WFBS Best Practices - Trend Micro Supportesupport.trendmicro.com/media/12432334/Best Practice Guide...

SM

B T

echn

ical

Pro

duct

Mar

ketin

g

TREND MICRO Worry Free Business Security 6.0 Best Practices Guide

Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com

http://www.trendmicro.com/

Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide – v1.1 Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide provides best practice guidelines to resellers and customers deploying and Worry Free Business Security. Detailed information about how to use specific features in the software is available in the Online Help and in the Trend Micro™ Worry-Free™ Business Security 6.0 Getting Started Guide and Trend-Micro™ Worry-Free™ Business Security 6.0 Administrator’s Guide.

DOCUMENT PROFILE: Product: Trend Micro™ Worry-Free™ Business Security 6.0

Document Title: Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide

Document Filename: BP - Worry-Free Business Security 6.0 Best Practices v1.1

Document Release Date: July 17, 2009

Team: SMB Technical Product Marketing

Author: Randy Jeff N. Licsi, CISSP, Senior Technical Product Engineer

2

Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide v1.1

Contents Preface ............................................................................................................................... 5

Chapter 1: Introduction .................................................................................................... 6 What is Worry-Free Business Security 6.0? ..................................................................................... 6 What’s New in Worry-Free Business Security 6.0? ......................................................................... 6 The Worry-Free Business Security Client/Server Architecture ....................................................... 7

Chapter 2: Understanding SMB Requirements .............................................................. 9 Define the Company’s Security Needs: Small or Medium-Sized .................................................... 9

Small Companies .......................................................................................................................... 9 Medium-Sized Companies ........................................................................................................... 9

Inventory the Systems to be Protected ............................................................................................. 9

Chapter 3: Deployment Planning .................................................................................. 10 Planning Guide Questions .............................................................................................................. 10 Protection Component Considerations ........................................................................................... 11

Security Server ........................................................................................................................... 11 Messaging Security Agent .......................................................................................................... 12 Client/Server Security Agent ...................................................................................................... 13 Client/Server Security Agent deployment options ..................................................................... 13 Network Topology Design ......................................................................................................... 16 Updating Multi-Site Environments ............................................................................................ 18 Displacement .............................................................................................................................. 19 Previous WFBS/CSM installations ............................................................................................ 20

Chapter 4: Deployment Execution ................................................................................ 21 Installing the Security Server ......................................................................................................... 21

Pre-installation Checklist ........................................................................................................... 21 During Installation ...................................................................................................................... 21 Post installation .......................................................................................................................... 22

Installing the Messaging Security Agent ........................................................................................ 23 Pre-installation ........................................................................................................................... 23 Post installation .......................................................................................................................... 23

Installing the Client/Server Security Agent .................................................................................... 24 Pre-installation ........................................................................................................................... 24 Post installation .......................................................................................................................... 24

Other Considerations – Patches and Support ................................................................................. 28 Certificates ................................................................................................................................. 28 Patches ........................................................................................................................................ 30 Knowledge Base ......................................................................................................................... 30

Chapter 5: Post Installation Management Tasks ......................................................... 31 Trend Micro Vulnerability Assessment .......................................................................................... 31

3

Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide – v1.1 Trend Micro Vulnerability Scanner ................................................................................................ 32 Behavior Monitoring ...................................................................................................................... 36 Firewall .......................................................................................................................................... 36 Smart Scan FAQ ............................................................................................................................. 36 Deployment Key Points Summary ................................................................................................. 39

About Trend Micro .......................................................................................................... 40

4


Preface

Welcome to the Trend Micro Worry Free Business Security 6.0 Best Practices Guide. This document is designed to help resellers and customers develop a set of best practices when deploying and managing Worry Free Business Security.

The document is also designed to be used in conjunction with the following guides:

• Trend Micro Worry Free Business Security 6.0 Getting Started Guide

• Trend Micro Worry Free Business Security 6.0 Administrator’s Guide

–The SMB Technical Product Marketing

5

Trend Micro™ Worry-Free™ Business Security 6.0 – Best Practices Guide – v1.1

Chapter 1: Introduction

This chapter introduces you to the features and functions of Trend Micro™ Worry-Free™ Business Security 6.0. It covers the following topics:

• What is Worry-Free Business Security?

