OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818

7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818

http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 1/56

T

T

La

enffic

SP/T

b Tex

eSc

SE T

book

icran

raini

1

g Co

.6

urse



Trend Micro OfficeScan 10.6 Lab Textbook

2 2010 Trend Micro Inc.

Information in this document is subject to change without notice. The names of companies, products, people,characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is theresponsibility of the user.

Portions of this manual have been reprinted from the Trend Micro OfficeScan 10.5 Installation and UpgradeGuide, copyright 1998-2010, Trend Micro, Inc.; Trend Micro OfficeScan 10.5 Administrators Guide, copyright1998-2010, Trend Micro, Inc.; and the Trend Micro Smart Scan for OfficeScan Getting Started Guide, copyright2009-2010, Trend Micro, Inc.

Copyright 1998-2010 Trend Micro Incorporated. All rights reserved.

No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted withoutthe express prior written consent of Trend Micro Incorporated.

Trend Micro, the Trend Micro t-ball logo, TrendLabs, and OfficeScan are trademarks or registered trademarks ofTrend Micro, Incorporated. All other brand and product names are trademarks or registered trademarks of theirrespective companies or organizations.

Program Manager:Tom BrandonEditorial:Alexander Sverdovskva

Released:August 2010 v3.6



Administrator Track

2010 Trend Micro Inc. 3

Table of Contents

Exercise 1: Validate Lab Setup ...................................................................................5Activity 1.1 > LAN Requirements ............................................................................................................ 5Activity 1.2 > Server Requirements ........................................................................................................ 5Activity 1.3 > Lab Preparation .................................................................................................................. 6

Exercise 2: Install OfficeScan .....................................................................................7Activity 2.1 > Prepare to Install OfficeScan ........................................................................................ 7Activity 2.2 > Install OfficeScan Server ................................................................................................. 8Activity 2.3 > Verify the Installation ....................................................................................................... 9

Exercise 3: Configure Smart Scan .......................................................................... 13Activity 3.1 > Configure Smart Protection Sources ..................................................................... 13Activity 3.2 > Configure Integrated Server Settings and an Update Schedule .............. 13

Exercise 4: Configure Client Settings .................................................................... 15Activity 4.1 > View Client Status and Configure the Client Tree .......................................... 15Activity 4.2 > Configure Client Scan Settings ................................................................................ 16Activity 4.3 > Change the Scan Mode for One or More Domains ...................................... 17Activity 4.4 > Configure Client Privileges ......................................................................................... 18Activity 4.5 > Enable and Configure WRS ....................................................................................... 19Activity 4.6 > Enable and Configure Behavior Monitoring and Device Control ............ 20Activity 4.7 > Export Client Management Data ............................................................................. 21

Exercise 5: Configure Global Client Settings ....................................................... 23Activity 5.1 > Configure Global Scan Settings ............................................................................... 23Activity 5.2 > Configure Global Log Settings ................................................................................. 24Activity 5.3 > Configure Active Directory Settings ...................................................................... 24Activity 5.4 > Configure Custom Automated Client Groupings ............................................ 26

Exercise 6: Prevent Outbreaks ................................................................................ 29Activity 6.1 > Configure Outbreak Prevention ............................................................................... 29Activity 6.2 > Standard Notifications ................................................................................................. 30Activity 6.3 > Outbreak Notifications ................................................................................................. 31





Activity 6.4 > Test the Alert Settings ................................................................................................. 31Exercise 7: Configure Administration Settings ................................................... 33

Activity 7.1 > Create Custom Roles and Add a User Account ............................................... 33Activity 7.2 > Configure Quarantine Manager ............................................................................... 34

Exercise 8: Deploy OfficeScan Clients ................................................................... 35Activity 8.1 > Modify the Server Login Script ................................................................................ 35Activity 8.2 > Create a Client Setup Package ................................................................................. 36

Exercise 9: Update and Deploy OfficeScan Components ................................. 37Activity 9.1 > Manually Update and Deploy Components ...................................................... 37Activity 9.2 > Configure an Update Agent ...................................................................................... 38

Exercise 10: Configure Settings on the Client Console ..................................... 41Activity 10.1 > Configure Scan Options from the OfficeScan Client Console ................ 41Activity 10.2 > Configure OfficeScan Firewall from the Client Console ............................ 42Activity 10.3 > Test Your Settings........................................................................................................ 42

Exercise 11: Configure OfficeScan Firewall .......................................................... 45Activity 11.1 > Create a Policy .............................................................................................................. 45Activity 11.2 > Create a Profile ............................................................................................................. 46Activity 11.3 > Test the OfficeScan Firewall Settings ................................................................. 46

Exercise 12: Detect Vulnerable Computers .......................................................... 49Activity 12.1 > Manually Scan Computers ....................................................................................... 49Activity 12.2 > Configure a Scheduled Task for Vulnerability Scans .................................. 50Activity 12.3 > Perform a Security Compliance Query .............................................................. 51

Exercise 13: View OfficeScan Logs......................................................................... 53Activity 13.1 > View Firewall Logs ....................................................................................................... 53Activity 13.2 > View Virus/Malware Logs ......................................................................................... 53

Exercise 14: Creating a Client Update Package (Optional Activity) ............... 55Activity 14.1 > Verify Connections ...................................................................................................... 56



dministrator

2010 Trend

E

Track

Micro Inc.

erciThis lab2003/20server haMicro w

ctivitYour lab

A un Inter Hub Cate

ctivit

Your lab

1.86 1 G 3.5 Ethe Key

Your lab

Windom

Micr MicrNOTEOfficeSc

virtual m

machine

e 1:emonstrate8 operating

rdware. For ibsite (http:

1.1 >LAN config

ique, static I

net access

or switch wi

ory 5 Unshi

1.2 >server shoul

GHz Intel C

of RAM

B hard-disk

rnet adapter

oard, monit

server shoul

ows Serverain controlle

osoft Intern

osoft Intern

Because the

n features usin

chine. Your clas

as clients. Foll

ValiTrend Micrsystem. In anformation//www.trend

LAN Ruration shoul

address for

th sufficient

elded Twiste

Server

meet these

ore2 Duo pr

space

card

r (with at le

meet these

003 with Se(PDC)

t Informatio

t Explorer 7.

OfficeScan clien

a single server

sroom setup ma

w your instructo

ateOfficeScanroduction ebout platformicro.com)

quired meet these

each lab co

orts to inter

Pair (UTP)

Requir

minimum h

cessor or eq

st 1024 x 76

minimum o

vice Pack 2

Server (IIS

0 or later

t can run on the

achine. It is als

y, additionally,

rs guidance wit

Labrunning onvironment,

and hardwr refer to O

entsminimum re

puter

connect lab

cables to int

ement

rdware requi

uivalent

8 pixel resolu

erating-syste

r later, instal

6.0 or later

Windows Server

o possible to im

rovide you with

regard to modi

SetMicrosoftou can use

are support,ficeScan do

quirements:

quipment

rconnect la

rements:

tion), and m

m requireme

led as a stan

(7.0 for Serv

platform, you ca

plement the ser

ne or more add

fications and ca

pindows Serther platforlease visit t

umentation.

equipment

use

nts:

alone server

r 2008)

n demonstrate

er configuration

itional real or vir

eats to the basi

ers and

e Trend

/ primary

ost

within a

tual

lab setup.

5





Activity 1.3 >Lab PreparationYour lab instructor will provide:

OfficeScan installation files Valid activation codes for OfficeScan services IP address/domain name for the OfficeScan server Administrator rights (local or domain) to your lab computer Pre-configured Active Directory structure or instructions on how to configure your directory

for testing Active Directoryintegrated OfficeScan features.

The European Institute of Computer Anti-Virus Research (EICAR) test virus file Optional: SMTP server information (for your local machine or classroom server) and email

addresses



dministrator

2010 Trend

E

Track

Micro Inc.

erci

ctivit

Scenari

You havcustomeexistingbaseline

Simple,informatmeets th

For thisdescriptitextbookspecific

Validati

Veri 1 1 3

Veri

e 2:2.1 >

o

been hired. Before younvironment,unctions rel

ritten noteson, etc. Youminimum h

ctivity, and tns as a guid

, as well as trocedures, o

on Checkl

y minimum

indows Ser

.86 GHz Int

GB of RA

.5 GB availa

icrosoft Int

icrosoft Int

y that IIS is

NOTE To l

Information

Inst

Prepar

as a consultamodify anyyour own coted to your

will suffice fmust also vaardware and

hose that folfor complete aid of other troublesho

ist

ost-system

er 2003 with

l Core2 Duo

(2 GB reco

le hard-disk

rnet Inform

rnet Explore

unning

aunch the IIS Co

Services (IIS)

ll O

to In

t to install af your custompanys proork.

r your doculidate that thsoftware req

ow, use theing your tasr classroomt problems

equirements

Service Pac

processor o

mmended fo

space

tion Server (

r 7.0 or abo

nsole, click Sta

Mangeror run:

ffice

tall Of

pilot-installamers compucedures requi

entation ofe system onuirements.

alidation chs. Use yourarticipants tou may enc

for OfficeSc

2 or above

equivalent

r Server 200

IIS) 6.0 or a

e

t > Program

: {windir}\system

can

iceSca

ion of Officters or any nre you to do

IP addresseshich you wi

cklists that fwn knowledfill in anyunter.

an:

)

ove (7.0 for

> Administ

32\inetsrv\iis.

n

eScan for a letworking decument and

, domain nall install Offi

ollow the scege, the studeissing parts,

Server 2008)

ative Tools >

sc

rgevices in thealidate all

es, logineScan

nariot

explain

Internet

7



rend Micro fficeScan 10.

Vali Veri Coll

Forinfor

Ping Veri

(www

Ensoneby n

Veri Con Coll

Result

You havrequirem

ctivit

Scenari

You havyour hosconfigurand its inUse thesactivity.

Validati

Install th

ate network

y and note I

ct any otherxample, askmation in or

the localhosy basic browgoogle.com,

re DNS funr more sepame.

y location o

irm that you

ct and verif

verified thaents for inst

2.2 >o

successfullsystem andtion paramestructions foinstruction

on Checkl

e OfficeScan

connectivity

configurati

network seryour instructder to config

t (commandser functionfor example

tionality byrate client m

OfficeScan

have admini

Active Dire

your lab colling OfficeS

Install

validated thhave documers. Next, lor installing Oas a referen

ist

server softw

n (comman

ice informator to confirre OfficeSc

line: pingllity. Load intas told by y

inging yourchines, ensu

oftware, acti

strator login

tory inform

puter is funcan server an

fficeS

baseline funted all rele

cate your stufficeScan sere for compl

are using the

line: ipcon

on that maywhether yon server to

ocalhost) anernal class wur instructo

orkstationre that all of

vation codes

ame and pa

tion as provi

ctional and td client soft

can Se

ctionality ofantent textboo

ver software.ting this

se checklist i

ig/all)be required fwill need ae able to rea

d ping the geb page or or.

y name. If your machin

, and test vir

sword for y

ded by your

at is meets tare.

rver

ems as guide

201

rom your laby proxy-serv

ch the Intern

tewayher site

our lab setups can ping e

s file.

ur computer

instructor.

he minimum

lines:

Lab Textboo

Trend Micro Inc

instructor.eret.

includesch other

.

system

.



Administrat

2010 Trend

or Track

Micro Inc.

Sele To s Instuse

in th

Ena Pay Sele

testifunc

Not Sele

IIS v

Sele Sele Do Parti Ena Ena

ResultYou hav

ctivit

Scenari

After insvalidate tbased mof its pa

In the netest enviinstallati

Inst Servi High

t to install th

ave classroo

ll to IIS usinf Apache, bre lab setup.)

le SSL.

pecial attent

t for the serg the possibioning prop

that if you

t to install th

irtual websit

t to install th

t to install th

ot install an

cipate in the

le the client

le spyware/

installed th

2.3 >o

alling the Ohe installationagement ces.

xt few days,onment thatns. The cust

llation/prog

ces and exec

-level registr

e OfficeScan

time, consi

g the virtualiefly consult

on to port n

er to be idenilities for cusrly before se

lready have

e integrated

, the Smart

e integrated

e OfficeScan

of the Cisco

Trend Micro

firewall and

rayware asse

OfficeScan

Verify

ficeScan sern in a simplensole, loggin

our custommonitors chomer has ask

am directori

utable names

keys.

server softw

er skipping

ebsite optiowith your in

mbers and

tified by doom client grlecting this o

ctivation co

mart Scan s

can server S

eb Reputat

client softw

NAC comp

Smart Feed

elect to enab

ssment mod

server and th

he Ins

er software,way, by laung in, and bri

r will be addnges to systed for a list

es

that will be

are on this

the prescan (

n. (If your retructor to id

ote those th

ain name. Tuping, but

ption.

es, you will

erver. Note t

SL port will

ion Service

re in additio

onents

ack program

le the firewal

for the min

e OfficeScan

allatio

you will wanching the wefly navigatin

ing an IT invm configuraf

unning

computer.

consult your

al-world orgntify any iss

t your syste

his will giveou must also

ot need to r

at because

e 4345.

n to the serv

l on server p

imum numb

client on yo

to-a few

entory manaions and rep

Exercise 2

instructor).

nization reqes that may

will be usin

ou more fleensure that

gister online

ou are install

r software

latforms

r of weeks

ur lab compu

ement systeorts new sof

: Install OfficeS

ires thebe unique

g

ibility forNS is

.

ing to an

ter.

to theware

can

9





Now would be a good time to verify that these items are correctly listed in the systemdocumentation. (You don't have to write all this information down for the lab activity. Simply,verify that the documentation is correct, note any discrepancies and prepare to provide this to

your customer.

