Damage Cleanup Services Registration

Administration > IWSVA Configuration > Register to DCS

If you have one or more Trend Micro Damage Cleanup Service (DCS) installed on the network, you can have IWSVA work in conjunction with them.

This is an especially useful relationship on networks where client laptops or visitors join the LAN. If the client already contains a Trojan, spyware, worm, or attempts to access known phish sites or disease vectors, IWSVA can detect and block the spurious outbound HTTP activity. It will also request the DCS server to conduct a clean up of the affected machine(s).

In the "Example Phish" link below, IWSVA would recognize outbound client requests to the bogus URL and prevent access.

• Enable DCS—Select this option to engage the relationship between IWSVA and DCS. If IWSVA detects suspicious activity, it will block the outbound access and send the client's IP address to the DCS server for clean up. DCS will also send clean up logs to IWSVA when this option is enabled.

• DCS server name or IP address—Specify the IP address of the Damage Cleanup Server(s) you want to register.

• To remove, or un-register a DCS server from IWSVA, click the trash bin icon next to the server from which you want to disconnect.

• Port number—The default HTTP port for the DCS server is 80. DCS does not support HTTPS.

• Redirect client to DCS on cleanup failure—Choose this option to have IWSVA redirect client HTTP requests to a "manual" DCS cleanup Web page if the DCS server could not clean the client. MORE>>

  IWSVA will only redirect the client if the DCS server reports that it was either unable to contact the client, or unable perform an automatic clean up on the client.
  
  If the client chooses not to perform a manual DCS clean up, and the browser does not support ActiveX, or if ActiveX is disabled, the client can navigate off the page and use the Internet as usual. After four hours (default) , the client will again be directed to the manual DCS cleanup page.

  Default redirect time can be set in the file
  
  /etc/iscan/intscan.ini

  under the "infected_url_block_length" parameter.

• Note: If you are using an HTTPS connection for the IWSVA console, see Redirect Clients to DCS When IWSVA is using HTTPS for important configuration steps.
  
  Place the DCS server and test client on the same side of the data interface when IWSVA works in Transparent Bridge mode or Proxy mode. Otherwise, DCS server cannot provide the clean up service.

You can view the logs sent by DCS from the IWSVA console, as well as the spyware detection reports.

See also

• Using multiple DCS servers

• Supported DCS clients

• URL Blocking (PhishTrap)

• Example Phish

• About Damage Cleanup Services

• Redirect Clients to DCS When IWSVA is using HTTPS