Trend Micro

Support Procedures
Brazil 2012
>> This document describes the tools and service
available for the Brazil PPE partners
Trend Micro 2012



TABLE OF CONTENTS


1. SELF-SERVICE FOR PRODUCT SUPPORT ................................................................................... 4

2. PREMIUM SERVICES CONNECTION ........................................................................................... 7

3. SERVICE REQUEST TYPE: ............................................................................................................. 8

4. SERVICE REQUESTS PRIORITY, URGENCY, SEVERITY AND SLOS ................................. 13

5. BUSINESS OPERATION HOURS AND CONTACTS INFORMATION ..................................... 14

6. CASE HANDLING GUIDELINES FOR SUPPORT (PRODUCT AND MALWARE) ................. 15

7. ESCALATION MANAGER (EM) ................................................................................................... 17

8. LIST OF IMPORTANT URLS ......................................................................................................... 18

9. CDT APPENDIX .............................................................................................................................. 19

10. GLOSSARY OF TERMS ................................................................................................................. 19




1. SELF-SERVICE FOR PRODUCT SUPPORT
IMPORTANT: What to do before opening a new Product Support Case

CHECK FOR PRODUCT UPDATES:
All products ust be updated to the latest a!ailable Patch or Ser!ice Pac"
Product #pdates are a!ailable at downloadcenter.trendmicro.com in the Ser!ice Pac" and Patches Tabs
as shown in the iage below:






CHECK SYSTEM REQUIREMENTS:
$nsure the hardware and operating s%ste is copliant to all products re&uireents'
This inforation is a!ailable in the product(s Reade't)t file of the product located in the more details
section of the product at downloadcenter.trendmicro.com









CHECK HOTFIX LIST (CHANGE HISTORY):
The *OT+I, -IST file is a list of all the *OT+I,$S a!ailable for a product'
.ou can re!iew this list to chec" if %our proble is alread% a "nown and sol!ed issue related to a
product bug/ if %ou need a specific hotfi) %ou should re&uest it b% a PSC case'
There is a *OT+I, -IST 0Change1*istor%2 file for each product and it can be found in the 3ownload
section in the community.trendmicro.com.br


CHECK PREMIUM KNOWLEDGEBASE (KB):
Chec" the 45 for a solution related to the issue %ou6re encountering
Premium KB esupport.trendmicro.com









If a Knowledge Base Solution requires a HOTFI download it from t!e
community.trendmicro.com.br in t!e products section" #$ccess credentials are required%


CHECK SUBMISSION CHECKLISTS:
Subission Chec"lists are used to deterine what inforation is iportant to collect and anal%7e for
a certain proble on a product'
T!e Partner Support &ngineer can use t!e c!ec'lists as a guide for troubles!ooting t!e problem.
The chec"list inforation should be subitted with the case to increase Solution C%cle Tie or for
iediate case escalation to Product Specialists'
The Subission Chec"lists are located in the 3ownload section at the community.trendmicro.com.br

CHECK BEST PRACTICES GUIDES
5est Practices 8uides pro!ide iportant inforation for product installation/ configuration and
custoi7ation guidelines'
When this aterials are a!ailable/ the% can be downloaded fro the community.trendmicro.com.br

CHECK ADMINISTRATOR AND SUPPORT TRACK MATERIALS:
.ou should refer to Adinistrator Trac" 0-9 or TCSP2 and Support Trac" 0-: or TCSM2 aterial for
Troubleshooting inforation
Adinistrator Trac" aterials can be downloaded fro the Certification S%ste at
trendmicro.cyberu.com 0if %ou don;t ha!e account please refer to -earning Manageent S%ste
+ile 9<=92
8o to 4nowledge tab and find the product aterial



Support Trac" 0-:2 aterials can be pro!ided b% re&uest
T!ese documents are (OT a)ailable for download. $ request for any Support Trac' document
must be submitted to t!e Tec!nical contact.




2. PREMIUM SERVICES CONNECTION

HOW TO OBTAIN PSC ACCOUNT
Each PSC u!" #u$ ha%! &$ '() acc'u)$'
Acc'u)$ ha"&)* '" *!)!"&c acc'u)$ a"! )'$ a++'(!,- T"!), M&c"' ca) ,!+!$! a). acc'u)$ &/ &$ &)0$
(!++ u!,

To get access to PSC/ the partner engineer ust do the following:
=' Stud% this docuent 0PS$ Support Tools and Procedures2
9' -og in to: trendmicro.cyberu.com
:' If %ou don6t ha!e an account/ register with %our partner doain account and wait the acti!ation
>' In the search field t%pe: ?support procedures@
A' Select the Support Procedures for -AR PS$ 5ra7il
B' -aunch and answer the e)a
C' When %ou ha!e copleted 0appro!ed2 the e)a/ send an eail with the screenshot of the appro!al of
the e)a to *aniel+,ibeiro-trendmicro.com
D' Once %ou6re acti!ated/ %ou will recei!e an eail fro Preiu Ser!ices Connection with %our access
credentials 0#ser and password2 and %ou6ll be able to login/ subit and anage cases/ as well as use
other PSC features li"e Preiu 4nowledge 5ase'


. SERVICE RE!UEST T"PE#

PRODUCT SUPPORT
P"',uc$ S!"%&c! R!1u!$ E +or assistance with product related &uestions'
F!a$u"! E)ha)c!#!)$ E Suggestions for product feature enhanceent'
P"',uc$ Su22'"$ T''+:
- Case 3iagnostic Tool for Windows
- Case 3iagnostic Tool for -inu)
- Case 3iagnostic Tool for Solaris

REQUIRED INFORMATION FOR PRODUCT CASE
** ALL SUPPORT COMMUNICATION IS ENGLISH ONLY.
** WE SUGGEST TO ITEMIZE YOUR PROBLEM FOR EASY UNDERSTANDING

REQUIRED FIELDS FOR CASE SUBMISSION ARE:
a3 TITLE should include the C#STOM$R NAM$ within brac"ets ?F G@
43 D!c"&2$&'): This field ust be structured with the following inforation sections/ It is ad!ised to use
short and siple sentences'

&3 5PROBLEM6SYMPTHOM DESCRIPTION7
a2 The proble description should be e)plained here 0we suggest to itei7e2
b2 $)aples:
Hueuing up to BA<< essages with a deli!er% dela% of > hours'
*ard 3is" reaching full capacit% because logs aintenances is not deleting old
inforation
$ncountering CrashI5SO3 when schedule scan starts on s%stes with Windows Jista SP9'

&&3 5PRE8IOUS TROUBLESHOOTING STEPS TAKEN7
a2 3escribe here the actions alread% perfored to troubleshoot or tr% to sol!e the issue/
pre!ious to the case subission'
b2 $)aple:
The SMTP Ser!ice was restarted
The networ" 0ping2 and port 9A twoKwa% counication and between IMSJA and Mail
Storage ser!er was chec"ed/ O4
Chec"ed IMSJA Resources: CP#: 9AL/ Meor%: =AL/ Hueue Partition in use: 9L/ 3ata
Partition in use: BDL/ etc

&&&3 5HOW TO REPLICATE THE PROBLEM6SCENARIO7
a2 3escribe how the proble can be replicated in a -abITest en!ironent'

b2 If steps to replicate are not a!ailable or un"nown/ please indicate that there are no a!ailable
replication steps'

&%3 5EN8IRONMENT DESCRIPTION7
a2 3escribe here the rele!ant details of the en!ironent li"e:
Operating s%ste details 0build/ Ser!ice Pac"/ :9 or B>bit/ language2
*ardware details 0CP#s/ RAM/ *ard 3is" total and free space/ etc2
If Jirtuali7ed/ describe the platfor and related details

%3 5EXPECTED SOLUTION7
a2 3escribe what is the e)pectation of response or solution to this case
b2 $)aple:
+irst/ Please pro!ide iediate assistance to sol!e perforance issue
Second/ Please pro!ide the Root Cause of the issue and a procedure to a!oid
encountering it again'

%&3 5ATTACHED INFORMATION7 9 8&!( A22!),&: CDT
a2 Please a"e a detailed list of the inforation being attached to the case
b2 .ou can use C3T 0.ase *iagnostic Tool2 to collect logs/ but a"e sure that %ou anuall%
collect and pro!ide an% additional inforation described in the Ca! Su4#&&') Ch!c;+&$ of
the product a!ailable at the community.trendmicro.com.br in the download sections'
c2 $)aple:
logs'7ip: Contains al C3T -ogs M OS $!ent !iewer -ogs
networ"'7ip: networ" diagra and traffic flow diagra
Chec"list')ls): Additional inforation fro the Subission Chec"list
Screenshots'7ip: Screenshots of the errors obtained when the issue occurs'

%&&3 5ADDITIONAL INFORMATION7
a2 Add here an% additional inforation that %ou consider iportant to share


c3 U"*!)c.:

