Introduction

HP Wolf Security provides simple yet effective protection for small and mid-sized organizations. It stops a broad range of attacks including phishing and ransomware without requiring security specialist staff or complex configuration. HP Wolf Security is available as cloud-managed PC software with optional deployment services.

The available features will vary depending on the version and configuration of HP Wolf Security. The following features exist:

• Malware Prevention

  Malware Prevention uses Artificial Intelligence (AI) technology to prevent malware, zero-day attacks, and Advanced Persistent Threats (APT) from harming your computer. Any file that is copied, installed or downloaded to your computer is immediately scanned. This scan happens without the need to launch or open the file. Malicious files are quarantined before they can cause harm. Access to the file and execution of the file are blocked to protect your computer. If you determine that a file can be trusted then you can restore it from quarantine. Files that are restored from quarantine are not detected as malicious again.

• Threat Containment

  Threat Containment secures your computer when you browse the Internet or view untrusted documents. Threat Containment opens websites and untrusted documents in micro-VMs (virtual machines). The micro-VM acts as a container that prevents malware from infecting your computer. If a website or document tries to infect your computer with malicious code, it will be contained within the micro-VM. This prevents your computer from being infected. If you see malware attempting to run, close the browser tab or document to end the micro-VM session and destroy the malware.

  Supported browsers

  HP Sure Click Secure Browser is protected by Threat Containment. You can find HP Sure Click Secure Browser in the Windows Start menu or by using the Windows search bar. When the HP Sure Click Secure Browser is running, you can right-click the icon on the taskbar and select Pin to taskbar so that it opens more quickly in future.

  Supported file types

  With Threat Containment you can view PDF files securely. You can also view or edit Word documents, Excel spreadsheets, and PowerPoint presentations (depending on the version of the product that is installed).

• Credential Protection

  Credential Protection offers protection against identity theft attacks online. Credential protection uses a web browser extension to detect websites that are trying to steal your login details. If you visit a known phishing webpage then you will be blocked from entering your password. If you visit an unknown webpage then you will be warned about entering your password. The HP Wolf Security extension is available in HP Sure Click Secure Browser, Google Chrome, Mozilla Firefox and new Microsoft Edge. The extension requires HP Wolf Security to be installed on the computer.

• OS Resiliency

  Use OS Resiliency to recover and restore your OS with minimal user intervention.

  Recovery images provided by HP include the basic Windows 10® installer and may optionally install optimized drivers for HP devices. HP recovery images do not include data recovery agents that are not included with the Microsoft Windows 10 media, for example, OneDrive. Corporations can create their own custom images to add corporate settings, applications, drivers, and data recovery agents.

  An OS recovery agent performs the steps necessary to install the recovery image. The recovery agent provided by HP performs common steps like partitioning, formatting, and extracting the recovery image to the target device. You can find the HP recovery agent on hp.com, so Internet access is required to retrieve it. Corporations can also host the HP recovery agent within their firewall or create custom recovery agents for more complicated recovery environments.

  A download agent manages downloading of the recovery agent and recovery images. Notifications will be shown when a download begins or completes. You can also see details of download activity by opening Event Viewer and examining the HP Sure Recover event log.

• Application Persistence

  Application Persistence helps you monitor critical applications and alerts you in case of external threats. You can monitor individual applications or application categories.

  Application Persistence requires Trusted Platform Module (TPM) 2.0 to perform signing operations. If the TPM is reset or cleared, any keys that Application Persistence created are invalidated and cannot be used. To restore use of those keys, disable Application Persistence and then reenable it.

  If you perform an OS recovery using OS Resiliency, Application Persistence is automatically disabled following the recovery process and you must reenable it.

• Protect & Trace with Wolf Connect

  Protect & Trace with Wolf Connect is a service to find, lock and erase PCs worldwide. It uses global cellular and GPS technology to provide accurate location information and continues to function even if the PC is turned off or will not boot.

  Protect & Trace with Wolf Connect is only supported on HP laptop PCs and mobile workstations that were manufactured with the required hardware.

  You can activate Protect & Trace with Wolf Connect from the HP Wolf Security console if your PC is compatible. In the event that your PC is lost or stolen, you must inform your organization's administrator immediately so that they can start the recovery process.

---

System tray icon

The HP Wolf Security icon is located in the system tray, typically in the lower-right corner of your computer screen.

Menu options

Right-click the icon to show the menu options.

• Open: Opens the console.
• Enable/Disable Malware Prevention: Controls the state of Malware Prevention (User Account Control elevation might be required).
• Enable/Disable Threat Containment: Controls the state of Threat Containment (User Account Control elevation might be required).
• Enable/Disable Credential Protection: Controls the state of Credential Protection (User Account Control elevation might be required).

Status

The system tray icon communicates the status of HP Wolf Security with a colored dot.

• When the icon has a green dot, HP Wolf Security is running and no action is required.
• When the icon has a orange dot, HP Wolf Security is recommending that some action is taken. For example, one of the components might be disabled. Open the HP Wolf Security Console to determine what action is required.
• When the icon has a red dot, HP Wolf Security is indicating that an error has occurred. Open the HP Wolf Security Console to identify the problem.

---

Console

Use the console to control the components of HP Wolf Security, view status, access settings, see security alerts, and send information to HP.

• Dashboard

  The Console opens on the Dashboard. This page shows the status of the different components of HP Wolf Security. Each component displays a status message if action is required. Select the help icon by the message to show the relevant help information. Select the component card to open the settings page for that component.

  Navigation

  The navigation menu is typically displayed on the left side of the console. Use the menu to navigate between pages in the console.

  Select the help icon at the bottom of the menu to open the help file.

  About

  The About box displays which versions of HP Wolf Security software are installed on your computer. The HP Support team might need this version information if you contact them. The Computer ID (unique identifier) is also shown in the About box. The HP Support team might need this ID to identify your computer.

  Select the information icon at the bottom of the menu to open the About box.

  Messages and actions

  The Messages pane is typically found at the right side of the Dashboard page and can be shown or hidden. The overall protection status appears at the top and matches the status indicated by the system tray icon.

  Opt in to help improve HP Security Products - Select this option to go to the Settings page where you can opt in to share data with HP.

  New alerts - Indicates how many new security alerts have been detected since you last opened the Security Alerts page. Select this option to open the Security Alerts page.

  If the Malware Prevention component is present, two options might be displayed:

  • Update - Download the latest malware definitions to your computer. Updates are downloaded automatically, but you can use this option to confirm that you have the latest version.
  • Start Full Scan - Select this option to start a scan of the entire computer for malicious files. HP recommends that you keep the computer plugged into an AC power outlet during a full scan. You can cancel the scan while it is running.

• Security alerts

  If HP Wolf Security determines that a website or document contains malicious content, it generates an entry in this page.

  When Malware Prevention displays an alert, the file it has identified will be moved to a quarantine area where it cannot be accessed, preventing it from causing harm.

  When Threat Containment displays an alert, any malicious activity will be contained within the micro-VM. Closing the browser tab or document will destroy the micro-VM along with any malicious activity.

  Select the > button on the alert to show what actions can be taken. This button opens a Details pane that shows additional details about the alert and actions that are available. These actions might include:

  • Delete File: Deletes a quarantined file (User Account Control elevation might be required).
  • Restore File: Restores a quarantined file to its original location (User Account Control elevation might be required). You should only restore a file if you are confident that the file is not harmful. Restored files are shown in the Malware Prevention settings page.
  • View Securely: Opens a quarantined file in a micro-VM. This allows you to view the content of the file without harm to your computer.

• Settings

  The Settings page contains settings that affect the behavior of HP Wolf Security.

  General settings

  Select Opt in to help improve HP Wolf Security to share data with HP. If selected, this data is used for diagnostics, to improve security across all HP devices, and to continually enrich the HP user experience.

  Malware Prevention settings

  You can enable or disable Malware Prevention by using the toggle at the top of the page.

  You can exclude some folders and processes from creating Malware Prevention alerts. Sometimes other security software installed on a computer contains code that triggers alerts. You can prevent these alerts by excluding specific folders and executable files from being scanned. User Account Control elevation might be required to modify exclusions.

  Any files you have restored from quarantine are also listed on this page. You can select restored files and re-quarantine them if appropriate.

  Threat Containment settings

  You can enable or disable Threat Containment by using the toggle at the top of the page.

  If there are significant operating system changes, you can press the Re-initialize button to recapture the computer's current system state.

  Select Open Live View to open HP Wolf Security Live View. HP Wolf Security Live View displays information about the website and document micro-VMs that are currently running. A screenshot of the webpage or document, the website domain or document file name, and the time it has been open are all shown. You can use HP Wolf Security Live View to check that a website or document has been opened in a micro-VM and that you are being protected.

  Credential Protection settings

  Use the toggle at the top of the page to enable or disable Credential Protection.

  OS Resiliency settings

  Use the toggle at the top of the page to enable or disable OS Resiliency. User Account Control elevation is required to read or modify any of the OS Resiliency settings.

  Application Persistence settings

  Use the toggle at the top of the page to enable or disable Application Persistence. User Account Control elevation is required to read or modify any of the Application Persistence settings.