• What’s New in Worry-Free Business Security 6.0?

• The Worry-Free Business Security 6.0 Client/Server Architecture

What is Worry-Free Business Security 6.0? Designed to suit the needs of small- to medium-sized businesses, Trend Micro™ Worry-Free™ Business Security (WFBS) 6.0 provides network-wide desktop and server protection.

Client/Server Security Agents (CSAs), a component of Worry-Free Business Security, protect an organization’s Windows™ Vista/2000/XP computers and servers running Server 2003 or Server 2008 from a wide range of threats and potential nuisances, such as virus/malware, spyware/grayware, spam, Web threats, unauthorized changes, macro virus, malicious Java™ applets, and malicious ActiveX™ controls. The CSAs report and receive the latest updates from the Security Server.

Seamless integration with Microsoft Windows makes Worry-Free Business Security a powerful, multi-layered defense against Internet threats. Centralized management tools and intelligent scanning offers excellent anti-spam, antivirus and content security in a scalable, high-performance software architecture.

What’s New in Worry-Free Business Security 6.0? Cloud-client File Reputation and Smart Scan: Cloud-client File Reputation and Smart Scan move sizable anti-malware and anti-spyware pattern functionality to a scan server. They help keep client footprints small and reduce the need for clients to constantly download pattern updates, while defending against the unprecedented rates at which threats are now being released, since servers can be updated more frequently than clients were in the past. By delivering rapid solutions to local or global scan servers instead of laboriously distributing them to individual clients, the new File Reputation and Smart Scan technologies can provide the latest protection almost instantly.

URL Web Content Filtering: Rely on Trend Micro to block Web sites that contain inappropriate content. URL filtering can help improve employee productivity, secure network resources, and protect proprietary information.

Smart Protection Network Integration: The Trend Micro Smart Protection Network is a collection of technologies that gather a wide variety of threat-related information from across the Internet to provide up-to-date protection from the latest threats. Core module feedback loops, URL Filtering, Web Reputation, and Smart Scan are all integral parts of the Trend Micro Smart Protection Network.

6


Simpler and Easier Live Status: The Live Status dashboard is now even easier to read than before. Collapsible panels and threat indicators that float to the top of the list make it easy for administrators to monitor the status of the network.

Integrated Installation with Worry-Free™ Remote Manager 2.1: Resellers now have the option to install a Worry-Free Remote Manager Agent during setup, enabling the resellers to remotely manage the WFBS-A Security Server and clients of multiple customers.

New graphical interface for Quarantine Tool: Provides easier quarantine management.

Variable Scanning Based on CPU Consumption: Provides added flexibility for scanning when the CPU usage is high. WFBS-A is now CPU-sensitive and can be configured to pause during high CPU consumption.

Protection from USB autorun threats: Prevents autorun files on USB drives from executing when the drive is inserted in the USB port of a client.

The Worry-Free Business Security Client/Server Architecture

Worry-Free Business Security is comprised of the following components, as shown in Figure 1 following:

1. Web Console – Used to configure the settings of Client/Server Security Agents and Messaging Security Agents, which protect the Exchange servers, desktops, and servers on the network.

2. Security Server – Hosts the centralized Web-based management console for the entire Worry-Free Business Security solution. The Security Server installs the Client/Server Security Agents to the client computers on your network, forming a client-server relationship.

3. Client/Server Security Agent (CSA) – Reports to the Trend Micro Security Server from which it was installed. To provide the server with the very latest Client information, the Client sends event status information in real time. Clients report events such as virus and spyware detection, Client startup, Client shutdown, start of a scan, and completion of an update. CSAs have their own client Console,

4. Messaging Security Agent (MSA) – Worry-Free Business Security Advanced protects the Exchange Server against viruses, Trojans, worms, and other malware. It also provides spam blocking, content filtering, and attachment blocking for added security.

5. Smart Scanning – If CSAs do not find all that they need during a Smart Scan to obtain the reputation of a file, they’ll execute Smart Scan Queries to the local Smart Scan Services in the Security Server (in-office) or to the global Smart Scan Services in the Trend Micro Data Centers (out-of-office) to obtain any patterns they need to complete the file reputation process.

7


Figure 1 - Worry Free Business Security Architecture

8


Chapter 2: Understanding SMB Requirements

Before you begin a deployment of Worry-Free Business Security, it’s important to understand the security needs of small versus medium-sized companies. For guidance on defining SMB needs, review the following sections in this chapter:

• Define the Company’s Security Needs: Small or Medium-Sized?

• Inventory the Systems to be Protected

Define the Company’s Security Needs: Small or Medium-Sized

WFBS companies are defined as small or medium-sized. When deploying WFBS, a full description or mapping of the company’s profile is highly recommended.

Small Companies The typical small company is defined by the following size and needs:

• 5-100 seats (average)

• 90% of WFBS users fit this category

• Power User maintains the systems

• These companies will have a single domain and network.

• Single Exchange or SMTP Server

Medium-Sized Companies The typical medium-sized company is defined by the following size and needs:

• 100-1000 seats

• Only 10% of WFBS users fit this category

• IT Manager/Reseller maintains the systems

• Domains may be divided by department and subnets.

• Multiple Exchange/SMTP servers

Inventory the Systems to be Protected • Inventory all the computer assets in the company that will be protected by WFBS: i.e.,

servers, Exchange Servers, workstations, laptops, networks, etc.

• Build ID lists to keep track of the assets.

9


Chapter 3: Deployment Planning

Planning is vital for a successful installation and deployment of Trend Micro Worry Free Business Security. This section discusses the following:

• Planning Guide Questions

• Protection Component Considerations

• Network Topology Designs

• Displacement/Previous CS/CSM/WFBS installations

Planning Guide Questions

These are basic key questions that need to be answered prior to the actual deployment:

What are the existing company policies that need to be considered prior to migration/deployment?

Identify these to guide the deployment process according to the company policies.

Are there any remote networks that are dependent on the main corporate network? What is the network bandwidth for these remote connections?

Remote networks with low bandwidth can influence the Client/Server Security Agent deployment method. Client packages can be used in order to deploy Client/Server Security Agents to remote clients.

How many clients are situated in the main office and the remote offices?

This will identify the location and number of update agents on the main and remote office.

Is there an existing desktop antivirus solution on the network? Is there a previous version of Client/Server Security or Client/Server Messaging Security installed on the network?

Migration from 3rd party antivirus solutions and previous Client/Server Security and Client/Server Messaging Security (CS and CSM) solutions should be carefully planned.

10


Are there any other antivirus programs installed on the server where Worry-Free Business Security will be installed?

3rd party antivirus management programs may create errors in the Worry-Free Business Security 6.0 installation.

On which server will Worry Free Business Security 6.0 Server be installed? What is this server’s current role in the network? What are the applications that run on this server?

Knowing server performance is vital in order to decide if Worry-Free Business Security 6.0 server should be hosted on an existing or a new server.

Protection Component Considerations

In order to have a successful implementation of WFBS, there are several things you need to consider regarding the components that will be protected.

IMPORTANT! Make sure that all Hardware/Software requirements are met. Check the

minimum requirements found in the Getting Started Guide and the Administrator Guide, or in the readme file that comes with the installation package.

Security Server New Server or an existing multi-role server?

A new server would primarily need to meet the basic hardware/software requirements. An existing multi-role server will need a performance evaluation before Worry-Free Business Security Server is installed.

Server Role: Microsoft SBS or member server?

Microsoft SBS has Microsoft Exchange on the same server as the SBS Server. Trend Micro Worry-Free Business Security 6.0 automatically detects Microsoft Exchange when it is installed on the same box. For member servers, administrators need to select and add Microsoft Exchange servers during or after the Security Server installation in order to install the Messaging Security Agent.

11


Displacement: Migration from a 3rd party Antivirus

You need a migration plan for existing 3rd party antivirus solutions. Although WFBS 6.0 supports automatic 3rd party client protection uninstallation, administrators need to manually uninstall 3rd party antivirus management server. To determine the list of Antivirus products that can be uninstalled, open tmuninst.ptn on the Security Server installation. This file can be opened by any text editor e.g. notepad at \Trend Micro\Security Server\PCCSRV\Admin.

Migration from a previous CSM version Like 3rd party antivirus solutions, previous CS/CSM versions need a migration/upgrade process. Worry-Free Business Security Advanced supports upgrades from any of the following versions:

1. Client/Server or Client/Server Messaging Security 3.6 to Worry-Free Business Security Advanced 6.0

2. Client/Server or Client/Server Messaging Security 5.x to Worry-Free Business Security Advanced 6.0

If you are using Client/Server or Client/Server Messaging Security 2.0 or 3.0 (CS or CSM), you can either remove the Security Server and Client/Server Security Agents and then install Worry-Free Business Security 6.0; or you can upgrade these unsupported versions to Client/Server and Client/Server Messaging Security 3.6 first, then do an upgrade to Worry-Free Business Security 6.0.

A lot of new and exciting features were added from CSM 3.6 to WFBS 6.0. After upgrading to the latest version, make sure you revisit all security settings and enable the feature you want for the WFBS security groups.

Messaging Security Agent Is Microsoft Exchange on the same server as the Security Server?

Worry-Free Business Security 6.0 installation automatically detects Microsoft Exchange installation on the same box.

12


Is there an existing messaging protection solution for Microsoft Exchange?

3rd party antivirus solutions for Microsoft Exchange need to be removed prior to the Messaging Security Agent installation.

Client/Server Security Agent

Displacement: Is there an existing 3rd party Antivirus? Migrate clients by stages. First, migrate several clients and then continue by department or by a designated number of PCs. Then uninstall the 3rd party antivirus management server. This method will have minimum impact on business operations.

Scheduling Deployment

Schedule migration/installation and deployment during off-peak hours. A long weekend/holiday is the best time for migrating and deploying Worry Free Business Security 6.0.

Client types: Mobile and non-mobile

Administrators can have a different set of privileges for mobile and non-mobile clients. This will allow mobile clients the flexibility that they need, such as for scheduled updates and update from the Internet.

Client/Server Security Agent deployment options

Worry-Free Business Security 6.0 has different Client/Server Security Agent deployment options, one to suit every network. Client Packages can be made for remote/mobile clients, Windows Remote Install can be used for local PCs that need Client/Server Security Agents, Web Install allows administrators and users remote installation access and Trend Micro Vulnerability Scanner automatically installs Client/Server Security Agents to unprotected PCs. For recommendations, see the table below.

13


Table 1 - WFBS Client/Server Security Agent Deployment Options

Criteria Web Page Login Script Client Packager

WindowsRemote Install

Trend Micro Vulnerability

Scanner Microsoft SMS/GPO

Recommended for WAN Deployment No No Yes Yes No Yes

Recommended for centralized

administration and Management

No Yes No Yes No Yes

Requires client User Intervention Yes No Yes No Yes Yes

Requires IT resource No Yes Yes Yes Yes Yes Suitable for Mass

Deployment No Yes Yes No Yes Yes

Bandwidth Consumption

Low if Scheduled

Low if Scheduled

Low if Scheduled

Low if Scheduled

Low if Scheduled

Low if Scheduled

Web Page Install

Suitable for deploying Client/Server Security Agents on a client in the local network. This option needs user intervention.

The Web Page installation can also be initiated through email. An Email notification can be initiated from the Security Server to the user that contains a link to install the Client/Server Security agent. This is useful for mobile clients that log into the local network.

Login Script

Suitable for mass deployment in the local network. No user intervention needed.

Client Packager

Suitable for installing Client/Server Security Agents on low-bandwidth, remote clients, which may include mobile clients. This requires user intervention.

Windows Remote Install

Suitable for on-demand, mass or selective deployment in the local network. This is used by administrators to deploy Client/Server Security Agents through the WFBS Web Console.

14


Trend Micro Vulnerability Scanner

Suitable for deploying Client/Server Security Agents on unprotected clients in the local network. This also serves as an unprotected client discovery tool for administrators.

Microsoft Group Policy Object

Microsoft Installer (MSI) packages can be created through the client packager. These MSI installation packages can be deployed through 3rd party deployment applications like Microsoft Systems Management Server. Microsoft Group Policy Objects can also be used for deploying MSI client packages.

15


Network Topology Design

Screened Host

Figure 2 - Screened Host Firewall Configuration

This topology guarantees that the Worry-Free Business Security Server is protected by the Firewall and avoids any communication problems between the Client/Server Security Agent, the Messaging Security Agent, and the Security Server. Trend Micro recommends this setup.

Administrators don’t need to open ports on the Firewall, which may cause vulnerabilities from the Internet.

Screened Subnet (DMZ)

Figure 3 - Screened Subnet Firewall Configuration

16


With this design, Administrators need to open ports on the Firewall to allow Client/Server Security Agent – Security Server communication.

Note: Publishing WFBS Web Page – Publish only the WFBS secured web console if needed.

Dynamic Network Address Translations can cause failure of client/server agent-to-security server communication.

17


Updating Multi-Site Environments

Trend Micro Worry-Free Business Security allows administrators to assign Update Agents. These Update Agents distribute pattern and engine updates to remote clients. This and incremental updates help minimize bandwidth consumption for the scan engine and pattern updates.

Main

Internet Remote Site Update Client/Server

Agent

Remote Site Figure 4 - Deployment on remote sites

Note: Assign at least one Update Agent in each Remote Site. Select machines which are always online.

18


Displacement

Trend Micro Worry-Free Business Security 6.0 CANNOT uninstall 3rd party antivirus management servers.

Trend Micro Worry-Free Business Security 6.0 CAN automatically uninstall 3rd party antivirus client protection components.

Installing WFBS 6.0 Security Server on the same server as with 3rd Party AV:

1. Uninstall 3rd party Client/Server protection component. 2. Uninstall 3rd party management server 3. Install WFBS 6.0

Installing WFBS 6.0 Security Server on a separate server (other than the 3rd Party AV):

1. Install WFBS 6.0 on the other server 2. Deploy Client/Server Security Agent on selected clients. 3. Uninstall 3rd party antivirus management server.

Note: It is recommended that you migrate a few clients before proceeding to the whole

migration. This will confirm the migration process. A Pilot deployment is also recommended for a large-size migration.

19


Previous WFBS/CSM installations

MUST: Before any migration process, back up licenses, log files, quarantined items and system state data.

Supported upgrade paths

Supported client upgrade paths allow automatic detection and migration of previous Client/Server Messaging Security versions.

Worry Free Business Security 6.0 Trial version to Full version

Upgrade from Client Server Messaging Security 3.6 to Worry-Free Business Security 6.0

Upgrade from Client Server Messaging Security 5.x to Worry-Free Business Security 6.0

Unsupported Upgrades Worry-Free Business Security 6.0 does not support direct upgrades under the following conditions:

Upgrade from Client/Server Suite 2.0

Upgrade from Client/Server/Messaging Suite 2.0

Upgrade from Client/Server/Messaging Suite 3.5

Upgrade from OfficeScan Enterprise Edition or ScanMail for Microsoft Exchange

Upgrade from Client/Server Security 3.0

Upgrade from Client/Server Messaging Security 3.0

Upgrade from one language to another

If you have Client/Server Messaging Security 2.0/3.0, you need to upgrade to Client/Server Messaging Security 3.6 first before migrating to 6.0. You only need to upgrade the Security Server. After this upgrade, wait for the clients to get upgraded to v3.6 before upgrading to v6.0. As an alternative, you can uninstall 2.0/3.0, then install WFBS 6.0 fresh. This is the best upgrade option as it would take less time compared with upgrading to a supported upgrade version.

20


Chapter 4: Deployment Execution

This chapter describes the actual installation/deployment process. Topics discussed in this chapter include the pre- and post-installation tasks for:

• Installing the Security Server

• Installing the Messaging Security Agent on the Exchange Server

• Installing the Client/Server Security Agents

• Checking the Success of the Installations

Installing the Security Server

Pre-installation Checklist

• Schedule the installation off peak hours, preferably after a system backup so that in the event of any possible failure, all system settings can be recovered.

• Uninstall any 3rd Party antivirus management component on the server that will host the

Worry-Free Business Security Server. If this server is also a Microsoft Exchange Server, uninstall any 3rd party antivirus solution for Exchange.

• Close all running applications during Worry-Free Business Security installation.

During Installation During the Security Server installation process, there are options which should be chosen:

• Pre-scanning

This basic pre-scan is recommended. However, it is also recommended that you initiate a scan after the pattern and engine files have been updated.

• Fully Qualified Domain Name (FQDN) vs. IP Address

Use FQDN for Internal servers which have one network interface Use IP Address for servers which are multi-homed

• Target Directory

21


Choose a directory with more than 1200 MB of free space

• Internet Information Services vs. Apache

Use IIS for integrated Windows Authentication - Recommended. Use Apache when IIS is not available on the hosting server.

Note: Using Apache requires that you create new account to run the Web server. By

default, Apache only assigns a root account that has full access rights on the Web site.

Post installation

• Internet Explorer Enhanced Security Configuration

Internet Explorer’s Enhanced Security Configuration can cause the Worry-Free Business Security Web Console to be inaccessible. Add the URL: http://servername:port as an allowed site in order to access the Worry-Free Business Security Web Console.

• Important: Update the scan engine and pattern files immediately.

This should be done prior to Client/Server Security Agent deployment.

• Check installation success

- Access the WFBS 6.0 Web Console - Download the eicar test file from:

http://eicar.org/anti_virus_test_file.htm

• Security Server and Messaging Security Agent Configuration

Configure the settings for the Security Server and Messaging Security Agent after installation.

• Create Client/Server Groupings

Create different Client/Server agent groups and customize settings such as Client privileges, scan settings, directory exclusions etc.

• Management Console publishing (Optional)

Publish the secured Web Console on the Firewall. This will allow users secure Web access to the Worry-Free Business Security Web Console.

22



Installing the Messaging Security Agent

Pre-installation

MUST: Uninstall any 3rd Party Microsoft Exchange antivirus solution prior to the Messaging Security Agent installation.

Post installation

• Configure Messaging Security Settings according to the company’s security policy

• Exclude directories

Exclude Microsoft Exchange Directories from being scanned by the Client/Server Security Agent. This will increase scanning performance.

Figure 5 - Exclusion Menu

Microsoft SQL databases should also be excluded from Client/Server Security Agent scanning.

23



Download and attach eicar.com test file to an email. Send this message to any mailbox hosted at the Microsoft Exchange server.


Installing the Client/Server Security Agent

Pre-installation

• 3rd Party Client Firewall applications

3rd Party Client Firewall applications may conflict with Client/Server. Disable/uninstall 3rd Party Client Firewall applications prior to Client/Server Agent installation.

• Deploy Client/Server Agents

Deploy Client/Server Agents to several clients before mass deployment. This will confirm the migration process.

• For Mobile Clients:

Configure settings and copy ofcscan.ini located in the Trend Micro\Security Server\PCCSRV\ directory. Use this ofcscan.ini in order to create client packages.

• Supported 3rd Party antivirus auto uninstall

Check tmuninst.ptn on the Security Server installation. This file can be opened by any text editor e.g. notepad

\Trend Micro\Security Server\PCCSRV\Admin

Post installation


Check the Client/Server Security Agent icon on the task bar.

Download the eicar test file from: http://eicar.org/anti_virus_test_file.htm

24



• Move clients and servers to the appropriate domain/group

Move clients to the proper Groups through the Worry Free Business Security management console. Notify clients so that settings take effect. Replicate settings from one group for efficiency.

• Assign Update Agents on remote sites.

- Assign Update sources to groups of clients. This will reduce WAN bandwidth consumption. Administrators can also use this strategy in order to deploy updates by network segments. This method used in conjunction with scheduled updates will effectively distribute update traffic.

To assign other update sources:

1. Open Worry-Free Business Security Management Console > Updates > Source > Security Agents Tab.

Figure 6 - Update Source Configuration

2. Add Update Agents.

25


Figure 7 - Add Update Agent Screen

3. Enable Alternative Update Sources.

Figure 8 - Enable Alternative Update Source Screen

4. Add Client/Server Security Agent IP address range to Update Agents.

Figure 9 - Add an Alternate Update Source Screen

26


5. Reorder Update Sources if necessary.

Figure 10 - Reorder Update Source

27


Other Considerations – Patches and Support

Certificates

If you are using Internet Explorer 7, you will get a certificate error when first opening the WFBS console. You can go ahead and click Continue to this Website or to prevent the browser error from appearing again, you can install the Security Server certificate.

To install the server certificate:

1. On the Certificate Error message, click Continue to this website. 2. Click the Certificate Error bar on the right side of the IE7 address bar. The Untrusted

Certificate message window displays.

