Web Server Considerations

Endpoint Application Control requires one of the following web servers:

  • Apache Tomcat 8

    Setup always installs Apache Tomcat 8 web server. Setup does not remove any existing versions of Apache web server.

  • Microsoft Internet Information Server (IIS) 7.0 or later

    All versions of Microsoft Windows Server supported by Endpoint Application Control use Microsoft Internet Information Server (IIS) 7.0 or later. See Server Requirements.

During Endpoint Application Control server installation, select Microsoft Internet Information Server (IIS) or Apache Tomcat as your web server. If IIS is not turned on and selected, then Endpoint Application Control selects Apache Tomcat 8 by default.

Selected Web Server

Considerations

Apache Tomcat web server

On the server installation Web Server screen, select Apache web server.

To use HTTPS for the Endpoint Application Control web console, enable and configure SSL for Apache Tomcat. See TLS/SSL Considerations.

To avoid some common security compromises, do the following:

  • Create a non-administrator account to run Apache Tomcat.

    By default, the administrator account is the only account in Apache Tomcat. To help avoid the Endpoint Application Control server becoming compromised if a malicious hacker takes control of your Apache web server, Trend Micro recommends creating a different account to run the web server.

  • Refer to the Apache website for the latest information on upgrades, patches, and security issues before installing Apache Tomcat. Go to http://tomcat.apache.org.

Microsoft Internet Information Server (IIS) web server

On the server installation Web Server screen, select Microsoft IIS server.

To select IIS as the Endpoint Application Control web server, before starting Endpoint Application Control Setup do the following:

  • Turn on IIS on the server endpoint.

  • Enable the following IIS components:

    • CGI

    • ISAPI

    • ISAPI Extensions

  • Remove any IIS-locking programs on the planned server endpoint.

    IIS-locking programs can prevent successful installation of Endpoint Application Control. See Microsoft Internet Information Server (IIS) documentation for more information about IIS-locking.