OfficeScanTM 10For Enterprise and Medium BusinessAdministrator’s GuideEndpoint Securityes
Trend Micro™ OfficeScan™ 10 Administrator’s Guide viChapter 7: Using the OfficeScan FirewallAbout the OfficeScan Firewall ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-32Software/Hardware SpecificationsDomain StructureTABLE 3-14. Software/Hardware specificationsSET
Installing the OfficeScan Client3-33Network TrafficNetwork SizeTABLE 3-16. Network trafficSETUP EFFECTIVENESS OF VULNERABILITY SCANNERLAN connection
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-34User TasksPerform the following tasks from Vulnerability Scanner:• Installing the OfficeScan Clie
Installing the OfficeScan Client3-35To install OfficeScan client with Vulnerability Scanner:1. If running Windows Vista Business, Enterprise, or Ultim
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-36Managing General SettingsTo configure and manage the following Vulnerability Scanner settings, na
Installing the OfficeScan Client3-37ServerProtect for LinuxIf the target computer does not run Windows, Vulnerabil-ity Scanner checks if it has Server
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-38ProtocolsVulnerability Scanner detects products and computers using the following protocols:• RPC
Installing the OfficeScan Client3-39NotificationsTo automatically send the results to yourself or to other administrators in your organization, select
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-40OfficeScan Server SettingsType the OfficeScan server name and port number. Vulnerability Scanner
Installing the OfficeScan Client3-41To run a vulnerability scan on computers requesting IP addresses from a DHCP server:1. Configure DHCP settings in
ContentsviiOfficeScan Database Backup ... 8-21OfficeScan Web Server Information ..
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-424. Click Start. Vulnerability Scanner begins listening for DHCP requests and performing vulnerabi
Installing the OfficeScan Client3-43Configuring Other Vulnerability Scanner SettingsSome Vulnerability Scanner settings can be configured only from th
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-44Migrating to the OfficeScan ClientMigrate endpoint security software installed on a target comput
Installing the OfficeScan Client3-45Migrating from ServerProtect Normal ServersThe ServerProtect™ Normal Server Migration Tool is a tool that helps mi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-463. Select the OfficeScan server. The path of the OfficeScan server appears under OfficeScan serve
Installing the OfficeScan Client3-478. Click the computers on which to perform the migration.a. To select all computers, click Select All.b. To desele
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-48Post-installationAfter completing the installation, verify the following:OfficeScan client shortc
Installing the OfficeScan Client3-49Recommended Post-installation TasksTrend Micro recommends performing the following post-installation tasks:Compone
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-504. To test other computers on the network, attach the EICAR.com file to an email message and send
Installing the OfficeScan Client3-515. Check the notification status and verify if there are clients that did not receive the notification.a. Click Se
Trend Micro™ OfficeScan™ 10 Administrator’s Guide viiiClient Self-protection ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-52Manually Uninstalling the ClientPerform manual uninstallation only if you encounter problems unin
Installing the OfficeScan Client3-536. Delete the following registry keys:If there are no other Trend Micro products installed on the computer:• HKEY_
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-54Keys: •ntrtscan•tmcfw•tmcomm• TmFilter•Tmlisten•tmpfw• TmPreFilter•TmProxy•tmtdi•VSApiNt• tmlwf (
Installing the OfficeScan Client3-5514. Uninstall the Common Firewall Driver.a. Right-click My Network Places and click Properties.b. Right-click Loca
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-56
4-1Chapter 4Keeping Protection Up-to-DateTopics in this chapter:• OfficeScan Components and Programs on page 4-2• Update Overview on page 4-10• Office
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-2OfficeScan Components and ProgramsOfficeScan makes use of components and programs to keep client c
Keeping Protection Up-to-Date4-3Download the Virus Pattern and other OfficeScan pattern files from the following Web site, where you can also find the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-4Virus Scan EngineAt the heart of all Trend Micro products lies the scan engine, which was original
Keeping Protection Up-to-Date4-5Virus Scan DriverThe Virus Scan Drive monitors user operations on files. Operations include opening or closing a file,
ContentsixDefault Policies ... 10-16Synchronization ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-6Anti-spyware ComponentsSpyware PatternThe Spyware Pattern identifies spyware/grayware in files and
Keeping Protection Up-to-Date4-7Behavior Monitoring ComponentsBehavior Monitoring DriverThis kernel mode driver monitors system events and passes them
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-8ProgramsClient ProgramThe OfficeScan client program provides the actual protection from security r
Keeping Protection Up-to-Date4-9This feature is available starting in OfficeScan 8.0 Service Pack 1 with patch 3.• Clients upgraded from version 8.0 S
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-10Update OverviewAll component updates originate from the Trend Micro ActiveUpdate server. When upd
Keeping Protection Up-to-Date4-11ActiveUpdate server|OfficeScan server|Update Agents|ClientsThe OfficeScan server receives updated components from the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-12Smart Scan Server UpdateA Smart Scan Server downloads the Smart Scan Pattern. Smart scan clients
Keeping Protection Up-to-Date4-13OfficeScan Server UpdateThe OfficeScan server downloads the following components and deploys them to clients:TABLE 4-
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-14To enable the server to deploy the updated components to clients, configure automatic update sett
Keeping Protection Up-to-Date4-15Server Update SourceConfigure the OfficeScan server to download components from the Trend Micro ActiveUpdate server o
Trend Micro™ OfficeScan™ 10 Administrator’s Guide xChapter 11: Configuring OfficeScan with Third-party SoftwareOverview of Check Point Architecture an
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-16Proxy for Server UpdateConfigure server programs hosted on the server computer to use proxy setti
Keeping Protection Up-to-Date4-17Component duplication applies to the following components:•Virus Pattern• Smart Scan Agent Pattern• Virus Cleanup Tem
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-182. The server merges the incremental pattern with its current full pattern to generate the latest
Keeping Protection Up-to-Date4-19To illustrate based on the example:• The ActiveUpdate server has 14 incremental patterns:173.175 171.175 169.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-20To configure server update schedule:PATH: UPDATES > SERVER > SCHEDULED UPDATE1. Select Enab
Keeping Protection Up-to-Date4-21Smart Scan Server UpdateThis section discusses how to update components in the integrated Smart Scan Server. For deta
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-22When clients connect using a specific protocol, they identify the integrated server by its server
Keeping Protection Up-to-Date4-23Client UpdateTo ensure that clients stay protected from the latest security risks, update client components regularly
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-24Updating from the OfficeScan Server and Custom SourcesClients can obtain updates from various sou
Keeping Protection Up-to-Date4-25Customized Update SourceAside from the OfficeScan server, clients can update from custom update sources. Custom updat
ContentsxiContacting Trend Micro ... 12-15Technical Support ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-26If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpd
Keeping Protection Up-to-Date4-27Client Update MethodsClients that update components from the OfficeScan server or a customized update source can use
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-28There are two types of automatic update:Event-triggered UpdateThe server can notify online client
Keeping Protection Up-to-Date4-29To update networked computer components automatically:PATH: UPDATES > NETWORKED COMPUTERS > AUTOMATIC UPDATE1.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-30If you have not granted clients scheduled update privilege, perform the following steps first:a.
