osmgmt
Security Compliance can query unmanaged endpoints in the network to which the OfficeScan server belongs. Use Active Directory and IP addresses to query endpoints.
The security status of unmanaged endpoints can be any of the following:
Status |
Description |
Managed by another OfficeScan server |
The OfficeScan clients installed on the computers are managed by another OfficeScan server. Clients are online and run either this OfficeScan version or an earlier version. |
No OfficeScan client installed |
The OfficeScan client is not installed on the computer. |
Unreachable |
The OfficeScan server cannot connect to the computer and determine its security status. |
Unresolved Active Directory Assessment |
The computer belongs to an Active Directory domain but the OfficeScan server is unable to determine its security status.
|
To run a security assessment, perform the following tasks:
Define the query scope. For details, see Active Directory/IP Address Scope and Query.
Check unprotected computers from the query result. For details, see Query Result.
Install the OfficeScan client. For details, see Installing with Security Compliance.
Configure scheduled queries. For details, see Scheduled Query.
When querying for the first time, define the Active Directory/IP address scope, which includes Active Directory objects and IP addresses that the OfficeScan server will query on demand or periodically. After defining the scope, start the query process.
To define an Active Directory scope, OfficeScan must first be integrated with Active Directory. For details about the integration, see Active Directory Integration.
To configure the scope and start the query process:
Security Compliance > Outside Server Management
On the Active Directory/IP Address Scope section, click Define. A new screen opens.
To define an Active Directory scope:
Go to the Active Directory Scope section.
Select Use on-demand assessment to perform real-time queries and get more accurate results. Disabling this option causes OfficeScan to query the database instead of each client. Querying only the database can be quicker but is less accurate.
Select the objects to query. If querying for the first time, select an object with less than 1,000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.
To define an IP address scope:
Go to the IP Address Scope section.
Select Enable IP Address Scope.
Specify an IP address range. Click the plus () or minus () button to add or delete IP address ranges.
For a pure IPv4 OfficeScan server, type an IPv4 address range.
For a pure IPv6 OfficeScan server, type an IPv6 prefix and length.
For a dual-stack OfficeScan server, type an IPv4 address range and/or IPv6 prefix and length.
The IPv6 address range limit is 16 bits, which is similar to the limit for IPv4 address ranges. The prefix length should therefore be between 112 and 128.
Length |
Number of IPv6 Addresses |
128 |
2 |
124 |
16 |
120 |
256 |
116 |
4,096 |
112 |
65,536 |
Under Advanced Setting, specify ports used by OfficeScan servers to communicate with clients. Setup randomly generates the port number during OfficeScan server installation.
To view the communication port used by the OfficeScan server, go to Networked Computers > Client Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.
Click Specify ports.
Type the port number and click Add. Repeat this step until you have all the port numbers you want to add.
Click Save.
To check a computer’s connectivity using a particular port number, select Declare a computer unreachable by checking port <x>. When connection is not established, OfficeScan immediately treats the computer as unreachable. The default port number is 135.
Enabling this setting speeds up the query. When connection to a computer cannot be established, the OfficeScan server no longer needs to perform all the other connection verification tasks before treating a computer as unreachable.
To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only.
The Outside Server Management screen displays the result of the query.
The query may take a long time to complete, especially if the query scope is broad. Do not perform another query until the Outside Server Management screen displays the result. Otherwise, the current query session terminates and the query process restarts.
The query result appears under the Security Status section. An unmanaged endpoint will have one of the following statuses:
Managed by another OfficeScan server
No OfficeScan client installed
Unreachable
Unresolved Active Directory assessment
Recommended tasks:
On the Security Status section, click a number link to display all affected computers.
Use the search and advanced search functions to search and display only the computers that meet the search criteria.
If you use the advanced search function, specify the following items:
IPv4 address range
IPv6 prefix and length (prefix should be between 112 and 128)
Computer name
OfficeScan server name
Active Directory tree
Security status
OfficeScan will not return a result if the name is incomplete. Use the wildcard character (*) if unsure of the complete name.
To save the list of computers to a file, click Export.
For clients managed by another OfficeScan server, use the Client Mover tool to have these clients managed by the current OfficeScan server. For more information about this tool, see Client Mover.
Configure the OfficeScan server to periodically query the Active Directory and IP addresses to ensure that security guidelines are implemented.
To configure scheduled assessments for outside server management:
Security Compliance > Outside Server Management
Click Settings on top of the client tree.
Enable scheduled query.
Specify the schedule.
Click Save.
See also: