1. Manuals
  2. Brands
  3. Trend Micro Manuals
  4. Gateway
  5. InterScan M Series
  6. Administrator's manual

Trend Micro InterScan M Series Administrator's Manual

Gateway security appliance
Hide thumbs
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
Table of Contents

Advertisement

Quick Links

Download this manual
InterScan
Gateway Security Appliance M-Series
TM

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the InterScan M Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Trend Micro InterScan M Series

Summary of Contents for Trend Micro InterScan M Series

  • Page 1 InterScan Gateway Security Appliance M-Series...
  • Page 3 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes (if any), and the latest version of the Deployment Guide, which are available from Trend Micro's Web site at: http://www.trendmicro.com/download/documentation/...
  • Page 4 Additional information about how to use specific features within the software is available in the online help file and the online Knowledge Base at the Trend Micro Web site. Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com.

  • Page 5: Table Of Contents

    About This Manual About This Administrator’s Guide ............ xvi Document Conventions ..............xviii Chapter 1: Introducing Trend Micro InterScan Gateway Security Appliance What Is InterScan Gateway Security Appliance? ......1-2 Important Features and Benefits ............1-3 How InterScan Gateway Security Appliance Works ......1-5 Antivirus ..................
  • Page 6 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Basic Deployment ................2-8 Advanced Deployment Scenarios ............2-9 Operation Modes ................2-9 Deployment in a DMZ Environment ...........2-12 Failover Deployment ..............2-14 Deployment Recommendations ............2-17 Deployment Issues ................2-18 Preconfiguring the Appliance ............2-18 Assigning an IP Address ..............2-19 Connecting to the Network ............2-19...
  • Page 7 Contents The Online Help System ..............4-14 Chapter 5: SMTP Services SMTP Services ................... 5-2 Enabling Scanning of SMTP Traffic ..........5-3 Selecting an Alternative Service Port ..........5-3 Configuring SMTP Virus Scanning ..........5-4 SMTP Scanning - Target ............... 5-5 SMTP Scanning - Action ...............
  • Page 8 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Chapter 6: HTTP Services HTTP Services ..................6-1 Enabling Scanning of HTTP Traffic ..........6-2 Selecting an Alternative Service Port ..........6-2 Configuring the Global Access Lists ..........6-3 Configuring HTTP Virus Scanning ............6-5 HTTP Scanning - Target ..............6-6 HTTP Scanning - Action ..............6-12...
  • Page 9 Contents Chapter 7: FTP Services FTP Services ..................7-2 Enabling Scanning of FTP Traffic ..........7-2 Selecting an Alternative Service Port ..........7-3 Configuring FTP Virus Scanning ............7-4 FTP Scanning - Target ..............7-4 FTP Scanning - Action ..............7-6 FTP Scanning - Notification ............
  • Page 10 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Anti-Spam - Target ............8-22 POP3 Anti-Spam - Action ............8-23 Configuring POP3 Anti-Phishing .............8-24 POP3 Anti-Phishing - Target ............8-24 POP3 Anti-Phishing - Action ............8-25 POP3 Anti-Phishing - Notification ..........8-26 Configuring POP3 Content Filtering ..........8-27 POP3 Content Filtering - Target ..........8-28...
  • Page 11 Contents Chapter 12: Analyzing Your Protection Using Logs Logs ....................12-2 Querying Logs .................. 12-3 Configuring Log Settings ..............12-5 Configuring Log Maintenance ............12-6 Manual ..................12-7 Automatic ..................12-8 Chapter 13: Administrative Functions Administration ................. 13-2 Access Control ................. 13-3 Configuration Backup ..............
  • Page 12 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Chapter 14: Technical Support, Troubleshooting, and FAQs Contacting Technical Support ............14-2 Readme.txt ..................14-3 Troubleshooting ................14-4 Frequently Asked Questions (FAQ) ..........14-7 Recovering a Password ..............14-8 Virus Pattern File ................14-9 Spam Engine and Pattern File ............14-10 Hot Fixes, Patches, and Service Packs ...........14-10...
  • Page 13 Spyware ..................... A-4 Trojans ....................A-4 Viruses ....................A-5 Worms ....................A-5 Appendix B: Introducing Trend Micro Control Manager™ Control Manager Basic Features ............B-2 Understanding Trend Micro Management Communication Protocol B-3 Reduced Network Loading and Package Size .......B-3 NAT and Firewall Traversal Support ..........B-4 HTTPS Support ................B-5...
  • Page 14 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Create Folders ................B-22 Understanding Temp ............... B-24 Using Temp ................. B-24 Download and Deploy New Components From Control Manager . B-28 Understanding Update Manager ..........B-28 Understanding Manual Downloads ..........B-29 Configure Scheduled Download Exceptions ......
  • Page 15 Contents Appendix D: Removing the Hard Disk Appendix E: System Checklist Appendix F: File Formats Supported Compression Types ................F-2 Blockable File Formats ..............F-4 Malware Naming Formats ..............F-6 Appendix G: Specifications and Environment Hardware Specifications ..............G-2 Dimensions and Weight ..............G-2 Power Requirements and Environment ..........
  • Page 16 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 17: About This Manual

    Administrator’s Guide. This book contains information about the tasks involved in configuring, administering, and maintaining the Trend Micro InterScan Gateway Security Appliance. Use it in conjunction with the Trend Micro™ InterScan™ Gateway Security Appliance M-Series Deployment Guide, which provides up-front...

  • Page 18: About This Administrator's Guide

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Audience This book is intended for network administrators who want to configure, administer, and maintain InterScan Gateway Security Appliance. The manual assumes a working knowledge of security systems and devices, as well as network administration.
  • Page 19 Appendixes Appendix A, Terminology Appendix B, Introducing Trend Micro Control Manager™ Appendix C, Technology Reference Appendix D, Removing the Hard Disk Appendix E, System Checklist Appendix F, File Formats Supported Appendix G, Specifications and Environment Index xvii...

  • Page 20: Document Conventions

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Document Conventions To help you locate and interpret information easily, the InterScan Gateway Security Appliance M-Series Administrator’s Guide uses the following conventions: Conventions used in the Trend Micro InterScan Gateway Security...
  • Page 21 Chapter 1 Introducing Trend Micro InterScan Gateway Security Appliance This chapter introduces InterScan Gateway Security Appliance and provides an overview of its technology, capabilities, and hardware connections. This chapter includes the following topics: • What Is InterScan Gateway Security Appliance? on page 1-2 •...

  • Page 22: Appliance

    What Is InterScan Gateway Security Appliance? Trend Micro™ InterScan™ Gateway Security Appliance is an all-in-one security appliance that blocks threats automatically, right at the Internet gateway. The appliance provides a critical layer of security against such threats as viruses, spyware, spam, phishing, pharming, botnet attacks, harmful URLs, and inappropriate content, while complementing desktop solutions.

  • Page 23: Important Features And Benefits

    20 lay- ers deep using any of 16 popular compression types. Automatic threat protec- Outbreak Defense — An integral part of Trend Micro's Enter- tion prise Protection Strategy (EPS), which enables Trend Micro devices to proactively defend against threats in their insur- gency before traditional pattern files are available.
  • Page 24 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 1-1. Important Features and Benefits (Continued) ABLE • SMTP, POP3, FTP and SMTP and POP3 scanning support: antivirus, IntelliTrap, HTTP scanning capabili- spyware/grayware detection, anti-spam (including Email ties Reputation Services and Content Scanning for SMTP), anti-phishing, content filtering, and blocking of messages that contain malicious URLs (Web Reputation).

  • Page 25: How Interscan Gateway Security Appliance Works

    Introducing Trend Micro InterScan Gateway Security Appliance How InterScan Gateway Security Appliance Works InterScan Gateway Security Appliance sits between your firewall and your network, acting as a multiprotocol security gateway between the Internet and your business. With security features for SMTP, POP3, HTTP, and FTP, InterScan Gateway Security Appliance acts as a one-stop solution for all your security needs.

  • Page 26: Antivirus

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Antivirus The antivirus security in InterScan Gateway Security Appliance guards every network entry point—from the Internet gateway and network perimeter to email and file servers, desktops, and mobile devices. • Delivers proven virus protection. Uses patterns, heuristics, and other innovative technologies to block viruses, worms, and Trojans.

  • Page 27: Anti-Spam

    Introducing Trend Micro InterScan Gateway Security Appliance Anti-Spam InterScan Gateway Security Appliance stops spam from consuming network resources and wasting employees’ valuable time. The key to its effective protection is the use of adaptable technology that evolves as spamming techniques change and become more sophisticated.

  • Page 28: Content And Url Filtering

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Optionally, you can send customized email notification to the administrator when such an event occurs. Content and URL Filtering The URL filtering security function in InterScan Gateway Security Appliance enables companies to manage employee Internet use and block offensive or non-work-related Web sites.

  • Page 29: Web Reputation

    • Trend Micro considers a URL "a Web threat", "very likely to be a Web threat", or "likely to be a Web threat" if its score falls within the range set for one of these categories.

  • Page 30: The Appliance Hardware

    Use these screws only in conjunction with the rail mounting kit. (See Trend Micro InterScan Gateway Security Appliance M-Series Deployment Guide for details on mounting the device.) These screws alone will not support the weight of the device.

  • Page 31: Lcd Module

    Introducing Trend Micro InterScan Gateway Security Appliance The following table describes each front panel element. 1-2. Front panel elements ABLE Front Panel Elements Description LCD Module The LCD Module comprise the following items: Liquid Crystal Display (LCD) Control panel Reset button...

  • Page 32: Led Indicators

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide LED Indicators The LCD Module has five light-emitting diodes (LEDs) that indicate the OWER , and status, as shown in the figure below. YSTEM ARD DISK UTBREAK 1-3. Possible behavior for each LED indicator...
  • Page 33 Introducing Trend Micro InterScan Gateway Security Appliance MGT Port AC Power Receptacle Serial Connection UID Indicator Fan vent Power Switch USB Ports EXT Port INT Port 1-4. Back panel IGURE The following table describes each back panel element. 1-4. Back panel elements...

  • Page 34: Port Indicators

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Port Indicators InterScan Gateway Security Appliance has three (3) user-configurable copper-based Ethernet ports. Each Ethernet port has two (2) indicator lights that allow you to determine the port’s current state and duplex speed.

  • Page 35: Preconfiguring And Deploying The Appliance

    Introducing Trend Micro InterScan Gateway Security Appliance To understand how the port indicators work when InterScan Gateway Security Appliance is operating in LAN bypass mode, see “LAN Bypass” in the InterScan Gateway Security Appliance Online Help. Note: Loss of power to the InterScan Gateway Security Appliance automatically resets the appliance to bypass mode, so that all data passes through.

  • Page 36: Connecting To The Network

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide static IP address, you will need to use the buttons on the LCD module to set the netmask address, default gateway address, and primary DNS address. You can also designate a host name in this way.

  • Page 37: Testing The Appliance Connectivity

    Trend Micro Web site opens. Perform one of the following: • If you are an existing Trend Micro customer, log on using your logon ID and password in the Returning, registered users section of the page. •...
  • Page 38 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide After the registration is complete, Trend Micro emails you an Activation Code, which you can then use to activate InterScan Gateway Security Appliance. A Registration Key has 22 characters (including the hyphens) and looks like this:...
  • Page 39 Chapter 2 Deployment Options This chapter addresses basic and advanced deployment options. For instructions on mounting the physical device, see the Trend Micro InterScan Gateway Security Appliance M-Series Deployment Guide. This chapter includes the following topics: • Deployment Topologies on page 2-4 •...

  • Page 40: Overview

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Overview This chapter provides guidance on deploying the InterScan Gateway Security Appli- ance in the most common network topology as well as in more advanced topologies. Note: InterScan Gateway Security Appliance is not a firewall or a router. Always deploy the appliance behind a firewall or security device that provides adequate NAT and firewall-type protection.

  • Page 41: Deployment Options

    Deployment Options In a basic deployment of the appliance in the most common network topology, the appliance sits between the network servers and the firewall, as shown in figure 2-2: Internet Network switch or router Firewall InterScan Gateway Security Appliance LAN switch, router, or hub Mail server FTP server...

  • Page 42: Deployment Topologies

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Deployment Topologies This section discusses the following types of deployment topologies: • Single network segment • Multiple network segments Deploying in a Single Network Segment figure 2-3 on page 2-4, the network devices all belong in one network segment. All devices, including clients have Class A IP addresses.

  • Page 43: Deploying In A Network With Multiple Segments

    Deployment Options If the appliance is deployed between a router and core switch within the same network segment, the appliance can directly connect to the router or clients. If a client issues a request to a server, the appliance receives the client’s outgoing connection through TCP handshake.
  • Page 44 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 219.219.2.19 10.2.211.136 192.168.1.254 192.168.1.1 192.168.1.100 InterScan Appliance Core Router Server Internet switch Client Problem: Without knowing the static IP routes, the appliance does not know where to forward traffic. Therefore, the appliance forwards...
  • Page 45 Deployment Options 219.219.2.19 192.168.1.254 192.168.1.100 192.168.1.1 10.2.211.136 InterScan Appliance Core Router Server Internet switch Client Client Core switch/default gateway of the appliance Default gateway of clients Legend = Traffic between the appliance and the clients = Traffic between the appliance and the Internet 2-5.

  • Page 46: Basic Deployment

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 2-6. You can set static routes from the Web console IGURE (Administration > IP Address Settings, Static Routes tab) Refer to Deployment Recommendations on page 2-17 for tips to help minimize issues in a multi-segment environment.

  • Page 47: Advanced Deployment Scenarios

    Deployment Options Advanced Deployment Scenarios In addition to the basic deployment scenario, administrators can deploy InterScan Gateway Security Appliance: • In two transparent proxy modes: • Transparent proxy mode • Fully transparent proxy mode • In a DMZ environment • In conjunction with a load-balancing device •...
  • Page 48 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The appliance supports two transparent proxy modes (“operation modes”): • Transparent proxy mode • Fully transparent proxy mode The major difference between transparent and fully transparent proxy modes is the “actual transparency” of the appliance with the destination server. The appliance creates an independent connection to the destination server.
  • Page 49 Deployment Options When a client initiates a request, the request passes through the switch that is the default gateway for clients in this segment. The appliance accepts the request through the INT port, which redirects traffic to the corresponding proxy handler. After the proxy handler processes the request, the appliance delivers the packet to the destination server through the router (the default gateway of the appliance).

  • Page 50: Deployment In A Dmz Environment

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Figure 2-8 below illustrates how the appliance processes traffic in fully transparent proxy mode. Source IP: Source IP: 10.2.211.136 Source IP: port port 10.2.211.136 10.2.211.136 proxy handlers 10.2.2.23 Switch Router Internet...
  • Page 51 Deployment Options Because a DMZ is a network area (a subnetwork) that sits between an organization's internal network and an external network, two appliances are necessary to protect both areas. See figure 2-9 for an illustration of a deployment with two appliances deployed as mentioned above.In the illustration, the company LAN is the area with a gray border and the DMZ is the area with a red border.

  • Page 52: Failover Deployment

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Failover Deployment If deploying two InterScan appliances, you can deploy them in such a way that if the connection to one appliance is broken, the second appliance takes over the load of the first appliance.
  • Page 53 Deployment Options Failover Deployment Scenario To achieve such a function, deploy two InterScan appliances between two load-bal- ancing devices, as shown in figure 2-10. Internet Network switch or router Firewall Layer 4 network switch (load balancer) #1 InterScan InterScan appliance appliance Layer 4 network switch (load balancer) #2...
  • Page 54 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide WARNING! In order for this kind of “failover” to work, LAN bypass must be disabled (enabled by default) and Link state failover must be enabled (disabled by default). LAN Bypass and Link State Failover Settings In the Preconfiguration console, LAN bypass must be disabled and Link state failover must be enabled in order for a load-balancing “failover”...

  • Page 55: Deployment Recommendations

    Deployment Options Deployment Recommendations Figure 2-11 below shows the recommended deployment setup for the appliance. Switch Router Internet Client Proxy server 2-11. Recommended position of InterScan Gateway Security IGURE Appliance and other network devices in single- or multi-segment environments To minimize issues and speedily complete deployment, deploy the appliance: •...

  • Page 56: Deployment Issues

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Deployment Issues This release has the following limitations: • VLAN is not supported in either transparent or fully transparent proxy mode. Some network devices use VLAN to separate network layers. This use causes modified VLAN tags.

