best practice configurations for officescan (osce) 10 best...best practice configurations for...

14
Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches, refer to http://www.trendmicro.com/download/product.asp?productid=5 Enable Smart Clients 1. Ensure that Officescan client can query at least two Scan Servers This guidance avoids the creation of a single-point of failure for anti-malware security. If the lone Scan Server on the network crashes, this has repercussions for desktop security throughout the network. Adding a second Scan Server on the network, or ensuring that all File Reputation-enabled clients can connect to the Trend Micro scan service if the primary Scan Service fails, results in a more robust security implementation. Options: Enable the Integrated Scan Server on multiple OfficeScan servers Install VMWare-based standalone scan servers There are two types of local scan servers: Integrated Scan Server standalone Scan Server Both essentially work the same way, but are ported for different software platforms. Integrated Scan Server The integrated scan server is automatically installed on the OfficeScan server. It can be installed during OfficeScan server installation or at later point. Standalone Scan Server The standalone scan server is recommended to large networks. At this point, this server is only available as a VMWare image that runs CentOS. For more information regarding image compatibility on virtual servers Refer to: http://docs.trendmicro.com/en-us/enterprise/officescan.aspx

Upload: doannhu

Post on 25-Jun-2018

235 views

Category:

Documents


2 download

TRANSCRIPT

Best Practice Configurations for OfficeScan (OSCE) 106 Applying Latest Patch(es) for OSCE 106 To find out the latest patches refer to httpwwwtrendmicrocomdownloadproductaspproductid=5

Enable Smart Clients 1 Ensure that Officescan client can query at least two Scan Servers

This guidance avoids the creation of a single-point of failure for anti-malware security If the lone Scan Server on the network crashes this has repercussions for desktop security throughout the network

Adding a second Scan Server on the network or ensuring that all File Reputation-enabled clients can connect to the Trend Micro scan service if the primary Scan Service fails results in a more robust security implementation Options

Enable the Integrated Scan Server on multiple OfficeScan servers

Install VMWare-based standalone scan servers There are two types of local scan servers

Integrated Scan Server

standalone Scan Server Both essentially work the same way but are ported for different software platforms Integrated Scan Server

The integrated scan server is automatically installed on the OfficeScan server It can be installed during OfficeScan server installation or at later point Standalone Scan Server

The standalone scan server is recommended to large networks At this point this server is only available as a VMWare image that runs CentOS

For more information regarding image compatibility on virtual servers Refer to httpdocstrendmicrocomen-usenterpriseofficescanaspx

2 When opting to use the Integrated scan server make sure that it is actually installed To verify if the scan server is installed and accessible from a particular desktop enter the

following URL in the desktoplsquos browser httpsofficescan_hostltportgttmcssLCRC=08000000AC41080092000080C4F01936B21D9104

If the browser returns the following then the Scan Server is both enabled and accessible

3 Enable Smart Scan - The Integrated Scan Server is enabled using the following checkbox on the Scan Server screen on the OfficeScan management console

Before including an Integrated Scan Server in the scan server list make sure that it is enabled When using File Reputation functionality with an integrated scan server make sure that the scan server is enabled before switching scan types This is an important step because the mechanism for switching from standard scanning to File Reputation does not include automatic verification of scan server functionality It is therefore possible to assign a File Reputation-enabled OfficeScan client to a non-functional scan server

4 Create separate domains for Smart and Conventional clients Upon installation the default scan mode for the OfficeScan network is called ―Conventional scan This uses the traditional schema of using all-local patterns Administrators can switch OfficeScan clients to Smart Scan As with other OfficeScan client settings if the administrator sets this setting at the root of the OfficeScan client tree this becomes the default scan method and will affect all future clients in addition to existing clients that are not already assigned client-specific scan-method settings

Deploy clients in Conventional scan and then switch them over to Smart scan afterwards

Create OfficeScan domains that have Smart scan enabled by default and then migrate 5 Schedule Smart Scan Server to update on an hourly basis

Configuring Manual Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Manual Scan Settings 5 Configure the Target tab 6 Files to Scan gt All Scannable files 7 Scan Settings

71 Scan hidden folders 72 Scan network drive 73 Scan compressed files 74 Scan OLE object

741 Detect exploit code in OLE files 8 Virus Malware Scan Settings Only gt Scan boot area 9 CPU Usage gt Medium pause slightly between file scans 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 Configure the Action tab 12 VirusMalware gt Use a specific action for each virusmalware type 121 Joke Quarantine 122 Trojan Quarantine 123 Virus Clean amp Quarantine 124 Test Virus Quarantine 125 Packer Quarantine 126 Probably VirusMalware Quarantine

127 Others Clean amp Quarantine 13 Back up files before cleaning 14 Damage Cleanup Services 141 Cleanup type Advanced cleanup 142 EnablegtRun cleanup when probable virusmalware is detected 15 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Real-time Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Real-time Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 User Activity on Files gt Scan files being createdmodified and retrieved 8 Files to Scan gt All Scannable files 9 Scan Settings gt

91 Scan network drive 92 Scan the boot sector of the USB storage device after plugging in 93 Scan compressed files 94 Scan OLE object

941 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Enable Intellitrap 11 Scan Exclusion Enable scan exclusion 111 Scan Exclusion list (Directories) 1111 Exclude directories where Trend Micro products are installed 1112 Retains client computerrsquos exclusion list 112 Scan Exclusion list (Files) 1121 Retains client computerrsquos exclusion list 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scheduled Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scheduled Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Schedule to run at least once a week 7 Configure the Target tab 8 Files to Scan gt All Scannable files 9 Scan Settings gt 91 Scan compressed files 92 Scan OLE object 921 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Scan boot area 11 CPU Usage gt Medium pause slightly between file scans 12 Scan Exclusion Enable scan exclusion 121 Scan Exclusion list (Directories) 1211 Exclude directories where Trend Micro products are installed 1212 Retains client computerrsquos exclusion list 122 Scan Exclusion list (Files) 1221 Retains client computerrsquos exclusion list 13 Configure the Action tab 14 VirusMalware gt Use a specific action for each virusmalware type 141 Joke Quarantine 142 Trojan Quarantine 143 Virus Clean amp Quarantine 144 Test Virus Quarantine 145 Packer Quarantine 146 Probably VirusMalware Quarantine

147 Others Clean amp Quarantine 15 Back up files before cleaning 16 Damage Cleanup Services 161 Cleanup type Advanced cleanup 162 EnablegtRun cleanup when probable virusmalware is detected 17 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

2 When opting to use the Integrated scan server make sure that it is actually installed To verify if the scan server is installed and accessible from a particular desktop enter the

following URL in the desktoplsquos browser httpsofficescan_hostltportgttmcssLCRC=08000000AC41080092000080C4F01936B21D9104

If the browser returns the following then the Scan Server is both enabled and accessible

3 Enable Smart Scan - The Integrated Scan Server is enabled using the following checkbox on the Scan Server screen on the OfficeScan management console

Before including an Integrated Scan Server in the scan server list make sure that it is enabled When using File Reputation functionality with an integrated scan server make sure that the scan server is enabled before switching scan types This is an important step because the mechanism for switching from standard scanning to File Reputation does not include automatic verification of scan server functionality It is therefore possible to assign a File Reputation-enabled OfficeScan client to a non-functional scan server

4 Create separate domains for Smart and Conventional clients Upon installation the default scan mode for the OfficeScan network is called ―Conventional scan This uses the traditional schema of using all-local patterns Administrators can switch OfficeScan clients to Smart Scan As with other OfficeScan client settings if the administrator sets this setting at the root of the OfficeScan client tree this becomes the default scan method and will affect all future clients in addition to existing clients that are not already assigned client-specific scan-method settings

Deploy clients in Conventional scan and then switch them over to Smart scan afterwards

Create OfficeScan domains that have Smart scan enabled by default and then migrate 5 Schedule Smart Scan Server to update on an hourly basis

Configuring Manual Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Manual Scan Settings 5 Configure the Target tab 6 Files to Scan gt All Scannable files 7 Scan Settings

71 Scan hidden folders 72 Scan network drive 73 Scan compressed files 74 Scan OLE object

741 Detect exploit code in OLE files 8 Virus Malware Scan Settings Only gt Scan boot area 9 CPU Usage gt Medium pause slightly between file scans 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 Configure the Action tab 12 VirusMalware gt Use a specific action for each virusmalware type 121 Joke Quarantine 122 Trojan Quarantine 123 Virus Clean amp Quarantine 124 Test Virus Quarantine 125 Packer Quarantine 126 Probably VirusMalware Quarantine

127 Others Clean amp Quarantine 13 Back up files before cleaning 14 Damage Cleanup Services 141 Cleanup type Advanced cleanup 142 EnablegtRun cleanup when probable virusmalware is detected 15 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Real-time Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Real-time Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 User Activity on Files gt Scan files being createdmodified and retrieved 8 Files to Scan gt All Scannable files 9 Scan Settings gt