Keeping Protection Up-to-Date4-31b. If you select Daily or Weekly, specify the time of the update and the time period the OfficeScan server will notif
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-322. Choose the clients you want to update. Update clients with outdated components or select speci
Keeping Protection Up-to-Date4-33b. Instruct users to manually update components on the client computer (by right-clicking the OfficeScan icon in the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-34Proxy for Client Component UpdateOfficeScan clients can use proxy settings during automatic updat
Keeping Protection Up-to-Date4-35Client Update LogsCheck the client update logs to determine if there are problems updating the Virus Pattern on clien
Trend Micro™ OfficeScan™ 10 Administrator’s Guide xii
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-36Component RollbackRollback refers to reverting to the previous version of the Virus Pattern, Smar
Keeping Protection Up-to-Date4-37Update AgentsTo distribute the task of deploying components to OfficeScan clients, assign some OfficeScan clients to
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-38Update Agent ConfigurationUpdate Agent configuration is a 2-step process:1. Assign a client as an
Keeping Protection Up-to-Date4-39Update Source for Update AgentsUpdate Agents can obtain updates from various sources, such as the OfficeScan server o
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-404. If unable to update from all possible sources, the Update Agent quits the update process.The u
Keeping Protection Up-to-Date4-41Update Agent Standard Update SourceThe OfficeScan server is the standard update source for Update Agents. If you conf
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-42Update Agent Component DuplicationLike the OfficeScan server, Update Agents also use component du
Keeping Protection Up-to-Date4-43To use the Scheduled Update Configuration tool:1. On the Update Agent computer, navigate to <Client installation f
Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-44
5-1Chapter 5Protecting Computers from Security RisksTopics in this chapter:• About Security Risks on page 5-2• Scan Methods on page 5-8• Scan Types on
List of TablesxiList of TablesTable P-1. OfficeScan documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xviTable P-2.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-2About Security RisksSecurity risk is the collective term for viruses/malware and spyware/grayware.
Protecting Computers from Security Risks5-3VirusA virus is a program that replicates. To do so, the virus needs to attach itself to other program file
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-4Network VirusA virus spreading over a network is not, strictly speaking, a network virus. Only som
Protecting Computers from Security Risks5-5DialerA dialer changes client Internet settings and can force a computer to dial pre-configured phone numbe
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-6Potential Risks and ThreatsThe existence of spyware and other types of grayware on the network hav
Protecting Computers from Security Risks5-7Guarding Against Spyware/GraywareThere are many ways to prevent the installation of spyware/grayware to a c
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-8Scan MethodsOfficeScan clients can use either conventional scan or smart scan when scanning for se
Protecting Computers from Security Risks5-9Scanning behaviorThe conventional scan client performs scanning on the local computer.• The smart scan clie
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-10Switching From Conventional Scan to Smart ScanIf you are switching clients from conventional scan
Protecting Computers from Security Risks5-11Local Smart Scan ServerOfficeScan provides two types of local Smart Scan Servers. Both servers have the sa
Trend Micro™ OfficeScan™ 10 Administrator’s GuidexiiTable 3-14. Software/Hardware specifications. . . . . . . . . . . . . . . . . . . . . . . . . .
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-123. Smart Scan Server listAdd the Smart Scan Servers you have set up to the Smart Scan Server list
Protecting Computers from Security Risks5-138. TimingWhen switching to smart scan for the first time, clients need to download the full version of the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-14Switching From Smart Scan to Conventional ScanWhen you switch clients back to conventional scan,
Protecting Computers from Security Risks5-15To change the scan method:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > SETTINGS > SCAN METHODS
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-16To configure the Smart Scan Server list:PATH: SMART SCAN > SCAN SOURCE > INTERNAL CLIENTS1.
