OfficeScan 10.6 Administrator's Guide - Trend Micro™ Online Help

More documents

Recommendations

Info

Firewall Policies and Profiles Using the OfficeScan Firewall The OfficeScan firewall uses policies and profiles to organize and customize methods for protecting networked computers. With Active Directory integration and role-based administration, each user role, depending on the permission, can create, configure, or delete policies and profiles for specific domains. Tip: Multiple firewall installations on the same computer may produce unexpected results. Consider uninstalling other software-based firewall applications on OfficeScan clients before deploying and enabling the OfficeScan firewall. The following steps are necessary to successfully use the OfficeScan firewall: 1. Create a policy. The policy allows you to select a security level that blocks or allows traffic on networked computers and enables firewall features. 2. Add exceptions to the policy. Exceptions allow clients to deviate from a policy. With exceptions, you can specify clients, and allow or block certain types of traffic, despite the security level setting in the policy. For example, block all traffic for a set of clients in a policy, but create an exception that allows HTTP traffic so clients can access a web server. 3. Create and assign profiles to clients. A firewall profile includes a set of client attributes and is associated with a policy. When a client matches the attributes specified in the profile, the associated policy is triggered. 11-7
Trend Micro OfficeScan 10.6 Administrator’s Guide Firewall Policies 11-8 Firewall policies allow you to block or allow certain types of network traffic not specified in a policy exception. A policy also defines which firewall features get enabled or disabled. Assign a policy to one or multiple firewall profiles. OfficeScan comes with a set of default policies, which you can modify or delete. With Active Directory integration and role-based administration, each user role, depending on the permission, can create, configure, or delete policies for specific domains. The default firewall policies are as follows: TABLE 11-1. Default Firewall Policies POLICY NAME SECURITY LEVEL CLIENT SETTINGS All access Low Enable firewall Cisco Trust Agent for Cisco NAC Communicati on Ports for Trend Micro Control Manager ScanMail for Microsoft Exchange console Low Enable firewall Low Enable firewall Low Enable firewall EXCEPTIONS RECOMMENDED USE None Use to allow clients unrestricted access to the network Allow incoming and outgoing UDP traffic through port 21862 Allow all incoming and outgoing TCP/UDP traffic through ports 80 and 10319 Allow all incoming and outgoing TCP traffic through port 16372 Use when clients have a Cisco Trust Agent (CTA) installation Use when clients have an MCP agent installation Use when clients need to access the ScanMail console
Page 2 and 3:
Trend Micro Incorporated reserves t
Page 4 and 5:
Contents Section 1: Introduction an
Page 6 and 7:
Contents Client IP Addresses ......
Page 8 and 9:
Contents Component Update Summary .
Page 10 and 11:
Contents File Attributes ..........
Page 12 and 13:
Contents Web Console Settings .....
Page 14 and 15:
Contents Rule Composition .........
Page 16 and 17:
Contents Client Connection Logs ...
Page 18 and 19:
List of Tables List of Tables Table
Page 20 and 21:
List of Tables Table 6-2. Considera
Page 22 and 23:
List of Tables Table 9-7. Predefine
Page 24 and 25:
List of Tables Table 15-3. Default
Page 26 and 27:
Section 1 Introduction and Getting
Page 28 and 29:
Preface Preface Welcome to the Tren
Page 30 and 31:
Audience Preface OfficeScan documen
Page 32 and 33:
Terminology Preface The following t
Page 34 and 35:
TABLE P-3. OfficeScan Terminology (
Page 36 and 37:
Introducing OfficeScan Chapter 1 Th
Page 38 and 39:
Introducing OfficeScan Plug-in Mana
Page 40 and 41:
Introducing OfficeScan Damage Clean
Page 42 and 43:
Introducing OfficeScan • Repairs
Page 44 and 45:
The OfficeScan Server Introducing O
Page 46 and 47:
Standalone Smart Protection Server
Page 48 and 49:
Getting Started with OfficeScan Cha
Page 50 and 51:
Getting Started with OfficeScan On
Page 52 and 53:
The Summary Dashboard Getting Start
Page 54 and 55:
Working with Tabs and Widgets Manag
Page 56 and 57:
TABLE 2-2. Tab and Widget Tasks (Co
Page 58 and 59:
Available Widgets The following wid
Page 60 and 61:
Getting Started with OfficeScan To
Page 62 and 63:
Getting Started with OfficeScan Cli
Page 64 and 65:
Getting Started with OfficeScan •
Page 66 and 67:
Getting Started with OfficeScan Off
Page 68 and 69:
Getting Started with OfficeScan Dig
Page 70 and 71:
To view data, select a time period
Page 72 and 73:
Getting Started with OfficeScan Fil
Page 74 and 75:
To integrate Active Directory with
Page 76 and 77:
The OfficeScan Client Tree Getting
Page 78 and 79:
Getting Started with OfficeScan •
Page 80 and 81:
Table 2-6 lists the tasks you can p
Page 82 and 83:
TABLE 2-6. Client Management Tasks
Page 84 and 85:
Getting Started with OfficeScan Upd
Page 86 and 87:
Perform the following tasks: 1. Vie
Page 88 and 89:
Manual Client Grouping Getting Star
Page 90 and 91:
Getting Started with OfficeScan 5.
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
4. To delete a client, click Remove
Page 98 and 99:
Section 2 Protecting Networked Comp
Page 100 and 101:
Chapter 3 Using Trend Micro Smart P
Page 102 and 103:
Using Trend Micro Smart Protection
Page 104 and 105:
Smart Feedback Using Trend Micro Sm
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Setting Up Smart Protection Service
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
To configure custom lists of smart
Page 124 and 125:
Page 126 and 127:
Using Smart Protection Services Usi
Page 128 and 129:
Installing the OfficeScan Client Ch
Page 130 and 131:
Client Features Installing the Offi
Page 132 and 133:
TABLE 4-1. Client Features (Continu
Page 134 and 135:
Installing the OfficeScan Client In
Page 136 and 137:
Installing the OfficeScan Client To
Page 138 and 139:
TABLE 4-3. Installation Methods (Co
Page 140 and 141:
Installing the OfficeScan Client To
Page 142 and 143:
Installing with Login Script Setup
Page 144 and 145:
Installing the OfficeScan Client 4.
Page 146 and 147:
Page 148 and 149:
Installing the OfficeScan Client
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
To distribute the package to target
Page 156 and 157:
Installing the OfficeScan Client d.
Page 158 and 159:
Page 160 and 161:
Using Vulnerability Scanner Install
Page 162 and 163:
Domain Structure TABLE 4-8. Domain
Page 164 and 165:
Page 166 and 167:
3. Type the IP address range of the
Page 168 and 169:
To run a DHCP scan: Installing the
Page 170 and 171:
Installing the OfficeScan Client c.
Page 172 and 173:
Page 174 and 175:
ServerProtect for Linux Installing
Page 176 and 177:
Installing the OfficeScan Client Pe
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Installing the OfficeScan Client Cl
Page 184 and 185:
Page 186 and 187:
Post-installation After completing
Page 188 and 189:
To perform a test scan: Installing
Page 190 and 191:
Running the Client Uninstallation P
Page 192 and 193:
Page 194 and 195:
Installing the OfficeScan Client Ke
Page 196 and 197:
Keeping Protection Up-to-Date Chapt
Page 198 and 199:
Antivirus Components Keeping Protec
Page 200 and 201:
Keeping Protection Up-to-Date Virus
Page 202 and 203:
Behavior Monitoring Components Beha
Page 204 and 205:
Keeping Protection Up-to-Date This
Page 206 and 207:
TABLE 5-2. Server-Client Update Opt
Page 208 and 209:
OfficeScan Server Updates Keeping P
Page 210 and 211:
OfficeScan Server Update Sources Ke
Page 212 and 213:
OfficeScan Server Component Duplica
Page 214 and 215:
Keeping Protection Up-to-Date 3. Th
Page 216 and 217:
Keeping Protection Up-to-Date 4. De
Page 218 and 219:
OfficeScan Server Update Logs Keepi
Page 220 and 221:
OfficeScan Client Update Sources Ke
Page 222 and 223:
Client Update Process Keeping Prote
Page 224 and 225:
Keeping Protection Up-to-Date 5. Pe
Page 226 and 227:
Keeping Protection Up-to-Date TABLE
Page 228 and 229:
Keeping Protection Up-to-Date Event
Page 230 and 231:
Keeping Protection Up-to-Date 2. Se
Page 232 and 233:
Scheduled Client Updates with NAT K
Page 234 and 235:
Keeping Protection Up-to-Date 2. To
Page 236 and 237:
Keeping Protection Up-to-Date Perfo
Page 238 and 239:
Proxy for OfficeScan Client Compone
Page 240 and 241:
OfficeScan Client Update Logs Keepi
Page 242 and 243:
Touch Tool for OfficeScan Client Ho
Page 244 and 245:
To assign a client as an Update Age
Page 246 and 247:
Standard Update Source for Update A
Page 248 and 249:
Keeping Protection Up-to-Date The u
Page 250 and 251:
Update Methods for Update Agents Ke
Page 252 and 253:
Keeping Protection Up-to-Date Compo
Page 254 and 255:
Scanning for Security Risks Chapter
Page 256 and 257:
Scanning for Security Risks Virus A
Page 258 and 259:
Scanning for Security Risks Dialer
Page 260 and 261:
Guarding Against Spyware/Grayware S
Page 262 and 263:
Scanning behavior The conventional
Page 264 and 265:
Client tree settings Scanning for S
Page 266 and 267:
Client tree settings Scanning for S
Page 268 and 269:
TABLE 6-4. Scan Types (Continued) S
Page 270 and 271:
5. Click the Action tab and then co
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
4. Configure the following: TABLE 6
Page 278 and 279:
Scanning for Security Risks 6. Clic
Page 280 and 281:
Scanning for Security Risks Scan Se
Page 282 and 283:
Scanning for Security Risks If you
Page 284 and 285:
Scanning for Security Risks Scan Ex
Page 286 and 287:
Scanning for Security Risks • Add
Page 288 and 289:
TABLE 6-15. Virus/Malware Scan Acti
Page 290 and 291:
TABLE 6-16. Trend Micro Recommended
Page 292 and 293:
Scanning for Security Risks Refer t
Page 294 and 295:
Scanning for Security Risks Damage
Page 296 and 297:
To decrypt and restore files: Scann
Page 298 and 299:
Scanning for Security Risks For exa
Page 300 and 301:
Scanning for Security Risks 5. Appl
Page 302 and 303:
Scan Privileges and Other Settings
Page 304 and 305:
Scanning for Security Risks 3. Conf
Page 306 and 307:
Scanning for Security Risks 7. If y
Page 308 and 309:
Mail Scan Privileges and Other Sett
Page 310 and 311:
TABLE 6-21. Mail Scan Programs (Con
Page 312 and 313:
Scanning for Security Risks Clients
Page 314 and 315:
Scanning for Security Risks 5. Conf
Page 316 and 317:
To configure global scan settings:
Page 318 and 319:
Scanning for Security Risks Add Man
Page 320 and 321:
Scanning for Security Risks For exa
Page 322 and 323:
Scanning for Security Risks Enable
Page 324 and 325:
Scanning for Security Risks Resume
Page 326 and 327:
Scanning for Security Risks 2. In t
Page 328 and 329:
Scanning for Security Risks TABLE 6
Page 330 and 331:
To configure virus/malware notifica
Page 332 and 333:
Security Risk Logs Scanning for Sec
Page 334 and 335:
Access denied Scanning for Security
Page 336 and 337:
Unable to delete the file Scanning
Page 338 and 339:
Scanning for Security Risks If the
Page 340 and 341:
Spyware/Grayware Scan Results The f
Page 342 and 343:
Scan Logs Scanning for Security Ris
Page 344 and 345:
To configure the security risk outb
Page 346 and 347:
Scanning for Security Risks 4. In t
Page 348 and 349:
Scanning for Security Risks 7. Clic
Page 350 and 351:
Scanning for Security Risks 5. Sele
Page 352 and 353:
Disabling Outbreak Prevention Scann
Page 354 and 355:
Using Behavior Monitoring Chapter 7
Page 356 and 357:
Monitored system events include: TA
Page 358 and 359:
Using Behavior Monitoring When Even
Page 360 and 361:
Using Behavior Monitoring 5. Config
Page 362 and 363:
To enable Certified Safe Software S
Page 364 and 365:
To modify the content of the notifi
Page 366 and 367:
Using Device Control Chapter 8 This
Page 368 and 369:
TABLE 8-1. Device Types (Continued)
Page 370 and 371:
TABLE 8-2. Device Control Permissio
Page 372 and 373:
TABLE 8-3. Program Lists (Continued
Page 374 and 375:
Wildcards are used correctly in the
Page 376 and 377:
Using Device Control 7. Configure s
Page 378 and 379:
Using Device Control 8. For each no
Page 380 and 381:
Using Device Control To add program
Page 382 and 383:
Device Control Logs Using Device Co
Page 384 and 385:
Chapter 9 Managing Data Protection
Page 386 and 387:
To install Data Protection: Managin
Page 388 and 389:
Managing Data Protection and Using
Page 390 and 391:
To deploy the Data Protection modul
Page 392 and 393:
About Digital Asset Control Managin
Page 394 and 395:
Page 396 and 397:
TABLE 9-2. Predefined Expressions (
Page 398 and 399:
Page 400 and 401:
Page 402 and 403:
Page 404 and 405:
TABLE 9-3. Criteria for Expressions
Page 406 and 407:
Page 408 and 409:
Page 410 and 411:
TABLE 9-4. Supported File Types (Co
Page 412 and 413:
To add a file attribute list using
Page 414 and 415:
Keywords Managing Data Protection a
Page 416 and 417:
TABLE 9-5. Predefined Keyword Lists
Page 418 and 419:
TABLE 9-6. Criteria for a Keyword L
Page 420 and 421:
9. To export keywords: Managing Dat
Page 422 and 423:
To export keyword lists: Managing D
Page 424 and 425:
TABLE 9-7. Predefined Templates (Co
Page 426 and 427:
See the examples in the following t
Page 428 and 429: To add a template using the "copy"
Page 430 and 431: Digital Asset Control Channels Mana
Page 432 and 433: Managing Data Protection and Using
Page 442 and 443: TABLE 9-9. Digital Asset Control Ac
Page 450 and 451: Action Settings Managing Data Prote
Page 458 and 459: TABLE 9-12. Processes by Channel (C
Page 462 and 463: Protecting Computers from Web-based
Page 464 and 465: Web Reputation Policies Protecting
Page 468 and 469: 10. Configure the approved and bloc
Page 472 and 473: Using the OfficeScan Firewall Chapt
Page 474 and 475: Using the OfficeScan Firewall Certi
Page 476 and 477: Using the OfficeScan Firewall • F
Page 480 and 481: TABLE 11-1. Default Firewall Polici
Page 482 and 483: Using the OfficeScan Firewall • I
Page 484 and 485: Using the OfficeScan Firewall Clien
Page 486 and 487: Using the OfficeScan Firewall Choos
Page 488 and 489: Using the OfficeScan Firewall Profi
Page 490 and 491: Using the OfficeScan Firewall Refer
Page 492 and 493: To edit a profile: PATH: NETWORKED
Page 494 and 495: Using the OfficeScan Firewall Displ
Page 496 and 497: Using the OfficeScan Firewall Send
Page 498 and 499: Firewall Logs Using the OfficeScan
Page 500 and 501: Using the OfficeScan Firewall To co
Page 502 and 503: Using the OfficeScan Firewall 5. Te
Page 504 and 505: Section 3 Managing the OfficeScan S
Page 506 and 507: Chapter 12 Managing the OfficeScan
Page 508 and 509: User Roles Managing the OfficeScan
Page 510 and 511: TABLE 12-2. Menu Items for Servers/
Page 512 and 513: TABLE 12-2. Menu Items for Servers/
Page 514 and 515: Client Management Menu Items The fo
Page 516 and 517: Managing the OfficeScan Server Buil
Page 518 and 519: Target OfficeScan server and all cl
Page 520 and 521: Managing the OfficeScan Server 7. C
Page 522 and 523: To import or export custom roles: P
Page 524 and 525: To modify a custom account: PATH: A
Page 526 and 527: To change a custom or Active Direct
Page 528 and 529:
Managing the OfficeScan Server Supp
Page 530 and 531:
Managing the OfficeScan Server 7. I
Page 532 and 533:
Managing the OfficeScan Server 4. T
Page 534 and 535:
Managing the OfficeScan Server 2. C
Page 536 and 537:
Managing the OfficeScan Server Offi
Page 538 and 539:
Managing the OfficeScan Server 3. S
Page 540 and 541:
Managing the OfficeScan Server 2. V
Page 542 and 543:
Managing the OfficeScan Server 3. T
Page 544 and 545:
Web Console Password Managing the O
Page 546 and 547:
Server Tuner Managing the OfficeSca
Page 548 and 549:
Managing the OfficeScan Server 5. U
Page 550 and 551:
Managing OfficeScan Clients Chapter
Page 552 and 553:
Managing OfficeScan Clients Locatio
Page 554 and 555:
To use Gateway Settings Importer: M
Page 556 and 557:
TABLE 13-2. OfficeScan Client Servi
Page 558 and 559:
Managing OfficeScan Clients 2. For
Page 560 and 561:
10. If the performance drops again,
Page 562 and 563:
Managing OfficeScan Clients Protect
Page 564 and 565:
Managing OfficeScan Clients • TMB
Page 566 and 567:
Managing OfficeScan Clients 5. If y
Page 568 and 569:
Managing OfficeScan Clients 5. If y
Page 570 and 571:
TABLE 13-3. Client Mover Parameters
Page 572 and 573:
Client Icons Managing OfficeScan Cl
Page 574 and 575:
TABLE 13-4. Client Status as Indica
Page 576 and 577:
Smart Scan Icons Any of the followi
Page 578 and 579:
Conventional Scan Icons Any of the
Page 580 and 581:
TABLE 13-6. Conventional Scan Icons
Page 582 and 583:
Page 584 and 585:
Page 586 and 587:
Page 588 and 589:
Managing OfficeScan Clients A Clien
Page 590 and 591:
Client-Server Connection Verificati
Page 592 and 593:
Unreachable Clients Managing Office
Page 594 and 595:
Managing OfficeScan Clients When ch
Page 596 and 597:
Managing OfficeScan Clients 3. Conf
Page 598 and 599:
External Proxy for Clients Managing
Page 600 and 601:
Automatic Proxy Settings for Client
Page 602 and 603:
To import client settings: PATH: NE
Page 604 and 605:
Managing OfficeScan Clients Service
Page 606 and 607:
Managing OfficeScan Clients A non-c
Page 608 and 609:
Managing OfficeScan Clients Run Sca
Page 610 and 611:
On-demand Compliance Reports Managi
Page 612 and 613:
Managing OfficeScan Clients 5. View
Page 614 and 615:
Managing OfficeScan Clients 4. Spec
Page 616 and 617:
Managing OfficeScan Clients Active
Page 618 and 619:
Managing OfficeScan Clients 4. Unde
Page 620 and 621:
Managing OfficeScan Clients Schedul
Page 622 and 623:
Managing OfficeScan Clients 3. Moni
Page 624 and 625:
Managing OfficeScan Clients 4. View
Page 626 and 627:
To delete a connection setting: Man
Page 628 and 629:
To remove GUIDs from templates: Man
Page 630 and 631:
TABLE 13-12. Client Privileges (Con
Page 632 and 633:
To configure global client settings
Page 634 and 635:
Section 4 Providing Additional Prot
Page 636 and 637:
Using Plug-in Manager Chapter 14 .T
Page 638 and 639:
Using Plug-in Manager Plug-in Progr
Page 640 and 641:
Using Plug-in Manager Post-installa
Page 642 and 643:
Using Plug-in Manager 2. On the Plu
Page 644 and 645:
Page 646 and 647:
Page 648 and 649:
Using Plug-in Manager Client-side A
Page 650 and 651:
Using Plug-in Manager c. Enter the
Page 652 and 653:
TABLE 14-1. Plug-in Manager Error C
Page 654 and 655:
TABLE 14-1. Plug-in Manager Error C
Page 656 and 657:
Chapter 15 Using Policy Server for
Page 658 and 659:
TABLE 15-1. Policy Server for Cisco
