The Barracuda Content Shield (BCS) Suite for Windows includes two components:
- Web Filtering Component (WFC) – Applies policies you create on the Advanced Filtering page to endpoint web traffic, which take precedence over rules configured on the DNS Filtering page.
- Malware Prevention Component (MPC) – Scans files on the endpoint for malware both at initial installation and as the user accesses files. For Windows Terminal Server deployments, any files quarantined will appear as such to all users.
The BCS suite user interface is displayed on the Windows endpoint machine when the user clicks the shield icon in the system tray. If you have installed both the MPC and WFC components, the About screen will display tiles for each. The timestamps in the Malware Prevention and Web Filtering tiles reflect the most recent policy update received for that feature.
If you only installed the WFC component, the About screen will show only the Web Filtering tile.
The Status screen of the BCS suite user interface displays information about malicious or suspicious files that are detected and quarantined by the Malware Protection feature of BCS Plus.
Scan and Delivery of Downloaded Files
The WFC scans files (executables, archives, documents, etc.) that the user attempts to download. When a user navigates to a website and clicks the download link for some software, the agent downloads the file for internal scanning before delivery to the user. While the file is being scanned, the agent returns a progress page to the browser indicating that the file is being downloaded/scanned. When the download is complete, the landing page displays one of the following:
- A download page that indicates that the file has been scanned and can be safely downloaded, with a link for the user to click to get the file.
- A block page indicating that a threat has been found.
The full file path of each detected threat from a downloaded file is displayed in the BCS portal on the Threat Logs page.
The MPC will conduct a full scan of the local file system when the software is first installed, and then again after every reboot. Subsequent scans only evaluate files that have either been added or changed since the previous scan, allowing the process to complete in less time. Newly introduced files will be scanned when downloaded.
When the MPC detects a suspicious or malicious file on disk, the file is quarantined and a notification is displayed in the lower right-hand corner of the user's display. Additionally, the BCS suite icon in the system tray will change to reflect that one or more threats have been detected:
The threat icon is displayed until the end user has accessed the BCS suite user interface Status screen, thereby acknowledging receipt of the threat notification(s). The icon will then revert back to the normal state .
The initial state of the Status screen, with no threats having yet been detected, displays a large green shield outline with a check mark inside. After a threat is detected and quarantined, an entry is added to a table displayed on the Status screen. The table then lists the DETECTED ON date & time, the FILE name, and a clipboard icon. Hovering your mouse over an entry will display a tooltip containing the full path to the location the quarantined file was removed from. Clicking on the clipboard icon will copy attribute details for the file into the system's clipboard, from where it can be copied and, for example, mailed to the system admin.
The clipboard contents for the first entry as shown will look something like this:
System Tray Icons and Notifications / Errors
|Task Tray Icon Appearance||Meaning|
When a threat is detected and a file is quarantined. Click on the icon to see the Status screen. If the agent loses connection with the BCS service before you click the icon, then the icon will display until you click on it.
The endpoint machine cannot communicate with Barracuda Content Shield, and/or the on-access scanner is not running. File scanning can still take place using local settings, but the MPC is not being triggered to scan when a user accesses a file. This can happen if the MPC was uninstalled and then re-installed without rebooting. Try rebooting the machine.
|The Barracuda Content Shield service is not available, or there is no Internet connection. On-access scanning will still apply, but only with cached results. If a threat has been detected but the threat task tray icon has not been clicked and BCS cannot connect, this icon supersedes the threat icon in the task tray.|
How to Uninstall the Barracuda Content Shield Suite
The Barracuda Content Shield employs a Tamper Proof feature that prevents end users from uninstalling this software. However, the administrator can choose to bypass this feature using the Allow Agent Removal option on the AGENT SETTINGS page:
1. Set Allow Agent Removal to On
2. Enter an Agent Password, which must be entered at the endpoint in order to bypass the Tamper Proof feature and allow the software to be uninstalled.
After the Agent Settings have been properly configured, the software can be uninstalled in either of two ways;
- Launch the BarracudaContentShieldSetup-#######.exe installer and select Remove, and enter the Agent Password when prompted.
- Access the Windows Control Panel and select the Programs and Features option. Highlight the BCS suite entry, then click on Uninstall. When prompted, enter the Agent Password.
When the uninstall completes you will be prompted to reboot the computer.