Figure 11 - Untrusted Certificate Popup

3. Click View Certificates to open the Certificate window.

28


Figure 12 - Certificate Import Wizard

4. Click Install Certificate > Next > Next > Finish. 5. Click Yes to the Security Warning prompt.

Figure 13 - Security Warning

29


Patches

Most Trend Micro patches are applied to the Security Server. The Security Server then automatically updates the Client/Server Security Agents. Monitor and update to the latest Trend Micro Worry-Free Business Security patches.

Knowledge Base

To access the Knowledge Base, go to:

http://esupport.trendmicro.com/support/supportcentral/supportcentral.do?seg=SMB

30

http://esupport.trendmicro.com/support/supportcentral/supportcentral.do?seg=SMB


Chapter 5: Post Installation Management Tasks

This chapter describes the actual post installation tasks. Topics discussed in this chapter include:

• Trend Micro Vulnerability Assessment

• Trend Micro Vulnerability Scanner

• Deployment Key Points Summary

Trend Micro Vulnerability Assessment

Trend Micro Vulnerability Assessment offers threat – virus correlation and maps vulnerabilities to Microsoft patches. Scan and perform actions periodically in order to mitigate threats.

Figure 14 - Potential Threat Screens

1. Open Worry-Free Business Security 6.0 Management Console > Outbreak Defense > Settings > Vulnerability Assessment.

2. Set the schedule for Vulnerability Scans and click Save.

31


Figure 15 - Vulnerability Assessment Settings

Trend Micro Vulnerability Scanner

Trend Micro Vulnerability Scanner (TMVS) tracks unprotected servers and clients and offers protection component installation option. This helps administrators detect and take actions on unprotected hosts. An account with administrative privilege on the target PCs is needed to run TMVS.

Warning: DO NOT run Trend Micro Vulnerability Scanner (TMVS) on servers with Terminal Services. TMVS may trigger false alerts from Intrusion Detection Systems.

32


To run/schedule a Vulnerability Scan:

1. On the local server, execute: Program Files\Trend Micro\Security Server\PCCSRV\Admin\Utility\TMVS\TMVS.exe

Figure 16 – TMVS Window

2. An on-demand Vulnerability Scan can be initiated. Set and schedule vulnerability scans. 3. Under the Settings Menu, you can specify additional configuration options. Note that the

security server is automatically detected by the tool.

33


Figure 17 - TMVS Settings

The Auto-install Client/Server Security Agent installation needs an account that has administrative rights on the target PCs.

Trend Micro Vulnerability Scanner can even scan other 3rd party antivirus

protection components.

34


Deploying CSA via TMVS with Windows Firewall Enabled

If the Install CSA option doesn’t work, ensure that the File and Print Sharing Exception under Windows Firewall is checked. This can be configured on the client computer’s Windows Firewall settings.

Figure 18 - File and Print Sharing Exception

If the customer has an Active Directory domain, Firewall settings can be configured using a Group Policy Object to multiple computers. This allows you to enable the firewall exception without having to visit each of the client computers. Refer to this Microsoft KnowledgeBase on how to do this: http://technet.microsoft.com/en-us/library/bb490626.aspx. You need to enable the Allow File and Print Exception Setting, under Computer Configuration | Administrative Templates | Network | Network Connections | Windows Firewall.

35

http://technet.microsoft.com/en-us/library/bb490626.aspx


Behavior Monitoring Starting with v6.0, Behavior Monitoring is enabled by default. If you encounter any performance issues, such as application launch delays, ensure that you have the latest Behavior Monitoring Core Service component. You can verify this in WFBS 6.0 management console and clicking Updates | Manual | Behavior Monitoring. The update package 2.65.1003 contains performance fixes and optimizations for the Behavior Monitoring component of WBFS 6.0.

If some trusted applications are taking time to launch, consider adding them to the Exception list. This can be configured in the Security Settings page.

Firewall If you enabled the WFBS 6.0 Firewall Component on Windows 2008/Vista systems and encounter network disconnection issues, please apply the hot fix documented in the following Microsoft Knowledgebase article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

Smart Scan FAQ What is Smart Scan?