Validation Checklist

Launch the management console and login Verify that the client status icon appears in the system tray Verify the location of the OfficeScan program files

C:\ProgramFiles\TrendMicro\OfficeScan C:\ProgramFiles\TrendMicro\OfficeScanClient

View the list of services to identify OfficeScan services(Click: Start > Programs > Administrative Tools > Servicesor execute the command: services.msc/s)

OfficeScan Active Directory Integration Service (osceintegrationservice.exe) OfficeScan Control Manager Agent (OfcCMAgent.exe) OfficeScan Master Service (OfcService.exe) OfficeScan NT Listener (TmListen.exe) OfficeScan NT Proxy Service (TmProxy.exe) OfficeScan NT RealTime Scan (NTRtScan.exe) Trend Micro Local Web Classification Server (LWCSService.exe) Trend Micro Smart Scan Server (iCRCService.exe)

Launch the Windows task manager to verify these additional modules: CNTAoSMgr.exe(client plug-in service manager) DbServer.exe(server) PccNTMon.exe(client)

Launch the Windows registry editor (regedit.exe) and verify the registry keys HKLM\Software\TrendMicroInc.\ServerSetup HKLM\Software\TrendMicro\DatabaseBackup HKLM\Software\TrendMicro\NSC HKLM\Software\TrendMicro\OfficeScan HKLM\Software\TrendMicro\PCcillinNTCorp HKLM\Software\TrendMicro\RemoteInstall HKLM\Software\TrendMicro\Solar

Optional: view the OFCMAS.LOG(server) and OFCNT.LOG(client) logs in the Windowsdirectory.



Administrator Track Exercise 2: Install OfficeScan


Result

You have verified the names and locations of OfficeScan components and demonstrated that

OfficeScan was installed correctly on your lab computer.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

ctivit

Supposeserver, athe Trenactivity,your stan

Go thype

Addstan

Addselecconn

Use

ctivit

and

In this sto be ablits patterAccess t

Ena Ena Leav

Acti

e 3:3.1 >

that you havd that youMicro Glo

ou will add tdard list and

o the Smartrlink to conf

the standaloalone server

the Trend Mt File Reputection. Leav

he arrows to

3.2 >an Up

enario, althoe to query th

file regularle Smart Pr

le the integr

le scheduled

e the UpdateeUpdate ser

Co

Config

e a standalonant to confial Smart Sca

he standalonput the serv

Protectiongure the list

e server. Fo. Invent a U

icro Globalation Servicee Web Repu

adjust the o

Config

ate Sc

ugh you plane integratedy, but not sotection > I

ated Smart S

updates and

Sources at ters.

figu

ure S

e Smart Scanure internaln Server, sece server andrs in the cor

Smart Proo be used b

the purposL and do no

mart Scan Ss and SSL,tation Servic

der of your l

ure Int

hedul

to have a stmart Scan sefrequently ttegrated Se

an server fo

set the frequ

eir default s

re S

art Pr

server in adlients to con

ond; and thehe Trend Miect order.

ection Sourall internal

of this lab at clickTest

rver (osce1 enter portes uncheck

ist.

grate

ndalone Smrver as a bacat updates crverpage an

both file an

ency to ever

ettings for up

art

tectio

ition to younect to the sintegrated secro Global S

cespage andlients.

ctivity, you donnection.

5.icrc.tre

umber 443,d.

Serv

rt Scan servup. You wansume tooset the foll

web reputa

hour.

dating from

Sca

Sour

integrated Sandalone serrver, third. Imart Scan Se

click the sta

o not actuall

dmicro.com/

and then test

r Setti

r, you also wt the serveruch bandwi

wing:

tion services.

the Trend M

es

mart Scanver, first;

thisrver to

ndard list

have a

tmcss),the

gs

ant clientsto updatedth.

cro

13



dministrator

2010 Trend

E

Track

Micro Inc.

erci

ctivit

Clien

Scenari

The clien> Clientcheckingconfiguriincludinsearch re

In a fewmanage

Beco Und

displ

Crea

Validati

Loc Com

Sum

Usewheclien

Usedispl

AddbusiSalesstru

Dele

e 4:4.1 >t Tree

o

t tree viewerManagemethe status ong client settscanning, usults.

days, you wilent. To pre

me familiar

erstand howay antivirus

te a number

on Checkl

te your clien

pare the detary page.

he Status buclicking to

t tree viewer.

he drop-doayed in the c

some custoess. For exa, Marketing,ture (that is,

te and renam

Co

View

on the Netntpage is aclients, grou

ings, executiinstallation,

l be presentiare for this p

ith the detai

to limit the vr update stat

f domains t

ist

machine in

ils provided

tton to viewhe Status bu

n client trentent pane

OfficeScanple, create

IT-global. Yone or more

e a few dom

figu

lient S

orked Coowerful toolping clients,g various tas

and displayin

g your pilotresentation,

ls provided i

iew of the deus ahead of

at are repre

the tree view

n the conten

details aboutton to the in

view contf the client t

domains to tfficeScan d

u can also cdomains wit

ains to practi

re Cl

atus a

putersfor

ks,g

configuratioyou want to

the content

tails providether details)

entative of t

on the Clien

t pane with t

your client.formation di

ol to changeree.

he client treemains name

eate your oin a domain

ce for your u

ient

d Co

to your cuso several thi

pane of the

and group t

e clients bu

t Manageme

hose provide

ompare thesplayed in th

the order an

to representd: Administrn. Create at l

).

pcoming pre

Setti

figure

omers ITngs:

tree viewer

hem (that is,

siness

t page

d on the mai

informationcontent pa

d type of inf

your customation, Engineast one mul

sentation.

ngs

the

how to

n

providede of the

rmation

ersering,ti-tiered

15





Move your client from one domain to another.

ResultYou have configured and reviewed the status of clients using the client tree in the OfficeScanManagement Console.

Activity 4.2 >Configure Client Scan SettingsScenario

Trend Micro announced the discovery of a virus with a very high destructive potential. Thenumber of infections is on the rise, but a virus outbreak has not yet been declared.

As a precautionary measure, you want to scan the network, using the latest available pattern, assoon as possible. Since this a new virus, you prefer to use ActiveAction scan actions, to leverageTrend Micro research into the virus, instead of your own customized settings.

The announcement, however, went out in the middle of the business day. So you do not wantyour scan to affect productivity, so youve chosen to leverage CPU usage functionality.

Changing the CPU usage reminds you that you have a small domain of clients with a number ofolder computers with limited RAM and CPU capacity and that real-time scanning may beimpacting their productivity. You want to reconfigure the real-time scanning configuration forthis domain.

Finally, you want to make sure that scheduled scans for all your clients are set to run on theweekends.


Use the Networked Computers > Client Managementpage to configure the Scan Nowsettings for all computers in the client tree. Make your configuration compliant with thesespecifications:

Use IntelliScan Scan only two layers of compression on compressed files Scan the boot area Scan hidden files Medium CPU usage Dont scan for spyware/grayware Use ActiveAction Apply to all OfficeScan clients

Select a single domain and configure real-time scan settings according to these specifications:



Administrator Track Exercise 4: Configure Client Settings


Disable real-time scanning for spyware/grayware Scan files only as they are being read Dont use IntelliScan Dont scan compressed files Dont use IntelliTrap Use ActiveAction Make sure that clients back up files before they are cleaned

Discuss with the class and your instructor the risks and benefits of this configuration. Apply these configuration requirements for scheduled scans to all clients in the tree.

Enable virus/malware and spyware/grayware scanning Scan weekly every Sunday at a time of your choosing Scan all scannable files Set all other scan settings to create the most rigorous scan possible Use ActiveAction Disable user notifications

Result

You have configured a manual scan, a real-time scan, and a scheduled scan to meet therequirements of a given scenario.

Activity 4.3 >Change the Scan Mode for One orMore Domains

Scenario

You have piloted the Smart Scan scanning method on another OfficeScan server, and you arecomfortable with accepting Smart Scan as the scan mode for most clients that will connect to

this server. However, to keep network traffic to an absolute minimum for some clients, you wantto have them use conventional scanning. The only scan setting that you want to change for theselected clients is the scan method, but you want to have all conventional-scan clients located ina new and separate domain from the one that they were in.

You need to create a new domain for your conventional-scan clients, replicate the settings fromtheir prior domain, change the Scan Method setting at the domain level and then move theclients you want to switch to conventional-scan mode into the new domain.






Create a new OfficeScan domain. For example, if you have an existing domain calledEngineering, create a new domain called csEngineering.

Use Settings > Export Settingson the drop-down menu of the client tree to export thescan settings from the existing domain.

Use Settings > Import Settingson the drop-down menu of the client tree to import thescan settings you just exported and apply those settings to the target domain that you justcreated and all the computers that belong to it.

Verify that the new domain and the existing domain have the same scan settings. Change the scan method of the new domain so that all clients that will be added to the

domain will be configured to use Smart Scan.

Select an existing client and move that client to your new conventional-scan domain. Allowyour client software time enough to receive the notification of the new configuration andmake the changes.

Verify that the client is now using conventional-scan and that its scan settings are correct.

Result

You have exported and imported scan settings, configured the scan method for clients to use atthe domain level, and have moved one or more clients from one domain to another for thepurpose of applying new settings.

Activity 4.4 >Configure Client PrivilegesScenario

By default, OfficeScan assigns a relatively limited set of privileges to clients. However, you wantto create a domain that will contain only experienced computer users who need to be able toconfigure their own scans.

They also regularly work odd hours, and need to be able to stop a scheduled scan if it interruptstheir work. You want to allow these users to configure their own scanning options. They need to

be able unload the client, but you do not want them to be able to uninstall it or modifyOfficeScan files and registries. You also do not want them to be able to deploy their ownprogram upgrades and hot fixes, because it could consume a lot of bandwidth.

You also need to create another domain into which you can move clients who need to havevirtually all of their privileges automatically eliminated, except for the ability to enable roamingmode.

To complete this activity, you may create two new domains, or use two that you already createdin Activity 4.1.






Select an existing domain, or create a new domain (named Power Users, for example) andensure that they have at least these privileges:

Full configuration capability for all types of antivirus and anti-spyware scanning Full control over firewall settings Access to all client tabs Permission to perform Update Now No uninstallation, but allow unloading Enabled scheduled update Select to display notifications for as many services as possible (Web reputation, behavior

monitoring, etc.)

Restrict access to program files and registry entries Select an alternate domain or create a new one (named Restricted, for example) and

configure the OfficeScan client privileges and other settings for members of this domain tobe as restrictive as possible, except for allowing the use of roaming mode.

Right-click the client-icon in the system tray and launch the OfficeScan client console. Clickthe Settings on the drop-down menu and notice the options available. Notice also whichtabs are visible on the main interface. Then, move your client to the restricted domain. Closethe console and wait a few moments for the configuration to be updated. Then, open theconsole and inspect the changes.

Similarly, move your client to the power users domain, and inspect the changes.

Result

You have configured client privileges for a given scenario.

Activity 4.5 >Enable and Configure WRSScenario

Web threats have been an ongoing concern at your company. You have already implementedseveral gateway devices to protect your internal network, but have no protection for mobileclients. Your boss would like you to stage a small demonstration of how you can apply differentpolicies whenever a mobile client travels outside corporate network.

NOTE To demonstrate Web Reputa tion Services, you w ill need open Internet access with Internet Explorerproperly configured and your instructor will need to provide you with an acceptable URL that has been identified as

likely to harbor web threats. It may not be possible to meet these requirements in all circumstances, please consult

with your instructor on details for how to complete this exercise.






For the Networked Computers > Computer Locationconfiguration, set the client to useGateway IP address as its basis for location awareness, add a single, non-existent IPaddress to the list, and then save the configuration. The tray icon of the client softwareshould subsequently change to show a small checkmark (or tick mark), indicating that itslocation is determined to be external.

Enable WRS for external computers and set the security level to high. Select to block pages that have not been tested by Trend Micro Add a custom URL (such as, Facebook or Google) to the blocked-URL list. Allow clients to send logs to the OfficeScan server.

Disable WRS for internal computers (if no locations are configured, all clients willautomatically use the configuration for external computers).

Access the following URLs: A URL that appears on the approved list The URL you added to the blocked list http://Wr21.winshipway.com One or more other URLs to test and verify web functions.

Return to the Computer Location configuration and add the legitimate IP address of thecurrent gateway to the configuration and save the configuration.

The client tray icon should change to reflect the change in location status. Attempt to access the same URLs as before and be prepared to explain why there is a

difference in results.

Result

You have enabled WRS and have demonstrated its functionality.

Activity 4.6 >Enable and Configure BehaviorMonitoring and Device Control

Scenario

Although certain users require extra flexibility and extended privileges to be productive, you andyour organization are becoming increasingly concerned about a number of users and a range ofunauthorized applications that push the limits of acceptable system usage. You would like todemonstrate for your boss the extent to which OfficeScan behavior monitoring and devicecontrol capabilities can be configured to restrict user activity and monitor system activities forunauthorized system changes.






Select an existing domain (Restricted, for example) or create a new one and configure thebehavior monitoring settings of this domain to be as restrictive as possible. Enable malware behavior blocking. Enable event monitoring then enable and deny all system events that can be

monitored.

Add WordPad to the custom list of blocked programs (find and enter the full path). Select an existing domain (Restricted, for example) or create a new one and configure the

OfficeScan device-control capability to monitor device access and deny access to allmonitored devices except mapped drives and UNC paths.

Refer to the section titled Post-Installation Considerations for Servers and x64 DesktopPlatforms in Chapter 6 of the student manual for information on how to enable behaviormonitoring and device control on Windows servers. Using this information, modify theregistry of your lab computer to enable the full functionality of as many services as possible.

Move your lab computer into the domain for which you configured behavior monitoringand device control.

Attempt to launch WordPad and take note of the result. Attempt to access a restricted device and take note of the result. Move your client back to the domain in which it was located before the start of this activity. Attempt to launch WordPad and take note of the result.

Result

You have enabled and configured the behavior monitoring and device control capabilities of theOfficeScan client. You have also demonstrated the end-user experience of attempting to performrestricted actions.

Activity 4.7 >Export Client Management DataScenario

A fellow IT worker has been working on a management report and he wants to include somegraphs based on the numbers of virus and spyware incidents that are displayed in the contentpane of the OfficeScan client tree. She asks if you can get her the data in a format that she canmanipulate.






Select the root icon in the client tree, or the domain to which your client is assigned, andclick the Export button.

Save the file to your desktop and use the Notepad application to validate that the exportedfile contains data about the computers in your selected domain(s).

Result

You have exported client status data in a raw-text format.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

Sett

ctivit

Scenari

A numbthink arefiles on ewhen sh

You scheverythinyour Off

the Offi

Validati

Revi Sele

com

Disa Ena Save

Result

You hav

e 5:ngs

5.1 >o

r of your msuspicious.xternal netwright-clicks

duled assessg is runningiceScan user

eScan server

on Checkl

ew the optio

t the optionuters.

le assessme

le the Certif

your setting

configured

Co

Config

bile users arhis is very urks. One of

on a file in

ent mode ffine. You woguide and, b

database is e

ist

s available o

to add manu

t mode.

ed Safe Soft

.

several key gl

figu

ure Gl

using the drseful when tthem asks yoindows Exp

r four weekuld like to ensed on its re

xcluded fro

n the Global

al scanning t

are Service

obal client s

re Gl

bal Sc

ag-and-dropey are workiu if you canlorer.

s, but it has bd assessmen

commendati

real-time sc

Client Settin

the context

ttings.

obal

n Set

method to sg offsite an

add scanning

een two weemode. Youns, you also

anning.

gs page

(shortcut) m

Clie

ings

an individuafrequentlyto the pop-

ks, and so fahave just beewant to mak

enu on client

nt

l files theyust access

p menu

n readinge sure that

23



rend Micro

4

fficeScan 10.

ctivit

Scenari

You areperiod, yanalysis.

Validati

On tdata

S S

Result

You hav

ctivit

Scenari

The comcurrent iconfigurof featurActive Ditems in

As part o

at least oDirectorthe direcfind, andthis strunodes. Ythe defaorganizat

5.2 >o

consultantu want to c

on Checkl

he Global Cland/or send

can for cook

end firewall l

ont consoli

made chan

5.3 >

o

pany that yovestment intion in Offis, includingirectory settihe main nav

f your lab se

ne test structdomain onion provideif necessary,ture with artour server colt Domainional unit fo

Config

nd are still ceate as muc

ist

ient Settingsas much log

es and make

og data hour

ate repetitiv

es to the glo

Config

are providiActive DireeScan includcustom cliengs are confi

gation colu

up, you sho

ure within thyour server.by your instcreate and pficial client cmputer is loontrollers

der.

ure Gl

nducting alog data as

page, selectdata as possi

sure they ar

y

e virus/malw

al client co

ure Ac

g consultingtory configues global congrouping, cured using tn.

ld have

e Activeely on

ructor topulate

omputerated in

bal Lo

ilot programossible for t

ll those optible to the Of

logged

are logs

figuration th

ive Dir

services toation and mfiguration pampliance as

heAdminist

g Setti

for a key cue purposes

ns that willficeScan serv

at affect ho

ectory

ants to donagement.rameters thasessment, anration > Ac

201

gs

stomer. Durif demonstr

reate additioer.

log data is

Settin

ore to leverctive Directare used foruser-accouive Directo

Lab Textboo

Trend Micro Inc

ng thistion and

nal log

anaged.

s

ge itsrya numbert control.

ymenu

.



Administrat

2010 Trend

or Track

Micro Inc.

Validati

On tActi

a

S

c

Use5 a.

VeriCoselecclickmengrayany

AddiUseopti

AddiCo

bn

Itot

ResultYou havthat the

on Checkl

heAdminise Directory

ncrypt yourd enter the:\Document

ave and syn

otice how p

nce completedentials b

he Schedul

.y the resultputers > Clting CustongAddto d. Verify thatd out and isctual change

tionally verifAccountsn is selectab

tionally verifpliance >

erify that tween definedot make any

the Activeb, verify thabjects to expis time.)

configuredfficeScan s

ist

ration > Acdomain of yo

ctive Direcath to the dandSettichronize Ac

ogress is rep

e, verify thattton is succ

d Synchron

y going to tient Groupi

client groisplay the shActive Dirunderlined. (s at this time

y Active Dirage. ClickAethat is, n

y Active Dirutside Serv

warning apand The cuactual chang

Directory/Ithe tree is pand it to test

the Active Drver can rea

ive Directour server an

ory credentiesktop and ags\Adminis

tive Directo

orted at the

the result ressful and th

izationpage

e Networkegpage,ps,and thrt dropdowctory is no

Do not mak.)

ctory integrd,and thent grayed out

ctory integrer Manage

ear: Activerrent outsides at this tim

Address Sopulated witits baseline f

irectory inteActive Dire

ry > Activeenter the d

ls with a simfilename sucrator\Deskt

rysettings.

ottom of th

orted to thet a green che

to configure

d

en

tion settingsverify that th. (Do not m

tion settingsentpage.

Directory dserver mana.)

ope box onActive Direnctionality.

ration settinctory inform

Exercise

irectory Imain creden

ple passworas AD.keop\AD.key.

Active Dire

right of theckmark (tick

daily autom

by going to te Active Dike any actua

by opening t

mains or IPgement repo

the right, onctory data. C(Do not mak

s for Officeation from t

: Configure Glo

tegrationptials.

(pass, for, as in:

ctory Integra

enter domaimark) appea

tic synchron

heAdminisrectory Userchanges at t

he Security

addresses hat is out of d

the Activelick one of te any actual

can and have domain co

bal Client Setti

ge, add the

example)

tion page.

rs.

izations at

rationor grouphis time.)

ve notte (Do

irectorye treehanges at

e verifiedtroller.

ngs

25



rend Micro

6

fficeScan 10.

ctivit

Gro

Scenari

By defauin the cliNetworDirectortree areclient fu

when it is

You woudetermin

address t

Validati

On tDire

S

its

S S

i

C

S

c

NOTEclient, an

placed in

move thi

tree struc

rules tha

AD comp

5.4 >pings

o

lt, when yount tree undeed Computdomain orffected. Selection based

initialized to t

ld like to tesed by an exis

hat will inclu

on Checkl

he Networkctorybased

elect to enab

ive the grouems in the Alect.

elect the testirectory tree

elect to duplito the client

reate a newOfficeScan S

avethe conf

erify that thient-groupin

The baseline

d a domain con

the default Do

computer obje

ture, doing so c

t affect your serv

uter object.

Config

install the Or its NetBIOers > ClientDNS domting custon the Activ

e OfficeScan se

custom-clieting Active

de your serv

ist

ed Computautomatic cli

e the new gr

a name thactive Directo

structure frodisplay.

cate the Actitree.

roup beneaterver icon.

gured group

new rule apg list.

lab setup requir

roller for Active

ain Controllers

t from its defaul

n prevent your

ers OfficeScan

ure Cu

ficeScan clieS domain naGroupingin, but witclient grouDirectory g

rver, for exam

t grouping (irectory stru

r machine.

rs > Clientnt grouping.

uping rule.

is descriptiry tree that y

m within the

e Directory

the root-le

ng rule.

ears in the

s your server m

Directory service

rganizational u

t location to an

xisting setup fro

roup membersh

stom

t software oe. You can

age from Nethese selectis, however,ouping or I

le, on reboot o

and re-groupcture and by

Groupingp

e of theou will

Active

structure

el

utomatic-

chine to functio

s. Your server m

it within Active

lternate organiz

m functioning p

ip it is a good id

utom

n a new comchange groutBIOS-baseons, only neincludes anaddress assi

unload and re

ing) by creaticreating a gr

ge, click to

n as the OfficeS

chine, as the do

Directory autom

ational unit with

operly. Therefor

ea to do so with

201

ted Cli

puter, the cliing selectiogrouping toclients adde

automatic regnment of th

load.

ng one or mup based on

ddan Activ

an server, an Of

main controller,

tically. Althoug

in a custom Acti

, when attempti

ut also moving t

Lab Textboo

Trend Micro Inc

ent

ent appearson theActiveto the

roupinge client

re groupsIP

e

ficeScan

will be

you can

ve Directory

ing to define

he servers

.



Administrator Track Exercise 5: Configure Global Client Settings


Addan IP-address-based automatic client grouping that includes your server client. Select to enable the new grouping rule. Give the group a descriptive name, like Domain Controller Enter the IP address of your server client. Create a new OfficeScan group in the client tree with a descriptive name, like Domain

Controller.

Savethe configured grouping rule. Verify that the new rule appears in the automatic-client-grouping list.

Make the IP-address-based grouping rule the first in the list. Hover your mouse over the list entries to view the details section to the right be

populated with additional profile information about the rule.

Verify that the status column reflects that both rules are enabled. Enable scheduled domain creation to occur daily at 5:30 a.m. Click Save and Create Domain Now.

Monitor the progress of the task as reported dynamically to the console page. Verify the task completes successfully and note the reported finish date and time.

Return to the Networked Computers > Client Managementpage and note the changes. Verify that the Active Directory structure is created beneath the proper group name. Verify the existence of the separate group that is to include your server client.

Verify that your server client is still located in the group that it was prior to configuringthe grouping rules.

Click to view the Manage Client Tree dropdown menu and notice that the options to addand rename domains are grayed out.

Attempt to drag your server client to a different location within the client tree and verifythat this action is no longer allowed.

Unload and reload the client software on your server and verify that when it reconnects tothe OfficeScan server that its group membership is automatically changed.

Remove the OfficeScan groups that you created before you enabled the custom clientgrouping feature.

Perform and additional testing steps as directed by your instructor and be prepared todiscuss the meaning of the differences between using custom client grouping and any one ofthe three other options for grouping clients.

Result

You have changed the way that clients are grouped by default in the client tree and have enabledthe automated regrouping of clients based on either IP address and/or Active Directorycontainer.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

ctivit

Scenari

You havpropagat

Validati

On ttree

Ena Use

S S

Ena Start Noti Retu

a gre

ResultYou hav

e 6:6.1 >

o

discoverede.

on Checkl

he Networknd click Sta

le the Outbr

he Outbrea

dd port num

elect port 21

ave your con

le user notif

outbreak pr

ce the displa

rn to the clieen tick mark

configured

Pre

Config

a new and qu

ist

ed Computt Outbreak

eak Preventi

Preventio

ber 21210 (i

File Transfe

figuration set

cation and

vention

of the user

nt tree view,appears in th

the Outbrea

ent

ure O

ickly spreadi

rs > Outbrrevention.

n Policy to

Settings >

coming and

(FTP) and t

tings

odify the m

essage.

select you doe OPP colu

Prevention

Out

tbreak

g threat tha

ak Preventi

block ports.

Port Blocki

outgoing) fo

he added por

ssage that wi

main in whin.

settings to bl

rea

Preve

is using por

onpage, sele

ngpage to

r TCP and U

t number 21

ll be sent to

h your client

ck traffic o

s

tion

t 21 and 212

ct the root o

DP

210

sers.

resides, and

port 21 and

0 to

the client

verify that

21210.

29





Activity 6.2 >Standard NotificationsScenario

As you continue to test your pilot OfficeScan deployment, you want to receive notifications sentto administrators as often as possible and in as many ways as possible. But you want to reducethe amount of information given to users about threat detections.


If your lab setup supports it (see the note above), use the Notifications > AdministratorNotifications > General Settingspage to enter SMTP information in the EmailNotification section.

Use the Notifications > Administrator Notifications > Standard Notificationspage to: Set the criteria to send notifications as often as possible. Enable and configure Email notifications Enable NT Event log notifications

Use the Notifications > Client User Notificationspage make these modifications: Remove the second sentences in the default messages for virus/malware detections and

infection source notifications, for the spyware/grayware notification, and for the firewallviolation notification.

Replace the deleted sentences with a request that the user immediately contact you forassistance. Include your cell phone and pager numbers:

Contact {Your name} immediately for assistance!

Cell: {Your cell phone number}

Pager: {Your pager number}

Result

You have configured standard alerts and have customized client notification messages.

NOTE To receive email alerts, your lab configuration must include an SMTP server and your instructor w ill need toprovide you with the SMTP server IP address, port number and an email address. This setup will not be available in all

situations; consult your instructor for details.



Administrator Track Exercise 6: Prevent Outbreaks


Activity 6.3 >Outbreak NotificationsScenario

During the last two years, virus attacks have increased during the months of September andOctober. To provide extra protection during these months, you want to configure the thresholdfor Outbreak Notifications to three viruses being detected within a one-hour interval.


Use the Notifications > Administrator Notifications > Outbreak Notificationspage to:

Set the virus/malware outbreak criteria to three detections in one hour Enable Email notification for all outbreak notifications Enable system event logging for virus/malware and spyware/grayware outbreaks.

Result

You have configured OfficeScan to alert you if three viruses are detected during a 60-minuteinterval.

Activity 6.4 >Test the Alert Settings

Scenario

In this activity, you will use the European Institute of Computer Anti-Virus Research (EICAR)virus to test the alert settings that you configured in Activity 6.1.


Copy the EICAR virus to the desktop. Use the Windows system Event Viewer (launch eventvwr.msc /s or click Start >Programs > Administrative Tools > Event Viewer) to find the log entry for the virus

event.

Copy the EICAR file to the desktop two more times Use the Event Viewer to find the log entry for the outbreak event.

Result

You have used the EICAR virus to the desktop to test your notification settings.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

Ad

ctivit

Acc

Scenari

In this aassign itthat rolerole forenough

Validati

Clic C S

c

Add

C

Testpassthis

Thinthatthey

e 7:inis

7.1 >unt

o

tivity you wio that role.all of the rigView-onlyrivileges to

on Checkl

Administr

ame your ro

lick Define

elect/deseleceating and S

epeat the pr

a user accoulickAdd fro

uery your lo

ssign the ac

your accounord you gaser instead

k about the tou know ab

might be im

Co

rati

Create

l create at leirst you wants and privil

Auditor thallow view ac

ist

tion > User

le and give it

Client Tree

t view and cave.

cess for the

t using them Active Di

cal domain f

ount to one

by logging ie it. Note anf as the root

ypes of rolesout. Be preplemented us

figu

n S

Custo

st two custot to add a neges across t

t has access tess to overa

Rolesand t

a descriptio

cope, make

nfigure right

second role.

dministratrectory.

r the admini

f the roles t

n to the many differencesadministrato

that wouldred to shareing the Offic

re

ttin

Role

user roles,role called

e entire clieo only a portl status and l

enAddto

.

the appropri

s according t

on > User

strator accou

at you just

agement conin the manar.

e suitable foyour ideas aeScan tools

s

s and

and then creTop-levelt tree. Nextion of the cliog data.

egin.

ate selection

o the needs

ccountspa

nt (or other

reated.

sole with theement cons

your particout possible

vailable.

dd a

ate a user acdmin and aou want to

ent tree and

(s), and then

f the role th

e.

alid user ac

username anle when log

lar companyuser types a

ser

ount andssign toreate aas only

click Save.

t you are

ount)

ded in as

, or oned how

33





Result

You have configured custom user roles and added one or more Active Directory users to the

system.

