TREND MICRO OfficeScan 7 Руководство администратора
В руководстве администратора программы Trend Micro OfficeScan описаны основные функции данного программного обеспечения
287 41 3MB
Russian Pages 337 Year 2005
Recommend Papers
File loading please wait...
Citation preview
TREND MICRO OfficeScan 7
TM
TM
Комплексная защита корпоративных компьютеров
Руководство администратора
Trend Micro Incorporated .
Trend Micro
readme, , :
-
www.trendmicro-europe.com/download :
Trend Micro , (1)
. ,
Trend Micro.
Trend Micro, Trend Micro t-ball logo, Control Manager, OfficeScan, ServerProtect, TrendLabs Trend Micro Anti-Spyware Services Trend Micro Incorporated. . © Trend Micro Incorporated, 2005
.
. ,
,
Trend Micro Incorporated. : OSEM72212/50217 :
2005 № 5,623,600; 5,889,943; 5,951,698; 6.119,165 Trend Micro OfficeScan . .
Trend Micro. Trend Micro ,
. Trend Micro,
[email protected].
. :
www.trendmicro.com/download/documentation/rating.asp
,
1:
OfficeScan™
32-
OfficeScan 7.0 .................................................. 1-3 ................................... 1-3 ................................... 1-4 OfficeScan ............................................................... 1-6 ......................................................... 1-6 « » (grayware) ................................................ 1-7 OfficeScan ................................... 1-8 OfficeScan ....... 1-15 ................ 1-18 OfficeScan ............................................. 1-21 OfficeScan ............................................................... 1-21 OfficeScan ............................................................... 1-22 64. 1-26 ......................................................................... 1-26 OfficeScan ..... 1-28
2:
OfficeScan -
....................................................... 2-2 ................................................... 2-3 .................................................. 2-9 OfficeScan ...................... 2-10 ........................... 2-10
i
Trend Micro™ OfficeScan™ 7.0
OfficeScan ...........................................2-11 OfficeScan ................................................................................2-13 ...................................................................2-13 OfficeScan .............................................................2-16 ...........................................2-16 ............................................................2-17 ....................................2-21 .........................................................2-25 NAT .........2-35 ...........................................2-36 .........2-38 ....................................................2-40 ..........................................................2-41 ........................2-42 .........2-44 .............................2-47 .....................................2-49 ActiveAction .....................................2-50 IntelliScan .........................................................2-50 ....................................2-51 ................................................................................2-54 .........................2-58 ................2-61 Scan Now ( ) ......................................................................2-63 .....................2-68 .........................................2-73 .......................2-77
3:
«
» « «
ii
, »
» ..........................................................................3-2
........................................................ 3-2 » ........................................................ 3-3 ................................... 3-3 Trend Micro .......................................... 3-4 ........................ 3-4 ActiveX ............................................................ 3-5 ............... 3-6 » ................................................................. 3-6 (Grayware) ................................................ 3-6 ...................................... 3-6 Cleanup Now ( ) ..................... 3-9 « » ................................................................................... 3-11 « » .............................................................................. 3-13 « » ......................................... 3-14 «
«
4: -
................................................ 4-2 ........................... 4-2 OfficeScan ....................... 4-3 ................................................ 4-4 .............................................. 4-5 .... 4-6 OfficeScan .............. 4-7
5: ..................................................................................... 5-2 ................................................. 5-2 ........................................................... 5-3 ...................................... 5-7 .............................................................................. 5-9
iii
Trend Micro™ OfficeScan™ 7.0
..............................................................................5-10 Virus Outbreak Monitor .........................5-11
6: .............6-2 .............................6-5 ...............6-7 ......................................................6-9 ..........................................................6-13 .................6-14 .............................................................6-14 ......................................................6-16 ...........................................................6-19 Firewall Outbreak Monitor ( ) .............................6-22 ......................................................6-24 ........................................................6-25
7: ..............................7-2 ..............................7-2 ...............................7-4 ...........................7-4 ........................7-5 ...........................7-6 .....................7-7 ...................................................................................7-7 ..............................................................7-9
8: ..........................................................8-2 ...................................................8-3 Login Script Setup ( ) ......8-3 Vulnerability Scanner ( ) .......................8-3
iv
Server Tuner ( Client Packager ( Image Setup Utility ( Restore Encrypted Files (
) ....................................... 8-9 ............................................ 8-10 ) .............. 8-10 ) ................ 8-11
) .................................................... 8-11 Client Mover I ( I) ................................. 8-14 Touch Tool ( ) .................................... 8-15 ServerProtect Normal Server Migration Tool ( ServerProtect Normal Server) ....... 8-16 ..................................................... 8-20 Client Mover II ..................................................................... 8-20 Database Backup ( ) ............. 8-20 Database Packer ( ) ..................... 8-20 Icon Cleaner ( ) ....................................... 8-20 Network Scan Switch ( ) ............................................................. 8-21 Register Shell ( ) ............................. 8-21 Remote Agent ( ) ...................................... 8-21 GUID Changer ( GUID) .................................... 8-22
9:
, ........................................................ 9-2 ...................................................... 9-2 ........................................................................... 9-2 ...................................................................... 9-2 ................................. 9-3 .......................................... 9-3 ................................................................... 9-5 ........................................................................ 9-5 Policy Server Cisco Network Admission Control (NAC) ........................................................................ 9-6 ........................................................................... 9-7 ....................................................................... 9-7 ........................................ 9-8 ....................................... 9-8
v
Trend Micro™ OfficeScan™ 7.0
OfficeScan Windows XP ......................................9-8 OfficeScan .9-8 ....................9-9 ................9-10 ...................9-11 ..........................................9-12 ...........9-14 -
..........................................................................9-14 ..........................9-15 ................................................................9-18 (POP3) .......................................................................9-19 , (NAT) .......................................................9-20 Trend Micro ......................................9-22
Trend Micro ................................................................................9-22 ................................................................9-23 ......................9-24 Trend Micro ........................................9-24 Trend Micro ................................................................................9-25 TrendLabs ...............................................................................9-26
A:
Cisco™ NAC Trend Micro Policy Server
Cisco NAC ........ A-2 ................................. A-2 .......................................................................... A-2 ................................................................................ A-4 Cisco NAC ............................................................ A-5 ............................. A-6 Policy Server ...................................................... A-8
vi
Policy Server ......................................................................... A-9 ................................................ A-16 ................................................. A-17 CA ....................................... A-19 Policy Server .......... A-19 Cisco Trust Agent (CTA) ........................ A-21 Cisco ........ A-21
B:
Policy Server Э
Cisco NAC
Policy Server NAC .....B-2 Cisco Secure ACS ....................................B-3 CA .....................................B-7 Policy Server SSL ...........................B-10 Cisco Trust Agent ............................................B-12 Cisco Trust Agent ........B-15 Policy Server Cisco NAC .................................B-15 ACS ...........................................................B-18 Policy Server Cisco NAC .................................B-20 Policy Server ...............B-20 Policy Server ......B-21 OfficeScan ............................................................B-24 ...............................................................B-26 .............................................................B-29 ...........B-32 .............................B-34
C:
Control Manager™ OfficeScan Control Manager ...................................................C-2 Control Manager OfficeScan ....................................................................................C-2 Control Manager? .............................................C-3 .............................................C-3 , ..................C-3 ...................................C-4
vii
Trend Micro™ OfficeScan™ 7.0
Control Manager ........................................... C-5 OfficeScan Control Manager ............... C-8 ......................................................................... C-8
D:
OfficeScan
Wireless Protection Manager ............... D-2 ...................................... D-3 Wireless Protection Manager ............... D-3 Wireless Protection Manager .................. D-5 OfficeScan for Wireless ................................... D-5 ..................................... D-6 ....... D-6 ......................................................... D-7 ............................................... D-7 Check Point ................................................................................ D-10 OfficeScan .............................. D-10 Check Point OfficeScan ................................... D-12 SecureClient OfficeScan ............................................................ D-13
E:
viii
1
OfficeScan™ Trend Micro OfficeScan « ,
» .
Windows™ NT/2000/XP/Server 2003 , , Java™-
OfficeScan , Windows 95/98/Me, ,
ActiveX™.
OfficeScan , . -
, OfficeScan.
1-1
Trend Micro™ OfficeScan™ 7.0
FTP/ -
/
OfficeScan
OfficeScan
. 1-1
OfficeScan
OfficeScan •
:
OfficeScan Micro ActiveUpdate,
-
Trend ,
. • « •
OfficeScan Windows NT/2000/XP/Server 2003 » . OfficeScan,
, Windows 95/98/Me -
, .
1-2
,
OfficeScan™
OfficeScan 7.0 OfficeScan :
•
«
»
«
,
(spyware) : OfficeScan , Trend Micro (grayware), » (spyware) ( « » . (grayware) . 1-7). OfficeScan « » , « ».
OfficeScan
,
.
OfficeScan
, grayware.
•
OfficeScan Windows,
Windows: , Windows Server 2003. .
•
.
(
):
OfficeScan,
( « )
OfficeScan,
»
,
.Э
OfficeScan. •
: OfficeScan . OfficeScan .
1-3
Trend Micro™ OfficeScan™ 7.0
•
: , .
•
Windows Windows 2000, NT
•
: OfficeScan Server 2003.
Server 2003 (IA-64). 64-
OfficeScan Windows XP Windows x86 Itanium 2 Architecture-64 . 32. 1-26.
/
: .
OfficeScan ,
,
,
.Э
OfficeScan ,
, IT-
,
.
•
: OfficeScan OfficeScan
.
. •
:
10
, . •
1-4
ServerProtect Normal Server Migration Tool: Э Windows Trend Micro™ ServerProtect Normal Server OfficeScan.
OfficeScan™
• OfficeScan
: . •
Control Manager: OfficeScan,
,
, Control Manager. Э Control Manager
.
1-5
Trend Micro™ OfficeScan™ 7.0
OfficeScan OfficeScan , .
, .
. ,
, ,
-
. :
•
-
ActiveX –
,
ActiveX. •
– .
•
.com .com
•
.exe – .exe.
Java – ,
Java
Java-
.
•
– .
•
«
,
»–
, ,
, •
HTML, VBScript -
•
–
. JavaScript – (
. ), ,
,
1-6
.
OfficeScan™
,
,
-
. ,
,
.
, ,
.
, TCP, FTP, UDP, HTTP
, . ,
-
, .
,
,
, . (Enterprise Client Firewall) ( . 6-1).
.
«
» (grayware) ,
.
(grayware) –
, "
",
,
.
,
, ,
, .
OfficeScan
,
: •
«
» ,
,
:
,
, ,
.
1-7
Trend Micro™ OfficeScan™ 7.0
•
(adware): , .
,
.
•
: .
,
,
(«pay-per-call»), ,
. •
-
,
:
,
.
•
: .
•
: .
•
: .
•
.
:
OfficeScan , OfficeScan
OfficeScan
: •
OfficeScan,
:
. •
OfficeScan
: .
•
: OfficeScan;
, (
. . 1-10).
1-8
OfficeScan™
•
: (Damage Cleanup Services) » « »
« •
.
: «
»,
. •
« OfficeScan
»
: , ,
«
»
•
« «
,
. »
»
:
,
.
•
:
,
. •
: (
•
Cisco Trust Agent ( Cisco NAC):
OfficeScan ). (Policy Server) OfficeScan
, ,
Cisco NAC.
•
: , Micro
/
,
OfficeScan .
Trend OfficeScan.
OfficeScan OfficeScan. . -
1-9
Trend Micro™ OfficeScan™ 7.0
Trend Micro
, .
,
OfficeScan , «
,
»,
,
,
. , . Trend Micro, ActiveUpdate, Trend Micro / ( ,
).
Trend Micro
:
( ).
-
;
, ,
:
http://ru.trendmicro-europe.com/enterprise/support/pattern.php
,
« «
». »,
,
, TrendLabs™ . , . .
1-10
OfficeScan™
, , Trend Micro. Trend Micro . 3
1.
xxx,
, 786. ,
2. 6
2003
,
x.xxx.xx.
•
2, .
•
3 .
•
2 Trend Micro. 786
1.786.01.
.
Trend Micro Trend Micro. , , ,« «
»
»,
, , ,
-
, .
: •
«
•
«
»–
; »–
,
, .
1-11
Trend Micro™ OfficeScan™ 7.0
, ,
, OfficeScan .
.
(
), (
). ,
(
MIME
BinHex). , ,
,
zip, arj cab. OfficeScan ( 20).
, , .
Trend Micro
:
•
, (
.
. 1-10). •
, , ,
,
SQL Slammer. Trend Micro ,
(
ICSA
).
,
Trend Micro .
Trend Micro Trend Micro • ;
1-12
, :
.
OfficeScan™
•
, ;
•
;
•
, /
,
. ,
-
Trend Micro:
http://www.trendmicro-europe.com
, Trend Micro ,
,
, . , •
Trend Micro: ,
: . , .
Windows , –
-
(
,
,
).
•
,
:
. Windows , . •
,
: .
. Trend Micro Windows
, .
1-13
Trend Micro™ OfficeScan™ 7.0
•
,
: ,
, .
Windows, ,
. . ,
Trend Micro:
http://kb.trendmicro.com/solutions/search/main/search/ default.asp
-
Trend Micro, :
http://www.trendmicro-europe.com/download
readme, , readme . :
1-14
OfficeScan . , Client Privileges and Settings ( )( . . 2-68).
, . ,
OfficeScan™
OfficeScan -
OfficeScan :
• •
«
»
• • •
«
»
• • •
OfficeScan
• • •
OfficeScan ,
, , . , ,
.
, , .
«
»
OfficeScan
: ,
1-15
Trend Micro™ OfficeScan™ 7.0
.
«
.
,
» , OfficeScan.
, ,
– .
, ,
. OfficeScan.
,
Trend Micro .
(Manual Scan (
Scan Now (
)
)), , .
«
«
» -
,
, OfficeScan ,
.
, .
OfficeScan .
1-16
»
OfficeScan™
. , . Outbreak Prevention
, .
Scan Now (
)
.
OfficeScan OfficeScan
, .
Windows. OfficeScan.
OfficeScan
Windows
OfficeScan, .
Windows NT/2000/XP/Server 2003
, .
, . (IDS)
, , .
1-17
Trend Micro™ OfficeScan™ 7.0
( .
, OfficeScan for Wireless Palm™, Pocket PC ™ EPOC™
OfficeScan for Wireless
Wireless
.
Wireless
.
)
.
Palm, Pocket PC EPOC Wireless Protection Manager. OfficeScan for OfficeScan.
К К .
,
OfficeScan for Windows
. Wireless Protection Manager Manual.pdf Micro\Wireless Protection Manager. : Manual.pdf Reader
Trend Micro™ Policy Server
Trend
Wireless Protection Manager Adobe™ Reader™. Acrobat www.adobe.com.
Cisco Network Admission Control (NAC)
, . Policy Server Cisco NAC
OfficeScan . OfficeScan.
1-18
–
,
OfficeScan ,
,
Cisco.
,
-
OfficeScan™
OfficeScan . OfficeScan. ,
-
Java, CGI, HTML
HTTP.
Trend Micro OfficeScan Services – DCS) Windows,
(Damage Cleanup , « «
», »
(
DCS «
», «
»
. 3-6).
Virus Outbreak Monitor (Virus Outbreak Monitor) OfficeScan. OfficeScan. OfficeScan .
(Outbreak Prevention) : •
.
• ,
.
•
, .
• OfficeScan
.
1-19
Trend Micro™ OfficeScan™ 7.0
OfficeScan OfficeScan
-
(Secure Socket Layer, SSL).
OfficeScan ,
«
Key Infrastructure, PKI). .
1-20
» (Public
OfficeScan™
OfficeScan OfficeScan –
, :
•
-
,
, •
Trend Micro ActiveUpdate, .
, Windows NT/2000/XP/Server 2003 « »
Windows 95/98/Me, .
,
OfficeScan
: readme.
OfficeScan OfficeScan , .
, :
•
,
.
•
, Trend Micro, .
HTTPHTTPWindows XP 4.0
Windows NT, Windows 2000, Windows Server 2003 Internet Information Server™ (IIS) . Windows 2000/XP/Server 2003 Apache 2.0 . HTTP.
1-21
Trend Micro™ OfficeScan™ 7.0
-
, .
( HTTP).
) (HyperText Transfer Protocol, HTTPTCP/IP, HTTP-
HTTP(
.
.
. 1-2).
OfficeScan
.
OfficeScan
OfficeScan -
.
OfficeScan
. 1-2
HTTP-
OfficeScan Windows OfficeScan
. :
, .
1-22
OfficeScan™
. ,
,
Client Mover ( . Client Mover I (
I)
. 8-14). ,
. , ,
,
.
)
( -
.
( . . 2-68). OfficeScan
:
• •
–
, OfficeScan, OfficeScan.
.
, ,
1-1.
1-23
Trend Micro™ OfficeScan™ 7.0
Scan Now ( ),
;
(
) ; (
)
; ;
1-1.
,
– ,
Э
, ,
. , , OfficeScan
1-24
.
OfficeScan, .
OfficeScan™
: •
Update Now (
);
• Include roaming clients ( Automatic Deployment (
) ). .
. 2-25. .
, ,
1-2.
(
)
;
(
) ; ( )
1-2.
,
1-25
Trend Micro™ OfficeScan™ 7.0
32-
64-
OfficeScan Windows XP Windows Server 2003 Itanium 2 Architecture-64 (IA-64). OfficeScan 32:
x86 64-
32-
64-
, ,«
»
-----
-----
Wireless Protection Manager
-----
SecureClient
-----
OfficeScan
,
.
. : • ;
1-26
-
OfficeScan™
• ; • ; • ; • ,
,
SNMP
Windows; • . CGI, HTML
-
OfficeScan. , Java,
HTTP. -
, -
(
.
).
1-27
Trend Micro™ OfficeScan™ 7.0
OfficeScan OfficeScan
:
•
– OfficeScan,
, . :
http://www.trendmicro-europe.com/download/
•
– OfficeScan. : http://www.trendmicro-europe.com/download/
•
– ,
,
, . •
OfficeScan.
readme –
, . ,
, .
•
–
, . .
:
http://ru.trendmicro-europe.com/enterprise/support/ knowledge_base_search.php
Trend Micro ,
. Trend Micro,
[email protected].
.
,
: www.trendmicro.com/download/documentation/rating.asp
1-28
2
OfficeScan OfficeScan
. :
•
-
•
OfficeScan
. 2-2 . 2-16
• • •
. 2-38 . 2-40 . 2-49
• • •
. 2-68 . 2-73 . 2-77
2-1
Trend Micro™ OfficeScan™ 7.0
OfficeScan , -
,
, Java, CGI, HTML
HTTP.
:
-
1. : http://{
_
_OfficeScan}:{
}/officescan.
SSL, https://{
_
}/officescan.
_OfficeScan}:{
OfficeScan.
2.
. 2-1. -
.
3. -
2-2
Password ( Summary (
),
Enter. ).
OfficeScan
OfficeScan,
: -
-
OfficeScan. ,
OfficeScan .
-
,
-
: . ( Cleanup Now (
, )
Toolbox ( ) Scan Now ( Clients ( ).
)).
,
, .
-
. 2-2
-
.
2-3
Trend Micro™ OfficeScan™ 7.0
: •
Scan Now (
)–
, (
•
Now ( ) Update Now ( Trend Micro ActiveUpdate
. 2-63). )–
Scan
.
, ,
,
, ,
•
« » 2-20.) Cleanup Now (
.(
.
)–
«
,
», « .(
)
.
»
.
Cleanup Now (
. 3-9.) , .
Summary (
)
Summary (
)
, , .
Outbreak Prevention ( Deploy Now (
) ) .
Restore (
) .
2-4
OfficeScan
Virus Outbreak Monitor (
)
Virus Outbreak Monitor (
)
Virus Outbreak Monitor ),
(
OfficeScan .
Clients (
)
Scan Options (
)
, .
Client Privileges/Settings ( /
) , , .
Export/Import (Э /
)
.
Scan Now ( Cleanup Now (
)
-
.
) «
», «
» .
Uninstall Clients ( View Status (
)
, )
.
Notify Install ( ) Remote Install (
.
OfficeScan. ) Windows NT/2000/XP/Server 2003 . , .
2-5
Trend Micro™ OfficeScan™ 7.0
Verify Connection (
)
(
Global Client Settings (
).
)
, ,
, , .
Enterprise Client Firewall ( Profile List (
) ,
)
. .
Policy List (
, ) . , .
Firewall Outbreak Monitor ( ) .
Cisco NAC Policy Servers (
)
.
Agent Deployment ( Client Certificate (
)
Cisco NAC. , Cisco NAC.
)
Administration ( Set Console Password (
) ) , -
2-6
.
OfficeScan
Standard Alert (
) OfficeScan .
Outbreak Alert ( )
, .
Client Alert Message (
, ) .
Intranet Proxy ( -
)
, .
Web Server ( )
-
Inactive Clients (
)
. ,
. Quarantine Manager (
) , .
Product License (
)
.
World Virus Tracking ( ) Database Backup ( )
OfficeScan OfficeScan .
Updates ( Server Update (
.
) )
, Trend Micro.
2-7
Trend Micro™ OfficeScan™ 7.0
Client Deployment (
)
.
Rollback ( ) , .
Logs (
)
Virus Logs (
, )
, .
Update Logs (
.Э
)
. System Event Logs (
, )
,
,
.Э , OfficeScan . Verify Connection Logs (
,
) .
Firewall Logs (
)
. , OfficeScan.
Log Maintenance (
) .
Tools (
)
Administrative Tools ( Client Tools (
2-8
, )
. )
Э
.
OfficeScan
-
, , . .
Log Off (
)
,
. -
,
. Help (
)
:
• Contents and Index (
, . )
• Knowledge Base ( )
, Trend Micro , OfficeScan.
• Security Info (
, Trend Micro, ) .
• Sales (
,
Trend Micro
) .
• Support (
,
-
) Trend Micro, Trend Micro.
• About (
,
,
)
, , .
2-9
Trend Micro™ OfficeScan™ 7.0
, ( ).
OfficeScan OfficeScan Java OfficeScan . Outbreak Prevention ( ), Clients ( ), Logs ( ) Console ( ) ,
Go to Client .
OfficeScan OfficeScan
. 2-3
OfficeScan
OfficeScan.
Windows NT/2000/XP/S erver 2003
Windows 95/98/Me OfficeScan: ,
2-10
,
OfficeScan
Windows NT/2000/XP/S erver 2003
Windows 95/98/Me /
OfficeScan OfficeScan
, .
,
, . NetBIOS, Windows Active Directory .
,
DNS. ,
, .
OfficeScan Windows NT/2000/XP/Server 2003. Windows NT/2000/XP/Server 2003 OfficeScan. , OfficeScan Windows NT/2000/XP/Server 2003 . ,
-
OfficeScan,
,
. OfficeScan:
Clients (
1.
).
Clients (
)
.
2-11
Trend Micro™ OfficeScan™ 7.0
Add (
2. Domain (
).
Add
). OfficeScan OfficeScan.
3.
OK.
OfficeScan:
Clients (
1.
).
. ,
2. (
,
).
Move ). OfficeScan
Move Clients (
, . :
3. •
OfficeScan: i.
Move selected client(s) to another Domain ( ) OfficeScan, .
ii.
OK.
i.
Move selected client(s) to another OfficeScan Server OfficeScan) .
OfficeScan.
•
OfficeScan: ( ii.
OK. OfficeScan:
Clients (
1.
).
Clients (
)
. OfficeScan
2.
OfficeScan,
. OfficeScan.
, OfficeScan.
3. .
OfficeScan
4. ( 5.
2-12
).
. OK.
Delete
OfficeScan
OfficeScan:
Clients (
1.
).
Clients (
)
. OfficeScan, Rename Domain (
2.
Rename (
OfficeScan OfficeScan.
3.
). ).
OK.
OfficeScan OfficeScan, . •
OfficeScan,
.
•
OfficeScan , ,
OfficeScan SHIFT, . •
OfficeScan , CTRL,
, OfficeScan.
•
.
•
.
: :
1.
Simple Search (
).
2-13
Trend Micro™ OfficeScan™ 7.0
,
:
.
OfficeScan
, .
Search (
2.
). .
:
1.
Advanced Search ( Advanced Search (
). ). :
2. •
Basic (
)
IP range ( IP-
IP.
IP Segment (
)–
IP-
)– . .
, 10.5.0.0
IPPlatforms ( .
IPIP10.5, 10.5.255.255.
, ,
)–
Processor Architecture ( : x86
)– Itanium Architecture-64
(IA-64). Domain (
)–
MAC Address – •
Version (
-
(
).
):
Earlier than ( ) Scan Engine version (
2-14
. , )
, Earlier than and including ( );
Virus Pattern File version (
);
Client Program version (
);
OfficeScan
Damage Cleanup Template version ( ); Spyware/Grayware Cleanup Pattern version ( « »
);
Damage Cleanup Engine version ( ); Spyware/Grayware Scan Pattern version ( « » ); Common firewall driver version ( ); Network virus pattern version (
);
Cisco Trust Agent program version ( Agent). •
Status (
Cisco Trust
)
Connection ( ( ), Offline (
)– )
Outbreak Prevention ( Activated (
)
Normal (
Enterprise Client Firewall ( Enabled (
)
Disabled (
)–
Intrusion Detection System ( Enabled ( Infected client (
: Online ).
Roaming (
)
Disabled (
). )– ). )– ).
)– .
Update Agents ( ( ) Disabled ( 3.
OK.
)–
Enabled ). .
2-15
Trend Micro™ OfficeScan™ 7.0
OfficeScan OfficeScan.
,
OfficeScan: OfficeScan.
1.
,
2. ,
,
( . 2-21).
-
.
OfficeScan
3. .
( )
, (
(
,
) .
).
.
Э
OfficeScan ActiveUpdate ( )
ActiveUpdate >
,
OfficeScan
OfficeScan > .
. Э
OfficeScan ActiveUpdate >
ActiveUpdate ( ) ,
OfficeScan > , >
, OfficeScan
, . .
2-16
OfficeScan
Э
ActiveUpdate > >
,
ActiveUpdate )
(
OfficeScan . .
OfficeScan , . Э
OfficeScan ActiveUpdate > (
,
ActiveUpdate ).
OfficeScan .
OfficeScan , .
, «
»
, OfficeScan. OfficeScan
, Trend Micro ActiveUpdate. ,
Automatic Deployment ( Client Deployment (
) ).
2-17
Trend Micro™ OfficeScan™ 7.0
Trend Micro OfficeScan. ,
, Trend Micro
. OfficeScan .
: Trend Micro
OfficeScan
:
• • . . 2-18. . . 2-20. -
, .
-
-
.
. 2-21. OfficeScan, , . 2-22.
,
.
. ,
,
, . :
1. (
2-18
Updates ( ) > Automatic Update ( Automatic Update (
) > Server Update ). ).
OfficeScan
2.
Enable scheduled update of the OfficeScan server OfficeScan ).
(
Components ( ( OfficeScan
3.
)
, OfficeScan -
. 1-8).
Update schedule ( .
4.
)
•
Hourly –
.
•
Daily –
.
•
Weekly –
.
, .
, . OfficeScan
OfficeScan ,
•
.
Monthly –
.
.
Time (
)
. Update Source (
5.
)
Micro ActiveUpdate server ( update source ( .
. Trend Micro ActiveUpdate) ) URL-
, Trend Other
6. ,
Retry update if update attempt fails ) Program Update Retry ).
( ( Number of attempts (
) .
Interval (
)
(
)
. 7.
,
Save (
).
2-19
Trend Micro™ OfficeScan™ 7.0
.
Trend Micro .
OfficeScan :
1. (
2. URL3.
Updates ( ) > Manual Update ( Manual Update ( ,
) .
Update Source ( : ActiveUpdate . Update (
)
). Available Update ( ,
. ) .
,
4. 5.
) > Server Update ).
Update Now (
. ).
. Automatic Deployment ( ) Client Deployment (
: )
, , .
, Updates ( Automatic Update (
2-20
, ) > Server Update ( ).
)>
OfficeScan
-
-
: Trend Micro
. -
,
OfficeScan Trend Micro ActiveUpdate . -
:
Updates ( ) > Internet Proxy ( Internet Proxy ( -
1. (
-
Enable Internet proxy (
2.
) > Server Update ). ). -
). -
3. • 4.
SOCKS
. TCP Use SOCKS 4.
4,
-
, .
5.
Save (
).
,
OfficeScan
,
.
OfficeScan , OfficeScan .Э .
2-21
Trend Micro™ OfficeScan™ 7.0
, , Trend Micro ,
, .
: Windows NT/2000/XP/Server 2003. , , 15
, ,
,
.
: 1. ,
( . 2-22).
. ,
2.
(
.
. 2-23). ,
3.
, . :
1024.
,
,
250.
Э ,
.
, , .
2-22
OfficeScan
:
Clients (
1.
).
Clients (
)
. ,
2.
, . . 3. (
Client Privileges/Settings ).
/ Update (
4.
)
Act as Update Agent
(
). ,
:
Act as Update )
Agent ( . , ( . . 2-68). . ,
Act as Update Agent ).
(
Save ( ,
5.
).
, .
Update Agent (
) OfficeScan. ,
Update Source (
). :
1. ( Update Agent (
Updates ( ) > Update Agent ( ).
) > Client Deployment ).
2-23
Trend Micro™ OfficeScan™ 7.0
2.
OfficeScan, Always update from standard update source (OfficeScan server) ( ( OfficeScan)). , Update Source (
),
(
.
. 2-26). Save (
3.
).
OfficeScan ,
( )
(
) ).
,
IP-
Customized update source Update Source ( ,
. :
1. (
Updates ( ) > Update Source ( Update Source (
2.
Customized Update Source ( ).
3.
Customized Update Source ( ) Add ( ). Update Source ( IPIP-
4.
) > Client Deployment ). ).
Add IP Range and ).
, .
5. (
2-24
Update Source ( )
) .
Update Agent
OfficeScan
,
:
. , Act as Update Agent ( ) Client Privileges and Settings ( , )( . . 2-22).
Save (
6.
).
.
, Trend Micro ActiveUpdate .
. .
. 2-17.
Trend Micro
(
) . OfficeScan .
: Trend Micro
OfficeScan
:
• • • Э
( Update Now ( ,
) )
Update Now (
), ( OfficeScan
. 1-8).
2-25
Trend Micro™ OfficeScan™ 7.0
: • • • •
«
»
• •
,
,
• •
Cisco Trust ,
OfficeScan
OfficeScan
. . OfficeScan
-
.
, •
:
OfficeScan
• •
,
,
Trend Micro ActiveUpdate ( . 2-68)
OfficeScan ,
. : ,
1. ( ),
2-26
. .
OfficeScan
OfficeScan (
2.
OfficeScan, ). Trend Micro ActiveUpdate. Э .
3.
:
Updates ( ) > Update Source ( Update Source (
1. (
) > Client Deployment ). ).
:
2. •
OfficeScan Standard update source (update from OfficeScan (
, Server) ( OfficeScan)). •
, Customized Update Source (
) :
i.
Add ( Update Source ( ).
).
Add IP Range and IP-
IP-
ii.
, .
Update Source (
iii.
):
iv. Update Agent ( . Settings ( v.
Specified (
): Client Privileges and )( . . 2-68). ):
IP-
. vi.
Save ( Update Source (
), ).
2-27
Trend Micro™ OfficeScan™ 7.0
:
,
1024 Customized update source ( ).
OfficeScan. OfficeScan , Update from OfficeScan Server if all customized update sources are not available or not found ( OfficeScan, ). 3.
-
Notify All Client(s) (
).
Trend Micro ActiveUpdate , Trend Micro ActiveUpdate. : •
ActiveUpdate , ;
•
ActiveUpdate, . : Trend Micro
ActiveUpdate .
ActiveUpdate,
,
. Trend Micro ,
OfficeScan -
2-28
.
OfficeScan
ActiveUpdate,
:
Clients (
1.
).
Clients (
)
. ,
2. . . 3. ( Settings ( 4.
Client Privileges/Settings ). Client Privileges and ).
/
Update Privileges ( ) Download from the Trend Micro ActiveUpdate server ( Trend Micro ActiveUpdate). Save (
5.
).
: ActiveUpdate . . 2-26 . ActiveUpdate:
Updates ( ) > Client Deployment ), Update Source ( ). Update Source ( ).
1. ( 2.
( Micro
Customized Update Source ( ). Customized update source ). , : Add (
a.
).
Source ( b.
Trend
Add IP Range and Update ).
IPIP-
, .
2-29
Trend Micro™ OfficeScan™ 7.0
Specified (
c.
). URL-
d.
:
http://officescan-p.activeupdate.trendmicro.com/activeupdate
Save (
e. :
).
, ActiveUpdate Customized update sources ( ).
Notify All Client(s) (
3.
:
).
ActiveUpdate
Customized update source ( ), . . 2-26
, .
. : Trend Micro
.
, Update Now (
), .
OfficeScan
, , .
2-30
OfficeScan
OfficeScan
:
, 30
. ,
. ,
, . Deploy to clients for OfficeScan clients only and excluding roaming clients when they are restarted ( OfficeScan, , ) Automatic Deployment ( . А . 2-30).
, . : ;
1. .
2.
:
Updates ( ) > Client Deployment ) > Automatic Deployment ( Automatic Deployment (
1. ( ). ).
Event-triggered Deployment (
2.
) ,
. •
Deploy to clients immediately after the OfficeScan server downloads a new component – OfficeScan ( ). ,
•
,
.
Deploy to clients for OfficeScan clients only and excluding roaming clients when they are restarted – OfficeScan (
2-31
Trend Micro™ OfficeScan™ 7.0
)
, OfficeScan (
). ,
Scan the computer after update )
( : •
•
Perform Cleanup Now and Scan Now: Cleanup Now ( ( )( Perform Cleanup Now: Cleanup Now (
)
Scan Now
). ).
Deployment Schedule (
3.
) .
: •
Minutes –
•
Hours –
•
Daily –
•
Weekly –
(
2-32
{}
.
{}
.
.
.
. . . Minutes ( ) Hours ( ), Update client configurations only once per day ). , OfficeScan / , , . , OfficeScan , .
.
OfficeScan
: Trend Micro ;
,
,
OfficeScan .
,
OfficeScan. Trend Micro
Update client configurations only once per day (
),
. 4. (
, .
.
2-68). Trend Micro
:
. , -
Save (
5.
.
).
, Manual Deployment (
). :
Updates ( ) > Client Deployment ) > Manual Deployment ( ). Manual Deployment ( ), , OfficeScan.
1. (
Update Target (
2.
)
: •
,
, ,
Select clients
with out-of-date components (
2-33
Trend Micro™ OfficeScan™ 7.0
)
Include roaming client(s)
(
).
• (
Manually select clients Select, Manual Deployment . ,
), .
(
) . ,
3.
Notify (
). .
Update Now ( ) OfficeScan ).
Update Now ( Update Now (
)
:
OfficeScan OfficeScan.
1. OfficeScan. 2.
!. . -
3. server (
,
-
Use a proxy .
)
Update Now (
4.
). . Trend Micro
: «
, »
, , .
2-34
OfficeScan
, . :
Logs ( ) > Client Update ( Client Update Logs (
1.
) > Update Logs ( ). ).
Display results per page ( ,
2.
) .
3.
Time/Date (
/
)
Update Components (
).
4. ( ) Progress ( ,
Progress (
View Client Update
). ), 15.
,
5. View ( ) Client Update Detail (
Detail (
). ).
NAT (Network Address :
Translation, NAT), •
-
•
; OfficeScan . , .
-
, , (
.
. 2-68 А
2-35
Trend Micro™ OfficeScan™ 7.0
. 2-30 ). :
•
OfficeScan
. -
OfficeScan, Update Now (
), ,
. , .
. . : .
.
OfficeScan • • •
: Windows 95/98/Me Windows NT/2000/XP/Server 2003 Windows XP/Server 2003
IA-64 . .
:
OfficeScan ,
2-36
.
OfficeScan
:
Updates ( ),
1. Rollback (
) > Rollback (
).
, . 2. (
).
Synchronize with Server Rollback ( )
. . , ,
. ,
,
SHIFT,
.
3. Notify (
).
. Back ( (
),
Rollback
). , Rollback server Rollback ( ).
4. , and clients (
. ).
,
5.
.
6. Notify ( ,
). .
2-37
Trend Micro™ OfficeScan™ 7.0
OfficeScan .
, .
, ,
,
.
. -
.
: .
, OfficeScan. :
Clients (
1.
).
Clients (
)
. ,
2. ,
. . Verify Connection ( Verify Connection (
3.
). ). :
4. •
: (
Verify Now ( ).
)
Manual Verification
•
:
a. ) ( b.
2-38
Scheduled Verification ( Enable scheduled verification ). :
OfficeScan
Once –
.
Hourly –
.
Daily –
.
Weekly –
; . Start time (
c. ). Save (
5. ,
6. .
).
, , .
.
. 7-7.
2-39
Trend Micro™ OfficeScan™ 7.0
, «
»
OfficeScan , .
, .
•
: OfficeScan .Э
( Virus Outbreak Monitor
.
. 5-11).
•
: OfficeScan
(
.
. 5-9). •
: OfficeScan (
.
. 2-42). •
: OfficeScan , , ( . . 2-44).
•
: OfficeScan
, , (
Outbreak Monitor ( 6-22). •
.
Firewall )
.
: OfficeScan , ,
, .
2-40
OfficeScan
Э -
(
.
. 2-47).
-
-
:
%s %n
,
%m
,
%p %v %y %a
,
,
,
%cv %cc %g
(GUID)
%y OfficeScan
:
%m%s %n:
%v, OfficeScan
: %p. : %a.
2-41
Trend Micro™ OfficeScan™ 7.0
OfficeScan
,« .
»
. « OfficeScan ,
» .
:
Administration (
1. Standard Alert (
Include Spyware/Grayware ( ).
2. 3.
)> ).
Save (
«
»
). ,
,
OfficeScan
. :
• • • •
; ; SNMP; Windows NT. (
)
OfficeScan • • • • • • •
2-42
:
; ; ; ; ; ; .
OfficeScan
:
Administration (
1. Standard Alert ( ( (
). ).
)> ) > Email Notification Email Notification
Enable notification via email ( )
2. •
SMTP –
•
Port number –
: .
,
OfficeScan 25).
( •
To –
.
•
From –
•
Subject –
•
Message –
. . . Save (
3.
).
:
Administration (
1. Standard Alert ( ( (
)> ) > Pager Notification Pager Notification
). ).
Enable notification via pager (
2. ).
,
3. ,
COM-
,
.
Message ( «#».
4.
).
Save (
5.
). SNMP:
Administration (
1. Standard Alert ( SNMP).
SNMP Trap (
)> ) > SNMP Trap ( SNMP).
2-43
Trend Micro™ OfficeScan™ 7.0
Enable notification via SNMP trap ( SNMP).
2. IP-
3.
SNMP . Message (
4.
).
Save (
5.
). Windows NT:
Administration (
1. Standard Alert (
)>
) > NT Event Log ( NT Event Log (
NT). NT).
Enable notification via NT Event Log ( NT).
2.
Message (
3.
).
Save (
4.
).
«
»
. , . . .
.
, . ,
, , ( «
» ). . . 5-2.
2-44
OfficeScan
OfficeScan ,
:
Administration (
1.
)>
Outbreak Alert (
).
Include Spyware/Grayware ( ). Save ( ).
2. 3.
«
»
:
•
Outbreak Criteria (
)
,
. : OfficeScan
, .
,
100, OfficeScan 101-
Trend Micro OfficeScan ).
:
.
, 100
24
(
OfficeScan
:
•
;
•
;
•
SNMP;
•
Windows NT. :
Administration (
1. Outbreak Alert ( Notification ( Notification ( 2.
)> ) > Email ). ).
Email
Enable notification via email ( ).
2-45
Trend Micro™ OfficeScan™ 7.0
Alert Message Settings ( :
3. •
SMTP –
•
Port number –
) . ,
OfficeScan 25).
(
4.
•
To –
.
•
From –
•
Subject –
•
Message –
. . .
Alert Information to Include ( , .
)
Save (
5.
).
:
Administration (
1. Outbreak Alert ( Notification ( (
)> ) > Pager Pager Notification
). ). Enable notification via pager (
2. ).
,
3. ,
COM-
,
.
Message ( «#».
4.
).
Save (
5.
). SNMP:
Administration (
1. Outbreak Alert ( ( SNMP). 2.
2-46
SNMP Trap (
)> ) > SNMP Trap SNMP).
Enable notification via SNMP trap ( SNMP).
OfficeScan
IP-
3.
SNMP. Message (
4.
).
Save (
5.
). Windows NT:
Administration (
1. Outbreak Alert ( (
NT).
)> ) > NT Event Log NT Event Log (
NT). Enable notification via NT Event Log ( NT).
2.
Message (
3.
).
Save (
4.
).
OfficeScan : •
– OfficeScan
.
•
– , (
.
. 6-14). •
– ,
OfficeScan
,
. OfficeScan ,
( ). Client Alert Message (
.
,
).
2-47
Trend Micro™ OfficeScan™ 7.0
:
Administration ( ). ).
1. Alert Message ( Message (
) > Client Client Alert
.
2. 3.
Show warning describing source of infection ( ) Alert Message for Infection Source ( ). OfficeScan
4.
Client
,
-
. . , Minimum interval ( ,
, . ) OfficeScan (
).
–1 OfficeScan
,
, .
5.
2-48
Save (
).
OfficeScan
OfficeScan
, »
,« : •
: . .
•
Office-
: Scan
,
.
OfficeScan
, .
OfficeScan . . ,
, . •
: . . «
:
» .
OfficeScan ,
, Hotbar, .
«
»
OfficeScan , -
( , OfficeScan,
«
. 1-6
.
» (grayware)
. 1-7;
. 2-61).
2-49
Trend Micro™ OfficeScan™ 7.0
ActiveAction . ,
. Trend Micro
ActiveAction. ActiveAction , ,
«
,
»
. Clean (
),
– Quarantine (
). «
»
Quarantine (
). ,
Micro
Trend
ActiveAction. ActiveAction:
•
: ActiveAction Trend Micro.
,
. • : . Trend Micro .
ActiveAction
IntelliScan IntelliScan -
, . .
(
, .zip
.exe)
. (
2-50
, .txt)
.
OfficeScan
IntelliScan: •
IntelliScan
: , -
.
•
: ,
IntelliScan .
, ,
, .
. :
Clients (
1.
).
Clients (
)
. ,
2. ,
. . Scan Options (
3.
)>
Manual Scan Settings ( Manual Scan Settings (
). ).
Scan Target ( :
4.
)
•
All scannable files ( ,
•
Use IntelliScan — True file type identification ( IntelliScan): IntelliScan – .Э Scan all files (
•
,
Scan files with the following extensions ( ):
): . , , , ). , .
2-51
Trend Micro™ OfficeScan™ 7.0
. •
Scan compressed files ( , Up to { } layers of compression (
): . {}
) .
•
Enable Exclusion list (
): ,
.
Exclusion List ( , ).
Exclusion List (
) Enable
•
Scan memory (not applicable to Windows NT/2000/XP/Server 2003 clients) ( ( Windows NT/2000/XP/Server 2003)): ( ) .
•
Scan boot area (
): .
•
Scan hidden folders ( .
•
Scan for Spyware/Grayware ( ):
): «
» «
»
. •
Scan mapped drives and shared folders on the network ( ):
, .
Scan Action (
5.
)
, .
•
•
Use ActiveAction — recommended actions by file type ( , ActiveAction , ActiveAction – Trend Micro . Use customized scan action ( ): ,
):
, .
2-52
OfficeScan
Action1 ( 1) Action2 ( 2) , . Pass ( ), Delete ( ), Rename ( ), Quarantine ( ) Clean ( ). Clean ( ). OfficeScan Action 2 Action 1. ( ): •
Joke (
-
): Quarantine (
). •
Trojan («
»): Quarantine ( ).
•
•
Virus (
): Clean (
•
Test Virus (
•
Spyware/Grayware (« Pass ( ).
•
Other (
). ): Pass (
): Clean (
).
»
):
).
Use the same action for all types ( ): ,
.
Trend Micro . Back up files before cleaning ( ).
,
: OfficeScan Client/Backup
•
Quarantine directory ( UNC , OfficeScan
)
URL-
. :
OfficeScan Client/SUSPECT.
CPU Usage ( :
6. •
High (
):
) (
).
2-53
Trend Micro™ OfficeScan™ 7.0
•
Medium ( .
•
Low (
): ):
. : . , OfficeScan.
Save (
7.
).
: , Apply to All ( ),
Save ( ).
) Apply to All (
.
, . :
Clients (
1.
).
Clients (
)
. ,
2. ,
. .
2-54
3.
Scan Options ( Real-time Scan Settings ( Real-time Scan Settings ( ).
4.
Enable Real-time Scan ( ).
)> ).
OfficeScan
Scan Target (
5.
)
. • • •
Scan incoming file ( ,
.
)–
Scan outgoing file ( ,
.
)–
Scan incoming and outgoing file ( )– ( , /
, ).
•
All scannable files ( , .
•
Use IntelliScan – all essential file types ( IntelliScan) –
•
,
)–
, IntelliScan.
Scan files with the following extensions ( )– . . : ?
*.
,
, D,
OfficeScan D,
.D? .D*. , .DAT. Э
.DOC, .DOT
.
•
Scan compressed files (
)– .
compression (
{}
Up to { } layers of
) .
•
Enable Exclusion list (
)– ,
Exclusion List (
. )
2-55
Trend Micro™ OfficeScan™ 7.0
,
Enable Exclusion List
(
).
.
. 2-61. •
Scan boot area (not applicable to Windows NT/2000/XP/Server 2003 clients) ( ( Windows NT/2000/XP/Server 2003)) – .
•
Scan floppy during system shutdown ( )–
•
Scan for Spyware/Grayware ( )– ,
. «
»
, ,«
,
, •
(
» ).
Scan mapped drives and shared folders on the network ( ), . Scan Action ( OfficeScan
6. •
•
•
) .
Display an alert message on the client when a virus is detected ( )– . Use ActiveAction – recommended actions by file type ( ActiveAction – , ActiveAction. Use customized scan action ( ): ,
-
)–
, .
Action1 (
1)
, Pass ( Quarantine (
2-56
Action2 (
2)
.
), Delete (
), Rename ( ) Clean (
), ).
OfficeScan
Clean (
). OfficeScan
Action 2 Action 1. (
): •
Joke (
-
): Quarantine (
). •
Trojan («
»): Quarantine ( ).
•
•
Virus (
): Clean (
•
Test Virus (
•
Spyware/Grayware (« Pass ( ).
•
Other (
). ): Pass (
).
»
): Clean (
):
).
Use the same action for all types ( ): ,
.
Trend Micro . Back up files before cleaning ( ).
,
: OfficeScan Client/Backup
•
Quarantine directory ( UNC , OfficeScan
)
URL-
. :
OfficeScan Client/SUSPECT.
Save (
7.
).
: , (
Apply to All ( ),
Save ( ).
) Apply to All .
2-57
Trend Micro™ OfficeScan™ 7.0
. :
Clients (
1.
).
Client (
)
. ,
2. ,
. .
3.
Scan Options ( Scheduled Scan Settings ( Scheduled Scan Settings ( ).
)> ).
Enable Scheduled Scan (
4. ).
Schedule (
5.
)
,
: •
Daily –
•
Weekly –
. . .
•
Monthly – .
. (Daily
( ), Weekly ( Start time (
Monthly (
)),
)
.
Scan Target ( . .
6.
2-58
)
)
•
All scannable files ( , .
,
•
Use IntelliScan – all essential file types ( IntelliScan) –
,
)–
, IntelliScan.
OfficeScan
•
Scan files with the following extensions ( )– , . .
•
Scan compressed files (
)– .
compression (
{}
Up to { } layers of
) .
•
Enable Exclusion list (
)– ,
(
Exclusion List ( , ). . 2-61.
. ) Enable Exclusion List
.
•
Scan memory (not applicable to Windows NT/2000/XP/Server 2003 clients) ( ( Windows NT/2000/XP/ Server 2003)) – ( ) .
•
Scan boot area (
)– .
•
Scan for Spyware/Grayware ( )– ,
«
»
, ,«
,
, Scan Action ( OfficeScan
7. •
(
» ). )
.
Display an alert message on the client when a virus is detected ( )– .
2-59
Trend Micro™ OfficeScan™ 7.0
•
Use customized scan action ( ): ,
, .
Action1 ( 1) Action2 ( 2) , . Pass ( ), Delete ( ), Rename ( ), Quarantine ( ) Clean ( ). Clean ( ). OfficeScan Action 2 Action 1. ( ): •
Joke (
-
): Quarantine (
). •
Trojan («
»): Quarantine ( ).
•
•
Virus (
): Clean (
•
Test Virus (
•
Spyware/Grayware (« Pass ( ).
•
Other (
). ): Pass (
): Clean (
).
»
):
).
Use the same action for all types ( ): ,
.
Trend Micro . Back up files before cleaning ( ).
,
: OfficeScan Client/Backup
•
Quarantine directory ( UNC , OfficeScan
) . :
OfficeScan Client/SUSPECT.
2-60
URL-
OfficeScan
•
High (
•
Medium ( .
•
Low (
(
):
).
): ):
. : . , OfficeScan.
Save (
8.
).
: , (
Save ( ).
Apply to All ( ),
) Apply to All .
, , .
,
,
, . «
:
» .
OfficeScan , Hotbar, .
, «
»
.
2-61
Trend Micro™ OfficeScan™ 7.0
:
Clients (
1.
).
Clients (
)
. ,
2. ,
. . Scan Options ( ,
3. (
).
,
). . Enable Exclusion list ( Enable Exclusion list ( Execution List (
4. ). ). 5.
, Trend Micro, Exclude from scanning the directories where Trend Micro products are installed ( , Trend Micro). ,
6. Enter the directory path ( c:\temp\ExcludeDir) Add ( 7.
).
)( ).
,
, Enter the file name or file name with full path ( )( , ExcludeDoc.hlp; c:\temp\excldir\ExcludeDoc.hlp) Add ( ). ,
: .
,
8. .
, . , Add (
2-62
, ).
-
OfficeScan
: ,
,
«*».
9. Save (
).
• Apply to All ( ). •
1, Save (
). : Microsoft Exchange Server,
Trend Micro
.
Scan Now (
)
-
Scan Now (
). Trend Micro
Scan Now ( Scan Now (
:
)
(
).
Manual Scan
)
. Scan Now
, (
)
-
, .
Scan Now (
):
Clients (
1.
).
Client (
)
. 2. Scan Now (
, ),
2-63
Trend Micro™ OfficeScan™ 7.0
. . Scan Now ( )
3. Scan Now ( . Computer (
4.
).
) Scan Now (
, ),
Start Notification (
). Scan Now (
) .
Scan Now (
1.
):
Scan Now Settings ( Scan Now Settings (
). ).
Scan Target (
2.
)
•
All scannable files ( , .
•
Use IntelliScan – all essential file types ( IntelliScan) –
•
:
,
)–
, IntelliScan.
Scan files with the following extensions ( )– , . .
•
Enable Exclusion list (
)– ,
( •
2-64
Exclusion List ( , ). . 2-61.
. ) Enable Exclusion List
.
Scan memory (not applicable to Windows NT/2000/XP/Server 2003 clients) ( ( Windows NT/2000/XP/Server 2003)) – ( ) .
OfficeScan
•
Scan boot area (
)– .
•
Scan for Spyware/Grayware ( )– ,
«
»
, ,«
,
, •
).
Scan compressed files (
)– .
compression (
{}
(
»
Up to { } layers of
) .
Scan Action ( OfficeScan
3. •
•
•
.
Use ActiveAction – recommended actions by file type ( ActiveAction – , ActiveAction. Scan Action ( OfficeScan
4.
)
) .
Use ActiveAction – recommended actions by file type ( ActiveAction – , ActiveAction. Use customized scan action ( ): ,
)–
)–
, .
Action1 ( 1) Action2 ( 2) , . Pass ( ), Delete ( ), Rename ( ), Quarantine ( ) Clean ( ). Clean ( ). OfficeScan Action 2 Action 1. ( ):
2-65
Trend Micro™ OfficeScan™ 7.0
•
Joke (
-
): Quarantine (
). •
Trojan («
»): Quarantine ( ).
•
•
Virus (
•
Test Virus (
): Clean (
•
Spyware/Grayware (« Pass ( ).
•
Other (
). ): Pass (
): Clean (
).
»
):
).
Use the same action for all types ( ): ,
.
Trend Micro . Back up files before cleaning ( ).
,
: OfficeScan Client/Backup
•
Quarantine directory ( UNC , OfficeScan
)
URL-
. :
OfficeScan Client/SUSPECT.
•
High (
•
Medium ( .
•
Low (
(
): ): ): . : . , OfficeScan.
5.
2-66
Save (
).
).
OfficeScan
: , (
Save ( ).
Apply to All ( ),
) Apply to All .
Scan Now (
):
,
1.
.
Stop Scan (
2.
). :
,
1. Scan Now ( 2. (
Stop Notification ( , ), Scan Now ( ,
). ). Scan Now . ) . Stop Scan
(
).
2-67
Trend Micro™ OfficeScan™ 7.0
, ,
OfficeScan
.
, . , Trend Micro .Э
,
OfficeScan . :
Clients (
1.
).
Client (
)
. ,
2. ,
. .
3.
Client Privileges/Settings ). Set Client Privileges ).
( / and Settings ( ,
4.
. :
•
Antivirus ( ,
)– .
•
Enterprise Client Firewall (
(
), .
2-68
)– Enterprise Client Firewall /
OfficeScan
: , , (
Local Firewall settings .Э OfficeScan.
-
)
, Network card list )
( -
,
•
Mail Scan (
.Э OfficeScan. Local Firewall settings ( ) , -
.
)– .
•
Toolbox (
)– / Wireless Protection Manager, Wireless Check Point SecureClient.
Protection Manager •
Proxy Setting ( ,
-
•
)–
.
Update Privileges (
)– . Update Now! (
!)
Scheduled Update (
Enable ). Э
, / •
Update Settings (
.
)– . Download from the Trend Micro ActiveUpdate server ( Trend Micro ActiveUpdate), Enable scheduled update
: -
2-69
Trend Micro™ OfficeScan™ 7.0
( fix deployment (
), Forbid program upgrade and hot
.« ») (
), Act as an Update Agent ( )( » « , . . 1-13
-
. 2-21). :
Enable scheduled update ( ) , Automatic Deployment ( ) Updates ( ) > Client Deployment ( )( .А . 2-30). , Act as Update Agent ( ) . , . . ,
Act as Update Agent ( ).
, , Update Source ( ). , OfficeScan. Download from the Trend Micro ActiveUpdate server ( Trend Micro ActiveUpdate), Trend Micro ActiveUpdate, OfficeScan . Enable scheduled update ( ), .
2-70
OfficeScan
•
Uninstallation (
)– ,
Allow the
client user to uninstall OfficeScan client ( OfficeScan). , , Require a password for the client user to uninstall OfficeScan client ( OfficeScan) . •
Unloading ( )– ( ) unload OfficeScan (
,
, client user to unload OfficeScan client ( OfficeScan) . •
Client Security ( /
)– , ,
OfficeScan ).
Allow the client user to OfficeScan). , Require a password for the
Normal ( , ,
OfficeScan ). High (
2-71
Trend Micro™ OfficeScan™ 7.0
High (
:
), OfficeScan
, WINNT ( Windows NT) 2000/XP/Server 2003). , WINNT ,
Program Files ( Windows
( Program Files High (
Windows) ) ,
OfficeScan
Save (
5.
.
).
: ,
Save (
All (
). .
2-72
) Apply to All (
Apply to ),
OfficeScan
OfficeScan ,
, .
. :
Clients ( ).
1. (
) > Global Client Settings
,
2.
:
• Configure scan settings for large compressed files ( ,
): OfficeScan
, ,
. Clean compressed files ( ,
): .
Scan up to { } OLE layer(s) ( {} OLE): , (Object Linking and Embedding – OLE); . OLE ,
.
Add Manual Scan to the Windows shortcut menu on clients ( Windows ): , OfficeScan . OfficeScan , Windows Windows Explorer ( ) Scan with OfficeScan Client ( OfficeScan). Enable Damage Cleanup Services to clean Spyware/Grayware (running applications only) ( « »
2-73
Trend Micro™ OfficeScan™ 7.0
(
)): ,
«
» (
Enable Exclusion list for Spyware/Grayware ( « » , , « » OfficeScan , .
. . 3-6). ):
OfficeScan . «
»
Exclude the folder of OfficeScan server database from real-time scanning ( OfficeScan): , OfficeScan . , OfficeScan
:
.
Trend Micro
, , .
• Show the OfficeScan splash screen at startup ( OfficeScan): , OfficeScan
.
Show the alert icon on the Windows taskbar if the virus pattern file is not updated after { } days ( Windows, {} ): , , •
2-74
.
OfficeScan
Enable scheduled clean (
), . :
•
Hours ( .
•
Days (
):
{}
):
.
{}
.
. •
: Trend Micro , OfficeScan. OfficeScan , OfficeScan.
, ,
Enable the OfficeScan client watchdog service ( OfficeScan): .
,
,
. Enable anti-hacking mode ( , .Э
):
. Reserve { } MB of disk space for updates ( ):
{}
, ,
. OfficeScan
20
.
•
2-75
Trend Micro™ OfficeScan™ 7.0
Connect to the OfficeScan server using its fully qualified domain name (FQDN) ( OfficeScan (FQDN)): , Windows 95/98/Me FQDN . Trend Micro , Windows 95/98/Me . •
Network Virus Log Consolidation (
)
, OfficeScan,
, , Control Manager. Э Control Manager .
•
Virus Log Bandwidth Settings ( ) ,
OfficeScan .
OfficeScan , ,
.Э ,
, . •
Grouping Rule (
) :
3.
2-76
•
NetBIOS
•
Active Directory
•
DNS Save (
).
OfficeScan
, OfficeScan
OfficeScan / )
(
.
,
.Э
. : ,
Trend Micro ,
(
OfficeScan
.
. 2-11).
Э
:
Clients ( Clients (
1. (Э
/
).
) > Export/Import )
.
,
2.
, .
, .
, ,
.
: . , .
Export settings (Э Export Settings (Э
3.
). ).
4. .
2-77
Trend Micro™ OfficeScan™ 7.0
Export (Э
5. (
), .dat).
Save ( .dat.
6.
) ,
7.
Save (
).
:
Clients ( Clients (
1. (Э
/
).
) > Export/Import )
.
,
2. ,
. .
, ,
. ,
,
SHIFT,
. Import policy ( ).
3. Import Policy ( Browse (
4.
), Import (
.dat
Policy (
).
).
Import
)
.
5. . , Apply to children ( ). 6.
Apply to Target (
). .
2-78
3
«
»
«
,
» OfficeScan ,
«
«
»
»
. : «
•
»
.
3-2 •
. 3-6
•
Cleanup Now (
• •
) «
«
»
. 3-9 »
. 3-11
. 3-14
3-1
Trend Micro™ OfficeScan™ 7.0
«
» ,
.
(Grayware) –
,
«
»,
, . ,
, .
OfficeScan
,
: •
«
» ,
,
:
,
, ,
•
. ,
(adware): , -
.
,
,
. •
: .
,
,
(«pay-per-call»),
-
, . •
-
,
:
, • •
. .
: : .
3-2
«
»
,
•
«
»
: .
•
.
:
« «
»
» ,
, . ActiveX (
ActiveX
.
. 3-5). (End User License Agreement – EULA), . EULA , ;
, .
«
» :
•
: .
•
,
:
,
,
,
.
, , ; .
•
: ,
3-3
Trend Micro™ OfficeScan™ 7.0
, •
.
: ,
,
, . •
: , -
,
, .
, ,
,
,
.
•
: , . , , .
Trend Micro OfficeScan
Trend Micro «
,
»
. «
OfficeScan, , »
» «
«
Trend Micro »,
. 3-11.
, ,«
, »
. Micro: http://subwiz.trendmicro.com/SubWiz
3-4
Trend
«
»
,
«
»
, : [email protected]
Trend
. Micro
. 9-22.
ActiveX ActiveX – -
Microsoft, Microsoft,
, ,
. ActiveX ActiveX – ,
-
,
,
. «
» ActiveX. , ActiveX, ActiveX . ,
«
»
,
ActiveX:
•
-
,
ActiveX •
; , , .
3-5
Trend Micro™ OfficeScan™ 7.0
OfficeScan Services – DCS) Windows, «
(Damage Cleanup , », « .
»
«
» «
»
, .«
, «
»
,
. »
,
, ,
. , «
»,
.
(Grayware) «
» (grayware) , ,
,
, (
,
-
«
»
. 3-2. OfficeScan
.
OfficeScan).
, ,
3-6
«
» :
«
»
,
•
«
«
»
»
; •
,
«
»
; •
,
«
»
;
•
,
«
»
. DCS
:
•
: «
»
Damage Cleanup Services « »
.
•
: «
•
« «
»
.
»
:
»
,
. OfficeScan
: • OfficeScan. •
Cleanup Now ( -
)
OfficeScan.
•
Manual Scan ( ), Scheduled Scan ( ( )( Global Client Settings ( « »
)
Scan now
, ) ; OfficeScan).
•
( . . 1-13).
•
,
OfficeScan (
3-7
Trend Micro™ OfficeScan™ 7.0
OfficeScan. Global Client Settings ( ).
. . 2-73). , .
, (
). «
3-8
, »
OfficeScan .
«
»
,
«
»
Cleanup Now ( ) (DCS) Cleanup Now ( DCS .
).
. 1-19.
Trend Micro Cleanup Now (
):
Clients (
1.
).
Clients (
)
. ,
2. Cleanup Now ( . .
), , ,
3.
4.
, . ., Cleanup Now (
Cleanup Now . Computer (
, IP-
, .
).
) Cleanup Now (
, ),
Start Notification (
). Cleanup Now (
) ,
OfficeScan TrendLabs. , Select Un-notified Computers ( ).
,
Computer Name ( )
. , Cleanup Now (
),
:
:
1.
, Cleanup Now (
).
3-9
Trend Micro™ OfficeScan™ 7.0
Stop Notification ( , ), ,
2. ( ,
3-10
). Cleanup Now . Cleanup Now ( .
)
«
«
»
,
«
»
» «
»
: (
1.
,
, Now (
Scan
))
« .
»
2. «
»
, . «
»
:
Clients (
1.
).
Client (
)
. ,
2. ,
. . Scan Options (
3. 4.
).
,
. .
5.
Scan for Spyware/Grayware ( ). ). Clients ( ). Clients ( . Global Client Settings ( Global Client Settings ( Enable Damage Cleanup Services to clean Spyware/Grayware (running applications only) ( « » ( )). Э DCS « » «
6. 7. 8. 9.
» Save (
) ). ).
-
3-11
Trend Micro™ OfficeScan™ 7.0
.
OfficeScan. , OfficeScan Enable
, 10. , Exclusion list for Spyware/Grayware ( « »
), :
Type ( .
a.
)
«
: (Э
«
»
Spyware/Grayware Encyclopedia » Trend Micro. ,
),
.
«
b.
»
. ,
c. Search (
)
. ADD (
d.
). . ,
e. Save (
11.
)
Save (
).
Global Client Settings (
). «
12.
» ,
, OfficeScan
(
.
. 7-2). OfficeScan
: « « Clean Ratio (
»
. »
Spyware «
«
3-12
»
»
)( . . 3-13).
«
»
,
«
OfficeScan
:
»
«
» -
(
.
. 2-40).
« «
»
» «
»
( «
»
)
,
.
, «
»
. Spyware Clean Ratio (
«
»
)
, ,
,
,
. «
Summary (
3.
:
Summary ( ).
1. 2.
»
Online Client Virus Clean Ratio ( ) Clean Ratio ( « View Uncleaned Clients ( )
).
Spyware ).
» ,
, «
»
. Refresh (
4.
).
: .
3-13
Trend Micro™ OfficeScan™ 7.0
«
» , »
« .
Trend Micro
,
«
»
: •
OfficeScan (
. . 3-11).
«
•
»
,
: (EULA)
, ; No (
) , ,
-
; (
), ;
•
Web, . Trend Micro ,
Tools ( Security (
ActiveX . Internet Explorer (IE), ) > Internet Options ( ) -
,
Sites... (
)> .
) .
•
Microsoft Outlook, Outlook
, ,
, «
3-14
HTML, .
»
.
«
»
,
«
»
• .«
» ,
,
,
MP3.
•
, , «
,
»
. ,
OfficeScan, ,
, Trend Micro:
http://subwiz.trendmicro.com/SubWiz.
Trend Labs
. , :
[email protected]
. Trend Micro
. 9-22.
•
Windows, Microsoft. -
Microsoft.
3-15
4
-
OfficeScan -
IP-
, .
,
. : -
• • • • •
. 4-2
-
. 4-2 -
OfficeScan
. 4-3
. 4-4 . 4-5
• •
. 4-6 OfficeScan
. 4-7
4-1
Trend Micro™ OfficeScan™ 7.0
-
. -
OfficeScan ;
,
-
. -
:
Administration ( ). ).
1. Console Password ( Console Password (
Old password (
2.
(
3. password ( (
)
24
)
), )
Save (
4.
) > Set Set . New Confirm password .
). Trend Micro .
: –
OfficeScan.
-
-
: Trend
Micro. , -
. .
4-2
,
OfficeScan
-
:
Administration (
1. Intranet Proxy ( Proxy ( -
-
)> Intranet
). ).
Enable Internet Proxy (
2.
-
). -
3.
.
Use SOCKS 4
SOCKS 4, SOCKS 4).
( -
4.
, .
Save (
5.
).
OfficeScan OfficeScan
-
. -
.
OfficeScan. -
(
,
IIS), OfficeScan, -
.
,
IPIP-
:
,
IP, OfficeScan. Trend Micro
IP(FQDN) ,
IP-
.
,
.
4-3
Trend Micro™ OfficeScan™ 7.0
-
:
Administration ( Web Server (
1. Server (
-
).
IP-
2.
) > Web -
OfficeScan.
,
3.
OfficeScan.
Save (
4.
).
).
: Э
,
OfficeScan OfficeScan.
.
, ,
,
. ,
,
, OfficeScan,
. . ,
OfficeScan . :
Administration ( ).
1. Inactive Clients ( ( 2.
4-4
)> Inactive Clients
). Enable automatic removal of inactive clients ( ).
,
3. OfficeScan
. Save (
4.
).
,
OfficeScan
, OfficeScan. OfficeScan . OfficeScan
:
Program Files\Trend Micro\OfficeScan Client\SUSPECT
OfficeScan
:
OfficeScan\PCCSRV\Virus -
:
OfficeScan OfficeScan,
,
, . OfficeScan .
. . 2-49 ( ). Quarantine Manager (
) ,
.
4-5
Trend Micro™ OfficeScan™ 7.0
:
Administration ( ). ).
1. Quarantine Manager ( Manager (
)> Quarantine
( ) Quarantine folder capacity ( 10240 .
2.
).
3. , single file (
Maximum size for a ). 64 Save (
4.
.
). ,
Delete All ).
Quarantined Files (
,
OfficeScan
,
. . OfficeScan
, , .
:
1.
4-6
Administration ( World Virus Tracking ( World Virus Tracking Program ( ).
)> ).
2. Yes (
), ,
Save (
3.
No (
),
.
). Trend Micro
(
)
Virus Map :
-
http://www.trendmicro.com/map
OfficeScan OfficeScan, . ,
. . OfficeScan .
Trend Micro .
:
, .
!
Ч
, . -
OfficeScan. :
Administration (
1. Database Backup ( Backup (
).
)> Database
), .
4-7
Trend Micro™ OfficeScan™ 7.0
,
2. : Enable scheduled database backup ( ).
a.
Frequency (
b.
):
•
Daily –
.
•
Weekly –
.
.
•
Monthly –
.
.
(
)
(Daily ( )),
c. Monthly (
)
), Weekly Start time ( .
, , Create folder ( ), , . ( , c:\OfficeScan\DatabaseBackup).
d.
OfficeScan
OfficeScan : c:\Program Files\Trend Micro\OfficeScan\backup\
OfficeScan
. : _
. OfficeScan ,
( e.
. UNC), .
Save (
,
). :
Administration (
1. Database Backup ( Backup (
Create folder (
4-8
), .
,
2.
)> Database
).
),
, OfficeScan
,
.
(
c:\OfficeScan\DatabaseBackup).
,
OfficeScan :
c:\Program Files\Trend Micro\OfficeScan\backup\
OfficeScan
. :
_
.
OfficeScan
, .
(
UNC), .
, ,
3. Now (
Backup
). :
1.
OfficeScan (OfficeScan Master Service).
2.
\PCCSRV\HTTPDB
. 3.
OfficeScan.
4-9
5
OfficeScan . , , . : . 5-2
• •
Virus Outbreak Monitor
. 5-11
5-1
Trend Micro™ OfficeScan™ 7.0
, . OfficeScan. !
Outbreak Prevention
.А
Outbreak Prevention. .
Outbreak Prevention,
,
OPP ».
«
,
« (
.
Outbreak Prevention Cleanup Now ( « », « Cleanup Now (
Trend Micro ), » » )
. 3-9).
, . . :
1. ).
Outbreak Prevention ( Clients ( )
.
,
2. Outbreak Prevention,
. .
, ,
5-2
.
3.
Deploy Now ( Outbreak Prevention Settings ( ).
).
4.
Outbreak prevention settings ( ) Block shared folders ( ).
5.
Settings (
).
Shared Folder Blocking (
). Outbreak Prevention,
6.
Shared Folder Blocking ) :
Settings ( . •
Read access only (
•
No read or write access (
); ,
7. 8.
Save (
).
OK. Outbreak Prevention Settings ( ) Back (
9. 10.
).
Outbreak Prevention , Activate Settings ( Outbreak Prevention (
). ). )
.
, «
»
. !
А , .
Outbreak Prevention. , ,
OfficeScan .
5-3
Trend Micro™ OfficeScan™ 7.0
,
OfficeScan, OfficeScan. . :
Outbreak Prevention ( Clients ( )
1. ).
.
,
2. Outbreak Prevention,
. .
3.
Deploy Now ( Outbreak Prevention Settings ( ).
4.
Outbreak prevention settings ( ) Block ports (
).
).
5. (
).
Settings ).
Port Blocking ( ,
6.
, port (
Block trusted
). ,
7. (
).
, Add Ports to Block (
Add Ports
). ,
8.
.
: •
Block all ports (Including ICMP) ( ICMP) – ,
, ,
(Internet Control Message Protocol – ICMP). :
Block all ports (including ICMP), . , Block trusted ports ( ) Port Blocking ( ,
5-4
).
•
Block specified ports ( ,
)–
,
. :
•
•
•
Commonly used ports ( )– , , 80 HTTP 25 (SMTP). Commonly used ports, , , , OfficeScan . All Trojan ports ( – ».
, ,
«
,
») «
Specify a port number or port range between 1 and 65535 ( 1 65535) – . , (
Incoming traffic
). ,
( (
Outgoing traffic
). ( )
Port range ( ( )).
) Port range (
Port number(s) ( , .
Port number(s) ), 1 65535. ( )), .
( )
Protocol (
,
Comments ( , •
) . (Transmission Control Protocol, TCP) (User Datagram Protocol, UDP); . ) ,
Ping protocol (Reject ICMP) ( ICMP,
. ping ( ,
ICMP)) – (ping).
5-5
Trend Micro™ OfficeScan™ 7.0
9.
OK.
10.
OK.
. Port Blocking ( : .
,
,
Outbreak Prevention ( Back ( ).
11. ) 12.
)
Outbreak Prevention , Activate Settings ( Outbreak Prevention (
). )
. . . 5-6.
Port Blocking Settings ( : •
)
Traffic direction (
)–
/
. •
Port number (
)– .
•
Traffic protocol (
•
Comments ( .
)–
: TCP, UDP
.
)– Port Blocking
(
):
1. ).
Outbreak Prevention ( Clients ( )
.
,
2. Outbreak Prevention,
. .
3.
5-6
Deploy Now ( Outbreak Prevention Settings ( ).
).
Outbreak prevention settings ( ) Block ports (
4.
).
5. (
).
Settings ).
Port Blocking ( Edit (
6.
)
. (
, Port Blocking Settings
). /
7.
, ; Port number(s) ( .
8. (
) , , TCP, UDP
9.
Port range ( )
( ))
Protocol (
).
( ). TCP/UDP
Comments (
10.
.
)
( ), ( ).
11.
.
OK. Port Blocking (
12.
)
OK.
. OfficeScan
, . :
1. ).
Outbreak Prevention ( Clients ( )
.
,
2. Outbreak Prevention,
. .
3.
Deploy Now ( Outbreak Prevention Settings ( ).
).
5-7
Trend Micro™ OfficeScan™ 7.0
Outbreak prevention settings ( ) Deny write files and folders ( ).
4.
5.
Settings (
).
Deny Write Settings (
). 6. , ).
(
Directory path ,
C:\Windows\System32.
,
.
,
(;).
, Add ( ). Protected directories ( ). , Protected directories ( ,
) .
: OfficeScan
.
Protected directories (
) .
: •
All files in the protected directories ( );
•
Files in the protected directories with the following extensions ( ). Extensions list ( ,
,
) .
, Add (
, ). (;).
, Files to
Protect (
). Save (
7. .
5-8
).
8.
OK. Directories ( ).
Protected )
Outbreak Prevention Settings ( ) Back (
9. 10.
Deny Write Settings (
Outbreak Prevention , Activate Settings ( Outbreak Prevention (
). ). )
.
. :
1. ).
Outbreak Prevention ( Clients ( )
.
,
2. Outbreak Prevention,
. .
Deploy Now ( Outbreak Prevention Settings ( ).
3.
4.
).
When OPP is enabled, display the following message on the OfficeScan clients ( OPP OfficeScan ).
5. . Activate Settings (
6. ).
5-9
Trend Micro™ OfficeScan™ 7.0
: OfficeScan ,
, Windows NT ( . . 2-44).
,
SNMP
, , ,
Outbreak Prevention.
Outbreak Prevention:
1. ). 2.
Outbreak Prevention ( Clients ( ) ,
.
Outbreak Prevention,
. .
3.
Restore ( Restore Outbreak Prevention Settings ( ).
).
,
4. Outbreak prevention disabled alert message ( ). Alert message ( Restore to normal ( Outbreak Prevention Policy ( ) ,
5. 6.
). ). ,
. , OPP
, .
5-10
Outbreak Prevention
,
,
OfficeScan , Automatically restore network settings to normal after { }
:
hours ( {}
)
Outbreak Prevention Settings ). .
( 48
Virus Outbreak Monitor OfficeScan ,
. , .
OfficeScan
, .
Virus Outbreak Monitor:
1. ). ).
Virus Outbreak Monitor ( Virus Outbreak Monitor ( Enable Virus Outbreak Monitor ( ).
2.
Alert Criteria for Virus Outbreak Monitor ( ) ( .Э , .
3.
),
, Trend Micro
: ,
,
10 (№
/10), .
4.
Send a notification via email if alert criteria are met ( ).
5-11
Trend Micro™ OfficeScan™ 7.0
,
5. Alert message settings ( •
SMTP –
•
Port Number ( OfficeScan 25).
•
To –
•
From –
•
Subject –
•
Message –
): . )–
, ( . . . . Save (
6.
).
Virus Outbreak Monitor:
Current Status (
1.
)
, .
Outbreak Monitor Records (
(CSV)
2. Export to CSV (Э .
CSV).
3. , 4. CSV-
Open (
Save ( . :
5-12
Virus ).
).
),
CSV .
6
, . : . 6-2
• • •
. 6-9 . 6-13 . 6-14
• •
. 6-25
6-1
Trend Micro™ OfficeScan™ 7.0
: –
1. , ,
. –
2. .
,
, .
,
, ,
HTTP-
,
,
-
.
–
3.
(
),
, , . –
4. ,
.
: OfficeScan
Trend Micro .
,
.
№ 20473 : http://kb.trendmicro.com/solutions/search/main/search/s olutionDetail.asp?solutionId=20437
6-2
, ,
.
: •
Security level (
)–
,
/ •
.
Enterprise Client Firewall settings ( )–
, ,
•
An exception list (
.
)–
.
, IP-
. . Security level (
),
. : •
Action (
)–
, .
•
Direction (
)– .
•
Protocol (
•
Port(s) (
)–
: TCP, UDP, ICMP.
( )) –
, .
•
Computers (
)–
, .
6-3
Trend Micro™ OfficeScan™ 7.0
,
HTTP ( ,
-
,
80). .
OfficeScan
, , . OfficeScan .
, , . :
•
An associated policy (
)– .
•
Client criteria (
)–
, :
IP address (IPIP,
)– IPIP-
,
. Domain (
)–
, OfficeScan.
Machine name ( .
)–
Platform (
)– , Windows Server (NT/2000/Server 2003) Windows Workstation (NT/2000/XP). Logon Name (
)–
, .
Client status (
)– .
6-4
. •
User Privileges (
)– : ,
;
,
.
OfficeScan
:
. ,
, OfficeScan
, .
,
.
, , . ,
, -
Cisco NAC Trust Agent Microsoft Exchange.
ScanMail
-
Cisco Trust Agent for Cisco NAC
, / UDP 21862
Cisco Trust Agent (CTA).
6-5
Trend Micro™ OfficeScan™ 7.0
, TMCM
/
-
TCP/UDP 80 10319. ScanMail for Microsoft Exchange (SMEX)
Control Manager ,
/
-
TCP 16372 InterScan Messaging Security Suite (IMSS)
, / TCP 80
DNS
TCP/UDP
53
NetBIOS
TCP/UDP
137,138,139,445
HTTPS
TCP
443
HTTP
TCP
80
Telnet
TCP
23
SMTP
TCP
25
FTP
TCP
21
POP3
TCP
110
6-6
SMEX IMSS
.
: , .
, All clients profile (
)
,
Windows NT/2000/XP/Server
2003,
, .
, : •
(
);
•
(TCP/UDP/ICMP);
•
;
•
.
( .
. 1-7).
.
6-7
Trend Micro™ OfficeScan™ 7.0
,
OfficeScan. Э .
. . ,
,
,
.
,
,
, .
(IDS).
IDS, ,
. : Too Big Fragment ( ), Ping of Death (" "), Conflicted ARP ( ), SYN flood ( ), Overlapping Fragment ( ), Teardrop ( ), Tiny Fragment Attack ( ), Fragmented IGMP ( ), LAND attack ( )
(Firewall Outbreak Monitor) , Firewall Outbreak Monitor ,
6-8
.
Enterprise OfficeScan.
Client Firewall Enterprise Client Firewall .
, , ,
(
. 2-68).
. :
, Trend Micro Windows XP, Connection Firewall™.
Internet
. , ,
–
,
. Internet Connection
Firewall
.
Microsoft.
, . :
Enterprise Client Firewall ( ) > Policy List ( ). ).
1. List (
Policy
.
2. .
Add ( Policy Editor ( 3.
).
). .
6-9
Trend Micro™ OfficeScan™ 7.0
/
4. Security Level (
).
Enable Firewall (
5.
). /
,
, . : , ,
Local Personal Firewall ) .Э
settings (
-
OfficeScan.
(
) -
, Network card list .Э OfficeScan.
Local Personal Firewall settings ) , .
( -
,
6.
, Exception ( :
Add ( ).
a.
).
Edit Exception (
.
b. Action (
c.
)
, .
Direction ( : Inbound (
d. ).
6-10
,
) )
Outbound (
).
Protocol (
e.
) :
•
All (
•
TCP/UDP (
•
TCP;
•
UDP;
•
ICMP.
); );
,
f. •
All ports (
•
Range (
•
Specified (
:
)(
);
):
; ):
. .
Computers ( ) , Deny all network traffic ( ) (Inbound ( ) Outbound ( ,
g.
IP-
IP.
, ))
,
, (
)
IP-
.
: •
All IP addresses (
•
Single IP (
•
IP range (
•
Subnet mask (
IP-
IP-
)( ): ;
IP-
IP-
Save (
h.
);
Resolve ( IP-
):
); IP-
):
IP-
).
; .
Policy Editor (
), . ,
7. .
6-11
Trend Micro™ OfficeScan™ 7.0
Save (
8.
).
Policy List ( .
Enterprise Client Firewall ( ) > Profile List ( ). ).
9. Profile List (
Add (
10. Profile Editor (
).
).
OfficeScan Enable this profile (
11.
),
OfficeScan, ). ,
12.
.
Use the following policy ( ,
13.
), .
,
14.
OfficeScan
. : •
IP address (IP-
): IP:
•
Single IP (
IP-
•
Range ( From ( )
• •
( ).
):
IP-
): To (
Subnet (
Domain (
( )
;
IP);
):
IPOfficeScan
): ,
. .
( ). Go to client console (
). •
Machine name (
):
(
)
, ( •
).
Platform ( (
): )
:
6-12
( ). Go to client console
•
Windows Server (NT/2000/Server 2003);
•
Windows Workstation (NT/2000/XP).
, ( ).
•
Logon Name (
):
, .
, •
(;).
Client status (
): OfficeScan –
(online)
(offline). :
•
Online (
•
Offline (
); ).
User Privileges ( :
15. •
)
Allow user to change security level ( ): ;
•
Allow user to edit traffic exception list ( ): , .
16.
Save (
).
17.
, Deploy to Clients (
Profile List (
). ,
).
,
OfficeScan. :
Clients ( .
1. (
) ,
2. 3. (
Firewall view ( ).
).
Clients . )
Client tree view
6-13
Trend Micro™ OfficeScan™ 7.0
4.
, « ». Detection System ( IDS
Firewall ( ), «
,
5.
) Intrusion ,
».
,
. Acting Policy (
).
. .
. 6-9.
.Э .
, . :
1. List (
Enterprise Client Firewall ( ) > Policy List ( ). ). Add (
2.
Policy
).
, Edit (
/ Security Level (
4. •
6-14
).
.
3.
High (
): ,
): , .
•
Medium (
): ,
, .
•
Low (
): ,
, .
5. : •
Enable Firewall (
•
Enable Intrusion Detection System ( );
•
Enable Alert Message (
);
): ( . 2-47).
. : , ,
Local Personal Firewall ) .Э
settings (
-
OfficeScan.
(
) -
Local Personal Firewall settings ) , .
( -
6.
, Network card list .Э OfficeScan.
Exception (
,
) , .
6-15
Trend Micro™ OfficeScan™ 7.0
Save (
7.
).
, IP.
. ,
. ,
. :
•
Restrictive (
)–
,
. – , « , OfficeScan).
•
Permissive (
,
»( «
»,
, .
)– , .
, OfficeScan
-
.
(
OfficeScan) ,
HTTP.
« »( ) OfficeScan, Clients ( ) > View Status ( ) > Expand All ( ). Port ( )– « »( ) « »( ) OfficeScan, Administration ( Web Server ( ). Port ( ) " "( ) . -
6-16
. )>
: (Exception Template Editor), , , (Policy Editor) ( .
, . 6-14).
:
Enterprise Client Firewall ( ) > Policy List ( ). ).
1. List ( 2.
Edit exception template ( Exception Template Editor ( )
3.
Add (
Policy ).
.
). .
4. Action (
5.
)
:
•
Allow all network traffic (
•
Deny all network traffic ( Direction ( Outbound ( .
6.
)
•
All (
•
TCP/UDP (
•
TCP;
•
UDP;
•
ICMP.
Inbound (
), . .
Protocol (
7.
); ). )
,
)
:
); );
,
8. •
All ports (
•
Range (
•
Specified (
:
)(
);
):
; ):
. .
6-17
Trend Micro™ OfficeScan™ 7.0
9.
Computers ( ) , Deny all network traffic ( (Inbound ( ) Outbound ( , , IP•
All IP addresses (
•
Single IP (
IP-
IP; Resolve (
•
IP range (
•
Subnet mask ( Save (
10.
IP.
, )
))
IP, (
)
. :
)(
);
):
IPIP);
IP-
):
IP-
):
IP-
; .
).
:
Enterprise Client Firewall ( ) > Policy List ( ). ).
1. List (
Edit exception template ( Exception Template Editor ( )
2.
Policy ).
.
,
3. Delete (
4.
).
.
OfficeScan
( )
. :
1. List ( 2.
6-18
Enterprise Client Firewall ( ) > Policy List ( ). ). Edit exception template ( Exception Template Editor ( )
Policy ).
.
,
3. . Move up (
4.
)
Move down (
). . :
: •
Save as Template (
): .
, ,
, ,
. •
Save and Apply to All Existing Policies ( ): . ,
, , ,
.
,
.Э
,
. OfficeScan. OfficeScan
:
. ,
, OfficeScan
, .
,
.
6-19
Trend Micro™ OfficeScan™ 7.0
: .
,
, ,
,
,
, ,
,
.
:
1. Profile List (
Enterprise Client Firewall ( ) > Profile List ( ). ). ,
2.
Add (
).
, Edit (
).
OfficeScan Enable this profile (
3.
OfficeScan, ). ,
4.
.
Use the following policy (
5.
) ,
. ,
6.
OfficeScan :
. •
IP address (IP-
): IP:
•
Single IP (
IP-
•
Range ( From ( )
• •
( ).
):
IP-
): To (
Subnet (
Domain (
( )
): ): ,
;
IP); IPOfficeScan
. .
( ). Go to client console (
). •
Machine name (
):
( ,
(
6-20
).
)
( ). Go to client console
•
Platform ( (
): )
, ( ).
:
•
•
Windows Server (NT/2000/Server 2003);
•
Windows Workstation (NT/2000/XP).
Logon Name (
):
, .
, •
(;).
Client status (
): OfficeScan –
(online)
(offline). :
•
Online (
•
Offline (
); ).
User Privilege ( :
7. •
)
Allow user to change security level ( ): ;
•
Allow user to edit traffic exception list ( ): , . Save (
8.
). :
1. Profile List (
Enterprise Client Firewall ( ) > Profile List ( ). ). ,
2. Move up (
3.
. )
Move down (
).
6-21
Trend Micro™ OfficeScan™ 7.0
:
Enterprise Client Firewall ( ) > Profile List ( ). ).
1. Profile List ( 2. ( ),
Overwrite client security level/exception / ).
list ( :
(User Privilege)
, /
(
.
7 :).
. 6-21
Overwrite client security level/exception list / ),
( ,
, , .
Deploy to clients (
3.
). Deploy to clients (
:
),
OfficeScan
, ( )
.
Firewall Outbreak Monitor ( ) .
,
6-22
Firewall Outbreak Monitor , OfficeScan . , OfficeScan .
Firewall Outbreak Monitor:
Enterprise Client Firewall ( ) > Firewall Outbreak Monitor ( ). Enable Firewall Outbreak Monitor (
1.
2. 3.
4. 5.
Firewall Outbreak Monitor). Alert Criteria for Firewall Outbreak Monitor ( Firewall Outbreak Monitor) , , : • IDS logs ( IDS); • Firewall logs ( ); • Network virus logs ( ). , OfficeScan . : a. Send a notification via email if alert criteria are met ( ). Alert Message Settings ( :
b. • • •
IP-
SMTP: Port Number ( 25). To:
) SMTP-
.
):
SMTP-
(
. (;).
• • •
(
From: «OfficeScan»). Subject ( ): Monitor Alert»). Message ( ):
(
«Firewall Outbreak ( , ).
6.
Save (
).
6-23
Trend Micro™ OfficeScan™ 7.0
,
. OfficeScan
! . , .
, . :
(
1. . 6-14). ,
.
,
, Low (
a.
:
:
)
(Default security
level). Enable Firewall (
b. Alert Message ( Settings (
) Enable Client Firewall ).
) ,
c. (
HTTP-
HTTPS-). ,
2.
, .
( . 6-19). 3.
Deploy to Clients ( .
4.
( . 6-13).
),
.
5. ,
6-24
.
, ,
-
. ,
(
. 2-47).
.
-
OfficeScan ,
,
. :
Enterprise Client Firewall ( ) > Policy List ( ). ).
1. List (
Add (
2.
Policy
).
.
3.
Enable Firewall (
4.
).
5.
Save (
6.
Enterprise Client Firewall ( ) > Profile List ( ). ).
Profile List (
,
7.
).
Add (
).
OfficeScan Enable this profile (
8.
OfficeScan, ). ,
9.
.
Use the following policy (
10.
), . ,
11. . Save (
12.
). ,
13. Clients (
,
Deploy to
).
6-25
Trend Micro™ OfficeScan™ 7.0
, Product License (
). :
Administration ( ).
1. Product License ( (
(
6-26
). Install Enterprise Client Firewall ( ) License information ).
2.
3.
)> Produce License
Apply (
).
7
, OfficeScan
. : . 7-2
• • • •
. 7-2 . 7-4 . 7-4
•
. 7-5
•
. 7-6
• •
. 7-7 . 7-7
7-1
Trend Micro™ OfficeScan™ 7.0
OfficeScan
, . .
,
. CSV
:
,
,
Microsoft Excel.
OfficeScan
:
•
Virus Logs (
);
•
Server Update Logs (
•
Client Update Logs (
); );
•
System Event Logs (
•
Verify Connection Logs (
);
•
Enterprise Client Firewall Logs ( ).
);
OfficeScan . : •
:
OfficeScan
•
:
•
:
.
OfficeScan. ( ),
•
( )
:
OfficeScan.
,
. •
7-2
:
( ),
( )
.
•
:
OfficeScan, (
, ).
•
: OfficeScan
, . :
Logs (
1. ).
Clients (
) > Virus Logs ( ).
2. . . OfficeScan clients ( View Virus Logs (
3.
Time (
4.
)
).
Select a time period ( Specify a range .
) (
OfficeScan).
)
5.
Scan Types (
). Sort by (
6. ).
:
•
Date and time (
•
Computer name (
);
•
Virus name (
);
•
Scan type (
);
•
Scan result (
);
). View Logs (
7.
). (CSV)
8. Export to CSV (Э CSV
CSV). .
7-3
Trend Micro™ OfficeScan™ 7.0
. :
Logs (
1. ).
Clients (
) > Virus Logs ( ).
2. . . Delete Logs ( ).
3. Delete Logs (
).
(
4.
)
Select log types ( Deletion (
5.
). )
.
: •
Delete all log content in the selected log types ( );
•
Delete logs older than { } days ( Delete logs older than { } days ( {} ), . «20», OfficeScan , . ,
6.
Apply (
OfficeScan
{}
).
, ,
20
).
. . :
1.
7-4
Logs ( ) > Server Update ( Update Logs ( :
) > Update Logs ( ). ),
Server
•
;
•
;
•
;
•
. (CSV)
2. Export to CSV (Э
CSV).
CSV
.
.Э
OfficeScan . :
1.
Logs ( ) > Client Update ( Client Update Logs ( : •
) > Update Logs ( ). ),
;
•
;
•
;
•
. Display results per page ( ,
2.
) .
3. (
/
)
Time/Date ).
Update Components (
, :
1.
View ( ) Progress ( Client Update Progress (
2.
, 15-
,
). ). .
7-5
Trend Micro™ OfficeScan™ 7.0
:
View ( ) Detail ( Client Update Detail ( ) , .
1.
2. ( received ( )
). OfficeScan,
: Computer name ), Notification sent ( ), Notification ), Update completed ( Update Source ( ). (CSV)
3. Export to CSV (Э
CSV).
CSV
.
OfficeScan
.Э
,
,
, ,
OfficeScan. :
Logs ( ). )
1. ( (
) > System Event Logs System Event Logs .
Display results per page ( ,
2.
) .
3. ( (
/
), Computer Name ( ).
)
(CSV)
4. Export to CSV (Э CSV
7-6
: Time/Date Event Description
CSV). .
,
OfficeScan, . :
Logs ( ). ),
1. ( (
) > Verify Connection Logs Verify Connection Log
,
,
IP-
,
. Display results per page ( ,
2.
) . : Time/Date ), Domain ( ), IP
3. ( / ), Computer Name ( Address (IP) Status (
). (CSV)
4. Export to CSV (Э .
CSV).
• , •
Save ( .
CSV5.
Open (
Save (
OfficeScan,
).
), ).
Enterprise Client Firewall,
.Э . OfficeScan.
7-7
Trend Micro™ OfficeScan™ 7.0
OfficeScan:
Logs ( Clients (
1. ).
) > Firewall Logs ( )
.
,
2.
, . .
, ,
,
, IP-
,
. ., . Client Notification ( Client Notification for Firewall Logs ( ).
3.
Notify (
4.
).
). :
Logs (
1.
) > Firewall Logs ( ). Enterprise ),
) > View Logs ( Client Firewall Logs ( : •
;
•
,
;
•
;
•
;
•
;
• •
; ;
• 2. 3.
7-8
. Display results per page ( ,
) . .
(CSV)
4. Export to CSV (Э .
CSV).
• , •
Open (
Save ( .
CSV-
).
),
. OfficeScan . :
Logs (
1. ( (
). ).
) > Log Maintenance Log Maintenance ,
2.
Enable ).
scheduled deletion of logs ( Log type(s) to delete ( ,
3.
) .
Log entry deletion criteria ( ) , :
4.
•
Delete all log content in the selected log types ( );
•
Delete logs older than { } days (
.
{}
).
Delete logs older than { } days ( {}
),
.
Schedule (
5.
)
: •
Daily (
);
7-9
Trend Micro™ OfficeScan™ 7.0
•
Weekly, every { } (
•
Monthly, on day { } (
,
{ }); ,
{}
Weekly (
),
Monthly (
),
).
. . Start time (
) .
6.
7-10
,
Save (
).
8
OfficeScan OfficeScan,
,
. Э
:
•
– (
. 8-3).
.
•
– (
.
. 8-10). OfficeScan
(
.
. 8-20).
8-1
Trend Micro™ OfficeScan™ 7.0
, OfficeScan,
.
8-1. ,
: OfficeScan. .
, OfficeScan, . 8-20.
Login Script Setup (
.
Client Packager (
): . 8-10)
): , OfficeScan (
.
OfficeScan (
. 8-3)
Vulnerability Scanner ( ):
.
Image Setup Utility (
):
OfficeScan (
.
(
. 8-3)
Server Tuner ( OfficeScan (
): .
.
. 8-11)
Restore Encrypted Files ( ):
, ,
. 8-9) OfficeScan ( Client Mover I ( OfficeScan
.
. 8-11) I):
(
. 8-14) ):
Touch Tool ( (
.
,
. 8-15)
ServerProtect Normal Server Migration Tool: ServerProtect Normal Server OfficeScan ( .
8-1.
8-2
OfficeScan
. 8-16)
: Э
-
OfficeScan.
.
.
OfficeScan:
Login Script Setup (
)
Login Script Setup OfficeScan Login Script Setup
,
. autopcc.exe. :
autopcc.exe
• OfficeScan; •
. OfficeScan.
Vulnerability Scanner (
)
Vulnerability Scanner . Vulnerability Scanner .
, Vulnerability Scanner
:
•
DHCP,
DHCP Scan
Vulnerability ;
• , •
; ,
. Trend Micro (
8-3
Trend Micro™ OfficeScan™ 7.0
OfficeScan, ServerProtect Windows NT Linux, ScanMail Microsoft Exchange, InterScan Messaging Security Suite PortalProtect) ( Norton AntiVirus Corporate Edition 7.5 7.6 McAfee VirusScan ePolicy Orchestrator); • OfficeScan
, ServerProtect
, Windows NT;
•
.
•
(
•
)
OfficeScan Windows NT/2000/XP ( Professional)/Server 2003. Vulnerability Scanner, .
. Vulnerability Scanner
TMVS. Vulnerability Scanner
,
,
TMVS \PCCSRV\Admin\Utility
.
: Vulnerability Scanner Windows 2000 Server 2003; Terminal Server. OfficeScan, OfficeScan Vulnerability Scanner. Vulnerability Scanner OfficeScan OfficeScan.
Vulnerability Scanner
, TMVS
\PCCSRV\Admin\Utility
8-4
.
,
,
Vulnerability Scanner:
1.
, OfficeScan, OfficeScan > PCCSRV >Admin > Utility > TMVS. TMVS.exe. Vulnerability Scanner. Settings (
2.
).
Settings (
Product Query ( ,
3.
:
).
)
. Check for all Trend Micro products ( Trend Micro). Trend Micro InterScan Norton AntiVirus Corporate Edition, , Vulnerability Scanner, Settings ( ) . 4. ,
Description Retrieval Settings ( . (Normal retrieval) .
Normal retrieval ( computer descriptions when available ( ), Vulnerability Scanner .
)
),
Retrieve
5. Email results to the system administrator ( ) Alert Settings ( Configure ( )
),
. •
To (
•
From (
)
. )
. ,
, .
•
SMTP server ( SMTP) , smtp.company.com. SMTP.
SMTP-
.
8-5
Trend Micro™ OfficeScan™ 7.0
•
Subject ( .
) ,
OK.
6. Display alert on unprotected computers ( ). ,
Customize ( ). .
Message (
).
Alert
OK.
7. (CSV) (
Automatically save the results to a CSV file CSV). TMVS. CSV Browse ( ). Browse for folder
CSV , (
). OK. Vulnerability Scanner .
8. (
Ping Settings
) .
Packet size (
)
(
Timeout text
) . OfficeScan
9. OfficeScan
. OfficeScan, Auto-install OfficeScan Client for unprotected computers ( OfficeScan ). 10. ( (
). .
OK. ,
11. log to OfficeScan server (
8-6
Install Account Account Information ,
).
Report OfficeScan).
,
12.
OK.
Trend Micro
Vulnerability Scanner (
Trend Micro). IP-
IP Range to Check ( IP,
1.
IP-
:
) .
,
Vulnerability Scanner
IP-
B. Start (
2. Results ( Vulnerability Scanner DHCP:
(
,
).
DHCP Start ( DHCP
2.
IP-
DHCP Scan ( DHCP Start (
1.
). ).
DHCP) DHCP).
Results
DHCP). ,
. Scheduled Tasks ( / ).
1. (
) Add/Edit Scheduled Task (
). Task Name (
2. 3. IP-
)
IP Address Range ( ,
. IP-
)
. 4.
Task Schedule ( Weekly ( ( (
5.
)
) . Monthly (
Daily ( ).
)
.
)
Start time ( .
), Weekly Monthly
. ) 24-
.
8-7
Trend Micro™ OfficeScan™ 7.0
Settings ( ), Modify settings (
6.
)
Use current settings ( , ).
Modify settings ( ),
(
),
Settings
. .
4
5
«
Vulnerability Scanner:». ,
7.
OK.
Scheduled Tasks (
).
TMVS.ini:
• Debug –
.
• EchoNum –
, Vulnerability Scanner.
• ThreadNumManual –
, Vulnerability Scanner .
• ThreadNumSchedule –
, Vulnerability .
Scanner :
TMVS
1.
TMVS.ini.
2. TMVS.ini.
3.
Debug=0
,
4. Vulnerability Scanner, 1 64. , EchoNum=60.
8-8
Debug=1.
EchoNum.
60
,
5. Vulnerability Scanner , 8 64.
ThreadNumManual.
,
60
ThreadNumManual=60.
, Vulnerability Scanner
6. , 8
ThreadNumSchedule. 64.
,
60
ThreadNumSchedule=60. TMVS.ini.
7.
Server Tuner (
)
Server Tuner
.
: Э
OfficeScan
3.54
.
Server Tuner •
:
: SvrTune.exe. Server Tuner:
1. 2. 3.
Windows OfficeScan \PCCSRV\Admin\Utility\SvrTune. Server Tuner Server Tuner ( Download (
SvrTune.exe.
). )
, :
• Timeout for ( • Timeout for update (
) )
8-9
Trend Micro™ OfficeScan™ 7.0
• Retry count (
)
• Retry interval (
)
Buffer (
4.
) :
• Event Buffer (
): .
• Log Buffer (
): .
Network Traffic Control (
5.
)
: • Normal hours (
)
• Off-peak hours (
)
• Peak hours (
) ,
: .
, .
OfficeScan:
Client Packager (
)
Client Packager , .
, Client Packager
, Microsoft Outlook
.
8-10
Client Packager
.
OfficeScan, ,
Client Packager, . Client Packager
OfficeScan.
Image Setup Utility (
)
OfficeScan
.
(GUID),
.
GUID OfficeScan imgsetup.exe. Image Setup Utility OfficeScan . Image Setup Utility OfficeScan.
Restore Encrypted Files ( ) OfficeScan ,
C:\Program Files\Trend
Micro\OfficeScan Client\SUSPECT.
. , ,
. ,
, .
8-11
Trend Micro™ OfficeScan™ 7.0
,
, Restore
Encrypted Files. OfficeScan Restore Encrypted Files,
:
, .
! !
Restore Encrypted Files •
:
: VSEncode.exe
•
DLL-
: Vsapi32.dll Suspect:
, Windows
1. ,
OfficeScan
\PCCSRV\Admin\Utility\VSEncrypt.
2.
.
VSEncrypt
OfficeScan,
VSEncrypt
:
Vsapi32.dll Restore Encrypted Files Vsapi32.dll.
3. VSEncrypt. Restore Encrypted Files
4. •
:
Suspect;
• -d:
Suspect;
• -debug: ;
8-12
:
• /o:
, ;
• /f: {
}:
;
• /nr:
.
,
Suspect VSEncode [-d] [-debug].
. .
:
Restore Encrypted Files
:
• VSEncrypt.log – . ,
(
,
• VSEncDbg.log –
C:). .
, (
,
C:),
-debug.
VSEncode.exe
:
,
1.
, .
,
C:\My
Documents\Reports Documents\Reports\*.*.
.INI
.TXT;
C:\My
,
ForEncryption.ini
C:.
Restore Encrypted Files
2.
VSEncode.exe -d -i {
INI
TXT} –
. INI
TXT}, INI
{ TXT (
,
C:\ForEncryption.ini).
8-13
Trend Micro™ OfficeScan™ 7.0
Client Mover I (
I)
Client Mover OfficeScan,
.Э OfficeScan, OfficeScan.
,
.
: Client Mover I OfficeScan 5.58 6.5,
6.5,
OfficeScan 5.58 .
Client Mover I:
OfficeScan
1.
:
\PCCSRV\Admin\Utility\IpXfer
2.
,
IpXfer.exe
. 3. ,
. Client Mover,
4.
:
IpXfer.exe -s < _ -c < _ _
> -p
-m 1
>
:
=
OfficeScan (
,
).
= «
»(
«
OfficeScan.
, ( «
1 = HTTP-
8-14
»(
OfficeScan ) > Web Server ( )
(
«1»
-
)
»( Administration ). -
Port ( . «-m»).
) )-
=
«
»(
, ,
OfficeScan Expand All ( « »(
Clients ( ). )
.
) , ) > View Status ( Port ( .
)> )
5. : a. OfficeScan . b.
OfficeScan. .
c. ,
d.
/
OfficeScan,
.
: OfficeScan,
, (ofservice.exe).
Touch Tool (
)
Touch Tool . Touch Tool (
, Trend Micro) OfficeScan. OfficeScan
,
. Touch Tool:
1.
OfficeScan
:
\PCCSRV\Admin\Utility\Touch
8-15
Trend Micro™ OfficeScan™ 7.0
2.
,
TMTouch.exe
,
. Touch Tool. Touch Tool.
3. :
4.
TmTouch.exe
:
=
(
,
),
=
,
.
, . («*»),
: .
5.
dir
Windows Properties (
).
ServerProtect Normal Server Migration Tool ( ServerProtect Normal Server) ServerProtect Normal Server Migration Tool Windows, Server OfficeScan.
Normal Server Migration Tool
8-16
ServerProtect Normal
ServerProtect OfficeScan.
Windows NT/2000/XP/Server 2003. OfficeScan ServerProtect Normal Server.
ServerProtect Normal Server OfficeScan.
Server Protect Normal Server Migration Tool •
SPNSXfr.exe
SPNSX.ini
PCCSRV\Admin
OfficeScan. / ,
.
, Guest (
),
) .
Normal user (
Server Protect Normal Server Migration Tool: SPNSXfr.exe, Server Protect Normal Server Migration Tool.
1. 2.
OfficeScan server ( OfficeScan) OfficeScan, . OfficeScan. Browse ( ) PCCSRV OfficeScan. OfficeScan, OfficeScan
.
, ,
Auto find OfficeScan server ( )(
).
ServerProtect Normal Server,
3. , computer ( •
Windows network tree ( .
Target ): Windows): ,
, .
8-17
Trend Micro™ OfficeScan™ 7.0
•
Information Server name (
): .
,
.
, .
•
Certain Normal Server name (
): .
,
Normal Server.
Normal Server, .
•
IP-
IP range search: , IP-
IP range ( B.
. IP-
)
DNS
: .
,
,
.
Windows Server
4. 2003, 5.
Include Windows Server 2003 ( Windows Server 2003).
Windows Server 2003 Restart Windows Server 2003 computers ( Windows Server 2003). Windows 2003 . . Restart Windows Server 2003 computers ( Windows Server 2003), . Search (
6.
).
ServerProtect Normal Servers .
Server list (
7.
)
,
: •
8-18
Select All (
);
•
Unselect All ( );
•
.CSV,
(Э
,
: Use group account/password ( ).
a. / b.
Set User Logon Account ( ). Administration Information (
Enter ).
.
c. d.
Export to CSV
CSV).
OK. Ask again if logon is unsuccessful ( ),
e.
, . 8.
Migrate (
).
: ServerProtect Normal Server Migration Tool Manager ServerProtect. , , Control Manager.
Control ServerProtect /
OfficeScan .
,
. -
OfficeScan. : NetBIOS,
455,337~339
; RPC; Remote Registry Service.
8-19
Trend Micro™ OfficeScan™ 7.0
OfficeScan :
Client Mover II Client Mover II HTTPI, Windows.
HTTP-
OfficeScan.
Client Mover , Client Mover II
OfficeScan -
OfficeScan ( OfficeScan
. . 2-11).
Database Backup (
)
Database Backup OfficeScan,
OfficeScan. -
.
( OfficeScan
. 4-7.)
Database Packer (
)
Database Packer
OfficeScan .
OfficeScan
, .
Icon Cleaner ( Icon Cleaner
8-20
) OfficeScan.
OfficeScan, OfficeScan, . (
-
.
. 2-38).
Network Scan Switch ( ) Network Scan Switch . ( . 2-49).
.
Register Shell (
)
Register Shell Windows
Manual Scan .
Manual Scan
Windows OfficeScan
Client Settings ( Clients ( ) > Global Client Settings ( ( .
Remote Agent (
Global
). ) ).
)
Remote Agent Trend Micro ActiveUpdate, ActiveUpdate OfficeScan.
OfficeScan.
OfficeScan (
,
), , .
8-21
Trend Micro™ OfficeScan™ 7.0
)
Update Source ( ) .
Update Agent (
Client ( . 2-21,
Packager . OfficeScan
. 2-16, OfficeScan).
GUID Changer (
GUID)
GUID Changer (GUID). ,
Image Setup Utility, ,
, GUID.
OfficeScan GUID ( )
8-22
. 8-11).
Image Setup Utility. . Image Setup Utility (
9
,
,
, OfficeScan. :
•
Ч
. 9-2
• •
. 9-8 Trend Micro
. 9-22
9-1
Trend Micro™ OfficeScan™ 7.0
.
, OfficeScan? . OfficeScan
:
http://www.trendmicro-europe.com/download/
,
OfficeScan? ,
,
-
:
http://kb.trendmicro.com/solutions/search/main/search/solutionD etail.asp?solutionID=16326
OfficeScan «
,
»
? ,
OfficeScan
, ,«
»
, Trend Micro . OfficeScan , . OfficeScan SQL.
9-2
OfficeScan
? SQL-
.
,
OfficeScan
, (NAT)?
.
,
, NAT ( NAT
OfficeScan? .
PCCSRV
.
. 2-35).
OfficeScan OfficeScan
, .
. К ? (
.
.
6-24). К ? Overwrite client security level/exception list ( / ) Profile List (
),
, ,
.
, ,
(
,
.
. 6-19).
OfficeScan OfficeScan Trend Micro ActiveUpdate. ,
?
.
9-3
Trend Micro™ OfficeScan™ 7.0
К
? Trend Micro
, . Automatic Update
(
). OfficeScan
-
Trend Micro? Trend Micro ActiveUpdate
,
OfficeScan
. OfficeScan
?
Э
. OfficeScan
250 250 250
, , (
.
. 2-21). К
,
OfficeScan, ?
,
OfficeScan, Trend Micro ActiveUpdate.
К
? Trend Micro
(
)( . 2-30).
9-4
.А
, . Automatic Deployment
,
, , ? •
OfficeScan Outbreak Monitor) Э
(Virus . ( .
•
OfficeScan (Outbreak Prevention),
Virus Outbreak Monitor
. 5-11).
. (
.
. 5-9). •
OfficeScan Alert),
(Outbreak (
.
. 2-44). •
OfficeScan
(Standard Alert) (
.
. 2-42).
К
OfficeScan? .
. 1-6. «
,
»
. 3-2 , OfficeScan . OfficeScan (
, .
OfficeScan cookie? cookie.
.
. 3-6).
9-5
Trend Micro™ OfficeScan™ 7.0
К
"
"
? OfficeScan
"
"
,
(Damage Cleanup Services, DCS). "
"
. ,
. "
(
. »
« . 3-1). .
"
»
,
« "
Ч
"
(grayware)? (grayware) -
,
"
", .
Э
"
" ,
, ,
-
, ,
,
.
OfficeScan . "
Policy Server (NAC)
"
.
Cisco Network Admission Control
К
Policy Server .
Policy Server
Cisco NAC « »
, ?
. Cisco NAC
, ( ).
9-6
Cisco NAC? . A-19.
,
-
OfficeScan
.
SSL?
OfficeScan SSL -
. SSL
OfficeScan
.
.
К
OfficeScan? OfficeScan
:
, readme
, OfficeScan ( , Policy Server
),
, Policy Server. OfficeScan
.
? ,
readme
:
http://www.trendmicro-europe.com/download/
Trend Micro -
,
?
Trend Micro
. , Trend Micro,
[email protected].
.
,
: www.trendmicro.com/download/documentation/rating.asp
9-7
Trend Micro™ OfficeScan™ 7.0
OfficeScan. , . : 1. . 2. . .
3. .
4.
-
5.
. .
6.
OfficeScan Windows XP Windows XP, )(
OfficeScan Simple File Sharing ( .
Windows).
OfficeScan ,
Trend Micro .
9-8
.
,
(Enterprise Client Firewall), (Damage Cleanup Services).
/
, /
, .
. , ,
-
:
http://kb.trendmicro.com/solutions/search/main/search/solutionD etail.asp?solutionID=16326&q=licensing&qp=&qt=licensing&qs=&r=2 &c=16326&sort=0
.
OfficeScan,
-
-
-
-
OfficeScan
OfficeScan.
,
,
-
.
SSL , ,
SSL
.
SSL,
. -
.
(.exe) OfficeScan.
Microsoft IIS Lockdown Tool™, (.ini) ,
, Microsoft.
9-9
Trend Micro™ OfficeScan™ 7.0
-
OfficeScan
IIS
: The page cannot be displayed ( HTTP Error 403.1 - Forbidden: Execute access is denied. ( : .) Internet Information Services (
) HTTP 403.1 , IIS)
: http://
/officescan/
http://
/officescan/default.htm
http://
/officescan/console/cgi/cgichkmasterpwd.exe
OSCE. :
(IIS).
