instvsscan
Vulnerability scan checks the presence of security software on host machines and can install the OfficeScan client to unprotected host machines.
There are several ways to run vulnerability scan.
|
Vulnerability Scan Methods |
|
Method |
Details |
|
Manual vulnerability scan |
Administrators can run vulnerability scans on demand. |
|
DHCP scan |
Administrators can run vulnerability scans on host machines requesting IP addresses from a DHCP server. Vulnerability Scanner listens on port 67, which is the DHCP server’s listening port for DHCP requests. If it detects a DHCP request from a host machine, vulnerability scan runs on the machine.
|
|
Scheduled vulnerability scan |
Vulnerability scans automatically run according to the schedule configured by administrators. |
After Vulnerability Scanner runs, it displays the status of the OfficeScan client on the target host machines. The status can be any of the following:
Normal: The OfficeScan client is up and running and is working properly
Abnormal: The OfficeScan client services are not running or the client does not have real-time protection
Not installed: The TMListen service is missing or the OfficeScan client has not been installed
Unreachable: Vulnerability Scanner was unable to establish connection with the host machine and determine the status of the OfficeScan client
To run a manual vulnerability scan:
To run a vulnerability scan on the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
To run vulnerability scan on another computer running Windows XP, Server 2003, Server 2008, Vista, or 7:
On the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility.
Copy the TMVS folder to the other computer.
On the other computer, open the TMVS folder and then double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
You cannot launch the tool from Terminal Server.
Go to the Manual Scan section.
Type the IP address range of the computers you want to check.
Type an IPv4 address range.
Vulnerability Scanner can only query an IPv4 address range if it runs on a pure IPv4 or dual-stack host machine.
Vulnerability Scanner only supports a class B IP address range, for example, 168.212.1.1 to 168.212.254.254.
For an IPv6 address range, type the IPv6 prefix and length.
Vulnerability Scanner can only query an IPv6 address range if it runs on a pure IPv6 or dual-stack host machine.
Click Settings. The Settings screen appears.
Configure the following settings:
Ping settings: Vulnerability Scan can "ping" the IP addresses specified in the previous step to check if they are currently in use. If a target host machine is using an IP address, Vulnerability Scanner can determine the host machine’s operating system. For details, see Ping Settings.
Method for retrieving computer descriptions: For host machines that respond to the "ping" command, Vulnerability Scanner can retrieve additional information about the host machines. For details, see Method for Retrieving Computer Descriptions.
Product query: Vulnerability Scanner can check for the presence of security software on the target host machines. For details, see Product Query.
OfficeScan server settings: Configure these settings if you want Vulnerability Scanner to automatically install the client to unprotected host machines. These settings identify the client’s parent server and the administrative credentials used to log on to the host machines. For details, see OfficeScan Server Settings.
Certain conditions may prevent the installation of the client to the target host machines. For details, see Guidelines When Installing the OfficeScan Client Using Vulnerability Scanner.
Notifications: Vulnerability Scanner can send the vulnerability scan results to OfficeScan administrators. It can also display notifications on unprotected host machines. For details, see Notifications.
Save results: In addition to sending the vulnerability scan results to administrators, Vulnerability Scan can also save the results to a .csv file. For details, see Vulnerability Scan Results.
Click OK. The Settings screen closes.
Click Start. The vulnerability scan results appear in the Results table under the Manual Scan tab.
MAC address information does not display in the Results table if the computer runs Windows Server 2008.
To save the results to a comma-separated value (CSV) file, click Export, locate the folder where you want to save the file, type the file name, and click Save.
To run a DHCP scan:
Configure DHCP settings in the TMVS.ini file found under the following folder: <Server installation folder>\PCCSRV\Admin\Utility\TMVS.
|
DHCP Settings in the TMVS.ini File |
|
Setting |
Description |
|
DhcpThreadNum=x |
Specify the thread number for DHCP mode. The minimum is 3, the maximum is 100. The default value is 3. |
|
DhcpDelayScan=x |
This is the delay time in seconds before checking the requesting computer for installed antivirus software. The minimum is 0 (do not wait) and the maximum is 600. The default value is 60. |
|
LogReport=x |
0 disables logging, 1 enables logging. Vulnerability Scanner sends the results of the scan to the OfficeScan server. Logs display in the System Event Logs screen on the web console. |
|
OsceServer=x |
This is the OfficeScan server's IP address or DNS name. |
|
OsceServerPort=x |
This is the web server port on the OfficeScan server. |
To run a vulnerability scan on the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
To run a vulnerability scan on another computer running Windows XP, Server 2003, Server 2008, Vista, or 7:
On the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility.
Copy the TMVS folder to the other computer.
