Product Query | Trend Micro Service Central

Product Query

Vulnerability Scanner can check for the presence of security software on agents. The following table discusses how Vulnerability Scanner checks security products:

Security Products Checked by Vulnerability Scanner

Product	Description
ServerProtect for Windows	Vulnerability Scanner uses RPC endpoint to check if `SPNTSVC.exe` is running. It returns information including operating system, and Virus Scan Engine, Virus Pattern and product versions. Vulnerability Scanner cannot detect the ServerProtect Information Server or the ServerProtect Management Console.
ServerProtect for Linux	If the target endpoint does not run Windows, Vulnerability Scanner checks if it has ServerProtect for Linux installed by trying to connect to port 14942.
Security Agent	Vulnerability Scanner uses the Security Agent port to check if the Security Agent is installed. It also checks if the `TmListen.exe` process is running. It retrieves the port number automatically if executed from its default location. If you launched Vulnerability Scanner on any endpoint other than the Trend Micro Apex One server, check and then use the other endpoint's communication port.
PortalProtect™	Vulnerability Scanner loads the web page `http://localhost:port/PortalProtect/index.html` to check for product installation.
ScanMail™ for Microsoft Exchange™	Vulnerability Scanner loads the web page `http://ipaddress:port/scanmail.html` to check for ScanMail installation. By default, ScanMail uses port 16372. If ScanMail uses a different port number, specify the port number. Otherwise, Vulnerability Scanner cannot detect ScanMail.
InterScan™ family	Vulnerability Scanner loads each web page for different products to check for product installation. InterScan Messaging Security Suite 5.x: `http://localhost:port/eManager/cgi-bin/eManager.htm` InterScan eManager 3.x: `http://localhost:port/eManager/cgi-bin/eManager.htm` InterScan VirusWall™ 3.x: `http://localhost:port/InterScan/cgi-bin/interscan.dll`
Trend Micro Internet Security™ (PC-cillin)	Vulnerability Scanner uses port 40116 to check if Trend Micro Internet Security is installed.
McAfee VirusScan ePolicy Orchestrator	Vulnerability Scanner sends a special token to TCP port 8081, the default port of ePolicy Orchestrator for providing connection between the server and agent. The endpoint with this antivirus product replies using a special token type. Vulnerability Scanner cannot detect the standalone McAfee VirusScan.
Norton Antivirus™ Corporate Edition	Vulnerability Scanner sends a special token to UDP port 2967, the default port of Norton Antivirus Corporate Edition RTVScan. The endpoint with this antivirus product replies using a special token type. Since Norton Antivirus Corporate Edition communicates by UDP, the accuracy rate is not guaranteed. Furthermore, network traffic may influence UDP waiting time.

Vulnerability Scanner detects products and computers using the following protocols:

RPC: Detects ServerProtect for NT
UDP: Detects Norton AntiVirus Corporate Edition clients
TCP: Detects McAfee VirusScan ePolicy Orchestrator
ICMP: Detects computers by sending ICMP packets
HTTP: Detects Security Agents
DHCP: If it detects a DHCP request, Vulnerability Scanner checks if antivirus software has already been installed on the requesting endpoint.