Unified Client Security

Blink

Installation Guide

 2006-2008 eEye Digital Security. All rights reserved. | BIG 090506 Revised Date: 031808 Product Version: 4.0 The information contained in this document is subject to change without notice. No part of this document may be photocopied, reproduced or copied or translated in any manner to another language without the prior written consent of eEye Digital Security. eEye Digital Security is not liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material. All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. eEye Digital Security is not associated with any other vendors or products mentioned in this document.

Contents
About This Guide ..................................................................................................................... iv Audience ................................................................................................................................. iv Accessing eEye Digital Security ............................................................................................. iv Chapter 1 Overview ................................................................................................................... 1 eEye Digital Security Integrated Solution ............................................................................... 2 Chapter 2 Installing Blink Professional Edition ..................................................................... 3 System Requirements ............................................................................................................ 3 Installing Blink ......................................................................................................................... 3 Configuring Blink ..................................................................................................................... 6 Uninstalling Blink .................................................................................................................... 8 Managing Blink Professional Remotely .................................................................................. 9 Enabling Blink with REM Events Manager ......................................................................... 9 Chapter 3 Installing Blink Personal Edition ......................................................................... 11 System Requirements .......................................................................................................... 11 Installing Blink ....................................................................................................................... 11 Uninstalling Blink .................................................................................................................. 20 Chapter 4 Getting Started....................................................................................................... 21 Accessing Blink ..................................................................................................................... 21 Appendix A Blink Professional Command Lines............................................................... 23 Installing and Uninstalling Blink ............................................................................................ 23

Figures
Figure 1 Blink Administrator Password .................................................................................. 4 Figure 2 License Management .............................................................................................. 5 Figure 3 eEye Auto-Update ................................................................................................... 5 Figure 4 Specify Initial Blink State ......................................................................................... 6 Figure 5 Blink Home .............................................................................................................. 8 Figure 6 REM Events Client Settings .................................................................................. 10 Figure 7 Remove Existing Security Software ...................................................................... 12 Figure 8 License Agreement ................................................................................................ 13 Figure 9 Privacy Policy ........................................................................................................ 14 Figure 10 Destination Folder ............................................................................................... 15 Figure 11 License Management .......................................................................................... 16 Figure 12 eEye Auto-Update ............................................................................................... 17 Figure 13 Blink Alert............................................................................................................. 18 Figure 14 Allow Rule ............................................................................................................ 19 Figure 15 Blink Home .......................................................................................................... 21

Blink Installation Guide

Page iii

About This Guide

Using eEye Digital Securitys Blink Unified Client Security, you can control your intrusion prevention and application and network firewall and provide both proactive and reactive protection against intruders, internal attacks and machine misuse. Chapter 1 Overview describes the Blink suite of products and the eEye Digital Security integrated solution. Chapter 2 Installing Blink Professional Edition provides step-by-step instructions for installing, updating and configuring Blink Professional. Chapter 3 Installing Blink Personal Edition provides step-by-step instructions for installing and uninstalling Blink Personal. Chapter 4 Getting Started provides information on accessing Blink. Appendix A Blink Professional Command Lines provides the commands for installing and uninstalling Blink Professional.

Audience
This guide is intended for users responsible for protecting their computing assets.

Accessing eEye Digital Security

You can access product documentation, technical support, knowledgebase articles and license keys using the eEye client portal. You will need your username and password provided in your product confirmation email. To access the client portal: 1. Using your web browser, log on to www.eEye.com/clients. The client portal displays. 2. Type your username and password from your product confirmation email, then click Sign In. 3. To access documentation, select Documentation. You can access documentation for each product as well as additional guides, technical bulletins and knowledgebase articles, as needed. Typically the documentation set consists of Installation Guides, Users Guides and online help systems. In addition to the client portal, you can access the documentation by selecting Start > Program Files > eEye Digital Security > [eEye product name]. 4. To access technical support, select Technical Support. You can access knowledgebase articles, support request forms and release notes. In addition, you can view and update your support tickets.

Blink Installation Guide

Page iv

Chapter 1 Overview
Using eEye Digital Securitys Blink Unified Client Security, you can control your intrusion prevention, application and network firewall and internal policy enforcer. In addition, you can instantly apply new policies and provide both proactive and reactive protection against intruders, internal attacks and machine misuse. Blink provides: Defense against Zero-Day Attacks Blinks behavior-monitoring approach means personal computers are protected against new assaults, such as zero day attacks, that take advantage of previously-unknown vulnerabilities where no vendor patch is available. Using this technique, eEyes software was able to fend off such widespread exploits as Code Red and LSASS. Relief from Panic Patching Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks. If Blink is already guarding against a particular hacker exploit, installation of the new patches can wait for the next regular maintenance cycle, saving labor and downtime costs. Protection of Mobile Devices Installing Blink on mobile devices defends them from attack when they're off the network.

Blink, the most complete multi-layered endpoint protection solution, consists of: Professional Edition Commercial-grade system protection and support for both small businesses and enterprises. Personal Edition Complete, multi-layered system protection for personal and home office use.

Blink Installation Guide

Page 1

Overview

eEye Digital Security Integrated Solution

eEye Digital Securitys enterprise vulnerability assessment and remediation management solution enables distributed organizations to centralize the control of the network threat management process. This process is based on eEyes award-winning vulnerability assessment technology, Retina Network Security Scanner. eEye mitigates the corporate risks by: Identifying and discovering the corporate assets Assessing the security risk for the corporation Mitigating the security risk Preventing the security risk Reporting the security risk

The eEye Digital Security integrated products include: REM Security Management Console Provides enterprise vulnerability assessment and remediation management that enables distributed organizations to centralize the control of the network security management process. This process is based on eEyes award-winning vulnerability assessment technology, Retina Network Security Scanner. Retina Network Security Scanner Provides vulnerability testing for multiple platforms, automatic fixes of vulnerabilities and the ability to create your own audits. In addition, Retina allows you to proactively secure your networks against the most critical vulnerabilities by incorporating the most up-todate vulnerabilities database. Since vulnerability audits are added continually, this database is updated at the beginning of each session. Blink Unified Client Security Provides a complete host-based security software suite that controls intrusion prevention, application and network firewall, internal policy enforcer and vulnerability assessment. In addition, Blink can instantly apply new policies, provide both proactive and reactive protection against intruder, internal attack and machine misuse. Iris Network Traffic Analyzer Provides an advanced data and network traffic analyzer that allows the collecting, storing, organizing and reporting on all data traffic throughout the network. SecureIIS Application Firewall Protects Microsoft Windows Internet Information Server (IIS) from hackers. SecureIIS wraps around IIS and works within it verifying and analyzing incoming and outgoing web server data for security breaches. Developed as an ISAPI filter, SecureIIS monitors data at all processing levels, including the network and kernel levels. If a possible attack is detected, it will prevent unauthorized access and/or damage to the web server.

Blink Installation Guide

Page 2

Chapter 2 Installing Blink Professional Edition

Blink Professional Edition provides commercial-grade system protection and support for both small businesses and enterprises. You can download Blink Professional from our client portal, located at www.eEye.com/clients. A username and password are required.

System Requirements
The minimum system requirements are: Windows Vista SP1 x86 or x64, Windows 2000 Professional or Windows XP x86 Windows 2000 Server, Windows Server 2003 x86 or Windows Server 2008 x86 or x64 Intel Pentium II 400 MHz CPU or equivalent RAM minimum recommended by the operating system Hard Disk Space installation 50 MB

Installing Blink
During installation, the Install Wizard guides you through the process and the configuring global administrative settings, such as specifying administrative passwords. NOTE: Running two firewalls at the same time is not recommended. To install: 1. Locate Blink folder. The default location is: C:\Program Files\eEye Digital Security\Blink. 2. Double click the Blink.exe file. The Install Wizard displays. 3. To continue, click Next. The End User Software License Agreement window displays. After reviewing the license agreement, select the check box I accept all terms of the preceding licensing agreement. You must accept the licensing agreement for the installation to continue.

Blink Installation Guide

Page 3

Installing Blink Professional Edition

4. Click Next. The Blink Administrator Password window displays. You can require a password to access Blinks management tasks, such as accessing the Blink user interface, debugging and replacing files and uninstalling the software.

