Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

Configure basic settings


Change login password

As your first step, you should change the login password. The Appliance does not have user management; there's only one administrative user account, so no username is necessary, just the password.
changepassword


Set default deny

Next you should configure your "default deny" message. This is the message that the Agent will display whenever a hash that is not in the whitelist is checked. Our suggestion: "This program or device was not classified as trustworthy. Contact the IT department if you need this for work."
defaultdeny


Set LogLevel

The Appliance logs entries locally and to your syslog server. In the "Logging options" tab you can configure a threshold level at which logs are locally stored (and sent to your syslog server). Events that have a loglevel less than the threshold are dropped. We recommend you set this to level 3. See logs for more details.
loglevel threshold


Prepare Permanent LearnUser (PLU)

The Permanent LearnUser (PLU) is a feature which enables administrators to add new software to the whitelist by just starting the application using the credentials of a special privileged user account (right-click the application and choose "run as different user").
  • Create a new global security group in your ActiveDirectory, call it e.g. "SecuLutionLearnUser".
  • Create one or more new user accounts that will later be used for installation of new software. Add this account to the administrative groups and also to the new group you just created.

You have now configured new users and groups in your ActiveDirectory. SecuLution does not yet recognize these AD objects. In the next step, we'll start a replication of these objects.



AD replication

Your ActiveDirectory (AD) has information about security groups, computer objects and usernames which SecuLution can use for defining individual policies. To replicate these objects from your AD into SecuLution, use the AdminWizard and select menu item Extra > Directories > MS-Active-Directory > Update now:

ADReplication

The first time you start this function, you will be asked which domain root to use.
After replication has finished, you can apply settings not only for everybody or for IP network ranges, but also for any AD object of type user, computer or group.
AD objects are stored in the whitelist. So after finishing the AD replication, your whitelist has changed; activate it by sending it to the Appliance:

activate

As this was a one-time replication process only, any changes that you now make to your AD will not be known to SecuLution until you start a new replication. You can do that manually, but we recommend you use an automated task that does the replication automatically every night.


Set Permanent LearnUser (PLU)

Now that SecuLution knows about your AD objects, we can choose the AD group you created above and set it as PLU. Under the "server config" tab, in the "Learn-mode" tab

plu

you can set the PLU:
plu
From now on, adding a new hash (new software) to the whitelist can be done by just starting the new software using right-click "run as different user", and giving the credentials of one of the user accounts you created before and added to the group you have chosen above.