Online Help Center Home
Preface
- OfficeScan Documentation
- Audience
- Document Conventions
- Terminology
Introducing OfficeScan
- About OfficeScan
- What's New in OfficeScan XG
- Key Features and Benefits
- The OfficeScan Server
- The OfficeScan Agent
- Integration with Trend Micro Products and Services
Getting Started with OfficeScan
- The Web Console
- The Dashboard
- The Server Migration Tool
  - Using the Server Migration Tool
- Active Directory Integration
  - Integrating Active Directory with OfficeScan
  - Synchronizing Data with Active Directory Domains
- The OfficeScan Agent Tree
- OfficeScan Domains
  - Agent Grouping
Getting Started with Data Protection
- Data Protection Installation
  - Installing Data Protection
- Data Protection License
  - Activating the Plug-in Program License
  - Viewing and Renewing the License Information
- Deployment of Data Protection to OfficeScan Agents
  - Deploying the Data Protection Module to OfficeScan Agents
- Forensic Folder and DLP Database
  - Modifying the Forensic Folder and Database Settings
  - Creating a Backup of Forensic Data
- Uninstalling Data Protection
  - Uninstalling Data Protection from Plug-in Manager
Using Trend Micro Smart Protection
- About Trend Micro Smart Protection
  - The Need for a New Solution
- Smart Protection Services
- Smart Protection Sources
- Smart Protection Pattern Files
- Setting Up Smart Protection Services
- Using Smart Protection Services
Installing the OfficeScan Agent
- OfficeScan Agent Fresh Installations
- Installation Considerations
  - OfficeScan Agent Features
  - OfficeScan Agent Installation and IPv6 Support
- Deployment Considerations
- Migrating to the OfficeScan Agent
  - Migrating from Other Endpoint Security Software
    - OfficeScan Agent Migration Issues
  - Migrating from ServerProtect Normal Servers
    - Using the ServerProtect Normal Server Migration Tool
- Post-installation
- OfficeScan Agent Uninstallation
Keeping Protection Up-to-Date
- OfficeScan Components and Programs
- Update Overview
  - OfficeScan Server and OfficeScan Agent Update
  - Smart Protection Source Update
- OfficeScan Server Updates
- Integrated Smart Protection Server Updates
- OfficeScan Agent Updates
- Update Agents
- Component Update Summary
  - Update Status for OfficeScan Agents
  - Components
Scanning for Security Risks
- About Security Risks
  - Viruses and Malware
  - Spyware and Grayware
- Scan Method Types
- Scan Types
- Settings Common to All Scan Types
- Scan Privileges and Other Settings
- Global Scan Settings
  - Configuring Global Scan Settings
    - Scan Settings Section
    - Scheduled Scan Settings Section
- Security Risk Notifications
- Security Risk Logs
- Security Risk Outbreaks
Protecting Against Unknown Threats
- Predictive Machine Learning
  - Configuring Predictive Machine Learning Settings
- Suspicious Connection Service
  - Configuring Global User-defined IP List Settings
  - Configuring Suspicious Connection Settings
- Sample Submission
  - Configuring Sample Submission
- Unknown Threat Logs
Using Behavior Monitoring
- Behavior Monitoring
- Configuring Global Behavior Monitoring Settings
- Behavior Monitoring Privileges
  - Granting Behavior Monitoring Privileges
- Behavior Monitoring Notifications for OfficeScan Agent Users
  - Enabling the Sending of Notification Messages
  - Modifying the Content of the Notification Message
- Behavior Monitoring Logs
  - Viewing Behavior Monitoring Logs
  - Configuring the Behavior Monitoring Log Sending Schedule
Using Device Control
- Device Control
- Permissions for Storage Devices
  - Advanced Permissions for Storage Devices
    - Specifying a Digital Signature Provider
    - Specifying a Program Path and Name
- Permissions for Non-storage Devices
- Managing Access to External Devices (Data Protection Activated)
- Managing Access to External Devices (Data Protection Not Activated)
  - Adding Programs to the Device Control Lists Using ofcscan.ini
- Modifying Device Control Notifications
- Device Control Logs
