Trend Micro

Support Procedures Brazil 2012

>> This document describes the tools and service available for the Brazil PPE partners

Trend Micro 2012

TABLE OF CONTENTS

1. SELF-SERVICE FOR PRODUCT SUPPORT ................................................................................... 4

2. PREMIUM SERVICES CONNECTION ........................................................................................... 7

3. SERVICE REQUEST TYPE: ............................................................................................................. 8

4. SERVICE REQUESTS PRIORITY, URGENCY, SEVERITY AND SLO’S ................................. 13

5. BUSINESS OPERATION HOURS AND CONTACTS INFORMATION ..................................... 14

6. CASE HANDLING GUIDELINES FOR SUPPORT (PRODUCT AND MALWARE) ................. 15

7. ESCALATION MANAGER (EM) ................................................................................................... 17

8. LIST OF IMPORTANT URLS ......................................................................................................... 18

9. CDT APPENDIX .............................................................................................................................. 19

10. GLOSSARY OF TERMS ................................................................................................................. 19

1. SELF-SERVICE FOR PRODUCT SUPPORT

IMPORTANT: What to do before opening a new Product Support Case

CHECK FOR PRODUCT UPDATES:

• All products must be updated to the latest available Patch or Service Pack

• Product Updates are available at downloadcenter.trendmicro.com in the Service Pack and Patches Tabs

as shown in the image below:

CHECK SYSTEM REQUIREMENTS:

• Ensure the hardware and operating system is compliant to all products requirements.

• This information is available in the product's Readme.txt file of the product located in the more details

section of the product at downloadcenter.trendmicro.com

CHECK HOTFIX LIST (CHANGE HISTORY):

• The HOTFIX LIST file is a list of all the HOTFIXES available for a product.

� You can review this list to check if your problem is already a known and solved issue related to a

product bug, if you need a specific hotfix you should request it by a PSC case.

• There is a HOTFIX LIST (Change_History) file for each product and it can be found in the Download

section in the community.trendmicro.com.br

CHECK PREMIUM KNOWLEDGEBASE (KB):

• Check the KB for a solution related to the issue you’re encountering

� Premium KB esupport.trendmicro.com

If a Knowledge Base Solution requires a HOTFIX download it from the

community.trendmicro.com.br in the products section, (Access credentials are required)

CHECK SUBMISSION CHECKLISTS:

• Submission Checklists are used to determine what information is important to collect and analyze for

a certain problem on a product.

� The Partner Support Engineer can use the checklists as a guide for troubleshooting the problem.

• The checklist information should be submitted with the case to increase Solution Cycle Time or for

immediate case escalation to Product Specialists.

• The Submission Checklists are located in the Download section at the community.trendmicro.com.br

CHECK BEST PRACTICES GUIDES

• Best Practices Guides provide important information for product installation, configuration and

customization guidelines.

• When this materials are available, they can be downloaded from the community.trendmicro.com.br

CHECK ADMINISTRATOR AND SUPPORT TRACK MATERIALS:

• You should refer to Administrator Track (L2 or TCSP) and Support Track (L3 or TCSM) material for

Troubleshooting information

� Administrator Track materials can be downloaded from the Certification System at

trendmicro.cyberu.com (if you don´t have account please refer to Learning Management System

File 2012)

� Go to Knowledge tab and find the product material

� Support Track (L3) materials can be provided by request

� These documents are NOT available for download. A request for any Support Track document

must be submitted to the Technical contact.

2. PREMIUM SERVICES CONNECTION

HOW TO OBTAIN PSC ACCOUNT

� Each PSC user must have its own account.

� Account sharing or generic accounts are not allowed, Trend Micro can delete any account if it isn’t

well used

To get access to PSC, the partner engineer must do the following:

1. Study this document (PSE Support Tools and Procedures)

2. Log in to: trendmicro.cyberu.com

3. If you don’t have an account, register with your partner domain account and wait the activation

4. In the search field type: “support procedures”

5. Select the Support Procedures for LAR PSE Brazil

6. Launch and answer the exam

7. When you have completed (approved) the exam, send an email with the screenshot of the approval of

the exam to Daniel_Ribeiro@trendmicro.com

8. Once you’re activated, you will receive an email from Premium Services Connection with your access

credentials (User and password) and you’ll be able to login, submit and manage cases, as well as use

other PSC features like Premium Knowledge Base.

3. SERVICE REQUEST TYPE:

PRODUCT SUPPORT

Product Service Request – For assistance with product related questions.

Feature Enhancement – Suggestions for product feature enhancement.

Product Support Tools:

- Case Diagnostic Tool for Windows

- Case Diagnostic Tool for Linux

- Case Diagnostic Tool for Solaris

REQUIRED INFORMATION FOR PRODUCT CASE

** ALL SUPPORT COMMUNICATION IS ENGLISH ONLY.

** WE SUGGEST TO ITEMIZE YOUR PROBLEM FOR EASY UNDERSTANDING

REQUIRED FIELDS FOR CASE SUBMISSION ARE:

a. TITLE should include the CUSTOMER NAME within brackets “[ ]”

b. Description: This field must be structured with the following information sections, It is advised to use

short and simple sentences.

i. [PROBLEM/SYMPTHOM DESCRIPTION]

a) The problem description should be explained here (we suggest to itemize)

b) Examples:

� Queuing up to 6500 messages with a delivery delay of 4 hours.

� Hard Disk reaching full capacity because logs maintenances is not deleting old

information

� Encountering Crash/BSOD when schedule scan starts on systems with Windows Vista SP2.

ii. [PREVIOUS TROUBLESHOOTING STEPS TAKEN]

a) Describe here the actions already performed to troubleshoot or try to solve the issue,

previous to the case submission.

b) Example:

� The SMTP Service was restarted

� The network (ping) and port 25 two-way communication and between IMSVA and Mail

Storage server was checked, OK

� Checked IMSVA Resources: CPU: 25%, Memory: 15%, Queue Partition in use: 2%, Data

Partition in use: 68%, etc

iii. [HOW TO REPLICATE THE PROBLEM/SCENARIO]

a) Describe how the problem can be replicated in a Lab/Test environment.

b) If steps to replicate are not available or unknown, please indicate that there are no available

replication steps.

iv. [ENVIRONMENT DESCRIPTION]

a) Describe here the relevant details of the environment like:

� Operating system details (build, Service Pack, 32 or 64bit, language)

� Hardware details (CPUs, RAM, Hard Disk total and free space, etc)

� If Virtualized, describe the platform and related details

v. [EXPECTED SOLUTION]

a) Describe what is the expectation of response or solution to this case

b) Example:

� First, Please provide immediate assistance to solve performance issue

� Second, Please provide the Root Cause of the issue and a procedure to avoid

encountering it again.

vi. [ATTACHED INFORMATION] – View Appendix CDT

a) Please make a detailed list of the information being attached to the case

b) You can use CDT (Case Diagnostic Tool) to collect logs, but make sure that you manually

collect and provide any additional information described in the Case Submission Checklist of

the product available at the community.trendmicro.com.br in the download sections.

c) Example:

� logs.zip: Contains al CDT Logs + OS Event viewer Logs

� network.zip: network diagram and traffic flow diagram

� Checklist.xlsx: Additional information from the Submission Checklist

� Screenshots.zip: Screenshots of the errors obtained when the issue occurs.

vii. [ADDITIONAL INFORMATION]

a) Add here any additional information that you consider important to share

c. Urgency:

Urgency:

Description:

Critical

Operation - Totally affected infrastructure

Financial Impact – High

Affected employees/users - All or most of them

High

Operation - Partially affected infrastructure

Financial Impact - Medium

Affected employees/users - Key employees

Medium

Operation – Workaround available for affected infrastructure,

Financial Impact - Low

Affected employees/users - Small Groups / common users

Low

Operation - Not affected Infrastructure / testing environment

Financial Impact - None

Affected Employees/Users – None

d. Business Impact Details

• This field is to explain details of the impact that the issue is generating on the customer’s

business operations or in the relationship with the customer.

• If necessary, consider to use Escalation Manager to request higher case priority

e. Emails to CC: If necessary you can add a user from your company to keep him informed

f. Product name: Select the product name. Make sure you choose the right product.

g. Product Version: select your product version

h. Product Language

i. Product Operating System: Select the Operating System of the environment where the issue appears

j. File Name – size limit = 5MB, if this limit is exceeded please use URL field (you can submit files in .rar

or .zip format with password “novirus”)

k. URL: Please if you have an ftp, provide the URL and credentials to your files or use this:

ftp://ftp.trendmicro.com/

user: us-web\customer

password: tmcustomer

THREAT SUPPORT

Threat Service Request - If you suspect your system is infected with malware, please submit ATTK

logs or suspicious file in .rar or .zip format and password “virus”.

Download ATTK -> Upload Files -> Review & Submit

1. Download the appropriate tool below.

2. Execute the tool on the affected system to collect suspicious files.

3. Collect the files created in the \Trend Micro AntiThreat Toolkit\Output folderwith the

filename formatted as YYYY.MM.DD.HHmm.ss_[GUID]

4. Upload the collected file.

Threat Information & Research – To learn more about a specific threat and/or submit a threat info

request

• Threat Search – information about specific threat

• Latest Scan Engines – latest engines

• Top 5 Threats – regional top 5 threats

.

Threat Tools

- Rootkit Buster

- FakeAV Removal Tool (CLI)

- FakeAV Removal Tool (GUI)

URL Reclassification – Submit suspicious or malicious URL's as a 'URL to Verify' service request.

SPAM Submission – SPAM Sample submission

Threat General Inquiry – For general inquiries regarding a threat.

4. SERVICE REQUESTS PRIORITY, URGENCY, SEVERITY AND

SLO’S

Service Request Priority is defined by the problem type selected when submitting a case as shown in the following

table:

Case Type

Problem type Priority SLO

Product Crash/Exception P1 4 SH

Product Performance Issue(Mail queued or system Hang) P1 4 SH

Product Installation and Deployment P2 1 WD

Product Scanning Problem (i.e. Virus not detected) P2 1 WD

Product Engine or Pattern Update (i.e. active update) P2 1 WD

Product Registration Problem P2 1 WD

Product Compatibility Issues with 3rd Party Software P3 1 WD

Product Others P3 1 WD

Malware (Virus) System Infection P1 8 SH

Malware (Virus) False Alarm P1 8 SH

Malware (Virus) Clean Failed P1 8 SH

Malware (Virus) Undetected Samples P2 1 WD

Malware (Virus) URL to Verify P2 1 WD

Malware (Virus) Virus Information Request P3 1 WD

General Questions Feature Request P4 2 WD

General Questions Inquiry P4 2 WD

Important Notes:

� Service Level Objective means the time to expect a first answer from TrendLabs; however, sometimes it

may take longer than expected depending on the workload and required analysis.

� The Urgency field, describes the speed in which the solution is needed. This selection is only

informative, see urgency table above.

� SH means Straight Hours.

� WD means Working Days.

� A P1 case should be updated every day,

� A P2, P3 case should be updated at least every two days

� After an update if no answer is received in a two day period we are going to ask for another update,

after two more days if no update is received again we will wait 1 more day before force-close the case

(2-2-1)

5. BUSINESS OPERATION HOURS AND CONTACTS INFORMATION

NORMAL BUSINESS HOURS SUPPORT

• LTSC is the Brazil Technical Support Center that will handle all Product support cases

• Normal Business hours is from Monday to Friday, from 9:00am to 6:00pm official local time for

Brazil. (GMT -3)

OFF-BUSINESS HOURS SUPPORT

• Only NEW and ENDORSED High Priority (P1) Product cases will be handled by TrendLabs 24x7

Support Team during Off-Business hours

� If support for an OPEN Product case is required during Off-Business Hours, it is needed that

the partner makes the specific request through Escalation Manager to have it ENDORSED to

24x7 Support Team.

• Medium and Low priority (P2-P4) Product cases will be handled during on normal business

support hours as described by the SLO.

CONTACTS INFORMATION

• You can contact the Dispatch Center by phone asking for Brazil Team or for the person you want

to speak to.

• Ask the operator for the person you want to speak to or ask for Dispatch Center.

� PH Dispatch Center: 1-888-6087363

� PH Office (Ask for Dispatch Center) +63 (2) 995-6200

� Skype contact for questions (not product support): ltsc.support

• LTSC Team Manager is Jason Nalzaro

Jason_Nalzaro@trendmicro.com

Phone: +63-2-995-6200 – (Local 2743)

Mobile: +63-917 571 2367

6. CASE HANDLING GUIDELINES FOR SUPPORT (PRODUCT AND

MALWARE)

CASE SUBMISSION:

• Product and Malware case submission must be complete with the required information described

previously

CASE MANAGEMENT AND FOLLOW-UP

• To achieve a better service for the customer, any case submitted must be updated continuously

• When no response is received in a case:

� A first Warning will be sent after 2 days without response

� A second Warning will be sent after 2 days without response

� A third and last Warning will be sent after 1 day without response and the case will be Forced

Closed and Tagged as abandoned within the next 24 hours.

CASE PRIORITIZATION

• For cases where a higher priority is required (Refer to Case Types and Priorities Table), use

Escalation Manager Process to request a Priority increase providing the reason for it.

Typical reasons for Priority increase are:

• Situation is or has turned into Business Critical

• Customer’s operations are at risk

• Customer is strongly dissatisfied, disappointed or angry

• Business Deal is at risk because of the case problem

• Case has been opened to many days without reaching a solution

• Malware Infection

� Outbreak of above 50 machines infected

� Critical machine within customer’s infrastructure is infected

CASE REOPENING

• Case Reopening can be done for cases where the exact same issue occurs again within the

next 10 days after the case was closed.

• Forced Closed (Abandoned) Cases will not be reopened

WEBEX REQUEST

• Redesign Webex Request Guidelines

1. It is required to have a Case submitted to request a Webex

2. Webex request must be done through Escalation Manager Process and explain the

details of the reasons why this session is needed

3. If PH TAM considers it necessary to have a webex in order to give better solution they are

going to request for it.

CASE CLOSING

• To close a case it is required to provide an update indicating the reason why the case is being

closed

1. Solution delivered was successful

2. Customer cannot apply solution

3. The issue no longer appears

4. The product was reinstalled

• If a case has no update for 5 working days the case will be closed following the Case

Management and Follow up procedure

7. ESCALATION MANAGER (EM)

USE ESCALATION MANAGER IF:

• Reopening a closed case is needed

• A case is old and problem remains

• Case is or has turned into a Business Critical situation

• A Feature Request case update is needed

• Support Tools and Process are not useful for any particular situation.

ESCALATION MANAGER OPERATION HOURS

Escalation Manager Service is available during Normal Business Operations Hours Monday to Friday,

9:00am to 6:00pm official local time for Brazil.

• If urgent assistance is needed, use the PH Dispatch Center or call LTSC Team Manager

HOW TO USE ESCALATION MANAGER

To use Escalation Manager it is needed to:

i. Open the Escalation Manager Submission form (Download section at the

community.trendmicro.com.br)

ii. Select Malware Support or Product Support Tab in the Excel file

iii. Fill in all the fields with the relevant information

iv. Send the file to pse@trendmicro.com

8. LIST OF IMPORTANT URLS

PORTAL

URL DESCRIPTION

Trend Community Brasil http://community.trendmicro.com.br Trend Micro and LAR Partner Community

Learning and Certifications

Portal http://trendmicro.cyberu.com

Sales and Administrator Track training

courses, materials and certification

exams

Download Center http://downloadcenter.trendmicro.com All Products Installation files, Service

Packs and Patches

Premium Services

Connection https://premservices.trendmicro.com/

Online Tool to submit and manage

support cases with the LAR Technical

Support Center

Public Knowledge Base http://esupport.trendmicro.com Get Support for Small Business &

Enterprise Products

Threat Encyclopedia http://threatinfo.trendmicro.com Latest information on malware

Malware Blog http://blog.trendmicro.com/ Threat news and information direct from

the experts

CTO Insights Blog http://ctoinsights.trendmicro.com/ Reimund Genes talks about threat

security issues

Public Online Malware

Scanner http://housecall.trendmicro.com free

Mail Abuse http://www.mail-abuse.com ERS: Email Reputation Service Query

Portal

WRS http://global.sitesafety.trendmicro.com Web Reputation Service Query Portal

9. CDT APPENDIX

LOG COLLECTION RECOMMENDATIONS

• You can use the Case diagnostic tool to automatically collect logs and details about the product

and Operating System but be aware that not all information required is collected by CDT.

• Read the Case diagnostic tool Getting Started Guide to learn how to better use it.

• Make sure that logs and any information you provide in a support case reflects or shows

information about the problem at the exact time it happened

� If the issue was not replicated while collecting the logs, the information submitted will

probably be not useful to us and it will be requested to collected again.

• File Splitting must be used when using FTP sites other than the Trend Micro Global FTP External

service.

10. GLOSSARY OF TERMS

P1, P2, P3 and P4: Case Priorities, P1 is the Highest Priority, P4 is the Lowest Priority

PSC - Premium Services Connection: It's a tool for submitting and tracking support service requests.

Service Request: previously known as case, it's the tracking method used to handle each particular

support request

LTSC - Latin America Technical Support Center: Support Services Team who will handle Services Requests

(Products and Virus).

CDT: Case Diagnostic Tool

ATTK Tool: System Information Collector Tool