SCAN 5-2 Specifications

OfficeScanTM 10For Enterprise and Medium BusinessAdministrator’s GuideEndpoint Securityes

Trend Micro™ OfficeScan™ 10 Administrator’s Guide viChapter 7: Using the OfficeScan FirewallAbout the OfficeScan Firewall ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-32Software/Hardware SpecificationsDomain StructureTABLE 3-14. Software/Hardware specificationsSET

Installing the OfficeScan Client3-33Network TrafficNetwork SizeTABLE 3-16. Network trafficSETUP EFFECTIVENESS OF VULNERABILITY SCANNERLAN connection

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-34User TasksPerform the following tasks from Vulnerability Scanner:• Installing the OfficeScan Clie

Installing the OfficeScan Client3-35To install OfficeScan client with Vulnerability Scanner:1. If running Windows Vista Business, Enterprise, or Ultim

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-36Managing General SettingsTo configure and manage the following Vulnerability Scanner settings, na

Installing the OfficeScan Client3-37ServerProtect for LinuxIf the target computer does not run Windows, Vulnerabil-ity Scanner checks if it has Server

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-38ProtocolsVulnerability Scanner detects products and computers using the following protocols:• RPC

Installing the OfficeScan Client3-39NotificationsTo automatically send the results to yourself or to other administrators in your organization, select

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-40OfficeScan Server SettingsType the OfficeScan server name and port number. Vulnerability Scanner

Installing the OfficeScan Client3-41To run a vulnerability scan on computers requesting IP addresses from a DHCP server:1. Configure DHCP settings in

ContentsviiOfficeScan Database Backup ... 8-21OfficeScan Web Server Information ..

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-424. Click Start. Vulnerability Scanner begins listening for DHCP requests and performing vulnerabi

Installing the OfficeScan Client3-43Configuring Other Vulnerability Scanner SettingsSome Vulnerability Scanner settings can be configured only from th

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-44Migrating to the OfficeScan ClientMigrate endpoint security software installed on a target comput

Installing the OfficeScan Client3-45Migrating from ServerProtect Normal ServersThe ServerProtect™ Normal Server Migration Tool is a tool that helps mi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-463. Select the OfficeScan server. The path of the OfficeScan server appears under OfficeScan serve

Installing the OfficeScan Client3-478. Click the computers on which to perform the migration.a. To select all computers, click Select All.b. To desele

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-48Post-installationAfter completing the installation, verify the following:OfficeScan client shortc

Installing the OfficeScan Client3-49Recommended Post-installation TasksTrend Micro recommends performing the following post-installation tasks:Compone

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-504. To test other computers on the network, attach the EICAR.com file to an email message and send

Installing the OfficeScan Client3-515. Check the notification status and verify if there are clients that did not receive the notification.a. Click Se

Trend Micro™ OfficeScan™ 10 Administrator’s Guide viiiClient Self-protection ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-52Manually Uninstalling the ClientPerform manual uninstallation only if you encounter problems unin

Installing the OfficeScan Client3-536. Delete the following registry keys:If there are no other Trend Micro products installed on the computer:• HKEY_

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-54Keys: •ntrtscan•tmcfw•tmcomm• TmFilter•Tmlisten•tmpfw• TmPreFilter•TmProxy•tmtdi•VSApiNt• tmlwf (

Installing the OfficeScan Client3-5514. Uninstall the Common Firewall Driver.a. Right-click My Network Places and click Properties.b. Right-click Loca

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-56

4-1Chapter 4Keeping Protection Up-to-DateTopics in this chapter:• OfficeScan Components and Programs on page 4-2• Update Overview on page 4-10• Office

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-2OfficeScan Components and ProgramsOfficeScan makes use of components and programs to keep client c

Keeping Protection Up-to-Date4-3Download the Virus Pattern and other OfficeScan pattern files from the following Web site, where you can also find the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-4Virus Scan EngineAt the heart of all Trend Micro products lies the scan engine, which was original

Keeping Protection Up-to-Date4-5Virus Scan DriverThe Virus Scan Drive monitors user operations on files. Operations include opening or closing a file,

ContentsixDefault Policies ... 10-16Synchronization ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-6Anti-spyware ComponentsSpyware PatternThe Spyware Pattern identifies spyware/grayware in files and

Keeping Protection Up-to-Date4-7Behavior Monitoring ComponentsBehavior Monitoring DriverThis kernel mode driver monitors system events and passes them

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-8ProgramsClient ProgramThe OfficeScan client program provides the actual protection from security r

Keeping Protection Up-to-Date4-9This feature is available starting in OfficeScan 8.0 Service Pack 1 with patch 3.• Clients upgraded from version 8.0 S

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-10Update OverviewAll component updates originate from the Trend Micro ActiveUpdate server. When upd

Keeping Protection Up-to-Date4-11ActiveUpdate server|OfficeScan server|Update Agents|ClientsThe OfficeScan server receives updated components from the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-12Smart Scan Server UpdateA Smart Scan Server downloads the Smart Scan Pattern. Smart scan clients

Keeping Protection Up-to-Date4-13OfficeScan Server UpdateThe OfficeScan server downloads the following components and deploys them to clients:TABLE 4-

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-14To enable the server to deploy the updated components to clients, configure automatic update sett

Keeping Protection Up-to-Date4-15Server Update SourceConfigure the OfficeScan server to download components from the Trend Micro ActiveUpdate server o

Trend Micro™ OfficeScan™ 10 Administrator’s Guide xChapter 11: Configuring OfficeScan with Third-party SoftwareOverview of Check Point Architecture an

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-16Proxy for Server UpdateConfigure server programs hosted on the server computer to use proxy setti

Keeping Protection Up-to-Date4-17Component duplication applies to the following components:•Virus Pattern• Smart Scan Agent Pattern• Virus Cleanup Tem

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-182. The server merges the incremental pattern with its current full pattern to generate the latest

Keeping Protection Up-to-Date4-19To illustrate based on the example:• The ActiveUpdate server has 14 incremental patterns:173.175 171.175 169.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-20To configure server update schedule:PATH: UPDATES > SERVER > SCHEDULED UPDATE1. Select Enab

Keeping Protection Up-to-Date4-21Smart Scan Server UpdateThis section discusses how to update components in the integrated Smart Scan Server. For deta

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-22When clients connect using a specific protocol, they identify the integrated server by its server

Keeping Protection Up-to-Date4-23Client UpdateTo ensure that clients stay protected from the latest security risks, update client components regularly

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-24Updating from the OfficeScan Server and Custom SourcesClients can obtain updates from various sou

Keeping Protection Up-to-Date4-25Customized Update SourceAside from the OfficeScan server, clients can update from custom update sources. Custom updat

ContentsxiContacting Trend Micro ... 12-15Technical Support ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-26If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpd

Keeping Protection Up-to-Date4-27Client Update MethodsClients that update components from the OfficeScan server or a customized update source can use

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-28There are two types of automatic update:Event-triggered UpdateThe server can notify online client

Keeping Protection Up-to-Date4-29To update networked computer components automatically:PATH: UPDATES > NETWORKED COMPUTERS > AUTOMATIC UPDATE1.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-30If you have not granted clients scheduled update privilege, perform the following steps first:a.