Protecting Computers from Security Risks5-175. To open the console of a local Smart Scan Server, click Launch console.• For the integrated Smart Scan
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-18To obtain the Smart Scan Server address:• For the integrated Smart Scan Server, open the OfficeSc
Protecting Computers from Security Risks5-19Scan TypesOfficeScan provides the following scan types to protect client computers from security risks:Rea
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-20Configure and apply Real-time Scan settings to one or several clients and domains, or to all clie
Protecting Computers from Security Risks5-21Manual ScanManual Scan is an on-demand scan and starts immediately after a user runs the scan on the clien
List of TablesxiiiTable 5-2. Files that OfficeScan can decrypt and restore . . . . . . . . . . . . . . . . . . 5-36Table 5-32. Restore parameters
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-22Scheduled ScanScheduled Scan runs automatically on the appointed date and time. Use Scheduled Sca
Protecting Computers from Security Risks5-23Scan NowScan Now is initiated remotely by an OfficeScan administrator through the Web console and can be t
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-24Initiating Scan NowInitiate Scan Now on computers that you suspect to be infected.To initiate Sca
Protecting Computers from Security Risks5-255. Click Stop Notification to prompt OfficeScan to stop notifying clients currently being notified. Client
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-26Files to ScanSelect from the following options:• All scannable files: Scan all files• File types
Protecting Computers from Security Risks5-27CPU UsageOfficeScan can pause after scanning one file and before scanning the next file. This setting is u
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-28When you enable scan exclusion, OfficeScan will not scan a file under the following conditions:•
Protecting Computers from Security Risks5-29Also configure OfficeScan to exclude Microsoft Exchange 2000/2003 directories by going to Networked Comput
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-30Scan ActionsSpecify the action OfficeScan performs when a particular scan type detects a security
Protecting Computers from Security Risks5-31CleanOfficeScan cleans the infected file before allowing full access to the file.If the file is uncleanabl
Trend Micro™ OfficeScan™ 10 Administrator’s Guidexiv
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-32Deny AccessThis scan action can only be performed during Real-time Scan. When OfficeScan detects
Protecting Computers from Security Risks5-33Use the same action for all virus/malware typesSelect this option if you want the same action performed on
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-34Quarantine DirectoryIf the action for an infected file is "Quarantine", the OfficeScan
Protecting Computers from Security Risks5-35A directory on another OfficeScan server computer (if you have other OfficeScan servers on the network)URL
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-36Back Up Files Before CleaningIf OfficeScan is set to clean an infected file, it can first back up
Protecting Computers from Security Risks5-37WARNING! Restoring an infected file may spread the virus/malware to other files and computers. Before rest
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-38If the file is on the OfficeScan server or a custom quarantine directory:1. If the file is on the
Protecting Computers from Security Risks5-396. Use the other parameters to issue various commands.For example, type VSEncode [/d] [/debug] to decrypt
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-40Spyware/Grayware Scan ActionsThe scan action OfficeScan performs depends on the scan type that de
Protecting Computers from Security Risks5-41Spyware/Grayware Approved ListOfficeScan provides a list of "approved" spyware/grayware, which c
xvPrefacePrefaceWelcome to the Trend Micro™ OfficeScan™ Administrator’s Guide. This document discusses getting started information, client installatio
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-423. To remove names from the approved list, select the names and click Remove. To select multiple
Protecting Computers from Security Risks5-43Scan-related PrivilegesUsers with scan privileges have greater control over how files on their computers g
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-44Security Risk NotificationsOfficeScan comes with a set of default notification messages to inform
Protecting Computers from Security Risks5-456. Specify a community name that is difficult to guess.7. Click Save.Security Risk Notifications for Admin
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-46e. Click Save.Security Risk Notifications for Client UsersOfficeScan can display notification mes
Protecting Computers from Security Risks5-472. If you selected domain(s) or client(s) on the client tree, click Save to apply settings to the domain(s
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-48Security Risk LogsOfficeScan generates logs when it detects virus/malware or spyware/grayware, an
Protecting Computers from Security Risks5-49Virus/Malware Scan ResultsA. If Scan Action is SuccessfulThe following results display if OfficeScan was a
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-50Passed• First action is Pass. OfficeScan did not perform any action on the infected file.• First
Protecting Computers from Security Risks5-51Unable to quarantine the file/Unable to rename the fileExplanation 1The infected file may be locked by ano
Trend Micro™ OfficeScan™ 10 Administrator’s Guide xviOfficeScan DocumentationOfficeScan documentation includes the following:Download the latest versi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-52SolutionFor infected files on a CD, consider not using the CD as the virus may infect other compu
Protecting Computers from Security Risks5-533. If you use UNC path, ensure that the quarantine directory folder is shared to the group "Everyone&
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-54Explanation 2The infected file is in the Temporary Internet Files folder of the client computer.
Protecting Computers from Security Risks5-55Spyware/Grayware Scan ResultsA. If Scan Action is SuccessfulThe first level result is Successful, no actio
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-56Spyware/Grayware cleaned, restart required. Please restart the computer.OfficeScan cleaned spywar
Protecting Computers from Security Risks5-57Outbreak ProtectionAn outbreak occurs when incidents of virus/malware or spyware/grayware detections over
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-58To configure the outbreak criteria and notifications:PATH: NOTIFICATIONS > ADMINISTRATOR NOTIF
Protecting Computers from Security Risks5-59d. Use token variables to represent data in the Message and Subject fields.4. Click Save.TABLE 5-34. Tok
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-60Outbreak PreventionWhen an outbreak occurs, enforce outbreak prevention measures to respond to an
Protecting Computers from Security Risks5-61Outbreak Prevention PoliciesWhen outbreaks occurs, enforce any of the following policies:• Limit/Deny Acce
PrefacexviiAudienceOfficeScan documentation is intended for the following users:• OfficeScan Administrators: Responsible for OfficeScan management, in
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-62Block PortsDuring outbreaks, block vulnerable ports that viruses/malware might use to gain access
Protecting Computers from Security Risks5-63b. To edit settings for the blocked port(s), click the port number.c. In the screen that opens, modify the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-64Disabling Outbreak PreventionWhen you are confident that an outbreak has been contained and that
Protecting Computers from Security Risks5-65Device ControlOfficeScan provides a device control feature that regulates access to external storage devic
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-66Note: The scanning function in OfficeScan complements and may override the device permissions. Fo
Protecting Computers from Security Risks5-67Device Control LogsClients log unauthorized device access instances and send the logs to the server. A cli
Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-68
6-1Chapter 6Protecting Computers from Web-based ThreatsTopics in this chapter:• About Web Threats on page 6-2• Web Reputation on page 6-2• Location Aw
Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-2About Web ThreatsWeb threats encompass a broad array of threats that originate from the Internet.