1. OSCE
2. 3. ,
Properties (
).
Virtual Directory ( Scripts (
) ).
, .
-
.
Э
, . ,
9-10
, .
,
,
-
. -
.
Э
4 (
5 . 9-8).
.
Verify Connection.
. . 2-38. . .
. 4-4.
OfficeScan -
.
,
, , . Э
4 (
5 . 9-8).
.
:
•
OfficeScan Verify Connection . . . . 2-38. ,
•
Online.
,
, ,
.
,
Off. , ,
, .
9-11
Trend Micro™ OfficeScan™ 7.0
,
On Off. OfficeScan
.
,
. ,
: ActiveSupport Ofcdebug.log, Trend Micro. Active Support OfficeScan.
.
OfficeScan
.Э
,
. ,
411
413
-
411.
, . :
•
(ping)
telnet
,
. •
OfficeScan Verify Connection . , Online ( 2-38).
.
.
•
, .
9-12
,
,
•
-
•
,
.
: http://{И (
}:{
}/officeScan/cgi/cgionstart.exe, SSL http://{И }/officeScan/cgi/cgionstart.exe).
ENTER. }:{
.Э ,
"-2", : . Trend Micro. • , .
OfficeScan
, . •
, Tmlisten.exe
Windows NT/2000/XP/Server 2003 ОС
Pccwin97.exe Windows 95/98/Me/98 SE. ,
: ActiveSupport Ofcdebug.log,
Trend Micro. Active Support OfficeScan.
.
9-13
Trend Micro™ OfficeScan™ 7.0
-
,
•
:
(ping) .
telnet
•
, .
•
TCP/IP .
• . •
.
•
,
,
. •
-
•
,
.
: http://{И
}:{
}/officeScan/cgi/cgionstart.exe,
.Э :
ENTER.
"-2", ,
.
-
.
, . :
•
9-14
(ping) .
telnet
,
•
,
,
. •
,
\PCCSRV , .
•
-
•
OfficeScan.
-
,
http://{ _ _OfficeScan}:{ }/officeScan/cgi/cgionstart.exe
ENTER.
"-2",
.Э
:
,
.
•
OfficeScan Client Mover I, , OfficeScan (ofservice.exe)
. ,
: ActiveSupport Ofcdebug.log,
Trend Micro. Active Support OfficeScan.
.
, .
OfficeScan
9-15
Trend Micro™ OfficeScan™ 7.0
OfficeScan. : Uninstallation failed (Ош
).
: • ; • ; • ; • ; • . : •
;
•
, ;
• . :
• Add/Remove Programs ( ): .
a.
Add/Remove Programs (
b. ). c.
. d.
9-16
Remove (
).
,
• Add/Remove Programs ( ): Windows;
a. b.
HKEY_LOCAL_MACHINES\Software\Microsoft\Windows\CurrentVe rsion\Uninstall;
c. . d. MSI: •
;
•
;
•
. : Product Key.
:
.
1. (
2. ). .
3.
.
4. : ! . Trend Micro .
9-17
Trend Micro™ OfficeScan™ 7.0
.
1. Windows,
2.
. .
3. ,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
.
, . Microsoft Windows TCP/IP. :
•
. Windows (Regedit.exe).
a. :
b.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp ip\ Parameters
c.
Edit > New > DWord value.
d.
Name
e.
Edit > Modify.
f.
Base
g.
Value Data – 5000. ,
MaxUserPort.
Decimal. . Trend Micro –
•
TCP a.
9-18
OfficeScan 65534.
1
.
Windows (Regedit.exe).
.
,
:
b.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Tcpip\Parameters
c.
Edit > New > DWord value.
d.
Name
e.
Edit > Modify.
f.
Base
g.
Value Data – 240. .
TcpTimedWaitDelay. Decimal. . Trend Micro –
30
300.
MaxUserPort
: TcpTimedWaitDelay Microsoft, http://support.microsoft.com/
:
(POP3) Windows XP
IPv6, POP3
: The server name you entered can not be found on the network (it might be down temporarily). ( ( ).) IPv6:
•
Windows XP
: Windows XP,
a.
. .
b. :
c. ipv6 uninstall.
9-19
Trend Micro™ OfficeScan™ 7.0
•
Windows XP SP1
SP2: ,
a.
. b.
Start ( ) > Control Panel ( Network Connections (
)> ).
c. Properties ( d.
).
Microsoft IPv6 Developer Edition ( Windows XP SP1) Microsoft TCP/IP version 6 ( Windows XP SP2).
e.
Uninstall (
f.
OK.
).
, (NAT) (Network Address :
Translation, NAT), • •
-
; OfficeScan . , . , , (
.
. 2-68 А
. 2-30 ). :
•
OfficeScan .
9-20
,
OfficeScan, Update Now (
), ,
. , .
9-21
Trend Micro™ OfficeScan™ 7.0
Trend Micro Trend Micro . Trend Micro -
:
http://ru.trendmicro-europe.com/enterprise/about_us/contact.php -
:
.
Trend Micro -
Trend Micro :
http://www.trendmicro-europe.com/vinfo/
-
:
•
, ;
• ; Э
•
, ,
,
, ,
, ,
;
• (European Institute of Computer Anti-virus Research, EICAR), ; •
9-22
:
,
•
, «
, »,
• •
; Trend Micro; ,
(
, ), Medium (
), Low (
•
Very Low High (
)
);
. . Trend Micro’s Virus Alert,
• • . •
, . TrendLabsSM –
•
Trend Micro.
, OfficeScan ,
. Readme,
.
Readme
Trend Micro -
Trend Micro
:
http://www.trendmicro-europe.com/download/
: http://ru.trendmicro-europe.com/enterprise/support/ knowledge_base_search.php
Trend Micro
readme, , .
,
readme
, .
9-23
Trend Micro™ OfficeScan™ 7.0
,
Trend Micro , (1)
, ,
.
Trend Micro. Trend Micro -
, :
http://www.trendmicro-europe.com
: • • •
Microsoft Windows ;
Service Pack;
,
;
• ; • • •
; ; , .
Trend Micro Trend Micro -
-
, Trend Micro. ,
, . .
9-24
,
,
, ,
, ( ). .
Trend Micro, :
http://ru.trendmicro-europe.com/enterprise/support/ knowledge_base_search.php
, , . 24
,
.
Trend Micro «
Trend Micro »,
, ,«
, »
. -
Trend
Micro: http://subwiz.trendmicro.com/SubWiz
,
. ,
:
/
,
, Trend Micro Virus Response Service Level Agreement.
. .
. , :
[email protected]
9-25
Trend Micro™ OfficeScan™ 7.0
: (877) TRENDAV
877-873-6328
TrendLabs TrendLabs Trend Micro, Trend Micro. «
» TrendLabs ,
Trend Micro
.Э .
TrendLabs , . , ,
,
,
-
, (
),
. -
TrendLabs,
2000
ISO 9002. Э
Metro Manila IT park,
, . TrendLabs .
9-26
A
Cisco™ NAC Cisco Network Admission Control (NAC,
). Cisco NAC. Cisco NAC Cisco NAC. :
•
Trend Micro Policy Server
• • А
Cisco NAC . A-2
Cisco NAC
. A-5
• •
. A-2
. A-6 Policy Server
. A-8
•
. A-17
•
Policy Server
. A-19
A-1
Trend Micro™ OfficeScan™ 7.0
Trend Micro Policy Server Cisco NAC Trend Micro Policy Server (NAC) OfficeScan.
Cisco Network Admission Control
Policy Server
, . : • OfficeScan; •
;
•
Perform Scan Now ( (
Cleanup Now
);
•
, . , Policy Server,
,
,
Policy Server
. Cisco NAC
: .
-
Cisco www.cisco.com/go/nac.
Policy Server
Cisco NAC, .
Trend Micro Policy Server :
A- 2
Cisco NAC
Cisco™ NAC
• Cisco Trust Agent (CTA):
,
Cisco NAC. •
, OfficeScan.
OfficeScan:
Cisco NAC Cisco Trust
Agent. •
: Cisco NAC.
, Controller Access Control System, )
, Cisco, TACACS+ (Terminal Access
RADIUS (Remote Dial-In User Service, ). . . A-21.
Cisco
• Cisco Secure Access Control Server (ACS, , OfficeScan
):
.
ACS ,
OfficeScan. : Micro Policy Server ,
ACS Cisco NAC.
,
Trend ACS
, .
.
Cisco Secure
ACS.
•
, OfficeScan.
Policy Server: Policy Server OfficeScan.
, .
A-3
Trend Micro™ OfficeScan™ 7.0
•
OfficeScan
OfficeScan:
Policy Server, OfficeScan.
, Server
Policy
Cisco NAC:
•
: . OfficeScan
, OfficeScan .
•
:
, OfficeScan,
Policy Server
OfficeScan
,
,
. •
: .
•
, Policy Server OfficeScan.
Policy Server: ,
,
Policy Server, (
. . A-9).
Policy Server •
Policy Server: Policy Server ,
, OfficeScan. , Policy Server, ,
( Policy Server
A- 4
. . A-9).
Cisco™ NAC
Cisco NAC .
. A-1
Cisco NAC, .
Cisco Secure Access Control Server (ACS)
Server
Trend Micro Policy Cisco NAC OfficeScan
Cisco NAC
(
OfficeScan), Cisco Trust Agent
. A-1
Cisco NAC
OfficeScan (
.
.
. A-1)
Cisco Trust Agent, Cisco NAC. Cisco NAC. -
:
,
.
A-5
Trend Micro™ OfficeScan™ 7.0
OfficeScan Policy Server . .
, OfficeScan
Policy Server .
. A-2 OfficeScan
,
,
. Cisco
1:
, . 2: ACS. 3:
ACS Policy Server,
.
,
4:
,
Server
Policy
OfficeScan . . Policy Server OfficeScan.
5: 6:
,
, .
A- 6
Cisco™ NAC
Cisco Secure ACS
OfficeScan
Policy Server Cisco NAC
OfficeScan
-
-
( )
Policy Server , , .* . . *
, ,
. .
Cisco.
. A-2
A-7
Trend Micro™ OfficeScan™ 7.0
Policy Server Policy Server OfficeScan
. , . Cisco Secure ACS,
OfficeScan, Policy Server , Cisco).
(
,
, , ( Policy Server) Server. Server
OfficeScan, OfficeScan, Policy Server.
Policy Policy ,
Policy Server OfficeScan, . A-3 Policy Server.
A- 8
Policy Server. OfficeScan
.
Cisco™ NAC
Cisco Secure ACS
Policy Server
OfficeScan
OfficeScan
. A-3
Policy Server OfficeScan
Policy Server .
OfficeScan
Policy Server Policy Server
. ,
Policy Server
OfficeScan. ,
, ,
(
.
Policy Server . A-11).
OfficeScan
A-9
Trend Micro™ OfficeScan™ 7.0
. OfficeScan ,
( . . 5-2).
OfficeScan ,
, ,
. ,
,
, (
Policy Server . A-11).
.
,
:
OfficeScan ,
(
OfficeScan
.
Trend Micro
OfficeScan
. 2-11).
, , Policy Server.
,
: • Client Real-time Scan status ( ): ; • Client scan engine version currency ( ):
A-10
;
Cisco™ NAC
• Client virus pattern file status ( ): Policy Server
. :
• Policy Server
,
;
• .
OfficeScan
.
, Policy Server,
. : • Healthy (
): ;
• Checkup (
): ;
• Quarantine ( ; • Infected ( ;
): ):
• Unknown ( :
.
): ,
.
Policy Server
OfficeScan ,
Policy Server
:
•
Policy Server (
. . B-32).
A-11
Trend Micro™ OfficeScan™ 7.0
, OfficeScan
:
•
, OfficeScan (
. . 2-54);
•
OfficeScan ( OfficeScan
.
. 2-16);
• : • (
Cleanup Now ( .
))
«
: »
;
•
.
Policy Server
, . ,
Micro.
Trend :
: Healthy (
)
:
: Healthy (
A-12
)
Cisco™ NAC
:
:
: Checkup (
)
: , , OfficeScan,
. :
Checkup (
) :
:
« »
Trend Micro .
:
А
OfficeScan ( . 2-30).
.
A-13
Trend Micro™ OfficeScan™ 7.0
: Quarantine (
)
: ,
, OfficeScan, :
Quarantine (
) :
:
«
»
«
»
: Not protected (
)
:
: Infected (
)
:
:
, .
A-14
Cisco™ NAC
Policy Server .
, ,
, .
, , OfficeScan
. , -
.
(
. . A-11).
Policy Server
OfficeScan
, Policy Server, .
OfficeScan
,
, ( Policy Server . A-11).
. OfficeScan
Policy Server
, .
:
.
: Default Normal Mode Policy ( ) , Not protected (
: ), Quarantine (
)
Checkup (
)
A-15
Trend Micro™ OfficeScan™ 7.0
: Healthy (
) :
:
: Default Outbreak Mode Policy ( ) , Healthy (
: ) :
Infected (
) :
:
, ) OfficeScan,
A-16
( Policy Server Policy
Cisco™ NAC
Server
OfficeScan. :
•
: Summary ( Policy Server
)(
.
. B-21);
•
: OfficeScan (
.
. B-35).
Cisco NAC •
:
ACS: ACS ACS
Certificate Authority (CA). ACS
Certificate Authority. •
CA: Cisco ACS. OfficeScan ACS, Cisco Trust Agent).
•
OfficeScan CA OfficeScan (
Policy Server SSL: HTTPSPolicy Server Policy Server Policy Server Policy Server SSL.
ACS.
:
Policy Server SSL Trend Micro , ACS.
. Policy Server
A-17
Trend Micro™ OfficeScan™ 7.0
ACS
. . A-4 CA: Certificate Authority (CA)
CA
ACS
CA
Cisco Secure ACS
OfficeScan
CA
CTA
. A-4
1.
ACS
CA
(
CA
ACS) ACS.
ACS
ACS.
. B-3.
Cisco Secure ACS CA
2.
CA
ACS. CA
.Э
. B-7. CA
3. OfficeScan. 4.
A-18
OfficeScan , .
CA CTA. Cisco Trust Agent
. B-12.
Cisco™ NAC
CA OfficeScan ( CTA) ACS. ( ACS).
.
Cisco Secure Cisco Secure ACS
, Windows Active Directory,
Active Directory. Microsoft Knowledge Base Article 313407:
. Windows (Group Policy).
,
Certificate Authority ,
(CA), OfficeScan
-
OfficeScan. CTA ( OfficeScan. ( :
OfficeScan) OfficeScan Cisco Trust Agent Cisco Trust Agent . B-12).
. ,
CA , .
ACS Cisco Secure ACS
CA
(
.
. B-3).
Policy Server Policy Server
Cisco Trust Agent (CTA).
: • Microsoft™ Windows™ NT (Service Pack 6a); • Windows 2000 (Service Pack 2);
A-19
Trend Micro™ OfficeScan™ 7.0
• Windows XP (
Professional Edition, Service Pack 1);
• Windows Server 2003.
: •
Intel™ Pentium™ II
• 128
300
;
;
• 300
;
•
800 x 600
256
; • Microsoft Internet Explorer
-
5.5
.
:
• Microsoft Internet Information Server (IIS)
•
•
Windows NT:
•
Windows 2000:
4.0;
•
Windows XP:
•
Windows Server 2003:
5.0; 5.1;
Apache 2000/XP/Server 2003).
6.0.
2.0
(
Windows
(
-
)
OfficeScan: •
: •
Intel Pentium
• 64
;
133
• 30
; ;
•
800 x 600
256
. •
: • Microsoft Internet Explorer
A-20
5.5
.
Cisco™ NAC
Cisco Trust Agent (CTA) Cisco Trust Agent Windows NT/2000/XP.
CTA
Windows NT/2000
•
Intel Pentium
150
;
• Microsoft Windows NT 4.0 (Service Pack 6a Server/Advanced Server (Service Pack 2 (Service Pack 2 );
), Windows 2000 ), Windows 2000 Professional
• Windows Installer 2.0; • 64
;
• 80
.
CTA
Windows XP
•
Intel Pentium
300
• Microsoft Windows XP Home Edition • 128
; Professional Edition (Service Pack 1);
;
• 80
.
Cisco Policy Server
:
• 831 (16
Cisco NAC : . Cisco Systems Inc. www.cisco.com/go/nac.
-
);
• 1701 (16
-
);
• 1711 (16
-
);
• 1712 (16
-
);
• 1721 (16
-
);
A-21
Trend Micro™ OfficeScan™ 7.0
• 1751 (16
-
• 1751-V (16 • 1760 (16
); -
);
-
• 3640/3640A (32 •
);
-
• 2600XM (32 • 2691 (32
);
); -
);
3660-ENT (32
-
• 3725 (32
-
);
• 3745 (32
-
);
• 7200 (32
-
).
A-22
);
B
Policy Server Cisco NAC Policy Server ,
Cisco Network Admission Control (NAC). Cisco Trust Agent (CTA), , Cisco NAC. A:
Cisco™ NAC. : Policy Server
• •
Cisco Secure ACS
• Э •
Policy Server SSL Cisco Trust Agent
•
Policy Server
•
ACS
•
Policy Server
Cisco NAC
. B-2
. B-3
CA
•
NAC
. B-7 . B-10
. B-12 . B-15
. B-18 Cisco NAC
. B-20
B-1
Trend Micro™ OfficeScan™ 7.0
: Policy Server
Cisco NAC.
Cisco Secure ACS Cisco,
.
Cisco, : http://www.cisco.com/univercd/home/home.htm
Policy Server
NAC Policy Server
Cisco NAC,
: 1.
OfficeScan
OfficeScan:
(
.
). 2.
OfficeScan: OfficeScan
, Policy
Server (
.
).
3. ACS ACS
Cisco Secure ACS: Certificate Authority (CA) . CA ACS (
(
ACS) Cisco Secure ACS
.
. B-3). 4. Э ACS
CA: OfficeScan. Э , ACS (
.Э
CA
. B-7). 5.
B- 2
Cisco Trust Agent Cisco Trust Agent CA OfficeScan,
CA
CA:
Policy Server
Cisco NAC
Policy Server ( Cisco Trust Agent 6.
Policy Server NAC ( .
7. Э SSL
Policy Server
Cisco NAC:
Policy Server
Cisco NAC
(
. ACS
ACS: Policy Server (
ACS
.
9.
Policy Server OfficeScan ( NAC
Cisco ACS
. B-15).
SSL Policy Server: Policy Server Cisco ACS SSL Policy Server Cisco NAC . B-15).
8.
.
. B-12).
. B-18). NAC:
.
Policy Server
Cisco
. B-20). : Microsoft / Cisco. , , Cisco NAC (
Cisco
.
. . A-21). . ACS. Cisco Secure ACS.
,
Cisco Secure ACS Certificate Security (CA) Certificate Security (CA).
Cisco Secure ACS Cisco Secure ACS
B-3
Trend Micro™ OfficeScan™ 7.0
, Windows Certification Authority. CA Cisco Secure ACS
. Certificate Authority
Windows:
Cisco Secure ACS:
1. -
a.
ACS ).
Configuration ( ACS Certificate Setup (
b. c.
System ACS).
Generate Certificate Signing Request ( ). Cisco Secure ACS Generate Certificate Signing Request Generate new request ( ). Certificate subject (
d.
)
cn=, ACS
, , e.
, cn=ACSTrend.
Private key file ( , c:\privateKeyFile.pem.
) ,
Private key password (
f.
,
)
,
, Retype private key password ( ). Key length (
g.
)
.
: 512 )
h.
Digest to sign with (
) ( : MD2, MD5, SHA
). i.
B- 4
1024 (
.
Submit ( Cisco Secure ACS (CSR)
). :
). SHA1 (
Policy Server
Cisco NAC
«Now your certificate signing request is ready. You can copy and paste it into any certification authority enrollment tool.» ( . CA.) CA,
2. Windows 2000 Server Certification Authority: ,
Windows 2000, , Certificate Services Web Enrollment Support.
a.
: http://{С _CA}/certsrv/, Windows 2000, . Welcome Microsoft Certificate Services.
b. {С
-
Request a Certificate ( Choose Request Type (
c.
),
Next>. ).
Advanced request ( Advanced Certificate Requests ( ).
d.
e.
_CA} –
),
Next>.
Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file ( base64 PKCS #10 #7 (
f.
),
base64 PKCS Submit a Saved Request
Next. ). CA
,
Active Directory, Certificate Template ( CSR
g. Saved Request ( h. 3.
Web Server ( ).
-
)
Cisco Secure ACS ).
Submit>. (Certificate Server). CA:
B-5
Trend Micro™ OfficeScan™ 7.0
CA
:
d
CA, ).
a. Run (
,
c.
) ).
Add (
).
Add Standalone Snap-in ).
Certification Authority ( ). Certification Authority.
(
Local Computer (
f. (
h.
Add/remove Snap-in
Finish Close (
Certification Authority > { }/Pending Requests ( / ), { }– , Certification Authority . Issue ( CA c
4.
-
-
a. ACS (
.
b
).
Microsoft Certificate Services. Microsoft Certificate Services
. B-5).
Check on pending certificate ( ).
c.
Next. DER encoded ( Download CA certificate (
DER), CA). .
B- 6
).
OK.
j.
d.
Add
),
Add Standalone Snap-in
b.
),
).
g.
i.
.
) > Add/Remove Snap-in ( / Add/Remove Snap-in.
( e.
)>
-
mmc.
Console (
d.
Start ( ).
Run (
Open (
b.
.
Policy Server
Save (
e.
Cisco NAC
). ACS.
f. ACS.
5.
Cisco Secure ACS.
a. a.
System Configuration.
b.
ACS Certificate Setup (
c.
Install ACS Certificate ( Cisco Secure ACS ACS).
(
ACS). ACS). Install ACS Certificate
Read certificate from file ( Certificate file (
d.
), ) .
e.
Private key file ,
.
f.
.
Private key password :
g.
Э Private key password Signing Request ( . ACS . B-3).
, Generate Certificate
Cisco Secure
Submit. ACS:
6. a. Control ( b.
) > Service
System Configuration ( ). Restart (
).
Э
CA OfficeScan ACS.
B-7
Trend Micro™ OfficeScan™ 7.0
CA.
CA
CA
ACS CTA
OfficeScan. CA
CA ( . Cisco Trust Agent
. A-19
. B-12). CA •
CA
•
: Certificate Authority;
Cisco Secure ACS;
•
OfficeScan. ,
: Windows Certification Authority. Certification Authority . Э
CA,
1. Э
Certification Authority (CA): CA Run (
a. Open ( .
b. c.