Keeping Protection Up-to-Date4-31b. If you select Daily or Weekly, specify the time of the update and the time period the OfficeScan server will notif

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-322. Choose the clients you want to update. Update clients with outdated components or select speci

Keeping Protection Up-to-Date4-33b. Instruct users to manually update components on the client computer (by right-clicking the OfficeScan icon in the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-34Proxy for Client Component UpdateOfficeScan clients can use proxy settings during automatic updat

Keeping Protection Up-to-Date4-35Client Update LogsCheck the client update logs to determine if there are problems updating the Virus Pattern on clien

Trend Micro™ OfficeScan™ 10 Administrator’s Guide xii

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-36Component RollbackRollback refers to reverting to the previous version of the Virus Pattern, Smar

Keeping Protection Up-to-Date4-37Update AgentsTo distribute the task of deploying components to OfficeScan clients, assign some OfficeScan clients to

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-38Update Agent ConfigurationUpdate Agent configuration is a 2-step process:1. Assign a client as an

Keeping Protection Up-to-Date4-39Update Source for Update AgentsUpdate Agents can obtain updates from various sources, such as the OfficeScan server o

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-404. If unable to update from all possible sources, the Update Agent quits the update process.The u

Keeping Protection Up-to-Date4-41Update Agent Standard Update SourceThe OfficeScan server is the standard update source for Update Agents. If you conf

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-42Update Agent Component DuplicationLike the OfficeScan server, Update Agents also use component du

Keeping Protection Up-to-Date4-43To use the Scheduled Update Configuration tool:1. On the Update Agent computer, navigate to <Client installation f

Trend Micro™ OfficeScan™ 10 Administrator’s Guide4-44

5-1Chapter 5Protecting Computers from Security RisksTopics in this chapter:• About Security Risks on page 5-2• Scan Methods on page 5-8• Scan Types on

List of TablesxiList of TablesTable P-1. OfficeScan documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xviTable P-2.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-2About Security RisksSecurity risk is the collective term for viruses/malware and spyware/grayware.

Protecting Computers from Security Risks5-3VirusA virus is a program that replicates. To do so, the virus needs to attach itself to other program file

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-4Network VirusA virus spreading over a network is not, strictly speaking, a network virus. Only som

Protecting Computers from Security Risks5-5DialerA dialer changes client Internet settings and can force a computer to dial pre-configured phone numbe

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-6Potential Risks and ThreatsThe existence of spyware and other types of grayware on the network hav

Protecting Computers from Security Risks5-7Guarding Against Spyware/GraywareThere are many ways to prevent the installation of spyware/grayware to a c

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-8Scan MethodsOfficeScan clients can use either conventional scan or smart scan when scanning for se

Protecting Computers from Security Risks5-9Scanning behaviorThe conventional scan client performs scanning on the local computer.• The smart scan clie

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-10Switching From Conventional Scan to Smart ScanIf you are switching clients from conventional scan

Protecting Computers from Security Risks5-11Local Smart Scan ServerOfficeScan provides two types of local Smart Scan Servers. Both servers have the sa

Trend Micro™ OfficeScan™ 10 Administrator’s GuidexiiTable 3-14. Software/Hardware specifications. . . . . . . . . . . . . . . . . . . . . . . . . .

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-123. Smart Scan Server listAdd the Smart Scan Servers you have set up to the Smart Scan Server list

Protecting Computers from Security Risks5-138. TimingWhen switching to smart scan for the first time, clients need to download the full version of the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-14Switching From Smart Scan to Conventional ScanWhen you switch clients back to conventional scan,

Protecting Computers from Security Risks5-15To change the scan method:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > SETTINGS > SCAN METHODS

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-16To configure the Smart Scan Server list:PATH: SMART SCAN > SCAN SOURCE > INTERNAL CLIENTS1.

Protecting Computers from Security Risks5-175. To open the console of a local Smart Scan Server, click Launch console.• For the integrated Smart Scan

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-18To obtain the Smart Scan Server address:• For the integrated Smart Scan Server, open the OfficeSc

Protecting Computers from Security Risks5-19Scan TypesOfficeScan provides the following scan types to protect client computers from security risks:Rea

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-20Configure and apply Real-time Scan settings to one or several clients and domains, or to all clie

Protecting Computers from Security Risks5-21Manual ScanManual Scan is an on-demand scan and starts immediately after a user runs the scan on the clien

List of TablesxiiiTable 5-2. Files that OfficeScan can decrypt and restore . . . . . . . . . . . . . . . . . . 5-36Table 5-32. Restore parameters

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-22Scheduled ScanScheduled Scan runs automatically on the appointed date and time. Use Scheduled Sca

Protecting Computers from Security Risks5-23Scan NowScan Now is initiated remotely by an OfficeScan administrator through the Web console and can be t

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-24Initiating Scan NowInitiate Scan Now on computers that you suspect to be infected.To initiate Sca

Protecting Computers from Security Risks5-255. Click Stop Notification to prompt OfficeScan to stop notifying clients currently being notified. Client

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-26Files to ScanSelect from the following options:• All scannable files: Scan all files• File types

Protecting Computers from Security Risks5-27CPU UsageOfficeScan can pause after scanning one file and before scanning the next file. This setting is u

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-28When you enable scan exclusion, OfficeScan will not scan a file under the following conditions:•

Protecting Computers from Security Risks5-29Also configure OfficeScan to exclude Microsoft Exchange 2000/2003 directories by going to Networked Comput