U"*!)c.:

D!c"&2$&'):
C"&$&ca+
Operation K T'$a++. a//!c$!, &)/"a$"uc$u"!
+inancial Ipact E H&*h
Affected eplo%eesIusers K A++ '" #'$ '/ $h!#
H&*h
Operation K Pa"$&a++. a//!c$!, &)/"a$"uc$u"!
+inancial Ipact K M!,&u#
Affected eplo%eesIusers K K!. !#2+'.!!
M!,&u#
Operation E W'";a"'u), a%a&+a4+! /'" a//!c$!, &)/"a$"uc$u"!-
+inancial Ipact K L'(
Affected eplo%eesIusers K S#a++ G"'u2 6 c'##') u!"
L'(
Operation K N'$ a//!c$!, I)/"a$"uc$u"! 6 $!$&)* !)%&"')#!)$
+inancial Ipact K N')!
Affected $plo%eesI#sers E N')!

,3 Bu&)! I#2ac$ D!$a&+
This field is to e)plain details of the ipact that the issue is generating on the custoer6s
business operations or in the relationship with the custoer'
If necessar%/ consider to use $scalation Manager to re&uest higher case priorit%

!3 E#a&+ $' CC: If necessar% %ou can add a user fro %our copan% to "eep hi infored

/3 P"',uc$ )a#!: Select the product nae' Ma"e sure %ou choose the right product'

*3 P"',uc$ 8!"&'): select %our product !ersion

h3 P"',uc$ La)*ua*!

&3 P"',uc$ O2!"a$&)* S.$!#: Select the Operating S%ste of the en!ironent where the issue appears

<3 F&+! Na#! 9 si7e liit N AM5- if this liit is e)ceeded please use #R- field 0%ou can subit files in 'rar
or '7ip forat with password ?no!irus@2

;3 URL: Please if %ou ha!e an ftp/ pro!ide the #R- and credentials to %our files or use this:
ftp/00ftp.trendmicro.com0
user: usKwebOcustoer
password: tcustoer


THREAT SUPPORT
Th"!a$ S!"%&c! R!1u!$ K If %ou suspect %our s%ste is infected with alware/ please subit ATT4
logs or suspicious file in 'rar or '7ip forat and password ?!irus@'

D'()+'a, ATTK => U2+'a, F&+! => R!%&!( ? Su4#&$
=' 3ownload the appropriate tool below'
9' $)ecute the tool on the affected s%ste to collect suspicious files'
:' Collect the files created in the OTrend Micro AntiThreat Tool"itOOutput folderwith the
filenae foratted as ....'MM'33'**'ss1F8#I3G
>' #pload the collected file'










Th"!a$ I)/'"#a$&') ? R!!a"ch 9 To learn ore about a specific threat andIor subit a threat info
re&uest
Th"!a$ S!a"ch 9 inforation about specific threat
La$!$ Sca) E)*&)! E latest engines
T'2 @ Th"!a$ E regional top A threats











'

Th"!a$ T''+
- Root"it 5uster
- +a"eAJ Reo!al Tool 0C-I2
- +a"eAJ Reo!al Tool 08#I2

URL R!c+a&/&ca$&') E Subit suspicious or alicious #R-(s as a (#R- to Jerif%( ser!ice re&uest'

SPAM Su4#&&') E SPAM Saple subission

Th"!a$ G!)!"a+ I)1u&". E +or general in&uiries regarding a threat'


$. SERVICE RE!UESTS PRIORIT"% UR&ENC"% SEVERIT" AND
SLO'S

Ser!ice Re&uest Priorit% is defined b% the proble t%pe selected when subitting a case as shown in the following
table:


Ca! T.2!

P"'4+!# $.2! P"&'"&$. SLO
P"',uc$ CrashI$)ception P= > S*
P"',uc$ Perforance Issue0Mail &ueued or s%ste *ang2 P= > S*
P"',uc$ Installation and 3eplo%ent P9 = W3
P"',uc$ Scanning Proble 0i'e' Jirus not detected2 P9 = W3
P"',uc$ $ngine or Pattern #pdate 0i'e' acti!e update2 P9 = W3
P"',uc$ Registration Proble P9 = W3
P"',uc$ Copatibilit% Issues with :rd Part% Software P: = W3
P"',uc$ Others P: = W3
Ma+(a"! (8&"u) S%ste Infection P= D S*
Ma+(a"! (8&"u) +alse Alar P= D S*
Ma+(a"! (8&"u) Clean +ailed P= D S*
Ma+(a"! (8&"u) #ndetected Saples P9 = W3
Ma+(a"! (8&"u) #R- to Jerif% P9 = W3
Ma+(a"! (8&"u) Jirus Inforation Re&uest P: = W3
G!)!"a+ Qu!$&') +eature Re&uest P> 9 W3
G!)!"a+ Qu!$&') In&uir% P> 9 W3