Activity 7.2 >Configure Quarantine ManagerScenario

Whenever a client detects malware in a file and the scan configurations for that type of malwareare set to Quarantine, OfficeScan encrypts the infected file and sends it to the quarantine folderon the server. You can configure the capacity of the quarantine folder and the maximum file size

for every infected file that can be stored in it.

In this activity, you will increase the size of the quarantine folder because you manage a largenetwork that includes 4000 workstations.


Use theAdministration > Quarantine Managerpage to increase the capacity of thequarantine folder to 20480MB.

Click the Save Quarantine Settings button. Click OKin response to the dialog box toconfirm that you want to modify the quarantine settings.

Result

You have doubled the amount of server hard disk space reserved for quarantined files.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

ClieOfficeScenterpris

Modupd

Crea Veri

ctivit

Scenari

Login scthat logocomponthe Logi

Validati

LaunOffi

Sele Ente

pass

Add The

ClicOffi

Vericont

e 8:ts

an provides te. In this exe

ify the Windtes for all cli

te a client set

y OfficeSca

8.1 >o

ipts enable yn to the netnts when exScript Setu

on Checkl

ch the LogineScan Serv

t the local se

r the appropord in the

Guestand I

Login ScripOK and theScan client

y that Officains the login

De

ools for concise, you wil

w Server lonts that log

up package t

Client funct

Modif

ou to automork, and tosting Officetool to auto

istScript Setup

er-{Server

rver from th

riate usernamPassword fi

SR_{YourSt Modifiedn Exit. Theinstallations

Scan createdscript modi

loy

iguring, depll:

in script tonto the Win

deploy the

ionality on y

the S

te OfficeScautomaticallycan clients lmatically mo

program byame} > Lo

domain/w

e in the Coeld.

rverName}ialog box apelected usersand updates.

the C:\WINNications.

ffic

oying, and u

utomate Offows networ

OfficeScan

ur compute

rver L

n Client instupdate virusgon to the ndify the Win

clicking Starin Script Se

rkgroup tree

nnect As fie

to the selecte

pears to conand user gr

T\SYSVOL\DO

eSc

dating Offic

iceScan Clie

lient to user

gin S

llations forpattern filesetwork. In tows login s

t > Progratup.

to create an

ld and enter

d users list,

irm the logiups will no

AIN\SCRIPT

n

eScan clients

t installation

s at a remote

ript

nprotected cand client pris activity, yript.

s > Trend

OfficeScan l

the correspo

nd then click

script modiautomaticall

\OFCSCAN.

across the

s and

office

omputersgramu will use

icro

gin script.

ding

Apply.

ications.y receive

ATfile that

35



rend Micro

6

fficeScan 10.

Result

You hav

ctivit

Scenari

Client Pfiles.

In this a

deploym

Validati

LaunClie

Sele Clic

the n

Clic Clic

Clos

Result

You hav

NOTEClient is

because

available

Client Pa

modified th

8.2 >o

ckager can c

tivity, you w

ent to a rem

on Checkl

ch the file C:ntPackager\

t to create a

next tame of Off

Create. Lo

OKin resp

e,and then

created a cl

In your lab e

lready installed

if an SMTP serve

to users by plac

ckager dialog b

e login script

Create

eate executa

ll use the Cli

te office wit

ist

\ProgramFClnPack.exe

MSI pack

the OutpiceScanSetup

ok for the pr

nse to the c

erify the MS

ent setup pa

vironment, yo u

on your server c

r is not availabl

ing it in a shared

x.

to install th

a Clie

le (.exe) file

ent Packager

Windows

les\Trend.

age for Win

t file text b.msi Click

ogress indic

nfirmation t

I file appears

kage.

ay not be able

omputer. In add

. In a productio

network directo

OfficeScan

t Setu

s and Micros

to create a s

P clients.

Micro\Offic

ows 32-bit o

x and selectave.

tor.

hat the pack

on your des

xecute the clien

ition, you will no

environment, y

ry or you can em

client.

Pack

ft Installer

tup file in th

eScan\PCCS

perating syst

to save the f

ge was succ

top.

t setup package

be able to emai

u can make the

ail it by pressin

201

ge

ackage For

e .msi forma

V\Admin\Uti

ems.

ile to the des

ssfully create

because the Off

il the client setu

client setup pac

the Send Mailb

Lab Textboo

Trend Micro Inc

at (.msi)

for

lity\

top with

d. Click

iceScan

package

kage

utton in the

.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

Offi

ctivit

Com

Scenari

There arcomponupdate t

Validati Upd

u

p

Afte c C

p

Result

You havyour Off

e 9:eSc

9.1 >ponen

o

times, suchnts and deple server afte

on Checklate the serve

erify that thpdates > S

se the Updpdate the ser

onitor the page.

the server i

se the Updmponents o

lick Initializ

se the Logsrogress and t

manually uiceScan clien

Up

n C

Manu

ts

as after a viroy these comr it is initially

ist

Trend Micrver > Upda

tes > Servever.

rogress of th

updated, de

tes > Netwn all clients

e Updatean

> Networkhe details of

dated the Ot.

ate

m

lly Up

s outbreak,ponents to ainstalled.

ActiveUpdte Sourcep

> Manual

e update pro

loy the upd

rked Compith outdated

d then OKt

d Computethe notificati

ficeScan co

and

one

ate a

hen you shll OfficeScan

ate server is lge.

pdatespag

ess as show

tes.

uters < Macomponent

confirm th

r Logs > Coon event.

ponents an

Dep

ts

d Dep

uld manuallclients. You

sted as the u

e to select all

on the Man

ual Update

action.

mponent U

manually d

loy

loy

update theshould also

pdate source

components

ual Update P

page to upd

pdatepage t

ployed the u

OfficeScananually

on the

and

rogress

ate all

o view the

dates to

37





Activity 9.2 >Configure an Update AgentScenario

You manage a company that recently opened a branch office in another city. To decrease theamount of traffic that is sent over the WAN link between the main office and the branch office,you want to configure an update agent at the branch office. Updates for OfficeScan will then besent only once over the WAN link.

You have assigned the following range of IP addresses to the workstations at the branch office:192.168.115.80to 192.168.115.100 .

Validation Checklist Use the client tree viewer on the NetworkedComputers > Client Managementpage to

select your client.

On the toolbar, click Settings > Update Agent Settingsand select to enable update-agent functionality on the selected client. Click Saveand then Close.

A green tick mark will appear in the Update Agent column in the content pane of theclient tree viewer and the computer icon will change when update-agent functionality isenabled.

Use the Updates > Networked Computers > Update Sourcepage to configure clients touse the new update agent.

Select Customized Update Sourceradio button and click theAddbutton under theheading Customized update source list.

On the Add IP Range and Update Source page, enter the range 192.168.115.80 to192.168.115.100 and select Update agentas the update source and select your labcomputer using the drop-down menu. Click Save.

Click Notify All Clients.A message appears, reporting that the clients have beennotified. Then, click Back.

On the Update Source (Networked Computers) page verify that option Update Agent:always update from standard update source (OfficeScan server) is selected and clickSave.

Use the Updates > Server > Scheduled Updatespage to enable scheduled updates for allcomponents daily and to start update notifications at midnight and update for a period oftwo hours.

Use the Updates > Networked Computers > Automatic Updatepage to initiatecomponent updates on clients immediately after the OfficeScan server downloads a newcomponent.



