version 8 - download01.norman.nodownload01.norman.no/manuals/eng/nss800_userguide_eng.pdf · norman...

Intrusion GuardAntispam

User Guideversion 8.00

Antivirus Parental ControlPersonal Firewall Privacy Tools

Norman Security SuiteUser Guide |

Copyright © 1990-2011 Norman ASA ii

Limited WarrantyNorman guarantees that the enclosed CD-ROM or DVD and documentation do not have production flaws. If you report a flaw within 30 days of purchase, Norman will replace the defective CD-ROM or DVD and/or documentation at no charge. Proof of purchase must be enclosed with any claim.

This warranty is limited to replacement of the product. Norman is not liable for any other form of loss or damage arising from use of the software or documentation or from errors or deficiencies therein, including but not limited to loss of earnings.

With regard to defects or flaws in the CD-ROM, DVD, or documentation, or this licensing agreement, this warranty supersedes any other warranties, expressed or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose.

In particular, and without the limitations imposed by the licensing agreement with regard to any spe-cial use or purpose, Norman will in no event be liable for loss of profits or other commercial damage including but not limited to incidental or consequential damages.

This warranty expires 30 days after purchase.

The information in this document as well as the functionality of the software is subject to change with-out notice. The software may be used in accordance with the terms of the license agreement. The purchaser may make one copy of the software for backup purposes. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other than the purchaser’s personal use, without the explicit written permission of Norman.

The Norman logo is a registered trademark of Norman ASA.

Names of products mentioned in this documentation are either trademarks or registered trademarks of their respective owners. They are mentioned for identification purposes only.

Norman documentation and software are

Copyright © 1990-2011 Norman ASA.

All rights reserved.

Revised March 2011.

Introduction ..........................................................4System requirements ............................................... 4Training and technical support ............................... 5What is Norman Security Suite? ............................. 5

Installation ............................................................9Retrieving the software ............................................. 9License key ........................................................... 10

Installing .................................................................. 10Wizards ................................................................. 12

Getting started ...................................................13Application tray icon .............................................. 13

Tray warning icons ................................................. 14Open the application .............................................. 15

Product warning icons ............................................ 15Security Suite settings ........................................... 15

Home ....................................................................16

Antivirus & Antispyware ................................. 17Main page ................................................................ 17

Scan computer ....................................................... 18Quarantine .............................................................. 21

Keep files in quarantine .......................................... 21Quarantined files .................................................... 21

Task Editor .............................................................. 23Create a task ......................................................... 23

Exclude list ............................................................. 25Exclude list ............................................................ 25Potentially unwanted programs ................................ 27

Settings ................................................................... 28Automatic scanner.................................................. 28Manual scanner ..................................................... 30Internet protection .................................................. 31Other scanning methods ......................................... 35

Personal Firewall ..............................................37Main page ................................................................ 37Expert Tools ............................................................ 39

Rule Editor ............................................................ 39Real-time Log Utility ............................................... 42Advanced ports viewer ............................................ 43Export Personal Firewall rules ................................. 44Import Personal Firewall rules ................................. 44

Settings ................................................................... 45Configure Personal Firewall ..................................... 45Advanced Settings ................................................. 45

Antispam .............................................................46Main page ................................................................ 46Block/Allow ............................................................. 48

Add/remove email address ...................................... 48Settings ................................................................... 49

Configure filter strictness ......................................... 49Configure spam control ........................................... 49

Parental Control ................................................50Main page ................................................................ 51User Configuration ................................................. 52

Create user ........................................................... 54Log Viewer .............................................................. 55Settings ................................................................... 55

Privacy Tools .....................................................56Delete a user’s program history ........................... 56Secure Delete .......................................................... 57

Intrusion Guard .................................................58Main page ................................................................ 58Settings ................................................................... 58

Drivers & Memory .................................................. 59Processes ............................................................. 60Network ................................................................ 62

Install and Update .............................................63Main page ................................................................ 63Settings ................................................................... 65

Select update method ............................................. 65Proxy settings ........................................................ 66

Support Center ..................................................67Main page ................................................................ 67

Messaging Log Viewer ............................................ 68

Uninstalling ........................................................69

Appendix A .........................................................70What is a Sandbox? ............................................... 70

Appendix B .........................................................71Advanced System Reporter .................................. 71

Operating System Internals ..................................... 72Internet Explorer .................................................... 73Processes ............................................................. 74

Appendix C: .......................................................75Advanced Firewall .................................................. 75

Advanced Rule Editor Settings ................................ 75

Table of contents

Copyright © 1990-2011 Norman ASA iii

Norman Security SuiteUser Guide Table of Contents

Norman Security SuiteUser Guide Introduction | System requirements

Copyright © 1990-2010 Norman ASA 4

Introduction

System requirementsThis program release supports installation of Norman Security Suite v8.00 on computers running Windows XP, Windows Vista, and Windows 7 with the following specifications:

Windows XP Vista 7Antivirus

Intrusion Guard

32-bit only

Personal Firewall

Parental Control

Antispam 1)

Privacy Tools

Service Pack or higher 2 1

CPU (Pentium-based) Recommended 1,8 GHz

RAM Recommended 2 GB

Internet Explorer or higher 7 (8)

Available disk space Recommended 500 MB

Screen resolution Recommended 1024x768

1) Antispam is only applicable with Microsoft Office Outlook (2003 or later), Windows Outlook Express, and Windows Mail (both 32- and 64-bits).

About this versionThe current release is available in several languages. New languages are added at irregular intervals. Contact your dealer for information about your language. Check our web site for details, or contact your local dealer for more information about language versions.

About this manualThis manual presents an overview of products, features and key functions in Norman Security Suite, Norman Security PRO, and any other bundled version incorporating these modules. Please refer to the online help for a detailed explanation of all available options and to our web pages for information on the different program packages.

NOTE: Special or important notes are marked with an exclamation mark icon in the left margin.

About managed clientsConfiguration of a product locally on your computer may be restricted by management console poli-cies. This may be the case if your computer is part of a network and most likely governed by an administrator.

http://www.norman.com

Norman Security SuiteUser Guide Introduction | Training and technical support


Training and technical supportFor training or technical support, please contact your local dealer or us. We provide technical support and consultancy services for the program suite and security issues in general.

Technical support also comprises quality assurance of your antivirus installation, including assistance in tailoring the program suite to match your exact needs.

Note that the number of services available will vary between the different countries. Our contact information is presented on the last page of this document.

What is Norman Security Suite?This program suite is a software security package made up from these security programs:

Antivirus & Antispyware Stops viruses from reaching your computer

Personal Firewall Prevents hackers from using your computer as transit for undesired traffic

Antispam Blocks unwanted and bulk emails

Parental Control Hinders the young ones from visiting web sites with undesired content

Privacy Tools * Helps you to securely delete files and your personal data

Intrusion Guard * Prevents malicious programs from intruding and infecting your computer

* This program is included in the Security Suite PRO version only.

The program suite is ready for use once you’ve installed it. The default configuration settings provide the protection you need, and you don’t have to run through the configuration options to make the pro-gram operational. However, it’s useful to have a perception of how things work and familiarize yourself with the basic functions. This manual aims at pointing out certain useful features and to provide some hints on how to get the most out of the program.

NOTE: You must run a wizard before you can start using the Personal Firewall. Please refer to the section ‘Installation Wizard’ on page 12 for more information.

Antivirus & AntispywareThis antivirus program monitors your PC for malicious software, also referred to as malware or the generic term viruses, and potentially unwanted programs.

Malware/virusesMalware are viruses, worms, trojans and other varieties of unwanted code. Spyware is not destruc-tive like traditional viruses, but the consequences of revealing personal information inadvertently could be just as damaging. The unique Sandbox provides proactive protection that identifies even unknown viruses. For more information on Sandbox, refer to ‘Appendix A’ on page 70. Viruses can be automati-cally removed from hard disks, removable media, email attachments, etc. The Antivirus & Antispyware application checks files when they are accessed, and possible viruses are removed automatically.

Norman Security SuiteUser Guide Introduction | What is Norman Security Suite?


Potentially unwanted programsPrograms that you install for legitimate purposes may potentially expose your computer. Built-in fea-tures can send and receive data or execute command scripts, and perform actions similar to those common for purely malicious software. The line between non-malicious and malicious software may be blurred. It is therefore important that you have complete control over software residing on your computer. Scanning your computer for potentially unwanted program files improves your control over installed software. This scan goes beyond the normal scan for malware - like scanning for viruses, tro-jans, spyware and adware, as it detects gray zone software - potentially unwanted programs.

The Security Suite features two main scanners - the Automatic scanner and the Manual scanner - as well as different scanning methods.

Since we encourage users to perform manual scans of the computer, you can start a scan of the entire computer - on the fly - from the system tray menu. You can also start a scan from the right-click menu while browsing your files, or choose Screensaver scanner which also starts a virus scan when it is activated. When you resume work and a scan is terminated, it will continue from where it left off next time the screensaver kicks in. For regular manual scans, you can use the task editor and sched-uler to define what area of the machine to scan and when. You can also select one of the default tasks, Full scan or Quick scan.

This product is shipped with pre-selected settings that we consider sufficient to protect you against virus attacks. The modules can be configured so that you can set up the application to suit your exact needs.

Personal FirewallWhenever you’re connected to the Internet, reading email or surfing the web, you make connections to other computers all over the world—and they connect to yours. This is where the trouble starts. By breaking into your computer, hackers may access your private documents, use your computer for their own acts of evil, or even render your computer useless by deleting important system files.

This application is first and foremost hacker protection and controls incoming and outgoing traffic on your computer based on a security policy (a set of rules). These rules are established (automatically or self-defined) when you install the product.

The application’s rule wizard can automatically create rules for applications’ behavior with regard to accessing the Internet. There are different modes for experienced and inexperienced users, and the application features a “server mode awareness”. You can create and change rules and view details for traffic and port activity.

In addition, the advanced Personal Firewall offers:

● Launcher protection, that detects attempts from an application to launch itself through another application.

● Stealth launch protection, that uncovers malicious applications attempting to access the Internet via other applications. The Personal Firewall keeps track of all parent applications.

● Process hijacking protection, which prevents that malicious applications hijack a trusted process for .dll or thread injection.

● Full stealth mode, that ensures that all ports on the computer are completely invisible from the outside.

● Advanced svchost handling, where each svchost service has separate rules rather than one general rule to cover the grouping of services that each Svchost.exe session can contain. ◦ Svchost is a generic host process name for services in Windows 2000/XP/2003/Vista that

various network and Internet processes employ to function correctly. This service can run many instances simultaneously, each one necessary for the operation of the individual computer. The service has a legitimate need to access the Internet frequently, and like any other application connecting to the net, it is the personal firewall’s business to monitor and warn about this kind of activity. While many firewalls only has only one generic rule for svchost handling, often non-editable, this personal firewall distinguishes between the different instances and can identify if the process is known or unknown. In addition, there are configuration options for a number of svchost services in the application’s help files.



● Anti-pharming, implemented through protection of the hosts file and therefore eliminating the most common pharming attack method. ◦ The word Pharming is constructed from the terms phishing and farming (see Antispam below

for an explanation of phishing). It is called pharming when a hacker tries to redirect traffic from the web site you’re about to visit to another, bogus web site. Pharming can be carried out either by changing the hosts file on the target computer or by exploiting vulnerabilities in DNS server software. DNS (Domain Name Server) servers are responsible for resolving Internet names into their real addresses. In recent years both pharming and phishing have been used for theft of online identity information. Pharming has become of major concern to businesses hosting ecommerce and online banking web sites. Sophisticated measures known as anti-pharming are required to protect against this serious threat.

AntispamThe antispam application protects against unsolicited commercial and bulk emails (spam) that may contain threats to the system. Antispam blocks spam, phishing attempts, and other email-borne threats before they reach the computer. You can create block and allow lists to manage who you receive emails from, and what content you allow to pass through to your email client.

Like antivirus applications employ virus definition files to detect malware, antispam solutions use definition files to filter out unsolicited emails. Virus definition files accommodate virus signatures that decide whether a file is infected or not, while antispam definitions use a set of criteria to figure out the likelihood of an email being spam. The spam definition files base their analysis of an email on lan-guage, pictures, colors, links included in the mail, as well as the sender’s email and IP address. Still, it is not always possible to conclude with absolute certainty if an email is spam or not.

SpamUnwanted email, usually advertising for some product. Spam is generally harmless, but it can be annoying as well as time-consuming.

PhishingThe act of sending an email to someone, pretending to be a legitimate public or private enterprise in an attempt to capture private information that can be used for identity theft. The email directs you to a web site where you are requested to update personal information like credit card and bank account numbers - information that the real organization already possesses. The web site is of course fake, but appears to be the real deal and is set up for the sole purpose of stealing information. The term ‘phishing’ is derived from ‘fishing’, where the pun is based on the notion of throwing out bait with the hopes that some will swallow it.

Parental ControlThe Internet is not necessarily a good place to be, and there are some web sites we certainly don’t want the youngest of the family to visit. Unless children and teenagers are under constant surveil-lance, they are likely to visit web sites with undesired content—deliberately or not.

With Parental Control you can block access to certain categories of web sites, or even block all sites not explicitly approved. In addition you can restrict the time a user is allowed to surf on the net and specify what time of the day surfing is permitted.

