New in this Release

Trend Micro OfficeScan includes the following new features and enhancements.

New in OfficeScan 11.0 SP1

This version of OfficeScan includes the following new features and enhancements.

Feature

Description

Ransomware Protection for documents

Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.

Enhanced server-agent communication encryption

OfficeScan provides enhanced encryption of communication between the server and agents using Advanced Encryption Standard (AES) 256 to meet security compliance.

Connected Threat Defense

Configure OfficeScan to subscribe to the Suspicious Object lists from the Control Manager server. Using the Control Manager console, you can create customized actions for objects detected by the Suspicious Object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment.

Scan monitoring

OfficeScan provides more visibility and control over scan features through:

  • Resuming interrupted Scheduled Scans: Configure OfficeScan to automatically resume interrupted Scheduled Scans based on a configured schedule

  • Scan Operation logs: Monitor scan time, scan status, and scan results using the web console

Encryption of sensitive data

Data Loss Prevention integrates with Trend Micro™ Endpoint Encryption™ automating the encryption of sensitive data to removable devices and cloud storage service channels.

Enhanced OfficeScan agent self-protection features

  • Enhanced file integrity monitoring and DLL hijacking prevention ensure the validity and availability of OfficeScan agent program files

  • Protection against the blocking of OfficeScan agent processes

Multilingual OfficeScan agent support

Administrators can configure the OfficeScan agent program language from the web console. Select to display the OfficeScan agent console based on logged on user's language settings or the OfficeScan server language settings.

Extended policy management through Control Manager™

  • Control Manager™ policy management of the OfficeScan server now allows administrators to create child policies that inherit the Control Manager global settings. Through the Control Manager console, local OfficeScan administrators can then modify these child policies to better protect regional, departmental, or satellite servers that may require more specific settings. Local OfficeScan administrators can modify Scheduled Scan times and scan exception lists to better protect their local environments while maintaining the protection configured by the Control Manager administrator.

  • Control Manager™ administrators can quarantine specific OfficeScan agent endpoints from the network to prevent the spread of security threats.

For details on OfficeScan policy configuration using Control Manager™, see the Trend Micro Control Manager Administrator's Guide.

Trusted Programs

Administrators can configure OfficeScan to exclude files and processes signed by trusted companies from scanning and apply the configured exclusion lists to Real-Time Scan and Behavior Monitoring, or create specific lists for either feature.

For a list of system requirements, refer to the OfficeScan System Requirements document at:

http://docs.trendmicro.com/en-us/enterprise/officescan.aspx

New in OfficeScan 11.0

This version of OfficeScan includes the following new features and enhancements.

Table 1. Server Enhancements

Feature

Description

SQL Database Migration Tool

Administrators can choose to migrate the existing CodeBase® server database to a SQL server database.

For details, see SQL Server Migration Tool.

Smart Protection Server enhancements

This version of OfficeScan supports the upgraded Smart Protection Server 3.0. The upgraded Smart Protection Server includes File Reputation Services pattern enhancements. The pattern files have been redesigned to provide the following benefits:

  • Reduced memory consumption

  • Incremental pattern updates and enhanced File Reputation Services pattern detection, which greatly reduce bandwidth consumption

Server authentication

Enhanced server authentication keys ensure that all communication to and from the server is secure and trusted.

For details, see Authentication of Server-initiated Communications.

Role-based administration enhancement

The role-based administration enhancement streamlines how administrators configure roles and accounts making integration with Trend Micro™ Control Manager™ more streamlined.

For details, see Role-based Administration.

Web server requirements

This version of OfficeScan can integrate with the Apache 2.2.25 web server.

OfficeScan server interface redesign

The OfficeScan interface has been redesigned to provide an easier, more streamlined, and more modern experience. All the features available in the previous OfficeScan server are still available in the updated version.

  • Top-level menu items free up screen space

  • A "Favorites" menu helps you locate regularly used screens

  • A slide show view of the Dashboard tabs allows you to view widget data without the need to manually control the console

Cloud-based contextual online help

Cloud-based context-sensitive online help ensures that administrators always have the most up-to-date information whenever the help system opens. If an Internet connection is unavailable, OfficeScan automatically switches to the local online help system shipped with the product.

Platform and Browser Support

OfficeScan supports the following operating systems:

  • Windows Server™ 2012 R2 (server and agent)

  • Windows 8.1 (agent only)

OfficeScan supports the following browser:

  • Internet Explorer™ 11.0

Table 2. Agent Enhancements

Feature

Description

Central Quarantine Restore

OfficeScan provides administrators the ability to restore previously detected “suspicious” files and add files to domain-level “approved” lists to prevent further actions on the files.

If a program or file has been detected and quarantined, administrators can globally or granularly restore the file on agents. Administrators can use additional SHA1 verification checking to ensure that the files to be restored have not been modified in any way. After restoring the files, OfficeScan can automatically add the files to domain-level exclusion lists to exempt them from further scanning.

For details, see Restoring Quarantined Files.

Advanced Protection Service

The Advanced Protection Service provides the following new scan features.

  • Browser Exploit Prevention uses sandbox technology to test the behavior of web pages in real time and detect any malicious script or program before the OfficeScan agent is exposed to threats.

    For details, see Configuring a Web Reputation Policy.

  • Enhanced memory scanning works in conjunction with Behavior Monitoring to detect malware variants during Real-time Scans and take quarantine actions against threats.

    For details, see Scan Settings.

Data Protection enhancements

OfficeScan Data Protection has been enhanced to provide the following benefits:

  • Data Discovery through integration with Control Manager™: Administrators can configure Data Loss Prevention policies on Control Manager to scan folders on OfficeScan agents for sensitive files. After discovering sensitive data within a file, Control Manager can log the location of the file or, through integration with Trend Micro Endpoint Encryption, automatically encrypt the file on the OfficeScan agent.

  • User Justification support: Administrators can allow users to provide reasons for transferring sensitive data or block the transmissions themselves. OfficeScan logs all transfer attempts and the reasons provided by the user.

    For details, see Data Loss Prevention Actions.

  • Smartphone and tablet support: Data Loss Prevention and Device Control can now monitor and take action on sensitive data being sent to smart devices, or block access to smart devices entirely.

    For details, see Device Control.

  • Updated data identifier and template libraries: The Data Loss Prevention libraries have been updated with 2 new keyword lists and 93 new templates.

  • Device Control log integration with Control Manager™

Suspicious Connection Settings enhancement

Command & Control (C&C) Contact Alert Services has been updated to include the following:

Outbreak Prevention enhancements

Outbreak Prevention has been updated to protect against the following:

Self-protection feature enhancements

The self-protection features available in this release provide both light-weight and high level security solutions to protect both your server and OfficeScan agent programs.

  • Light-weight solution: Designed for server platforms to protect OfficeScan agent process and registry keys by default, without affecting the performance of the server

  • High-level security solution: Enhances the Agent Self-protection feature available in previous releases by providing:

    • IPC command authentication

    • Pattern file protection and verification

    • Pattern file update protection

    • Behavior Monitoring process protection

For details, see OfficeScan Agent Self-protection.

Scan performance and detection enhancements

  • Real-Time Scan maintains a persistent scan cache which reloads each time the OfficeScan agent starts. The OfficeScan agent tracks any changes to files or folders that occurred since the OfficeScan agent unloaded and removes these files from the cache.

  • This version of OfficeScan includes global Approved lists for Windows system files, digitally signed files from reputable sources, and Trend Micro-tested files. After verifying that a file is known to be safe, OfficeScan does not perform any action on the file.

  • Damage Cleanup Services enhancements provide improved detection capabilities for rootkit threats and a reduced number of false positives through updated GeneriClean scanning.

  • Compressed file settings are separated between Real-time and On-demand Scans to help improve performance.

    For details, see Configure Scan Settings for Large Compressed Files.

  • Dual-layer logs provide a more detailed view for detections that administrators want to examine further.

OfficeScan agent interface redesign

The OfficeScan agent interface has been redesigned to provide an easier, more streamlined, and more modern experience. All the features available in the previous OfficeScan client program are still available in the updated version.

The updated interface also allows administrators to "unlock" administrative functions directly from the OfficeScan agent console in order to quickly troubleshoot issues without opening the web console.