Figure 1 Blink Administrator Password

5. To require a password for managing Blink, select the Require password to manage Blink check box, then enter and confirm the password. To not require a password, the fields remain blank. This will allow any user of the system to manage Blink. 6. Click Next. The Destination Folder window displays. 7. Accept the default location or click Browse and select a destination folder. 8. Click Next. The Ready to Install Application window displays. 9. To modify the previous information, click Back. To exit the installation, click Cancel. To continue, click Next. The install process begins and displays a progress bar. Once Blink is installed, the successful installation window displays. 10. Click Finish. The Blink License Manager window displays.

Blink Installation Guide

Page 4

Installing Blink Professional Edition

Figure 2 License Management

11. Enter the serial number provided when you purchased the product. You can access your serial number on the eEye client portal by selecting Product Licensing > Managing Your Serial Numbers. 12. Click Next. The eEye Auto-Update window displays. Consistently updating your eEye Digital Security applications ensures you have the latest applications and audits.

Figure 3 eEye Auto-Update

Blink Installation Guide Page 5

Installing Blink Professional Edition

13. To configure eEye Auto-Update, click Configure. The Configuration Properties window displays. To integrate with eEye Enterprise Update Server, select the Update Server for All Applications radio button, then modify the server name to match the Enterprise Update Server name and click OK. For additional information refer to the eEye Enterprise Update Server documentation. 14. To download updates, click Next. The updates begin installing. When the updates are complete, the Update Summary window displays. 15. To view a description of the update, select the product, then click Details. 16. Click Finish. The Blink Professional Startup Wizard displays. Continue to Configuring Blink.

Configuring Blink
When you initially access Blink, the Startup Wizard guides you through configuring global administrative settings, such as user modes and alert options. To configure Blink: 1. Access the Blink Startup Wizard by selecting Start > Programs > eEye Digital Security > Blink. The Startup Wizard displays. 2. Click Next. The Specify Initial Blink State window displays.

Figure 4 Specify Initial Blink State

Blink Installation Guide

Page 6

Installing Blink Professional Edition

3. Accept the defaults or select the states and actions as follows: Enable Firewall Protection Analyzes the inbound and outbound flow of data by examining each packet to determining whether to forward the packet toward a specific destination by IP address, protocol and port. Controls the network activity of installed applications Enable Virus and Spyware Protection Performs in-memory protection and disk scanning for computer viruses, worms, Trojan horses and spyware by checking each process and application in memory or being loaded. Enable Intrusion Prevention Analyzes the content of network traffic to block malicious data and allow legitimate traffic to be processed. This includes both intrusions, such as attacks from outside the organization, and misuse, such as attacks from within the organization. Enable System Protection Provides proactive security against zero day attacks and offers protection against buffer overflow and memory-based attacks. In addition, system protection helps maintain compliance with security policies by providing granular control over programs and data. Allow All Network Traffic from Common Applications Allows all traffic from common applications. 4. Specify the default action if no firewall rule exists. Prompt User Blink sends a message requesting permission for traffic that matches the rule to pass through the firewall. If no user responds within 30 seconds, the prompt message is automatically dismissed and the default action taken. This is the default. Allow the Request If there is no rule that can be applied to the application requesting access, Blink allows traffic to pass through the firewall. You must use explicit Deny rules to stop an application from communicating across the network. NOTE: Exercise caution if the firewall is Active, passive mode is On and this option is selected. If the firewall rule set is not completely defined, the firewall engine could stop critical traffic and impair the normal operation of the system. 5. Click Next. If Firewall Protection is enabled, an informational message displays stating Blink is starting the firewall in passive mode. This causes Blink to allow and log all requests for which no rule exists. You can review the logs and create rules for traffic that should be allowed. The passive mode can be disabled in the Options and Settings window. 6. To exit the message, click OK. To complete the configuration, click Finish. The Blink Home page displays.

Blink Installation Guide

Page 7

Installing Blink Professional Edition

Figure 5 Blink Home

For information on using Blink, refer to the Blink Users Guide or Blink online help system.

Uninstalling Blink
Complete the following steps to remove Blink from your workstation. eEye recommends that you exit all Windows programs before you run the uninstall. To uninstall Blink: 1. From the Start menu, select Settings and Control Panel, then click Add/Remove Programs. 2. Select eEye Digital Security Blink, then click Remove. The Add/Remove Programs dialog displays. 3. To exit without uninstalling, click No. To continue, click Yes. If you specified a password during the installation, a dialog box displays requiring the password. Enter the password, then click OK. A dialog box verifies the removal of the configuration data.
Blink Installation Guide Page 8

Installing Blink Professional Edition

4. To remove the configuration data, click Yes. 5. To retain the license for future use on the same machine, click No. A progress bar displays, showing the status of the uninstall. When complete, the progress dialog closes. Some system configurations could require a system reboot to complete the uninstall. If so, a prompt displays stating you must reboot to complete the uninstall.

Managing Blink Professional Remotely

Using Blink with REM Events Manager allows you to remotely control your intrusion prevention, application and system firewall and vulnerability assessment from a single management console. In addition, you can instantly apply policies and provide both proactive and reactive protection against intruders, internal attack and system compliancy. With REM Events Manager, you can: Manage a central database of event data Generate reports and analyze critical events View network devices, including workstations, routers, servers and printers Create and manage Central Policies and Dynamic Policies Schedule and automatically deploy updates and scripts to individual or multiple Blink instances Configure, deploy and manage Blink agents Install or uninstall Blink agents remotely

Enabling Blink with REM Events Manager

When REM Events Reporting is enabled, Blink events are sent to the REM Events Manager. NOTE: For information on installing and configuring REM Events Manager, refer to the REM Installation Guide. To enable Blink with REM Events Manager: 1. Launch REM Events Client. The default location is Start > Programs > eEye Digital Security > REM Events Client > Client Configuration. The REM Events Client Settings window displays. 2. Click the Enabled Applications tab and select the Blink check box.

Blink Installation Guide

Page 9

Installing Blink Professional Edition

Figure 6 REM Events Client Settings

3. Click OK. Blink is now configured for REM Events Manager. For additional information managing Blink in REM Events Manager, refer to the REM Security Management Console Administration Guide.

Blink Installation Guide

Page 10

Chapter 3 Installing Blink Personal Edition

Blink Personal Edition provides complete, multi-layered system protection for personal and home office use. NOTE: Running two firewalls at the same time is not recommended.

System Requirements
Minimum requirements are: Windows Vista SP1 x86 or x64, Windows 2000 or Windows XP x86 RAM minimum recommended by the operating system Hard Disk Space installation 50 MB Internet Explorer Version 5.5 SP2 or higher

Installing Blink
During installation, the Install Wizard guides you through the process. NOTE: Running two firewalls at the same time is not recommended. To install: 1. Locate Blink folder. The default location is C:\Program Files\eEye Digital Security\Blink. 2. Double click the Blink.exe file. The Install Wizrd displays. Exit all Windows applications while the software installs. 3. To continue, click Next. The Remove Existing Security Software window displays.

Blink Installation Guide

Page 11

Installing Blink Personal Edition

Figure 7 Remove Existing Security Software

4. If you are running other security software programs, remove the other programs to reduce system resource usage. 5. Click Continue. The End User Software License Agreement window displays. You must accept the licensing agreement for the installation to continue.

Blink Installation Guide

Page 12

Installing Blink Personal Edition

Figure 8 License Agreement After reviewing the license agreement, select the checkbox I accept all terms of the preceding licensing agreement.

Blink Installation Guide

Page 13

Installing Blink Personal Edition

6. Click Next. The eEye Privacy Policy displays. You must accept the privacy policy for the installation to continue.

Figure 9 Privacy Policy After reviewing the license agreement, select the checkbox I accept all terms of the preceding privacy policy.

Blink Installation Guide

Page 14

Installing Blink Personal Edition

7. Click Next. The Destination Folder displays.

Figure 10 Destination Folder Accept the default location or click Browse and select a destination folder. 8. Click Next. The Ready to Install Application window displays. 9. Click Install. The install process begins and displays a progress bar. Once Blink is installed, the successful installation window displays.

Blink Installation Guide

Page 15

Installing Blink Personal Edition

10. Click Finish. The License Management window displays.

Figure 11 License Management

11. If you are installing Blink Personal for a trial period, click Next, then verify the trial period. A serial number is automatically generated using your Internet connection. 12. If the installation is not for a trial period, enter the serial number provided when you purchased the product. You can access your serial number on the eEye client portal by selecting Product Licensing > Managing Your Serial Numbers. 13. Click Next. The eEye Auto-Update window displays. Consistently updating your eEye Digital Security applications ensures you have the latest applications and audits.

Blink Installation Guide

Page 16

Installing Blink Personal Edition

Figure 12 eEye Auto-Update

14. To configure eEye Auto-Update, click Configure. The Configuration Properties window displays. To integrate with eEye Enterprise Update Server, select the Update Server for All Applications radio button, then modify the server name to match the Enterprise Update Server name and click OK. For additional information refer to the eEye Enterprise Update Server documentation. 15. To download updates, click Next. The updates begin installing. When the updates are complete, the Update Summary window displays. 16. To view a description of the update, select the product, then click Details.

Blink Installation Guide

Page 17

Installing Blink Personal Edition

17. Click Finish. Blink automatically begins configuring your computer and triggering Blink Alerts. The Blink Alerts advise when an application is attempting to a network connection. This alert allows you to screen the source of the request to verify the application is from an acceptable or previously identified application, domain name or IP address. The four options for allowing or denying access are: Permanently allow the application access your computer Permanently deny the application access your computer Allow the application to access your computer one time only Deny the application to access your computer one time only

Figure 13 Blink Alert

Blink Installation Guide

Page 18

Installing Blink Personal Edition

18. To permanently accept a request from a known or acceptable application, select the Create a Permanent Rule check box, then click Allow. Blink creates an Allow Application rule in the Application Firewall Rules and the application is allowed access to your system.

Figure 14 Allow Rule

Blink Installation Guide

Page 19

Installing Blink Personal Edition

19. To permanently deny a the request is from an unknown or unacceptable source, select the Create a Permanent Rule check box, then click Deny. Blink creates an Allow Application rule in the Application Firewall Rules and the application is allowed access to your system. 20. To allow an application to access your system one time, verify the Create a Permanent Rule check box is cleared, then click Allow. Blink allows the application one time access, does not create a permanent rule and will display an alert if the application tries to access your system a second time. 21. To deny an application to access your system one time, verify the Create a Permanent Rule check box is cleared, then click Allow. Blink allows the application one time access, does not create a permanent rule and will display an alert if the application tries to access your system a second time.

NOTE: For additional information on the Application Firewall and Advanced functionality, refer the Blink Users Guide or the Blink Online Help System.

Uninstalling Blink
Complete the following steps to remove Blink from your workstation. eEye recommends that you exit all Windows programs before you run the uninstall. To uninstall Blink: 1. From the Start menu, select Settings and Control Panel, then click Add/Remove Programs. 2. Select eEye Digital Security Blink, then click Remove. The Add/Remove Programs dialog displays. 3. To exit without uninstalling, click No. To continue, click Yes. A dialog box verifies the removal of the configuration data. 4. To remove the configuration data, click Yes. To retain the license for future use on the same machine, click No. A progress bar displays, showing the status of the uninstall. When complete, the progress dialog closes. In some system configurations could require a system reboot to complete the uninstall. If so, a prompt displays stating you must reboot to complete the uninstall.

Blink Installation Guide

Page 20

Chapter 4 Getting Started

Blink can control your intrusion prevention, application and network firewall, internal policy enforcer and vulnerability assessment by instantly apply new policies. These policies provide both proactive and reactive protection against intruder, internal attack and machine misuse.

Accessing Blink
To begin: 1. Select Start > Programs > eEye Digital Security > Blink > Blink. The Blink home page displays.

Figure 15 Blink Home

Blink Installation Guide

Page 21

Getting Started

You can set specific parameters, as follows: Firewall Analyzes the inbound and outbound flow of data by examining each packet to determining whether to forward the packet toward a specific destination by IP address, protocol and port. Controls the network activity of installed applications. Virus and Spyware Protection Performs in-memory protection and disk scanning for computer viruses, worms, Trojan horses and spyware by checking each process and application in memory or being loaded. Although each type has defining characteristics, the distinctions are becoming blurred because blended threats are becoming increasingly common. Blended threats combine characteristics of multiple types to maximize the damage and speed of contagion. Intrusion Prevention Analyzes the content of network traffic to block malicious data and allow legitimate traffic to be processed. This includes both intrusions, such as attacks from outside the organization, and misuse, such as attacks from within the organization. The IPS is comprised of Analyzers and Signatures protocols. Analyzers provide a generic protocol-based detection method for intrusion. If suspicious activity, such as a buffer overflow attempt, multiple login attempt or too many Are You There (AYT) commands, occur, Blink analyzes the traffic based on protocols, then identifies and stops suspicious traffic. Vulnerability Assessment Defines, identifies and classifies the security holes or vulnerabilities in a computer, network or communications infrastructure. Vulnerability assessment consists of: defining and classifying network or system resources, assigning relative levels of importance to the resources, identifying potential threats to each resource, developing a strategy to deal with the most serious potential problems first and defining and implementing ways to minimize the consequences if an attack occurs. System Protection Provides proactive security against zero day attacks and offers protection against buffer overflow and memory-based attacks. In addition, system protection helps maintain compliance with security policies by providing granular control over programs and data. Blink has three types of system protection rules: Execution, Registry and Application. NOTE: For additional information, refer to the Blink Users Guide or Blink Online Help System.

Blink Installation Guide

Page 22

Appendix A Blink Professional Command Lines

You can install and uninstall Blink Professional using the following command lines.

Installing and Uninstalling Blink

Install Command Lines The following command line options are available to install Blink Professional. /qn Completely silent. No user interface displays. If a reboot is required, the Windows Installer automatically reboots the system at the end of installation. /qb Basic user interface. Only a progress dialog displays to the user. If a reboot is required, Windows Installer prompts the user to reboot. INSTALLDIR= - Installation folder where is the path to install. Set this property to change the default installation path. /l*v C:\BlinkInstallLog.txt - Enables full logging. Use only for debugging during installation. REBOOT=ReallySuppress Suppresses the automatic reboot when using the /qn silent option. SERIALNUMBER= Sets the serial number where is the actual serial number to use. MANAGE_PWD=xxx Password used to manage Blink REM_SERVER_ADDRESS= Sets the host name of the REM Server to send REM Events REM_SERVER_PORT= Sets the port number of the REM Server to send REM Events REM_WG_DESC= Sets the workgroup description for the REM Client configuration REM_WG_LOCATION= Sets the workgroup location for the REM Client configuration REM_WG_NAME= Sets the Workgroup name for the REM Client

Blink Installation Guide

Page 23

Blink Professional Command Lines

SYNCIT_SERVER= Sets the Auto-Updater or syncit Server name SYNCIT_SCRIPT= Sets the Auto-Updater or syncit Script name SYNCIT_PROTOCOL= Sets the Auto-Updater or syncit protocol as http or https IGNOREINCOMPAT=1 Ignores check for incompatible software on the machine. For example: BlinkSetup.exe /qn /l*v C:\BlinkInstallLog.txt INSTALLDIR=D:\MyApps\Blink

Uninstall Command Lines The following command line options are available to uninstall Blink. Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} By default, the uninstall prompts to remove the license. To automatically remove the license during uninstall, use this command line: Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} REMOVELICENSE=1 To keep the license without prompting during uninstall, use this command line: Msiexec.exe /x {2AA5B60C-A775-416A-9867-4C0DF3450C30} REMOVELICENSE=0

Blink Installation Guide

Page 24

Corporate Headquarters 111 Theory, Irvine, California 92617-3039 United States Toll Free: 866.339.3732 Telephone: 949.333.1900 Fax: 949.333.1993 Website: www.eEye.com European Headquarters Westgate House 7 Floor, Westgate Road, Ealing London W5 1YY Telephone: +44 0 20 8991 3325 Fax: +44 0 20 8991 3326