First of all, before performing a full system scan, OfficeScan will check with the server if other systems in the environment are also running a full scan. In order to avoid multiple full system scans in the same environment.

Second, they implemented the option to scan a virtual machine template. And save the results as a cache (which will be used when performing a full system scan).

First, what’s changed in OfficeScan from version 10.0 SP1?

- Active Directory Integration
- Smart Protection Solutions
- Security Compliance
- Virtual Desktop Support
- Role-based administration
- General Product enhancements

So, what is my experience with the new features?

Active Directory Integration
Closer integration with active directory. Personally not tested.

Smart Protection Solutions
I guess this is enhancements to the file reputation and the implementation of a “local” web reputation server.
Tested this one, works fine. Good idea to include a local alternative, instead of having all your clients talk to “the cloud”. The new version of the TMCSS (Cloud Scan Server) also works with OfficeScan 10.0 SP1.

You can either perform a fresh install, or upgrade from 1.x.

Security Compliance
Not tested.

Virtual Desktop Support
According to Trend, OfficeScan is now “VDI”-aware. And supports VMware View 4 and Citrix XenDesktop 4.
Anyone running those products tested?

Granular Role-based Administration
Pretty much standard role based administration, with the possibility to use Active Directory user accounts. Also single sign on support.

General Product enhancements
Just a bunch of smaller product enhancements.

They fixed stuff related to:
- Update Agent
- Exception list
- Firewall
- Logs
- Scan Settings
- Web Reputation
- Plug in program updates

Update Agent
You can now have update agents separately download components, settings and program updates. A new report tool for update agents has also been implemented.

Exception list
There are now separate lists for Behavior Monitoring and Device control exceptions. In 10.0 they were the same.

Firewall
It is now possible to make exceptions for software on the Certified Software List, or block specific applications.

Also, when installing OfficeScan server from scratch, you will be asked if you want to enable the OfficeScan firewall, AND if you want to enable the firewall for server platforms. Earlier, if you enabled the firewall, it would be enabled both for workstations/laptops AND servers. This is great, because the firewall is not recommended for server platforms, but for client platforms. So you can get away with just one OfficeScan server (if you want to). In other words, no need to have dedicated server without the firewall enabled. You might of course still want to do this, so you can patch the client server, separate from the server server (server server server? ).

Logs
Enhancements of the logging feature will ensure consistency between time settings on OfficeScan clients, server and Control Manager. In other words “unified time stamping”.

Scan Settings
The following configuration options are now available on the local client (as long as the client has privileges to configure scan exclusions):
- Add, remove or overwrite files and directories from the client scan exclusion list.
- configure OLE exploit detection settings
- Configure settings for action on probable virus malware (scan actions on heuristic and generic detection)
- Clean Spyware/grayware in zipped files setting
- Use wildcards in the scan exclusion lists.

They also added additional options in the web gui. These are not listed in the release notes. But I’ve found some of them, and the most important one is the option to configure actions on generic/heuristic while using Active Action.
But I’m bit confused, since this is not an option if you use “use the same actions for all”.
Even if you configure the same actions for all types, you will have to specify “1st” and “2nd” scan action in the ofcscan.ini file.

As far as I know OfficeScan will still “Pass” potential security threats, if not configured with “1st” and “2nd” action when using the same actions for all types.

Web reputation settings
You can now configure web reputation policies and assign them to one, multiple or all OfficeScan clients.

Plug in program updates
OfficeScan can now automagically download plug in program updates from the first source in the server update source list. This includes Trend Micro Control Manager.

So, except from the GUI-bug mentioned in an earlier post, it should be safe to upgrade to version 10.5. I have not experienced any other problems. Have you?

By installing the Smart Scan Server 2.0, you will get the following features:
- “Local” Web Reputation Server
- Additional Widgets
- Web Access and Pattern Update Log
- Notifications through email and SNMP
- Multi language web interface

Full installation readme:
http://www.trendmicro.com/ftp/documentation/readme/tmcss-2.0.1336-1-x86_64-DVD_README-en.txt

Patch update readme:
http://www.trendmicro.com/ftp/documentation/readme/PatchPackage-2.0-1336.x86_64_README-en.txt

This is a known issue! Ask your Trend Micro Partner/Reseller for Hotfix 1106.1

These are the steps:

1. Generate Trial license

2. Download software

3. Prepare server

4. Install OfficeScan server

1. Generate Trial license

If you don’t have one, you’ll need valid license.

You can get a trial here:

http://forms.trendmicro.com/index.php?dom=us&productID=5


2. Download software

You then need to download the software.

Download the primary install file from:

http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=7&lang_loc=1

(I’ll try to cover service packs, patches and hotfixes in a later article).


3. Prepare the server

You’re most likely installing OfficeScan on a Windows Server 2003 or Windows Server 2008.

Before you start the OfficeScan installer you will need to install IIS on the Windows server.

(Press “Win + R” and type “appwiz.cpl” and add and remove Windows components/roles.)


4. Install the OfficeScan server

Simply move the install file to the OfficeScan server and double-click it.

Its pretty much straight forward (Next->Next->Next)

You may choose not to enable the firewall, enable spyware assessment mode, install OfficeScan to another location etc, but I’ll cover best practice configuration in another article.

When you’re finished installing, you can access the OfficeScan server console by typing the following in to your browser, on the server.

https//localhost:4343/officescan


Future topics related to this article:

- OfficeScan patch management, Service Packs, Patches and Hotfixes

- Best practice installation/configuration

And I’m simply not able to answer all the questions regarding installation and troubleshooting.

Therefore I have decided to write a series of posts/articles, to try to answer all of your questions, and to cover some general topics.

So, this is the articles I’ve planned to write:

Trend Micro OfficeScan: Installation

Trend Micro OfficeScan: Smart Scan Server

Trend Micro OfficeScan: Deployment

Trend Micro OfficeScan: Server Components

Trend Micro OfficeScan: Troubleshooting

If anyone has any request/wishes regarding content and topics, please feel free to leave a comment!

Read the original thoughts on OfficeScan 10 (just me ranting):

http://technoblog.org/2009/09/trend-micro-officescan-10-some-thoughts/

This is Trend Micro OfficeScan 8.0 SP1 Patch 5

Full readme can be found here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch5_en_readme.txt

It’s important to notice that only the following drivers are compatible with Windows 7:

Virus Scan Engine (8.952 or higher)
Virus Cleanup Engine (6.2.1016 or higher)
Anti-rootkit Driver (2.8.1063 or higher)
Common Firewall Driver (NSC) (5.8.1092 or higher)

Virus Scan Engine and Virus Cleanup Engine can be updated from the Active Update server.

Anti-rootkit Driver and the Common Firewall Driver (NSC) are included in this patch.

I haven’t had time to test if this actually works on Windows 7. If anyone has, please feel free to leave a comment. I will test it as soon as I can.

Trend Micro is now rolling back the VSAPI 9.000 from ActiveUpdate. Reason: “There have been reports of issues on the following products scanning certain malformed PDF files”.

The version available through ActiveUpdate is now 9.100.1001, this is essentially version 8.952.

The products affected are:
OfficeScan
ServerProtect
Worry-Free Business Security (WFBS)

Earlier, they sent out an advisory about VSAPI 9.000 and problems with Windows NT (think it was OfficeScan 7.3 and ServerProtect). The problems resulted in the Scan Engine being unable to load the pattern files.

Read the entire Customer Notification here:

CUSTOMER NOTIFICATION Rollback of VSAPI Version 9.000 from ActiveUpdate