mansser
Manage the integrated Smart Protection Server by performing the following tasks:
Enabling the integrated server’s File Reputation Services and Web Reputation Services
Recording the integrated server’s addresses
Updating the integrated server’s components
Configuring the integrated server’s Approved/Blocked URL List
For clients to send scan and web reputation queries to the integrated server, File Reputation Services and Web Reputation Services must be enabled. Enabling these services also allows the integrated server to update components from the ActiveUpdate server.
These services are automatically enabled if you chose to install the integrated server during the OfficeScan server installation.
If you disable the services, be sure that you have installed standalone Smart Protection Servers to which clients can send queries.
You will need the integrated server’s addresses when configuring the smart protection source list for internal clients. For details about the list, see Smart Protection Source List.
When clients send scan queries to the integrated server, they identify the server by one of two File Reputation Services addresses - HTTP or HTTPS address. Connection through the HTTPS address allows for a more secure connection while HTTP connection uses less bandwidth.
When clients send web reputation queries, they identify the integrated server by its Web Reputation Services address.
Clients managed by another OfficeScan server can also connect to this integrated server. On the other OfficeScan server’s web console, add the integrated server’s address to the Smart Protection Source list.
The integrated server updates the following components:
Smart Scan Pattern: Clients verify potential threats against the Smart Scan Pattern by sending scan queries to the integrated server.
Web Blocking List: Clients subject to web reputation policies verify a website’s reputation against the Web Blocking List by sending web reputation queries to the integrated server.
You can manually update these components or configure an update schedule. The integrated server downloads the components from the ActiveUpdate server.
A pure IPv6 integrated server cannot update directly from Trend Micro ActiveUpdate Server. A dual-stack proxy server that can convert IP addresses, such as DeleGate, is required to allow the integrated server to connect to the ActiveUpdate server.
Clients maintain their own approved/blocked URL list. Configure the list for clients when you set up web reputation policies (see Web Reputation Policies for details). Any URL in the client’s list will automatically be allowed or blocked.
The integrated server has its own approved/blocked URL list. If a URL is not in the client’s list, the client sends a web reputation query to the integrated server (if the integrated server has been assigned as a smart protection source). If the URL is found in the integrated server’s approved/blocked URL list, the integrated server notifies the client to allow or block the URL.
The blocked URL list has a higher priority than the Web Blocking List.
To add URLs to the integrated server’s approved/blocked list, import a list from a standalone Smart Protection Server. It is not possible to add URLs manually.
To manage settings for the integrated Smart Protection Server:
Smart Protection > Integrated Server
Select Enable File Reputation Services.
Select the protocol (HTTP or HTTPS) that clients will use when sending scan queries to the integrated server.
Select Enable Web Reputation Services.
Record the integrated server’s addresses found under the Server Address column.
To update the integrated server’s components:
View the current versions of the Smart Scan Pattern and Web Blocking List. If an update is available, click Update Now. The update result displays on top of the screen.
To update the pattern automatically:
Select Enable scheduled updates.
Choose whether to update hourly or every 15 minutes.
Select an update source under File Reputation Services. The Smart Scan Pattern will be updated from this source.
Select an update source under Web Reputation Services. The Web Blocking List will be updated from this source.
If you choose the ActiveUpdate server as the update source, ensure that the server has Internet connection and, if you are using a proxy server, test if Internet connection can be established using the proxy settings. See Proxy for OfficeScan Server Updates for details.
If you choose a custom update source, set up the appropriate environment and update resources for this update source. Also ensure that there is a functional connection between the server computer and this update source. If you need assistance setting up an update source, contact your support provider.
To configure the integrated server’s Approved/Blocked List:
Click Import to populate the list with URLs from a pre-formatted .csv file. You can obtain the .csv file from a standalone Smart Protection Server.
If you have an existing list, click Export to save the list to a .csv file.
Click Save.
See also: