SonicWALL Capture Client User guide

  • Hello! I am an AI chatbot trained to assist you with the SonicWALL Capture Client User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
SonicWall
®
Capture Client 1.5
User Guide
SonicWall Capture Client 1.5 User Guide
Contents
1
2
About Capture Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Capture Client User Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Dashboard Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
User Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Device Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Threat Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Capture ATP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Trusted Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 17
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Contents
SonicWall Capture Client 1.5 User Guide
About Capture Client
1
3
About Capture Client
SonicWall
®
Capture Client is a unified client offering that delivers multiple client protection capabilities through
a unified interface. With a next-generation malware protection engine powered by SentinelOne, the SonicWall
Capture Client delivers advanced threat protection with these key features:
Continuous behavioral monitoring of the client helps create a complete profile of file activity,
application & process activity, and network activity. This protects against both file-based and fileless
malware and delivers a 360⁰ attack view with actionable intelligence relevant for investigations.
Multiple layered signatureless techniques include techniques for protecting cloud intelligence,
advanced static analysis and dynamic behavioral protection. They help protect against and remediate
well known, little known, and even unknown malware, without regular scans or periodic updates. This
maintains the highest level of protection at all times, without hampering user productivity.
Unique roll-back capabilities (for Windows systems) support policies that not only remove the threat
completely but also restore a targeted client to its original state, before the malware activity started. This
removes the effort of manual restoration in the case of ransomware and similar attacks.
Cloud-based management console reduces the footprint and overhead of management. It improves the
deployability and enforceability of Endpoint Protection, irrespective of where the endpoint is.
Once Capture Client is installed on the your device, it requires little user management. The monitoring and
management are automated, and any issues on the system are reported directly to the administrator. However,
the interface has been enhanced so you can see more about the settings and the things that may be detected on
your system.
NOTE: Capture Client protects both Windows and macOS clients. The interface for each has some
cosmetic differences, but Capture Client functions equally on both device types.
SonicWall Capture Client 1.5 User Guide
About Capture Client
4
Capture Client User Dashboard
If Capture Client has been successfully installed on your device, a small icon, , is loaded on your desktop tray
and the endpoint dashboard displays.
The user dashboard displays the status of the policy types:
Client policies
The client policies are top-level polices for your device. They define which version of Capture Client is
installed. The level of Capture Client protection (Advanced or Standard) is identified at the top of the
dashboard and the threat status for your system is summarized in the top panel.
Threat Protection
Threat Protection policies are one type of agent policy that Capture Client uses. Threat Protection
comprises the advanced anti-virus policies used to protect the device.
Trusted Certificates
Trusted Certificates policies are another type of agent policy that Capture Client uses. Trusted Certificates
enforces the SSL certificates that have been uploaded and applied.
If Capture Client detects an issue, the Dashboard gives you a warning by changing color and providing some
information about the issue, similar to Dashboard shown below. Capture Client client automatically takes action
SonicWall Capture Client 1.5 User Guide
About Capture Client
5
based on the how the policies are defined, and you can monitor the progress. When the issue is resolved, the
Dashboard returns to an all-green status.
Dashboard Indicators
The dashboard uses color and symbols to indicate the status of policies:
You should not have to take any action if a threat or an issue is identified. Capture Client takes action in
accordance with the policies that have been defined by your system administrator. If any issues or threats
persist, get help from your company’s IT department or Help Desk to resolve them. You can also send a Tech
Support Report (TSR); refer to Support for details.
Color Symbol Definition
Green Indicates that the feature is operating as intended.
Yellow Indicates that an issue needs to be addressed because the
state is unknown or possibly unsafe. For example, if the device
is offline, the upper panel of the dashboard shows yellow.
Red Indicates that a threat has been detected.
SonicWall Capture Client 1.5 User Guide
About Capture Client
6
Terminology
The following labels are used on the user Dashboard for Capture Client:
User Options
Most of the time you do not have to take any action with Capture Client. However, you may be asked by your
administrator perform some limited tasks.
To access the user options:
1 Find the Capture Client icon in your desktop tray.
2 Left-click the mouse to see the following options:
3 Select one of the following options, as needed.
Term Definition
Online and compliant Refers to your administrator’s ability to monitor threat events on your
system and push policies to ensure your device is protected. Your system
is reachable by the server and has the latest policies protecting it.
Policy Mode Refers to the mode of operation for the Threat Protection Module:
•Protect means that your devices is protected from all detected
threats.
•Detect means that threats are detected and an alert is given, but the
threat is not removed.
Anti Tamper Refers to the inability of malware to remove or uninstall the Capture
Client from your device.
SSL Certificate Enforcement Refers to the status of the trusted certificates that your administrator
installed for inspecting encrypted traffic on your device.
Option Action
Online and compliant If you don’t have the dashboard open, you can quickly check
the status of Capture Client. Clicking Online and compliant
opens the Dashboard.
Show Window Select to open the window for Capture Client.
SentinelOne <version> Enforced Opens Capture Client and displays the SECRUTY SERVICES >
Threat Protection window. Shows the Threat Protection
being enforced for your device.
About Capture Client Displays the legal information about SonicWall Capture
Client whether the Capture Client window is open or not. No
acknowledgment is required.
View Logs Displays the Capture Client log for your device.
SonicWall Capture Client 1.5 User Guide
About Capture Client
7
Support Provides access to the following actions to help
troubleshooting issues:
Access the online help
Update your policy
Send diagnostic report which sends logging information
directly to SonicWall Support.
NOTE: You may want to contact your local administrator
before sending a TSR to SonicWall Support.
Preferences Set your preferences for:
Show Window on login
If selected (when the check mark appears), opens the
Capture Client window every time you login.
Debug logging
If selected (when the check mark appears), enables
debug logging.
Option Action
SonicWall Capture Client 1.5 User Guide
Device Protection
2
8
Device Protection
The Device Protection section of the user interface summarizes the various element used to protect your
device.
Topics:
Summary
Threats
Policy
Summary
Navigate to DEVICE PROTECTION | Summary to see the Capture Client on your device. This Summary shows
that malicious activity has been detected. If there are no issues, the Device Status shows Online and compliant
with a green check.
The banner on the Summary page lists the type of Capture Client license in use. Customers can purchase either
advanced protection or standard protection.
SonicWall Capture Client 1.5 User Guide
Device Protection
9
The SUMMARY section of the page summarizes the protection status. It identifies what policy is being applied
and when the policy was last updated. It lists the device user and the status.
The LICENSE & RESGISTRATION section provides information about how the Capture Client license is
implemented on this device. You may be asked for this information by your customer support team if threats are
detected on your system. This information includes:
License Type
License Status
Management Server
Ten ant Name
Ten ant ID
Device Name
Device ID
Install Token
Threats
Navigate to DEVICE PROTECTION | Threats to see the threats that Capture Client has detected on your device.
The following example shows a healthy device.
NOTE: Click on this link to go directly to the Client Management Console on the server. Most users
will not have login access to this server; it is used primarily by your administrator.
SonicWall Capture Client 1.5 User Guide
Device Protection
10
If your device is unhealthy—something has been detected—the following information displays. It may include
information about malware detected by SentinelOne and unknown issues processed by Capture ATP.
Policy
Navigate to DEVICE PROTECTION | Policy to see the status of your policies or to update your policy. The POLICY
section of the page displays the same information as the Summary page.
Capture Client automatically updates the policies periodically. However you can manually update the policy in
the UPDATE POLICY section. Just click on Update Policy.
SonicWall Capture Client 1.5 User Guide
Security Services
3
11
Security Services
The Security Services section provides a view of your device protection organized by the types of security
services used.
Topics:
Threat Protection
Capture ATP
Trusted Certificates
Threat Protection
Navigate to SECURITY SERVICES | Threat Protection to see the threat protection options on your device.
The THREAT PROTECTION section of the page lists the status of your device and the features of the protection
used.
SonicWall Capture Client 1.5 User Guide
Security Services
12
The section ABOUT ADVANCED THREAT PROTECTION briefly describes how Advanced Threat Protection works.
Capture ATP
Navigate to SECURITY SERVICES | Capture ATP to see the Capture ATP settings applied to your device. The
following shows that Capture ATP has been licensed and is active.
Threat Protection Features Description
Device Health Shows the state of your device. A Healthy device is clear
of threats.
Policy Lists the name of the policy being used to protect your
device.
Last Updated Lists the last time the policy on your device was
updated.
Protection Engine Lists the name and version number of the protection
engine.
Threat Mitigation Mode Identifies whether the system should Protect or Detect
(Alert only) when a threat is identified. This setting is
configured back on the server by the administrator.
Suspicious Mitigation Mode Identifies whether the system should Protect, Detect
(Alert only), or Capture when suspicious activity is
identified. This setting is configured back on the server
by the administrator.
Anti Tamper When enabled does not allow end users or malware to
manipulate, uninstall, or disable the client.
SonicWall Capture Client 1.5 User Guide
Security Services
13
If Capture ATP identifies a malicious file, Capture Client takes the action defined by the policy. Information
similar to the following displays in the Capture ATP page, notifying you of the verdict, the action to be taken,
and the file that was detected.
If Advanced Threat Protection hasn’t been licensed, the Capture ATP page displays the following:
SonicWall Capture Client 1.5 User Guide
Security Services
14
Trusted Certificates
Navigate to SECURITY SERVICES | Trusted Certificates to see the status of any Trusted Certificates applied to
your device.
This pages showed whether trusted certificates (if any) are being applied to your device. It lists the Trusted
Certificate Policy and when it was last updated.
SonicWall Capture Client 1.5 User Guide
Diagnostics
4
15
Diagnostics
The Diagnostics section provides some basic tools that can be used to help diagnose a threat or suspicious
activity on your system.
Topics:
Logs
Support
Logs
Navigate to Diagnostics | Logs to access the log files.
SonicWall Capture Client 1.5 User Guide
Diagnostics
16
Click on View Logs to open the log file in your default text editor. The level of logging is set by your system
administrator.The following is a sample excerpt from a device log file.
Support
Navigate to Diagnostics | Support to access the support options available to you.
The ABOUT section at the top of the page tells what version of SonicWall Capture Client is running on your
devices.
In the SUPPORT section, click on Online Help to open the help file. You should check here first to find answers to
common issues.
If requested by SonicWall Technical Support, click on Send Report to issue a diagnostic report to SonicWall Inc.
This report can help SonicWall diagnose any issue you may be experiencing.
SonicWall Capture Client 1.5 User Guide
SonicWall Support
5
17
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
View knowledge base articles and technical documentation
View video tutorials
Access MySonicWall
Learn about SonicWall professional services
Review SonicWall Support services and warranty information
Register for training and certification
Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.
SonicWall Capture Client 1.5 User Guide
SonicWall Support
18
About This Document
Capture Client User Guide
Updated - October 2018
Software Version - 1.5
232-004285-01 Rev A
Copyright © 2018 SonicWall Inc. All rights reserved.
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other
trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or
implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any
commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/en-us/legal/license-agreements.
Open Source Code
SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable
per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money
order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request
SonicWall Inc. Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
/