Creating a Customized Expression

Collapse All Expand All

Preface
- OfficeScan Documentation
- Audience
- Document Conventions
- Terminology
Introducing OfficeScan
- About OfficeScan
- New in this Release
- Key Features and Benefits
- The OfficeScan Server
- The OfficeScan Client
- Integration with Trend Micro Products and Services
Getting Started with OfficeScan
- The Web Console
- The Summary Dashboard
  - Product License Status Section
  - Tabs and Widgets
- Active Directory Integration
  - Integrating Active Directory with OfficeScan
  - Synchronizing Data with Active Directory Domains
    - Manually Synchronizing Data with Active Directory Domains
    - Automatically Synchronizing Data with Active Directory Domains
- The OfficeScan Client Tree
  - Client Tree General Tasks
    - Advanced Search Options
  - Client Tree Specific Tasks
- OfficeScan Domains
  - Client Grouping
Using Trend Micro Smart Protection
- About Trend Micro Smart Protection
  - The Need for a New Solution
- Smart Protection Services
- Smart Protection Sources
- Smart Protection Pattern Files
- Setting Up Smart Protection Services
- Using Smart Protection Services
Installing the OfficeScan Client
- OfficeScan Client Fresh Installations
- Installation Considerations
  - OfficeScan Client Features
  - OfficeScan Client Installation and IPv6 Support
- Deployment Considerations
- Migrating to the OfficeScan Client
  - Migrating from Other Endpoint Security Software
    - OfficeScan Client Migration Issues
  - Migrating from ServerProtect Normal Servers
    - Using the ServerProtect Normal Server Migration Tool
- Post-installation
- OfficeScan Client Uninstallation
Keeping Protection Up-to-Date
- OfficeScan Components and Programs
- Update Overview
  - OfficeScan Server and OfficeScan Client Update
  - Smart Protection Source Update
- OfficeScan Server Updates
- Integrated Smart Protection Server Updates
- OfficeScan Client Updates
- Update Agents
- Component Update Summary
  - Update Status for OfficeScan Clients
  - Components
Scanning for Security Risks
- About Security Risks
  - Viruses and Malware
  - Spyware and Grayware
- Scan Methods
- Scan Types
- Settings Common to All Scan Types
- Scan Privileges and Other Settings
- Global Scan Settings
- Security Risk Notifications
- Security Risk Logs
- Security Risk Outbreaks
Using Behavior Monitoring
- Behavior Monitoring
- Behavior Monitoring Privileges
  - Granting Behavior Monitoring Privileges
- Behavior Monitoring Notifications for OfficeScan Client Users
  - Enabling the Sending of Notification Messages
  - Modifying the Content of the Notification Message
- Behavior Monitoring Logs
  - Viewing Behavior Monitoring Logs
  - Configuring the Behavior Monitoring Log Sending Schedule
Using Device Control
- Device Control
  - Permissions for Storage Devices
    - Advanced Permissions for Storage Devices
      - Specifying a Digital Signature Provider
      - Specifying a Program Path and Name
  - Permissions for Non-storage Devices
    - Managing Access to External Devices (Data Protection Activated)
- Modifying Device Control Notifications
- Device Control Logs
  - Viewing Device Control Logs
Managing Data Protection and Using Data Loss Prevention
- Data Protection Installation
  - Installing Data Protection
- Data Protection License
  - Activating or Renewing the Data Protection License
  - Viewing the Data Protection License Information
- Deployment of Data Protection to Clients
  - Deploying the Data Protection Module to Clients
- About Data Loss Prevention
- Data Loss Prevention Policies
- Data Loss Prevention Notifications
  - Data Loss Prevention Notifications for Administrators
    - Configuring Data Loss Prevention Notification for Administrators
  - Data Loss Prevention Notifications for Client Users
    - Configuring Data Loss Prevention Notification for Clients
- Data Loss Prevention Logs
  - Viewing Data Loss Prevention Logs
    - Processes by Channel
    - Descriptions
  - Data Protection Debug Logs
    - Enabling Debug Logging for the Data Protection Module
- Uninstalling Data Protection
  - Uninstalling Data Protection from Plug-In Manager
Protecting Computers from Web-based Threats
- About Web Threats
- Web Reputation
- Web Reputation Policies
  - Configuring a Web Reputation Policy
- Proxy for Web Reputation
- Web Threat Notifications for Client Users
  - Enabling the Web Threat Notification Message
  - Modifying the Web Threat Notification Message
- Web Reputation Logs
  - Viewing Web Reputation Logs
