2. Table of Contents
Welcome ......................................................................................................................................... 6
Understanding Paladin ................................................................................................................. 6
Paladin Server .......................................................................................................................... 7
Client ........................................................................................................................................ 8
System Requirements.................................................................................................................. 9
Paladin Server System Requirements ..................................................................................... 9
Client workstation System Requirements ................................................................................ 9
Using The Admin Console.......................................................................................................... 10
About the Admin Console .......................................................................................................... 10
Toolbar ....................................................................................................................................... 11
Menu bar .................................................................................................................................... 11
File menu................................................................................................................................ 11
View menu.............................................................................................................................. 11
Policy menu ............................................................................................................................ 12
Help menu .............................................................................................................................. 12
Admin Control Panel .................................................................................................................. 12
Installing Paladin ......................................................................................................................... 14
Installation Overview.................................................................................................................. 14
Installing Paladin........................................................................................................................ 14
Running Paladin with SQL ..................................................................................................... 14
Running Paladin with MSDE .................................................................................................. 20
Configuring System Setup ......................................................................................................... 26
About System Setup .................................................................................................................. 26
Registration ................................................................................................................................ 26
License Information and Status.............................................................................................. 26
Configuration.............................................................................................................................. 26
E-mail Server Settings............................................................................................................ 27
Proxy Server Settings............................................................................................................. 27
Communication Prototype ...................................................................................................... 28
Database Cleanup.................................................................................................................. 28
Server/Client Port Settings ..................................................................................................... 28
File Transfer Protocol ............................................................................................................. 29
Updates...................................................................................................................................... 29
Server ..................................................................................................................................... 29
Clients/Definitions................................................................................................................... 29
Setting Up Policies ...................................................................................................................... 31
About Policies ............................................................................................................................ 31
Policy View ............................................................................................................................. 31
Configuration Utility ................................................................................................................ 31
Creating and Managing Policies ................................................................................................ 32
Create a Policy ....................................................................................................................... 32
Delete a Policy ....................................................................................................................... 32
Rename a Policy .................................................................................................................... 33
Copy a Policy.......................................................................................................................... 33
Configuring Policies ................................................................................................................... 33
Paladin Network Administrator’s Guide iii
3. Client Tab................................................................................................................................... 33
Configure Client Settings........................................................................................................ 34
Deploy Client Software Updates ............................................................................................ 35
Deploy Client Database Updates ........................................................................................... 35
Set E-mail Alerts..................................................................................................................... 36
Add an Alert to a Policy .......................................................................................................... 36
Remove an Alert from a Policy............................................................................................... 37
Scan Tab.................................................................................................................................... 38
Schedule Tab ............................................................................................................................. 38
Item Actions Tab ........................................................................................................................ 39
Assign Actions to Items .......................................................................................................... 39
View Spyware Items By Action............................................................................................... 40
Item Action Details ................................................................................................................. 40
Preventions Tab......................................................................................................................... 41
Enable Internet Preventions ................................................................................................... 41
Restricted IP Ranges ............................................................................................................. 41
Restricted Zones .................................................................................................................... 42
Enable System Preventions ................................................................................................... 43
ADS ........................................................................................................................................ 43
Managing Clients and Items ....................................................................................................... 44
Client Management.................................................................................................................... 44
Adding and Deploying Clients ................................................................................................ 44
About Firewalls ....................................................................................................................... 44
Client Firewalls ....................................................................................................................... 44
Manually Deploying Clients .................................................................................................... 45
Client Actions Deployment ..................................................................................................... 45
Removing and Reassigning Clients........................................................................................... 46
Removing Clients from Policies.............................................................................................. 46
Removing Clients from Client Lists ........................................................................................ 47
Reassigning Clients................................................................................................................ 47
Scanning Client Workstations .................................................................................................... 48
Starting, Stopping and Refreshing Clients................................................................................. 48
Refresh Status........................................................................................................................ 48
Start Service ........................................................................................................................... 49
Stop Service ........................................................................................................................... 49
Item Management ...................................................................................................................... 49
Quarantining Items..................................................................................................................... 49
Quarantining Items - By Item.................................................................................................. 49
Quarantining Items - By Client ............................................................................................... 49
Unquarantining Items................................................................................................................. 50
Unquarantining Items - By Item.............................................................................................. 50
Unquarantining Items - By Client............................................................................................ 50
Deleting Items ............................................................................................................................ 50
Delete Items - By Item............................................................................................................ 50
Delete Items - By Client.......................................................................................................... 51
Spyware Library ......................................................................................................................... 51
Paladin Network Administrator’s Guide iv
4. Viewing Spyware Library Details............................................................................................ 51
Viewing Events .......................................................................................................................... 51
Viewing Events By Client ........................................................................................................... 51
Client List................................................................................................................................ 52
Client List Details.................................................................................................................... 52
Viewing Events By Item ............................................................................................................. 53
Items List ................................................................................................................................ 53
Items List Details .................................................................................................................... 53
Monitoring Network Activity....................................................................................................... 55
About Reports ............................................................................................................................ 55
Report Options ....................................................................................................................... 56
Exporting Reports ...................................................................................................................... 57
Network Activity ......................................................................................................................... 58
Spyware Activity......................................................................................................................... 58
Infected Machines - Summary ................................................................................................... 58
Infected Machines - Detail ......................................................................................................... 58
Top Ten Machines – Spyware Detected.................................................................................... 59
Machine History ......................................................................................................................... 59
Threats Found - Summary ......................................................................................................... 59
Threats Found - Detail ............................................................................................................... 59
Executive Summary ................................................................................................................... 60
Paladin Network Administrator’s Guide v
5. Welcome
Reliable and robust, Paladin is Aluria’s answer to dangerous and destructive spyware that
infiltrates network security. With Paladin you can scan your network for the latest threats,
create and assign policy controls, view detailed reports of all found threats, receive automatic
or manual updates, and much more.
Understanding Paladin
How Paladin Works
Unlike competitor products, Paladin offers true no-hassle server-side installation and updates.
Paladin’s custom communication technology side-steps Windows compatibility issues and
avoids the time loss common to corporate solutions that depend on Microsoft Management
Console (MMC) technology. The Paladin client/server architecture is shown below:
Product Components
There are two major components included in the Paladin product that you will install on your
computers:
Paladin Server
Client
Note This version of Paladin automatically installs the Active Defense Shield (ADS) driver. ADS
is a kernel-level driver and therefore, it is inadvisable that you repeatedly install and uninstall
the Paladin Server and Client.
Paladin Network Administrator’s Guide 6
6. Paladin Server
Before you can run Paladin, you must install its server. The Paladin Server provides centralized
management for all computers in your company. Its components are as follows:
Service Executable Description
AluriaIP AluriaIP.exe Controls the
communication between
Clients and the Database.
Also communicates with
the AdminConsole.
Admin Console Paladin.exe Provides a graphical user
interface (GUI) to manage
Paladin in your company.
Database/Service Sqlmanager.exe Stores settings, statistics,
Client configurations, etc.
ADS ADSService.exe Module that actively
protects spyware files from
installing on the server.
ADS is
also installed on all Client
PCs.
Paladin Network Administrator’s Guide 7
7. Client
A Client is a service that communicates with the Paladin Server to scan and remove spyware.
The Client is installed on an end user’s PC, allowing for spyware scanning and removal even
when the user is not logged in. The service runs with administrative rights, providing the Client
permission to remove all spyware on a PC. The service has no end-user interaction. This
lowers the risk of end-user errors, which often cause spyware to go undetected. The Client
service component is as follows:
Service Executable Description
AEliminator AEliminator.exe Runs as a system service
on each client workstation
to scan and remove
spyware. Communicates
results to the Server. Also
communicates
modifications to Client
settings back to the
Server.
AManager AManager.exe Provides a limited-
functionality graphical user
interface (GUI) to manage
Paladin client-side.
ADS ADSService.exe Module that actively
protects spyware files from
installing on the server.
ADS is
also installed on all Client
machines.
Note AEliminator runs as an NT service on Windows XP Professional SP1/SP2, Windows 2000
Professional SP2/SP3/SP4, and Windows NT Workstation 4.0 SP6 machines. On a Windows
98 SE machine, AEliminator will run as a Windows hidden application.
Paladin Network Administrator’s Guide 8
8. System Requirements
The following are Paladin's Server and Client system requirements.
Note Although it’s slated for future release, currently dual live network adapters are not a
supported configuration in Paladin.
Paladin Server System Requirements
Operating System: Windows 2003 Server, Windows 2000 Server SP3/SP4, Windows
2000 Advanced Server, Windows NT Server 4.0 SP6a, Windows XP Professional
SP1/SP2..
Processor: Recommended double Pentium IV 2.79 GHz processor.
Disk Space: Recommended 4 GB free.
Memory: Recommended 1 GB RAM.
Monitor: Minimum resolution of 1024 X 768.
Internet Connection: Required.
Client workstation System Requirements
Operating System: Windows XP Professional SP1/SP2, Windows 2000 Professional
SP2/SP3/SP4, Windows NT Workstation 4.0 SP6a, and Windows 98 SE.
Processor: Recommended Pentium III.
Disk Space: Recommended 20 MB free.
Memory: Recommended 256 MB RAM.
.Net Framework: Required.
Paladin Network Administrator’s Guide 9
9. Using The Admin Console
About the Admin Console
Paladin's Admin Console is a convenient tool, providing centralized management for
administrators to easily detect and remove spyware from groups throughout their network. By
using a central configuration, the Admin Console decreases the amount of time you will need to
learn the product.
From the Admin Console you can configure and assign security policies, deploy Client and
software updates, control scan scheduling, assign actions to found threats, access
comprehensive threat analysis reports to identify problem points within your network, and much
more. The components that provide functionality options within the Admin Console include the
toolbar, menu bar and the Admin Control panel with its three modules.
Admin Console
Paladin Network Administrator’s Guide 10
10. Toolbar
The Paladin toolbar provides fast access to frequently used features. The toolbar includes the
following buttons:
Setup. Opens tab-based system setup.
Create Policy. Creates a new policy that you can configure and add clients to as
desired.
Updates. Opens system setup updates screen.
Help. Launches product help files to resolve Paladin issues or questions.
Spyware Library. Displays the details of every spyware item in the Aluria spyware
database.
Menu bar
Like the toolbar, the menu bar provides easy access to commonly used features. The menu bar
includes the following four drop-down menus:
File menu
View menu
Policy menu
Help menu
File menu
File menu options include:
Setup. Opens system setup.
Exit. Closes the Admin Console.
View menu
View menu options allow you to view information from the Policies, Events and Reports
modules. View menu options include:
Registration. Displays the Registration screen.
Configuration. Displays the Configuration screen.
Updates. Displays the Updates screen.
By Client. Displays events sorted by client.
By Item. Displays events sorted by spyware item.
Paladin Network Administrator’s Guide 11
11. Activity Log. Displays activity log.
Error Log. Displays error log.
Server Log. Displays server log.
Updater Log. Displays updater log.
Policy menu
Policy menu options include features related to policies, client management, and client
deployment. Policy menu options include:
Create Policy. Creates a new policy that you can configure and add clients to as
desired.
Delete Policy. Deletes a policy that you created, but want removed.
Rename Policy. Allows you to give a preexisting policy a new, unique name.
Copy Policy. Duplicates a policy currently in existence, so that you may use the
preexisting configurations for a new policy.
Scan Computers. Scans all computers in a policy that you have selected.
Add Computers. Adds client workstations to a policy that you have selected. Once
added, the Client is pushed down and automatically installed on the workstations.
Remove Computers. Removes computers from a policy that you have selected.
Deploy Client(s). Deploys Client software onto selected workstations.
Help menu
Help menu options include:
Product Help. Launches product help files to resolve issues or questions.
Resources. Directs you to the Aluria Spyware Research Lab.
Online Support. Launches the Aluria Software support page.
About Paladin. Launches version details.
Admin Control Panel
The Paladin Admin Control panel is located on the left-hand side of the Admin Console. This
panel contains the following three collapsible/expandable modules:
Policies. Allows you to create custom security policies to be deployed on client
workstations assigned to those policies.
Paladin Network Administrator’s Guide 12
12. Events. Allows you to get detailed analysis of client and item activity.
Reports. Allows you to view detailed and summary threat analysis reports.
Paladin Network Administrator’s Guide 13
13. Installing Paladin
Installation Overview
There are two major components that must be installed in order to run Paladin. First, you must
have installed a server. You can run Paladin with an MS SQL Server, or, if you don’t have a
SQL Server, Paladin will install a Microsoft Data Engine (MSDE) Server for you –This database
will hold a maximum of 2GB data. Once you have installed the Server, the second component
you will install will be the Paladin application.
Note Even if you have an MSDE Server already installed, Paladin will reinstall MSDE and
create another instance named “Paladin.”
Installing Paladin
The Paladin application can be installed on any Windows 2000 Server or Windows 2003
Server. To install Paladin on your server/network you must at least have Domain Administrator
(for Active Directory networks) or Administrator (for Workgroups) privileges. During the
installation you must enter all information requested; Depending on whether or not you have
already installed, and choose to use SQL Server with Paladin, your instructions for installation
will differ. Please choose the instructions that apply to you below:
Note If you do not have a SQL Server currently installed, or if you have a SQL Server installed,
but would like to run Paladin with MSDE, please follow the “Running Paladin with MSDE"
instructions.
Running Paladin with SQL
To install Paladin with the SQL Server:
1. Start the installation process by double-clicking Setup.exe.
2. Click Next.
Paladin Network Administrator’s Guide 14
14. 3. Select I accept the license agreement and click Next.
4. Enter and select your information, and then click Next.
Paladin Network Administrator’s Guide 15
15. 5. Click Next.
– You can install the application to another destination by clicking Browse.
6. Click Next.
Paladin Network Administrator’s Guide 16
17. 9. Enter the server computer name and available server port number, and then click
Next.
– You must enter the requested information into these fields. If you do not properly
enter the server computer name and available server port number, Paladin will not
function on your system.
– We recommend ports 1 to 1023 not be used, as they are reserved for use by the
IANA. We also recommend that ports 49152 to 65535 be avoided, because they are
dynamic ports that operating systems use randomly. If you choose one of these ports,
you risk a potential conflict.
10. Select SQL and click Next.
– Select SQL Server ONLY if you have a SQL Server currently installed. If you select
SQL Server, you will need to create an instance name.
Paladin Network Administrator’s Guide 18
18. 11. Enter your information and click Next.
12. Click Finish.
13. Click Yes. (optional)
– Although clicking "yes" is optional, Aluria highly recommends you choose this option.
If you do not click "yes" to reboot, you may have some negative experiences. For
example, it is possible that, without an immediate reboot, certain displays will not
Paladin Network Administrator’s Guide 19
19. update correctly. Thus, if you choose to add a client to a policy, that policy's client list
may not update to show the newly added client as "installed." This could be confusing
for administrators trying to determine the status of a client installation.
Once you have completed these steps, you are ready to configure Paladin to scan your
company's workstations for spyware. Launch Paladin from your program menu, and enter your
information into the start up screen, and then click log on. The System Setup will automatically
launch. Use the Introduction, Registration, Configuration, and Updates tabs to get started.
Running Paladin with MSDE
1. Start the installation process by double-clicking Setup.exe.
2. Click Next.
3. Select I accept the license agreement and click Next.
Paladin Network Administrator’s Guide 20
20. 4. Enter and select your information, and then click Next.
5. Click Next.
– You can install the application to another destination by clicking Browse.
Paladin Network Administrator’s Guide 21
22. 8. Click Next.
9. Enter the server computer name and available server port number, and then click
Next.
– You must enter the requested information into these fields. If you do not properly
enter the server computer name and available server port number, Paladin will not
function on your system.
– We recommend ports 1 to 1023 not be used, as they are reserved for use by the
IANA. We also recommend that ports 49152 to 65535 be avoided, because they are
dynamic ports that operating systems use randomly. If you choose one of these ports,
you risk a potential conflict.
Paladin Network Administrator’s Guide 23
23. 10. From the Database list, select MSDE and click Next.
– By selecting MSDE you are prompting the Paladin database wizard to install, or (if
already installed) reinstall MSDE on your system.
11. Click Finish.
12. Click Yes. (optional)
Paladin Network Administrator’s Guide 24
24. – Although clicking "yes" is optional, Aluria highly recommends you choose this option. If
you do not click "yes" to reboot, you may have some negative experiences. For example, it
is possible that, without a reboot, certain displays will not update correctly. Thus, if you
choose to add a client to a policy, that policy's client list may not update to show the newly
added client as "installed." This could be confusing for administrators trying to determine
the status of a client installation.
Once you have completed these steps, you are ready to configure Paladin to scan your
company's workstations for spyware. Launch Paladin from your program menu, and enter your
information into the start up screen, and then click log on. The System Setup will automatically
launch. Use the Introduction, Registration, Configuration, and Updates tabs to get started.
Paladin Network Administrator’s Guide 25
25. Configuring System Setup
About System Setup
Each time you log on to Paladin, the Setup screen will display. From the Introduction tab you
can get a quick overview of what you will need to enter in the Registration, Configuration and
Updates tabs. Designed for efficiency, from Setup, you can easily register your product,
configure e-mail and proxy server settings, choose a communication prototype, check for
server and system updates, and schedule client software and definition file download
frequencies.
Registration
Following your initial product installation, you will use the Registration screen to register your
product. The registration key entered will determine if you have purchased the full version of
Paladin or are running it in trial mode.
To register Paladin:
1. Enter your registration key in the provided field.
2. Click Register.
License Information and Status
Once a valid registration key is entered and verified with Aluria’s servers, the license and status
information for your Paladin software will be displayed. You can return to the Registration
screen anytime to review your registration details.
From under License Information & Status, you can view:
Licenses Expiration Date. Displays the year, month, and day that the Paladin license
expires.
Client Licenses. Displays the number of licenses authorized by the registration.
Total Licenses Installed. Displays the number of Clients that have been assigned to
policies and deployed.
Status. Displays the version of Paladin currently in use. If running a trial (evaluation)
version, your status will show the amount of days left before the trial expires.
Note By default, Paladin will allow for 10 client licenses during the 30-day trial period. Once the
trial expires, all Clients will be disabled. To purchase Paladin, from the Registration screen,
click Buy Now.
Configuration
The Configuration screen allows you to save five types of system settings:
E-mail Server Settings
Proxy Server Settings
Paladin Network Administrator’s Guide 26
26. Communication Prototype
Server/Client Port Settings
File Sharing Protocol
In addition to saving system settings, from the Configuration screen, you can also delete old
scan history records.
E-mail Server Settings
E-mail settings allow you to receive notifications about found spyware, its location on your
network, and its severity.
To configure e-mail server settings:
1. From the Admin Console toolbar, click Setup.
– You may also access setup by clicking Setup from the File menu.
2. Select the Configuration tab.
3. Under E-mail Server Settings, in the fields provided, enter the e-mail server address, e-
mail address from which notifications should be sent, and port.
– If applicable, click Advanced. From the Advanced Options dialog, select Requires
Authentication, and enter the domain, user name, and password in the fields provided.
When you’re finished entering your information, click OK.
4. Click Save.
Once you have saved your e-mail server settings you can test them by clicking Send Test
E-mail.
Proxy Server Settings
If you use a proxy server to access the Internet, you will need to enable it to communicate with
Aluria's servers. Allowing connection through a proxy will assure that your company receives
software updates and new definition files as they become available.
To configure proxy server settings:
1. From the Admin Console toolbar, click Setup,
– You may also access setup by clicking Setup from the File menu.
2. Select the Configuration tab.
3. Under Proxy Server, select Enable Proxy Server.
4. In the fields provided, enter the address and select the port for the proxy.
Paladin Network Administrator’s Guide 27
27. – If applicable, click Advanced. From the Advanced Options dialog, select Requires
Authentication, and enter the domain, user name, and password in the fields provided.
When you’re finished entering your information, click OK.
5. Click Save.
Communication Prototype
By default, Paladin's communication prototype is set to TCP, the de facto standard for the
Internet.
Note Although it’s slated for future release, we currently do not offer UDP communication
functionality; only TCP is available for communications between the Server and the Client.
Database Cleanup
In order that your database does not reach maximum capacity, you can do a scan history
cleanup to remove specified records. Once deleted, the selected scan history will be
permanently deleted.
To perform a database cleanup:
1. From the Admin Console toolbar, click Setup.
– You may also access setup by clicking Setup from the File menu.
2. Under Database Cleanup, click Manual.
3. From the displayed dialog, specify the dates of records you want removed.
4. Click Delete.
5. Click Yes.
Server/Client Port Settings
By default, during installation Paladin selects port 2001 for your Server and Clients. During
installation, if necessary, you can change the port or you can change it after installation on the
Configuration screen.
To change the port for the Server and all Clients:
1. From the Admin Console toolbar, click Setup.
– You may also access setup by clicking Setup from the File menu.
2. Under Server/Client Port Settings, in the New Port field, select or enter your desired
port.
3. Click Change.
Paladin Network Administrator’s Guide 28
28. Note Although it is not recommended, if an error occurs and a particular Client did not get
assigned to the same port as the Server, you can change the Client port by expanding the
Policy module, and selecting Client Actions and then Change Port from the displayed
context menu. Updated Clients will be displayed in the Policy View.
File Transfer Protocol
By default, File & Printer sharing is enabled -this allows Paladin to effectively deploy Clients.
You can also enable Paladin sockets so that files can be transferred between the Server and
Client without having the Server logged into remove workstations.
Updates
The two major Paladin components that need to be regularly updated include:
Server
Clients/Definitions
Routinely, the Paladin Server will check Aluria’s server for updates to be downloaded. If an
update exists for the Paladin Server, the file will be downloaded, and the update will be run by
the administrator. If an update exists for the Client or Definition files, these files will be
downloaded awaiting a push by the Server to client workstations.
To check Aluria’s servers for the latest updates, click Check for Updates.
Server
On the Updates screen, from under Server, you can view the version of the server you
currently have installed. If a server update is available, next to Available Version, the number
displayed will be one higher than that shown for Installed Version. For example, if the Installed
Version is 1 and the Available Version is 2, then an update is available.
To update the Server:
1. From the Admin Console toolbar, click Setup.
– You may also access setup by clicking Setup from the File menu.
2. Select the Updates tab.
3. From under Server, click Update Now.
Clients/Definitions
The frequency of updates for Clients and definitions is the same. On the updates screen, you
can view installed and available versions of the client application and DAT files. To view
installed versions by client, click View by Client.
To schedule Client updates:
1. From the Admin Console toolbar, click Setup.
– You may also access setup by clicking Setup from the File menu.
2. Select the Updates tab.
Paladin Network Administrator’s Guide 29
29. 3. From under Clients, in the Download Frequency list, select the frequency with which
you could like Paladin to check for and download available updates.
4. Click Save.
Note Policy-specific updates may be invoked by two methods. You can configure policy
settings to automatically check for and install Client updates, or you can use push-button
updating to update software and definition files for a policy.
Paladin Network Administrator’s Guide 30
30. Setting Up Policies
About Policies
Once the Paladin Server is installed, you have the opportunity to create custom security
policies. These policies can be applied to designated client groupings on your network, and will
determine how Paladin finds, prevents, and manages spyware on client workstations. Once
policies have been created, the Client service is pushed down to all selected PCs on the
network. This process uses IP technology for communication, providing a channel for support
of WANs, LANs, and VPNs.
Policy View
Every time you add a policy or update its settings, you can view those changes on the Policy
screen. To view your policy settings, from the Admin Control panel, expand the Policies
module and click on the policy whose details you want to review.
The policy view displays the following:
Domain. Displays the domain a client workstation belongs to.
Client Name. Displays the computer name associated with the client workstation.
Status. Displays the Client status, whether Installed or Not Installed.
Last Scan. Displays the date and time of the last workstation scan.
Client Ver. Displays the version of the client software that is installed on the
workstation.
Last Software Update. Displays the date and time of the last Paladin software update.
Definition Ver. Displays the version of the threat definition file that resides on the client
workstation.
Last Definition Update. Displays the last date and time that the threat definitions were
updated.
Client Port. Displays the port that the client workstation is assigned to.
Policy Ver. Displays the incremental number associated with the Client's policy.
Configuration Utility
Paladin includes a comprehensive, tab-based configuration utility for creating policies. This
allows administrators to specify, according to client group, which spyware to detect and what
resultant actions should be taken. With the configuration utility, administrators configure
settings on the Client, Scan, Schedule, Item Actions, and Prevention tabs to suit network
needs.
Client. Allows administrators to define client updates, downloads and accessibility.
Scan. Allows administrators to set options for full, quick, or custom scanning.
Paladin Network Administrator’s Guide 31
31. Schedule. Allows administrators to schedule default or custom scans to be invoked for
all client workstations in a given policy.
Item Actions. Allows administrators to view and assign actions to a comprehensive list
of all spyware items included in the Paladin Spyware Library.
Preventions. Allows administrators to set IP, ActiveX, and zone blocking prevention
settings.
Creating and Managing Policies
To accommodate administrator needs for flexibility and customization, Paladin offers several
options that can be applied when creating and managing policies. From within Policy screen
you can:
Create a Policy
Delete a Policy
Rename a Policy
Copy a Policy
Note It is highly recommended that servers be assigned their own, uniquely-configured policies
separate from those created for workstations. Creating separate policies will provide flexibility
in managing system preventions and scheduling workload-sensitive scan times.
Create a Policy
Before creating a client group, you will need to create the policy for that group.
To create a policy:
1. From the Admin Console toolbar, click Create Policy.
– You can also, from the Policy menu, select Create Policy.
2. Enter a unique, client-specific, name for the new policy.
Delete a Policy
To free up licenses, you may decide to delete a policy. Deleting a policy uninstalls client
software from all client workstations assigned to that policy. You can delete any policies that
you created, however, the Paladin Default policy cannot be removed.
To delete a policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be deleted.
2. On the Policy menu, click Delete Policy.
3. From the displayed dialog, confirm that you want to delete the policy by clicking Delete.
Paladin Network Administrator’s Guide 32
32. – You can also select Reassign. Choosing this option adds all clients from the selected
policy to another policy of your choosing.
Rename a Policy
Rename an existing policy when you wish to change the unique name of a policy, but still retain
your configured preferences and assigned client list.
To rename a policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be renamed.
2. On the Policy menu, click Rename Policy.
3. Enter a new, unique policy name into the provided field.
4. Accept the new policy name by clicking OK.
Copy a Policy
Copying a policy allows you to derive what you have already created in a preexisting policy,
and apply it to a new policy. Once you have copied a policy, the new policy is added to the
Policies module, and the configuration can be adjusted as desired.
To copy a policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be copied.
2. On the Policy menu, click Copy Policy.
3. Enter a new, unique policy name into the provided field.
4. Click OK.
Configuring Policies
Client Tab
Configure settings on the Client tab to determine how Paladin will interact on client
workstations in a policy. Client tab settings will determine the frequency with which the server
checks for, and downloads updates. Additionally, Client tab settings may be configured to send
e-mail alerts when spyware is detected on a workstation. From the Client tab, you may:
Configure Client Settings
Deploy Client Software Updates
Deploy Client Database Updates
Set E-mail Alerts
Paladin Network Administrator’s Guide 33
33. Configure Client Settings
To configure Client settings:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Client tab.
3. Select each Client setting you want applied to the policy.
Options Descriptions
Enable Displays the Paladin taskbar icon on client workstations to notify users
Client UI that the program is running on their PC.
Allow user Gives users at client workstations the ability to start and stop scans.
to start and
stop scan
Detection Provides users with a list of found spyware and related information, I.e.
notifications spyware name, action, etc.
Automatic Allows administrator to specify that automatic updates should occur.
Updates
Definitions Automatically pushes DAT file updates to the client computer from the
server, as specified during the system set up.
– Choose Update Now to manually deploy updates to Client databases.
Client Automatically pushes updates to the client software from the server, as
Software specified during the system set up.
– Choose Update Now to manually deploy client software updates to all
clients in the policy. By selecting this option, the server automatically
pushes the latest client setup file to all Clients in the selected policy, and
executes a silent update install.
Paladin Network Administrator’s Guide 34
34. Configure Allows administrators to send e-mail notifications when spyware of a
E-mail certain severity is detected on a client workstation.
Alerts
4. Click Save.
Note When you click Save it applies your specified settings to every Client in the policy. The
incremental number associated with those changes is displayed in the Policy view under the
Policy Ver column. If a Client's Policy Ver number is lower than the other Clients in the policy, it
needs to be updated. To manually update the client settings for an individual Client, expand the
Policies module, right-click the Client that needs updated, and from the context menu select
Client Actions and then Update Policy.
Deploy Client Software Updates
To manually update Client software:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Client tab.
3. Select Updates.
4. Select Client Software.
5. Click Update All.
– By selecting this option, the server automatically pushes the latest Client setup file to
all Clients in the selected policy, and executes a silent update install.
Deploy Client Database Updates
To manually update the Client database:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Client tab.
3. Select Updates.
4. Select Definitions.
5. Click Update All.
– By selecting this option, the server automatically pushes definition file updates to all
Clients in the selected policy.
Paladin Network Administrator’s Guide 35
35. Set E-mail Alerts
E-mail alerts provide notification that a spyware threat of a certain severity has been found. For
each severity-specific spyware found, a single e-mail is generated. The e-mail alert is sent to all
e-mail addresses listed in a policy’s E-mail Alert dialogue box, and uses the SMTP E-mail
Server specified during system set up. From the E-mail Alert dialogue box you can:
Add An Alert To a Policy
Remove An Alert From a Policy
Add an Alert to a Policy
To accommodate administrator needs for flexibility, Paladin offers several options for e-mail
alerts. For administrators, the Consumerware – And Greater option is recommended, because
it provides alerts for every item of spyware found on the network, from the benign to the severe.
For persons whose job functions do not require extensive knowledge about threats on the
network – for example, business executives who need only know when more severe threats
infiltrate the network – you can set their alerts to an applicable setting, such as High – And
Greater, or Severe – And Greater.
To add an alert to a policy:
1. From the Admin Control panel, expand the Polices module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Client tab.
3. Click Configure E-mail Alerts.
4. In the field provided, enter the e-mail address of the Client you want alerted.
5. From the Severity drop-down, select a severity.
Options Descriptions
Consumerware Consumerware is a term that describes advertising or marketing -
- And Greater supported software that meets and exceeds Aluria’s strict guidelines
for Spyware SAFE Certification. These useful applications, often
given away free, provide value to the end-user, pose no spyware risk,
and are easily and completely removed through Add and Remove
Programs.
Low - And Low severity indicates minor adware. There are no real tracking
Greater issues or system stability issues for low level threats.
Paladin Network Administrator’s Guide 36
36. Guarded - And Guarded severity indicates BHOs and adware. There are some minor
Greater aggregate tracking issues. There are no over very minimal security
concerns, such as causing lockups or crashes on isolated
workstations or unique environments.
Elevated - And
Greater
Elevated severity indicates a high level of Web and usage tracking for
aggregate and other purposes. Security risks are increased, and
include the silent installation of unsafe code.
– Elevated is the default severity.
High - And High severity indicates the possibility of personally identifiable
Greater tracking and system compromising security concerns, including code
that can crash or expose a browser or system to other risks. High
severity spyware may also take advantage of current security
exploits, if present.
Severe - And Severe threats include keyloggers and remote administration tools.
Greater Severe spyware has a very big risk of personal information being
captured and compromised, including passwords, credit card
numbers, and social security numbers.
6. Click Add.
Note When you select a severity, you will receive e-mails for items included in that severity
level, and also, you will receive e-mails for all items of a greater severity than the selected
level. For example, if you select "Elevated - And Greater" you will receive alerts for elevated,
high, and severe items.
Remove an Alert from a Policy
To remove an alert from a policy:
1. From the Admin Control panel, expand the Polices module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Client tab.
3. Click Configure E-mail Alerts.
4. From the E-mail Address list, select the e-mail you want removed.
5. Click Remove.
Paladin Network Administrator’s Guide 37
37. Scan Tab
From the Scan tab, you can choose Full, Quick or Custom, to dictate how Paladin scans client
workstations in a policy. These settings will be invoked at the time specified under the policy
configuration utility’s Schedule tab, and will also be active when you perform a manual scan of
one or more client workstations assigned to that policy.
To configure scan settings:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Scan tab.
3. Select each scan option you want applied to the policy.
Options Descriptions
Full Scans memory, registry, known spyware hot spots, and (all fixed) disk
Scan drives.
Quick Scans known spyware hot spots such as memory, registry, services,
Scan windows directory, program files, and cookies.
Scan Select this option to specify how fast to run a scan on client workstations.
Priority
– The default is Normal, but you may choose from Lowest, Below Normal,
Normal, Above Normal, Highest, and Time Critical.
4. Click Save.
Schedule Tab
From the Schedule tab, to ensure precision in scanning, you can schedule policy-specific scan
times. By specifying the frequency, day, and time of a scan, all clients assigned to a policy will
automatically be invoked to scan for spyware at a predetermined time.
To schedule scan times:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Schedule tab.
3. Select each option you want applied to the scheduling of the policy.
Paladin Network Administrator’s Guide 38
38. Options Descriptions
Frequency Select Daily, Weekly, or Monthly.
Day Select one day a week to scan, or select multiple. Days available include
Monday through Sunday.
Time Type or select the hour and minute.
Scan at Prompts an arbitrary scan any time the client computer reboots.
Startup
4. Click Save.
Item Actions Tab
From the Item Actions tab, you can view a comprehensive list of all spyware items included in
the Paladin Spyware Library. For each item, there is an associated action that can be modified
to reflect administrator preferences. From the Item Actions tab you can:
Assign Actions to Items
View Spyware Items By Action
Assign Actions to Items
By default all items in the Paladin Spyware Library are set to Quarantine, and will be detected
during scans. Some items Paladin detects as spyware might actually be legitimate tools
routinely used by your organization. For example, useful remote access tools like PCanywhere,
AdminMagic and RealVNC are detected because they have spyware-like behaviors associated
with them. To prevent those useful items, needed within your organization, from being detected
in scans, you must trust them. Conversely, items that are patently malicious in nature can be
assigned to automatically delete, bypassing the quarantine stage altogether.
To assign actions to Items:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Item Actions tab.
3. From the displayed list of spyware item detections, select the items you wish to assign
actions to.
Paladin Network Administrator’s Guide 39
39. 4. Use the Quarantine, Delete and Trust buttons to assign actions to the spyware.
Options Descriptions
Quarantine Removes spyware from its found location and stores it in a quarantine
where it can no longer harm the client computer.
Delete Deletes specified items at the moment of detection, directly from the client
computer.
– Please be advised, if you choose Delete, any found spyware that is
associated with this action will be immediately and automatically deleted,
and its files cannot be restored.
Trust Prevents an item from being detected during a scan. This option dictates
that no action will be taken.
5. Click Save.
View Spyware Items By Action
Once you've specified whether items Paladin detects should be quarantined, deleted, or
trusted, you view sorted lists of these items according to their action.
To view spyware items by action:
1. From the Admin Control panel, expand the Policies module, and then select the
policy whose item actions you want to review.
2. In the policy configuration utility, click the Item Actions tab.
3. In the Show ___ Items list, select Quarantined, Deleted, Trusted, or All.
Item Action Details
Under the Item Actions tab, the list displays the following:
Spyware Name. Displays the spyware name. (Gator, About:Blank, BonziBuddy, etc.)
Severity. Displays the severity of the spyware. (Consumerware, Low, Elevated, etc.)
Category. Displays the category to which the spyware belongs. (Adware, Trojan,
Keylogger, etc.)
Action. Displays the associated action. (Quarantine, Delete, or Trust.)
Paladin Network Administrator’s Guide 40
40. Preventions Tab
Paladin’s Internet prevention features provide unparalleled, real-time protection for clients in
your network. These features notify end users about Web sites that are malicious in nature,
and prevent spyware installation on your network by proactively monitoring the file system and
registry for activity. From the Preventions tab you can:
Enable Internet Preventions
Enable System Preventions
Enable Internet Preventions
When Internet Preventions are enabled, if a user browses a site that Paladin has tagged as
restricted, the Internet Explorer Restricted sites icon (ICON) will display in the user’s task tray.
Any actions outside of tagging are based on the user’s Internet Explorer security
configurations. For example, if a user wishes to disallow ActiveX applications, this can not be
done through Paladin; It must be specified through the Internet Explorer security settings.
Note Paladin’s Internet preventions (including restricted IP ranges and restricted zones) only
work with Internet Explorer.
To enable Internet preventions:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Preventions tab.
3. Select the Internet Preventions check box.
Once you have enabled Internet Preventions, you can further modify your settings by editing
restricted IP ranges and restricted zones.
Restricted IP Ranges
There are many Web sites that secretly host spyware, and while client users may not visit them
intentionally, they may be unwillingly redirected by scripts running in the background,
misleading textual references, or deceptive pop-ups. Visiting malicious Web sites compromises
your network security by allowing client workstations to be attacked by spyware. To prevent
spyware infection, Aluria has created a list of Web sites known to engage in malicious activity.
As an administrator, you can choose to block any or all of these sites.
To block IP ranges:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Preventions tab.
3. Select the Internet Preventions check box.
4. Click Edit Restricted List.
Paladin Network Administrator’s Guide 41
41. 5. Under the Restricted IP Ranges tab, from the Available IP list, select the IP(s) that
you want blocked.
– You may select the entire list by clicking Select All.
6. Click Add.
7. Click Apply.
– Once added, IPs you’ve selected for blocking will appear in the Restricted IP list. To
unblock any IPs in the Restricted IP list, select the IPs you no longer want blocked,
press Remove, and then press Apply.
Restricted Zones
Some Web sites provide beneficial content, but run unnecessary, malicious scripts in the
background, set unwanted cookies, or put forward harmful ActiveX controls. Aluria has created
a list of these Web sites so administrators may block their restricted zones, allowing end users
the ability to visit listed Web sites without risking infection.
To block restricted zones:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Preventions tab.
3. Select the Internet Preventions check box.
4. Click Edit Restricted List.
5. Under the Restricted Zones tab, from the Restricted Zones list, select the URLs that
you want blocked.
– You may select the entire list by clicking Select All.
6. Click Add.
7. Click Apply.
– You may also block a URL that is not on Paladin's pre-populated list of zones by
typing the URL into the provided field, clicking Add, and then Apply.
– Once added, zones you have selected for blocking will appear in the Restricted Zones
list. To unblock any zones in the Restricted Zones list, select the zones you no longer
want blocked, click Remove, and then Apply.
Paladin Network Administrator’s Guide 42
42. Enable System Preventions
To enable system preventions:
1. From the Admin Control panel, expand the Policies module, and then select the
policy to be configured.
2. In the policy configuration utility, click the Preventions tab.
3. Select the System Preventions check box.
Once you have enabled Internet Preventions, you can further modify your settings by enabling
ADS.
ADS
ADS is a kernel-level driver that proactively protects the system from spyware. By including
ADS in a policy, the Client will notify you before the spyware is installed, and then automatically
quarantine or delete the spyware, depending on your policy settings.
Note Some items ADS detects as spyware might actually be legitimate tools routinely used by
your organization.
Paladin Network Administrator’s Guide 43
43. Managing Clients and Items
Client Management
Adding and Deploying Clients
Once you have created a policy, you can assign workstations to it. After you have assigned
workstations to a policy, the Client service is automatically pushed down to those computers
where it will install all necessary files needed to run the service. Pending a successful install,
the server will send the latest syg.dat definition file to client workstations.
Aluria recommends that you configure all policy settings before adding and deploying
Clients. This will ensure that all client workstations have properly configured policy settings at
the time of deployment.
Note File and printer ports must be enabled for successful deployment. Windows XP SP2
users who have the Windows Firewall turned on do not have these ports automatically enabled.
You will need to manually enable them in Windows before deploying in Paladin.
To manually enable file and print sharing (XP SP2 users):
1. From the Windows taskbar, select Start and then Control Panel.
2. From the Control Panel, click Windows Firewall, and then select Off.
3. On the displayed dialog, click the Exceptions tab.
4. Select File and Printer Sharing.
5. Click OK.
About Firewalls
To successfully run Paladin, you need to allow traffic to go through the ports you specified
during the installation of the Paladin Server. If you have a firewall on your server, you must
make the port number associated with the server an "exception" to the firewall, to allow
inbound communication. You must also allow both TCP and UDP communication prototypes.
Client Firewalls
Paladin uses port 2001 on the Client to communicate with the Server. In order for the Client to
send messages to the Server, the firewall on the Client system must allow traffic to pass
through. The port will be an "exception" to the firewall. You must also allow both TCP and UDP
communication prototypes.
To add Clients to a policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy you want the Client added to.
2. From the Policy screen, click Add.
– You may also, from the Policy menu, select Add Computers.
Paladin Network Administrator’s Guide 44
44. 3. Using the Network Browser, select the computers you wish to add to the policy.
– If you cannot find a specific computer in the displayed list, you can search for it by
entering the computer’s Domain and IP address into the provided fields, and then click
Add.
4. Click OK.
Manually Deploying Clients
If the automatic Client deployment fails, you can manually deploy the Client. Or, if you want to
deploy a client on a machine running 98 SE, your only option for installation is manual. There
are two options for manual deployment:
Client Actions Deployment
Create Install Files Deployment
Note You can use a policy’s client list to determine if the client install was successful by
observing the Status column. If Client software has been successfully deployed on a computer,
the status will be “Installed.” If a workstation was added to the policy, but the Client install was
unsuccessful, the status will be “Not Installed.”
Client Actions Deployment
Choose this option for your first attempt at manual deployment.
Note this type of deployment will not work for Windows 98. You will need to use the Create
Install Files deployment instead.
To manually deploy a Client using Client Actions:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the workstation that needs client deployment.
2. From the Policy client list, right-click the Client whose status is “Not Installed.”
3. From the context menu, select Client Actions, and then Deploy.
– You may also, from the Policy menu, select Deploy Clients. Use the Network
Browser to select the workstations you want clients deployed to,
– If you cannot find a workstation in the displayed list, you can search for it by entering
its Domain and IP address into the provided fields, and then click Add.
4. Click OK.
Create Install Files Deployment
Choose this option if your Client Actions Deployment fails and/or if you are running Windows
98.
Paladin Network Administrator’s Guide 45
45. To manually deploy a Client using Create Install Files:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the workstation that needs the Client deployment.
2. From the policy's client list, right-click the Client whose status is “Not Installed.”
3. From the context menu, select Create Install Files.
4. Click Create, Append or Overwrite.
Options Descriptions
Create Choose this option if the installer file you want to deploy does not exist.
Choose this option if there is an existing ClientConfig.ini file and you want to
Append
add new clients to it.
Choose this option if there is an existing ClientConfig.ini file that you do not
Overwrite
want appended; this option creates a new file.
5. Copy ClientSetup.exe and ClientConfig.ini from C:<paladin server installation
directory>Installer”name of policy” to a network share that is accessible to the
uninstalled computer.
– You can, on the Manual Installer dialog, click the hotlink to take you to the installer
directory.
6. Run ClientSetup.exe from each client computer.
– Client.ini and the Clientsetup.exe must be in the same directory for the manual install
to complete.
– Upon successful installation, a message will be sent to the server indicating that the
client install has completed.
Removing and Reassigning Clients
As an administrator, you have the option to delete Clients from policies. You may also reassign
Clients from one policy to another.
Removing Clients from Policies
To remove Clients from a policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client you want removed.
Paladin Network Administrator’s Guide 46
46. 2. From the policy’s client list, select the Client for removal.
3. From the Policy screen, click Remove.
– You may also, from the Policy menu, select Remove Computers, or you can right-
click on a client and then from the context menu, select Remove and then Uninstall
Client.
4. Click OK.
Note You should choose Remove only for Clients who were successfully deployed. If the
deployment was successful, the Client Status will display "Installed."
Removing Clients from Client Lists
If a workstation was added to the policy, but the Client install was unsuccessful, the status will
be “Not Installed.” Removing Clients whose status is "Not Installed" will remove the Client from
the policy's client list, thereby freeing up licenses.
To remove Clients from a client list:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client you want removed.
2. From the policy’s client list, right-click the Client for removal.
3. From the context menu, select Remove and then Remove From List.
4. Click OK.
Note You should choose Remove From List only for clients whose status is "Not Installed."
Additionally, because this version of Paladin automatically installs the ADS kernel-level driver, it
is not recommended that you repeatedly uninstall Clients.
Reassigning Clients
To reassign a Client to another policy:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client you want reassigned.
2. From the policy’s client list, select the Client to be reassigned.
3. From the Policy screen, click Reassign.
– You may also right-click on a client and from the context menu, select Client Actions
and then Reassign.
4. In the Policy Reassign dialog, select the policy you want the Client reassigned to.
5. Click OK.
Paladin Network Administrator’s Guide 47
47. Scanning Client Workstations
A policy’s Scan and Schedule tab settings dictate the extent of, and frequency with which
scans will be performed on all workstations in that policy. To scan one or more workstations in
a policy, you may do so by performing a manual scan.
To manually scan client workstations for spyware:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the client(s) you want scanned.
2. From the policy’s client list, select the client workstation(s) to be scanned.
3. From the Policy screen, click Scan.
– You may also, from the Policy menu, select Scan Computers, or you can or you can
right-click on the workstation(s) and from the context menu, select Client Actions and
then Scan..
4. Select either Quick Scan or Full Scan.
5. Click OK.
Starting, Stopping and Refreshing Clients
Once you have created a policy and assigned workstations to it, you can perform some
miscellaneous troubleshooting-type functions to help administer your Clients. With Client
Actions you can:
Refresh Status
Start Service
Stop Service
Refresh Status
If you want to see the latest status of a particular Client, use Refresh Status. Refresh Status
sends a message to the Client service (Aeliminator) to get the most current status, whether
Installed or Uninstalled. This information is displayed in the Policy View under the Status
column.
To refresh status:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client that needs refreshed.
2. From the policy view, right-click the Client.
3. From the context menu, select Client Actions and then Refresh Service.
4. Click OK.
Paladin Network Administrator’s Guide 48
48. Start Service
Occasionally a Client service may stop running. You can run Start Service to remotely start the
anti-spyware service (Aemliminator) running on the selected client(s).
To start service:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client that needs started.
2. From the policy view, right-click the Client.
3. From the context menu, select Client Actions and then Start Service.
4. Click OK.
Stop Service
From time to time you may decide to stop the Client service (Aeliminator) from running. You
can run Stop Service to remotely stop Aeliminator from running on the selected client(s).
To stop service:
1. From the Admin Control panel, expand the Policies module, and then select the
policy that contains the Client that needs stopped.
2. From the policy view, right-click the Client.
3. From the context menu, select Client Actions and then Stop Service.
4. Click OK.
Item Management
Quarantining Items
By default, all items included in the Paladin Spyware Library are set to Quarantine. You can
choose not to quarantine selected items by setting actions under the policy configuration
utility's Item Actions tab. For your convenience, items you have elected not to quarantine may
be reset to quarantine, for further review, at any time.
Quarantining Items - By Item
To quarantine items on an item-by-item basis:
1. From the Admin Control panel, expand the Events module, and then select By Item.
2. From the Items screen, select item you want to manage.
3. From under the Trusted tab, select Quarantine.
Quarantining Items - By Client
To quarantine items on a client-by-client basis:
Paladin Network Administrator’s Guide 49
49. 1. From the Admin Control panel, expand the Events module, and then select By
Client.
2. From the Items screen, select item you want to manage.
3. From under the Trusted tab, select Quarantine.
Unquarantining Items
Paladin allows Administrators to manage quarantined items by providing options to
unquarantine those items you want detected in future scans. Depending on your preferences,
you may want to unquarantine items on an item-by-item or client-by-client basis.
Unquarantining Items - By Item
To manage quarantined items on a by item-basis:
1. From the Admin Control panel, expand the Events module, and then select By Item.
2. From the Items screen, select item you want to manage.
3. From under the Quarantined tab, select Unquarantine.
Unquarantining Items - By Client
To manage quarantined items on a by item-basis:
1. From the Admin Control panel, expand the Events module, and then select By
Client.
2. From the Clients screen, select item you want to manage.
3. From under the Quarantined tab, select Unquarantine.
Deleting Items
Because quality identification and safe removal of deep-rooted, dangerous spyware is critical to
network security, you can review and choose to delete malicious items on either an item-by-
item or client-by-client basis.
Delete Items - By Item
To delete items on an item-by-item basis:
1. From the Admin Control panel, expand the Events module, and then select By Item.
2. From the Items screen, select item you want to manage.
3. From under the Quarantined tab, click Delete.
- You can also, for items that aren't in quarantine, from under the Trusted tab, click
Delete.
Paladin Network Administrator’s Guide 50
50. Delete Items - By Client
To delete items on a client-by-client basis:
1. From the Admin Control panel, expand the Events module, and then select By
Client.
2. From the Clients screen, select item you want to manage.
3. From under the Quarantined tab, click Delete.
- You can also, for items that aren't in quarantine, from under the Trusted tab, click
Delete.
Spyware Library
Aluria's massive spyware database is constantly updated to provide administrators with the
most up-to-date spyware signatures and profiles. Paladin's Spyware Library provides quick
reference about thousands of spyware detections. For each item listed in the Spyware Library,
its associated details are also displayed. The Spyware Library screen displays the following:
Spyware Item. Displays the spyware name. (Gator, About:Blank, BonziBuddy, etc.)
Category. Displays the category to which the spyware belongs. (Adware, Trojan,
Keylogger, etc.)
Publisher. Displays the publisher of the spyware.
URL. Displays the URL that is associated with the spyware.
Note The Spyware Library's Profile tab includes additional information for you to distinguish a
spyware item's category, severity, recommended actions, publisher and URL.
Viewing Spyware Library Details
To view items in the Spyware Library:
1. From the Admin Console toolbar, select Spyware Library.
2. From the Items screen, select the spyware whose details you want to view.
3. Review details associated with the spyware by clicking the Profile, Quarantined,
Deleted and Trusted Item tabs.
Viewing Events
Viewing Events By Client
Paladin provides several options for viewing spyware activity on your network. From the Client
list, you can view all Clients and policies and their associated scan results history. To view the
Client list, from the Admin Control panel, expand the Events module and then select By
Client.
Paladin Network Administrator’s Guide 51
51. Client List
The Client list overview displays the following:
Policy. Displays the policy the client workstation belongs to.
Domain. Displays the domain a client workstation belongs to.
Client Name. Displays the computer name associated with the client workstation.
Status. Displays the Client status, whether Installed or Not Installed.
Last Found. Displays the date and time of the last item found.
Client Ver. Displays the version of the client software that is installed on the
workstation.
Definition Ver. Displays the version of the DAT file that resides on the client
workstation.
Client List Details
To view items found by Client:
1. From the Admin Control panel, expand the Events module, and then select By
Client.
2. From the Client list, select the client whose scan results you want to view.
3. Review details associated with scan results by clicking the History, Quarantined,
Deleted, Trusted and Exceptions tabs.
Tabs Descriptions
History Provides a scan history overview with displays for Scan Date, Spyware
Item, Component(s), Category, and Action.
Quarantined Displays Scan Date, Spyware Item, Component(s) and Category details
for items that have been quarantined.
Deleted Displays Scan Date, Spyware Item, Component(s) and Category details
for items that have been deleted.
Trusted Displays Scan Date, Spyware Item, Component(s) and Category details
Paladin Network Administrator’s Guide 52
52. for items that have been trusted.
Exceptions Displays operational error information including the related Scan
Date/Time, Spyware Item, Component, Path, and Possible Cause.
Note In addition to viewing details, under the Quarantined and Trusted tabs, you can also
unquarantine or delete found spyware on a client-by-client basis.
Viewing Events By Item
From the Items list you can view all found items and their associated scan results history
(whether they were quarantined, deleted, trusted, etc.) To view the Items list, from the Admin
Control panel, expand the Events module and then select By Item.
Items List
The Items list overview displays the following:
Spyware Item. Displays the spyware name. (Gator, About:Blank, BonziBuddy, etc.)
Category. Displays the category to which the spyware belongs. (Adware, Trojan,
Keylogger, etc.)
Publisher. Displays the publisher of the spyware.
URL. Displays the URL that is associated with the spyware.
Items List Details
To view found items and their related details:
1. From the Admin Control panel, expand the Events module, and then select By Item.
2. From the Client list, select the item whose scan details you want to view.
3. Review details associated with the item by clicking the Profile, Quarantined, Deleted,
Trusted and Other tabs.
Tabs Descriptions
Profile Provides an item overview with Category, Severity, Recommended Action,
Publisher and URL details.
Quarantined Displays Scan Date, Client Name, Component(s) and Category details for
Paladin Network Administrator’s Guide 53
53. items that have been quarantined.
Deleted Displays Scan Date, Client Name, Component(s) and Category details for
items that have been deleted.
Trusted Displays Scan Date, Client Name, Component(s) and Category details for
items that have been trusted.
Other Displays operational error information including the related Scan
Date/Time, Client Name, Component, Path, and Possible Cause.
Paladin Network Administrator’s Guide 54
54. Monitoring Network Activity
About Reports
With Paladin reporting tools, administrators can easily identify spyware patterns and address
specific infection points across a network. Because all Paladin configurations, definitions, and
logs are stored on the central server, administrators have the convenience of monitoring
spyware threats on the network in real-time. The Paladin Server has the functionality to view
log files in many formats, and offers administrators the flexibility to manipulate data to provide
custom reports based on specific criteria. Leveraging Active Reports, Paladin provides seven
pre-formatted reports including:
Network Activity. Provides a list view of machines and includes displays for Scan
Type, Start Time, End Time, and Items Found.
Spyware Activity. Provides a list view of threats found on the network, and includes
displays for Spyware Item, # Components, Date Detected, and Action.
Infected Machines - Summary. Provides a list view of all infected machines, and
includes displays for Client Name and # Unique Spyware Items.
Infected Machines - Detail. Provides a list view of all infected machines, and includes
displays for Spyware Item and # Components.
Top Ten Machines - Spyware Detected. Provides a list view of the top infected
machines, and includes displays for Client Name and # Unique Spyware Items.
Machine History. Provides a list view of threats by workstation, and includes displays
for Spyware Item, Category, # Components, Date Detected, and Action.
Threats Found - Summary. Provides a list view of all found threats, and includes
displays for Spyware Item, # Components, and Severity.
Threats Found - Detail. Provides a list view of all found threats, and includes displays
for Spyware Item, Client Name, # Components, and Severity.
Executive Summary. Displays Infected vs. Uninfected, Severity of Spyware Items
Found, Number of Spyware Items by Category, Top Ten Spyware Items Found, and
Top Ten Infected Clients.
Note For every report that you generate, you must specify a date range to run the report
against. To specify a date range, from a report screen, in the From and To fields select your
desired dates.
Paladin Network Administrator’s Guide 55
55. Report Options
The Reports screen toolbar offers functionality options that you can use when reviewing your
reports. The toolbar includes the following:
Options Descriptions
Table of Contents. Provides a point of reference for navigating a
report.
Print. Prints the active report.
Copy. Creates a duplicate copy of the active report.
Find. Searches the active report.
Single Page View. Displays the active report in a single page view.
Multiple Page View. Displays multiple pages all at once in the active
report.
Zoom Out. Decreases the display of a report to show more of the
document.
Zoom In. Increases the display of a report for closer examination.
Zoom drop-down. Modifies the display of the report to either
increase or decrease the view as selected.
Previous Page. Navigates back one page.
Paladin Network Administrator’s Guide 56
56. Next Page. Navigates forward to the next page.
Current Page Number. Displays the number of the current page.
Backward. Navigates back one page.
Forward. Navigates forward to the next page.
Exporting Reports
Reports help administrators analyze activity on their network. Paladin makes exporting these
reports simple.
To export a report:
1. From the Admin Control panel, expand the Reports module, and then select the
report you wish to export.
2. Specify the date range for the report you wish to view in the From and To fields.
3. Click View.
4. Once the report has displayed, click Export.
5. In the Save As dialog, navigate to the location where you want the report saved.
6. Enter a file name in the provided field.
7. Select a file format type.
– You can select from Microsoft Excel (.xls), Rich Text Format (.rtf), TIFF (.tiff), Microsoft
Excel Data Only (.xls), and Adobe Acrobat (.pdf)
8. Click Save.
Paladin Network Administrator’s Guide 57
57. Network Activity
The Network Activity report provides a list of threats found on the network. The information
displayed includes Scan Type, Start Time, End Time, and Items Found.
To view a Network Activity report:
1. From the Admin Control panel, expand the Reports module, and then select
Network Activity.
2. Specify a date range in the From and To fields.
3. Click View.
Spyware Activity
The Spyware Activity report provides a list of threats found on the network. The information
displayed includes Spyware Item, # Components, Date Detected, and Action.
To view a Spyware Activity report:
1. From the Admin Control panel, expand the Reports module, and then select
Spyware Activity.
2. Specify a date range in the From and To fields.
3. Click View.
Infected Machines - Summary
The Infected Machines - Summary report provides a list of all infected machines in a policy.
The information displayed includes Client Name and # Unique Spyware Items.
To view an Infected Machines - Summary report:
1. From the Admin Control panel, expand the Reports module, and then select Infected
Machines - Summary.
2. Specify a date range in the From and To fields.
3. Click View.
Infected Machines - Detail
The Infected Machines - Detail report provides a list of all infected machines within a policy.
The information in this report is more detailed than in the Infected Machines Summary report.
The information displayed includes Spyware Item and # Components.
To view an Infected Machines - Detail report:
1. From the Admin Control panel, expand the Reports module, and then select Infected
Machines - Detail.
2. Specify a date range in the From and To fields.
Paladin Network Administrator’s Guide 58
58. 3. Click View.
Top Ten Machines – Spyware Detected
The Top Ten Machines - Spyware Detected report provides a list of all the top infected
machines in a policy. The information displayed includes Client Name and # Unique Spyware
Items.
To view a Top Ten Machines – Spyware Detected report:
1. From the Admin Control panel, expand the Reports module, and then select Top Ten
Machines – Spyware Detected.
2. Specify a date range in the From and To fields.
3. Click View.
Machine History
The Machine History report provides a list of threats by workstation. The information displayed
includes Spyware Item, Category, # Components, Date Detected, and Action.
To view a Machine History report:
1. From the Admin Control panel, expand the Reports module, and then select
Machine History.
2. Specify a date range in the From and To fields.
3. Click View.
Threats Found - Summary
The Threats Found - Summary report provides a list of all found threats within a policy. The
information displayed includes Spyware Item, # Components, and Severity.
To view a Threats Found - Summary report:
1. From the Admin Control panel, expand the Reports module, and then select Threats
Found - Summary.
2. Specify a date range in the From and To fields.
3. Click View.
Threats Found - Detail
The Threats Found - Detail report provides a list of all found threats within a policy. The
information in this report is more detailed than in the Threats Found -. Summary report. The
information displayed in this report includes Spyware Item, Client Name, # Components, and
Severity.
To view a Threats Found - Detail report:
1. From the Admin Control panel, expand the Reports module, and then select Threats
Found - Detail.
Paladin Network Administrator’s Guide 59
59. 2. Specify a date range in the From and To fields.
3. Click View.
Executive Summary
The Executive Summary provides a high level overview of spyware activity on your network.
The information displayed includes Severity of Threats Found, Infected vs. Uninfected,
Spyware Items by Category, Top Ten Spyware Items, and Top Ten Infected Clients Per
Spyware Item.
To view an Executive Summary report:
1. From the Admin Control panel, expand the Reports module, and then select
Executive Summary.
2. Specify a date range in the From and To fields.
3. Click View.
Paladin Network Administrator’s Guide 60