In short, you can customize a profile for the individual user based on age or other criteria you wish to take into account.

Privacy ToolsWith Privacy Tools you can delete specific files in a secure manner. The contents of the files are per-manently erased and cannot be recovered. You can also configure the application to automatically delete various log files containing personal data, cookies and browser history. Deleting history logs does not affect the application’s settings and bookmarks

Many applications, including the operating system itself, log user activity like which files are opened, web sites visited, and documents viewed. This is a user-friendly mechanism that makes it easier for users to perform repetitive tasks; visiting the same online newspaper or continuing to work on a text document.

This program is included in the Security Suite PRO version only.

This program is included in the Security Suite PRO version only.



Although this may be user-friendly, it is also a privacy concern. Other users of this computer, or other people inspecting your computer later on, may review these logs and discover things that you want to keep private. Even if you delete a file, it is not completely wiped out. Advanced tools can restore the file and hence compromise sensitive documents. Logs keep track of Internet browsing and files that are opened on your computer.

This functionality is of great concern to your privacy. It constitutes a potential risk of social engineering and identity or password theft. The acquired personal information can in turn be used with malicious intent.

Intrusion GuardThis is a host-based intrusion prevention system (HIPS) that can stop malicious applications from taking over control of your machine. The application offers a powerful reporting tool and protects pro-cesses, drivers, browsers and the hosts file. It is a platform for proactive thread protection intended for experienced users.

● Advanced System Reporter tool ◦ This powerful tool gives you control of installed applications, system filters, and suspicious mod-

ules, that are discovered on your computer.

● Powerful real-time features ◦ This functionality can be configured to log, warn and block intrusions.

● Processes protection ◦ Stops malicious applications from hijacking (taking control over) other applications and installing

more malicious content on to your computer system.

● Driver protection ◦ Stops drivers from installing and protects against other malicious techniques that try to gain low-

level access to your computer system.

● Browser hijacking prevention ◦ Monitors your Internet Explorer settings and manages cookies. Can also log, warn, and block,

attempts to install network filters, like LSP (Layered Service Provider) and BHO (Browser Helper Object).

● Hosts file protection ◦ Protects your hosts file from unauthorized modifications.

Norman Security SuiteUser Guide Installation | What is Norman Security Suite?


InstallationThis following chapter covers system requirements, license key, how to retrieve the installer (software setup file), and how to install the software on your computer.

Retrieving the softwareA medium (CD or DVD) with the installer was delivered when you purchased this program, or a web page address for Internet download is included in your purchase papers.

CD/DVDIf you received a medium (CD or DVD), please use it to start the installation.

1. Insert the CD/DVD into your computers CD/DVD player.

◦ The CD/DVD runs automatically and a menu appears. On Windows Vista and 7 you may need to accept to run Norman.exe.

◦ If a dialog menu does not appear within a minute or so, the Autorun feature may be turned off. To start the menu manually, do either of the following:

• Browse the CD/DVD content and double-click the root file Norman.exe.

• Click Start > Run and enter D:\Norman.exe. Replace D: with the actual partition letter of your CD/DVD player. Click OK.

2. Choose language for viewing the CD/DVD menu.

3. From the menu’s Install page choose the correct installer according to your 64 or 32-bits com-puter. Proceed to point 4 of the Internet download section.

Internet downloadThe installer can be downloaded from the Internet. The Internet location and download procedure is described within the purchase order information. If not, follow the general instructions below to down-load the installer and to start the installation.

1. Open your Internet browser and enter the general web address for our software downloads: http://www.norman.com/downloads/

2. Select your product, version and language. Choose the correct installer according to your 64 or 32-bits computer.

3. Click Save (or click Run)

◦ If you click Save you are allowed to save the file on the computer and to start the installation from there. An Internet connection is not required when you install from the computer. However, we do recommend Internet connection during installation for key validation and updating.

• Browse for a folder location to save the installer and then click Save to confirm. Make a note of the location where you save the installer.

• Like the download window, the browser is no longer needed and may be closed too.

• Locate the installer and double-click the file.

• The installer may be deleted after a successful installation, or you may save it to an external media for backup.

◦ Click Run to start the installation directly from the web. The installer downloads and then im-mediately starts installing the product. If the installation fails, you must visit the download page again.

4. The InstallShield Wizard is launched.

5. Read about ‘License key’ and proceed to ‘Installing’ on page 10.

Norman Security SuiteUser Guide Installation | Installing


License keyWhen you purchase our software you receive a product license key. The key is needed for the instal-lation to be updated. An antivirus software that is not updated on a regular basis does not fulfill its purpose.

● I have a key

◦ You should enter the key during installation, when you’re prompted by the InstallShield Wizard. The application will then automatically search for updates as soon as the installation is finished.

● I don’t have a key

◦ You can leave the key field blank and still install the entire suite. However, the License Wizard will regularly prompt you for a key and the product(s) will not be updated.

● Enter a key after installation is finished

◦ You can activate the License Wizard from the application and paste the key in the appropriate field. Please refer to the section ‘License Wizard’ on page 64.

InstallingRun the installer program (InstallShield Wizard). Refer to ‘Retrieving the software’ on page 9 on how to obtain it. Follow the on-screen instructions. Click Back if you need to review or change the installation settings.

The default location for installation is C:\Program Files\Norman

1. The InstallShield Wizard welcome screen appears. Click Next.

2. Read the license agreement and accept it to continue installing. Click Next.

3. Enter a valid product license key. Click Next.

◦ The key holds information on the products you have purchased.

◦ You can leave the field empty if you only want to evaluate the product. We recommend that you enter a trial key to make the most of the product during the trial period.

TIP COPY AND PASTE THE LICENSE KEY. If you have a copy of your license key in an email or some other electronic format, the easiest way is to copy the key into the license key field. Highlight the key and press Ctrl+C, place the cursor in the license key field and click Ctrl+V to paste in the key. Make sure that there are no blank spaces included

NOTE: If you don’t have a key, you can leave this field blank and still install the entire suite. However, the License Wizard will regularly prompt you for a key and the product(s) will not be updated. If required, the License Wizard will assist you in obtaining a key at a later point.

4. Setup Type

Select a) Complete or b) Custom.

a) Selecting Complete will install all program features to the default location. Click Next. Proceed to the point ‘7. Ready to install.’ below.

b) Select Custom to decide which products to install and/or to select another location than the default location. Click Next.

5. Custom setupA list of products that you can install is displayed.

• Antivirus & Antispyware

- Screensaver Scanner

• Personal Firewall

• Privacy Tools

• Intrusion Guard



• Parental Control*

• Antispam*

* You need to manually select this product if you want to install it. Click the drop-down menu to the left and select to install this feature on local hard drive. Installing this product requires that it’s comprised by your license key, or part of a trial installation. You can install this product later on if you like.

◦ Click Space if you want to see the disk space required for the selected installations.

• Click OK to return to the Custom Setup display.

◦ Click Next to continue.

6. Destination folder

a) Click Next if you want to install the selected applications to the default location.

b) Click Change... to define another location.

• Select location from the drop-down list, add a new folder, or enter the path in the folder name input field.

• Click OK to confirm and return to the destination folder display.

• Click Next

7. Ready to install.

◦ Click Install to begin the installation.

8. Installing Norman Security Suite.

◦ A dialog informing of that the application is now ready to launch and configure installed compo-nents appears. Click OK to continue.

9. The completed dialog appears. Click Finish to complete the InstallShield Wizard. The installation will continue to run in the background for 5-10 minutes.

10. Click Restart now when you are prompted to restart the computer. After the restart a customer registration form and - if the Personal Firewall is installed - the Personal Firewall Installation Wizard is launched.

◦ Customer Information

• Please enter the required information and then click Submit.

◦ Installation Wizard

• Please refer to the next section.



WizardsThe wizards handle installation and basic product configurations.

● InstallShield Wizard

◦ This wizard enables you to install the program. The wizard is also known as the installer or setup file.

● Installation Wizard

◦ This is relevant when the Personal Firewall is installed. Once the program suite with Personal Firewall is installed, a wizard for setting up the Personal Firewall is launched. Please refer to the next section.

● License Wizard

◦ This wizard keeps track of your valid product licenses. Please refer to the section ‘License Wizard’ on page 64.

Installation WizardYou have now completed the installation (cf. ‘Installing’ on page 10), and Personal Firewall is one of the installed features. The Installation Wizard is launched automatically.

This wizard establishes basic rules automatically, such as granting Internet access for the relevant applications. The purpose is to identify programs with a legitimate need to access the Internet and to create rules for these applications. It is highly recommended that you run the installation wizard. You can always change automatically generated rules later, using the Rule Editor.

If you choose not to run the Installation Wizard, you may experience that the computer cannot connect to the Internet, and that important applications are not updated. Please refer to the section ‘Expert Tools’ on page 39.

● Read the Introduction page and click Next.The Installation Wizard offers different steps for experienced and inexperienced users. The ex-perienced user can specify certain details, while the inexperienced user is guided by automatic configurations.

1. Rate your experience level and click Next.

◦ Inexperienced userYou are an average Internet user without expertise or an interest for the technical aspect of computers. The firewall will make decisions for you and keep your interaction with the program at a minimum. Select security level for handling Internet connections trying to access your computer (incom-ing), or applications trying to connect to the Internet (outgoing).

• Basic mode. All traffic is allowed, unless a permanent rule prevents the connection. You will be protected against incoming attacks.

• Normal mode. You will be prompted for unknown traffic, for which to allow or deny, unless a permanent rule prevents the connection. You will be protected against both incoming attacks and unwanted applications sending out data from your computer.

◦ Experienced userYou are familiar with common firewall setup and understand what IP address and port number is. The firewall offers more advanced options during setup and usage.

2. Follow the on-screen instructions in subject to adding other web browsers or email clients, config-uring network resources (advanced configuration, if experienced user is selected), and allowing other known applications.

3. Finally, click Finish to complete the wizard.

Norman Security SuiteUser Guide Getting started | Application tray icon


Getting started

Application tray iconDuring setup, an icon is placed in the system tray in the lower right-hand corner of the screen. This icon confirms that Security Suite is installed on this computer.

Right-clicking the tray icon displays the Security Suite system tray menu.

The items in the list with an icon in front of them are copies of the items that appear on the Start > Programs > Norman Security Suite menu. This is a shortcut to the program suite’s main modules, as well as some typical tasks.

● Internet Update

◦ Activate the Internet Update feature and update the installed products.

● Norman Security Suite

◦ Open the Norman Security Suite application.

● Disable Personal Firewall (Enable Personal Firewall)

◦ Toggles between enabling and disabling the Personal Firewall.

● Scan computer

◦ Start a manual scan of the entire computer.

● Stop automatic scanner (Start automatic scanner)

◦ Toggles between starting and stopping the automatic scanner.

● Update status...

◦ View update status for the installed products. This function is also the originator of messages regarding outdated virus definition files, expiration of license period and other information.

NOTE: The menu options differ depending on the installed products. For example, the option to Enable or Disable Personal Firewall is only visible when the Personal Firewall is installed.

Norman Security SuiteUser Guide Getting started | Open the application


Tray warning iconsThe tray icon also provides information regarding the state of your installation. Place the cursor on the tray icon for an explanation of any errors or messages.

CircleThis icon denotes that some of the components currently running are outdated. If the icon appears with a blinking symbol, place the pointing device on the icon to find out which com-ponent needs updating or if there are other error situations.

NOTE: During startup, this symbol is visible until all modules have started. The older and slower the machine, the longer it takes for all modules to load. However, the normal icon should appear after a maxi-mum of two minutes

!

TriangleThis icon, with a firm or blinking symbol, signifies that the automatic scanner has been manu-ally disabled, the application is waiting for a restart, an installation error has occurred, or the definition files are outdated.

Firm - The automatic scanner has been manually disabled in the application’s settings. Please

refer to ‘Enable Automatic scanner’ on page 28.

- The application is waiting for a restart. The Restart later option may have been se-lected on a previous prompt.

- A possible installation error has occurred. Try restarting your computer to solve the pos-sible error.

Blinking - The virus definition files are outdated. This means they are at least ten days old.

- The automatic scanner has been stopped from the system tray menu. Right-click the system tray icon. Select Start automatic scanner.

- The Personal Firewall has been disabled. Right-click the system tray icon. Select En-able Personal Firewall.

CogwheelWhen the tray icon appears with a cogwheel, the Program Manager is working with the pro-gram, most likely an update. We do not recommend that you turn off your machine when the Program Manager is working, i.e. while this symbol is visible.

NOTE: An update shouldn’t take more than 5-10 minutes. If the cogwheel icon is present for a longer peri-od of time, something might be wrong with the installation. In that case, try to restart your computer. If this does not finish off the cogwheel icon, then try the repair option described in the section ‘Automatic repair’ on page 68.

Windows Security Center Symbol We are one of the antivirus vendors that the operating system detects. If the virus definition files are outdated, if the automatic scanner is not running, or if the firewall is disabled, you will also receive a warning from Windows that something is wrong. The Security Center symbol appears and you can click on it to view and edit the Windows settings.

Norman Security SuiteUser Guide Getting started | Open the application


Open the applicationYou can open the application via the system tray menu, or via the Windows menu. Right-click the application’s system tray icon and select Norman Security Suite from the pop-up menu. From the Windows menu, click Start and select All programs > Norman Security Suite > Norman Security Suite.

Product warning iconsSometimes, a yellow triangle appears on the application’s menu entry. Reasons for this may be that a product is disabled or outdated, the license is expired, a newly-installed software needs final configu-ration to finish its installation procedure, etc. Select the menu entry with warning to find out more.

NOTE: When you open the Security Suite for the first time a warning is issued for the Parental Control application. Please refer to the section ‘Parental Control’ on page 50

Security Suite settingsThis application is installed with default settings that we recommend for everyday use. You can select Customize settings from the application’s main product pages to configure the products through a number of different options. When changing from one setting to the other, please notice the change of icon and that the settings lead texts switch place.

● Current settings: Recommended

◦ Default settings are effective, as recommended for everyday use.

◦ Click on Customize settings if you want to change the default settings.

● Current settings: Custom

◦ The default settings are, or can be, customized.

◦ Click on Use recommended settings to reset settings to default.

NOTE: Changing the default settings is not advisable unless you know how the changes affect the system. Make sure that the custom settings do not lead to inferior security level. If you are uncertain, remember that the default settings provide sufficient protection

Norman Security SuiteUser Guide Home | Security Suite settings


HomeOpen the Security Suite application to view status for the installed products. Please refer to ‘Getting started’ on page 13 on how to open the application.

Scan your computer, keep track of which products are installed, their status, and view some detailed information about them. Update all products, and switch on or off the automatic updates, with one click.

Click Scan Computer to start a manual scan of the entire computer. This scan employs the same settings as specified for the Manual scanner. See ‘Manual scanner’ on page 30.

Licensed products are those covered by your product license key. Please refer to ‘License key’ on page 10. The status icon indicates whether the installation is up to date and complete, if it needs updat-ing, or whether a product is not installed. The statistics to the right displays data from the working applications.

NOTE: When you open the Security Suite for the first time a warning is issued for the Parental Control application. Please refer to the section ‘Parental Control’ on page 50

Update all productsUpdate all installed products in one simple click. For further settings and overview, please refer to ‘Install and Update’ on page 63.

Automatic updates are on/offThe products will be updated on a regular basis when automatic updates are on. Edit settings from ‘Select update method’ on page 65.

NOTE: We strongly recommend that automatic updates are always on

Norman Security SuiteUser Guide Antivirus & Antispyware | Main page


Antivirus & AntispywareOpen the Security Suite application and select Antivirus & Antispyware from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application and to ‘Antivirus & Antispyware’ on page 5 for a description of the application purpose and function.

Main page

This antivirus and antispyware application monitors your computer for malicious software, also referred to as malware, as well as potentially unwanted software. This chapter is about how you con-figure the two main virus scanners - the automatic scanner and the manual scanner - as well as how you manage quarantined files, schedule scans, activate the screensaver scanner, and enable the anti-spyware feature.

Customize settingsClick this option to edit the default values. Please refer to ‘Settings’ on page 28. For general information on selecting recommended versus custom settings, please refer to ‘Security Suite settings’ on page 15.

Scanning statisticsThe application’s main page displays a graphical representation of scanned and infected files over the past 24 hours. The statistical numbers reflect the combined activity of the manual and the automatic scanner.

Outbreak modeThis feature should only be temporarily activated in case of virus outbreaks and when connecting to unknown or insecure wireless networks. Enabling this option may affect performance and stability.

Disable automatic file scanningPlease refer to ‘Automatic scanner’ on page 28.



Scan computerSelect this option to start a scan of your computer. You can also access the Scan computer option by right-clicking the system tray icon. This scan employs the same settings as specified for the Manual scanner. Please refer to ‘Manual scanner’ on page 30 on how you configure the manual scanner.

From the scanner dialog box you can select area to scan, view the scan log, delete or repair infected files and add potentially unwanted program files to the exclude list.

If you want to configure or schedule a scan, use the Task Editor. See ‘Task Editor’ on page 23.

When you have started a scan selecting Scan computer or if you run a scheduled task, the scan-ner dialog box appears.

The top level field displays the path for which area your scan is scheduled to search. Click Browse to change file or folder to scan.

● Browse

◦ Select which areas of your computer to scan.

● Start/Pause/Stop

◦ Start scanning, pause a running scan, or stop the scan process altogether.

● Repair

◦ Open the Repair Tool for further handling of infected or potentially unwanted program files.

● Settings

◦ This option is available from the Advanced view only. From here you can configure settings for the scan task and set log preferences. Pointing the mouse cursor, in the program, to a Scan or Log option will display supplementary information to this option.

• Scan Do not repair, Memory before files, Boot sectors before files, Network locations, Subfolders, Use Sandbox, Use Exclude List, Exclude and Use low priority.

• Log Clear log before scan, Scroll log.

● Advanced / Basic

◦ Toggles between Advanced or Basic view. The basic view gives the minimum information you need, while the advanced view gives more details. Advanced view keeps you posted in detail about the scan, allows you to configure settings and view log in an external text editor.



● View log

◦ Open the scan log in an external text editor. Study the log or save it to a different location. If Clear log before scan is enabled from Settings, the log will be cleared when starting a scan. Remember to save the previous log before starting a scan, if you want to keep it and this option is selected.

Repair, delete or exclude files from scanningThe Repair option will activate only if the scanner detects infected files or potentially unwanted pro-grams.

Select Repair from the scanner’s main view to open this tool. From here you can handle infected or potentially unwanted program files. Select files to repair or delete, or add potentially unwanted pro-gram files to the exclude list.

Infected files can be repaired or deleted altogether. See also next section about Quarantine.

Potentially unwanted program files can be added to the exclude list, if you trust the detected program and you want to skip the file from being scanned in the future.

● Detection log

◦ Displays a list of infected files or potentially unwanted program files that were detected.

● Select all infected

◦ Select all files, except potentially unwanted program files.

● Deselect all

◦ Deselect all items in the detection log.

● Repair

◦ Select an item from the detection log and click this option to repair an infected file. You cannot repair potentially unwanted program files.

● Delete

◦ Select an item from the detection log and click this option to delete an infected file.

Norman Security SuiteUser Guide Antivirus & Antispyware | Quarantine


● Add to exclude list

◦ Select a potentially unwanted program file item from the detection log and click this option to add it to the exclude list. The file is added to the Antivirus & Antispyware > Exclude List > Potentially unwanted programs exclude list. Files on this list is excluded from detection while scanning.

You can read more about ‘Potentially unwanted programs’ on page 6 and ‘Exclude list’ on page 25.

Norman Security SuiteUser Guide Antivirus & Antispyware | Quarantine


Quarantine

Keep files in quarantineSelect Customize settings to access the configuration options. Specify minimum and maximum time files should be held in quarantine, and how much disk space they are allowed to occupy.

● Minimum

Specify a period ranging from one day to one week. Files newer than the specified minimum time will never be deleted.

● Maximum

Specify a period ranging from one to four weeks. Files older than maximum time are deleted with-out warning.

● Maximum size of quarantine (% of partition)

Specify how much disk space of the current partition quarantined files are allowed to occupy.

NOTE: The maximum size can be exceeded in the case where quarantined files have yet to reach their specified minimum time

● Click Save to confirm your changes.

Quarantined filesInfected files that have been quarantined appear as a list in the Quarantined files dialog, provided that you have configured the program to do so. The antivirus application will try to repair infected files before they are deleted or quarantined (depending on your configuration). Quarantined files are either infected, or blocked by the Internet Protection feature.

NOTE: A copy of a deleted or blocked file is quarantined by default.

Norman Security SuiteUser Guide Antivirus & Antispyware | Task Editor


A copy of an infected and quarantined file is deleted, unless it resides in another folder, in which case it is moved to quarantine. When the automatic scanner detects that C:\eicar.com is infected, it is moved to quarantine. However, if the automatic scanner detects C:\Copy of eicar.com and this file is identical to eicar.com, it is not quarantined, but deleted. If Copy of eicar.com resides on C:\another folder\ it is, however, moved to quarantine because of the new location. This method is implemented to avoid that the quarantine is crammed in a situation where a virus has written sev-eral copies of the same file to the same area of the disk drive.

A file may be quarantined because the antivirus application suspects it is infected. On rare occasions, after a definition files’ update, the antivirus application may establish that a previously quarantined file is clean after all. Since types and techniques both for making and detecting viruses are chang-ing rapidly, the antivirus application will scan the quarantine after an update and after a restart of the machine.

If a quarantined file is ‘acquitted’ after such a check, it will be restored provided that there is a valid file path and that no other file with the same name exists. No user intervention is required, and you will not be informed about a possible restore of a quarantined file.



Task EditorSometimes it’s convenient to define tasks that should be performed several times and/or at regular intervals. Scanning for viruses is a good example of a task that needs to be carried out regularly, and the Task editor is the tool provided for that purpose.

You can create a task file for scans that you wish to perform repeatedly, or special scans that you intend to run in certain situations. For example, if you download files from the Internet to designated areas, you can create a task file that scans these areas only and run the task manually after down-loads. In addition, you can schedule the task to run at a preselected time.

All scheduled tasks are displayed as a list in the Task Editor dialog. The default tasks Full scan and Quick scan appear on the list the very first time you access the task editor, even if no tasks have been created yet. These two tasks cannot be deleted.

● Full scan - Scan all local files on your computer.

● Quick scan - Scan the most important areas of your computer.

You can view, edit, run, delete, activate and deactivate your tasks from the Task Editor dialog. Deselect the Active check box to deactivate a task. Select the Delete check box and click Delete selected to delete a task. Click the right-hand side icon of a list entry to run that task, or double click the task name to edit or view the task settings.

The default location for storing task files is C:\Program Files\Norman\tasks.

Create a taskFrom the Task Editor dialog you click Create a task, fill in the required information, and make your selections. Finally you click Create to save your task to the task editor list.

1. Enter a Task name.

2. Select either Scan the entire computer or Scan selected files and folders.

◦ Scan selected files and folders

• Click the folder search symbol to browse for files or folders. All local drives are listed with a Windows Explorer-like functionality. Click on a drive letter to browse for directories or files. If you select specific files and folders, all subfolders under the selected drive/folder are auto-matically selected. You can clear the option for subfolders that you don’t want to include.

• You can also enter a path and file or directory name directly in the input text field. The aster-isk (*) is accepted as wildcard. Example: To scan the entire C: drive, enter C:\*.*

• When you click Add to save, the specified area is added to the task list.



3. Select one or more scanning options. Scan boot sectors, Scan archives and Scan memory are all pre-selected. Apart from these, the scanning options for the Manual scanner are used.

◦ Scan boot sectors

• When you select this option, the antivirus application will check the boot sector of the area(s) that are being scanned.

◦ Scan archives

• Select this option to include archived files in the scan. The following formats are currently supported: ACE, ACE SFX, APPLE_SINGLE, ARJ, BZIP2, CAB, CAB SFX, CHM/ITSF, GZ, Inno Setup (Installer) LZH, MAIL/MIME, MSI, NULLSOFT (Installer), RAR2, RAR3, TAR, WISE SFX, ZIP, ZIP SFX and 7ZIP.

◦ Scan memory

• When you scan the memory area, the antivirus application looks for resident viruses. You should always make sure that no viruses exist in memory..

4. Schedule scans to run

Select frequency, time and date to run the scan. The suggested date and time is the current (ac-cording to your system information). You can select another time.

5. By default, the task is set to Enabled. Remove the check mark to disable it.

6. Click Create.

Your task will be saved to the Task Editor list, from where you can run, edit.

Norman Security SuiteUser Guide Antivirus & Antispyware | Exclude list


Exclude list

Exclude list

Files on the exclude list are not scanned. Reasons for not scanning certain files may be that they trig-ger false alarms, or they are too time-consuming to scan. Anyway, we recommend that you scan files on the exclude list regularly by running scheduled or manual scans.

NOTE: Exclude lists should be handled with great care, as they represent a potential security risk. Excluding files or areas from scanning is a decision at the expense of security.

Use the exclude listSelect this option to activate the exclude list. The Exclude List is used for excluding files that may conflict with the scanners, affecting your computer’s performance.

Exclude files from scanningSpecify files, folders, or entire drives that you don’t want to scan for malware. Click the folder search symbol, if you want to browse for files and folders, or enter a file name, directory, or drive letter in the input field.

Wildcards (*/?) are accepted. Place the wildcard at the beginning or the end of the search term. Do not place the wildcard in the middle of the search term.

NOTE: Do NOT use apostrophes “ or ‘ when you specify items for exclusion.



Examples

C:\Dir Excludes all files in the directory and subdirectories

*.xyz Excludes all files with the extension .xyz

example.exe Excludes the specified file regardless of where it is found

C:\System\xyz.doc Excludes this particular file

● Specify which of the scanners, if any, should use the exclude list. ● Click Add to list to include the entry in the exclude list

NOTE: The Security Suite does not check if the files, folders or drives added to the exclude list really exist. Be careful to enter the correct names and paths.

Network drivesYou can exclude network drives if you don’t want to scan shares that you have access to on remote computers. Specify for which of the scanners, if any.

Delete selectedTo remove entries from the exclude list, select the entry and click Delete selected. Click Save to confirm the changes.

NOTE: We recommend that you revise the exclude lists regularly.



Potentially unwanted programsIf the scanner detects potentially unwanted program files you will be asked if you want to add them to the potentially unwanted software exclude list.

Files on the exclude list are not scanned. Reasons for adding files to this exclude list may be that you have identified them as originating from non-malicious software.

The manual scanner does not know whether a program file is malicious or not. You must decide what files you want to exclude from scanning.

Use the exclude listFiles that you add to the exclude list will not be detected as potentially unwanted program files. You can manually remove files from the exclude list, but you cannot add files. If the scanner detects poten-tially unwanted program files, you will be asked to add them to the exclude list.

To remove entries from the exclude list, select the entry and click Remove selected.

Click Save to confirm the changes.

If no resource information is available for the listed entry, i.e. the file name, the columns for product name and version will contain the values Unknown or Not applicable.

Norman Security SuiteUser Guide Antivirus & Antispyware | Settings


SettingsFrom this section you can configure the automatic scanner, the manual scanner, and the Internet Protection feature. Both the automatic and the manual scanner employ the Sandbox by default. Read more about the Sandbox in ‘What is a Sandbox?’ on page 70. The manual scanner settings are also relevant for the Scan computer option, the right-click scanner, the Screensaver scanner and the Command line scanner.

Automatic scannerThe Automatic scanner works in the background and offers automatic protection of your system. It is an essential virus control component and should therefore be enabled at all times.

Enable Automatic scannerSelecting/deselecting this option stops and starts the Automatic scanner. We recommend that the Automatic scanner is enabled at all times.

If the Automatic scanner is stopped or paused from the tray menu, a blink-ing, yellow triangle appears on the system tray icon. See ‘Application tray icon’ on page 13. In addition, Windows Security Center will warn that “Your computer might be at risk”.

1. From the Automatic scanner settings menu, make sure that the option Enable automatic scanner is selected. Click Save to confirm changes.

◦ Clear the check box to disable the automatic scanner.

◦ No program warning is issued if the automatic scanner is disabled this way. However, Windows’ Security Center will warn you.

NOTE: Clearing the Enable automatic scanner check box means the scanner remains disabled until it is manually enabled again.



2. From the system tray menu click Start automatic scanner.

◦ This option toggles between Start automatic scanner and Stop automatic scanner.

◦ If the scanner is manually stopped, it will be enabled the next time the computer is restarted or when a Security Suite update is installed.

Automatically remove detected virusesThe scanner detects and repairs all types of viruses. Whenever possible, an infected file is repaired before the file is handed over to the application. Access to the infected file is denied if repair fails. A file is removed altogether if it contains nothing but malware.

Scan for potentially unwanted softwareThis scan goes beyond the normal scan for malware as it detects gray zone software - potentially unwanted programs. Select this option to improve your control over installed software.

User modesThe user modes section is divided into the two modules ‘Local user’ and ‘Services and remote users’. Under normal circumstances, a workstation runs in Local user mode, while a server runs in the Services and remote users mode. The default settings provide sufficient protection for most situations, and we do not recommend that you change them unless you are fully aware of the conse-quences.

Local user ● Read/Execute

◦ Instructs the Automatic scanner to scan files before they are used.

◦ Example: When a user double-clicks a .doc file, the Automatic scanner checks the file as well as the application which is being launched (in this instance, MS Word).

● Scan on both read and write

◦ Instructs the Automatic scanner to scan files that are opened for write, for example when a user downloads a file from the Internet.

◦ If you selected scan on Read/Execute, it is possible to download and save an infected file to disk. However, the Automatic scanner will detect the virus when you try to open the file.

Services and remote usersThis mode applies to any XP/Vista/Windows 7 machine that is logged off, and the machine theoretical-ly can act like a server. The selections you make here are whether you want to scan files before they are used and/or when new files are created, or when existing files are changed. In other words, you select a strategy for the automatic scanning that takes effect when you save downloaded files from the Internet, FTP servers, when another computer writes files to a network share on your computer, etc.

● Write

◦ Instructs the Automatic scanner to scan files that are saved to disk, for example when a user is saving a file on a server. In this case, the Automatic scanner on the server will scan the file.

● Scan on both read and write

◦ This is hopefully an option you won’t need. A scenario where this is an useful option is if a server has become infected, as a result of a missing scanner update, for example. Scan on both read and write in such a situation will prevent the infection from spreading further throughout the network.



Use SandboxThe Sandbox functionality is used to detect new, unknown viruses. Select this option if you want the scanner to look out for new virus variants. The Sandbox is particularly tuned to find new email-, net-work- and peer-to-peer worms and file viruses, and will also react to unknown security threats.

● Disabled

◦ The Sandbox feature is turned off.

● Normal

◦ Recommended scanning level. With this option enabled, the Sandbox checks all write opera-tions both for local users and for remote/services.

● Extended

◦ In a critical situation you can select this mode, for example if you have a virus outbreak on your system and no signature-based detection is available for a limited period of time. The Sandbox will then check on read as well as on execute. When this option is selected, scanning time will increase, but it is not likely to seriously affect system performance.

Click Save to confirm changes.

Manual scannerUse the Manual scanner to scan selected areas of your computer. Scanning an entire hard drive is a time-consuming exercise. For periodic scans of entire drives, selected folders or files, we encourage setting up scheduled scans. Use the Task Editor and enable the Screensaver scanner so that manual scans are performed automatically during periods of low activity or idleness. Finally, you can right-click a file system object to launch the Manual scanner. All these scanning methods employ the Manual scanner’s settings.

Use SandboxThe Sandbox functionality is used to detect new, unknown viruses. Select this option if you want the scanner to look out for new virus variants. The Sandbox is particularly tuned to find new email-, net-work- and peer-to-peer worms and file viruses, and will also react to unknown security threats. When this option is selected, scanning time will increase, but it is not likely to affect the system performance considerably.

Automatically remove detected virusesThe application will try to remove the virus from the infected file. Select this option to repair infected files automatically. Most viruses can be removed on the fly, except for boot sector viruses. A prompt for user intervention will always precede removal of a boot sector virus. Note that a file is deleted alto-gether if it contains nothing but malware.



Scan archivesSelect this option to include archived files in the scan. The following formats are currently supported: ACE, APPLE_SINGLE, ARJ, BZIP2, CAB, GZ, LZH, MAIL, RAR, RAR3, SFXZIP, TAR, ZIP and 7Z.

Scan for potentially unwanted softwareThis scan goes beyond the normal scan for malware as it detects gray zone software - potentially unwanted programs. Select this option to improve your control over installed software.

Logging

Create log fileCreates a log file in the C:\Program Files\Norman\Logs folder each time you run a manual scan. If you deselect this option, no log file is generated for manual scans. This option is enabled by default.

Detailed loggingGenerates a detailed report, specifying each file that was scanned, scanning time per file, status, etc.

Internet protectionThis filter protects against viruses that spread through Internet mail and news readers. The majority of viruses reported today use mechanisms that enable them to spread through email. This filter mod-ule is designed to intercept incoming and outgoing mail and news, and to strip or block all infected attachments with undesired content. It is both capable of scanning emails for known viruses as well as blocking file attachments depending on content and file extensions.



Use SandboxThe Sandbox functionality is used to detect new, unknown viruses. Select this option if you want the scanner to look out for new virus variants. The Sandbox is particularly tuned to find new email-, net-work- and peer-to-peer worms and file viruses, and will also react to unknown security threats. When this option is selected, scanning time will increase, but it is not likely to affect the system performance considerably. You can read more about the Sandbox in ‘Appendix A’ on page 70.

Traffic to scanSelect which elements of the Internet traffic you want to scan. The default is to scan all.

● Incoming email (POP3),

◦ Scans all e-mail that you receive from others. Again, even your best friend or closest business associate may be ignorant of a virus infection.

● Outgoing email (SMTP),

◦ Scans all e-mail that is sent from your system. If your machine is infected by malware which you are unaware of, you could unintentionally send infected mails to friends and business associ-ates, for example.

● Newsgroups (NNTP),

◦ Scans the traffic generated between your computer and the other participants in the group/fo-rum you are active in.

● Instant messaging (received files),

◦ Scans file transfer traffic during instant messaging sessions with MSN Messenger and Windows Messenger. When this option is selected, incoming files are scanned for malware. If a file is infected, a pop-up message will warn about the incident.

◦ Only file transfers are scanned, so infected links still pose a threat.

Note that the transferred files are scanned when they are written to the directory ...\Temporary Internet Files. If malware is detected, it is probably a TMP file that is quarantined. To restore a quarantined TMP file, select the desired file, choose the Save as option from the right-click menu and save the file with its original name and extension. See ‘Quarantine’ on page 21.



Block attachmentsThe block attachment feature is particularly useful when email worms are roaming and the worm can be identified by file name. Attachment blocking is also a useful feature to stop file types that you do not want to receive in your mailbox. When an attachment is blocked, it is moved to the quarantine area rather than deleted. You can block attachments by name or extension by entering the exact infor-mation. This is a short explanation of the available configuration options:

● Block all attachments

◦ All attachments are blocked.

● Block files with double extension

◦ Many worms and email viruses apply a technique where an additional extension is added, for example Filename.jpg.vbs. Most email clients will hide the last extension so that the attach-ment appears to only have the extension JPG. However, this feature is not only used by viruses — legitimate files with names like Myfile.hlp.zip and Todolist_20.dec.doc are both treated as double extensions.

● Block attachments with CLSID file type

◦ Some recent worms and email viruses apply a CLSID technique to fool email scanners and blocking software. They take advantage of a feature in Windows which makes it possible to re-place an .exe extension with a {...} extension and thus evade blocking of EXE files. Since there is no reason for legitimate attachments to use this type of extension, this behavior is blocked by default.

● Block encrypted attachments

◦ Depending on the tools used, compressed and encrypted files are generally harder to scan for viruses than plain file attachments. Therefore the antivirus application offers the option of block-ing such attachments altogether.

Attachment listUse this function to explicitly select attachments you want to block - or certify. You can enter the exact name of an attachment, or use wildcard (*) to block certain extensions. The entry appears in the list box, where you later can edit or remove it.

For example, enter *.exe to block or allow all attachments with an EXE extension. Place the wild-card at the beginning or the end of the search term. Do not place the wildcard in the middle of the search term.

● Block all attachments listed below

◦ All names that you Save to the list are BLOCKED.

◦ Click Save to confirm

● Block all attachments, except those listed below

◦ All names that you Save to the list are ACCEPTED.

◦ Click Save to confirm

NOTE: It is very important to distinguish carefully between these two options, as they represent two extremes: BLOCK all on the list, or ACCEPT all on the list.

Please refer to the application’s help file for further information on this subject.

Remove entriesSelect one or more entries and click Remove selected. Click Save to confirm.



PortsAmong the numerous protocols for communication between computers, there are some that are vital for Internet use. For standardization reasons, protocols have pre-assigned port numbers.

Port numbersSome of the protocols for communication between computers are vital for Internet use. For standard-ization reasons, protocols have pre-assigned port numbers. In the Traffic to scan section you selected which Internet traffic you wanted to scan. This identifies the protocols needed for sending and receiv-ing email, for example, and the corresponding port number on the computer, according to the industry standard.

You may have assigned different port numbers to one or more of the supported protocols listed here. If that is the case, you must enter the actual port number for the affected protocol(s).

The protocols below are those presently supported. The list will be updated when necessary. The port numbers and functions are already specified in the dialog:

● Incoming e-mail (POP3)

(Port 110) POP is short for Post Office Protocol.

● Outgoing e-mail (SMTP)

(Port 25) SMTP is short for Simple Mail Transfer Protocol.

● Newsgroups (NNTP)

(Port 119) NNTP is short for Network News Transfer Protocol



Other scanning methodsEnable screensaver scannerIf you select the Screensaver scanner, a virus scan of the system is performed during idle periods. Idle time is a period where there is no activity on the system, i.e. neither keyboard strokes nor mouse movements.

The manual scanner will start a scan of all hard drives once the screensaver is launched. As soon as the computer is activated, for example by a mouse move or keyboard stroke, the screensaver scan is terminated. If the scan did not finish, it will continue scanning from where it was stopped the next time it is activated.

1. Go to Antivirus & Antispyware and select Enable Screensaver scanner.

◦ The Windows Control Panel Display Properties dialog appears.

2. Select Screensaver scanner from the Screen saver drop-down list.

◦ Click Preview if you want to see the screen saver in action.

◦ A mouse move or keyboard stroke terminates the preview.

3. Click OK to confirm changes.

Next time the system is idle and the screensaver is activated, the manual scanner will start scanning the hard drives, displaying the progress continuously. A mouse move or keyboard stroke terminates the Screensaver Scanner.

NOTE: A screensaver scan employs the same settings as specified for the manual scanner.

Right-click scanThis is the manual scanner starting a scan of selected file or folder via the Windows right-click pop-up menu.

● Right-click a file or folder. ◦ For example in Windows Explorer or on the desktop.

● Select Scan for viruses from the pop-up menu. ● The Manual scanner dialog appears. You can Browse for another file or folder to scan, and

Start, Pause or Stop the scan process.



Command Line ScannerThe Command Line Scanner is an alternative to the GUI-based scanner and offers the possibility of running batch jobs and other scanning tasks from the command line. The command line scanner is a good alternative for those familiar with this environment.

The command line scanner has the same basic functionality as the menu-driven scanners and is not dependent on any other modules. It can also be run from batch files.

Starting the Command line scanner1. Start a command prompt session.

◦ Go to Start > Run.

◦ Enter CMD and click OK or press Enter.

2. Go to the directory where the Antivirus & Antispyware application resides.

◦ The default location is C:\Program Files\Norman\nvc\bin\

3. Enter the desired parameters and press Enter.

◦ For a list of available parameters, enter: nvcc /?

◦ The syntax is: nvcc [drive]:[path] [/parameters] [Enter]

◦ A space must precede each parameter that you use.

Norman Security SuiteUser Guide Personal Firewall | Main page


Personal FirewallFinish the installation wizard (see ‘Installation Wizard’ on page 12). Open the Security Suite applica-tion and select Personal Firewall from the left-hand side menu. Please refer to ‘Getting started’ on page 12 on how to open the application and to ‘Personal Firewall’ on page 6 for a description of the application purpose and function. Refer to ‘Installation Wizard’ on page 12 on how to initialize the Personal Firewall.

Main page

This chapter is about configuring the personal firewall application, creating rules controlling incoming and outgoing applications, viewing traffic, and more. The application distinguishes between inexperi-enced and experienced user. Whereas the inexperienced user is guided by an installation wizard, the experienced user is allowed to perform detailed configuration of the advanced settings.

Customize settingsClick this option to edit the default values. Please refer to Personal Firewall ‘Settings’ on page 45. For general information on selecting recommended versus custom settings, please refer to ‘Security Suite settings’ on page 15.

StatisticsThe statistics displays information about blocked incoming and outgoing connections and port scans.

● Blocked # incoming connections.Someone has tried to connect to your machine but was blocked, possibly because you don’t have the required software installed. Such connections are hardly of a malicious nature, but most likely legitimate server requests.

● Blocked # outgoing connections.The number of outgoing connections that have been blocked by one or more rules. If many outgo-ing connections are blocked, you should check if the relevant rules are correct.

Norman Security SuiteUser Guide Personal Firewall | Expert Tools


● Blocked # port scans.Shows how many systematic attempts there have been to scan for open ports. Sometimes viruses scan for open ports in an attempt to propagate, but it could just as well be an legitimate action per-formed by administrative software.

Disable Personal Firewall (Enable)Clicking the link toggles between enabling and disabling the Personal Firewall. You can enable or dis-able the Personal Firewall from the application’s main page or from the system tray menu.

● Go to the Personal Firewall’s main page and select Disable Personal Firewall.

NOTE: Windows’ Security Center issues a warning when the firewall is disabled.

or ● Right-click the system tray icon and select Disable Personal Firewall.

NOTE: This option is not available on Windows Vista, where you must disable and enable the Personal Firewall from the console.

LockClicking the link toggles between locking and unlocking all access to the network, the Internet includ-ed. You may want to use this function if you leave the computer on while you are away.

Clear session rulesSelect this option to delete temporary firewall rules created since the last restart of your computer. Temporary firewall rules are created during a session, i.e. between two computer restarts, when you select applies to this session from the firewall pop-up dialog. This dialog pops up when an action requires you to decide whether to allow or deny it. An action is, for example when a program tries to connect to the Internet. You will be prompted to confirm removal of the rules.

Clear block rulesIf you are unable to connect to the Internet/network, the reason may be that a rule blocks the connec-tion. Click on this option to remove all blocking rules. You will be prompted the next time you try to access the Internet.

Expert ToolsSee the next section.



Expert ToolsThe expert tools consist of the Rule Editor, the Real-time Log Utility, the Advanced Ports Viewer, and the Export and Import Personal Firewall rules feature. With these tools you can manage the advanced aspects of this application.

The expert tools are meant for an expert user. Except from the Rule Editor in wizard mode, which is perfect for the inexperienced user. You can switch between wizard mode and advanced mode in the Rule Editor dialog.

You can edit or establish rules using the rule editor. Firewall rules are necessary to allow trusted applications Internet access, and to block unreliable connections. The firewall also employs advanced stealth techniques that make the computer invisible and undetectable from the Internet. You can moni-tor computer activities using the real-time log utility and the advanced ports viewer.

Rule EditorRules are necessary to allow “trusted” applications Internet access, like so many programs rely on these days. The Firewall established rules for trusted programs installed on your computer when you ran the installation wizard. However, you may have programs installed that wasn’t recognized or were acquired after you installed the firewall. When such a program tries to connect to the net, the Personal Firewall produces a pop-up that informs about the action and let you decide if you will allow or deny the action.

The Personal Firewall does not allow you to create incoming rules. Incoming rules are handled by the Personal Firewall’s Server Mode awareness, which dynamically and automatically creates incoming rules based on Server Privileges. This is an intelligent mechanism in the firewall that evaluates attempts from the outside to listen on a set of ports. Legitimate requests are granted access only for the relevant

ports, and they are automatically closed when they are no longer needed.

When running the Personal Firewall Installation Wizard you chose between inexperienced and experi-enced user. The Rule Editor differs according to the selected user level.

TIP SWITCH USER MODE: At the lower right-corner of the Rule Editor dialog there is an option to select user mode. This option toggles between Switch to wizard mode and Switch to advanced mode.



Inexperienced level (Wizard mode)Go to Personal Firewall > Expert Tools and click Rule Editor to open the Rule Wizard dia-log.

1. Rule Wizard

◦ Select I want to create a new rule and click Next.

2. Select application to assign a rule.

◦ A list of eligible applications is presented. Click an application to select it. Select Show My Computer to browse your computer for programs missing from the list. Click Next to con-tinue.

3. Action for this application?

◦ Select to Allow or Deny this application to access the Internet. Click Next to continue.

4. Is this a server application?

◦ Determine if this is a server application or not. Server applications hold ports open and visible— making the computer behave like a server—allowing other computers to connect. Select No if you are uncertain. Click Next to continue.

TIP The firewall will prompt later if the application is requesting server privileges. A rule can always be changed at a later time.

5. Summary

◦ A summary dialog appears. Click Finish to generate the rule.

◦ The rule takes effect immediately after it has been generated.



Experienced level (Advanced mode)Go to Personal Firewall > Expert Tools, and then click Rule Editor. A dialog listing existing rules and their status appears in the tabbed dialog Traffic Rule:

1. Click Create New and then complete the required fields.

2. Click OK to confirm.

For a detailed description of all fields, please refer to ‘Advanced Rule Editor Settings’ on page 75.

Trusted Applications is the other tabbed dialog in the Rule Editor. The list is shared with the one used by Intrusion Guard (see ‘Trusted processes’ on page 61) and therefore identical.

The Trusted Applications list has nothing to do with traffic, but such an application is not considered “parent” when another application tries to go online. Certain Winows applications are automatically trusted and appears in gray on the list. You cannot delete or edit these. If misc.exe as a trusted application, it is allowed to start iexplore.exe without triggering a pop-up warning that misc.exe is trying to go online through iexplore.exe. Since misc.exe is trusted it is permitted to take certain liberties when it “starts” Internet Explorer. For example, it’s permitted to start a remote thread within IE without any warnings from the Personal Firewall because it is an expected and approved behavior.



Real-time Log UtilityThe Personal Firewall employs advanced stealthing techniques that make your computer invisible and undetectable from the Internet. You can keep an eye on activities on your own machine using two other features: the Real-time Log Utility and the Advanced Ports Viewer.

Go to Personal Firewall > Expert Tools, and then click Real-time Log Utility. Right-click an entry to view details and possibly change the configuration for this application.

Outgoing trafficThe log specifies at what Time an Application contacted the Internet, the program name and from which Port, stating the Remote machine’s IP address, port and Action. Action is either Allowed or Denied. Reason is either because a permanent rule or a session rule exists for this action/applica-tion, if it’s defined in Advanced Configuration or user prompt time-out.

Server privilege requestsThe log specifies at what Time an Application contacted your computer from the Internet, at which Port, stating the Remote machine’s IP address, port and Action taken by the Personal Firewall. Action is either Allowed or Denied. Reason is either because a permanent rule or a session rule exists for this action/application, it’s defined in Advanced Configuration or there is no listening application. The most common reason for not allowing server privilege requests is that your machine does not have the required software to interpret the enquiry. In other words; no matching server privi-leges request.

To receive data from another machine on the network, an application opens one or more listening ports. Note that server privilege requests are not established connections, but requests for connec-tions. However, sometimes the application also opens a listening port in order to receive an answer from a machine it sends data to. The Personal Firewall automatically permits such answers. A mecha-nism in the Personal Firewall determines if an application has opened a port deliberately, or if the application receives an unsolicited request as if it were a server. The Personal Firewall then prompts the user to confirm that the application should be granted privileges as a server.



Advanced ports viewerThe Advanced Ports Viewer presents an overview of all activity on the current machine’s ports. You should use this utility to manually check that no malware infects your machine.

Go to Personal Firewall > Expert Tools > Advanced Ports Viewer.

Ports open to the Internet appear in red and should receive your full attention, as the firewall cannot protect an open port. Server software like FTP and web servers have a legitimate use for open ports. But if an unknown application is active on an open port, there is reason for concern.

Stop an applicationTo stop an application, highlight an entry and click Terminate Application. The application is ter-minated immediately, even though it may appear in the list for about one minute after.

Enter the Open Advanced ConfigurationHighlight an entry and select the Open Advanced Configuration option.

NOTE: To change an application’s configuration from allow to deny, clear the check box and click OK. Alternatively, select the check box to allow a denied application access to the Internet. Note that Terminate Application and Edit Associated Rule only apply to entries ‘handled by rule’. The Open Advanced Configuration option is only available for ‘advanced configuration’ handled rules.

Norman Security SuiteUser Guide Personal Firewall | Settings


Export Personal Firewall rulesBackup your Personal Firewall rules. Select Export Personal Firewall rules and specify the loca-tion. Save the file to an external media for safekeeping.

Import Personal Firewall rulesRecover your Personal Firewall rules. Select Import Personal Firewall rules and specify the location from where you want to recover the backup file.

Norman Security SuiteUser Guide Personal Firewall | Settings


Settings

Configure Personal FirewallDuring setup several rules were created automatically, including rules for the most common browsers, mail clients, MSN and other programs that need to connect to the net.

Go to Personal Firewall > Settings > Configure Personal Firewall. To view and/or edit existing rules, please refer to the ‘Rule Editor’ on page 39.

Outgoing ApplicationsSome applications without rules may try to connect to the internet or the local area network. In this dialog you can decide how the personal firewall should handle these applications. The default setting is Prompt. When prompted you can evaluate an application that tries to go online and define a rule, for example. The alternative is Deny, in which case all programs, without a permanent or session-based rule, are denied access to the net.

Server PrivilegesSome applications without rules may try to accept connections from the internet. In this dialog you can decide how the personal firewall should handle these applications. The default setting is Prompt. When prompted you can evaluate if an application should accept an invitation from the net. The alter-native is Deny, in which case all programs, without a permanent or session-based rule, will deny invitations from the net.

NOTE: In the Edit Rule dialog there is an option that allows you to grant or deny server privileges for an application. The concept server privileges is also explained in the topic Rule Editor.

Advanced SettingsThe technical nature of these configuration options requires a certain expertise if you intend to change default settings. As a rule of thumb, do not change any setting unless you know what it means and are aware of the consequences. The default settings are sufficient for the average user.

The Firewall Operation option is described below. For further details of all options, please refer to ‘Advanced Rule Editor Settings’ on page 75.

Switching user modeThere are two ways of switching between wizard (inexperienced user) and advanced (experienced user) mode.

1. From Personal Firewall > Expert Tools > Rule Editor click Switch to wizard mode, or if wizard mode is enabled, Switch to advanced mode.

2. Go to Personal Firewall > Settings > Advanced setting, and then scroll down to the section Firewall Operation.

This option is enabled if you specified “Experienced user” during setup. If you specified “Inexperienced user” you will launch the rule wizard instead.

The difference between these two user levels is the degree of assistance available when creating new rules or changing existing rules. Please refer to ‘Rule Editor’ on page 39 for further information on how to create rules in the two different modes.

Norman Security SuiteUser Guide Antispam | Main page


AntispamOpen the Security Suite application and select Antispam from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application and to ‘Antispam’ on page 7 for a descrip-tion of the application purpose and function.

Main page

This application protects you against unsolicited commercial and bulk emails (spam) that may con-tain threats to your system. This chapter is about how you customize the spam filter, create block and allow lists, manage filtered emails, view filtered emails, update intervals, and spam management options.

Spam statisticsThe graphical view displays the amount of captured spam and phishing attempts that the application has blocked per day over the past two weeks.

Customize settingsClick this option to edit the default values. Please refer to Antispam ‘Settings’ on page 49. For general information on selecting recommended versus custom settings, please refer to ‘Security Suite settings’ on page 15.

Block/AllowYou can manage individual email addresses using the Block/Allow list to inform the application about addresses that always should be allowed or denied. The antispam filtering method will never overrule your manual specification of an address (Block or Allow). Please refer to ‘Block/Allow’ on page 48.

Norman Security SuiteUser Guide Antispam | Main page


View filtered email messagesFrom your email application, for example Microsoft Office Outlook, Windows Outlook Express or Windows Mail, you can view the email messages filtered as spam. The NAS Spam folder is created when you install the Norman Security Suite, or when you install one of the mentioned email clients and Norman Security Suite is already installed on your computer.

