Online Help Center Home
Preface
- OfficeScan Documentation
- Audience
- Document Conventions
- Terminology
Introducing OfficeScan
- About OfficeScan
- What's New in OfficeScan XG
- Key Features and Benefits
- The OfficeScan Server
- The OfficeScan Agent
- Integration with Trend Micro Products and Services
Getting Started with OfficeScan
- The Web Console
- The Dashboard
- The Server Migration Tool
  - Using the Server Migration Tool
- Active Directory Integration
  - Integrating Active Directory with OfficeScan
  - Synchronizing Data with Active Directory Domains
- The OfficeScan Agent Tree
- OfficeScan Domains
  - Agent Grouping
Getting Started with Data Protection
- Data Protection Installation
  - Installing Data Protection
- Data Protection License
  - Activating the Plug-in Program License
  - Viewing and Renewing the License Information
- Deployment of Data Protection to OfficeScan Agents
  - Deploying the Data Protection Module to OfficeScan Agents
- Forensic Folder and DLP Database
  - Modifying the Forensic Folder and Database Settings
  - Creating a Backup of Forensic Data
- Uninstalling Data Protection
  - Uninstalling Data Protection from Plug-in Manager
Using Trend Micro Smart Protection
- About Trend Micro Smart Protection
  - The Need for a New Solution
- Smart Protection Services
- Smart Protection Sources
- Smart Protection Pattern Files
- Setting Up Smart Protection Services
- Using Smart Protection Services
Installing the OfficeScan Agent
- OfficeScan Agent Fresh Installations
- Installation Considerations
  - OfficeScan Agent Features
  - OfficeScan Agent Installation and IPv6 Support
- Deployment Considerations
- Migrating to the OfficeScan Agent
  - Migrating from Other Endpoint Security Software
    - OfficeScan Agent Migration Issues
  - Migrating from ServerProtect Normal Servers
    - Using the ServerProtect Normal Server Migration Tool
- Post-installation
- OfficeScan Agent Uninstallation
Keeping Protection Up-to-Date
- OfficeScan Components and Programs
- Update Overview
  - OfficeScan Server and OfficeScan Agent Update
  - Smart Protection Source Update
- OfficeScan Server Updates
- Integrated Smart Protection Server Updates
- OfficeScan Agent Updates
- Update Agents
- Component Update Summary
  - Update Status for OfficeScan Agents
  - Components
Scanning for Security Risks
- About Security Risks
  - Viruses and Malware
  - Spyware and Grayware
- Scan Method Types
- Scan Types
- Settings Common to All Scan Types
- Scan Privileges and Other Settings
- Global Scan Settings
  - Configuring Global Scan Settings
    - Scan Settings Section
    - Scheduled Scan Settings Section
- Security Risk Notifications
- Security Risk Logs
- Security Risk Outbreaks
Protecting Against Unknown Threats
- Predictive Machine Learning
  - Configuring Predictive Machine Learning Settings
- Suspicious Connection Service
  - Configuring Global User-defined IP List Settings
  - Configuring Suspicious Connection Settings
- Sample Submission
  - Configuring Sample Submission
- Unknown Threat Logs
Using Behavior Monitoring
- Behavior Monitoring
- Configuring Global Behavior Monitoring Settings
- Behavior Monitoring Privileges
  - Granting Behavior Monitoring Privileges
- Behavior Monitoring Notifications for OfficeScan Agent Users
  - Enabling the Sending of Notification Messages
  - Modifying the Content of the Notification Message
- Behavior Monitoring Logs
  - Viewing Behavior Monitoring Logs
  - Configuring the Behavior Monitoring Log Sending Schedule
Using Device Control
- Device Control
- Permissions for Storage Devices
  - Advanced Permissions for Storage Devices
    - Specifying a Digital Signature Provider
    - Specifying a Program Path and Name
- Permissions for Non-storage Devices
- Managing Access to External Devices (Data Protection Activated)
- Managing Access to External Devices (Data Protection Not Activated)
  - Adding Programs to the Device Control Lists Using ofcscan.ini
- Modifying Device Control Notifications
- Device Control Logs
  - Viewing Device Control Logs
Using Data Loss Prevention
- About Data Loss Prevention (DLP)
- Data Loss Prevention Policies
  - Policy Configuration
- Data Identifier Types
- Data Loss Prevention Templates
  - Predefined DLP Templates
  - Customized DLP Templates
- DLP Channels
- Data Loss Prevention Actions
- Data Loss Prevention Exceptions
  - Defining Non-monitored and Monitored Targets
  - Decompression Rules
- Data Loss Prevention Policy Configuration
- Data Loss Prevention Notifications
  - Data Loss Prevention Notifications for Administrators
    - Configuring Data Loss Prevention Notification for Administrators
  - Data Loss Prevention Notifications for Agent Users
    - Configuring Data Loss Prevention Notification for Agents
- Data Loss Prevention Logs
  - Viewing Data Loss Prevention Logs
    - Processes by Channel
    - Data Loss Prevention Log Details
  - Enabling Debug Logging for the Data Protection Module
Using Web Reputation
- About Web Threats
- Command & Control Contact Alert Services
- Web Reputation
- Web Reputation Policies
  - Configuring a Web Reputation Policy
- Web Threat Notifications for Agent Users
  - Enabling the Web Threat Notification Message
  - Modifying the Web Threat Notifications
- C&C Callback Notifications for Administrators
  - Configuring C&C Callback Notifications for Administrators
- C&C Contact Alert Notifications for Agent Users
  - Enabling the C&C Callback Notification Message