  - Viewing Device Control Logs
Using Data Loss Prevention
- About Data Loss Prevention (DLP)
- Data Loss Prevention Policies
  - Policy Configuration
- Data Identifier Types
- Data Loss Prevention Templates
  - Predefined DLP Templates
  - Customized DLP Templates
- DLP Channels
- Data Loss Prevention Actions
- Data Loss Prevention Exceptions
  - Defining Non-monitored and Monitored Targets
  - Decompression Rules
- Data Loss Prevention Policy Configuration
- Data Loss Prevention Notifications
  - Data Loss Prevention Notifications for Administrators
    - Configuring Data Loss Prevention Notification for Administrators
  - Data Loss Prevention Notifications for Agent Users
    - Configuring Data Loss Prevention Notification for Agents
- Data Loss Prevention Logs
  - Viewing Data Loss Prevention Logs
    - Processes by Channel
    - Data Loss Prevention Log Details
  - Enabling Debug Logging for the Data Protection Module
Using Web Reputation
- About Web Threats
- Command & Control Contact Alert Services
- Web Reputation
- Web Reputation Policies
  - Configuring a Web Reputation Policy
- Web Threat Notifications for Agent Users
  - Enabling the Web Threat Notification Message
  - Modifying the Web Threat Notifications
- C&C Callback Notifications for Administrators
  - Configuring C&C Callback Notifications for Administrators
- C&C Contact Alert Notifications for Agent Users
  - Enabling the C&C Callback Notification Message
  - Modifying the C&C Callback Notifications
- C&C Callback Outbreaks
  - Configuring the C&C Callback Outbreak Criteria and Notifications
- Web Threat Logs
  - Viewing Web Reputation Logs
  - Viewing C&C Callback Logs
Using the OfficeScan Firewall
- About the OfficeScan Firewall
- Enabling or Disabling the OfficeScan Firewall
  - Enabling or Disabling the OfficeScan Firewall on Selected Endpoints
  - Enabling or Disabling the OfficeScan Firewall on All Endpoints
- Firewall Policies and Profiles
  - Firewall Policies
  - Firewall Profiles
    - Configuring the Firewall Profile List
    - Adding and Editing a Firewall Profile
      - Adding a Firewall Profile
      - Modifying a Firewall Profile
- Firewall Privileges
  - Granting Firewall Privileges
- Global Firewall Settings
  - Configuring Global Firewall Settings
- Firewall Violation Notifications for OfficeScan Agent Users
  - Granting Users the Privilege to Enable/Disable the Notification Message
  - Modifying the Content of the Firewall Notification Message
- Firewall Logs
  - Viewing Firewall Logs
- Firewall Violation Outbreaks
  - Configuring the Firewall Violation Outbreak Criteria and Notifications
- Testing the OfficeScan Firewall
Managing the OfficeScan Server
- Role-based Administration
- Trend Micro Control Manager
- Suspicious Object List Settings
  - Configuring Suspicious Object List Settings
- Reference Servers
  - Managing the Reference Server List
- Administrator Notification Settings
  - Configuring General Notification Settings
- System Event Logs
  - Viewing System Event Logs
- Log Management
  - Log Maintenance
    - Deleting Logs Based on a Schedule
    - Manually Deleting Logs
- Licenses
  - Viewing Product License Information
  - Activating or Renewing a License
- OfficeScan Database Backup
  - Backing up the OfficeScan Database
  - Restoring the Database Backup Files
- SQL Server Migration Tool
  - Using the SQL Server Migration Tool
  - Configuring the SQL Database Unavailable Alert
- OfficeScan Web Server/Agent Connection Settings
  - Configuring Connection Settings
- Server-Agent Communication
  - Authentication of Server-initiated Communications
    - Configuring Authentication of Server-initiated Communications
    - Using Authentication Certificate Manager
  - Enhanced Encryption of Server-Agent Communication
- Web Console Password
- Web Console Settings
  - Configuring Web Console Settings
- Quarantine Manager
  - Configuring Quarantine Directory Settings
- Server Tuner
  - Running Server Tuner
- Smart Feedback
  - Participating in the Smart Feedback Program
Managing the OfficeScan Agent
- Endpoint Location
- OfficeScan Agent Program Management
- Agent-Server Connection
- OfficeScan Agent Proxy Settings
- Viewing OfficeScan Agent Information
- Importing and Exporting Agent Settings
  - Exporting Agent Settings
  - Importing Agent Settings
- Security Compliance
- Trend Micro Virtual Desktop Support
- Global Agent Settings
- Configuring Agent Privileges and Other Settings
Protecting Off-premises Agents
- Edge Relay Server
- Edge Relay Server System Requirements
- Installing the Edge Relay Server
- Connecting to the Edge Relay Server
- Managing the Edge Relay Server Connection
- Managing Edge Relay Server Certificates
Using Plug-in Manager
- About Plug-in Manager
  - Plug-in Program Agents on Endpoints
  - Widgets
- Plug-in Manager Installation
  - Performing Post-installation Tasks
- Native OfficeScan Feature Management
- Managing Plug-in Programs
- Uninstalling Plug-in Manager
- Troubleshooting Plug-in Manager
Troubleshooting Resources
- Support Intelligence System
- Case Diagnostic Tool
- Trend Micro Performance Tuning Tool
- OfficeScan Server Logs
- OfficeScan Agent Logs
Technical Support
- Troubleshooting Resources
  - Using the Support Portal
  - Threat Encyclopedia
- Contacting Trend Micro
  - Speeding Up the Support Call
- Sending Suspicious Content to Trend Micro
- Other Resources
  - Download Center
  - Documentation Feedback
IPv6 Support in OfficeScan
- IPv6 Support for OfficeScan Server and Agents
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Windows Server Core Support
- Windows Server Core Support
- Installation Methods for Windows Server Core
  - Installing the OfficeScan Agent Using Login Script Setup
  - Installing the OfficeScan Agent Using the OfficeScan Agent Package
- OfficeScan Agent Features on Windows Server Core
- Windows Server Core Commands
Windows 8/8.1/10 and Windows Server 2012/2016 Support
- About Windows 8/8.1/10 and Windows Server 2012/2016
- OfficeScan Feature Support by UI Mode
- Internet Explorer 10/11 and Microsoft Edge
OfficeScan Rollback
- Rolling Back the OfficeScan Server and OfficeScan Agents Using the Server Backup Package
  - Rolling Back the OfficeScan Agents
  - Restoring the Previous OfficeScan Server Version
Glossary
- ActiveUpdate
- Compressed File
- Cookie
- Denial of Service Attack
- DHCP
- DNS
- Domain Name
- Dynamic IP Address
- ESMTP
- End User License Agreement
- False Positive
- FTP
- GeneriClean
- Hot Fix
- HTTP
- HTTPS
- ICMP
- IntelliScan
- IntelliTrap
- IP
- Java File
- LDAP
- Listening Port
- MCP Agent
- Mixed Threat Attack
- NAT
- NetBIOS
- One-way Communication
- Patch
- Phish Attack
- Ping
- POP3
- Proxy Server
- RPC
- Security Patch
- Service Pack
- SMTP
- SNMP
- SNMP Trap
- SSL
- SSL Certificate
- TCP
- Telnet
- Trojan Port
- Trusted Port
  - Determining the Trusted Ports
- Two-way Communication
- UDP
- Uncleanable Files
  - Files Infected with Trojans

Viewing Spyware/Grayware Logs

The OfficeScan agent generates logs when it detects spyware and grayware and sends the logs to the server.

Go to one of the following:
- Logs > Agents > Security Risks
- Agents > Agent Management
In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
Click Logs > Spyware/Grayware Logs or View Logs > Spyware/Grayware Logs.
Specify the log criteria and then click Display Logs.
View logs. Logs contain the following information:
- Date and time of spyware/grayware detection
- Affected endpoint
- Spyware/Grayware name
- Infection channel
- Scan type that detected the spyware/grayware
- Details about the spyware/grayware scan results (if scan action was performed successfully or not).
  
  See Spyware/Grayware Scan Results for details.
- IP address
- MAC address
- Log details (Click View to see the details.)
Add spyware/grayware you consider harmless to the spyware/grayware approved list.
To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.
The CSV file contains the following information:
- All information in the logs
- User name logged on to the endpoint at the time of detection