Open your favorite email client and locate the NAS Spam folder and the Antispam application menu.

● Report Spam

◦ Reports emails as spam. Select an email message from the Inbox and click Report Spam from the toolbar. The message is moved to the NAS Spam folder.

● Not Spam

◦ Marks emails as not being spam. Select one or more emails from the NAS Spam folder and click Not Spam.

● Block/Allow

◦ Block or allow emails. Selecting this option opens the Antispam application. Enter one or more email addresses to Block or Allow.

● Remove Spam

◦ Clears the complete content of the NAS Spam folder. To delete one message at a time right-click an entry and select Delete from the pop-up menu.

● Scan Folder

◦ Scans incoming emails for spam. Select one or more folders and click Scan Folder to start a manual scan. This option toggles between Scan Folder and Stop Scan. Click Stop Scan to stop scanning for spam messages.

Please refer to ‘Spam management’ on page 49 to specify if you want to delete spam automatically.

Norman Security SuiteUser Guide Antispam | Block/Allow


Block/AllowYou can manually enter email addresses that you wish to block or allow. Enter an email address and specify if it should be blocked or allowed by selecting the relevant radio button.

Add/remove email addressEmail addresses appear in a list in the lower part of the dialog. When you enter a new address, the Block option is default to prevent an unintentional approval of an address that should be blocked. Alternatively, select Allow to accept email from this sender. You can at any time edit details in the list of email addresses.

Add1. Enter an email address, for example

[email protected]

orEnter several email addresses separated with comma, for example [email protected], [email protected]

orEnter an entire domain to allow or block, for example phoneysales.com Note: Do not add your own domain to avoid spoofed emails.

2. Select Allow or Block (default option) for each address.

3. Click Add for each new entry.

4. Click Save to keep new addresses or domains.

Remove1. Select one or more addresses.

2. Click Remove selected.

3. Click Save to confirm the changes.

Edit1. Select one or more addresses.

2. Enter the desired changes for the email address to block/allow.

3. Click Save to confirm the changes.

Norman Security SuiteUser Guide Antispam | Settings


SettingsLike antivirus applications employ virus definition files to detect malware, antispam solutions use defi-nition files to filter out unsolicited emails. While virus definition files accommodate virus signatures that decide whether a file is infected or not, antispam definitions use a set of criteria to figure out the likelihood of an email being spam. The spam definitions base the analysis of an email on language, pictures, colors, links included in the mail, as well as the sender’s email and IP address. Still, it is not always possible to conclude with absolute certainty if an email is spam or not.

Configure filter strictnessIf you use the slider and set the strictness level to Low, the antispam application will examine emails whith maximum suspicion and consequently tag fewer emails as spam. Similarly, if the slider is posi-tioned at High, a laxer interpretation of the spam criteria results in a lower spam score.

When there is little or no doubt that a mail is spam, for example when the sender is on a blacklist or in an online database, it will be stopped regardless of the slider bar’s position. We consider the default setting Medium as appropriate for filtering out unwanted emails.

The antispam filtering method will never overrule your manual approval of an email address.

Configure spam controlUpdate spam definitionsSelect frequency for the spam definition update; every five minutes, once a day, or once a week. The recommended setting is Every five minutes.

Spam managementThis option allows you to select when to delete emails that the spam filter has stopped, depending on age or amount. The default settings are Delete all spam after [10] days, and Delete spam if total exceeds [500] filtered email messages.

Remember to click Save to confirm any changes.

Norman Security SuiteUser Guide Parental Control | Main page


Parental ControlOpen the Security Suite application and select Parental Control from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application and to ‘Parental Control’ on page 7 for a description of the application purpose and function.

Initial accessBefore using this application for the first time an information message ‘Administrator not created!’ will appear on the Home page, and a yellow warning triangle appears on the application’s menu entry.

1. Create administrator

You must create an administrator user before you can access this application. Enter a password and select the default fallback profile. Click Save to continue.

The default fallback profile should be the lowest rated user profile that you want to establish. I.e. if you are going to create a Child profile then the default fallback profile should also be Child. Only the administrator should be able to edit users and configure their settings such as scheduling Internet access time and create block and allow lists. The administrator would normally be a parent.

These settings can be changed later from Parental Control > Settings.

NOTE: The administrator password cannot be reset. Make sure you choose a password that you can eas-ily remember. The password is case sensitive.

2. Administrator login

When an administrator user is created the login page appears. Log in with the administrator’s user-name and password to access the application.

System tray iconA system tray icon indicates that the Parental Control is installed. Moving the mouse cursor over the icon displays a status text, for example ‘Parental Control: ‘Administrator’ is logged in’.

Norman Security SuiteUser Guide Parental Control | Main page


Main page

This application blocks access to certain categories of web sites, and it restricts and schedules Internet access for users. This chapter is about creating, configuring and managing users, as well as viewing the log and scheduling Internet access. Log in with the administrator’s username and pass-word to access the application.

SettingsClick this option to edit the default values. Please refer to Parental Control ‘Settings’ on page 55 .

StatisticsFrom the main page you can follow up on the statistics for blocked and scanned elements.

User ConfigurationPlease refer to ‘User Configuration’ on page 52.

Log ViewerPlease refer to ‘Log Viewer’ on page 55.

Norman Security SuiteUser Guide Parental Control | User Configuration


User ConfigurationCreate users and assign user profiles. Existing users are listed in this dialog with user name and the profile they have been assigned.

There are three user profiles, Adult, Teenager, and Child. The latter is completely restrictive and only allows access to web sites manually entered by the administrator in the allow list.

Adult No restrictions.

Teenager Categories filter restriction.

Child Completely restricted.

CategoriesCategories are based on a wide range of terms and expressions that enable the application to identify a web page as predominately sex oriented, for example. The terms are not accessible for viewing or editing. Parental control applies a technique that requires the presence of a set of conditions for a web page to be classified as belonging to one of the categories. For the Teenager profile there are four available categories that will block access to web pages with contents of the types Sex, Gambling, Weapons and Drugs. All categories are by default on, but the administrator can deselect the one(s) that should be allowed.

Block/Allow listFor the Child profile users an allow list must exist, since only the web addresses on this list are pos-sible to view. For the Teenager profile users it is optional to create both a block list and an allow list. See sections ‘Default Child profile’ on page 53 and ‘Default Teenager profile’ on page 53.

NOTE: Both the allow list and the block list affect all users within the group.



Web address formatURL (Uniform Resource Locator) is the technical term for a web address. Wildcards (*/?) are not sup-ported in the web addresses. Wild cards are replacements for unknown characters. Valid formats are:

◦ http://www.newspaper.com

◦ www.newspaper.com

◦ newspaper.com

A given web address allows you to visit sub domain levels, but never to visit the parent level. For example, granting access to www.newspaper.com/kidsstuff does not permit access to the parent level www.newspaper.com. However, if newspaper.com is added, all sub domain levels of this web address are allowed, like news.newspaper.com, cartoon.newspaper.com, etc.

NOTE: If a user follows a link from an allowed page, it is permitted regardless of where the link is leading.

However, it is not possible to open yet another page unless the referrer is explicitly allowed.

Default profile settingsThe Adult profile has no restrictions. The profiles Child and Teenager are subject to restrictions, and thus can be configured. Actually, if a user assigned to the Child profile is to access the Internet at all, a web page must be specified. The profile settings apply to all members of the user profile. To configure a separate member, please refer to ‘Create user’ on page 54.

Default Child profileRemember that the changes you make to this default profile affect all members of the profile, not only the individual user. Because all web pages for the Child profile are blocked unless they are explicitly permitted, there is no blocklist or category for this profile user.

● Add

◦ Enter a web address to allow in the Add address to list field. Enter several addresses separated with a comma. Click Add for each new entry.

● Remove

◦ Select one or more addresses and click Remove selected.

Default Teenager profileRemember that the changes you make to this default profile affect all members of the profile, not only the individual user. For this profile web pages are restricted by Categories and the Block/Allow list.

● Categories

◦ All categories are by default selected, i.e. web pages with a certain content are blocked for the Teenager profile according to these settings. The categories are Sex, Gambling, Weapons and Drugs. The administrator can remove the check mark to allow web pages in that category. Alter-natively, add one or more web pages to the Allow list. Click Save to confirm any changes.

● Block/Allow list

◦ Web pages for the Teenager profile are blocked according to settings in Categories. You can add one or more web pages to grant access to otherwise blocked pages.

● Add

◦ Enter a web address to allow in the Add address to list field. Enter several addresses separated with a comma. Select the Block or Allow radio button. Click Add for each new entry.



Create userSelect Create user from Parental Control > User configuration.

1. Type in a name for the new user and enter a password that you must confirm.

2. Select default profile to base the new user on.

◦ When you assign a profile to a user you decide what kind of web pages the user can view:

• AdultNo restrictions. The user can access any web site.

• TeenagerIn principle no restrictions. However, the default Categories settings will block web pages with undesired topics or content.

• ChildOnly allowed to view the web pages that the administrator types in the Allowlist.

3. Click Save to confirm.

◦ Before you click Save to create the new user, you should check that the profile selected is cor-rect for this user.

The new user is added to the list of users. Click on a username to configure that user.

Change passwordChange the name and password for the selected user.

CategoriesThis selection only applies to the Teenager profile user. To allow one or more categories for a Teenager profile user, clear the relevant categories check boxes. For further information, please refer to the section ‘Categories’ on page 52 and ‘Default Teenager profile’ on page 53.

Block/Allow listThis selection only applies to the Teenager profile user. From here you can allow or block web addresses for the user. For further information, please refer to the sections ‘Block/Allow list’ on page 52 and ‘Default Teenager profile’ on page 53.

AllowlistThis selection applies to the Child profile user. From here you can allow web addresses for the user. Please also refer to the section ‘Default Child profile’ on page 53.

SchedulerThe administrator can decide what time of the day for each day in the week that a user can surf on the Internet. The default setting is that all periods are allowed (green).

1. To block Internet access for a specific time, place the cursor in the desired period and click on it.

2. Click and drag the cursor upwards/downwards or sideways right/left in one whole movement to extend the period you wish to deny. Likewise, click and drag to change from Deny (gray) to Allow (green).

3. Click Save to confirm changes.

Norman Security SuiteUser Guide Parental Control | Log Viewer


Log ViewerThe tool automatically logs blocked web pages for Teenager and Child profile users. The logs do not show which pages a user has visited.

The log can show blocked pages for up to one week old. There is one log per day of the week, and you can only select a weekday - not a date. The application will suggest the current weekday as default.

The columns in the log show date, time, user, reason for blocking and the blocked URL.

If the User column is blank, the system has been in fallback mode with no logged on user.

SettingsYou can avoid that an unattended machine with a logged on adult user is being accessed by a child user (i.e. if you forget to log off or need to leave the computer all of a sudden). The default fallback profile is activated after the specified idle time.

Idle time before changing to default profileIdle time is a period where there is no activity on the system, i.e. no keyboard strokes and no mouse movements.

● From the drop-down menu, select when the application should fall back to the default profile when the computer is idle.

● Click Save to confirm.

Set the default fallback profileYou can select Teenager or Child as the profile the application should fall back to after the specified idle period.

● ChildAll web pages are blocked for the Child profile, except those you enter manually. This means that until you have added a web page for the Child user, no Internet access is available.

● TeenagerWeb pages with a certain content are blocked for the Teenager profile according to settings in Cat-egories (i.e. Sex, Gambling, Weapons, and Drugs).


Change administrator passwordThe administrator password cannot be reset, but you can change it provided you know the old one. If you change the administrator password, you may want to write it down and keep it in a safe place.

NOTE: Please be aware that the password is case sensitive

Norman Security SuiteUser Guide Privacy Tools | Delete a user’s program history


Privacy Tools This program is included in the Security Suite PRO version only.

Open the Security Suite application and select Privacy Tools from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application and to ‘Privacy Tools’ on page 7 for a description of the application’s purpose and how it works.

With this application you can perform a secure deletion of specific files. The contents of the files are permanently erased and cannot be recovered. You can also configure the application to automatically delete various log files containing personal data, cookies, and browser history. Deleting history logs does not affect the application’s settings and bookmarks.

Delete a user’s program historyThe username list displays all registered users of this computer and lists programs that you can delete history logs from.

● Select one or more usernames and programs to delete history for. ● Click the Delete history now button to confirm.

Delete history manually or automaticallyYou can delete the history logs manually, or you can configure the application to delete them auto-matically at specified intervals.

● Manually History logs will only be deleted when you click Delete history now.

● Every 10 minutes or Every hour History logs will automatically be deleted at the selected frequency.


NOTE: If you select to delete history Manually, the logs will only be cleared if you click Delete history now. They will NOT be deleted automatically.

Norman Security SuiteUser Guide Privacy Tools | Secure Delete


Secure DeleteWith this application you can perform a secure deletion of specific files. The contents of the files are permanently erased and cannot be recovered.

You can start the secure delete process of files by right-clicking on it, simple. You will be prompted to confirm the deletion. The deletion progress is displayed, and a summary appears when the deletion process is complete. This is how you securely delete files:

◦ Select one or more files that you want to delete.

◦ Right-click the file(s).

◦ Select Norman Secure Delete from the pop-up menu.

