We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Content Shield

How to Use the Barracuda Content Shield Suite for Windows

  • Last updated on
For endpoint computers using Firefox, Barracuda Content Shield (BCS) Suite requires Firefox 68.0 or later. For information about getting and installing the BCS suite, see How to Download and Install the Barracuda Content Shield Suite for Windows.

The Barracuda Content Shield (BCS) Suite for Windows includes two components:

  • Web Filtering Component (WFC) – Applies policies you create on the Advanced Filtering page to endpoint web traffic, which take precedence over rules configured on the DNS Filtering page.
  • Malware Prevention Component (MPC) – Scans files on the endpoint for malware both at initial installation and as the user accesses files. For Windows Terminal Server deployments, any files quarantined will appear as such to all users.

The BCS suite user interface is displayed on the Windows endpoint machine when the user clicks the shield icon idle.jpg  in the system tray. If you have installed both the MPC and WFC components, the About screen will display tiles for each. The timestamps in the Malware Prevention and Web Filtering tiles reflect the most recent policy update received for that feature.

BCS Suite main screen.png

If you only installed the WFC component, the About screen will show only the Web Filtering tile.

SplashScreenWFCOnly.png

The Status screen of the BCS suite user interface displays information about malicious or suspicious files that are detected and quarantined by the Malware Protection feature of BCS Plus.

If you disable Malware Prevention on the Threat Policy page, the MPC is disabled and threat policies are not applied on the client machines. Web Filtering will still apply to web traffic per policy.

NOTE: If the administrator has DISABLED the Malware Prevention setting under the account's Threat Policy page, scanning of files will be deferred indefinitely, or until the feature is re-enabled. The end user can check the state of this feature by hovering their mouse over the timestamp within the Malware Prevention tile on the BCS suite user interface About screen. The tooltip will display either ACTIVE or DISABLED.

Scanning Files

The MPC will conduct a full scan of the local file system when the software is first installed, and then again after every reboot. Subsequent scans only evaluate files that have either been added or changed since the previous scan, allowing the process to complete in less time. Newly introduced files will be scanned when downloaded.

Quarantined Threats

When the MPC detects a suspicious or malicious file, the file is quarantined and a notification is displayed in the lower right-hand corner of the user's display. Additionally, the BCS suite icon in the system tray will change to reflect that one or more threats have been detected:

The threat icon Threat.PNG is displayed until the end user has accessed the BCS suite user interface Status screen, thereby acknowledging receipt of the threat notification(s). The icon will then revert back to the normal state eps-agent-idle.png.

The initial state of the Status screen, with no threats having yet been detected, displays a large green shield outline with a check mark inside. After a threat is detected and quarantined, an entry is added to a table displayed on the Status screen. The table then lists the DETECTED ON date & time, the FILE name, and a clipboard icon. Hovering your mouse over an entry will display a tooltip containing the full path to the location the quarantined file was removed from. Clicking on the clipboard icon will copy attribute details for the file into the system's clipboard, from where it can be copied and, for example, mailed to the system admin.


BSC Suite Quar Threats.png

The clipboard contents for the first entry as shown will look something like this:

threatdetailsx.png

Note that only the administrator can remove files from quarantine.

 

System Tray Icons and Notifications / Errors

Task Tray Icon AppearanceMeaning
Threat.PNG

When a threat is detected and a file is quarantined. Click on the icon to see the Status screen. If the agent loses connection with the BCS service before you click the icon, then the CriticalError.PNG icon will display until you click on it.

Warning.PNG

The endpoint machine cannot communicate with Barracuda Content Shield, and/or the on-access scanner is not running. File scanning can still take place using local settings, but the MPC is not being triggered to scan when a user accesses a file. This can happen if the MPC was uninstalled and then re-installed without rebooting. Try rebooting the machine.

CriticalError.PNGThe Barracuda Content Shield service is not available, or there is no Internet connection. On-access scanning will still apply, but only with cached results. If a threat has been detected but the threat task tray icon has not been clicked and BCS cannot connect, this icon supersedes the threat icon in the task tray.

How to Uninstall the Barracuda Content Shield Suite

The Barracuda Content Shield employs a Tamper Proof feature that prevents end users from uninstalling this software. However, the administrator can choose to bypass this feature using the Allow Agent Removal option in the Agent Settings section of the ACCOUNT SETTINGS page:

1. Set Allow Agent Removal to On
2. Enter an Agent Password, which must be entered at the endpoint in order to bypass the Tamper Proof feature and allow the software to be uninstalled.

Notes about the Tamper Proof Feature:

  • Changes made to Agent Settings on the ACCOUNT SETTINGS page are propagated to endpoint machines when they receive their next policy update (roughly every 15 minutes).
  • In the example screenshot below, the text This product is currently configured to not allow removal displayed above the Cancel button indicates that Tamper Proof is NOT bypassed, as the Allow Agent Removal toggle is set to Off in the Agent Settings section of the ACCOUNT SETTINGS page.

After the Agent Settings have been properly configured, the software can be uninstalled in either of two ways;

  1. Launch the BarracudaContentShieldSetup-#######.exe installer and select Remove, and enter the Agent Password when prompted.
  2. Access the Windows Control Panel and select the Programs and Features option. Highlight the BCS suite entry, then click on Uninstall. When prompted, enter the Agent Password.

When the uninstall completes you will be prompted to reboot the computer.

UninstallGUI.png

 

Last updated on