I#2'"$a)$ N'$!:
Ser)ice 1e)el Ob2ecti)e means t!e time to e3pect a first answer from Trend1abs4 !owe)er" sometimes it
may ta'e longer t!an e3pected depending on t!e wor'load and required analysis.
T!e 5rgency field" describes t!e speed in w!ic! t!e solution is needed. T!is selection is only
informati)e" see urgency table abo)e.
SH means Straig!t Hours.
6* means 6or'ing *ays.
$ P7 case s!ould be updated e)ery day"
$ P8" P9 case s!ould be updated at least e)ery two days
$fter an update if no answer is recei)ed in a two day period we are going to as' for anot!er update"
after two more days if no update is recei)ed again we will wait 7 more day before force:close t!e case
#8:8:7%


(. BUSINESS OPERATION )OURS AND CONTACTS INFORMATION


NORMAL BUSINESS HOURS SUPPORT
-TSC is the 5ra7il Technical Support Center that will handle all Product support cases
Noral 5usiness hours is fro Monda% to +rida%/ fro P:<<a to B:<<p official local tie for
5ra7il' 08MT K:2

OFF-BUSINESS HOURS SUPPORT
Onl% N$W and $N3ORS$3 *igh Priorit% 0P=2 Product cases will be handled b% Trend-abs 9>)C
Support Tea during OffK5usiness hours
If support for an OP&( Product case is required during Off:Business Hours" it is needed t!at
t!e partner ma'es t!e specific request t!roug! &scalation ;anager to !a)e it &(*O,S&* to
8<3= Support Team.
Mediu and -ow priorit% 0P9KP>2 Product cases will be handled during on noral business
support hours as described b% the S-O'

CONTACTS INFORMATION
.ou can contact the 3ispatch Center b% phone as"ing for 5ra7il Tea or for the person %ou want
to spea" to'
As" the operator for the person %ou want to spea" to or as" for 3ispatch Center'
P* 3ispatch Center: =KDDDKB<DC:B:
P* Office 0As" for 3ispatch Center2 MB: 092 PPAKB9<<
S"%pe contact for &uestions 0not product support2: ltsc'support
-TSC Tea Manager is Qason Nal7aro
>ason+(al?aro-trendmicro.com
Phone: MB:K9KPPAKB9<< E 0-ocal 9C>:2
Mobile: MB:KP=C AC= 9:BC



*. CASE )ANDLIN& &UIDELINES FOR SUPPORT +PRODUCT AND
MAL,ARE-

CASE SUBMISSION:
Product and Malware case subission ust be coplete with the re&uired inforation described
pre!iousl%

CASE MANAGEMENT AND FOLLOW=UP
To achie!e a better ser!ice for the custoer/ an% case subitted ust be updated continuousl%
When no response is recei!ed in a case:
A first Warning will be sent after 9 da%s without response
A second Warning will be sent after 9 da%s without response
A third and last Warning will be sent after = da% without response and the case will be +orced
Closed and Tagged as abandoned within the ne)t 9> hours'

CASE PRIORITIAATION
+or cases where a higher priorit% is re&uired 0,efer to .ase Types and Priorities Table2/ use
$scalation Manager Process to re&uest a Priorit% increase pro!iding the reason for it'
T%pical reasons for Priorit% increase are:
Situation is or has turned into 5usiness Critical
Custoer6s operations are at ris"
Custoer is strongl% dissatisfied/ disappointed or angr%
5usiness 3eal is at ris" because of the case proble
Case has been opened to an% da%s without reaching a solution
Malware Infection
Outbrea" of abo!e A< achines infected
Critical achine within custoer6s infrastructure is infected

CASE REOPENING
Case Reopening can be done for cases where the e)act sae issue occurs again within the
ne)t =< da%s after the case was closed'
+orced Closed 0Abandoned2 Cases will not be reopened

WEBEX REQUEST
Redesign Webe) Re&uest 8uidelines
=' It is re&uired to ha!e a Case subitted to re&uest a Webe)
9' Webe) re&uest ust be done through $scalation Manager Process and e)plain the
details of the reasons wh% this session is needed
:' If P* TAM considers it necessar% to ha!e a webe) in order to gi!e better solution the% are
going to re&uest for it'