Administrator Track Exercise 9: Update and Deploy OfficeScan Components


Result

You have configured an update agent and specified which clients should download updatedcomponents from the update agent.

You have automated server updates and have enabled an event-triggered, automaticdeployment.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

theIn this laconfigur

ctivit

Offic

Scenari

Becausegranted

was infeall the seOfficeSc

Validati

Useright

Opethes

Sc

Sa

I F

v

o

o

e 1

lieexercise, ythe Enterpr

10.1

eScan

o

ou are a knou the client

ted by a viruvices on youan to scan ev

on Checkl

he Networs possible fo

the Officecriteria:

can all scann

eated/modi

can the flops many layers

you can, ap

se the clean

or antivirusirus/malwar

For Joke, s For Trojan

:Ct Cu will use thise Client Fir

ConfiClient

wledgeableprivileges yo

s just last mor computer.ery file and t

isted Computyour Office

can client co

able files and

ied and as th

y disk at shudeep as you

ly this same

action for an

canning, usetype:

elect Clean

, select Qua

nfig

nsolOfficeScan

ewall. You w

ure S

onsol

omputer useu need to co

nth, and youo prevent tscan for all

ers > ClientScan client.

nsole and co

apply real-ti

ey are receiv

tdown, enablcan.

level of scan

i-spyware

customized

nd Quarant

antine

re

eClient Consill also test y

an O

r, the networfigure your

lost time cleis from haptypes of thre

Manageme

figure the o

e scanning

d.

e IntelliTrap,

ning to anti-s

scan actions

ine

etti

le to configur settings.

tions f

k administraown scan op

aning the infening again,ats.

tpage to en

tions for re

o files as the

and select t

pyware scan

nd apply a s

gs

re scan opti

om th

or at your coions. Your c

cted files anyou want to

able all featu

l-time scans

y are being

scan compr

ing

ecific action

n

ns and to

e

mpany hasomputer

restoringconfigure

res and all

according

essed files

for each

41





o For Virus, select Cleanand Quarantineo For Test Virus, select Quarantineo For Packer, select Quarantineo For Other, select Cleanand Quarantine

Result

You have configured the scan options using the OfficeScan Client Console.

Activity 10.2 >Configure OfficeScan Firewall fromthe Client Console

Scenario

In this activity, you will use the OfficeScan Client Console to enable the OfficeScan firewall andconfigure it to block inbound and outbound Telnet connections.


Launch the client console and click the Firewall tab to display the current firewall settings. Select enable the firewall, intrusion detection systems (IDS), and notifications. Select the network card from the network card list, and click Editto access the exception

rule list.

ClickAddand use the exception rule dialog box to add a Block Telnet rule that deniesinbound and outbound network traffic on the specified TCP port 23 for all computeraddresses.

Applythe new rule to the firewall traffic filter and clickYesto confirm the action.

Result

You have used the OfficeScan client console to configure the firewall.

Activity 10.3 >Test Your SettingsScenario

In this activity, you will test your scan and firewall settings.



Administrator Track Exercise 10: Configure Settings on the Client Console



Test the scan options. Copy the European Institute of Computer Anti-Virus Research (EICAR) test virus to the

desktop. An alert appears, reporting that OfficeScan detected a virus.

Click the virus name to view details about the virus, including the action taken. Test your firewall settings:

Open a Command Prompt Try to launch a telnet session by entering the following command:

telnetLab_Computer_IP_Address

A message appears at the command line, reporting that a telnet session could not beestablished. Then an OfficeScan alert message appears, reporting that OfficeScandetected a problemsuch as a firewall violation or a network virus. Your lab computer isnow blocked.

Navigate to the logs tab and view the firewall logs to inspect the details of the blockedconnection.

Result

You have tested the scan options that you configured from the OfficeScan client console. You have tested the OfficeScan firewall settings that you configured using the OfficeScan

client console.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

FireIn this laconsole.

ctivit

Scenari

You manYou havthem.

Validati Use

click

Crea

VeriCom

Result

You hav

e 1

allexercise, y

11.1

o

age the netwbeen asked

on Checklhe NetworngAddin t

te and save a

ame: Lab

efault securi

nable the fir

nable the lo

emove/delet

dit the HTTTTPS traffi

y that your nputers page.

configured

:Cu will config

Creatork for a coto secure the

isted Compute toolbar.

new policy t

omputers

ty level: Hig

wall, IDS, a

al and global

e all exceptio

, and HTTto a range

ew policy ap

a policy for a

nfig

ure the Offi

a Pol

puter softwlab comput

ers > Firew

at meets th

d notificatio

Certified Sa

ns except fo

S policies tof IP address

pears in the l

given scena

re

eScan firewa

icy

are companyrs so that on

ll > Policie

se specificati

n options

e Software li

DNS, HTT

limit allowees that incl

ist on the Fir

io.

ffic

l using the

that is workily the softwa

page to ope

ons:

sts.

P and HTTP

inbound/odes your cli

ewall Policie

Sca

fficeScan m

ng on a newre engineer c

n the Policy

S

tbound HTnt/server.

for Networ

n

nagement

product.an access

Editor by

P and

ed

45





Activity 11.2 >Create a ProfileScenario

In this activity, you will create a profile for the scenario outlined at the beginning of this labexercise.


Use the Networked Computers > Firewall > Profilespage to open to add a profile byclickingAddin the toolbar.

Configure and save a new profile that meets these criteria. Name : Test Computers Description: Profile for computers testing new software. Policy: The Lab Computers policy you created in the previous activity IP address: a range of IP addresses that includes your lab computer Platform: Windows Server (Server 2003, Server 2008)

Assign the profile to clients.

Result

You have applied a custom firewall policy to a specific set of computers.

Activity 11.3 >Test the OfficeScan Firewall SettingsScenario

In this activity, you will test the profile and the policy you created in the activities above.


Open a Command Prompt and attempt to start a Telnet session by entering:telnetLab_Computer_IP_Address

A message appears at the command line, reporting that a telnet session could not beestablished. Then an OfficeScan alert message appears, reporting that OfficeScan detected aproblemsuch as a firewall violation or a network virus. Your lab computer is now blocked.

Open the OfficeScan client console, click the Logs tab, select Firewall Logs,and clickView Logsto view details about the event.



Administrator Track Exercise 11: Configure OfficeScan Firewall


Return to the web-based management console and use the Networked Computers >Firewall > Profilespage to disable the Lab Computers profile.

Click the name Lab Computers to edit the profile. Deselect the Enable this profile option and click Save. Assign the profile to clients.

Result

You have tested the policy and profile you created in prior activities. You have disabled the profile you created in Activity 11.2.



dministrator

2010 Trend

E

Track

Micro Inc.

erci

Co

ctivit

Scenari

You havpresidentthe past

To reassantivirusshowingreceive a

Validati

UsinPCCS

In thlab c

Conappe

c

F C

o

o

o

o

o

e 1

put

12.1

o

just been hiis concernend has been

re the compsoftware anhim detailed

email mess

on Checkl

g WindowsRV\Admin\Ut

e From andomputer.

igure the setars.

ccept the de

ecks for thior Method

onfigure No

Select E When the

fields.

In the SM

Edit the Click OK.

:Drs

Man

red as the neabout the nreading abo

any presidenimmediatelinformationage when the

ist

Documents

OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818