Upload
kabutsuchi
View
223
Download
0
Embed Size (px)
Citation preview
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 1/56
T
T
La
enffic
SP/T
b Tex
eSc
SE T
book
icran
raini
1
g Co
.6
urse
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 2/56
Trend Micro OfficeScan 10.6 Lab Textbook
2 2010 Trend Micro Inc.
Information in this document is subject to change without notice. The names of companies, products, people,characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is theresponsibility of the user.
Portions of this manual have been reprinted from the Trend Micro OfficeScan 10.5 Installation and UpgradeGuide, copyright 1998-2010, Trend Micro, Inc.; Trend Micro OfficeScan 10.5 Administrators Guide, copyright1998-2010, Trend Micro, Inc.; and the Trend Micro Smart Scan for OfficeScan Getting Started Guide, copyright2009-2010, Trend Micro, Inc.
Copyright 1998-2010 Trend Micro Incorporated. All rights reserved.
No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted withoutthe express prior written consent of Trend Micro Incorporated.
Trend Micro, the Trend Micro t-ball logo, TrendLabs, and OfficeScan are trademarks or registered trademarks ofTrend Micro, Incorporated. All other brand and product names are trademarks or registered trademarks of theirrespective companies or organizations.
Program Manager:Tom BrandonEditorial:Alexander Sverdovskva
Released:August 2010 v3.6
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 3/56
Administrator Track
2010 Trend Micro Inc. 3
Table of Contents
Exercise 1: Validate Lab Setup ...................................................................................5Activity 1.1 > LAN Requirements ............................................................................................................ 5Activity 1.2 > Server Requirements ........................................................................................................ 5Activity 1.3 > Lab Preparation .................................................................................................................. 6
Exercise 2: Install OfficeScan .....................................................................................7Activity 2.1 > Prepare to Install OfficeScan ........................................................................................ 7Activity 2.2 > Install OfficeScan Server ................................................................................................. 8Activity 2.3 > Verify the Installation ....................................................................................................... 9
Exercise 3: Configure Smart Scan .......................................................................... 13Activity 3.1 > Configure Smart Protection Sources ..................................................................... 13Activity 3.2 > Configure Integrated Server Settings and an Update Schedule .............. 13
Exercise 4: Configure Client Settings .................................................................... 15Activity 4.1 > View Client Status and Configure the Client Tree .......................................... 15Activity 4.2 > Configure Client Scan Settings ................................................................................ 16Activity 4.3 > Change the Scan Mode for One or More Domains ...................................... 17Activity 4.4 > Configure Client Privileges ......................................................................................... 18Activity 4.5 > Enable and Configure WRS ....................................................................................... 19Activity 4.6 > Enable and Configure Behavior Monitoring and Device Control ............ 20Activity 4.7 > Export Client Management Data ............................................................................. 21
Exercise 5: Configure Global Client Settings ....................................................... 23Activity 5.1 > Configure Global Scan Settings ............................................................................... 23Activity 5.2 > Configure Global Log Settings ................................................................................. 24Activity 5.3 > Configure Active Directory Settings ...................................................................... 24Activity 5.4 > Configure Custom Automated Client Groupings ............................................ 26
Exercise 6: Prevent Outbreaks ................................................................................ 29Activity 6.1 > Configure Outbreak Prevention ............................................................................... 29Activity 6.2 > Standard Notifications ................................................................................................. 30Activity 6.3 > Outbreak Notifications ................................................................................................. 31
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 4/56
Trend Micro OfficeScan 10.6 Lab Textbook
4 2010 Trend Micro Inc.
Activity 6.4 > Test the Alert Settings ................................................................................................. 31Exercise 7: Configure Administration Settings ................................................... 33
Activity 7.1 > Create Custom Roles and Add a User Account ............................................... 33Activity 7.2 > Configure Quarantine Manager ............................................................................... 34
Exercise 8: Deploy OfficeScan Clients ................................................................... 35Activity 8.1 > Modify the Server Login Script ................................................................................ 35Activity 8.2 > Create a Client Setup Package ................................................................................. 36
Exercise 9: Update and Deploy OfficeScan Components ................................. 37Activity 9.1 > Manually Update and Deploy Components ...................................................... 37Activity 9.2 > Configure an Update Agent ...................................................................................... 38
Exercise 10: Configure Settings on the Client Console ..................................... 41Activity 10.1 > Configure Scan Options from the OfficeScan Client Console ................ 41Activity 10.2 > Configure OfficeScan Firewall from the Client Console ............................ 42Activity 10.3 > Test Your Settings........................................................................................................ 42
Exercise 11: Configure OfficeScan Firewall .......................................................... 45Activity 11.1 > Create a Policy .............................................................................................................. 45Activity 11.2 > Create a Profile ............................................................................................................. 46Activity 11.3 > Test the OfficeScan Firewall Settings ................................................................. 46
Exercise 12: Detect Vulnerable Computers .......................................................... 49Activity 12.1 > Manually Scan Computers ....................................................................................... 49Activity 12.2 > Configure a Scheduled Task for Vulnerability Scans .................................. 50Activity 12.3 > Perform a Security Compliance Query .............................................................. 51
Exercise 13: View OfficeScan Logs......................................................................... 53Activity 13.1 > View Firewall Logs ....................................................................................................... 53Activity 13.2 > View Virus/Malware Logs ......................................................................................... 53
Exercise 14: Creating a Client Update Package (Optional Activity) ............... 55Activity 14.1 > Verify Connections ...................................................................................................... 56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 5/56
dministrator
2010 Trend
E
Track
Micro Inc.
erciThis lab2003/20server haMicro w
ctivitYour lab
A un Inter Hub Cate
ctivit
Your lab
1.86 1 G 3.5 Ethe Key
Your lab
Windom
Micr MicrNOTEOfficeSc
virtual m
machine
e 1:emonstrate8 operating
rdware. For ibsite (http:
1.1 >LAN config
ique, static I
net access
or switch wi
ory 5 Unshi
1.2 >server shoul
GHz Intel C
of RAM
B hard-disk
rnet adapter
oard, monit
server shoul
ows Serverain controlle
osoft Intern
osoft Intern
Because the
n features usin
chine. Your clas
as clients. Foll
ValiTrend Micrsystem. In anformation//www.trend
LAN Ruration shoul
address for
th sufficient
elded Twiste
Server
meet these
ore2 Duo pr
space
card
r (with at le
meet these
003 with Se(PDC)
t Informatio
t Explorer 7.
OfficeScan clien
a single server
sroom setup ma
w your instructo
ateOfficeScanroduction ebout platformicro.com)
quired meet these
each lab co
orts to inter
Pair (UTP)
Requir
minimum h
cessor or eq
st 1024 x 76
minimum o
vice Pack 2
Server (IIS
0 or later
t can run on the
achine. It is als
y, additionally,
rs guidance wit
Labrunning onvironment,
and hardwr refer to O
entsminimum re
puter
connect lab
cables to int
ement
rdware requi
uivalent
8 pixel resolu
erating-syste
r later, instal
6.0 or later
Windows Server
o possible to im
rovide you with
regard to modi
SetMicrosoftou can use
are support,ficeScan do
quirements:
quipment
rconnect la
rements:
tion), and m
m requireme
led as a stan
(7.0 for Serv
platform, you ca
plement the ser
ne or more add
fications and ca
pindows Serther platforlease visit t
umentation.
equipment
use
nts:
alone server
r 2008)
n demonstrate
er configuration
itional real or vir
eats to the basi
ers and
e Trend
/ primary
ost
within a
tual
lab setup.
5
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 6/56
Trend Micro OfficeScan 10.6 Lab Textbook
6 2010 Trend Micro Inc.
Activity 1.3 >Lab PreparationYour lab instructor will provide:
OfficeScan installation files Valid activation codes for OfficeScan services IP address/domain name for the OfficeScan server Administrator rights (local or domain) to your lab computer Pre-configured Active Directory structure or instructions on how to configure your directory
for testing Active Directoryintegrated OfficeScan features.
The European Institute of Computer Anti-Virus Research (EICAR) test virus file Optional: SMTP server information (for your local machine or classroom server) and email
addresses
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 7/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
ctivit
Scenari
You havcustomeexistingbaseline
Simple,informatmeets th
For thisdescriptitextbookspecific
Validati
Veri 1 1 3
Veri
e 2:2.1 >
o
been hired. Before younvironment,unctions rel
ritten noteson, etc. Youminimum h
ctivity, and tns as a guid
, as well as trocedures, o
on Checkl
y minimum
indows Ser
.86 GHz Int
GB of RA
.5 GB availa
icrosoft Int
icrosoft Int
y that IIS is
NOTE To l
Information
Inst
Prepar
as a consultamodify anyyour own coted to your
will suffice fmust also vaardware and
hose that folfor complete aid of other troublesho
ist
ost-system
er 2003 with
l Core2 Duo
(2 GB reco
le hard-disk
rnet Inform
rnet Explore
unning
aunch the IIS Co
Services (IIS)
ll O
to In
t to install af your custompanys proork.
r your doculidate that thsoftware req
ow, use theing your tasr classroomt problems
equirements
Service Pac
processor o
mmended fo
space
tion Server (
r 7.0 or abo
nsole, click Sta
Mangeror run:
ffice
tall Of
pilot-installamers compucedures requi
entation ofe system onuirements.
alidation chs. Use yourarticipants tou may enc
for OfficeSc
2 or above
equivalent
r Server 200
IIS) 6.0 or a
e
t > Program
: {windir}\system
can
iceSca
ion of Officters or any nre you to do
IP addresseshich you wi
cklists that fwn knowledfill in anyunter.
an:
)
ove (7.0 for
> Administ
32\inetsrv\iis.
n
eScan for a letworking decument and
, domain nall install Offi
ollow the scege, the studeissing parts,
Server 2008)
ative Tools >
sc
rgevices in thealidate all
es, logineScan
nariot
explain
Internet
7
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 8/56
rend Micro fficeScan 10.
Vali Veri Coll
Forinfor
Ping Veri
(www
Ensoneby n
Veri Con Coll
Result
You havrequirem
ctivit
Scenari
You havyour hosconfigurand its inUse thesactivity.
Validati
Install th
ate network
y and note I
ct any otherxample, askmation in or
the localhosy basic browgoogle.com,
re DNS funr more sepame.
y location o
irm that you
ct and verif
verified thaents for inst
2.2 >o
successfullsystem andtion paramestructions foinstruction
on Checkl
e OfficeScan
connectivity
configurati
network seryour instructder to config
t (commandser functionfor example
tionality byrate client m
OfficeScan
have admini
Active Dire
your lab colling OfficeS
Install
validated thhave documers. Next, lor installing Oas a referen
ist
server softw
n (comman
ice informator to confirre OfficeSc
line: pingllity. Load intas told by y
inging yourchines, ensu
oftware, acti
strator login
tory inform
puter is funcan server an
fficeS
baseline funted all rele
cate your stufficeScan sere for compl
are using the
line: ipcon
on that maywhether yon server to
ocalhost) anernal class wur instructo
orkstationre that all of
vation codes
ame and pa
tion as provi
ctional and td client soft
can Se
ctionality ofantent textboo
ver software.ting this
se checklist i
ig/all)be required fwill need ae able to rea
d ping the geb page or or.
y name. If your machin
, and test vir
sword for y
ded by your
at is meets tare.
rver
ems as guide
201
rom your laby proxy-serv
ch the Intern
tewayher site
our lab setups can ping e
s file.
ur computer
instructor.
he minimum
lines:
Lab Textboo
Trend Micro Inc
instructor.eret.
includesch other
.
system
.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-20116345023435033688 9/56
Administrat
2010 Trend
or Track
Micro Inc.
Sele To s Instuse
in th
Ena Pay Sele
testifunc
Not Sele
IIS v
Sele Sele Do Parti Ena Ena
ResultYou hav
ctivit
Scenari
After insvalidate tbased mof its pa
In the netest enviinstallati
Inst Servi High
t to install th
ave classroo
ll to IIS usinf Apache, bre lab setup.)
le SSL.
pecial attent
t for the serg the possibioning prop
that if you
t to install th
irtual websit
t to install th
t to install th
ot install an
cipate in the
le the client
le spyware/
installed th
2.3 >o
alling the Ohe installationagement ces.
xt few days,onment thatns. The cust
llation/prog
ces and exec
-level registr
e OfficeScan
time, consi
g the virtualiefly consult
on to port n
er to be idenilities for cusrly before se
lready have
e integrated
, the Smart
e integrated
e OfficeScan
of the Cisco
Trend Micro
firewall and
rayware asse
OfficeScan
Verify
ficeScan sern in a simplensole, loggin
our custommonitors chomer has ask
am directori
utable names
keys.
server softw
er skipping
ebsite optiowith your in
mbers and
tified by doom client grlecting this o
ctivation co
mart Scan s
can server S
eb Reputat
client softw
NAC comp
Smart Feed
elect to enab
ssment mod
server and th
he Ins
er software,way, by laung in, and bri
r will be addnges to systed for a list
es
that will be
are on this
the prescan (
n. (If your retructor to id
ote those th
ain name. Tuping, but
ption.
es, you will
erver. Note t
SL port will
ion Service
re in additio
onents
ack program
le the firewal
for the min
e OfficeScan
allatio
you will wanching the wefly navigatin
ing an IT invm configuraf
unning
computer.
consult your
al-world orgntify any iss
t your syste
his will giveou must also
ot need to r
at because
e 4345.
n to the serv
l on server p
imum numb
client on yo
to-a few
entory manaions and rep
Exercise 2
instructor).
nization reqes that may
will be usin
ou more fleensure that
gister online
ou are install
r software
latforms
r of weeks
ur lab compu
ement systeorts new sof
: Install OfficeS
ires thebe unique
g
ibility forNS is
.
ing to an
ter.
to theware
can
9
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 10/56
Trend Micro OfficeScan 10.6 Lab Textbook
10 2010 Trend Micro Inc.
Now would be a good time to verify that these items are correctly listed in the systemdocumentation. (You don't have to write all this information down for the lab activity. Simply,verify that the documentation is correct, note any discrepancies and prepare to provide this to
your customer.