CASE CLOSING
To close a case it is re&uired to pro!ide an update indicating the reason wh% the case is being
closed
=' Solution deli!ered was successful
9' Custoer cannot appl% solution
:' The issue no longer appears
>' The product was reinstalled
If a case has no update for A wor"ing da%s the case will be closed following the Case
Manageent and +ollow up procedure


.. ESCALATION MANA&ER +EM-


USE ESCALATION MANAGER IF:
Reopening a closed case is needed
A case is old and proble reains
Case is or has turned into a 5usiness Critical situation
A +eature Re&uest case update is needed
Support Tools and Process are not useful for an% particular situation'

ESCALATION MANAGER OPERATION HOURS
$scalation Manager Ser!ice is a!ailable during Noral 5usiness Operations *ours Monda% to +rida%/
P:<<a to B:<<p official local tie for 5ra7il'
If urgent assistance is needed" use t!e PH Dispatc C!"t!# or call LTSC T!a$ Ma"a%!#

HOW TO USE ESCALATION MANAGER
To use $scalation Manager it is needed to:
i' Open the $scalation Manager Subission for 03ownload section at the
community.trendmicro.com.br2
ii' Select Malware Support or Product Support Tab in the $)cel file
iii' +ill in all the fields with the rele!ant inforation
i!' Send the file to pse-trendmicro.com





/. LIST OF IMPORTANT URLS

PORTAL

URL DESCRIPTION
Trend Counit% 5rasil !ttp/00community.trendmicro.com.br Trend Micro and -AR Partner Counit%
-earning and Certifications
Portal
!ttp/00trendmicro.cyberu.com
Sales and Adinistrator Trac" training
courses/ aterials and certification
e)as
3ownload Center !ttp/00downloadcenter.trendmicro.com
All Products Installation files/ Ser!ice
Pac"s and Patches
Preiu Ser!ices
Connection
!ttps/00premser)ices.trendmicro.com0
Online Tool to subit and anage
support cases with the -AR Technical
Support Center
Public 4nowledge 5ase !ttp/00esupport.trendmicro.com
8et Support for Sall 5usiness R
$nterprise Products
Threat $nc%clopedia !ttp/00t!reatinfo.trendmicro.com -atest inforation on alware
Malware 5log !ttp/00blog.trendmicro.com0
Threat news and inforation direct fro
the e)perts
CTO Insights 5log !ttp/00ctoinsig!ts.trendmicro.com0
Reiund 8enes tal"s about threat
securit% issues
Public Online Malware
Scanner
!ttp/00!ousecall.trendmicro.com free
Mail Abuse !ttp/00www.mail:abuse.com
$RS: $ail Reputation Ser!ice Huer%
Portal
WRS !ttp/00global.sitesafety.trendmicro.com Web Reputation Ser!ice Huer% Portal



0. CDT APPENDI1

LOG COLLECTION RECOMMENDATIONS
.ou can use the .ase diagnostic tool to autoaticall% collect logs and details about the product
and Operating S%ste but be aware that not all inforation re&uired is collected b% C3T'
Read the .ase diagnostic tool G!$$&)* S$a"$!, Gu&,! to learn how to better use it'
Ma"e sure that logs and an% inforation %ou pro!ide in a support case reflects or shows
inforation about the proble at the e)act tie it happened
If t!e issue was not replicated w!ile collecting t!e logs" t!e information submitted will
probably be not useful to us and it will be requested to collected again.
+ile Splitting ust be used when using +TP sites other than the Trend Micro 8lobal +TP $)ternal
ser!ice'



12. &LOSSAR" OF TERMS

PB- PC- PD a), PE: Ca! P"&'"&$&!/ P= is the *ighest Priorit%/ P> is the -owest Priorit%
PSC - P#!$i&$ S!#'ic!s C(""!cti(") It(s a tool for subitting and trac"ing support ser!ice re&uests'
S!#'ic! R!*&!st: pre!iousl% "nown as case/ it(s the trac"ing ethod used to handle each particular
support re&uest
LTSC - Lati" A$!#ica T!c"ica+ S&pp(#t C!"t!#) Support Ser!ices Tea who will handle Ser)ices ,equests
0Products and Jirus2'
CDT) Case 3iagnostic Tool
ATT, T((+/ S%ste Inforation Collector Tool