91 Scan network drive 92 Scan the boot sector of the USB storage device after plugging in 93 Scan compressed files 94 Scan OLE object

941 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Enable Intellitrap 11 Scan Exclusion Enable scan exclusion 111 Scan Exclusion list (Directories) 1111 Exclude directories where Trend Micro products are installed 1112 Retains client computerrsquos exclusion list 112 Scan Exclusion list (Files) 1121 Retains client computerrsquos exclusion list 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scheduled Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scheduled Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Schedule to run at least once a week 7 Configure the Target tab 8 Files to Scan gt All Scannable files 9 Scan Settings gt 91 Scan compressed files 92 Scan OLE object 921 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Scan boot area 11 CPU Usage gt Medium pause slightly between file scans 12 Scan Exclusion Enable scan exclusion 121 Scan Exclusion list (Directories) 1211 Exclude directories where Trend Micro products are installed 1212 Retains client computerrsquos exclusion list 122 Scan Exclusion list (Files) 1221 Retains client computerrsquos exclusion list 13 Configure the Action tab 14 VirusMalware gt Use a specific action for each virusmalware type 141 Joke Quarantine 142 Trojan Quarantine 143 Virus Clean amp Quarantine 144 Test Virus Quarantine 145 Packer Quarantine 146 Probably VirusMalware Quarantine

147 Others Clean amp Quarantine 15 Back up files before cleaning 16 Damage Cleanup Services 161 Cleanup type Advanced cleanup 162 EnablegtRun cleanup when probable virusmalware is detected 17 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

4 Create separate domains for Smart and Conventional clients Upon installation the default scan mode for the OfficeScan network is called ―Conventional scan This uses the traditional schema of using all-local patterns Administrators can switch OfficeScan clients to Smart Scan As with other OfficeScan client settings if the administrator sets this setting at the root of the OfficeScan client tree this becomes the default scan method and will affect all future clients in addition to existing clients that are not already assigned client-specific scan-method settings

Deploy clients in Conventional scan and then switch them over to Smart scan afterwards

Create OfficeScan domains that have Smart scan enabled by default and then migrate 5 Schedule Smart Scan Server to update on an hourly basis

Configuring Manual Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Manual Scan Settings 5 Configure the Target tab 6 Files to Scan gt All Scannable files 7 Scan Settings

71 Scan hidden folders 72 Scan network drive 73 Scan compressed files 74 Scan OLE object

741 Detect exploit code in OLE files 8 Virus Malware Scan Settings Only gt Scan boot area 9 CPU Usage gt Medium pause slightly between file scans 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 Configure the Action tab 12 VirusMalware gt Use a specific action for each virusmalware type 121 Joke Quarantine 122 Trojan Quarantine 123 Virus Clean amp Quarantine 124 Test Virus Quarantine 125 Packer Quarantine 126 Probably VirusMalware Quarantine

127 Others Clean amp Quarantine 13 Back up files before cleaning 14 Damage Cleanup Services 141 Cleanup type Advanced cleanup 142 EnablegtRun cleanup when probable virusmalware is detected 15 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Real-time Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Real-time Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 User Activity on Files gt Scan files being createdmodified and retrieved 8 Files to Scan gt All Scannable files 9 Scan Settings gt

91 Scan network drive 92 Scan the boot sector of the USB storage device after plugging in 93 Scan compressed files 94 Scan OLE object

941 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Enable Intellitrap 11 Scan Exclusion Enable scan exclusion 111 Scan Exclusion list (Directories) 1111 Exclude directories where Trend Micro products are installed 1112 Retains client computerrsquos exclusion list 112 Scan Exclusion list (Files) 1121 Retains client computerrsquos exclusion list 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scheduled Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scheduled Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Schedule to run at least once a week 7 Configure the Target tab 8 Files to Scan gt All Scannable files 9 Scan Settings gt 91 Scan compressed files 92 Scan OLE object 921 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Scan boot area 11 CPU Usage gt Medium pause slightly between file scans 12 Scan Exclusion Enable scan exclusion 121 Scan Exclusion list (Directories) 1211 Exclude directories where Trend Micro products are installed 1212 Retains client computerrsquos exclusion list 122 Scan Exclusion list (Files) 1221 Retains client computerrsquos exclusion list 13 Configure the Action tab 14 VirusMalware gt Use a specific action for each virusmalware type 141 Joke Quarantine 142 Trojan Quarantine 143 Virus Clean amp Quarantine 144 Test Virus Quarantine 145 Packer Quarantine 146 Probably VirusMalware Quarantine