  Protect & Trace with Wolf Connect settings

  There are no user-accessible settings for Protect & Trace with Wolf Connect. All Protect & Trace with Wolf Connect settings for your organization are managed by an Administrator.

  Support tools

  Use Enable logging to allow logging information to be recorded. HP may request that you enable this option to investigate an issue. A notification message will be shown each time you login to remind you that logging is enabled and to allow you to disable it. When enabling or disabling logging you must restart your computer for the change to fully take effect.

  Selecting Send Report creates a compressed file containing log information that is automatically sent to the HP Support team. User Account Control elevation might be required. Before reporting a problem, please select the Enable logging option and restart the computer. Then reproduce the problem to ensure that the log files contain the relevant information. A dialog box will be displayed for you to enter additional details about what problem you are seeing and when it occurs.

---

Appendix A - How to enable virtualization

Threat Containment uses virtualization to protect your computer from malware contained in files downloaded from the internet. If virtualization is disabled on your computer, you will need to enable it in order to use Threat Containment. You will need to restart your computer as part of this process.

To check if virtualization is enabled on your computer, right-click the taskbar or press ctrl+alt+delete, and then select Task Manager. Select the Performance tab, and check the status of Virtualization.

To enable virtualization on your computer you will need to open the UEFI or BIOS settings for your computer:

1. Ensure that you have these instructions available on a separate device or print a paper copy.
2. Select the Windows menu and select Settings (or search for Settings).
3. From the Settings window, select Update & Security.
4. From the left menu, select Recovery.
5. Under Advanced start-up, select Restart now.
6. Select Troubleshoot and then select Advanced options.
7. Select UEFI Firmware Settings and then select Restart. If the UEFI Firmware Settings option is not listed, your computer does not support UEFI. To enable virtualization, boot to the BIOS by restarting your computer and pressing the BIOS boot key before Windows starts. The BIOS boot key varies by manufacturer. Please refer to the manufacturer's guidance for more information.
8. The UEFI/BIOS settings vary by computer manufacturer and model. Look for a setting or settings labeled Virtualization, Virtualization Technology , VT-x, VT-d, Extended Page Tables, EPT, Vanderpool or AMD-V and enable all of them. These settings might be listed under a menu labeled Security, Advanced, Configuration or CPU Configuration. You may need to use your laptop's built-in trackpad or keyboard to navigate the options. NOTE: Do not change any other UEFI/BIOS settings without referring to the manufacturer's guidance first.
9. Select Save or Apply and then select Exit or Restart.
10. After the computer has restarted, you can use Task Manager to check whether virtualization is enabled as described above. If virtualization is not enabled, the setting change might not have been applied during restart. Completely shut down your computer and wait at least 30 seconds before restarting it.
11. After virtualization is enabled, Threat Containment will initialize and its status will then change to green.

---

Appendix B - Windows Hyper-V Support

Threat Containment includes support for systems running Windows Hyper-V. If Threat Containment cannot support Hyper-V on your computer then you may need to either disable Hyper-V or enable Windows Hypervisor Platform.

1. From the Windows Start menu, open Control Panel.
2. Select Programs and Features, and then Turn Windows features on or off.
3. Modify the Hyper-V or Windows Hypervisor Platform feature.

NOTE: Threat Containment is able to make use of Windows Hypervisor Platform since Windows 10 build 18362.

---

Appendix C - How to uninstall HP Wolf Security

Use the steps outlined in this section to uninstall HP Wolf Security.

1. In the Windows Start menu, search for Add or remove programs to open the Apps & features page.
2. Select HP Wolf Security from the list and then select Uninstall.
3. Select HP Wolf Security - Console from the list and then select Uninstall.
4. Select HP Security Update Service from the list and then select Uninstall.

---

Appendix D - How to install HP Wolf Security

If HP Wolf Security was preinstalled on your computer, you can reinstall it by following these steps.

1. Open https://support.hp.com and select Software and Drivers.
2. Select your product (laptop or desktop), identify your device, and select your operating system version.
3. From the list of eligible software, find Software-Security and choose HP Wolf Security for Business.
4. Download and run the installer. Follow the instructions displayed on screen.

---

Appendix E - Microsoft Outlook Support

Threat Containment includes protection for Microsoft Outlook. Untrusted email attachments that are previewed or saved will be opened in a micro-VM (virtual machine) to prevent your computer from being infected by malware.

'New Outlook for Windows' is a new version of Microsoft Outlook which is not currently protected by Threat Containment. To continue benefitting from the email protection that Threat Containment provides, disable the 'New Outlook' toggle switch which appears in the Microsoft Outlook window. The Threat Containment warning should disappear when you next login.

---