Agent Post-installation

Agent Post-installation

Verify the following after deploying agents:

  1. The agent icon appears on the endpoint’s system tray after the agent registers to its parent server.

  2. The agent program exists in %WINDIR%/PEAgent.

  3. The agent registry key exists.

  4. HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Policyenforcer

  5. The agent can be queried from:

  6. If the agent was deployed from TMAgent Manager:

    1. The agent version and the server (Threat Mitigator or Network VirusWall Enforcer) to which the agent reports are displayed on the TMAgent Manager console.

    2. On the endpoint, the TMAgent Manager Client program exists in %ProgramFiles%\Trend Micro\PEAgentManagerClient.

    3. On the endpoint, the TMAgent Manager Client registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PEAgentManagerClient.

    4. On the endpoint, the the TMAgent Manager Client program is available on the Plug-in Manager screen on the OfficeScan client console.

Recommended Tasks

Perform the following tasks after deploying agents:

  1. Configure global agent settings from the Threat Mitigator console. For details, see Agent Settings.

  2. If you deployed the agent from the Endpoint Security Platform console, create an analysis that collects the following information from endpoints:

  3. The following is a sample script for this analysis:

    Property Name="Trend Micro Threat Management Agent Version"

    if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry) then (value "Version" of key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry as string) else "N/A"

    Property Name="Trend Micro Threat Management Agent Installation Time"

    if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry) then (value "InstallDate" of key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry as string) else "N/A"

    Property Name="Trend Micro Threat Management Agent Status"

    if (exists running service "TMAgent")then ("Running") else ("Not Running")

    Property Name="Trend Micro Threat Management Agent Registered Server's IP:Port"

    if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry) then (value "Reportto" of key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry as string) else "N/A"

    Property Name="Trend Micro Threat Management Agent Installed Directory"

    if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry) then (value "ApplicationPath" of key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" of registry as string) else "N/A"

    Relevance:

    (((if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (name of operating system as lowercase starts with "win")) AND (version of client >= "5.0")) AND (if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" whose (exists value "ApplicationPath" of it) of registry) then TRUE else FALSE)

  4. If you deployed the agent from the Endpoint Security Platform console, create an analysis that checks whether agent services are running on the endpoint.

  5. The following is a sample script for this analysis:

    Property Name="Threat Mitigation Service Status":

    if (exists running service "Threat Mitigation Service")then ("Running") else ("Not Running")

    Relevance:

    (((if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (name of operating system as lowercase starts with "win")) AND (version of client >= "5.0")) AND (if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" whose (exists value "ApplicationPath" of it) of registry) then TRUE else FALSE)

  6. If you configured agents to report to Network VirusWall Enforcer servers, in addition to reporting to a Threat Mitigator server, access the TMAgent Manager console, go to the Server Address column, and then check if the Network VirusWall Enforcer’s IP address is listed.

  7. From the TMAgent Manager console, you can also configure agents already reporting to Network VirusWall Enforcer to also report to Threat Mitigator.

See also: