TSplus Advanced Security On-line User Guide

            

Settings

For information about TSplus Advanced Security System Audit and Database, see these documentations:
System Audit and TSplus Advanced Security Database.

Users Whitelist

The Users Whitelist tab gives the Administrator the possibility to add/remove users from the whitelist.
Users on the whitelist are ignored by TSplus Advanced Security and their settings will not be applied.

The user who downloaded TSplus Advanced Security is automatically added to the Whitelist:

Settings 1

Programs

On the Programs tab, you can add programs to the list of allowed programs, that won't be checked by TSplus Advanced Security Ransomware Protection.

Settings 2

Click on the "Add Application" button to add a program. You can also remove them by selecting application(s) and clicking on the Remove Application(s) button.

Advanced

On the Advanced tab, you can configure TSplus Advanced Security settings.

You can Backup or Restore TSplus Advanced Security data and settings by clicking on the button "Backup/Restore" on the top:

Settings 3

Settings 4

Please follow the steps below to migrate TSplus Advanced Security from computer A to computer B:

  1. On computer A, please click on the Backup button to create a new backup. Settings and data will be saved in the archives directory, located in TSplus Advanced Security setup directory (typically C:\Program Files (x86)\TSplus-Security\archives).
  2. Copy the newly created backup folder (e.g. named backup-2019-09-11_14-37-31), including all content, from the archives directory on computer A to the archives directory on computer B.
  3. On computer B, from the Backup / Restore window, in the "Restore" section, select the relevant backup name to be restored.
  4. Then, click on Restore Settings Only to restore the settings. Alternatively, it is possible to click on Restore to restore all data and settings, which is not recommended for a migration but useful to restore TSplus Advanced Security on computer A.
  5. Please wait at most 2 minutes for the settings to be reloaded by TSplus Advanced Security features.

  • The Product tab allows you to add a PIN code to the Administration Tool:

Settings 5

Settings 6

Click on Save. The PIN code will be required the next time you will start the Administration tool.

You can also contribute to improve the product, by sending anonymous data (enabled by default):

Settings 7

The following data will be collected in case of a Ransomware attack:

  • TSplus Advanced Security Version.
  • Windows Version.
  • Suspected files'paths that lead to the ransomware attack.

Modifying the Computer nickname is also possible:

Settings 8

The Data Retention Policy defines the period of time after which TSplus Advanced Security events are removed from the database. A backup is performed before each database cleanup. This policy is defined in minutes.
Default data retention policy is 259 200 minutes, i.e. 6 months.

Settings 9


  • The Homeland tab allows you to add or remove Processes that are watched by the Homeland Protection feature.

Settings 10

Settings 11

By default, the HTML5 service is watched.

  • The Watched Ports settings allows you to add ports watched by the Homeland Protection Feature. By default, RDP, Telnet and VNC ports are already watched.

Settings 12

The Homeland Legacy setting is required for Windows 2008 and Windows XP. Moreover, this mode should be selected if Homeland Protection encounter issues when listening to networks events.

Settings 13


  • The Bruteforce tab allows you to ignore Local and Private Ip Addresses if you wish to, by changing the default value from "No" to "Yes".

Settings 14

Settings 15


  • The Firewall tab allows you to activate the Windows Firewall or deactivate it in favor of the TSplus Advanced Security built-in firewall.

Since version 4.4, a built-in firewall is included in TSplus Advanced Security.
As a general guidance, if Windows Firewall is activated on your server, then you should use it to enforce TSplus Advanced Security rules (default). If you installed another firewall, then you must activate TSplus Advanced Security built-in firewall.

In order to activate the built-in firewall, go to Settings > Advanced > Product > Use Windows Firewall and set the value to No:

Settings 16

Settings 17

The Unblock after setting allows you to automatically unblock IP addresses after a certain amount of time (in minutes). Default value is 0, disabling this feature:

Settings 18


  • The Working Hours tab allows you to schedule and modify a warning message before the user is logged off.

Settings 19

You can configure the warning message schedule in number of minutes before the user is automatically disconnected. By default, it is set to 5 minutes.

Settings 20

Modify the Warning message at your convenience, with placeholders named %MINUTESBEFORELOGOFF%, %DAY%, %STARTINGHOURS% and %ENDINGHOURS%, which will be respectively replaced by the current number of minutes before the session closes, the current day, the current day's starting and ending working hours.

Settings 21

Set the Default server timezone by selecting the corresponding one on the drop-down list:

Settings 22


  • The Endpoints tab allows you to enable connections from the Web Portal for Endpoints Protection users.

Settings 23

TSplus Advanced Security Endpoint Protection cannot resolve the client name if the connection is initiated from the Web portal. Therefore, Endpoint Protection will block any connections from Web Portal by default. Set this setting to "Yes" to allow connections from the Web portal. Please note that this action will diminish your server's security.

Settings 24


  • The Logs tab allows you to enable or disable service and functionalities logs. Logs exist to find more easily the origin of the errors encountered on TSplus Advanced Security.

Settings 25

Enable or disable TSplus Advanced Security service and application logs, which are respectively the global configuration service that runs in the background and the log for the Application interface.

You can also enable logs corresponding to the respective TSplus Advanced Security features : Bruteforce Protection, Homeland and Ransomware protection services logs. They are disabled by default.

Logs correspond to different components, our support team will tell you what value to put according to the problem encountered.


Database

A database stores Events, IP addresses, Ransomware attacks reports and programs whitelists. This database is stored in .\data and this is a LiteDB DataBase:

Settings 26