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-30Scan ActionsSpecify the action OfficeScan performs when a particular scan type detects a security

Protecting Computers from Security Risks5-31CleanOfficeScan cleans the infected file before allowing full access to the file.If the file is uncleanabl

Trend Micro™ OfficeScan™ 10 Administrator’s Guidexiv

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-32Deny AccessThis scan action can only be performed during Real-time Scan. When OfficeScan detects

Protecting Computers from Security Risks5-33Use the same action for all virus/malware typesSelect this option if you want the same action performed on

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-34Quarantine DirectoryIf the action for an infected file is "Quarantine", the OfficeScan

Protecting Computers from Security Risks5-35A directory on another OfficeScan server computer (if you have other OfficeScan servers on the network)URL

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-36Back Up Files Before CleaningIf OfficeScan is set to clean an infected file, it can first back up

Protecting Computers from Security Risks5-37WARNING! Restoring an infected file may spread the virus/malware to other files and computers. Before rest

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-38If the file is on the OfficeScan server or a custom quarantine directory:1. If the file is on the

Protecting Computers from Security Risks5-396. Use the other parameters to issue various commands.For example, type VSEncode [/d] [/debug] to decrypt

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-40Spyware/Grayware Scan ActionsThe scan action OfficeScan performs depends on the scan type that de

Protecting Computers from Security Risks5-41Spyware/Grayware Approved ListOfficeScan provides a list of "approved" spyware/grayware, which c

xvPrefacePrefaceWelcome to the Trend Micro™ OfficeScan™ Administrator’s Guide. This document discusses getting started information, client installatio

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-423. To remove names from the approved list, select the names and click Remove. To select multiple

Protecting Computers from Security Risks5-43Scan-related PrivilegesUsers with scan privileges have greater control over how files on their computers g

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-44Security Risk NotificationsOfficeScan comes with a set of default notification messages to inform

Protecting Computers from Security Risks5-456. Specify a community name that is difficult to guess.7. Click Save.Security Risk Notifications for Admin

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-46e. Click Save.Security Risk Notifications for Client UsersOfficeScan can display notification mes

Protecting Computers from Security Risks5-472. If you selected domain(s) or client(s) on the client tree, click Save to apply settings to the domain(s

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-48Security Risk LogsOfficeScan generates logs when it detects virus/malware or spyware/grayware, an

Protecting Computers from Security Risks5-49Virus/Malware Scan ResultsA. If Scan Action is SuccessfulThe following results display if OfficeScan was a

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-50Passed• First action is Pass. OfficeScan did not perform any action on the infected file.• First

Protecting Computers from Security Risks5-51Unable to quarantine the file/Unable to rename the fileExplanation 1The infected file may be locked by ano

Trend Micro™ OfficeScan™ 10 Administrator’s Guide xviOfficeScan DocumentationOfficeScan documentation includes the following:Download the latest versi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-52SolutionFor infected files on a CD, consider not using the CD as the virus may infect other compu

Protecting Computers from Security Risks5-533. If you use UNC path, ensure that the quarantine directory folder is shared to the group "Everyone&

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-54Explanation 2The infected file is in the Temporary Internet Files folder of the client computer.

Protecting Computers from Security Risks5-55Spyware/Grayware Scan ResultsA. If Scan Action is SuccessfulThe first level result is Successful, no actio

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-56Spyware/Grayware cleaned, restart required. Please restart the computer.OfficeScan cleaned spywar

Protecting Computers from Security Risks5-57Outbreak ProtectionAn outbreak occurs when incidents of virus/malware or spyware/grayware detections over

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-58To configure the outbreak criteria and notifications:PATH: NOTIFICATIONS > ADMINISTRATOR NOTIF

Protecting Computers from Security Risks5-59d. Use token variables to represent data in the Message and Subject fields.4. Click Save.TABLE 5-34. Tok

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-60Outbreak PreventionWhen an outbreak occurs, enforce outbreak prevention measures to respond to an

Protecting Computers from Security Risks5-61Outbreak Prevention PoliciesWhen outbreaks occurs, enforce any of the following policies:• Limit/Deny Acce

PrefacexviiAudienceOfficeScan documentation is intended for the following users:• OfficeScan Administrators: Responsible for OfficeScan management, in

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-62Block PortsDuring outbreaks, block vulnerable ports that viruses/malware might use to gain access

Protecting Computers from Security Risks5-63b. To edit settings for the blocked port(s), click the port number.c. In the screen that opens, modify the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-64Disabling Outbreak PreventionWhen you are confident that an outbreak has been contained and that

Protecting Computers from Security Risks5-65Device ControlOfficeScan provides a device control feature that regulates access to external storage devic

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-66Note: The scanning function in OfficeScan complements and may override the device permissions. Fo

Protecting Computers from Security Risks5-67Device Control LogsClients log unauthorized device access instances and send the logs to the server. A cli

Trend Micro™ OfficeScan™ 10 Administrator’s Guide5-68

6-1Chapter 6Protecting Computers from Web-based ThreatsTopics in this chapter:• About Web Threats on page 6-2• Web Reputation on page 6-2• Location Aw

Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-2About Web ThreatsWeb threats encompass a broad array of threats that originate from the Internet.

Protecting Computers from Web-based Threats6-3Location AwarenessIn many organizations, employees use both desktop and notebook computers to perform th

Trend Micro™ OfficeScan™ 10 Administrator’s Guide xviiiTerminologyThe following table provides the official terminology used throughout the OfficeScan

Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-4To configure a Web reputation policy:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > SETTING

Protecting Computers from Web-based Threats6-5Approved URLsApproved URLs bypass Web Reputation policies. OfficeScan does not block these URLs even if

Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-6Web Threat Notifications for Client UsersOfficeScan can display a notification message on a client

Protecting Computers from Web-based Threats6-7Web Reputation LogsConfigure both internal and external clients to send Web reputation logs to the serve

Trend Micro™ OfficeScan™ 10 Administrator’s Guide6-8

7-1Chapter 7Using the OfficeScan FirewallTopics in this chapter:• About the OfficeScan Firewall on page 7-2• Firewall Policies and Profiles on page 7-

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-2About the OfficeScan FirewallThe OfficeScan firewall protects clients and servers on the network u

Using the OfficeScan Firewall7-3Intrusion Detection SystemThe OfficeScan firewall also includes an Intrusion Detection System (IDS). When enabled, IDS

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-4• LAND Attack: A type of attack that sends IP synchronization (SYN) packets with the same source a

Using the OfficeScan Firewall7-5Firewall PoliciesFirewall policies allow you to block or allow certain types of network traffic not specified in a pol

PrefacexixAdministrator (or OfficeScan administrator)The person managing the OfficeScan serverConsole The user interface for configuring and managing

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-6Also create new policies if you have requirements not covered by any of the default policies.All d

Using the OfficeScan Firewall7-7Adding and Modifying a Firewall PolicyConfigure the following for each policy:• Security level: A general setting that

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-84. Under Exception, select the firewall policy exceptions. The policy exceptions included here are

Using the OfficeScan Firewall7-9Editing the Firewall Exception TemplateThe firewall exception template contains policy exceptions that you can configu

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-10Note: Default exceptions apply to all clients. If you want a default exception to apply only to c

Using the OfficeScan Firewall7-113. Select the type of network protocol: TCP, UDP, or ICMP.4. Specify ports on the client computer on which to perform

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-12• Save Template Changes: Saves the exception template with the current policy exceptions and sett

Using the OfficeScan Firewall7-13OfficeScan comes with a default profile named "All clients profile", which uses the "All access"

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-145. To save the current settings and assign the profiles to clients:a. Select whether to Overwrite

Using the OfficeScan Firewall7-15• Computer name: Click the button to open, and select client computers from, the client tree.•Platform• Logon name• C

Trend Micro™ OfficeScan™ 10 Administrator’s Guide xxServer installation folderThe folder on the computer that contains the OfficeScan server files. If

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-16Firewall PrivilegesGrant users the following privileges:•View the Firewall tab on the client cons

Using the OfficeScan Firewall7-17To modify the content of the notification message:PATH: NOTIFICATIONS > CLIENT USER NOTIFICATIONS1. Click the Fire

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-18• Description: Specifies the actual security risk (such as a network virus or IDS attack) or the

Using the OfficeScan Firewall7-19c. Select Firewall view from the client tree view.d. Check if there is a green check mark under the Firewall column o

Trend Micro™ OfficeScan™ 10 Administrator’s Guide7-20To disable the OfficeScan firewall on all client computers:1. On the Web console, go to Administr

Section 2Managing the OfficeScanServer and Clients

Trend Micro™ OfficeScan™ 10 Administrator’s Guide

8-1Chapter 8Managing the OfficeScan ServerTopics in this chapter:• Role-based Administration on page 8-2• Trend Micro Control Manager on page 8-10• Re

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-2Role-based AdministrationUse the role-based administration feature to grant and control access to

Managing the OfficeScan Server8-3Power UserDelegate this role to administrators with specific administrative tasks on the Web console.1. Users with th

1-1Chapter 1Introducing OfficeScanTopics in this chapter:• About OfficeScan on page 1-2• New in this Release on page 1-2• Key Features and Benefits on

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-4Guest UserDelegate this role to users who want to view the Web console for reference purposes.1. U

Managing the OfficeScan Server8-5Adding and Modifying a Custom RoleTo add a custom role:PATH: ADMINISTRATION > USER ROLES > ADDADMINISTRATION &g

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-6User AccountsSet up user accounts and assign a particular role to each user. The user role determi

Managing the OfficeScan Server8-7To use OfficeScan user accounts in Control Manager:Refer to the Control Manager documentation for the detailed steps.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-82. Select whether to add a custom account or an Active Directory account.• For custom account, typ

Managing the OfficeScan Server8-9To modify a custom account:PATH: ADMINISTRATION > USER ACCOUNTS > <USER NAME>1. Enable or disable the acc

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-10If you specify an Active Directory group, all members belonging to a group get the same role. If

Managing the OfficeScan Server8-11Control Manager allows system administrators to monitor and report on activities such as infections, security violat

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-12• Replicate the following settings from one OfficeScan server to another from the Control Manager

Managing the OfficeScan Server8-134. If you will use a proxy server to connect to the Control Manager server, specify the following proxy settings:• P

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-2About OfficeScanTrend Micro™ OfficeScan™ protects enterprise networks from malware, network virus

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-14Reference ServersOne of the ways the OfficeScan client determines which of the firewall profiles

Managing the OfficeScan Server8-15b. Type the port through which clients communicate with this computer. Specify any open contact port (such as ports

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-16Outbreak Prevention: • Outbreak Prevention enabled• Outbreak Prevention disabled• Number of share

Managing the OfficeScan Server8-17Firewall LogsOfficeScan generates logs when it detects violations to firewall policies. For details, see Firewall Lo

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-18Debug LogsUse debug logs to troubleshoot problems with the OfficeScan server and client. For more

Managing the OfficeScan Server8-19LicensesView, activate, and renew OfficeScan product service licenses on the Web console, and enable/disable the Off

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-20If you have an evaluation version license• When the license expires. During this time, OfficeScan

Managing the OfficeScan Server8-213. In the screen that opens, type the Activation Code and click Save.Note: Register a service before activating it.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-22To back up the OfficeScan database:PATH: ADMINISTRATION > DATABASE BACKUP1. Type the location

Managing the OfficeScan Server8-23OfficeScan Web Server InformationDuring OfficeScan server installation, Setup automatically sets up a Web server (II

Introducing OfficeScan1-3For smart scan deployment information, refer to the Trend Micro Smart Scan for OfficeScan Getting Started Guide.Active Direct

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-24To change the Web console password:PATH: ADMINISTRATION > CONSOLE PASSWORD1. Type the current

Managing the OfficeScan Server8-25To configure quarantine directory settings:PATH: ADMINISTRATION > QUARANTINE MANAGER1. Accept or modify the defau

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-26Network TrafficThe amount of network traffic varies throughout the day. To control the flow of ne

Managing the OfficeScan Server8-274. Under Buffer, modify the following settings:Event BufferType the maximum number of client event reports to the se

Trend Micro™ OfficeScan™ 10 Administrator’s Guide8-28connection closes (due to either the completion of the update or the client response reaching the

9-1Chapter 9Managing ClientsTopics in this chapter:• Computer Location on page 9-2• Client Privileges and Other Settings on page 9-5• Global Client Se

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-2Computer LocationOfficeScan provides a location awareness feature that determines the Web reputati