Validation Checklist
Launch the management console and login Verify that the client status icon appears in the system tray Verify the location of the OfficeScan program files
C:\ProgramFiles\TrendMicro\OfficeScan C:\ProgramFiles\TrendMicro\OfficeScanClient
View the list of services to identify OfficeScan services(Click: Start > Programs > Administrative Tools > Servicesor execute the command: services.msc/s)
OfficeScan Active Directory Integration Service (osceintegrationservice.exe) OfficeScan Control Manager Agent (OfcCMAgent.exe) OfficeScan Master Service (OfcService.exe) OfficeScan NT Listener (TmListen.exe) OfficeScan NT Proxy Service (TmProxy.exe) OfficeScan NT RealTime Scan (NTRtScan.exe) Trend Micro Local Web Classification Server (LWCSService.exe) Trend Micro Smart Scan Server (iCRCService.exe)
Launch the Windows task manager to verify these additional modules: CNTAoSMgr.exe(client plug-in service manager) DbServer.exe(server) PccNTMon.exe(client)
Launch the Windows registry editor (regedit.exe) and verify the registry keys HKLM\Software\TrendMicroInc.\ServerSetup HKLM\Software\TrendMicro\DatabaseBackup HKLM\Software\TrendMicro\NSC HKLM\Software\TrendMicro\OfficeScan HKLM\Software\TrendMicro\PCcillinNTCorp HKLM\Software\TrendMicro\RemoteInstall HKLM\Software\TrendMicro\Solar
Optional: view the OFCMAS.LOG(server) and OFCNT.LOG(client) logs in the Windowsdirectory.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 11/56
Administrator Track Exercise 2: Install OfficeScan
2010 Trend Micro Inc. 11
Result
You have verified the names and locations of OfficeScan components and demonstrated that
OfficeScan was installed correctly on your lab computer.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 12/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 13/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
ctivit
Supposeserver, athe Trenactivity,your stan
Go thype
Addstan
Addselecconn
Use
ctivit
and
In this sto be ablits patterAccess t
Ena Ena Leav
Acti
e 3:3.1 >
that you havd that youMicro Glo
ou will add tdard list and
o the Smartrlink to conf
the standaloalone server
the Trend Mt File Reputection. Leav
he arrows to
3.2 >an Up
enario, althoe to query th
file regularle Smart Pr
le the integr
le scheduled
e the UpdateeUpdate ser
Co
Config
e a standalonant to confial Smart Sca
he standalonput the serv
Protectiongure the list
e server. Fo. Invent a U
icro Globalation Servicee Web Repu
adjust the o
Config
ate Sc
ugh you plane integratedy, but not sotection > I
ated Smart S
updates and
Sources at ters.
figu
ure S
e Smart Scanure internaln Server, sece server andrs in the cor
Smart Proo be used b
the purposL and do no
mart Scan Ss and SSL,tation Servic
der of your l
ure Int
hedul
to have a stmart Scan sefrequently ttegrated Se
an server fo
set the frequ
eir default s
re S
art Pr
server in adlients to con
ond; and thehe Trend Miect order.
ection Sourall internal
of this lab at clickTest
rver (osce1 enter portes uncheck
ist.
grate
ndalone Smrver as a bacat updates crverpage an
both file an
ency to ever
ettings for up
art
tectio
ition to younect to the sintegrated secro Global S
cespage andlients.
ctivity, you donnection.
5.icrc.tre
umber 443,d.
Serv
rt Scan servup. You wansume tooset the foll
web reputa
hour.
dating from
Sca
Sour
integrated Sandalone serrver, third. Imart Scan Se
click the sta
o not actuall
dmicro.com/
and then test
r Setti
r, you also wt the serveruch bandwi
wing:
tion services.
the Trend M
es
mart Scanver, first;
thisrver to
ndard list
have a
tmcss),the
gs
ant clientsto updatedth.
cro
13
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 14/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 15/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
ctivit
Clien
Scenari
The clien> Clientcheckingconfiguriincludinsearch re
In a fewmanage
Beco Und
displ
Crea
Validati
Loc Com
Sum
Usewheclien
Usedispl
AddbusiSalesstru
Dele
e 4:4.1 >t Tree
o
t tree viewerManagemethe status ong client settscanning, usults.
days, you wilent. To pre
me familiar
erstand howay antivirus
te a number
on Checkl
te your clien
pare the detary page.
he Status buclicking to
t tree viewer.
he drop-doayed in the c
some custoess. For exa, Marketing,ture (that is,
te and renam
Co
View
on the Netntpage is aclients, grou
ings, executiinstallation,
l be presentiare for this p
ith the detai
to limit the vr update stat
f domains t
ist
machine in
ils provided
tton to viewhe Status bu
n client trentent pane
OfficeScanple, create
IT-global. Yone or more
e a few dom
figu
lient S
orked Coowerful toolping clients,g various tas
and displayin
g your pilotresentation,
ls provided i
iew of the deus ahead of
at are repre
the tree view
n the conten
details aboutton to the in
view contf the client t
domains to tfficeScan d
u can also cdomains wit
ains to practi
re Cl
atus a
putersfor
ks,g
configuratioyou want to
the content
tails providether details)
entative of t
on the Clien
t pane with t
your client.formation di
ol to changeree.
he client treemains name
eate your oin a domain
ce for your u
ient
d Co
to your cuso several thi
pane of the
and group t
e clients bu
t Manageme
hose provide
ompare thesplayed in th
the order an
to representd: Administrn. Create at l
).
pcoming pre
Setti
figure
omers ITngs:
tree viewer
hem (that is,
siness
t page
d on the mai
informationcontent pa
d type of inf
your customation, Engineast one mul
sentation.
ngs
the
how to
n
providede of the
rmation
ersering,ti-tiered
15
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 16/56
Trend Micro OfficeScan 10.6 Lab Textbook
16 2010 Trend Micro Inc.
Move your client from one domain to another.
ResultYou have configured and reviewed the status of clients using the client tree in the OfficeScanManagement Console.
Activity 4.2 >Configure Client Scan SettingsScenario
Trend Micro announced the discovery of a virus with a very high destructive potential. Thenumber of infections is on the rise, but a virus outbreak has not yet been declared.
As a precautionary measure, you want to scan the network, using the latest available pattern, assoon as possible. Since this a new virus, you prefer to use ActiveAction scan actions, to leverageTrend Micro research into the virus, instead of your own customized settings.
The announcement, however, went out in the middle of the business day. So you do not wantyour scan to affect productivity, so youve chosen to leverage CPU usage functionality.
Changing the CPU usage reminds you that you have a small domain of clients with a number ofolder computers with limited RAM and CPU capacity and that real-time scanning may beimpacting their productivity. You want to reconfigure the real-time scanning configuration forthis domain.
Finally, you want to make sure that scheduled scans for all your clients are set to run on theweekends.
Validation Checklist
Use the Networked Computers > Client Managementpage to configure the Scan Nowsettings for all computers in the client tree. Make your configuration compliant with thesespecifications:
Use IntelliScan Scan only two layers of compression on compressed files Scan the boot area Scan hidden files Medium CPU usage Dont scan for spyware/grayware Use ActiveAction Apply to all OfficeScan clients
Select a single domain and configure real-time scan settings according to these specifications:
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 17/56
Administrator Track Exercise 4: Configure Client Settings
2010 Trend Micro Inc. 17
Disable real-time scanning for spyware/grayware Scan files only as they are being read Dont use IntelliScan Dont scan compressed files Dont use IntelliTrap Use ActiveAction Make sure that clients back up files before they are cleaned
Discuss with the class and your instructor the risks and benefits of this configuration. Apply these configuration requirements for scheduled scans to all clients in the tree.
Enable virus/malware and spyware/grayware scanning Scan weekly every Sunday at a time of your choosing Scan all scannable files Set all other scan settings to create the most rigorous scan possible Use ActiveAction Disable user notifications
Result
You have configured a manual scan, a real-time scan, and a scheduled scan to meet therequirements of a given scenario.
Activity 4.3 >Change the Scan Mode for One orMore Domains
Scenario
You have piloted the Smart Scan scanning method on another OfficeScan server, and you arecomfortable with accepting Smart Scan as the scan mode for most clients that will connect to
this server. However, to keep network traffic to an absolute minimum for some clients, you wantto have them use conventional scanning. The only scan setting that you want to change for theselected clients is the scan method, but you want to have all conventional-scan clients located ina new and separate domain from the one that they were in.
You need to create a new domain for your conventional-scan clients, replicate the settings fromtheir prior domain, change the Scan Method setting at the domain level and then move theclients you want to switch to conventional-scan mode into the new domain.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 18/56
Trend Micro OfficeScan 10.6 Lab Textbook
18 2010 Trend Micro Inc.
Validation Checklist
Create a new OfficeScan domain. For example, if you have an existing domain calledEngineering, create a new domain called csEngineering.
Use Settings > Export Settingson the drop-down menu of the client tree to export thescan settings from the existing domain.
Use Settings > Import Settingson the drop-down menu of the client tree to import thescan settings you just exported and apply those settings to the target domain that you justcreated and all the computers that belong to it.
Verify that the new domain and the existing domain have the same scan settings. Change the scan method of the new domain so that all clients that will be added to the
domain will be configured to use Smart Scan.
Select an existing client and move that client to your new conventional-scan domain. Allowyour client software time enough to receive the notification of the new configuration andmake the changes.
Verify that the client is now using conventional-scan and that its scan settings are correct.
Result
You have exported and imported scan settings, configured the scan method for clients to use atthe domain level, and have moved one or more clients from one domain to another for thepurpose of applying new settings.
Activity 4.4 >Configure Client PrivilegesScenario
By default, OfficeScan assigns a relatively limited set of privileges to clients. However, you wantto create a domain that will contain only experienced computer users who need to be able toconfigure their own scans.
They also regularly work odd hours, and need to be able to stop a scheduled scan if it interruptstheir work. You want to allow these users to configure their own scanning options. They need to
be able unload the client, but you do not want them to be able to uninstall it or modifyOfficeScan files and registries. You also do not want them to be able to deploy their ownprogram upgrades and hot fixes, because it could consume a lot of bandwidth.
You also need to create another domain into which you can move clients who need to havevirtually all of their privileges automatically eliminated, except for the ability to enable roamingmode.
To complete this activity, you may create two new domains, or use two that you already createdin Activity 4.1.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 19/56
Administrator Track Exercise 4: Configure Client Settings
2010 Trend Micro Inc. 19
Validation Checklist
Select an existing domain, or create a new domain (named Power Users, for example) andensure that they have at least these privileges:
Full configuration capability for all types of antivirus and anti-spyware scanning Full control over firewall settings Access to all client tabs Permission to perform Update Now No uninstallation, but allow unloading Enabled scheduled update Select to display notifications for as many services as possible (Web reputation, behavior
monitoring, etc.)
Restrict access to program files and registry entries Select an alternate domain or create a new one (named Restricted, for example) and
configure the OfficeScan client privileges and other settings for members of this domain tobe as restrictive as possible, except for allowing the use of roaming mode.
Right-click the client-icon in the system tray and launch the OfficeScan client console. Clickthe Settings on the drop-down menu and notice the options available. Notice also whichtabs are visible on the main interface. Then, move your client to the restricted domain. Closethe console and wait a few moments for the configuration to be updated. Then, open theconsole and inspect the changes.
Similarly, move your client to the power users domain, and inspect the changes.
Result
You have configured client privileges for a given scenario.
Activity 4.5 >Enable and Configure WRSScenario
Web threats have been an ongoing concern at your company. You have already implementedseveral gateway devices to protect your internal network, but have no protection for mobileclients. Your boss would like you to stage a small demonstration of how you can apply differentpolicies whenever a mobile client travels outside corporate network.
NOTE To demonstrate Web Reputa tion Services, you w ill need open Internet access with Internet Explorerproperly configured and your instructor will need to provide you with an acceptable URL that has been identified as
likely to harbor web threats. It may not be possible to meet these requirements in all circumstances, please consult
with your instructor on details for how to complete this exercise.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 20/56
Trend Micro OfficeScan 10.6 Lab Textbook
20 2010 Trend Micro Inc.
Validation Checklist
For the Networked Computers > Computer Locationconfiguration, set the client to useGateway IP address as its basis for location awareness, add a single, non-existent IPaddress to the list, and then save the configuration. The tray icon of the client softwareshould subsequently change to show a small checkmark (or tick mark), indicating that itslocation is determined to be external.
Enable WRS for external computers and set the security level to high. Select to block pages that have not been tested by Trend Micro Add a custom URL (such as, Facebook or Google) to the blocked-URL list. Allow clients to send logs to the OfficeScan server.
Disable WRS for internal computers (if no locations are configured, all clients willautomatically use the configuration for external computers).
Access the following URLs: A URL that appears on the approved list The URL you added to the blocked list http://Wr21.winshipway.com One or more other URLs to test and verify web functions.
Return to the Computer Location configuration and add the legitimate IP address of thecurrent gateway to the configuration and save the configuration.
The client tray icon should change to reflect the change in location status. Attempt to access the same URLs as before and be prepared to explain why there is a
difference in results.
Result
You have enabled WRS and have demonstrated its functionality.
Activity 4.6 >Enable and Configure BehaviorMonitoring and Device Control
Scenario
Although certain users require extra flexibility and extended privileges to be productive, you andyour organization are becoming increasingly concerned about a number of users and a range ofunauthorized applications that push the limits of acceptable system usage. You would like todemonstrate for your boss the extent to which OfficeScan behavior monitoring and devicecontrol capabilities can be configured to restrict user activity and monitor system activities forunauthorized system changes.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 21/56
Administrator Track Exercise 4: Configure Client Settings
2010 Trend Micro Inc. 21
Validation Checklist
Select an existing domain (Restricted, for example) or create a new one and configure thebehavior monitoring settings of this domain to be as restrictive as possible. Enable malware behavior blocking. Enable event monitoring then enable and deny all system events that can be
monitored.
Add WordPad to the custom list of blocked programs (find and enter the full path). Select an existing domain (Restricted, for example) or create a new one and configure the
OfficeScan device-control capability to monitor device access and deny access to allmonitored devices except mapped drives and UNC paths.
Refer to the section titled Post-Installation Considerations for Servers and x64 DesktopPlatforms in Chapter 6 of the student manual for information on how to enable behaviormonitoring and device control on Windows servers. Using this information, modify theregistry of your lab computer to enable the full functionality of as many services as possible.
Move your lab computer into the domain for which you configured behavior monitoringand device control.
Attempt to launch WordPad and take note of the result. Attempt to access a restricted device and take note of the result. Move your client back to the domain in which it was located before the start of this activity. Attempt to launch WordPad and take note of the result.
Result
You have enabled and configured the behavior monitoring and device control capabilities of theOfficeScan client. You have also demonstrated the end-user experience of attempting to performrestricted actions.
Activity 4.7 >Export Client Management DataScenario
A fellow IT worker has been working on a management report and he wants to include somegraphs based on the numbers of virus and spyware incidents that are displayed in the contentpane of the OfficeScan client tree. She asks if you can get her the data in a format that she canmanipulate.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 22/56
Trend Micro OfficeScan 10.6 Lab Textbook
22 2010 Trend Micro Inc.
Validation Checklist
Select the root icon in the client tree, or the domain to which your client is assigned, andclick the Export button.
Save the file to your desktop and use the Notepad application to validate that the exportedfile contains data about the computers in your selected domain(s).