147 Others Clean amp Quarantine 15 Back up files before cleaning 16 Damage Cleanup Services 161 Cleanup type Advanced cleanup 162 EnablegtRun cleanup when probable virusmalware is detected 17 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Configuring Real-time Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Real-time Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 User Activity on Files gt Scan files being createdmodified and retrieved 8 Files to Scan gt All Scannable files 9 Scan Settings gt

91 Scan network drive 92 Scan the boot sector of the USB storage device after plugging in 93 Scan compressed files 94 Scan OLE object

941 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Enable Intellitrap 11 Scan Exclusion Enable scan exclusion 111 Scan Exclusion list (Directories) 1111 Exclude directories where Trend Micro products are installed 1112 Retains client computerrsquos exclusion list 112 Scan Exclusion list (Files) 1121 Retains client computerrsquos exclusion list 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scheduled Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scheduled Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Schedule to run at least once a week 7 Configure the Target tab 8 Files to Scan gt All Scannable files 9 Scan Settings gt 91 Scan compressed files 92 Scan OLE object 921 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Scan boot area 11 CPU Usage gt Medium pause slightly between file scans 12 Scan Exclusion Enable scan exclusion 121 Scan Exclusion list (Directories) 1211 Exclude directories where Trend Micro products are installed 1212 Retains client computerrsquos exclusion list 122 Scan Exclusion list (Files) 1221 Retains client computerrsquos exclusion list 13 Configure the Action tab 14 VirusMalware gt Use a specific action for each virusmalware type 141 Joke Quarantine 142 Trojan Quarantine 143 Virus Clean amp Quarantine 144 Test Virus Quarantine 145 Packer Quarantine 146 Probably VirusMalware Quarantine

147 Others Clean amp Quarantine 15 Back up files before cleaning 16 Damage Cleanup Services 161 Cleanup type Advanced cleanup 162 EnablegtRun cleanup when probable virusmalware is detected 17 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Configuring Scheduled Scan Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scheduled Scan Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Schedule to run at least once a week 7 Configure the Target tab 8 Files to Scan gt All Scannable files 9 Scan Settings gt 91 Scan compressed files 92 Scan OLE object 921 Detect exploit code in OLE files 10 VirusMalware Scan Settings Only gt Scan boot area 11 CPU Usage gt Medium pause slightly between file scans 12 Scan Exclusion Enable scan exclusion 121 Scan Exclusion list (Directories) 1211 Exclude directories where Trend Micro products are installed 1212 Retains client computerrsquos exclusion list 122 Scan Exclusion list (Files) 1221 Retains client computerrsquos exclusion list 13 Configure the Action tab 14 VirusMalware gt Use a specific action for each virusmalware type 141 Joke Quarantine 142 Trojan Quarantine 143 Virus Clean amp Quarantine 144 Test Virus Quarantine 145 Packer Quarantine 146 Probably VirusMalware Quarantine

147 Others Clean amp Quarantine 15 Back up files before cleaning 16 Damage Cleanup Services 161 Cleanup type Advanced cleanup 162 EnablegtRun cleanup when probable virusmalware is detected 17 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookies and shortcuts

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Configuring Scan Now Settings 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Scan Settings gtgt Scan Now Settings 5 Enable virusmalware scan and Enable spywaregrayware scan 6 Configure the Target tab 7 Files to Scan gt All Scannable files 8 Scan Settings

81 Scan compressed files 82 Scan OLE object

821 Detect exploit code in OLE files 9 Virus Malware Scan Settings Only gt Scan boot area 10 Scan Exclusion Enable scan exclusion 101 Scan Exclusion list (Directories) 1011 Exclude directories where Trend Micro products are installed 1012 Retains client computerrsquos exclusion list 102 Scan Exclusion list (Files) 1021 Retains client computerrsquos exclusion list 11 CPU Usage gt Medium pause slightly between file scans 12 Configure the Action tab 13 VirusMalware gt Use a specific action for each virusmalware type 131 Joke Quarantine 132 Trojan Quarantine 133 Virus Clean amp Quarantine 134 Test Virus Quarantine 135 Packer Quarantine 136 Probably VirusMalware Quarantine

137 Others Clean amp Quarantine 14 Back up files before cleaning 15 Damage Cleanup Services 151 Cleanup type Advanced cleanup 152 EnablegtRun cleanup when probable virusmalware is detected 16 SpywareGrayware gt Clean OfficeScan will terminate processes or delete registries files cookiesand shortcuts

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Summary

Real-time Scan Manual Scan Scheduled Scan Scan Now

Files to scan All Scannable All Scannable All Scannable All Scannable

Scan hidden folders

Scan network drive

Scan boot sector of USB storage

Scan compressed files

Scan OLE object

Detect exploit code in OLE files

Enable Intellitrap

Scan boot area

CPU usage Medium Medium Medium

Cleanup type for Damage Cleanup Services Advanced Cleanup Advanced Cleanup Advanced Cleanup

Run cleanup for probable virus

Clean action for detected Spyware

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Enable Web Reputation WRS allows OfficeScan to detect and block access to sites that harbor Web-based threats When a client requests a URL it first checks the ldquoreputation scorerdquo of the URL by querying the Trend Micro reputation servers Access to the URL is then allowed or denied depending on the score and the security level you configured To configure WRS please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Web Reputation Settings 5 For both External and Internal Clients Enable Web Reputation Policy 6 Enable Check HTTPS URLs 6 Select the Medium security level for the policy 7 ApprovedBlock URL list You may add the URLs of the Web sites you want to approve or blockBy default Trend Micro and Microsoft Web sites are included in the Approved list 8 Select whether to Allow clients to send logs to the OfficeScan server You can use this option to analyze URLs blocked by WRS 9 Click Save

Enable Smart Feedback The Trend Micro Smart Protection Network provides a feedback mechanism to minimize the effort of threats harvesting analysis and resolving It not only helps increase the detection rate but also provides a quick real-world scenario It also benefits customers to help ensure they get the latest protection in the shortest possible time

To configure Smart Feedback please do the following 1 On the OSCE Server login to the Management Console 2 On the left pane menu click Smart Protection gt Smart Feedback 3 Check Enable Trend Micro Smart Feedback option box 4 Click Save

Enable Behavior Monitoring OfficeScan constantly monitors computers (or endpoints) for unusual modifications to the operating system or on installed software Administrators (or users) can create exception lists that allow certain programs to start despite violating a monitored change or completely block certain programs In addition programs with a valid digital signature or have been certified are always allowed to start To configure Behavior Monitoring please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management gt Settings gt Behavior Monitoring Settings 3 Check Enable Malware Behavior Blocking 4 Click Save

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Configure Global Client Settings Advance settings that will apply to all the Officescan clients on your network To configure Global Client Settings please do the following 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Global Client Settings 3 Enable Officescan Service Restart 31 Automatically restart an Officescan client service if the service terminates unexpectedly 4 Click Save

Configure Client Self-protection 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Privileges and Other Settings 5 Click Other Settings tab 6 Enable all Client Self-protection 61 Protect OfficeScan client services 62 Protect files in the OfficeScan client installation folder 63 Protect OfficeScan client registry keys 64 Protect OfficeScan client processes 7 Click Save

Configure Device Control One of the new features of OfficeScan 10x is the Device Control It provides control feature that regulates access to external storage devices and network resources connected to computers Device control helps prevent data loss and leakage and combined with file scanning helps guard against securitry risks By default Device Control feature is enabled but ALL devices have FULL ACCESS Block AutoRun functions on USB devices are also enabled 1 On the OSCE Server login to the Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings and select Device Control Settings 5 Check Enable Device Control for both External and Internal Clients 6 Enable Block the Autorun function on USB storage devices

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Permissions for Storage and Non-Storage Devices

Allow access to USB storage devices CDDVD floppy disks and network drives You can grant full access to these devices or limit the level of access Limiting the level of access brings up ldquoProgram listsrdquo which allows programs on storage devices to have modify read and execute read List device content only and Block permissions

Configure the list of approved USB storage devices Device Control allows you to block access to all USB storage devices except those that have been added to the list of approved devices You can grant full access to the approved devices or limit the level of access

Use default permission for Non-Storage Devices You can only allow or block access to non-storage devices There are no granular or advanced permissions for these devices

Configure the settings according to your preference

Enhanced GeneriClean Technology There are instances wherein registry remnants are left after a Trend Micro product has cleaned or quarantined a file There is also a possibility that the malware payload can modify local security policies

of the machine that restrict certain functionalities (ie Task Manager) GeneriClean has the capability to restore system policy and this has been implemented via the use of TSCINI file For more information on how to clean malware remnants and restore security policies visit httpesupporttrendmicrocomPagesHow-to-clean-malware-remnants-and-restore-policies-using-GeneriCleanaspx

Disabling Roaming Mode for Machines in the Network Trend Micro recommends not to enable roaming mode for the machines that are in the Local Area Network 1 Login to the OfficeScan Management Console 2 Go to Networked Computers gt Client Management 3 Select the groupcontainer you wish to apply the settings to 4 Click on Settings gt Privileges and Other Settings 5 On the Privileges tab gtRoaming Privilege 6 Uncheck Enable roaming mode option if enabled for LAN machines Otherwise leave it as is

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Install Intrusion Defense Firewall (IDF) plug-in Note Intrusion Defense Firewall (IDF) is part of the OfficeScan plug-in manager This requires a new activation code Please contact sales to obtain a license

Intrusion Defense Firewall is an advanced host-based intrusion defense system that brings proven network security approaches including firewall and intrusion detection and prevention down to individual networked computers and devices In addition it can also prevent a malware attack that exploits the vulnerability More information can be found at httpwwwtrendmicrocomdownloadproductaspproductid=84 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Intrusion Defense Firewall click Download

Install OfficeScan ToolBox plug-in OfficeScan Toolbox manages deploys executes and consolidates logs for a variety of standalone Trend Micro tools 1 Login to the OfficeScan Management Console 2 Click Plug-in Manager 3 Under Trend Micro OfficeScan ToolBox download and install the plug-in

1 4 After installing the plug-in click on Manage Program to access the OfficeScan ToolBox console 2 5 Select which OfficeScan clients to deploy the ATTK package then click Deploy

3 6 On the Deployment Settings window the ATTK toolkit is already selected by default Click Deploy

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

4 7 A confirmation that the tool deployment is successful will appear The ATTK package will be deployed on the client in a few minutes

8 On the Logs tab you will see that the ATTK deployment is being processed

9 Once the deployment is finished it will indicate on the Tool Deployment page that it is complete

5 10 Go to the Logs tab and the result would be Completed You can download the file and send it to Trend Micro Technical Support for analysis

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

11 You can also go to the Feedback tab and send the Reference ID to Trend Micro Technical Support for analysis

Using the Security Compliance Security Compliance allows you to detect client computers that do not have antivirus software installed within your network environment by scanning your Active Directory Scope and connecting to port(s) used by OfficeScan server(s) to communicate with the OfficeScan clients Security Compliance can then install the OfficeScan client on unprotected computers 1 Login to the OfficeScan Management Console 2 Click on ldquoSecurity Compliancerdquo gt Outside Server Management 3 Inline with ldquoActive Directory Scoperdquo click on ldquoDefinerdquo button 4 If you have more than one (1) OfficeScan server click on the link for Specify Ports under ldquoAdvanced Settingrdquo then click on ldquoSaverdquo button 5 Click on ldquoSave and re-assessrdquo button 6 You will be presented with the assessment result for the machines within your Active Directory Scope You can then highlight the machines you wish and click on ldquoInstallrdquo button to deploy OfficeScan client program to them Note

If you have more than one (1) OfficeScan servers installed within your environment you need to specify each communication port being used by Officescan clients to connect to their respective OfficeScan server

This feature can only validate machines with OfficeScan client software installed If a machine is running other anti-virus program assessment will return a BLANK result for the machine names you have queried

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows

Disable System Restore 1 In Active Directory Users and Computers navigate to Computer Configuration Administrative Templates System System Restore 2 Double-click Turn off System Restore set it to Enabled then click OK 3 Close the policy and exit Active Directory Users and Computers 4 The changes will take effect on the next policy refresh

Disable Autorun 1 Click on Start then Run 2 Type in GPEDITMSC then hit Enter 3 Go to Local Computer Policy | Administrative Template | System 4 On the right pane double-click Turn off Autoplay 5 When you are in the properties dialog box click enabled 6 Choose All drives from the drop-down list underneath 7 Click on OK

Run Microsoft Baseline Security Analyzer once a month to check for Unpatched PC 1 Download the tool on the link below httpwwwmicrosoftcomen-usdownloaddetailsaspxid=7558 2 See more information on the link below httptechnetmicrosoftcomen-ausecuritycc184924aspx

Educate users not to click on links they do not trust Do not open suspicious links or files especially from instant messengers emails from unidentified users and from pop-up windows