Online Help Center Home
Preface
- OfficeScan Documentation
- Audience
- Document Conventions
- Terminology
Introducing OfficeScan
- About OfficeScan
- What's New in OfficeScan XG
- Key Features and Benefits
- The OfficeScan Server
- The OfficeScan Agent
- Integration with Trend Micro Products and Services
Getting Started with OfficeScan
- The Web Console
- The Dashboard
- The Server Migration Tool
  - Using the Server Migration Tool
- Active Directory Integration
  - Integrating Active Directory with OfficeScan
  - Synchronizing Data with Active Directory Domains
- The OfficeScan Agent Tree
- OfficeScan Domains
  - Agent Grouping
Getting Started with Data Protection
- Data Protection Installation
  - Installing Data Protection
- Data Protection License
  - Activating the Plug-in Program License
  - Viewing and Renewing the License Information
- Deployment of Data Protection to OfficeScan Agents
  - Deploying the Data Protection Module to OfficeScan Agents
- Forensic Folder and DLP Database
  - Modifying the Forensic Folder and Database Settings
  - Creating a Backup of Forensic Data
- Uninstalling Data Protection
  - Uninstalling Data Protection from Plug-in Manager
Using Trend Micro Smart Protection
- About Trend Micro Smart Protection
  - The Need for a New Solution
- Smart Protection Services
- Smart Protection Sources
- Smart Protection Pattern Files
- Setting Up Smart Protection Services
- Using Smart Protection Services
Installing the OfficeScan Agent
- OfficeScan Agent Fresh Installations
- Installation Considerations
  - OfficeScan Agent Features
  - OfficeScan Agent Installation and IPv6 Support
- Deployment Considerations
- Migrating to the OfficeScan Agent
  - Migrating from Other Endpoint Security Software
    - OfficeScan Agent Migration Issues
  - Migrating from ServerProtect Normal Servers
    - Using the ServerProtect Normal Server Migration Tool
- Post-installation
- OfficeScan Agent Uninstallation
Keeping Protection Up-to-Date
- OfficeScan Components and Programs
- Update Overview
  - OfficeScan Server and OfficeScan Agent Update
  - Smart Protection Source Update
- OfficeScan Server Updates
- Integrated Smart Protection Server Updates
- OfficeScan Agent Updates
- Update Agents
- Component Update Summary
  - Update Status for OfficeScan Agents
  - Components
Scanning for Security Risks
- About Security Risks
  - Viruses and Malware
  - Spyware and Grayware
- Scan Method Types
- Scan Types
- Settings Common to All Scan Types
- Scan Privileges and Other Settings
- Global Scan Settings
  - Configuring Global Scan Settings
    - Scan Settings Section
    - Scheduled Scan Settings Section
- Security Risk Notifications
- Security Risk Logs
- Security Risk Outbreaks
Protecting Against Unknown Threats
- Predictive Machine Learning
  - Configuring Predictive Machine Learning Settings
- Suspicious Connection Service
  - Configuring Global User-defined IP List Settings
  - Configuring Suspicious Connection Settings
- Sample Submission
  - Configuring Sample Submission
- Unknown Threat Logs
Using Behavior Monitoring
- Behavior Monitoring
- Configuring Global Behavior Monitoring Settings
- Behavior Monitoring Privileges
  - Granting Behavior Monitoring Privileges
- Behavior Monitoring Notifications for OfficeScan Agent Users
  - Enabling the Sending of Notification Messages
  - Modifying the Content of the Notification Message
- Behavior Monitoring Logs
  - Viewing Behavior Monitoring Logs
  - Configuring the Behavior Monitoring Log Sending Schedule
Using Device Control
- Device Control
- Permissions for Storage Devices
  - Advanced Permissions for Storage Devices
    - Specifying a Digital Signature Provider
    - Specifying a Program Path and Name
- Permissions for Non-storage Devices
- Managing Access to External Devices (Data Protection Activated)
- Managing Access to External Devices (Data Protection Not Activated)
  - Adding Programs to the Device Control Lists Using ofcscan.ini
- Modifying Device Control Notifications
- Device Control Logs
  - Viewing Device Control Logs
Using Data Loss Prevention
- About Data Loss Prevention (DLP)
- Data Loss Prevention Policies
  - Policy Configuration
- Data Identifier Types
- Data Loss Prevention Templates
  - Predefined DLP Templates
  - Customized DLP Templates
- DLP Channels
- Data Loss Prevention Actions
- Data Loss Prevention Exceptions
  - Defining Non-monitored and Monitored Targets
  - Decompression Rules
- Data Loss Prevention Policy Configuration
- Data Loss Prevention Notifications
  - Data Loss Prevention Notifications for Administrators
    - Configuring Data Loss Prevention Notification for Administrators
  - Data Loss Prevention Notifications for Agent Users
    - Configuring Data Loss Prevention Notification for Agents
- Data Loss Prevention Logs
  - Viewing Data Loss Prevention Logs
    - Processes by Channel
    - Data Loss Prevention Log Details
  - Enabling Debug Logging for the Data Protection Module
Using Web Reputation
- About Web Threats
- Command & Control Contact Alert Services
- Web Reputation
- Web Reputation Policies
  - Configuring a Web Reputation Policy
- Web Threat Notifications for Agent Users
  - Enabling the Web Threat Notification Message
  - Modifying the Web Threat Notifications
- C&C Callback Notifications for Administrators
  - Configuring C&C Callback Notifications for Administrators
- C&C Contact Alert Notifications for Agent Users
  - Enabling the C&C Callback Notification Message
  - Modifying the C&C Callback Notifications
- C&C Callback Outbreaks
  - Configuring the C&C Callback Outbreak Criteria and Notifications
- Web Threat Logs
  - Viewing Web Reputation Logs
  - Viewing C&C Callback Logs
Using the OfficeScan Firewall
- About the OfficeScan Firewall
- Enabling or Disabling the OfficeScan Firewall
  - Enabling or Disabling the OfficeScan Firewall on Selected Endpoints
  - Enabling or Disabling the OfficeScan Firewall on All Endpoints
- Firewall Policies and Profiles
  - Firewall Policies
  - Firewall Profiles
    - Configuring the Firewall Profile List
    - Adding and Editing a Firewall Profile
      - Adding a Firewall Profile
      - Modifying a Firewall Profile
- Firewall Privileges
  - Granting Firewall Privileges
- Global Firewall Settings
  - Configuring Global Firewall Settings
- Firewall Violation Notifications for OfficeScan Agent Users
  - Granting Users the Privilege to Enable/Disable the Notification Message
  - Modifying the Content of the Firewall Notification Message
- Firewall Logs
  - Viewing Firewall Logs
- Firewall Violation Outbreaks
  - Configuring the Firewall Violation Outbreak Criteria and Notifications
- Testing the OfficeScan Firewall
Managing the OfficeScan Server
- Role-based Administration
- Trend Micro Control Manager
- Suspicious Object List Settings
  - Configuring Suspicious Object List Settings
- Reference Servers
  - Managing the Reference Server List
- Administrator Notification Settings
  - Configuring General Notification Settings
- System Event Logs
  - Viewing System Event Logs
- Log Management
  - Log Maintenance
    - Deleting Logs Based on a Schedule
    - Manually Deleting Logs
- Licenses
  - Viewing Product License Information
  - Activating or Renewing a License
- OfficeScan Database Backup
  - Backing up the OfficeScan Database
  - Restoring the Database Backup Files
- SQL Server Migration Tool
  - Using the SQL Server Migration Tool
  - Configuring the SQL Database Unavailable Alert
- OfficeScan Web Server/Agent Connection Settings
  - Configuring Connection Settings
- Server-Agent Communication
  - Authentication of Server-initiated Communications
    - Configuring Authentication of Server-initiated Communications
    - Using Authentication Certificate Manager
  - Enhanced Encryption of Server-Agent Communication
- Web Console Password
- Web Console Settings
  - Configuring Web Console Settings
- Quarantine Manager
  - Configuring Quarantine Directory Settings
- Server Tuner
  - Running Server Tuner
- Smart Feedback
  - Participating in the Smart Feedback Program
Managing the OfficeScan Agent
- Endpoint Location
- OfficeScan Agent Program Management
- Agent-Server Connection
- OfficeScan Agent Proxy Settings
- Viewing OfficeScan Agent Information
- Importing and Exporting Agent Settings
  - Exporting Agent Settings
  - Importing Agent Settings
- Security Compliance
- Trend Micro Virtual Desktop Support
- Global Agent Settings
- Configuring Agent Privileges and Other Settings
Protecting Off-premises Agents
- Edge Relay Server
- Edge Relay Server System Requirements
- Installing the Edge Relay Server
- Connecting to the Edge Relay Server
- Managing the Edge Relay Server Connection
- Managing Edge Relay Server Certificates
Using Plug-in Manager
- About Plug-in Manager
  - Plug-in Program Agents on Endpoints
  - Widgets
- Plug-in Manager Installation
  - Performing Post-installation Tasks
- Native OfficeScan Feature Management
- Managing Plug-in Programs
- Uninstalling Plug-in Manager
- Troubleshooting Plug-in Manager
Troubleshooting Resources
- Support Intelligence System
- Case Diagnostic Tool
- Trend Micro Performance Tuning Tool
- OfficeScan Server Logs
- OfficeScan Agent Logs
Technical Support
- Troubleshooting Resources
  - Using the Support Portal
  - Threat Encyclopedia
- Contacting Trend Micro
  - Speeding Up the Support Call
- Sending Suspicious Content to Trend Micro
- Other Resources
  - Download Center
  - Documentation Feedback
IPv6 Support in OfficeScan
- IPv6 Support for OfficeScan Server and Agents
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Windows Server Core Support
- Windows Server Core Support
- Installation Methods for Windows Server Core
  - Installing the OfficeScan Agent Using Login Script Setup
  - Installing the OfficeScan Agent Using the OfficeScan Agent Package
- OfficeScan Agent Features on Windows Server Core
- Windows Server Core Commands
Windows 8/8.1/10 and Windows Server 2012/2016 Support
- About Windows 8/8.1/10 and Windows Server 2012/2016
- OfficeScan Feature Support by UI Mode
- Internet Explorer 10/11 and Microsoft Edge
OfficeScan Rollback
- Rolling Back the OfficeScan Server and OfficeScan Agents Using the Server Backup Package
  - Rolling Back the OfficeScan Agents
  - Restoring the Previous OfficeScan Server Version
Glossary
- ActiveUpdate
- Compressed File
- Cookie
- Denial of Service Attack
- DHCP
- DNS
- Domain Name
- Dynamic IP Address
- ESMTP
- End User License Agreement
- False Positive
- FTP
- GeneriClean
- Hot Fix
- HTTP
- HTTPS
- ICMP
- IntelliScan
- IntelliTrap
- IP
- Java File
- LDAP
- Listening Port
- MCP Agent
- Mixed Threat Attack
- NAT
- NetBIOS
- One-way Communication
- Patch
- Phish Attack
- Ping
- POP3
- Proxy Server
- RPC
- Security Patch
- Service Pack
- SMTP
- SNMP
- SNMP Trap
- SSL
- SSL Certificate
- TCP
- Telnet
- Trojan Port
- Trusted Port
  - Determining the Trusted Ports
- Two-way Communication
- UDP
- Uncleanable Files
  - Files Infected with Trojans

Virus/Malware Scan Actions

The scan action OfficeScan performs depends on the virus/malware type and the scan type that detected the virus/malware. For example, when OfficeScan detects a Trojan horse program (virus/malware type) during Manual Scan (scan type), it cleans (action) the infected file.

For information on the different virus/malware types, see Viruses and Malware.

The following are the actions OfficeScan can perform against viruses/malware.

Table 1. Virus/Malware Scan Actions
Action	Description
Delete	OfficeScan deletes the infected file.
Quarantine	OfficeScan renames,encrypts, and moves the infected file to a temporary quarantine directory on the agent endpoint located in <Agent installation folder>\Suspect. The OfficeScan agent then sends quarantined files to the designated quarantine directory. See Quarantine Directory for details. The default quarantine directory is on the OfficeScan server, under <Server installation folder>\PCCSRV\Virus. If you need to restore any of the quarantined files, use Central Quarantine Restore. For details, see Restoring Quarantined Files.
Clean	OfficeScan cleans the infected file before allowing full access to the file. If the file is uncleanable, OfficeScan performs a second action, which can be one of the following actions: Quarantine, Delete, Rename, and Pass. To configure the second action, go to Agents > Agent Management. Click Settings > Scan Settings > {Scan Type} > Action tab. This action can be performed on all types of malware except probable virus/malware.
Rename	OfficeScan changes the infected file's extension to "vir". Users cannot open the renamed file initially, but can do so if they associate the file with a certain application. The virus/malware may execute when opening the renamed infected file.
Pass	OfficeScan can only use this scan action when it detects any type of virus during Manual Scan, Scheduled Scan, and Scan Now. OfficeScan cannot use this scan action during Real-time Scan because performing no action when an attempt to open or execute an infected file is detected will allow virus/malware to execute. All the other scan actions can be used during Real-time Scan.
Deny Access	This scan action can only be performed during Real-time Scan. When OfficeScan detects an attempt to open or execute an infected file, it immediately blocks the operation. Users can manually delete the infected file.