Best Practice Configurations for OfficeScan 10.0



Similar documents
Best Practice Configurations for OfficeScan (OSCE) 10.6

Best Practice Configurations for OfficeScan (OSCE) 10.6

Trend Micro OfficeScan Best Practice Guide for Malware

Trend Micro OfficeScan 11.0 SP1. Best Practice Guide for Malware

K7 Business Lite User Manual

Core Protection for Virtual Machines 1

F-Secure Client Security. Administrator's Guide


SecuraLive ULTIMATE SECURITY

ViRobot Desktop 5.5. User s Guide

Best Practices for Deploying Behavior Monitoring and Device Control

Worry-Free TM Remote Manager TM 1

Sophos for Microsoft SharePoint startup guide

F-Secure Anti-Virus for Windows Servers. Administrator's Guide

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Sophos Endpoint Security and Control Help. Product version: 11

Data and Network Security

If the Domain Controller is running Windows Server 2003, it is strongly advised that the Group Policy Management tool is installed.

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Sophos Endpoint Security and Control Help

LogLogic Trend Micro OfficeScan Log Configuration Guide

How to Configure Windows 8.1 to run ereports on IE11

Outpost Network Security

SAS Business Data Network 3.1

PC Security and Maintenance

Product Guide. McAfee Endpoint Security 10

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Sophos Anti-Virus for Mac OS X Help

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

F-Secure Internet Security 2012

Cyber Security: Software Security and Hard Drive Encryption

Windows Operating Systems. Basic Security

Configuration Information

Installing GFI MailSecurity

Sophos Anti-Virus for Mac OS X Help

Citrix Access Gateway Plug-in for Windows User Guide

Release Notes for Websense Security v7.2

OfficeScan Client / Server Edition 10.5 Best Practice Guide

Trend ScanMail. for Microsoft Exchange. Quick Start Guide

Comodo Endpoint Security Manager SME Software Version 2.1

Sophos Anti-Virus for NetApp Storage Systems startup guide

How to Install Windows 7 software

You can view, download or upload files through the WEB interface or FTP link depending on Type of access you have been granted.

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

AV Management Dashboard

Sophos Anti-Virus for Mac OS X: Home Edition Help

Manually Add Programs to Your Firewall or Anti-Virus Programs Trusted List. ZoneAlarm

AT&T Internet Security Suite - powered by McAfee. Installation Guide (for Clean Machine with No Anti-Virus Installed)

Get Started Guide - PC Tools Internet Security

Contents. McAfee Internet Security 3

LogMeIn Backup. User Guide

Net Protector Admin Console

CTERA Agent for Windows

WordCom, Inc. Secure File Transfer Web Application

F-Secure and Server Security. Administrator's Guide

Dell SonicWALL SRA 7.5 Secure Virtual Meeting and Secure Virtual Assist

Sophos for Microsoft SharePoint Help

Hyperoo 2 User Guide. Hyperoo 2 User Guide

Managed Antivirus Quick Start Guide

1. Product Information

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

Allworx OfficeSafe Operations Guide Release 6.0

Exchange Server Backup and Restore

Online Backup Client User Manual Linux

Sophos Cloud Help Document date: January 2016

Copyright Pro Softnet Corporation. All rights reserved. 2 of 24

FortKnox Personal Firewall

2. Installation and System requirements

Changing Your Cameleon Server IP

Configuration Information

Foxit Enterprise Reader GPO User Guide

Charter Business Desktop Security Administrator's Guide

Core Protection Module 1.6 powered by. User s Guide

Safe internet for business use: Getting Started Guide

ECA IIS Instructions. January 2005


IBM Security QRadar SIEM Version MR1. Administration Guide

Airtel PC Secure Trouble Shooting Guide

How to easily clean an infected computer (Malware Removal Guide)

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Windows Security Scoring Tool Implementation Guide v2.0.1

Kaseya 2. User Guide. Version 7.0. English

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Basic Troubleshooting (Common Problems)

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

CTERA Agent for Windows

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

VirtualXP Users Guide

1 of 10 1/31/2014 4:08 PM

CIS 4361: Applied Security Lab 4

Core Protection Module 1

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Basic Administration Guide

Windows 7 Hula POS Server Installation Guide

Desktop Surveillance Help

Tutorial: Assigning Prelogin Criteria to Policies

Transcription:

Best Practice Configurations for OfficeScan 10.0 Applying Latest Patch(es) for OSCE 10.0 To find out the latest patches, refer to http://www.trendmicro.com/download/product.asp?productid=5 NOTE : There is no need to re-apply if already configured Configuring Manual Scan Settings 4. Click on Settings > Manual Scan Settings 5. Configure the Target tab 6. Files to Scan All Scannable files 7. Scan Settings Scan hidden folders, Scan network drive, Scan compressed files 8. Virus /Malware Scan Settings Only Scan boot area, Enable Intellitrap 9. CPU Usage Medium: pause slightly between file scans 10. Configure the Action tab 11. Virus/Malware Use a specific action for each virus/malware type: 12. Use the same action for all malware types 1st action: Clean, 2nd action: Delete or Quarantine 13. Spyware/Grayware Clean: OfficeScan will terminate processes or delete registries, files, cookies and shortcuts. otherwise, it will be overwritten. Configuring Real-time Scan Settings 4. Click on Settings > Real-time Scan Settings 5. Enable virus/malware scan and Enable spyware/grayware scan 6. Configure the Target tab. 7. User Activity on Files Scan files being: created/modified and retrieved 8. Files to Scan Files types scanned by IntelliScan 9. Scan Settings Scan network drive, scan compressed files 10. Virus/Malware Scan Settings Only Enable Intellitrap 11. Scan Exclusion Enable Scan exclusion 12. Configure the Action tab 13. Use the same action for all malware types 1st action: Clean, 2nd action: Delete or Quarantine otherwise, it will be overwritten.

Configuring Scheduled Scan Settings 4. Click on Settings > Scheduled Scan Settings 5. Enable virus/malware scan and Enable spyware/grayware scan 6. Configure the same settings for the Target 7. Configure the Schedule to run at least once a week. 8. Files to Scan All Scannable files 9. Scan Settings Scan compressed files 10. Virus /Malware Scan Settings Only Scan boot area, Enable Intellitrap 11. CPU Usage Medium: pause slightly between file scans 12. Configure the Action tab 13. Virus/Malware Use the same action for all malware types 1st action: Clean, 2nd action: Delete or Quarantine 14. Display a notification message on the client computer when virus/malware is detected 15. Spyware/Grayware Clean: OfficeScan will terminate processes or delete registries, files, cookies and shortcuts. otherwise, it will be overridden. Configuring Scan Now Settings 4. Click on Settings > Scan Now Settings 5. Enable virus/malware scan and Enable spyware/grayware scan 6. Configure the Target tab 7. Files to Scan All Scannable files 8. Scan Settings Scan compressed files 9. Virus /Malware Scan Settings Only Scan boot area, Enable Intellitrap 10. CPU Usage Medium: pause slightly between file scans 11. Configure the Action tab 12. Virus/Malware Use the same action for all malware types 1st action: Clean, 2nd action: Delete or Quarantine 13. Spyware/Grayware Clean: OfficeScan will terminate processes or delete registries, files, cookies and shortcuts. otherwise, it will be overridden.

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats. When a client requests a URL, it first checks the reputation score of the URL by querying the Trend Micro reputation servers. Access to the URL is then allowed or denied depending on the score and the security level you configured. To configure WRS, please do the following: 4. Click on Settings and select Web Reputation Settings 5. For both External and Internal Clients, put a check mark on Enable Web Reputation Policy 6. Select the Medium security level for the policy. 7. Select whether to Allow clients to send logs to the OfficeScan server. You can use this option to analyze URLs blocked by WRS. 8. Click Save 9. Networked Computers Global Client Settings Web Reputation Approved URL List Edit Approved URL List: You may add the URLs of the Web sites you want to allow. Select whether to approve all subsites or the individual page only. By default, Trend Micro and Microsoft Web sites are included in the list. otherwise, it will be overridden. Configure Device Control One of the new features of OfficeScan 10.x is the Device Control. It provides control feature that regulates access to external storage devices and network resources connected to computers. Device control helps prevent data loss and leakage and, combined with file scanning, helps guard against securitry risks. By default, Device Control feature is enabled but ALL devices have FULL ACCESS. Configure the settings according to your preference. 4. Click on Settings and select Device Control Enable Scan Action on Generic/Heuristic Detection 1. On the OfficeScan installation directory, open the /PCCSRV/ofcscan.ini file using a text editor. 2. Under the Global Setting section, add the following keys and assign the values of <x> and <y> with the scan action value you want to use:

