s IM Security for Microsoft Office Communications Server

s IM Security for Microsoft Office Communications Server
IM Security for Microsoft
Office Communications
Server1
TM
Instant Protection for Instant Messaging
Installation and Deployment Guide
ms
Messaging Security
Trend Micro Incorporated reserves the right to make changes to this document
and to the products described herein without notice. Before installing and
using the software, please review the readme files, release notes, and the latest
version of the applicable user documentation, which are available from the
Trend Micro Web site at:
http://www.trendmicro.com/download
Trend Micro, the Trend Micro t-ball logo, Trend Micro Control Manager,
TrendLabs, and MacroTrap, are trademarks or registered trademarks of Trend
Micro, Incorporated. All other product or company names may be trademarks
or registered trademarks of their owners.
Copyright© 2005-2008 Trend Micro Incorporated. All rights reserved.
Document Part No. TIEM13637/80520
Release Date: November 2008
Patents Pending
The Trend Micro™ IM Security user documentation contains product feature
information and installation instructions for your production environment.
You should read through it prior to installing or using the software.
Detailed information about how to use specific features within the software are
available in the online help file and the online Knowledge Base at Trend
Micro’s Web site.
Trend Micro is always seeking to improve its documentation. Your feedback is
always welcome. Please evaluate this documentation on the following site:
http://www.trendmicro.com/download/documentation/rating.asp
Contents
Preface
IM Security Documentation ............................................................................xii
Audience .............................................................................................................xii
Document Conventions .................................................................................xiii
Chapter 1:
Introducing Trend Micro™ IM Security
IM Security Overview .................................................................................... 1-2
What’s New ...................................................................................................... 1-3
Features and Benefits ..................................................................................... 1-4
File and Instant Messaging Protection ........................................................ 1-5
Virus Scan ................................................................................................... 1-6
File Blocking ............................................................................................... 1-7
Content Filtering ........................................................................................ 1-8
Web Threat Protection .............................................................................. 1-9
Reports and Logs ....................................................................................... 1-9
Alerts and Notifications .......................................................................... 1-10
Protection Strategy ........................................................................................ 1-10
IM Security and OCS Deployment Scenarios .......................................... 1-11
Standard Edition Configuration ............................................................ 1-12
Enterprise Edition: Consolidated Configuration ................................ 1-13
Enterprise Edition: Expanded Configuration ..................................... 1-15
iii
Trend Micro™ IM Security Installation and Deployment Guide
Chapter 2:
Pre-Installation Tasks
Planning for Deployment ............................................................................... 2-2
Deployment Overview .............................................................................. 2-2
Phase 1: Plan the Deployment ................................................................. 2-2
Phase 2: Install IM Security ...................................................................... 2-3
Phase 3: Manage IM Security .................................................................... 2-3
Deployment Considerations .......................................................................... 2-3
Conducting a Pilot Deployment ................................................................... 2-4
Choosing a Pilot Site .................................................................................. 2-4
Creating a Contingency Plan .................................................................... 2-5
Deploying and Evaluating a Pilot ............................................................ 2-5
Redefining the Deployment Strategy ...........................................................2-5
System Requirements ......................................................................................2-5
Recommended System Requirements ..................................................... 2-8
Pre-Installation Tasks ..................................................................................... 2-8
Chapter 3:
Installing IM Security
Installing IM Security ......................................................................................3-2
Removing IM Security .................................................................................... 3-7
Chapter 4:
Registering and Activating IM Security
Registering and Obtaining an Activation Code .......................................... 4-2
Activating IM Security .................................................................................... 4-3
iv
Contents
Chapter 5:
Post-Installation Tasks
System Changes ............................................................................................... 5-2
Services ........................................................................................................ 5-3
Processes ..................................................................................................... 5-4
Program Folders ......................................................................................... 5-4
Preparing Other Antivirus Applications ..................................................... 5-4
Verifying a Successful Installation ................................................................ 5-5
Accessing the IM Security Product Console .............................................. 5-6
Accessing the Product Console Locally ................................................. 5-6
Accessing the Product Console Remotely ............................................. 5-7
Checking Default Settings ............................................................................. 5-8
Updating Components ................................................................................. 5-10
Configuring Proxy Server Settings ........................................................ 5-10
Specifying the Update Source ................................................................ 5-11
Update Components Manually .............................................................. 5-12
Chapter 6:
Troubleshooting and FAQ
Installation ........................................................................................................ 6-2
Product Registration and Activation ............................................................ 6-2
Product Console Access Issues .................................................................... 6-3
Component Update Issues ............................................................................ 6-5
Frequently Asked Questions ......................................................................... 6-5
General Product Knowledge .................................................................... 6-5
Installation, Registration, and Activation ............................................... 6-6
Chapter 7:
Getting Support
Contacting Technical Support ...................................................................... 7-2
Sending Infected File Samples ...................................................................... 7-3
Reporting False Positives ............................................................................... 7-3
Introducing TrendLabsSM ............................................................................ 7-3
Other Useful Resources ................................................................................. 7-4
Appendix A: IM Security Deployment Checklist
Installation Checklist ..................................................................................... A-2
Ports Checklist ................................................................................................ A-3
Pre-Installation Tasks Checklist .................................................................. A-3
v
Trend Micro™ IM Security Installation and Deployment Guide
Appendix B: Performing a Silent Installation
Perform a Silent Installation ......................................................................... B-2
Verify a Successful Silent Installation .......................................................... B-4
Appendix C: Manually Create IM Security 1.5 Accounts
Manually Create IM Security 1.5 Accounts ................................................ C-2
Creating the Administrator Account ...................................................... C-2
Creating the IM Notification Account ................................................... C-4
Glossary
Index
vi
List of Figures
Figure 1-1 IM Security deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Figure 1-2 How IM Security Virus Scan works . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Figure 1-3 How IM Security File Blocking works . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Figure 1-4 How IM Security Content Filtering works . . . . . . . . . . . . . . . . . . . . . 1-8
Figure 1-5 A sample protected OCS environment . . . . . . . . . . . . . . . . . . . . . . . 1-11
Figure 1-6 Standard Edition deployment scenario . . . . . . . . . . . . . . . . . . . . . . . 1-12
Figure 1-7 Enterprise Edition consolidated deployment scenario . . . . . . . . . . . 1-13
Figure 1-8 Enterprise Edition expanded deployment scenario . . . . . . . . . . . . . 1-15
Figure C-1. Screen for adding IM Security Administrator Account . . . . . . . . . . C-3
Figure C-2. Recommended display name properties . . . . . . . . . . . . . . . . . . . . . . C-4
Figure C-3. Recommended account options . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4
Figure C-4. Recommended enable user for OCS settings . . . . . . . . . . . . . . . . . . C-5
Figure C-5 IM Notification Account screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6
Figure C-6 IM Notification settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7
vii
Trend Micro™ IM Security Installation and Deployment Guide
viii
List of Tables
Table 1-1. IM Security order of protection precedence ........................................... 1-6
Table 2-1. IM Security hardware and software requirements.................................. 2-5
Table 2-2. Ports for IM Security connectivity............................................................ 2-8
Table 5-1. IM Security system changes....................................................................... 5-2
Table 5-2. IM Security services .................................................................................... 5-3
Table 5-3. IM Security processes ................................................................................. 5-4
Table 5-4. IM Security program folders...................................................................... 5-4
Table 5-5. IM Security default settings........................................................................ 5-8
Table B-1. IM Security Setup.ini configuration settings........................................... B-2
ix
Trend Micro™ IM Security Installation and Deployment Guide
x
Preface
Preface
Welcome to the Trend Micro™ IM Security 1.5 Installation and Deployment Guide. This book
contains information about product settings and service levels.
This preface discusses the following topics:
•
IM Security Documentation on page xii
•
Audience on page xii
•
Document Conventions on page xiii
xi
Trend Micro™ IM Security Installation and Deployment Guide
IM Security Documentation
The IM Security documentation consists of the following:
Online Help—Help with configuring all features through the user interface. Access the
online help by opening the product console and then clicking the help icon ( ).
Installation and Deployment Guide—Helps with planning for and deploying IM
Security.
Administrator’s Guide—Provides instructions, troubleshooting, and best practices for
configuring the product, post installation.
Quick Tour—Provides a brief product introduction and highlights useful product
features.
Readme File—Contains late-breaking product information that might not be found in
the other documentation. Topics include a description of features, installation tips,
known issues, and product release history.
The Installation and Deployment Guide, Administrator’s Guide, Quick Tour, and
readme are available at:
http://www.trendmicro.com/download
Audience
The IM Security documentation is written for IT managers and administrators in
medium and large enterprises. The documentation assumes a basic knowledge of
networking concepts and security systems, including:
xii
•
Antivirus and content security protection
•
Network concepts such as IP address and LAN settings
•
Network devices and their administration
•
Network configuration such as the use of VLAN and SNMP
•
Office Communications Server deployment and topologies
•
Office Communications Server configuration
Preface
Document Conventions
To help locate and interpret information easily, the IM Security documentation uses the
following conventions.
CONVENTION
DESCRIPTION
ALL CAPITALS
ACRONYMS, ABBREVIATIONS, AND NAMES OF
CERTAIN COMMANDS AND KEYS ON THE
KEYBOARD
Bold
Menus and menu commands, command buttons,
tabs, options, and tasks
Italics
References to other documentation
Monospace
Examples, sample command lines,
program code, Web URL, file name, and
program output
Configuration notes
Note:
Recommendations
Tip:
WARNING!
Reminders on actions or configurations that should be
avoided
xiii
Trend Micro™ IM Security Installation and Deployment Guide
xiv
Chapter 1
Introducing Trend Micro™ IM Security
This chapter introduces Trend Micro™ IM Security and provides an overview of its
components and deployment.
The topics discussed in this chapter include:
•
IM Security Overview on page 1-2
•
What’s New on page 1-3
•
Features and Benefits on page 1-4
•
File and Instant Messaging Protection on page 1-5
•
Protection Strategy on page 1-10
1-1
Trend Micro™ IM Security Installation and Deployment Guide
IM Security Overview
Instant messaging can mean instant exposure to fast-moving attacks designed to spread
malware, lure victims to malicious sites, and steal data. Trend Micro™ IM Security for
Microsoft™ Office Communications Server (OCS) secures your real-time IM
communications by stopping the wide range of threats—faster than ever. In-the-cloud
Web Reputation blocks links to malicious sites before the links can be delivered.
Signature-independent zero-day security, leading antivirus, and new antispyware work
together to stop malware before any damage. Plus, flexible content filtering ensures
appropriate IM use and prevents data theft.
FIGURE 1-1
1-2
IM Security deployment
Introducing Trend Micro™ IM Security
IM Security incorporates virus/malware and spyware/grayware scanning, content
filtering, URL filtering, and file blocking into one cohesive solution. Refer to the
succeeding sections for product features, capabilities, and deployment overview.
What’s New
MicrosoftTM Office Communications Server 2007 support
IM Security 1.5 supports file transfer and instant message scanning for Microsoft OCS
2007 Standard or Enterprise editions.
Note:
IM Security 1.5 can only be installed on a front-end server.
Disclaimer support
IM Security 1.5 supports the insertion of a configurable disclaimer statement into the
chat window when a chat session is initiated. The disclaimer statement prompts
individuals to acknowledge that their chat sessions are being monitored for corporate
security needs.
Web Threat Protection
IM Security 1.5 can detect and block Web-based security risks by validating URLs that
users send in chat sessions.
IntelliTrap
IM Security 1.5 incorporates IntelliTrap technology. Use IntelliTrap to scan for packing
algorithms to detect packed files. Enabling IntelliTrap allows IM Security to take
administrator-defined actions on infected files or attachments and to send notifications
to senders, recipients, or administrators.
1-3
Trend Micro™ IM Security Installation and Deployment Guide
Trend Micro Control Manager MCP agent integration
IM Security 1.5 supports the following Control Manager versions:
•
Control Manager 3.5 (Build 1234) + Patch 4 (Build 1504)
•
Control Manager 5.0 (Build 1467) + Hot fix 1602 (Build 1602)
The communication between IM Security and Control Manager uses a new protocol
called the Trend Micro Control Manager Management Communication Protocol (MCP)
agent. IM Security no longer supports the Trend Micro Management Infrastructure
(TMI) protocol used by previous versions of IM Security and Control Manager. The
Control Manager Agent can be registered during the IM Security installation. IM
Security supports single sign-on from Control Manager. Access the IM Security product
console directly from the Control Manager product console without typing a separate
user name and password for the IM Security product console.
Configuration Migration tool
IM Security 1.5 includes a configuration migration tool to help migrate IM Security 1.0
settings to IM Security 1.5 when upgrading from Live Communications Server (LCS) to
OCS 2007.
Features and Benefits
IM Security provides the following features and benefits:
Simple Installation
IM Security provides a wizard-type Setup program, Setup.exe, that allows
administrators to easily install the product on a single server with OCS 2007 Standard or
Enterprise Edition.
Centralized Product Management
A Web-based product console allows administrators to configure IM Security anytime
and from anywhere on the network.
1-4
Introducing Trend Micro™ IM Security
File Transfer Scans
IM Security protects OCS 2007 and instant messaging (Office Communicator) users
from viruses/malware, spyware/grayware, and other security risks associated with file
transfers.
Instant Message Scans
IM Security protects OCS 2007 and instant messaging (Office Communicator) users by
checking for unwanted content and malicious URLs in instant messages.
Configurable Disclaimer Statements
Supports configurable disclaimer statements for instant messaging sessions.
Alerts and Notifications
Set alerts to notify administrators or selected IT personnel whenever specific IM
Security or OCS related events occur. Inform administrators and contacts about IM
Security actions using customizable notifications.
Reports and Logs
Monitor IM Security activities using queried logs that detail security risk detections,
content security events and program update events. In addition, IM Security provides
the option to send graphical reports using email.
File and Instant Messaging Protection
IM Security protects OCS users with:
•
Virus scan—scans for viruses/malware, spyware/grayware, packers, and other
security risks
•
File blocking—conserves network bandwidth and prevents transmission of
confidential information and malicious code hidden in files.
•
Content filtering—monitors files and instant messages for inappropriate content
•
Web Threat Protection (URL filtering)—protects against malicious Web sites.
1-5
Trend Micro™ IM Security Installation and Deployment Guide
Table 1-1presents the order in which IM Security applies file and instant messaging
protection.
TABLE 1-1.
IM Security order of protection precedence
O RDER
FILE - BASED PROTECTION
IM - BASED PROTECTION
1
File Blocking
Content Filtering
2
Content Filtering
Web Threat Protection
(URL Filtering)
3
Virus/Malware Scanning
IM Security uses all three levels of protection to prevent files with viruses/malware,
spyware/grayware, and unwanted content from reaching intended recipients. The
product uses its content filtering protection and Web Threat Protection to prevent
instant messages with unwanted content or malicious URLs from reaching contacts. The
following section explains how IM Security file and IM-based protection works.
Virus Scan
When enabled, file transfer scanning continually protects your instant messaging
environment. Virus scan scans for viruses/malware, spyware/grayware and other
security risks that might be present in incoming and outgoing files
FIGURE 1-2
How IM Security Virus Scan works
IM Security performs the following scan tasks upon receiving a file:
1-6
1.
Scans the file based on configurations made in the Virus Scan page.
2.
Applies the virus scan action.
Introducing Trend Micro™ IM Security
3.
Sends notifications to the administrator or contacts.
IM Security allows you to notify administrators or contacts of the virus/malware
detection through email, IM, SNMP, or Windows Event log.
Refer to the following topics in the Online Help for details about and instructions to
configure file transfer scanning and filtering:
•
Content Filtering, File Blocking, Virus Scan
•
Protect IM Environment(s)
File Blocking
When enabled, file blocking scans for unwanted files based on file type, name, or size.
FIGURE 1-3
How IM Security File Blocking works
IM Security performs the following file blocking tasks upon receiving a file:
1.
Scans and determines whether a file matches the criteria set for the file blocking
rules.
A file blocking rule defines how IM Security blocks a file based on file type, file or
extension name, or file size.
If more than one of these criteria are enabled in a single rule, IM Security uses an
OR relationship to connect the enabled criteria.
2.
Applies the file blocking action.
3.
Sends notifications to the administrator or contacts.
IM Security allows you to notify administrators or contacts of a file blocking event
through email, IM, SNMP, or Windows Event log.
1-7
Trend Micro™ IM Security Installation and Deployment Guide
Refer to the following topics in the Online Help for details about and instructions to
configure file transfer scanning and filtering:
•
Content Filtering, File Blocking, Virus Scan
•
Protect IM Environment(s)
Content Filtering
When enabled, content filtering protects your instant messaging environment by
filtering all incoming and outgoing files and messages for undesirable content.
FIGURE 1-4
How IM Security Content Filtering works
IM Security performs the following content filtering tasks upon receiving a file or
message:
1.
Evaluates and determines whether a content being transferred contains offensive
information by comparing their content with the list of keywords taken from
enabled content filter rules.
If there are five enabled rules, IM Security uses the keywords from those rules to
determine whether the content contains unwanted or offensive content. The
product implements an algorithm that consolidates all keywords from enabled rules
for filtering. Doing so allows faster file or message content filtering.
2.
Applies the content filtering rule action.
If a file or message matches more than one rule, IM Security applies the filter action
specified by the rule with the highest priority.
3.
Sends notifications to the administrator or contacts.
IM Security allows you to notify administrators or contacts of the content filter rule
matching through email, IM, SNMP, or Windows Event log.
1-8
Introducing Trend Micro™ IM Security
Refer to the following topics in the Online Help for details about and instructions to
configure file transfer scanning and filtering:
•
Content Filtering
•
Protect IM Environment(s)
Web Threat Protection
When enabled, Web Threat Protection protects your instant messaging environment by
validating the authenticity of URLs that users send during messaging sessions.
IM Security performs the following tasks upon receiving a URL:
1.
Evaluates the URL to determine if it is a Web threat or a legitimate URL.
IM Security determines if a URL is a Web threat by analyzing its reputation score.
Trend Micro calculates the reputation score using proprietary metrics.
2.
Applies the Web threat protection action.
IM Security takes the action that the administrator specified in the Web Threat
Protection Actions screen.
3.
Sends notifications to the administrator or contacts.
IM Security allows you to notify administrators or contacts of the violation through
email, IM, SNMP, or Windows Event log.
Note:
An Internet connection is required to use the Web Threat Protection feature.
Refer to the Online Help for details about and instructions for configuring Web Threat
Protection.
Reports and Logs
To provide current information about the security of your instant messaging
environment, IM Security is pre-configured to generate reports based on virus scan, file
blocking, content filtering (file transfers and instant messages), URL filtering (Web
Threat Protection), and server traffic. Reports can be generated on demand or
scheduled on a daily, weekly, or monthly basis. Log and report data can be exported to
comma-separated value (CSV) files for further analysis. To prevent logs from consuming
1-9
Trend Micro™ IM Security Installation and Deployment Guide
excessive disk space, use the Reports>Maintenance screen to schedule automatic log
deletions for older logs.
Alerts and Notifications
Set alerts to notify administrators or selected IT personnel whenever specific IM
Security or OCS related events occur. Inform administrators and contacts about IM
Security actions using customizable notifications. IM Security sends notifications in
response to security events such as virus/malware and spyware/grayware detections,
filtering violations, and URL blocking actions. Notifications can be sent to
administrators and other OCS users.
Protection Strategy
An organization must design a strategy that provides optimal protection for its instant
messaging environment. Consider the following when selecting IM Security protection
strategy:
•
What is the overall corporate IT security strategy?
•
What are the available resources (processor, memory) on the servers with OCS?
•
Where and how can security risks and unwanted content enter the OCS
environment (for example, file transfer, instant message)?
Trend Micro recommends the following strategies for optimal protection for an OCS
environment:
•
Implement a virus/malware and spyware/grayware scanning regimen
•
Create file blocking rules for unauthorized file types and extensions
Note:
1-10
The IM Security product console provides the recommended file types and extensions
to block.
•
Create content filtering rules for unwanted or offensive keywords in instant
messages and files being transferred
•
Configure scheduled component updates
Introducing Trend Micro™ IM Security
These strategies provide excellent protection, while also minimizing the system resource
usage. Refer to the Online Help for instructions on how to implement these strategies.
FIGURE 1-5
A sample protected OCS environment
IM Security and OCS Deployment Scenarios
This section, using example configurations from the Microsoft Office Communications Server
2007 Technical Overview, is intended to help determine where to install IM Security. For
details regarding the different OCS deployment scenarios, go to the Microsoft Web site
and download the Microsoft Office Communications Server 2007 Planning Guide and the
Microsoft Office Communications Server 2007 Technical Overview.
1-11
Trend Micro™ IM Security Installation and Deployment Guide
This section uses the three different Pool Configurations mentioned in the Microsoft
Office Communications Server 2007 Technical Overview as a starting point to demonstrate
where to install IM Security.
Standard Edition Configuration
In a Standard Edition Configuration there is one server, a Front-End server, that hosts
one or more of the OCS services and the Back-End database. If you are using the
Standard Edition Configuration, install IM Security on the same Front-End server that
hosts the OCS database and services.
FIGURE 1-6
Standard Edition deployment scenario
Small to Medium Deployment Scenario
If your environment has less than 5,000 users, and you intend to utilize all of the OCS
services and allow external user access, you could deploy one IM Security protected
Front-End server and an Access Edge server. Refer to the Microsoft Office Communications
Server 2007 Planning Guide for more details and additional deployment scenarios.
1-12
Introducing Trend Micro™ IM Security
Note:
The Microsoft Office Communications Server 2007 Planning Guide lists four different small
to medium deployment scenarios. In each of these scenarios, IM Security should only
be installed on the Standard Edition (Front-End) server.
Enterprise Edition: Consolidated Configuration
In an Enterprise Edition: Consolidated Configuration there are one or more servers
(Front-End servers) that host the OCS services, and there is a separate, dedicated
computer that hosts the Back-End database. In this instance, install IM Security on each
of the Front-End servers that host OCS services.
FIGURE 1-7
Enterprise Edition consolidated deployment scenario
1-13
Trend Micro™ IM Security Installation and Deployment Guide
Centralized Enterprise Deployment Scenario
In an environment with fewer than 30,000 users, deploy multiple IM Security protected
front-end servers to utilize all OCS services and provide external user access.
Access Edge servers are required to provide external user access. Refer to the Microsoft
Office Communications Server 2007 Planning Guide for more details and additional
deployment scenarios.
Note:
1-14
The Microsoft Office Communications Server 2007 Planning Guide lists three different
centralized enterprise deployment scenarios. In each of these scenarios, IM Security
should only be installed on the Front-End servers.
Introducing Trend Micro™ IM Security
Enterprise Edition: Expanded Configuration
In an Enterprise Edition: Expanded Configuration there are one or more servers
(front-end servers) that host the IM Conferencing and Telephony Conferencing. There
are separate, dedicated servers that host other OCS services such as Web Conferencing,
A/V Conferencing, and Internet Information Services. The Back-End database is
hosted on its own computer. In this instance, install IM Security on each of the
Front-End servers that are hosting IM and Telephony Conferencing.
FIGURE 1-8
Enterprise Edition expanded deployment scenario
Global Enterprise Deployment Scenarios
In an environment with over 125,000 users distributed globally, deploy multiple IM
Security protected front-end servers to multiple locations. Install additional services on
separate, dedicated computers.
Note:
The Microsoft Office Communications Server 2007 Planning Guide lists two global
deployment scenarios. In both of these scenarios, IM Security should only be installed
on the Front-End servers.
1-15
Trend Micro™ IM Security Installation and Deployment Guide
1-16
Chapter 2
Pre-Installation Tasks
This chapter explains how to plan and prepare for an IM Security deployment.
The topics discussed in this chapter include:
•
Planning for Deployment on page 2-2
•
Deployment Considerations on page 2-3
•
Conducting a Pilot Deployment on page 2-4
•
Redefining the Deployment Strategy on page 2-5
•
System Requirements on page 2-5
•
Pre-Installation Tasks on page 2-8
2-1
Trend Micro™ IM Security Installation and Deployment Guide
Planning for Deployment
Maximizing the benefits that IM Security can bring to an organization requires an
understanding of the possible ways to deploy IM Security to servers with Office
Communications Server (OCS) installed. This section provides a deployment overview
and deployment considerations.
Deployment Overview
PHASE 1: PLAN IM SECURITY DEPLOYMENT
Plan and identify a deployment strategy
Conduct a pilot deployment
Redesign your deployment strategy
PHASE 2: INSTALL IM SECURITY
Perform pre-installation tasks
Install IM Security
Verify installation
PHASE 3: MANAGE IM SECURITY SERVERS
Update components
Configure scan and filter settings
View and analyze summary information
Configure server settings
Phase 1: Plan the Deployment
During phase 1, plan how to best deploy IM Security by completing these tasks:
2-2
•
Review deployment considerations
•
Conduct a pilot deployment on a test segment of the network
•
Redefine the deployment strategy based on the results of the pilot deployment
Pre-Installation Tasks
Phase 2: Install IM Security
During phase 2, start implementing the plan created in phase 1. Perform the following
tasks:
•
Perform pre-installation tasks
•
Install IM Security
•
Verify successful installation
Phase 3: Manage IM Security
During phase 3, manage an IM Security server from the product console. Perform the
following tasks:
•
Update to the latest IM Security components to help guarantee current protection
for OCS servers
•
Configure scan and filter settings
•
Schedule updates and report generation
Note:
This Installation and Deployment Guide discusses phases 1 and 2 and briefly introduces
post-installation configuration tasks. Refer to the IM Security Online Help for detailed
instructions relating to product administration.
Deployment Considerations
Consider the following when planning for an IM Security deployment:
•
If your network environment employs Network Address Translation (NAT) devices,
the IM Security protected OCS server and the clients need to be located together,
behind or in front of the NAT device.
•
In an OCS Enterprise environment, install IM Security on each Front-end server to
enable virus/malware scanning and content filtering for the entire organization.
•
If a firewall exists between an OCS server and its clients, ensure IM Security ports
are opened.
•
For multiple Activation Codes, install IM security to servers separately. Simultaeous
and remote installations are not supported with multiple Activation Codes.
2-3
Trend Micro™ IM Security Installation and Deployment Guide
•
The Setup program provides the option to enable Secure Sockets Layer (SSL)
product console connection.
Note:
You cannot configure SSL from the product console. SSL must be enabled
during installation.
•
Setup does not require stopping the OCS services.
•
If IM Security is installed with other instant messaging software, a scan conflict may
occur..
•
Remember to exclude the IM Security folders from other server-based, antivirus
application scanning.
Setup does not detect other instant messaging antivirus applications.
Conducting a Pilot Deployment
Trend Micro recommends conducting a pilot deployment in a controlled environment
to understand how features work, determine how IM Security can help you accomplish
security goals, and estimate the level of support needed after a full deployment. A pilot
deployment allows validation of and modifications to the deployment plan.
Perform the following tasks to conduct a pilot deployment:
•
Choose a pilot site
•
Create a contingency plan
•
Deploy and evaluate the pilot
Choosing a Pilot Site
Choose a pilot site that matches the planned deployment. This includes other antivirus
installations (such as Trend Micro™ OfficeScan™, ScanMail™, and ServerProtect™)
you plan to use. Try to simulate the topology of your production environment.
2-4
Pre-Installation Tasks
Creating a Contingency Plan
Trend Micro recommends creating a contingency plan in case there are issues with the
installation, operation, or upgrade of IM Security services or components. Consider
your network’s vulnerabilities and how you can maintain a minimum level of security if
issues arise.
Deploying and Evaluating a Pilot
Deploy and evaluate the pilot based on expectations regarding both security
enforcement and network performance. Create a list of items that meet and do not meet
the expected results experienced through the pilot process.
Redefining the Deployment Strategy
Identify the potential pitfalls and plan accordingly for a successful deployment, take into
consideration how IM Security performed with the antivirus installations on the
network. This pilot evaluation can be rolled into the overall production and deployment
plan.
System Requirements
Individual company networks are as unique as the companies themselves. Therefore,
different networks have different requirements depending on the level of network
complexity. This section (Table 2-1) includes both the minimum and recommended
requirements for an IM Security server.
TABLE 2-1.
IM Security hardware and software requirements
HARDWARE / SOFTWARE
SPECIFICATIONS
REQUIREMENTS
CPU
Intel™ Pentium ™ 4 processor or faster
Hard disk space
500MB of available disk space
1GB of available disk space is recommended
2-5
Trend Micro™ IM Security Installation and Deployment Guide
TABLE 2-1.
IM Security hardware and software requirements
HARDWARE / SOFTWARE
SPECIFICATIONS
REQUIREMENTS
Memory
1GB
2GB of memory is recommended
Windows Server ™
2003
Microsoft Windows Server 2003 Standard Edition
with SP1
Microsoft Windows Server 2003 Standard Edition
with SP2*
Microsoft Windows Server 2003 Enterprise Edition
with SP1
Microsoft Windows Server 2003 Enterprise Edition
with SP2*
Microsoft Windows Server R2 Standard Edition
Microsoft Windows Server R2 Standard Edition with
SP2*
Microsoft Windows Server R2 Enterprise Edition
Microsoft Windows Server R2 Enterprise Edition
with SP2*
For the platforms which are marked with an asterisk
(*), the Wow64 mode of 64-bit edition OS is supported
Running 32-bit version of Enterprise Edition Front
End server on 64-bit edition of Windows Server is
not supported
2-6
Pre-Installation Tasks
TABLE 2-1.
IM Security hardware and software requirements
HARDWARE / SOFTWARE
SPECIFICATIONS
REQUIREMENTS
Microsoft ™ Office
Communications
Server (OCS)
OCS 2007 Standard or Enterprise editions
Web server
Microsoft Internet Information Services 6.0 or
Apache Web server v2.0.6, and v2.2.6.
IM Security can only be installed on the Front-end
servers
Note: IM Security 1.5 does not support Apache
Web server v2.0 or v2.2 if it was installed
with the setting "only for Current User, on
Port 8080, when started Manually". To use
IM Security with Apache, Apache needs to
be installed as a service. Please see the
Apache documentation if you have
previously installed Apache and want to
change the installation type.
Web browser
Internet Explorer ™ 6.0 SP1, 7.0 or Mozilla® Firefox® 2.0
Java Virtual Machine
(JVM ™ )
Sun ™ Java Runtime Environment (JRE ™ ) version
1.5.0 or 6.0
Messaging clients
Microsoft Office™ Communicator 2007
Microsoft Office Communicator 2005 (Previous,
Minimum support, for IM and legacy presence)
Communicator Web Access for OCS 2007 for IM
and enhanced presence
Database engine
Microsoft SQL Server® 2005 Express with SP2
2-7
Trend Micro™ IM Security Installation and Deployment Guide
TABLE 2-1.
IM Security hardware and software requirements
HARDWARE / SOFTWARE
SPECIFICATIONS
REQUIREMENTS
Active Directory®
Windows ™ 2000 + SP4
Windows ™ 2003
Windows ™ 2003 R2
Windows ™ 2008
Recommended System Requirements
In addition to the minimum system requirements, consider the following system
requirements to obtain optimum IM Security performance:
•
Scale the memory with the processor; do not overpopulate with memory.
•
Use a VGA monitor capable of 1024 x 768 resolution, with at least 256 colors
whenever accessing the IM Security product console.
Pre-Installation Tasks
Several pre-installation tasks can help to make the installation process easier. Complete
the following tasks before installing IM Security:
•
If a firewall exists between OCS and its clients, open the ports described in Table
2-2 to ensure IM Security connectivity.
TABLE 2-2.
Ports for IM Security connectivity
S ERVICES
Product console
P ORTS NEEDED
HTTP: 80
HTTPS: 443
File transfer
6891-6900
Notification
SMTP: 25
SNMP: 162
2-8
Pre-Installation Tasks
TABLE 2-2.
•
Ports for IM Security connectivity
S ERVICES
P ORTS NEEDED
Server Management population
through Global Catalog (GC)
query
3268
Log on to the target server using an account with Domain Administrator privilege.
Setup requires that a user with Domain Administrator privilege create the IM
Security accounts. If you do not have Domain Administrator privileges but want to
install IM Security, please seeManually Create IM Security 1.5 Accounts on page
C-1.
•
Address considerations of installing IM Security with other instant messaging
antivirus products.
The IM Security Setup program does not detect third-party IM environment
antivirus applications. Scan conflicts may occur if third-party instant messaging
antivirus applications are installed.
•
Check that the target server complies with the system requirements.
If the server’s specifications do not meet the requirements, Setup will not install IM
Security.
•
Obtain the proxy server and SMTP server settings and authentication information
(if necessary).
During installation, the Setup program prompts you for proxy information. If a
proxy server handles Internet traffic on your network, type the proxy server
information, your user name, and your password to receive pattern file and scan
engine updates. If you leave the proxy information blank during installation, you can
configure it at a later time from the product console.
•
Close all opened Microsoft Management Console (MMC) screens.
•
Prepare the IM Security Activation Code (AC).
After completing the pre-installation tasks, proceed by registering or installing IM
Security.
2-9
Trend Micro™ IM Security Installation and Deployment Guide
2-10
Chapter 3
Installing IM Security
This chapter provides instructions for installing and removing IM Security.
The topics discussed in this chapter include:
•
Installing IM Security on page 3-2
•
Removing IM Security on page 3-7
3-1
Trend Micro™ IM Security Installation and Deployment Guide
Installing IM Security
This section provides details about IM Security installation. Ensure that you have
performed the pre-installation tasks before running Setup.
Step 1: To install IM Security:
1.
Run the Setup program to install the RTC Client API 2.1 and IM Security instance
for Microsoft SQL Server® 2005 Express.
Note:
Skip this step if you are upgrading from a previous IM Security build or if you have
not removed these programs from a previous IM Security installation.
2.
Specify the product and database installation folder.
3.
Configure the Web server and proxy server settings.
4.
Activate the product and set World Virus Tracking participation.
5.
Specify administrator and notification accounts.
Step 2: Run the Setup program to install the RTC Client API 2.1 and Microsoft
SQL Server® 2005 Express.
1.
Do one of the following to navigate to the Setup program (Setup.exe):
•
If installing from the Trend Micro Enterprise Protection CD, go to the IM
Security folder on the CD
View product Information, System Requirements, or complete IM Security
Documentation in the corresponding view pane.
•
If you downloaded the software from the Trend Micro Update Center,
navigate to the relevant folder on your server
2.
Double-click Setup.exe to launch the installation wizard. The Setup Prompt
screen appears.
3.
Click Yes to start.
Setup performs one of the following tasks:
•
If installing IM Security for the first time, Setup initially installs RTC Client API
1.2 and Microsoft SQL Server 2005 Express before displaying the Welcome
screen.
IM Security uses the RTC Client API to send IM-based notifications and SQL
Server 2005 Express to store logs to the IM Security database.
3-2
Installing IM Security
•
4.
If you have installed IM Security before and have not removed RTC API 1.2
and Microsoft SQL server 2005 Express, Setup proceeds to the IM Security
installation and displays the Welcome screen.
Click Next >. The License Agreement screen appears.
Select I accept the terms in the license agreement to continue with the
installation. Otherwise, select I do not accept the terms in the license
agreement; the installation will end, and Setup will close.
Step 3: Specify the product and database installation folder.
1.
Click Next >. The Installation Folder screen appears.
Specify the complete path and folder name where you want to install IM Security.
Accept or modify the default destination folder (c:\Program Files\Trend
Micro\IM Security)
2.
Click Next >. The Database Installation Folder screen appears.
Specify the full path where you want to install the IM Security database
(IMSSecurityDB.mdf) and database log file (IMSecurityDB.ldf). Accept or
modify the default installation folder (c:\Program Files\Trend Micro\IM
Security\Database).
Tip:
3.
Trend Micro recommends specifying a location that is the same as the IM Security
program folder. In addition, do not move the database and database log file from its
installation path to avoid connectivity issues.
Click Next >. The System Information screen appears.
Setup checks the local server for compliancy with the system requirements and
displays the server’s specification.
Step 4: Configure the Web, Simple Mail Transfer Protocol (SMTP), and proxy
server settings.
1.
Click Next >. The Web Server screen appears.
Note:
The Web Server screen only appears if Apache Web server is installed. Otherwise, the
installation advances to the next step.
3-3
Trend Micro™ IM Security Installation and Deployment Guide
Select the Web server installed on the target server: Microsoft IIS or Apache Web
server. IM Security uses this server to publish its product console.
Tip:
2.
Before running Setup, install a Web server application on the target server. See
Pre-installation Tasks for important pre-installation tasks and considerations.
Click Next > to open the Web Server Settings screen.
Set the Web server port and encrypted connection configuration. IM Security uses
these settings to encrypt communication between the product console to the IM
Security server.
a.
If you selected IIS Web server, select the site that will host the product
console Web pages. This option is not available after selecting an Apache Web
server.
b.
Accept (or type) a new port number for Setup to use for product console
access (only applies to IIS).
If the HTTP port value is not the default (80), then the port number must be
included in the URL.
c.
Tip:
Under Secure Sockets Layer, select Enable SSL to enable secure
communication between your Web browser and the IM Security server.
Enabling SSL is only available during installation. Trend Micro recommends this
option to help ensure secure communication.
d. Type the Certificate validity and if necessary, modify the allocated SSL port.
3.
Click Next >. The Proxy Server Settings screen appears.
If you use a proxy server to connect to the Internet, select Use a proxy server for
component download and product activation, and then set the following:
•
Address: type the FQDN, IP address, or NetBIOS name of the server
•
Port: type the proxy port number
•
Use SOCKS5: select this option if the proxy server is using SOCKS5 protocol
•
User name: to access the proxy server, type the log on name.
Provide both the domain and logon names, for example: mydomain\admin.
3-4
Installing IM Security
•
Password: type the password for the user name
Step 5: Activate the product and World Virus Tracking program participation.
1.
Click Next >. The Product Activation screen appears.
If you have not obtained an IM Security AC, click Register Online and follow the
Online Registration prompts to obtain an AC. Otherwise, type or paste the acquired
AC in the fields provided.
Tip:
2.
You may skip this step and activate IM Security using the product console >
Administration > Product License page at a later time.
Click Next >. The World Virus Tracking screen appears.
Select Yes, I would like to join the World Virus Tracking Program. If you wish
to join this program at a later time, use the product console’s Administration >
World Virus Tracking option to participate.
Step 6: Specify IM Security administrator account(s).
1.
Click Next >. The Administrator Account screen appears.
Create the administrator account or specify an existing Active Directory user that
Setup will designate as the IM Security administrator:
•
When creating a new account, specify a user name that is easy to remember and
descriptive of IM Security management duties (for example, ims_admin)
In addition, provide a strong password to help secure product administration.
Note:
•
2.
Setup displays a message if the password provided does not meet the
required complexity and length.
When specifying an existing account, Setup adds the account to the IM
Security Admins group.
Click Next >. The IM Notification Account screen appears.
3-5
Trend Micro™ IM Security Installation and Deployment Guide
a.
Create an account or specify an existing Active Directory account that IM
Security will use to send IM-based notifications.
•
If you are creating a new account, accept the predefined SIP address and
user name
Otherwise, specify a SIP address and user name that are easy to remember
and descriptive of IM Security notification duties (for example,
ims_notification_agent)
•
If you are specifying an existing account (user name or SIP address),
Setup displays an error and requires you to specify a new or unique Active
Directory user
b.
Specify a strong password to help secure product administration.
c.
Select the communication service setting that IM Security will use whenever it
sends IM-based notifications.
Tip:
Transmission Control Protocol (TCP) sends instant messages in plain text.
Alternatively, Transport Layer Security (TLS) sends encrypted instant
messages.
Setup creates the IM Security Admins Active Directory group, and then adds the
administrator and notification accounts to the group.
3.
Click Next >. The Email Notification Settings (Optional) screen appears.
Configure the SMTP server and port number that IM Security will use to send
notifications and alerts with email. If you want to set the SMTP server at a later
time, use the IM Security product console’s Administration > Notification
Settings page.
4.
Click Next >. The Control Manager Server Settings screen appears.
Specify the Control Manager server settings and specify the Proxy Server Settings
if you use a proxy server between IM Security and the Control Manager server.
5.
Click Next >. The Ready to Install screen appears.
Note:
3-6
Click Back to modify specific installation settings.
Installing IM Security
6.
Click Install >. Setup installs IM Security files, services, and other components to
the target server.
7.
Click Finish. The Installation Completed screen allows you to view the product
Readme or manually update its antivirus and content security components.
Trend Micro recommends performing the post-installation procedures to establish a
security baseline for your OCS environment. See Post-Installation Tasks on page 5-1for
additional instructions.
Removing IM Security
Uninstallation removes the following IM Security components:
•
Web server entries
•
All program files and folders
•
WMI entries
•
Active Directory objects
•
Performance Counter objects
Note:
Removal will automatically remove RTC Client API 1.2 and Microsoft SQL server®
2005 Express. Do not remove these components before uninstalling IM Security.
To uninstall IM Security:
1.
Go to Start > Control Panel > Add/Remove Programs.
2.
Select Trend Micro IM Security for Microsoft Office Communications Server,
and then click Remove.
3.
At the prompt, select Yes to remove IM Security.
3-7
Trend Micro™ IM Security Installation and Deployment Guide
3-8
Chapter 4
Registering and Activating IM
Security
This chapter provides instructions for registering and activating IM Security and
obtaining an activation code.
The topics discussed in this chapter include:
•
Registering and Obtaining an Activation Code starting on page 4-2
•
Activating IM Security starting on page 4-3
4-1
Trend Micro™ IM Security Installation and Deployment Guide
Registering and Obtaining an Activation Code
Use the Registration Key to register your product on the Trend Micro Online
Registration Web site. Register your products to ensure eligibility to receive the latest
security updates and other product and maintenance services. After completing the
registration, Trend Micro sends an email message that includes an IM Security
Activation Code (AC), which you can then use to activate IM Security.
IM Security accepts two types of Activation Codes:
•
Evaluation AC
An Evaluation AC allows you to implement IM Security’s full functionalities for a
limited evaluation period. During the evaluation period, IM Security performs virus
scanning, file blocking, and content filtering, and component updates.
•
Standard AC
A Standard AC allows you to implement IM Security’s full functionalities.
Tip:
For information on purchasing a standard version Registration Key from a reseller,
see Trend Micro Sales Web page.
The product console displays the remaining number of days before an evaluation or full
version AC expires. Trend Micro recommends registering and obtaining a full version
AC before the expiry date to allow uninterrupted Office Communications Server (OCS)
environment protection.
Tip:
Register IM Security during installation.
To register IM Security and obtain an AC:
Note:
1.
4-2
These Web screens and workflows are subject to change without prior notice.
Using a Web browser, go to Trend Micro Online Registration
(http://olr.trendmicro.com). The Online Registration page of the Trend
Micro Web site opens.
Registering and Activating IM Security
2.
Perform one of the following:
•
If you already have an account with the Online Registration Web site, log on
using your logon ID and password
•
If you are a new customer, select your location and click Continue under Not
registered:
3.
On the Enter Registration Key page, type or copy the IM Security Registration
Key, and then click Continue.
4.
On the License Agreement page, read the license agreement and then click I
accept. Otherwise, select I do not accept the terms in the license agreement.
5.
On the Confirm Product Information page, click Continue Registration.
6.
Fill out the online registration form, and then click Submit.
7.
Click OK twice.
After completing the registration, Trend Micro sends an email containing the AC, which
you can then use to activate IM Security. Choose one the following options to activate
IM Security:
•
During installation
•
After installation using the product console
Activating IM Security
Activate IM Security to keep your virus/malware, spyware/grayware, and content
security components current. To activate your product, register online and obtain an AC
using your Registration Key.
•
If you have purchased the standard version AC from a Trend Micro reseller, the
Registration Key is included in the product package
Register online and obtain an AC to activate the product.
4-3
Trend Micro™ IM Security Installation and Deployment Guide
•
If you are using an evaluation version
The evaluation version is fully functional for 30 days, after which IM Security tasks
will continue to load, but no virus scanning, message filtering, nor component
update will occur.
Obtain a standard Registration Key from your reseller and then follow the
instructions to activate the product.
After you have obtained an AC either from your product package or purchased through
a Trend Micro reseller, activate IM Security to use all of its functions, including
downloading updated program components.
Tip:
Setup provides an option to activate IM Security during installation.
To activate IM Security using the product console:
1.
Access the IM Security product console.
2.
On the left side menu, click Administration > Product License. The Product
License page appears.
3.
Click Enter New AC, and then type the full version AC in New Activation Code.
4.
Click Save.
IM Security is now activated. Standard maintenance support is included in the initial
purchase of IM Security license and consists of one year of component updates, product
version upgrades, and telephone and online technical support.
4-4
Chapter 5
Post-Installation Tasks
Trend Micro recommends performing specific tasks after installing and activating IM
Security.
The topics discussed in this chapter include:
•
System Changes on page 5-2
•
Preparing Other Antivirus Applications on page 5-4
•
Verifying a Successful Installation on page 5-5
•
Accessing the IM Security Product Console on page 5-6
•
Checking Default Settings on page 5-8
•
Updating Components on page 5-10
5-1
Trend Micro™ IM Security Installation and Deployment Guide
System Changes
The following server changes occur after running a successful IM Security installation:
Note:
These changes are described in the succeeding sections.
TABLE 5-1.
5-2
IM Security system changes
C OMPONENTS
DETAILS
Product and SQL agent services
Setup adds 3 services.
Task Manager processes
Setup adds two processes.
Active Directory objects
Setup adds two (2) users and
one (1) group based on what
you configure during installation.
IIS Web site
Depending on the Web Server
Type screen, Setup follows
your Web server settings.
Apache Web site
Setup follows your Web
server settings.
Performance Counter objects
Setup adds Performance
Counter objects, which you
can then select to view IM
Security performance.
OCS Properties update
Setup updates the OCS >
Applications > Properties and
adds an IM Security-related
entry.
Add/Remove Programs items
Setup creates several
Add/Remove Programs items:
Trend Micro IM Security for
Microsoft Office Communications Server, RTC Client API
v1.2, and Microsoft SQL
Server 2005 related items.
Post-Installation Tasks
Services
Setup adds the following services:
TABLE 5-2.
IM Security services
SERVICES
DESCRIPTION
Trend Micro IM Security
Server
The core IM Security service.
Trend Micro IM Security
Server depends on Windows
Management Instrumentation
(WMI), SQL Server (IMSECURITY), and Trend Micro IM
Security System Attendant
services. It is responsible for
core IM Security processes
(product console access, saving configuration, and invoking the scan, update, report,
and notification processes).
Trend Micro IM Security System Attendant
Monitors the service status of
Office Communications
Server and IM Security Server
services.
The service depends on the
WMI and SQL Server (IMSECURITY) services
SQL Server (IMSECURITY)
Tip:
IM Security SQL server
instance.
Use the Windows Services Panel to check for the status of IM Security services.
5-3
Trend Micro™ IM Security Installation and Deployment Guide
Processes
Setup adds the following processes:
TABLE 5-3.
IM Security processes
P ROCESS N AME
D ESCRIPTION
servIMSSA.exe
The Trend Micro IM Security
System Attendant Service
process.
servIMSHost.exe
The IM Security main process.
Tip:
Use Windows Task Manager to check whether these processes are running.
Program Folders
Setup adds the following program folders (if the default Setup settings are kept):
TABLE 5-4.
IM Security program folders
F OLDER N AME
D ESCRIPTION
c:\Program Files\Trend
Micro\IM Security
IM Security program
files/folder path.
c:\Program Files\Trend
Micro\IM Security\Database
IM Security database file and
transaction log folder path.
Preparing Other Antivirus Applications
If running Trend Micro ServerProtect™ or other antivirus product on the IM Security
server, exclude the IM Security Archive, Quarantine, Backup, Download and Temp
directories from real-time, manual, or scheduled scans.
If using ServerProtect, refer to the ServerProtect documentation for instructions to
exclude IM Security folders from scans.
5-4
Post-Installation Tasks
Verifying a Successful Installation
Trend Micro recommends using the European Institute for Computer Antivirus
Research (EICAR) test script as a safe way to confirm that IM Security virus scan is
running and working properly.
WARNING! Depending on how you have configured your IM Security servers, you
might need to disable antivirus products for the duration of the EICAR
test (otherwise, the virus might be detected before it arrives at the IM
Security server). This leaves your servers vulnerable to infection. For this
reason, Trend Micro recommends that you only use the EICAR test in a
test environment or pilot deployment
Alternatively, go to
http://us.trendmicro.com/us/support/virus-primer/eicar-test-files/
and download a copy of the industry standard EICAR test script to your hard drive. The
EICAR file is a text file with a *.com extension. It is inert. It is not a virus, it does not
replicate, and it does not contain a payload. Never use real viruses to test your antivirus
installation.
To test IM Security with EICAR:
1.
If necessary, disable antivirus products that might detect the EICAR test file before
it arrives at your OCS server.
2.
Open an ASCII text file and copy the following 68-character string to it.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
$H+H*
3.
Save the file as eicar_test.com to a temporary directory and then close it.
4.
Start Office Communicator and send eicar_test.com to one of your contacts
(preferably to another network administrator or IT personnel).
5.
Access the product console and query virus scan logs.
IM Security detects EICAR as eicar_virus, quarantines eicar_test.com,
logs the event, and sends notifications to sender and recipient.
Alternatively, check the IM notification sent to the eicar_test.com recipient and to
your account.
5-5
Trend Micro™ IM Security Installation and Deployment Guide
Note:
Virus Scan enables IM-based notifications to sender and recipient by default.
IM Security opens a new conversation window when sending notifications coming from
the IM Security notification account.
Accessing the IM Security Product Console
Use one of the following methods to access the product console:
•
Locally on the IM Security server
•
Remotely using HTTPS or HTTP
Tip:
During installation, decide whether to enable the SSL protocol to enable HTTPS
transmission.
Accessing the Product Console Locally
If you have local access to the IM Security server, configure IM Security settings by
opening the product console locally.
To access the product console locally from the IM Security server:
1.
Tip:
2.
Tip:
3.
5-6
Click Start > All Programs > Trend Micro IM Security for Microsoft Office
Communications Server > IM Security Product Console. A browser opens and
displays the Logon page.
Use a compatible browser to ensure access to the product console.
Type the user name and password in the field provided.
The user name and password correspond to the Administrator Account set up
during IM Security installation.
Click the Log On icon. The Summary page displays.
Post-Installation Tasks
Note:
You can access only one instance of the product console from a computer.
Accessing the Product Console Remotely
Setup enables secure sockets layer (SSL) product console connection when the Enable
SSL option is selected during installation. This allows IM Security to encrypt the
configuration data as it passes from the IM Security product console to the IM Security
server. Alter the product console URL to use the HTTPS protocol through port 443.
To access the product console remotely:
1.
Type one of the following addresses in your browser's Address field to open the Log
on page:
• https://<host name>:<port>/IMSecurity
Where:
•
<host name> is the IM Security server's fully qualified domain name
(FQDN), IP address, or server name
•
<port> is the port to be used during an HTTPS session (for example, 443)
When accessing a secured IM Security site, it automatically sends its certificate,
and Internet Explorer displays a lock icon on the status bar.
•
http://<host name>/IMSecurity
Where <host name> is the IM Security server's FQDN, IP address, or server
name. If the HTTP port is modified to another value other than the default
port number (80), include the port number in the URL.
2.
Type the IM Security administrator account’s user name and password in the fields
provided.
3.
Click the Log On icon.
The product console Summary page displays.
5-7
Trend Micro™ IM Security Installation and Deployment Guide
Checking Default Settings
The following table enumerates the default settings implemented in a successful IM
Security installation
TABLE 5-5.
IM Security default settings
S CREEN
D EFAULT VALUE
File Transfer Scan >
Virus Scan
Enable virus scan: Enabled
Target: All scannable files
Action: ActiveAction
Notification: Sender and Recipient (IM
only)
File Transfer Scan > File
Blocking
Enable file blocking: Disabled
File Transfer Scan >
Content Filtering
Enable content filtering: Disabled
Instant Message Scan >
Content Filtering
Enable content filtering: Disabled
Instant Message Scan >
Web Threat Protection
Enable Web Threat Protection: Enabled
Default rules: Disabled
Default rules: Disabled
Default rules: Disabled
Target: Security Level is Medium
Action: Replace all and Archive
Notification: Sender and Recipient (IM
only)
Manual Update
Components: All components selected
Scheduled Update
Enable scheduled update: Enabled
Components selected: Default, additional threat, IntelliTrap and IntelliTrap
exception patterns
Schedule: Daily at 2:30AM
Update Source
5-8
Source: Trend Micro's ActiveUpdate
Server
Post-Installation Tasks
TABLE 5-5.
IM Security default settings
S CREEN
D EFAULT VALUE
Alerts
IM Security conditions enabled:
Services started unsuccessfully
Services stopped
Component update is unsuccessful
Office Communications Server conditions enabled:
Services stopped
Recipients: Write to Windows Event log
One-time and Scheduled Reports
Empty
Log Maintenance
Manual: All logs, Delete logs older than
30 days
Scheduled: Enabled (same setting as
manual)
Administration > Directories
Quarantine Folder (Virus Scan):
< Installation path>\quarantine\
Backup Folder (Virus Scan):
< Installation path>\backup\
Archive Folder (File Blocking):
< Installation path>\archive\
Archive Folder (File Transfer Content
Filtering):
< Installation path>\archive\
Administration > Debug
Logs
Disabled
5-9
Trend Micro™ IM Security Installation and Deployment Guide
WARNING! Clicking Reset from any of the product console pages instructs IM Security to restore the default settings for a specific page. If there are customizations or additional rules that you have created after installing IM
Security, those settings/rules will be removed after clicking Reset and
confirming the action.
Updating Components
Complete the following task before updating IM Security components:
•
Configure proxy server settings (optional).
Depending on how you configured the Proxy Server during installation, you may be
able to skip this step.
•
Specify the update source (optional).
Use the default update source–ActiveUpdate.
•
Tip:
Update components manually.
Set scheduled update to ensure automatic component updates. This helps ensure the
currency of your protection.
Configuring Proxy Server Settings
If your system uses a proxy server to access the Internet, use the Administration >
Proxy page to set proxy server settings for the following IM Security features:
•
ActiveUpdate or other Update Source
•
Web Threat Protection
•
Product Registration
•
World Virus Tracking
To configure the proxy server settings:
5-10
1.
Access the product console.
2.
Click Administration > Proxy on the main menu.
Post-Installation Tasks
3.
On the Proxy page, select Use a proxy server for update and product license
notification.
4.
Under Proxy Settings, configure the following:
•
Type the server name or IP address of the proxy server and its port number
•
Click Use SOCKS5 if SOCKS5 protocol is used
5.
Under Proxy server authentication, type the user name and password used to
access the proxy server.
6.
Click Save to apply settings.
Ensure the correctness of the proxy server settings. Otherwise, component update or
product registration might not work.
Specifying the Update Source
Configure the update source to define the location where IM Security downloads the
latest antivirus and content security components. The source specified in the Update
Source screen applies to both manual and scheduled updates.
Common scenarios requiring an update source change:
•
Downloading a special build of the pattern file or scan engine from a different
source
•
During product troubleshooting (that is, when being instructed to do so by a
technical support engineer)
•
Using an alternative update server on your intranet to avoid multiple connections to
the Internet
To specify the update source:
1.
Access the product console.
2.
Click Updates > Source on the navigation menu. The Update Source page
appears.
3.
If necessary, select the location from which IM Security receives updates. The
default location is the Trend Micro ActiveUpdate server.
Tip:
To ensure the latest component version, retain the default setting.
5-11
Trend Micro™ IM Security Installation and Deployment Guide
4.
If the IM Security server corresponding to this instance of the product console is
the update source for other IM Security servers, select Duplicate the update
package onto this server. This option instructs IM Security to download the
update package (pattern file and scan engine) to the IM Security server. You can
then set the current server as the update source for other servers.
5.
Click Save to apply settings.
When you run a manual or scheduled update, IM Security will download the component
from the specified source.
Update Components Manually
To help ensure up-to-date protection, update the product components immediately after
installing IM Security or during virus outbreaks.
To update components manually:
1.
Access the product console.
2.
Click Updates > Manual on the navigation menu. The Manual Update page
appears.
3.
Select the antivirus and content security components that IM Security will
download.
Tip:
4.
Trend Micro recommends checking for the latest version of the Virus pattern,
Spyware pattern, IntelliTrap pattern, IntelliTrap exception pattern, URL filtering
engine, and Virus scan engine components.
Click Update to invoke manual update.
Clicking Update instructs IM Security to read the Manual Update page settings, check
for, and download the latest components from the update source.
5-12
Chapter 6
Troubleshooting and FAQ
This chapter describes how to troubleshoot issues that may arise with IM Security.
The topics discussed in this chapter include:
•
Installation on page 6-2
•
Product Registration and Activation on page 6-2
•
Product Console Access Issues on page 6-3
•
Component Update Issues on page 6-5
•
Frequently Asked Questions on page 6-5
6-1
Trend Micro™ IM Security Installation and Deployment Guide
Installation
One of the following issues may occur during IM Security installation:
•
Setup stops responding.
•
Setup reports a successful installation, but IM Security services are not started.
•
Setup stops because the minimum system requirements are not met.
To troubleshoot IM Security installation issues:
1.
Check the Setup debug log (c:\IMSecurity_Install.log) for possible error
messages.
Note:
Trend Micro Technical Support providers use the debug log to understand installation
issues.
2.
Verify and ensure that a user with Domain Administrator privileges is logged on
to the server where IM Security should be installed. If the user does not have
Domain Administrator privileges on the server where IM Security should be
installed, please see Manually Create IM Security 1.5 Accounts on page C-1.
3.
Revisit and ensure that none of the conditions described under Deployment
Considerations has been violated.
4.
Verify whether the system requirements have been met.
If the above steps do not work, contact your support provider.
Product Registration and Activation
One of the following issues may occur that leads to unsuccessful registration and/or
activation:
•
Product registration is successful, however, no Activation Code (AC) was received
from Trend Micro
•
Unable to activate IM Security during installation or through the product console
To troubleshoot product activation issues:
1.
6-2
Register IM Security to obtain an AC.
Troubleshooting and FAQ
Note:
2.
Do not use the Registration Key (RK) when activating IM Security. Otherwise,
product activation will not work. A RK is used to register a product to the Trend
Micro Online Registration (http://olr.trendmicro.com). Alternatively, an
AC is used to activate a product’s features during or right after installation.
Verify the AC used. Be sure to use the following format when specifying the AC:
XX-XXXX-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
3.
If there are messages or logs related to product activation, check for the possible
solutions offered by the logs or messages.
If the above steps do not work, contact your support provider.
Product Console Access Issues
One of the following issues may occur when trying to access the IM Security product
console:
•
Inaccessible product console
•
Missing User name and Password field
•
Unrecognized User name and Password
To troubleshoot product console access issues:
•
Ensure the latest Sun Java Virtual Machine (JVM) is installed on the IM Security
server. Otherwise, the User name and Password field will not appear on the
product console.
Note:
•
IM Security supports Sun JVM version 6.0 or 1.5.0.
Use the Windows Services panel to verify whether Trend Micro IM Security
Server Service is started.
6-3
Trend Micro™ IM Security Installation and Deployment Guide
•
Verify that the Web service (IIS or Apache) is started.
Note:
IM Security 1.5 does not support Apache Web server v2.0 or v2.2 if it was
installed with the setting "only for Current User, on Port 8080, when started
Manually". To use IM Security with Apache, Apache needs to be installed as a
service. Please see the Apache documentation if you have previously installed
Apache and want to change the installation type.
•
Verify that the IM Security administrator account has not been changed. Otherwise,
obtain the latest user name and password of the administrator account.
•
Check the network connection, and verify that the ports needed by the product
console are accessible.
•
Check whether the following settings are true:
•
Both IM Security and Microsoft SharePoint™ Portal Server are installed on the
same server
•
The IM Security product console belongs to the Microsoft Internet
Information Services (IIS) Default Web site
If all of the above conditions are true, the product console will be inaccessible.
SharePoint prevents access to other Web sites by default. To exclude the IM Security
Web site, add IMSecurity in the Excluded path of Sharepoint Central Administration
virtual server settings. Refer to the Online Help > Troubleshooting section for detailed
instructions.
If the above steps do not work, contact your support provider.
6-4
Troubleshooting and FAQ
Component Update Issues
If you configured the update source to download antivirus and content security
components from Trend Micro ActiveUpdate, and the latest components cannot be
downloaded, check the connection from the IM Security server to the ActiveUpdate
server.
To troubleshoot ActiveUpdate issues:
1.
Check whether the IM Security server is connected to your network. In addition,
verify your network connection and server status.
2.
Run the following commands to make sure the IM Security server can resolve the
ActiveUpdate server’s FQDN.
nslookup
ping
3.
Use telnet to connect to the ActiveUpdate server at port 80 to make sure the IM
Security server can connect using HTTP.
If the above steps do not work, contact your support provider.
Frequently Asked Questions
This section answers the following common questions about IM Security:
•
General Product Knowledge.
•
Installation, Registration, and Activation
General Product Knowledge
•
What is IM Security?
•
How does IM Security protect my OCS server?
•
Can IM Security scan files or filter messages transmitted using non-OCS IM chats
using MSN/Windows Messenger?
•
Can IM Security filter content of all file types?
•
What are the instant messaging applications that IM Security supports?
•
What are the instant messaging clients that IM Security supports?
6-5
Trend Micro™ IM Security Installation and Deployment Guide
Installation, Registration, and Activation
•
Can I specify another agent notification account sometime after the IM Security
installation?
•
Where can I get an RK or AC?
Please refer to the IM Security Online Help > Frequently Asked Questions topic for more
answers to management related questions.
What is IM Security?
Trend Micro™ IM Security is an application that provides antivirus and content security
protection to Microsoft OCS environments.
How does IM Security protect my OCS server?
IM Security provides real-time virus/malware, spyware/grayware, file blocking, URL
filtering, and content filtering. Refer to the Online Help > Protect IM Environments section
for details.
Can IM Security scan files or filter messages transmitted by
non-OCS IM chats such as MSN/Windows Messenger?
IM Security can only scan files or filter messages transmitted through Microsoft OCS.
Can IM Security filter content of all file types?
No. IM Security is able to filter content of Microsoft Office files (*.ppt, *.doc,
*.xls), Microsoft Office 2007 document types (*.pptx, *.docx, *.xlsx), and Adobe
portable document formats (*.pdf).
What are the instant messaging applications that IM Security
supports?
As of this release, IM Security protects servers where Microsoft OCS is installed.
What are the instant messaging clients that IM Security supports?
IM Security only supports Office Communicator 2005 and 2007.
6-6
Troubleshooting and FAQ
Where can I get an RK or AC?
Refer to the Trend Micro Web site
(http://esupport.trendmicro.com/support/viewxml.do?ContentID=en-116
326) for details.
Can I specify another agent notification account sometime after the
IM Security installation?
IM Security only allows a single agent notification account. You may specify a new
account by using the Agent Account Tool.
6-7
Trend Micro™ IM Security Installation and Deployment Guide
6-8
Chapter 7
Getting Support
Trend Micro is committed to providing service and support that exceeds our user’s
expectations. This chapter contains information on how to get technical support.
Remember, you must register your product to be eligible for support.
The topics discussed in this chapter include:
•
Contacting Technical Support on page 7-2
•
Sending Infected File Samples on page 7-3
•
Reporting False Positives on page 7-3
•
Introducing TrendLabsSM on page 7-3
•
Other Useful Resources on page 7-4
7-1
Trend Micro™ IM Security Installation and Deployment Guide
Contacting Technical Support
Before contacting technical support, here are two things you can quickly do to try and
find a solution to your questions:
•
Check your product documentation: the Troubleshooting and FAQ section of this
Installation and Deployment Guide and Online Help provide comprehensive information
about IM Security
Search both documents to see if they contain your solution.
•
Visit our Technical Support Web site: our Technical Support Web site contains
the latest information about all Trend Micro products
The support Web site has answers to previous user inquiries. To search the
Knowledge Base, visit
http://esupport.trendmicro.com/support/supportcentral/supportce
ntral.do?id=m1
In addition to phone support, Trend Micro provides the following resources:
•
Email support
•
Readme: late-breaking product news, installation instructions, known issues, and
version specific information
•
Product updates and patches
[email protected]
http://www.trendmicro.com/download/
To locate the Trend Micro office nearest you, open a Web browser to the following
URL:
http://www.trendmicro.com/en/about/contact/overview.htm
To speed up the issue resolution process, when you contact Trend Micro Technical
Support, please provide as much of the following information as you can:
7-2
•
IM Security Activation Code
•
Version
•
Exact text of the error message, if any
•
Steps to reproduce the problem
Getting Support
Sending Infected File Samples
You can send viruses, infected files, Trojan programs, spyware, and other grayware to
Trend Micro. More specifically, if you have a file that you think is some kind of threat
but the scan engine is not detecting it or cleaning it, you can submit the suspicious file to
Trend Micro using the following Web address:
subwiz.trendmicro.com
Please include in the message text a brief description of the symptoms you are
experiencing. Our team of virus engineers will "dissect" the file to identify and
characterize any viruses it may contain.
Reporting False Positives
Report false positive detections to [email protected]
Trend Micro Technical Support replies to your message within twenty-four (24) hours.
Introducing TrendLabsSM
Trend Micro TrendLabs is a global network of antivirus research and product support
centers that provide continuous 24 x 7 coverage to Trend Micro customers around the
world.
Staffed by a team of more than 250 engineers and skilled support personnel, the
TrendLabs dedicated service centers in Paris, Munich, Manila, Taipei, Tokyo, and Irvine,
CA. ensure a rapid response to any virus outbreak or urgent customer support issue,
anywhere in the world.
For more information about TrendLabs, please visit:
www.trendmicro.com/en/security/trendlabs/overview.htm
7-3
Trend Micro™ IM Security Installation and Deployment Guide
Other Useful Resources
Trend Micro offers a host of services through its Web site, www.trendmicro.com.
Internet-based tools and services include:
7-4
•
Virus Map: monitors virus incidents around the world
•
HouseCall™: Trend Micro online virus scanner
•
Virus risk assessment: the Trend Micro online virus protection assessment program
for corporate networks
Appendix A
IM Security Deployment Checklist
Use the following checklists to record relevant system information:
• Installation Checklist on page A-2
• Ports Checklist on page A-3
• Pre-Installation Tasks Checklist on page A-3
A-1
Trend Micro™ IM Security Installation and Deployment Guide
Installation Checklist
The following server address information is required during installation, and for
configuring the IM Security server to work with your network. Record them here for
easy reference.
INFORMATION REQUIRED
SAMPLE
IM SECURITY SERVER INFORMATION
Registration Key (RK) and
Activation Code (AC)
RK:
AC:
IP address
10.1.104.255
Administrator account
IMS_admin
Agent notification account
IMS_notification
WEB SERVER INFORMATION
IP address
10.1.104.225
Fully Qualified Domain Name (FQDN)
server.company.com
NetBIOS (host) name
yourserver
Uses SOCKS5
No
PROXY SERVER INFORMATION
IP address
10.1.174.225
Fully Qualified Domain Name (FQDN)
proxy.company.com
NetBIOS (host) name
proxyserver
SMTP SERVER INFORMATION
IP address
10.1.123.225
Fully Qualified Domain Name (FQDN)
mail.company.com
NetBIOS (host) name
mailserver
SNMP TRAP INFORMATION
Community name
trendmicro
IP address
10.1.194.225
A-2
YOUR VALUE
IM Security Deployment Checklist
Ports Checklist
IM Security uses the following ports for the indicated purposes.
SERVICE
Product Console and Update/Deploy
components
File transfer
SAMPLE PORT VALUE
YOUR VALUE
80
6891-6900
SMTP
25
SNMP
162
Server Management population
3268
Pre-Installation Tasks Checklist
Before installing IM Security, complete the following tasks:
COMPLETED?
PRE-INSTALLATION TASKS
If a firewall exists between an OCS server and its clients, open the ports described
in Table 2-2 to ensure IM Security connectivity.
Log on to the target server using an account with Domain Administrator privilege.
Disable or uninstall other IM environment antivirus applications.
Check the target server’s compliancy to the system requirements.
Obtain the proxy server and SMTP server settings and authentication information
(if necessary).
Close opened Microsoft Management Console (MMC) screens.
Prepare the IM Security Activation Code (see page 3-2).
A-3
Trend Micro™ IM Security Installation and Deployment Guide
A-4
Appendix B
Performing a Silent Installation
This chapter describes how to install IM Security using silent installation.
The topics discussed in this chapter include:
•
Perform a Silent Installation on page B-2
•
Verify a Successful Silent Installation on page B-4
B-1
Trend Micro™ IM Security Installation and Deployment Guide
Perform a Silent Installation
This version of IM Security supports silent installation.
The following lists the general steps required to perform silent installation:
1. If you downloaded IM Security from the Trend Micro Web site, locate the .zip file
on your computer and right click on it to extract the contents to a temporary folder..
2. Locate the file Setup.ini and open with a text editor program.
3. Edit the following sections of the Setup.ini file:
TABLE B-1.
B-2
IM Security Setup.ini configuration settings
INI F ILE S ECTIONS
D ESCRIPTION
Installation Folders
Required—Specify the installation directories for IM Security and the IM Security
database.
Web Server Settings
Required—Specify a Web server (Apache
or IIS), a Default or Virtual Web site, and a
Web server port number.
Proxy Server Settings
Optional—Enable the use of a proxy server
if your company uses a proxy server to
access the Internet. Specify proxy server IP
address and port number. Enable or disable
SOCK5, and specify a user name and password if your proxy server requires one.
Activation Code
Required—Enter an Activation Code. The
activation code should be in the format:
xx-xxxx-xxxxx-xxxxx-xxxxx-xxxxx-x
xxxx
World Virus Tracking
Optional—Specify whether you would like
to participate in the World Virus Tracking
program.
Administrator Account
Required—Specify an administrator
account type (New or existing), and the
administrator’s user name and password
Performing a Silent Installation
TABLE B-1.
IM Security Setup.ini configuration settings
INI F ILE S ECTIONS
D ESCRIPTION
Agent Notification Account
Required—Type the Agent Notification
account’s SIP address, account, and password that will send IM notifications
Email Notification Settings
Optional—Type the SMTP server settings
that IM Security will use to send
email-based notifications. Specify SMTP
server name or IP address and port number.
The Email Notification Settings can be configured at a later time from the IM Security
product console.
CM agent Settings
Optional—Enable or disable the Control
Manager agent. Specify settings to ensure
that the Control Manager Agent can communicate with the Control Manager server.
Specify the Control Manager server name or
IP address and port number. Specify a Control Manager server account user name and
password. Enable proxy server to connect to
the Control Manager server. If the proxy
server requires a user name and password
also specify those values.
The Control Manager Agent settings can be
configured at a later time from the IM Security product console.
4. Save the Setup.ini file.
5. Launch Windows command prompt.
6. Navigate to the directory containing the Setup.ini file.
B-3
Trend Micro™ IM Security Installation and Deployment Guide
7. Type setup /s.
Note: Do not forget to type the /s switch. Forgetting to type the /s switch will cause the
regular installation program to start.
Verify a Successful Silent Installation
IM Security does not provide an indication that the installation process is complete.
Therefore, you will need to use Windows Task Manager to verify that the installation is
complete.
To verify that the silent installation is complete and successful:
1. Open Windows Task Manager and check for the following processes:
• servIMHost.exe
• servIMSSA.exe
B-4
Appendix C
Manually Create IM Security 1.5
Accounts
This chapter describes how to manually create IM Security 1.5 accounts in order to
install IM Security.
The topics discussed in this chapter include:
•
Creating the Administrator Account on page C-2
•
Creating the IM Notification Account on page C-4
C-1
Trend Micro™ IM Security Installation and Deployment Guide
Manually Create IM Security 1.5 Accounts
Trend Micro understands, that in some corporations the group managing IM Security,
may not have the appropriate domain account privileges, needed create the required
domain accounts that IM Security needs in order to function correctly.
For this reason IM Security offers two installation options:
Option 1: Install IM Security using an account that has a minimum set of privileges of
domain account operator and local administrator.
Option 2: Have the required domain accounts (Administrator Account and IM
Notification Account) pre-created prior to installation by someone with the appropriate
permissions; in doing so the minimum required privileges to install IM Security will by
local administrator.
Note: Administrator Account and IM Notification Account should be created in the same
domain with the account you will use to launch installation.
Creating the Administrator Account
1. Create an AD global security group "IM Security Admins".
• The group name "IM Security Admins" cannot be changed.
• If this group already exists, skip this step.
2. Create an AD user account. This account is the Administrator Account..
3. Add Administrator Account to group "IM Security Admins".
When you reach the "Administrator Account" installation page, choose "Specify an
existing account from Active Directory", fill the user name and password that you have
just created, and then click "Next".
C-2
Manually Create IM Security 1.5 Accounts
FIGURE C-1. Screen for adding IM Security Administrator Account
C-3
Trend Micro™ IM Security Installation and Deployment Guide
Creating the IM Notification Account
1. Create an AD user account. This account is the IM notification account.
• Each IM Security server should use a different IM Notification Account
• We recommend that the account name format should be as follows
"IMS_MachineName".
Example: Machine name "Foo"; account name"IMS_Foo"
2. Set the properties of the IM Notification Account
a. Set the "Display name" to "IM Security Administrator" (Optional).
FIGURE C-2. Recommended display name properties
b. Trend Micro recommends setting the password for the account to never expire.
FIGURE C-3. Recommended account options
c. Enable Office Communications Server for the user, and make sure the IM
Notification Account can login to OCS.
C-4
Manually Create IM Security 1.5 Accounts
FIGURE C-4. Recommended enable user for OCS settings
• Trend Micro recommends that the Sign-in name use the format
"sip:[email protected]"
• Server or pool" is the OCS server which you will install IM Security on.
3. Add notification account to related groups.
a. Add the AD account IM Notification Account to the AD group "IM Security
Admins"
b. Add the AD account IM Notification Account to the AD group
"RTCUniversalServerReadOnlyGroup".
Note: "RTCUniversalServerReadOnlyGroup" is in the root domain
When you reach the "IM Notification Account" page, choose "Specify an existing
account from Active Directory", and click "Next".
C-5
Trend Micro™ IM Security Installation and Deployment Guide
FIGURE C-5
IM Notification Account screen
Complete the user name, password and choose a transport type (TCP or TLS), then
click "Next".
C-6
Manually Create IM Security 1.5 Accounts
FIGURE C-6
IM Notification settings
C-7
Trend Micro™ IM Security Installation and Deployment Guide
C-8
Glossary
This glossary describes special terms used in this document or the online help.
TERM
EXPLANATION
100BaseT
An alternate term for “fast Ethernet,” an upgraded standard for
connecting computers into a local area network (LAN).
100BaseT Ethernet can transfer data at a peak rate of 100
Mbps. It is also more expensive and less common than
10BaseT. Also see 10BaseT.
10BaseT
The most common form of Ethernet is called 10BaseT, which
denotes a peak transmission speed of 10 Mbps using copper
twisted-pair cable. Ethernet is a standard for connecting computers into a local area network (LAN). The maximum cable
distance is 100 meters (325 feet), the maximum devices per
segment is 1, and the maximum devices per network are 1024.
Also see 100BaseT.
access (verb)
To read data from or write data to a storage device, such as a
computer or server.
access (noun)
Authorization to read or write data. Most operating systems
allow you to define different levels of access, depending on job
responsibilities.
action
The operation to be performed when:
- a virus has been detected
- spam has been detected
- a content violation has occurred
- an attempt was made to access a blocked URL, or
- file blocking has been triggered.
Actions typically include clean and deliver, quarantine, delete,
or deliver/transfer anyway. Delivering/transferring anyway is
not recommended—delivering a virus-infected message or
transferring a virus-infected file can compromise your network.
(Also see target and notification)
GL-1
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
activate
To enable your software after completion of the registration
process. Trend Micro products will not be operable until product activation is complete. Activate during installation or after
installation (in the management console) on the Product
License screen.
Activation Code
A 37-character code, including hyphens, that is used to activate Trend Micro products. Here is an example of an Activation
Code: SM-9UE7-HG5B3-8577B-TD5P4-Q2XT5-48PG4
Also see Registration Key.
active FTP
Configuration of FTP protocol that allows the client to initiate
“handshaking” signals for the command session, but the host
initiates the data session.
ActiveUpdate
ActiveUpdate is a function common to many Trend Micro products. Connected to the Trend Micro update Web site, ActiveUpdate provides up-to-date downloads of virus pattern files, scan
engines, and program files.
ActiveX
A type of open software architecture that implements object
linking and embedding, enabling some of the standard interfaces, such as downloading of Web pages.
ActiveX malicious code
An ActiveX control is a component object embedded in a Web
page which runs automatically when the page is viewed.
ActiveX controls allow Web developers to create interactive,
dynamic Web pages with broad functionality such as HouseCall, Trend Micro's free online scanner.
Hackers, virus writers, and others who want to cause mischief
or worse may use ActiveX malicious code as a vehicle to attack
the system. In many cases, the Web browser can be configured so that these ActiveX controls do not execute by changing
the browser's security settings to "high."
ActiveUpdate
GL-2
A Trend Micro utility that enables on-demand or background
updates to the virus pattern file and scan engine, as well as the
anti-spam rules database and anti-spam engine.
Glossary
TERM
EXPLANATION
address
Refers to a networking address (see IP address) or an email
address, which is the string of characters that specify the
source or destination of an email message.
administrator
Refers to “system administrator"—the person in an organization who is responsible for activities such as setting up new
hardware and software, allocating user names and passwords,
monitoring disk space and other IT resources, performing
backups, and managing network security.
administrator account
A user name and password that has administrator-level privileges.
administrator email address
The address used by the administrator of your Trend Micro
product to manage notifications and alerts.
adware
Advertising-supported software in which advertising banners
display while the program is running. Adware that installs a
“backdoor”; tracking mechanism on the user's computer without the user's knowledge is called “spyware.”
alert
A message intended to inform a system's users or administrators about a change in the operating conditions of that system
or about some kind of error condition.
anti-relay
Mechanisms to prevent hosts from “piggybacking” through
another host’s network.
antivirus
Computer programs designed to detect and clean computer
viruses.
archive
A single file containing one or (usually) more separate files plus
information to allow them to be extracted (separated) by a suitable program, such as a .zip file.
attachment
A file attached to (sent with) an email message.
audio/video file
A file containing sounds, such as music, or video footage.
GL-3
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
authentication
The verification of the identity of a person or a process.
Authentication ensures that digital data transmissions are
delivered to the intended receiver. Authentication also assures
the receiver of the integrity of the message and its source
(where or whom it came from).
The simplest form of authentication requires a user name and
password to gain access to a particular account. Authentication
protocols can also be based on secret-key encryption, such as
the Data Encryption Standard (DES) algorithm, or on public-key systems using digital signatures.
Also see public-key encryption and digital signature.
GL-4
binary
A number representation consisting of zeros and ones used by
practically all computers because of its ease of implementation
using digital electronics and Boolean algebra.
block
To prevent entry into your network.
bridge
A device that forwards traffic between network segments
based on data link layer information. These segments have a
common network layer address.
browser
A program which allows a person to read hypertext, such as
Internet Explorer. The browser gives some means of viewing
the contents of nodes (or "pages") and of navigating from one
node to another. A browser acts as a client to a remote Web
server.
cache
A small fast memory, holding recently accessed data, designed
to speed up subsequent access to the same data. The term is
most often applied to processor-memory access, but also
applies to a local copy of data accessible over a network etc.
case-matching
Scanning for text that matches both words and case. For
example, if "dog" is added to the content-filter, with
case-matching enabled, messages containing "Dog" will pass
through the filter; messages containing "dog" will not.
Glossary
TERM
EXPLANATION
cause
The reason a protective action, such as URL-blocking or
file-blocking, was triggered—this information appears in log
files.
clean
To remove virus code from a file or message.
client
A computer system or process that requests a service of
another computer system or process (a "server") using some
kind of protocol and accepts the server's responses. A client is
part of a client-server software architecture.
client-server environment
A common form of distributed system in which software is split
between server tasks and client tasks. A client sends requests
to a server, according to some protocol, asking for information
or action, and the server responds.
compressed file
A single file containing one or more separate files plus information to allow them to be extracted by a suitable program, such
as WinZip.
configuration
Selecting options for how your Trend Micro product will function, for example, selecting whether to quarantine or delete a
virus-infected email message.
content filtering
Scanning email messages for content (words or phrases) prohibited by your organization’s Human Resources or IT messaging policies, such as hate mail, profanity, or pornography.
content violation
An event that has triggered the content filtering policy.
cookie
A mechanism for storing information about an Internet user,
such as name, preferences, and interests, which is stored in
your Web browser for later use. The next time you access a
Web site for which your browser has a cookie, your browser
sends the cookie to the Web server, which the Web server can
then use to present you with customized Web pages. For
example, you might enter a Web site that welcomes you by
name.
GL-5
Trend Micro™ IM Security Installation and Deployment Guide
GL-6
TERM
EXPLANATION
daemon
A program that is not invoked explicitly, but lies dormant waiting for some condition(s) to occur. The perpetrator of the condition need not be aware that a daemon is lurking.
damage routine
The destructive portion of virus code, also called the payload.
default
A value that pre-populates a field in the management console
interface. A default value represents a logical choice and is
provided for convenience. Use default values as-is, or change
them.
De-Militarized Zone (DMZ)
From the military term for an area between two opponents
where fighting is prevented. DMZ Ethernets connect networks
and computers controlled by different bodies. They may be
external or internal. External DMZ Ethernets link regional networks with routers.
dialer
A type of Trojan that when executed, connects the user's system to a pay-per-call location in which the unsuspecting user is
billed for the call without his or her knowledge.
digital signature
Extra data appended to a message which identifies and
authenticates the sender and message data using a technique
called public-key encryption. Also see public-key encryption
and authentication.
directory
A node, which is part of the structure in a hierarchical computer
file system. A directory typically contains other nodes, folders,
or files. For example, C:\Windows is the Windows directory on
the C drive.
directory path
The subsequent layers within a directory where a file can be
found, for example, the directory path for the ISVW for SMB
Quarantine directory is:
C:\Programs\Trend Micro\ISVW\Quarantine
disclaimer
A statement appended to the beginning or end of an email
message, that states certain terms of legality and confidentiality regarding the message, To see an example, click the online
help for the SMTP Configuration - Disclaimer screen.
Glossary
TERM
EXPLANATION
DNS
Domain Name System—A general-purpose data query service
chiefly used on the Internet for translating host names into IP
addresses.
DNS resolution
When a DNS client requests host name and address data from
a DNS server, the process is called resolution. Basic DNS configuration results in a server that performs default resolution.
For example, a remote server queries another server for data
on a machine in the current zone. Client software on the
remote server queries the resolver, which answers the request
from its database files.
(administrative) domain
A group of computers sharing a common database and security policy.
domain name
The full name of a system, consisting of its local host name and
its domain name, for example, tellsitall.com. A domain name
should be sufficient to determine a unique Internet address for
any host on the Internet. This process, called "name resolution", uses the Domain Name System (DNS).
DoS (Denial of Service)
attack
Group-addressed email messages with large attachments that
clog your network resources to the point where messaging service is noticeably slow or even stopped.
DOS virus
Also referred to as “COM” and “EXE file infectors.” DOS
viruses infect DOS executable programs- files that have the
extensions *.COM or *.EXE. Unless they have overwritten or
inadvertently destroyed part of the original program's code,
most DOS viruses try to replicate and spread by infecting other
host programs.
download (noun)
Data that has been downloaded, for example, from a Web site
using HTTP.
download (verb)
To transfer data or code from one computer to another. Downloading often refers to transfer from a larger "host" system
(especially a server or mainframe) to a smaller "client" system.
dropper
Droppers are programs that serve as delivery mechanisms to
carry and drop viruses, Trojans, or worms into a system.
GL-7
Trend Micro™ IM Security Installation and Deployment Guide
GL-8
TERM
EXPLANATION
ELF
Executable and Linkable Format—An executable file format for
Unix and Linux platforms.
encryption
Encryption is the process of changing data into a form that can
be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper
decryption key. In traditional encryption schemes, the sender
and the receiver use the same key to encrypt and decrypt data.
Public-key encryption schemes use two keys: a public key,
which anyone may use, and a corresponding private key, which
is possessed only by the person who created it. With this
method, anyone may send a message encrypted with the
owner's public key, but only the owner has the private key necessary to decrypt it. PGP (Pretty Good Privacy) and DES (Data
Encryption Standard) are two of the most popular public-key
encryption schemes.
End User License Agreement (EULA)
An End User License Agreement or EULA is a legal contract
between a software publisher and the software user. It typically
outlines restrictions on the side of the user, who can refuse to
enter into the agreement by not clicking "I accept" during installation. Clicking "I do not accept" will, of course, end the installation of the software product.
Many users inadvertently agree to the installation of spyware
and adware into their computers when they click "I accept" on
EULA prompts displayed during the installation of certain free
software.
Ethernet
A local area network (LAN) technology invented at the Xerox
Corporation, Palo Alto Research Center. Ethernet is a
best-effort delivery system that uses CSMA/CD technology.
Ethernet can be run over a variety of cable schemes, including
thick coaxial, thin coaxial, twisted pair, and fiber optic cable.
Ethernet is a standard for connecting computers into a local
area network. The most common form of Ethernet is called
10BaseT, which denotes a peak transmission speed of 10
Mbps using copper twisted-pair cable.
executable file
A binary file containing a program in machine language which
is ready to be executed (run).
Glossary
TERM
EXPLANATION
EXE file infector
An executable program with a .exe file extension. Also see
DOS virus.
exploit
An exploit is code that takes advantage of a software vulnerability or security hole. Exploits are able to propagate into and
run intricate routines on vulnerable computers.
false positive
An email message that was "caught" by the spam filter and
identified as spam, but is actually not spam.