  • Page 57: Assigning An Ip Address

    Deployment Options Assigning an IP Address Assign an IP address in any of three ways: • [Recommended] A DHCP server automatically assigns a dynamic IP address to the appliance during deployment. This is the preferred method. Normally, there is one DHCP server per subnet; however, you can use a DHCP relay agent to support multiple subnets.

  • Page 58: Testing The Appliance Connectivity

    Trend Micro Web site opens. Perform one of the following: • If you are an existing Trend Micro customer, log on using your logon ID and password in the Returning, registered users section of the page. •...
  • Page 59 I accept the terms of the license agreement. On the Confirm Product Information page, click Continue Registration. Fill out the online registration form, and then click Submit. Trend Micro will send you a confirmation message that you need to acknowledge by clicking OK.
  • Page 60 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 61: Chapter 3: How Interscan Gateway Security Appliance Works

    Chapter 3 How InterScan Gateway Security Appliance Works The chapter provides an overview of how the appliance protects your network from a range of Internet-borne security risks. The topics discussed in this chapter include: • The Range and Types of Internet Threats on page 3-2 •...

  • Page 62: The Range And Types Of Internet Threats

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The Range and Types of Internet Threats Over the years, as the Internet has developed, so too has the creation of a wide range of Internet threats, collectively known as “malware.” There are thousands of known viruses, and virus writers are creating more each day.

  • Page 63: How Interscan Gateway Security Appliance Protects You

    How InterScan Gateway Security Appliance Works How InterScan Gateway Security Appliance Protects You InterScan Gateway Security Appliance is designed to protect you against these and other Internet threats, utilizing software technologies that work in conjunction with the appliance hardware to automate security, while allowing custom management and targeted administration of device settings.

  • Page 64: Ethernet Network Interfaces

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The Primary Functional Components Virus scan filtering Content module** Anti-spam Mail Antivirus* SMTP notification IntelliTrap POP3 module Anti-spyware HTTP Anti-phishing Ethernet network Anti-pharming interfaces URL filtering File blocking Delete Web Reputation...

  • Page 65: Content Filtering

    InterScan Gateway Security Appliance halts malicious payloads before they can enter your network. The Web Console Trend Micro provides easy administration and management of InterScan Gateway Security Appliance through a Web console, accessible from any machine outfitted with a compatible Web browser. Compatible browsers are: •...
  • Page 66 To address this problem, the anti-spam function in InterScan Gateway Security Appliance helps reduce the occurrence of spam email. Trend Micro anti-spam, using a spam engine, Approved and Blocked Senders lists, spam pattern file, and Email Reputation Services works in conjunction with the Inter- Scan Gateway Security Appliance to scan for and filter spam.
  • Page 67 End users can access the spam folder to open, read, or delete suspect spam messages. The Trend Micro Anti-Spam Engine The anti-spam engine in InterScan Gateway Security Appliance uses spam patterns and heuristic rules to filter email messages.
  • Page 68 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide An administrator cannot modify the method that the anti-spam engine uses to assign spam scores but can adjust the detection levels that the anti-spam engine uses to decide which messages to treat as spam.
  • Page 69 How InterScan Gateway Security Appliance Works Note: Administrators set up Approved Senders and Blocked Senders lists in InterScan Gateway Security Appliance. End users can also set up Approved Senders lists using End User Quarantine. If an end user approves a sender, but the sender is on the administrator's Blocked Senders list, InterScan Gateway Security Appliance will block messages from that sender and classify them as spam.
  • Page 70 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide InterScan Gateway Security Appliance does not support wildcard matching on the username part. However, if you type a pattern such as “*@trend.com”, InterScan Gateway Security Appliance still treats it as “@trend.com”. This feature applies to the user-defined Approved Senders and Blocked Senders.
  • Page 71 How InterScan Gateway Security Appliance Works Logging in to the Email Reputation Services Site You can fine-tune ERS settings by logging in to the ERS site and making your changes there. To fine-tune Email Reputation Services: Visit the following URL: https://nrs.nssg.trendmicro.com Log in to Email Reputation Services with your InterScan Gateway Security Appliance Activation Code.
  • Page 72 InterScan Gateway Security Appliance. During a scan, the Trend Micro scan engine works together with the virus pattern file to perform the first level of detection, using a pro- cess called pattern matching.
  • Page 73 How InterScan Gateway Security Appliance Works InterScan Gateway Security Appliance supports virus scanning for SMTP, POP3, HTTP, and FTP protocols, as well as the following features: • The ability to enable or disable scanning of certain protocols • The ability to configure scanning for different file types •...
  • Page 74 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide IntelliTrap uses the following components when checking for bots and other malicious programs: • Trend Micro virus scan engine and pattern file • IntelliTrap pattern and exception pattern Anti-Spyware Spyware/grayware often gets into a corporate network when users download legiti- mate software that has grayware applications included in the installation package.
  • Page 75 Because the Internet fraud known as phishing has become an increasing problem on the Internet, Trend Micro designed the anti-phishing function in InterScan Gateway Security Appliance to protect LAN users from inadvertently giving away sensitive information as part of a phishing attack. Anti-phishing monitors: •...
  • Page 76 As noted in the introduction to this chapter, the fraud known as pharming has become an increasingly treacherous way to commit identity theft on the Internet. Therefore, Trend Micro has designed the anti-pharming feature to protect LAN users from inad- vertently giving away sensitive information as part of a pharming event.
  • Page 77 URL filtering log. You can export the contents of the log for inclusion in reports. The URL filtering function in InterScan Gateway Security Appliance uses the following components when checking a URL: • Trend Micro URL rating database • Category filter list •...
  • Page 78 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The predefined list of file types that the appliance can block includes: • Audio/Video • Compressed • Executable • Java • Microsoft documents Note: See “Appendix C: File Blocking - File Formats” for a complete listing of files that can be blocked by InterScan Gateway Security Appliance.
  • Page 79 When TrendLabs receives information that a new outbreak is developing anywhere in the world, it quickly develops a response to it called an Outbreak Prevention Policy. Trend Micro ActiveUpdate servers then deploy the Outbreak Prevention Policy to InterScan Gateway Security Appliance. The Outbreak Prevention Policy remains in effect for the administrator-specified amount of time or until TrendLabs develops a complete solution to the threat.
  • Page 80 • Returns the system to an active and clean state Two versions of DCS are available at no charge, one for Trend Micro customers, and one for the general public. You can download Damage Cleanup Services from the following Web site: http://www.trendmicro.com/download/product.asp?productid=48...

  • Page 81: Email Notification

    The appliance can also notify TrendLabs of potential threats—for example, a phishing URL—thereby enabling Trend Micro to verify the accuracy of the potential threat, classify it within the TrendLabs databases, and if need be, take systematic action against the threat.
  • Page 82 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 83: Chapter 4: Getting Started With Interscan Gateway Security Appliance

    Chapter 4 Getting Started with InterScan Gateway Security Appliance This chapter describes how to access InterScan Gateway Security Appliances from the Web console, view system information, deploy system components, and modify device settings. The topics discussed in this chapter include: •...

  • Page 84: Preliminary Tasks

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Preliminary Tasks The InterScan Gateway Security Appliance is designed to provide good default pro- tection from the moment you install it on your network. After installation, however, you should perform a number of tasks to ensure that everything is set up and working optimally and that you are making full use of its many features.

  • Page 85: Accessing The Web Console

    Getting Started with InterScan Gateway Security Appliance Accessing the Web Console Trend Micro has provided easy access to InterScan Gateway Security Appliance through a Web console, which is accessible from any machine with a compatible Web browser. To access InterScan Gateway Security Appliances: Open a compatible Web browser.

  • Page 86: The Summary Screen

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Note: Once you access the Web console, you have continual access to the InterScan Gateway Security Appliance as long as you are making changes. If there is no activity, the appliance automatically logs you out after 20 minutes to maintain security.

  • Page 87: Outbreak Prevention Service

    Getting Started with InterScan Gateway Security Appliance Outbreak Prevention Service 4-2. Summary Screen – Top Part IGURE Outbreak Prevention Service displays information about the status of Outbreak Prevention Services (OPS) on your network and about the current threat that OPS is protecting against.
  • Page 88 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To perform a manual update: Select all of the components to update and then click the Manual Update link. The Manual Update > Update in Progress indicator appears. 4-3. Update in Progress IGURE When the Update in Progress indicator has finished, the Manual Update >...
  • Page 89 Getting Started with InterScan Gateway Security Appliance 4-4. Manual Update > Select Components to Update IGURE Click Update to update the appliance. The Update in Progress indicator reappears while the appliance updates. [Optional] Click Rollback to roll back the appliance to the last update. Note: Rollback allows an administrator to roll InterScan Gateway Security Appliance back to the last Update.

  • Page 90: Antivirus

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Antivirus 4-5. Summary Screen – Second Three Panels IGURE Antivirus provides virus/malware detection (including IntelliTrap) statistics from SMTP/POP3/HTTP/FTP traffic, including: • Infected files cleaned • Infected files quarantined • Infected files deleted or blocked •...

  • Page 91: Intellitrap

    Getting Started with InterScan Gateway Security Appliance • Spyware/grayware removed • Spyware/grayware passed • Total files scanned IntelliTrap IntelliTrap detects malicious code such as bots in compressed files. IntelliTrap pro- vides detection statistics from SMTP/POP3 traffic, including: • Infected files deleted or blocked •...

  • Page 92: Anti-Spam: Email Reputation Services

    Total number of messages received Web Reputation: HTTP Web Reputation for HTTP evaluates the potential security risk of any requested URL by querying the Trend Micro Web security database. Web Reputation for HTTP pro- vides statistics for URLs that have been filtered, including: •...

  • Page 93: Others

    Getting Started with InterScan Gateway Security Appliance Others The Others section provides statistics for detected phishing mail, pharming URLs, content filtering, and file blocking, including: • Pharming incidents detected • Phishing incidents detected • Number of times that the appliance filtered content and detected information that met the SMTP and POP3 content filtering criteria •...

  • Page 94: Navigating The Web Console

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Navigating the Web Console Click SMTP > Scanning > Incoming in the navigation menu to display the sample screen below. The Target tab appears. Active menu item Tabs Logout link Online Help...
  • Page 95 Getting Started with InterScan Gateway Security Appliance The Web console is designed for easy navigation, providing • A navigation menu on the left with menu and submenu items that provide access to Settings screens. To access a menu item in the navigation menu, click the name of that item.

  • Page 96: The Online Help System

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The Online Help System The InterScan Gateway Security Appliance online help system consists three major kinds of help, listed here from the specific to the general: • Field-specific “embedded help” •...
  • Page 97 Getting Started with InterScan Gateway Security Appliance Console-Based Help Console-based help includes both screen-level help entries and other, more concep- tual information organized in a left-side table of contents. Access this Help system from the Help drop-down menu on the right side of the Web console the title bar, as illustrated in figure 4-9, below.
  • Page 98 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 4-11. Online Help – Configuration Screen IGURE Click MORE>> to display additional text on any page for more details about that item.
  • Page 99 Help page for that context. Select other menu items in the online Help drop-down menu to obtain information from the Trend Micro Knowledge Base, to obtain Security Information (for example, current Security Advisories), to contact Sales and Support, or to obtain version, build, and copyright information.
  • Page 100 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 101 Chapter 5 SMTP Services This chapter describes the SMTP scanning services in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Enabling Scanning of SMTP Traffic on page 5-3 • Configuring SMTP Virus Scanning on page 5-4 • Configuring SMTP Anti-Spyware on page 5-11 •...

  • Page 102: Smtp Services

    Option to clean, delete, remove, pass, or quarantine infected files • Size filtering • Ability to insert customized notification stamps in messages Trend Micro Anti-Spam Engine (TMASE) is an anti-spam engine built into the appliance that works even if Email Reputation Services is not enabled.

  • Page 103: Chapter 5: Smtp Services

    SMTP Services Enabling Scanning of SMTP Traffic The appliance can only scan SMTP traffic if that feature has been enabled. The fea- ture is enabled by default.You can enable or disable SMTP scanning on the main SMTP screen. 5-1. SMTP - Enable IGURE To enable scanning of SMTP traffic: On the left-side menu, click SMTP.

  • Page 104: Configuring Smtp Virus Scanning

    Log on to the Web console to make any further changes. Tip: If you are changing the SMTP service port as a security measure against hackers, Trend Micro recommends that you use the less commonly used ports (those above 6000). Configuring SMTP Virus Scanning Configuring virus scanning of SMTP traffic is a three-step process.

  • Page 105: Smtp Scanning - Target

    SMTP Services SMTP Scanning - Target 5-2. SMTP > Scanning (Incoming) - Target IGURE To configure the virus scanning Target(s) for SMTP traffic: From the left-side menu, click SMTP > (Incoming or Outgoing). The Target tab appears Select the Enable SMTP Scanning (Incoming or Outgoing) check box. Specify the files to scan: •...
  • Page 106 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 5-3. Scan Specified Files by Extension IGURE Type the file extensions you wish to scan for in the File extensions to scan field, separated by a semicolon. b. Click Add. Finish by clicking OK.

  • Page 107: Smtp Scanning - Action

    SMTP Services SMTP Scanning - Action 5-4. SMTP > Scanning (Incoming) - Action IGURE To configure the virus scanning Action(s) for SMTP traffic: From the left-side menu, click SMTP > (Incoming or Outgoing). Click the Action tab. Note: Infected item - SMTP infected items are attachments and/or the body of an email that contains a virus or other malware.
  • Page 108 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Remove - InterScan Gateway Security Appliance reacts differently depending on what items are infected. The table below describes the different scenarios and the way in which InterScan Gateway Security Appliance responds to them.

  • Page 109: Smtp Scanning - Notification

    SMTP Services SMTP Scanning - Notification 5-5. SMTP > Scanning (Incoming) - Notification IGURE To select the SMTP Scanning - Notification recipient(s): From the left-side menu, click SMTP > (Incoming or Outgoing). Click the Notification tab. Select one or more of the following recipients and when a message matches the scanning criteria, the corresponding email notification(s) will be sent: •...
  • Page 110 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Select all options that apply: Security Risk Detected Notifications • Subject line - when InterScan Gateway Security Appliance detects a virus or malware in an email, the recipient sees this message in the subject line of the email message.

  • Page 111: Configuring Smtp Anti-Spyware

    SMTP Services Configuring SMTP Anti-Spyware Configuring InterScan Gateway Security Appliance to scan SMTP traffic for spy- ware/grayware is a three-step process. First, select what to scan for (Target tab). Next, choose the action for InterScan Gateway Security Appliance to take when it detects an item that contains spyware/grayware (Action tab).
  • Page 112 Select the Enable SMTP Anti-spyware check box. [Optional] Configure the Spyware/Grayware Exclusion List: Click the Search for spyware/grayware link. InterScan Gateway Security Appliance opens a browser window directed to the Trend Micro Web site and displays the Trend Micro Spyware/Grayware online database. 5-7.
  • Page 113 SMTP Services Note: To determine the formal name of the spyware, review your Spyware logs (Logs > Query, Log type = Anti-spyware/grayware). Returning to the Target screen, copy/paste or type the name of the spyware/grayware in the Enter name of spyware/grayware field. (The spyware/grayware exclusion list is case sensitive and has exact match capability.) Click Add.

  • Page 114: Smtp Anti-Spyware - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide SMTP Anti-Spyware - Action 5-8. SMTP > Anti-Spyware - Action IGURE To configure SMTP Anti-Spyware - Action: From the left side menu, click SMTP > Anti-Spyware. Click the Action tab. Choose an action for InterScan Gateway Security Appliance to take when it detects spyware: •...

  • Page 115: Smtp Anti-Spyware - Notification

    SMTP Services SMTP Anti-Spyware - Notification 5-9. SMTP > Anti-Spyware - Notification IGURE To select SMTP Anti-Spyware – Notification recipient(s): From the left-side menu, click SMTP > Anti-Spyware. Click the Notification tab. Select one or more of the following recipients and when a message containing spyware/grayware is detected, the corresponding email notifications(s) will be sent: •...

  • Page 116: Configuring Smtp Intellitrap

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring SMTP IntelliTrap Configuring IntelliTrap to scan SMTP traffic for bots is a three-step process. First, enable InterScan Gateway Security Appliance to scan for bots (Target tab). Next, choose the action for InterScan Gateway Security Appliance to take when it detects a bot (Action tab).

