If I manage to get through it, I’ll write a short review.

First of all, before performing a full system scan, OfficeScan will check with the server if other systems in the environment are also running a full scan. In order to avoid multiple full system scans in the same environment.

Second, they implemented the option to scan a virtual machine template. And save the results as a cache (which will be used when performing a full system scan).

First, what’s changed in OfficeScan from version 10.0 SP1?

- Active Directory Integration
- Smart Protection Solutions
- Security Compliance
- Virtual Desktop Support
- Role-based administration
- General Product enhancements

So, what is my experience with the new features?

Active Directory Integration
Closer integration with active directory. Personally not tested.

Smart Protection Solutions
I guess this is enhancements to the file reputation and the implementation of a “local” web reputation server.
Tested this one, works fine. Good idea to include a local alternative, instead of having all your clients talk to “the cloud”. The new version of the TMCSS (Cloud Scan Server) also works with OfficeScan 10.0 SP1.

You can either perform a fresh install, or upgrade from 1.x.

Security Compliance
Not tested.

Virtual Desktop Support
According to Trend, OfficeScan is now “VDI”-aware. And supports VMware View 4 and Citrix XenDesktop 4.
Anyone running those products tested?

Granular Role-based Administration
Pretty much standard role based administration, with the possibility to use Active Directory user accounts. Also single sign on support.

General Product enhancements
Just a bunch of smaller product enhancements.

They fixed stuff related to:
- Update Agent
- Exception list
- Firewall
- Logs
- Scan Settings
- Web Reputation
- Plug in program updates

Update Agent
You can now have update agents separately download components, settings and program updates. A new report tool for update agents has also been implemented.

Exception list
There are now separate lists for Behavior Monitoring and Device control exceptions. In 10.0 they were the same.

Firewall
It is now possible to make exceptions for software on the Certified Software List, or block specific applications.

Also, when installing OfficeScan server from scratch, you will be asked if you want to enable the OfficeScan firewall, AND if you want to enable the firewall for server platforms. Earlier, if you enabled the firewall, it would be enabled both for workstations/laptops AND servers. This is great, because the firewall is not recommended for server platforms, but for client platforms. So you can get away with just one OfficeScan server (if you want to). In other words, no need to have dedicated server without the firewall enabled. You might of course still want to do this, so you can patch the client server, separate from the server server (server server server? ).

Logs
Enhancements of the logging feature will ensure consistency between time settings on OfficeScan clients, server and Control Manager. In other words “unified time stamping”.

Scan Settings
The following configuration options are now available on the local client (as long as the client has privileges to configure scan exclusions):
- Add, remove or overwrite files and directories from the client scan exclusion list.
- configure OLE exploit detection settings
- Configure settings for action on probable virus malware (scan actions on heuristic and generic detection)
- Clean Spyware/grayware in zipped files setting
- Use wildcards in the scan exclusion lists.

They also added additional options in the web gui. These are not listed in the release notes. But I’ve found some of them, and the most important one is the option to configure actions on generic/heuristic while using Active Action.
But I’m bit confused, since this is not an option if you use “use the same actions for all”.
Even if you configure the same actions for all types, you will have to specify “1st” and “2nd” scan action in the ofcscan.ini file.

As far as I know OfficeScan will still “Pass” potential security threats, if not configured with “1st” and “2nd” action when using the same actions for all types.

Web reputation settings
You can now configure web reputation policies and assign them to one, multiple or all OfficeScan clients.

Plug in program updates
OfficeScan can now automagically download plug in program updates from the first source in the server update source list. This includes Trend Micro Control Manager.

So, except from the GUI-bug mentioned in an earlier post, it should be safe to upgrade to version 10.5. I have not experienced any other problems. Have you?

Example netstat to CSV with “-an” flags.
for /F "tokens=1-4 delims= " %A in ('netstat -an') do echo %A,%B,%C,%D

Example netstat to CSV with “-ano” flags with output to file.
for /F "tokens=1-5 delims= " %A in ('netstat -ano') do echo %A,%B,%C,%D,%E>>outputfile.csv

Note if you are going to use it in a batch script, remember to use the following format:
for /F "tokens=1-4 delims= " %%A in ('netstat -an') do echo %%A,%%B,%%C,%%D

And you can of course use this to just list “Listening” ports:
for /F "tokens=1-4 delims= " %A in ('netstat -an ^| find "LISTENING"') do echo %A,%B,C%,%D

Why would you do this?
1. Openports (from DiamonCS is licensed)
2. No need for third party binaries.

Why would you not do this?
1. Hard to parse netstat -anob

If you know how to parse “netstat -anob”, please feel free to leave a comment

By installing the Smart Scan Server 2.0, you will get the following features:
- “Local” Web Reputation Server
- Additional Widgets
- Web Access and Pattern Update Log
- Notifications through email and SNMP
- Multi language web interface

Full installation readme:
http://www.trendmicro.com/ftp/documentation/readme/tmcss-2.0.1336-1-x86_64-DVD_README-en.txt

Patch update readme:
http://www.trendmicro.com/ftp/documentation/readme/PatchPackage-2.0-1336.x86_64_README-en.txt

Codename “Avatar”, if you want to know more, you could read more at Check Point’s product page:
http://www.checkpoint.com/products/security-gateway-virtual-edition/index.html

Or head over to fireverse.org.

In short, Security Gateway Virtual Edition (Avatar) is a VMWare virtual appliance (for vSphere) that uses the VMSafe API. Same as IBM ISS Virtual Server Security and Trend Micro Deep Security.

This is a known issue! Ask your Trend Micro Partner/Reseller for Hotfix 1106.1

These are the steps:

1. Generate Trial license

2. Download software

3. Prepare server

4. Install OfficeScan server

1. Generate Trial license

If you don’t have one, you’ll need valid license.

You can get a trial here:

http://forms.trendmicro.com/index.php?dom=us&productID=5


2. Download software

You then need to download the software.

Download the primary install file from:

http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=7&lang_loc=1

(I’ll try to cover service packs, patches and hotfixes in a later article).


3. Prepare the server

You’re most likely installing OfficeScan on a Windows Server 2003 or Windows Server 2008.

Before you start the OfficeScan installer you will need to install IIS on the Windows server.

(Press “Win + R” and type “appwiz.cpl” and add and remove Windows components/roles.)


4. Install the OfficeScan server

Simply move the install file to the OfficeScan server and double-click it.

Its pretty much straight forward (Next->Next->Next)

You may choose not to enable the firewall, enable spyware assessment mode, install OfficeScan to another location etc, but I’ll cover best practice configuration in another article.

When you’re finished installing, you can access the OfficeScan server console by typing the following in to your browser, on the server.

https//localhost:4343/officescan


Future topics related to this article:

- OfficeScan patch management, Service Packs, Patches and Hotfixes

- Best practice installation/configuration

And I’m simply not able to answer all the questions regarding installation and troubleshooting.

Therefore I have decided to write a series of posts/articles, to try to answer all of your questions, and to cover some general topics.

So, this is the articles I’ve planned to write:

Trend Micro OfficeScan: Installation

Trend Micro OfficeScan: Smart Scan Server

Trend Micro OfficeScan: Deployment

Trend Micro OfficeScan: Server Components

Trend Micro OfficeScan: Troubleshooting

If anyone has any request/wishes regarding content and topics, please feel free to leave a comment!

Read the original thoughts on OfficeScan 10 (just me ranting):

http://technoblog.org/2009/09/trend-micro-officescan-10-some-thoughts/

Security guides for Mac OS X 10.3, 10.4 and 10.5 are also available at the same site:

Mac OS X Security guides:

http://www.apple.com/support/security/guides/