Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - LanGuard Section
  3. Articles

Configuring Applications Scanning Options in GFI LanGuard

Overview

This article guides you on how to specify which Applications from a particular scanning profile will trigger an alert during a scan.

This also details how you can configure GFI LanGuard to detect and report unauthorized software installed on scanned targets and to generate high-security vulnerability alerts whenever such software is detected.

 

Process

  1. Access GFI LanGuard.
  2. Go to Configuration > Scanning Profile Editor. Alternatively, press CTRL + P to launch the Scanning Profiles Editor.
  3. Go to Network & Software Audit Options and select the Applications tab. 

    configuringnetworkandsoftwareauditoptions-applications.png
  4. Choose the appropriate action needed from the list of options on the table below:

    Option Description
    Scanning installed applications
    • By default, GFI LanGuard also supports integration with particular security applications. These include various antivirus and antispyware software.
    • During security scanning, GFI LanGuard checks the correct configuration of virus scanner(s) or antispyware software and that the respective definition files are up to date.
    • Application scanning is configurable on a scan profile by scan profile basis and all the configuration options are accessible through the Unauthorized Applications and the Advanced Options in the Applications tab.
    Enabling/disabling checks for installed applications
    1. Go to Unauthorized Applications.
    2. Select the appropriate scanning profile from the left pane under Profiles.
    3. Select the Enable scanning for installed applications on target computer(s) checkbox.

    NOTE: Installed applications scanning are configurable on a scan profile by scan profile basis. Make sure to enable installed applications scanning in all profiles where this is required.
    Compiling installed applications blacklist/white–list
    1. Go to Unauthorized Applications.
    2. Select the appropriate scanning profile from the left pane under Profiles.
    3. From the right pane, select the Enable scanning for installed applications on target computer(s) checkbox and specify the applications that are authorized for installation:
      • Only the applications in the list below - Specify names of applications that are authorized for installation. These applications will be ignored during a security scan
      • All applications except the ones in the list below - Specify the names of the applications that are unauthorized for installation. Applications not in this list will be ignored during a security scan.
    4. In the Ignore (Do not list/save to db) applications from the list below options, key in applications by clicking Add. Any application listed is whitelisted.

    NOTE: Add only one application name per line.
    Advanced application scanning options

    GFI LanGuard ships with a default list of antivirus and antispyware applications that can be checked during security scanning.

    The Advanced Options tab enables you to configure when GFI LanGuard will generate high-security vulnerability alerts if it detects certain configurations of a security application.

    Alerts are generated when:

    • No antivirus, antispyware or firewall is detected.
    • A fake antivirus or antispyware is detected.
    • Antivirus or antispyware definitions are not up to date.
    • Antivirus or antispyware real-time monitoring is turned off.
    • Antivirus or antispyware product is expired.
    • Antivirus or antispyware product detects malware on the scanned computer(s).
    • A firewall is disabled.
    • HTTP/FTP times out when checking for product updates on remote sites. This option generates an alert if the number of seconds defined for timeout is exceeded.
    Enabling/disabling checks for security applications

    To enable checks for installed security applications in a particular scanning profile:

    1. Click Advanced Options.
    2. Select the appropriate scanning profile from the left pane under Profiles.
    3. Select the Enable scanning for installed applications on target computer(s) checkbox.
    4. Select the Enable full security applications audit for agent-less scans checkbox.

    NOTES:

    • Agent-less scans temporarily run a small service on the remote computers in order to retrieve the relevant information.
    • Security applications scanning is configurable on a scan profile by scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.
    • The number of supported security applications is constantly updated. Click the link available in order to get the latest version of the list. Configuring Security Applications - advanced options.

    To configure alerting triggers for installed security applications in a particular scanning profile:

    1. Click the Advanced Options.
    2. Select the appropriate scanning profile from the left pane under Profiles.
    3. Select the Enable scanning for installed applications on target computer(s) checkbox.
    4. Select the Enable full security applications audit for agent-less scans checkbox.
    5. From the bottom-right pane, select the trigger you want to configure and choose between Yes or No from the drop-down menu next to the respective alert trigger.

    NOTE: Security applications scanning is configurable on a scan profile by scan profile basis. Make sure to enable security applications scanning in all profiles where this is required.


Related Articles

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments