Smart Scan Server Setup
Perform the following tasks to implement the smart protection solution in your security environment:
Install Smart Protection Server. For details, see Smart Protection Server Installation.
Configure Smart Protection Server settings from the Threat Mitigator console. For details, see Smart Protection Server Settings.
Install Smart Protection Server on a VMware server. Only one Smart Protection Server can be used in this Threat Mitigator version. For installation instructions and requirements, refer to the Installation and Upgrade Guide for Smart Protection Server.
For information on the Smart Protection Server versions compatible with Threat Mitigator, see Integration with Trend Micro Products and Services.
Smart Protection Server, Threat Mitigator, and the VMware ESX/ESXi server (which hosts the Smart Protection Server and Threat Mitigator) require unique IP addresses. Check the IP addresses of the VMware ESX/ESXi server and Threat Mitigator and ensure that none of these IP addresses is assigned to Smart Protection Server.
If you have previously installed a Smart Protection Server for use with another Trend Micro product (such as Threat Discovery Appliance), you can use the same server for Threat Mitigator. While Smart Protection Server can be queried simultaneously by multiple Trend Micro products, it may become overloaded as the volume of scan queries increases. Ensure that the Smart Protection Server can handle scan queries coming from different products. Contact your support provider for sizing guidelines and recommendations.
After setting up a Smart Protection Server, specify the server address on the Threat Mitigator console so that endpoints can identify the server to which to send scan queries. Endpoints send scan queries during On-demand Scan and if a mitigation task uses the Smart Scan Agent Pattern. Network connection is required to connect to this server.
You can also configure endpoints that cannot connect to the Smart Protection Server to send scan queries to the Trend Micro Smart Protection Network. Internet connection is required to connect to Smart Protection Network.
The mitigation task or On-demand Scan will not start if connection to both the Smart Protection Server and the Trend Micro Smart Protection Network cannot be established.
If the mitigation task or On-demand Scan has started and connection to both servers is lost, files requiring a scan query are bypassed, allowing users to access the file. This event will be logged and logs will be sent to Threat Mitigator. You can view the logs from the threat event logs. For details about threat event logs, see Threat Event Logs.
To configure Smart Protection Server settings:
Services > Smart Protection Server
Type the Smart Protection Server’s address. You can find the address from the Smart Protection Server console’s Smart Protection > Reputation Services screen.
Select the check box to allow endpoints to connect to the Trend Micro Smart Protection Network if connection to the Smart Protection Server cannot be established.
Click Save.
See also: