OfficeScan 10.6 SP1 Online Help

Collapse AllExpand All
  • Access Control Server (ACS) [1]
  • ACS certificate [1]
  • action on monitored system events [1]
  • actions
    • Data Loss Prevention [1]
  • ActiveAction [1]
  • Active Directory [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]
    • client grouping [1]
    • credentials [1]
    • custom client groups [1]
    • duplicate structure [1]
    • integration [1]
    • outside server management [1]
    • role-based administration [1]
    • scope and query [1]
    • synchronization [1] [2]
  • ActiveSync [1]
  • ActiveX malicious code [1]
  • Additional Service Settings [1] [2]
  • advanced permissions
  • application filtering [1]
  • approved list [1]
  • approved programs list [1]
  • assessment mode [1]
  • Authentication, Authorization, and Accounting (AAA) [1]
  • automatic client grouping [1] [2]
  • AutoPcc.exe [1] [2] [3] [4] [5]
  • Behavior Monitoring [1]
    • action on system events [1]
    • exception list [1]
    • logs [1]
  • Behavior Monitoring Configuration Pattern [1]
  • Behavior Monitoring Core Service [1]
  • Behavior Monitoring Detection Pattern [1]
  • Behavior Monitoring Driver [1]
  • blocked programs list [1]
  • boot sector virus [1]
  • CA certificate [1] [2]
  • cache settings for scans [1]
  • Case Diagnostic Tool [1]
  • Certificate Authority (CA) [1]
  • certificates [1]
  • Certified Safe Software List [1]
  • Certified Safe Software Service [1]
  • Check Point SecureClient [1]
  • Cisco NAC
    • architecture [1]
    • components and terms [1]
    • policy server deployment [1]
  • Cisco Trust Agent [1] [2]
  • client console
    • access restriction [1]
  • client disk image [1] [2]
  • client grouping [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]
  • client installation [1] [2]
    • browser-based [1]
    • Client Packager [1]
    • from the web console [1]
    • from the web install page [1]
    • Login Script Setup [1]
    • post-installation [1]
    • system requirements [1]
    • using client disk image [1]
    • using Security Compliance [1]
    • using Vulnerability Scanner [1]
  • client logs
    • ActiveUpdate logs [1]
    • client connection logs [1]
    • client update logs [1]
    • Damage Cleanup Services logs [1]
    • Data Protection debug logs [1] [2]
    • debug logs [1]
    • fresh installation logs [1]
    • Mail Scan logs [1]
    • OfficeScan firewall debug logs [1]
    • Outbreak Prevention debug logs [1]
    • TDI debug logs [1]
    • upgrade/hot fix logs [1]
    • web reputation debug logs [1]
  • client mover [1]
  • Client Packager [1] [2] [3] [4] [5]
  • clients [1] [2] [3] [4] [5] [6] [7]
  • client security level [1]
  • client self-protection [1]
  • client tree [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
  • client uninstallation [1]
  • client update
    • automatic [1]
    • customized source [1]
    • event-triggered [1]
    • from the ActiveUpdate server [1]
    • manual [1]
    • privileges [1]
    • scheduled update [1] [2]
    • scheduled update with NAT [1]
    • standard source [1]
  • client upgrade
  • client validation [1]
  • COM file infector [1]
  • Common Firewall Driver [1] [2] [3] [4]
  • Common Firewall Pattern [1]
  • Compliance Report [1]
  • component duplication [1] [2]
  • components [1] [2] [3]
    • on the client [1]
    • on the OfficeScan server [1]
    • on the Update Agent [1]
    • update privileges and settings [1]
    • update summary [1]
  • compressed files [1] [2] [3]
  • condition statements [1]
  • Conflicted ARP [1]
  • connection verification [1]
  • contacting [1] [2] [3] [4] [5] [6] [7] [8]
  • continuity of protection [1]
  • Control Manager
    • integration with OfficeScan [1]
    • MCP Agent logs [1]
  • conventional scan [1] [2]
    • switching to smart scan [1]
  • cookie scanning [1]
  • CPU usage [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • custom client groups [1] [2]
  • customized expressions [1] [2] [3]
  • customized keywords [1]
  • customized templates [1]
  • Damage Cleanup Services [1] [2]
  • dashboards
  • database backup [1]
  • database scanning [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keywords [1]
  • Data Loss Prevention [1] [2] [3] [4]
  • Data Loss Prevention:decompression rules;decompression rules;compressed files:decompression rules [1]
  • Data Loss Prevention:system and application channels;system and application channels;system and application channels:PGP encryption [1]
  • Data Protection
    • deployment [1]
    • installation [1]
    • license [1]
    • status [1]
    • uninstallation [1]
  • debug logs
  • device control [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]
  • Device Control [1]
  • device control;device control list;device control list:adding programs [1]
  • Device List Tool [1]
  • DHCP settings [1]
  • Digital Asset Control
  • digital certificates [1]
  • digital signature cache [1]
  • Digital Signature Pattern [1] [2]
  • Digital Signature Provider [1]
    • specifying [1]
  • documentation [1]
  • documentation feedback [1]
  • domains [1] [2] [3] [4] [5]
  • DSP [1]
  • EICAR test script [1] [2]
  • email domains [1]
  • encrypted files [1]
  • End User License Agreement (EULA) [1]
  • evaluation version [1]
  • Event Monitoring [1]
  • exception list [1]
    • Behavior Monitoring [1]
  • EXE file infector [1]
  • export settings [1]
  • expressions [1] [2]
  • external device protection [1]
  • external devices
  • FakeAV [1]
  • file attributes [1] [2] [3] [4]
  • file reputation [1] [2]
  • firewall [1] [2]
  • firewall log count [1]
  • Fragmented IGMP [1]
  • FTP [1]
  • gateway IP address [1]
  • gateway settings importer [1]
  • hot fixes [1] [2]
  • HTML virus [1]
  • HTTP and HTTPS [1]
  • IDS [1]
  • IM applications [1]
  • import settings [1]
  • inactive clients [1]
  • incremental pattern [1]
  • installation [1]
    • client [1]
    • Data Protection [1]
    • Plug-in Manager [1]
    • plug-in program [1]
    • Policy Server [1]
    • Security Compliance [1]
  • integrated server [1]
  • integrated Smart Protection Server [1]
  • IntelliScan [1]
  • IntelliTrap Exception Pattern [1]
  • IntelliTrap Pattern [1]
  • intranet [1]
  • Intrusion Detection System [1]
  • IPv6 [1]
  • IPv6 support [1]
    • displaying IPv6 addresses [1]
    • limitations [1] [2]
  • IpXfer.exe [1]
  • Java malicious code [1]
  • JavaScript virus [1]
  • joke program [1]
  • keywords [1] [2]
  • Knowledge Base [1]
  • LAND Attack [1]
  • licenses [1]
    • Data Protection [1]
    • status [1]
  • location awareness [1]
  • locations [1]
    • awareness [1]
  • logical operators [1]
  • Login Script Setup [1] [2] [3] [4] [5]
  • logs [1]
    • about [1]
    • Behavior Monitoring [1]
    • client update logs [1]
    • connection verification logs [1]
    • Device Control logs [1]
    • firewall logs [1] [2] [3]
    • scan logs [1]
    • security risk logs [1]
    • spyware/grayware logs [1]
    • spyware/grayware restore logs [1]
    • system event logs [1]
    • virus/malware logs [1] [2]
    • web reputation logs [1]
  • LogServer.exe [1] [2]
  • MAC address [1]
  • macro virus [1]
  • mail scan [1] [2] [3]
  • Malware Behavior Blocking [1]
  • manual client grouping [1] [2]
  • Manual Scan [1]
  • Microsoft Exchange Server scanning [1]
  • Microsoft SMS [1] [2]
  • migration
    • from ServerProtect Normal Servers [1]
    • from third-party security software [1]
  • monitored email domains [1]
  • monitored system events [1]
  • monitored targets [1] [2]
  • MSI package [1] [2] [3] [4]
  • NetBIOS [1]
  • Network Access Device [1]
  • network channels [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
    • email clients [1]
    • FTP [1]
    • HTTP and HTTPS [1]
    • IM applications [1]
    • monitored targets [1] [2]
    • non-monitored targets [1] [2]
    • SMB protocol [1]
    • transmission scope [1]
      • all transmissions [1]
      • conflicts [1]
      • external transmissions [1]
    • transmission scope and targets [1]
    • webmail [1]
  • network virus [1] [2]
  • Network VirusWall Enforcer [1]
  • new features [1]
  • non-monitored email domains [1]
  • non-monitored targets [1] [2]
  • non-storage devices
    • permissions [1]
  • notifications
    • client update [1]
    • computer restart [1]
    • Device Control [1]
    • firewall violations [1]
    • for administrators [1] [2]
    • for client users [1] [2]
    • outbreaks [1] [2]
    • outdated Virus Pattern [1]
    • spyware/grayware detection [1]
    • virus/malware detection [1] [2]
    • web threat detection [1]
  • OfficeScan
    • about [1]
    • client [1]
    • client services [1]
    • components [1] [2]
    • component update [1]
    • database backup [1]
    • database scanning [1]
    • documentation [1]
    • key features and benefits [1]
    • licenses [1]
    • logs [1]
    • programs [1]
    • SecureClient integration [1]
    • terminology [1]
    • web console [1]
    • web server [1]
  • OfficeScan client
    • connection with OfficeScan server [1] [2]
    • connection with Smart Protection Server [1] [2]
    • detailed client information [1]
    • files [1]
    • import and export settings [1]
    • inactive clients [1]
    • installation methods [1]
    • processes [1]
    • registry keys [1]
    • reserved disk space [1]
    • uninstallation [1]
  • OfficeScan server [1]
    • functions [1]
  • OfficeScan update [1]
  • on-demand scan cache [1]
  • outbreak criteria [1] [2]
  • outbreak prevention [1]
  • outbreak prevention policy
    • block ports [1]
    • deny write access [1]
    • limit/deny access to shared folders [1]
  • outside server management [1] [2]
    • logs [1]
    • query results [1]
    • scheduled query [1]
  • Overlapping Fragment [1]
  • packer [1]
  • password [1]
  • patches [1]
  • pattern files
    • smart protection [1]
    • Smart Scan Agent Pattern [1]
    • Smart Scan Pattern [1]
    • Web Blocking List [1]
  • PCRE [1]
  • performance control [1]
  • Performance Tuning Tool [1]
  • Perle Compatible Regular Expressions [1]
  • permissions
    • advanced [1]
    • non-storage devices [1]
    • program path and name [1]
    • storage devices [1]
  • phishing [1]
  • Ping of Death [1]
  • Plug-in Manager [1] [2] [3]
    • installation [1]
    • managing native OfficeScan features [1]
    • troubleshooting [1]
    • uninstallation [1]
  • plug-in program
    • installation [1]
  • policies
    • Data Loss Prevention [1]
    • firewall [1] [2]
    • web reputation [1]
  • policy [1]
  • Policy Enforcement Pattern [1]
  • Policy Server for Cisco NAC [1]
    • CA certificate [1]
    • certificates [1]
    • client validation process [1]
    • default policies [1]
    • default rules [1] [2]
    • deployment overview [1]
    • policies [1]
    • policies and rules [1]
    • policy composition [1]
    • Policy Server installation [1]
    • rule composition [1]
    • rules [1]
    • SSL certificate [1]
    • synchronization [1] [2]
    • system requirements [1]
  • port blocking [1]
  • posture token [1]
  • predefined expressions [1]
  • predefined keywords
    • distance [1]
    • number of keywords [1]
  • predefined tabs [1]
  • predefined templates [1]
  • predefined widgets [1]
  • pre-installation tasks [1] [2] [3]
  • privileges
    • firewall privileges [1] [2]
    • mail scan privileges [1]
    • proxy configuration privileges [1]
    • roaming privilege [1]
    • scan privileges [1]
    • Scheduled Scan privileges [1]
    • unload privilege [1]
  • probable virus/malware [1] [2]
  • programs [1] [2]
  • proxy settings [1]
    • automatic proxy settings [1]
    • clients [1]
    • for external connection [1]
    • for internal connection [1]
    • for server component update [1]
    • for web reputation [1]
    • privileges [1]
  • ptngrowth.ini [1] [2]
  • quarantine directory [1] [2]
  • quarantine manager [1]
  • Real-time Scan [1]
  • Real-time Scan service [1]
  • reference server [1]
  • Remote Authentication Dial-In User Service (RADIUS) [1]
  • remote installation [1]
  • roaming clients [1]
  • role-based administration [1] [2]
    • user accounts [1]
    • user roles [1]
  • rootkit detection [1]
  • scan actions [1]
    • spyware/grayware [1]
    • virus/malware [1]
  • scan cache [1]
  • scan criteria
    • CPU usage [1]
    • file compression [1]
    • files to scan [1]
    • schedule [1]
    • user activity on files [1]
  • scan exclusions [1] [2]
    • directories [1]
    • file extensions [1]
    • files [1]
  • scan method [1]
  • Scan Now [1]
  • scan privileges [1]
  • scan types [1] [2]
  • scheduled assessments [1]
  • Scheduled Scan [1]
  • SCV Editor [1]
  • SecureClient [1] [2]
    • integrating with OfficeScan [1]
    • Policy Servers [1]
    • SCV Editor [1]
  • Secure Configuration Verification [1]
  • Security Compliance [1]
    • components [1]
    • enforcing [1]
    • enforcing update [1]
    • installation [1]
    • logs [1]
    • outside server management [1] [2]
    • scan [1]
    • scheduled assessments [1]
    • services [1]
    • settings [1]
  • Security Information Center [1]
  • security patches [1]
  • security posture [1]
  • security risks [1] [2] [3] [4] [5] [6] [7] [8] [9]
  • server logs
    • Active Directory logs [1]
    • Apache server logs [1]
    • client grouping logs [1]
    • Client Packager logs [1]
    • component update logs [1]
    • Control Manager MCP Agent logs [1]
    • debug logs [1]
    • Device Control logs [1]
    • local installation/upgrade logs [1]
    • outside server management logs [1]
    • remote installation/upgrade logs [1]
    • role-based administration logs [1]
    • Security Compliance logs [1]
    • ServerProtect Migration Tool debug logs [1]
    • Virtual Desktop Support logs [1]
    • Virus Scan Engine debug logs [1]
    • VSEncrypt debug logs [1]
    • web reputation logs [1]
  • ServerProtect [1]
  • Server Tuner [1]
  • server update
    • component duplication [1]
    • logs [1]
    • manual update [1]
    • proxy settings [1]
    • scheduled update [1]
    • update methods [1]
  • service restart [1]
  • Smart Feedback [1]
  • smart protectection [1]
  • smart protection [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18]
  • Smart Protection Network [1] [2]
  • Smart Protection Server [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
  • smart scan [1] [2] [3]
    • switching from conventional scan [1]
  • Smart Scan Agent Pattern [1] [2]
  • Smart Scan Pattern [1] [2]
  • SMB protocol [1]
  • spyware/grayware [1] [2] [3] [4] [5] [6] [7] [8]
    • adware [1]
    • dialers [1]
    • guarding against [1]
    • hacking tools [1]
    • joke programs [1]
    • password cracking applications [1]
    • potential threats [1]
    • remote access tools [1]
    • restoring [1]
    • spyware [1]
  • spyware/grayware scan
  • Spyware Active-monitoring Pattern [1]
  • Spyware Pattern [1]
  • Spyware Scan Engine [1]
  • SSL Certificate [1] [2] [3]
  • standalone server [1]
  • standalone Smart Protection Server [1]
    • ptngrowth.ini [1]
  • storage devices
    • advanced permissions [1] [2]
    • permissions [1]
  • summary
  • summary dashboard
    • components and programs [1]
  • Summary dashboard [1] [2] [3] [4] [5]
    • predefined tabs [1]
    • predefined widgets [1]
    • product license status [1]
    • tabs [1]
    • user accounts [1]
    • widgets [1]
  • Support Intelligence System [1] [2]
  • suspicious files [1]
  • synchronization [1]
  • SYN Flood [1]
  • system and application channels [1] [2] [3] [4] [5] [6] [7] [8]
    • CD/DVD [1]
    • peer-to-peer (P2P) [1]
    • printer [1]
    • removable storage [1]
    • synchronization software [1]
    • Windows clipboard [1]
  • system requirements
    • Policy Server [1]
    • Update Agent [1]
  • tabs [1]
  • Teardrop [1]
  • technical support [1]
  • templates [1] [2] [3] [4] [5] [6]
  • Terminal Access Controller Access Control System (TACACS+) [1]
  • test scan [1]
  • test virus [1]
  • third-party security software [1]
  • Tiny Fragment Attack [1]
  • TMPerftool [1]
  • TMTouch.exe [1]
  • token variable [1]
  • Too Big Fragment [1]
  • Top 10 Security Risk Statistics [1]
  • touch tool [1]
  • TrendLabs [1]
  • Trend Micro
    • contact information [1]
    • Knowledge Base [1]
    • Security Information Center [1]
    • TrendLabs [1]
  • Trojan horse program [1] [2] [3]
  • troubleshooting
    • Plug-in Manager [1]
  • troubleshooting resources [1]
  • uninstallation [1]
    • Data Protection [1]
    • from the web console [1]
    • Plug-in Manager [1]
    • using the uninstallation program [1]
  • unreachable clients [1]
  • update
    • Smart Protection Server [1] [2]
  • Update Agent [1] [2] [3]
    • analytical report [1]
    • assigning [1]
    • component duplication [1]
    • standard update source [1]
    • system requirements [1]
    • update methods [1]
  • update methods
    • clients [1]
    • OfficeScan server [1]
    • Update Agent [1]
  • Update Now [1]
  • updates [1] [2]
    • clients [1]
    • enforcing [1]
    • integrated Smart Protection Server [1] [2]
    • OfficeScan server [1]
    • Update Agent [1]
  • update source
    • clients [1]
    • OfficeScan server [1]
    • Update Agents [1]
  • URL Filtering Engine [1]
  • USB devices
    • approved list [1]
      • configuring [1]
  • user accounts [1]
    • Summary dashboard [1]
  • user role
    • administrator [1]
    • guest user [1]
    • Trend Power User [1]
  • VBScript virus [1]
  • VDI [1]
  • VDI Pre-scan Template Generation Tool [1]
  • Virtual Desktop Support [1]
  • virus/malware [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
  • virus/malware scan
    • global settings [1]
    • results [1]
  • Virus Cleanup Engine [1]
  • Virus Cleanup Template [1]
  • Virus Encyclopedia [1]
  • Virus Pattern [1] [2] [3]
  • Virus Scan Driver [1]
  • Virus Scan Engine [1]
  • Vulnerability Scanner [1] [2]
    • computer description retrieval [1]
    • DHCP settings [1]
    • effectiveness [1]
    • ping settings [1]
    • product query [1]
    • supported protocols [1]
  • Web Blocking List [1] [2]
  • web console [1] [2] [3] [4] [5] [6]
  • web install page [1] [2] [3]
  • webmail [1]
  • web reputation [1] [2] [3] [4] [5]
  • web server information [1]
  • web threats [1]
  • widgets [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
    • available [1]
    • Client Connectivity [1]
    • Client Updates [1]
    • Digital Asset Control - Detections Over Time [1]
    • Digital Asset Control - Top Detections [1]
    • File Reputation Threat Map [1]
    • OfficeScan and Plug-ins Mashup [1]
    • Outbreaks [1]
    • Security Risk Detections [1]
    • Web Reputation Top Threatened Users [1]
    • Web Reputation Top Threat Sources [1]
  • wildcards [1]
    • device control [1]
    • file attributes [1]
  • Windows clipboard [1]
  • Windows Server Core [1]
    • available client features [1]
    • commands [1]
    • supported installation methods [1]
  • worm [1]

Product Query Parent topic

Vulnerability Scanner can check for the presence of security software on clients. The following table discusses how Vulnerability Scanner checks security products:

Security Products Checked by Vulnerability Scanner

Product
Description
ServerProtect for Windows
Vulnerability Scanner uses RPC endpoint to check if SPNTSVC.exe is running. It returns information including operating system, and Virus Scan Engine, Virus Pattern and product versions. Vulnerability Scanner cannot detect the ServerProtect Information Server or the ServerProtect Management Console.
ServerProtect for Linux
If the target computer does not run Windows, Vulnerability Scanner checks if it has ServerProtect for Linux installed by trying to connect to port 14942.
OfficeScan client
Vulnerability Scanner uses the OfficeScan client port to check if the OfficeScan client is installed. It also checks if the TmListen.exe process is running. It retrieves the port number automatically if executed from its default location.
If you launched Vulnerability Scanner on a computer other than the OfficeScan server, check and then use the other computer's communication port.
PortalProtect™
Vulnerability Scanner loads the web page http://localhost:port/PortalProtect/index.html to check for product installation.
ScanMail™ for Microsoft Exchange™
Vulnerability Scanner loads the web page http://ipaddress:port/scanmail.html to check for ScanMail installation. By default, ScanMail uses port 16372. If ScanMail uses a different port number, specify the port number. Otherwise, Vulnerability Scanner cannot detect ScanMail.
InterScan™ family
Vulnerability Scanner loads each web page for different products to check for product installation.
  • InterScan Messaging Security Suite 5.x: http://localhost:port/eManager/cgi-bin/eManager.htm
  • InterScan eManager 3.x: http://localhost:port/eManager/cgi-bin/eManager.htm
  • InterScan VirusWall™ 3.x: http://localhost:port/InterScan/cgi-bin/interscan.dll
Trend Micro Internet Security™ (PC-cillin)
Vulnerability Scanner uses port 40116 to check if Trend Micro Internet Security is installed.
McAfee VirusScan ePolicy Orchestrator
 Vulnerability Scanner sends a special token to TCP port 8081, the default port of ePolicy Orchestrator for providing connection between the server and client. The computer with this antivirus product replies using a special token type. Vulnerability Scanner cannot detect the standalone McAfee VirusScan.
Norton Antivirus™ Corporate Edition
Vulnerability Scanner sends a special token to UDP port 2967, the default port of Norton Antivirus Corporate Edition RTVScan. The computer with this antivirus product replies using a special token type. Since Norton Antivirus Corporate Edition communicates by UDP, the accuracy rate is not guaranteed. Furthermore, network traffic may influence UDP waiting time.
Vulnerability Scanner detects products and computers using the following protocols:
  • RPC: Detects ServerProtect for NT
  • UDP: Detects Norton AntiVirus Corporate Edition clients
  • TCP: Detects McAfee VirusScan ePolicy Orchestrator
  • ICMP: Detects computers by sending ICMP packets
  • HTTP: Detects OfficeScan clients
  • DHCP: If it detects a DHCP request, Vulnerability Scanner checks if antivirus software has already been installed on the requesting computer.
Related information