541842

Trend Micro ServerProtect 5 Handleiding

42
Verklein
Vergroot
Pagina terug
1/149
Pagina verder
5
ServerProtect
ServerProtect
Centrally managed virus protection for enterprise-class servers and storage systems
TM
for Windows NT
TM
/ NetWare
TM
TREND MICRO
TM
Getting Started Guide
www.trendmicro.com
Item Code: SPEM51207/20719
Administrator's Guide
ServerProtect 5
for Windows NT
TM
/ NetWare
TM
ServerProtect TM 5
Trend Micro Incorporated reserves the right to make changes to this document and to
the products described herein without notice. Before installing and using the
software, please review the readme files, release notes and the latest version of the
Getting Started Guide, which are available from the Trend Micro Web site at:
www.trendmicro.com/download/documentation/
NOTE: A license to the Trend Micro Software includes the right to product updates,
pattern file updates, and basic technical support for one (1) year from the date of
purchase only. Thereafter, you must renew Maintenance on an annual basis by
paying Trend Micro then-current Maintenance fees to have the right to continue
receiving product updates, pattern updates and basic technical support.
To order renewal Maintenance, you may download and complete the Trend Micro
Maintenance Agreement at the following site:
www.trendmicro.com/license
Trend Micro, ServerProtect, Control Manager, MacroTrap, TrendLabs, and the
Trend Micro t-ball logo are trademarks of Trend Micro Incorporated.
Microsoft, Windows, Windows Server 2003, Windows NT, Windows 2000,
MS-DOS, PowerPoint, Excel, and Microsoft Office are trademarks of Microsoft
Incorporated.
Novell, NetWare, IPX, IPX/SPX, Client32, and NetWare Cluster Services are
trademarks of Novell Incorporated.
Intel, and Pentium are trademarks of Intel Corporation.
All other brand and product names are trademarks or registered trademarks of their
respective companies or organizations.
Copyright © 1996-2003, Trend Micro Incorporated. All rights reserved. No part of
this publication may be reproduced, photocopied, stored in a retrieval system, or
transmitted without the express prior written consent of Trend Micro Incorporated.
Document Part No. SPEM51426/30407
Release Date: April, 2003
Protected by U.S. Patent No. 5,951,698
The Getting Started Guide for Trend Micro™ ServerProtect™ is intended to
introduce the main features of the software and installation instructions for your
production environment. You should read through it prior to installing or using the
software.
Detailed information about how to use specific features within the software are
available in the online help file and online knowledge base at the Trend Micro Web
site.
At Trend Micro, we are always seeking to improve our documentation. If you have
questions, comments, or suggestions about this or any Trend Micro document, please
contact us at docs@trendmicro.com. Your feedback is always welcome. Please
evaluate this documentation on the following site:
www.trendmicro.com/download/documentation/rating.asp
Contents
i
Contents
Chapter 1: Getting Started with Trend Micro ServerProtect
How Does ServerProtect Work? ........................................................ 1-3
How Does ServerProtect Manage Servers? ................................... 1-3
Communication Methods ............................................................... 1-3
ServerProtect Architecture ................................................................. 1-4
The Management Console ............................................................. 1-4
The Information Server .................................................................. 1-5
Information Server Tips .............................................................. 1-5
The Normal Server ........................................................................ 1-6
ServerProtect Domains .................................................................. 1-7
Real-time Scan Versus On-demand Scan (Scan Now) ...................... 1-7
Working with Tasks ........................................................................... 1-8
When ServerProtect Finds a Virus (Virus Actions) ........................... 1-9
Virus Logs ........................................................................................ 1-10
Deploying Updates ........................................................................... 1-11
ServerProtect Virus Detection Technology ..................................... 1-12
Pattern Matching .......................................................................... 1-12
MacroTrap ................................................................................... 1-13
How MacroTrap Works ............................................................ 1-13
Compressed Files ......................................................................... 1-13
Damage Cleanup Services ........................................................... 1-14
OLE Layer Scan .......................................................................... 1-14
IntelliScan .................................................................................... 1-15
ActiveAction ................................................................................ 1-15
When to Select ActiveAction ................................................... 1-16
Mapped Network Drive Scan ...................................................... 1-16
Additional Features .......................................................................... 1-16
Centralized Management ............................................................. 1-17
Enhanced Network Security upon Installation ............................ 1-17
Faster Response to Virus Outbreaks ............................................ 1-17
Flexible Control over Infected Files ............................................ 1-17
NetworkTrap Tool ....................................................................... 1-17
State-of-the-Art Virus Detection Technology ............................. 1-18
Trend Micro™ ServerProtect™ Getting Started Guide
ii
Viewable Scanning Statistics .......................................................1-18
Compatibility ................................................................................1-18
Chapter 2: Installing ServerProtect
Recommended System Requirements ................................................2-2
Normal Server ................................................................................2-2
Information Server .........................................................................2-3
Management Console .....................................................................2-3
Installation Scenarios ..........................................................................2-4
Specifying Your Installation Environment ....................................2-4
A Windows Server 2003/2000/NT Environment ...........................2-5
A NetWare Environment ................................................................2-6
A Mixed Environment—Windows Server 2003/2000/NT and
NetWare .........................................................................................2-7
Managing ServerProtect Across a Wide Area Network ................2-8
Before Installing ServerProtect ......................................................2-9
Installing ServerProtect ......................................................................2-9
Installing the Complete ServerProtect Package .............................2-9
Installing the Management Console .............................................2-13
Installing an Information Server ..................................................2-15
Installing a Normal Server ...........................................................2-18
Installing a Normal Server from the setup program ..................2-19
Installing a Normal Server from the Management Console ......2-23
Deploying ServerProtect through Microsoft SMS .......................2-24
Installing ServerProtect in Silent Mode .......................................2-29
Removing ServerProtect ...................................................................2-31
Removing a Normal Server ..........................................................2-31
Removing a Normal Server for Windows .................................2-31
Removing a Normal Server for NetWare ..................................2-31