FAQ
Frequently Asked Questions—A list of questions and answers
about a specific topic.
file
An element of data, such as an email message or HTTP download.
file-infecting virus
File-infecting viruses infect executable programs (generally,
files that have extensions of .com or .exe). Most such viruses
simply try to replicate and spread by infecting other host programs, but some inadvertently destroy the program they infect
by overwriting a portion of the original code. A minority of these
viruses are very destructive and attempt to format the hard
drive at a pre-determined time or perform some other malicious
action.
In many cases, a file-infecting virus can be successfully
removed from the infected file. However, if the virus has overwritten part of the program's code, the original file will be unrecoverable
file type
The kind of data stored in a file. Most operating systems use
the file name extension to determine the file type. The file type
is used to choose an appropriate icon to represent the file in a
user interface, and the correct application with which to view,
edit, run, or print the file.
file name extension
The portion of a file name (such as .dll or .xml) which indicates
the kind of data stored in the file. Apart from informing the user
what type of content the file holds, file name extensions are
typically used to decide which program to launch when a file is
run.
GL-9
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
filtering, dynamic
IP service that can be used within VPN tunnels. Filters are one
way GateLock controls traffic from one network to another.
When TCP/IP sends data packets to the firewall, the filtering
function in the firewall looks at the header information in the
packets and directs them accordingly. The filters operate on criteria such as IP source or destination address range, TCP
ports, UDP, Internet Control Message Protocol (ICMP), or TCP
responses. Also see tunneling and Virtual Private Network
(VPN).
firewall
A gateway machine with special security precautions on it,
used to service outside network (especially Internet) connections and dial-in lines.
FTP
A client-server protocol which allows a user on one computer
to transfer files to and from another computer over a TCP/IP
network. Also refers to the client program the user executes to
transfer files.
gateway
An interface between an information source and a Web server.
grayware
A category of software that may be legitimate, unwanted, or
malicious. Unlike threats such as viruses, worms, and Trojans,
grayware does not infect, replicate, or destroy data, but it may
violate your privacy. Examples of grayware include spyware,
adware, and remote access tools.
group file type
Types of files that have a common theme, for example:
- Audio/Video
- Compressed
- Executable
- Images
- Java
- Microsoft Office
GUI
Graphical User Interface—The use of pictures rather than just
words to represent the input and output of a program. This contrasts with a command line interface where communication is
by exchange of strings of text.
GL-10
Glossary
TERM
EXPLANATION
hacking tool
Tools such as hardware and software that enables penetration
testing of a computer system or network for the purpose of finding security vulnerabilities that can be exploited.
hard disk (or hard drive)
One or more rigid magnetic disks rotating about a central axle
with associated read/write heads and electronics, used to read
and write hard disks or floppy disks, and to store data. Most
hard disks are permanently connected to the drive (fixed disks)
though there are also removable disks.
header (networking definition)
Part of a data packet that contains transparent information
about the file or the transmission.
heuristic rule-based scanning
Scanning network traffic, using a logical analysis of properties
that reduces or limits the search for solutions.
HTTP
Hypertext Transfer Protocol—The client-server TCP/IP protocol used on the World Wide Web for the exchange of HTML
documents. It conventionally uses port 80.
HTTPS
Hypertext Transfer Protocol Secure—A variant of HTTP used
for handling secure transactions.
host
A computer connected to a network.
hub
This hardware is used to network computers together (usually
over an Ethernet connection). It serves as a common wiring
point so that information can flow through one central location
to any other computer on the network thus enabling centralized
management. A hub is a hardware device that repeats signals
at the physical Ethernet layer. A hub retains the behavior of a
standard bus type network (such as Thinnet), but produces a
star topology with the hub at the center of the star. This configuration enables centralized management.
GL-11
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
ICSA
ICSA Labs is an independent division of TruSecure Corporation. For over a decade, ICSA has been the security industry’s
central authority for research, intelligence, and certification
testing of products. ICSA Labs sets standards for information
security products and certifies over 90% of the installed base of
antivirus, firewall, IPSec, cryptography, and PC firewall products in the world today.
image file
A file containing data representing a two-dimensional scene, in
other words, a picture. Images are taken from the real world,
for example, using a digital camera, or they may be generated
by computer using graphics software.
incoming
Email messages or other data routed into your network.
installation script
The installation screens used to install Unix versions of Trend
Micro products.
integrity checking
See checksumming.
IntelliScan
IntelliScan is a Trend Micro scanning technology that optimizes
performance by examining file headers using true-file type recognition, and scanning only file types known to potentially harbor malicious code. True-file type recognition helps identify
malicious code that can be disguised by a harmless extension
name.
Internet
A client-server hypertext information retrieval system, based on
a series of networks connected with routers. The Internet is a
modern information system and a widely accepted medium for
advertising, online sales, and services, as well as university
and many other research networks. The World Wide Web is
the most familiar aspect of the Internet.
Internet Protocol (IP)
An Internet standard protocol that defines a basic unit of data
called a datagram. A datagram is used in a connectionless,
best-effort, delivery system. The Internet protocol defines how
information gets passed between systems across the Internet.
GL-12
Glossary
TERM
EXPLANATION
interrupt
An asynchronous event that suspends normal processing and
temporarily diverts the flow of control through an "interrupt handler" routine.
“in the wild”
Describes known viruses that are actively circulating. Also see
“in the zoo.”
“in the zoo”
Describes known viruses that are currently controlled by antivirus products. Also see “in the wild.”
intranet
Any network which provides similar services within an organization to those provided by the Internet outside it, but which is
not necessarily connected to the Internet.
IP
Internet Protocol—See IP address.
IP address
Internet address for a device on a network, typically expressed
using dot notation such as 123.123.123.123.
IP gateway
Also called a router, a gateway is a program or a special-purpose device that transfers IP datagrams from one network to
another until the final destination is reached.
IT
Information technology, to include hardware, software, networking, telecommunications, and user support.
Java applets
Java applets are small, portable Java programs embedded in
HTML pages that can run automatically when the pages are
viewed. Java applets allow Web developers to create interactive, dynamic Web pages with broader functionality.
Authors of malicious code have used Java applets as a vehicle
for attack. Most Web browsers, however, can be configured so
that these applets do not execute - sometimes by simply
changing browser security settings to "high."
GL-13
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
Java file
Java is a general-purpose programming language developed
by Sun Microsystems. A Java file contains Java code. Java
supports programming for the Internet in the form of platform-independent Java "applets." (An applet is a program written in Java programming language that can be included in an
HTML page. When you use a Java-technology enabled
browser to view a page that contains an applet, the applet’s
code is transferred to your system and is executed by the
browser’s Java Virtual Machine.)
Java malicious code
Virus code written or embedded in Java. Also see Java file.
JavaScript virus
JavaScript is a simple programming language developed by
Netscape that allows Web developers to add dynamic content
to HTML pages displayed in a browser using scripts. Javascript
shares some features of Sun Microsystems Java programming
language, but was developed independently.
A JavaScript virus is a virus that is targeted at these scripts in
the HTML code. This enables the virus to reside in Web pages
and download to a user’s desktop through the user’s browser.
Also see VBscript virus.
joke program
An executable program that is annoying or causes users undue
alarm. Unlike viruses, joke programs do not self-propagate and
should simply be removed from your system.
KB
Kilobyte—1024 bytes of memory.
keylogger
Keyloggers are programs that catch and store all keyboard
activity. There are legitimate keylogging programs that are
used by corporations to monitor employees and by parents to
monitor their children. However, criminals also use keystroke
logs to sort for valuable information such as logon credentials
and credit card numbers.
LAN (Local Area Network)
A data communications network which is geographically limited, allowing easy interconnection of computers within the
same building.
GL-14
Glossary
TERM
EXPLANATION
LDAP (Lightweight Directory Access Protocol)
An internet protocol that email programs use to locate contact
information from a server. For example, suppose you want to
locate all persons in Boston who have an email address containing the name “Bob.” An LDAP search would enable you to
view the email addresses that meet this criteria.
license
Authorization by law to use a Trend Micro product.
license certificate
A document that proves you are an authorized user of a Trend
Micro product.
link (also called hyperlink)
A reference from some point in one hypertext document to
some point in another document or another place in the same
document. Links are usually distinguished by a different color
or style of text, such as underlined blue text. When you activate
the link, for example, by clicking on it with a mouse, the
browser displays the target of the link.
listening port
A port utilized for client connection requests for data exchange.
load balancing
Load balancing is the mapping (or re-mapping) of work to processors, with the intent of improving the efficiency of a concurrent computation.
local area network (LAN)
Any network technology that interconnects resources within an
office environment, usually at high speeds, such as Ethernet. A
local area network is a short-distance network used to link a
group of computers together within a building. 10BaseT Ethernet is the most commonly used form of LAN. A hardware
device called a hub serves as the common wiring point,
enabling data to be sent from one machine to another over the
network. LANs are typically limited to distances of less than
500 meters and provide low-cost, high-bandwidth networking
capabilities within a small geographical area.
log storage directory
Directory on your server that stores log files.
logic bomb
Code surreptitiously inserted into an application or operating
system that causes it to perform some destructive or security-compromising activity whenever specified conditions are
met.
GL-15
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
macro
A command used to automate certain functions within an application.
MacroTrap
A Trend Micro utility that performs a rule-based examination of
all macro code that is saved in association with a document.
macro virus code is typically contained in part of the invisible
template that travels with many documents (.dot, for example,
in Microsoft Word documents). MacroTrap checks the template
for signs of a macro virus by seeking out key instructions that
perform virus-like activity—instructions such as copying parts
of the template to other templates (replication), or instructions
to execute potentially harmful commands (destruction).
macro virus
Macro viruses are often encoded as an application macro and
included in a document. Unlike other virus types, macro viruses
aren't specific to an operating system and can spread using
email attachments, Web downloads, file transfers, and cooperative applications.
malware (malicious software)
Programming or files that are developed for the purpose of
doing harm, such as viruses, worms, and Trojans.
management console
The user interface for your Trend Micro product.
mass mailer (also known as
a Worm)
A malicious program that has high damage potential, because
it causes large amounts of network traffic.
Mbps
Millions of bits per second—a measure of bandwidth in data
communications.
MB
Megabyte—1024 kilobytes of data.
GL-16
Glossary
TERM
EXPLANATION
Media Access Control
(MAC) address
An address that uniquely identifies the network interface card,
such as an Ethernet adapter. For Ethernet, the MAC address is
a 6 octet address assigned by IEEE. On a LAN or other network, the MAC address is a computer's unique hardware number. (On an Ethernet LAN, it's the same as the Ethernet
address.) When you're connected to the Internet from your
computer (or host as the Internet protocol thinks of it), a correspondence table relates your IP address to your computer's
physical (MAC) address on the LAN. The MAC address is used
by the Media Access Control sublayer of the Data-Link Control
(DLC) layer of telecommunication protocols. There is a different MAC sublayer for each physical device type.
Microsoft Office file
Files created with Microsoft Office tools such as Excel or Microsoft Word.
mixed threat attack
Complex attacks that take advantage of multiple entry points
and vulnerabilities in enterprise networks, such as the “Nimda”
or “Code Red” threats.
MTA (Mail Transfer Agent)
The program responsible for delivering email messages. Also
see SMTP server.
Network Address Translation (NAT)
A standard for translating secure IP addresses to temporary,
external, registered IP address from the address pool. This
allows Trusted networks with privately assigned IP addresses
to have access to the Internet. This also means that you don’t
have to get a registered IP address for every machine in your
network.
network virus
A type of virus that uses network protocols, such as TCP, FTP,
UDP, HTTP, and email protocols to replicate. Network viruses
often do not alter system files or modify the boot sectors of
hard disks. Instead, they infect the memory of client machines,
forcing them to flood the network with traffic, which can cause
slowdowns or even complete network failure.
GL-17
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
notification
A message that is forwarded to one or more of the following:
- system administrator
- sender of a message
- recipient of a message, file download, or file transfer
The purpose of the notification is to communicate that a prohibited action has taken place, or was attempted, such as a virus
being detected in an attempted HTTP file download.
(Also see action and target)
offensive content
Words or phrases in messages or attachments that are considered offensive to others, for example, profanity, sexual harassment, racial harassment, or hate mail.
online help
Documentation that is bundled with the GUI.
open source
Programming code that is available to the general public for
use or modification free of charge and without license restrictions.
operating system
The software which handles tasks such as the interface to
peripheral hardware, scheduling tasks, and allocating storage.
In this documentation, the term also refers to the software that
presents a window system and graphical user interface.
outgoing
Email messages or other data leaving your network, routed out
to the Internet.
parameter
A variable, such as a range of values (a number from 1 to 10).
partition
A logical portion of a disk. (Also see sector, which is a physical
portion of a disk.)
passive FTP
Configuration of FTP protocol that allows clients within your
local area network to initiate the file transfer, using random
upper port numbers (1024 and above).
password cracker
An application program that is used to recover a lost or forgotten password. These applications can also be used by an
intruder to gain unauthorized access to a computer or network
resources.
GL-18
Glossary
TERM
EXPLANATION
pattern file (also known as
Official Pattern Release)
The pattern file, as referred to as the Official Pattern Release
(OPR), is the latest compilation of patterns for identified
viruses. It is guaranteed to have passed a series of critical tests
to ensure that you get optimum protection from the latest virus
threats. This pattern file is most effective when used with the
latest scan engine.
payload
Payload refers to an action that a virus performs on the
infected computer. This can be something relatively harmless,
such as displaying messages or ejecting the CD drive, or
something destructive, such as deleting the entire hard drive.
policies
Policies provide the initial protection mechanism for the firewall, allowing you to determine what traffic passes across it
based on IP session details. They protect the Trusted network
from outsider attacks, such as the scanning of Trusted servers.
Policies create an environment in which you set up security
policies to monitor traffic attempting to cross your firewall.
port
A logical channel or channel endpoint in a communications
system, used to distinguish between different logical channels
on the same network interface on the same computer. Each
application program has a unique port number associated with
it.
protected network
A network protected by IWSA (InterScan Web Security Appliance).
proxy
A process providing a cache of items available on other servers which are presumably slower or more expensive to access.
proxy server
A World Wide Web server which accepts URLs with a special
prefix, used to fetch documents from either a local cache or a
remote server, then returns the URL to the requester.
public-key encryption
An encryption scheme where each person gets a pair of “keys,”
called the public key and the private key. Each person's public
key is published while the private key is kept secret. Messages
are encrypted using the intended recipient's public key and can
only be decrypted using his or her private key. Also see
authentication and digital signature.
GL-19
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
purge
To delete all, as in getting rid of old entries in the logs.
quarantine
To place infected data such as email messages, infected
attachments, infected HTTP downloads, or infected FTP files in
an isolated directory (the Quarantine Directory) on your server.
queue
A data structure used to sequence multiple demands for a
resource when mail is being received faster than it can be processed. Messages are added at the end of the queue, and are
taken from the beginning of the queue, using a FIFO (first-in,
first-out) approach.
recipient
The person or entity to whom an email message is addressed.
registration
The process of identifying yourself as a Trend Micro customer,
using a product Registration Key, on the Trend Micro Online
Registration screen.
https://olr.trendmicro.com/registration
Registration Key
A 22-character code, including hyphens, that is used to register
in the Trend Micro customer database. Here is an example of a
Registration Key: SM-27RT-UY4Z-39HB-MNW8
Also see Activation Code
relay
To convey by means of passing through various other points.
remote access tool (RAT)
Hardware and software that allow a legitimate system administrator to manage a network remotely. However, these same
tools can also be used by intruders to attempt a breach of your
system security.
removable drive
A removable hardware component or peripheral device of a
computer, such as a zip drive.
replicate
To self-reproduce. As used in this documentation, the term
refers to viruses or worms that can self-reproduce.
GL-20
Glossary
TERM
EXPLANATION
router
This hardware device routes data from a local area network
(LAN) to a phone line's long distance line. Routers also act as
traffic cops, allowing only authorized machines to transmit data
into the local network so that private information can remain
secure. In addition to supporting these dial-in and leased connections, routers also handle errors, keep network usage statistics, and handle security issues.
scan
To examine items in a file in sequence to find those that meet a
particular criteria.
scan engine
The module that performs antivirus scanning and detection in
the host product to which it is integrated.
script
A set of programming commands that, once invoked, can be
executed together. Other terms used synonymously with
“script” are “macro” or “batch file.”
sector
A physical portion of a disk. (Also see partition, which is a logical portion of a disk.)
seat
A license for one person to use a Trend Micro product.
Secure Socket Layer (SSL)
Secure Socket Layer (SSL), is a protocol designed by
Netscape for providing data security layered between application protocols (such as HTTP, Telnet, or FTP) and TCP/IP. This
security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a
TCP/IP connection.
server
A program which provides some service to other (client) programs. The connection between client and server is normally
by means of message passing, often over a network, and uses
some protocol to encode the client's requests and the server's
responses. The server may run continuously (as a daemon),
waiting for requests to arrive, or it may be invoked by some
higher-level daemon which controls a number of specific servers.
GL-21
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
server farm
A server farm is a network where clients install their own computers to run Web servers, e-mail, or any other TCP/IP based
services they require, making use of leased permanent Internet
connections with 24-hour worldwide access. Instead of expensive dedicated-line connections to various offices, servers can
be placed on server farm networks to have them connected to
the Internet at high-speed for a fraction of the cost of a leased
line.
shared drive
A computer peripheral device that is used by more than one
person, thus increasing the risk of exposure to viruses.
signature
See virus signature.
signature-based spam
detection
A method of determining whether an email message is spam
by comparing the message contents to entries in a spam database. An exact match must be found for the message to be
identified as spam. Signature-based spam detection has a
nearly zero false positive rate, but does not detect “new” spam
that isn’t an exact match for text in the spam signature file.
Also see rule-based spam detection.
Also see false positive.
SMTP
Simple Mail Transfer Protocol—A protocol used to transfer
electronic mail between computers, usually over Ethernet. It is
a server-to-server protocol, so other protocols are used to
access the messages.
SMTP server
A server that relays email messages to their destinations.
SNMP
Simple Network Management Protocol—A protocol that supports monitoring of devices attached to a network for conditions
that merit administrative attention.
SNMP trap
A trap is a programming mechanism that handles errors or
other problems in a computer program. An SNMP trap handles
errors related to network device monitoring.
See SNMP.
spam
Unsolicited email messages meant to promote a product or
service.
GL-22
Glossary
TERM
EXPLANATION
spyware
Advertising-supported software that typically installs tracking
software on your system, capable of sending information about
you to another party. The danger is that users cannot control
what data is being collected, or how it is used.
subnet mask
In larger networks, the subnet mask lets you define subnetworks. For example, if you have a class B network, a subnet
mask of 255.255.255.0 specifies that the first two portions of
the decimal dot format are the network number, while the third
portion is a subnet number. The fourth portion is the host number. If you do not want to have a subnet on a class B network,
you would use a subnet mask of 255.255.0.0.
A network can be subnetted into one or more physical networks which form a subset of the main network. The subnet
mask is the part of the IP address which is used to represent a
subnetwork within a network. Using subnet masks allows you
to use network address space which is normally unavailable
and ensures that network traffic does not get sent to the whole
network unless intended. Subnet masks are a complex feature,
so great care should be taken when using them. Also see IP
address.
target
(Also see action and notification)
The scope of activity to be monitored for a violating event, such
as a virus being detected in an email message. For example,
you could target virus scanning of all files passing into and out
of your network, or just files with a certain file name extension.
TCP
Transmission Control Protocol—TCP is a networking protocol,
most commonly use in combination with IP (Internet Protocol),
to govern connection of computer systems to the Internet.
Telnet
The Internet standard protocol for remote login that runs on top
of TCP/IP (Transmission Control Protocol/Internet Protocol).
This term can also refer to networking software that acts as a
terminal emulator for a remote login session.
top-level domain
The last and most significant component of an Internet fully
qualified domain name, the part after the last ".". For example,
host wombat.doc.ic.ac.uk is in top-level domain "uk" (for United
Kingdom).
GL-23
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
Total Solution CD
A CD containing the latest product versions and all the patches
that have been applied during the previous quarter. The Total
Solution CD is available to all Trend Micro Premium Support
customers.
traffic
Data flowing between the Internet and your network, both
incoming and outgoing.
Transmission Control Protocol/Internet Protocol
(TCP/IP)
A communications protocol which allows computers with different operating systems to communicate with each other. Controls how data is transferred between computers on the
Internet.
trigger
An event that causes an action to take place. For example,
your Trend Micro product detects a virus in an email message.
This may trigger the message to be placed in quarantine, and a
notification to be sent to the system administrator, message
sender, and message recipient.
Trojan Horse
A malicious program that is disguised as something benign. A
Trojan is an executable program that does not replicate, but
instead, resides on a system to perform malicious acts, such
as opening a port for an intruder.
true-file type
Used by IntelliScan, a virus scanning technology, to identify the
type of information in a file by examining the file headers,
regardless of the file name extension (which could be misleading).
trusted domain
A domain from which your Trend Micro product will always
accept messages, without considering whether the message is
spam. For example, a company called Dominion, Inc. has a
subsidiary called Dominion-Japan, Inc. Messages from dominion-japan.com are always accepted into the dominion.com network, without checking for spam, since the messages are from
a known and trusted source.
trusted host
A server that is allowed to relay mail through your network
because they are trusted to act appropriately and not, for
example, relay spam through your network.
GL-24
Glossary
TERM
EXPLANATION
tunneling
A method of sending data that enables one network to send
data using another network’s connections. Tunneling is used to
get data between administrative domains which use a protocol
that is not supported by the internet connecting those domains.
With VPN tunneling, a mobile professional dials into a local
Internet Service Provider's Point of Presence (POP) instead of
dialing directly into their corporate network. This means that no
matter where mobile professionals are located, they can dial a
local Internet Service Provider that supports VPN tunneling
technology and gain access to their corporate network, incurring only the cost of a local telephone call.
When remote users dial into their corporate network using an
Internet Service Provider that supports VPN tunneling, the
remote user as well as the organization knows that it is a
secure connection. All remote dial-in users are authenticated
by an authenticating server at the Internet Service Provider's
site and then again by another authenticating server on the
corporate network. This means that only authorized remote
users can access their corporate network, and can access only
the hosts that they are authorized to use.
tunnel interface
A tunnel interface is the opening, or doorway, through which
traffic to or from a VPN tunnel passes. A tunnel interface can
be numbered (that is, assigned an IP address) or unnumbered.
A numbered tunnel interface can be in either a tunnel zone or
security zone. An unnumbered tunnel interface can only be in a
security zone that contains at least one security zone interface.
The unnumbered tunnel interface borrows the IP address from
the security zone interface. Also see Virtual Private Network
(VPN).
tunnel zone
A tunnel zone is a logical segment that hosts one or more tunnel interfaces. A tunnel zone is associated with a security zone
that acts as its carrier.
URL
Universal Resource Locator—A standard way of specifying the
location of an object, typically a Web page, on the Internet, for
example, www.trendmicro.com. The URL maps to an IP
address using DNS.
GL-25
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
VBscript virus
VBscript (Microsoft Visual Basic scripting language) is a simple
programming language that allows Web developers to add
interactive functionality to HTML pages displayed in a browser.
For example, developers might use VBscript to add a “Click
Here for More Information” button on a Web page.
A VBscript virus is a virus that is targeted at these scripts in the
HTML code. This enables the virus to reside in Web pages and
download to a user’s desktop through the user’s browser.
Also see JavaScript virus.
virtual IP address (VIP
address)
A VIP address maps traffic received at one IP address to
another address based on the destination port number in the
packet header.
Virtual Local Area Network
(VLAN)
A logical (rather than physical) grouping of devices that constitute a single broadcast domain. VLAN members are not identified by their location on a physical subnetwork but through the
use of tags in the frame headers of their transmitted data.
VLANs are described in the IEEE 802.1Q standard.
Virtual Private Network
(VPN)
A VPN is an easy, cost-effective and secure way for corporations to provide telecommuters and mobile professionals local
dial-up access to their corporate network or to another Internet
Service Provider (ISP). Secure private connections over the
Internet are more cost-effective than dedicated private lines.
VPNs are possible because of technologies and standards
such as tunneling and encryption.
virtual router
A virtual router is the component of Screen OS that performs
routing functions. By default, Trend Micro GateLock supports
two virtual routers: Untrust-VR and Trust-VR.
virtual system
A virtual system is a subdivision of the main system that
appears to the user to be a stand-alone entity. Virtual systems
reside separately from each other in the same Trend Micro
GateLock remote appliance; each one can be managed by its
own virtual system administrator.
GL-26
Glossary
TERM
EXPLANATION
virus
A computer virus is a program – a piece of executable code –
that has the unique ability to infect. Like biological viruses,
computer viruses can spread quickly and are often difficult to
eradicate.
In addition to replication, some computer viruses share another
commonality: a damage routine that delivers the virus payload.
While payloads may only display messages or images, they
can also destroy files, reformat your hard drive, or cause other
damage. Even if the virus does not contain a damage routine, it
can cause trouble by consuming storage space and memory,
and degrading the overall performance of your computer.
virus kit
A template of source code for building and executing a virus,
available from the Internet.
virus signature
A virus signature is a unique string of bits that identifies a specific virus. Virus signatures are stored in the Trend Micro virus
pattern file. The Trend Micro scan engine compares code in
files, such as the body of an email message, or the content of
an HTTP download, to the signatures in the pattern file. If a
match is found, the virus is detected, and is acted upon (for
example, cleaned, deleted, or quarantined) according to your
security policy.
virus trap
Software that helps you capture a sample of virus code for
analysis.
virus writer
Another name for a computer hacker, someone who writes
virus code.
Web
The World Wide Web, also called the Web or the Internet.
Web server
A server process running at a Web site which sends out Web
pages in response to HTTP requests from remote browsers.
GL-27
Trend Micro™ IM Security Installation and Deployment Guide
TERM
EXPLANATION
wildcard
A term used in reference to content filtering, where an asterisk
(*) represents any characters. For example, in the expression
*ber, this expression can represent barber, number, plumber,
timber, and so on. The term originates from card games, in
which a specific card, identified as a "wildcard," can be used for
any number or suit in the card deck.
working directory
The destination directory in which the main application files are
stored, such as /etc/iscan/iwss.
workstation (also known as
client)
A general-purpose computer designed to be used by one person at a time and which offers higher performance than normally found in a personal computer, especially with respect to
graphics, processing power and the ability to carry out several
tasks at the same time.
worm
A self-contained program (or set of programs) that is able to
spread functional copies of itself or its segments to other computer systems.
zip file
A compressed archive (in other words, “zip file") from one or
more files using an archiving program such as WinZip.
"Zip of Death"
A zip (or archive) file of a type that when decompressed,
expands enormously (for example 1000%) or a zip file with
thousands of attachments. Compressed files must be decompressed during scanning. Huge files can slow or stop your network.
zone
A zone can be a segment of network space to which security
measures are applied (a security zone), a logical segment to
which a VPN tunnel interface is bound (a tunnel zone), or a
physical or logical entity that performs a specific function (a
function zone).
Note:
GL-28
Index
A
P
accessing the product console 5-6
locally 5-6
remotely 5-7
activating IM Security 4-3
activation code, obtaining 4-2
activation troubleshooting 6-2
pilot deployment, how to conduct 2-4
planning deployment 2-2
pre-installation tasks 2-8
product console
troubleshooting access issues 6-2–6-3
product console, accessing 5-6
accessing locally 5-6
accessing remotely 5-7
protection strategy 1-10
proxy server, specifying settings 5-10
C
checking default settings 5-8
components
update preparation 5-10
updating 5-12
conducting a pilot deployment 2-4
considerations for deployment 2-3
contacting technical support 7-2
Content Filtering 1-8
D
R
registering IM Security 4-2
registration troubleshooting 6-2
removing IM Security 3-7
reporting false positives 7-3
requirements, system 2-5
default settings, checking 5-8
deployment
conducting a pilot deployment 2-4
planning 2-2
redefining the deployment strategy 2-5
special considerations 2-3
S
F
T
false positives, reporting 7-3
File Blocking 1-7
technical support, contacting 7-2
TrendLabs 7-3
troubleshooting
activation 6-2
installation 6-2
product console access issues 6-2–6-3
registration 6-2
update issues 6-5
updates 6-3
I
IM Security
activating 4-3
installing 3-2
registering 4-2
removing 3-7
installation
troubleshooting 6-2
installing IM Security 3-2
O
obtaining an activation code 4-2
sending infected file samples 7-3
specifying an update source 5-11
specifying proxy server settings 5-10
system changes 5-2
system requirements 2-5
U
uninstalling IM Security 3-7
update issue troubleshooting 6-5
update source, specifying 5-11
IN–1
Trend Micro™ IM Security Installation and Deployment Guide
updates troubleshooting 6-3
updating components 5-12
V
Virus Scan 1-6
W
Web Threat Protection 1-9
IN–2
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement