Professional Documents
Culture Documents
6
Applying Latest Patch(es) for OSCE 10.6
To find out the latest patches for OfficeScan, click here.
Both essentially work the same way, but are ported for different software platforms.
Integrated Scan Server
The integrated scan server is automatically installed on the OfficeScan server. It can be installed
during OfficeScan server installation or at later point.
|
Standalone Scan Server
The standalone scan server is recommended to large networks. At this point, this server is only
available as a VMWare image that runs CentOS.
For more information regarding image compatibility on virtual servers
Refer to: http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
2. When opting to use the Integrated scan server, make sure that it is actually installed
To verify if the scan server is installed and accessible from a particular desktop, enter the
following URL in the desktops browser:
https://officescan_host:<port>/tmcss/?LCRC=08000000AC41080092000080C4F01936B21D9104
If the browser returns the following, then the Scan Server is both enabled and accessible.
3. Enable Smart Scan - The Integrated Scan Server is enabled using the following checkbox on the Scan
Server screen on the OfficeScan management console.
Before including an Integrated Scan Server in the scan server list, make sure that it is enabled. When
using File Reputation functionality with an integrated scan server, make sure that the scan server is
enabled before switching scan types. This is an important step because the mechanism for switching
from standard scanning to File Reputation does not include automatic verification of scan server
functionality.
Deploy clients in Conventional scan, and then switch them over to Smart scan afterwards.
Create OfficeScan domains that have Smart scan enabled by default, and then migrate
8.
9.
10.
11.
12.
10.
11.
12.
13.
14.
15.
16. Spyware/Grayware > Clean: OfficeScan will terminate processes or delete registries, files,
cookies and shortcuts.
10.
11.
12.
13.
14.
15.
16.
17.
9.
10.
11.
12.
13.
14.
15.
16.
Summary
Files to scan
Real-time Scan
Manual Scan
Scheduled Scan
Scan Now
All Scannable
All Scannable
All Scannable
All Scannable
Enable Intellitrap
Medium
Medium
Medium
Advanced Cleanup
Advanced Cleanup
Advanced Cleanup
You may add the URLs of the Web sites you want to approve or block.By default, Trend Micro and
Microsoft Web sites are included in the Approved list.
9. Select whether to Allow clients to send logs to the OfficeScan server. You can use this option to
analyze URLs blocked by WRS.
10. Click Save
Administrators can also configure OfficeScan to log all connections between clients and confirmed C&C
IP addresses.
These are the steps on how to do it:
1. Navigate to Networked Computers > Global Client Settings
2. Go to the C&C Contact Alert Settings section
3. Enable the Log network connections between agents and Trend Micro confirmed C&C IP
addresses option
4. Select to log connections from all endpoints, or only endpoints running specific operating
systems
5. Click Save
Note: Service Pack 3 should be installed in order to have the C&C connection detection feature
Behavior Monitoring works in conjunction with Web Reputation Services to verify the prevalence of files
downloaded through HTTP channels or email applications. After detecting a "newly encountered" file,
administrators can choose to prompt users before executing the file. Trend Micro classifies a program
as newly encountered based on the number of file detections or historical age of the file as determined
by the Smart Protection Network.
To enable the Behavior Monitoring feature to monitor these newly encountered files, do the following
steps:
1. On the OSCE Server, go to Networked Computers > Global Client Settings
2. Under Behavior Monitoring Settings, check Prompt users before executing newly encountered
programs downloaded
3. Click on Save down at the bottom
Note: Service Pack 3 should be installed in order to have Behavior Monitorings newly
encountered files detection feature
Allow access to USB storage devices, CD/DVD, floppy disks, and network drives. You can grant
full access to these devices or limit the level of access. Limiting the level of access brings up
Program lists which allows programs on storage devices to have modify, read and execute,
read, List device content only and Block permissions.
Configure the list of approved USB storage devices. Device Control allows you to block access to
all USB storage devices, except those that have been added to the list of approved devices. You
can grant full access to the approved devices or limit the level of access.
Use default permission for Non-Storage Devices, You can only allow or block access to nonstorage devices. There are no granular or advanced permissions for these devices.
to restore system policy and this has been implemented via the use of TSC.INI file.
For more information on how to clean malware remnants and restore security policies, visit
http://esupport.trendmicro.com/Pages/How-to-clean-malware-remnants-and-restore-policies-usingGeneriClean.aspx
Intrusion Defense Firewall is an advanced, host-based intrusion defense system that brings proven
network security approaches, including firewall and intrusion detection and prevention, down to
individual networked computers and devices. In addition, it can also prevent a malware attack that
exploits the vulnerability.
More information can be found here.
1. Login to the OfficeScan Management Console
2. Click Plug-in Manager
3. Under Intrusion Defense Firewall, click Download
3. 6. On the Deployment Settings window, the ATTK toolkit is already selected by default. Click Deploy.
4. 7. A confirmation that the tool deployment is successful will appear. The ATTK package will be deployed
on the client in a few minutes.
8. On the Logs tab, you will see that the ATTK deployment is being processed.
9. Once the deployment is finished, it will indicate on the Tool Deployment page that it is complete.
5. 10. Go to the Logs tab and the result would be Completed. You can download the file and send it
to Trend Micro Technical Support for analysis.
11. You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for
analysis.
Security Compliance can then install the OfficeScan client on unprotected computers.
1.
2.
3.
4.
1.
5.
Note:
If you have more than one (1) OfficeScan servers installed within your environment, you need to specify each
communication port being used by Officescan clients to connect to their respective OfficeScan server.
This feature can only validate machines with OfficeScan client software installed. If a machine is running other
anti-virus program, assessment will return a BLANK result for the machine names you have queried.
Disable Autorun
1.
2.
3.
4.
5.
6.
7.