Online Help Center Home
Preface
- OfficeScan Documentation
- Audience
- Document Conventions
- Terminology
Introducing OfficeScan
- About OfficeScan
- What's New in OfficeScan XG
- Key Features and Benefits
- The OfficeScan Server
- The OfficeScan Agent
- Integration with Trend Micro Products and Services
Getting Started with OfficeScan
- The Web Console
- The Dashboard
- The Server Migration Tool
  - Using the Server Migration Tool
- Active Directory Integration
  - Integrating Active Directory with OfficeScan
  - Synchronizing Data with Active Directory Domains
- The OfficeScan Agent Tree
- OfficeScan Domains
  - Agent Grouping
Getting Started with Data Protection
- Data Protection Installation
  - Installing Data Protection
- Data Protection License
  - Activating the Plug-in Program License
  - Viewing and Renewing the License Information
- Deployment of Data Protection to OfficeScan Agents
  - Deploying the Data Protection Module to OfficeScan Agents
- Forensic Folder and DLP Database
  - Modifying the Forensic Folder and Database Settings
  - Creating a Backup of Forensic Data
- Uninstalling Data Protection
  - Uninstalling Data Protection from Plug-in Manager
Using Trend Micro Smart Protection
- About Trend Micro Smart Protection
  - The Need for a New Solution
- Smart Protection Services
- Smart Protection Sources
- Smart Protection Pattern Files
- Setting Up Smart Protection Services
- Using Smart Protection Services
Installing the OfficeScan Agent
- OfficeScan Agent Fresh Installations
- Installation Considerations
  - OfficeScan Agent Features
  - OfficeScan Agent Installation and IPv6 Support
- Deployment Considerations
- Migrating to the OfficeScan Agent
  - Migrating from Other Endpoint Security Software
    - OfficeScan Agent Migration Issues
  - Migrating from ServerProtect Normal Servers
    - Using the ServerProtect Normal Server Migration Tool
- Post-installation
- OfficeScan Agent Uninstallation
Keeping Protection Up-to-Date
- OfficeScan Components and Programs
- Update Overview
  - OfficeScan Server and OfficeScan Agent Update
  - Smart Protection Source Update
- OfficeScan Server Updates
- Integrated Smart Protection Server Updates
- OfficeScan Agent Updates
- Update Agents
- Component Update Summary
  - Update Status for OfficeScan Agents
  - Components
Scanning for Security Risks
- About Security Risks
  - Viruses and Malware
  - Spyware and Grayware
- Scan Method Types
- Scan Types
- Settings Common to All Scan Types
- Scan Privileges and Other Settings
- Global Scan Settings
  - Configuring Global Scan Settings
    - Scan Settings Section
    - Scheduled Scan Settings Section
- Security Risk Notifications
- Security Risk Logs
- Security Risk Outbreaks
Protecting Against Unknown Threats
- Predictive Machine Learning
  - Configuring Predictive Machine Learning Settings
- Suspicious Connection Service
  - Configuring Global User-defined IP List Settings
  - Configuring Suspicious Connection Settings
- Sample Submission
  - Configuring Sample Submission
- Unknown Threat Logs
Using Behavior Monitoring
- Behavior Monitoring
- Configuring Global Behavior Monitoring Settings
- Behavior Monitoring Privileges
  - Granting Behavior Monitoring Privileges
- Behavior Monitoring Notifications for OfficeScan Agent Users
  - Enabling the Sending of Notification Messages
  - Modifying the Content of the Notification Message
- Behavior Monitoring Logs
  - Viewing Behavior Monitoring Logs
  - Configuring the Behavior Monitoring Log Sending Schedule
Using Device Control
- Device Control
- Permissions for Storage Devices
  - Advanced Permissions for Storage Devices
    - Specifying a Digital Signature Provider
    - Specifying a Program Path and Name
- Permissions for Non-storage Devices
- Managing Access to External Devices (Data Protection Activated)
- Managing Access to External Devices (Data Protection Not Activated)
  - Adding Programs to the Device Control Lists Using ofcscan.ini
- Modifying Device Control Notifications
- Device Control Logs
  - Viewing Device Control Logs
Using Data Loss Prevention
- About Data Loss Prevention (DLP)
- Data Loss Prevention Policies
  - Policy Configuration
- Data Identifier Types
- Data Loss Prevention Templates
  - Predefined DLP Templates
  - Customized DLP Templates
- DLP Channels
- Data Loss Prevention Actions
- Data Loss Prevention Exceptions
  - Defining Non-monitored and Monitored Targets
  - Decompression Rules
- Data Loss Prevention Policy Configuration
- Data Loss Prevention Notifications
  - Data Loss Prevention Notifications for Administrators
    - Configuring Data Loss Prevention Notification for Administrators
  - Data Loss Prevention Notifications for Agent Users
    - Configuring Data Loss Prevention Notification for Agents
- Data Loss Prevention Logs
  - Viewing Data Loss Prevention Logs
    - Processes by Channel
    - Data Loss Prevention Log Details
  - Enabling Debug Logging for the Data Protection Module
Using Web Reputation
- About Web Threats
- Command & Control Contact Alert Services
- Web Reputation
- Web Reputation Policies
  - Configuring a Web Reputation Policy
- Web Threat Notifications for Agent Users
  - Enabling the Web Threat Notification Message
  - Modifying the Web Threat Notifications
- C&C Callback Notifications for Administrators
  - Configuring C&C Callback Notifications for Administrators
- C&C Contact Alert Notifications for Agent Users
  - Enabling the C&C Callback Notification Message
