instvsgen
Vulnerability scan settings are configured from Trend Micro Vulnerability Scanner (TMVS.exe) or from the TMVS.ini file.
See Server Debug Logs Using LogServer.exe for information on how to collect debug logs for Vulnerability Scanner.
Vulnerability Scanner can check for the presence of security software on endpoints. The following table discusses how Vulnerability Scanner checks security products:
|
Security Products Checked by Vulnerability Scanner |
|
Product |
Description |
|
ServerProtect for Windows |
Vulnerability Scanner uses RPC endpoint to check if SPNTSVC.exe is running. It returns information including operating system, and Virus Scan Engine, Virus Pattern and product versions. Vulnerability Scanner cannot detect the ServerProtect Information Server or the ServerProtect Management Console. |
|
ServerProtect for Linux |
If the target computer does not run Windows, Vulnerability Scanner checks if it has ServerProtect for Linux installed by trying to connect to port 14942. |
|
OfficeScan client |
Vulnerability Scanner uses the OfficeScan client port to check if the OfficeScan client is installed. It also checks if the TmListen.exe process is running. It retrieves the port number automatically if executed from its default location. If you launched TMVS on a computer other than the OfficeScan server, check and then use the other computer's communication port. |
|
PortalProtect™ |
Vulnerability Scanner loads the web page http://localhost:port/PortalProtect/index.html to check for product installation. |
|
ScanMail™ for Microsoft Exchange™ |
Vulnerability Scanner loads the web page http://ipaddress:port/scanmail.html to check for ScanMail installation. By default, ScanMail uses port 16372. If ScanMail uses a different port number, specify the port number. Otherwise, Vulnerability Scanner cannot detect ScanMail. |
|
InterScan™ family |
Vulnerability Scanner loads each web page for different products to check for product installation.
|
|
Trend Micro Internet Security™ (PC-cillin) |
Vulnerability Scanner uses port 40116 to check if Trend Micro Internet Security is installed. |
|
McAfee VirusScan ePolicy Orchestrator |
Vulnerability Scanner sends a special token to TCP port 8081, the default port of ePolicy Orchestrator for providing connection between the server and client. The computer with this antivirus product replies using a special token type. Vulnerability Scanner cannot detect the standalone McAfee VirusScan. |
|
Norton Antivirus™ Corporate Edition |
Vulnerability Scanner sends a special token to UDP port 2967, the default port of Norton Antivirus Corporate Edition RTVScan. The computer with this antivirus product replies using a special token type. Since Norton Antivirus Corporate Edition communicates by UDP, the accuracy rate is not guaranteed. Furthermore, network traffic may influence UDP waiting time. |
Vulnerability Scanner detects products and computers using the following protocols:
RPC: Detects ServerProtect for NT
UDP: Detects Norton AntiVirus Corporate Edition clients
TCP: Detects McAfee VirusScan ePolicy Orchestrator
ICMP: Detects computers by sending ICMP packets
HTTP: Detects OfficeScan clients
DHCP: If it detects a DHCP request, Vulnerability Scanner checks if antivirus software has already been installed on the requesting computer.
Perform the following steps to configure product query settings:
To specify product query settings from Vulnerability Scanner (TMVS.exe):
Product query settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the Product query section.
Select the products to check.
Click Settings next to a product name and then specify the port number that Vulnerability Scanner will check.
Click OK. The Settings screen closes.
To set the number of computers that Vulnerability Scanner simultaneously checks for security software:
Navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and open TMVS.ini using a text editor such as Notepad.
To set the number of computers checked during manual vulnerability scans, change the value for ThreadNumManual. Specify a value between 8 and 64.
For example, type ThreadNumManual=60 if you want Vulnerability Scanner to check 60 computers at the same time.
To set the number of computers checked during scheduled vulnerability scans, change the value for ThreadNumSchedule. Specify a value between 8 and 64.
For example, type ThreadNumSchedule=50 if you want Vulnerability Scanner to check 50 computers at the same time.
Save TMVS.ini.
When Vulnerability Scanner is able to "ping" host machines, it can retrieve additional information about the host machines. There are two methods for retrieving information:
Quick retrieval: Retrieves only the computer name
Normal retrieval: Retrieves both domain and computer information
Perform the following steps to configure retrieval settings:
Retrieval settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the Method for retrieving computer descriptions section.
Select Normal or Quick.
If you selected Normal, select Retrieve computer descriptions, if available.
Click OK. The Settings screen closes.
Vulnerability Scanner can send the vulnerability scan results to OfficeScan administrators. It can also display notifications on unprotected host machines.
Perform the following steps to configure notification settings:
Notification settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the Notifications section.
To automatically send the Vulnerability Scan results to yourself or to other administrators in your organization:
Select Email results to the system administrator.
Click Configure to specify email settings.
In To, type the email address of the recipient.
In From, type the email address of the sender.
In SMTP server, type the SMTP server address. For example, type smtp.company.com. The SMTP server information is required.
In Subject, type a new subject for the message or accept the default subject.
Click OK.
To inform users that their computers do not have security software installed:
Select Display a notification on unprotected computers.
Click Customize to configure the notification message.
In the Notification Message screen, type a new message or accept the default message.
Click OK.
Click OK. The Settings screen closes.
You can configure Vulnerability Scanner to save the vulnerability scan results to a comma-separated value (CSV) file.
Perform the following steps to configure vulnerability scan results settings:
Vulnerability scan results settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the Save results section.
Select Automatically save the results to a CSV file.
To change the default folder for saving the CSV file:
Click Browse.
Select a target folder on the computer or on the network.
Click OK.
Click OK. The Settings screen closes.
Use "ping" settings to validate the existence of a target machine and determine its operating system. If these settings are disabled, Vulnerability Scanner scans all the IP addresses in the specified IP address range – even those that are not used on any host machine – thereby making the scanning attempt longer than it should be.
Perform the following steps to configure ping settings:
To specify ping settings from Vulnerability Scanner (TMVS.exe):
Ping settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the Ping settings section.
Select Allow Vulnerability Scanner to ping computers on your network to check their status.
In the Packet size and Timeout fields, accept or modify the default values.
Select Detect the type of operating system using ICMP OS fingerprinting. If you select this option, Vulnerability Scanner determines if a host machine runs Windows or another operating system. For host machines running Windows, Vulnerability Scanner can identify the version of Windows.
Click OK. The Settings screen closes.
To set the number of computers that Vulnerability Scanner simultaneously pings:
Navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and open TMVS.ini using a text editor such as Notepad.
Change the value for EchoNum. Specify a value between 1 and 64.
For example, type EchoNum=60 if you want Vulnerability Scanner to ping 60 computers at the same time.
Save TMVS.ini.
OfficeScan server settings are used when:
Vulnerability Scanner installs the OfficeScan client to unprotected target machines. Server settings allow Vulnerability Scanner to identify the client’s parent server and the administrative credentials to use when logging on to the target machines.
Certain conditions may prevent the installation of the client to the target host machines. For details, see Guidelines When Installing the OfficeScan Client Using Vulnerability Scanner.
Vulnerability Scanner sends client installation logs to the OfficeScan server.
Perform the following steps to configure OfficeScan server settings:
OfficeScan server settings are a subset of vulnerability scan settings. For details about vulnerability scan settings, see Running Vulnerability Scans.
Launch TMVS.exe.
Click Settings. The Settings screen appears.
Go to the OfficeScan server settings section.
Type the OfficeScan server name and port number.
Select Auto-install OfficeScan client on unprotected computers.
To configure the administrative credentials:
Click Install to Account.
In the Account Information screen, type a user name and password.
Click OK.
Select Send logs to the OfficeScan server.
Click OK. The Settings screen closes.
See also: