ticket through the [Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).[](https://support.endpointprotector.com/hc/en-us/requests/new) +::: + ### Security Updates You can use this section to check and apply different types of security updates, view information on recent updates checked or installed, and a list of updates available. -**NOTE:** The security update options will only be available for customer-hosted instances (e.g. +:::note +The security update options will only be available for customer-hosted instances (e.g. AWS, Goggle, etc.) with the exception for Operating System and Kernel upgrades. +::: + + +:::note +Updates are not tested beforehand but are pulled from the official Linux repository. +::: -**NOTE:** Updates are not tested beforehand but are pulled from the official Linux repository. To ensure the updates will not harm the system, follow these actions: @@ -147,11 +171,17 @@ If there are updates available, click **Apply Updates**. ![Applying Backend Security Updates](/img/product_docs/endpointprotector/5.9.4.2/admin/dashboard/backendsecurityupdates.webp) -**NOTE:** For history of applied Backend Updates go to admin action report and choose **Apply +:::note +For history of applied Backend Updates go to admin action report and choose **Apply Updates** under Activity filter. +::: -**NOTE:** Due to patching nature, some updates may automatically restart the Endpoint Protector + +:::note +Due to patching nature, some updates may automatically restart the Endpoint Protector server or other sub-services in the background +::: + ## Effective Rights diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md index 885f89820d..0daaec1765 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md @@ -27,13 +27,19 @@ To view the list of current backups, go to **System Maintenance** > **System Ba To restore the system to an earlier state, click **Restore** next to the entry and then confirm your action. -**CAUTION:** Once deleted, a backup cannot be recovered. +:::warning +Once deleted, a backup cannot be recovered. +::: + The Download button will prompt you to save the **.eppb backup file** on the local drive. It is recommended to keep a good record of where these files are saved. -**CAUTION:** When using the Restore Backup feature, we recommend requesting assistance from customer +:::warning +When using the Restore Backup feature, we recommend requesting assistance from customer support. +::: + ![Allows you to make complete system backups](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/createsystembackup.webp) @@ -44,8 +50,11 @@ On the Make Backup section, you have the following options: - Save the Application sources – the backup will contain files such as the Endpoint Protector clients and others related to the proper functioning of the server -**NOTE:** The System Backup will not contain nor preserve the IP Address, File Shadowing copies or +:::note +The System Backup will not contain nor preserve the IP Address, File Shadowing copies or the Temporary Logs Files. +::: + The second section, Status, returns the state of the system. If a backup creation is in progress, it will be reported as seen below. @@ -58,9 +67,12 @@ done. The next menu, Upload, allows you to populate the backup list with .eppb files from the local filesystem. This functionality is useful in cases of server migration or crash recovery. -**_RECOMMENDED:_** Endpoint Protector Backup Files (.eppb) larger than 200 MB can only be uploaded +:::info +Endpoint Protector Backup Files (.eppb) larger than 200 MB can only be uploaded from the console of the appliance. We recommend that you contact Customer Support when a created .eppb file exceeds this 200 MB limit. +::: + ![Upload System Backup](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/uploadsystembackup.webp) @@ -68,7 +80,10 @@ From this section, you can schedule an automatic backup routine by setting a tri System Backup time interval. The routine can be set to run daily, weekly, monthly and so forth. The Scheduler will also prompt the administrator with the Last Automatic System Backup reminder. -**_RECOMMENDED:_** A scheduled routine is recommended in order to prevent unwanted loss. +:::info +A scheduled routine is recommended in order to prevent unwanted loss. +::: + ![Schedule an automatic backup routine](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/availablebackups.webp) @@ -98,9 +113,12 @@ An example is shown below: From this section, you can migrate the database (entities, rights, settings, policies, configurations, etc.) from an older Endpoint Protector Server to a newer one. -**NOTE:** This feature is not intended as a replacement for the System Backup functionality but +:::note +This feature is not intended as a replacement for the System Backup functionality but rather as a migration tool from older Endpoint Protector images to the ones starting with version 5.2.0.6. +::: + The version of the old Server and the new Server will have to be the same. Before starting the migration process, make sure both Servers have the same version (e.g.: update the old server to @@ -109,7 +127,7 @@ migration process, make sure both Servers have the same version (e.g.: update th System Backup v2 does not include logs, Audits or System Backups. If needed, these should be downloaded before proceeding. -Example +**Example** The initial Endpoint Protector deployed was version 4.4.0.7. Over time, updates were applied though the Live Update section, bringing the appliance to Endpoint Protector version 5.2.0.6. While these @@ -127,8 +145,11 @@ You can create a new migration backup from the System Maintenance, System Backup ![Creating a System Backup v2 (Migration)](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/createsystembackupone.webp) -**NOTE:** For security purposes, the System Backup Key will not be stored by the Endpoint Protector. +:::note +For security purposes, the System Backup Key will not be stored by the Endpoint Protector. Before proceeding, make sure it is properly saved. +::: + ![Creating a System Backup v2 (Migration)](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/createsystembackuptwo.webp) @@ -140,8 +161,11 @@ to import and restore the backup on a newer Endpoint Protector Server (e.g.: ver The migration process of a System Backup requires the backup file and System Backup Key. -**NOTE:** If needed, previous System Backups or Audit Log Backups should be downloaded prior to this +:::note +If needed, previous System Backups or Audit Log Backups should be downloaded prior to this step, as they will not be kept in process. +::: + After the Import and Restore (Migration) has been made to the new Appliance, the old Appliance should be turned off. Its IP would then have to be reassigned to the new Appliance in order for the diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md index 0aa33d76f3..c4ab6c53cf 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md @@ -58,9 +58,12 @@ the logs on the Endpoint Protector Server or only have them in the SIEM Server. The System Snapshots module allows you to save all device control rights and settings in the system and restore them later if needed. -**_RECOMMENDED:_** After installing the Endpoint Protector Server, we strongly recommend that you +:::info +After installing the Endpoint Protector Server, we strongly recommend that you create a System Snapshot before modifying anything. In this case, you can revert back to the original settings if you configure the server incorrectly. +::: + Follow the steps to create a system snapshot. diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md index 93b2e48cf1..891084c996 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md @@ -12,8 +12,11 @@ a global level to an externalized location, the File Shadows Repositories. You can create multiple File Shadow Repositories and define how each endpoint manages the File Shadows based on department and repository type. -**NOTE:** In Endpoint Protector, the Department defines a collection of entities with the same +:::note +In Endpoint Protector, the Department defines a collection of entities with the same attributes. It should not be confused with the department from an organizational chart. +::: + Starting with Endpoint Protector Server version 5.8.0.0, file shadowing was made more reliable on macOS and Linux by first relying on OS features to transfer the files. @@ -34,23 +37,35 @@ To create a File Shadow Repository, click **Add** and then provide the following - Repository Type – select the type of repository, FTP, Samba (smbv1), Azure File Storage and Samba (smbv2) or S3 Bucket -**NOTE:** If you select S3 Bucket type, the information required to create a File Shadow Repository +:::note +If you select S3 Bucket type, the information required to create a File Shadow Repository will differ. Read more on S3 Buckets File Shadow Repository in the following section. +::: + -**NOTE:** The minimum permissions required for Samba shares is 750 (case owner has full access and +:::note +The minimum permissions required for Samba shares is 750 (case owner has full access and the Group has only Read and Execute). +::: + - Repository IP Address – add the File Shadow Repository IP address - Port – add the port used by the File Shadow Repository -**NOTE:** You are not required to define the port for Samba (smbv1) or Azure File Storage and Samba +:::note +You are not required to define the port for Samba (smbv1) or Azure File Storage and Samba (smbv2) repositories. +::: + - Folder Path – add the folder path where File Shadows will be saved - Username and Password – add the repository credentials -**NOTE:** If you are using the Samba V1 protocol for File Shadows on Mac, make sure that NTLMv1 +:::note +If you are using the Samba V1 protocol for File Shadows on Mac, make sure that NTLMv1 authorization is set on the Samba server. +::: + ![Enable the Endpoint Protector Client to send File Shadows directly](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/fileshadowrepository.webp) @@ -64,9 +79,12 @@ using the provided credentials. - S3 Bucket Repository (Indirect Artefact Retrieval) – The "Test" button checks key, secret_key, and validates bucket region and name if authentication response was successful. -**NOTE:** The Test Connection for S3 Bucket (Direct Artefact Retrieval), Samba v1, Samba v2, and +:::note +The Test Connection for S3 Bucket (Direct Artefact Retrieval), Samba v1, Samba v2, and Azure File Storage Repository is not supported due to additional 3rd Party requirements, such as IP Whitelisting, smbclient, etc. +::: + This enhancement aims to make the testing process more transparent and efficient for FTP and S3 bucket repositories while considering the specific requirements of each repository type. @@ -94,7 +112,7 @@ information: Select the artifacts retrieval method: -Indirect Artefact Retrieval +**Indirect Artefact Retrieval** This is the recommended and most secure option to retrieve artifacts via the Endpoint Protector Server. @@ -105,9 +123,12 @@ message: "The object object_name does not exist in the S3 Bucket Repository." In file's existence, a subsequent request to AWS is made to obtain a pre-assigned URL for the shadow, which is then used to initiate the shadow download. -**NOTE:** The Endpoint Protector server does not acquire a copy of the shadow at any point during +:::note +The Endpoint Protector server does not acquire a copy of the shadow at any point during this transaction. It only receives confirmation that the shadow exists in the S3 Bucket repository. Users then download the shadows directly from the S3 bucket using a preassigned URL provided by AWS. +::: + You can download or delete an object using SDK, which limits the regions available to the following: @@ -121,15 +142,18 @@ You can download or delete an object using SDK, which limits the regions availab - us-gov1-west-1 - United States GovCloud - fips-us-gov-west-1 - United States GovCloud FIPS 140-2 -Direct Artifact Retrieval +**Direct Artifact Retrieval** This option is dedicated to globally distributed Endpoint Protector deployment. This method will establish a direct connection from the system administrator’s computer to the S3 Bucket Repository and initiate direct artifact download. -**NOTE:** To set up the S3 bucket repository using both the Direct and Indirect methods, +:::note +To set up the S3 bucket repository using both the Direct and Indirect methods, administrators are required to specify the 'Bucket Name' and generate the 'Access Key ID' and 'Secret Access Key' through AWS administration. +::: + To use the direct artifact retrieval method, add the Endpoint Protector Server IP in the S3 Bucket whitelist as detailed below. @@ -139,15 +163,21 @@ and the Content Aware Report page using the Actions column. When a file is uploaded, an External Repository Upload log will be displayed. -**CAUTION:** File shadows contained in the S3 Bucket (File Shadow Repository) will not be included +:::warning +File shadows contained in the S3 Bucket (File Shadow Repository) will not be included in the Audit. +::: + ![S3 Bucket File Shadow Repository](/img/product_docs/endpointprotector/5.9.4.2/admin/systemmaintenance/fileshadowrepositorytwo.webp) -**NOTE:** In the scenario where there may be an unreliable network, the Client will attempt to +:::note +In the scenario where there may be an unreliable network, the Client will attempt to upload the artifact 10 times before the guard-rail will stop upload attempts. This will delete the File Shadow from the queue to ensure endpoint performance, disk space utilization, and mobile transfer limits are not affected. +::: + ### Domain Whitelisting @@ -229,8 +259,11 @@ Explanation: - "Resource" – arn:aws:s3:::your-bucket-name/"" designates the ARN (Amazon Resource Name) of objects in your bucket. Replace "your-bucket-name" with your actual bucket name. - **CAUTION:** It is crucial to append / at the end of the bucket ARN, as the AWS generator does + :::warning + It is crucial to append / at the end of the bucket ARN, as the AWS generator does not include it by default. + ::: + - "Condition" is where you specify the IP address condition. - For the “GetObject” method (Download action from Endpoint Protector) – this method requires the @@ -256,37 +289,37 @@ in the following situations: ### File naming and structure -File name convention +**File name convention** The file names will be uploaded to the S3 Bucket with URLs encoded to avoid issues with special characters. The Endpoint Protector Server will then decode to display the original name. Example: -File name +**File name** ``` canada_&$@=;/+ ,?{^}%`]>[~<#|_山人é口ŏ刀ā木ù日ì月è女ǚ子ĭ馬/马鳥/鸟niǎ目ù水 .txt ``` -File name displayed in AWS S3 Bucket +**File name displayed in AWS S3 Bucket** ln4w7yuqax-dev-client-bucket/2022-11-23/ComputerName/canada*%26%24%40%3D%3B%3 A%2B%20%2C%3F%5C%7B%5E%7D%25%60%5D%3E%5B~%3C%23%7C*%E5%B1%B1%E4%B A%BAe%CC%81%E5%8F%A3o%CC%86%E5%88%80a%CC%84%E6%9C%A8u%CC%80%E6%9 7%A5i%CC%80%E6%9C%88e%CC%80%E5%A5%B3u%CC%88%CC%8C%E5%AD%90i%CC%86 -%E9%A6%AC%3A%E9%A9%AC%E9%B3%A5%3A%E9%B8%9Fnia%CC%8C%E7%9B%AEu%CC +**%E9%A6%AC%3A%E9%A9%AC%E9%B3%A5%3A%E9%B8%9Fnia%CC%8C%E7%9B%AEu%CC** %80%E6%B0%B4%20.txt File name and special characters from the computer name and location will also be encoded. -File name structure +**File name structure** Default file name structure: -bucketName/CurrentDate/ComputerName +**bucketName/CurrentDate/ComputerName** - bucket name (ln4w7yuqax-dev-client-bucket) - current date in YYYY-MM-DD format (2022-11-23) @@ -294,4 +327,4 @@ bucketName/CurrentDate/ComputerName File name structure with S3 Bucket location field specified: -bucketName/location/CurrentDate/ComputerName +**bucketName/location/CurrentDate/ComputerName** diff --git a/docs/endpointprotector/5.9.4.2/admin/systempar.md b/docs/endpointprotector/5.9.4.2/admin/systempar.md index ad1641290e..d9c2143acd 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systempar.md +++ b/docs/endpointprotector/5.9.4.2/admin/systempar.md @@ -28,8 +28,11 @@ the Actions column. You can enable or disable messages from the Default Notifications list and edit custom notification translations. -**NOTE:** You can enable Custom Client Notifications globally from Device Control, Global Settings or +:::note +You can enable Custom Client Notifications globally from Device Control, Global Settings or individually for computers or groups, from their specific Settings sections. +::: + ![Enable/disable a message from the list of Default Notifications or edit the custom notifications translations](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/listdefaultnotif.webp) @@ -121,7 +124,7 @@ Follow the steps to add a new custom notification. **Step 3 –** Click **Save**. -Example: USB Driver(deviceName) is blocked(action) +**Example: USB Driver(deviceName) is blocked(action)** Once the notification was created, you can select the custom notification from the User Remediation Notification Template drop-down located in the Device Control section, Global Setting, Users, @@ -142,10 +145,13 @@ relevant keywords, other related functions, regular expressions, etc.). In addition to providing context to the detected sensitive information, this functionality also helps decrease false positives. -**NOTE:** This feature applies at a global level, for both Content Aware Protection and eDiscovery +:::note +This feature applies at a global level, for both Content Aware Protection and eDiscovery Policies. If enabled, the context detection will supersede the content only detection through the system. Please ensure the accuracy of the rules and the relevance for your scenarios before enabling this functionality. +::: + Once the Contextual Detection feature is enabled, it will apply at a global level, based on the rules defined in the Contextual XML (but also linked to the configured Content Aware Protection and @@ -156,10 +162,13 @@ There are two options to create the Contextual rules: - creating it directly from the Endpoint Protector Server - manually editing the Contextual XML and then uploading it to the Endpoint Protector Server -**NOTE:** To address conflicts between Global and per-policy Contextual Rules, Endpoint Protector +:::note +To address conflicts between Global and per-policy Contextual Rules, Endpoint Protector Clients no longer receive Global Contextual Rules if at least one policy has its individual Contextual Rule set. This marks the deprecation of Global Contextual Rules, emphasizing the prioritization of individual policy configurations. +::: + ### Creating the XML @@ -189,8 +198,11 @@ as: - Unrelated File Size (MB) – the unrelated file size, in megabytes. - Maximum Matches – the value above which the rule will not be validated (recommended value is 0). -**CAUTION:** Do not forget to Generate the Contextual XML after creating or making changes to +:::warning +Do not forget to Generate the Contextual XML after creating or making changes to contextual rules! +::: + ### Uploading the XML @@ -207,7 +219,7 @@ Confidence Level, additional Functions to consider when determining the Main Fu Study the examples provided within Endpoint Protector Server to understand the syntax needed in the Contextual XML. -Example +**Example** ``` @@ -231,7 +243,7 @@ same with the one on the client --> should be the same with the one on the client --> ``` -Example +**Example** ``` @@ -285,8 +297,11 @@ print or copy files to MTP devices do not require the injection of the Endpoint Adding such applications to the exceptions list improves performance and avoids unexpected interactions with Endpoint Protector. -**NOTE:** This feature applies at a global level for all Windows endpoints with the Advanced +:::note +This feature applies at a global level for all Windows endpoints with the Advanced Printing and MTP Scanning features enabled. +::: + ![Advanced Scanning Detection](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/advancedscanningexceptions.webp) @@ -325,10 +340,10 @@ For a detailed view of all events and their descriptions, please see the table b | File Read-Write | File read and write from device | | File Rename | File from device renamed | | File Delete | File deleted from device | -| Device TD | Trusted Device™ connected | +| Device TD | Trusted Device™ connected | | Deleted | File deleted from device | | Enable Read-Only | Device Read-Only Enabled | -| Enable if TD Level 1 | Allows access when a Trusted Device™ is connected (e.g., a USB stick with EasyLock installed, which is automatically launched) | +| Enable if TD Level 1 | Allows access when a Trusted Device™ is connected (e.g., a USB stick with EasyLock installed, which is automatically launched) | | Enable if TD Level 2 | Allows access when Trust Level 2 device is connected | | Enable if TD Level 3 | Allows access when Trust Level 3 device is connected | | Enable if TD Level 4 | Allows access when Trust Level 4 device is connected | @@ -341,27 +356,27 @@ For a detailed view of all events and their descriptions, please see the table b | File Decrypt | File decrypted using EasyLock | | File Encrypt (offline) | File encrypted using EasyLock when not communicating with the Endpoint Protector Server | | File Decrypt (offline) | File decrypted using EasyLock when not communicating with the Endpoint Protector Server | -| Content Threat Detected | Content Aware Protection - Threat Detected | -| Content Threat Blocked | Content Aware Protection - Threat Blocked | +| Content Threat Detected | Content Aware Protection | +| Content Threat Blocked | Content Aware Protection | | File Copy | A file was copied to or from a removable device | -| Content Threat Discovered | eDiscovery - Threat Discovered | -| eDiscovery Client Action | eDiscovery - Action received successfully | +| Content Threat Discovered | eDiscovery | +| eDiscovery Client Action | eDiscovery | | User Logout | User Logout | | Client Integrity OK | Endpoint Protector Client Integrity ok | | Client Integrity Fail | Endpoint Protector Client Integrity failed | | Policies Received | Endpoint Protector Client received policy successfully | | Uninstall Attempt | Endpoint Protector Client uninstall attempt | -| EasyLock – successfully deployed | EasyLock - successfully deployed | -| EasyLock - deployment failed | EasyLock - deployment failed | +| EasyLock – successfully deployed | EasyLock | +| EasyLock | EasyLock | | File Printed | File sent to printer successfully | | User Information Updated | User information updated successfully | | Transfer Limit Reached | Transfer Limit Reached | | External Repository Upload | File Shadow uploaded to Repository successfully | | External Repository Upload Fail | File Shadow uploaded to Repository failed | -| Content Remediation Session Active | Content Aware Protection - Threat Remediated | -| Content Remediation Request Canceled by User | Content Aware Protection - User Remediation dialog was closed by the user | +| Content Remediation Session Active | Content Aware Protection | +| Content Remediation Request Canceled by User | Content Aware Protection | | Forced Uninstall Attempt | Endpoint Protector Client forced uninstall attempt | -| Device Remediation Request Canceled by User | Device Control - User Remediation dialog was closed by the user | +| Device Remediation Request Canceled by User | Device Control | | Device Remediation Session Canceled | Device Temporarily Unlock with User Remediation canceled | | Device Remediation Session Active | Device Temporarily Unlocked with User Remediation | | Device Remediation Session Ended | Device Temporarily Unlock with User Remediation ended | @@ -370,6 +385,7 @@ For a detailed view of all events and their descriptions, please see the table b | Artifact Received | Artifact Received | | DPI Bypassed Traffic | DPI Bypassed Traffic | + ## User Remediation User remediation is a feature that allows the end-users to apply a justification and self-remediate a @@ -386,7 +402,10 @@ Remediation for Device Control. - Display Custom URL – add a URL to direct the end-user to a specific web page, and then add a label for the URL - **NOTE:** The following URL formats are accepted: + :::note + The following URL formats are accepted: + ::: + - http://endpointprotector.com - https://endpointprotector.com @@ -396,7 +415,10 @@ Remediation for Device Control. - Require Credentials – request the end-user to use their local account or Active Directory credentials - **NOTE:** The following credential formats are accepted for login: + :::note + The following credential formats are accepted for login: + ::: + - Local user - computer_name\username (John-PC\John) - LDAP/AD user @@ -408,14 +430,20 @@ Remediation for Device Control. - Maximum Time Interval – enter the maximum time interval in which the end-user can remediate a Block and Remediated threat or restricted-access device - **NOTE:** The maximum time interval you can enter is 1440 minutes (24 hours). + :::note + The maximum time interval you can enter is 1440 minutes (24 hours). + ::: + - Enable User Remediation for Device Control – enable the setting to use the user remediation feature for the Device Control module. - **NOTE:** The Enable User Remediation for Device Control setting is disabled by default. By + :::note + The Enable User Remediation for Device Control setting is disabled by default. By enabling this feature, all the settings regarding User Remediation will be applied to both Content Aware Protection and Device Control modules. + ::: + ![User Remediation Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationsettings.webp) @@ -460,8 +488,11 @@ from the User Remediation Notification Template drop-down list; enable **User Remediation** for devices with limited access – devices that have full access permission cannot benefit from the User Remediation feature. -**NOTE:** For built-in devices, such as Webcam and Network share, the User Remediation feature is +:::note +For built-in devices, such as Webcam and Network share, the User Remediation feature is not available. +::: + ![These are device types that apply in General](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypes.webp) @@ -491,8 +522,11 @@ Follow these steps to remediate the device. number to view the maximum time interval) 6. Click **Authorize**. -**NOTE:** You can manage more settings for the Self Remediate feature from System Preferences and +:::note +You can manage more settings for the Self Remediate feature from System Preferences and User Remediation sections. +::: + ![Self Remediate section](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/selfremediatesection.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md index 62cd1bea0e..1b6cf2d6ec 100644 --- a/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md @@ -20,8 +20,11 @@ New; **Step 4 –** Expand Computer Configuration / Software Settings and right-click Software Installation, and then select New/Package; -**NOTE:** When browsing the ‘msi’ file, ensure it is located in a folder shared over your network +:::note +When browsing the ‘msi’ file, ensure it is located in a folder shared over your network and accessible by the computers on your Active Directory. +::: + ![Configuring Deployment for Group Policy Objects](/img/product_docs/endpointprotector/5.9.4.2/configuration/activedirectory/gpoconfiguration.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md index 81fd402bee..a4b9d35548 100644 --- a/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md @@ -15,6 +15,9 @@ these steps: **Step 3 –** Repeat these steps and select the Endpoint Protector 64-bit. -**NOTE:** The new policies will be applied only when the target computers are rebooted. +:::note +The new policies will be applied only when the target computers are rebooted. +::: + ![Linking Group Policy Objects to Organization Units ](/img/product_docs/endpointprotector/5.9.4.2/configuration/activedirectory/gpotooulinking.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md index c14e75ce88..3cd276a658 100644 --- a/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md @@ -20,7 +20,10 @@ The Group Policy objects will be later linked to each Organization Unit on which the deployment. This document presents a basic and functional overview of the deployment strategy of Endpoint Protector Client software. You can modify and adjust these techniques to his environment. -**NOTE:** This document is provided as an optional reference for Active Directory deployment method +:::note +This document is provided as an optional reference for Active Directory deployment method configuration. It is not regularly updated and may not reflect the current state of the product or its interface. For the most current information, please refer to the official resources provided by the product vendor. + +::: diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md index d602d7a876..78a125ea3b 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md @@ -26,9 +26,12 @@ Protector. **Step 5 –** Select an Instance Type. -**NOTE:** For assistance in selecting the instance type that best suits your needs, customers should +:::note +For assistance in selecting the instance type that best suits your needs, customers should submit a support ticket through the [Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html). +::: + **Step 6 –** Select an available key pair or create a new key pair. diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md index 18387099b4..bb532ce054 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md @@ -27,5 +27,8 @@ and then click Associate; The Elastic IP is now associated with your Endpoint Protector Instance. After a few minutes, the Endpoint Protector Instance will be running associated with the Elastic IP. -**NOTE:** We recommend further securing your Instance by making all possible settings in the AWS +:::note +We recommend further securing your Instance by making all possible settings in the AWS Interface under the option Security Groups. + +::: diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md index aa976858aa..644c8d955d 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md @@ -35,8 +35,11 @@ on the Google Cloud Platform Console and create a bucket. **Step 4 –** Once the bucket is created, upload the Endpoint Protector image file received from Endpoint Protector. -**NOTE:** The upload can take several hours, depending on the size of the compressed image and the +:::note +The upload can take several hours, depending on the size of the compressed image and the speed of the network connection. +::: + ![Uploading Endpoint Protector image to the bucket](/img/product_docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/uploadimage.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md index 0d5181fc75..1580479c34 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md @@ -10,8 +10,11 @@ To have access to the Virtual Machine, contact your Endpoint Protector Represent information such as the access keys to a Container specifically created for the Endpoint Protector Virtual Machine. -**NOTE:** We will upload the Endpoint Protector Virtual Machine to your Container as soon as +:::note +We will upload the Endpoint Protector Virtual Machine to your Container as soon as possible. Once this step is done, we advise regenerating the access key. +::: + ## Creating the Storage Account and Container @@ -51,7 +54,10 @@ access level select Container (anonymous read access for containers and blobs); **Step 8 –** Select the container you created, and then click Shared access tokens. -**CAUTION:** Make sure you are creating a token on the container level, not the storage account! +:::warning +Make sure you are creating a token on the container level, not the storage account! +::: + **Step 9 –** Configure the SAS token with Create, Write and Add Permissions with a 5-day window to allow the Netwrix team to copy the image; @@ -60,5 +66,6 @@ allow the Netwrix team to copy the image; **Step 10 –** Copy the Blob SAS URL and send it to Netwrix. -**NOTE:** Netwrixwill copy the Endpoint Protector Virtual Machine to your storage account and notify -you when the process is over. +:::note +Netwrix will copy the Endpoint Protector Virtual Machine to your storage account and notify you when the process is over. +::: \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md index d352134adf..f1bf915303 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md @@ -75,8 +75,11 @@ generated](/img/product_docs/endpointprotector/5.9.4.2/configuration/azure/newvm **Step 8 –** Click Review + create and then Create. -**NOTE:** For Additional Features, we recommend selecting HDD instead of SSD to avoid unnecessary +:::note +For Additional Features, we recommend selecting HDD instead of SSD to avoid unnecessary payments for an unused SSD attached to the Virtual Machine. +::: + ![A screenshot of a computer diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md index 67bba6e862..66f8ae5075 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md @@ -6,8 +6,4 @@ sidebar_position: 30 # Microsoft Azure -This section explores the integration of Endpoint Protector into your Azure environment. Although -Endpoint Protector is not readily found in the Azure Marketplace; we will walk you through the -process of acquiring the specialized Virtual Machine (VM) tailored for your Azure setup. From -creating the Storage Account and Container to configuring the Disk and Virtual Machine, we have got -your Azure deployment covered. +This section explores the integration of Endpoint Protector into your Azure environment. Although Endpoint Protector is not readily found in the Azure Marketplace; we will walk you through the process of acquiring the specialized Virtual Machine (VM) tailored for your Azure setup. From creating the Storage Account and Container to configuring the Disk and Virtual Machine, we have got your Azure deployment covered. \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md index a3db866152..5d4ed8fdee 100644 --- a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md @@ -31,8 +31,11 @@ To start the Endpoint Protector Virtual Machine in Azure, follow these steps: **Step 3 –** Click Review + create and then Create. -**NOTE:** For Additional Features, we recommend selecting HDD instead of SSD to avoid unnecessary +:::note +For Additional Features, we recommend selecting HDD instead of SSD to avoid unnecessary payments for an unused SSD attached to the Virtual Machine. +::: + ![Information tab for creating a public IP](/img/product_docs/endpointprotector/5.9.4.2/configuration/azure/publicip.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md b/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md index 0cdea90cce..f88a840aeb 100644 --- a/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md @@ -54,7 +54,10 @@ package upload. **Step 11 –** Go to Devices from the left-hand menu, select macOS, Shell scripts and then click **Add**. -**NOTE:** Please contact the Customer Support department to provide the script. +:::note +Please contact the Customer Support department to provide the script. +::: + ![Adding scripts on shell scripts page](/img/product_docs/endpointprotector/5.9.4.2/install/agent/intune/shellscripts.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/intune/overview.md b/docs/endpointprotector/5.9.4.2/install/intune/overview.md index ee631c2fcd..dfb583797d 100644 --- a/docs/endpointprotector/5.9.4.2/install/intune/overview.md +++ b/docs/endpointprotector/5.9.4.2/install/intune/overview.md @@ -10,6 +10,9 @@ This guide describes the steps needed to deploy Netwrix Endpoint Protector to mu using the MSI application in Microsoft Intune. Microsoft Intune is a cloud-based service focusing on mobile device management (MDM) and mobile application management (MAM). -**NOTE:** This document serves as an optional reference for Microsoft Intune (currently known as +:::note +This document serves as an optional reference for Microsoft Intune (currently known as Microsoft Endpoint Manager). It is not regularly updated and may not align with the current version of the product. Please refer to the official resources for the most up-to-date information. + +::: diff --git a/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md b/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md index 2ccb7aacd5..437562fa83 100644 --- a/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md @@ -15,8 +15,11 @@ Protector MSI package; ![Downloading the Windows Endpoint Protector MSI Package](/img/product_docs/endpointprotector/5.9.4.2/install/agent/intune/msipackagedownload.webp) -**CAUTION:** When deploying the .msi package, delete the information contained in the brackets as +:::warning +When deploying the .msi package, delete the information contained in the brackets as well as the underscore that precedes it - EPPClientSetup.5.6.3.1_x86_64.msi +::: + ![A black text on a white background diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md b/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md index 7582e930a7..3577894bff 100644 --- a/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md +++ b/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md @@ -22,7 +22,10 @@ available configuration profiles, click **+New**. On the New macOS Configuration Profile section, you can manage profile settings and select the devices and users to which you want to deploy the profile. -**NOTE:** Click **Save** only once you have managed all settings and the profile scope. +:::note +Click **Save** only once you have managed all settings and the profile scope. +::: + ## General Settings @@ -39,8 +42,11 @@ You can continue with the default settings for the category, level, and distribu You will add the Client CA Certificate in .cer format on the Certificate settings section. -**NOTE:** This step is not required if you are not using Deep Package Inspection. To continue the +:::note +This step is not required if you are not using Deep Package Inspection. To continue the process, go to the Privacy Preferences Policy Control section. +::: + **Step 1 –** Log in to Endpoint Protector Server, go to the System Configuration section, and then select **System Settings**. @@ -69,8 +75,11 @@ information: `anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +:::note +Use the Terminal Editor to verify there are no formatting alterations before executing this command line. +::: + - Select the **Validate the Static Code Requirement** check-box. - Click **Add** and **Save** to allow access to SystemPolicyAllFiles and Accessibility services. @@ -86,12 +95,15 @@ Identifier - `com.cososys.eppclient.notifier` Identifier Type – go with the default Bundle ID type. -Code Requirement +**Code Requirement** `anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +:::note +Use the Terminal Editor to verify there are no formatting alterations before executing this command line. +::: + - Select the **Validate the Static Code Requirement** check-box. - Click **Add** and then **Save** to allow access to Accessibility services. @@ -107,12 +119,15 @@ Identifier – `com.cososys.easylock`. Identifier Type – go with the default Bundle ID type. -Code Requirement +**Code Requirement** `anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +:::note +Use the Terminal Editor to verify there are no formatting alterations before executing this command line. +::: + - Select the **Validate the Static Code Requirement** check-box. - Click **Add** and then **Save** to allow access to SystemPolicyAllFiles and Accessibility @@ -134,9 +149,12 @@ On the System Extension section, click **Configure** and then enter the followin ![Allowing System Extensions ](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/systemextensions.webp) -**NOTE:** For operating systems lower than macOS 11 (Big Sur), manage settings from the Approved +:::note +For operating systems lower than macOS 11 (Big Sur), manage settings from the Approved Kernel Extensions section instead of System Extensions. Define the Team ID (enter TV3T7A76P4) and proceed to the next step. +::: + ### Removable System Extensions @@ -149,7 +167,10 @@ system extensions without a pop-up, and then enter the following information: - Allowed System Extensions – click **Add**, enter `com.cososys.eppclient`, and then **Save** the changes. -**NOTE:** This setting will be applied starting with MacOS 12 version (Monterey). +:::note +This setting will be applied starting with MacOS 12 version (Monterey). +::: + ![Adding a new policy that will allow the removing of system extensions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/removeableextensions.webp) @@ -172,14 +193,20 @@ Endpoint Protector Items can be simply disabled in your Jamf Configuration Profi Simply uncheck the box next to the Endpoint ProtectorItem(s) you want to disable, and then click **Save** to save your changes. -**NOTE:** Disabling Endpoint Protector Items may have an impact on the security of your system. Only +:::note +Disabling Endpoint Protector Items may have an impact on the security of your system. Only disable these items if you are positive it is essential and you have taken every precaution necessary to keep your system secure. +::: + ## VPN Settings -**NOTE:** This step is not required if you are not using VPN services. To continue the process, go +:::note +This step is not required if you are not using VPN services. To continue the process, go to the Scope section. +::: + On the VPN section, click **Configure** and then enter the following information: @@ -195,8 +222,11 @@ On the VPN section, click **Configure** and then enter the following information `anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4` -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +:::note +Use the Terminal Editor to verify there are no formatting alterations before executing this command line. +::: + - Select the **Prohibit users from disabling on-demand VPN settings** check-box. @@ -206,7 +236,10 @@ this command line. ## Notifications Settings -**NOTE:** This step is optional. To continue the process, go to the Scope section. +:::note +This step is optional. To continue the process, go to the Scope section. +::: + On the Notifications section, click **Configure** and then enter the following information: @@ -224,7 +257,10 @@ profile. Click **Save** to apply all settings to the new configuration profile. -**NOTE:** To confirm that the new configuration profile is saved successfully, reboot your computer +:::note +To confirm that the new configuration profile is saved successfully, reboot your computer at this point. +::: + ![Selecting Devices and Users to deploy to the new profile.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/scope.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/overview.md b/docs/endpointprotector/5.9.4.2/install/jamf/overview.md index 17b786446c..75546c4c4e 100644 --- a/docs/endpointprotector/5.9.4.2/install/jamf/overview.md +++ b/docs/endpointprotector/5.9.4.2/install/jamf/overview.md @@ -16,6 +16,9 @@ other alternatives. This user guide aims to explain how to use Jamf in order to deploy Endpoint Protector on multiple endpoints. -**NOTE:** This is an optional document for Jamf. It is not kept up-to-date with product changes and +:::note +This is an optional document for Jamf. It is not kept up-to-date with product changes and may not accurately represent the current interface or features. For the latest information, consult the official resources from the product vendor. + +::: diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md b/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md index c12924036d..876697fb85 100644 --- a/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md +++ b/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md @@ -9,8 +9,11 @@ sidebar_position: 20 To deploy the Endpoint Protector Client, upload the `EndpointProtector.pkg` package along with the `epp_change_ip.sh` script. -**CAUTION:** To obtain the `epp_change_ip.sh script`, customers should submit a support ticket +:::warning +To obtain the `epp_change_ip.sh script`, customers should submit a support ticket through the [Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html). +::: + To upload the script and package, follow these steps: @@ -25,8 +28,11 @@ and add the `epp_change_ip.sh` script. **Step 4 –** Add your Server IP to the EPP_SERVER_ADDRESS field. -**NOTE:** You can edit the EPP_DEPARTMET CODE and EPP_SERVER_PORT fields to deploy the Endpoint +:::note +You can edit the EPP_DEPARTMET CODE and EPP_SERVER_PORT fields to deploy the Endpoint Protector Client on specific departments or custom ports. +::: + ![Uploading the new Script.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/newscript.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md index 057e44a6dd..cdf6308c39 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md @@ -27,8 +27,11 @@ implementation as easy as possible. Additional information can be found in the f | Parallels Desktop | 0 | | | | | Citrix XenCenter | 11.1.3 | | | | -**NOTE:** The most commonly used format is OVF (Open Virtualization Format) as it is compatible with +:::note +The most commonly used format is OVF (Open Virtualization Format) as it is compatible with the majority of the virtualization software. +::: + ## Format Supported by Virtualization Software @@ -47,4 +50,4 @@ supported by the following: - VHD - Microsoft Hyper-V 6.1.7601.17514 - - Microsoft Hyper-V 6.3.9600.16384 + - Microsoft Hyper-V 6.3.9600.16384 \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md index 42869f4110..aa916a880c 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md @@ -56,9 +56,12 @@ storing imported virtual hard disk. Click **Next**. ![ Setting the desired path for storing the imported virtual hard disk](/img/product_docs/endpointprotector/5.9.4.2/install/storagefolders.webp) -**CAUTION:** If you get to the Get Memory step, it means you have insufficient memory on the Hyper-V +:::warning +If you get to the Get Memory step, it means you have insufficient memory on the Hyper-V Host. Please abort the process here and either increase memory on the Host or choose another Host to import the Endpoint Protector Virtual Appliance on. +::: + ![Insufficient memory on the Hyper-V Host](/img/product_docs/endpointprotector/5.9.4.2/install/configurememory.webp) @@ -75,6 +78,4 @@ step. Click **Next**. ![Connect network settings](/img/product_docs/endpointprotector/5.9.4.2/install/networkconnect.webp) **Step 13 –** On the Completing Import Wizard step, check that the settings are the ones wanted. -Click **Finish**. - -The new Virtual Machine will display in the Virtual Machines list. +Click **Finish**. The new Virtual Machine will display in the Virtual Machines list. \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md index 7ee113545c..d9edcc4e74 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md @@ -3,7 +3,6 @@ title: "Oracle VM VirtualBox" description: "Oracle VM VirtualBox" sidebar_position: 30 --- - # Oracle VM VirtualBox Oracle VM VirtualBox supports the OVF format for deploying virtual appliances, offering a diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md index 887d137dc3..e175c07d00 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md @@ -143,6 +143,12 @@ the only Endpoint Protector Virtual Appliance in your network). At this point, the Virtual Machine is ready to be started. -**CAUTION:** Do not suspend the VMware Player while Endpoint Protector Virtual Appliance is running. +:::warning +Do not suspend the VMware Player while Endpoint Protector Virtual Appliance is running. +::: -**CAUTION:** Do not shut down your computer while VMware Player is running. + +:::warning +Do not shut down your computer while VMware Player is running. + +::: diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md index f1f1d75ad7..9b80ede164 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md @@ -17,7 +17,7 @@ Follow the steps to configure the Endpoint Protector Appliance for the first t **Step 1 –** Select **Continue** when finished reading the End User License Agreement. -![End User License Agreement](/img/product_docs/endpointprotector/5.9.4.2/install/licenseagreement.webp) +![End User License Agreement](\img\product_docs\endpointprotector\5.9.4.2\install\LicenseAgreement.webp) **Step 2 –** Select **Accept**. @@ -29,7 +29,10 @@ Follow the steps to configure the Endpoint Protector Appliance for the first t **Step 4 –** The configuration methods are now available. -**CAUTION:** We recommend a manual configuration of the network settings. +:::warning +We recommend a manual configuration of the network settings. +::: + ![Automatic Network configuration for Endpoint Protector Appliance](/img/product_docs/endpointprotector/5.9.4.2/install/autonetworkconfig.webp) @@ -49,17 +52,15 @@ the appliance is correctly set up and accessible. **Step 3 –** Press **Tab**. -![Select tab to move to the apply button](/img/product_docs/endpointprotector/5.9.4.2/install/netmask.webp) +![Select tab to move to the apply button](\img\product_docs\endpointprotector\5.9.4.2\install\setip2.webp) **Step 4 –** Select **Apply**. The virtual appliance is now accessible from the configured IP Address. (e.g., https:// 192.168.7.94). -![Virtual appliance is now accessible from the configured IP Address](/img/product_docs/endpointprotector/5.9.4.2/install/dhcpmethod.webp) - ## Automatic Configuration Select **configure network automatically**, and click **Enter**. -![ IP Address and Default Gateway configured automatically](/img/product_docs/endpointprotector/5.9.4.2/install/staticipmethod.webp) +![ IP Address and Default Gateway configured automatically](\img\product_docs\endpointprotector\5.9.4.2\install\autonetworkconfig.webp) -The IP Address and Default Gateway will be configured automatically. +The IP Address and Default Gateway will be configured automatically. \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/requirements/client.md b/docs/endpointprotector/5.9.4.2/requirements/client.md index 2804f2b659..ace6077597 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/client.md +++ b/docs/endpointprotector/5.9.4.2/requirements/client.md @@ -16,7 +16,9 @@ the endpoint’s hardware configuration. In an idle state, the base requirements - Bandwidth: Less than 1 Kbs (Kilobit per second) when idle. This may increase depending on usage when sending logs or uploading shadow files. -**NOTE:** For Content Aware Protection and eDiscovery scanning, more CPU and RAM are required. +:::note +For Content Aware Protection and eDiscovery scanning, more CPU and RAM are required. +::: Below is a closer look at the resource consumption when all modules are enabled , function are active, and policies are configured for a stress test: @@ -51,109 +53,138 @@ below. #### Recommended Exclusions for Windows -Service Level Exclusions -- CssDcFlt -- cssdlp20 -- cssnwtap -- cssredir -- cssguard -- Endpoint Protector -Folder Level Exclusions -- C:\Program Files\CoSoSys\Endpoint Protector\\\* - Alternative (for the folder-level exclusion above): +**Folder Level Exclusions** +``` +/Applications/EndpointProtectorClient.app/* +/private/etc/epp/* +/private/var/tmp/epp/* +``` - - C:\Program Files\CoSoSys\Endpoint Protector\EPPservice.exe - - C:\Program Files\CoSoSys\Endpoint Protector\sslsplit.exe - - C:\Program Files\CoSoSys\Endpoint Protector\cssguard.exe - - C:\Program Files\CoSoSys\Endpoint Protector\EPPNotifier.exe -- C:\Windows\System32\config\systemprofile\AppData\Local\CoSoSys\EPP\* +**File Level Exclusions** +``` +/Applications/EndpointProtectorClient.app/Contents/MacOS/EppClient +/Applications/EndpointProtectorClient.app/Contents/MacOS/sslsplit +/Applications/EndpointProtectorClient.app/Contents/MacOS/netdlp_setup +/Applications/EndpointProtectorClient.app/Contents/Applications/EppNotifier.app/Contents +/MacOS/EppNotifier +/var/log/eppclient.log +/var/log/eppsslsplit.log +``` -File Level Exclusions -- C:\ProgramFiles\CoSoSys\EndpointProtector\EPPservice.exe -- C:\ProgramFiles\CoSoSys\EndpointProtector\sslsplit.exe -- C:\ProgramFiles\CoSoSys\EndpointProtector\cssguard.exe -- C:\ProgramFiles\CoSoSys\EndpointProtector\EPPNotifier.exe - - Alternative (to the above file exclusions): - - - C:\ProgramFiles\CoSoSys\EndpointProtector\\\* - -- C:\Windows\System32\drivers\cssdlp20.sys -- C:\Windows\System32\drivers\cssredir.sys -- C:\Windows\System32\drivers\cssdcflt.sys -- C:\Windows\System32\drivers\cssnwtap.sys -- C:\eppclient.log -- C:\eppsslsplit.log - -Process Level Exclusions - -- cssguard.exe -- EPPNotifier.exe -- EPPservice.exe - -Registry Level Exclusions - -- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CssDcFlt -- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cssdlp20 -- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cssguard -- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cssnwtap -- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cssredir - -#### Recommended Exclusions for macOS - -Folder Level Exclusions - -- /Applications/EndpointProtectorClient.app/\* -- /private/etc/epp/\* -- /private/var/tmp/epp/\* - -File Level Exclusions - -- /Applications/EndpointProtectorClient.app/Contents/MacOS/EppClient -- /Applications/EndpointProtectorClient.app/Contents/MacOS/sslsplit -- /Applications/EndpointProtectorClient.app/Contents/MacOS/netdlp_setup -- /Applications/EndpointProtectorClient.app/Contents/Applications/EppNotifier.app/Contents -- /MacOS/EppNotifier -- /var/log/eppclient.log -- /var/log/eppsslsplit.log - -Process Level Exclusions - -- EppClient -- sslsplit -- netdlp_setup -- EppNotifier +**Process Level Exclusions** +``` +EppClient +sslsplit +netdlp_setup +EppNotifier +``` #### Recommended Exclusions for Linux -Folder Level Exclusions - -- /opt/cososys/\* -- /var/log/epp-client/\* -File Level Exclusions +**Folder Level Exclusions** +``` +/opt/cososys/* +/var/log/epp-client/* +``` + + +**File Level Exclusions** +``` +/opt/cososys/sbin/epp-client-daemon +/opt/cososys/sbin/epp_sslsplit +/opt/cososys/sbin/epp_netdlp_setup +/opt/cososys/sbin/netdlp_scripts/linux_install_certicates.sh +/opt/cososys/bin/epp-client +/var/log/epp-client/epp_client_daemon.log +/var/log/epp-client/eppsslsplit.log +``` + + +**Process Level Exclusions** +``` +epp-client-daemon +epp-client +epp_sslsplit +epp_netdlp_setup +linux_install_certicates.sh +``` + + +**Folder Level Exclusions** +``` +/opt/cososys/* +/var/log/epp-client/* +``` + +**File Level Exclusions** +``` +/opt/cososys/sbin/epp-client-daemon +/opt/cososys/sbin/epp_sslsplit +/opt/cososys/sbin/epp_netdlp_setup +/opt/cososys/sbin/netdlp_scripts/linux_install_certicates.sh +/opt/cososys/bin/epp-client +/var/log/epp-client/epp_client_daemon.log +/var/log/epp-client/eppsslsplit.log +``` + +**Process Level Exclusions** +``` +epp-client-daemon +epp-client +epp_sslsplit +epp_netdlp_setup +linux_install_certicates.sh +``` + +**File Level Exclusions** +``` +/MacOS/EppNotifier +/var/log/eppclient.log +/var/log/eppsslsplit.log +``` + +**Process Level Exclusions** +``` +EppClient +sslsplit +netdlp_setup +EppNotifier +``` -- /opt/cososys/sbin/epp-client-daemon -- /opt/cososys/sbin/epp_sslsplit -- /opt/cososys/sbin/epp_netdlp_setup -- /opt/cososys/sbin/netdlp_scripts/linux_install_certicates.sh -- /opt/cososys/bin/epp-client -- /var/log/epp-client/epp_client_daemon.log -- /var/log/epp-client/eppsslsplit.log - -Process Level Exclusions +#### Recommended Exclusions for Linux -- epp-client-daemon -- epp-client -- epp_sslsplit -- epp_netdlp_setup -- linux_install_certicates.sh +**Folder Level Exclusions** +``` +/opt/cososys/* +/var/log/epp-client/* +``` + +**File Level Exclusions** +``` +/opt/cososys/sbin/epp-client-daemon +/opt/cososys/sbin/epp_sslsplit +/opt/cososys/sbin/epp_netdlp_setup +/opt/cososys/sbin/netdlp_scripts/linux_install_certicates.sh +/opt/cososys/bin/epp-client +/var/log/epp-client/epp_client_daemon.log +/var/log/epp-client/eppsslsplit.log +``` + +**Process Level Exclusions** +``` +epp-client-daemon +epp-client +epp_sslsplit +epp_netdlp_setup +linux_install_certicates.sh +``` By applying these exclusions, you will allow the Endpoint Protector Client to operate smoothly -alongside other security products, ensuring both functionality and protection across endpoints. +alongside other security products, ensuring both functionality and protection across endpoints. \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/requirements/components.md b/docs/endpointprotector/5.9.4.2/requirements/components.md index 58f33e050c..15ac1d5eea 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/components.md +++ b/docs/endpointprotector/5.9.4.2/requirements/components.md @@ -30,7 +30,7 @@ The Client-side of Endpoint Protector has two different components: - Enforced Encryption Client – enforcing 256 AES encryption on USB storage devices as specified from the Server; it is a stand-alone application compatible with Windows and Mac computers. -![Main Components](/img/product_docs/endpointprotector/5.9.4.2/requirements/maincomponents.webp) +![Main Components](\img\product_docs\endpointprotector\5.9.4.2\requirements\maincomponents.webp) ## Architecture Overview @@ -42,31 +42,31 @@ sensitive information and ensuring compliance with security policies. ### Key Components and Data Flow -Endpoint Protector Server +**Endpoint Protector Server** This server is the core of Endpoint Protector, enforcing security policies and monitoring data flows across the organization. It communicates with all endpoints to ensure compliance with data protection rules and logs activity for auditing purposes. -MySQL Database +**MySQL Database** The Endpoint Protector server is integrated with a MySQL database that stores configuration data, user activity logs, and incident reports. This allows for centralized data management, enabling efficient policy enforcement and detailed reporting. -Firewall/Gateway Device +**Firewall/Gateway Device** Acting as a security barrier, the firewall/gateway protects the network from external threats and manages secure connections for remote users. It ensures that only authorized traffic reaches the Endpoint Protector Server, safeguarding internal resources. -DLP Admin +**DLP Admin** The Data Loss Prevention (DLP) Admin manages the entire Endpoint Protector infrastructure. They configure policies, monitor endpoint activity, and address potential data breaches. The admin uses the server’s interface to adjust security rules and respond to incidents as they occur. -DLP Users (LAN and Remote): +**DLP Users (LAN and Remote):** - LAN Users – These internal users are connected to the organization’s Local Area Network (LAN), and their devices are monitored by the Endpoint Protector server to prevent unauthorized data diff --git a/docs/endpointprotector/5.9.4.2/whatsnew.md b/docs/endpointprotector/5.9.4.2/whatsnew.md index 3d82639aab..b8d5169453 100644 --- a/docs/endpointprotector/5.9.4.2/whatsnew.md +++ b/docs/endpointprotector/5.9.4.2/whatsnew.md @@ -8,142 +8,4 @@ sidebar_position: 3 ## New Netwrix Community! -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Endpoint Protector in the -[Endpoint Protector](https://community.netwrix.com/c/endpoint-protector/announcements/106) area of -our new community. - -The following information highlights the new and enhanced features introduced in Netwrix Endpoint -Protector v5.9.4. - -## Endpoint Protector 5.9.4 - -This release includes the following: - -## Product Versions - -Versions of