Using the OfficeScan Firewall
- About the OfficeScan Firewall
- Enabling or Disabling the OfficeScan Firewall
  - Enabling or Disabling the OfficeScan Firewall on Selected Computers
  - Enabling or Disabling the OfficeScan Firewall on All Computers
- Firewall Policies and Profiles
  - Firewall Policies
  - Firewall Profiles
    - Configuring the Firewall Profile List
    - Adding and Editing a Firewall Profile
      - Adding a Firewall Profile
      - Modifying a Firewall Profile
- Firewall Privileges
  - Granting Firewall Privileges
- Global Firewall Settings
  - Configuring Global Firewall Settings
- Firewall Violation Notifications for OfficeScan Client Users
  - Granting Users the Privilege to Enable/Disable the Notification Message
  - Modifying the Content of the Firewall Notification Message
- Firewall Logs
  - Viewing Firewall Logs
- Firewall Violation Outbreaks
  - Configuring the Firewall Violation Outbreak Criteria and Notifications
- Testing the OfficeScan Firewall
Managing the OfficeScan Server
- Role-based Administration
- Trend Micro Control Manager
- Reference Servers
  - Managing the Reference Server List
- Administrator Notification Settings
  - Configuring Administrator Notification Settings
- System Event Logs
  - Viewing System Event Logs
- Log Management
  - Log Maintenance
    - Deleting Logs Based on a Schedule
    - Manually Deleting Logs
- Licenses
  - Viewing Product License Information
  - Activating or Renewing a License
- OfficeScan Database Backup
  - Backing up the OfficeScan Database
  - Restoring the Database Backup Files
- OfficeScan Web Server Information
  - Configuring Connection Settings
- Web Console Password
- Web Console Settings
  - Configuring Web Console Settings
- Quarantine Manager
  - Configuring Quarantine Directory Settings
- Server Tuner
  - Running Server Tuner
- Smart Feedback
  - Participating in the Smart Feedback Program
Managing the OfficeScan Client
- Computer Location
- OfficeScan Client Program Management
- Client-Server Connection
- OfficeScan Client Proxy Settings
- Viewing OfficeScan Client Information
- Importing and Exporting Client Settings
  - Exporting Client Settings
  - Importing Client Settings
- Security Compliance
- Trend Micro Virtual Desktop Support
- Global Client Settings
- Configuring Client Privileges and Other Settings
Using Plug-In Manager
- About Plug-In Manager
  - Client-side Agents and Client Plug-in Manager
  - Widgets
- Plug-In Manager Installation
  - Performing Post-installation Tasks
- Native OfficeScan Feature Management
- Managing Plug-in Programs
- Uninstalling Plug-In Manager
- Troubleshooting Plug-In Manager
Using Policy Server for Cisco NAC
- About Policy Server for Cisco NAC
- Components and Terms
  - Components
  - Terms
- Cisco NAC Architecture
- The Client Validation Sequence
- The Policy Server
- Policy Server System Requirements
- Cisco Trust Agent (CTA) Requirements
- Supported Platforms and Requirements
- Policy Server for NAC Deployment
Configuring OfficeScan with Third-party Software
- Overview of Check Point Architecture and Configuration
  - OfficeScan Integration
- Configuring the Secure Configuration Verification File for OfficeScan
- SecureClient Support Installation
  - Granting Users the Privilege to View the Toolbox Tab
  - Installing SecureClient Support
Getting Help
- Troubleshooting Resources
- Contacting Technical Support
IPv6 Support in OfficeScan
- IPv6 Support for OfficeScan Server and Clients
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Windows Server Core 2008 Support
- Windows Server Core 2008 Support
- Installation Methods for Windows Server Core
  - Installing the OfficeScan Client Using Login Script Setup
  - Installing the OfficeScan Client Using an OfficeScan Client Package
- OfficeScan Client Features on Windows Server Core
- Windows Server Core Commands
Glossary
- ActiveUpdate
- Compressed File
- Cookie
- Denial of Service Attack
- DHCP
- DNS
- Domain Name
- Dynamic IP Address
- ESMTP
- End User License Agreement
- False Positive
- FTP
- GeneriClean
- Hot Fix
- HTTP
- HTTPS
- ICMP
- IntelliScan
- IntelliTrap
- IP
- Java File
- LDAP
- Listening Port
- MCP Agent
- Mixed Threat Attack
- NAT
- NetBIOS
- One-way Communication
- Patch
- Phish Attack
- Ping
- POP3
- Proxy Server
- RPC
- Security Patch
- Service Pack
- SMTP
- SNMP
- SNMP Trap
- SOCKS 4
- SSL
- SSL Certificate
- TCP
- Telnet
- Trojan Port
- Trusted Port
  - Determining the Trusted Ports
- Two-way Communication
- UDP
- Uncleanable File
  - Files Infected with Trojans

