- PDF Free Download

Size: px

Start display at page:

Download ""

Duane Johnson
5 years ago
Views:

2 Trend Micro Incorporated reserves the right to make changes to this document and to the service described herein without notice. Before installing and using the service, review the readme files, release notes, and/or the latest version of the applicable documentation, which are available from the Trend Micro website at: Trend Micro, the Trend Micro t-ball logo, Worry-Free Business Security, Worry-Free Business Security Services, Cloud App Security, Hosted Security, Cloud Edge, and InterScan Web Security as a Service are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright Trend Micro Incorporated. All rights reserved. Document Part No.: APEMS7998/ Release Date: September 2017 Protected by U.S. Patent No.: Patents pending.

3 This documentation introduces the main features of the service and/or provides installation instructions for a production environment. Read through the documentation before installing or using the service. Detailed information about how to use specific features within the service may be available at the Trend Micro Online Help Center and/or the Trend Micro Knowledge Base. Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at docs@trendmicro.com. Evaluate this documentation on the following site:

5 Table of Contents Part I: Introducing Remote Manager Chapter 1: Introduction Trend Micro Remote Manager What's New Features Browser Requirements Supported Products Overall Infrastructure Key Terminology Part II: Managing Customers Chapter 2: Remote Manager Customers Customers Overview Adding Customers Assigning Default Settings Templates to Existing Customers Mass Policy Updates to Multiple Customers Merging Multiple Remote Manager Accounts in Licensing Management Platform Chapter 3: Individual Customer Settings Customer Information Customer Products i

6 Trend Micro Remote Manager Administrator's Guide Customer Licenses Company Profile Contact Information Customer Notifications ConnectWise Settings for Individual Customers Part III: Managing Trend Micro Products Chapter 4: Cloud App Security in Remote Manager Cloud App Security Registering Cloud App Security Managing Cloud App Security Cloud App Security Events Cloud App Security Notifications Chapter 5: Cloud Edge in Remote Manager Cloud Edge Registering Customers with Cloud Edge Devices Managing Cloud Edge Cloud Edge Events Cloud Edge Notifications Chapter 6: Hosted Security in Remote Manager Hosted Security Registering Hosted Security Managing Hosted Security ii

7 Table of Contents Chapter 7: InterScan Web Security as a Service in Remote Manager InterScan Web Security as a Service Registering InterScan Web Security as a Service (IWSaaS) Managing InterScan Web Security as a Service InterScan Web Security as a Service Events InterScan Web Security as a Service Notifications Chapter 8: Worry-Free Business Security in Remote Manager Worry-Free Business Security Registering Worry-Free Business Security Standard and Advanced Managing Agents Managing Worry-Free Business Security Standard Managing Worry-Free Business Security Advanced Worry-Free Business Security Events Worry-Free Business Security Notifications Chapter 9: Worry-Free Business Security Services in Remote Manager Worry-Free Business Security Services Registering Worry-Free Business Security Services Managing Worry-Free Business Security Services Worry-Free Business Security Services Events Worry-Free Business Security Services Notifications Part IV: Integrating Third-Party Solutions iii

8 Trend Micro Remote Manager Administrator's Guide Chapter 10: AutoTask Support Integrating Autotask Supported Trend Micro Product Events in Autotask Chapter 11: ConnectWise Support Integrating ConnectWise Supported Trend Micro Product Events in ConnectWise Chapter 12: Kaseya Support Integrating Kaseya Managing Trend Micro Customers in Kaseya Managing Worry-Free Security Agents in Kaseya Trend Micro Dashboard Supported Trend Micro Product Events in Kaseya Chapter 13: LabTech Support Integrating LabTech Managing Trend Micro Customers in LabTech Managing Worry-Free Security Agents in LabTech Monitoring Worry-Free Business Security Services Agents Supported Trend Micro Product Events in LabTech Part V: Monitoring Customers Chapter 14: Understanding the Dashboard Dashboard Status Screens Working with Tabs and Widgets Remote Manager Widgets Viewing Product-Specific Events iv

9 Table of Contents Cloud App Security Widgets Cloud Edge Widgets Hosted Security Widgets InterScan Web Security as a Service Widgets Worry-Free Business Security Services Widgets Notification Center Event Logs Chapter 15: Managing Events Understanding Events Managed Product Events Viewing Product-Specific Events Chapter 16: Managing Reports Reports Overview Creating Reports Viewing Reports Editing Reports Downloading and Sending Reports Subscribing to Reports Part VI: Administering Remote Manager Chapter 17: Administering Remote Manager Administration Settings Configuring Global Notification Settings Configuring Console Settings Default Setting Templates Viewing Administration Logs v

10 Trend Micro Remote Manager Administrator's Guide Part VII: Getting Help Chapter 18: Troubleshooting and Frequently Asked Questions Troubleshooting Frequently Asked Questions Chapter 19: Technical Support Contacting Support Sending Suspicious Content to Trend Micro Troubleshooting Resources vi

11 Part I Introducing Remote Manager

13 Chapter 1 Introduction This section contains the following topics: Trend Micro Remote Manager on page 1-2 What's New on page 1-2 Features on page 1-3 Browser Requirements on page 1-8 Supported Products on page 1-8 Overall Infrastructure on page 1-9 Key Terminology on page

14 Trend Micro Remote Manager Administrator's Guide Trend Micro Remote Manager Trend Micro Remote Manager is a robust console that works in parallel with Trend Micro Licensing Management Platform to provide managed security services to small and medium businesses. Trend Micro Remote Manager enables you to monitor the health of multiple managed networks through multiple, managed products and services. Trend Micro Remote Manager allows reseller administrators to issue commands to manage critical aspects of network security. Trend Micro Remote Manager is hosted on regional Trend Micro Data Center servers where resellers obtain an account. Resellers can use Trend Micro Remote Manager to establish customer accounts, monitor customer networks, and manage security using the Trend Micro Remote Manager web console. Remote Manager offers a structured view of customer networks and allows resellers to issue commands and manage the following aspects of network security: Component updates and updates to the managed server Vulnerability assessment Damage cleanup Automatic outbreak response Firewall and Real-time Scan settings Manual scans Trend Micro Remote Manager also supports comprehensive reporting features and allows resellers to subscribe individuals to automatically generated reports. What's New Release Date: September 2017 The following table outlines the new features and enhancements in Trend Micro Remote Manager. 1-2

15 Introduction Feature Redesigned Dashboard Overall Detections widget Enhanced Notification Center Customizable content for Worry-Free Business Security Services and Cloud Edge Mass policy deployment Description The Remote Manager redesigned dashboard provides a quick view of the security, system, and license statuses of all customers. For more information, see Understanding the Dashboard on page This interactive widget provides an overview of all the threat detections and policy violations across the network during the selected period. Access links to additional data views and detailed event logs directly from the widget. For more information, see Overall Detections Widget on page Access the Notification Center through the Customers with Notifications widget, which provides a quick way to identify customers with Action required or Warning events. The Notification Center allows you to view detailed logs of customer events. For more information, see Notification Center on page You can customize individual messages for Action required or Warning events. Specify recipients, message content, message frequency, and more. For more information, see Customizing Notification Content on page Remote Manager provides you the ability to configure a single Worry- Free Business Security Services policy and deploy the settings to multiple customers in one batch deployment. For more information, see Mass Policy Updates to Multiple Customers on page Features Trend Micro Remote Manager offers the following features. 1-3

16 Trend Micro Remote Manager Administrator's Guide Table 1-1. Remote Manager Features Feature Integrated Platform Description Remote Manager works in parallel with Trend Micro Licensing Management Platform, but with a more robust interface. You can do the following from the Remote Manager portal: Create new accounts Renew licenses for individual accounts Add more seats Remote Manager also monitors and manages multiple protected networks from a single console by communicating with a Remote Manager Agent that runs on the managed servers. In addition, Remote Manager also offers event monitoring based on key security indicators. Dashboard Widgets Customizable Settings for New Accounts Security Status Customize the widgets on the dashboard page. These widgets can let you know if you need to renew licenses, add more allocated seats, or even let you know which customers experience the most threats. When creating accounts, you can customize the basic default settings that new accounts will use by default or select the settings from templates you have configured and saved. The Remote Manager Events screen provides the status of the following aspects of network security: Worry-Free Business Security Standard and Advanced Anti-spam Behavior Monitoring Device Control (versions 7.x, 8.x and 9.x only) Network Virus Outbreak Defense Spyware/Grayware URL Filtering (versions 6.x and up only) Virus/Malware 1-4

17 Introduction Feature Web Reputation Description Worry-Free Business Security Services Application Control Behavior Monitoring Network Virus Outbreak Defense Predictive Machine Learning Spyware/Grayware URL Filtering Virus/Malware Web Reputation Hosted Security Accepted Message Size Threat Summary Top Spam Recipients Top Virus Recipients Total Message Traffic Cloud App Security Antivirus File Blocking Virtual Analyzer Web Reputation Cloud Edge Botnet C&C callback Intrusion Prevention System (IPS) 1-5

18 Trend Micro Remote Manager Administrator's Guide Feature Description Predictive Machine Learning Ransomware Spyware/Grayware Virtual Analyzer Virus/Malware Web Reputation InterScan Web Security as a Service Anti-spyware App Control Antivirus URL Filtering Web Reputation Remote Manager provides details about these aspects including statistical data such as the number of infected computers and virus/malware incidents. Reseller administrators can also check detailed information including the names of affected computers or the threats. System Status Reseller administrators can check the following system-related aspects of network security through the Remote Manager Events screen: Smart Protection Services Component updates Disk Shortage Device/agent offline Cloud scanning availability AD/LDAP Sync Issues Firmware Update Resource Shortage 1-6

