On-demand Scan offers the same type of protection provided by endpoint security software (such as Trend Micro Internet Security™) but does not require software to be installed on the endpoint. Instead, a set of files is downloaded to a temporary folder on the endpoint, which users can manually remove. Scan results, logs, and other security information obtained during On-demand Scan are stored on the same folder.
On-demand Scan can be launched on any endpoint on the network but is most useful on agentless endpoints connecting to the network for a limited period of time. For example, if you have guests or contractors who bring with them their own notebook computers, you can instruct them to run On-demand Scan instead of installing Threat Management Agent. On-demand Scan does not conflict with Trend Micro or third-party security software already installed on the endpoint.
Below are guidelines and instructions to help you set up the environment required to run On-demand Scan.
On-demand Scan leverages Trend Micro smart scan technology, which requires setting up a Smart Scan Server. MORE >>
Smart scan technology is a next-generation, in-the-cloud based endpoint protection solution. At the core of this solution is an advanced scanning architecture that leverages threat signatures stored in-the-cloud.
On-demand Scan uses a lightweight pattern called Smart Scan Agent Pattern, which is downloaded from Threat Mitigator. If the pattern is unable to determine the risk of a file, a scan query is sent to a Smart Scan Server. A Smart Scan Server hosts the Smart Scan Pattern, which contains signatures not found on the Smart Scan Agent Pattern and checks whether the file is safe to access. A Smart Scan Server downloads the Smart Scan Pattern from the Trend Micro ActiveUpdate server.
Perform the following tasks to set up a Smart Scan Server:
Install Smart Scan Server 1.0 with Service Pack 1 on a VMware server. Only one Smart Scan Server can be used in this Threat Mitigator version. For installation instructions and requirements, refer to the Trend Micro Smart Scan Getting Started Guide.
If you have previously installed a Smart Scan Server for use with another Trend Micro product (such as OfficeScan), you can use the Smart Scan Server for On-demand Scan. While Smart Scan Server can be queried simultaneously by multiple Trend Micro products, it may become overloaded as the volume of scan queries increases. Ensure that the Smart Scan Server can handle scan queries coming from different products. Contact your support provider for sizing guidelines and recommendations.
On the Threat Mitigator console's Smart Scan Server screen:
Specify the Smart Scan Server's URL. Endpoints use the URL when connecting to the server. You can find the URL from the Smart Scan Server console.
Configure endpoints that cannot connect to the Smart Scan Server to send scan queries to the Trend Micro Global Smart Scan Server. Internet connection is required to connect to this server.
Ensure that endpoints meet the requirements specified in this section. MORE >>
System requirements—On-demand Scan can only be launched on endpoints running 32-bit versions of Microsoft™ Windows™ operating systems. MORE >>
Monitor that supports 800 x 600 resolution at 256 colors or higher
Network/Internet connection—Network connection is required to send scan queries to the Smart Scan Server you have installed, and Internet connection to send scan queries to the Trend Micro Global Smart Scan Server.
Warning: Scanning will not start if
connection to both servers cannot be established.
If scanning has started and connection to both servers is lost, files requiring a scan query will be bypassed, allowing users to access the file. This event will be logged and logs will be sent to Threat Mitigator. You can view the logs from the Threat Event Logs.
Additional disk space—The On-demand Scan program downloads a set of files to <System Drive>/Documents and Settings/<User Name>/Local Settings/Temp/HCEXEC. On-demand Scan files are not removed automatically after each scan session.
With each successive scan, additional disk space on the system drive is used (unless the HCEXEC folder is removed immediately after a scan) for the following reasons:
Cleaned infected files and other scan-related data (such as detection logs) are added to the HCEXEC folder.
The On-demand Scan program may download newer versions of components, if available on Threat Mitigator.
If another user name is used to log on to the computer, a new set of files is downloaded to <System Drive>/Documents and Settings/<Other User Name>/Local Settings/Temp/HCEXEC.
If there is insufficient disk space to run On-demand Scan, consider removing unneeded files on the system drive or emptying the recycle bin. You can also delete the HCEXEC folder. However, performing this task deletes scan-related data obtained from previous On-demand Scans.
From the On-demand Scan screen, configure settings used when you or users run On-demand Scan.
The On-demand Scan program uses the Smart Scan Agent Pattern and other components available on Threat Mitigator. Ensure that components are up-to-date before running On-demand Scan.
On-demand Scan is intended primarily for agentless endpoints, where routine threat mitigation tasks cannot be performed. MORE >>
On-demand Scan on agentless endpoints can only be run by endpoint users. You cannot launch the scan remotely from the Threat Mitigator console.
Perform the following steps to ensure that users can launch the scan without problems:
Ensure that the endpoint can connect to Threat Mitigator.
Provide users with the On-demand Scan link found on the following Threat Mitigator console screens:
On-demand Scan screen
When users click the URL and then click Run on-demand scan now, files begin to download to the endpoint. When all files have been downloaded, a user interface window displays to guide users in launching and completing the scan.
After users launch On-demand Scan, access the Threat Management screen periodically to view endpoints that encountered On-demand Scan problems. Problem details are also available in the threat event logs. You can instruct users to repeat On-demand Scan to resolve the problems.
On-demand Scan complements routine threat mitigation tasks performed by Threat Management Agent. It allows you to determine an endpoint's overall security posture even if information is not readily available from other Threat Mitigator data sources. MORE >>
To run On-demand Scan, users can perform the same tasks performed on agentless endpoints.
To run On-demand Scan without any user intervention, launch it remotely from the Threat Management screen.
Perform the following steps before launching On-demand Scan remotely:
Inform the user ahead of time that On-demand Scan will be launched remotely so that the user can prepare the endpoint for the scan. Doing this also ensures that the scan can proceed without problems or delays.
Ensure that the Threat Management Agent on the endpoint can connect to Threat Mitigator. You can check the connection status from the Threat Mitigator console.
To launch On-demand Scan remotely:
On the Threat Management screen, type the endpoint's IP address or host name in the Search endpoint text box.
Click Launch On-demand Scan.
No user interface displays on the endpoint. All scan tasks (such as downloading of On-demand Scan files and the actual scanning) occur in the background.
If there are problems during scanning, Threat Management Agent collects endpoint data. When a Trend Micro security expert notifies you that endpoint data has been collected, access the Threat Management screen to submit a case to TrendLabs.