Access Control Server (ACS) [1]
ACS certificate [1]
action on monitored system events [1]
actions
- Data Loss Prevention [1]
ActiveAction [1]
Active Directory [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]
- client grouping [1]
- credentials [1]
- custom client groups [1]
- duplicate structure [1]
- integration [1]
- outside server management [1]
- role-based administration [1]
- scope and query [1]
- synchronization [1] [2]
ActiveSync [1]
ActiveX malicious code [1]
Additional Service Settings [1] [2]
advanced permissions
- configuring [1]
- storage devices [1] [2]
application filtering [1]
approved list [1]
approved programs list [1]
assessment mode [1]
Authentication, Authorization, and Accounting (AAA) [1]
automatic client grouping [1] [2]
AutoPcc.exe [1] [2] [3] [4] [5]
Behavior Monitoring [1]
- action on system events [1]
- exception list [1]
- logs [1]
Behavior Monitoring Configuration Pattern [1]
Behavior Monitoring Core Service [1]
Behavior Monitoring Detection Pattern [1]
Behavior Monitoring Driver [1]
blocked programs list [1]
boot sector virus [1]
CA certificate [1] [2]
cache settings for scans [1]
Case Diagnostic Tool [1]
Certificate Authority (CA) [1]
certificates [1]
- CA [1]
- SSL [1] [2] [3]
Certified Safe Software List [1]
Certified Safe Software Service [1]
Check Point SecureClient [1]
Cisco NAC
- architecture [1]
- components and terms [1]
- policy server deployment [1]
Cisco Trust Agent [1] [2]
client console
- access restriction [1]
client disk image [1] [2]
client grouping [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]
- Active Directory [1] [2]
- adding a domain [1]
- automatic [1] [2]
- custom groups [1]
- deleting a domain or client [1]
- DNS [1]
- IP addresses [1]
- manual [1] [2]
- methods [1]
- moving a client [1]
- NetBIOS [1]
- renaming a domain [1]
- sorting clients [1]
- tasks [1]
client installation [1] [2]
- browser-based [1]
- Client Packager [1]
- from the web console [1]
- from the web install page [1]
- Login Script Setup [1]
- post-installation [1]
- system requirements [1]
- using client disk image [1]
- using Security Compliance [1]
- using Vulnerability Scanner [1]
client logs
- ActiveUpdate logs [1]
- client connection logs [1]
- client update logs [1]
- Damage Cleanup Services logs [1]
- Data Protection debug logs [1] [2]
- debug logs [1]
- fresh installation logs [1]
- Mail Scan logs [1]
- OfficeScan firewall debug logs [1]
- Outbreak Prevention debug logs [1]
- TDI debug logs [1]
- upgrade/hot fix logs [1]
- web reputation debug logs [1]
client mover [1]
Client Packager [1] [2] [3] [4] [5]
- deployment [1]
- settings [1]
clients [1] [2] [3] [4] [5] [6] [7]
- connection [1]
- deleting [1]
- features [1]
- grouping [1]
- installation [1]
- locations [1]
- moving [1]
- proxy settings [1]
- sorting [1]
client security level [1]
client self-protection [1]
client tree [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
- about [1]
- advanced search [1] [2]
- filters [1]
- general tasks [1]
- specific tasks [1] [2] [3] [4] [5] [6] [7]
  - Cisco NAC agent deployment [1]
  - client management [1]
  - manual component updates [1]
  - outbreak prevention [1]
  - rollback component updates [1]
  - security risk logs [1]
- views [1]
client uninstallation [1]
client update
- automatic [1]
- customized source [1]
- event-triggered [1]
- from the ActiveUpdate server [1]
- manual [1]
- privileges [1]
- scheduled update [1] [2]
- scheduled update with NAT [1]
- standard source [1]
client upgrade
- disable [1]
client validation [1]
COM file infector [1]
Common Firewall Driver [1] [2] [3] [4]
Common Firewall Pattern [1]
Compliance Report [1]
component duplication [1] [2]
components [1] [2] [3]
- on the client [1]
- on the OfficeScan server [1]
- on the Update Agent [1]
- update privileges and settings [1]
- update summary [1]
compressed files [1] [2] [3]
condition statements [1]
Conflicted ARP [1]
connection verification [1]
contacting [1] [2] [3] [4] [5] [6] [7] [8]
- documentation feedback [1]
- Knowledge Base [1]
- sending suspicious files [1]
- technical support [1]
- Trend Micro [1] [2] [3] [4] [5]
continuity of protection [1]
Control Manager
- integration with OfficeScan [1]
- MCP Agent logs [1]
conventional scan [1] [2]
- switching to smart scan [1]
cookie scanning [1]
CPU usage [1]
criteria
- customized expressions [1]
- keywords [1]
custom client groups [1] [2]
customized expressions [1] [2] [3]
- criteria [1]
- importing [1]
customized keywords [1]
- criteria [1]
- importing [1]
customized templates [1]
- creating [1]
- importing [1]
Damage Cleanup Services [1] [2]
dashboards
- Summary [1] [2] [3] [4]
database backup [1]
database scanning [1]
data identifiers [1]
- expressions [1]
- file attributes [1]
- keywords [1]
Data Loss Prevention [1] [2] [3] [4]
- actions [1]
- channels [1]
- data identifiers [1]
- expressions [1] [2] [3] [4] [5] [6]
- file attributes [1] [2] [3]
- keywords [1] [2] [3] [4] [5] [6] [7]
- network channels [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
- policies [1]
- policy [1]
- system and application channels [1] [2] [3] [4] [5] [6] [7]
- templates [1] [2] [3] [4] [5] [6]
Data Loss Prevention:decompression rules;decompression rules;compressed files:decompression rules [1]
Data Loss Prevention:system and application channels;system and application channels;system and application channels:PGP encryption [1]
Data Protection
- deployment [1]
- installation [1]
- license [1]
- status [1]
- uninstallation [1]
debug logs
- clients [1]
- server [1]
device control [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
- advanced permissions [1]
  - configuring [1]
- approved list [1]
- Digital Signature Provider [1]
- external devices [1] [2]
- managing access [1] [2]
- non-storage devices [1]
- permissions [1] [2] [3] [4] [5]
  - program path and name [1]
- requirements [1]
- storage devices [1] [2] [3]
- USB devices [1]
- wildcards [1]
Device Control [1]
- logs [1] [2]
- notifications [1]
device control;device control list;device control list:adding programs [1]
Device List Tool [1]
DHCP settings [1]
Digital Asset Control
- widgets [1] [2]
digital certificates [1]
digital signature cache [1]
Digital Signature Pattern [1] [2]
Digital Signature Provider [1]
- specifying [1]
documentation [1]
documentation feedback [1]
domains [1] [2] [3] [4] [5]
- adding [1]
- client grouping [1]
- deleting [1]
- renaming [1]
DSP [1]
EICAR test script [1] [2]
email domains [1]
encrypted files [1]
End User License Agreement (EULA) [1]
evaluation version [1]
Event Monitoring [1]
exception list [1]
- Behavior Monitoring [1]
EXE file infector [1]
export settings [1]
expressions [1] [2]
- customized [1] [2]
  - criteria [1]
- predefined [1] [2]
external device protection [1]
external devices
- managing access [1] [2]
FakeAV [1]
file attributes [1] [2] [3] [4]
- creating [1]
- importing [1]
- wildcards [1]
file reputation [1] [2]
firewall [1] [2]
- benefits [1]
- default policy exceptions [1]
- disabling [1]
- outbreak monitor [1]
- policies [1]
- policy exceptions [1]
- privileges [1] [2] [3]
- profiles [1] [2]
- tasks [1]
- testing [1]
firewall log count [1]
Fragmented IGMP [1]
FTP [1]
gateway IP address [1]
gateway settings importer [1]
hot fixes [1] [2]
HTML virus [1]
HTTP and HTTPS [1]
IDS [1]
IM applications [1]
import settings [1]
inactive clients [1]
incremental pattern [1]
installation [1]
- client [1]
- Data Protection [1]
- Plug-in Manager [1]
- plug-in program [1]
- Policy Server [1]
- Security Compliance [1]
integrated server [1]
integrated Smart Protection Server [1]
- ptngrowth.ini [1]
- update [1] [2]
  - components [1]
- Web Blocking List [1]
IntelliScan [1]
IntelliTrap Exception Pattern [1]
IntelliTrap Pattern [1]
intranet [1]
Intrusion Detection System [1]
IPv6 [1]
- support [1]
IPv6 support [1]
- displaying IPv6 addresses [1]
- limitations [1] [2]
IpXfer.exe [1]
Java malicious code [1]
JavaScript virus [1]
joke program [1]
keywords [1] [2]
- customized [1] [2] [3]
- predefined [1] [2] [3]
Knowledge Base [1]
LAND Attack [1]
licenses [1]
- Data Protection [1]
- status [1]
location awareness [1]
locations [1]
- awareness [1]
logical operators [1]
Login Script Setup [1] [2] [3] [4] [5]
logs [1]
- about [1]
- Behavior Monitoring [1]
- client update logs [1]
- connection verification logs [1]
- Device Control logs [1]
- firewall logs [1] [2] [3]
- scan logs [1]
- security risk logs [1]
- spyware/grayware logs [1]
- spyware/grayware restore logs [1]
- system event logs [1]
- virus/malware logs [1] [2]
- web reputation logs [1]
LogServer.exe [1] [2]
MAC address [1]
macro virus [1]
mail scan [1] [2] [3]
Malware Behavior Blocking [1]
manual client grouping [1] [2]
Manual Scan [1]
- shortcut [1]
Microsoft Exchange Server scanning [1]
Microsoft SMS [1] [2]
migration
- from ServerProtect Normal Servers [1]
- from third-party security software [1]
monitored email domains [1]
monitored system events [1]
monitored targets [1] [2]
MSI package [1] [2] [3] [4]
NetBIOS [1]
Network Access Device [1]
network channels [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
- email clients [1]
- FTP [1]
- HTTP and HTTPS [1]
- IM applications [1]
- monitored targets [1] [2]
- non-monitored targets [1] [2]
- SMB protocol [1]
- transmission scope [1]
  - all transmissions [1]
  - conflicts [1]
  - external transmissions [1]
- transmission scope and targets [1]
- webmail [1]
network virus [1] [2]
Network VirusWall Enforcer [1]
new features [1]
non-monitored email domains [1]
non-monitored targets [1] [2]
non-storage devices
- permissions [1]
notifications
- client update [1]
- computer restart [1]
- Device Control [1]
- firewall violations [1]
- for administrators [1] [2]
- for client users [1] [2]
- outbreaks [1] [2]
- outdated Virus Pattern [1]
- spyware/grayware detection [1]
- virus/malware detection [1] [2]
- web threat detection [1]
OfficeScan
- about [1]
- client [1]
- client services [1]
- components [1] [2]
- component update [1]
- database backup [1]
- database scanning [1]
- documentation [1]
- key features and benefits [1]
- licenses [1]
- logs [1]
- programs [1]
- SecureClient integration [1]
- terminology [1]
- web console [1]
- web server [1]
OfficeScan client
- connection with OfficeScan server [1] [2]
- connection with Smart Protection Server [1] [2]
- detailed client information [1]
- files [1]
- import and export settings [1]
- inactive clients [1]
- installation methods [1]
- processes [1]
- registry keys [1]
- reserved disk space [1]
- uninstallation [1]
OfficeScan server [1]
- functions [1]
OfficeScan update [1]
on-demand scan cache [1]
outbreak criteria [1] [2]
outbreak prevention [1]
- disabling [1]
- policies [1]
outbreak prevention policy
- block ports [1]
- deny write access [1]
- limit/deny access to shared folders [1]
outside server management [1] [2]
- logs [1]
- query results [1]
- scheduled query [1]
Overlapping Fragment [1]
packer [1]
password [1]
patches [1]
pattern files
- smart protection [1]
- Smart Scan Agent Pattern [1]
- Smart Scan Pattern [1]
- Web Blocking List [1]
PCRE [1]
performance control [1]
Performance Tuning Tool [1]
Perle Compatible Regular Expressions [1]
permissions
- advanced [1]
- non-storage devices [1]
- program path and name [1]
- storage devices [1]
phishing [1]
Ping of Death [1]
Plug-in Manager [1] [2] [3]
- installation [1]
- managing native OfficeScan features [1]
- troubleshooting [1]
- uninstallation [1]
plug-in program
- installation [1]
policies
- Data Loss Prevention [1]
- firewall [1] [2]
- web reputation [1]
policy [1]
Policy Enforcement Pattern [1]
Policy Server for Cisco NAC [1]
- CA certificate [1]
- certificates [1]
- client validation process [1]
- default policies [1]
- default rules [1] [2]
- deployment overview [1]
- policies [1]
- policies and rules [1]
- policy composition [1]
- Policy Server installation [1]
- rule composition [1]
- rules [1]
- SSL certificate [1]
- synchronization [1] [2]
- system requirements [1]
port blocking [1]
posture token [1]
predefined expressions [1]
- viewing [1]
predefined keywords
- distance [1]
- number of keywords [1]
predefined tabs [1]
predefined templates [1]
predefined widgets [1]
pre-installation tasks [1] [2] [3]
privileges
- firewall privileges [1] [2]
- mail scan privileges [1]
- proxy configuration privileges [1]
- roaming privilege [1]
- scan privileges [1]
- Scheduled Scan privileges [1]
- unload privilege [1]
probable virus/malware [1] [2]
programs [1] [2]
proxy settings [1]
- automatic proxy settings [1]
- clients [1]
- for external connection [1]
- for internal connection [1]
- for server component update [1]
- for web reputation [1]
- privileges [1]
ptngrowth.ini [1] [2]
quarantine directory [1] [2]
quarantine manager [1]
Real-time Scan [1]
Real-time Scan service [1]
reference server [1]
Remote Authentication Dial-In User Service (RADIUS) [1]
remote installation [1]
roaming clients [1]
role-based administration [1] [2]
- user accounts [1]
- user roles [1]
rootkit detection [1]
scan actions [1]
- spyware/grayware [1]
- virus/malware [1]
scan cache [1]
scan criteria
- CPU usage [1]
- file compression [1]
- files to scan [1]
- schedule [1]
- user activity on files [1]
scan exclusions [1] [2]
- directories [1]
- file extensions [1]
- files [1]
scan method [1]
- default [1]
Scan Now [1]
scan privileges [1]
scan types [1] [2]
scheduled assessments [1]
Scheduled Scan [1]
- postpone [1]
- reminder [1]
- resume [1]
- skip and stop [1] [2]
- stop automatically [1]
SCV Editor [1]
SecureClient [1] [2]
- integrating with OfficeScan [1]
- Policy Servers [1]
- SCV Editor [1]
Secure Configuration Verification [1]
Security Compliance [1]
- components [1]
- enforcing [1]
- enforcing update [1]
- installation [1]
- logs [1]
- outside server management [1] [2]
- scan [1]
- scheduled assessments [1]
- services [1]
- settings [1]
Security Information Center [1]
security patches [1]
security posture [1]
security risks [1] [2] [3] [4] [5] [6] [7] [8] [9]
- phish attacks [1]
- protection from [1]
- spyware/grayware [1] [2] [3] [4] [5] [6] [7] [8]
server logs
- Active Directory logs [1]
- Apache server logs [1]
- client grouping logs [1]
- Client Packager logs [1]
- component update logs [1]
- Control Manager MCP Agent logs [1]
- debug logs [1]
- Device Control logs [1]
- local installation/upgrade logs [1]
- outside server management logs [1]
- remote installation/upgrade logs [1]
- role-based administration logs [1]
- Security Compliance logs [1]
- ServerProtect Migration Tool debug logs [1]