Removing an Information Server .................................................2-32
Removing the Management Console ...........................................2-32
Chapter 3: Managing ServerProtect
Using the Management Console .........................................................3-2
Opening the Management Console ................................................3-2
Management Console Main View ..................................................3-2
Main Menu ..................................................................................3-3
Contents
iii
Side Bar ....................................................................................... 3-4
Domain Browser Tree ................................................................. 3-5
Configuration Area ..................................................................... 3-7
Managing ServerProtect Domains ..................................................... 3-8
Creating ServerProtect Domains ................................................... 3-8
Renaming ServerProtect Domains ................................................. 3-9
Deleting ServerProtect Domains ................................................. 3-10
Moving Normal Servers between Domains ................................. 3-11
Managing Information Servers ........................................................ 3-12
Selecting Information Servers ..................................................... 3-12
Managing Normal Servers ............................................................... 3-14
Moving a Normal Server between domains ................................ 3-14
Moving a Normal Server between Information Servers .............. 3-14
Configuring Updates ........................................................................ 3-15
Update Components ..................................................................... 3-15
How Updates work ................................................................... 3-16
Verifying The Current Version of Files ....................................... 3-17
Downloading Updates ................................................................. 3-18
Configuring a Download Source .............................................. 3-18
Using Download Now .............................................................. 3-20
Configuring a Scheduled Download ......................................... 3-20
Configuring Download Settings .................................................. 3-21
Configuring Proxy Server Settings ........................................... 3-22
Deploying Updates ........................................................................... 3-24
Configuring Deploy Now ......................................................... 3-24
Configuring a Scheduled Deployment ...................................... 3-25
Rolling Back the Previous Deployment Action ........................... 3-26
Managing Tasks ............................................................................... 3-28
ServerProtect Task Wizard .......................................................... 3-28
Default tasks ............................................................................. 3-29
Creating Tasks ............................................................................. 3-29
Creating a Scheduled Task ....................................................... 3-31
Specifying a Target for Scan Now ............................................ 3-32
Creating a Default Task ............................................................ 3-32
Opening the Existing Task List ................................................... 3-33
Running an Existing Task ............................................................ 3-34
Modifying an Existing Task ........................................................ 3-35
Trend Micro™ ServerProtect™ Getting Started Guide
iv
Viewing an Existing Task ............................................................3-37
Removing an Existing Task .........................................................3-38
Configuring Notification Messages ..................................................3-39
Standard Alerts .............................................................................3-39
Notification Events ....................................................................3-39
Outbreak Alerts ............................................................................3-41
Setting Alert Methods ...............................................................3-42
Scanning Viruses ..............................................................................3-45
Defining Actions Against Viruses ...............................................3-45
Scanning Profiles .........................................................................3-47
Using Real-time Scan .......................................................................3-49
Configuring Real-time Scan .........................................................3-49
Using Scan Now (Manual Scan) ......................................................3-52
Configuring Scan Now .................................................................3-52
Running the Scan Now Tool on Windows Normal Servers ........3-55
Scheduled Scanning ..........................................................................3-56
Configuring a Scheduled Scan .....................................................3-56
Selecting File Types to Scan ............................................................3-56
Chapter 4: Upgrading ServerProtect Software
Upgrade Considerations .....................................................................4-2
One Information Server Managing One Normal Server ................4-2
One Information Server Managing Several Normal Servers .........4-2
Upgrading from the Management Console ........................................4-2
Updating ServerProtect 5 ...................................................................4-7
Chapter 5: Managing ServerProtect with Trend Micro Control
Manager™
What is Trend Micro Control Manager? ............................................5-2
Installing and Removing Control Manager Agent for ServerProtect .5-4
Obtaining the Public Key ...............................................................5-4
Installing the Agent .....................................................................5-5
Removing the Agent ....................................................................5-6
Control Manager Agent for ServerProtect Features ...........................5-7
Tasks ..............................................................................................5-7
Log Files .........................................................................................5-7
Outbreak Commander ....................................................................5-8
Contents
v
Outbreak Prevention Policy (OPP) ................................................ 5-9
Outbreak Prevention Services ............................................................ 5-9
Chapter 6: Registering and Contacting Technical Support
Technical Support Information .......................................................... 6-1
Trend Micro Security Information ..................................................... 6-2
Registering Trend Micro ServerProtect ............................................. 6-3
Using Knowledge Base ...................................................................... 6-3
Sending Trend Micro Your Viruses ................................................... 6-3
TrendLabs™ ...................................................................................... 6-4
Appendix: Converting the ServerProtect Trial Version
The Software Evaluation Period Window ........................................ A-2
Viewing the Serial Number List ....................................................... A-3
Updating a Serial Number ................................................................. A-5
Index
Trend Micro™ ServerProtect™ Getting Started Guide
vi
1-1
Chapter 1
Getting Started with Trend Micro™
ServerProtect™
ServerProtect is the latest generation of award-winning software for protecting file
servers on corporate networks. It is designed specifically to protect the entire network
from viruses of any kind by adopting advanced virus-catching technology to help
ensure your network stays virus-free. ServerProtect detects new file infections,
identifies viruses in existing files, and detects activity indicating an "unknown" virus
may have entered the network environment on either the server or workstation.
ServerProtect enables network administrators to manage multiple Windows™ Server
2003/2000/NT and Novell™ NetWare™ (NW) servers from a single portable
management console. The console enables administrators to configure servers in the
same domain simultaneously and to generate integrated virus incident reports from
all of them.
By giving administrators a means to configure, monitor and maintain antivirus efforts
through the ServerProtect Management Console, ServerProtect improves and
simplifies the implementation of corporate virus policy; resulting in lower virus
protection costs
The topics included in this chapter are:
How Does ServerProtect Work?
ServerProtect Architecture
Trend Micro™ ServerProtect™ Getting Started Guide
1-2
Real-time Scan vs. On-demand scan (Scan Now)
Working with Tasks
When SeverProtect finds a Virus (Virus Actions)
Virus Logs
Deploying Updates
ServerProtect Virus Detection Technology
Additional Features
Getting Started with Trend Micro™ ServerProtect™
1-3
How Does ServerProtect Work?
ServerProtect monitors all activity on Windows Server 2003/2000/NT and Novell
NetWare networks. Whenever it detects that a file in its domain is being accessed, it
checks the file for infection.
If it finds that the file is infected, it sends notification messages to pre-defined
recipients and takes action on the virus according to the ServerProtect configuration.
The ServerProtect activity log records all of the system’s activities.
ServerProtect lets you design personal scanning profiles -- saving you from having to
re-configure frequently needed settings. You can even assign multiple scanning
options to a profile, and use the profile for special circumstances, for example,
scanning incoming files only.
How Does ServerProtect Manage Servers?
ServerProtect secures your client/server network using a three-tier architecture: the
Management Console, the Information Server (middleware), and the Normal Server.
Together, these components create a powerful, centrally managed, cost effective
antivirus security system.
The Management Console provides a user-friendly, Windows-based interface for
configuring the system’s components. Management Console instructions are sent to
the Information Server, which then passes them on to the Normal Servers.
Communication Methods
The Management Console uses Transmission Control Protocol/Internet Protocol
(TCP/IP) with password-protected logon to communicate with the Information
Server. The Information Server uses both TCP/IP and Remote Procedure Call (RPC)
to connect to Windows Server 2003/2000/NT-based Normal Servers. To connect to
Novell NetWare Normal Servers, the Information Server uses Internetwork Packet
Exchange (IPX™), Sequenced Packet Exchange (SPX™), and IP.
Trend Micro™ ServerProtect™ Getting Started Guide
1-4
ServerProtect Architecture
ServerProtect protects networks through a three-tier architecture: the Management
Console, the Information Server, and the Normal Server. The following illustrates the
relationship between these three components:
FIGURE 1-1. ServerProtect Three-tier Architecture
The Management Console
The ServerProtect Management Console is a portable console which gives network
administrators centralized control of multiple network servers and domains. The
console enables you to simultaneously configure servers in the same domain and
generate integrated virus incident reports for all servers. The console has the
following parts:
Main menu
Side bar (Shortcut bar)
ServerProtect domain browser tree
Configuration area
Getting Started with Trend Micro™ ServerProtect™
1-5
Note: Only one Management Console can manage an Information Server. This means once a
Management Console is connected to an Information Server, no other Management
Consoles can connect to it.
The ServerProtect domain browser tree shows all the ServerProtect servers installed
on Windows Server 2003/2000/NT and Novell NetWare servers with the status of
each server. Status information includes: the version of the virus pattern, scan engine
and program file, type and version of operating system, direction of real-time
scanning, and others. Note that the administrator can configure how all this data is
displayed.
Tip: You can use the Management Console to remotely install one or multiple Normal
Servers. See Installing a Normal Server on page 2-18.
The Information Server
An Information Server is the main communication hub (middleware) between the
Management Console and the Normal Servers it manages. It simplifies control of
Normal Servers by allowing administrators to send instructions and receive
information from remote sites.
WA RNING! An Information Server by itself is defenseless unless a Normal Server is installed
on the same machine.
Information Server Tips
If you are performing the very first ServerProtect installation on your network, you
need to set the destination server as an Information Server, and then configure the
other Normal Servers to join this Information Server.
An Information Server must have at least one member domain for supporting
Normal Servers.
Because an Information Server is simply a delivery system for information, the
number of Normal Servers it can manage is, theoretically, only limited by the
Trend Micro™ ServerProtect™ Getting Started Guide
1-6
available bandwidth. You may, however, choose to moderate the number of
Normal Servers you assign to an Information Server for ease of management.
If you have many servers in different locations, set up an Information Server (IS) in
each location.
Note: Benchmark testing results have showed an Information Server can manage up to 500
Normal Servers. This figure should serve as a reference and might vary depending on
available bandwidth.
The Normal Server
A Normal Server can be any server on a network where ServerProtect is installed.
This is the first line of defense in the ServerProtect architecture and where all the
action takes place. These servers perform the actual antivirus functions of the system,
and are managed by an Information Server.
ServerProtect offers several ways for installing Normal Servers:
Using the setup program. See Installing a Normal Server from the setup program
on page 2-19.
Using the Management Console. See Installing a Normal Server from the
Management Console on page 2-23.
Using Microsoft Server Management Server (SMS). See Deploying ServerProtect
through Microsoft SMS on page 2-24.
Using silent mode. See Installing ServerProtect in Silent Mode on page 2-29.
Each of the listed installation methods can be tailored to your specific company
needs. See Installing a Normal Server on page 2-18.
WA RNING! Since it is time-consuming to install servers individually from the setup program,
Trend Micro recommends that you install your servers from the ServerProtect
Management Console.
Getting Started with Trend Micro™ ServerProtect™
1-7
ServerProtect Domains
ServerProtect domains are virtual groupings of Normal Servers used to simplify their
identification and management. You can create, rename, or delete domains according
to the needs of your network.
Normal Servers in a domain can only be assigned to one Information Server.
Information Servers, on the other hand, can manage several domains.
The most efficient way to manage your network’s protection is to group all servers in
relevant ServerProtect domains. For example, you may create a ServerProtect
domain called "NW" to manage NetWare Normal Servers more efficiently. See
Managing ServerProtect Domains on page 3-8.
WA RNING! ServerProtect domains are not the same as Windows Server 2003/2000/NT
domains; they are simply a logical grouping of Normal Servers running
ServerProtect.
ServerProtect domains have the following features:
Domain filter: Network administrators can set up a filter on an Information Server
to control what can be viewed from the domain browser tree on the Management
Console.
Flexible domain management: Once logged on to the console, IT professionals
can add, rename or move/delete domains according to their preference.
Real-time Scan Versus On-demand Scan (Scan
Now)
ServerProtect features two powerful scan functions, Real-time Scan and Scan Now.
Real-time Scan runs continuously on a server and provides the maximum level of
virus protection. All file I/O events on the server are monitored and infected files are
prevented from being copied to or from the server. See Using Real-time Scan on page
3-49.
Scan Now is a manual virus scan (that is, it occurs immediately after being invoked).
Use Scan Now to check a machine that you suspect may have been exposed to a
Trend Micro™ ServerProtect™ Getting Started Guide
1-8
computer virus or about which you want immediate information. See Using Scan
Now (Manual Scan) on page 3-52.
Tip: To ensure maximum protection, Trend Micro recommends using both Real-time Scan
and Scan Now.
Real-time Scan and Scan Now benefits include:
Redundant File Scan: If a file containing a virus is accidentally downloaded or
copied, Real-time Scan will stop it. However, if for any reason Real-time Scan is
disabled, Scan Now will still detect it.
Efficient File Scan: By default, Real-time Scan is configured to scan files reliably,
while minimizing the impact on system resources. See Scanning Viruses on page
3-45.
Effective and Flexible File Scan: ServerProtect gives IT professionals effective
and numerous scan configuration options to protect their networks based on their
individual needs. See Scanning Viruses on page 3-45.
Working with Tasks
ServerProtect allows IT professionals to create multiple tasks which can be deployed
upon demand or on a scheduled basis.
Use ServerProtect tasks to:
Deploy updates
Run Real-time Scan
Run Scan Now
Purge, Delete, Export, or Print Logs
Generate virus scan statistics
ServerProtect Tasks benefits include:
Simultaneous multiple function deployment
Unattended routine antivirus maintenance procedures on your network
Improved antivirus management efficiency and control over antivirus policy
Getting Started with Trend Micro™ ServerProtect™
1-9
Tasks are assigned to a "task owner" who is responsible for maintaining the task. See
Managing Tasks on page 3-28.
Once you install ServerProtect on a server, three default tasks already exist: Scan,
Statistics, and Deploy. These tasks are essential for managing and monitoring
antivirus activities on your network. You can modify the target servers of these three
default tasks, as well as their definition.
When ServerProtect Finds a Virus (Virus Actions)
ServerProtect lets you configure the kind of action that the software takes on infected
files. You can even choose different courses of action for different kinds of viruses.
There are five possible actions that ServerProtect can take on an infected file:
Bypass/Ignore: For a manual scan, ServerProtect skips the file without taking any
corrective action. However, detection of the virus is still recorded in the program’s
log entries. For Real-time Scan, ServerProtect treats the file as "deny-write",
protecting it from duplication or modification. See Defining Actions Against
Viruses on page 3-45 for more information.
Delete: The infected file is deleted.
Rename: The infected file extension is renamed to .vir. This prevents the file from
being executed or opened. If a file of that name with the .vir extension already
exists, the file will be renamed to .v01, .v02, and so on, until .v99.
Quarantine: The infected file is moved to a folder of your choice. You can also
change the file extension of the moved file to prevent it from being inadvertently
opened or executed.
Clean: Attempt to clean the virus code from the file. Since the cleaning process
sometimes corrupts the file and makes it unusable, you can back up the file before
cleaning.
All virus events and associated courses of action are recorded in the log file. For
more information, refer to the Viewing the infection logs topic in the online help and
Defining Actions Against Viruses on page 3-45.
Note: If you select Clean as the virus action, you can specify a secondary action if the
cleaning process is unsuccessful.
Trend Micro™ ServerProtect™ Getting Started Guide
1-10
Virus Logs
The real power of a centralized antivirus system is its ability to record and present
information regarding the network's antivirus policy from a single console. IT
professionals can easily access information while they are monitoring their network
servers.
ServerProtect provides comprehensive information about scanning, file updating,
and deploying results. Furthermore, ServerProtect saves the information in a log file
which can be either retrieved or exported. For example, you can analyze the scanning
statistics for virus scanning on your network. These statistics include information
such as what the most common viruses are or which users introduced viruses to the
network. In addition, you can export the log information to a database or spreadsheet
application for further analysis.
The default size for the log file is 8000 entries, or up to 10MB. Once the log file
exceeds 8000 entries or 10MB, ServerProtect automatically renames the log file and
creates a new log file.
You can also take action upon the infected files directly from the Scan Result
window, providing you a convenient way to take appropriate actions on a virus
infection event. For more information about log files, please refer to the
ServerProtect online help from the ServerProtect Management Console. For more
information on Virus logs, refer to the Viewing log information and Viewing
Information Server logs topics in the online help.
Getting Started with Trend Micro™ ServerProtect™
1-11
Deploying Updates
Trend Micro update is an upgrade and update deployment module for Trend Micro
antivirus software. It simplifies the maintenance of Trend Micro software and
reduces the total cost of your network’s antivirus security. Because of the number of
viruses that are developed monthly, a successful virus policy depends on the use of
virus pattern files, programs, and scan engines, that can deal with the latest threats.
See Configuring Updates on page 3-15.
Note: Trend Micro releases new versions of these downloadable update files on a regular
basis.
ServerProtect update features include:
Update component selection: You can update a pattern, scan engine or program
file, this way you update what you need.
Unattended scheduled update: You can create scheduled update tasks to update
all Normal Servers while you are asleep.
Flexible file download: You can designate an Information Server to download
updates from the Trend Micro update site, then have other servers obtain the
updated files from it.
Centralized update deployment: You can deploy updates to servers on your
network from the Management console.
Firewall and proxy server compatibility: ServerProtect works with the majority
of existing firewalls and proxy servers.
Update activity logging: Records all update activity in a log file for future
reference.
Update Roll-back option: If you encounter a problem while deploying an update,
you can roll-back a deployed pattern, scan engine or program file to the previous
version.
Updating ServerProtect is a two-step process:
1. Download updates from the Trend Micro update server.
2. Deploy the downloaded updates to other Normal Servers on the network.
Trend Micro™ ServerProtect™ Getting Started Guide
1-12
This highly efficient approach saves download time and minimizes network
bandwidth. See Updating ServerProtect 5 on page 4-7 for additional information.
Tip: You can automate the deployment of updates for Normal Servers by creating a
scheduled update task. See Creating Tasks on page 3-29.
ServerProtect Virus Detection Technology
ServerProtect uses advanced virus detection technology. In this section we feature the
tools which support this state of the art technology and how IT professionals can
benefit from it.
Pattern Matching
Using a process called "pattern matching", ServerProtect draws upon an extensive
database of virus patterns to identify known virus signatures. Key areas of suspect
files are examined for tell-tale strings of virus code and compared against thousands
of virus signatures that Trend Micro has on record.
For polymorphic, or mutation viruses, the ServerProtect scan engine permits
suspicious files to execute in a protected area within which it is decrypted.
ServerProtect then scans the entire file, including the freshly decrypted code, and
looks for strings of mutation-virus code.
If such a virus is found, ServerProtect performs the virus action you previously
specified. ServerProtect virus actions include: clean (autoclean), delete, bypass
(ignore), quarantine (move), or rename.Virus actions can be customized for both boot
viruses and file viruses. See Scanning Viruses on page 3-45.
Note: It is important to keep the virus pattern file up to date. More than a thousand new
viruses are created each year. Trend Micro makes it easy to update the pattern file by
supporting scheduled updates. See
Configuring a Scheduled Download on page
3-20 and Configuring a Scheduled Deployment on page 3-25 for more
information.
Getting Started with Trend Micro™ ServerProtect™
1-13
MacroTrap™
ServerProtect includes patented MacroTrap technology to guard against macro
viruses in Microsoft™ Office files and templates. Macro viruses are the fastest
spreading computer viruses. Since they are harbored in files that are commonly
passed around via email, these kinds of viruses are easily spread. See Configuring
Real-time Scan on page 3-49 for MacroTrap configuration information.
Note: Trend Micro MacroTrap protects network users from receiving and sending macro
viruses.
How MacroTrap Works
The MacroTrap performs a rule-based examination of all Macro code that is saved in
association with a document. Macro virus code is typically contained as a part of the
invisible template (for example., *.dot in Microsoft Word) that travels with the
document. Trend Micro MacroTrap checks the document for signs of a macro virus
by seeking out instructions that perform virus-like activity. Examples of virus-like
activity are copying parts of the template to other templates (replication), or code to
execute harmful commands (destruction).
Compressed Files
Compressed file archives (that is, a single file composed of many separate
compressed files) are the preferred form to distribute files via email and the Internet.
Since some antivirus software are not able to scan these kinds of files, compressed
file archives are sometimes used as a way to "smuggle" a virus into a protected
network or computer.
The Trend Micro scan engine can scan files inside compressed archives. It can even
scan compressed files that are composed of other compressed files -- up to a
maximum of five compression layers.
The Trend Micro scan engine used in ServerProtect can detect viruses in files
compressed using the following algorithms:
PKZIP (.zip) & PKZIP_SFX (.exe)
LHA (.lzh) & LHA_SFX (.exe)
Trend Micro™ ServerProtect™ Getting Started Guide
1-14
ARJ (.arj) & ARJ_SFX (.exe)
CABINET (.cab)
•TAR
GNU ZIP (.gz)
RAR (.rar)
PKLITE (.exe or .com)
LZEXE (.exe)
•DIET (.com)
UNIX PACKED (.z)
UNIX COMPACKED (.z)
UNIX LZW (.Z)
UUENCODE
BINHEX
•BASE64
Note: The Trend Micro scan engine can currently only clean compressed files using the
PKZIP algorithm. If a virus is found in an archive using other algorithms, they must
first be decompressed in a temporary directory, then cleaned.
For compressed file configuration information, refer to Configuring Real-time Scan
on page 3-49, and Configuring Scan Now on page 3-52.
Damage Cleanup Services
Damage Cleanup Services (DCS) detects Trojans, based on their behavior, and
restores modified system files. DCS also terminates Trojan-related processes, and
deletes files that the Trojan "drops" in the system.
OLE Layer Scan
Microsoft™ Object Linking and Embedding (OLE) allows embedding Microsoft
Office™ files within themselves. This means that you could have a Microsoft Word
Getting Started with Trend Micro™ ServerProtect™
1-15
document inside an Excel sheet, and in turn this Excel sheet could be embedded in a
Microsoft™ PowerPoint presentation.
OLE offers a large number of benefits to developers, at the same time it can lead to
potential infection. To address this issue, Trend Micro has added a new scan feature
"OLE layer scan" which complements state-of-the-art ServerProtect virus protection.
See Scanning Viruses on page 3-45.
Tip: OLE layer scan offers five layers of protection. Trend Micro recommends a setting of
2 OLE layers for Scan Now and a setting of 1 for Real-time Scan. A lower setting
will improve server performance.
IntelliScan
IntelliScan is a new method of identifying which files to scan that is both more
secure, and more efficient, than the standard "Scan All files" option.
For executable files (that is, .zip, .exe), true file type is determined from file content.
In the event that a file is not executable (i.e. txt), IntelliScan will use the file header to
verify the true file type. See Scanning Viruses on page 3-45.
The following are just a couple of the benefits IntelliScan offers to administrators:
Performance optimization: Server system resources allotted to scan will be
minimal, thus using IntelliScan will not interfere with other crucial applications
running on the server.
Time saving: Since IntelliScan uses true file type identification, IntelliScan scan
time is significantly less than that of all files scan (this means that only files with a
greater risk of being infected are scanned). This time difference is noticeable when
you use IntelliScan with Scan Now. See Configuring Scan Now on page 3-52.
ActiveAction
ActiveAction is a set of pre-configured scan actions that can be performed on viruses
and other types of malware. ActiveAction can be configured for both Scan Now and
Real-time Scan.
Trend Micro™ ServerProtect™ Getting Started Guide
1-16
When to Select ActiveAction
We recommend you select ActiveAction if you are not familiar with virus actions or
if you are unsure of which scan action is the most suitable for a certain virus.
Viruses vary significantly from one another; this requires appropriate virus actions
for each virus type. Customizing scan actions for file viruses requires knowledge of
viruses and can be a tedious task. For this reason, Trend Micro recommends the use
of ActiveAction.
Some advantages of using ActiveAction versus customized scan actions are:
Time saving: You spend no time customizing virus actions
Worry-free maintenance: ActiveAction uses Trend Micro recommended
scan actions so you can concentrate on other tasks and not worry about making
mistakes
Updateable scan actions: Trend Micro includes new ActiveAction scan
actions with every new pattern. Viruses constantly change how they attack,
thus scan actions should be frequently modified to prevent possible infection.
For ActiveAction configuration information, refer to Defining Actions Against
Viruses on page 3-45.
Mapped Network Drive Scan
ServerProtect can scan one or several network drive(s); the shared network folders
have to be mapped first before selecting this feature. This is helpful because
Real-time Scan scans and protects mapped drives as it does with local drives,
therefore reducing the risk of infection. See Configuring Real-time Scan on page
3-49.
Additional Features
To help IT professionals protect their networks with more flexibility, ServerProtect
includes additional features.
Getting Started with Trend Micro™ ServerProtect™
1-17
Centralized Management
ServerProtect provides a Windows-based console (the Management Console) to help
you manage multiple Windows Server 2003/2000/NT and Novell NetWare servers on
your network. The console is portable and can be run on any 32-bit Windows
machine (except Windows NT 3.51).
Enhanced Network Security upon Installation
During Normal or Information Server installation, you must enter the administrator
user name and password of the selected target servers.
Faster Response to Virus Outbreaks
If a virus tries to infect a file in a shared folder on a machine running ServerProtect, a
message box appears notifying which computer the virus originated from on a
network. This message box also displays the following information: type of scan, the
name of the virus, File, Computer, and User. In addition, it also displays the action
taken on the virus and the source of infection. See Configuring Notification Messages
on page 3-39.
Flexible Control over Infected Files
When ServerProtect detects an infected file, you can choose to restore the file after
cleaning, send suspect or uncleanable files to Trend Micro, delete the backup file
made before cleaning, or return cleaned files to the user via email.
NetworkTrap Tool
Certain viruses actively seek out shared folders (an example of this type of virus is
PE.FunLove.4099) to infect as many connected users as possible. The NetworkTrap
tool lets you share a folder and automatically copies the contents of the Bait folder to
the newly created shared folder (the Bait’ folder contains files that viruses are likely