[Global Setting] 1stActForGenericVirus=<x> 2ndActForGenericVirus=<y> where: <x> is the first action <y> is the second action and the scan action values are as follows: 0 - Pass (permanent) 1 - Rename 2 - Move / Quarantine 3 - Clean 4 - Delete 5 - Pass (temporary) NOTE : It is recommended to set the first generic action attempt to clean (3) and the second action attempt was to Delete (4) or Move (2). 3. Save and close the file. 4. Log on to the management console. 5. Go to Networked Computers > Global Client Settings. 6. Click Save to deploy the setting to all clients. Important: OfficeScan client users with the privilege to configure scan actions must set the action to "Custom Action" instead of "ActiveAction". This ensures that the scan action you configured is deployed to the client. "ActiveAction" has a higher priority and overrides "Custom Action". Enable Enhanced GeneriClean Technology Do the following: 1. Go to the Officescan server (pccsrv\admin folder). 2. Delete \PCCSRV\Download\hotfixnt.txt file. 3. Rename the tsc.ini file to "tsc.ini_old". 4. Modify the tsc.ini and add these entries at the bottom [secured policy] DisableTaskMgr=1 DisableRegistryTools=1 NoRun=1 NoCloseKey=1 NoFind=1 DisallowRun=1 FirewallDisableNotify=0 UpdatesDisableNotify=0 AntiVirusDisableNotify=0 FirewallOverride=0 AntiVirusOverride=0 NoAutoUpdate=0 AUOptions=1 EnableFirewall=0

5. Open the file and save it. Check the timestamp of the file. It should reflect the date today. 6. Open the PCCSRV\Autopcc.cfg\apnt.ini file. 7. Look for the "admin\tsc.ini" line. If it does not exist, add it. 8. Save and close the file. 9. Wait 2-3 minutes and the hotfixnt.txt will be automatically generated. 10. The Officescan server will now notify the officescan clients and deploy the tsc.ini file. 11. If hotfixnt.txt was not automatically generated, please restart the Officescan master service. Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network. 1. Login to the OfficeScan Management Console 4. Click on Settings > Privileges and Other Settings 5. On the Privileges tab >Roaming Privilege 6. Uncheck Enable roaming mode option if enabled for LAN machines. Otherwise, leave it as is. Install Intrusion Defense Firewall (IDF) plug-in Note: Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager. This requires a new activation code. Please contact sales to obtain a license. Intrusion Defense Firewall is an advanced, host-based intrusion defense system that brings proven network security approaches, including firewall and intrusion detection and prevention, down to individual networked computers and devices. In addition, it can also prevent a malware attack that exploits the vulnerability. More information can be found at http://www.trendmicro.com/download/product.asp?productid=84 1. Login to the OfficeScan Management Console 2. Click Plug-in Manager 3. Under Intrusion Defense Firewall, click Download Using the Security Compliance Securitry Compliance allows you to detect client computers that do not have antivirus software installed within your network environment, by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients. Security Compliance can then install the OfficeScan client on unprotected computers. 1. Login to the OfficeScan Management Console 2. Click on Security Compliance 3. Inline with Active Directory Scope, click on Define button 4. If you have more than one (1) OfficeScan server, click on the link for Specify Ports under Advanced Setting then click on Save button. 5. Click on Save and re-assess button. 6. You will be presented back to the Security Compliance screen with the assessment result for the machines within your Active Directory Scope. You can then highlight the machines you wish and click on Install button to deploy OfficeScan client program to them.

Note: If you have more than one (1) OfficeScan servers installed within your environment, you need to specify each communication port being used by officescan clients to connect to their respective OfficeScan server. This feature can only validate machines with OfficeScan client software installed. If a machine is running other anti-virus program, assessment will return a BLANK result for the machine names you have queried. Disable System Restore 1. In Active Directory Users and Computers, navigate to Computer Configuration, Administrative Templates, System, System Restore. 2. Double-click "Turn off System Restore," set it to Enabled, then click OK. 3. Close the policy and exit Active Directory Users and Computers. 4. The changes will take effect on the next policy refresh. Disable Autorun 1. Click on Start then Run 2. Type in GPEDIT.MSC then hit Enter. 3. Go to Local Computer Policy Administrative Template System 4. On the right pane, double-click Turn off Autoplay 5. When you are in the properties dialog box, click enabled 6. Choose All drives from the drop-down list underneath. 7. Click on OK. Run Microsoft Baseline Security Analyzer 2.1 once a Month to check for Unpatched PC 1. Download the tool on the link below http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889e- ECF997EB18E9&displaylang=en#Instructions 2. See more information on the link below http://technet.microsoft.com/en-au/security/cc184924.aspx Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers, emails from unidentified users and from pop-up windows.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information