File (
:
Start (
) > Run (
)
mmc.
) > Add/Remove Snap-in ( / ). Add/Remove Snap-in. ),
Add (
). ).
Computer Account ( Select Computer (
e. Next>.
Local Computer (
f. (
).
).
Certificates ( Certificates snap-in (
d.
B- 8
.
), ). ),
Finish
).
g.
Add Standalone Snap-in
h.
Add/remove Snap-in
Close ( OK.
).
Policy Server
Cisco NAC
Certificates > Trusted Root > Certificates.
i.
,
j. , k.
ACS. ) > All Tasks (
Action ( ).
(
) > Export... .
l.
Next >.
m.
DER encoded binary x.509 ( x.509) Next.>
DER, ,
n. . o.
Next >.
p.
Finish (
q.
OK.
).
.
Cisco Secure ACS.
2. a.
System Configuration ( Certificate Setup ( Authority Setup (
b.
CA certificate file ( . Submit (
c.
) > ACS ACS) > ACS Certification ACS). CA)
).
Cisco Secure ACS
. d. Control (
) > Service
System Configuration ( ).
e.
Restart ( Cisco Secure ACS.
).
f.
System Configuration ( ) > ACS Certificate Management ( ACS) > Edit Certificate Trust List ( ). Edit Certificate Trust List. ,
g. Submit.
Cisco Secure ACS
b. .
B-9
Trend Micro™ OfficeScan™ 7.0
h. i.
) > Service
System Configuration ( ).
Control (
Restart ( Cisco Secure ACS.
). CTA
3. (
.CER)
,
OfficeScan ( Cisco Trust Agent
. . B-12). ;
: .
Policy Server SSL SSL-
ACS
Policy Server
, SSL. SSL.
Policy Server
Policy Server SSL, :
1. Э
(Certification Store) Microsoft:
•
, -
Policy Server,
IIS: Policy Server
a. (
Open ( .
b. c.
)
). Add ( (
B-10
) > Run ).
mmc.
Console (
d.
Start ( Run (
).
).
) > Add/Remove Snap-in ( / Add/Remove Snap-in. Add Standalone Snap-ins ).
Policy Server
Certificates ( Certificates snap-in (
e.
),
Add (
Next>.
), ).
Local Computer (
g. (
),
Finish
).
h.
Add Standalone Snap-in
i.
Add/remove Snap-in
j.
). ).
Computer Account ( Select Computer (
f.
Cisco NAC
Close (
).
OK.
Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. .
k. :
Properties (
). -
IIS.
, IIS virtual Web site ( default Web site ( )( Policy Server), Properties. , Directory Security ( ), View Certificate (
l. (
) > All Tasks (
Action ( ).
) , , ).
) > Export... .
m.
Next >.
n.
DER encoded binary x.509 ( x.509) Base 64 encoded X.509 ( x.509) Next>.
Base 64,
-
DER,
,
o. . p.
Next >.
q.
Finish (
).
.
B-11
Trend Micro™ OfficeScan™ 7.0
r.
OK.
•
, Apache 2.0:
-
Policy Server, server.cert.
a. ,
: OfficeScan
Policy Server: •
OfficeScan
Policy Server, :
C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Private\certificate
•
Policy Server, :
C:\Program Files\Trend Micro\OfficeScan\PolicyServer\Private\certificate
ACS.
b.
Cisco Secure ACS.
2. a. b.
ACS System Configuration > ACS Certificate Setup > ACS Certification Authority Setup. .
CA certificate file
c.
Submit.
Cisco Secure ACS
. d.
System Configuration > Service Control.
e.
Restart.
Cisco Secure ACS.
Cisco Trust Agent Cisco Trust Agent (CTA) OfficeScan CTA. OfficeScan (
B-12
.Э
Cisco NAC. OfficeScan OfficeScan CTA CA, CA . B-7).
Policy Server
Cisco NAC
: Windows Installer 2.0
NT 4.0.
CTA OfficeScan:
-
-
1.
OfficeScan. :
2. •
, 3:
•
, i.
:
Client Certificate ( Import Client Certificate (
). ).
ii. CA,
. CA . B-7.
CA Import ( .
iii.
.Э
).
OfficeScan Cisco License Agreement, . Agent )
:
Deployment ( .
Yes.
3. 4.
5.
.
Agent Deployment. , CTA, Agent Deployment Agent Install/Uninstall ( / Install/upgrade Cisco Trust Agent ( Cisco Trust Agent), Save ( ). CTA ( CTA).
. ). / Set Install
B-13
Trend Micro™ OfficeScan™ 7.0
Close (
6.
). , Install Cisco Trust Agent , OfficeScan
:
,
.
CA
OfficeScan,
CTA
OfficeScan. CTA OfficeScan:
OfficeScan )
1. Selection ( OfficeScan.
Components
OfficeScan
.
. Enable Agent Deployment for Cisco NAC ( Cisco NAC).
2.
:
3. • Cisco Secure NAC,
Next >.
•
: i.
Import Certificate ( .
).
ii. OK. CA iii. 4.
B-14
.Э . B-7.
Next>. OfficeScan.
Policy Server
Cisco NAC
Cisco Trust Agent CTA . CTA Program, (
), View All (
) Antivirus ( CTA Program
CTA
Update ).
. , .
CTAD.EXE
Policy Server
Cisco NAC
Policy Server: •
Policy Server, -
;
•
OfficeScan ( OfficeScan
Policy Server
). -
: OfficeScan : IIS
Policy Server Apache. Apache,
Apache
2.0, Apache
2.0.52. ACS,
OfficeScan
-
!
Apache,
Apache,
Policy Server .
,
: www.apache.org.
B-15
Trend Micro™ OfficeScan™ 7.0
Policy Server Policy Server:
Cisco NAC
,
1. Server
Policy
Cisco NAC. Policy Server (Enterprise CD).
2. 3.
Cisco NAC .
setup.exe
.
4. Policy Server OfficeScan.
,
Policy Server Cisco NAC OfficeScan:
OfficeScan
1. Selection ( OfficeScan.
Components
) OfficeScan
. .
2. Server 3.
Install Policy Server for Cisco NAC ( Cisco NAC).
Policy
Next>.
4.
OfficeScan.
5.
«Welcome» Trend Micro Policy Server Cisco NAC Next>. Policy Server for Cisco NAC License Agreement.
6.
.
Yes Choose Destination Location (
7. 8. 9.
, Browse...
, Policy Server. Web Server (
Next>. -
Policy Server:
• IIS server (
IIS): -
B-16
).
IIS;
-
).
Policy Server
• Apache 2.0 server ( 10.
Apache 2.0): Apache 2.0. Web Server Configuration (
Next>. ).
-
Cisco NAC
:
11. •
OfficeScan : • IIS default Web site ( IIS • IIS virtual Web site (
-
Port ( « :
«
•
IIS
IIS
): ; -
•
-
IIS):
IIS. , .
) »
Policy Server OfficeScan ( ), : Apache/ : Policy Server ; IIS » Policy Server SSL – 4344; « » – 8080, SSL – 4343.
,
IIS OfficeScan -
-
: – 8081,
OfficeScan
Policy Server
IIS SSL» ( SSL (
–3
(SSL). SSL). )
«Enable SSL.
SSL
« Policy Server http://{И https://{И
_ _
»
.
: _PolicyServer}:{ _PolicyServer}:{
} } (
SSL).
B-17
Trend Micro™ OfficeScan™ 7.0
12.
Setup Complete (
Next. Policy Server
13.
.
).
Finish (
OfficeScan
). . OfficeScan
: OfficeScan
7.0
Policy Server
(
).
ACS Cisco Secure ACS
Policy Server
, External Policies ( . ACS
:
Cisco NAC Policy Server )
Cisco NAC
,
.Э Trend Micro Policy Server .
ACS Cisco NAC ACS
.
ACS.
Server
1. 2.
3.
B-18
ACS Cisco NAC:
Trend Micro Policy
Cisco Secure ACS. External User Databases ( ) > Database Configuration ( > Network Admission Control (
) ).
External User Database Configuration ( ) Configure ( ). Network Admission Control Expected Host Configuration ( ).
Policy Server
4.
5.
Credential Validation Policies ( External Policies ( ). External Policies ( ).
) Select
New External Policy ( External Policy Configuration (
). ).
Name ( ) Description ( Policy Server.
6.
Cisco NAC
)
Primary Server Configuration ( URL Policy Server:
7. URL
)
https://{IP_ _ _Policy_Server}:{ _ /antibody/cgi-bin/PostureRequest.dll?PostureRequest
}
: https://192.168.16.134:4343/antibody/cgi-bin/PostureRe quest.dll?PostureRequest
Username (
8.
) ,
Password ( ACS login
) Policy
Server. Policy Server SSL. .
9. Policy Server SSL 10. Trend:AV ->. Trend:AV. 11.
. B-10.
Forwarding Credential Types ( Available Credentials ( Selected Credentials (
Submit. (
)
Policy Server Policy Server ).
( 13.
Submit.
) )
Select External Policies Available Policies Policy Server.
12. ->.
)
Available Policies Selected Policies
Credential Validation Policies .
B-19
Trend Micro™ OfficeScan™ 7.0
Policy Server OfficeScan NAC. -
Cisco NAC
OfficeScan Policy Server Cisco Trust Agent Policy Server Cisco Policy Server, Policy Server. Policy Servers ( ) OfficeScan. Policy Server:
•
Policy Server Policy Server
( •
Policy Server •
OfficeScan . B-20);
Policy Server . B-21);
(
Policy Server ( OfficeScan
•
,
. B-24); (
. B-26); •
, Policy Server ( . B-29);
•
, ( . B-32);
•
Policy Server (
. B-34).
Policy Server
Policy Servers Policy Server.
B-20
Policy Server Policy Server OfficeScan. Policy Server Policy Server, .Э
OfficeScan.
Policy Server
Cisco NAC
Policy Server:
-
OfficeScan Policy Servers ( Policy Server.
1. Servers. Add (
2. 3.
).
Cisco NAC > Policy ),
Policy Server.
Policy Server HTTPShttps://policy-server:4343/). .
, ,
(
Policy
4. Server,
. Add (
5.
). Policy Server:
-
1. Servers. Policy Server.
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server,
2. . Delete (
3.
).
: OfficeScan,
,
Policy
Server.
Policy Server Summary (
)
Policy Server, , OfficeScan,
Policy Server. Policy Server
Summary Cisco NAC.
IP-
B-21
Trend Micro™ OfficeScan™ 7.0
Configuration Summary ( OfficeScan, Policy Server
) Policy Server, ,
. «Configuration Summary»
Policy Server:
-
1. Servers. Policy Server.
OfficeScan Policy Servers, Policy Server, Summary
2. .
Cisco NAC > Policy
Configuration
Summary. ,
3. : • Registered OfficeScan server(s) ( OfficeScan): OfficeScan, • Policies (
; Policy Server, OfficeScan;
):
• Rule(s) (
Policy Server,
): ,
.
Policy Server ,
, ,
. Trend Micro
: Policy Server Э
Policy Server:
1. Policy Servers, 2. . Summary.
B-22
.
Cisco NAC > Policy Servers. Policy Server. Policy Server, Summary
Configuration
Policy Server
3.
Export (
4.
Save
Cisco NAC
). . Policy Server .dat.
:
Policy Server:
Cisco NAC > Policy Servers. Policy Server.
1. Policy Servers,
Policy Server, Summary
2. .
Configuration
Summary. 3.
Import ( Configurations (
4.
). –
Summary - Import ). ,
Browse . Import (
5.
).
,
. 6.
Save (
).
Client Validation Logs (
) ,
.CSV. :
•
View current validation log ( ). .CSV Registered OfficeScan servers IP, ,
. OfficeScan
,
.
B-23
Trend Micro™ OfficeScan™ 7.0
Policy Server OfficeScan:
•
Synchronize with OfficeScan ( Summary - Synchronization Results ( ), : OfficeScan server name ( OfficeScan): IPOfficeScan; Synchronization Result (
OfficeScan). –
):
,
; Last Synchronized (
): . . . A-16.
OfficeScan Policy Server , OfficeScan ( OfficeScan
.
. A-2).
Policy Server OfficeScan
: Policy Server.
OfficeScan
OfficeScan servers .
OfficeScan:
-
1. Servers. Policy Server.
B-24
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server
Policy Server, . Add OfficeScan server ( :
2.
•
Cisco NAC
Summary. OfficeScan)
, OfficeScan.
Summary
•
Configurations > OfficeScan servers. OfficeScan Servers. :
3. •
Add (
).
Add OfficeScan Server. :
•
OfficeScan, Update OfficeScan Server OfficeScan).
. (
OfficeScan server address (
4. IP-
OfficeScan) (FQDN)
,
,
. HTTP port number (
5. HTTP-
HTTP) OfficeScan
,
. HTTPOfficeScan (
: – 8080). Э HTTPS-
Server (
(
-
Administration ( ).
OfficeScan server name ( n/a (
,
SSL). OfficeScan, ) > Web
OfficeScan OfficeScan). ).
B-25
Trend Micro™ OfficeScan™ 7.0
Policy Information (
6.
)
,
. OfficeScan
7. -
Policy Server -
, Enable HTTP proxy ( ).
a. HTTP-
IP-
b.
-
Authentication (
. , )
,
.
Save (
8.
:
).
. Policy Server
( . A-10).
.
:
-
1. Servers. Policy Server.
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server,
2. . Rules ( •
Summary. )
: ,
Summary
•
.
Configurations > Rules. Rules. :
3. •
B-26
Add (
).
New Rule (
).
Policy Server
Cisco NAC
: •
. Rule (
4.
Edit
).
Rule name
,
Description ,
Matching criteria (
5.
.
,
. ) OfficeScan,
,
Policy Server . Policy Server
,
,
.
• Client Real-time scan is ( Enabled ( )
) Disabled (
).
• scan engine is ( ( ) Not-up-to-date ( •
Client Up-to-date
) ). ,
,
Client virus pattern status
(
) : • By version (
): OfficeScan OfficeScan {} )
at most ( , • By pattern release date ( ): OfficeScan OfficeScan .
. at least (
), .
{}
B-27
Trend Micro™ OfficeScan™ 7.0
at most
at least,
. Return response ( ,
6.
) OfficeScan
,
Matching criteria ( . . A-11): • Healthy (
)
• Checkup ( • Infected (
) )
• Quarantine (
)
• Unknown (
).
: Э
7.
actions (
Default response ( , .
)
Policy Server Log this incident if all criteria matched ( ) Server-side ). ,
8. ,
Client-side actions OfficeScan (
Policy Server . A-11):
OfficeScan
• Enable client Real-time scan ( ); • Update components (
);
• Scan after Real-time scan is enabled or after an update ( ):
B-28
Policy Server
Cisco NAC
• Perform Cleanup Now and Scan Now ( « » « »); • Perform Cleanup Now (
«
»);
• Display notification message on client computer ( )( ). Save (
9.
).
,
OfficeScan ( .
. A-14).
,
,
, ,
, Cisco NAC
. :
-
1. Servers. Policy Server.
OfficeScan Policy Servers,
2. . Policies ( : •
Summary .
•
Cisco NAC > Policy
Policy Server, Summary, )
.
, Configurations > Policies.
Policies.
B-29
Trend Micro™ OfficeScan™ 7.0
:
3. •
Add (
).
New Policy (
).
: •
.
Edit Policy (
), 4.
.
Policy name Rules (
5.
,
Description ,
,
.
)
, .
Rules available (
). Rules in use (
: ,
).
OfficeScan Policy Server .
•
Rules Available ,
,
in use,
Rules .
• , 6.
.
Default Response ( , Policy Server OfficeScan : • Healthy (
);
• Checkup (
);
• Infected (
);
• Quarantine (
);
• Unknown (
). :
B-30
)
Э
Default response ( , .
)
Policy Server
Cisco NAC
Policy Server Log this incident if all criteria matched ( ) Server-side )(
7.
actions (
.
. B-32). 8. ,
Client-side actions OfficeScan Policy Server . A-11):
OfficeScan ( OfficeScan
• Enable client Real-time scan ( ); • Update components (
);
• Scan after Real-time scan is enabled or manual update is performed ( ): • Perform Cleanup Now and Scan Now ( « » « »); • Perform Cleanup Now (
«
»);
• Display notification message on client desktop ( ). Save (
9. :
). OfficeScan . , ( .
OfficeScan
. B-24 . 5-2).
B-31
Trend Micro™ OfficeScan™ 7.0
Policy Server. ACS Policy Server, (
.
. A-6). : ,
Policy Server
/
actions (
Server-side
.
.
. B-26 . B-29).
Policy Server .CSV. . :
-
1. Servers. Policy Server.
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server,
2. . 3.
Logs ( Logs ( Client Validation Logs,
) > View Client Validation ). View ,
. 4.
B-32
.
Policy Server
Policy Server
Cisco NAC
. Policy Server
.
Policy
Server
. :
-
1.
OfficeScan Policy Servers,
Servers. Policy Server.
Cisco NAC > Policy
Policy Server,
2. .
Logs > Log Maintenance. ).
3. Maintenance ( Log format (
4.
• Simple (
)
)–
Log
, Policy Server:
:
•
;
• IP-
;
•
.
• Detailed (
)–
•
: ;
• IP-
;
•
;
• ; •
;
•
;
• ; •
OfficeScan;
B-33
Trend Micro™ OfficeScan™ 7.0
•
,
•
;
,
;
•
;
•
;
•
. (
5.
1
1024
) Policy Server
.
. (
6.
2
30),
Policy
Server. Save (
7.
).
Policy Server •
:
– Policy Server ( . B-20);
, .
Policy Server
•
– OfficeScan Policy Server.
Policy Server Change Password (
. ).
Policy Server:
-
1. Servers. Policy Server.
Policy Server,
2. .
B-34
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server
Cisco NAC
Administration > Change Password.
3. Change Password.
,
4.
Policy
Server. .
5.
.
6. Save (
7.
).
Policy Server OfficeScan. Policy Server
,
. ) OfficeScan
(
(
. . A-16). :
Summary Policy Server (
.
Policy Server
. B-21). :
-
1. Servers. Policy Server.
OfficeScan Policy Servers,
Cisco NAC > Policy
Policy Server,
2. . 3.
Administration > Scheduled Synchronization. Scheduled Synchronization ( ). (
4.
3
1440
), .
5.
Save (
).
B-35
C
Control Manager™ OfficeScan Trend Micro Control Manager, Trend Micro. OfficeScan Control Manager.
OfficeScan :
•
Control Manager
• • Ч
. C-2 Control Manager
Control Manager?
•
• •
. C-2
. C-3 . C-3 . C-4
• •
OfficeScan
Control Manager OfficeScan
. C-5
Control Manager
. C-8
. C-8
C-1
Trend Micro™ OfficeScan™ 7.0
Control Manager Trend Micro Control Manager™ -
, Trend
Micro, ,
, .
Control Manager
-
,
. Control Manager ,
,
,
. ,
. , . Control Manager ,
.
,
Control Manager ,
.
Control Manager
OfficeScan
Control Manager Trend Micro, Virus Control System (Trend VCS). VCS, Trend VCS Control Manager.
Trend Trend Control Manager . Control Manager -
Control Manager •
C- 2
, Trend Micro,
: OfficeScan, ;
,
Control Manager™
OfficeScan
•
;
• ; ; •
Outbreak Prevention Service .
Control Manager? Control Manager , Control Manager Control Manager, ,
, Trend Micro. . Control Manager.
OfficeScan. Control Manager
:
Microsoft
Windows .NET™ Server.
OfficeScan .
, : •
(FQDN)
IP-
Control
Manager.
C-3
Trend Micro™ OfficeScan™ 7.0
•
, .
• ( (
Control Manager ), Power User (
Administrator Operator .
)
). Control Manager, Control Manager.
•
Control Manager, .
, Control Manager,
,
Control Manager. Control Manager. :
-
1. http://{ { _
_
_Control_Manager}/ControlManager _Control_Manager} IP-
Control Manager. Control Manager. .
2. 3.
Products (
4.
Add/Remove Product Agents ( ).
5. ) 6.
/
Public encryption key ( Save As ( ). ,
E2EPublic.dat
OfficeScan,
C- 4
).
.
Control Manager™
OfficeScan
Control Manager OfficeScan, . : •
OfficeScan – OfficeScan ( . ).
•
Control Manager – , Control Manager
-
OfficeScan
output/CMAgent/ControlMangerAgent Setup.exe :
:
1. • Select Components ( Control Manager agent ( •
OfficeScan ) Install Control Manager). Control Manager.
Control Manager Setup.exe, Programs\OfficeScan\cmagent.
. Control Manager.
2. Trend Micro . OfficeScan
3. 4.
Next ( Control Manager ( Manager),
Entity Name (
).
). Control Manager Setup Message Routing Path ( ).
Control
Control Manager, Control Manager.
C-5
Trend Micro™ OfficeScan™ 7.0
• No (
).
•
Yes (
).
Setup
Message Routing Path (
). Control Manager Control Manager, , .
: .
Control Manager:
5. • Any host (
)– .
• IP port forwarding ( Control Manager , ,
IP-
)– ;
IP,
. • Proxy server ( ; Configuration ( Configuration (
-
)– -
-
a. (HTTP
Proxy Server Proxy
). ).
, SOCKS 4/5). -
b.
, Authentication required (
). c.
Setup Message Routing Path ( ) OK. :
d. • Route direct to server ( ,
C- 6
)– , Control Manager.
Control Manager™
• Proxy server ( ; Server Configuration ( Proxy Configuration ( -
i. (HTTP
)– -
,
Authentication required
(
). Setup Message Routing Path ( ) OK.
iii.
(
Next ( ). Control Manager). Import (
7.
Proxy ). ).
, SOCKS 4/5).
ii.
6.
OfficeScan
Register with Control Manager
),
E2EPublic.dat,
Control Manager (
.
. C-4). 8. Control Manager ).
( 9.
Next (
Open ( ). Server Information
). .
10.
OK.
C-7
Trend Micro™ OfficeScan™ 7.0
OfficeScan
Control
Manager Control Manager OfficeScan Manager OfficeScan. , Control Manager Tasks ( ) > Deploy engines ( OfficeScan .
Control ),
Control Manager:
-
1. http://{ { _
_
_Control_Manager}/ControlManager, _Control_Manager} – IP-
Control Manager. Control Manager. Products (
2. 3.
).
Product Directory (
)
OfficeScan.
: • Product Status ( OfficeScan ( , Control Manager). • Configuration ( • Tasks (
)–
)– , -
OfficeScan.
)–
, , Scan Now (
• Logs (
)– Control Manager.
Trend Micro Control Manager Windows Add/Remove Programs (
C- 8
).
OfficeScan, ).
Control Manager™
OfficeScan
:
1.
, , Start ( ), Settings ( ) > Control Panel ( ) > Add/Remove Programs ( ). Add/Remove Programs ( ). Trend Micro Control Manager Agent for OfficeScan Change/Remove ( / ). . Yes (
2.
). Windows
. OK.
: Control Manager
OfficeScan OfficeScan.
C-9
D
OfficeScan
Windows Protection Manager, Wireless, Check Point™ SecureClient™ .
OfficeScan for
: Wireless Protection Manager
• •
Wireless Protection Manager Wireless Protection Manager
• •
. D-2 . D-3 . D-5
Check Point
•
Check Point
•
OfficeScan
SecureClient
. D-10
. D-12 OfficeScan
. D-13
D-1
Trend Micro™ OfficeScan™ 7.0
Wireless Protection Manager , . . «
:
» .
OfficeScan for Wireless . , ,
Palm, Pocket PC
EPOC .
, , for Wireless Manager
OfficeScan Wireless Protection . .
. D-1
Wireless Protection Manager
:
Wireless Protection Manager .
D- 2
OfficeScan
Trend Micro OfficeScan for Wireless : Palm • Palm™ OS 3.x • 2 • 100 • Desktop™
4.x
Palm 3.1
,
HotSync™
Pocket PC • Windows CE 3.0 • 16 • 1 • ActiveSync™ 3.1
Microsoft
EPOC • Psion Revo™ • 8 • 200 • 2.3.2
Revo™ Plus
PsiWin
Wireless Protection Manager : • •
Wireless Protection Manager OfficeScan for Wireless
; .
Wireless Protection Manager
, (
Desktop)
, Palm .
D-3
Trend Micro™ OfficeScan™ 7.0
Wireless Protection Manager:
OfficeScan
1.
OfficeScan. OfficeScan. 2.
/ .
.
.
.
.
3.
.
4. . . . .
5. . , Wireless Protection Manager,
. .
.
6.
( ,
7.
, Palm Desktop), . .
.
8.
Wireless Protection Manager OfficeScan for Wireless . Palm
: Wireless , Manager.
D- 4
OfficeScan for HotSync. OfficeScan for Wireless HotSync HotSync Manager Palm.
OfficeScan
Wireless Protection Manager Wireless Protection Manager . ,
-
.
OfficeScan for Wireless . , . OfficeScan for Wireless . Trend Micro . , . OfficeScan for Wireless . : Trend Micro ActiveUpdate
1. ; 2.
.
D-5
Trend Micro™ OfficeScan™ 7.0
Trend Micro ActiveUpdate . ,
.
Trend Micro
. :
Wireless Protection Manager.
1.
.
2. 3. .
,
•
:
Trend Micro ActiveUpdate, Trend Micro. ,
4. .
.
5.
-
,
IP-
.
, . -
:
Wireless Protection Manager.
1.
>
2.
-
3.
-
.... IP-
4.
-
(
proxy.yourcompany.com). 5.
D- 6
.
.
-
-
(
, 80).
,
OfficeScan
,
6. -
(HTTP
SOCKS).
7. . 8.
OK.
. Wireless Protection Manager
:
•
,
;
•
. : Pocket PC
EPOC.
Palm Palm HotSync.
:
Wireless Protection Manager.
1.
.
2. .
3.
. , ,
,
,
.
D-7
Trend Micro™ OfficeScan™ 7.0
, Protection Manager
Wireless Protection Manager. Wireless .
, :
Wireless Protection Manager.
1.
.
2.
,
3. ,
,
.
:
4. • . • .
.
5.
. . , . . . . .
D- 8
OfficeScan
Wireless Protection Manager ,
.
,
. :
Wireless Protection Manager.
1.
.
2. 3. .
,
.
4. ,
(
. ),
.
D-9
Trend Micro™ OfficeScan™ 7.0
Check Point OfficeScan Check Point SecureClient Secure Configuration Verification (SCV) Open Platform for Security (OPSEC). Check Point SecureClient OPSEC. OPSEC www.opsec.com. Check Point SecureClient , , Configuration Verification (SCV).
Secure SCV
, . Check Point SecureClient . SCV
Check Point SecureClient . SCV
, .
SCV
,
,
SecureClient SCV
Policy Servers.
Policy Server
SCV Editor. SCV Editor -
SCVeditor.exe local.scv
Check Point SCV . D-12.
,
Check Point,
SCV . SCV Editor Policy Server. C:\FW1\NG\Conf ( , SCV Editor,
.
SCV Editor C:\FW1).
Check Point
OfficeScan
OfficeScan OfficeScan SecureClient.
D-10
OfficeScan
SecureClient local.scv.
(
local.scv
): (SCVObject :SCVNames ( : (OfceSCV :type (plugin) :parameters ( :CheckType (OfceVersionCheck) :LatestPatternVersion (701) :LatestEngineVersion (7.1) :PatternCompareOp (">=") :EngineCompareOp (">=") ) ) ) :SCVPolicy ( : (OfceSCV) ) :SCVGlobalParams ( :block_connections_on_unverified (true) :scv_policy_timeout_hours (24) ) )
SCV - 701
, - 7.1
,
. , . local.scv
Check Point SCV Editor Policy Server.
.
D-11
Trend Micro™ OfficeScan™ 7.0
Check Point
:
SCV.
-
OfficeScan local.scv. ,
Check Point
-
, .
Check Point
OfficeScan
local.scv, SCV Editor (SCVeditor.exe). Secure Configuration Verification:
1.
SCVeditor.exe Check Point: www.checkpoint.com/techsupport/ng/fp3_updates.html#opsecsdk
SCV Editor 2.
OPSEC SDK. Policy Server.
SCVeditor.exe
SCV Editor. 3.
Products
4.
user_policy_scv.
Edit ( ) > Product ( OfceSCV Modify.
),
local.scv
: .
Edit (
> Add (
),
, ) > Product ( OfceSCV Add.
)
.
5. (
) > Parameters (
! D-1.
D-12
) > Modify ( OK.
) > Add ( Name Value. D-1. ,
Edit ),
,
OfficeScan
Name (
)
Value (
CheckType
OfceVersionCheck
LatestPatternVersion
{
LatestEngineVersion
{
LatestPatternDate
{
PatternCompareOp
>=
EngineCompareOp
>=
)
} } }
PatternMismatchMessage EngineMismatchMessage
D-1.
SCV
D-1 . Update & Upgrade ( OfficeScan. ,
-
)
. 6.
SCV.
7.
Edit (
) > Product (
8.
) > Enforce ( File (
(
).
).
) > Generate Policy File local.scv,
.
SecureClient OfficeScan SecureClient
, (VPN), OfficeScan
Check Point Check Point
D-13
Trend Micro™ OfficeScan™ 7.0
SecureClient. SCV
SecureClient VPN,
, .
,
SecureClient
, Check Point SecureClient )
(
Add/Remove Programs Windows.
SecureClient:
.
1.
.
2. 3.
Check Point SecureClient SecureClient.
/ . .
4.
« SCV». 5.
D-14
OK.
. OfficeScan
E
,
:
Control Manager
OfficeScan Control Manager. OfficeScan Manager.
Control
, (Tiny
TCP-
Fragment) ,
TCP ,
.Э
, , .
, (Land
IP (SYN)
Attack)
, (SYN/ACK) DoS-
. .
, TCP/UDP-
, ,
(Too Big
,
.
Fragment) ,
, , . .
(DoS-
)
. ,
, DoS, , .
E-1
Trend Micro™ OfficeScan™ 7.0
,
,
,
(Authentication, Authorization, and Accounting, AAA)
. , . .Э
. , , , Cisco Secure Access Control Server AAA
.
(ACS) Cisco.
. ,
, . . .
(
)
-
( .
HTML, VBScript JavaScript
. 1-6).
,
-
.
,
-
ActiveX
, ActiveX.
Java
, Java
IP(Dynamic IP Address, DIP)
Java-
IP-
IP-
. ,
DHCP. MAC, DHCP IP-
. , .
(Internet Protocol, IP)
«
-
, , ,
(
E-2
)–
( , ». (RFC 791)
)
, (ARP), (Conflicted ARP)
IP-
. ARP (
MAC-
), .
. .
(End «I accept» (
User License Agreement, EULA)
) ,
.
«I do not accept» (
)
. ,
, grayware
,
«I accept» .
,
,
,
. Policy Server ,
. OfficeScan ,
,
. -
, ,
,
.
,
, ,
. , -
Trend Micro
OfficeScan /
.
DoS-
, TCP
(Overlapping Fragment)
teardropTCP,
.
. , .
E-3
Trend Micro™ OfficeScan™ 7.0
Policy Server
Policy Server . OfficeScan
.
Server policy
, Policy Server OfficeScan. ,
,
. , . , , . -
, ,
,
. , . , ,
,
.
, . SMTP
, .
(Simple Mail Transport Protocol, SMTP) HTTPS (SSL) POP3 (Post Office Protocol 3, POP3)
POP3 .
SOCKS 4
TCP,
.
SOCKS 4 ,
E-4
OSI.
, (User Datagram Protocol, UDP)
IP . DARPA Internet Program RFC 768. ,
.
,
, IP-
, .
(Dynamic Host Control Protocol, DHCP)
,
DHCP
IP.
(Secure Socket Layer, SSL)
SSL , Netscape Communications Corporation, , ,
, HTTP, NNTP FTP, RSA. FTP (File Transfer Protocol, FTP)
, . . Network Working Group RFC 959. ,
. (Terminal Access Controller Access Control System, TACACS+)
AAA
TACACS +
ACS Cisco.
, .
(Transmission Control Protocol, TCP)
TCP
IP. . DARPA Internet Program RFC 793.
E-5
Trend Micro™ OfficeScan™ 7.0
ICMP -
,
(Internet Control Message Protocol, ICMP)
, .
IP ,
ICMP ,
ICMP IP.
, IP ICMP
: , ,
,
-
. IP. IP-
,
. HTTP
, -
( )
(Hyper Text Transfer Protocol, HTTP)
. «
»
(Adware) -
(spyware), , ,
,
. Policy Server
(Access Control Server, ACS)
. ,
ACS ,
Policy Server. ACS .
ACS ACS Certificate Authority
( ) Certificate Authority (CA). ACS, ACS.
CA (
Cisco ACS. CA ACS Cisco Trust Agent OfficeScan).
SSL
, HTTPSACS.
SSL Policy Server
E-6
HTTPSACS.
SSL
Policy Server
Policy Server Policy Server Policy Server.
,
, , TCP, FTP, UDP, HTTP
.
, . , , . (SYN
DoS-
, TCP-
Flood)
(SYN), (SYN/ACK). Э ,
, .
, .
,
IDS ,
(Intrusion Detection System, IDS)
. , . Cisco Secure ACS.
RADIUS
(Remote Authentication Dial-In User Service, RADIUS) , .
,
,
EICAR, . NAT –
, .
(Network Address Translation, NAT)
, ,
IP,
IP,
.
, , ,
IPIP-
.
(
) , IP«
«
»
, ,
,
. »
, IP. , .
E-7
Trend Micro™ OfficeScan™ 7.0
,
. OfficeScan
OfficeScan . ,
,
)
Cisco NAC. ,
.com .exe
, (
(Network Access Device, NAD)
Cisco NAC Policy Server OfficeScan .
, .com.
.exe
DoS-
, IGMP-
, .
(Fragmented IGMP)
. ,
(Certificate Authority, CA)
/
.
,
.
, ,
,
-
,
: ,
(
) (CA), . (
), ,
.
E-8
,
.
«
» (spyware)
, «
(
,
).
» .
,
, , . -
, , , ,
,
,
.
Cisco Trust Agent (CTA) Cisco. OfficeScan Grayware
Cisco Trust Agent OfficeScan.
-
,
, . «
»
,
,
, .
grayware, Ping
-
,
, OfficeScan .
, (
-
)
IP-
. ,
IPPing of Death
DoS-
:
.
, ICMP-
, ,
, .
Policy Server ( )
, , OfficeScan .
Policy Server
OfficeScan
.
Teardrop-
, DoS-
IP-
.
IP .
E-9
Trend Micro™ OfficeScan™ 7.0
Telnet
Telnet TCP « ». . Network Working Group RFC 854.
TrendLabs
TrendLabs Trend Micro, Trend Micro
E-10
.
5-2 5-3 32-
E-2
641-26 2-9
2-10
2-30
2-3 2-5 2-2
2-30 2-21 Control Manager
2-9
C-3
9-7
E-1 C-3 C-8 C-5
URL-
1-28 E-2
2-21 Cisco Trust Agent (CTA) B-12 Control Manager E-1 4-1 « » 1-15 (Tiny Fragment) E-1
1-17 «
» 1-11 1-17
«
» 1-11 1-16 HTML, VBScript
E-1 (Too Big Fragment)
1-6 JavaScript 1-6, E-2 5-10 4-6 1-16
2-9
E-1 , (DoS-
2-6 ) E-1 , E-2
2-9, 9-24
(AAA)
2-10 2-13 2-10 IPE-2
(DIP)
I–1
Trend Micro™ OfficeScan™ 7.0
2-11 1-28 1-28
1-3 -
1-20
9-7 2-10 1-25 1-23
2-13 2-11 2-13 2-12 2-11 2-12 1-17
URL9-23
readme OfficeScan
9-23 9-22 2-77 2-8 2-8, 7-2 2-8
1-3
7-5 7-4
-
1-4 (IP) E-2
2-8
9-22 2-8, 7-7
9-22
7-2
9-22 2-8, 7-6
9-23 9-23 9-23
7-9 / 1-4
9-23
2-8, 7-7 2-8
9-23 Policy Server B-32 2-8, 7-2 2-8, 7-6
E-2 5-7
9-23 -
9-23 9-23 EICAR 9-22 9-22
Э TrendLabs 9-23 URL9-22
2-61 2-26
1-16 1-15
9-22 1-16
I–2
Firewall Outbreak Monitor 6-22 6-25 6-5 , 6-3 6-8 6-13 6-9 6-8 6-7 Firewall Outbreak Monitor ( ) 6-8 « » 3-13
1-3 2-47 1-8 OfficeScan 1-8 2-5 1-23 2-21 7-5 1-23
2-77
1-18
1-24 2-25 2-26 (EULA) E-3
1-24 2-13 2-7
2-68 2-5 2-5
1-6 E-3
1-23 4-4 1-17 1-9
URL-
9-25 4-5 1-24
Image Setup Utility ( ) 8-11 1-8 2-16 2-8, 2-36
1-25 1-24 Cisco A-21 1-8 1-12
1-26
1-11 ICSA 1-12
1-17 /
,
1-12
URL1-13
1-4
1-9, 3-7
E-3
E-3 6-5
6-14
I–3
Trend Micro™ OfficeScan™ 7.0
1-3 1-4 4-5 «
2-33 2-20
»
3-11 -
2-21
1-4
2-49
2-8, 2-25 2-21
2-44 ACS B-18
2-26
2-54
2-30
2-51
2-33
2-58 2-42
Update Now ( ) 2-34 2-26
5-9
1-25
5-9
2-35
Firewall Outbreak Monitor ( Policy Server Scan Now (
1-9
) 6-22 Cisco NAC B-20 ) 2-63 2-7
9-3 2-18 2-17
4-4
2-20
«
»
2-18 9-3 Trend Micro 9-22 1-9 Control Manager C-4 1-9
1-3 1-3 1-4 / 1-4
E-3
1-3 1-4
Windows 1-4 1-4
Control Manager 1-5
Trend Micro 9-25 Windows 1-3 1-5
I–4
1-3 2-8, 2-36
9-23 9-23
E-4
1-9 1-9 2-5, 2-49 2-61
2-35 E-4
2-49 -
E-4
2-54
1-8, 3-2
2-51, 2-58 2-58 ) 2-63
Scan Now (
E-4 1-8 E-4
4-2 Policy Server B-34
1-8, 3-2 E-4 1-8, 3-2
2-6 -
Control Manager 1-5
4-2 2-21
2-13 -
2-7 4-2
E-3 2-12
2-21 7-2
1-5 8-1, 9-1
7-7
9-23
7-5 7-4 7-2 7-7 7-6 OfficeScan 2-4
2-68 1-19, 5-2 5-2 5-3 5-10 2-5
5-7 2-7 Windows NT 2-47
(SMTP) E-4 (UDP)
SNMP 2-46 2-44 2-46
E-5 (DHCP)
2-45
E-5 (SSL) 1-20
9-5 E-5
2-7
(HTTP) 1-22
1-8, 3-3 E-6
I–5
Trend Micro™ OfficeScan™ 7.0
(FTP) OfficeScan 2-6
E-5 ACS B-3 E-6 CA A-19 CA E-6
(TACACS+) E-5 (TCP) E-5
B-7 . TrendLabs 9-26
ISO 9002 – SSL E-6 A-17
(ICMP) E-6 POP3 E-4 SOCKS 4 E-4
ACS B-3 CA A-19, B-7 Policy Server SSL B-10 ICSA 1-12 1-9
Cisco Trust Agent (CTA) 2-6 2-33 Cisco Secure ACS B-3 3-2 (adware) 1-8 E-6
1-7 E-7 Policy Server B-35 (SYN Flood) E-7 9-23
(IDS) 6-8 E-7
4-3
Policy Server (
) A-19 1-16
2-5 7-4
2-61 2-5 2-49
2-18 1-4 2-17
2-54 2-51
2-20
2-58 9-5
1-22 HTTP 1-21 (ACS) B-18 E-6 B-3 OfficeScan 1-21 2-4 Policy Server A-16
I–6
2-5 Scan Now (
) 2-5, 2-63 2-54 2-51, 2-58 2-58
9-23
«
» 1-6 E-7
(RADIUS) E-7 9-23
5-9
9-23 1-23
2-5 Control Manager C-8 2-5 4-4 2-12
9-2 2-8, 8-3 2-8, 8-10 8-20 Client Mover I ( Client Packager ( 8-10 Image Setup Utility ( 8-11 Login Script Setup ( ) 8-3 Restore Encrypted Files ( Server Tuner ( Touch Tool ( Vulnerability Scanner (
) 1-3 ) 1-17 E-8 ) 8-11 ) 8-9 ) 8-15 ) 8-3 2-8, 8-3
-
2-5
I) 8-14
Control Manager C-5 2-5 Policy Server Cisco NAC B-15 (NAD) E-8
9-23 E-8
3-2 2-8, 8-10 2-7 SNMP 2-43 2-42 2-43 2-38, 2-43 1-23
2-8
1-8 1-11 1-10 1-22 .com E-8
.exe 1-6
E-7 9-1, 9-24 E-7 -
E-8 ActiveAction 2-50 IntelliScan 2-50
Policy Server A-20
I–7
Trend Micro™ OfficeScan™ 7.0
A (CA)
ActiveX 1-6, 3-5 « » E-2
E-8 E-8
3-5
C Cisco NAC 2-6 9-2
9-6 Cisco Trust Agent (CTA) 1-9, B-12 E-9 2-6 Windows NT/2000 A-21 Windows XP A-21 Cleanup Now ( ) 2-5, 3-9 Client Packager ( ) 8-10 Control Manager C-2 C-3 OfficeScan C-2 OfficeScan C-8 C-2 C-4 C-5
-
9-7 9-7 9-3 9-5 9-5 9-2 Cisco NAC 9-6 Enterprise Client Firewall ( ) 9-3 1-6 E-8
«
» 1-9
« : 1-9, 3-7
»
D
1-9, 3-7 «
»
Damage Cleanup Services ( ) 2-5 Cleanup Now ( 3-9 [email protected] 1-28
3-14 ActiveX 3-5 « 3-13
» «
»
E
3-11 1-7, 3-2 3-3
Enterprise Client Firewall ( ) 2-6, 7-7 Trend
7-7
Micro 3-4
6-2
3-3 «
1-7, 3-2 »
2-6 2-6
1-7, 3-2
9-3
E-9
F
Э
Firewall Outbreak Monitor ( ) 2-6, 6-8
2-5 Э
I–8
9-22
6-22
)
G
Ping of Death
grayware (
E-9
) Policy Server (
E-9
) 2-6 Cisco A-21 OfficeScan A-16 A-19
H HTTPS E-4 Policy Server (
HyperText 1-22
I
A-20 ) B-32
Image Setup Utility ( Internet 1-21 Internet Information Server (IIS) 1-21
) 8-11
B-34 B-20 B-26, B-29 B-35
J
E-9
Java
E-4 E-4
E-2 1-6
B-32
L local.scv D-11 Login Script Setup ( ) 8-3
M Manual Outbreak Prevention ( ) 2-6 5-9
O OfficeScan SecureClient D-10 1-22 1-26 1-18 1-21 OfficeScan for Wireless 1-18 Outbreak Prevention ( ) 2-4
P Ping (
) E-9
Cisco Secure ACS B-3 SSL B-10 E-6 Policy Server Cisco NAC B-34 B-34 Policy Server A-8 B-29 B-26 ACS B-18 B-35 Policy Server B-20 B-2 A-9 A-15 A-12 B-32 A-6 ACS B-3 ACS B-3 CA A-19, B-7 Policy Server SSL B-10 A-17 Policy Server OfficeScan A-16
I–9
Trend Micro™ OfficeScan™ 7.0
V
A-14 A-10 Policy Server B-15 Cisco Trust Agent (CTA) B-12 Policy Server SecureClient D-10
Virus Outbreak Monitor 1-19 Virus Outbreak Monitor ( ) 2-5, 5-11 VPN D-13 Vulnerability Scanner (
Q Quarantine Manager (
) 2-7
W Wireless Protection Manager 1-18
R Restore 2-4 Restore Encrypted Files ( ) 8-11
S Scan Now ( ) 2-5, 2-63 SCV Editor D-10 Secure Configuration Verification . SCV SecureClient D-10 OfficeScan D-10 Policy Server D-10 SCV Editor D-10 Server Tuner ( ) 8-9 SolutionBank – . « » 1-28 SSL 1-20
T TCP/IP 1-22 TeardropE-9 Telnet E-10 Trend Micro 9-22 TrendLabs 9-23, 9-26 E-10
U Update Now ( URL-
) 1-25, 2-34 1-28, 9-25 1-13 readme, 9-23
Cisco NAC A-2
I–10
) 8-3