  • Page 117: Smtp Intellitrap - Action

    SMTP Services SMTP IntelliTrap - Action 5-11. SMTP > IntelliTrap - Action IGURE To configure SMTP IntelliTrap - Action: From the left-side menu, click SMTP > IntelliTrap. Click the Action tab. Choose an action for InterScan Gateway Security Appliance to take if a bot is detected in an email attachment: •...

  • Page 118: Smtp Intellitrap - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Save. SMTP IntelliTrap - Notification 5-12. SMTP > IntelliTrap - Notification IGURE To select SMTP IntelliTrap – Notification recipient(s): From the left-side menu, click SMTP > IntelliTrap. Click the Notification tab.

  • Page 119: Configuring Smtp Web Reputation

    SMTP Services these variables is accessible from the View variable list link at the top right of the Notification tab working area. Click Save. Configuring SMTP Web Reputation Configuring Web Reputation for SMTP is a three-step process. You must first enable real-time Web Reputation checking for SMTP, and then select the security level (Tar- get).

  • Page 120: Smtp Web Reputation - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Select a security level. The higher the security level, the more known or suspected URL threats will be detected. • High - Filter more messages with embedded malicious URLs, but risk more false positives.

  • Page 121: Smtp Web Reputation - Notification

    SMTP Services Select one of the following actions for InterScan Gateway Security Appliance to take when it detects a URL with a rating lower than the specified security level: • Pass and stamp Subject line with: Suspicious - InterScan Gateway Security Appliance delivers the message to the recipient and stamps "Suspicious"...

  • Page 122: Configuring Smtp Anti-Spam: Email Reputation

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Administrator - InterScan Gateway Security Appliance sends a notification to the administrator when it detects a suspicious URL in an SMTP message. • Recipient - InterScan Gateway Security Appliance sends a notification to the mail recipient when it detects a suspicious URL in an SMTP message.

  • Page 123: Smtp Anti-Spam: Email Reputation - Target

    Select the Enable SMTP Anti-spam (Email Reputation) check box. Select a service level: • Standard - select this service level to use Trend Micro Email Reputation Service Standard to detect and block sources that are known to originate spam. •...
  • Page 124 When clicked, the Trend Micro Standard Reputation Service and Trend Micro Network Anti-Spam Service links open a browser window to the respective service on the Trend Micro Web site, where you can evaluate the service. Configure Approved IP Address(es): Enter one or more IP addresses for InterScan Gateway Security Appliance to exclude from filtering.

  • Page 125: Smtp Anti-Spam: Email Reputation - Action

    SMTP Services SMTP Anti-Spam: Email Reputation - Action 5-14. SMTP > Anti-Spam (Email Reputation) - Action IGURE To configure SMTP Anti-Spam (Email Reputation) - Action: From the left-side menu, click SMTP > Anti-Spam > Email Reputation. Click the Action tab. Choose the action for InterScan Gateway Security Appliance to take when it detects a message originating from an IP address that is known to be a source of spam:...

  • Page 126: Configuring Smtp Anti-Spam: Content Scanning

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Action for Dynamic Reputation • Intelligent action - Permanent denial of connection for dynamic reputation matches. An SMTP error message is sent to the user. • Connection denied with no error message to user •...

  • Page 127: Smtp Anti-Spam: Content Scanning - Target

    SMTP Services SMTP Anti-Spam: Content Scanning - Target 5-15. SMTP > Anti-Spam > Content Scanning - Target IGURE To configure SMTP Anti-Spam (Content Scanning) - Target: From the left-side menu, click SMTP > Anti-Spam > Content Scanning. The Target tab appears. Select the Enable SMTP Anti-spam check box to allow InterScan Gateway Security Appliance to scan email for spam.
  • Page 128 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • High - This is the most rigorous level of spam detection. InterScan Gateway Security Appliance monitors all email messages for suspicious files or text, but there is a greater chance of false positives. False positives are those email messages that InterScan Gateway Security Appliance filters as spam when they are actually legitimate email messages.

  • Page 129: Smtp Anti-Spam: Content Scanning - Action

    • Quarantine in user's Spam Mail folder - The appliance delivers spam to the end user's quarantine folder. Trend Micro End User Quarantine (EUQ) works in conjunction with ScanMail for Exchange to send spam to the end user's quarantine folder.

  • Page 130: Configuring Smtp Anti-Phishing

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Note: Alternatively, you can download the End User Quarantine tool from the Trend Micro Update Center, InterScan Gateway Security Appliance page (www.trendmicro.com/download/product.asp?productid=73) in the Related Downloads section. • Delete - InterScan Gateway Security Appliance deletes the message and any attachments.

  • Page 131: Smtp Anti-Phishing - Target

    SMTP Services SMTP Anti-Phishing - Target 5-17. SMTP > Anti-Phishing - Target IGURE To configure SMTP Anti-Phishing – Target to check for phishing sites: From the left-side menu, click SMTP > Anti-Phishing. The Target tab appears. Select the Enable SMTP Anti-phishing check box. Click Save.

  • Page 132: Smtp Anti-Phishing - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide SMTP Anti-Phishing - Action 5-18. SMTP > Anti-Phishing - Action IGURE To configure SMTP Anti-Phishing - Action: From the left-side menu, click SMTP > Anti-Phishing. Click the Action tab. Choose the action for InterScan Gateway Security Appliance to take when it detects a known phishing site: •...

  • Page 133: Smtp Anti-Phishing - Notification

    SMTP Services SMTP Anti-Phishing - Notification 5-19. SMTP > Anti-Phishing - Notification IGURE To select SMTP Anti-Phishing – Notification recipient(s): From the left-side menu, click SMTP > Anti-Phishing. Click the Notification tab. Select one or more recipients from the Email Notifications section and InterScan Gateway Security Appliance will send notifications if it detects a known phishing site.

  • Page 134: Configuring Smtp Content Filtering

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring SMTP Content Filtering Configuring content filtering for SMTP traffic is a three-step process. First, enable scanning of SMTP traffic and then select what to filter for (Target tab). Next, choose the action for InterScan Gateway Security Appliance to take when one or more filters are triggered (Action tab).

  • Page 135: Smtp Content Filtering - Target

    SMTP Services SMTP Content Filtering - Target 5-20. SMTP > Content Filtering - Target IGURE...
  • Page 136 Set any of the following message filters that you need. (They are all optional): • Filter by Message Size. The Trend Micro recommended size is 5 MB. Larger file sizes can reduce the appliance throughput. If the message exceeds the size set in the filter, it will bypass scanning by the size filter and continue to the next filter.

  • Page 137: Smtp Content Filtering - Action

    SMTP Services SMTP Content Filtering - Action 5-21. SMTP > Content Filtering - Action IGURE To configure SMTP Content Filtering - Action: From the left-side menu, click SMTP > Content Filtering. Click the Action tab. Choose the action for InterScan Gateway Security Appliance to take when email contains content or has an attachment that matches one of the content filtering rules: •...

  • Page 138: Smtp Content Filtering - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Note: The Delete attachment and insert the following notification in the message: check box only works with attachments that have triggered the Attachment Name or True File Type filters. Click Save.
  • Page 139 SMTP Services • Recipient Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages. A list of these variables is accessible from the View variable list link at the top right of the Notification tab working area.
  • Page 140 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 141 Chapter 6 HTTP Services This chapter describes the HTTP Services in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Enabling Scanning of HTTP Traffic on page 6-2 • Configuring HTTP Virus Scanning on page 6-5 • Configuring HTTP Anti-Spyware on page 6-14 •...

  • Page 142: Enabling Scanning Of Http Traffic

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Prevent potentially dangerous files or files containing prohibited or privileged information from being transferred, using the file blocking feature. Enabling Scanning of HTTP Traffic To allow InterScan Gateway Security Appliance to scan HTTP traffic, enable the fea- ture.

  • Page 143: Configuring The Global Access Lists

    Log on to the Web console to make any further changes. Tip: If you are changing the HTTP service port as a security measure against hackers, Trend Micro recommends that you use the less commonly used ports (those above 6000). Configuring the Global Access Lists InterScan Gateway Security Appliance allows you to define global lists of URLs to block and approve automatically.
  • Page 144 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To configure the Global URL Access Lists: On the left menu, click HTTP. Click the Global URL Access Lists tab. Configure the Blocked URLs settings. Select the Enable blocked URL list check box.

  • Page 145: Configuring Http Virus Scanning

    HTTP Services If you want to modify the message that user sees when they attempt access blocked URLs, type your new message under User Notification. Configure the Approved URLs settings. Select the Enable approved URL list check box. b. Under URL(s) to approve, enter the URL that you want to include in the approved list.

  • Page 146: Http Scanning - Target

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP Scanning - Target Configuring Virus Scanning for HTTP Traffic 6-2. HTTP > Scanning - Target IGURE To configure virus scanning for HTTP traffic: From the left-side menu, click HTTP > Scanning. The Target tab appears.
  • Page 147 HTTP Services Specify files to scan: • All scannable files—scans all files, except password-protected or encrypted files • IntelliScan: uses true file type identification—IntelliScan examines the header of every file but, based on certain indicators, selects only files that it determines are susceptible to virus scanning.
  • Page 148 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Extracted file size/compressed file size ratio exceeds • Action to take on unscannable files • Pass • Block Optionally, in the MIME Type Exceptions section, type any MIME types (for example, streaming audio/video) to exclude from scanning.
  • Page 149 HTTP Services 6-1. Common Internet media types and subtypes, by category (Continued) ABLE Type/Subtype Description Type: Image image/gif GIF image image/jpeg JPEG JFIF image image/png Portable Network Graphics image/tiff Tagged-Image File Format file Type: Multipart Archives and other objects made of more than one part multipart/mixed or MIME email multipart/alternative...
  • Page 150 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Standard Internet media types have the following format: type/subtype Nonstandard types have subtype that is prefixed with an x-, as follows: type/x-subtype Vendor-specific types have a subtype with a vnd. prefix, as follows: type/vnd.subtype...
  • Page 151 Start sending parts of Tip: Trend Micro recommends trying different settings for the the file to the client after ___ seconds field if you enable deferred scan. By fine-tuning this function with the above field, you can arrive at the best setting for...

  • Page 152: Http Scanning - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP Scanning - Action 6-4. HTTP > Scanning - Action IGURE To configure HTTP Antivirus - Action: From the left-side menu, click HTTP > Scanning. Click the Action tab. Choose an action for InterScan Gateway Security Appliance to take when it detects a file containing viruses or malware: •...

  • Page 153: Http Scanning - Notification

    HTTP Services (See To select HTTP Antivirus – Notification recipient(s): on page 6-13 for the location and default content of this field.) • Pass (not recommended) - InterScan Gateway Security Appliance takes no action on infected items. Click Save. HTTP Scanning - Notification 6-5.

  • Page 154: Configuring Http Anti-Spyware

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Select the Administrator check box to enable InterScan Gateway Security Appliance to send a notification to the administrator if it detects a virus or malware. Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages.

  • Page 155: Http Anti-Spyware - Target

    Select the Enable HTTP Anti-spyware check box. [Optional] Configure the Spyware/Grayware Exclusion List: • Click the Search for spyware/grayware link. InterScan Gateway Security Appliance opens a browser window on the Trend Micro Web site and displays the Trend Micro Spyware/Grayware online database.
  • Page 156 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 6-7. Trend Micro Spyware/ Grayware Online Database IGURE • Search for the spyware/grayware you wish to exclude. • Returning to the Target screen, copy/paste or type the name of the spyware/grayware in the Enter name of spyware/grayware field. (The spyware/grayware exclusion list is case sensitive and has exact match capability.)

  • Page 157: Http Anti-Spyware - Action

    HTTP Services HTTP Anti-Spyware - Action 6-8. HTTP > Anti-Spyware - Action IGURE To configure HTTP Anti-Spyware - Action: From the left-side menu, click HTTP > Anti-Spyware. Click the Action tab. Chose the action for InterScan Gateway Security Appliance to take when it detects spyware: •...

  • Page 158: Http Anti-Spyware - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP Anti-Spyware - Notification 6-9. HTTP > Anti-Spyware - Notification IGURE To select HTTP Anti-Spyware – Notification recipient(s): From the left-side menu, click HTTP > Anti-Spyware. Click the Notification tab. Review the default user notification message or type your own notification message.

  • Page 159: Configuring Intellitrap For Http

    HTTP Services Configuring IntelliTrap for HTTP Configuring IntelliTrap to scan for bots in compressed files downloaded via HTTP is a three-step process. You must first enable InterScan Gateway Security Appliance to scan for bots (Target) in HTTP traffic. Next, set the action that InterScan Gateway Security Appliance should take when it detects a bot (Action) in HTTP traffic.

  • Page 160: Http Intellitrap - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP IntelliTrap - Action To configure HTTP IntelliTrap Action: From the left-side menu, click HTTP > IntelliTrap. Click the Action tab. Select an action that you want the appliance to take if it detects a bot in a compressed file that is being downloaded or uploaded via HTTP: •...

  • Page 161: Http Intellitrap - Notification

    HTTP Services HTTP IntelliTrap - Notification To select HTTP IntelliTrap - Notification recipients: From the left-side menu, click HTTP > IntelliTrap. Click the Notification tab. To modify the message that appears in the user's browser when the appliance detects a threat, edit the inline message under User Notification. To send a notification to the administrator about the detected threat, select the Administrator check box under Administrator Notification.

  • Page 162: Configuring Http Anti-Pharming

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring HTTP Anti-Pharming Configuring HTTP for anti-pharming is a three-step process. First, enable InterScan Gateway Security Appliance to scan Web pages for links to known pharming sites (Target tab). Next, choose the action for InterScan Gateway Security Appliance to take when it encounters a pharming site (Action tab).

  • Page 163: Http Anti-Pharming - Action

    HTTP Services HTTP Anti-Pharming - Action 6-11. HTTP > Anti-Pharming - Action IGURE To configure HTTP Anti-Pharming - Action: From the left-side menu, click HTTP > Anti-Pharming. Click the Action tab. Choose the action for InterScan Gateway Security Appliance to take when it detects a known pharming site.

  • Page 164: Http Anti-Pharming - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP Anti-Pharming - Notification 6-12. HTTP > Anti-Pharming - Notification IGURE To configure HTTP Anti-Pharming - Notification: From the left-side menu, click HTTP > Anti-Pharming. Click the Notification tab. To modify the message that appears in the user's browser when the appliance detects a pharming threat, edit the inline message under User Notification.

  • Page 165: Configuring Http Anti-Phishing

    HTTP Services Configuring HTTP Anti-Phishing Configuring InterScan Gateway Security Appliance to scan HTTP traffic for phishing sites is a three-step process. First, enable HTTP Anti-Phishing (Target tab). Next, choose the action for InterScan Gateway Security Appliance to take when it encoun- ters a phishing site (Action tab).

  • Page 166: Http Anti-Phishing - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide HTTP Anti-Phishing - Action 6-14. HTTP > Anti-Phishing - Action IGURE To configure HTTP Anti-Phishing - Action: From the left-side menu, click HTTP > Anti-Phishing. Click the Action tab. Choose one of the following actions for InterScan Gateway Security Appliance to take when it detects a known phishing site.

  • Page 167: Http Anti-Phishing - Notification

    HTTP Services HTTP Anti-Phishing - Notification 6-15. HTTP > Anti-Phishing - Notification IGURE To configure HTTP Anti-Phishing - Notification: From the left-side menu, click HTTP > Anti-Phishing. Click the Notification tab. To modify the message that appears in the user's browser when the appliance detects a phishing threat, edit the inline message under User Notification.

  • Page 168: Configuring Http Url Filtering

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring HTTP URL Filtering InterScan Gateway Security Appliance uses administrator-defined rules to determine if a requested site is prohibited (URL Filtering Rules tab). InterScan Gateway Secu- rity Appliance performs URL filtering according to the administrator-set schedule (Settings) tab.

  • Page 169: Http Url Filtering - Approved Clients List

    HTTP Services To configure HTTP – URL Filtering Rules: From the left-side menu, click HTTP > URL Filtering. The Filtering Rules tab appears. Select the Enable URL Filtering check box. Select filtering based on pre-defined categories and times. • Filter During Work Time – Check All or specific categories •...
  • Page 170 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 6-17. HTTP URL Filtering > Approved Clients tab IGURE To input IP addresses to exclude from URL filtering: From the left-side menu, select HTTP > URL Filtering. The URL Filtering Rules tab appears.