Result
You have exported client status data in a raw-text format.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 23/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
Sett
ctivit
Scenari
A numbthink arefiles on ewhen sh
You scheverythinyour Off
the Offi
Validati
Revi Sele
com
Disa Ena Save
Result
You hav
e 5:ngs
5.1 >o
r of your msuspicious.xternal netwright-clicks
duled assessg is runningiceScan user
eScan server
on Checkl
ew the optio
t the optionuters.
le assessme
le the Certif
your setting
configured
Co
Config
bile users arhis is very urks. One of
on a file in
ent mode ffine. You woguide and, b
database is e
ist
s available o
to add manu
t mode.
ed Safe Soft
.
several key gl
figu
ure Gl
using the drseful when tthem asks yoindows Exp
r four weekuld like to ensed on its re
xcluded fro
n the Global
al scanning t
are Service
obal client s
re Gl
bal Sc
ag-and-dropey are workiu if you canlorer.
s, but it has bd assessmen
commendati
real-time sc
Client Settin
the context
ttings.
obal
n Set
method to sg offsite an
add scanning
een two weemode. Youns, you also
anning.
gs page
(shortcut) m
Clie
ings
an individuafrequentlyto the pop-
ks, and so fahave just beewant to mak
enu on client
nt
l files theyust access
p menu
n readinge sure that
23
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 24/56
rend Micro
4
fficeScan 10.
ctivit
Scenari
You areperiod, yanalysis.
Validati
On tdata
S S
Result
You hav
ctivit
Scenari
The comcurrent iconfigurof featurActive Ditems in
As part o
at least oDirectorthe direcfind, andthis strunodes. Ythe defaorganizat
5.2 >o
consultantu want to c
on Checkl
he Global Cland/or send
can for cook
end firewall l
ont consoli
made chan
5.3 >
o
pany that yovestment intion in Offis, includingirectory settihe main nav
f your lab se
ne test structdomain onion provideif necessary,ture with artour server colt Domainional unit fo
Config
nd are still ceate as muc
ist
ient Settingsas much log
es and make
og data hour
ate repetitiv
es to the glo
Config
are providiActive DireeScan includcustom cliengs are confi
gation colu
up, you sho
ure within thyour server.by your instcreate and pficial client cmputer is loontrollers
der.
ure Gl
nducting alog data as
page, selectdata as possi
sure they ar
y
e virus/malw
al client co
ure Ac
g consultingtory configues global congrouping, cured using tn.
ld have
e Activeely on
ructor topulate
omputerated in
bal Lo
ilot programossible for t
ll those optible to the Of
logged
are logs
figuration th
ive Dir
services toation and mfiguration pampliance as
heAdminist
g Setti
for a key cue purposes
ns that willficeScan serv
at affect ho
ectory
ants to donagement.rameters thasessment, anration > Ac
201
gs
stomer. Durif demonstr
reate additioer.
log data is
Settin
ore to leverctive Directare used foruser-accouive Directo
Lab Textboo
Trend Micro Inc
ng thistion and
nal log
anaged.
s
ge itsrya numbert control.
ymenu
.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 25/56
Administrat
2010 Trend
or Track
Micro Inc.
Validati
On tActi
a
S
c
Use5 a.
VeriCoselecclickmengrayany
AddiUseopti
AddiCo
bn
Itot
ResultYou havthat the
on Checkl
heAdminise Directory
ncrypt yourd enter the:\Document
ave and syn
otice how p
nce completedentials b
he Schedul
.y the resultputers > Clting CustongAddto d. Verify thatd out and isctual change
tionally verifAccountsn is selectab
tionally verifpliance >
erify that tween definedot make any
the Activeb, verify thabjects to expis time.)
configuredfficeScan s
ist
ration > Acdomain of yo
ctive Direcath to the dandSettichronize Ac
ogress is rep
e, verify thattton is succ
d Synchron
y going to tient Groupi
client groisplay the shActive Dirunderlined. (s at this time
y Active Dirage. ClickAethat is, n
y Active Dirutside Serv
warning apand The cuactual chang
Directory/Ithe tree is pand it to test
the Active Drver can rea
ive Directour server an
ory credentiesktop and ags\Adminis
tive Directo
orted at the
the result ressful and th
izationpage
e Networkegpage,ps,and thrt dropdowctory is no
Do not mak.)
ctory integrd,and thent grayed out
ctory integrer Manage
ear: Activerrent outsides at this tim
Address Sopulated witits baseline f
irectory inteActive Dire
ry > Activeenter the d
ls with a simfilename sucrator\Deskt
rysettings.
ottom of th
orted to thet a green che
to configure
d
en
tion settingsverify that th. (Do not m
tion settingsentpage.
Directory dserver mana.)
ope box onActive Direnctionality.
ration settinctory inform
Exercise
irectory Imain creden
ple passworas AD.keop\AD.key.
Active Dire
right of theckmark (tick
daily autom
by going to te Active Dike any actua
by opening t
mains or IPgement repo
the right, onctory data. C(Do not mak
s for Officeation from t
: Configure Glo
tegrationptials.
(pass, for, as in:
ctory Integra
enter domaimark) appea
tic synchron
heAdminisrectory Userchanges at t
he Security
addresses hat is out of d
the Activelick one of te any actual
can and have domain co
bal Client Setti
ge, add the
example)
tion page.
rs.
izations at
rationor grouphis time.)
ve notte (Do
irectorye treehanges at
e verifiedtroller.
ngs
25
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 26/56
rend Micro
6
fficeScan 10.
ctivit
Gro
Scenari
By defauin the cliNetworDirectortree areclient fu
when it is
You woudetermin
address t
Validati
On tDire
S
its
S S
i
C
S
c
NOTEclient, an
placed in
move thi
tree struc
rules tha
AD comp
5.4 >pings
o
lt, when yount tree undeed Computdomain orffected. Selection based
initialized to t
ld like to tesed by an exis
hat will inclu
on Checkl
he Networkctorybased
elect to enab
ive the grouems in the Alect.
elect the testirectory tree
elect to duplito the client
reate a newOfficeScan S
avethe conf
erify that thient-groupin
The baseline
d a domain con
the default Do
computer obje
ture, doing so c
t affect your serv
uter object.
Config
install the Or its NetBIOers > ClientDNS domting custon the Activ
e OfficeScan se
custom-clieting Active
de your serv
ist
ed Computautomatic cli
e the new gr
a name thactive Directo
structure frodisplay.
cate the Actitree.
roup beneaterver icon.
gured group
new rule apg list.
lab setup requir
roller for Active
ain Controllers
t from its defaul
n prevent your
ers OfficeScan
ure Cu
ficeScan clieS domain naGroupingin, but witclient grouDirectory g
rver, for exam
t grouping (irectory stru
r machine.
rs > Clientnt grouping.
uping rule.
is descriptiry tree that y
m within the
e Directory
the root-le
ng rule.
ears in the
s your server m
Directory service
rganizational u
t location to an
xisting setup fro
roup membersh
stom
t software oe. You can
age from Nethese selectis, however,ouping or I
le, on reboot o
and re-groupcture and by
Groupingp
e of theou will
Active
structure
el
utomatic-
chine to functio
s. Your server m
it within Active
lternate organiz
m functioning p
ip it is a good id
utom
n a new comchange groutBIOS-baseons, only neincludes anaddress assi
unload and re
ing) by creaticreating a gr
ge, click to
n as the OfficeS
chine, as the do
Directory autom
ational unit with
operly. Therefor
ea to do so with
201
ted Cli
puter, the cliing selectiogrouping toclients adde
automatic regnment of th
load.
ng one or mup based on
ddan Activ
an server, an Of
main controller,
tically. Althoug
in a custom Acti
, when attempti
ut also moving t
Lab Textboo
Trend Micro Inc
ent
ent appearson theActiveto the
roupinge client
re groupsIP
e
ficeScan
will be
you can
ve Directory
ing to define
he servers
.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 27/56
Administrator Track Exercise 5: Configure Global Client Settings
2010 Trend Micro Inc. 27
Addan IP-address-based automatic client grouping that includes your server client. Select to enable the new grouping rule. Give the group a descriptive name, like Domain Controller Enter the IP address of your server client. Create a new OfficeScan group in the client tree with a descriptive name, like Domain
Controller.
Savethe configured grouping rule. Verify that the new rule appears in the automatic-client-grouping list.
Make the IP-address-based grouping rule the first in the list. Hover your mouse over the list entries to view the details section to the right be
populated with additional profile information about the rule.
Verify that the status column reflects that both rules are enabled. Enable scheduled domain creation to occur daily at 5:30 a.m. Click Save and Create Domain Now.
Monitor the progress of the task as reported dynamically to the console page. Verify the task completes successfully and note the reported finish date and time.
Return to the Networked Computers > Client Managementpage and note the changes. Verify that the Active Directory structure is created beneath the proper group name. Verify the existence of the separate group that is to include your server client.
Verify that your server client is still located in the group that it was prior to configuringthe grouping rules.
Click to view the Manage Client Tree dropdown menu and notice that the options to addand rename domains are grayed out.
Attempt to drag your server client to a different location within the client tree and verifythat this action is no longer allowed.
Unload and reload the client software on your server and verify that when it reconnects tothe OfficeScan server that its group membership is automatically changed.
Remove the OfficeScan groups that you created before you enabled the custom clientgrouping feature.
Perform and additional testing steps as directed by your instructor and be prepared todiscuss the meaning of the differences between using custom client grouping and any one ofthe three other options for grouping clients.
Result
You have changed the way that clients are grouped by default in the client tree and have enabledthe automated regrouping of clients based on either IP address and/or Active Directorycontainer.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 28/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 29/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
ctivit
Scenari
You havpropagat
Validati
On ttree
Ena Use
S S
Ena Start Noti Retu
a gre
ResultYou hav
e 6:6.1 >
o
discoverede.
on Checkl
he Networknd click Sta
le the Outbr
he Outbrea
dd port num
elect port 21
ave your con
le user notif
outbreak pr
ce the displa
rn to the clieen tick mark
configured
Pre
Config
a new and qu
ist
ed Computt Outbreak
eak Preventi
Preventio
ber 21210 (i
File Transfe
figuration set
cation and
vention
of the user
nt tree view,appears in th
the Outbrea
ent
ure O
ickly spreadi
rs > Outbrrevention.
n Policy to
Settings >
coming and
(FTP) and t
tings
odify the m
essage.
select you doe OPP colu
Prevention
Out
tbreak
g threat tha
ak Preventi
block ports.
Port Blocki
outgoing) fo
he added por
ssage that wi
main in whin.
settings to bl
rea
Preve
is using por
onpage, sele
ngpage to
r TCP and U
t number 21
ll be sent to
h your client
ck traffic o
s
tion
t 21 and 212
ct the root o
DP
210
sers.
resides, and
port 21 and
0 to
the client
verify that
21210.
29
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 30/56
Trend Micro OfficeScan 10.6 Lab Textbook
30 2010 Trend Micro Inc.
Activity 6.2 >Standard NotificationsScenario
As you continue to test your pilot OfficeScan deployment, you want to receive notifications sentto administrators as often as possible and in as many ways as possible. But you want to reducethe amount of information given to users about threat detections.
Validation Checklist
If your lab setup supports it (see the note above), use the Notifications > AdministratorNotifications > General Settingspage to enter SMTP information in the EmailNotification section.
Use the Notifications > Administrator Notifications > Standard Notificationspage to: Set the criteria to send notifications as often as possible. Enable and configure Email notifications Enable NT Event log notifications
Use the Notifications > Client User Notificationspage make these modifications: Remove the second sentences in the default messages for virus/malware detections and
infection source notifications, for the spyware/grayware notification, and for the firewallviolation notification.
Replace the deleted sentences with a request that the user immediately contact you forassistance. Include your cell phone and pager numbers:
Contact {Your name} immediately for assistance!
Cell: {Your cell phone number}
Pager: {Your pager number}
Result
You have configured standard alerts and have customized client notification messages.
NOTE To receive email alerts, your lab configuration must include an SMTP server and your instructor w ill need toprovide you with the SMTP server IP address, port number and an email address. This setup will not be available in all
situations; consult your instructor for details.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 31/56
Administrator Track Exercise 6: Prevent Outbreaks
2010 Trend Micro Inc. 31
Activity 6.3 >Outbreak NotificationsScenario
During the last two years, virus attacks have increased during the months of September andOctober. To provide extra protection during these months, you want to configure the thresholdfor Outbreak Notifications to three viruses being detected within a one-hour interval.
Validation Checklist
Use the Notifications > Administrator Notifications > Outbreak Notificationspage to:
Set the virus/malware outbreak criteria to three detections in one hour Enable Email notification for all outbreak notifications Enable system event logging for virus/malware and spyware/grayware outbreaks.
Result
You have configured OfficeScan to alert you if three viruses are detected during a 60-minuteinterval.
Activity 6.4 >Test the Alert Settings
Scenario
In this activity, you will use the European Institute of Computer Anti-Virus Research (EICAR)virus to test the alert settings that you configured in Activity 6.1.
Validation Checklist
Copy the EICAR virus to the desktop. Use the Windows system Event Viewer (launch eventvwr.msc /s or click Start >Programs > Administrative Tools > Event Viewer) to find the log entry for the virus
event.
Copy the EICAR file to the desktop two more times Use the Event Viewer to find the log entry for the outbreak event.
Result
You have used the EICAR virus to the desktop to test your notification settings.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 32/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 33/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
Ad
ctivit
Acc
Scenari
In this aassign itthat rolerole forenough
Validati
Clic C S
c
Add
C
Testpassthis
Thinthatthey
e 7:inis
7.1 >unt
o
tivity you wio that role.all of the rigView-onlyrivileges to
on Checkl
Administr
ame your ro
lick Define
elect/deseleceating and S
epeat the pr
a user accoulickAdd fro
uery your lo
ssign the ac
your accounord you gaser instead
k about the tou know ab
might be im
Co
rati
Create
l create at leirst you wants and privil
Auditor thallow view ac
ist
tion > User
le and give it
Client Tree
t view and cave.
cess for the
t using them Active Di
cal domain f
ount to one
by logging ie it. Note anf as the root
ypes of rolesout. Be preplemented us
figu
n S
Custo
st two custot to add a neges across t
t has access tess to overa
Rolesand t
a descriptio
cope, make
nfigure right
second role.
dministratrectory.
r the admini
f the roles t
n to the many differencesadministrato
that wouldred to shareing the Offic
re
ttin
Role
user roles,role called
e entire clieo only a portl status and l
enAddto
.
the appropri
s according t
on > User
strator accou
at you just
agement conin the manar.
e suitable foyour ideas aeScan tools
s
s and
and then creTop-levelt tree. Nextion of the cliog data.
egin.
ate selection
o the needs
ccountspa
nt (or other
reated.
sole with theement cons
your particout possible
vailable.
dd a
ate a user acdmin and aou want to
ent tree and
(s), and then
f the role th
e.
alid user ac
username anle when log
lar companyuser types a
ser
ount andssign toreate aas only
click Save.
t you are
ount)
ded in as
, or oned how
33
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 34/56
Trend Micro OfficeScan 10.6 Lab Textbook
34 2010 Trend Micro Inc.
Result
You have configured custom user roles and added one or more Active Directory users to the
system.
Activity 7.2 >Configure Quarantine ManagerScenario
Whenever a client detects malware in a file and the scan configurations for that type of malwareare set to Quarantine, OfficeScan encrypts the infected file and sends it to the quarantine folderon the server. You can configure the capacity of the quarantine folder and the maximum file size
for every infected file that can be stored in it.
In this activity, you will increase the size of the quarantine folder because you manage a largenetwork that includes 4000 workstations.
Validation Checklist
Use theAdministration > Quarantine Managerpage to increase the capacity of thequarantine folder to 20480MB.
Click the Save Quarantine Settings button. Click OKin response to the dialog box toconfirm that you want to modify the quarantine settings.
Result
You have doubled the amount of server hard disk space reserved for quarantined files.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 35/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
ClieOfficeScenterpris
Modupd
Crea Veri
ctivit
Scenari
Login scthat logocomponthe Logi
Validati
LaunOffi
Sele Ente
pass
Add The
ClicOffi
Vericont
e 8:ts
an provides te. In this exe
ify the Windtes for all cli
te a client set
y OfficeSca
8.1 >o
ipts enable yn to the netnts when exScript Setu
on Checkl
ch the LogineScan Serv
t the local se
r the appropord in the
Guestand I
Login ScripOK and theScan client
y that Officains the login
De
ools for concise, you wil
w Server lonts that log
up package t
Client funct
Modif
ou to automork, and tosting Officetool to auto
istScript Setup
er-{Server
rver from th
riate usernamPassword fi
SR_{YourSt Modifiedn Exit. Theinstallations
Scan createdscript modi
loy
iguring, depll:
in script tonto the Win
deploy the
ionality on y
the S
te OfficeScautomaticallycan clients lmatically mo
program byame} > Lo
domain/w
e in the Coeld.
rverName}ialog box apelected usersand updates.
the C:\WINNications.
ffic
oying, and u
utomate Offows networ
OfficeScan
ur compute
rver L
n Client instupdate virusgon to the ndify the Win
clicking Starin Script Se
rkgroup tree
nnect As fie
to the selecte
pears to conand user gr
T\SYSVOL\DO
eSc
dating Offic
iceScan Clie
lient to user
gin S
llations forpattern filesetwork. In tows login s
t > Progratup.
to create an
ld and enter
d users list,
irm the logiups will no
AIN\SCRIPT
n
eScan clients
t installation
s at a remote
ript
nprotected cand client pris activity, yript.
s > Trend
OfficeScan l
the correspo
nd then click
script modiautomaticall
\OFCSCAN.
across the
s and
office
omputersgramu will use
icro
gin script.
ding
Apply.
ications.y receive
ATfile that
35
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 36/56
rend Micro
6
fficeScan 10.
Result
You hav
ctivit
Scenari
Client Pfiles.
In this a
deploym
Validati
LaunClie
Sele Clic
the n
Clic Clic
Clos
Result
You hav
NOTEClient is
because
available
Client Pa
modified th
8.2 >o
ckager can c
tivity, you w
ent to a rem
on Checkl
ch the file C:ntPackager\
t to create a
next tame of Off
Create. Lo
OKin resp
e,and then
created a cl
In your lab e
lready installed
if an SMTP serve
to users by plac
ckager dialog b
e login script
Create
eate executa
ll use the Cli
te office wit
ist
\ProgramFClnPack.exe
MSI pack
the OutpiceScanSetup
ok for the pr
nse to the c
erify the MS
ent setup pa
vironment, yo u
on your server c
r is not availabl
ing it in a shared
x.
to install th
a Clie
le (.exe) file
ent Packager
Windows
les\Trend.
age for Win
t file text b.msi Click
ogress indic
nfirmation t
I file appears
kage.
ay not be able
omputer. In add
. In a productio
network directo
OfficeScan
t Setu
s and Micros
to create a s
P clients.
Micro\Offic
ows 32-bit o
x and selectave.
tor.
hat the pack
on your des
xecute the clien
ition, you will no
environment, y
ry or you can em
client.
Pack
ft Installer
tup file in th
eScan\PCCS
perating syst
to save the f
ge was succ
top.
t setup package
be able to emai
u can make the
ail it by pressin
201
ge
ackage For
e .msi forma
V\Admin\Uti
ems.
ile to the des
ssfully create
because the Off
il the client setu
client setup pac
the Send Mailb
Lab Textboo
Trend Micro Inc
at (.msi)
for
lity\
top with
d. Click
iceScan
package
kage
utton in the
.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 37/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
Offi
ctivit
Com
Scenari
There arcomponupdate t
Validati Upd
u
p
Afte c C
p
Result
You havyour Off
e 9:eSc
9.1 >ponen
o
times, suchnts and deple server afte
on Checklate the serve
erify that thpdates > S
se the Updpdate the ser
onitor the page.
the server i
se the Updmponents o
lick Initializ
se the Logsrogress and t
manually uiceScan clien
Up
n C
Manu
ts
as after a viroy these comr it is initially
ist
Trend Micrver > Upda
tes > Servever.
rogress of th
updated, de
tes > Netwn all clients
e Updatean
> Networkhe details of
dated the Ot.
ate
m
lly Up
s outbreak,ponents to ainstalled.
ActiveUpdte Sourcep
> Manual
e update pro
loy the upd
rked Compith outdated
d then OKt
d Computethe notificati
ficeScan co
and
one
ate a
hen you shll OfficeScan
ate server is lge.
pdatespag
ess as show
tes.
uters < Macomponent
confirm th
r Logs > Coon event.
ponents an
Dep
ts
d Dep
uld manuallclients. You
sted as the u
e to select all
on the Man
ual Update
action.
mponent U
manually d
loy
loy
update theshould also
pdate source
components
ual Update P
page to upd
pdatepage t
ployed the u
OfficeScananually
on the
and
rogress
ate all
o view the
dates to
37
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 38/56
Trend Micro OfficeScan 10.6 Lab Textbook
38 2010 Trend Micro Inc.
Activity 9.2 >Configure an Update AgentScenario
You manage a company that recently opened a branch office in another city. To decrease theamount of traffic that is sent over the WAN link between the main office and the branch office,you want to configure an update agent at the branch office. Updates for OfficeScan will then besent only once over the WAN link.
You have assigned the following range of IP addresses to the workstations at the branch office:192.168.115.80to 192.168.115.100 .
Validation Checklist Use the client tree viewer on the NetworkedComputers > Client Managementpage to
select your client.
On the toolbar, click Settings > Update Agent Settingsand select to enable update-agent functionality on the selected client. Click Saveand then Close.
A green tick mark will appear in the Update Agent column in the content pane of theclient tree viewer and the computer icon will change when update-agent functionality isenabled.
Use the Updates > Networked Computers > Update Sourcepage to configure clients touse the new update agent.
Select Customized Update Sourceradio button and click theAddbutton under theheading Customized update source list.
On the Add IP Range and Update Source page, enter the range 192.168.115.80 to192.168.115.100 and select Update agentas the update source and select your labcomputer using the drop-down menu. Click Save.
Click Notify All Clients.A message appears, reporting that the clients have beennotified. Then, click Back.
On the Update Source (Networked Computers) page verify that option Update Agent:always update from standard update source (OfficeScan server) is selected and clickSave.
Use the Updates > Server > Scheduled Updatespage to enable scheduled updates for allcomponents daily and to start update notifications at midnight and update for a period oftwo hours.
Use the Updates > Networked Computers > Automatic Updatepage to initiatecomponent updates on clients immediately after the OfficeScan server downloads a newcomponent.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 39/56
Administrator Track Exercise 9: Update and Deploy OfficeScan Components
2010 Trend Micro Inc. 39
Result
You have configured an update agent and specified which clients should download updatedcomponents from the update agent.
