OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010



Similar documents
McAfee.com Personal Firewall

Manually Add Programs to Your Firewall or Anti-Virus Programs Trusted List. ZoneAlarm

FortKnox Personal Firewall

Cox Business Premium Security Service FAQs

Airtel PC Secure Trouble Shooting Guide

Core Protection for Virtual Machines 1

Firewall Firewall August, 2003

Best Practice Configurations for OfficeScan (OSCE) 10.6

10 Configuring Packet Filtering and Routing Rules

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Firewall Defaults and Some Basic Rules

Computer Viruses: How to Avoid Infection

Norton Personal Firewall for Macintosh

How to set up popular firewalls to work with Web CEO

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Information Technology Center of Kabul(ITCK) Kabul University Prepared by: Humaira Saifi

NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT

Lab - Configure a Windows 7 Firewall

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Kaseya Server Instal ation User Guide June 6, 2008

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Firewalls and Software Updates

Understand Troubleshooting Methodology

1. Firewall Configuration

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Lab Configuring Access Policies and DMZ Settings

Trend Micro OfficeScan Best Practice Guide for Malware

Use this guide if you are no longer able to scan to Sharpdesk. Begin with section 1 (easiest) and complete all sections only if necessary.

Windows XP Service Pack 2 Issues

Frequently Asked Questions: Xplornet Internet Security Suite

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

freesshd SFTP Server on Windows

PC Security and Maintenance

Lab - Configure a Windows Vista Firewall

Networking for Caribbean Development

Docufide Client Installation Guide for Windows

Yale Software Library

CIS 4361: Applied Security Lab 4

Sophos for Microsoft SharePoint startup guide

HoneyBOT User Guide A Windows based honeypot solution

Verizon Firewall. 1 Introduction. 2 Firewall Home Page

Network Defense Tools

Net Protector Admin Console

Did you know your security solution can help with PCI compliance too?

Ad-Aware Antivirus Overview

Core Protection Module 1

Virgil and the Windows XP Service Pack 2 Firewall FAB Software Limited September 2004

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

OfficeScanTM Client/Server Edition 8 for Enterprise and Medium Business

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Client Server Security3

How to Configure Windows Firewall on a Single Computer

AV Management Dashboard

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Installing GFI MailSecurity

Core Protection Module 1.6 powered by. User s Guide

Pearl Echo Installation Checklist

Trend Micro PC-cillin Internet Security 2006

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

ViRobot Desktop 5.5. User s Guide

F-Secure Client Security. Administrator's Guide

Best Practices for Deploying Behavior Monitoring and Device Control

Endpoint Security Console. Version 3.0 User Guide

Chapter 4 Firewall Protection and Content Filtering

Trend Micro Titanium 3.0 and the Microsoft Windows Firewall

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

GFI White Paper PCI-DSS compliance and GFI Software products

SMALL BUSINESS EDITION. Sophos Control Center startup guide

Sophos Endpoint Security and Control Help. Product version: 11

About Firewall Protection

Malware Protection II White Paper Windows 7

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Get Started Guide - PC Tools Internet Security

Symantec LiveUpdate Administrator. Getting Started Guide

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

Configuring Security for FTP Traffic

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Intrusion Defense Firewall 1.2 for OfficeScan Client/Server Edition. Deployment Guide

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

AND SERVER SECURITY

Symantec Endpoint Protection Getting Started Guide

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

AND SERVER SECURITY

Set Up Setup with Microsoft Outlook 2007 using POP3

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Avira Exchange Security Version 12. HowTo

Getting started. Symantec AntiVirus Business Pack. About Symantec AntiVirus. Where to find information

InduSoft Web Studio + Windows XP SP2. Introduction. Initial Considerations. Affected Features. Configuring the Windows Firewall

Enterprise Manager. Version 6.2. Installation Guide

WhatsUp Event Alarm v10.x Listener Console User Guide

CONFIGURING TCP/IP ADDRESSING AND SECURITY

SonicOS 5.9 One Touch Configuration Guide

Hosting Users Guide 2011

Client Server Messaging Security3

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

F-SECURE MESSAGING SECURITY GATEWAY

Transcription:

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 What is Trend Micro OfficeScan? Trend Micro OfficeScan Corporate Edition protects campus networks from viruses, Trojans, worms, Web-based threats, hackers, and network viruses, plus spyware and mixed threat attacks. It supports Windows 7, Vista, XP, 2000 and Windows Server 2008 and 2003 operating systems. You can find the blue colour OfficeScan client icon in your system tray.. OfficeScan consists of a client program that resides at the endpoint and a server program that manages all clients. The client guards the endpoint and reports its security status to the server. The server, through the Web-based management console, makes it easy to set coordinated security policies and deploy updates to every client. What is the Enterprise Client Firewall? The Enterprise Client Firewall is one of the features of Trend Micro OfficeScan Enterprise Edition helps protect Windows 7, Vista, XP, 2000 and Windows Server 2008 and 2003 clients from hacker attacks and network viruses by creating a barrier between the client and the network. The default setting for the Enterprise Client Firewall is MEDIUM security level. (Medium: blocks all incoming and allows all out going traffic, except as specified otherwise in the Exception List) What can the Enterprise Client Firewall do? 1. Traffic Filtering Enterprise Client Firewall filters all incoming and outgoing traffic, providing the ability to block certain types of traffic based on the following criteria: Direction (in coming or outgoing) Protocol (TCP/UDP/ICMP) Destination ports Destination computer 2. Scanning for Network Viruses Enterprise Client Firewall also examines each packet to determine if it is infected with a network virus. A network virus spreading over a network is not, strictly speaking, a network virus. Only some of the security risks mentioned above, such as worms, qualify as network viruses. Specifically, network viruses use network protocols, such as TCP, FTP, UDP, HTTP, and email protocols to replicate. They often do not alter system files or modify the boot sectors of hard disks. Instead, network viruses infect the memory of client machines, forcing them to flood the network with traffic, which can cause slowdowns and even complete network failure. Because network viruses remain in memory, they are often undetectable by conventional disk-based file I/O scanning methods. Enterprise Client Firewall works with a virus pattern file to identify and block network viruses. 3. Customized Profiles and Policies Enterprise Client Firewall gives the administrators the ability to configure policies to block or allow specified types of network traffic. Assign a policy to one or more profiles, which administrators can then deploy to specified OfficeScan clients. This provides a highly customized method of organizing and configuring Enterprise Client Firewall settings for our clients. 4. Stateful Inspection Enterprise Client Firewall is a stateful inspection firewall; it monitors all connections to the client and remembers all connection states. It can identify specific conditions in any connection, predict what actions should follow, and detect when normal conditions are violated. Filtering decisions, therefore, are based not only on profiles and policies, but also on the context established by analyzing connections and filtering packets that have already passed through the firewall. 5. Intrusion Detection System

Enterprise Client Firewall also includes an Intrusion Detection System (IDS). When enabled, IDS can help identify patterns in network packets that may indicate an attack on the client. Enterprise Client Firewall can help prevent the following well-known intrusions: Too Big Fragment Ping of Death Conflicted ARP SYN flood Overlapping Fragment Teardrop Tiny Fragment Attack Fragmented IGMP LAND attack 6. Firewall Outbreak Monitor Firewall Outbreak Monitor sends a customized alert message to specified recipients when log counts exceed certain thresholds, which may signal an attack. 7. Client firewall Privileges Grant clients the privilege to view the Firewall tab on the OfficeScan client program. The Firewall tab displays the firewall settings for the client. Also grant users the privilege to adjust the security level and the exception rule list. Note: You can install, configure, and use Trend Micro Enterprise Client Firewall on Windows machines that also have Windows Firewall enabled. However, you must manage you policies carefully to avoid creating conflicting firewall policies and producing unexpected results. For example, if you configure one firewall to allow traffic from a certain port but the other firewall blocks traffic from the same port, the traffic will be blocked. Please see the Microsoft documentation for details on Windows Firewall. (Our recommendation is that you should NOT do this) Has the Enterprise Client Firewall been tested? IT Services tested and implemented Trend Micro Enterprise Protect Strategy and installed both Enterprise Client Firewall and Intrusion Detection System (IDS) for OfficeScan clients to guard campus computers from threats (viruses, worms, Trojans, spyware/adware, and others) three year before Microsoft introduced Windows Firewall in the Windows XP Service Pack 2 (SP2). Which Firewall should I use (Windows or OfficeScan)? IT Services recommends all OfficeScan users use the Enterprise Client Firewall for the following reasons: It provides network virus protection It provides intrusion protection A centrally managed firewall reduces the confusion and support for IT Service and other campus technicians. It scans not only inbound but also outbound traffic to prevent hackers from using your computer to attack other computers It enables firewall configuration flexibility against virus outbreaks Will two firewalls give me better protection? The answer is NO. Enabling two or more firewalls together will cause driver conflicts. When you have more than one firewall enabled at the same time, you will see the following warning from Start -> Settings -> Control Panel -> Security Center:

By clicking the link, you will be provided with the following information: Please refer to the How do I disable Windows firewall? section to disable Windows firewall. Do I have Enterprise Client Firewall Installed and Enabled? The following steps show you how to verify the Enterprise Client Firewall Installed and Enabled on your computer(s): 1. Right-click the TrendMicro icon in your system tray and select OfficeScan Console. 2. Select Firewall tab. 3. The following information shows that firewall, Intrusion Detection System (IDS), and Alert Message are all enabled.

Do I have the newest version of OfficeScan client? The following steps show you how to verify the version of OfficeScan client on your computer: 1. Right-click the TrendMicro icon in your system tray and select OfficeScan Console. 2. Select Component Versions.

3. The following shows the version of OfficeScan client on your computer. Current version of OfficeScan client is 10.0. How is the OfficeScan firewall configured? By default, the firewall is configured to MEDIUM security level. High security level blocks all in coming and out going traffic, except as specified otherwise in the Exception List Medium security level blocks all incoming and allows all outgoing traffic, except as otherwise specified in the exception list; Low security level allows all incoming and outgoing traffic, except as otherwise specified in the exception list. We recommend MEDIUM security level because: The increasing Network threats, Low security level has been using since 2001. Medium security level is the default configuration for MS Windows firewall. Instructions on changing the security level are given below. Please check the troubleshooting suggestions section first.

How do I disable the Windows firewall? 1. Start -> Settings -> Control Panel -> Security Center 2. Double-click Windows Firewall 3. Select Off (not recommended) and click OK OfficeScan Firewall Troubleshooting Suggestions If you have applications that previously worked when OfficeScan firewall security level was LOW but after the security level was changed to MEDIUM these applications were no longer available, please use the following steps to check if the problem is related to OfficeScan firewall: 1. Make sure there is only ONE firewall active on your computer. (Please refer to the Will two firewalls give me better protection? section of this document) If your computer has more then one firewall, please refer to the How do I disable Windows firewall? section. 2. Make sure the latest version of OfficeScan client is running on you computer. (Please refer to the Do I have the newest version of OfficeScan client? section) 3. Change the OfficeScan Firewall Security level from Medium to Low and execute your application one at a time. Will low security level make a difference? If your application works fine at low security level, then you need to configure the exception list on your computer. Please use the link under the Related Topics section to find out the Protocol(s) and port number(s) that got blocked by OfficeScan firewall: Note: The OfficeScan Firewall Logs only records blocked network traffic. It doesn t show successful connections. 4. If you need to use some applications on your computer right away but you are not able to resolve the firewall issues, the fastest way you can get around the problem is to change the OfficeScan firewall security level from Medium to Low temporarily. After the situation has been resolved, please don t forget to configure the exception list on your computer and change the security level back to Medium. 5. If your lab computers run Deep Freeze, please make all necessary changes under thawed status then refreeze otherwise the changes will not stay. Related Topics 1. To modify the OfficeScan client security level 2. To modify the OfficeScan exception list 3. How to identify Protocols and Ports for OfficeScan Firewall

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information