19 Introduction Feature License Status Account sync issues Description Reseller administrators can view the following license-related details: Total seats purchased Number of seats in use Expired licenses, including date of expiry Expiring licenses, including number of days before expiration Network Management Remote Manager offers a structured view of managed networks and allows reseller administrators to issue commands and manage the following critical aspects of network security: Component updates and updates to the managed server Vulnerability assessment Automatic outbreak response Damage cleanup Firewall and Real-time Scan settings Manual scans Reporting Integration with Third-Party Tools Feedback Submission In addition to notifications for security events, Remote Manager can automatically generate and send reports at regular intervals. You can create the reports according to customer, product, frequency, and content and saved in various formats. Enable log monitoring using third-party tools, including Autotask, Kaseya, or ConnectWise to standardize the tasks and processes you monitor. Trend Micro would like to provide the best and most useful platform for the users. However, Trend Micro does not know what services or features are important to you. And to this end, Remote Manager welcomes your feedback and suggestions through the Submit Feedback button, which is accessible and visible from the banner. Trend Micro can then process and determine which features would help the most number of users. 1-7

20 Trend Micro Remote Manager Administrator's Guide Browser Requirements Connection to the Internet Remote Manager account information from Trend Micro Supported browsers: Latest Google Chrome version (Recommended) Latest Firefox version Microsoft Edge Internet Explorer 11 Supported Products The following table lists the Trend Micro products and product versions that Trend Micro Remote Manager can monitor. Product Trend Micro Cloud App Security Trend Micro Cloud Edge Trend Micro Hosted Security Trend Micro InterScan Web Security as a Service Latest version Supported Versions For more information, see Cloud App Security in Remote Manager on page 4-1. Latest version For more information, see Cloud Edge in Remote Manager on page 5-1. Latest version For more information, see Hosted Security in Remote Manager on page 6-1. Latest version For more information, see InterScan Web Security as a Service in Remote Manager on page

21 Introduction Product Worry-Free Business Security Standard (formerly Client Server Suite) Worry-Free Business Security Advanced (formerly Client Server Messaging Suite) Worry-Free Business Security Services 6.x, 7.x, 8.x, 9.x Supported Versions For more information, see Worry-Free Business Security in Remote Manager on page x, 7.x, 8.x, 9.x For more information, see Worry-Free Business Security in Remote Manager on page 8-1. Latest version For more information, see Worry-Free Business Security Services in Remote Manager on page 9-1. Trend Micro Remote Manager also integrates with the following third-party tools to provide alternative methods of managing your Trend Micro products: Third-party Tools Reference Autotask AutoTask Support on page 10-1 ConnectWise ConnectWise Support on page 11-1 Kaseya Kaseya Support on page 12-1 LabTech LabTech Support on page 13-1 Overall Infrastructure Trend Micro Remote Manager consists of three basic parts: The partner The Trend Micro data center The customer network 1-9

22 Trend Micro Remote Manager Administrator's Guide Figure 1-1. Remote Manager overall architecture The partner accesses a Trend Micro Data Center (currently on different continents) through the Remote Manager web console via the Internet. The partner does not need to install anything to be able to use the product. The partner must add and configure each customer on the Remote Manager web console before the partner can manage customer accounts. Each Worry-Free Business Security Standard and Advanced managed server has a Remote Manager Agent installed which allows communication to and from the Remote Manager servers. The Remote Manager Agent, which can be installed from the Remote Manager web console, runs on the Worry-Free Business Security Standard and Advanced managed server inside the customer s network. The Remote Manager 1-10

23 Introduction Agent sends information to the Remote Manager server where you can access the data from your console 24/7 using an Internet connection. Worry-Free Business Security Services (WFBS-SVC) and Hosted Security (HES) are both hosted on the Trend Micro Data Center. InterScan Web Security as a Service (IWSaaS), Cloud App Security (CAS), and Cloud Edge (CE) are all hosted on the cloud. WFBS-SVC, HES, IWSaaS, CAS, and CE all send data directly to the Remote Manager server. Key Terminology Knowing the following terms can help you work with Remote Manager more efficiently: Term Definition Agent Assessment Assessment indexes Client Security Agent (CSA) Dashboard Installed on Worry-Free Business Security Standard and Advanced servers, this program allows Remote Manager to monitor and manage Worry-Free Business Security Standard and Advanced. Regular checks done on data collected from customer networks to determine the health of monitored networks. These checks use key indicators called assessment indexes. The basis for security assessments; reseller administrators can customize these indexes individually to control assessment intervals, ranges, and notifications. The Agent that reports to the Worry-Free Business Security server. The CSA sends event status information in real time. Agents report events such as threat detection, Agent startup, agent shutdown, start of a scan, and completion of an update. The CSA provides three methods of scanning: real-time scan, scheduled scan, manual scan. You can configure scan settings on Agents from the web console. The dashboard in Remote Manager is the main screen (Home tab) that displays the web console and the widgets. 1-11

24 Trend Micro Remote Manager Administrator's Guide Detection Event Term Globally Unique Identifier (GUID) or Authorization Key Infection managed product / services Messaging Security Agent (MSA) Reseller Reseller administrators Trend Micro Data Center Security Server Definition The discovery of a threat; a detection does not constitute a system infection, but simply indicates that malware has reached the computer. The detection of the same threat on different computers can constitute an outbreak. The occurrence of a condition in a monitored domain. A unique reference number used as an identifier in computer software. The condition in which a threat is able to run its payloads in a computer; Remote Manager considers an infection to have occurred whenever the antivirus scanner detects a virus/ malware and is unable to clean, delete, or quarantine the threat. A spyware/grayware infection occurs when the computer cannot be completely cleaned unless it is restarted. Any Trend Micro product or service that Remote Manager supports The Agent that resides on Microsoft Exchange Servers and reports to Client Server Messaging and Worry-Free Business Security Advanced servers. This Agent protects against virus/ malware, Trojans, worms and other born threats. It also provides spam blocking, content filtering, and attachment blocking. Generic term to refer to organizations that directly provide security monitoring and management services to customers in Remote Manager. Administrators in the reseller side that perform service-related tasks using Remote Manager. The Trend Micro monitoring and management center that hosts Remote Manager (and Hosted Security) servers and provides support to reseller administrators. The Worry-Free Business Security Standard and Advanced server computer. 1-12

25 Introduction Virus alert Term Virus outbreak Definition A state of vigilance that is declared by TrendLabs to prepare customer networks for a virus outbreak; TrendLabs alerts different Trend Micro products and delivers preventive solutions that IT administrators can implement as a first line of defense before a pattern becomes available. The rapid propagation of a virus threat to different computers and networks; depending on the prevalence of the threat, an outbreak can be internal, regional, or global. 1-13

27 Part II Managing Customers

29 Chapter 2 Remote Manager Customers This section contains the following topics: Customers Overview on page 2-2 Adding Customers on page 2-6 Assigning Default Settings Templates to Existing Customers on page 2-8 Mass Policy Updates to Multiple Customers on page 2-10 Merging Multiple Remote Manager Accounts in Licensing Management Platform on page

30 Trend Micro Remote Manager Administrator's Guide Customers Overview The Customers screen provides a list of all previously configured customers that your company manages. You can use this screen to view basic customer contact information and identify whether customers require immediate attention regarding notable threat, system, or licensing events. Tip You can filter the Customers list using the search pane to the right of list. For more information, see Filtering the Customers List on page 2-5. The following table outlines the tasks available on the Customers screen. Task Description Applicable For Add new customers Click New Customer to set up a company profile and user account, assign a service plan, and configure default product settings. For more information, see Adding Customers on page 2-6. Customer Licensing Portal accounts Licensing Management Platform accounts 2-2

31 Remote Manager Customers Task Description Applicable For Delete existing customers Select an existing customer and click Delete to remove the customer account from the Customers list. Note All products must be removed from the selected customer before the customer can be deleted. Customer Licensing Portal accounts Assign default product templates to existing customers WARNING! Once customer accounts are deleted, they cannot be recovered. Select an existing customer and click Assign Template to choose from preconfigured product settings. Note Remote Manager only supports default product templates for Worry-Free Business Security Services and Cloud Edge. Licensing Management Platform accounts Deploy policy settings to multiple customers Update Cloud Edge device firmware For more information, see Assigning Default Settings Templates to Existing Customers on page 2-8. Select existing customers and click Policy Settings to select from the available Worry-Free Business Security Services policies that you can apply to all selected customers. For more information, see Mass Policy Updates to Multiple Customers on page Select existing Cloud Edge customers and click Update Firmware. Remote Manager notifies any selected Cloud Edge customers requiring a firmware update to obtain the update package. Licensing Management Platform accounts Licensing Management Platform accounts 2-3

32 Trend Micro Remote Manager Administrator's Guide Task Description Applicable For Renew product licenses Export customer information Change Remote Manager Customers view settings Select existing customers and click Renew License. Remote Manager allows you to renew any customers with expired licenses. For more information, see Renewing Licenses on page Select customers and click Export to save a CSV file with the selected customer information Click Export All to save a CSV file with all displayed customer information Click Settings to change whether Remote Manager displays all customers with Licensing Management Platform accounts or only those customers with products managed by Remote Manager. Licensing Management Platform accounts Customer Licensing Portal accounts Licensing Management Platform accounts Licensing Management Platform accounts Customers Data The Customers screen provides you with basic customer information and displays a summary count of important events affecting your customers. Important To modify individual customer information, you must sign in with a Licensing Management Platform account and click the Licensing Management Platform link at the top right corner of the screen. You cannot modify customer information directly from the Remote Manager console. 2-4