On the other computer, open the TMVS folder and then double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
You cannot launch the tool from Terminal Server.
Under the Manual Scan section, click Settings. The Settings screen appears.
Configure the following settings:
Product query: Vulnerability Scanner can check for the presence of security software on the target host machines. For details, see Product Query.
OfficeScan server settings: Configure these settings if you want Vulnerability Scanner to automatically install the client to unprotected host machines. These settings identify the client’s parent server and the administrative credentials used to log on to the host machines. For details, see OfficeScan Server Settings.
Certain conditions may prevent the installation of the client to the target host machines. For details, see Guidelines When Installing the OfficeScan Client Using Vulnerability Scanner.
Notifications: Vulnerability Scanner can send the vulnerability scan results to OfficeScan administrators. It can also display notifications on unprotected host machines. For details, see Notifications.
Save results: In addition to sending the vulnerability scan results to administrators, Vulnerability Scan can also save the results to a .csv file. For details, see Vulnerability Scan Results.
Click OK. The Settings screen closes.
In the Results table, click the DHCP Scan tab.
The DHCP Scan tab is not available on computers running Windows Server 2008 and Windows 7.
Click Start. Vulnerability Scanner begins listening for DHCP requests and performing vulnerability checks on computers as they log on to the network.
To save the results to a comma-separated value (CSV) file, click Export, locate the folder where you want to save the file, type the file name, and click Save.
To configure scheduled vulnerability scans:
To run a vulnerability scan on the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
To run a vulnerability scan on another computer running Windows XP, Server 2003, Server 2008, Vista, or 7:
On the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility.
Copy the TMVS folder to the other computer.
On the other computer, open the TMVS folder and then double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears.
You cannot launch the tool from Terminal Server.
Go to the Scheduled Scan section.
Click Add/Edit. The Scheduled Scan screen appears.
Configure the following settings:
Name: Type a name for the scheduled vulnerability scan.
IP address range: Type the IP address range of the computers you want to check.
Type an IPv4 address range.
Vulnerability Scanner can only query an IPv4 address range if it runs on a pure IPv4 or dual-stack host machine that has an available IPv4 address.
Vulnerability Scanner only supports a class B IP address range, for example, 168.212.1.1 to 168.212.254.254.
For an IPv6 address range, type the IPv6 prefix and length.
Vulnerability Scanner can only query an IPv6 address range if it runs on a pure IPv6 or dual-stack host machine that has an available IPv6 address.
Schedule: Specify the start time using the 24-hour clock format and then select how often the scan will run. Choose from daily, weekly, or monthly.
Settings: Select which set of vulnerability scan settings to use.
Select Use current settings if you have configured and want to use manual vulnerability scan settings. For details about manual vulnerability scan settings, see To run a manual vulnerability scan:.
If you did not specify manual vulnerability scan settings or if you want to use another set of settings, select Modify settings and then click Settings. The Settings screen appears.
You can configure the following settings and then click OK:
Ping settings: Vulnerability Scan can "ping" the IP addresses specified in step 4b to check if they are currently in use. If a target host machine is using an IP address, Vulnerability Scanner can determine the host machine’s operating system. For details, see Ping Settings.
Method for retrieving computer descriptions: For host machines that respond to the "ping" command, Vulnerability Scanner can retrieve additional information about the host machines. For details, see Method for Retrieving Computer Descriptions.
Product query: Vulnerability Scanner can check for the presence of security software on the target host machines. For details, see Product Query.
OfficeScan server settings: Configure these settings if you want Vulnerability Scanner to automatically install the client to unprotected host machines. These settings identify the client’s parent server and the administrative credentials used to log on to the host machines. For details, see OfficeScan Server Settings.
Certain conditions may prevent the installation of the client to the target host machines. For details, see Guidelines When Installing the OfficeScan Client Using Vulnerability Scanner.
Notifications: Vulnerability Scanner can send the vulnerability scan results to OfficeScan administrators. It can also display notifications on unprotected host machines. For details, see Notifications.
Save results: In addition to sending the vulnerability scan results to administrators, Vulnerability Scan can also save the results to a .csv file. For details, see Vulnerability Scan Results.
Click OK. The Scheduled Scan screen closes.
The scheduled vulnerability scan you created appears under the Scheduled Scan section. If you enabled notifications, Vulnerability Scanner sends you the scheduled vulnerability scan results.
To execute the scheduled vulnerability scan immediately, click Run Now. The vulnerability scan results appear in the Results table under the Scheduled Scan tab.
MAC address information does not display in the Results table if the computer runs Windows Server 2008.
To save the results to a comma-separated value (CSV) file, click Export, locate the folder where you want to save the file, type the file name, and click Save.
See also: