Online criminals hate us. We protect you from attacks that antivirus can't block.

Dashboard Features: Group Policy Overview

This article sets the guidelines for navigating the Group Policy interface.

The article will be structured in 4 segments, which illustrate and explain each feature:

  1. Group & Misc Settings
  2. Traffic Scanning
  3. Patching System
  4. Malware Engine

1.jpg

 

Group & MISC SETTINGS

This feature allows the user to add this GP to a specific AD Group.

2.jpg

The AD Computer Group is the AD Group where all the machines are. This way, whenever that machine comes online only the policy will be applied.

The AD User Group is the AD Group where the all the users are. This way, whenever that user logs onto a computer, the policy begins to be applied.

Policy check interval and Licensing check interval - These features also checks if the policy is applied correctly on the machines. This option is designed to push the policy on all the computers an interval set previously. This way, the policy will also be applied to the machines that were offline when a change was made in the dashboard.

 

Include in Release Candidate Program - This feature, once enabled, it will update the current version of Heimdal CORP to BETA (Release Candidate) version. This will happen only on the machines that are using the Group Policy where this option was checked.

Do not show GUI - This feature is designed to offer the possibility to deploy Heimdal Security without GUI (Graphical User Interface) or to deploy the Beta version/RC of Heimdal Security.

Note: We recommend everyone running Heimdal on Terminal Servers or Citrix servers to make sure that "Do not show GUI" is checked before the entire policy (Heimdal Security installation included) is set to be deployed.

Enforce uninstall password – This feature allows to set up a password that will be required when uninstalling Heimdal CORP from one of the machines are related to this Group Policy. 

Synchronize with the time server – This feature will run two silent commands that will keep the time on the server up to date. These commands will run in the background every time Heimdal CORP Scans the machine. The commands are:

w32tm /resync

net time /set /y 

In order for all the changes made to take effect, remember to click on the Update button in the Bottom left side.

Traffic Scanning

2018-01-09_15-52-21.jpg

This section of the Group Policy is designed to administrate the Traffic Filtering engine embedded in Heimdal Security.

By enabling the Traffic Filtering, Heimdal Security will add the DNS 127.7.7.x to the network adapter’s IPv4. This is basically the network filter that will protect the computer from getting infected.

1. Check Interval - by using this feature, you can adjust the time for Heimdal Security to initiate a network scan.

2. Enable High Compatibility Mode - If enabled, this feature will remove 127.7.7.x from the NIC Card when: the PC is rebooted, the PC goes into Sleep Mode, the PC Shuts Down, the PC Hibernates. This option was introduced to fix some minor problem. (We recommend you to contact support before enabling this option)

3. Automatically Disable Traffic Filtering - If Heimdal can’t connect to the cloud servers from your location, Traffic Filtering won’t work properly. This may disconnect your PC from the Internet. To avoid this, you can choose to automatically disable Traffic Filtering. Heimdal will re-enable the feature when it can reconnect to the cloud servers.

4. Use default loopback address: Once checked, DarkLayer GUARD will set your DNS to 127.0.0.1 instead of 127.7.7.x. It will also set ::1 as your loopback address for IPv6. This will enforce DarkLayer HUARD to intercept traffic from a single adapter. This setting helps ensure compatibility between Heimdal CORP and certain VPN products, as well as other software you may use, such as virtualizations products.

5. Enable domains whitelist – This feature allows the user to whitelist a domain that Heimdal Security blocks the access to it due to being suspicious. The domain can be added in the field that appears once the feature is ticked and press adds to whitelist it.

You also have the possibility to upload a CVS file with multiple domains (divided by "," comma).

Example:

facebook.com, youtube.com, amazon.com. That way these domains will be accessible by all machines that are part of the Group Policy. 

The domain can be removed from the whitelist by clicking on the red X next to it.  It will automatically become blacklisted again once this is done.

6. Enable domains blacklist - This feature allows the user to blacklist a domain that Heimdal Security does not consider a threat. Perhaps you want to prohibit access to a specific domain in your environment. You can use this option to block it. You can add the domain to the field that appears once your tick the feature. Just click on “add” to blacklist it.

 

You also have the possibility to upload a CVS file with multiple domains (divided by "," comma).

Example:

facebook.com, youtube.com, amazon.com. That way these domains will be not accessible by all machines that are part of the Group Policy. 

You can remove the domain from the blacklist by clicking on the red X next to it.  It will automatically become whitelisted again once this is done.

7. Enabled custom block pages – This feature allows you to add a custom HTML page that will be displayed when Heimdal blocks a domain instead the one showen by Heimdal Security.

8. Enable proxy settings – This feature is designed to install Heimdal Security if the user uses a specific proxy server by adding the needed information in the fields displayed. For more information how to set it up please click HERE.

2018-01-09_16-46-26.jpg

9. Force DHCP DNS usage - If enabled, this feature will make sure you will always have the NIC Card set to automatic DNS in case Heimdal fails to add 127.7.7.x on the NIC Card. This option is recommended to be enabled is: 

a. You are using VPN connections in your organization

b. Nobody from your organization uses Static IP.

(We recommend you to contact support before enabling this option)

10. Enable VectorN detection lockdown - this option is recommended to be enabled only if you also have enabled High Compatibility Mode. If enabled, this option will override the High Compatibility Mode option and 127.7.7.x will never be removed from the NIC Card. This option was introduced for users that have the High Compatibility Mode enabled, but Heimdal detects a malware pattern on the machine and locks down any gate for this malware, including at reboot, shut down when the user is exposed if he has the High Compatibility Mode option on. 

11. Cisco Anyconnect IPv6 compatibility mode - Enabling this feature will reroute traffic from IPv6 to IPv4 on a Cisco Anyconnect adapter, to solve a known bug in Cisco Anyconnect IPv6 filtering.

Patching System

By enabling the Patching System, it will allow the user to install or update on all the computers that are added to the Group Policy a specific software from the list.

2018-01-09_16-53-58.jpg

In order for all the changes made to take effect, you have to click the Update button in the Bottom left side.

The patching system offers the following actions:

  • The user can select to install and update a specific software on the computers from the GPO
  • The user can select to monitor the software without letting Heimdal patch them automatically. This can be done just by marking the checkbox called "Enable this module" 
  • The user can select to install a specific version of the software if it's required by the system.
  • The user can select to only update a specific software on the computers from the GPO. This implies that the software selected is already installed on the machines.
  • The user can select to only install a specific software on the computers from the GPO. This will only install the latest version of the selected software but will not update it if a new version of it will be released.
  • The user can select to update all the pieces of software by checking the option Keep All Up to date. This option will select all the pieces of software and will update them if they are found on the machines that use the Group Policy. Also, it will gray out and will not allow any modifications or exclusions.
  • The user can use the option USER INSTALLATION ALLOWED – This feature will allow the user to install by himself a piece of software that has this option checked in the Group Policy.
  • The user can select a specific day of the week when Heimdal to install the updates

Screenshot_4.png

  • The user can select a one or more days in month when Heimdal to install the updates

Screenshot_5.png

  • The user can select a certain period of the day or exclude a certain period of the day when the patches to be applied. 

Screenshot_3.png

 

Note: If Select All for Install is enabled, when we add new software in Heimdal, they will be automatically installed on your machines. 

10. Lockdown a certain software version

The Group Policy also allows you to select a certain version of a software and lock it down. That means Heimdal will not update it anymore.

Note:  If you have a higher version installed and you lock down a lower version, Heimdal will not be downgraded, but if you have a lower version of the software and you lock down a higher version, Heimdal will update that software to the version you selected. 

Screenshot_1.png

 

11. Delay a Patch

Last but not least is the Delay option.

This option offers you the possibility to delay a patch with 1, 3, 7 or 15 days. That means the patch will be applied to your machine after 3 days since we added in Heimdal.

Screenshot_2.png

 

12. Uninstall Applications

Another feature that the patching system offers is the Uninstall Applications.

This feature allows the user to:

  1. Uninstall a specific application by writing its name in the field and pressing Add or Enter.

For example, maybe you need to remove Classic Shell from all the machines.

In this case, you need to add the full name of the application in the field and press Add or Enter.

Important notes:

  • If the “Starts with” option is selected before pressing Add, Heimdal will uninstall everything from the computer that begins with the word “Classic”. That is why you should know exactly what software needs removing. An example will be Classic Shell x32. That way, you can ensure that Heimdal will only remove the software Classic Shell 32 bits.
  • If you need to remove a software app from the Patching system from all the computers, then you need to make sure that the option to ”Install” or “Update” is not selected in order for it to work.

For example: If you have to remove Adobe Reader from all the machines and by adding the name Adobe Reader in the Uninstall Application  field and pressing Add/Enter gives the following error:

Then that happens because, in the patching system, Adobe Reader is still selected to perform one of the following actions: Install or Update. Removing these actions will allow the software to be uninstalled.

        2. This feature allows uninstalling software that is not on the Patching System list. It can be any other software from the computer. As mentioned previously, you have to write the full name of the software (as it appears in Control panel) before pressing Add.

 For more information about this feature please click HERE.

In order for all the changes made to take effect, remember to click on the Update button in the bottom left side.

Malware Scanning

This feature is designed to periodically scan the system for malware. For more information regarding this feature and what it does, please download and read the latest whitepaper that can be found HERE

In order for all the changes made to take effect, remember to click on the Update button in the Bottom left side.

 

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.