Page 660 and 661:
TABLE 15-2. Policy Server for Cisco
Page 662 and 663:
The Client Validation Sequence Usin
Page 664 and 665:
The Policy Server Using Policy Serv
Page 666 and 667:
Rule Composition Using Policy Serve
Page 668 and 669:
TABLE 15-3. Default Rules (Continue
Page 670 and 671:
Policy Composition Using Policy Ser
Page 672 and 673:
Synchronization Using Policy Server
Page 674 and 675:
The CA Certificate Using Policy Ser
Page 676 and 677:
Cisco Trust Agent (CTA) Requirement
Page 678 and 679:
TABLE 15-6. Supported Platforms and
Page 680 and 681:
Cisco Secure ACS Server Enrolment U
Page 682 and 683:
Using Policy Server for Cisco NAC 3
Page 684 and 685:
Importing the Client Certificate Us
Page 686 and 687:
Page 688 and 689:
Page 690 and 691:
k. Select the certificate from the
Page 692 and 693:
Policy Server for Cisco NAC Configu
Page 694 and 695:
Summary Information for a Policy Se
Page 696 and 697:
Policies Using Policy Server for Ci
Page 698 and 699:
Configuring OfficeScan with Third-p
Page 700 and 701:
OfficeScan Integration Configuring
Page 702 and 703:
Configuring OfficeScan with Third-p
Page 704 and 705:
To grant users the privilege to vie
Page 706 and 707:
Getting Help Chapter 17 This chapte
Page 708 and 709:
Trend Micro Performance Tuning Tool
Page 710 and 711:
To enable debug logging for server
Page 712 and 713:
Role-based Administration Logs Gett
Page 714 and 715:
Client Packager Logs To enable logg
Page 716 and 717:
ServerProtect Normal Server Migrati
Page 718 and 719:
Virus Scan Engine Logs To enable de
Page 720 and 721:
Virtual Desktop Support Logs • Fi
Page 722 and 723:
Fresh Installation Logs File name:
Page 724 and 725:
Outbreak Prevention Logs File name:
Page 726 and 727:
Web Reputation and POP3 Mail Scan L
Page 728 and 729:
Transport Driver Interface (TDI) Lo
Page 730 and 731:
Getting Help Speeding Up Your Suppo
Page 732 and 733:
Sending Suspicious Files to Trend M
Page 734 and 735:
Section 5 Appendices, Glossary, and
Page 736 and 737:
IPv6 Support in OfficeScan Appendix
Page 738 and 739:
IPv6 Support in OfficeScan OfficeSc
Page 740 and 741:
TABLE A-2. Pure IPv6 Client Limitat
Page 742 and 743:
IPv6 Support in OfficeScan 5. Some
Page 744 and 745:
Appendix B Windows Server Core 2008
Page 746 and 747:
To install the client using Login S
Page 748 and 749:
Windows Server Core 2008 Support Th
Page 750 and 751:
TABLE B-1. Windows Server Core Comm
Page 752 and 753:
Glossary ActiveUpdate Appendix C Ac
Page 754 and 755:
ESMTP Glossary Enhanced Simple Mail
Page 756 and 757:
Glossary The Internet Protocol is n
Page 758 and 759:
NAT Glossary Network Address Transl
Page 760 and 761:
Security Patch A security patch foc
Page 762 and 763:
Telnet Telnet is a standard method
Page 764 and 765:
Glossary To determine the trusted p
Page 766 and 767:
3. Open the command prompt, and typ
Page 768 and 769:
Glossary del *.* /S The last comman
Page 770 and 771:
Index A Access Control Server (ACS)
Page 772 and 773:
CPU usage 6-28 custom client groups
Page 774 and 775:
firewall logs 11-24, 11-27 scan log
Page 776 and 777:
privileges firewall privileges 11-2
Page 778 and 779:
spyware/grayware scan actions 6-45
show all

OfficeScan 10.6 Administrator's Guide - Trend Micro™ Online Help

Create successful ePaper yourself

Delete template?

Save as template?