- Virtual Desktop Support logs [1]
- Virus Scan Engine debug logs [1]
- VSEncrypt debug logs [1]
- web reputation logs [1]
ServerProtect [1]
Server Tuner [1]
server update
- component duplication [1]
- logs [1]
- manual update [1]
- proxy settings [1]
- scheduled update [1]
- update methods [1]
service restart [1]
Smart Feedback [1]
smart protectection [1]
smart protection [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18]
- environment [1]
- File Reputation Services [1] [2]
- pattern files [1] [2] [3] [4] [5]
  - Smart Scan Agent Pattern [1]
  - Smart Scan Pattern [1]
  - update process [1]
  - Web Blocking List [1]
- Smart Feedback [1]
- Smart Protection Network [1]
- Smart Protection Server [1]
- source [1] [2]
- sources [1] [2] [3]
  - comparison [1]
  - IPv6 support [1]
  - locations [1]
  - protocols [1]
- volume of threats [1]
- Web Reputation Services [1] [2]
Smart Protection Network [1] [2]
Smart Protection Server [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
- best practices [1]
- installation [1]
- integrated [1] [2] [3] [4] [5]
- standalone [1] [2]
- update [1] [2]
smart scan [1] [2] [3]
- switching from conventional scan [1]
Smart Scan Agent Pattern [1] [2]
Smart Scan Pattern [1] [2]
SMB protocol [1]
spyware/grayware [1] [2] [3] [4] [5] [6] [7] [8]
- adware [1]
- dialers [1]
- guarding against [1]
- hacking tools [1]
- joke programs [1]
- password cracking applications [1]
- potential threats [1]
- remote access tools [1]
- restoring [1]
- spyware [1]
spyware/grayware scan
- actions [1]
- approved list [1]
- results [1]
Spyware Active-monitoring Pattern [1]
Spyware Pattern [1]
Spyware Scan Engine [1]
SSL Certificate [1] [2] [3]
standalone server [1]
standalone Smart Protection Server [1]
- ptngrowth.ini [1]
storage devices
- advanced permissions [1] [2]
- permissions [1]
summary
- dashboard [1] [2] [3] [4]
- updates [1]
summary dashboard
- components and programs [1]
Summary dashboard [1] [2] [3] [4] [5]
- predefined tabs [1]
- predefined widgets [1]
- product license status [1]
- tabs [1]
- user accounts [1]
- widgets [1]
Support Intelligence System [1] [2]
suspicious files [1]
synchronization [1]
SYN Flood [1]
system and application channels [1] [2] [3] [4] [5] [6] [7] [8]
- CD/DVD [1]
- peer-to-peer (P2P) [1]
- printer [1]
- removable storage [1]
- synchronization software [1]
- Windows clipboard [1]
system requirements
- Policy Server [1]
- Update Agent [1]
tabs [1]
Teardrop [1]
technical support [1]
templates [1] [2] [3] [4] [5] [6]
- condition statements [1]
- customized [1] [2] [3]
- logical operators [1]
- predefined [1]
Terminal Access Controller Access Control System (TACACS+) [1]
test scan [1]
test virus [1]
third-party security software [1]
Tiny Fragment Attack [1]
TMPerftool [1]
TMTouch.exe [1]
token variable [1]
Too Big Fragment [1]
Top 10 Security Risk Statistics [1]
touch tool [1]
TrendLabs [1]
Trend Micro
- contact information [1]
- Knowledge Base [1]
- Security Information Center [1]
- TrendLabs [1]
Trojan horse program [1] [2] [3]
troubleshooting
- Plug-in Manager [1]
troubleshooting resources [1]
uninstallation [1]
- Data Protection [1]
- from the web console [1]
- Plug-in Manager [1]
- using the uninstallation program [1]
unreachable clients [1]
update
- Smart Protection Server [1] [2]
Update Agent [1] [2] [3]
- analytical report [1]
- assigning [1]
- component duplication [1]
- standard update source [1]
- system requirements [1]
- update methods [1]
update methods
- clients [1]
- OfficeScan server [1]
- Update Agent [1]
Update Now [1]
updates [1] [2]
- clients [1]
- enforcing [1]
- integrated Smart Protection Server [1] [2]
- OfficeScan server [1]
- Update Agent [1]
update source
- clients [1]
- OfficeScan server [1]
- Update Agents [1]
URL Filtering Engine [1]
USB devices
- approved list [1]
  - configuring [1]
user accounts [1]
- Summary dashboard [1]
user role
- administrator [1]
- guest user [1]
- Trend Power User [1]
VBScript virus [1]
VDI [1]
- logs [1]
VDI Pre-scan Template Generation Tool [1]
Virtual Desktop Support [1]
virus/malware [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
- ActiveX malicious code [1]
- boot sector virus [1]
- COM and EXE file infector [1]
- Java malicious code [1]
- joke program [1]
- macro virus [1]
- packer [1]
- probable virus/malware [1]
- test virus [1]
- Trojan horse program [1]
- types [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
- VBScript, JavaScript or HTML virus [1]
- worm [1]
virus/malware scan
- global settings [1]
- results [1]
Virus Cleanup Engine [1]
Virus Cleanup Template [1]
Virus Encyclopedia [1]
Virus Pattern [1] [2] [3]
Virus Scan Driver [1]
Virus Scan Engine [1]
Vulnerability Scanner [1] [2]
- computer description retrieval [1]
- DHCP settings [1]
- effectiveness [1]
- ping settings [1]
- product query [1]
- supported protocols [1]
Web Blocking List [1] [2]
web console [1] [2] [3] [4] [5] [6]
- about [1]
- banner [1]
- logon account [1]
- password [1]
- requirements [1]
- URL [1]
web install page [1] [2] [3]
webmail [1]
web reputation [1] [2] [3] [4] [5]
- logs [1]
- policies [1]
web server information [1]
web threats [1]
widgets [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
- available [1]
- Client Connectivity [1]
- Client Updates [1]
- Digital Asset Control - Detections Over Time [1]
- Digital Asset Control - Top Detections [1]
- File Reputation Threat Map [1]
- OfficeScan and Plug-ins Mashup [1]
- Outbreaks [1]
- Security Risk Detections [1]
- Web Reputation Top Threatened Users [1]
- Web Reputation Top Threat Sources [1]
wildcards [1]
- device control [1]
- file attributes [1]
Windows clipboard [1]
Windows Server Core [1]
- available client features [1]
- commands [1]
- supported installation methods [1]
worm [1]

Creating a Customized Expression

Procedure

Navigate to Networked Computers → Data Loss Prevention → Data Identifiers.
Click the Expression tab.
Click Add.

A new screen displays.
Type a name for the expression. The name must not exceed 100 bytes in length and cannot contain the following characters:
- > < * ^ | & ? \ /
Type a description that does not exceed 256 bytes in length.
Type the expression and specify whether it is case-sensitive.
Type the displayed data.

For example, if you are creating an expression for ID numbers, type a sample ID number. This data is used for reference purposes only and will not appear elsewhere in the product.
Choose one of the following criteria and configure additional settings for the chosen criteria (see Criteria for Customized Expression):
- None
- Specific characters
- Suffix
- Single-character separator
Test the expression against an actual data.

For example, if the expression is for a national ID, type a valid ID number in the Test data text box, click Test, and then check the result.

Click Save if you are satisfied with the result.

Note

Save the settings only if the testing was successful. An expression that cannot detect any data wastes system resources and may impact performance.

A message appears, reminding you to deploy the settings to clients. Click Close.
Back in the DLP Data Identifiers screen, click Apply to All Clients.

OfficeScan 10.6 SP1 Online Help

Creating a Customized Expression

Procedure

Note