Overview
This article provides information on setting up which Applications from a particular Scanning Profile will trigger an alert during a scan. This allows configuring LanGuard to detect and report unauthorized software installed on scanned targets and generating high-security vulnerability alerts whenever such software is detected.
Process
- Launch the LanGuard console.
- Go to Configuration > Scanning Profile Editor. Alternatively, press CTRL + P to launch the Scanning Profiles Editor.
- Go to Network & Software Audit Options and select the Applications tab.
- Choose the appropriate action needed from the list of options on the table below:
Option Description Scanning installed applications By default, LanGuard also supports integration with particular security applications. These include various antivirus and antispyware software.
During security scanning, GFI LanGuard checks the correct configuration of virus scanner(s) or antispyware software and that the respective definition files are up to date.
Application scanning is configurable on a scan profile by a scan profile basis. All the configuration options are accessible through the Unauthorized Applications and the Advanced Options in the Applications tab.
Enabling/disabling checks for installed applications - Go to Unauthorized Applications.
- Select the appropriate scanning profile from the left pane under Profiles.
- Select the Enable scanning for installed applications on the target computer(s) checkbox.
Installed applications scanning are configurable on a scan profile by scan profile basis. Make sure to enable installed applications scanning in all profiles where this is required.
Compiling installed applications blacklist/white–list - Go to Unauthorized Applications.
- Select the appropriate scanning profile from the left pane under Profiles.
- From the right pane, select the Enable scanning for installed applications on target computer(s) checkbox and specify the applications that are authorized for installation:
- Only the applications in the list below - Specify names of applications that are authorized for installation. These applications will be ignored during a security scan.
- All applications except the ones in the list below - Specify the names of the applications unauthorized for installation. Applications not in this list will be ignored during a security scan.
- In the Ignore (Do not list/save to db) applications from the list below options, key in applications by clicking Add. Any application listed is whitelisted.
Add only one application name per line.
Advanced application scanning options GFI LanGuard ships with a default list of antivirus and antispyware applications that can be checked during security scanning.
The Advanced Options tab enables you to configure when LanGuard generates high-security vulnerability alerts if it detects certain configurations of a security application.
Alerts are generated when:
- No antivirus, antispyware, or firewall is detected.
- A fake antivirus or antispyware is detected.
- Antivirus or antispyware definitions are not up to date.
- Antivirus or antispyware real-time monitoring is turned off.
- Antivirus or antispyware product is expired.
- Antivirus or antispyware product detects malware on the scanned computer(s).
- A firewall is disabled.
- HTTP/FTP times out when checking for product updates on remote sites. This option generates an alert if the number of seconds defined for timeout is exceeded.
Enabling/disabling checks for security applications To enable checks for installed security applications in a particular scanning profile:
- Click Advanced Options.
- Select the appropriate scanning profile from the left pane under Profiles.
- Select the Enable scanning for installed applications on the target computer(s) checkbox.
- Select the Enable full security applications audit for agent-less scans checkbox.
- Agent-less scans temporarily run a small service on the remote computers in order to retrieve the relevant information.
- Security application scanning is configurable on a scan profile by a scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.
- The number of supported security applications is constantly updated. Click the link available in order to get the latest version of the list. Configuring Security Applications - advanced options.
To configure alerting triggers for installed security applications in a particular scanning profile:
- Click the Advanced Options.
- Select the appropriate scanning profile from the left pane under Profiles.
- Select the Enable scanning for installed applications on the target computer(s) checkbox.
- Select the Enable full security applications audit for agent-less scans checkbox.
- From the bottom-right pane, select the trigger you want to configure and choose between Yes or No from the drop-down menu next to the respective alert trigger.
Security application scanning is configurable on a scan profile by a scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.
Related Articles
- Creating and Personalizing a Scanning Profile
- Configuring Vulnerabilities with Scanning Profile Editor
- Configuring Patches with Scanning Profile Editor
- Configuring TCP/UDP Port Scanning Options with Scanning Profile Editor
- Configuring Device Scanning Options with Scanning Profile Editor
- Configuring System Information Options with Scanning Profile Editor