Table of Contents 1 Introduction 1.1 Introduction to GFI LanGuard 1.2 About this manual 1.2.1 Terms and conventions used in this manual 1.3 GFI LanGuard components 1.4 Vulnerability management strategy 1.4.1 Important notes 2 Managing Agents 2.1 Introduction 2.2 Deploying agents 2.2.1 Custom agent deployment 2.3 Configuring Agents 2.3.1 Agents settings 2.3.2 Customizing agents 3 Agent-less Auditing 3.1 Introduction 3.2 Adding computers using the wizard 3.3 Performing a manual audit 3.3.1 Step 1: Configure target properties 3.3.2 Step 2: Analyze scan results 3.3.3 Step 3: Remediate vulnerabilities 3.3.4 Custom target properties 3.4 Scheduled scans 3.4.1 When to use scheduled Scans? 3.4.2 Setting up scheduled scans 3.5 Audit result summary 3.5.1 Vulnerability level rating 3.5.2 Loading saved scan results from database 3.5.3 Save and load scan result in XML format 3.6 Audit result details 3.6.1 Vulnerability assessment 3.6.2 Network & Software Audit 4 Analyzing Results 4.1 Introduction 4.2 Computers tree options 4.2.1 Simple Filtering 4.2.2 Advanced Filtering 4.2.3 Grouping 4.2.4 Search 4.3 GFI LanGuard Attributes 4.3.1 Assigning attributes to a computer 4.3.2 Assigning attributes to a network 4.3.3 Configuring attributes 4.3.4 Group computers by attributes 4.4 Dashboard Views 4.4.1 Overview 4.4.2 Computers view 4.4.3 History view 4.4.4 Vulnerabilities view 4.4.5 Patches view 4.4.6 Ports view 4.4.7 Software view 4.4.8 Hardware view 4.4.9 System Information 4.5 Dashboard Actions 4.6 Exporting issue lists to external files 4.7 Activity Monitoring 4.7.1 Security Scans 4.7.2 Security Updates Downloads 4.7.3 Remediation Operations 4.7.4 Product Updates Activity 5 Fixing Vulnerabilities 5.1 Introduction 5.2 Automatic-Remediation 5.2.1 Automatically deploy missing updates 5.2.2 Automatically uninstall unauthorized applications 5.2.3 Auto-remediation options 5.2.4 Configure Wake-on-LAN requirements on client machines 5.2.5 End-user reboot and shut down options 5.2.6 Define auto-remediation messages 5.2.7 Agent auto-remediation 5.3 Remediation center 5.3.1 Deploying security patches and service packs To deploy missing security patches and service packs on specific computers: 5.3.2 Patch deployment warning message 5.3.3 Uninstalling software patches and service packs 5.3.4 Deploying custom software 5.3.5 Uninstalling custom applications To uninstall applications: 5.3.6 Malware protection actions 5.3.7 Using remote support 5.4 Remediation Jobs 6 Configuring GFI LanGuard 6.1 Introduction 6.2 Scheduled Scans 6.2.1 Reviewing, editing or deleting scan schedules 6.2.2 Scheduled scan properties 6.3 Applications inventory 6.3.1 Adding a new unauthorized application 6.3.2 Application auto-uninstall 6.4 Configuring security updates 6.4.1 Patch Auto-deployment settings To configure auto–remediation: 6.4.2 Patch Auto-download settings To configure patch auto–download: 6.5 Configuring alerting options To configure alerting options: 6.6 Configuring database maintenance options 6.6.1 Selecting a database backend To store scan results in a Microsoft SQL Server database: 6.6.2 Managing saved scan results 6.6.3 Database maintenance: List of scanned computers 6.6.4 Database maintenance: Advanced options 6.6.5 Database maintenance: Retention options 6.7 Configuring program updates 6.7.1 Configuring GFI LanGuard Proxy settings 6.7.2 Configure GFI LanGuard auto-updates options 6.7.3 Starting program updates manually To start GFI LanGuard program updates manually: 6.7.4 Product Updates Activity 6.8 Importing and Exporting Settings 6.8.1 Exporting Configurations from file 6.8.2 Importing Configurations from file 6.8.3 Import settings from another instance of GFI LanGuard 7 Reporting 7.1 Introduction 7.2 Available reports 7.3 Generating reports 7.3.1 Real-time reporting 7.3.2 Scheduled reports 7.3.3 Scheduled reports options 7.4 Custom reports 7.4.1 Customizing report logos 7.4.2 Customize email report format 7.5 Full text searching To use the full text search feature: 8 Scanning Profiles 8.1 Introduction 8.2 Available scanning profiles 8.2.1 Complete/Combination scans 8.2.2 Vulnerability Assessment 8.2.3 Network & Software Audit 8.2.4 Which scanning profile shall I use? 8.3 Creating a new scanning profile 8.4 Configuring Vulnerabilities Assessment options 8.4.1 Configuring Vulnerabilities 8.4.2 Customizing the list of vulnerabilities to be scanned 8.4.3 Customizing the properties of vulnerability checks 8.4.4 Vulnerability check conditions setup 8.4.5 Configuring patches 8.4.6 Enabling/disabling missing patch detection checks 8.4.7 Customizing the list of software patches to be scanned 8.4.8 Searching for bulletin information 8.5 Configuring Network & Software Audit options 8.5.1 Configuring TCP port scanning options 8.5.2 Configuring UDP port scanning options 8.5.3 Configuring System Information options 8.5.4 Configuring Devices scanning options 8.5.5 Configuring applications scanning options 8.6 Configuring the security scanning options 9 Utilities 9.1 Introduction 9.2 DNS lookup 9.3 Traceroute 9.4 Whois 9.5 Enumerate computers 9.5.1 Starting a security scan 9.5.2 Deploying custom patches 9.5.3 Enabling auditing policies 9.6 Enumerate users 9.7 SNMP Auditing 9.8 SNMP Walk 9.9 SQL Server Audit 10 Using GFI LanGuard from the command line 10.1 Introduction 10.2 Using the command line scanning tool: lnsscmd.exe 10.3 Using the command line patch deployment tool: deploycmd.exe 10.4 Using the command line import and export tool: impex.exe 11 Adding vulnerability checks 11.1 Introduction 11.2 GFI LanGuard VBscript language 11.2.1 Adding a vulnerability check that uses a custom VB (.vbs) script 11.3 GFI LanGuard SSH Module 11.3.1 Keywords 11.3.2 Adding a vulnerability check that uses a custom shell script 11.4 GFI LanGuard Python scripting 12 GFI LanGuard certifications 12.1 Introduction 12.2 About OVAL 12.2.1 GFI LanGuard OVAL Support 12.2.2 About OVAL Compatibility 12.2.3 Submitting OVAL listing error reports 12.3 About CVE 12.3.1 About CVE Compatibility 12.3.2 About CVE and CAN 12.3.3 Searching for CVE entries in GFI LanGuard 12.3.4 Obtaining CVE names 12.3.5 Importing and exporting CVE Data 13 Miscellaneous 13.1 Enabling NetBIOS on a network computer 14 Troubleshooting 14.1 Introduction 14.2 Common Issues 14.3 The Troubleshooting wizard 14.4 Knowledge Base 14.5 Web Forum 14.6 Request technical support 14.7 Build notifications 15 Glossary 16 Appendix - Data Processed by GFI LanGuard 16.1 Introduction 16.2 System Patching Status 16.3 Ports 16.4 Hardware 16.5 Software 16.6 System Information