You have automated server updates and have enabled an event-triggered, automaticdeployment.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 40/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 41/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
theIn this laconfigur
ctivit
Offic
Scenari
Becausegranted
was infeall the seOfficeSc
Validati
Useright
Opethes
Sc
Sa
I F
v
o
o
e 1
lieexercise, ythe Enterpr
10.1
eScan
o
ou are a knou the client
ted by a viruvices on youan to scan ev
on Checkl
he Networs possible fo
the Officecriteria:
can all scann
eated/modi
can the flops many layers
you can, ap
se the clean
or antivirusirus/malwar
For Joke, s For Trojan
:Ct Cu will use thise Client Fir
ConfiClient
wledgeableprivileges yo
s just last mor computer.ery file and t
isted Computyour Office
can client co
able files and
ied and as th
y disk at shudeep as you
ly this same
action for an
canning, usetype:
elect Clean
, select Qua
nfig
nsolOfficeScan
ewall. You w
ure S
onsol
omputer useu need to co
nth, and youo prevent tscan for all
ers > ClientScan client.
nsole and co
apply real-ti
ey are receiv
tdown, enablcan.
level of scan
i-spyware
customized
nd Quarant
antine
re
eClient Consill also test y
an O
r, the networfigure your
lost time cleis from haptypes of thre
Manageme
figure the o
e scanning
d.
e IntelliTrap,
ning to anti-s
scan actions
ine
etti
le to configur settings.
tions f
k administraown scan op
aning the infening again,ats.
tpage to en
tions for re
o files as the
and select t
pyware scan
nd apply a s
gs
re scan opti
om th
or at your coions. Your c
cted files anyou want to
able all featu
l-time scans
y are being
scan compr
ing
ecific action
n
ns and to
e
mpany hasomputer
restoringconfigure
res and all
according
essed files
for each
41
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 42/56
Trend Micro OfficeScan 10.6 Lab Textbook
42 2010 Trend Micro Inc.
o For Virus, select Cleanand Quarantineo For Test Virus, select Quarantineo For Packer, select Quarantineo For Other, select Cleanand Quarantine
Result
You have configured the scan options using the OfficeScan Client Console.
Activity 10.2 >Configure OfficeScan Firewall fromthe Client Console
Scenario
In this activity, you will use the OfficeScan Client Console to enable the OfficeScan firewall andconfigure it to block inbound and outbound Telnet connections.
Validation Checklist
Launch the client console and click the Firewall tab to display the current firewall settings. Select enable the firewall, intrusion detection systems (IDS), and notifications. Select the network card from the network card list, and click Editto access the exception
rule list.
ClickAddand use the exception rule dialog box to add a Block Telnet rule that deniesinbound and outbound network traffic on the specified TCP port 23 for all computeraddresses.
Applythe new rule to the firewall traffic filter and clickYesto confirm the action.
Result
You have used the OfficeScan client console to configure the firewall.
Activity 10.3 >Test Your SettingsScenario
In this activity, you will test your scan and firewall settings.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 43/56
Administrator Track Exercise 10: Configure Settings on the Client Console
2010 Trend Micro Inc. 43
Validation Checklist
Test the scan options. Copy the European Institute of Computer Anti-Virus Research (EICAR) test virus to the
desktop. An alert appears, reporting that OfficeScan detected a virus.
Click the virus name to view details about the virus, including the action taken. Test your firewall settings:
Open a Command Prompt Try to launch a telnet session by entering the following command:
telnetLab_Computer_IP_Address
A message appears at the command line, reporting that a telnet session could not beestablished. Then an OfficeScan alert message appears, reporting that OfficeScandetected a problemsuch as a firewall violation or a network virus. Your lab computer isnow blocked.
Navigate to the logs tab and view the firewall logs to inspect the details of the blockedconnection.
Result
You have tested the scan options that you configured from the OfficeScan client console. You have tested the OfficeScan firewall settings that you configured using the OfficeScan
client console.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 44/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 45/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
FireIn this laconsole.
ctivit
Scenari
You manYou havthem.
Validati Use
click
Crea
VeriCom
Result
You hav
e 1
allexercise, y
11.1
o
age the netwbeen asked
on Checklhe NetworngAddin t
te and save a
ame: Lab
efault securi
nable the fir
nable the lo
emove/delet
dit the HTTTTPS traffi
y that your nputers page.
configured
:Cu will config
Creatork for a coto secure the
isted Compute toolbar.
new policy t
omputers
ty level: Hig
wall, IDS, a
al and global
e all exceptio
, and HTTto a range
ew policy ap
a policy for a
nfig
ure the Offi
a Pol
puter softwlab comput
ers > Firew
at meets th
d notificatio
Certified Sa
ns except fo
S policies tof IP address
pears in the l
given scena
re
eScan firewa
icy
are companyrs so that on
ll > Policie
se specificati
n options
e Software li
DNS, HTT
limit allowees that incl
ist on the Fir
io.
ffic
l using the
that is workily the softwa
page to ope
ons:
sts.
P and HTTP
inbound/odes your cli
ewall Policie
Sca
fficeScan m
ng on a newre engineer c
n the Policy
S
tbound HTnt/server.
for Networ
n
nagement
product.an access
Editor by
P and
ed
45
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 46/56
Trend Micro OfficeScan 10.6 Lab Textbook
46 2010 Trend Micro Inc.
Activity 11.2 >Create a ProfileScenario
In this activity, you will create a profile for the scenario outlined at the beginning of this labexercise.
Validation Checklist
Use the Networked Computers > Firewall > Profilespage to open to add a profile byclickingAddin the toolbar.
Configure and save a new profile that meets these criteria. Name : Test Computers Description: Profile for computers testing new software. Policy: The Lab Computers policy you created in the previous activity IP address: a range of IP addresses that includes your lab computer Platform: Windows Server (Server 2003, Server 2008)
Assign the profile to clients.
Result
You have applied a custom firewall policy to a specific set of computers.
Activity 11.3 >Test the OfficeScan Firewall SettingsScenario
In this activity, you will test the profile and the policy you created in the activities above.
Validation Checklist
Open a Command Prompt and attempt to start a Telnet session by entering:telnetLab_Computer_IP_Address
A message appears at the command line, reporting that a telnet session could not beestablished. Then an OfficeScan alert message appears, reporting that OfficeScan detected aproblemsuch as a firewall violation or a network virus. Your lab computer is now blocked.
Open the OfficeScan client console, click the Logs tab, select Firewall Logs,and clickView Logsto view details about the event.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 47/56
Administrator Track Exercise 11: Configure OfficeScan Firewall
2010 Trend Micro Inc. 47
Return to the web-based management console and use the Networked Computers >Firewall > Profilespage to disable the Lab Computers profile.
Click the name Lab Computers to edit the profile. Deselect the Enable this profile option and click Save. Assign the profile to clients.
Result
You have tested the policy and profile you created in prior activities. You have disabled the profile you created in Activity 11.2.
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 48/56
7/27/2019 OSCE_10 6_ATL_08August2011_Letter Training Course Lab Textbook August 29 2011_634502343503368818
http:///reader/full/osce10-6atl08august2011letter-training-course-lab-textbook-august-29-2011634502343503368 49/56
dministrator
2010 Trend
E
Track
Micro Inc.
erci
Co
ctivit
Scenari
You havpresidentthe past
To reassantivirusshowingreceive a
Validati
UsinPCCS
In thlab c
Conappe
c
F C
o
o
o
o
o
e 1
put
12.1
o
just been hiis concernend has been
re the compsoftware anhim detailed
email mess
on Checkl
g WindowsRV\Admin\Ut
e From andomputer.
igure the setars.
ccept the de
ecks for thior Method
onfigure No
Select E When the
fields.
In the SM
Edit the Click OK.
:Drs
Man
red as the neabout the nreading abo
any presidenimmediatelinformationage when the
ist