  - Modifying the C&C Callback Notifications
- C&C Callback Outbreaks
  - Configuring the C&C Callback Outbreak Criteria and Notifications
- Web Threat Logs
  - Viewing Web Reputation Logs
  - Viewing C&C Callback Logs
Using the OfficeScan Firewall
- About the OfficeScan Firewall
- Enabling or Disabling the OfficeScan Firewall
  - Enabling or Disabling the OfficeScan Firewall on Selected Endpoints
  - Enabling or Disabling the OfficeScan Firewall on All Endpoints
- Firewall Policies and Profiles
  - Firewall Policies
  - Firewall Profiles
    - Configuring the Firewall Profile List
    - Adding and Editing a Firewall Profile
      - Adding a Firewall Profile
      - Modifying a Firewall Profile
- Firewall Privileges
  - Granting Firewall Privileges
- Global Firewall Settings
  - Configuring Global Firewall Settings
- Firewall Violation Notifications for OfficeScan Agent Users
  - Granting Users the Privilege to Enable/Disable the Notification Message
  - Modifying the Content of the Firewall Notification Message
- Firewall Logs
  - Viewing Firewall Logs
- Firewall Violation Outbreaks
  - Configuring the Firewall Violation Outbreak Criteria and Notifications
- Testing the OfficeScan Firewall
Managing the OfficeScan Server
- Role-based Administration
- Trend Micro Control Manager
- Suspicious Object List Settings
  - Configuring Suspicious Object List Settings
- Reference Servers
  - Managing the Reference Server List
- Administrator Notification Settings
  - Configuring General Notification Settings
- System Event Logs
  - Viewing System Event Logs
- Log Management
  - Log Maintenance
    - Deleting Logs Based on a Schedule
    - Manually Deleting Logs
- Licenses
  - Viewing Product License Information
  - Activating or Renewing a License
- OfficeScan Database Backup
  - Backing up the OfficeScan Database
  - Restoring the Database Backup Files
- SQL Server Migration Tool
  - Using the SQL Server Migration Tool
  - Configuring the SQL Database Unavailable Alert
- OfficeScan Web Server/Agent Connection Settings
  - Configuring Connection Settings
- Server-Agent Communication
  - Authentication of Server-initiated Communications
    - Configuring Authentication of Server-initiated Communications
    - Using Authentication Certificate Manager
  - Enhanced Encryption of Server-Agent Communication
- Web Console Password
- Web Console Settings
  - Configuring Web Console Settings
- Quarantine Manager
  - Configuring Quarantine Directory Settings
- Server Tuner
  - Running Server Tuner
- Smart Feedback
  - Participating in the Smart Feedback Program
Managing the OfficeScan Agent
- Endpoint Location
- OfficeScan Agent Program Management
- Agent-Server Connection
- OfficeScan Agent Proxy Settings
- Viewing OfficeScan Agent Information
- Importing and Exporting Agent Settings
  - Exporting Agent Settings
  - Importing Agent Settings
- Security Compliance
- Trend Micro Virtual Desktop Support
- Global Agent Settings
- Configuring Agent Privileges and Other Settings
Protecting Off-premises Agents
- Edge Relay Server
- Edge Relay Server System Requirements
- Installing the Edge Relay Server
- Connecting to the Edge Relay Server
- Managing the Edge Relay Server Connection
- Managing Edge Relay Server Certificates
Using Plug-in Manager
- About Plug-in Manager
  - Plug-in Program Agents on Endpoints
  - Widgets
- Plug-in Manager Installation
  - Performing Post-installation Tasks
- Native OfficeScan Feature Management
- Managing Plug-in Programs
- Uninstalling Plug-in Manager
- Troubleshooting Plug-in Manager
Troubleshooting Resources
- Support Intelligence System
- Case Diagnostic Tool
- Trend Micro Performance Tuning Tool
- OfficeScan Server Logs
- OfficeScan Agent Logs
Technical Support
- Troubleshooting Resources
  - Using the Support Portal
  - Threat Encyclopedia
- Contacting Trend Micro
  - Speeding Up the Support Call
- Sending Suspicious Content to Trend Micro
- Other Resources
  - Download Center
  - Documentation Feedback
IPv6 Support in OfficeScan
- IPv6 Support for OfficeScan Server and Agents
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Windows Server Core Support
- Windows Server Core Support
- Installation Methods for Windows Server Core
  - Installing the OfficeScan Agent Using Login Script Setup
  - Installing the OfficeScan Agent Using the OfficeScan Agent Package
- OfficeScan Agent Features on Windows Server Core
- Windows Server Core Commands
Windows 8/8.1/10 and Windows Server 2012/2016 Support
- About Windows 8/8.1/10 and Windows Server 2012/2016
- OfficeScan Feature Support by UI Mode
- Internet Explorer 10/11 and Microsoft Edge
OfficeScan Rollback
- Rolling Back the OfficeScan Server and OfficeScan Agents Using the Server Backup Package
  - Rolling Back the OfficeScan Agents
  - Restoring the Previous OfficeScan Server Version
Glossary
- ActiveUpdate
- Compressed File
- Cookie
- Denial of Service Attack
- DHCP
- DNS
- Domain Name
- Dynamic IP Address
- ESMTP
- End User License Agreement
- False Positive
- FTP
- GeneriClean
- Hot Fix
- HTTP
- HTTPS
- ICMP
- IntelliScan
- IntelliTrap
- IP
- Java File
- LDAP
- Listening Port
- MCP Agent
- Mixed Threat Attack
- NAT
- NetBIOS
- One-way Communication
- Patch
- Phish Attack
- Ping
- POP3
- Proxy Server
- RPC
- Security Patch
- Service Pack
- SMTP
- SNMP
- SNMP Trap
- SSL
- SSL Certificate
- TCP
- Telnet
- Trojan Port
- Trusted Port
  - Determining the Trusted Ports
- Two-way Communication
- UDP
- Uncleanable Files
  - Files Infected with Trojans

Creating an Installation Package Using Agent Packager

On the OfficeScan server computer, browse to <Server installation folder>\PCCSRV\Admin\Utility\ClientPackager.
Double-click ClnPack.exe to run the tool.
The Agent Packager console opens.

Select the type of package you want to create.

Table 1. Agent Package Types
Package Type	Description
Setup	Select Setup to create the package as an executable file. The package installs the OfficeScan agent program with the components currently available on the server. If the target endpoint has an earlier agent version installed, running the executable file upgrades the agent.
Update	Select Update to create a package that contains the components currently available on the server. The package will be created as an executable file. Use this package if there are issues updating components on any agent endpoint.
MSI	Select MSI to create a package that conforms to the Microsoft Installer Package format. The package also installs the OfficeScan agent program with the components currently available on the server. If the target endpoint has an earlier agent version installed, running the MSI file upgrades the agent.

Select the operating system for which you want to create the package. Deploy the package only to endpoints that run the operating system type. Create another package to deploy to another operating system type.
Select the scan method that the agent package deploys.
For guidelines regarding how to select a scan method, see Scan Method Guidelines for Agent Packages.
Under Domain, select one of the following:
- Allow the agent to report its domain automatically: After installing the OfficeScan agent, the agent queries the OfficeScan server database and reports its domain settings to the server.
- Any domain in the list: Agent Packager synchronizes with the OfficeScan server and lists the domains currently used in the agent tree.

Under Options, select from the following:

Option	Description
Silent mode	This option creates a package that installs on the agent endpoint in the background, unnoticeable to the agent and without showing an installation status window. Enable this option if you plan to deploy the package remotely to the target endpoint.
Force overwrite with latest version	This option overwrites component versions on the agent with the versions currently available on the server. Enable this option to ensure that components on the server and agent are synchronized.
Disable Prescan (fresh installations only)	If the target endpoint does not have the OfficeScan agent installed, the package first scans the endpoint for security risks before installing the OfficeScan agent. If you are certain that the target endpoint is not infected with security risks, disable prescan. If prescan is enabled, Setup scans for virus/malware in the most vulnerable areas of the endpoint, which include the following: Boot area and boot directory (for boot viruses) Windows folder Program files folder

Option

Description

Silent mode

This option creates a package that installs on the agent endpoint in the background, unnoticeable to the agent and without showing an installation status window. Enable this option if you plan to deploy the package remotely to the target endpoint.

Force overwrite with latest version

This option overwrites component versions on the agent with the versions currently available on the server. Enable this option to ensure that components on the server and agent are synchronized.

Disable Prescan (fresh installations only)

If the target endpoint does not have the OfficeScan agent installed, the package first scans the endpoint for security risks before installing the OfficeScan agent. If you are certain that the target endpoint is not infected with security risks, disable prescan.

If prescan is enabled, Setup scans for virus/malware in the most vulnerable areas of the endpoint, which include the following:

Boot area and boot directory (for boot viruses)
Windows folder
Program files folder

Under Update Agent Capabilities, select which features the Update Agent can deploy.
Under Components, select the components and features to include in the package.
- For details about components, see OfficeScan Components and Programs.
- The Data Protection module is only available if you install and activate Data Protection. For details about Data Protection, see Getting Started with Data Protection.
Next to Source file, ensure that the location of the ofcscan.ini file is correct. To modify the path, click () to browse for the ofcscan.ini file.
By default, this file is in the <Server installation folder>\PCCSRV folder of the OfficeScan server.
In Output file, click (), specify where you want to create the OfficeScan agent package, and type the package file name (for example, AgentSetup.exe).
Click Create.
After Agent Packager creates the package, the message "Package created successfully" appears. Locate the package in the directory that you specified in the previous step.
Deploy the package.