◦ Click OK to confirm.

◦ Click OK to close the summary dialog.

The contents of the files are now permanently erased from your computer.

NOTE: Deleting a file using the secure delete method is much more time-consuming than common file deletion. This is because each part of the file is overwritten multiple times to prevent any traces of the origi-nal content to be recovered.

If you stop the delete process once it has started, the file will still be destroyed, but not as securely as intended.

Some files may not be deleted. This is either because the user has no write permission to the files, or because the file is protected by the operating system and cannot be deleted.

Norman Security SuiteUser Guide Intrusion Guard | Main page


Intrusion Guard This program is included in the Security Suite PRO version only.

Open the Security Suite application and select Intrusion Guard from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application and ‘Intrusion Guard’ on page 8 for a description of the application purpose and function.

Main page

This application is a host-based intrusion prevention system (HIPS) intended for experienced users. Inexperienced users should keep the recommended configuration settings unchanged, which primarily allow and log events. High risk events that are rarely used by legitimate applications are blocked by default.

Customize settingsClick this option to edit the default values. Please refer to ‘Settings’ on page 58. For general information on selecting recommended versus custom settings, please refer to ‘Security Suite settings’ on page 15. We recommend that only advanced users customize these settings (i.e. change the default settings).

Advanced System ReporterThis is a tool intended for experienced users. It can detect unknown spyware and rootkits by search-ing your computer for abnormalities. Please refer to ‘Appendix B’ on page 71

SettingsFrom this dialog you can view and edit the application’s configuration. Select Customize settings at the top most part of the dialog to change the defaults, or select Recommended settings to switch back to the default configuration.

NOTE: We recommend that only advanced users change the default settings.

Norman Security SuiteUser Guide Intrusion Guard | Settings


Drivers & Memory

Drivers are computer programs that operate on a low level; the ‘kernel level’. Drivers are typically writ-ten to access and control hardware, such as your display monitor, keyboard, printer and network card. In order to access hardware connected to your computer, the drivers need full system access. For this reason the same techniques are used when writing malicious applications. You can modify the driver installation configuration to control which applications should be allowed to install drivers on your com-puter.

There are two malicious techniques to achieve the same privileges as drivers get. Both of these tech-niques circumvent the security mechanisms of the operating system. It is highly recommended to keep the settings for both as Deny.

● Prompt

You will be asked each time an attempt is made.

● Allow

Attempts will only be logged.

● Deny

No application, legitimate or malicious, will be able to install kernel level drivers.



Processes

When an application, legitimate or malicious, is installed on your computer, it will most often want to start automatically each time your computer is started. A program that wants to start automatically can instruct the operating system to auto-start itself with the same privileges as the current user, or it can install a background service that will run with elevated privileges. The intrusion prevention application can stop attempts of this nature.

● Prompt

You will be asked each time an attempt is made.

● Deny

No application, legitimate or malicious, will be able to install itself to automatically start when the computer is started.

A program can also inject code into other processes running on your machine, and it can hijack pro-cesses by other means. This is common behavior for malicious applications, but some legitimate pro-grams also use such techniques, for example to extend the user’s desktop, or to offer other advanced features to the operating system or third party applications. You can configure the application to deny or prompt each time an attempt like this is made.



Trusted processesYou can edit a list of trusted applications to include legitimate applications with a similar behavior. To do so, click Trusted processes under the Process Protection part in this dialog.

User-defined trusted applications will appear with a check box. You can select one or more user-defined trusted applications and click Delete selected to delete them.

Note that predefined trusted applications appear in gray and cannot be removed. This list is shared and therefore identical to the Trusted Applications list in the Personal Firewall’s Rule Editor. See ‘Rule Editor’ on page 39.

For further information on hidden processes, please refer to ‘Operating System Internals’ on page 72.



Network

By adding filters to network modules in your operating system, malicious applications can steal per-sonal data, such as social security numbers, credit card details, and passwords. Adware can modify network data sent trough those filters. It can change results in search engines and show unwanted advertisement on your desktop and embedded in web pages you visit.

A BHO (Browser Helper Object) is an extension to Microsoft’s Internet Explorer. This and other Internet Explorer plug-ins, like toolbars, have full control over network traffic to and from Internet Explorer, and they can interact with the user interface.

An LSP (Layered Service Provider) is a generic filter in the network stack in Windows. It has full con-trol over all network traffic on your computer.

When you access a web site through its domain name (web address) it is translated into an IP address. Then the data is sent to and from the remote server. Your computer will first look for the domain name in your hosts file. This means that hosts file entries overrides any IP address that the name resolves to. Malicious applications may change your hosts file and thus redirect the network traffic to a malicious web site (so called Pharming).

● Prompt

You will be asked each time an event occurs.

● Deny

Stops all attempts to modify your system and hosts file and to install a BHO or an LSP.

Norman Security SuiteUser Guide Install and Update | Main page


Install and UpdateOpen the Security Suite application and select Install and Update from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application.

Main page

The Install and Update menu displays, among other options, a list of all available products in the Security Suite. From this menu you can add or remove products, initiate updates, activate the License Wizard and change language of the program installation.

NOTE: Changes to this page may require a system restart before taking effect.

Customize settingsClick this option to edit the default values. Please refer to ‘Settings’ on page 65. For general information on selecting recommended versus custom settings, please refer to ‘Security Suite settings’ on page 15.

Licensed productsThe list of licensed products displays what products are installed, their status and when the license expires. From this page you can add or remove products or components in the list. If you clear a check box, the corresponding product will be uninstalled altogether. If and when new products or components are added they are downloaded automatically. All selected products are automatically updated through the Internet Update function.

NOTE: If you clear a product check box, the deselected product will be uninstalled and hence never updat-ed.

Norman Security SuiteUser Guide Install and Update | Settings


Update all productsFrequent updates are provided for the virus definitions and the program files. Update is done via the Internet or the internal network. Once Internet Update has downloaded a package, the actual update will be installed automatically. After an update, the program may prompt you to restart your computer.

● Click Update all products once to update the entire Security Suite.

Enable/disable Automatic updatesAutomatic updates are by default on. This means the product installations are updated whenever there are components or definition files to update them with. To change the automatic update settings, please refer to section Settings > Select update method.

NOTE: Antivirus software must be frequently updated to efficiently discover and remove malware.

Select product languageYou can change the language you selected during installation. Select the preferred language from the Product language drop-down menu and click Save. The change will take effect after the next update.

License WizardThe License Wizard checks and updates the license. If you select this option, a dialogue appears with information about installed products and license key credentials. A valid key is necessary to update the installation.



Settings

Select update methodThis option allows you to choose between manual and automatic updating. We recommend the auto-matic update method, as it is of the utmost importance to keep the software updated at all times.

Update manuallySelect this option if you prefer to start Internet Update manually from the Install and Update main page (Update all products). You can also select Internet Update from the system tray menu.

NOTE: The option Update manually requires a forced start of the Internet Update function. Selecting this option means the system is NOT updated automatically. It is highly recommended to update the soft-ware frequently. Updating manually is not a recommended method for everyday use, as executing the update may easily be forgotten.

Automatically at set intervalsSelect this option to make the program take care of downloading and updating automatically. Select a time interval in the list next to Automatically at every to set the desired interval. This option requires a permanent connection to the Internet.

NOTE: The option Automatically at set intervals means the system is updated automatically. This is the recommended update method. If Internet Update has not been run for 24 hours, the program automatically checks for updates at start-up.

Wait for dial-up connectionIf you use a modem to connect to the Internet, select this option for daily checks for updates at the product servers. You just access the Internet like you normally do, and the program will figure out if updated files are available. If you connect to the Internet several times a day, the update mechanism checks for updates the first time you connect only. If you connect to the Internet once a week, for example, the program will check once as soon as you’re connected.



Proxy settingsA proxy server is an intermediary computer residing between the user’s computer and the Internet. It can be used to log Internet usage and block access to web sites. The firewall at the proxy server may also be used to block access to certain web sites or web pages

If a firewall or proxy server protects your computer, you must enter the required proxy information.

● Go to Install and Update > Settings > Proxy settings

● Select Use proxy server and enter a proxy address and port. ● Select Log on to proxy server and enter username, password and domain (for Windows NT

Challenge/Responses), if applicable. ◦ Windows Challenge/Response Authentication is the format used for connecting to either Win-

dows 2000 Server or Exchange.

◦ The user account has the following format: [NT/2000domainname]\[accountname]

Norman Security SuiteUser Guide Support Center | Main page


Support CenterOpen the Security Suite application and select Support Center from the left-hand side menu. Please refer to ‘Getting started’ on page 13 on how to open the application.

Main page

The Support Center offers information on where to obtain further assistance than the product documentation and online help can supply. It also contains an automatic repair function that may be of help if you experience problems with the installed software.

Help and troubleshootingClicking the Help and troubleshooting link brings you to our website, which offers a range of useful resources that in most cases will help you out. On this web site you’ll find:

● Support ● Security center ● Support Forum

If searching these resources does not solve the problem, please contact your local dealer or us.

Contact informationThis page provides phone numbers and addresses so you can get in touch with our local office/repre-sentative. This information is also available on the last page of this document.

http://www.norman.com/support/

http://www.norman.com/security_center/

http://forum.norman.com/

Norman Security SuiteUser Guide Support Center | User Configuration


Automatic repairIf you experience any problems with your installed version of the program, you could always try to run an automatic repair before you contact support personnel.

When you click Automatic repair, a process is started in the background which checks your installation and if necessary updates files or components. You’ll see the cog symbol in the tray menu while automatic repair is running. See ‘Tray icons’ on page 17 for an explanation of icons that affect the program.

If you don’t have access to a graphical user interface, you can run Delnvc5.exe from C:\Program Files\Norman\npm\bin and choose the Repair option.

Messaging Log ViewerThis is a feature that monitors the application and displays various message information including type, originator, time and date, application, and details.

Norman Security SuiteUser Guide Uninstalling | User Configuration


UninstallingTo uninstall the program, two methods are available. One is to use the Windows Add or Remove pro-grams feature. The other is to use the program’s uninstall application.

1. From Windows operating system:

◦ Select Start > Control Panel > Add or Remove programs.

• On Vista you select Programs and Features.

◦ Scroll to find and select this program.

◦ Select the Remove option.

• When the program is removed, restart the computer.

2. Using the uninstall application:

◦ Select Start > Run and enter the location of Delnvc5.exe

• The default location is C:\Program Files\Norman\npm\bin\Delnvc5.exe.

◦◦ Select◦the◦Remove option.

• When prompted, restart the computer.

Norman Security SuiteUser Guide Appendix A | What is a Sandbox?


Appendix A

What is a Sandbox?Sandbox is the term that best describes the technique that is used to check if a file is infected by an unknown virus. The name is not randomly picked, because the method allows untrusted, possible viral code to play around on the computer – not in the real computer, but in a simulated and restricted area within the computer. The Sandbox is equipped with everything a virus expects to find in a real computer. This is a playground where it is safe to let a virus replicate, but where every step is carefully monitored and logged. The virus exposes itself in the Sandbox, and because its actions have been recorded, the cure for this new perpetrator can be generated automatically.

Today, a new email worm can infect tens of thousands of workstations in a matter of seconds. The Sandbox functionality can prove to be a valuable tool for trapping new destructive code.

Norman Security SuiteUser Guide Appendix B | Advanced System Reporter


Appendix B

Advanced System ReporterThis is a tool intended for experienced users. It can detect unknown spyware and rootkits by search-ing your computer for abnormalities. Suspicious entries such as hidden processes, unknown auto-start processes, unknown system filters, etc., may unveil malicious applications.

Operating System InternalsView and edit details for hidden processes and drivers, registry entries, installed filters, and injected DLLs.

Select Internet Explorer View and edit details for settings, plug-ins, and cookies.

ProcessesView and edit process details for auto-start, services and other processes.

Even though the experienced user will find these options self-explanatory, clicking the What is ...? link at the bottom area of the Advanced System Reporter dialog will provide more information on vari-ous subjects



Operating System InternalsHidden ProcessesA hidden process is not visible in usermode, although it is currently running on the computer. A pro-cess that is hidden from usermode is hidden by a rootkit. Most often it is a driver that hides a mali-cious usermode process making it invisible to standard antivirus software.

If you discover hidden processes on your computer, it is most likely that one or more suspicious entries are located under the category Installed Filters. These entries are the rootkit itself.

Registry EntriesThe registry interprets differently in usermode and kernel mode. This means that some techniques hide registry entries from usermode antivirus applications. Any registry entry that matches such tech-nique is considered suspicious.

Installed FiltersA filter is a driver, or a DLL that can plug into an application, that can modify data before it reaches an application.

● LSP (Layered Service Provider)An LSP is a network filter that is loaded into all applications when they load WinSock, which is the common method for applications to access the network. Such network filters can modify and block incoming and outgoing network traffic on your computer. This technology is often used by personal firewalls and parental control products.Malicious network filters can modify search results, spy on your network traffic, display unwanted ads, and redirect you to malicious sites.

● SSDT (System Service Dispatch Table)This special driver modifies the SSDT to filter operations performed by all applications, like open-ing or reading a file, or starting a new application. This technique is commonly used by security vendors to prevent malicious applications from making harmful changes to your computer.However, a malicious SSDT driver can gain powerful rootkit capabilities. If you have an unknown SSDT driver on your machine and you see one or more hidden processes, this indicates a high probability of a rootkit presence.

