Dell Protected Workspace User guide

Brand: Dell

Model: Protected Workspace

Type: User guide

Dell Protected Workspace

Dell Protected Workspace is a security software designed to protect your computer from malware and other online threats. It does this by creating a secure, isolated environment in which you can browse the internet and open files without the risk of infecting your computer.

Here are some of the key features and benefits of Dell Protected Workspace:

Protects your computer from malware and other online threats. Dell Protected Workspace creates a secure, isolated environment in which you can browse the internet and open files without the risk of infecting your computer. This environment is protected from malware and other online threats, so you can be sure that your computer is safe.

Dell Protected Workspace

Here are some of the key features and benefits of Dell Protected Workspace:

Protects your computer from malware and other online threats. Dell Protected Workspace creates a secure, isolated environment in which you can browse the internet and open files without the risk of infecting your computer. This environment is protected from malware and other online threats, so you can be sure that your computer is safe.



S

Dell Data Protection | Protected Workspace

DellDataProtection|ProtectedWorkspace



Administrator’s Guide



Trademarks used in this text: Dell™, the DELL logo, Dell Precision™, OptiPlex™, Latitude™, and Vostro™ are trademarks of Dell Inc.

Intel®, Pentium®, Xeon®, Core™ and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries.

Microsoft® and Windows® are registered trademarks of Microsoft Corporation in the United States and/or other countries.

June 2013 Rev. A00



3



TableofContents

Section 1 – Overview and Basic Installation ........................................................................................... 5



Purpose and Intended Audience ............................................................................................................................ 5



What is Dell Data Protection | Protected Workspace? ............................................................................................. 5



System Requirements ........................................................................................................................................... 5



SupportedOperatingSystems............... ...................... ........... ........... ...................... ........... ........... ...................... .5

SupportedHardwarePlatforms................ .......... ...................... ........... ........... ...................... ........... ........... ..........5

MinimumSystemSpecs:............. ........... ........... ........... ...................... ........... ........... ...................... ........... ............5

RecommendedSystemSpecs:................... .......... ...................... ........... ........... ...................... ........... ........... ..........5

ConnectivityRequirements:................... ........... ...................... ........... ........... ...................... ........... ........... ............5

Supported Software .............................................................................................................................................. 6



SupportedBrowsers.................. ........... ........... ...................... ........... ........... ...................... ........... .........................6

SupportedPDFReaders....... ........... ........... .......... ...................... ........... ........... ...................... ........... .....................6

SupportedDocumentPrograms.................... ........... ........... ...................... ........... ........... ...................... ........... .....6

SupportedBrowserPlugins....................... .......... ...................... ........... ........... ...................... ........... ........... ..........6





Basic Installation ......................................................................................................................................... 6



Section 2 – Enterprise End-User Deployments ....................................................................................... 7



Deploying Dell Data Protection | Protected Workspace with Software Deployment Tools .......................................... 7



ProtectedWorkspaceEXEInstallerOptions.................. ........... ...................... ........... ........... ...................... ..........7

Connectivity requirements .................................................................................................................................... 8



ProductActivation.................... ........... ...................... ........... ........... ...................... ........... ........... .........................8

ProductUpdates.................... ...................... ........... ........... ...................... ........... ...................... ................... ..........9

Section 3 – Administration ...................................................................................................................... 10



End-User Experience .......................................................................................................................................... 10



ThreatDetection.............. ........... ...................... ........... ........... ...................... ........... ...................... .................... .10

AppsTab....................... ........... ........... ...................... ........... ........... ...................... ........... ................... .................11

Administrative Preferences Override .................................................................................................................... 13



OverrideSettingsDetails.......................... ............ ..................... ........... ........... ...................... ........... ........... ........13

Administrative Trusted Sites Override .................................................................................................................. 14



RegexPatternRecommendations................... ........... ...................... ........... ........... ...................... ........... ........... .15

TrustedSitesCaution:......... .......... ...................... ........... ........... ...................... ........... ........... .............................. 15

UserTrustedSitesList........... ........... ...................... ........... ........... ..................... ........... ........... ............................16

Troubleshooting ................................................................................................................................................. 16



4



ManuallyTroubleshootingInstallationIssues.... ........... ........... ...................... ........... ........... ...................... ........16

ManuallyTroubleshootingPost‐InstallationIssues............................. ........... ........... ...................... ........... ........16



5



Section1–OverviewandBasicInstallation

PurposeandIntendedAudience

ThisguideisintendedforITadministratorswhowillbeinstalling,deploying,andadministeringDDP|

ProtectedWorkspace.Thisguideisdesignedtohelpidentifysystemrequirements,identifypre‐

deploymenttasksandtosuggestdeploymentmethodologies.

WhatisDellDataProtection|ProtectedWorkspace?

DDP|ProtectedWorkspaceprovidesasecurewaytobrowsetheinternetbyleveragingtheexistingweb

browserinstalledonanenduserPCandallowingittoruninsidetheProtectedWorkspaceisolated

browsingenvironment(orbubble).DDP|PW alsoprotectscommondocumentssafelysuchasAdobePDFs,

MicrosoftWord,PowerPoint,

andExcel.Theisolatedenvironmentkeepsunexpectedmalwarefrom

executingorinstallingonthehostmachineandisdetectedbytheDDP|PWbehaviorbasedthreat

detection.Upondetection,theisolatedenvironmentisdestroyedandacleanenvironmentisrecreatedto

ensuretheendusermachineisnotcompromised.

SystemRequirements

SupportedOperatingSystems

 Windows7,32and64‐bit

SupportedHardwarePlatforms

 DellOptiPlex

 DellPrecision

 DellLatitude

MinimumSystemSpecs:

 1GBRAM

 500MBfreediskspace

 IntelPentiumorbetter

RecommendedSystemSpecs:

 2GBRAM

 500MBfreediskspace

 IntelCore2Duoorbetter

ConnectivityRequirements:

 Aconnectiontohttp://delllicense.invincea.com(port80)isrequiredinordertoactivatethe

productlicense.

 Aconnectiontohttps://dellupdate.invincea.com(port443)isrequiredforproductupdates



6



SupportedSoftware

DDP|ProtectedWorkspaceleveragessoftwareinstalledonanendusermachineandrunsthatsoftware

insideanisolatedenvironment.Toensureproperfunctionalitywithintheisolatedenvironment,only

certainsoftwareandversionsaresupported.Anyunsupportedsoftwareorversionwillnotbemovedinto

theisolatedenvironmentandwillcontinue

toonlyruninthenativeinterface.

SupportedBrowsers

 InternetExplorer7‐10

 MozillaFirefox10‐21

SupportedPDFReaders

 AdobeReader9,X,andXI

 AdobeAcrobat9,XandXI

SupportedDocumentPrograms

 MicrosoftWord,2010and2013

 MicrosoftExcel,2010and2013

 MicrosoftPowerPoint,2010and2013

SupportedBrowserPlugins

 JavaRuntimeEnvironment1.6+

 AdobeFlash11+

 AppleQuickTime7+

 MicrosoftSilverlight

 BasicInstallation

DDP|ProtectedWorkspaceispackagedwithapre‐definedsetofpreferencesandconfigurationandcan

beinstalledwithoutanycustomconfiguration.Itcanbeinstalledbyfollowingthesesteps.

1. DownloadtheDDP|ProtectedWorkspaceInstaller.

2. RuntheDellSetup_<version>.exe.

3. Selecttheinstallerdefaults.

4. Finishthe

DDP|ProtectedWorkspaceinstaller.

5. StartDDP|ProtectedWorkspacebydoubleclickingonthedesktopicon.

 

7



Section2–EnterpriseEnd‐UserDeployments

DeployingDellDataProtection|ProtectedWorkspacewithSoftwareDeploymentTools

DDP|ProtectedWorkspaceinstallationissupportedwithmanydifferentsoftwaredeploymenttools.