33 Remote Manager Customers Table 2-1. Customers Data Company Item Contact Person Phone Products Threat and System Events License Events Last Transaction Description The name of the company as configured in Licensing Management Platform Click the Company name to manage individual customer and licensing settings. For more information, see Individual Customer Settings on page 3-1. The contact name for the company as configured in Licensing Management Platform The contact phone number for the company as configured in Licensing Management Platform A comma-separated list of all products licensed by the company A summary count of all Action required (red) and Warning (yellow) threat or system events currently affecting the customer Click the count to open the <Customer> screen and view specific details regarding the event type. For more information, see Managed Product Events on page A summary count of all Action required (red) and Warning (yellow) licensing events currently affecting the customer Click the count to open the <Customer> screen and view specific details regarding the event type. For more information, see Renewing Licenses on page The last date and time that an event change (e.g. a license transaction or a system threat) occurred for the customer. Filtering the Customers List Filter the Customers list using the search pane on the right-hand side of the screen. 2-5

34 Trend Micro Remote Manager Administrator's Guide Procedure 1. Go to Customers. 2. On the right-hand side, select one or more fields from the search pane. Note The Threat Categories, System Events, and License Events options in the dropdown menus do not change based on your Products selection. If you select a search option that is incompatible with the product you selected, it is the same as selecting an additional product. For example, selecting Products > Hosted Security (HES) and System Events > Cloud scanning is the same as selecting both Hosted Security (HES) and Cloud Edge (CE) from the Products drop-down. 3. (Optional) Click Export to generate a CSV file of your filtered customers. Adding Customers You should identify basic customer information before you create the customer account. Fields to note include First and Last Name (as it will appear on reports and notifications), Time zone (of the customer), and Language (in which the customer will receive reports and notifications). Before you add a customer and install the Agent on the managed server, make sure you have written approval to perform tasks to access, monitor, and manage the customer's resources. Procedure 1. From the Remote Manager web console banner, click New Customer. Note You can click New Customer from the Banner, or from the Customers tab. 2. Provide the customer information. 2-6

Remote Manager Customers Figure 2-1. Customer Info Screen 3. Click Next >. 4. Assign a service plan, license start date, and the number of units per license. 5.

35 Remote Manager Customers Figure 2-1. Customer Info Screen 3. Click Next >. 4. Assign a service plan, license start date, and the number of units per license. 5. Set up the product default settings for this account. These are: Note This feature is only for Worry-Free Business Security Services and Cloud Edge. Basic product settings: Configure only the settings on this screen that new customer accounts will use. 2-7

36 Trend Micro Remote Manager Administrator's Guide Figure 2-2. Basic product settings Templates: Use this option to select a default setting template. Configure the settings from Admin > Configure default settings template. 6. Verify all the information and then click Done. Note After adding the customer, profile changes can only be made from the Trend Micro Licensing Management Platform. Assigning Default Settings Templates to Existing Customers Default settings templates are available only if Trend Micro Remote Manager integrates with Licensing Management Platform. You can assign default settings templates to existing customers to enable ransomware protection by assigning default templates with Behavior Monitoring enabled. For more information on the configurable settings, refer to the product documentation. 2-8

Remote Manager Customers http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services.

Procedure 1. Go to Customers. The Customers screen appears. 2.

37 Remote Manager Customers Note Templates can only be assigned to companies using Worry-Free Business Security Services. Procedure 1. Go to Customers. The Customers screen appears. 2. Select one or more customers from the Company list. 3. Click the Assign Template tab. The Assign Template screen appears. 4. Select a template from the list. 2-9

Trend Micro Remote Manager Administrator's Guide 5. Click Next >. The confirmation screen appears listing only companies with supported products. 6. Click Assign.

38 Trend Micro Remote Manager Administrator's Guide 5. Click Next >. The confirmation screen appears listing only companies with supported products. 6. Click Assign. The templates are successfully assigned to the selected customers. Mass Policy Updates to Multiple Customers Remote Manager provides you the ability to configure a single Worry-Free Business Security Services policy and deploy the settings to multiple customers in one batch deployment. Depending on the policy type, you can deploy policies to specific device groups per customer or update customers' global settings for later use. Deploying policies to multiple customers and customer device groups reduces the overhead of manually configuring lists on a per customer basis. Remote Manager provides the following mass policy deployment options: Configuring the Approved/Blocked URLs List on page 2-11 Configuring the Antivirus Exclusions for Real-time Scans on page 2-13 Configuring the Behavior Monitoring Exception List on page 2-16 Configuring the Predictive Machine Learning Exception List on page 2-18 Configuring Predictive Machine Learning Settings on page 2-19 Configuring Ransomware Settings on page

39 Remote Manager Customers Configuring the Approved/Blocked URLs List You can configure the Approved/Blocked URLs list for your Worry-Free Business Security Services customers and deploy the list to multiple customers, device groups, or at the global settings level. Note Deploying the Approved/Blocked URLs list policy settings to specific device groups automatically enables the customized approved/blocked URLs list on Security Agents. For more information, see the Worry-Free Business Security Services Online Help. Note The policy configuration settings for the Approved URLs list apply to both the Web Reputation and URL Filtering features. The policy configuration settings for the Blocked URLs list only apply to the URL Filtering feature. Procedure 1. Go to Customers. 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Approved/Blocked URLs List. The Approved/Blocked URLs List screen appears. 4. Select the Targets for the policy settings. Customers (Global Settings): Applies changes only to the global settings for the selected customers in the list Important Any changes made to the global settings do not apply to any preexisting device groups. You must select Device Groups to immediately apply changes to existing device groups. 2-11

40 Trend Micro Remote Manager Administrator's Guide Device groups: Applies changes to the selected device groups in the list Note 5. Click Configure Policy >. To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers. 6. Configure the policy settings for the Approved List and Blocked List. a. Use the drop-down box to specify how changes affect each list. Select an action: The default setting which does not apply any changes the current policy settings Append: Remote Manager adds the specified items to the existing list Delete: Remote Manager removes the specified items from the existing list Note If Remote Manager does not locate the specified item in the existing list, Remote Manager does not perform any action on the list. Overwrite: Remote Manager deletes all items from the existing list and replaces the list with the specified items WARNING! You cannot undo this action. If you choose to replace the entire list, you cannot recover the previous list items. b. Type the URLs that apply to the policy. Note If the number of entries added to the Approved/Blocked URLs list causes the list to exceed the maximum allowable value, then the list deployment will fail. 2-12

41 Remote Manager Customers Specify multiple entries using the space character, comma (,), semicolon (;), or ENTER key. URLs can use an asterisk (*) as a wildcard (the asterisk matches zero or more characters). 7. Click Deploy Policy Settings. Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs. For more information, see Viewing Administration Logs on page Configuring the Antivirus Exclusions for Real-time Scans You can configure the Antivirus Exclusions list for your Worry-Free Business Security Services customers and deploy the list to multiple customers or device groups. Note Enabling Antivirus Exclusions automatically enables real-time antivirus and antispyware scanning on the affected Security Agents. Procedure 1. Go to Customers. 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Antivirus Exclusions. The Antivirus Exclusions screen appears. 4. Select the customers or specific device groups that you want to configure. 2-13

42 Trend Micro Remote Manager Administrator's Guide Note To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers. 5. Click Configure Policy >. 6. Use the drop-down box to specify how changes affect each list. Select an action: The default setting which does not apply any changes the current policy settings Enable Antivirus Exclusions: Remote Manager enables antivirus exclusions for the selected device groups. The Exclusions for Windows and Exclusions for Mac sections appear. Disable Antivirus Exclusions: Remote Manager disables antivirus exclusions for the selected device groups. 7. In the Exclusions for Windows and Exclusions for Mac sections: a. Use the drop-down box to specify how changes affect each list. Select an action: The default setting which does not apply any changes the current policy settings Append: Remote Manager adds the specified items to the existing list Delete: Remote Manager removes the specified items from the existing list Note If Remote Manager does not locate the specified item in the existing list, Remote Manager does not perform any action on the list. Overwrite: Remote Manager deletes all items from the existing list and replaces the list with the specified items 2-14

43 Remote Manager Customers WARNING! You cannot undo this action. If you choose to replace the entire list, you cannot recover the previous list items. b. Type the necessary exclusions in the following fields: Directory path: Excludes the specified directory and all sub-directories Important Mac devices do not support the directory path list. Note Directory path entries can use an asterisk (*) as a wildcard. File name or file name with full path: Excludes the specified file based on file name or file name with full path Note File name and file name with full path entries can use an asterisk (*) as a wildcard. File extension: Excludes all files with the specified extension Note File extensions are entered in the field without a period. E.g. txt, not.txt. Specify multiple entries using the semicolon (;) or ENTER key. 8. Click Deploy Policy Settings. Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs. For more information, see Viewing Administration Logs on page

44 Trend Micro Remote Manager Administrator's Guide Configuring the Behavior Monitoring Exception List You can configure the Behavior Monitoring Exception List for your Worry-Free Business Security Services customers and deploy the list to multiple customers or device groups. Important When deploying the Behavior Monitoring Exception List settings, be aware of the following: For the Device (Default) group, Security Agents automatically enable Behavior Monitoring. For the Server (Default) group, Security Agents automatically enable Behavior Monitoring and the Unauthorized Change Prevention Service. For manual groups: Security Agents installed on desktop platforms automatically enable Behavior Monitoring. Security Agents installed on server platforms automatically enable Behavior Monitoring, but you must manually enable the Unauthorized Change Prevention Service using the Worry-Free Business Security Services console. For more information, see the Worry-Free Business Security Services Online Help. Procedure 1. Go to Customers. 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Behavior Monitoring Exception List. The Behavior Monitoring Exception List screen appears. 4. Select the customers or specific device groups that you want to configure. 2-16

45 Remote Manager Customers Note To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers. 5. Click Configure Policy >. 6. Configure the policy settings for the Approved Program List and/or the Blocked Program List. a. Use the drop-down box to specify how changes affect each list. Select an action: The default setting which does not apply any changes the current policy settings Append: Remote Manager adds the specified items to the existing list Delete: Remote Manager removes the specified items from the existing list Note If Remote Manager does not locate the specified item in the existing list, Remote Manager does not perform any action on the list. Overwrite: Remote Manager deletes all items from the existing list and replaces the list with the specified items WARNING! You cannot undo this action. If you choose to replace the entire list, you cannot recover the previous list items. b. Type the full program paths that apply to the policy. Specify multiple entries using the semicolon (;) or ENTER key. 7. Click Deploy Policy Settings. Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs. 2-17

46 Trend Micro Remote Manager Administrator's Guide For more information, see Viewing Administration Logs on page Configuring the Predictive Machine Learning Exception List You can configure the Predictive Machine Learning Exception List for your Worry-Free Business Security Services customers and deploy the list to multiple customers at the global settings level. Important Any changes made to the global settings do not apply to any preexisting device groups. Procedure 1. Go to Customers. 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Predictive Machine Learning Exception List. The Predictive Machine Learning Exception List screen appears. 4. Select the customers that you want to configure. 5. Click Configure Policy >. 6. Configure the policy settings for the Predictive Machine Learning Exception List. a. Use the drop-down box to specify how changes affect the list. Select an action: The default setting which does not apply any changes the current policy settings Append: Remote Manager adds the specified items to the existing list Delete: Remote Manager removes the specified items from the existing list 2-18

47 Remote Manager Customers Note If Remote Manager does not locate the specified item in the existing list, Remote Manager does not perform any action on the list. Overwrite: Remote Manager deletes all items from the existing list and replaces the list with the specified items WARNING! You cannot undo this action. If you choose to replace the entire list, you cannot recover the previous list items. b. Type the SHA-1 file hashes that apply to the policy. Specify multiple entries using the semicolon (;) or ENTER key. 7. Click Deploy Policy Settings. Remote Manager deploys the changes to the specified customers. You can monitor the status of the policy deployment from the Administration logs. For more information, see Viewing Administration Logs on page Configuring Predictive Machine Learning Settings You can configure the Predictive Machine Learning Settings list for your Worry-Free Business Security Services customers and deploy the list to multiple customers or device groups. Note Predictive Machine Learning requires a functional Internet connection to connect to the Smart Protection Network. Procedure 1. Go to Customers. 2-19

48 Trend Micro Remote Manager Administrator's Guide 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Predictive Machine Learning Settings. The Predictive Machine Learning Settings screen appears. 4. Select the customers or specific device groups that you want to configure. Note To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers. 5. Click Configure Policy >. 6. Select the Action to apply to the policy. Select an action: The default setting which does not apply any changes the current policy settings Enable Predictive Machine Learning: Enables Predictive Machine Learning on the selected device groups The Detection Settings section appears. Disable Predictive Machine Learning: Disables Predictive Machine Learning on the selected device groups 7. Under Detection Settings, select the type of detections and related action that Predictive Machine Learning takes. Detection Type Actions File Quarantine: Select to automatically quarantine files that exhibit malware-related features based on the Predictive Machine Learning analysis Log only: Select to scan unknown files and log the Predictive Machine Learning analysis for further in-house investigation of the threat 2-20

49 Remote Manager Customers Detection Type Actions Process Terminate: Select to automatically terminate processes or scripts that exhibit malware-related behaviors based on the Predictive Machine Learning analysis 8. Click Deploy Policy Settings. Important Predictive Machine Learning attempts to clean the files that executed the malicious processes. If the clean action is unsuccessful, the managed product quarantines the affected files. Log only: Select to scan unknown processes or scripts and log the Predictive Machine Learning analysis for further in-house investigation of the threat Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs. For more information, see Viewing Administration Logs on page Configuring Ransomware Settings You can configure ransomware settings for your Worry-Free Business Security Services customers and deploy the settings to multiple customers or device groups. 2-21

50 Trend Micro Remote Manager Administrator's Guide Important When deploying ransomware settings, be aware of the following: For the Device (Default) group, Security Agents automatically enable Behavior Monitoring. For the Server (Default) group, Security Agents automatically enable Behavior Monitoring and the Unauthorized Change Prevention Service. For manual groups: Security Agents installed on desktop platforms automatically enable Behavior Monitoring. Security Agents installed on server platforms automatically enable Behavior Monitoring, but you must manually enable the Unauthorized Change Prevention Service using the Worry-Free Business Security Services console. For more information, see the Worry-Free Business Security Services Online Help. Procedure 1. Go to Customers. 2. Select one or more customers from the Company list. 3. Click Policy Settings and select Ransomware Settings. The Ransomware Settings screen appears. 4. Select the customers or specific device groups that you want to configure. Note To select specific types of device groups, use the Select Groups drop-down button to select or remove device groups from the policy setting. By default, Remote Manager selects all device groups for all customers. 5. Click Configure Policy >. 6. Select the Action to apply to the policy. Select an action: The default setting which does not apply any changes the current policy settings 2-22

51 Remote Manager Customers Enable Ransomware Protection: Enables ransomware protection on the selected device groups The Settings section appears. Disable Ransomware Protection: Disables ransomware protection on the selected device groups 7. When enabling ransomware protection, select which ransomware protection features you want to apply. Enable document protection against unauthorized encryption or modification: Stops potential ransomware threats from encrypting or modifying the contents of documents Automatically back up and restore files modified by suspicious programs: Creates backup copies of files being encrypted on endpoints to prevent any loss of data if the managed product detects a ransomware threat Note Automatic file backup requires at least 100 MB of disk space on the agent endpoint and only backs up files that are less than 10 MB in size. Enable blocking of processes commonly associated with ransomware: Blocks processes associated with known ransomware threats before any encryption or modification of documents can occur Enable program inspection to detect and block compromised executable files: Program inspection monitors processes and performs API hooking to determine if a program is behaving in an unexpected manner. Although this procedure increases the overall detection ratio of compromised executable files, it may result in decreased system performance. 8. Click Deploy Policy Settings. Remote Manager deploys the changes to the specified customers or device groups. You can monitor the status of the policy deployment from the Administration logs. 2-23

Trend Micro Remote Manager Administrator's Guide For more information, see Viewing Administration Logs on page 17-23.

52 Trend Micro Remote Manager Administrator's Guide For more information, see Viewing Administration Logs on page Merging Multiple Remote Manager Accounts in Licensing Management Platform If you manage other Trend Micro Remote Manager accounts that have not migrated to the new Licensing Management Platform, you can merge those accounts with the current one. Procedure 1. Sign into a Remote Manager account that has been migrated to Licensing Management Platform. The Dashboard screen opens. 2. Click the arrow next to the sign in name and click Merge Another Account > Yes. WARNING! If you merge an account to the current one, all data from the other account will be moved. For example, if you are currently signed in as admin1 and you merge admin2 to the admin1 account, all the data from the admin2 account will be deleted from the admin2 account. This data has been merged with the admin1 account. You will still be able to open the admin2 account but all the data will be in the admin1 account. 3. Enter the user name and password of the account you want to merge with the current one. 4. Click Merge. Wait a couple of minutes for the data to be merged. 2-24

Remote Manager Customers What to do next After migrating the account, you will always see the following when adding a new customer: With an active Licensing Management Platform account: If the new

53 Remote Manager Customers What to do next After migrating the account, you will always see the following when adding a new customer: With an active Licensing Management Platform account: If the new customer already has an account in Licensing Management Platform. With existing product servers that need to be connected to this account: If the new customer has a product/service but the account has not been integrated into Licensing Management Platform. 2-25

55 Chapter 3 Individual Customer Settings This section contains the following topics: Customer Information on page 3-2 Customer Products on page 3-3 Customer Licenses on page 3-13 Company Profile on page 3-16 Contact Information on page 3-16 Customer Notifications on page 3-17 ConnectWise Settings for Individual Customers on page

56 Trend Micro Remote Manager Administrator's Guide Customer Information The <Customer> screen consists of multiple tabs that allow you to view individual customer information regarding associated products, licenses, company data, notifications, and ConnectWise settings. Table 3-1. Customer Tabs Products Tab Description Provides a list of all products associated with the customer account and displays a list of all product-related events that may require immediate attention You can use the Products tab to configure individual product settings. Note If any products have Action required (red) or Warning (yellow) events, Remote Manager displays a summary count directly on the tab. For more information, see Customer Products on page 3-3. Licenses Provides a list of all products and service plans associated with the customer account Note If any products have Expired (red) or Expiring soon (yellow) events, Remote Manager displays a summary count directly on the tab. For more information, see Customer Licenses on page Company Profile Displays general information about the company as configured in Licensing Management Platform For more information, see Company Profile on page

57 Individual Customer Settings Tab Contact Information Notification ConnectWise Description Displays contact information about the customer as configured in Licensing Management Platform For more information, see Contact Information on page Displays all notification configuration settings for the customer For more information, see Customer Notifications on page Displays the ConnectWise integration settings for the customer For more information, see ConnectWise Settings for Individual Customers on page Customer Products The customer Products tab displays all products currently associated with the customer account and lists all related event notifications. Tip You can filter the Notification Events list using the View by drop-down boxes above the table. The following table outlines the tasks available on the Products tab. Task Add new products Description Click the Add button to assign new products and service plans to the customer. For more information, see Adding New Products Using a Licensing Management Platform Account on page 3-8 or Adding New Products Using a Customer Licensing Portal Account on page

58 Trend Micro Remote Manager Administrator's Guide Task Manage product settings Description Select a product in the product tree to display event notifications and configuration settings specific to that product For more information, see specific product setting information for the following products: Cloud App Security on page 4-2 Cloud Edge on page 5-2 Hosted Security on page 6-2 InterScan Web Security as a Service on page 7-2 Worry-Free Business Security on page 8-2 Worry-Free Business Security Services on page 9-2 For more information about the icons that display in the product tree, see Network Tree Status Icons on page View threat and system event notifications By default, Remote Manager displays all event notifications for all products associated with the customer account. To view event notifications for a specific product, select the product from the product tree. For more information, see Managed Product Events on page To view details about a specific event, click the Occurrences count. Product/Service Information The dashboard lists only customers that need attention. To get details for any product, including those that are not listed on the dashboard, go to the Customers tab and access the product on the customer tree. Click Customers > {customer} > {product} to display additional information. Note The displayed options differ for each product/service. 3-4

59 Individual Customer Settings Product Options Cloud App Security Events: Displays system and threat events Cloud Edge For service plans: Users: Allows you to create or delete Cloud App Security users, and reset users' passwords Events: Displays a summary of events from all Cloud Edge devices in the service plan Firmware Updates: Displays the current firmware version of each device and the latest available version; provides the option to manually update firmware Devices: Displays the name and serial number of each registered device For registered devices: Events: Displays system and threat events Components: Displays the current version of each component, the latest available version, and the date of the last update Network: Displays the user name, remote IP address, and MAC address of endpoints that connected to the network through the Cloud Edge device VPN: Displays the user name, remote IP address, and virtual IP address of endpoints that connected to the network through a Virtual Private Network and the Cloud Edge device Note To make more detailed changes, access the Cloud Edge console. 3-5

60 Trend Micro Remote Manager Administrator's Guide Product Hosted Security Options Live Status: Displays the latest Hosted Security information. Policy Settings: Lists all the available policies. Approved Senders: Lists all senders that are not subject to IP reputation-based, spam, phish, or marketing message filtering. Blocked Senders: Lists all the addresses or domains that will blocked from sending messages. Note To make more detailed changes, access the Hosted Security console. InterScan Web Security as a Service Displays the latest InterScan Web Security as a Service threat and system information. Note To make more detailed changes, access the InterScan Web Security as a Service console. 3-6

61 Individual Customer Settings Product Worry-Free Business Security Options Events: Lists system and threat events that may or may not need an action. Groups: Lists the different groups configured on the server. You can request to start or stop a scan from here. Domain Settings: Configure settings for the entire domain. Refer to the Trend Micro Worry-Free Business Security documentation for detailed information: Note Security settings of individual groups cannot be configured from here. You will need to access the Worry-Free Business Security console to make these changes. Managed Server: Displays all the details of the server. You can request to update the server and update agents from here. TMRM Agent: Contains general information about the Trend Micro Remote Manager agent including the availability, the Globally Unique Identifier (GUID) or Authorization Key, and the IP address. Devices: Lists the name, IP Address, online/offline status, and details of the scan engine, pattern file, and the platform. Note You can see Devices and Security Settings once you expand the product and click Servers or Desktops. Security Settings: Configure the security settings of a particular group (applicable only for Worry-Free Business Security 6.0 and above). Refer to the Trend Micro Worry-Free Business Security documentation for detailed information. 3-7

62 Trend Micro Remote Manager Administrator's Guide Product Worry-Free Business Security Services Options Events: Lists system and threat events that may or may not need an action. Groups: Lists the configured groups and the types. Devices: Lists the name, IP Address, online/offline status, and details of the scan engine, pattern file, and the platform. Note You can see Devices and Security Settings once you expand the product and click Servers or Desktops. Security Settings: Configure the security settings of Worry- Free Business Security Services. Refer to the Trend Micro Worry-Free Business Security Services documentation for detailed information: Note To make more detailed changes, access the Worry-Free Business Security Services console. Adding New Products Using a Licensing Management Platform Account Procedure 1. Go to Customers > {customer name} > Products > Add. 3-8

63 Individual Customer Settings 2. Specify the service plan, the start date, and the units per license. 3. Click Next > or Save. 4. Configure the default settings for the product. You can choose one of the following: Note This feature will show only if you selected Worry-Free Business Security Services. 3-9

64 Trend Micro Remote Manager Administrator's Guide Basic: Configure only the settings shown. Approved List for Web Reputation and URL Filtering Note If you are adding a URL to the Approved list, make sure it has not been added to the Blocked List, and vice versa. 3-10

65 Individual Customer Settings Blocked List for URL Filtering Scheduled Scan for the Server and device Templates: Go to Administration > Configure default setting templates to set up more settings, using a console similar to Worry-Free Business Security. 5. Click Save. The product/service is added and the details of the addition appear. Note If you are adding a Worry-Free Business Security product, make note of the Worry- Free Business Security Activation Code and complete the installation in the Licensing Management Platform console. 6. Click Connect to get information on how to connect the product/service to the console. Adding New Products Using a Customer Licensing Portal Account You can only add the following products using a CLP account: Hosted Security Worry-Free Business Security Worry-Free Business Security Services Procedure 1. On the Remote Manager console, go to Customers > [customer] > Products > Add. The Add Product screen appears. 3-11

66 Trend Micro Remote Manager Administrator's Guide 2. In the Product type drop-down, select the product you want to register to the customer. 3. Type a Product description. 4. Click Save. A confirmation screen appears with further instructions. 5. Copy the Authorization Key or GUID that you must use to register the managed product to Remote Manager. 6. On the managed product console, go to Administration > Trend Micro Remote Manager. 7. Provide the Authorization Key or GUID in the available field. 8. Click Connect. The managed product connects to Remote Manager and registers to the previously selected customer account. Verify that the registration of the managed product was successful by opening the Remote Manager console and viewing the customer product list. Network Tree Status Icons On the left side of the Product tab, the screen displays a tree representation of your customer's products. Table 3-2. Network tree objects Icon Network Object Product/service Product/service Device Description This product/service is not connected to Remote Manager. This product/service is connected to Remote Manager. The device is offline. 3-12

67 Individual Customer Settings Icon Device Group Group Network Object Exchange server Group The device is online. Desktop Group Description Worry-Free Business Security Services device group comprised of different device types. Exchange Server computer; this computer runs the Messaging Security Agent (MSA). Server Group; this group manages several Client Security Agents (CSAs). Customer Licenses The customer Licenses tab displays all products currently licensed to the customer account and the current status of each license. The following table outlines the tasks available on the Licenses tab. Task Renew licenses Modify seat allocation Description Select products and click the Renew License button to extend the licensing period of the selected products. For more information, see Renewing Licenses on page Select products and click the Modify Seat Allocation button to change the number of seats associated with each service plan. For more information, see Modifying Seat Allocation on page The following table outlines the information displayed in the Licenses table. 3-13

68 Trend Micro Remote Manager Administrator's Guide Item Status icon Description The status icon provides a quick way to identify issues with licenses : Normal : Expiring soon : Expired : Exceeded allocation Product Service Plan Provisioned Used Expiration Date Auto-renew Indicates the product name Click the available link to single-sign on to the product console. Indicates the service plan associated with the product Indicates the number of seats allocated to the product Indicates the number of seats that the customer has activated Indicates the expiration date of the license Indicates whether the license automatically extends the licensing period Renewing Licenses Renew licenses for customers you manage. Note This feature is only applicable if you are using an account that has been integrated with the Trend Micro Licensing Management Platform. Procedure 1. There are several ways to see the Renew Licenses window: From the Remote Manager web console: 3-14

69 Individual Customer Settings a. Click Customers. b. Select the customer that has the expired license or will be expiring soon. c. Click Renew License. From the Notifications widget, click the Renew now link beside the notification. From the notification message, click the Renew now button. 2. Specify the change to the license terms. 3. Click Submit. Modifying Seat Allocation Each reseller can specify how many seats they can allocate per customer. If they exceed the allocated number of seats, resellers can add more seats per customer. Note This feature is only applicable if you are using an account that has been integrated with the Trend Micro Licensing Management Platform. Procedure 1. Go to Customers > {customer name} > Licenses. Tip You can also view the short list of customers that need additional seats by clicking the number of customer(s) who requested more seats from the Notifications widget. 2. Select the product(s) that you want to modify. 3. Click Modify Seat Allocation. The Modify Seat Allocation screen appears. 3-15

70 Trend Micro Remote Manager Administrator's Guide 4. Specify the number of new seats that you want to add for each product under the New Seats column. 5. Click Submit. Company Profile The customer Company Profile tab displays general information about the customer's company as stored in Licensing Management Platform. The following table outlines the information available on the Company Profile tab. Item Company name Address City State Postal code Country Logon URL Company logo Description The name of the customer's company The street address of the customer's company The city in which the customer's company is located The state/province/region in which the customer's company is located The postal code / zip code for the customer's company The country in which the customer's company is located The URL that the customer can use to sign into Licensing Management Platform The customized banner for the customer's company that can display on supported Trend Micro product consoles Contact Information The customer Contact Information tab displays information about the main customer contact as stored in Licensing Management Platform. The following table outlines the information available on the Contact Information tab. 3-16

71 Individual Customer Settings Item Account User role Contact name Contact number Time zone Language Description The contact's account name The user role assigned to the contact The main contact's name The phone number of the main contact The address of the main contact The time zone in which the contact is located The preferred language of the contact Customer Notifications The customer Notifications tab allows you to configure the types of event notifications that Remote Manager sends to the configured recipients, third-party remote management and monitoring tools, and the type of content sent. You can accept the global notification settings or customize the settings per customer. For more information about global notification settings, see Configuring Global Notification Settings on page Procedure 1. Go to Customers > [customer]. 2. Click the Notifications tab. 3. In the Recipients section, select from the following settings: Use global notification recipient settings: Automatically sends the event notifications to the addresses specified on the global notifications screen Use custom recipient settings Account manager: Select the Licensing Management Account for the representative that manages the customer 3-17

72 Trend Micro Remote Manager Administrator's Guide Additional recipients: Type the addresses of any other people that you want Remote Manager to notify about the customer's events 4. In the Third-party Notifications section, select the remote management and monitoring tools that you have integrated with Remote Manager. ConnectWise Important You must first integrate Remote Manager with ConnectWise and also enable individual ConnectWise settings per customer before Remote Manager can send the notifications. For more information, see Integrating ConnectWise on page 11-2 and ConnectWise Settings for Individual Customers on page Kaseya For more information, see Integrating Kaseya on page Autotask For more information, see Integrating Autotask on page In the Message Content section, accept the globally-configured content settings or click the Change the global message content settings link to modify the message content for all Remote Manager customers. 6. In the Event section, select from the following settings: Use global notification event settings: Applies the globally-configured event settings to the customer Click the link to view the global settings and make any necessary modifications that apply to all Remote Manager customers. Use custom notification event settings: Select to display a list of all event settings for all products available in Remote Manager Enable the required notification event types and configure any necessary settings for the products specific to the customer. 3-18

73 Individual Customer Settings For more information about the event types available, see: Worry-Free Business Security Services Notifications on page Worry-Free Business Security Notifications on page Cloud App Security Notifications on page Cloud Edge Notifications on page InterScan Web Security as a Service Notifications on page Click Save. ConnectWise Settings for Individual Customers You must enable ConnectWise notifications and integration for each Trend Micro customer on the Remote Manager console if you want to automate Remote Manager notifications. For more information on global ConnectWise integration settings, see Integrating ConnectWise on page Important To begin receiving notifications in the ConnectWise system, you must first configure the ConnectWise notification settings for each customer. For more information, see Customer Notifications on page Procedure 1. Go to Customers > [customer]. 2. Click the ConnectWise tab. 3. Select Enable integration. 3-19

Trend Micro Remote Manager Administrator's Guide 4. Specify the ConnectWise Company ID for this customer. Note 5. Click Save. Click Test Validity to verify the company ID.

74 Trend Micro Remote Manager Administrator's Guide 4. Specify the ConnectWise Company ID for this customer. Note 5. Click Save. Click Test Validity to verify the company ID. Trend Micro Remote Manager syncs the customer information from ConnectWise and loads any available agreement information. The following screen appears: 6. In the Agreements section, you can assign ConnectWise Agreements to Trend Micro products. Note Assigning agreements to Trend Micro products allows ConnectWise to provide automated billing services for Trend Micro Remote Manager customers. Important If you previously configured ConnectWise using the TMRM Management Solution or Managed Service agreement type, Default appears next to the Trend Micro product name. If you did not configure ConnectWise using the TMRM Management Solution or Managed Service agreement type, you can assign ConnectWise agreements to Trend Micro products. a. Click Set Up. 3-20

75 Individual Customer Settings The Product Agreements screen appears. b. For each product, first select the agreement type and then select the agreement name. c. Click OK. 7. Select either of the following integration settings: Select Use global settings from Administration > Configure third-party integration > ConnectWise settings to apply the global integration settings. Select Use custom settings to configure customer-specific notifications for billing and executive summaries. Send billing information for the following products to ConnectWise every month on day X: Select the day of the month to receive billing information for the products you select. 8. Click Save. Note If you select 29, 30, or 31 and the month does not contain that day, Remote Manager sends the notification on the last day of the month. Send the following information from Hosted Security to ConnectWise every <day, week, or month>: Remote Manager sends the selected detection information from Hosted Security at the specified frequency. 3-21

77 Part III Managing Trend Micro Products

79 Chapter 4 Cloud App Security in Remote Manager This section contains the following topics: Cloud App Security on page 4-2 Registering Cloud App Security on page 4-2 Managing Cloud App Security on page 4-2 Cloud App Security Events on page 4-3 Cloud App Security Notifications on page

80 Trend Micro Remote Manager Administrator's Guide Cloud App Security Trend Micro Cloud App Security provides advanced protection for Microsoft Office 365 services, Box, Dropbox and Google Drive, enhancing security with powerful enterprise-class threat and data protection control. Cloud App Security provides protection against phishing scams, zero-day and hidden malware, and unauthorized transmission of sensitive data. Cloud App Security integrates cloud-to-cloud with Exchange Online, SharePoint Online, OneDrive for Business, Box, Dropbox and Google Drive to maintain high availability and administrative functionality. Registering Cloud App Security Procedure 1. Add a new customer on the Remote Manager web console. 2. Add Cloud App Security to that customer's service plan. For more information, see Adding New Products Using a Licensing Management Platform Account on page Go to the Cloud App Security web console to activate the license. Note Cloud App Security data will automatically sync with Remote Manager. Managing Cloud App Security Remote Manager allows you to complete the following tasks for a registered Cloud App Security installation. 4-2

81 Cloud App Security in Remote Manager Table 4-1. Cloud App Security Management Tasks Task Description View events Manage users Access the Cloud App Security console View a list of Cloud App Security events from the Events tab. Add and delete users, and reset passwords from the Users tab. Access the Cloud App Security console by clicking Open Console. Cloud App Security Events Note If multiple Action required and Warning events occur, Remote Manager displays the icon for the most serious threat. Table 4-2. Threat Events Event Category Details Event Status Antivirus Virus detections exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) File Blocking File Blocking violations exceed : The detected File Blocking violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 4-3

82 Trend Micro Remote Manager Administrator's Guide Event Category Virtual Analyzer Web Reputation Details Virtual Analyzer High risk detections exceed Virtual Analyzer Medium/Low risk detections exceed URL violations exceed Event Status : The detected Virtual Analyzer detection count for High risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for Medium/Low risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 4-3. System Events Event Category Account sync issues Details Invalid Box access token Invalid Dropbox access token Invalid Google Drive access token Sync issues on delegate account(s) Event Status : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to sync with delegate account(s) 4-4

83 Cloud App Security in Remote Manager Cloud App Security Notifications Table 4-4. Threat Events Event Antivirus - Virus detections exceed File Blocking - File Blocking violations exceed Ransomware - Ransomware detections exceed Virtual Analyzer - Virtual Analyzer detections exceed Details : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected File Blocking violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for Low risk or Medium risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for High risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) Web Reputation - URL violations exceed : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 4-5. System Events Event Account sync issues - Invalid Box access token Account sync issues - Invalid Dropbox access token Details : Unable to access the specified cloud storage : Unable to access the specified cloud storage 4-5

84 Trend Micro Remote Manager Administrator's Guide Event Account sync issues - Invalid Google Drive access token Account sync issues -Sync issues on delegate account(s) Details : Unable to access the specified cloud storage : Unable to sync with delegate account(s) 4-6

85 Chapter 5 Cloud Edge in Remote Manager This section contains the following topics: Cloud Edge on page 5-2 Registering Customers with Cloud Edge Devices on page 5-2 Managing Cloud Edge on page 5-3 Cloud Edge Events on page 5-4 Cloud Edge Notifications on page

86 Trend Micro Remote Manager Administrator's Guide Cloud Edge Cloud Edge brings together the benefits of a next-generation on-premises firewall and the convenience of security as a service for managed service providers. By deeply scanning and filtering network packets on-premises or through the cloud, Cloud Edge stops threats at the gateway. Cloud Edge intelligently combines application control with user and port identification, zero-day exploit detection, anti-malware scanning, web reputation security, and URL filtering to protect your customers against network breaches and business disruptions. VPN support also secures connections from mobile devices, corporate sites, and remote employees. Deploy the Cloud Edge on-premises appliance to customer offices anywhere in the world and then centrally control user access and security policies through an intuitive cloud console, or through Trend Micro Remote Manager. Remote Manager works with Cloud Edge by providing a single point of entry to access graphical reports and summarized dashboard data for supported appliances and Trend Micro products. You can also use Remote Manager to manage licensing and billing of multiple customers. Registering Customers with Cloud Edge Devices Procedure 1. Go to Customers > New Customer. The Select New Customer window opens. 2. Select With an active Licensing Management Platform account. 3. Click Next. The Enter Customer Information screen appears. 4. Type the required information. 5. Click Next. The Assign Service Plan screen appears. 5-2

87 Cloud Edge in Remote Manager 6. Select a service plan and start date. 7. Type the number of units per license. 8. Optional: Click Add device and type the following information for each device. Device name: Type a name that is not identical to the company name. Serial number: The serial number is not case-sensitive. Note 9. Click Next. The number of devices must not exceed the specified seat count. The Configure Product Default Settings screen appears. 10. Select a default setting template. 11. Optional: Change the default template, as needed. For more information, see Configuring Default Setting Templates for Cloud Edge on page Click Save. The screen closes and the Customers screen appears. Note Because Licensing Management Platform has already linked your Cloud Edge account, you do not need to enter your credentials to sign into Cloud Edge. Managing Cloud Edge Remote Manager allows you to complete the following tasks for a registered Cloud Edge installation. 5-3

