Security Enforcement Environment

Follow the steps in this topic to set up the security enforcement environment:

If you are new to Threat Mitigator, perform a fresh installation of Threat Mitigator. Refer to Chapter 2 of the Administrator’s Guide for installation instructions and notes.

If you have installed Threat Mitigator previously and have deployed Threat Management Agents to endpoints, upgrade Threat Mitigator and Threat Management Agents. Refer to Chapter 2 of the Administrator’s Guide for upgrade instructions and notes.

Set up an enforcement device. For details, see Setting Up an Enforcement Device.

Register an enforcement device to Threat Mitigator. For details, see Registering an Enforcement Device to Threat Mitigator.

After registration, Threat Management Agent is automatically deployed to endpoints. For details, see Agent Deployment.

Configure security enforcement settings and exceptions. For details, see Enforcement Settings and Enforcement Exceptions.

Setting Up an Enforcement Device

Information about enforcement devices compatible with Threat Mitigator can be obtained from your Trend Micro representative. For information on setting up the enforcement device, refer to the documentation included in the device.

Verify the number of Threat Management Agents the enforcement device and Threat Mitigator can manage. For example, if you want Threat Mitigator to manage 5,000 agents and a device supports a maximum of 1,000 agents, you will need to set up 5 devices and then register all of them to Threat Mitigator.

Registering an Enforcement Device to Threat Mitigator

Register a device to Threat Mitigator from the product console of the enforcement device. Refer to the documentation included in the device for the registration procedure.

When Threat Mitigator detects that registration has been successfully carried out, it displays a notification on the Threat Management screen so you can start configuring security enforcement settings.

Agent Deployment

After registration has been completed, Threat Management Agent and the enforcement agent can be deployed to endpoints that have the following resources:

Agent system requirements

Resource	Requirements
Operating system	32-bit versions of the following operating systems: Windows XP (Home and Professional Editions) with Service Pack 2 or 3 Windows Vista™ (Enterprise, Business, and Ultimate Editions) with Service Pack 1
Processor	At least 133 MHz Intel™ Pentium™ (or equivalent)
Memory	512MB minimum, 1GB recommended
Available hard disk space	670MB minimum

The deployment proceeds as follows:

When an endpoint accesses the Internet, the enforcement device temporarily quarantines the endpoint and triggers a notification that displays on the browser window. The notification instructs the endpoint user to install Threat Management Agent and the enforcement agent. The user launches the installation from the same browser window.

When a user launches the installation, the endpoint downloads the installation programs from the enforcement device and then proceeds with the installation using a set of ActiveX controls. The installation programs install Threat Management Agent and the enforcement agent.

Important deployment notes:

The enforcement device ships with the enforcement agent and Threat Management Agent. If a newer version of Threat Management Agent is available in Threat Mitigator at the time of deployment, the enforcement device downloads the newer version.

For endpoints with Threat Management Agent already installed, the enforcement device will still launch the Threat Management Agent installation. The installer will then perform one of the following tasks:

Repair: If the Threat Management Agent versions in the endpoint and enforcement device are the same, the installer will install the agent in repair mode.

Upgrade: If the Threat Management Agent version in the endpoint is older than the version in the enforcement device, the installer will install the agent in upgrade mode.

Skip: If the Threat Management Agent version in the endpoint is newer than the version in the enforcement device, the installer will skip the agent installation.

Deploy Threat Management Agent and enforcement agent only to endpoints that meet the system requirements listed in Agent system requirements. While the enforcement agent can be deployed to endpoints that do not meet the requirements, the endpoint will likely encounter problems related to security enforcement.

Ensure that both Threat Management Agent and enforcement agent are deployed to endpoints. If an endpoint has Threat Management Agent but not the enforcement agent, the endpoint will remain in quarantine.