components provided with this release: - -- Server Version: 5.9.4.0 -- Windows Client: 6.2.3.1010 -- Mac Client: 3.0.3.1009 -- Linux Client: 2.4.3.1007 -- Enforced Encryption: 2.1.0.2 - -## General - -Netwrix Endpoint Protector Rebranding - -This release marks the beginning of a soft rebranding initiative for Netwrix Endpoint Protector, -which includes its Server, Client, and Enforced Encryption components. The purpose of this change is -to enhance visual consistency and align with Netwrix's overall branding strategy. - -New branding cover: - -• CoSoSys Endpoint Protector is now Netwrix Endpoint Protector - -![eppnetwrixbranding](/img/product_docs/endpointprotector/5.9.4.2/eppnetwrixbranding.webp) - -**NOTE:** All hardcoded e-mail addresses are not changed from CoSoSys.com domain to avoid -misconfiguration issues of any existing firewall filtering configuration. - -**NOTE:** Modules abbreviations are not changed. - -Customizable Sender Email Address for Alerts - -Administrators can now customize the "From" email address used in alert notifications by specifying -a preferred sender address in the Netwrix Endpoint Protector Server Alternative mail method -configuration. - -## Device Control (DC) - -Enhanced File Rename Tracking on MacOS - -You can now capture both source and destination file names during file renames on MacOS for complete -audit trails and accurate shadowing. - -## Content Aware Protection (CAP) - -Improved Browser Printing Monitoring - -Enhancements to Netwrix Endpoint Protector expand monitoring capabilities for web browser printing -beyond print spooler notifications, ensuring broader coverage across various printing methods and -printer types. This upgrade strengthens data loss prevention efforts by enhancing control over -unauthorized or accidental printing. - -Defining behavior for not Content Aware Printing - -This update introduces new settings that allow you to configure the action triggered when Content -Aware Protection cannot access the content of the printed file. - -Strengthened Data Protection with Improved MPIP Integration - -This release enhances mobile threat defense for organizations using Microsoft Purview Information -Protection (MPIP), also known as MIP; enabling interception of files based on their MPIP label names -or GUIDs to enforce stricter control over sensitive data access and transfer on mobile devices. -Improved integration in Netwrix Endpoint Protector Server WebUI also offers a more comprehensive -configuration option, strengthening your organization's security strategy. - -Enhanced MPIP Encrypted Office Files Label Recognition - -Content Aware Protection (CAP) can now detect sensitive metadata within MIP encrypted Microsoft -Office files, ensuring accurate detection and blocking of sensitive content. - -Enhanced User Remediation Messaging with Rich Text Editing - -Administrators can now format User Remediation messages with bold, italics, underline, text color, -hyperlinks, and different font sizes, enabling them to create clear, visually appealing, and -impactful messages that enhance user comprehension and encourage policy compliance. - -Enhanced Control for Hightail Express File Sharing - -Hightail Express can now be designated as a controlled application in Content Aware Protection, -allowing you to monitor and regulate file transfers through this popular service. - -Expanded Content Aware Protection Policies - -The maximum number of Content Aware Protection (CAP) policies has been increased, allowing for more -granular control over sensitive data. - -Expanded Content Aware Protection Policies - -The maximum number of Content Aware Protection (CAP) policies has been increased from 48 to 300, -allowing for more granular control over sensitive data. - -Expanded Deny/Allowlists limits - -The maximum number of Deny/Allowlists has been increased up to 1 000 list per category, and each -list limit has been increased to 50 000 entries per list, allowing for more granular control over -sensitive data. Notably, the Allowlist Network Share category is not affected by this change. - -Improved Deny/Allowlists Management in CAP and eDiscovery - -We have enhanced the ability to create and manage more deny/allowlists and entities per list, -benefiting both Content Aware Protection (CAP) and eDiscovery with improved data filtering and -investigation efficiency. - -MyBox File Uploads Now Detectable with CAP - -Content Aware Protection (CAP) now identifies and controls file uploads to MyBox, extending security -to popular cloud storage platforms. - -More Precise OneDrive Content Inspection - -Content Aware Protection (CAP) now extracts text more accurately from OneDrive DOC and DOCX files -via the Chrome extension, reducing false positives and blocking only files containing selected -sensitive data (e.g., SSN US). - -Improved Google Docs Text Extraction - -Enhanced text extraction in Google Docs ensures accurate content inspection and minimizes false -positives. - -Improved Google Sheets Text Extraction - -Improved text extraction in Google Sheets reduces false positives for secure content analysis. - -Enhanced Mac Monitoring with Microsoft Remote Desktop Support - -Content Aware Protection now supports monitoring Microsoft Remote Desktop (MRD) connections on Mac -endpoints, enabling policy definition to detect and control sensitive data transfers during MRD -sessions, enhancing your overall data security. +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for Netwrix Endpoint Protector in the [Endpoint Protector](https://community.netwrix.com/c/endpoint-protector/announcements/106) area of our new community. \ No newline at end of file diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIP2.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIP2.webp new file mode 100644 index 0000000000..21cf3a253c Binary files /dev/null and b/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIP2.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIPAO.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIPAO.webp new file mode 100644 index 0000000000..31bc9aedad Binary files /dev/null and b/static/img/product_docs/endpointprotector/5.9.4.2/install/SetIPAO.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/acceptagreement.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/acceptagreement.webp index 04e0faf49f..b83c6f3c2d 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/acceptagreement.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/acceptagreement.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/autonetworkconfig.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/autonetworkconfig.webp index a41bb96961..5e04548b2c 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/autonetworkconfig.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/autonetworkconfig.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/licenseagreement.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/licenseagreement.webp index 0c011b6cf6..b113b33134 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/licenseagreement.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/licenseagreement.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/manualnetworkconfig.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/manualnetworkconfig.webp index 8db319eaa8..96bf8d31c4 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/manualnetworkconfig.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/manualnetworkconfig.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/networking.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/networking.webp index 164b2247df..9f3dede878 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/networking.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/networking.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/install/setip.webp b/static/img/product_docs/endpointprotector/5.9.4.2/install/setip.webp index 026f3e3e7a..ad90c68298 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/install/setip.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/install/setip.webp differ diff --git a/static/img/product_docs/endpointprotector/5.9.4.2/requirements/maincomponents.webp b/static/img/product_docs/endpointprotector/5.9.4.2/requirements/maincomponents.webp index 1df8ff7a32..2bc79414ef 100644 Binary files a/static/img/product_docs/endpointprotector/5.9.4.2/requirements/maincomponents.webp and b/static/img/product_docs/endpointprotector/5.9.4.2/requirements/maincomponents.webp differ