  • Page 171: Http Url Filtering - Settings

    Work Time—select All day (24 hours) or Specify work hours. In the URL Rating Server Connection Settings section, set the timeout (in seconds) for online querying of the Trend Micro URL rating server. Note: This timeout value applies to two waiting periods—the time that it takes: •...
  • Page 172 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Check Allow URL filtering to use the appliance Proxy Settings • [Optional] View appliance proxy settings... - click this link to view the proxy settings screen. 6-19. HTTP > URL Filtering – Proxy Settings IGURE Check Use a proxy server for pattern, engine, and license updates.

  • Page 173: Http Url Filtering - Notification

    URL. The default message contains a link to the Trend Micro Online URL Query Web page. If the user believes that the URL has been classified incorrectly, he or she can click the link and submit the URL for reclassification.

  • Page 174: Configuring Http File Blocking

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Save. This screen contains an option to send URLs that may have been classified or categorized incorrectly to TrendLabs for reclassification. To send such a URL, click the Submit URL to TrendLabs for Reclassification link.

  • Page 175: Http File Blocking - Target

    HTTP Services HTTP File Blocking - Target To configure HTTP File Blocking – Target for HTTP traffic: From the left-side menu, click HTTP > File Blocking. The Target tab appears. Select the Enable HTTP file blocking check box. Check one or more items from the predefined list of file types. •...

  • Page 176: Http File Blocking - Notification

    Appliance to send a notification to the administrator when it blocks a file. Click Save. Configuring HTTP Web Reputation HTTP Web Reputation helps prevent access to URLs that pose potential security risks by checking any requested URL against the Trend Micro Web security database.

  • Page 177: Http Web Reputation - Target

    URL that is either confirmed or suspected to be a Web threat (Notification). Note: Web Reputation is also available in Trend Micro OfficeScan. If you have both Trend Micro OfficeScan and InterScan Gateway Security Appliance on the same network, Trend Micro recommends enabling Web Reputation on only one of these two solutions.

  • Page 178: Http Web Reputation - Notification

    Web site. The default message contains a link to the Trend Micro Web Reputation Feedback page. If the user believes that the Web site is not malicious, he or she can click the link...
  • Page 179 HTTP Services You can change the default message by selecting and typing over it. To send a notification to the administrator about an attempt to access a known or suspected URL threat, select the Administrator check box under Administrator Notification. If you like, customize the notification message. InterScan Gateway Security Appliance supports the use of some helpful variables in your customized messages.
  • Page 180 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 181 Chapter 7 FTP Services This chapter describes the FTP services in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Configuring FTP Virus Scanning on page 7-4 • Configuring FTP Anti-Spyware on page 7-8 • Configuring FTP File Blocking on page 7-13...

  • Page 182: Enabling Scanning Of Ftp Traffic

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide FTP Services The FTP scanning feature in InterScan Gateway Security Appliance scans incoming and outgoing FTP traffic for viruses and spyware. Using file blocking, InterScan Gateway Security Appliance can prevent potentially dangerous files or files contain- ing prohibited or privileged information from being transferred.

  • Page 183: Selecting An Alternative Service Port

    Log on to the Web console to make any further changes. Tip: If you are changing the FTP service port as a security measure against hackers, Trend Micro recommends that you use the less commonly used ports (those above 6000).

  • Page 184: Configuring Ftp Virus Scanning

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring FTP Virus Scanning Configuring virus scanning of FTP traffic is a three-step process. First, select what to scan for (Target tab). Next, choose the action for InterScan Gateway Security Appli- ance to take when it detects a virus or other malware (Action tab).
  • Page 185 FTP Services Specify files to scan: • All scannable files - InterScan Gateway Security Appliance scans all files, except password-protected or encrypted files • IntelliScan — True file type identification - IntelliScan examines the header of every file, but based on certain indicators, selects only files that it determines are susceptible for virus scanning.

  • Page 186: Ftp Scanning - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Pass • Block Specify a maximum size of file to be scanned. • Do not scan files larger than... - set size in MB. Default is 50 MB • Enable deferred scan - Select to enable the appliance to send parts of the file periodically to the client.

  • Page 187: Ftp Scanning - Notification

    FTP Services Choose an action for InterScan Gateway Security Appliance to take when it detects a file containing viruses or malware: • Clean—If InterScan Gateway Security Appliance detects a virus or malware in the file, it first attempts to clean the item. If the item cannot be cleaned, choose a secondary action from the drop-down menu: •...

  • Page 188: Configuring Ftp Anti-Spyware

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To select FTP Scanning (Antivirus) – Notification recipients: From the left-side menu, click FTP > Scanning. Click the Notification tab. To modify the message that appears in the FTP client when the appliance detects a threat, edit the inline message under User Notification.

  • Page 189: Ftp Anti-Spyware - Target

    Select the Enable FTP Anti-spyware check box. [Optional] Configure the Spyware/Grayware Exclusion List: • Click the Search for spyware/grayware link. InterScan Gateway Security Appliance opens a browser window on the Trend Micro Web site and displays the Trend Micro Spyware/Grayware online database.
  • Page 190 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 7-7. Trend Micro Spyware/Grayware Online Database IGURE • Search for the spyware you wish to exclude: • Returning to the Target screen, copy/paste or type the name of the spyware grayware in the Enter name of spyware/grayware field. (The spyware/grayware exclusion list is case sensitive and has exact match capability.)

  • Page 191: Ftp Anti-Spyware - Action

    FTP Services FTP Anti-Spyware - Action 7-8. FTP > Anti-Spyware - Action IGURE To configure FTP Anti-Spyware Action: From the left-side menu, click FTP > Anti-Spyware. Click the Action tab. Choose one of the following actions for InterScan Gateway Security Appliance to take when it detects a spyware: •...

  • Page 192: Ftp Anti-Spyware - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide FTP Anti-Spyware - Notification 7-9. FTP > Anti-Spyware - Notification IGURE To select FTP Anti-Spyware – Notification recipient(s): From the left-side menu, click FTP > Anti-Spyware. To modify the message that appears in the FTP client when the appliance detects a spyware threat, edit the inline message under User Notification.

  • Page 193: Configuring Ftp File Blocking

    FTP Services Configuring FTP File Blocking Configuring InterScan Gateway Security Appliance to scan for and block certain file types in FTP traffic is a two-step process. First, enable FTP file blocking and select what to block (Target tab). Second, when InterScan Gateway Security Appliance blocks a file, it sends a notification, if enabled, to the administrator (Notification tab).

  • Page 194: Ftp File Blocking - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Enable blocking of administrator-specified file extensions. Enter one or more file extensions to block. Click Add. Click Save. Note: For more information on Blockable File Types, see Appendix C: File Formats:...
  • Page 195 FTP Services Select the Administrator check box to enable InterScan Gateway Security Appliance to send a notification to the administrator when the appliance blocks a file. Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages. A list of these variables is accessible from the View variable list link at the top right of the Notification tab working area.
  • Page 196 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 197 Chapter 8 POP3 Services This chapter describes POP3 Services in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Configuring POP3 Virus Scanning on page 8-4 • Configuring POP3 Anti-Spyware on page 8-10 • Configuring POP3 IntelliTrap on page 8-15 •...

  • Page 198: Enabling Scanning Of Pop3 Traffic

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Services Enable POP3 scanning to allow InterScan Gateway Security Appliance to scan traffic originating from POP3 servers for viruses/malware, spyware/grayware, bots, spam, inappropriate content, links to phishing sites, and links to malicious URLs.

  • Page 199: Selecting An Alternative Service Port

    Log on to the Web console to make any further changes. Tip: If you are changing the POP3 service port as a security measure against hackers, Trend Micro recommends that you use the less commonly used ports (those above 6000).

  • Page 200: Configuring Pop3 Virus Scanning

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring POP3 Virus Scanning Configuring virus scanning of POP3 traffic is a three-step process. First, enable virus scanning and then select what to scan (Target tab). Next, set the action for InterScan Gateway Security Appliance to take when it detects a virus or other malware (Action tab).
  • Page 201 POP3 Services Specify the files to scan: • All scannable files—InterScan Gateway Security Appliance scans all files, except password-protected or encrypted files • IntelliScan - True file type identification—IntelliScan examines the header of every file, but based on certain indicators, selects only files that it determines are susceptible to virus scanning.

  • Page 202: Pop3 Scanning - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Extracted file size/compressed file size ratio exceeds Choose the action on unscannable files: • Pass • Remove Click Save. POP3 Scanning - Action 8-4. POP3 > Scanning - Action IGURE To configure the POP3 Scanning - Action: From the left-side menu, click POP3 >...
  • Page 203 POP3 Services Choose an action for InterScan Gateway Security Appliance to take when it detects viruses or malware: • Clean infected items and pass—If InterScan Gateway Security Appliance detects a virus or malware in either the message body or the attachment, it attempts to clean the item.

  • Page 204: Pop3 Scanning - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Scanning - Notification 8-5. POP3 > Scanning - Notification IGURE To select POP3 Scanning – Notification recipient(s): From the left-side menu, click POP3 > Scanning. Click the Notification tab. Select one or more of the following recipients and when an infected incoming message is detected, the corresponding email notification(s) will be sent: •...
  • Page 205 POP3 Services Select all options that apply: Security Risk Detected Notifications • Subject line - when InterScan Gateway Security Appliance detects a virus or malware in an email, the recipient receives this message in the subject line of the email. •...

  • Page 206: Configuring Pop3 Anti-Spyware

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring POP3 Anti-Spyware Configuring anti-spyware to scan POP3 traffic for spyware/grayware is a three-step process. First, select what to scan for (Target). Next, set the action for InterScan Gate- way Security Appliance to take when it detects an item that contains spyware/gray- ware (Action tab).
  • Page 207 POP3 Services [Optional] Click the Search for spyware/grayware link. InterScan Gateway Security Appliance opens a browser window on the Trend Micro Web site and displays the Trend Micro Spyware/Grayware online database. 8-7. Trend Micro Spyware/Grayware Online Database IGURE • Search for the spyware to exclude.

  • Page 208: Pop3 Anti-Spyware - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Select specific spyware/grayware types Click Save. POP3 Anti-Spyware - Action 8-8. POP3 > Anti-Spyware - Action IGURE To configure POP3 Anti-Spyware - Action: From the left-side menu, click POP3 > Anti-Spyware.

  • Page 209: Pop3 Anti-Spyware - Notification

    POP3 Services • Remove spyware/grayware and pass - InterScan Gateway Security Appliance delivers the message and removes any infected items. • Pass (not recommended) - InterScan Gateway Security Appliance takes no action on items that contain spyware/grayware. Click Save. POP3 Anti-Spyware - Notification 8-9.
  • Page 210 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Recipient Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages. A list of these variables is accessible from the View variable list link at the top right of the Notification tab working area.

  • Page 211: Configuring Pop3 Intellitrap

    POP3 Services Configuring POP3 IntelliTrap Configuring IntelliTrap to scan POP3 traffic for bots is a three-step process. First, enable InterScan Gateway Security Appliance to scan for bots (Target tab). Next, set the action that InterScan Gateway Security Appliance should take when it detects a bot (Action tab).

  • Page 212: Pop3 Intellitrap - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To configure POP3 IntelliTrap - Target: From the left-side menu, click POP3 > IntelliTrap. The Target tab appears. Select the Enable POP3 IntelliTrap check box. Click Save. POP3 IntelliTrap - Action 8-11.

  • Page 213: Pop3 Intellitrap - Notification

    POP3 Services • Remove infected attachments and pass—InterScan Gateway Security Appliance delivers the message and removes any infected items. • Pass (not recommended)—InterScan Gateway Security Appliance records the detection and delivers the message. Click Save. POP3 IntelliTrap - Notification 8-12. POP3 >...

  • Page 214: Configuring Pop3 Web Reputation

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages. A list of these variables is accessible from the View variable list link at the top right of the Notification tab working area.

  • Page 215: Pop3 Web Reputation - Action

    POP3 Services To configure POP3 Web Reputation - Target: From the left-side menu, click POP3 > Web Reputation. The Target tab appears. Select the Enable POP3 real-time Web Reputation checking check box. Select a security level. The higher the security level, the more messages will classified as spam.

  • Page 216: Pop3 Web Reputation - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To configure POP3 Web Reputation - Action: From the left-side menu, click POP3 > Web Reputation. Click the Action tab. In the Pass and stamp Subject line with: box, accept the default message ('Suspicious') or type your own.

  • Page 217: Configuring Pop3 Anti-Spam

    POP3 Services • Administrator - InterScan Gateway Security Appliance sends a notification to the administrator when it detects a suspicious URL. • Recipient - InterScan Gateway Security Appliance sends a notification to the mail recipient when it detects a suspicious URL. If you like, customize the text of any of the email notifications.

  • Page 218: Pop3 Anti-Spam - Target

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Anti-Spam - Target 8-13. POP3 > Anti-Spam - Target IGURE To configure POP3 Anti-Spam – Target: From the left-side menu, click POP3 > Anti-Spam. The Target tab appears. Select the Enable POP3 anti-spam check box to allow InterScan Gateway Security Appliance to scan POP3 email for spam.

  • Page 219: Pop3 Anti-Spam - Action

    POP3 Services but there is a greater chance of false positives. False positives are those email messages that InterScan Gateway Security Appliance filters as spam when they are actually legitimate email messages. [Optional] Keyword Exceptions Messages containing identified keywords will not be considered spam (separate multiple entries with a semicolon).

  • Page 220: Configuring Pop3 Anti-Phishing

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To configure POP3 Anti-Spam - Action: From the left-side menu, click POP3 > Anti-Spam. Click the Action tab. Leave the default message or type a new message in the Pass and stamp Subject line with field.

  • Page 221: Pop3 Anti-Phishing - Action

    POP3 Services To configure POP3 Anti-Phishing – Target: From the left-side menu, click POP3 > Anti-Phishing. The Target tab appears. Select the Enable POP3 Anti-phishing check box to enable scanning of POP3 traffic for known phishing sites. Click Save. POP3 Anti-Phishing - Action 8-16.

  • Page 222: Pop3 Anti-Phishing - Notification

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Anti-Phishing - Notification 8-17. POP3 > Anti-Phishing - Notification IGURE To configure POP3 Anti-Phishing - Notifications: From the left-side menu, click POP3 > Anti-Phishing. Click the Notification tab. Select one or more recipients from the Email Notifications section. Available recipients include Administrator and Recipient.

  • Page 223: Configuring Pop3 Content Filtering

    POP3 Services Configuring POP3 Content Filtering Configuring content filtering for POP3 traffic is a four-step process: Enable scanning of SMTP traffic Select what to filter for (Target tab). Set the action for InterScan Gateway Security Appliance to take when one or more filters is triggered (Action tab).

  • Page 224: Pop3 Content Filtering - Target

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Content Filtering - Target 8-18. POP3 > Content Filtering - Target IGURE To configure POP3 Content Filtering - Target: From the left-side menu, click POP3 > Content Filtering. The Target tab appears.
  • Page 225 POP3 Services Set any of the following message filters: • Filter by Message Size: The Trend Micro recommended size is 5 MB. Larger file sizes can reduce the appliance throughput. If message exceeds size it will not be scanned. •...

  • Page 226: Pop3 Content Filtering - Action

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide POP3 Content Filtering - Action 8-19. POP3 > Content Filtering - Action IGURE To configure POP3 Content Filtering - Action: From the left-side menu, click POP3 > Content Filtering. Click the Action tab.

  • Page 227: Pop3 Content Filtering - Notification

    POP3 Services Note: The Delete attachment and insert the following notification in the message check box only works with attachments that have triggered the Attachment Name or True File Type filters. Click Save. POP3 Content Filtering - Notification 8-20. POP3 > Content Filtering - Notification IGURE To select POP3 Content Filtering –...
  • Page 228 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Optionally, customize the text of any of the email notifications. The appliance supports the use of some helpful variables in customized messages. A list of these variables is accessible from the View variable list link at the top right of the Notification tab working area.
  • Page 229 Chapter 9 Outbreak Defense This chapter describes the Outbreak Defense functions in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • The Outbreak Defense Services on page 9-2 • Current Status on page 9-3 • Configuring Internal Outbreak on page 9-5 •...

  • Page 230: Chapter 9: Outbreak Defense

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The Outbreak Defense Services 9-1. Outbreak Defense IGURE Outbreak Defense is a combination of services designed to protect and repair your system in the event of an outbreak. Outbreak Defense consists of the following services: •...

  • Page 231: Current Status

    Outbreak Defense Current Status 9-2. Outbreak Defense > Current Status IGURE The Outbreak Defense > Current Status screen displays information about the status of Outbreak Prevention on the InterScan Gateway Security Appliance. If there is no outbreak, the screen is still viewable, but there is no information regarding the threat, the alert type, or actions for you to take.
  • Page 232 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • OPP expires in - Days remaining until the current Outbreak Prevention Policy expires • OPP action - Click to Stop the current OPP • A list of actions for you to take (in addition to the actions OPP has taken) to...

  • Page 233: Configuring Internal Outbreak

    OPS from the Outbreak Defense > Current Status screen. Note: This screen is disabled (greyed out) if you are managing the appliance using Trend Micro Control Manager. For more information on using Control Manager to Introducing Trend Micro Control Manager™ manage the appliance, see page B-1.

  • Page 234: Configuring Damage Cleanup

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To apply an older OPP when OPS is not running: From the left-side menu, click Outbreak Defense > Internal Outbreak. Select one of the policies to apply. (InterScan Gateway Security Appliance supports running only one policy at a time.)

  • Page 235: Potential Threat

    Outbreak Defense spyware. InterScan Gateway Security Appliance then lists the client in the Cleaned computers section of the Summary screen. You can find the Damage Cleanup Services (DCS) Online Scan at the following URL: https://{The appliance IP}/nonprotect/cgi-bin/dcs_manual_cleanup.cgi In the URL above, replace The appliance IP with the IP address of your appliance. Potential Threat A potential threat is any client that has malware or spyware on their computer.

  • Page 236: Outbreak Defense - Settings

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 9-5. Outbreak Defense > Settings - Setting IGURE Outbreak Defense - Settings To configure Automatic Deployment and OPP policy download settings: From the left-side menu, click Outbreak Defense > Settings. The Setting tab appears.

  • Page 237: Outbreak Defense - Notification

    Note: This screen is disabled (greyed out) if you are managing the appliance using Trend Micro Control Manager. For more information on using Control Manager to Introducing Trend Micro Control Manager™ manage the appliance, see page B-1. Outbreak Defense - Notification 9-6.
  • Page 238 Red Alerts can trigger Outbreak Defense. Yellow Alerts Trend Micro issues a Yellow Alert when a threat has been detected “in the wild,” but it is not widespread. TrendLabs then creates and pushes down to deployment servers an official pattern release (OPR). InterScan Gateway Security Appliance can then download the OPR from the deployment servers.
  • Page 239 Chapter 10 Quarantines This chapter describes the Quarantine function in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Quarantines Screen on page 10-2 • Querying the Quarantine Folder on page 10-5 • Performing Query Maintenance on page 10-9...

  • Page 240: Quarantines Screen

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Quarantines Screen 10-1. Quarantines IGURE InterScan Gateway Security Appliance can quarantine email messages that contain viruses, spyware, or bots. Email that has triggered the content filtering rules can also be sent to the quarantine folder.

  • Page 241: Resending A Quarantined Email Message

    Quarantines Tip: To avoid exceeding the quarantine folder's capacity, perform quarantine maintenance regularly. Resending a Quarantined Email Message Using the Web console, you can resend any email messages that the appliance has quarantined. In order to resend a message from the quarantine folder, query the quar- antine folder(s) to produce the Quarantine Query Results screen.
  • Page 242 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 10-2. Quarantines > Settings IGURE To add an inline notification to re-sent email messages: From the left-side menu, click Quarantines > Settings. The Quarantine Settings screen appears. In the Inline Message for Resend section, select the Append the following text in the resend message check box.

  • Page 243: Querying The Quarantine Folder

    Quarantines Querying the Quarantine Folder 10-3. Quarantines > Query IGURE To query the Quarantine folder: From the left-side menu, click Quarantines > Query. Under Criteria, set the following options: • Time period - select a predefined period of time or specify a range of time •...
  • Page 244 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Search. The Quarantine Query Results screen appears, listing the results of your query. 10-4. Quarantine Query Results IGURE Note: The Sender, Recipient, and Subject fields are all case insensitive and have partial match capability.
  • Page 245 If you think that the appliance has quarantined a message that is legitimate but are not sure, Trend Micro recommends that you use the Scan and Resend option to safely remove it from the quarantine folder. When you use this option, the appliance first scans the message according to your message scanning settings and then attempts to resend it.
  • Page 246 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Action tab for the email protocol (SMTP or POP3) listed for that message in the Quarantine Query Results table. To resend the message without rescanning it, click the Resend link in the row of action icons and links just below the title row of the query results table.

  • Page 247: Performing Query Maintenance

    Quarantines Find the subject of the message you wish to open. Next to the subject line content is the name of the file that corresponds to the original message. In the example shown in Table 10-2, “Exported query files – example contents,” on page 10-9, you would first look through the index.txt subjects until you found the one that you were looking for.

  • Page 248: Manual

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Manual 10-5. Quarantines > Maintenance - Manual IGURE To manually delete messages from the Quarantine folder: From the left-side menu, click Quarantines > Maintenance. The Manual tab appears. Select the email to delete: •...

  • Page 249: Automatic

    Quarantines Automatic 10-6. Quarantines > Maintenance - Automatic IGURE To automatically purge messages from the Quarantine folder: Click the Maintenance > Automatic tab. Select the Enable automatic purge check box. Type a value in the Delete files older than {#days} days field. Click Save.
  • Page 250 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 251 Chapter 11 Updating InterScan Gateway Security Appliance Components This chapter describes the Update function in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Update on page 11-2 • Updating Manually on page 11-3 • Configuring Scheduled Updates on page 11-4 •...

  • Page 252: Update

    11-1. Update screen IGURE From time to time, Trend Micro may release a patch for a reported known issue or an upgrade that applies to your product. To find out whether there are any patches available, visit the following URL: http://www.trendmicro.com/download/...

  • Page 253: Updating Manually

    Updating InterScan Gateway Security Appliance Components Updating Manually 11-2. Update > Manual IGURE To manually update InterScan Gateway Security Appliance components: From the left-side menu, click Update > Manual. A progress indicator appears as InterScan Gateway Security Appliance searches for updates, followed by the Manual Update screen.

  • Page 254: Configuring Scheduled Updates

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To roll back components after an update: From the left-side menu, click Update > Manual. Select from the following options for rolling back components: • Component - selects all components •...
  • Page 255 Specify an update duration and frequency. Click Save. Note: This screen is disabled (greyed out) if you are managing the appliance using Trend Micro Control Manager. For more information on using Control Manager to Introducing Trend Micro Control Manager™ manage the appliance, see page B-1.

  • Page 256: Configuring An Update Source

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring an Update Source 11-4. Update > Source IGURE To configure an Update Source: From the left-side menu, click Update > Source. The Update Source screen appears. Select and configure one of the following update sources: •...
  • Page 257 Updating InterScan Gateway Security Appliance Components Note: This screen is disabled (greyed out) if you are managing the appliance using Trend Micro Control Manager. For more information on using Control Manager to Introducing Trend Micro Control Manager™ manage the appliance, see page B-1.
  • Page 258 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 259 Chapter 12 Analyzing Your Protection Using Logs This chapter describes the Log function in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Logs on page 12-2 • Querying Logs on page 12-3 • Configuring Log Settings on page 12-5 •...

  • Page 260: Logs

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Logs 12-1. Logs screen IGURE InterScan Gateway Security Appliance tracks all scanning and detection activity that it performs and writes this information to various logs. The log query feature allows you to create reports that show detection activity for the different protocols for the various types of scanning tasks that InterScan Gateway Security Appliance performs.

  • Page 261: Querying Logs

    Analyzing Your Protection Using Logs Querying Logs 12-2. Logs > Query IGURE InterScan Gateway Security Appliance tracks all scanning and detection activity that it performs and writes this information to various logs. With the log query feature you can create reports that show detection activity for the different protocols for the various types of scanning tasks that InterScan Gateway Security Appliance performs.
  • Page 262 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Display Log. The Log screen appears, labeled according to the type of log you have chosen. 12-3. Logs > Query – SMTP Viruses/Malware Log IGURE The column headings displayed in the Query Result screen differ depending on the log type queried.

  • Page 263: Configuring Log Settings

    Analyzing Your Protection Using Logs Note: InterScan Gateway Security Appliance does not back up the logs from the device to a remote server. If the send logs to syslog server function is enabled, InterScan Gateway Security Appliance will generate logs on the local log database and send logs to the remote server.

  • Page 264: Configuring Log Maintenance

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide feature, logs will be created in both the local log database and the syslog server. Logs generated before enabling the syslog server feature will not be copied to the syslog server.

  • Page 265: Manual

    Analyzing Your Protection Using Logs Manual 12-5. Logs > Maintenance - Manual IGURE To perform Log Maintenance manually: From the left-side menu, click Logs > Maintenance. The Manual tab appears. In the Target section, select from the following options: • Select all - at the far right side of the target section header •...

  • Page 266: Automatic

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Automatic 12-6. Logs > Maintenance - Automatic IGURE To perform Log Maintenance automatically: From the left-side menu, click Logs > Maintenance. The Manual tab appears. Click the Automatic tab. The Automatic tab appears.
  • Page 267 Analyzing Your Protection Using Logs...
  • Page 268 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 269: Administrative Functions

    Chapter 13 Administrative Functions This chapter describes the Administration functions in InterScan Gateway Security Appliance. Topics discussed in this chapter include: • Administration on page 13-2 • Access Control on page 13-3 • Configuration Backup on page 13-4 • Control Manager Settings on page 13-6 •...

  • Page 270: Administration

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Administration 13-1. Administration screen IGURE From the Administration menu, you can configure many InterScan Gateway Security Appliance operational settings, access different InterScan Gateway Security Appliance tools, and view Product License and World Virus Tracking details.

  • Page 271: Access Control

    Administrative Functions Access Control 13-2. Administration > Access Control IGURE The Access Control screen allows administrators to access the InterScan Gateway Security Appliance Web console from the Internet. To enable Access Control: From the left-side menu, click Administration > Access Control. Select the Enable external access check box.

  • Page 272: Configuration Backup

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuration Backup 13-3. Administration > Configuration Backup IGURE To back up current Configuration settings: From the left-side menu, click Administration > Configuration Backup. In the Backup Current Configuration section, click Backup. A Windows dialog appears, asking if you want to open or save the current configuration file onto your computer.
  • Page 273 Administrative Functions Click Save to open a Save window. Navigate to the folder in which you wish to save the file and click Save. To restore Configuration settings from a backup file: From the left-side menu, click Administration > Configuration Backup. From the Restore Configuration (from backup) section, click Browse to find a configuration file.

  • Page 274: Control Manager Settings

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Control Manager Settings You can manage multiple InterScan Gateway Security Appliances with Trend Micro Control Manager (sold separately). Control Manager provides aggregate reporting for all managed InterScan Gateway Security Appliances with several new, useful tem- plates.

  • Page 275: Registering Interscan Gateway Security Appliance To Control Manager

    Administrative Functions server. For detailed information on how to use Control Manager, see the Trend Micro Control Manager documentation that came with your purchase of Trend Micro Con- trol Manager. In order to manage InterScan Gateway Security Appliance with TMCM, first register each InterScan Gateway Security Appliance to a TMCM server.
  • Page 276 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide In the Control Manager Server Settings section, type the IP address or FQDN (fully qualified domain name) in the FQDN or IP address field. (a required field) Type the port number to use in the Port field.

  • Page 277: Disk Smart Test

    Check to see that an icon for InterScan Gateway Security Appliance displays in the product directory. For more detailed guidance on using InterScan Gateway Security Appliance with Trend Micro Control Manager, see Appendix B. Introducing Trend Micro Control Manager™. Disk SMART Test 13-5.

  • Page 278: Firmware Update

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Appliance is started. A Disk SMART Test can also be scheduled from the left-side menu Administration menu item. The results of a Disk SMART test can be viewed in the system logs.

  • Page 279: Ip Address Settings

    To update the device image through the Web console: Obtain the new firmware file in one of two ways: • Download the latest firmware from the InterScan Gateway Security Appliance section of the Trend Micro Update Center: http://www.trendmicro.com/download/product.asp?productid=73 • Insert the InterScan Gateway Security Appliance Solutions Disc containing the new firmware into your CD-ROM drive.

  • Page 280: Managing Ip Address Settings

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Managing IP Address Settings 13-7. Administration > IP Address Settings – Management IP IGURE Address Note: If a static route exists, you will not be able to change the IP address or netmask of the appliance, or switch from dynamic IP address to static IP address (and vice versa).

  • Page 281: Static Routes

    Administrative Functions To use a static IP address, select Static IP address and type the following information: • IP Address – the IP address that InterScan Gateway Security Appliance uses • Netmask - Required • Gateway - Required • DNS Server 1 - primary - Required •...
  • Page 282 When changing the device IP address or the static route settings in this scenario, Trend Micro recommends using a computer that is on the same network segment as IGSA. This will help ensure that you do not lose the connection with the appliance.
  • Page 283 Administrative Functions Enter a value for the Network ID - The network address. Enter a value for the Netmask - Netmask for the network ID. Enter a value for the Router – This is the IP address of the router used to route traffic to a specific network segment as specified by the Network ID and Netmask.
  • Page 284 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Client in Segment A with IP address 10.1.1.1 Router IP address 10.4.4.254 Client in Segment B with IP address 10.2.2.2 The appliance Client in Segment C with IP address 10.3.3.3 13-10.

  • Page 285: Notification Settings

    Administrative Functions 13-1. Static routes – example settings ABLE Static Route Fields for Segment A Example Settings Network ID 10.1.1.0 Netmask 255.255.255.0 Router 10.4.4.254 Static Route Fields for Segment B Example Settings Network ID 10.2.2.0 Netmask 255.255.255.0 Router 10.4.4.254 Static Route Fields for Segment C Example Settings Network ID 10.3.3.0...

  • Page 286: Settings

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Settings 13-11. Administration > Notification Settings - Settings IGURE To configure the settings that InterScan Gateway Security Appliance will use when sending notifications: From the left-side menu, click Administration > Notification Settings. The Settings tab appears.

  • Page 287: Events

    Administrative Functions Events 13-12. Administration > Notification Settings - Events IGURE To configure the maximum number of notifications InterScan Gateway Security Appliance will send out per hour: From the left-side menu, click Administration > Notification Settings. Click the Events tab. In the Maximum notifications per hour field type the maximum number of notification per hour that InterScan Gateway Security Appliance can send (default is 50).

  • Page 288: Operation Mode

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Operation Mode 13-13. Administration > Operation Mode IGURE InterScan Gateway Security Appliance can be configured to act as a bridge or a router. To configure what mode InterScan Gateway Security Appliance should operate From the left-side menu, click Administration >...

  • Page 289: Password

    Administrative Functions Note: If you have a firewall in your network, you may need to modify the firewall rules to allow InterScan Gateway Security Appliance to access the Internet. If you use Transparent Proxy Mode, you will not be able control Internet access on a per user basis.

  • Page 290: Product License

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To change the InterScan Gateway Security Appliance Web console password: From the left-side menu, click Administration > Password. In the Old password field, type the console's current password. In the New password field, type a new password.
  • Page 291 Administrative Functions To view license renewal instructions: Select Administration > Product License to display the Product License screen. Click View renewal instructions. InterScan Gateway Security Appliance opens a browser window on the Renewal Instructions screen. 13-16. Online License Update & Renewal IGURE Follow the instructions that appear.
  • Page 292 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 13-17. My Product Details IGURE Note: InterScan Gateway Security Appliance supports automatic online updates as long as the Activation Code has not expired. To perform online Updates for the product license manually: Check the network status and proxy settings.
  • Page 293 Administrative Functions To enter a new activation code: Select Administration > Product License to display the Product License screen. Click New Activation Code. The New Activation Code screen appears. 13-18. Administration > Product License - New Activation Code IGURE Type the new activation code in the New activation code field Click Save.

  • Page 294: Proxy Settings

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Proxy Settings 13-19. Administration > Proxy Settings IGURE If you use a proxy server to connect to the Internet, specify the proxy settings. InterScan Gateway Security Appliance needs the proxy information to: •...

  • Page 295: Snmp Settings

    Administrative Functions Choose a proxy protocol by selecting one of the following options: • HTTP • SOCKS4 • SOCKS5 Specify the proxy server name or IP address and port number. If your proxy server needs authentication, type a valid user ID and password. Click Test Connection.

  • Page 296: System Time

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide InterScan Gateway Security Appliance sends Notifications to one or more administrators or other specified recipients using Simple Network Management Protocol (SNMP). To configure SNMP Settings: From the left-side menu, click Administration > SNMP Settings.
  • Page 297 Administrative Functions 13-21. Administration > System Time IGURE You can configure system time in two ways: • Manually • By designating an NTP server for the appliance to synchronize with Note: If you set both manual and automatic (NTP) settings, the NTP setting takes precedence.
  • Page 298 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To configure system time automatically: From the left-side menu, click Administration > System Time. The System Time Settings screen appears. In the NTP Setting section, type the domain name or IP address of an NTP server in the NTP Server field.

  • Page 299: Reboot From Web Console

    Administrative Functions Reboot from Web Console In this release of InterScan Gateway Security Appliance, you can reboot the appliance directly from the Web console. 13-22. Reboot screen IGURE Note: The Reboot item in the left-side menu is far down the screen under Administration, the second from the bottom.
  • Page 300 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 13-23. Administration > Reboot menu IGURE To reboot the appliance from the Web console: On the left-side menu, click Administration > Reboot. The Reboot screen appears. Click Reboot Now. The appliance reboots.

  • Page 301: World Virus Tracking

    13-24. Administration > World Virus Tracking IGURE The Trend Micro World Virus Tracking Program collects Internet threat data from tens of thousands of corporate and individual computer systems around the world. To participate in the World Virus Tracking Program: From the left-side menu, click Administration > World Virus Tracking.
  • Page 302 To view the Trend Micro Virus Map: From the left-side menu, click Administration > World Virus Tracking. Click the Virus Map link. A browser opens, showing the Trend Micro Virus Map, with the Top 10 - Worldwide viruses listed. 13-25.

  • Page 303: Technical Support, Troubleshooting, And Faqs

    Chapter 14 Technical Support, Troubleshooting, and FAQs This chapter provides a set of technical resources for the InterScan Gateway Security Appliance administrator. Topics discussed in this chapter include: • Contacting Technical Support on page 14-2 • Troubleshooting on page 14-4 •...

  • Page 304: Contacting Technical Support

    Get a list of the worldwide support offices: http://esupport.trendmicro.com/ Get the latest Trend Micro product documentation: http://www.trendmicro.com/download In the United States, you can reach the Trend Micro representatives via phone, fax, or email: Trend Micro, Inc. 10101 North De Anza Blvd.

  • Page 305: Readme.txt

    Release History—List of previous releases of this product Contact Information—Information about how to contact Trend Micro 10. About Trend Micro—Brief description of Trend Micro and a list of copyrights 11. License Agreement—Where to find information about your license agreement with Trend Micro (omitted from beta readme.txt)

  • Page 306: Troubleshooting

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Troubleshooting Why Is the Summary Screen not Logging Any Events? Why Aren’t Any Logs Being Created? Cause—The appliance requires hard disk initialization and reformat. It is necessary to re-initialize the hard disk under the following conditions: •...
  • Page 307 Technical Support, Troubleshooting, and FAQs 14-1. Preconfiguration console output screen when initializing IGURE a hard disk that is not formatted or is improperly installed (the second part of the re-initialization process) Press any key. The appliance formats the hard disk and displays the following screen when the formatting is complete: 14-2.
  • Page 308 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide I Can See the Console Output on the HyperTerminal but Some Keystrokes Do Not Work Cause—The HyperTerminal settings are incorrect or need refreshing. Solution—Change the HyperTerminal emulation setting to something other than VT100J and then change it back.

  • Page 309: Frequently Asked Questions (Faq)

    Technical Support, Troubleshooting, and FAQs Frequently Asked Questions (FAQ) Review these frequently asked questions for insight into issues that many users ask about. What Is the Purpose of the “ID” LED? The ID LED helps users identify a specific InterScan Gateway Security Appliance in a rack containing many devices.

  • Page 310: Recovering A Password

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Why Am I Not Receiving Email Notifications? Using the Web console left navigation menu, go to Administration > Notification Settings and verify that the information is complete and correct. Why Is Traffic Not Passing Through the Device When the Power Is Off? It is possible that the DC OFF LAN Bypass setting in the BIOS is disabled.

  • Page 311: Virus Pattern File

    Trend Micro collects their telltale signatures and incorporates the informa- tion into the virus and other pattern files. Trend Micro updates the file as often as several times a week, and sometimes several times a day when people release multiple variants of a widespread threat. By default, InterScan Gateway Security Appliance checks for updates no less often than once a week.

  • Page 312: Spam Engine And Pattern File

    Spam Engine and Pattern File The InterScan Gateway Security Appliance (the appliance) uses the Trend Micro Anti-Spam Engine and Trend Micro spam pattern files to detect and take action against spam messages. Trend Micro updates both the engine and pattern file fre- quently and makes them available for download.

  • Page 313: Licenses

    Technical Support, Troubleshooting, and FAQs Your vendor or support provider may contact you when these items become available. Check the Trend Micro Web site for information on new hot fix, patch, and service pack releases: http://www.trendmicro.com/download All releases include a readme file that contains installation, deployment, and configuration information.

  • Page 314: Renewing Maintenance

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Renewing Maintenance Trend Micro or an authorized reseller provides technical support, virus pattern down- loads, and program updates for one (1) year to all registered users, after which you must purchase renewal maintenance.

  • Page 315: Eicar Test Virus

    Technical Support, Troubleshooting, and FAQs EICAR Test Virus The European Institute for Computer Antivirus Research (EICAR) has developed a test "virus" you can use to test your appliance installation and configuration. This file is an inert text file whose binary pattern is included in the virus pattern file from most antivirus vendors.

  • Page 316: Best Practices

    "zip-of-death" threats, and they can contain within them numerous layers of compression. To balance security and performance, Trend Micro recommends that you read the following before choosing compressed file settings: Block compressed files if...
  • Page 317 Technical Support, Troubleshooting, and FAQs Scanning multiple layers of compression can slow down overall system performance, which is why the default for this parameter is 10. After detecting 10 layers of compression, InterScan Gateway Security Appliance abandons the scan task and blocks the file.

  • Page 318: Handling Large Files

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 14-3. Compression ratio IGURE Action on unscanned files: Unscanned or unscannable files include files that are password protected. Handling Large Files For larger files, a trade-off must be made between the user’s experience and expecta- tions and maintaining security.
  • Page 319 WARNING! This option effectively allows a hole in your Web security—large files will not be scanned. Trend Micro recommends that you choose this option only on a temporary basis. Deferred scan: (moderate risk) InterScan Gateway Security Appliance receives a file and begins scanning while it loads part of the page.

  • Page 320: Sending Trend Micro Suspected Internet Threats

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Sending Trend Micro Suspected Internet Threats You can send Trend Micro the URL of any Web site you suspect of being a phish site, or other so-called "disease vector" (the intentional source of Internet threats such as spyware and viruses).
  • Page 321 Chapter 15 Updating the InterScan Gateway Security Appliance Firmware This chapter provides step-by-step instructions for updating InterScan Gateway Security Appliance program file (device image), the BMC (baseboard management controller) firmware, and the BIOS firmware. This chapter includes the following topics: •...

  • Page 322: Identifying The Procedures To Follow

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Identifying the Procedures to Follow There are two main ways to update the InterScan Gateway Security Appliance pro- gram file (device image). If you want to update the device image and retain the exist-...

  • Page 323: Updating The Device Image Through The Web Console

    To update the device image through the Web console: Obtain the new firmware file in one of two ways: • Download the latest firmware from the InterScan Gateway Security Appliance section of the Trend Micro Update Center: http://www.trendmicro.com/download/product.asp?prod uctid=73 •...

  • Page 324: Updating The Device Image Using The Affu

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Updating the Device Image Using the AFFU Use the Trend Micro Appliance Firmware Flash Utility (AFFU) to update the pro- gram file (device image) and restore the default configuration. You can also use the AFFU to update the firmware and keep current configuration, but doing so is much more complicated than doing it through the Web console.
  • Page 325 Backing Up Your Configuration on page 15-6) Get the appliance device image file (See Getting the Appliance Device Image from the Trend Micro Web site on page 15-7) Connect the appliance to a local computer (See Connecting a Local Computer to...
  • Page 326 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Backing Up Your Configuration When the device image updates, all information stored on the Compact Flash (CF) card will be overwritten. Therefore, if you wish to preserve your existing configuration, it is essential that you back up the appliance configuration before updating the appliance device image.
  • Page 327 Internet Explorer downloads the configuration backup file to your chosen location. Getting the Appliance Device Image from the Trend Micro Web site You can download the appliance device image from the Trend Micro Web site. To download the file: Visit the following URL: http://www.trendmicro.com/download/product.asp?productid=73...
  • Page 328 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To connect the local computer to the appliance: Connect an Ethernet cable to the appliance Management port (for option 5) or the INT port (for option 3) on the back of the device, as shown in the figure below, and connect the other end of the cable the local computer.
  • Page 329 Back panel of appliance showing console port, management port, and INT port.) Tip: Trend Micro recommends that you configure HyperTerminal properties so that the backspace key is set to delete and that you set the emulation type to VT100J for best display results.
  • Page 330 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click File > New Connection The Connection Description screen appears. Type a name for the connection profile and click OK The Connect To screen appears: 15-3. The HyperTerminal Connect To screen...
  • Page 331 . The console accepts the password, displays the Login NTER screen, and moves the cursor to the Login prompt. Tip: Trend Micro recommends that you change the default password upon first use. You can do so through the Preconfiguration console.
  • Page 332 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide 15-5. The appliance Preconfiguration console login screen IGURE Press E again. The appliance Preconfiguration console Main Menu appears, NTER as shown below. 15-6. The appliance Preconfiguration console main menu, IGURE accessed via HyperTerminal...
  • Page 333 Updating the InterScan Gateway Security Appliance Firmware Putting the Appliance into Rescue Mode In order to update the device image, first put the appliance into rescue mode. With the local PC still connected to the appliance, and with the Preconfiguration console still displaying in HyperTerminal, do the following.

  • Page 334: Uploading The New Device Image

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Press ESC to enter the menu... Tip: prompt displays for only a very short time, so you must be quick. Be sure to firmly press as soon as you see the prompt.
  • Page 335 Updating the InterScan Gateway Security Appliance Firmware Uploading with Existing Configuration (Option 3) You can either use up and down arrow keys on your keyboard to move to the choice that you want, or you can simply press the number of that option. The option for uploading with the existing configuration is: 3 - Update Device Image &...
  • Page 336 15-10. The appliance back panel showing location of internal IGURE (INT) port Upload the new device image by using the Trend Micro Appliance Firmware Flash Utility as described in Using the Appliance Firmware Flash Utility with Option 3 on page 15-16.
  • Page 337 Updating the InterScan Gateway Security Appliance Firmware 15-11. The appliance Solutions CD splash screen IGURE Note: If for some reason the above screen does not appear after you put the CD in the CD-ROM drive, locate the file setup.exe and click it. The screen will appear.
  • Page 338 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Firmware Flash Utility. On the main menu click The following screen appears: 15-12. The appliance Solutions CD Firmware Flash Utility IGURE section Launch. On the Product Information tab, click The Trend Micro Appliance Firmware Flash Utility opens, and the following screen appears: 15-13.
  • Page 339 Updating the InterScan Gateway Security Appliance Firmware Flash DOM Click (disk-on-module), as shown below. 15-14. AFFU opening screen when uploading with option 3, IGURE emphasizing Flash DOM After you click Flash DOM, the Appliance Firmware Flash Utility - DOM screen appears, as shown below. 15-15.
  • Page 340 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Browse Click (next to the DOM firmware field) and browse to the device image in the file navigation screen that opens, as shown below. 15-16. AFFU - browse to device image...
  • Page 341 Updating the InterScan Gateway Security Appliance Firmware When the update is complete, the AFFU displays a message stating that the device image uploaded successfully. 15-18. AFFU “flash DOM successfully uploaded” message IGURE Troubleshooting Device Image Upload with Option 3 If you are unable to upload the appliance device image in rescue mode using option 3, verify the following: •...
  • Page 342 15-20. The appliance back panel showing location of IGURE management port Upload the new image file by using the Trend Micro Appliance Firmware Flash Utility as described in Using the Appliance Firmware Flash Utility with Option 5 on page 15-23.
  • Page 343 Updating the InterScan Gateway Security Appliance Firmware Note: After you select the upload option, the appliance waits for the upload for up to 10 minutes, at which point it times out. Using the Appliance Firmware Flash Utility with Option 5 Before launching the Appliance Firmware Flash Utility (AFFU), ensure that the IP of your PC is within the same segment as the IP of the appliance.The appliance IP address appears on the preconfiguration console screen that appears when you select...
  • Page 344 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Firmware Flash Utility. On the main menu click The following screen appears: 15-22. The appliance Solutions CD Firmware Flash Utility IGURE section Launch. On the Product Information tab, click The Trend Micro Appliance Firmware Flash Utility opens, and the following screen appears: 15-23.
  • Page 345 Updating the InterScan Gateway Security Appliance Firmware Flash DOM Click (disk-on-module), as shown below. 15-24. AFFU opening screen when using option 5, emphasizing IGURE Flash DOM WARNING! Do not click on the table row containing the IP address. If you do, AFFU will connect to the IP address of that entry, which is the IP address of the appliance's BMC, and an IP conflict will result.
  • Page 346 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide After you click Flash DOM, the Appliance Firmware Flash Utility - DOM screen appears, as shown below. 15-26. AFFU DOM screen IGURE Because the appliance uses the 192.168.252.1 as the default rescue mode IP Device address, type 192.168.252.1 in the...
  • Page 347 Updating the InterScan Gateway Security Appliance Firmware Click OK to start the device image update. The AFFU begins uploading the new device image to the appliance, and the AFFU DOM screen displays the progress of the update. 15-28. AFFU DOM screen showing progress of the update IGURE When the update is complete, the AFFU displays a message stating that the device image uploaded successfully.
  • Page 348 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • Make sure that TFTP traffic is not being blocked by an application on the uploading client or by some intermediate device. (TFTP is the protocol that the appliance uses to communicate with the uploading client.) Tip: Many personal firewalls block UDP traffic by default.

  • Page 349: Completing The Process After The Device Image Is Uploaded

    Updating the InterScan Gateway Security Appliance Firmware Completing the Process After the Device Image Is Uploaded After the appliance receives the image, the appliance automatically reboots. Note: It can take two or three minutes for the appliance to finish updating its device image.

  • Page 350: Reverting To The Previous Version Of The Program File

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide After the appliance has rebooted, confirm that the appliance has the new device image. You can do so by comparing the build number on the new Preconfiguration console opening screen to the previous build number, as shown below.
  • Page 351 Updating the InterScan Gateway Security Appliance Firmware To revert to the previously installed firmware version: Before beginning, make a note of the build number of the currently installed firmware. You can locate this information by doing one of the following: •...

  • Page 352: Bmc And Bios Firmware Updates Using The Appliance Firmware Flash Utility

    The current InterScan Gateway Security Appliance (the appliance) BMC implements the Intelligent Platform Management Interface specification v1.5 (IPMI 1.5), using all mandatory commands and some Trend Micro OEM (original equip- ment manufacturer) commands. BMC firmware provides the functionality and the communication interfaces between the physical hardware and the software system.
  • Page 353 Updating the InterScan Gateway Security Appliance Firmware To connect the local computer to the appliance: Connect an Ethernet cable to the appliance Management port on the back of the device, as shown in the figure below, and connect the other end of the cable the local computer.
  • Page 354 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Interfacing with the Preconfiguration Console for Firmware Updates To access the preconfiguration console: Connect one end of the included console cable to the CONSOLE port on the back panel of the device and the other end to the serial port (COM1, COM2, or any other available COM port) on a computer.
  • Page 355 Updating the InterScan Gateway Security Appliance Firmware Click File > New Connection The Connection Description screen appears. Type a name for the connection profile and click OK The Connect To screen appears: 15-35. The HyperTerminal Connect To screen IGURE In the Connect To screen, using the drop-down menu, choose the COM port that your local computer has available and that is connected to the appliance.
  • Page 356 . The console accepts the password, displays the Login NTER screen, and moves the cursor to the Login prompt. Tip: Trend Micro recommends that you change the default password upon first use. You can do so through the Preconfiguration console. 15-37. The appliance Preconfiguration console login screen...
  • Page 357 Updating the InterScan Gateway Security Appliance Firmware Press E again. The Preconfiguration console Main Menu appears, as shown NTER below. 15-38. The appliance Preconfiguration console main menu, IGURE accessed via HyperTerminal Getting the IP Address of the Local PC For Windows, you can either use the ipconfig command to verify the IP address of your PC or you can ping the appliance IP address that is displayed in HyperTerminal.
  • Page 358 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Put the appliance Solutions CD into the local computer. The following screen appears: 15-39. The appliance Solutions CD splash screen IGURE On the main menu click Firmware Flash Utility The following screen appears: 15-40.
  • Page 359 Updating the InterScan Gateway Security Appliance Firmware On the Product Information tab, click Launch The Trend Micro Appliance Firmware Flash Utility opens, and the following screen appears: 15-41. Trend Micro Appliance Firmware Flash Utility, opening IGURE screen Detect Click to acquire the IP address of the appliance BMC.

  • Page 360: Updating The Interscan Gateway Security Appliance Bios Firmware

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Browse (next to the BMC firmware field) and browse to the BMC firmware file in the file navigation screen that opens. 10. In the BMC checksum field, type the checksum value that you got from the firmware release note.
  • Page 361 Updating the InterScan Gateway Security Appliance Firmware Preparing the Local Computer for Uploading to the Appliance The first two tasks when uploading new BIOS firmware (as detailed in Updating the Appliance BMC Firmware on page 15-32), are exactly the same as the procedures for connecting a local computer to the appliance to deliver the update and interfacing with the Preconfiguration console: Follow the instructions in...
  • Page 362 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Put the appliance Solutions CD into the local computer. The following screen appears: 15-43. The appliance Solutions CD splash screen IGURE On the main menu click Firmware Flash Utilit The following screen appears: 15-44.
  • Page 363 Updating the InterScan Gateway Security Appliance Firmware Launch. On the Product Information tab, click The Trend Micro Appliance Firmware Flash Utility opens, and the following screen appears: 15-45. AFFU screen that appears initially IGURE Detect Click to acquire the IP address of the appliance BMC.
  • Page 364 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Browse Click (next to the BIOS firmware field) and browse to the BIOS firmware file in the file navigation screen that opens. 10. In the BIOS checksum field, type the checksum value that you got from the BIOS release note.
  • Page 365 Updating the InterScan Gateway Security Appliance Firmware Troubleshooting BMC or BIOS Firmware Upload If the AFFU tool produces an error message saying "Can’t log in to device, or user privilege level is not administrator," verify the following: • That the Ethernet cable is connected to the management port. (See Figure 15-20, “The appliance back panel showing location of management port,”...
  • Page 366 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 367: Appendix A: Terminology

    Appendix A Terminology Computer security is a rapidly changing subject. Administrators and information security professionals invent and adopt a variety of terms and phrases to describe potential risks or uninvited incidents to computers and networks. The following is a brief discussion of these terms and their meanings as used in this document.

  • Page 368: Bot

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The term "BOT" is derived from the word "robot." In common usage, a BOT is a soft- ware agent that interacts with network services intended for people (for example, Web, email, etc.) as if it were a real person. A typical use of a BOT is to simply gather...

  • Page 369: Mass-Mailing Attacks

    Terminology Mass-Mailing Attacks Email-aware viruses have the ability to spread by email by automating the infected computer's email client. Mass-mailing behavior describes a situation when an infec- tion spreads rapidly between clients and servers in an email environment. Trend Micro has designed the scan engine in InterScan Gateway Security Appliance to detect behaviors that mass-mailing attacks usually demonstrate.

  • Page 370: Phishing

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Phishing A phish is an email message that falsely claims to be from an established or legitimate enterprise. The message encourages recipients to click on a link that will redirect their browsers to a fraudulent Web site.

  • Page 371: Viruses

    Terminology cannot be cleaned and Trend Micro recommends that they be deleted—a strategy fully supported by InterScan Gateway Security Appliance. Viruses Computer viruses are programs that have the unique ability to replicate. They can attach themselves to just about any type of executable file and are spread as files that are copied and sent from individual to individual.
  • Page 372 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 373: Appendix B: Introducing Trend Micro Control Manager

    Appendix B Introducing Trend Micro Control Manager™ Trend Micro Control Manager™ is a central management console that manages Trend Micro products and services, third-party antivirus and content security products at the gateway, mail server, file server, and corporate desktop levels. The Control Manager Web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.

  • Page 374: Control Manager Basic Features

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Control Manager Basic Features Control Manager allows system administrators to monitor and report on activities such as infections, security violations, or virus entry points. System administrators can download and deploy update components throughout the network, helping ensure that protection is consistent and up-to-date.

  • Page 375: Understanding Trend Micro Management Communication Protocol

    Understanding Trend Micro Management Communication Protocol Trend Micro Management Communication Protocol (MCP) is Trend Micro's next generation agent for managed products. MCP replaces TMI as the way Control Manager communicates with InterScan Gateway Security Appliances. MCP has several new features: •...

  • Page 376: Nat And Firewall Traversal Support

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Data processing performance is slower due to the larger data footprint. Packet transmissions take longer and the transmission rate is less than other data formats. With the issues mentioned above, MCP's data format is devised to resolve these issues.

  • Page 377: Https Support

    Introducing Trend Micro Control Manager™ when agent sits behinds a NAT device (or TMCM server sits behind a NAT device) since the connection can only route to the NAT device, not the product behind the NAT device (or the TMCM server sitting behind a NAT device). One common work-around is that a specific mapping relationship is established on the NAT device to direct it to automatically route the in-bound request to the respective agent.

  • Page 378: Single Sign-On (Sso) Support

    Through MCP, Control Manager 3.5 now supports single sign-on (SSO) functionality for Trend Micro products. This feature allows users to sign in to Control Manager and access the resources of other Trend Micro products without having to sign in to those products as well.

  • Page 379: Control Manager Agent Heartbeat

    Introducing Trend Micro Control Manager™ present all installed product instances under one cluster group). However, from the Control Manager server's perspective, each product instance that goes through the formal registration process is regarded as an independent managed unit and each managed unit is no different from another.

  • Page 380: Using The Schedule Bar

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide • UDP: If the product can reach the server using UDP, this is the most lightweight, fastest solution available. However, this does not work in NAT or firewall environments. In addition, the transmitting client cannot make sure that the server does indeed receive the request.

  • Page 381: Registering Interscan Gateway Security Appliance M-Series To Control Manager

    Introducing Trend Micro Control Manager™ Micro's default settings is satisfactory for most situations, however consider the following points when you customize the heartbeat setting: EARTBEAT REQUENCY ECOMMENDATION The longer the interval between heartbeats, the greater the number of events that may occur before Control...
  • Page 382 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Type the Control Manager server IP address in the FQDN or IP address field. Type the port number and IP address of your router or NAT device server in the Port forwarding IP address and Port forwarding port number fields.

  • Page 383: Managing Interscan Gateway Security Appliances From Control Manager

    Product Directory. The Control Manager management console represents managed products as icons. These icons represent InterScan Gateway Security Appliances, other Trend Micro antivirus and content security products, as well as third party products.

  • Page 384: Accessing A Interscan Gateway Security Appliance M-Series Default Folder

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide As shown in this sample Product Directory, managed products identify the registered antivirus or content security product, as well as provide the connection status. RODUCT IRECTORY ESCRIPTION New entity or user-defined folder name...
  • Page 385 Introducing Trend Micro Control Manager™ The following presents different scenarios for the accessible folders given to the account and the resulting default managed product location: EFAULT CCESSIBLE OLDER ANAGED IVEN TO THE RODUCT CCOUNT OCATION Root folder New entity Mail...
  • Page 386 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Manually Deploy New Components Using the Product Directory Manual deployments allow you to update the virus patterns, spam rules, and scan engines of your InterScan Gateway Security Appliances and other managed products on demand.

  • Page 387: Configure Interscan Gateway Security Appliances And Managed Products

    Introducing Trend Micro Control Manager™ This summary is identical to the summary provided by the Product Status tab in the Product Directory Root folder. To access through Product Directory: Click Products on the main menu. On the left-hand menu, select the desired folder or InterScan Gateway Security Appliance.

  • Page 388: Issue Tasks To Interscan Gateway Security Appliances And Managed Products

    Deploy the latest pattern file, or scan engine to InterScan Gateway Security Appliances with outdated components. To successfully do so, the Control Manager server must have the latest components from the Trend Micro ActiveUpdate server. Perform a manual download to ensure that current components are already present in...

  • Page 389: Query And View Interscan Gateway Security Appliance M-Series And Managed Product Logs

    Introducing Trend Micro Control Manager™ To issue tasks to InterScan Gateway Security Appliances: Access the Product Directory. On the left-hand menu, select the desired InterScan Gateway Security Appliance or folder. On the working area, click the Tasks tab. Select the task from the Select task list.
  • Page 390 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide ARAMETER ESCRIPTION View all logs, or only those that the managed product gener- ated within a specific interval. For the latter option, you can specify logs for the last 24 hours, day, week, month, or cus-...
  • Page 391 Introducing Trend Micro Control Manager™ Recovering InterScan Gateway Security Appliances Removed From the Product Directory The following scenarios can cause Control Manager to delete InterScan Gateway Security Appliances from the Product Directory: • Reinstalling the Control Manager server and selecting Delete existing records and create a new database option This option creates a new database using the name of the existing one.

  • Page 392: Understanding Directory Manager

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide On the working area, provide the following search parameters: ARAMETER ESCRIPTION Select the object of the search from the drop down list Search for Search for managed products or Communicators based on their name, folder name, or computer name.

  • Page 393: Using The Directory Manager Options

    Introducing Trend Micro Control Manager™ Carefully organize the InterScan Gateway Security Appliances belonging to each folder. Consider the following factors when planning and implementing your folder and InterScan Gateway Security Appliance structure: • Product Directory • User Accounts • Deployment Plans Group InterScan Gateway Security Appliances according to geographical, administrative, or product specific reasons.

  • Page 394: Create Folders

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Access Directory Manager Use Directory Manager to group InterScan Gateway Security Appliances together. To access the Directory Manager: Access Product Directory. On the left-hand menu, click Directory Manager. Create Folders Group InterScan Gateway Security Appliances into different folders to suit your organization's Control Manager network administration model.
  • Page 395 Introducing Trend Micro Control Manager™ Note: Renaming an InterScan Gateway Security Appliance only changes the name stored in the Control Manager database there are no effects to the product. Move Folders or InterScan Gateway Security Appliances To transfer or move a folder or InterScan Gateway Security Appliance to another location: Access Directory Manager.

  • Page 396: Understanding Temp

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Understanding Temp Temp, a collection of InterScan Gateway Security Appliance shortcuts, allows you to focus your attention on specific products without changing the Product Directory organization. Use Temp for deploying updates to groups of products with outdated components.
  • Page 397 Add InterScan Gateway Security Appliances with outdated components based on the Status Summary page Trend Micro recommends that you add several InterScan Gateway Security Appliances at once to Temp using the last method. The Status Summary screen provides information as to which InterScan Gateway Security Appliances use outdated components.
  • Page 398 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click Add. Control Manager adds InterScan Gateway Security Appliances from the search results to Temp. To add from the Product Directory Access the Product Directory. On the left-hand menu, select the InterScan Gateway Security Appliance you want to add to Temp.
  • Page 399 Introducing Trend Micro Control Manager™ Add to Temp spans more than one screen, click on all screens to add all products with outdated component. Click Back to return to the Status Summary page, and then proceed to the next outdated component. Repeat the instructions until Control Manager adds all the outdated InterScan Gateway Security Appliances to Temp.

  • Page 400: Download And Deploy New Components From Control Manager

    Control Manager Update Manager is a collection of functions that help you update the antivirus and content security components on your Control Manager network. Trend Micro recommends updating the antivirus and content security components to remain protected against the latest virus and malware threats. By default, Control Manager...

  • Page 401: Understanding Manual Downloads

    Manually Download Components This is the Trend Micro recommend method of configuring manual downloads. Manually downloading components requires multiple steps: Tip: Ignore steps 1 and 2 if you have already configured your deployment plan and configured your proxy settings.
  • Page 402 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To manually download components: Step 1: Configure a Deployment Plan for your components Click Administration on the main menu. On the left menu under Update Manager, click Deployment Plan. The Deployment Plan screen appears.
  • Page 403 Introducing Trend Micro Control Manager™ Click Add New Schedule to provide deployment plan details. The Add New Schedule screen appears. On the Add New Schedule screen, choose a deployment time schedule by selecting one the following options: • Delay - after Control Manager downloads the update components, Control Manager delays the deployment according to the interval you specify Use the menus to indicate the duration, in terms of hours and minutes.
  • Page 404 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 2: Configure your proxy settings, if you use a proxy server Click Administration > System Settings. The System Settings screen appears.
  • Page 405 Introducing Trend Micro Control Manager™ Select the Use a proxy server to download update components from the Internet check box in the Download component proxy settings area. Type the host name or IP address of the server in the Host name field.
  • Page 406 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 3: Select the components to update Click Administration > Update Manager > Manual Download. The Manual Download screen appears. From the Components area, select the components to download. Click the + icon to expand the component list for each component group.
  • Page 407 Anti-Spam Engine Step 4: Configure the download settings Select the update source: • Internet: Trend Micro update server: Download components from the official Trend Micro ActiveUpdate server. • Other update source: Type the URL of the update source in the accompanying field.
  • Page 408 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 5: Configure the automatic deployment settings Select when to deploy downloaded components from the Schedule area. The options are: • Do not deploy: Components download to Control Manager, but do not deploy to managed products.

  • Page 409: Configure Scheduled Download Exceptions

    Configure Scheduled Download Exceptions Download exceptions allow administrators to prevent Control Manager from downloading Trend Micro update components for entire day(s) or for a certain time every day. This feature particularly useful for administrators who prefer not to allow Control Manager to download components on a non-work day or during non-work hours.
  • Page 410 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Configuring scheduled component downloads requires multiple steps: Step 1: Configure a Deployment Plan for your components Step 2: Configure your proxy settings, if you use a proxy server Step 3: Select the components to update...
  • Page 411 Introducing Trend Micro Control Manager™ On the working area, click Add New Plan. On the Add New Plan screen, type a deployment plan name in the Plan name field. Click Add New Schedule to provide deployment plan details. The Add New Schedule screen appears.
  • Page 412 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 2: Configure your proxy settings, if you use a proxy server Click Administration > System Settings. The System Settings screen appears. Select the Use a proxy server to download update components from the Internet check box in the Download component proxy settings area.
  • Page 413 Introducing Trend Micro Control Manager™ Step 3: Select the components to update Click Administration > Update Manager > Scheduled Download. The Scheduled Download screen appears. From the Components area select, the components to download. Click the + icon to expand the component list for each component group.
  • Page 414 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide From Engines: • Virus Scan Engine (32-bit) • Spyware Scan Engine (32-bit) • Virus Cleanup Engine (32-bit) • Anti-Spam Engine The <Component Name> screen appears. Where <Component Name> is the name of the component you selected.
  • Page 415 Step 5: Configure the download settings Select the update source: • Internet: Trend Micro update server: Download components from the official Trend Micro ActiveUpdate server. • Other update source: Type the URL of the update source in the accompanying field.
  • Page 416 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 6: Configure the automatic deployment settings Select when to deploy downloaded components from the Schedule area. The options are: • Do not deploy: Components download to Control Manager, but do not deploy to managed products.

  • Page 417: Using Reports

    Introducing Trend Micro Control Manager™ Using Reports A Control Manager report is an online collection of figures about virus, spyware/grayware, and content security events that occur on the Control Manager network. The Enterprise edition provides the Control Manager reports. Control Manager 3.5 categorizes reports according to the following types: •...

  • Page 418: Understanding Report Templates

    • Footers Trend Micro Control Manager 3.5 adds 3 new report templates to the 77 previously available since Service Pack 3. The reports added in Service Pack 3 fall into five categories: Desktop, Fileserver, Gateway, MailServer and Executive Summary. The new reports in Control Manager 3.5 fall into a new 6th category: Network Products.

  • Page 419: Understanding Report Profiles

    Introducing Trend Micro Control Manager™ <root>\Program Control Manager 3.5 also provides 18 templates stored in Files\Trend Micro\Control Manager\Reports as Crystal Report version 9 files (*.rpt). These templates also apply to Local and Global reports. Understanding Report Profiles A profile lays out the content (template and format), target, frequency, and recipient of a report.
  • Page 420 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide To create local or global report profile: Step 1: Select whether to create a local or global report Click Reports on the main menu. Take one of the following actions: •...
  • Page 421 Introducing Trend Micro Control Manager™ Select the report format. Click Next > to proceed to the Targets tab.
  • Page 422 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Step 2: Configure the Contents tab settings On the working area under the Targets tab, select the target of the local or global report profile: • Select the InterScan Gateway Security Appliances or folders. The profile only contains information about the InterScan Gateway Security Appliances or folders selected.
  • Page 423 Introducing Trend Micro Control Manager™ Click Next > to proceed to the Frequency tab. Step 4: Configure the Frequency tab settings On the working area under the Frequency tab, specify how often Control Manager generates this report. You have the following options: •...
  • Page 424 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide If it is not checked, the start time is the same generation hour of the first day and end time is the generation hour of the day when generation occurs Under Start the scheduler, specify when the Report Server starts collecting information for this report.
  • Page 425 Introducing Trend Micro Control Manager™ Step 5: Configure the Recipient tab settings On the working area under the Recipients tab, select recipients from the existing Control Manager users and groups. • to add recipients from the Users and groups list to the Recipient list •...

  • Page 426: Generate On-Demand Scheduled Reports

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Review Report Profile Settings Use the Profile Summary screen to review profile settings. To access Profile Summary and review report profiles: • Access Local or Global Reports On the working area under the Profile Summary column, click View Profile.
  • Page 427 Introducing Trend Micro Control Manager™ On the working area under the Available Reports column, click the corresponding View link. On the Available Reports for {profile name} under Generate a {Frequency} report starting from, specify the starting month, day, and year.
  • Page 428 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 429: Appendix C: Technology Reference

    Appendix C Technology Reference This appendix contains explanations of some of the technologies and terms mentioned most frequently mentioned in this manual.

  • Page 430: Deferred Scan

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Deferred Scan Deferred scan ensures that the connection between the client and InterScan Gateway Security Appliance remains open while large file scanning takes place. A client requests a file from an FTP or HTTP server, and the server sends the file to the client located behind the appliance.

  • Page 431: False Positives

    Update to the latest pattern file (phishing, virus, spam, and so on). Exempt the item from scanning by adding it to an Approved List. Report the false positive to Trend Micro. LAN Bypass LAN bypass is a fault-tolerance solution that allows InterScan Gateway Security Appliance to continue to pass traffic if a software, hardware, or electrical failure occurs.

  • Page 432: Link State Failover

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The following table describes the different LAN bypass triggers and the associated LED indicator status. C-1. LED indicator status ABLE Trigger LED 1 Status LED 2 Status Software problems or system...

  • Page 433: Enabling Or Disabling Lan Bypass And Link State Failover

    COM port) on a computer. (See Figure 15-1, “Back panel of appliance showing console port, management port, and INT port,” on page 8.) Tip: Trend Micro recommends that you configure HyperTerminal properties so that the backspace key is set to delete and that you set the emulation type to VT100J for best display results.
  • Page 434 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Click File > New Connection The Connection Description screen appears. Type a name for the connection profile and click OK The Connect To screen appears: C-2. The HyperTerminal Connect To screen...
  • Page 435 . The console accepts the password, displays the Login NTER screen, and moves the cursor to the Login prompt. Tip: Trend Micro recommends that you change the default password upon first use. You can do so through the Preconfiguration console. ************************************************** IGSA 1.1.1085 en Pre-Configuration...
  • Page 436 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Press E again. The appliance Preconfiguration console Main Menu appears, NTER as shown below. ===Main Menu=== 1) Device Information & Status 2) Device IP Settings 3) Interface Settings 4) System Tools...
  • Page 437 Technology Reference To enable or disable LAN bypass and Link state failover: Access the Preconfiguration console as described in Accessing the Preconfiguration Console on page C-5. Select option 3, Interface Settings. The following screen appears: Interface Settings Current Interface Setting: Name ===================================================================== speed&duplex...

  • Page 438: Scan Engine Technology

    Scan Engine Technology IntelliScan IntelliScan is a feature in Trend Micro products that allows optimization of scanning time by enabling the product to skip file types that are safe from virus infection. It is a safe compromise between performance and detection. Users can enable IntelliScan at the gateway or in the desktop so that their product scans only scannable file types.

  • Page 439: Macrotrap

    As with Trend Micro's other heuristics technologies, WormTrap detection is superseded by specific detection. Supported DCS Clients The Trend Micro Damage Cleanup Service (DCS) supports assessment and repair of the following clients: • Windows 2003 Web, Standard and Enterprise server •...

  • Page 440: Feature Execution Order

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Feature Execution Order InterScan Gateway Security Appliance executes its features in a particular order for each protocol as follows. SMTP Feature Execution Order ERS -> Content Filtering -> Content Scanning + Anti-phishing -> Scanning +...

  • Page 441: Appendix D: Removing The Hard Disk

    Appendix D Removing the Hard Disk The InterScan Gateway Security Appliance hard disk needs to be removed only if it develops a problem or fails. Follow the procedure in this appendix to remove the InterScan Gateway Security Appliance hard disk.
  • Page 442 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide The InterScan Gateway Security Appliance hard disk needs to be removed only if it develops a problem or fails. To remove the InterScan Gateway Security Appliance Hard Disk: Remove the bezel from the front of the device.
  • Page 443 Removing the Hard Disk While pressing the thumb-release clasps, gently pull the bottom of the bezel away from the device. The top should then release easily. D-2. Releasing the bezel IGURE Gently pull the bezel away from the device paying attention to the clasps at the top of the bezel.
  • Page 444 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide D-4. Hard disk release lever IGURE Gently slide the hard disk tray out of the device.
  • Page 445 Removing the Hard Disk D-5. InterScan Gateway Security Appliance hard disk IGURE Note: The InterScan Gateway Security Appliance hard disk needs to be equal to or greater than 80GB. InterScan Gateway Security Appliance only uses 80GB of hard disk space. Additional drive space will be unused.
  • Page 446 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 447: Appendix E: System Checklist

    Appendix E System Checklist The following device address information is required during preconfiguration. The settings can be changed after preconfiguration. E-1. Device address checklist ABLE Information required Sample Your value InterScan Gateway Security Device Address Appliance Information IP address 10.1.104.50 Subnet mask 255.255.254.0 Host name...
  • Page 448 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...

  • Page 449: Appendix F: File Formats Supported

    Appendix F File Formats Supported This appendix includes the following topics: • Compression Types on page F-2 • Blockable File Formats on page F-4 • Malware Naming Formats on page F-6...
  • Page 450 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Compression Types The InterScan Gateway Security Appliance scan engine can extract and scan files compressed using any of the most popular compression types (listed below). InterScan Gateway Security Appliance can also check for viruses being "smuggled"...
  • Page 451 File Formats Supported F-1. Supported compression types (Continued) ABLE MSCOMP LZEXE PKLite Diet UNIX LZW compress(.Z) UNIX pack(.z)

  • Page 452: Blockable File Formats

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Blockable File Formats InterScan Gateway Security Appliance can scan for and block certain types of files that originate from FTP servers. You can configure File Blocking from the FTP > File Blocking menu of the Web console.
  • Page 453 File Formats Supported F-2. Blockable file formats (Continued) ABLE Images WINDOWS FONT, WINDOWS ICON, SUN GKS, PCX, PPM IMAGE, AUTODESK ANIMATOR (FLI OR FLC) (see subtype VSDT_FLI), PORTABLE NETWORK GRAPHICS, PAIN SHOP PRO, TARGA IMAGE, MACINTOSH BITMAP, ENCAPSULATED POSTSCRIPT, ANI- MATED CURSOR, TERRAGEN ATMOSPHERE, SGI IMAGE, CIN- EMA 4D, COMPUTER GRAPHICS METAFILES, CALIGARI TRUESPACE FILE, AUTOCAD DWG (see subtype VSDT_DWG),...

  • Page 454: Malware Naming Formats

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Malware Naming Formats Malware, with the exception of boot sector viruses and some file infectors, is named according to the following format: PREFIX_THREATNAME.SUFFIX The suffix used in the naming convention indicates the variant of the threat. The suffix assigned to a new threat (meaning the binary code for the threat is not similar to any existing threats) is the alpha character “A.”...
  • Page 455 File Formats Supported F-3. Malware naming (Continued) ABLE FLOODER Tool that allows remote malicious hackers to flood data on a specified IP, causing the target system to hang FONO File infector GCAE File infector GENERIC Memory-resident boot virus HKTL Hacking tool HTML HTML virus Internet Relay Chat malware...
  • Page 456 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide F-3. Malware naming (Continued) ABLE SYMBOS Trojan that affects telephones using the Symbian operating system TROJ Trojan UNIX Linux/UNIX script malware VBScript virus WORM Worm W2KM, Macro virus W97M, X97M, P97M,...

  • Page 457: Appendix G: Specifications And Environment

    Appendix G Specifications and Environment This appendix includes the following topics: • Hardware Specifications on page G-2 • Dimensions and Weight on page G-2 • Power Requirements and Environment on page G-3...

  • Page 458: Dimensions And Weight

    Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Hardware Specifications InterScan Gateway Security Appliance uses the following components: G-1. Hardware specifications ABLE Component Specification LGA 775 Pentium 3.4GHz Chipset 915GV Memory 1GB (512MB x 2) Compact 512MB Flash 80GB SATA I hard disk...

  • Page 459: Power Requirements And Environment

    Specifications and Environment Power Requirements and Environment The following power requirements and environmental specifications apply to InterScan Gateway Security Appliance:: G-1. Appliance power requirements and environmental specifications ABLE Element Specification AC input voltage 90 to 264VAC (100 to 240 nominal) AC input current (90VAC) 8.0A AC input current (180VAC)
  • Page 460 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide...
  • Page 461 Index fig. 13-14. Administration > Password 13-21 fig. 13-15. Administration > Product License 13-22 fig. 13-16. Online License Update and Renew- al 13-23 Access Control 13-3, 15-4 fig. 13-17. My Product Details 13-24 enable external access 13-3 fig. 13-18. Administration > Product License - enabling 13-3 New Activation Code 13-25 Access control 4-2...
  • Page 462 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide AFFU Anti-Spam “Flash DOM successfully uploaded” message anti-spam engine 3-7 15-21, 15-27 Email Reputation Services 3-11 BIOS information entry screen 15-43 Dynamic Reputation 3-10 BMC information entry screen 15-39 log 3-6...
  • Page 463 troubleshooting 15-45 Back panel 1-13 defined 3-2 AC power receptable 1-13 Browser support elements 1-13 Internet Explorer 6.x 1-3 fan vent 1-13 Mozilla Firefox 1.x 1-3 port indicator status 1-14 port indicators 1-14 power switch 1-13 CF. See Compact Flash. showing console (serial) port and management Checklist port 15-33...
  • Page 464 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Scheduled Downloads B-38 RTF B-47 creating targets B-50 folders B-22 report templates B-46 Directory Manager B-20 report types B-45 download components reports B-45 manually B-29 global B-45 downloading and deploying components B-28...
  • Page 465 1-17, 2-20 File Blocking dimensions and weight G-2 types 3-18 image 15-4 File formats, blockable F-4 downloading it from the Trend Micro Web site File Handling 15-7 handling compressed files 14-14 update 15-4 handling large files 14-16 Device image. See Firmware.
  • Page 466 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Firefox 1.x, support for 1-3 fig. 15-16. AFFU - browse to device image Firewall 15-20 InterScan Gateway Security Appliance is not a fig. 15-17. AFFU DOM screen showing firewall or a router 2-2...
  • Page 467 15-40. Solutions CD Firmware Flash Util- getting IP address of local PC 15-12 ity section 15-38 Rescue mode 15-8 fig. 15-41. Trend Micro Appliance Firmware uploading BMC firmware 15-40 Flash Utility, opening screen 15-39 uploading device image and keeping existing fig.
  • Page 468 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide block infected files 7-7 clean infected files 7-7 Getting Started configure action 7-6 Figures configure target 7-4 fig. 4-01. Web Console Log On screen 4-3 do not scan 50MB+ files 7-6 fig.
  • Page 469 HTML viruses 3-12 configure target 6-35 HTTP enable 6-35 Anti-pharming select notification recipients 6-36 allow access to Web site 6-23 scanning support 1-4 block access to Web site 6-23 URL Filtering configure action 6-23 configure notification 6-33 configure Notification 6-24 configure proxy settings 6-32 configure target 6-22 configure settings 6-31...
  • Page 470 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide fig. 6-05. HTTP Scanning - Notification 6-13 Internal outbreak 9-6 fig. 6-06. HTTP > Anti-spyware - Target 6-15 Internet Explorer 6.x, support for 1-3 fig. 6-07. Trend Micro Spyware/Grayware On- Internet threats, types of 3-2...
  • Page 471 License 13-22, 14-11 MIME types, list of common types 6-8 update manually 13-24 Mozilla Firefox 1.x, support for 1-3 view detailed license online 13-23 My Product Details 13-24 view info about your license 13-23 view license renewal instructions 13-23 Naming of malware F-6 Link state failover NAT 2-2 deployment, illustrated 2-15...
  • Page 472 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Outbreak Defense 1-3, 9-2 Current Status screen 9-3 Password Damage Cleanup Exception List, add changing the password 13-22 non-Windows clients 9-7 default password 4-3 Damage Cleanup Services 9-2 entering the password 4-3...
  • Page 473 8-05. POP3 > Scanning - Notification 8-8 deliver message and attachments 8-30 fig. 8-06. POP3 > Anti-spyware - Target 8-10 enable 8-28 fig. 8-07. Trend Micro Spyware/Grayware On- filter by attachment True Type 8-29 line Database 8-11 filter by message attachment 8-29 fig.
  • Page 474 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide fig. 8-18. POP3 > Content Filtering - Target Preliminary tasks 4-2 8-28 Primary Functional Components fig. 8-19. POP3 > Content Filtering - Action Anti-pharming URL rating database 3-16 8-30 Anti-phishing Services 3-15 fig.
  • Page 475 Quarantines fig. C-04. The appliance Preconfiguration con- exporting query results list to comma-delimited sole login screen C-7 file 10-7 fig. C-05. The appliance Preconfiguration con- Figures sole main menu, accessed via HyperTermi- fig. 10-01. Quarantines screen 10-2 nal C-8 fig. 10-02. Quarantines > Query 10-5 Registration Key fig.
  • Page 476 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide select notification recipients 5-33 configure target 5-16 Anti-spam select notification recipients 5-18 enable 5-27 scanning support 1-4 exclude IP address from filtering 5-24 SMTP services described 5-2 select detection level 5-27...
  • Page 477 fig. 5-09. SMTP > Anti-spyware - Notification Spam. See Anti-spam. 5-15 Specifications, hardware G-2 fig. 5-10. SMTP > IntelliTrap - Target 5-16 Spyware 6-17–6-18 fig. 5-11. SMTP > IntelliTrap - Action 5-17 allowing it through 5-14 fig. 5-12. SMTP > IntelliTrap - Notification block files with spyware 6-17 5-18 cleanup template 3-14...
  • Page 478 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide Switch fig. 14-03. Compression ratio 14-16 turning off the device 15-37, 15-41 HyperTerminal 14-4 System Time 13-29 power switch 14-4 configure NTP Server 13-28 quarantine 14-8 True File Type Identification (IntelliScan) 7-5...
  • Page 479 4-3 World Virus Tracking 13-33 interface components 4-13 participating in program 13-33 Log On screen 4-3 viewing Trend Micro Virus Map 13-34 logout link 4-13 Worms defined 3-2 navigating the console 4-12 WormTrap defined C-11 navigation menu 4-13...
  • Page 480 Trend Micro™ InterScan™ Gateway Security Appliance M-Series Administrator’s Guide I–20...

Table of Contents