745
SonicOS Enhanced 4.0 Administrator Guide
CHAPTER 59
Chapter 59: Activating Anti-Spyware Service
Security Services > Anti-Spyware Service
SonicWALL Anti-Spyware is part of the SonicWALL Gateway Anti-Virus, Anti-Virus and
Intrusion Prevention Service solution that provides comprehensive, real-time protection against
viruses, worms, Trojans, spyware, and software vulnerabilities.
The SonicWALL Anti-Spyware Service protects networks from intrusive spyware by cutting off
spyware installations and delivery at the gateway and denying previously installed spyware
from communicating collected information outbound. SonicWALL Anti-Spyware works with
other anti-spyware program, such as programs that remove existing spyware applications from
hosts. You are encouraged to use or install host-based anti-spyware software as an added
measure of defense against spyware.
SonicWALL Anti-Spyware analyzes inbound connections for the most common method of
spyware delivery, ActiveX-based component installations. It also examines inbound setup
executables and cabinet files crossing the gateway, and resets the connections that are
streaming spyware setup files to the LAN. These file packages may be freeware bundled with
adware, keyloggers, or other spyware. If spyware has been installed on a LAN workstation prior
to the SonicWALL Anti-Spyware solution install, the service will examine outbound traffic for
streams originating at spyware infected clients and reset those connections. For example,
when spyware has been profiling a user's browsing habits and attempts to send the profile
information home, the SonicWALL security appliance identifies that traffic and resets the
connection.
The SonicWALL Anti-Spyware Service provides the following protection:
• Blocks spyware delivered through auto-installed ActiveX components, the most common
vehicle for distributing malicious spyware programs.
• Scans and logs spyware threats that are transmitted through the network and alerts
administrators when new spyware is detected and/or blocked.
• Stops existing spyware programs from communicating in the background with hackers and
servers on the Internet, preventing the transfer of confidential information.
• Provides granular control over networked applications by enabling administrators to
selectively permit or deny the installation of spyware programs.
• Prevents e-mailed spyware threats by scanning and then blocking infected e-mails
transmitted either through SMTP, IMAP or Web-based e-mail.