Currently,ProtectedWorkspaceistestedwithGPO,IBMTivoliEndpointManager(previouslyBigFix),

MicrosoftSCCMandSymantecAltiris,howeverdeploymentsshouldworkwithalldeploymenttools.

ProtectedWorkspaceEXEInstallerOptions

ThissectiondetailsoptionstobeusedforinstallingProtectedWorkspaceonend‐userPCsdirectlyorwitha

systemmanagementtool.

 Silentinstallusingdefaultoptions

DellSetup_<version>.exe /S /v/qn

 Silentinstallwithchangingtheinstallfolder.ExamplechangesinstallpathtoC:\TEST:

DellSetup_<version>.exe /S /v"/qn INSTALLDIR="C:\TEST"

 Silentuninstall(leaveuserfiles)

DellSetup_<version>.exe /S /x /v/qn

 Silentuninstall(removesuserfiles)

DellSetup_<version>.exe /S /x /v"/qn PRESERVE=\"0\""

 Silentupgrade

DellSetup_<version>.exe /S /v/qn

 

8



Connectivityrequirements

ProductActivation

AfterinstallingDDP|ProtectedWorkspace,theproductrequiresinternetaccessinorderreachouttothe

activationservers.Ifinternetaccessisnotavailable,theproductwillasktheusertocheckthesettingsand

tryagain.



Iftheenvironmentcontainsawebproxyorotherdevice,itis

importantthataccessto

http://delllicense.invincea.combeallowedonport80.

 

9



ProductUpdates

DDP|ProtectedWorkspaceisdesignedtonotifytheuserwhenanupdateisavailable.Whenanupdateis

applied,theupdatewillbedownloadedinthebackgroundwhiletheproductisrunning,andwillapply

whentheproductisresto redorexitedandrestarted. 



Duringtheupdateprocess,a

dialogboxwilldisplayoverthesystemtray,indicatingthattheupdateis

takingplace.



Inorderfortheautomaticupdatestooccur,itisimportantthattheproducthaveaconnectiontothe

internetandthatiftheenvironmentcontainsawebproxyorotherdevice,accessto

http://dellupdate.invincea.com

beallowedonport443.



10



Section3–Administration

End‐UserExperience

ThreatDetection

DDP|ProtectedWorkspaceoffersbuiltinthreatdetectiontohelpidentifyiftheDDP|PWenvironmenthas

beencompromisedbyanuntrustedprocess.Whensuspiciousac tivityhasbeendetected,adialogwill

displayoverthesystemtryindicatingthattheusershouldrestoretoacleansession.Itisrecommended

that

theRestorebuttonbepressedimmediatelytorestoretoacleansession,buttheuserdoeshavethe

optiontoclosethedialogboxwiththe“x”inthecornerandtocontinueusingtheproduct.Arestorecan

bedoneatalatertime.



Theusercanclickthe

“Details...”linkinthebottomleftcornerofthemessagetodisplayadditionaldetails

aboutthesuspiciousactivity.Thedialogwillidentifytheprocessthatwasflaggedassuspiciousandwill

alsogivedetailsaboutwhatthatprocessdidwithintheprotectedenvironment.Fromthisdialog,theuser

caneither

closethewindowbyclickingontheXintheupperrightcorner,orcanrestorethesessionusing

therestorebutton.





11



IftheuserchoosestorestorelaterbydismissingtheSuspiciousActivitydialogtheProtectedWorkspace

icononthesystemtraywillturnreduntiltheuserrestoresDDP|ProtectedWorkspacetoacleanstate.



DDP|ProtectedWorkspaceensuresthatanythreatiscontainedwithintheprotected

environmentand

thattheendusersystemhasbeenprotected.



AppsTab

Atabcalledthe“Apps”tabinthepreferenceGUIallowstheuserscanusetospecifywhichprograms

withintheprotectedenvironmentwillbeusediftherearemultipleoptions(suchaswithbothInternet

ExplorerandFirefox)andwhichprogramswillactasdefaulthandlersforcertainfile(such

asAdobeReader

forPDFs).

ToaccesstheAppstab,rightclickingontheDDP|PWIconinthesystemtray,andselecting“Preferences…”



BelowisascreenshotoftheAppstab.Applicationsthathavedefinedfilehandlerswithintheprotected

environmentwilllist“ProtectedFileTypes” andwillhave

acheckboxtoenablethatapplicationasthe

handlerforthatfiletype.Forexample,ifbothAdobeReaderandAdobeAcrobatareinstalledonaclient

machine,theusercanchoosewhichwillbeusedtoopenPDFfileswiththeprotectedenvironment.The

userwillnotbeableto

selectmultipleapplicationsforthesamehandler.



12





Additionally,fromtheAppstab,userswillbeabletoselectwhichbrowserwillbeusedtoopenwebpages

bydefaultwithintheprotectedenvironment.Theusercanselect“Usethisbrowsertoopenwebpages”

foreitherInternetExplorerorFirefox.





13



AdministrativePreferencesOverride

Insomeorganizations,administratorsmaywanttodisabletheabilityforDDP|ProtectedWorkspacefrom

reachingouttotheDDP|PWserversforsoftwareupdates,errorreportingandthreatdetectionreporting.

TheseoptionscanbedisabledbyaddinganoverridefileoneachPC.Itisrecommendedthattheseoptions

not

beusedunlessabsolutelynecessary.

TheoverridefileisasimpleXMLfilethatcanbecreatedinNotepadorasimilartexteditor.Createafile

withthename“preferences.xml”andcopythefollowingtextintoit:

<?xml version="1.0" encoding="UTF-8" ?>

<error_report enabled="false" />

<software_update enabled="false" interval="daily" user_modifiable="false" />

<send_threat_reports enabled="false" prompt="false" />

</preferences>

Oncethisfileiscreated,itneedstobeplacedontoeachPCthatneedstheoverride.Thelocationforthis

fileneedstobe:

C:\ProgramData\Invincea\Enterprise\Admin

Oncethisfileisinplace,start(orrestart)theDDP|ProtectedWorkspaceproductandtheseoverrideswill

takeeffect.

OverrideSettingsDetails

<error_reportenabled="false"/>

Theerror_reportoptiondisablestheabilityforDDP|ProtectedWorkspaceproducttosenderrorreports

whenaproducterroroccurs.Whenanerrorwindowisdisplayedthe“Submit”willbedisabled.

<software_updateenabled="false"interval="daily"user_modifiable="false"/>

Thesoftware_updateoptiondisablestheabilityforDDP|ProtectedWorkspace

producttoautomatically

applycriticalupdatestotheproduct.Thesecriticalupdatesallowforerrorstobecorrectastheyare

reportedandshouldbeallowedtoensurethatlatestcriticalupdatesarealwaysapplied.

<send_threat_reportsenabled="false"prompt="false"/>

Thesend_threat_reportsoptiondisablestheabilityforDDP|ProtectedWorkspace

producttoreport

homewhenasuspiciousactivityisdetected.Thesereportshelptoensurethattheproductdetectionis

workingcorrectlyandisnottriggeringalertswhennoactualthreatispresent.





14



AdministrativeTrustedSitesOverride

BydesigntheDDP|ProtectedWorkspaceproductrunstheusersnativewebbrowserswithinanisolated

environment.Thisisolatedenvironmentkeepstheuser’sPCsafefrommaliciouscontentbutcanalso

causesomeinteroperabilityissueswithcertainwebsites.Ifthesewebsitesarebusinesscriticaland

trusted,theusershavethe

abilitytomanuallytrustthemlocally.Bytrustingthem,thesesiteswillbe

openedwithinthenativebrowseriftheURLisbrowsedtointheprotectedenvironment.

Asanaddedconvenience,administratorshavetheabilitytoapplyanoverridefilethataddsasetoftrusted

siteswithoutany

userinteraction.

TheoverridefileisasimpleTXTfilethatcanbecreat edinNotepadorasimilartexteditor.Createafile

withthename“trustedsites.txt”

Oncethisfileiscreated,itneedstobeplacedontoeachPCthatneedstheoverride.Thelocationforthis

file

needstobe:

C:\ProgramData\Invincea\Enterprise\Admin

Oncethisfileisinplace,start(orrestart)theDDP|ProtectedWorkspaceproductandtheseoverrideswill

takeeffect.

TheformatofthetrustedURLsneeds tobeinREGEXformat.Thefollowingsectionoutlineshowtocreate

URLsinthecorrectformat.

Here

aresomeexamplesofcorrectlyformattedURLs.Thepoundsign(#)indicatesafilecomment:

#The following lines designate trusted sites/domains

^https?://([^/]*\.)*adobe\.com/.*

^https?://([^/]*\.)*acrobat\.com/.*

^https?://([^/]*\.)*webex\.com/.*

^https?://([^/]*\.)*dell\.com/.*

^https://internal\.dell\.com:8080/.*

^ftp://dell/.*

Theproductperformsalinebylineexaminationofthetrustedsites.txtfileandstopsatthefirstmatch.The

followingsectionoutlinessomepossibleentriesintothetrustedsites.txtfileandwhattheresulting



outcomewouldbe.

^ftp://dell/.*

Theaboveentrywouldmatchanythingthatstarts withftp://dell/andwouldallowanyadditionaltextafter

thelast/.

^https?://([^/]*\.)*dell\.com/.*

Theaboveentrywouldmatchanythingthatstarts with“http://”or“https://”,endswith“.dell.com/”and

allowsanysubdomainsofdell.com.[^/]*isanythingthat

doesn’tcontaina“/”so“dell.com”mustshow

upinthebaseportionoftheURL.Inotherwords,thiswillmatchhttp://anything.dell.com/*,butwillnot

matchhttp://fakedell.com/*orhttp://anything.com/?imageurl=fake.dell.com/*.

15



^https://internal\.dell\.com:8080/.*

Theaboveentrywillmatchtheexactsiteandportspecifiedandanythingthatfollows.

ToaddlocalIPsubnets,usethefollowingformat:

^https://192\.168\.1\.*(:\d{1,5})?/.*

TheaboveentrywillmatchanyURLthatuseshttporhttps,andisaccessedwitha192.168.1.xsubnetIP

address.Italsoallows

foranyporttobeusedonthisURL.

ItisimportanttonotethattrustedsitesisnotabletodoDNSlookups.Therefore,trustingaspecificsubnet

ofaddressesdoesnottrusttheirassociatedDNSnames.IfDNSnamesneedtobeusedforthetrustedsite

list,eachDNSname

mustbelistedout.

^https://([^/]*\.)*sharepoint\.*

^https://([^/]*\.)*myinternalserver\.*

RegexPatternRecommendations

Belowaresomeregexpatternsthatcanbeusedtocreatecustomentries.

“^”Beginningoftheline.

“?”Matchzeroor1ofthepreviouscharacter

“$”Endoftheline.

“\.”Periodcharacter.(A“.”matchesanycharacter.)

“.*”Matchanynumber(zeroormore)ofanycharacters.

untrusted=

Un‐matchtheregexinsteadofmatch.

“[^/]*”Matchanynumberofanycharactersexcept“/”.

TrustedSitesCaution:

BeawarethatthewholeURLstringispassedtoDDP|ProtectedWorkspaceandmatchedagainstthislist.

Slightvariationsinsyntaxcanmakeadifferencebetweenmatchingandmatchinginthewayyouintend.As

anexample,theURL:

http://www.dell.com$

isnotsafeandwouldnotmatch.Itwould

notmatchbecauseatrailing“/”isoftenaddedbyWindows

beforetheURLispassedtoapplications.Itisnotsafebecausethisstringcouldbepartoftheparametersof

anURLandnotthewebsiteyouintended.