Protecting Computers from Web-based Threats6-3Location AwarenessIn many organizations, employees use both desktop and notebook computers to perform th
Trend Micro™ OfficeScan™ 10 Administrator’s Guide xviiiTerminologyThe following table provides the official terminology used throughout the OfficeScan
Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-4To configure a Web reputation policy:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > SETTING
Protecting Computers from Web-based Threats6-5Approved URLsApproved URLs bypass Web Reputation policies. OfficeScan does not block these URLs even if
Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-6Web Threat Notifications for Client UsersOfficeScan can display a notification message on a client
Protecting Computers from Web-based Threats6-7Web Reputation LogsConfigure both internal and external clients to send Web reputation logs to the serve
Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-8
7-1Chapter 7Using the OfficeScan FirewallTopics in this chapter:• About the OfficeScan Firewall on page 7-2• Firewall Policies and Profiles on page 7-
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-2About the OfficeScan FirewallThe OfficeScan firewall protects clients and servers on the network u
Using the OfficeScan Firewall7-3Intrusion Detection SystemThe OfficeScan firewall also includes an Intrusion Detection System (IDS). When enabled, IDS
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-4• LAND Attack: A type of attack that sends IP synchronization (SYN) packets with the same source a
Using the OfficeScan Firewall7-5Firewall PoliciesFirewall policies allow you to block or allow certain types of network traffic not specified in a pol
PrefacexixAdministrator (or OfficeScan administrator)The person managing the OfficeScan serverConsole The user interface for configuring and managing
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-6Also create new policies if you have requirements not covered by any of the default policies.All d
Using the OfficeScan Firewall7-7Adding and Modifying a Firewall PolicyConfigure the following for each policy:• Security level: A general setting that
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-84. Under Exception, select the firewall policy exceptions. The policy exceptions included here are
Using the OfficeScan Firewall7-9Editing the Firewall Exception TemplateThe firewall exception template contains policy exceptions that you can configu
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-10Note: Default exceptions apply to all clients. If you want a default exception to apply only to c
Using the OfficeScan Firewall7-113. Select the type of network protocol: TCP, UDP, or ICMP.4. Specify ports on the client computer on which to perform
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-12• Save Template Changes: Saves the exception template with the current policy exceptions and sett
Using the OfficeScan Firewall7-13OfficeScan comes with a default profile named "All clients profile", which uses the "All access"
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-145. To save the current settings and assign the profiles to clients:a. Select whether to Overwrite
Using the OfficeScan Firewall7-15• Computer name: Click the button to open, and select client computers from, the client tree.•Platform• Logon name• C
Trend Micro™ OfficeScan™ 10 Administrator’s Guide xxServer installation folderThe folder on the computer that contains the OfficeScan server files. If
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-16Firewall PrivilegesGrant users the following privileges:•View the Firewall tab on the client cons
Using the OfficeScan Firewall7-17To modify the content of the notification message:PATH: NOTIFICATIONS > CLIENT USER NOTIFICATIONS1. Click the Fire
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-18• Description: Specifies the actual security risk (such as a network virus or IDS attack) or the
Using the OfficeScan Firewall7-19c. Select Firewall view from the client tree view.d. Check if there is a green check mark under the Firewall column o
Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-20To disable the OfficeScan firewall on all client computers:1. On the Web console, go to Administr
Section 2Managing the OfficeScanServer and Clients
Trend Micro™ OfficeScan™ 10 Administrator’s Guide
8-1Chapter 8Managing the OfficeScan ServerTopics in this chapter:• Role-based Administration on page 8-2• Trend Micro Control Manager on page 8-10• Re
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-2Role-based AdministrationUse the role-based administration feature to grant and control access to
Managing the OfficeScan Server8-3Power UserDelegate this role to administrators with specific administrative tasks on the Web console.1. Users with th
1-1Chapter 1Introducing OfficeScanTopics in this chapter:• About OfficeScan on page 1-2• New in this Release on page 1-2• Key Features and Benefits on
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-4Guest UserDelegate this role to users who want to view the Web console for reference purposes.1. U
Managing the OfficeScan Server8-5Adding and Modifying a Custom RoleTo add a custom role:PATH: ADMINISTRATION > USER ROLES > ADDADMINISTRATION &g
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-6User AccountsSet up user accounts and assign a particular role to each user. The user role determi
Managing the OfficeScan Server8-7To use OfficeScan user accounts in Control Manager:Refer to the Control Manager documentation for the detailed steps.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-82. Select whether to add a custom account or an Active Directory account.• For custom account, typ
Managing the OfficeScan Server8-9To modify a custom account:PATH: ADMINISTRATION > USER ACCOUNTS > <USER NAME>1. Enable or disable the acc
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-10If you specify an Active Directory group, all members belonging to a group get the same role. If
Managing the OfficeScan Server8-11Control Manager allows system administrators to monitor and report on activities such as infections, security violat
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-12• Replicate the following settings from one OfficeScan server to another from the Control Manager
Managing the OfficeScan Server8-134. If you will use a proxy server to connect to the Control Manager server, specify the following proxy settings:• P
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-2About OfficeScanTrend Micro™ OfficeScan™ protects enterprise networks from malware, network virus
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-14Reference ServersOne of the ways the OfficeScan client determines which of the firewall profiles
Managing the OfficeScan Server8-15b. Type the port through which clients communicate with this computer. Specify any open contact port (such as ports
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-16Outbreak Prevention: • Outbreak Prevention enabled• Outbreak Prevention disabled• Number of share
Managing the OfficeScan Server8-17Firewall LogsOfficeScan generates logs when it detects violations to firewall policies. For details, see Firewall Lo
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-18Debug LogsUse debug logs to troubleshoot problems with the OfficeScan server and client. For more
Managing the OfficeScan Server8-19LicensesView, activate, and renew OfficeScan product service licenses on the Web console, and enable/disable the Off
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-20If you have an evaluation version license• When the license expires. During this time, OfficeScan
Managing the OfficeScan Server8-213. In the screen that opens, type the Activation Code and click Save.Note: Register a service before activating it.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-22To back up the OfficeScan database:PATH: ADMINISTRATION > DATABASE BACKUP1. Type the location
Managing the OfficeScan Server8-23OfficeScan Web Server InformationDuring OfficeScan server installation, Setup automatically sets up a Web server (II
Introducing OfficeScan1-3For smart scan deployment information, refer to the Trend Micro Smart Scan for OfficeScan Getting Started Guide.Active Direct
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-24To change the Web console password:PATH: ADMINISTRATION > CONSOLE PASSWORD1. Type the current
Managing the OfficeScan Server8-25To configure quarantine directory settings:PATH: ADMINISTRATION > QUARANTINE MANAGER1. Accept or modify the defau
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-26Network TrafficThe amount of network traffic varies throughout the day. To control the flow of ne
Managing the OfficeScan Server8-274. Under Buffer, modify the following settings:Event BufferType the maximum number of client event reports to the se
Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-28connection closes (due to either the completion of the update or the client response reaching the
9-1Chapter 9Managing ClientsTopics in this chapter:• Computer Location on page 9-2• Client Privileges and Other Settings on page 9-5• Global Client Se
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-2Computer LocationOfficeScan provides a location awareness feature that determines the Web reputati
Managing Clients9-32. If you choose Client connection status, decide if you want to use a reference server. See Reference Servers on page 8-14 for det
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-4Gateway Settings ImporterOfficeScan checks a computer's location to determine the Web reputat
Managing Clients9-5Client Privileges and Other SettingsGrant users the privileges to modify certain settings and perform high level tasks on the Offic
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing an
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-4Platform SupportThis product release supports server and client installations on Windows Server™
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-63. If you selected domain(s) or client(s) on the client tree, click Save to apply settings to the
Managing Clients9-7Scan PrivilegesThese privileges allow users to configure their own Manual Scan, Real-time Scan and Scheduled Scan settings by openi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-8Scheduled Scan PrivilegesClients set to run Scheduled Scan can have the privileges to postpone and
Managing Clients9-9Skip and Stop Scheduled ScanEnabling this option allows users to perform the following actions:• Skip Scheduled Scan before it runs
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-10OfficeScan Firewall PrivilegesFirewall privileges allow users to configure their own firewall set
Managing Clients9-11Allow Users to Enable/Disable the OfficeScan Firewall, the Intrusion Detection System, and the Firewall Violation Notification Mes
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-12Mail Scan PrivilegesWhen clients have the Mail Scan privileges, the Mail Scan tab displays on the
Managing Clients9-13Outlook Mail ScanWhen the Mail Scan tab displays on the client console, client users can immediately configure Outlook mail scan s
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-14Toolbox PrivilegeWhen you enable this privilege, the Toolbox tab displays on the client console.
Managing Clients9-15Component Update PrivilegesUpdate privileges allow client users to configure their own update settings.Perform "Update Now&qu
Introducing OfficeScan1-5Key Features and BenefitsOfficeScan provides the following features and benefits:Security Risk ProtectionOfficeScan protects
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-16Enable Scheduled UpdateSelecting this option forces the selected clients to always run scheduled
Managing Clients9-17Client SecurityThis setting allows or restricts users from accessing OfficeScan client files and registries.If you select High, th
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-18Global Client SettingsOfficeScan applies global client settings to all clients or only to clients
Managing Clients9-19In a Compressed File, Scan Only the First __ FilesAfter decompressing a compressed file, OfficeScan scans the specified number of
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-20Exclude Microsoft Exchange Server Folders from ScanningIf the OfficeScan client and a Microsoft E
Managing Clients9-21The following table describes what happens if any of the conditions is not met.TABLE 9-38. Compressed file scenarios and results
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-22Enabled/DisabledNot Clean or Delete (in other words, any of the following: Rename, Quarantine, De
Managing Clients9-23Enable Assessment ModeWhen in assessment mode, all clients managed by the server will log spyware/grayware detected during Manual
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-24The notification message can be enabled/disabled by going to Networked Computers > Client Mana
Managing Clients9-25Firewall Log SettingsYou can grant certain clients the privilege to send firewall logs to the OfficeScan server. Configure the log
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-6Because Damage Cleanup Services runs automatically in the background, you do not need to configur
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-26OfficeScan Service RestartOfficeScan restarts client services that stopped responding unexpectedl
Managing Clients9-27Client Self-protectionClient self-protection provides ways for the OfficeScan client to protect the processes and other resources
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-28Protect OfficeScan Client ProcessesOfficeScan blocks all attempts to terminate the following proc
Managing Clients9-29Network Virus Log ConsolidationWhen you enable this option, OfficeScan clients only send network virus logs to the server once eve
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-30Use Automatic Configuration ScriptOfficeScan uses the proxy auto-configuration (PAC) script set b
Managing Clients9-31Online ClientsOnline clients maintain a continuous connection with the server. The OfficeScan server can initiate tasks and deploy
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-32Offline ClientsOffline clients are disconnected from the server. The OfficeScan server cannot man
Managing Clients9-33Roaming ClientsRoaming clients cannot update components from, nor send logs to, the OfficeScan server. The OfficeScan server also
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-34Updates to roaming clients occur only on the following occasions:• When the client user performs
Managing Clients9-35Required ActionsPerform the necessary actions if the client icon indicates any of the following conditions:Pattern File has not be
Introducing OfficeScan1-7and delivers comprehensive reporting. Administrators can perform remote administration, set customized policies for individua
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-36A Client Within the Corporate Network is Disconnected from the ServerVerify the connection from t
Managing Clients9-375. Verify from the registry whether or not a client is connected to the corporate network.Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-38Verify client-server connection manually or let OfficeScan perform scheduled verification. You ca
Managing Clients9-39Client Proxy SettingsConfigure OfficeScan clients to use proxy settings when connecting to internal and external servers.Internal
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-40External ProxyThe OfficeScan server and client can use external proxy settings when connecting to
Managing Clients9-41Client MoverIf you have more than one OfficeScan server on the network, use the Client Mover tool to transfer clients from one Off
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-425. To confirm the client now reports to the other server, do the following:a. On the client compu
Managing Clients9-434. Type the following:TmTouch.exe <destination file name> <source file name>Where:<destination file name> is the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-44Importing and Exporting Client SettingsYou may want many OfficeScan clients to have the same scan
Managing Clients9-45Managing Inactive ClientsWhen you use the client uninstallation program to remove the client program from a computer, the program
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-8FIGURE 1-1. How the OfficeScan server worksThe OfficeScan server is capable of providing real-t
Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-46
Section 3Providing Additional Protection
Trend Micro™ OfficeScan™ 10 Administrator’s Guide
10-1Chapter 10Policy Server for Cisco NACTopics in this chapter:• About Policy Server for Cisco NAC on page 10-2• Components and Terms on page 10-2• C
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-2About Policy Server for Cisco NACTrend Micro Policy Server for Cisco Network Admission Control (N
Policy Server for Cisco NAC10-3Network Access DeviceA network device that supports Cisco NAC functionality. Supported Network Access Devices include a
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-4TermsBecome familiar with the following terms related to Policy Server for Cisco NAC:TABLE 10-43.
Policy Server for Cisco NAC10-5Authentica-tion, Authori-zation, and Accounting (AAA)Describes the three main services used to control end-user client
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-6Cisco NAC ArchitectureThe following diagram illustrates a basic Cisco NAC architecture.FIGURE 10-
Policy Server for Cisco NAC10-7The Client Validation SequenceClient validation refers to the process of evaluating an OfficeScan client’s security pos
Introducing OfficeScan1-9The OfficeScan ClientProtect Windows computers from security risks by installing the OfficeScan client on each computer. The
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-86. The client performs the actions configured in the posture token. FIGURE 10-23. Network access
Policy Server for Cisco NAC10-9The Policy ServerThe Policy Server is responsible for evaluating the OfficeScan client’s security posture and for creat
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-10Policy Server Policies and RulesPolicy Servers use configurable rules and policies to help enfor
Policy Server for Cisco NAC10-11Security Posture CriteriaRules include the following security posture criteria:• Client machine state: If the client c
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-12Policy Server and OfficeScan Client ActionsIf the client security posture matches the rule crite
Policy Server for Cisco NAC10-13Checkup Virus Pattern version is at least one ver-sion older than the version on the OfficeS-can server to which the c
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-14Quaran-tineVirus Pattern version is at least five ver-sions older than the ver-sion on the Offic
Policy Server for Cisco NAC10-15Policy CompositionPolicies include of any number of rules and default responses and actions.Rule EnforcementPolicy Ser
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-16Default PoliciesPolicy Server provides default policies to give you a basis for configuring sett
Policy Server for Cisco NAC10-17SynchronizationRegularly synchronize the Policy Server with registered OfficeScan servers to keep the Policy Server ve
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-10Smart Scan ServerThe smart scan solution makes use of lightweight patterns that work together to
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-18The figure below illustrates the steps involved in creating and deploying ACS and CA certificate
Policy Server for Cisco NAC10-19The CA CertificateOfficeScan clients with CTA installations authenticate with the ACS server before communicating clie
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-20Hardware• 300MHz Intel Pentium II processor or equivalent • 128MB of RAM• 300MB of available dis
Policy Server for Cisco NAC10-21Hardware• 200MHz single or multiple Intel Pentium processors• 128MB of RAM for Windows 2000• 256MB of RAM for Windows
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-22Cisco 3600 series 3640/3640A, 3660-ENT seriesIOS 12.3(8) or later48MB/16MBCisco 3700 series 3745
Policy Server for Cisco NAC10-23Policy Server for NAC DeploymentThe following procedures are for reference only and may be subject to change depending
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-24Cisco Secure ACS Server EnrolmentEnroll the Cisco Secure ACS server with the Certificate Authori
Policy Server for Cisco NAC10-25g. Click Close to close the Add Standalone Snap-in screen.h. Click OK to close the Add/remove Snap-in screen.i. In the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-263. Copy the certificate (.cer file) to the OfficeScan server computer to deploy it to the client
Policy Server for Cisco NAC10-27Deploying CTA from the OfficeScan Web ConsoleIf you did not select the option to install/upgrade CTA during server ins
Introducing OfficeScan1-11There are no component download overlaps between the Smart Scan Server and the OfficeScan server because each server downloa
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-28Cisco Trust Agent VersionBefore installing CTA to clients, check the CTA version (Cisco Trust Ag
Policy Server for Cisco NAC10-29To deploy CTA to clients from the OfficeScan Web console:1. Open the OfficeScan server Web console and click Agent Dep
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-30Cisco Trust Agent Installation VerificationAfter deploying the CTA to clients, verify successful
Policy Server for Cisco NAC10-31To install Policy Server for Cisco NAC using the Policy Server installer:1. Log on to the computer to which you will i
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-32b. Next to Port, type a port that will serve as the server listening port. When the Policy Serve
Policy Server for Cisco NAC10-33Policy Server SSL Certificate PreparationTo establish a secure SSL connection between the ACS server and the Policy Se
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-34m. Click Next.n. Click DER encoded binary x.509 or Base 64 encoded X.509 and click Next.o. Enter
Policy Server for Cisco NAC10-35ACS Server ConfigurationTo allow Cisco Secure ACS to pass authentication requests to the Policy Server for Cisco NAC,
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-36Policy Server Configuration from OfficeScanThe first step in configuring Policy Servers is to ad
Policy Server for Cisco NAC10-37The Configuration Summary table displays the number of OfficeScan servers registered to the Policy Server, the Policy
Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-12Smart Scan Server TypesThe Smart Scan Server to which a client connects depends on the client’s
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-38Policy Server RegistrationRegister the Policy Server with at least one OfficeScan server so the
Policy Server for Cisco NAC10-39Client Validation LogsUse the client validation logs to view detailed information about clients when they validate wit
Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-40
11-1Chapter 11Configuring OfficeScan with Third-party SoftwareTopics in this chapter:• Overview of Check Point Architecture and Configuration on page
Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-2Overview of Check Point Architecture and ConfigurationIntegrate OfficeScan installations with Che
Configuring OfficeScan with Third-party Software11-3OfficeScan IntegrationOfficeScan client periodically passes the Virus Pattern number and Virus Sca
Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-4In this example, the SCV check will allow connections through the firewall if the pattern file ve
Configuring OfficeScan with Third-party Software11-55. Add a parameter by clicking Edit > Parameters > Add, and then typing a Name and Value in
Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-6SecureClient Support InstallationIf users connect to the office network from a Virtual Private Ne
12-1Chapter 12Getting HelpTopics in this chapter:• Troubleshooting Resources on page 12-2• Contacting Trend Micro on page 12-15
2-1Chapter 2Getting Started with OfficeScanTopics in this chapter:• The Web Console on page 2-2• Security Summary on page 2-5• The OfficeScan Client T
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-2Troubleshooting ResourcesThis section provides a list of resources you can use to troubleshoot Of
Getting Help12-3Server Debug Log Using LogServer.exeUse LogServer.exe to collect debug logs for the following:• OfficeScan server basic logs• Trend Mi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-4Perform the following steps:1. Copy the LogServer folder located in <Server installation folde
Getting Help12-5Component Update LogFile name: TmuDump.txtLocation: <Server installation folder>\PCCSRV\Web\Service\AU_Data\AU_LogTo get detaile
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-6ServerProtect Normal Server Migration Tool LogTo enable debug logging for ServerProtect Normal Se
Getting Help12-7To enable debug logging for the MCP Agent:1. Modify product.ini in <Server installation folder>\PCCSRV\CmAgent as follows:[Debug