to infect). This shared folder works with the new virus notification to create an
effective virus trap. For more information on this topic, refer to the NetworkTrap Tool
section in the online help.
Trend Micro™ ServerProtect™ Getting Started Guide
1-18
State-of-the-Art Virus Detection Technology
New configurable scanning tools like ActiveAction, IntelliScan, and OLE layer scan
offer faster and more efficient scanning.
Viewable Scanning Statistics
ServerProtect enables you to efficiently monitor your network antivirus security. It
displays scanning statistics on your network, including the following, for a given
interval: total number of viruses found, top ten viruses found, top ten infected users,
total number of non-cleanable viruses, and more.
Compatibility
ServerProtect is fully compatible with: Microsoft Windows Server 2003, Microsoft
Windows 2000, Microsoft Windows NT, Microsoft Cluster Server, Terminal Server,
and Index Server. It also works with network management tools, such as: Novell
NetWare, Novell NetWare Cluster Service™, Computer Associates™ ARCserve™,
Veritas Backup Exec™, St. Bernard Software™ Open File Manager™, NTP
Software™ Quota Manager™, Citrix® MetaFrame™, and Citrix WinFrame™. It
also supports Network File System (NFS) drivers, and SOCKS 4 for Trend Micro
update server.
2-1
Chapter 2
Installing ServerProtect
This chapter includes the necessary information to successfully install ServerProtect
on your network(s).
Note: You must log on with administrator privileges in order to install an Information Server.
The topics included in this chapter are:
Recommended System Requirements
Installation Scenarios
Installing ServerProtect
Removing ServerProtect
Trend Micro™ ServerProtect™ Getting Started Guide
2-2
Recommended System Requirements
The recommended system requirements are different for each ServerProtect
component.
Normal Server
200MHz Intel™ Pentium™ III processor or faster (or equivalent)
Operating System:
Microsoft™ Windows™
Microsoft Windows Server 2003. Minimum 128MB RAM.
Microsoft Windows 2000 Professional/Server with SP1. Minimum
128MB RAM.
Microsoft Windows NT Server/Workstation 4.0 with SP6 or above.
Minimum 64MB RAM.
Novell™ NetWare™
NetWare 5.1 with SP4. A server-class PC with a Pentium II or higher
processor. Minimum 128MB RAM.
NetWare 6.0 with SP2. A server-class PC with a Pentium II or AMD K7
processor. Minimum 256MB RAM.
Novell Cluster Services™
Novell Cluster Services 1.01 for NetWare 5.1. Two server-class PCs with
a 550MHz Pentium III or higher processors. Minimum 1024MB RAM.
Note: For NetWare users: a Windows Server 2003/2000/NT machine must be
installed as an Information Server to manage the NetWare server(s).
70MB of free disk space
The following network protocols and services must be installed: TCP/IP, Microsoft
Network, and RPC services must be running on Windows Server 2003/2000 or NT
Server/Workstation. IP, IPX or IPX/SPX must be running on the installed NetWare
server.
Installing ServerProtect
2-3
Information Server
450MHz Intel™ Pentium™ III processor or faster (or equivalent)
Operating System:
Microsoft Windows Server 2003
Microsoft Windows 2000 Professional/Server (if to be used in conjunction
with NetWare Normal servers, requires Novell Client32™ for Windows
2000/NT).
Microsoft Windows NT Server/Workstation 4.0 with SP6
256MB RAM and above is recommended
70MB free disk space
90MB free disk space (if installing with Control Manager agent)
The following network protocols and services must be installed: TCP/IP, Microsoft
Network, NWLink, IPX, IPX/SPX, NetBIOS Compatible Transport Protocol,
NetWare Gateway Service and RPC services for NetWare and RPC services.
Management Console
Operating System:
Windows Server 2003
Windows XP Home/Professional
Windows 2000 Professional/Server with SP1
Windows NT 4.0 Server/Workstation with SP6
Windows Me/98/95
A monitor with 800 x 600 or higher resolution
The following network protocols and services must be installed: TCP/IP, Microsoft
Network, and RPC Services.
Trend Micro™ ServerProtect™ Getting Started Guide
2-4
Installation Scenarios
This section will help you select the most appropriate scenario to install
ServerProtect on your network(s). The following scenarios focus on Local Area
Networks (LANs), although it is also possible to manage ServerProtect across Wide
Area Networks (WANs) such as, corporate intranets, using TCP/IP. See Managing
ServerProtect Across a Wide Area Network on page 2-8.
The installation scenarios for installing ServerProtect are:
A Windows Server 2003/2000/NT Environment
A NetWare Environment
A Mixed Environment—Windows Server 2003/2000/NT and NetWare
Specifying Your Installation Environment
Trend Micro ServerProtect supports both Windows Server 2003/2000/NT
servers/workstations and Novell NetWare servers. Each installation scenario requires
following different procedures.
If you are installing ServerProtect on your network for the first time, you must set the
destination server as an Information Server, then configure the Normal Servers to
join it. An Information Server must have at least one ServerProtect domain to
manage its Normal Servers. See ServerProtect Domains on page 1-7.
Note: If you have many servers concentrated in different geographical locations, set up an
Information Server (IS) in each location. See
Information Server Tips on page 1-5
for Information Server tips.
Installing ServerProtect
2-5
The following table shows the different installation environments for each
ServerProtect setup component.
TABLE 2-1. ServerProtect Installation Environments
A Windows Server 2003/2000/NT Environment
If you are installing ServerProtect for the first time, and all the servers on your
network are running Windows Server 2003/2000/NT, the installation is quite straight
forward.
To deploy ServerProtect in a Windows Server 2003/2000/NT environment:
1. Install the Information Server. See Installing an Information Server on page 2-15.
2. Install the Normal Server on the Information Server computer. See Installing a
Normal Server from the setup program on page 2-19.
3. Install the Management Console on the Information Server computer.
See
Installing the Management Console on page 2-13. You can install additional
Management Consoles on any Windows Server 2003/XP/2000/NT 4.0/Me/98/95
computer connected to your network.
Tip: Only one Management Console can manage an Information Server at any given
time.
4. Update ServerProtect pattern, scan engine, and program files. See Configuring
Updates on page 3-15.
ServerProtect
Setup Component
Windows
XP/Me/98/95
Windows
Server 2003
2000/NT
NetWare
Information Server No Yes No
Normal
Server
No Yes Yes
Management
Console
Yes Yes No
Trend Micro™ ServerProtect™ Getting Started Guide
2-6
5. Create additional ServerProtect domains to manage your Normal Servers. See
Creating ServerProtect Domains on page 3-8.
6. Install the remaining Windows Server 2003/2000/NT Normal Servers using the
Management Console. See Installing a Normal Server from the Management
Console on page 2-23.
Steps 1, 2 and 3 can be executed simultaneously during initial Setup.
A NetWare Environment
If you are installing ServerProtect to a NetWare environment, you must have one
Windows Server 2003/2000/NT server/workstation to install an Information Server
and the Management Console.
Note: Normal Servers need to detect the Information Server that will manage them. So you
begin your setup by installing the Information Server on a Windows-based server.
To deploy ServerProtect in a NetWare environment:
1. Install the Information Server. See Installing an Information Server on page 2-15.
2. Install the Normal Server on the Information Server computer. See Installing a
Normal Server from the setup program on page 2-19.
3. Install the Management Console on the Information Server computer. See
Installing the Management Console on page 2-13.
4. Install the Normal Server on a NetWare server on the network. See Installing a
Normal Server from the setup program on page 2-19.
5. Update ServerProtect pattern, scan engine, and program files. See Configuring
Updates on page 3-15.
6. Create additional ServerProtect domains to manage your Normal Servers. See
Creating ServerProtect Domains on page 3-8.
7. Install the remaining NetWare Normal Servers using the Management Console.
See Installing a Normal Server from the Management Console on page 2-23.
Installing ServerProtect
2-7
Steps 1, 2 and 3 can be executed together during initial Setup. Perform the NetWare
Normal Server installation after the Information Server installation has been
completed.
A Mixed Environment—Windows Server 2003/2000/NT and
NetWare
If you are installing ServerProtect to a network that has both Windows Server
2003/2000/NT and NetWare servers, select a Windows Server 2003/2000/NT server
to be the Information Server that manages the Normal Server(s).
The following scenario shows how Normal Servers are grouped under their
respective ServerProtect NT (NT) and NetWare (NW) domains. See how the
three-tier concept is applied controlling ServerProtect from a separate Windows
computer.
FIGURE 2-1. A Mixed Environment Configuration
To deploy ServerProtect in a mixed Windows Server 2003/2000/NT and NetWare
environment:
1. Install the Information Server. See Installing an Information Server on page 2-15.
2. Install the Normal Server on the Information Server computer. See Installing a
Normal Server from the setup program on page 2-19.
Trend Micro™ ServerProtect™ Getting Started Guide
2-8
3. Install the Management Console on the Information Server computer. See
Installing the Management Console on page 2-13. You can install additional
Management Consoles on any Windows Server 2003/XP/2000/NT 4.0/Me/98/95
computer connected to your network.
Note: Only one Management Console can manage an Information Server at a time.
4. Install the Normal Server on a NetWare server on the network. See Installing a
Normal Server from the setup program on page 2-19.
5. Update the ServerProtect pattern, scan engine, and program files. See
Configuring Updates on page 3-15.
6. Create additional ServerProtect domains to manage your Normal Servers. See
Creating ServerProtect Domains on page 3-8.
7. Install the remaining Normal Servers (Windows Server 2003/2000/NT and
NetWare) using the Management Console. See Installing a Normal Server from
the Management Console on page 2-23.
Steps 1, 2 and 3 can be executed together during initial Setup. The NetWare Normal
Server installation should be performed after the Information Server installation has
been completed.
Managing ServerProtect Across a Wide Area Network
ServerProtect can be managed from multiple locations across a WAN, however to
ensure proper network performance Trend Micro suggests installing Information
Servers in the same physical segment of the network as the Normal Servers they
manage.
For example, if you want to manage ServerProtect Normal Servers in Japan from a
Management Console in Germany, we recommend the Information Server(s)
managing the Normal Servers is also in Japan.
Note: To ensure proper network performance install ServerProtect Information Servers in the
same physical segment of the WAN as the Normal Servers they manage.
Installing ServerProtect
2-9
Since the Management Console uses TCP/IP to communicate with Information
Servers, it’s easy to manage ServerProtect from any point inside most company
intranets.
Before Installing ServerProtect
As with any server software installation or upgrade, Trend Micro recommends that
this activity be performed when the impact to users is minimal; that is, outside
business hours, and after a full system backup has been completed.
It is also good practice to install the program on a test server first, so that installation
issues, if any, can be worked out before installation on production servers. Before
installing ServerProtect, make sure you carefully read the Installation Scenarios
section. See Installation Scenarios on page 2-4.
Note: You must be logged on with administrator privileges in order to install ServerProtect.
Installing ServerProtect
If you are installing ServerProtect for the first time, Trend Micro recommends
installing a complete ServerProtect package, including the Management Console,
Information Server, and Normal Server.
This section guides you through the ServerProtect installation process.
Installing the Complete ServerProtect Package
To install the complete ServerProtect package, including the Management Console,
Information Server, and Normal Server execute the setup program on a Windows
Server 2003/2000/NT server/workstation computer. Running the setup program from
Windows XP/98/95/Me machines only allows you to install the ServerProtect
Management Console.
To install the complete ServerProtect package:
1. Insert the Enterprise CD-ROM and run SETUP.EXE. The ServerProtect welcome
screen appears.
Trend Micro™ ServerProtect™ Getting Started Guide
2-10
FIGURE 2-2. ServerProtect Welcome screen
2. Click Next. The Software License Agreement screen appears. You must agree
to the license conditions to proceed with Setup.
FIGURE 2-3. Software License Agreement screen
Installing ServerProtect
2-11
3. Click Ye s . ServerProtect checks your boot sector for viruses.
FIGURE 2-4. Scan Result Information window
4. Click OK to continue installation. The User Information screen appears.
FIGURE 2-5. ServerProtect User Information screen
5. Provide your user information including the product's serial number.
If you do not have the serial number, you can leave the field blank and a 30-day
trial version will be installed instead.
6. Click Next to continue the setup. The Select Components screen appears.
Trend Micro™ ServerProtect™ Getting Started Guide
2-12
FIGURE 2-6. ServerProtect Select Components screen
7. Select the check boxes for the components you want to install. Make sure you
select the adequate components for the desired setup. You can choose hidden
share drives, e.g., C$ or D$, as target folders.
The default installation path is:
<drive>:\Program Files\Trend\Sprotect
Note: To protect the Information Server, Trend Micro recommends you install a
Normal Server on the same computer.
8. Click Next. If you chose to install either a Normal Server or an Information
Server, the Input logon Information screen will appear. Under Logon
Information, type the appropriate data next to the Domain name, User name,
Password, and Confirm Password fields, and then click Next.
Installing ServerProtect
2-13
FIGURE 2-7. Input Logon Information screen
9. Follow the instructions to complete the ServerProtect Setup.
Installing the Management Console
Administrators can remotely manage ServerProtect Normal Servers using the
Management Console. The Management Console is the ServerProtect component
users interact with; it can be installed on the same computer along with the
Information Server and Normal Server or on a different computer.
To install the Management Console:
1. Execute the setup program and complete the necessary steps to provide product
information.
2. At the Select Components screen, select the Install Management Console
check box. See Figure 2-6. You can change the local installation path by clicking
Browse. The Management Console must be installed in a Windows Server
2003/XP/2000/NT 4.0/Me/98/95 environment.
Note: Trend Micro doesn’t support remote installation of the Management Console.
Trend Micro™ ServerProtect™ Getting Started Guide
2-14
3. If you want to be the only one to view the ServerProtect program from the
Windows Start menu, click Personal program folder. Otherwise, click
Common program folder. Click OK. The Start Copying Files window
appears.
4. Click Next to continue with the setup program. Setup starts copying all program
components and starts all services. After all program components have been
copied, the Setup Complete screen appears.
FIGURE 2-8. ServerProtect Setup Complete screen
5. Click Finish. The Select an Information Server window appears.
Installing ServerProtect
2-15
FIGURE 2-9. Select an Information Server screen
6. Select the Information Server the Management Console will control. Do one of
the following:
Select a server from the list
Provide the name of the server
Provide the IP address of the server
Note: If an Information Server resides on a different network segment from the one where
the Management Console is installed, the server will not appear in the list.
7. Click OK to save your changes or click Cancel to close the window without
saving.
Installing an Information Server
The Information Server manages Normal Servers and responds to commands issued
by the Management Console.
To install the Information Server:
1. Execute the setup program and complete the necessary steps to provide product
information.
42

Hulp nodig? Stel uw vraag in het forum

Spelregels

Misbruik melden

Gebruikershandleiding.com neemt misbruik van zijn services uitermate serieus. U kunt hieronder aangeven waarom deze vraag ongepast is. Wij controleren de vraag en zonodig wordt deze verwijderd.

Product:

Bijvoorbeeld antisemitische inhoud, racistische inhoud, of materiaal dat gewelddadige fysieke handelingen tot gevolg kan hebben.

Bijvoorbeeld een creditcardnummer, een persoonlijk identificatienummer, of een geheim adres. E-mailadressen en volledige namen worden niet als privégegevens beschouwd.

Spelregels forum

Om tot zinvolle vragen te komen hanteren wij de volgende spelregels:

Belangrijk! Als er een antwoord wordt gegeven op uw vraag, dan is het voor de gever van het antwoord nuttig om te weten als u er wel (of niet) mee geholpen bent! Wij vragen u dus ook te reageren op een antwoord.

Belangrijk! Antwoorden worden ook per e-mail naar abonnees gestuurd. Laat uw emailadres achter op deze site, zodat u op de hoogte blijft. U krijgt dan ook andere vragen en antwoorden te zien.

Abonneren

Abonneer u voor het ontvangen van emails voor uw Trend Micro ServerProtect 5 bij:


U ontvangt een email met instructies om u voor één of beide opties in te schrijven.


Ontvang uw handleiding per email

Vul uw emailadres in en ontvang de handleiding van Trend Micro ServerProtect 5 in de taal/talen: Engels als bijlage per email.

De handleiding is 2,11 mb groot.

 

U ontvangt de handleiding per email binnen enkele minuten. Als u geen email heeft ontvangen, dan heeft u waarschijnlijk een verkeerd emailadres ingevuld of is uw mailbox te vol. Daarnaast kan het zijn dat uw internetprovider een maximum heeft aan de grootte per email. Omdat hier een handleiding wordt meegestuurd, kan het voorkomen dat de email groter is dan toegestaan bij uw provider.

Stel vragen via chat aan uw handleiding

Stel uw vraag over deze PDF

Uw handleiding is per email verstuurd. Controleer uw email

Als u niet binnen een kwartier uw email met handleiding ontvangen heeft, kan het zijn dat u een verkeerd emailadres heeft ingevuld of dat uw emailprovider een maximum grootte per email heeft ingesteld die kleiner is dan de grootte van de handleiding.

Er is een email naar u verstuurd om uw inschrijving definitief te maken.

Controleer uw email en volg de aanwijzingen op om uw inschrijving definitief te maken

U heeft geen emailadres opgegeven

Als u de handleiding per email wilt ontvangen, vul dan een geldig emailadres in.

Uw vraag is op deze pagina toegevoegd

Wilt u een email ontvangen bij een antwoord en/of nieuwe vragen? Vul dan hier uw emailadres in.



Info