.*www.dell.com.*

matchesif“www.dell.com”appearsanywhereintheURL,not

justastheaddress‐suchasmatching

http://www.fakesite.com/spoofsite=http://www.dell.com/

16



UserTrustedSitesList

FromDDP|ProtectedWorkspace,auserhastheabilitytotrustsiteslocal ly.Thesesiteswillbeaddedto

thebeginningofthelistofsitesprovidedwithinanadministrativeoverridefile.Forexample,ifanadmin

truststhefollowing:

^https://([^/]*\.)*sharepoint\.*

^https://([^/]*\.)*myinternalserver\.*

Andausertrusts:

google.com

yahoo.com

Thenthefulllist

oftrustedsitesforthisPCwillincludeallofthesitesoutlined:

^https?://([^/]*\.)*google\.com/.*

^https?://([^/]*\.)*yahoo\.com/.*

^https://([^/]*\.)*sharepoint\.*

^https://([^/]*\.)*myinternalserver\.*

Troubleshooting

ManuallyTroubleshootingInstallationIssues

TherearetwologfilesthataregeneratedduringtheinstallationofDDP|ProtectedWorkspacethatcan

offerinsightastowhyaninstallationmayhavefailed.

ThefirstfileistheMSIoutputfile.Iftheinstallerisrunmanuallyviathestandardexecutable,thisfilewill

becreated

intheC:\Windows\Tempdirectory.ThelogfilenamewillbeInvEnterpriseMSI.log.Thisfilewill

providedeta ilsonfailuresthathappenedduringpre‐checks,suchasdiskspace,memoryorothersystem

requirements.

ThesecondfileistheDDP|ProtectedWorkspaceinstallerfile.Itwillbelocatedinthesame

directoryas

theMSIfile,andwillbenamedInvEnterpriseInstall.log.Thislogwillprovideindicationoffailuresduring

theinstallationandconfigurationprocess.AnyerrorswillbetaggedincapitalletterswiththewordERROR

orFATALafterthedateandtimestamp.AnylinethatistaggedwithDEBUG,TRACE

orINFOcanbe

ignored.

ManuallyTroubleshootingPost‐InstallationIssues

Therearethreelogfilesthatareprimarilyusedtoidentifyissuespost‐installation.

ThefirstfileisthelogfilefortheDDP|ProtectedWorkspaceServiceandisnamedInvProtectSvc.log.This

isagloballogfilethatlogsinformationacrossalluseraccounts.Thefirstlocationis:

 C:\Windows\Temp\Invincea\

Thislogprovidesinformationabouttheapplicationsthatwedetectduringstartup(suchastheversionifIE,

AdobeReader,Java,Flash,etc.)andwhatlocationsofthehostsystemareaccessiblebytheisolated

environmentornot.

17



Aswiththeinstallerlogfiles,errorswillbenotedatERRORorFATALafterthedateandtimestamp.

2012‐05‐0208:04:33,203ERRORInv.MC.TCPConnection‐[5864]SSLHandshakeerror:Anexisting

connectionwasforciblyclosedbytheremotehost

Thesecondfileisthelogfileforthe

instanceofDDP|ProtectedWorkspacerunningunderausercontext.

Thisfileisnamedinv.logandislocatedintheusersAppDatafolder.EachuseronasinglePCwillhavean

inv.logfile.Thisfilewillhelpidentifyifthereareunsupportedversionsofanapplicationinstalled,or

communication

issueswithneededresources.

Whileloggedinastheuserhavingissues,thelogfilecanbefoundatthisaddressonallOSs:

%APPDATA%\Invincea\Enterprise\inv.log

Again,anyerrorswillbemarkedwithERRORorFATALafterthetimeanddatestamp.

2012‐05‐2212:48:59,157ERRORInv.TaskMgr‐Error:Timeoutwhen

performingRestore,Wait

forGuestConnect

Dell Protected Workspace User guide

Brand: Dell

Model: Protected Workspace

Type: User guide

Dell Protected Workspace

Here are some of the key features and benefits of Dell Protected Workspace:

Protects your computer from malware and other online threats. Dell Protected Workspace creates a secure, isolated environment in which you can browse the internet and open files without the risk of infecting your computer. This environment is protected from malware and other online threats, so you can be sure that your computer is safe.

Download PDF

report

Dell Protected Workspace User guide

Dell Protected Workspace User guide

Related papers

Other documents