  - Modifying the C&C Callback Notifications
- C&C Callback Outbreaks
  - Configuring the C&C Callback Outbreak Criteria and Notifications
- Web Threat Logs
  - Viewing Web Reputation Logs
  - Viewing C&C Callback Logs
Using the OfficeScan Firewall
- About the OfficeScan Firewall
- Enabling or Disabling the OfficeScan Firewall
  - Enabling or Disabling the OfficeScan Firewall on Selected Endpoints
  - Enabling or Disabling the OfficeScan Firewall on All Endpoints
- Firewall Policies and Profiles
  - Firewall Policies
  - Firewall Profiles
    - Configuring the Firewall Profile List
    - Adding and Editing a Firewall Profile
      - Adding a Firewall Profile
      - Modifying a Firewall Profile
- Firewall Privileges
  - Granting Firewall Privileges
- Global Firewall Settings
  - Configuring Global Firewall Settings
- Firewall Violation Notifications for OfficeScan Agent Users
  - Granting Users the Privilege to Enable/Disable the Notification Message
  - Modifying the Content of the Firewall Notification Message
- Firewall Logs
  - Viewing Firewall Logs
- Firewall Violation Outbreaks
  - Configuring the Firewall Violation Outbreak Criteria and Notifications
- Testing the OfficeScan Firewall
Managing the OfficeScan Server
- Role-based Administration
- Trend Micro Control Manager
- Suspicious Object List Settings
  - Configuring Suspicious Object List Settings
- Reference Servers
  - Managing the Reference Server List
- Administrator Notification Settings
  - Configuring General Notification Settings
- System Event Logs
  - Viewing System Event Logs
- Log Management
  - Log Maintenance
    - Deleting Logs Based on a Schedule
    - Manually Deleting Logs
- Licenses
  - Viewing Product License Information
  - Activating or Renewing a License
- OfficeScan Database Backup
  - Backing up the OfficeScan Database
  - Restoring the Database Backup Files
- SQL Server Migration Tool
  - Using the SQL Server Migration Tool
  - Configuring the SQL Database Unavailable Alert
- OfficeScan Web Server/Agent Connection Settings
  - Configuring Connection Settings
- Server-Agent Communication
  - Authentication of Server-initiated Communications
    - Configuring Authentication of Server-initiated Communications
    - Using Authentication Certificate Manager
  - Enhanced Encryption of Server-Agent Communication
- Web Console Password
- Web Console Settings
  - Configuring Web Console Settings
- Quarantine Manager
  - Configuring Quarantine Directory Settings
- Server Tuner
  - Running Server Tuner
- Smart Feedback
  - Participating in the Smart Feedback Program
Managing the OfficeScan Agent
- Endpoint Location
- OfficeScan Agent Program Management
- Agent-Server Connection
- OfficeScan Agent Proxy Settings
- Viewing OfficeScan Agent Information
- Importing and Exporting Agent Settings
  - Exporting Agent Settings
  - Importing Agent Settings
- Security Compliance
- Trend Micro Virtual Desktop Support
- Global Agent Settings
- Configuring Agent Privileges and Other Settings
Protecting Off-premises Agents
- Edge Relay Server
- Edge Relay Server System Requirements
- Installing the Edge Relay Server
- Connecting to the Edge Relay Server
- Managing the Edge Relay Server Connection
- Managing Edge Relay Server Certificates
Using Plug-in Manager
- About Plug-in Manager
  - Plug-in Program Agents on Endpoints
  - Widgets
- Plug-in Manager Installation
  - Performing Post-installation Tasks
- Native OfficeScan Feature Management
- Managing Plug-in Programs
- Uninstalling Plug-in Manager
- Troubleshooting Plug-in Manager
Troubleshooting Resources
- Support Intelligence System
- Case Diagnostic Tool
- Trend Micro Performance Tuning Tool
- OfficeScan Server Logs
- OfficeScan Agent Logs
Technical Support
- Troubleshooting Resources
  - Using the Support Portal
  - Threat Encyclopedia
- Contacting Trend Micro
  - Speeding Up the Support Call
- Sending Suspicious Content to Trend Micro
- Other Resources
  - Download Center
  - Documentation Feedback
IPv6 Support in OfficeScan
- IPv6 Support for OfficeScan Server and Agents
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Windows Server Core Support
- Windows Server Core Support
- Installation Methods for Windows Server Core
  - Installing the OfficeScan Agent Using Login Script Setup
  - Installing the OfficeScan Agent Using the OfficeScan Agent Package
- OfficeScan Agent Features on Windows Server Core
- Windows Server Core Commands
Windows 8/8.1/10 and Windows Server 2012/2016 Support
- About Windows 8/8.1/10 and Windows Server 2012/2016
- OfficeScan Feature Support by UI Mode
- Internet Explorer 10/11 and Microsoft Edge
OfficeScan Rollback
- Rolling Back the OfficeScan Server and OfficeScan Agents Using the Server Backup Package
  - Rolling Back the OfficeScan Agents
  - Restoring the Previous OfficeScan Server Version
Glossary
- ActiveUpdate
- Compressed File
- Cookie
- Denial of Service Attack
- DHCP
- DNS
- Domain Name
- Dynamic IP Address
- ESMTP
- End User License Agreement
- False Positive
- FTP
- GeneriClean
- Hot Fix
- HTTP
- HTTPS
- ICMP
- IntelliScan
- IntelliTrap
- IP
- Java File
- LDAP
- Listening Port
- MCP Agent
- Mixed Threat Attack
- NAT
- NetBIOS
- One-way Communication
- Patch
- Phish Attack
- Ping
- POP3
- Proxy Server
- RPC
- Security Patch
- Service Pack
- SMTP
- SNMP
- SNMP Trap
- SSL
- SSL Certificate
- TCP
- Telnet
- Trojan Port
- Trusted Port
  - Determining the Trusted Ports
- Two-way Communication
- UDP
- Uncleanable Files
  - Files Infected with Trojans