Injected DLLsA DLL (Dynamic Link Library) is a program module, that is stored in a separate file in order to share it between different applications or to provide extensions to existing applications. A DLL is loaded by the associated application when it is needed.

It is possible to force an application to load a DLL from a third party. This is done even if the vendor of the application did not intend for this to happen and does not explicitly load the DLL. This technique is widely used for malware, because the code module inside the DLL can get complete control over the application. It can also perform operations on behalf of the application, tricking the operating system and security software to believe that the application performed the operation.

There are a few legitimate uses for injecting DLLs into other applications. For example, for debugging an application when it has crashed. Generally speaking, however, an application that injects DLLs into other applications is either poorly designed or malicious.

You should take special care if you find injected DLLs on your system. Any DLL that is not from a vendor that is completely trusted should be removed. Even software that you have downloaded and installed from the Internet can in fact be a trojan.

Hidden DriversA hidden driver is not visible in usermode, although it is currently running on the computer. A driver that is hidden from usermode has rootkit functionality. The driver hides its files on the hard disk, its registry entries, or its memory space.



Internet ExplorerSettingsView and edit the settings for Microsoft Internet Explorer.

Plug-insA browser plug-in offers additional features like toolbars and search enhancements, but it can also offer unwanted ads and even spy on your surfing habits and passwords.

● Browser Helper ObjectA Browser Helper Object (BHO) is an Internet Explorer plug-in that modifies incoming and outgo-ing traffic from your browser. This type of plug-in is very commonly used by spyware applications, because it easily captures all data to and from your browser.

● ToolbarA Toolbar is an Internet Explorer plug-in that creates new entries in the browser toolbar pane. Ad-ware applications use this type of plug-in to display ads.

● URL Search HooksA Search Hook redirects typed in web addresses and assists in resolving incorrect or incomplete addresses. For example, ourweb.com will be translated by default to http://www.ourweb.com. Adware applica-tions use this type of plug-in to redirect you to other websites.

● OtherOther plug-ins can add menu options or user panels to the browser. Adware applications use this type of plug-in to display ads.

NOTE: Technically, all plug-ins are able to modify traffic and spy on user data, even though the specific plug-in is not intended for that purpose.

CookiesA cookie is a small file that is placed in the temporary internet files folder when you visit web pages.

● MisconceptionsA normal misconception about cookies is that they are malicious, generate pop-ups and unwanted ads, and can harm your computer. Indeed some anti-spyware vendors list them as spyware and even generate alarms on some cookies. This is especially the case for so called ‘tracking cookies’. Cookies are NOT DANGEROUS and cannot harm your computer. Thus, the cookies displayed in this dialog are of no threat. However, if you like you can remove them.

● Use of cookiesWeb servers use cookies to distinguish between users and to keep the state. If you delete a cookie you loose your user preferences, shopping charts, and the system remembering your login creden-tials - even across multiple visits. You will, for example, be required to log in again.

● Tracking cookiesSome websites use third-party cookies to track your site movements. Some feel that this is invading their privacy. The web servers you visit can also perform cross site communication directly between servers, and therefore do not need to rely on tracking cookies.Our tool does not distinguish between tracking cookies and normal cookies, since the only differ-ence is that the tracking cookie is maintained by a third-party. Neither is more or less dangerous from a malware point of view.



ProcessesAuto StartWhen an application, legitimate or malicious, is installed on your computer, it will most often want to start automatically each time your computer is started. A program that wants to start automatically can instruct the operating system to auto-start itself with the same privileges as the current user, or it can install a background service that will run with elevated privileges. The intrusion prevention application can stop attempts of this nature.

NOTE: The auto-start feature does not cover the auto-run feature for CDs or USB sticks.

ServicesA service is a background process that is started each time the computer is started. This is normal behavior.

Norman Security SuiteUser Guide Appendix C: | Advanced Firewall


Appendix C:

Advanced Firewall

Advanced Rule Editor SettingsSome of the fields in this dialog are rather advanced. You should therefore be careful changing set-tings that may have unpredictable effects. However, the other options, that the wizard presents are self-explanatory and straight forward.

At the lower right-corner of the Rule Editor dialog there is an option to select user mode. This option toggles between Switch to wizard mode and Switch to advanced mode.

Highlight a rule and click Edit to change it. You can also right-click a rule to view the shortcut pop-up menu and select Edit from there.

DescriptionThis is an editable field where you can enter your own description of the rule. The description appears in the Rule Editor’s main view and in the logs.



Applies toFrom the drop-down menu you can choose between the following options:

● Application

● System

● DLLs

● Services

For Application, System, DLLs, and Services you can either type in the name or click Browse to look for the relevant file.

In addition to typing the full path the following variables are supported:

%NORMANROOT% is resolved to C:\Program Files\Norman or any other path you have installed the program to using NrmQueryNormanPath(NPATH_ROOT).

%NORMANBIN%is resolved to C:\Program Files\Norman\nvc\bin or any other path you have installed the pro-gram to using NrmQueryNormanPath(NPATH_BIN).

%NORMANNVCBIN% is resolved to C:\Program Files\Norman\nvc\bin.

%NORMANNPFBIN%is resolved to C:\Program Files\Norman\npf\bin.

All environment variables can also be used depending on what is defined on your machine, for instance is

%WINDIR% typically resolved to C:\windows or C:\winnt, and

%PROGRAMFILES%is typically resolved to C:\Program Files or a name that corresponds with the installed language version of Windows.

NOTE: No sanity checks are made for this field. If you write a path with forward instead of back slashes (/ instead of \), or have a spelling error in your path – the rule will not work.

ActionThis field mainly consists of a drop-down list with the options; Allow, Deny and Listen only. If a pop-up has created a rule for listen, the action field will be set to Listen only since the rule only applies to server privileges. You can also choose if traffic honoured by this rule should be logged or not, and disable the rule by deselecting the Rule is active check box.

Allow to access the Internet and/or network through other applications? To grant such permission for an application select this option and click Show List to configure. Enter the name of the other application in the input field, or click Browse to search for the relevant pro-gram file. Click Add to include an application in the list.



DetailsProtocolThere are three protocol options, TCP, UDP and Custom.

● It is possible to create a rule for both UDP and TCP, but a rule where Custom is selected will have the other check boxes disabled. If Custom is selected, the listen mode (Grant server privileges?) is not available.

Local port / External portFrom the drop-down menu select between the options:

● Selected port(s)Enter a port number or a port range in the input field to the right. The field can contain either a single port number, or two port numbers separated by a hyphen (-) . No other input is allowed to eliminate the risk of entering too many ports.

● GroupIf this option is selected, the pop-up dialog Edit Groups is displayed where you can select a group or define a new group of ports.

● Any Allows all ports.

External addressFrom the drop-down menu select between the options:

● Selected addressEnter the IP address to use in the field to the right. Only valid IP addresses in the format xxx.xxx.xxx.xxx (where ‘x’ denotes a digit) is accepted. Asteriks (*) is accepted to substitute any field in the address, so 192.168.0.* is a valid address.

● Selected domainEnter the domain address to use in the field to the right, like google.com. Click on Show IPs to view a dialog box with the IP addresses associated with the given domain name. You will receive a warning if you try to save a rule with a domain address that does not resolve. However, you can choose to use the domain name anyway if you, for example, are temporarily without an internet connection at the time.

● Selected subnetEnter an IP-address and a subnet mask in the two fields to the right. A typical input for allowing all IP-addresses in a class C network is 192.186.0.1 with subnet mask 255.255.255.0, but more advanced input is also possible.

● Local Area NetworkThe rule applies to all Local Area Network traffic. The IP-address will set to a group consisting of all subnet masks for all IP-addresses you have associated with your computer. All this is concealed performance. Simply select LAN as the destination IP-address.

● IP Group...If this option is selected, the pop-up dialog Edit Groups is displayed where you can select a group or define a new group of IP-addresses.

● AnyAllows all IP-addresses.

External portSee Local port above.



Server PrivilegesGrant server privileges?This option toggles between Grant server privileges? and Also allow incoming over this protocol?. From the drop-down menu select between the options Allow, Deny and Not set.

● AllowActivates the Advanced Privileges button.

Advanced PrivilegesTo receive data from another machine on the network, an application opens one or more ports for Listen. However, sometimes the application also opens a port for Listen in order to receive an answer from a machine it sends data to. The firewall automatically permits such answers.

A mechanism in the firewall determines if an application has opened a port deliberately, or if the appli-cation receives an unsolicited request as if it were a server. The firewall then prompts the user to con-firm granting the application privileges as a server.

ProtocolThere are two protocol options: TCP and UDP. The application is only allowed to open the selected protocol for listen, otherwise the attempt will result in a prompt.

Local portThe application is only allowed to open the specified ports for listen mode. Attempts to open additional ports will result in a prompt.

External addressWhen an application opens a port for listen, as this rule allows, it will only receive data from the addresses specified here. The application is unaware of this limitation and believes it can receive data from everywhere. However, the firewall will block all attempts from other machines to access this com-puter. This does not affect the stateful inspection and the application will still receive responses to data it sends out. The firewall only blocks data the application receives when listening.

External portWhen an application opens a port for listen, as this rule allows, it will only receive data from the port(s) specified here. The application is unaware of this limitation and believes it can receive data from everywhere. However, the firewall will block all attempts from other machines to access this machine. This does not affect the stateful inspection and the application will still receive responses to data it sends out. The firewall only blocks data the application receives when listening.

Disable intelligent traffic analysis for this application?The firewall features intelligent traffic analysis to discover listen attempts that require server privileges. If the application fails to function with this feature it can be disabled. This will grant server privileges immediately upon opening a port.

See the section ‘Details’ on page 77 for information on the various drop-down menu options.

DenmarkNorman Data Defense Systems A/SBlangstedgårdsvej 1, DK-5220 Odense SØTel: +45 7025 3508Fax: +45 6590 5102Email: [email protected] Web: www.norman.com/dk

Norman Data Defense Systems A/STuborg Boulevard 12, 3. salDK-2900 HellerupTel: +45 7025 3508Fax: +45 6590 5102Email: [email protected] Web: www.norman.com/dk

GermanyNorman Data Defense Systems GmbHZentrale, Gladbecker Str. 3, D-40472 DüsseldorfTel: +49 0211 586 99-0Fax: +49 0211 586 99-150Email: [email protected] Web: www.norman.com/de

Norman Data Defense Systems GmbHNiederlassung München, Ludwigstr. 47 D-85399 HallbergmoosTel: +49 0811 541 84-0Fax: +49 0811 541 84-15Email: [email protected] Web: www.norman.com/de

SpainNorman Data Defense SystemsCamino Cerro de los Gamos 1, Edif.1, 28224 Pozuelo de Alarcón MADRIDTel: +34 917 90 11 31Fax: +34 917 90 11 12Email: [email protected] Web: www.norman.com/es

NormanOffices

Norman ASA is a world leading company within the field of data security, internet protection and analysis tools. Through its SandBox technology Norman offers a unique and pro active protection unlike any other competitor. While focusing on its proactive antivirus technology, the company has formed alliances which enable Norman to offer a complete range of data security services.

Norman was established in 1984 and is headquartered in Norway with continental Europe, UK and US as its main markets.

Copyright © 1990-2011 Norman ASA

FranceNorman France8 Rue de Berri, F-75008 ParisTel: +33 1 42 99 95 09Fax: +33 1 42 99 95 01Email: [email protected] Web: www.norman.com/fr

ItalyNorman Data Defense SystemsMilano San Felice, Strada 2, Torre 120096 Pioltello (MI)Tel: +39 02 7030 5479Fax: +39 02 7030 5480Email: [email protected] Web: www.norman.com/it

NetherlandsNorman SHARK B.V.Postbus 159, 2130 AD HoofddorpTel: +31 23 78 90 222Fax: +31 23 56 13 165Email: [email protected] Web: www.norman.com/nl

NorwayNorman ASA Headquarter and sales NorwayHovedkontor og salg NorgeVisit: Strandveien 37, Lysaker Mail: PO Box 43, N-1324 LysakerTel: +47 67 10 97 00 Fax: +47 67 58 99 40Email: [email protected] Web: www.norman.com/no

SwedenNorman Data Defense Systems ABNorrköping Science ParkS-602 86 NorrköpingTel: +46 11 230 330Fax: +46 11 230 349Email: [email protected] Web: www.norman.com/se

SwitzerlandNorman Data Defense Systems AGMünchensteinerstrasse 43CH-4052 BaselTel: +41 61 317 25 25Fax: +41 61 317 25 26Email: [email protected] Web: www.norman.com/ch

United KingdomNorman Data Defense Systems (UK) LtdCBXII, West Wing 382-390 Midsummer BoulevardCentral Milton Keynes, MK9 2RGTel2: +44 1908 847413Fax: +44 870 1202901Email: [email protected] Web: www.norman.com/en-uk

United StatesNorman Data Defense Systems Inc.9302 Lee Highway, Suite 950A, Fairfax, Virginia 22031Tel: +1 703 267-6109Fax: +1 703 934-6368Email: [email protected] Web: www.norman.com/en-us

version 8 - download01.norman.nodownload01.norman.no/manuals/eng/nss800_userguide_eng.pdf · norman...

Documents