Configuring Desktop/Server Settings

The Desktop/Server options pertain to the Worry-Free Business Security global settings. Settings for individual groups override these settings. If you have not configured a particular option for a group, the Desktop/Server Options are used. For example, if no URLs are approved for a particular group, all the URLs approved on this screen will be applicable for the group.

  1. Go to Administration > Global Settings.
  2. Click the Desktop/Server tab and update the following as required:



    Location Awareness

    With Location Awareness, administrators can control security settings depending on how the client is connected to the network.

    Location Awareness controls the In Office/Out of Office connection settings.

    The Security Agent automatically identifies the location of the client based on the gateway information configured on the web console, and then controls the websites users can access. The restrictions differ based on the user's location:

    • Enable location awareness: These settings will affect the In Office/Out of Office connection settings of Firewall, Web Reputation, and frequency of scheduled updates.

    • Gateway Information: Clients and connections in this list will use Internal Connection settings while remotely connecting to the network (using VPN) and Location Awareness is enabled.

      • Gateway IP address

      • MAC address: Adding the MAC address greatly improves security by permitting only the configured device to connect.

    Click the corresponding delete icon (x) to delete an entry.

    Help Desk Notice

    The Help Desk Notice places a notification on the Security Agent informing the user who to contact for help. Update the following as required:

    • Help Desk Label

    • Help Desk Email Address

    • Additional Information: This will pop-up when the user mouses over the label

    General Scan Settings

    • Disable Smart Scan service: Switches all Security Agents to Conventional Scan mode. Smart Scan will not be available until it is enabled again here. To switch one or several Security Agent groups, navigate to Devices > {Group} > Configure Policy > Scan Method.


      For guidelines on switching Security Agents between scan methods, see Configuring Scan Methods.

    • Enable deferred scanning on file operations: Enable this setting to temporarily improve system performance.


      Enabling deferred scanning can create security risks.

    • Exclude shadow copy sections: Shadow Copy or Volume Snapshot Services takes manual or automatic backup copies or snapshots of a file or folder on a specific volume.

    • Exclude the Security Server database folder: Prevents Agents installed on the Security Server from scanning its own database only during Real-time Scans.

      By default, WFBS does not scan its own database. Trend Micro recommends preserving this selection to prevent any possible corruption of the database that may occur during scanning.

    • Exclude the Microsoft Exchange server folders when installed on Microsoft Exchange Server: Prevents Agents installed on the Microsoft Exchange server from scanning Microsoft Exchange folders.

    • Exclude the Microsoft domain control folders: Prevents Agents installed on the Domain Controller from scanning Domain Controller folders. These folders store user information, user names, passwords, and other important information.

    Virus Scan Settings

    • Configure scan settings for large compressed files: Specify the maximum size of the extracted file and the number of files in the compressed file the Agent should scan.

    • Clean compressed files: Agents will try to clean infected files within a compressed file.

    • Scan up to {} OLE layers: Agents will scan the specified number of Object Linking and Embedding (OLE) layers. OLE allows users to create objects with one application and then link or embed them in a second application. For example, an .xls file embedded in a .doc file.

    • Add Manual Scan to the Windows shortcut menu on Clients: Adds a Scan with Security Agent link to the context-sensitive menu. With this, users can right-click a file or folder (on the Desktop or in Windows Explorer) and manually scan the file or folder.

    Spyware/Grayware Scan Settings

    • Scan for cookies: The Security Agent scand for cookies.

    • Add cookie detections to the Spyware log: Adds each detected spyware cookie to the spyware log.

    Firewall Settings

    Select the Disable Firewall and uninstall drivers check box to uninstall the Worry-Free Business Security client firewall and remove the drivers associated with the firewall.

    Note: If you disable the firewall, related settings will not be available again until you re-enable the firewall.

    HTTPS Web Threat Protection

    Enable this feature to check HTTPS URLs against Web Reputation and URL Filtering settings on Chrome, Firefox, and Microsoft Edge.

    • This feature does not support checking websites that use HTTP/2 protocol.

      For a list of unsupported websites, see

    • This feature does not require an additional browser add-on.

      By default, Worry-Free Business Security checks HTTPS URLs on Internet Explorer using browser add-ons.

    Alert Settings

    Show the alert icon on the Windows taskbar if the virus pattern file is not updated after {} days: Displays an alert icon on clients when the pattern file is not updated after a certain number of days.

    Security Agent Uninstallation Password

    • Allow the client user to uninstall Security Agent without a password.

    • Require a password for the client user to uninstall Security Agent.

    Security Agent Program Exit and Unlock Password

    • Allow the client users to exit and unlock the Security Agent on their computer without a password.

    • Require client users to enter a password to exit and unlock the Security Agent.


    Unlocking the Security Agent allows the user to override all settings configured under Devices > {group} > Configure Policy > Agent Privileges.

    Preferred IP Address

    This setting is only available on dual-stack Security Servers and is applied only by dual-stack agents.

    After you install or upgrade agents, the agents register to the Security Server using an IP address.

    Choose from the following options:

    • IPv4 first, then IPv6: Agents use their IPv4 address first. If the agent cannot register using its IPv4 address, it uses its IPv6 address. If registration is unsuccessful using both IP addresses, the agent retries using the IP address priority for this selection.

    • IPv6 first, then IPv4: Agents use their IPv6 address first. If the agent cannot register using its IPv6 address, it uses its IPv4 address. If registration is unsuccessful using both IP addresses, the agent retries using the IP address priority for this selection.

  3. Click Save.