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-8Virus Scan Engine LogTo enable debug logging for the Virus Scan Engine:1. Open the Registry Edito
Getting Help12-9World Virus Tracking LogFile name: wtc.logLocation: <Server installation folder>\PCCSRV\Log\tempOfficeScan Client LogsUse client
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-10To disable debug logging for the OfficeScan client:Delete ofcdebug.ini.Fresh Installation LogFil
Getting Help12-11Client Connection LogFile name: Conn_YYYYMMDD.logLocation: <Client installation folder>\ConnLogClient Update LogFile name: Tmud
The user documentation for Trend Micro OfficeScan introduces the main features of the software and installation instructions for your production envir
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-2The Web ConsoleThe Web console is the central point for monitoring OfficeScan throughout the corpo
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-12OfficeScan Firewall LogTo enable debug logging for the Common Firewall Driver on Windows Vista/2
Getting Help12-13To enable debug logging for the OfficeScan NT Firewall service:1. Edit TmPfw.ini located in <Client installation folder> as fol
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-14Transport Driver Interface (TDI) LogTo enable debug logging for TDI:1. Add the following data in
Getting Help12-15Contacting Trend MicroTechnical SupportTrend Micro provides technical support, pattern downloads, and program updates for one year to
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-16Speeding Up Your Support CallWhen you contact Trend Micro, to speed up your problem resolution,
Getting Help12-17TrendLabsTrendLabsSM is the global antivirus research and support center of Trend Micro. Located on three continents, TrendLabs has a
Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-18Sending Suspicious Files to Trend MicroIf you think you have an infected file but the scan engin
A-1Appendix AGlossaryActiveUpdateActiveUpdate is a function common to many Trend Micro products. Connected to the Trend Micro update Web site, ActiveU
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-2Denial of Service AttackA Denial of Service (DoS) attack refers to an attack on a computer or net
GlossaryA-3End User License AgreementAn End User License Agreement or EULA is a legal contract between a software publisher and the software user. It
Getting Started with OfficeScan2-3On the Web browser, type one of the following in the address bar based on the type of OfficeScan server installation
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-4HTTPHypertext Transfer Protocol (HTTP) is a standard protocol used for transporting Web pages (in
GlossaryA-5IntelliTrapVirus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce th
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-6MCP AgentTrend Micro Management Communication Protocol (MCP) is Trend Micro's next generatio
GlossaryA-7query or log transmission. To reduce the network impact, the MCP agent keeps connection alive and open as much as possible. A subsequent re
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-8POP3Post Office Protocol 3 (POP3) is a standard protocol for storing and transporting email messa
GlossaryA-9SNMP TrapA Small Network Management Protocol (SNMP) trap is a method of sending notifications to network administrators that use management
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-10SSLSecure Socket Layer (SSL) is a protocol designed by Netscape for providing data security laye
GlossaryA-11Trojan PortTrojan ports are commonly used by Trojan horse programs to connect to a computer. During an outbreak, OfficeScan blocks the fol
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-12Trusted PortThe server and the client use trusted ports to communicate with each other. If you b
GlossaryA-13To determine the trusted ports:1. Access <Server installation folder>\PCCSRV.2. Open the ofcscan.ini file using a text editor such a
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-4The Web Console BannerThe banner area of the Web console provides you the following options:FIGURE
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-14Files Infected with WormsA computer worm is a self-contained program (or set of programs) able t
GlossaryA-153. Open the command prompt, and type the following to delete the files:cd \cd recycleddel *.* /SThe last command deletes all files in the
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-163. If the infected file is in the Windows Temp folder:a. Open the command prompt and go to the W
GlossaryA-17For computers running other operating systems (or those without NTFS):1. Restart the computer in MS-DOS mode.2. If the infected file is in
Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-18
IN-1IndexAAccess Control Server (ACS) 10-3ACS certificate 10-17Active Directory 1-3, 2-22, 3-12, 3-23, 8-9query results 2-24scheduled query 2-27scope
Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-2client security level 9-17client self-protection 1-3, 9-27client tree 2-11advanced search 2-13ge
Manual NameIN-3profiles 7-2, 7-12tasks 7-4testing 7-18Fragmented IGMP 7-3Ggateway IP address 9-2gateway settings importer 9-4global client settings 9-
Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-4MSI package 3-11–3-12, 3-23–3-24NNetwork Access Device 10-3network virus 5-4, 7-2, 9-29new featu
Manual NameIN-5Ppacker 5-3password 2-3, 8-23password cracking applications 5-5patches 4-8performance control 1-4, 5-27phishing A-7Ping of Death 7-3Plu
Getting Started with OfficeScan2-5Security SummaryThe Summary screen appears when you open the OfficeScan Web console or click Summary in the main men
Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-6user accounts 8-6user roles 8-2rootkit protection 4-7Sscan actions 5-30spyware/grayware 5-40viru
Manual NameIN-7Smart Scan Agent Pattern 4-3Smart Scan Pattern 1-10, 4-3Smart Scan Server 1-10, 4-21, 5-10scheduled updates 4-21types 1-12update source
Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-8Update Agent 4-37URL Filtering Engine 4-6user roleadministrator 8-2guest user 8-4power user 8-3V
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-6If you have obtained an Activation Code, renew a license by going to Administration > Product L
Getting Started with OfficeScan2-7The Conventional Scan tab displays the following information:FIGURE 2-4. Summary screen - Conventional Scan tab• T
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-8The Smart Scan tab displays the following information:FIGURE 2-5. Summary screen - Smart Scan ta
Getting Started with OfficeScan2-9Top 10 Security Risk StatisticsA link on the Detection Status table opens a screen containing top 10 security risk s
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-10Outbreak StatusThe Outbreak Status table provides the status of any current security risk outbrea
Getting Started with OfficeScan2-11For each program, view the clients that have not been upgraded by clicking the number link corresponding to the pro
ContentsiContentsPrefaceOfficeScan Documentation ...xviAudience ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-12Client Tree General TasksBelow are the general tasks you can perform when the client tree display
Getting Started with OfficeScan2-13• Refresh the client tree by clicking .• View client statistics below the client tree, such as the total number of
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-14Networked Computers > Client ManagementManage general client settings on this screen.FIGURE 2-
Getting Started with OfficeScan2-15Settings• Choose from the available scan methods. For details, see Scan Methods on page 5-8.• Configure settings fo
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-16Logs View the following logs:• Virus/Malware Logs on page 5-48• Spyware/Grayware Logs on page 5-5
Getting Started with OfficeScan2-17Networked Computers > Outbreak PreventionTask: Specify and activate outbreak protection settings.FIGURE 2-11.