Managing Clients9-32. If you choose Client connection status, decide if you want to use a reference server. See Reference Servers on page 8-14 for det

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-4Gateway Settings ImporterOfficeScan checks a computer's location to determine the Web reputat

Managing Clients9-5Client Privileges and Other SettingsGrant users the privileges to modify certain settings and perform high level tasks on the Offic

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing an

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-4Platform SupportThis product release supports server and client installations on Windows Server™

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-63. If you selected domain(s) or client(s) on the client tree, click Save to apply settings to the

Managing Clients9-7Scan PrivilegesThese privileges allow users to configure their own Manual Scan, Real-time Scan and Scheduled Scan settings by openi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-8Scheduled Scan PrivilegesClients set to run Scheduled Scan can have the privileges to postpone and

Managing Clients9-9Skip and Stop Scheduled ScanEnabling this option allows users to perform the following actions:• Skip Scheduled Scan before it runs

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-10OfficeScan Firewall PrivilegesFirewall privileges allow users to configure their own firewall set

Managing Clients9-11Allow Users to Enable/Disable the OfficeScan Firewall, the Intrusion Detection System, and the Firewall Violation Notification Mes

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-12Mail Scan PrivilegesWhen clients have the Mail Scan privileges, the Mail Scan tab displays on the

Managing Clients9-13Outlook Mail ScanWhen the Mail Scan tab displays on the client console, client users can immediately configure Outlook mail scan s

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-14Toolbox PrivilegeWhen you enable this privilege, the Toolbox tab displays on the client console.

Managing Clients9-15Component Update PrivilegesUpdate privileges allow client users to configure their own update settings.Perform "Update Now&qu

Introducing OfficeScan1-5Key Features and BenefitsOfficeScan provides the following features and benefits:Security Risk ProtectionOfficeScan protects

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-16Enable Scheduled UpdateSelecting this option forces the selected clients to always run scheduled

Managing Clients9-17Client SecurityThis setting allows or restricts users from accessing OfficeScan client files and registries.If you select High, th

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-18Global Client SettingsOfficeScan applies global client settings to all clients or only to clients

Managing Clients9-19In a Compressed File, Scan Only the First __ FilesAfter decompressing a compressed file, OfficeScan scans the specified number of

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-20Exclude Microsoft Exchange Server Folders from ScanningIf the OfficeScan client and a Microsoft E

Managing Clients9-21The following table describes what happens if any of the conditions is not met.TABLE 9-38. Compressed file scenarios and results

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-22Enabled/DisabledNot Clean or Delete (in other words, any of the following: Rename, Quarantine, De

Managing Clients9-23Enable Assessment ModeWhen in assessment mode, all clients managed by the server will log spyware/grayware detected during Manual

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-24The notification message can be enabled/disabled by going to Networked Computers > Client Mana

Managing Clients9-25Firewall Log SettingsYou can grant certain clients the privilege to send firewall logs to the OfficeScan server. Configure the log

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-6Because Damage Cleanup Services runs automatically in the background, you do not need to configur

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-26OfficeScan Service RestartOfficeScan restarts client services that stopped responding unexpectedl

Managing Clients9-27Client Self-protectionClient self-protection provides ways for the OfficeScan client to protect the processes and other resources

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-28Protect OfficeScan Client ProcessesOfficeScan blocks all attempts to terminate the following proc

Managing Clients9-29Network Virus Log ConsolidationWhen you enable this option, OfficeScan clients only send network virus logs to the server once eve

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-30Use Automatic Configuration ScriptOfficeScan uses the proxy auto-configuration (PAC) script set b

Managing Clients9-31Online ClientsOnline clients maintain a continuous connection with the server. The OfficeScan server can initiate tasks and deploy

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-32Offline ClientsOffline clients are disconnected from the server. The OfficeScan server cannot man

Managing Clients9-33Roaming ClientsRoaming clients cannot update components from, nor send logs to, the OfficeScan server. The OfficeScan server also

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-34Updates to roaming clients occur only on the following occasions:• When the client user performs

Managing Clients9-35Required ActionsPerform the necessary actions if the client icon indicates any of the following conditions:Pattern File has not be

Introducing OfficeScan1-7and delivers comprehensive reporting. Administrators can perform remote administration, set customized policies for individua

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-36A Client Within the Corporate Network is Disconnected from the ServerVerify the connection from t

Managing Clients9-375. Verify from the registry whether or not a client is connected to the corporate network.Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-38Verify client-server connection manually or let OfficeScan perform scheduled verification. You ca

Managing Clients9-39Client Proxy SettingsConfigure OfficeScan clients to use proxy settings when connecting to internal and external servers.Internal

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-40External ProxyThe OfficeScan server and client can use external proxy settings when connecting to

Managing Clients9-41Client MoverIf you have more than one OfficeScan server on the network, use the Client Mover tool to transfer clients from one Off

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-425. To confirm the client now reports to the other server, do the following:a. On the client compu

Managing Clients9-434. Type the following:TmTouch.exe <destination file name> <source file name>Where:<destination file name> is the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-44Importing and Exporting Client SettingsYou may want many OfficeScan clients to have the same scan

Managing Clients9-45Managing Inactive ClientsWhen you use the client uninstallation program to remove the client program from a computer, the program

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-8FIGURE 1-1. How the OfficeScan server worksThe OfficeScan server is capable of providing real-t

Trend Micro™ OfficeScan™ 10 Administrator’s Guide9-46

Section 3Providing Additional Protection

Trend Micro™ OfficeScan™ 10 Administrator’s Guide

10-1Chapter 10Policy Server for Cisco NACTopics in this chapter:• About Policy Server for Cisco NAC on page 10-2• Components and Terms on page 10-2• C

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-2About Policy Server for Cisco NACTrend Micro Policy Server for Cisco Network Admission Control (N

Policy Server for Cisco NAC10-3Network Access DeviceA network device that supports Cisco NAC functionality. Supported Network Access Devices include a

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-4TermsBecome familiar with the following terms related to Policy Server for Cisco NAC:TABLE 10-43.

Policy Server for Cisco NAC10-5Authentica-tion, Authori-zation, and Accounting (AAA)Describes the three main services used to control end-user client

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-6Cisco NAC ArchitectureThe following diagram illustrates a basic Cisco NAC architecture.FIGURE 10-

Policy Server for Cisco NAC10-7The Client Validation SequenceClient validation refers to the process of evaluating an OfficeScan client’s security pos

Introducing OfficeScan1-9The OfficeScan ClientProtect Windows computers from security risks by installing the OfficeScan client on each computer. The

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-86. The client performs the actions configured in the posture token. FIGURE 10-23. Network access

Policy Server for Cisco NAC10-9The Policy ServerThe Policy Server is responsible for evaluating the OfficeScan client’s security posture and for creat

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-10Policy Server Policies and RulesPolicy Servers use configurable rules and policies to help enfor

Policy Server for Cisco NAC10-11Security Posture CriteriaRules include the following security posture criteria:• Client machine state: If the client c

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-12Policy Server and OfficeScan Client ActionsIf the client security posture matches the rule crite

Policy Server for Cisco NAC10-13Checkup Virus Pattern version is at least one ver-sion older than the version on the OfficeS-can server to which the c

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-14Quaran-tineVirus Pattern version is at least five ver-sions older than the ver-sion on the Offic

Policy Server for Cisco NAC10-15Policy CompositionPolicies include of any number of rules and default responses and actions.Rule EnforcementPolicy Ser

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-16Default PoliciesPolicy Server provides default policies to give you a basis for configuring sett

Policy Server for Cisco NAC10-17SynchronizationRegularly synchronize the Policy Server with registered OfficeScan servers to keep the Policy Server ve

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-10Smart Scan ServerThe smart scan solution makes use of lightweight patterns that work together to

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-18The figure below illustrates the steps involved in creating and deploying ACS and CA certificate

Policy Server for Cisco NAC10-19The CA CertificateOfficeScan clients with CTA installations authenticate with the ACS server before communicating clie

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-20Hardware• 300MHz Intel Pentium II processor or equivalent • 128MB of RAM• 300MB of available dis

Policy Server for Cisco NAC10-21Hardware• 200MHz single or multiple Intel Pentium processors• 128MB of RAM for Windows 2000• 256MB of RAM for Windows

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-22Cisco 3600 series 3640/3640A, 3660-ENT seriesIOS 12.3(8) or later48MB/16MBCisco 3700 series 3745

Policy Server for Cisco NAC10-23Policy Server for NAC DeploymentThe following procedures are for reference only and may be subject to change depending

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-24Cisco Secure ACS Server EnrolmentEnroll the Cisco Secure ACS server with the Certificate Authori

Policy Server for Cisco NAC10-25g. Click Close to close the Add Standalone Snap-in screen.h. Click OK to close the Add/remove Snap-in screen.i. In the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-263. Copy the certificate (.cer file) to the OfficeScan server computer to deploy it to the client

Policy Server for Cisco NAC10-27Deploying CTA from the OfficeScan Web ConsoleIf you did not select the option to install/upgrade CTA during server ins

Introducing OfficeScan1-11There are no component download overlaps between the Smart Scan Server and the OfficeScan server because each server downloa

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-28Cisco Trust Agent VersionBefore installing CTA to clients, check the CTA version (Cisco Trust Ag

Policy Server for Cisco NAC10-29To deploy CTA to clients from the OfficeScan Web console:1. Open the OfficeScan server Web console and click Agent Dep

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-30Cisco Trust Agent Installation VerificationAfter deploying the CTA to clients, verify successful

Policy Server for Cisco NAC10-31To install Policy Server for Cisco NAC using the Policy Server installer:1. Log on to the computer to which you will i

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-32b. Next to Port, type a port that will serve as the server listening port. When the Policy Serve

Policy Server for Cisco NAC10-33Policy Server SSL Certificate PreparationTo establish a secure SSL connection between the ACS server and the Policy Se

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-34m. Click Next.n. Click DER encoded binary x.509 or Base 64 encoded X.509 and click Next.o. Enter

Policy Server for Cisco NAC10-35ACS Server ConfigurationTo allow Cisco Secure ACS to pass authentication requests to the Policy Server for Cisco NAC,

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-36Policy Server Configuration from OfficeScanThe first step in configuring Policy Servers is to ad

Policy Server for Cisco NAC10-37The Configuration Summary table displays the number of OfficeScan servers registered to the Policy Server, the Policy

Trend Micro™ OfficeScan™ 10 Administrator’s Guide 1-12Smart Scan Server TypesThe Smart Scan Server to which a client connects depends on the client’s

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-38Policy Server RegistrationRegister the Policy Server with at least one OfficeScan server so the

Policy Server for Cisco NAC10-39Client Validation LogsUse the client validation logs to view detailed information about clients when they validate wit

Trend Micro™ OfficeScan™ 10 Administrator’s Guide10-40

11-1Chapter 11Configuring OfficeScan with Third-party SoftwareTopics in this chapter:• Overview of Check Point Architecture and Configuration on page

Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-2Overview of Check Point Architecture and ConfigurationIntegrate OfficeScan installations with Che

Configuring OfficeScan with Third-party Software11-3OfficeScan IntegrationOfficeScan client periodically passes the Virus Pattern number and Virus Sca

Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-4In this example, the SCV check will allow connections through the firewall if the pattern file ve

Configuring OfficeScan with Third-party Software11-55. Add a parameter by clicking Edit > Parameters > Add, and then typing a Name and Value in

Trend Micro™ OfficeScan™ 10 Administrator’s Guide11-6SecureClient Support InstallationIf users connect to the office network from a Virtual Private Ne

12-1Chapter 12Getting HelpTopics in this chapter:• Troubleshooting Resources on page 12-2• Contacting Trend Micro on page 12-15

2-1Chapter 2Getting Started with OfficeScanTopics in this chapter:• The Web Console on page 2-2• Security Summary on page 2-5• The OfficeScan Client T

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-2Troubleshooting ResourcesThis section provides a list of resources you can use to troubleshoot Of

Getting Help12-3Server Debug Log Using LogServer.exeUse LogServer.exe to collect debug logs for the following:• OfficeScan server basic logs• Trend Mi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-4Perform the following steps:1. Copy the LogServer folder located in <Server installation folde

Getting Help12-5Component Update LogFile name: TmuDump.txtLocation: <Server installation folder>\PCCSRV\Web\Service\AU_Data\AU_LogTo get detaile

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-6ServerProtect Normal Server Migration Tool LogTo enable debug logging for ServerProtect Normal Se

Getting Help12-7To enable debug logging for the MCP Agent:1. Modify product.ini in <Server installation folder>\PCCSRV\CmAgent as follows:[Debug

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-8Virus Scan Engine LogTo enable debug logging for the Virus Scan Engine:1. Open the Registry Edito

Getting Help12-9World Virus Tracking LogFile name: wtc.logLocation: <Server installation folder>\PCCSRV\Log\tempOfficeScan Client LogsUse client

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-10To disable debug logging for the OfficeScan client:Delete ofcdebug.ini.Fresh Installation LogFil

Getting Help12-11Client Connection LogFile name: Conn_YYYYMMDD.logLocation: <Client installation folder>\ConnLogClient Update LogFile name: Tmud

The user documentation for Trend Micro OfficeScan introduces the main features of the software and installation instructions for your production envir

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-2The Web ConsoleThe Web console is the central point for monitoring OfficeScan throughout the corpo

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-12OfficeScan Firewall LogTo enable debug logging for the Common Firewall Driver on Windows Vista/2

Getting Help12-13To enable debug logging for the OfficeScan NT Firewall service:1. Edit TmPfw.ini located in <Client installation folder> as fol

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-14Transport Driver Interface (TDI) LogTo enable debug logging for TDI:1. Add the following data in

Getting Help12-15Contacting Trend MicroTechnical SupportTrend Micro provides technical support, pattern downloads, and program updates for one year to

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-16Speeding Up Your Support CallWhen you contact Trend Micro, to speed up your problem resolution,

Getting Help12-17TrendLabsTrendLabsSM is the global antivirus research and support center of Trend Micro. Located on three continents, TrendLabs has a

Trend Micro™ OfficeScan™ 10 Administrator’s Guide12-18Sending Suspicious Files to Trend MicroIf you think you have an infected file but the scan engin

A-1Appendix AGlossaryActiveUpdateActiveUpdate is a function common to many Trend Micro products. Connected to the Trend Micro update Web site, ActiveU

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-2Denial of Service AttackA Denial of Service (DoS) attack refers to an attack on a computer or net

GlossaryA-3End User License AgreementAn End User License Agreement or EULA is a legal contract between a software publisher and the software user. It

Getting Started with OfficeScan2-3On the Web browser, type one of the following in the address bar based on the type of OfficeScan server installation

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-4HTTPHypertext Transfer Protocol (HTTP) is a standard protocol used for transporting Web pages (in

GlossaryA-5IntelliTrapVirus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce th

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-6MCP AgentTrend Micro Management Communication Protocol (MCP) is Trend Micro's next generatio

GlossaryA-7query or log transmission. To reduce the network impact, the MCP agent keeps connection alive and open as much as possible. A subsequent re

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-8POP3Post Office Protocol 3 (POP3) is a standard protocol for storing and transporting email messa

GlossaryA-9SNMP TrapA Small Network Management Protocol (SNMP) trap is a method of sending notifications to network administrators that use management

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-10SSLSecure Socket Layer (SSL) is a protocol designed by Netscape for providing data security laye

GlossaryA-11Trojan PortTrojan ports are commonly used by Trojan horse programs to connect to a computer. During an outbreak, OfficeScan blocks the fol

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-12Trusted PortThe server and the client use trusted ports to communicate with each other. If you b

GlossaryA-13To determine the trusted ports:1. Access <Server installation folder>\PCCSRV.2. Open the ofcscan.ini file using a text editor such a

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-4The Web Console BannerThe banner area of the Web console provides you the following options:FIGURE

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-14Files Infected with WormsA computer worm is a self-contained program (or set of programs) able t

GlossaryA-153. Open the command prompt, and type the following to delete the files:cd \cd recycleddel *.* /SThe last command deletes all files in the

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-163. If the infected file is in the Windows Temp folder:a. Open the command prompt and go to the W

GlossaryA-17For computers running other operating systems (or those without NTFS):1. Restart the computer in MS-DOS mode.2. If the infected file is in

Trend Micro™ OfficeScan™ 10 Administrator’s Guide A-18

IN-1IndexAAccess Control Server (ACS) 10-3ACS certificate 10-17Active Directory 1-3, 2-22, 3-12, 3-23, 8-9query results 2-24scheduled query 2-27scope

Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-2client security level 9-17client self-protection 1-3, 9-27client tree 2-11advanced search 2-13ge

Manual NameIN-3profiles 7-2, 7-12tasks 7-4testing 7-18Fragmented IGMP 7-3Ggateway IP address 9-2gateway settings importer 9-4global client settings 9-

Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-4MSI package 3-11–3-12, 3-23–3-24NNetwork Access Device 10-3network virus 5-4, 7-2, 9-29new featu

Manual NameIN-5Ppacker 5-3password 2-3, 8-23password cracking applications 5-5patches 4-8performance control 1-4, 5-27phishing A-7Ping of Death 7-3Plu

Getting Started with OfficeScan2-5Security SummaryThe Summary screen appears when you open the OfficeScan Web console or click Summary in the main men

Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-6user accounts 8-6user roles 8-2rootkit protection 4-7Sscan actions 5-30spyware/grayware 5-40viru

Manual NameIN-7Smart Scan Agent Pattern 4-3Smart Scan Pattern 1-10, 4-3Smart Scan Server 1-10, 4-21, 5-10scheduled updates 4-21types 1-12update source

Trend Micro™ OfficeScan™ 10 Administrator’s Guide IN-8Update Agent 4-37URL Filtering Engine 4-6user roleadministrator 8-2guest user 8-4power user 8-3V

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-6If you have obtained an Activation Code, renew a license by going to Administration > Product L

Getting Started with OfficeScan2-7The Conventional Scan tab displays the following information:FIGURE 2-4. Summary screen - Conventional Scan tab• T

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-8The Smart Scan tab displays the following information:FIGURE 2-5. Summary screen - Smart Scan ta

Getting Started with OfficeScan2-9Top 10 Security Risk StatisticsA link on the Detection Status table opens a screen containing top 10 security risk s

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-10Outbreak StatusThe Outbreak Status table provides the status of any current security risk outbrea

Getting Started with OfficeScan2-11For each program, view the clients that have not been upgraded by clicking the number link corresponding to the pro

ContentsiContentsPrefaceOfficeScan Documentation ...xviAudience ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-12Client Tree General TasksBelow are the general tasks you can perform when the client tree display

Getting Started with OfficeScan2-13• Refresh the client tree by clicking .• View client statistics below the client tree, such as the total number of

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-14Networked Computers > Client ManagementManage general client settings on this screen.FIGURE 2-

Getting Started with OfficeScan2-15Settings• Choose from the available scan methods. For details, see Scan Methods on page 5-8.• Configure settings fo

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-16Logs View the following logs:• Virus/Malware Logs on page 5-48• Spyware/Grayware Logs on page 5-5

Getting Started with OfficeScan2-17Networked Computers > Outbreak PreventionTask: Specify and activate outbreak protection settings.FIGURE 2-11.

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-18Updates > Rollback > Synchronize with ServerTask: Perform component rollback.FIGURE 2-13.

Getting Started with OfficeScan2-19Logs > Networked Computer Logs > Security RisksView and manage logs on this screen.FIGURE 2-14. Security Ri

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-20Cisco NAC > Agent DeploymentTask: Perform Cisco Trust Agent Deployment.FIGURE 2-15. Agent De

Getting Started with OfficeScan2-21To add a domain:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > MANAGE CLIENT TREE > ADD DOMAINS1. Type a

Trend Micro™ OfficeScan™ 10 Administrator’s Guide iiSection 1: Protecting Networked ComputersChapter 3: Installing the OfficeScan ClientInstallation R

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-22To move a client:PATH: NETWORKED COMPUTERS > CLIENT MANAGEMENT > MANAGE CLIENT TREE > MO

Getting Started with OfficeScan2-23Active Directory Scope and QueryWhen using Security Compliance for the first time, define the Active Directory scop

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-244. Choose whether to check a computer’s connectivity using a particular port number. When connect

Getting Started with OfficeScan2-25Recommended tasks:1. On the Security Status section, click a number link to display all affected computers in the c

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-26OfficeScan Client InstallationBefore installing the client, take note of the following:1. Record

Getting Started with OfficeScan2-27To install the OfficeScan client:PATH: SECURITY COMPLIANCE1. Click Install on top of the client tree.If an earlier

Trend Micro™ OfficeScan™ 10 Administrator’s Guide2-28

Section 1Protecting NetworkedComputers

Trend Micro™ OfficeScan™ 10 Administrator’s Guide

3-1Chapter 3Installing the OfficeScan ClientTopics in this chapter:• Installation Requirements on page 3-2• Installation Methods on page 3-11• Migrati

ContentsiiiChapter 4: Keeping Protection Up-to-DateOfficeScan Components and Programs ... 4-2Antivi

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-2Installation RequirementsThe OfficeScan client can be installed on computers running the following

Installing the OfficeScan Client3-3Hardware Processor300MHz Intel™ Pentium™ or equivalentRAM256MB minimum, 512MB recommendedAvailable disk space350MB

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-4TABLE 3-5. Windows XP/2003, 32-bit versionRESOURCE REQUIREMENTOperating system• Windows XP Profe

Installing the OfficeScan Client3-5Others• Microsoft Internet Explorer 6.0 or later if performing Web setup• Disable Simple File Sharing on Windows XP

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-6Hardware Processor• Intel x64 processor• AMD64 processorRAM256MB minimum, 512MB recommendedAvailab

Installing the OfficeScan Client3-7TABLE 3-7. Windows Vista, 32-bit and 64-bit versionsRESOURCE REQUIREMENTOperating system• Windows Vista™ Business

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-8Others Windows Internet Explorer 7.0 or later if performing Web setupTABLE 3-8. Windows 2008, 32

Installing the OfficeScan Client3-9Others Windows Internet Explorer 7.0 or later if performing Web setupTABLE 3-9. Windows 2008, 64-bit versionRESOU

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-10Compatibility ListOfficeScan is compatible with the following third-party products:• Citrix XenAp

Installing the OfficeScan Client3-11Installation MethodsThis section provides a summary of the different client installation methods to perform fresh

Trend Micro™ OfficeScan™ 10 Administrator’s Guide ivUpdate Source for Update Agents ...4-39Updat

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-12Client Packager (MSI package deployed through Active Direc-tory)Supported on all operating system

Installing the OfficeScan Client3-13Installing from the Web Install PageUsers can install the client program from the Web install page if you installe

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-14Send the following instructions to users to install the OfficeScan client from the Web install pa

Installing the OfficeScan Client3-15Initiating Browser-based InstallationSet up an email message that instructs users on the network to install the Of

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-16For remote desktop installation using AutoPcc.exe:• The computer must be run in Mstsc.exe /consol

Installing the OfficeScan Client3-17To add AutoPcc.exe to the login script using Login Script Setup:1. On the computer you used to run the server inst

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-18Installing with Client PackagerClient Packager can compress Setup and update files into a self-ex

Installing the OfficeScan Client3-194. Configure the following settings (some settings are only available if you select a particular package type):• W

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-20Package deployment guidelines:1. Send the package to users and ask them to run the client package

Installing the OfficeScan Client3-21• If you will use the package to upgrade a client to this OfficeScan version, check the domain level scan method o

ContentsvSecurity Risk Notifications for Administrators ... 5-45Security Risk Notifications for Client Users ...

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-222. The OfficeScan server that manages the Update Agent will not be able to synchronize or deploy

Installing the OfficeScan Client3-23Check Point SecureClient SupportThis tool adds support for Check Point™ SecureClient™ for Windows 2000/XP/Server 2

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-247. Select a deployment method and then click OK.• Assigned: The MSI package is automatically depl

Installing the OfficeScan Client3-256. Browse and select the MSI package file created by Client Packager, and then click Open. The MSI package name ap

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-26To distribute the package to target computers:1. On the Tree tab, click Advertisements.2. On the

Installing the OfficeScan Client3-2717. Click Yes, assign the program, and then click Next.Microsoft SMS creates the advertisement and displays it on

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-283. Select the target computers.•The Domains and Computers list displays all the Windows domains o

Installing the OfficeScan Client3-29Installing from a Client Disk ImageDisk imaging technology allows you to create an image of an OfficeScan client u

Trend Micro™ OfficeScan™ 10 Administrator’s Guide3-30Using Vulnerability ScannerUse Vulnerability Scanner to detect installed antivirus solutions, sea

Installing the OfficeScan Client3-31Network Topology and ArchitectureCentralized administra-tionModerately effectiveOutsource service Moderately effec