Configuring Web Reputation Policy

• Networked Computers > Web Reputation > Policies

OfficeScan enforces a specific Web Reputation policy based on the client computer's location. OfficeScan considers a computer "internal" if its gateway IP address matches any of the IP addresses you specify in the Computer Location screen, and "external" if otherwise.

• Note: To provide Web Reputation feedback, use the online form available at http://reclassify.wrs.trendmicro.com/submit-files/wrsfeedback.asp.

To configure a Web Reputation policy:

1. Select the policy to configure. You can configure a policy for External Computers and Internal Computers.

2. Select the check box to enable/disable the Web Reputation policy.

3. Note: Trend Micro recommends disabling Web Reputation for internal computers if you already use a Trend Micro product with Web Reputation capability (such as InterScan Gateway Security Appliance or InterScan Web Security Appliance).

3. Select from the available Web Reputation security levels: High, Medium, Medium-Low, or Low. MORE >>

   Web threats encompass a broad array of threats that originate from the Internet. Web threats are sophisticated in their methods, using a combination of various files and techniques rather than a single file or approach. For example, Web threat creators constantly change the version or variant used. Because the Web threat is in a fixed location of a Web site rather than on an infected computer, the Web threat creator constantly modifies its code to avoid detection.

   A URL's "reputation score" determines whether it is a Web threat or not. Trend Micro calculates the score using proprietary metrics.

   • Trend Micro considers a URL "a Web threat", "very likely to be a Web threat", or "likely to be a Web threat" if its score falls within the range set for one of these categories.

   • Trend Micro considers a URL safe to access if its score exceeds a defined threshold.

   The four security levels (High, Medium, Medium-low, Low) available on this screen determine whether OfficeScan will allow or block access to a URL. For example, if you set the security level to Low, OfficeScan only blocks URLs considered a "Web threat". Remember that as you set the security level higher, the Web threat detection rate improves but the possibility of false positives also increases.

    

4. Configure the list of approved URLs. The default list includes Trend Micro Web sites and certain Microsoft Web sites that allow users to download Microsoft updates and programs.

1. Enter the URL in the text box.

2. Select whether to approve the URL's subsites or only the Web page. If the URL is www.xyz.com/update, OfficeScan approves all pages under this URL but will not approve www.xyz.com.

3. Click Add.

5. Select whether to allow the OfficeScan client to send Web Reputation logs to the server. Allow clients to send logs if you want to analyze URLs being blocked by OfficeScan and take appropriate action on URLs you think are safe to access.

6. Click Save.