Configuring a Web Reputation Policy Parent topic

Before you begin

Specify proxy server authentication credentials if you have set up a proxy server to handle HTTP communication in your organization and authentication is required before web access is allowed.
For instructions on configuring the proxy settings, see External Proxy for OfficeScan Clients.

Procedure

  1. Navigate to Networked ComputersClient Management.
  2. Select the targets in the client tree.
    • To configure a policy for clients running Windows XP, Vista, 7, or 8, select the root domain icon (icon_root-26.bmp), specific domains, or clients.
      Note
      Note
      When you select the root domain or specific domains, the setting will only apply to clients running Windows XP, Vista, 7, or 8. The setting will not apply to clients running Windows Server 2003, Windows Server 2008, or Windows Server 2012 even if they part of the domains.
    • To configure a policy for clients running Windows Server 2003, Windows Server 2008, or Windows Server 2012, select a specific client.
  3. Click SettingsWeb Reputation Settings.
  4. Click the External Clients tab to configure a policy for external clients or the Internal Clients tab to configure a policy for internal clients.
    Tip
    Tip
    Configure client location settings if you have not done so. Clients will use these settings to determine their location and apply the correct web reputation policy. For details, see Computer Location.
  5. Select Enable Web reputation policy on the following operating systems. The operating systems listed in the screen depends on the targets you selected in step 1.
    Tip
    Tip
    Trend Micro recommends disabling web reputation for internal clients if you already use a Trend Micro product with the web reputation capability, such as InterScan Web Security Virtual Appliance.
    When a web reputation policy is enabled:
    • External clients send web reputation queries to the Smart Protection Network.
    • Internal clients send web reputation queries to:
      • Smart Protection Servers if the Send queries to Smart Protection Servers option is enabled. For details about this option, see step 7.
      • Smart Protection Network if the Send queries to Smart Protection Servers option is disabled.
  6. Select Enable assessment.
    Note
    Note
    When in assessment mode, clients will allow access to all websites but will log access to websites that are supposed to be blocked if assessment was disabled. Trend Micro provides assessment mode to allow you to evaluate websites and then take appropriate action based on your evaluation. For example, websites that you consider safe can be added to the approved list.
  7. Select Check HTTPS URLs.
    HTTPS communication uses certificates to identify web servers. It encrypts data to prevent theft and eavesdropping. Although more secure, accessing websites using HTTPS still has risks. Compromised sites, even those with valid certificates, can host malware and steal personal information. In addition, certificates are relatively easy to obtain, making it easy to set up malicious web servers that use HTTPS.
    Enable checking of HTTPS URLs to reduce exposure to compromised and malicious sites that use HTTPS. OfficeScan can monitor HTTPS traffic on the following browsers:

    Supported Browsers for HTTPS Traffic

    Browser
    Version
    Microsoft Internet Explorer
    • 6 with SP2 or higher
    • 7.x
    • 8.x
    • 9.x
    • 10.x
    Mozilla Firefox
    3.5 or later
    Important
    Important
  8. Select Scan common HTTP ports only to restrict web reputation scanning to traffic through ports 80, 81, and 8080. By default, OfficeScan scans all traffic through all ports.
  9. Select Send queries to Smart Protection Servers if you want internal clients to send web reputation queries to Smart Protection Servers.
    • If you enable this option:
      • Clients refer to the smart protection source list to determine the Smart Protection Servers to which they send queries. For details about the smart protection source list, see Smart Protection Source List.
      • Be sure that Smart Protection Servers are available. If all Smart Protection Servers are unavailable, clients do not send queries to Smart Protection Network. The only remaining sources of web reputation data for clients are the approved and blocked URL lists (configured in step 10).
      • If you want clients to connect to Smart Protection Servers through a proxy server, specify proxy settings in AdministrationProxy Settings > Internal Proxy tab.
      • Be sure to update Smart Protection Servers regularly so that protection remains current.
      • Clients will not block untested websites. Smart Protection Servers do not store web reputation data for these websites.
    • If you disable this option:
      • Clients send web reputation queries to Smart Protection Network. Client computers must have Internet connection to send queries successfully.
      • If connection to Smart Protection Network requires proxy server authentication, specify authentication credentials in AdministrationProxy Settings > External Proxy (tab)Client Connection with Trend Micro Servers.
      • Clients will block untested websites if you select Block pages that have not been tested by Trend Micro in step 9.
  10. Select from the available web reputation security levels: High, Medium, or Low
    Note
    Note
    The security levels determine whether OfficeScan will allow or block access to a URL. For example, if you set the security level to Low, OfficeScan only blocks URLs that are known to be web threats. As you set the security level higher, the web threat detection rate improves but the possibility of false positives also increases.
  11. If you disabled the Send queries to Smart Protection Servers option in step 7, you can select Block pages that have not been tested by Trend Micro.
    Note
    Note
    While Trend Micro actively tests web pages for safety, users may encounter untested pages when visiting new or less popular websites. Blocking access to untested pages can improve safety but can also prevent access to safe pages.
  12. Configure the approved and blocked lists.
    Note
    Note
    The approved list takes precedence over the blocked list. When a URL matches an entry in the approved list, clients always allows access to the URL, even if it is in the blocked list.
    1. Select Enable approved/blocked list.
    2. Type a URL.
      You can add a wildcard character (*) anywhere on the URL.
      For example:
      • Typing www.trendmicro.com/* means that all pages in the Trend Micro website will be approved.
      • Typing *.trendmicro.com/* means that all pages on any sub-domain of trendmicro.com will be approved.
      You can type URLs containing IP addresses. If a URL contains an IPv6 address, enclose the address in parentheses.
    3. Click Add to Approved List or Add to Blocked List.
    4. To export the list to a .dat file, click Export and then click Save.
    5. If you have exported a list from another server and want to import it to this screen, click Import and locate the .dat file. The list loads on the screen.
  13. To submit web reputation feedback, click the URL provided under Reassess URL. The Trend Micro Web Reputation Query system opens in a browser window.
  14. Select whether to allow the OfficeScan client to send web reputation logs to the server. Allow clients to send logs if you want to analyze URLs being blocked by OfficeScan and take the appropriate action on URLs you think are safe to access.
  15. If you selected domain(s) or client(s) in the clients tree, click Save. If you clicked the root domain icon, choose from the following options:
    • Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
    • Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain.