Configuring Desktop/Server Settings

The Desktop/Server options pertain to the Worry-Free Business Security global settings. Settings for individual groups override these settings. If you have not configured a particular option for a group, the Desktop/Server Options are used. For example, if no URLs are approved for a particular group, all the URLs approved on this screen will be applicable for the group.

  1. Navigate to Preferences > Global Settings.
  2. Click the Desktop/Server tab and update the following as required:

    Settings

    Description

    Location Awareness

    With Location Awareness, administrators can control security settings depending on how the client is connected to the network.

    Location Awareness controls the In Office/Out of Office connection settings.

    The Security Agent automatically identifies the location of the client based on the gateway information configured on the web console, and then controls the websites users can access. The restrictions differ based on the user's location:

    • Enable location awareness: These settings will affect the In Office/Out of Office connection settings of Firewall, Web Reputation, and frequency of scheduled updates.

    • Gateway Information: Clients and connections in this list will use Internal Connection settings while remotely connecting to the network (using VPN) and Location Awareness is enabled.

      • Gateway IP address

      • MAC address: Adding the MAC address greatly improves security by permitting only the configured device to connect.

    Click the corresponding trash can icon to delete an entry.

    Help Desk Notice

    The Help Desk Notice places a notification on the Security Agent informing the user who to contact for help. Update the following as required:

    • Help Desk Label

    • Help Desk Email Address

    • Additional Information: This will pop-up when the user mouses over the label

    General Scan Settings

    • Disable Smart Scan service: Switches all Security Agents to Conventional Scan mode. Smart Scan will not be available until it is enabled again here. To switch one or several Security Agent groups, navigate to Security Settings > {Group} > Configure > Scan Method.

      Note:

      For guidelines on switching Security Agents between scan methods, see Configuring Scan Methods.

    • Enable deferred scanning on file operations: Enable this setting to temporarily improve system performance.

      Warning:

      Enabling deferred scanning can create security risks.

    • Exclude shadow copy sections: Shadow Copy or Volume Snapshot Services takes manual or automatic backup copies or snapshots of a file or folder on a specific volume.

    • Exclude the Security Server database folder: Prevents Agents installed on the Security Server from scanning its own database only during Real-time Scans.

      By default, WFBS does not scan its own database. Trend Micro recommends preserving this selection to prevent any possible corruption of the database that may occur during scanning.

    • Exclude the Microsoft Exchange server folders when installed on Microsoft Exchange Server: Prevents Agents installed on the Microsoft Exchange server from scanning Microsoft Exchange folders.

    • Exclude the Microsoft domain control folders: Prevents Agents installed on the Domain Controller from scanning Domain Controller folders. These folders store user information, user names, passwords, and other important information.

    Virus Scan Settings

    • Configure scan settings for large compressed files: Specify the maximum size of the extracted file and the number of files in the compressed file the Agent should scan.

    • Clean compressed files: Agents will try to clean infected files within a compressed file.

    • Scan up to {} OLE layers: Agents will scan the specified number of Object Linking and Embedding (OLE) layers. OLE allows users to create objects with one application and then link or embed them in a second application. For example, an .xls file embedded in a .doc file.

    • Add Manual Scan to the Windows shortcut menu on Clients: Adds a Scan with Security Agent link to the context-sensitive menu. With this, users can right-click a file or folder (on the Desktop or in Windows Explorer) and manually scan the file or folder.

    Spyware/Grayware Scan Settings

    • Scan for cookies: The Security Agent scand for cookies.

    • Add cookie detections to the Spyware log: Adds each detected spyware cookie to the spyware log.

    Firewall Settings

    Select the Disable Firewall and uninstall drivers check box to uninstall the WFBS client firewall and remove the drivers associated with the firewall.

    Note: If you disable the firewall, related settings will not be available again until you re-enable the firewall.

    Web Reputation and URL Filtering

    • Approved List: Websites (and their sub-domains) excluded from Web Reputation and URL Filtering verifications.

      Note:

      The approved list takes precedence over the blocked list. When a URL matches an entry in the approved list, agents always allow access to the URL, even if it is in the blocked list.

      Enabling Approved or Blocked Lists for a specific group, overrides the Global Approved or Blocked Settings for the group.

    • Blocked List: Websites (and their sub-domains) that are always blocked during URL Filtering.

    • Process Exception List: Processes excluded from Web Reputation and URL Filtering verifications. Type critical processes that your organization deems trustworthy.

      Tip:

      When you update the process exception list and the server deploys the updated list to agents, all active HTTP connections on the client computer (through port 80, 81, or 8080) will be disconnected for a few seconds. Consider updating the process exception list during off-peak hours.

    • IP Exception List: IP addresses (e.g. 192.168.0.1) excluded from Web Reputation and URL Filtering verifications. Type critical IP addresses that your organization deems trustworthy.

    • Send Web Reputation and URL Filtering logs to the Security Server

    Alert Settings

    Show the alert icon on the Windows taskbar if the virus pattern file is not updated after {} days: Displays an alert icon on clients when the pattern file is not updated after a certain number of days.

    Security Agent Uninstallation Password

    • Allow the client user to uninstall Security Agent without a password.

    • Require a password for the client user to uninstall Security Agent.

    Security Agent Program Exit and Unlock Password

    • Allow the client users to exit and unlock the Security Agent on their computer without a password.

    • Require client users to enter a password to exit and unlock the Security Agent.

    Note:

    Unlocking the Security Agent allows the user to override all settings configured under Security Settings > {group} > Configure > Client Privileges.

    Preferred IP Address

    This setting is only available on dual-stack Security Servers and is applied only by dual-stack agents.

    After you install or upgrade agents, the agents register to the Security Server using an IP address.

    Choose from the following options:

    • IPv4 first, then IPv6: Agents use their IPv4 address first. If the agent cannot register using its IPv4 address, it uses its IPv6 address. If registration is unsuccessful using both IP addresses, the agent retries using the IP address priority for this selection.

    • IPv6 first, then IPv4: Agents use their IPv6 address first. If the agent cannot register using its IPv6 address, it uses its IPv4 address. If registration is unsuccessful using both IP addresses, the agent retries using the IP address priority for this selection.
  3. Click Save.
Parent topic: Managing Global Settings