Smart Scan is a new technology from Trend Micro that utilizes a central scan service on your network to ease the burden of hosting all of the anti-malware signatures on your clients. It immunizes them against the “Threat of Volume,” where the growth of malware drives the growth of antimalware pattern size on clients. Enable Smart Scan to let the Security Server host all the necessary Smart Scan Service components on the server and to automatically download all the complimentary Smart Scan components to the clients. The Smart Scan Service is installed automatically with the WFBS 6.0 Security Server. You do not need to install it separately.

Is Smart Scan reliable?

Yes. Smart Scan simply provides a Smart Scan Service on the Security Server to help scan your clients. If your clients are configured for Smart Scan but cannot connect to the local Security Server, they will attempt to connect to the Trend Micro Global Smart Scan Server.

How do I know if the Smart Scan Service is running properly?

On the WFBS console, check the System Status to see if any of your clients are connected to the Smart Scan Service. If none of your clients can connect, then your Smart Scan Service has a problem. Verify that the port used by the Security Server is not blocked by your firewall.

36

http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775

http://support.microsoft.com/default.aspx?scid=kb;EN-US;961775


Also verify that the Trend Micro Smart Scan Service is running on the Security Server.

What are the ports used by Smart Scan Service on the Security Server? The following ports are used by Smart Scan Service on the Security Server:

• HTTP - 8082 • HTTPS - 4345

Can I uninstall the Smart Scan Service or choose not to install it? No, but there’s no need to. You can simply switch to Conventional Scan by clicking a radio button in the Console if you do not want to use Smart Scan. Smart Scan and Conventional Scan radio buttons do not appear in the Mail Scan window after upgrading to Worry-Free Business Security (WFBS) Standard / Advanced 6.0 When you upgrade to WFBS 6.0, the Smart Scan feature will be disabled by default. This is a normal behavior because WFBS 3.6 and 5.0/5.1 only used the equivalent of Conventional Scan. To resolve the issue, you need to undo the Smart Scan disable function. Do the following: 1. Log in to the Worry Free Business Security Management console. 2. Go to Preferences > Global Settings > Desktop/Server tab. 3. Under General Scan Settings section, uncheck Disable Smart Scanning. 4. Click Save. The Conventional Scan and Smart Scan radio buttons will now appear in the Mail Scan window, with Conventional Scan preselected.

Figure 19 - Smart Scan and Conventional Scan

37


5. Select Smart Scan if you wish to switch to Smart Scan and click Save.

38


Deployment Key Points Summary

1. Plan Deployment

• Schedule Trend Micro Client Server Messaging Security 3.6 deployment • Secure backups before installation and deployment.

2. Install Security Server

• The Security Server cannot uninstall 3rd party antivirus management applications. Uninstall 3rd party antivirus management applications

• Update the scan engine and pattern files immediately

3. Install Messaging Security Agent

• Uninstall any existing 3rd party Microsoft Exchange antivirus solution before installing Messaging Security Agent

4. Configure Security Server and Messaging Security Agent

• Configure the Security Server before deploying Client Security Agents

5. Deploy clients

• Client/Security Agent can uninstall 3rd Party Antivirus applications

6. Post Deployment Checks

• Run Trend Micro Vulnerability Assessment tool to ensure that clients are protected.

• Schedule Trend Micro Vulnerability scans.

39


About Trend Micro Trend Micro, Incorporated is a global leader in network antivirus and Internet content security software and services, focused on helping customers prevent and minimize the impact of network viruses and mixed-threat attacks through its award-winning Trend Micro Enterprise Protection Strategy. Trend Micro has worldwide operations and trades stock on the Tokyo Stock Exchange and NASDAQ.

Copyright © 2002 - 2009 by Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior written consent of Trend Micro Incorporated. Trend Micro, the t-ball logo, and Worry-Free are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice.

Legal Notice: Trend Micro licenses this product in accordance with terms and conditions set forth in the License Agreement inside the product package. If you wish to review the License Agreement prior to purchase, visit: www.trendmicro.com/license. If you (or the company you represent) do not agree to these terms and conditions, promptly return the product and package to your place of purchase for a full refund.

40

http://www.trendmicro.com/license

WFBS Best Practices - Trend Micro Supportesupport.trendmicro.com/media/12432334/Best Practice Guide...

Documents

Transcript of WFBS Best Practices - Trend Micro Supportesupport.trendmicro.com/media/12432334/Best Practice Guide...