Running a DHCP Scan

Configure DHCP settings in the TMVS.ini file found under the following folder: <Server installation folder>\PCCSRV\Admin\Utility\TMVS.

Table 1. DHCP Settings in the TMVS.ini File
Setting	Description
DhcpThreadNum=x	Specify the thread number for DHCP mode. The minimum is 3, the maximum is 100. The default value is 8.
DhcpDelayScan=x	This is the delay time in seconds before checking the requesting endpoint for installed antivirus software. The minimum is 0 (do not wait) and the maximum is 600. The default value is 30.
LogReport=x	0 disables logging, 1 enables logging. Vulnerability Scanner sends the results of the scan to the OfficeScan server. Logs display in the System Event Logs screen on the web console.
OsceServer=x	This is the OfficeScan server's IP address or DNS name.
OsceServerPort=x	This is the web server port on the OfficeScan server.

To run a vulnerability scan on the OfficeScan server computer, navigate to <Server installation folder>\PCCSRV\Admin\Utility\TMVS and double-click TMVS.exe. The Trend Micro Vulnerability Scanner console appears. To run vulnerability scan on another endpoint running Windows Server 2003, Server 2008, Vista, 7, 8, 8.1, 10, or Server 2012/2016:
1. On the OfficeScan server computer, go to <Server installation folder>\PCCSRV\Admin\Utility.
2. Copy the TMVS folder to the other endpoint.
3. On the other endpoint, open the TMVS folder and then double-click TMVS.exe.
  The Trend Micro Vulnerability Scanner console appears.
Note:
You cannot launch the tool from Terminal Server.
Under the Manual Scan section, click Settings.
The Settings screen appears.

Configure the following settings:

Option	Description
Product query	Vulnerability Scanner can check for the presence of security software on the target host machines. For details, see Product Query.
OfficeScan server settings	Configure these settings if you want Vulnerability Scanner to automatically install OfficeScan agent to unprotected host machines. These settings identify the parent server and the administrative credentials used by the OfficeScan agent to log on to the host machines. For details, see OfficeScan Server Settings. Note: Certain conditions may prevent the installation of the OfficeScan agent to the target host machines. For details, see Guidelines When Installing the OfficeScan Agent Using Vulnerability Scanner.
Notifications	Vulnerability Scanner can send the vulnerability scan results to OfficeScan administrators. It can also display notifications on unprotected host machines. For details, see Notifications.
Save results	In addition to sending the vulnerability scan results to administrators, Vulnerability Scan can also save the results to a .csv file. For details, see Vulnerability Scan Results.

Click OK.
In the Results table, click the DHCP Scan tab.
Note:
The DHCP Scan tab is not available on computers running Windows Server 2008, Windows 7, Windows 8, Windows 8.1, Windows 10, and Windows Server 2012.
Click Start.
Vulnerability Scanner begins listening for DHCP requests and performing vulnerability checks on computers as they log on to the network.
To save the results to a comma-separated value (CSV) file, click Export, locate the folder where you want to save the file, type the file name, and click Save.