Scan_Methods
OfficeScan clients can use either conventional scan or smart scan when scanning for security risks.
The default scan method in this release is smart scan. Change scan method settings from the Scan Methods screen at any time.
Conventional scan is the scan method used in all earlier OfficeScan versions. A conventional scan client stores all OfficeScan components on the client computer and scans all files locally.
Smart scan is a next-generation, in-the-cloud based endpoint protection solution. At the core of this solution is an advanced scanning architecture that leverages threat signatures that are stored in-the-cloud.
The following table provides a comparison between these two scan methods:
|
Comparison between conventional scan and smart scan |
|
Basis of Comparison |
Conventional Scan |
Smart Scan |
|
Availability |
Available in this and all earlier OfficeScan versions |
Available starting from OfficeScan 10 |
|
Scanning behavior |
The conventional scan client performs scanning on the local computer. |
|
|
Components in use and updated |
All components available on the update source, except the Smart Scan Agent Pattern |
All components available on the update source, except the Virus Pattern and Spyware Active-monitoring Pattern |
|
Typical update source |
OfficeScan server |
OfficeScan server |
When you switch clients to conventional scan, consider the following:
1. Number of clients to switch
Switching a relatively small number of clients at a time allows efficient use of OfficeScan server and Smart Protection Server resources. These servers can perform other critical tasks while clients change their scan methods.
2. Timing
When switching back to conventional scan, clients will likely download the full version of the Virus Pattern and Spyware-active Monitoring Pattern from the OfficeScan server. These pattern files are only used by conventional scan clients.
Consider switching during off-peak hours to ensure the download process finishes within a short amount of time. Also consider switching when no client is scheduled to update from the server. Also temporarily disable "Update Now" on clients and re-enable it after the clients have switched to smart scan.
3. Client tree settings
Scan method is a granular setting that can be set on the root, domain, or individual client level. When switching to conventional scan, you can:
Create a new client tree domain and assign conventional scan as its scan method. Any client you move to this domain will use conventional scan.
When you move the client, enable the setting Apply settings of new domain to selected clients.
Select a domain and configure it to use conventional scan. Smart scan clients belonging to the domain will switch to conventional scan.
Select one or several smart scan clients from a domain and then switch them to conventional scan.
Any changes to the domain’s scan method overrides the scan method you have configured for individual clients.
To change the scan method: >>>
Networked Computers > Client Management > Settings > Scan Methods
Select to use conventional scan or smart scan.
If
you selected domain(s) or client(s) on the client tree, click Save
to apply settings to the domain(s) or client(s). If you selected the root
icon
, choose from
the following options:
Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configure the settings.
Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain.
If you are switching clients from conventional scan to smart scan, take note of the following:
1. Product license
To use smart scan, ensure that you have activated the licenses for the following services and that the licenses are not expired:
Antivirus
Web Reputation and Anti-spyware
2. Smart protection sources
Smart scan clients connect to smart protection sources to send scan queries and verify a file’s risk against the Smart Scan Pattern. The smart protection source depends on the client’s location. Internal clients connect to a Smart Protection Server, while external clients connect to the Trend Micro Smart Protection Network. Refer to Smart Protection Servers.
Trend Micro Smart Protection Network
If connection to the Smart Protection Network requires proxy authentication, specify authentication credentials. For details, see External Proxy.
OfficeScan provides two types of Smart Protection Servers. Both servers have the same functions.
Integrated: Setup includes an integrated Smart Protection Server that installs on the same computer where the OfficeScan server installed. If you want clients to connect to this server through a proxy server, configure proxy settings. For details, see Internal Proxy.
Consider disabling the OfficeScan firewall on the server computer. When enabled, the OfficeScan firewall may affect the integrated server’s performance. For information on disabling the OfficeScan firewall, see Disabling the OfficeScan Firewall.
Standalone: A standalone Smart Protection Server installs on a VMware server. The standalone server has a separate management console and is not managed from the OfficeScan Web console.
If you have not set up any of these servers, install them first before switching clients to smart scan. Refer to the Trend Micro Smart Protection Server for OfficeScan Getting Started Guide for information on reactivating the integrated server, and installing and managing the standalone server.
Trend Micro recommends installing multiple servers for failover purposes. Clients that are unable to connect to a particular server will try to connect to the other servers you have set up.
3. Smart Protection Server list
Add the Smart Protection Servers you have set up to the Smart Protection Server list. Clients refer to the list to determine which Smart Protection Server to connect to. The client tries connecting to other servers on the list if it cannot connect to a particular server.
For details on configuring the list, see Smart Protection Sources.
4. Computer location settings
OfficeScan includes a location awareness feature that identifies the client computer’s location and determines whether the client connects to the Smart Protection Network or Smart Protection Server. This ensures that clients remain protected regardless of their location.
To configure location settings, see Computer Location.
5. OfficeScan server
Ensure that clients can connect to the OfficeScan server. Only online clients will be notified to switch to smart scan. Offline clients get notified when they become online. Roaming clients are notified when they become online or, if the client has scheduled update privileges, when scheduled update runs.
Also verify that the OfficeScan server has the latest components because smart scan clients need to download the Smart Scan Agent Pattern from the server. To update components, see OfficeScan Server Update.
6. Other Trend Micro products
If you have Trend Micro™ Network VirusWall™ Enforcer installed:
Install a hot fix (build 1047 for Network VirusWall Enforcer 2500 and build 1013 for Network VirusWall Enforcer 1200).
Update the OPSWAT engine to version 2.5.1017 to enable the product to detect a client’s scan method.
7. Number of clients to switch
Switching a relatively small number of clients at a time allows efficient use of OfficeScan server and Smart Protection Server resources. These servers can perform other critical tasks while clients change their scan methods.
When switching to smart scan for the first time, clients need to download the full version of the Smart Scan Agent Pattern from the OfficeScan server. The Smart Scan Pattern is only used by smart scan clients.
Consider switching during off-peak hours to ensure the download process finishes within a short amount of time. Also consider switching when no client is scheduled to update from the server. Also temporarily disable "Update Now" on clients and re-enable it after the clients have switched to smart scan.
Scan method is a granular setting that can be set on the root, domain, or individual client level. When switching to smart scan, you can:
Create a new client tree domain and assign smart scan as its scan method. Any client you move to this domain will use smart scan.
When you move the client, enable the setting Apply settings of new domain to selected clients.
Select a domain and configure it to use smart scan. Conventional scan clients belonging to the domain will switch to smart scan.
Select one or several conventional scan clients from a domain and then switch them to smart scan.
Any changes to the domain’s scan method overrides the scan method you have configured for individual clients.
See also: