Purpose

The following document is designed to be a landing page for common issues associated with restrictions, procedures, and regulations typical of a Military or Government classified environment

Common security policies and issues that exist for a Government/Military Environment (Classified)

The following connectivity and file restrictions can exist in a military environment:

• No connectivity with subnets outside the security zone including the internet
• Files can only be transported one-way to machines inside the restricted environment
• Files from restricted subnet cannot be transported outside the subnet without review from security personnel

Shavlik Protect Functionality impacted by above restrictions

• Patch Definition files cannot be downloaded directly from XML.Shavlik.com or
• Patches cannot be downloaded on demand directly from Patch Vendor sites such as Microsoft, Adobe, or Firefox
• Unable to use the Online activation method to activate a Shavlik Protect activation key

Updating Patch Definitions and Install files to a Console located in a Secure Environment

When files can only be transported one-way to machines inside the restricted environment, many customers copy these files to Write Once/Read Only Media to manually transport them to the Protect Console in the Secure Zone.  This is explained in the document

Updating Patch Definition And Install files To A Non-internet Facing Console Using Read Only Media

How to Process A Manual (Offline) Activation when >Secure to Non Secure network file transfer is not allowed

Many military customers are unable to transport digital files from a Secure to Non-Secure network.  If this is case use the manually enter Activation Request data option in Manual Activation to gather numbers that can be hand written and carried to the non-secure zone to create a activation key request file.  This is explained in the document

How To Process A Manual (Offline) Activation For Shavlik Protect

Deploying patches downloaded from the Department of Defense Patch Repository

In order to ensure patches are downloaded from a Secure site, the Department of Defense provides vendor patch downloads from https://patches.csd.disa.mil/ These Patches that have been downloaded from the Department of Defense Patch Repository and can be used if the files are renamed to match the Shavlik "Download File Name" for the patch. .  For example WinSec-MS15-046_v3.0-003-P58853-excel2010-kb3054845-fullfile-x64-glb.exe would be renamed to excel2010-kb3054845-fullfile-x64-glb.exe . Instructions to obtain and use the "Download File Name" are found in the documentProtect doesn't recognize a patch that was manually downloaded

Information Assurance Vulnerability Alert (IAVA)

When the license key Government Edition of Shavlik Protect is activated, the Information Assurance Vulnerability Alert (IAVA) Reporter is enabled

The following links provide information dealing with IAVA information and Shavlik Protect

IAVA XML File Overview: Location and download information for IAVA files

Creating an IAVA Report: How to create an IAVA Report

Performing an IAVA Patch Scan: How to create and use a IAVA patch Group

AVA Patch Lookup:How to look up IAVA patches from the official IAVA list. This may be useful when identifying patches that may not be present within Protect

Affected Product(s)

Shavlik Protect 9.X