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-18Updates > Rollback > Synchronize with ServerTask: Perform component rollback.FIGURE 2-13.
Getting Started with OfficeScan2-19Logs > Networked Computer Logs > Security RisksView and manage logs on this screen.FIGURE 2-14. Security Ri
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-20Cisco NAC > Agent DeploymentTask: Perform Cisco Trust Agent Deployment.FIGURE 2-15. Agent De
Getting Started with OfficeScan2-21To add a domain:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > MANAGE CLIENT TREE > ADD DOMAINS1. Type a
Trend Micro™ OfficeScan™ 10 Administrator’s Guide iiSection 1: Protecting Networked ComputersChapter 3: Installing the OfficeScan ClientInstallation R
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-22To move a client:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > MANAGE CLIENT TREE > MO
Getting Started with OfficeScan2-23Active Directory Scope and QueryWhen using Security Compliance for the first time, define the Active Directory scop
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-244. Choose whether to check a computer’s connectivity using a particular port number. When connect
Getting Started with OfficeScan2-25Recommended tasks:1. On the Security Status section, click a number link to display all affected computers in the c
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-26OfficeScan Client InstallationBefore installing the client, take note of the following:1. Record
Getting Started with OfficeScan2-27To install the OfficeScan client:PATH: SECURITY COMPLIANCE1. Click Install on top of the client tree.If an earlier
Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-28
Section 1Protecting NetworkedComputers
Trend Micro™ OfficeScan™ 10 Administrator’s Guide
3-1Chapter 3Installing the OfficeScan ClientTopics in this chapter:• Installation Requirements on page 3-2• Installation Methods on page 3-11• Migrati
ContentsiiiChapter 4: Keeping Protection Up-to-DateOfficeScan Components and Programs ... 4-2Antivi
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-2Installation RequirementsThe OfficeScan client can be installed on computers running the following
Installing the OfficeScan Client3-3Hardware Processor300MHz Intel™ Pentium™ or equivalentRAM256MB minimum, 512MB recommendedAvailable disk space350MB
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-4TABLE 3-5. Windows XP/2003, 32-bit versionRESOURCE REQUIREMENTOperating system• Windows XP Profe
Installing the OfficeScan Client3-5Others• Microsoft Internet Explorer 6.0 or later if performing Web setup• Disable Simple File Sharing on Windows XP
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-6Hardware Processor• Intel x64 processor• AMD64 processorRAM256MB minimum, 512MB recommendedAvailab
Installing the OfficeScan Client3-7TABLE 3-7. Windows Vista, 32-bit and 64-bit versionsRESOURCE REQUIREMENTOperating system• Windows Vista™ Business
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-8Others Windows Internet Explorer 7.0 or later if performing Web setupTABLE 3-8. Windows 2008, 32
Installing the OfficeScan Client3-9Others Windows Internet Explorer 7.0 or later if performing Web setupTABLE 3-9. Windows 2008, 64-bit versionRESOU
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-10Compatibility ListOfficeScan is compatible with the following third-party products:• Citrix XenAp
Installing the OfficeScan Client3-11Installation MethodsThis section provides a summary of the different client installation methods to perform fresh
Trend Micro™ OfficeScan™ 10 Administrator’s Guide ivUpdate Source for Update Agents ...4-39Updat
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-12Client Packager (MSI package deployed through Active Direc-tory)Supported on all operating system
Installing the OfficeScan Client3-13Installing from the Web Install PageUsers can install the client program from the Web install page if you installe
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-14Send the following instructions to users to install the OfficeScan client from the Web install pa
Installing the OfficeScan Client3-15Initiating Browser-based InstallationSet up an email message that instructs users on the network to install the Of
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-16For remote desktop installation using AutoPcc.exe:• The computer must be run in Mstsc.exe /consol
Installing the OfficeScan Client3-17To add AutoPcc.exe to the login script using Login Script Setup:1. On the computer you used to run the server inst
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-18Installing with Client PackagerClient Packager can compress Setup and update files into a self-ex
Installing the OfficeScan Client3-194. Configure the following settings (some settings are only available if you select a particular package type):• W
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-20Package deployment guidelines:1. Send the package to users and ask them to run the client package
Installing the OfficeScan Client3-21• If you will use the package to upgrade a client to this OfficeScan version, check the domain level scan method o
ContentsvSecurity Risk Notifications for Administrators ... 5-45Security Risk Notifications for Client Users ...
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-222. The OfficeScan server that manages the Update Agent will not be able to synchronize or deploy
Installing the OfficeScan Client3-23Check Point SecureClient SupportThis tool adds support for Check Point™ SecureClient™ for Windows 2000/XP/Server 2
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-247. Select a deployment method and then click OK.• Assigned: The MSI package is automatically depl
Installing the OfficeScan Client3-256. Browse and select the MSI package file created by Client Packager, and then click Open. The MSI package name ap
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-26To distribute the package to target computers:1. On the Tree tab, click Advertisements.2. On the
Installing the OfficeScan Client3-2717. Click Yes, assign the program, and then click Next.Microsoft SMS creates the advertisement and displays it on
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-283. Select the target computers.•The Domains and Computers list displays all the Windows domains o
Installing the OfficeScan Client3-29Installing from a Client Disk ImageDisk imaging technology allows you to create an image of an OfficeScan client u
Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-30Using Vulnerability ScannerUse Vulnerability Scanner to detect installed antivirus solutions, sea
Installing the OfficeScan Client3-31Network Topology and ArchitectureCentralized administra-tionModerately effectiveOutsource service Moderately effec
Kommentare zu diesen Handbüchern