There are a number of ways global firewall settings get applied to OfficeScan agents.
A particular firewall setting can apply to all agents that the server manages.
A setting can apply only to OfficeScan agents with certain firewall privileges. For example, the firewall log sending schedule only applies to OfficeScan agents with the privilege to send logs to the server.
Enable the following global settings as required:
Send firewall logs to the server
You can grant certain OfficeScan agents the privilege to send firewall logs to the OfficeScan server. Configure the log sending schedule in this section. Only agents with the privilege to send firewall logs use the schedule.
See Firewall Privileges for information on firewall privileges available to selected agents.
Update the OfficeScan firewall driver only after a system restart
Enable the OfficeScan agent to update the Common Firewall Driver only after the OfficeScan agent endpoint restarts. Enable this option to avoid potential agent endpoint disruptions (such as temporary disconnection from the network) when the Common Firewall Driver updates during agent upgrade.
Send firewall log information to the OfficeScan server hourly to determine the possibility of a firewall outbreak
When you enable this option, OfficeScan agents sends firewall log counts once every hour to the OfficeScan server.
For details about firewall logs, see Firewall Logs.
OfficeScan uses log counts and the firewall violation outbreak criteria to determine the possibility of a firewall violation outbreak. OfficeScan sends email notifications to OfficeScan administrators in the event of an outbreak.
Go to the Certified Safe Software Service Settings section and enable the Certified Safe Software Service as required.
The Certified Safe Software Service queries Trend Micro datacenters to verify the safety of a program detected by Malware Behavior Blocking, Event Monitoring, Firewall, or antivirus scans. Enable Certified Safe Software Service to reduce the likelihood of false positive detections.
Ensure that OfficeScan agents have the correct proxy settings (for details, see OfficeScan Agent Proxy Settings) before enabling Certified Safe Software Service. Incorrect proxy settings, along with an intermittent Internet connection, can result in delays or failure to receive a response from Trend Micro datacenters, causing monitored programs to appear unresponsive.
In addition, pure IPv6 OfficeScan agents cannot query directly from Trend Micro datacenters. A dual-stack proxy server that can convert IP addresses, such as DeleGate, is required to allow the OfficeScan agents to connect to the Trend Micro datacenters.