88 Trend Micro Remote Manager Administrator's Guide Table 5-1. Cloud Edge Management Tasks Task Assign a Virtual Analyzer service plan to Cloud Edge View events Update firmware Register devices Access the Cloud Edge console Description Click the Add button and select a Virtual Analyzer service plan to assign to an existing Cloud Edge device. View a list of Cloud Edge events from the Events tab. Update outdated devices from the Firmware Updates tab. Register devices from the Devices tab. Access the Cloud Edge console by clicking Open Console. You can also select registered devices from the Product tree and view the following tabs for information about specific devices: Events Components Network VPN Cloud Edge Events Note Some Threat Events from Cloud Edge may display additional channel information. 5-4

89 Cloud Edge in Remote Manager Table 5-2. Threat Events Event Category Details Event Status Antispam Spam detections exceed : The detected spam count exceeds the configured threshold within 1 hour (as configured on the managed product console) Antivirus Virus detections exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) Botnet Botnet detections exceed : The detected botnet count exceeds the configured threshold within 1 hour (as configured on the managed product console) C&C callback C&C callbacks exceed : The detected C&C callback count exceeds the configured threshold within 1 hour (as configured on the managed product console) IPS IPS detections exceed : The detected IPS count exceeds the configured threshold within 1 hour (as configured on the managed product console) Predictive Machine Learning Ransomwar e Predictive Machine Learning detections exceed Ransomware detections exceed : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 5-5

90 Trend Micro Remote Manager Administrator's Guide Event Category Virtual Analyzer Web Reputation Web Threats Details Virtual Analyzer detections exceed URL violations exceed Web threat detections (including IPS, botnet, antivirus, or Web Reputation violations) exceed Event Status : The detected Virtual Analyzer detection count for objects of any risk level exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected web threat count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 5-3. System Events Event Category Cloud scanning Firmware Update Details Service unavailable Service became temporarily unavailable within the last 24 hours The last firmware update was unsuccessful. Open the <Cloud Edge cloud console> for more information. Outdated firmware Event Status : Cloud Edge was unable to connect to the cloud scanning service : Cloud Edge was temporarily unable to connect to the cloud scanning service within the last 24 hours : Cloud Edge firmware was unable to successfully update to the latest firmware version : The current version of the Cloud Edge firmware is outdated 5-6

91 Cloud Edge in Remote Manager Event Category Offline Offline (Last 24 hours) Resource shortage Resource shortage (Last 24 hours) Unregistered Details Offline gateway. Policy deployment and log analysis may be affected. Offline gateway occurrences in the last 24 hours. Policy deployment and log analysis may have been affected. Detected <number> issues Disk space usage exceeded CPU usage exceeded Memory usage exceeded Detected <number> issues Disk space usage exceeded CPU usage exceeded Memory usage exceeded Unable to perform cloud management. This gateway is not registered to the Cloud Edge cloud console. Event Status : Cloud Edge cannot connect to the gateway or perform scanning : Cloud Edge was unable to maintain a dedicated connection to all registered gateways over the last 24 hours : The amount of remaining resources on the device have dropped below the configured alert threshold. : The amount of remaining resources on the device dropped below the configured alert threshold within the last 24 hours but were recovered : Cloud Edge cannot perform scanning on the gateway 5-7

92 Trend Micro Remote Manager Administrator's Guide Cloud Edge Notifications Table 5-4. Threat Events Event Details Alert Threshold Web Threats - Web threat detections exceed C&C callback - C&C callback detections exceed Ransomware - Ransomware detections exceed : The detected web threat count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected C&C callback count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) Specify a value between 1 to 300. Specify a value between 1 to 100. Specify a value between 1 to 100. Table 5-5. System Events Event Details Alert Threshold Offline - Offline gateway detected : Cloud Edge cannot connect to the gateway or perform scanning Specify when Remote Manager sends the notification: Immediately: Trigger the notification as soon as Cloud Edge reports the incident to Remote Manager For more than X day(s): Trigger the notification if the gateway remains offline for the configured number of days 5-8

93 Cloud Edge in Remote Manager Event Details Alert Threshold Offline - Offline device recovery Cloud scanning - Service unavailable Cloud scanning - Service restored Resource shortage - CPU, memory, or disk space usage exceeds : Cloud Edge restored the connection to an offline device : Cloud Edge was unable to connect to the cloud scanning service : Cloud Edge restored the connection to the cloud scanning service : The amount of remaining resources on the device have dropped below the configured alert threshold. Not applicable Not applicable Not applicable Specify the maximum amount of resources (between 80-95%) that can be in use before Remote Manager triggers the notification 5-9

95 Chapter 6 Hosted Security in Remote Manager This section contains the following topics: Hosted Security on page 6-2 Registering Hosted Security on page 6-2 Managing Hosted Security on page

96 Trend Micro Remote Manager Administrator's Guide Hosted Security Trend Micro Hosted Security blocks spam, viruses, phishing, and other threats before they reach your network. As a hosted solution, it requires no hardware or software to install and maintain and helps you reclaim IT staff time, user productivity, bandwidth, mail server storage and CPU capacity. In addition, Trend Micro s worldwide team of experts manages hot fixes, patches, updates and application tuning so that solution performance is continuously optimized. Note For information about Hosted Security, refer to the documentation at: Trend Micro Remote Manager monitors and manages Hosted Security-protected networks by communicating with the Hosted Security server located at Trend Micro data centers. Registering Hosted Security 1. Add a new customer on the Remote Manager web console. 2. Add the main customer contact. 3. Add at least one service to that customer's account. 4. Enter the Authorization Key on the customer s service console. Connecting a Hosted Security Customer to the Remote Manager Web Console To manage Hosted Security from the Trend Micro Remote Manager web console, a customer's Hosted Security account must register with Remote Manager. 6-2

97 Hosted Security in Remote Manager Note If the reseller added the product to your account from Licensing Management Platform, you do not need to do the following steps. Procedure 1. Add the product to the Remote Manager web console and save the GUID or Authorization Key. 2. Sign into the customer's Hosted Security account. 3. Go to Administration > Remote Manager. 4. Type the GUID or Authorization Key and click Connect. After entering the GUID or Authorization Key and clicking Connect, it can take as long as ten minutesfor Hosted Security to complete the connection to the Remote Manager web console. 5. Review the connection status. New Hosted Security data can take as long as three hours before it updates on the Remote Manager web console. Hosted Security Customer information is updated once a day. Disconnecting a Hosted Security Customer from the Remote Manager Web Console To disconnect Hosted Security from the Remote Manager web console: If the account has been integrated with Licensing Management Platform, the reseller can delete the service plan from the Licensing Management Platform web console. Once the service plan has been deleted, the customer will be disconnected from the Remote Manager web console. For other accounts, the customer can open the Remote Manager screen on the Hosted Security web console and click Discontinue. 6-3

98 Trend Micro Remote Manager Administrator's Guide The customer is then notified on the Hosted Security console and clicks OK. Managing Hosted Security Remote Manager allows you to complete the following tasks for a registered Hosted Security installation. Table 6-1. Hosted Security Management Tasks Task Description View events View policies View the Approved Senders list View the Blocked Senders list Access the Hosted Security console View a list of Hosted Security events from the Live Status tab. View a list of Hosted Security policies from the Policies tab. View a list of approved senders from the Approved Senders tab. View a list of blocked senders from the Blocked Senders tab. Access the Hosted Security console by clicking Open Console. 6-4

99 Chapter 7 InterScan Web Security as a Service in Remote Manager This section contains the following topics: InterScan Web Security as a Service on page 7-2 Registering InterScan Web Security as a Service (IWSaaS) on page 7-3 Managing InterScan Web Security as a Service on page

100 Trend Micro Remote Manager Administrator's Guide InterScan Web Security as a Service Simple. Quick. Cost-effective Solution. Trend Micro understands how important it is to safeguard your network and how costly the technology infrastructure can be to do this. Therefore, with our expert cloud technology, we have created an elastic cloud-security gateway product InterScan Web Security as a Service (IWSaaS). As a cloud-based application, no capital expenditure needs to be invested in either hardware or software. By using IWSaaS, you can focus on strategic security, such as policy and architecture, rather than on the operational tasks of managing network infrastructure. Our Cloud Solution Will Help You: Protect against viruses or other security risks in file-uploads and downloads using highly configurable Anti-Malware Protection technology. In addition, IWSaaS scans for many types of spyware, grayware, and other risk types. Block websites determined by Web Reputation Service (WRS) to be malicious, based on a website s reputation score. Control Internet applications discovered by Application Control using policies. Control access to any specific site using the Approved/Blocked lists. Scan traffic organized by URL categories, such as Adult and Gambling. When a user requests a URL, IWSaaS, using URL Filtering policies, first looks up the category for that URL and then allows, denies, or monitors access based on the policies set up. Monitor and analyze web traffic status using the dashboard reporting and log query feature. How IWSaaS Works The diagram below illustrates how IWSaaS manages your network traffic in the cloud. When a user sends an HTTP request - whether inside or outside your firewall - that user's traffic is routed through the cloud. IWSaaS inspects the request, analyzes it, and filters it based on policies set by administrators. If the request is allowed, and the user 7-2

101 InterScan Web Security as a Service in Remote Manager logs onto IWSaaS, then IWSaaS sends the secure content back to the user. If the request is not allowed, for example a request to a forbidden URL category, then IWSaaS blocks the request and notifies the user. Click the blue question mark button on any page to open help for that page. Page-level help appears in a panel. Within this panel, information necessary to complete the screen is found in the "Steps" tab and any information supporting this procedure is found in a "More" tab. You can access the table of content-type Help the Help Contents from the Help menu located in the main banner, along with the readme, Getting Started instructions, and Getting Start Guide. Registering InterScan Web Security as a Service (IWSaaS) 1. Add a new customer on the Remote Manager web console. 2. Add the IWSaaS service to that customer's account. For more information, see Adding New Products Using a Licensing Management Platform Account on page

102 Trend Micro Remote Manager Administrator's Guide Note Because Licensing Management Platform has already linked your IWSaaS account, you do not need to enter your credentials to sign into IWSaaS. Managing InterScan Web Security as a Service Remote Manager allows you to complete the following tasks for a registered InterScan Web Security as a Service (IWSaaS) installation. Table 7-1. IWSaaS Management Tasks Task Description View events Access the IWSaaS console View a list of IWSaaS events. Access the IWSaaS console by clicking Open Console. InterScan Web Security as a Service Events Table 7-2. Threat Events Event Category Antispyware Details Spyware/Grayware detections Event Status : The detected spyware/grayware count during the last 24 hours Antivirus Virus detections : The detected virus/malware count during the last 24 hours Application Control URL Filtering Application Control violations URL violations : The detected Application Control violation count during the last 24 hours : The detected URL Filtering violation count during the last 24 hours 7-4

103 InterScan Web Security as a Service in Remote Manager Event Category Web Reputation Details URL violations Event Status : The blocked URL count during the last 24 hours Table 7-3. System Events Event Category Account sync issues Details Sync issues with AD/LDAP Event Status : Unable to sync with AD/LDAP InterScan Web Security as a Service Notifications Table 7-4. System Events Event Account sync issues - Sync issues with AD/LDAP Details : Unable to sync with AD/LDAP 7-5

104

105 Chapter 8 Worry-Free Business Security in Remote Manager This section contains the following topics: Worry-Free Business Security on page 8-2 Registering Worry-Free Business Security Standard and Advanced on page 8-2 Managing Agents on page 8-6 Managing Worry-Free Business Security Standard on page 8-21 Managing Worry-Free Business Security Advanced on page 8-22 Worry-Free Business Security Events on page 8-23 Worry-Free Business Security Notifications on page

106 Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Trend Micro Worry-Free Business Security Standard and Worry-Free Business Security Advanced are comprehensive, centrally-managed solutions for small- and medium-sized business. Worry-Free Business Security Standard provides client-side antivirus and firewall protection for desktops and servers. Worry-Free Business Security Advanced includes the same features as Worry-Free Business Security Standard, but provides an anti-spam and threat solution for mail servers running Microsoft Exchange Server. Worry- Free Business Security Standard and Advanced include a server-side component for monitoring and managing client protection from a central location. Trend Micro Remote Manager monitors and manages Worry-Free Business Security Standard and Advanced protected networks by communicating with an Agent that runs on Worry-Free Business Security Standard and Advanced servers For information about Worry-Free Business Security Standard and Advanced, refer to the documentation at: Registering Worry-Free Business Security Standard and Advanced 1. Add a new customer on the Remote Manager web console. 2. Add the main customer contact. 3. Add at least one service to that customer's account. 4. Enter the Authorization Key on the customer s service console. Agent GUID or Authorization Key To distinguish between products and services, Remote Manager assigns a globally unique identifier (GUID) or Authorization Key to each product and service. Every time you 8-2

107 Worry-Free Business Security in Remote Manager add a product or service to the Remote Manager web console, Remote Manager generates a new GUID or Authorization Key. The person who installs the Agent on the managed server or adds the service to the Remote Manager web console must input the GUID or Authorization Key during installation to allow the product to register to Remote Manager. The GUID or Authorization Key for a customer's products/services are always available from: Customers > All Customers (on the tree) > {customer} > TMRM Agent (tab). Figure 8-1. The Agent GUID or Authorization Key is always available (Worry-Free Business Security Standard and Advanced) Remote Manager Agent GUID 1A2B3C4567D8-E1FGHI23-J456-78K9-1L23 Agent Installation for Worry-Free Business Security 6.0 and Above There are several ways to install the Trend Micro Remote Manager Agent to the Worry- Free Business Security Standard or Advanced 6.0 and above server. The installation procedures depend on whether the customer is new or already has an existing account on the Remote Manager web console. Verifying Trend Micro Remote Manager Agent Installation Verify that the Agent has been installed successfully. 8-3

108 Trend Micro Remote Manager Administrator's Guide Checking the Agent Service Status On the computer where the Remote Manager Agent is installed, check if Trend Micro Information Center for CSM has started. Procedure 1. Click Start > Settings > Control Panel > Administrative Tools > Services. 2. Look for Trend Micro Remote Manager Agent. 3. Check if the Status has Started. Checking the Start Menu Shortcuts On the computer where the Trend Micro Remote Manager Agent is installed, check the Program Group in the Start Menu. Procedure 1. Click Start > Programs > Trend Micro Remote Manager Agent. 2. Verify that the Program Group contains the following items: Agent Configuration Tool Readme Checking the System Tray Icon On the computer where the Trend Micro Remote Manager Agent is installed, check for the Trend Micro Remote Manager Agent icon in the system tray. If for any reason the icon is not visible, you can start it by clicking Start > Programs > Trend Micro Remote Manager Agent > Agent Configuration Tool. Exiting the tool does not stop the Trend Micro Remote Manager service. It only closes the Configuration Tool and removes the icon from the task bar. The tool can be restarted at any time. 8-4

109 Worry-Free Business Security in Remote Manager Suspend the mouse over the icon for status information. Table 8-1. System Tray Icons Icon Description A green icon indicates that the Agent is connected to the Trend Micro Remote Manager communication server. The Agent is working normally. A red icon indicates that the Agent is not connected to the Trend Micro Remote Manager communication server or the version of the Agent is mismatched with the server and needs to be updated. An icon with a red arrow indicates that the Agent has signed out from Trend Micro Remote Manager. An icon with a red "X" means that the Agent has been disabled. Checking the Connection Between the Agent and Server To ensure that the Trend Micro Remote Manager service is running smoothly, make sure that Agents have a status of "connected" or "online" on the Remote Manager web console. Go to Customers > {customer} > Products (tab). The tree lists the status of each Agent in the Status column. For details on each status, see Agent Status on page 8-6. In addition to the current section, refer to Troubleshooting and Frequently Asked Questions on page 18-1 for more issues dealing with Server/Agent connectivity. Viewing Installation Errors The Agent installation logs cover Agent installation activities. Collect these logs and send them to your support provider if you encounter problems during installation. The Agent installation logs can be obtained from the following location on the managed server: C:\Windows\Temp\Win_debug\TMRMAgentForCSM_Install.log 8-5

110 Trend Micro Remote Manager Administrator's Guide Managing Agents This section contains the following topics: Managing Agents from the Remote Manager Web Console on page 8-6 Managing Agents from the Managed Server on page 8-10 Backing Up and Restoring Agent Settings on page 8-14 Finding the Agent Build Number on page 8-16 Location of Agent Logs and Configuration Files on page 8-17 Enabling the Agent Debug Log on page 8-18 Removing Agents on page 8-18 Managing Agents from the Remote Manager Web Console This section contains information on how to manage agents from the Trend Micro Remote Manager web console. Checking the Connection Between the Agent and Server To ensure that the Trend Micro Remote Manager service is running smoothly, make sure that Agents have a status of "connected" or "online" on the Remote Manager web console. Go to Customers > {customer} > Products (tab). The tree lists the status of each Agent in the Status column. For details on each status, see Agent Status on page 8-6. In addition to the current section, refer to Troubleshooting and Frequently Asked Questions on page 18-1 for more issues dealing with Server/Agent connectivity. Agent Status The status of a Remote Manager Agent indicates whether the Agent is able to collect data and receive commands from the Remote Manager server. The status also indicates 8-6

111 Worry-Free Business Security in Remote Manager the reason why the Agent cannot function properly and how you can handle the situation. The table below describes the different Agent status types and ways to handle the situation. Table 8-2. Agent status types Status Description Resolution Online The Agent is running normally. NA Abnormal Disabled Offline The Agent appears offline and is not responding to the Remote Manager server, but has not sent a logoff request. This status is set manually from the console. When an Agent in disabled status, the Agent queries commands from the server every 10 minutes. The Agent closed normally after having sent a logoff request to the Remote Manager server. Typically, an Agent is in this status if a user has shut down the Agent service or the managed server has shut down. This status can occur if the managed server did not shut down properly. Ensure that the managed server administrator is aware of this situation. Contact the administrator if necessary. Submit a command to enable the Agent (See Submitting Agent Commands on page 8-8). Ensure that the managed server administrator is aware that the server has shut down. Contact the managed server administrator if necessary. Unknown The Agent is not working normally. Remove the Agent and have the managed server administrator reinstall the Agent. Contact your support provider if this issue persists. Plug-in errors The console has detected errors in the Agent's service plug-in component. Remove the Agent and ask the managed server administrator to re-install the Agent. Contact your support provider if this issue persists. 8-7

112 Trend Micro Remote Manager Administrator's Guide Status Description Resolution Unregistered Version mismatch The Agent has not registered to the Remote Manager server. Incompatibility between the versions of any of the following components has been detected: Agent Remote Manager Worry-Free Business Security (Standard and Advanced) The Agent may have not been installed or has not been able to communicate successfully with the Remote Manager server. Contact the managed server administrator. Upgrade the Agent and the managed server. If this does not work, report this problem to the Trend Micro Data Center administrator. Submitting Agent Commands Agent commands allow you to remotely resolve issues affecting the Worry-Free Business Security (Standard and Advanced) Agent. If an Agent is in abnormal or unregistered status, you cannot submit a command to it. Procedure 1. Go to Customers > {customers} > {product} > Groups (tab). Select one of the following commands: Scan Now: Initiates a scan of the endpoint. Stop Scan: Stops the scanning process. 2. Go to Customers > {customers} > {product} > Domain Settings (tab). Select one of the following commands: Enable: Restores the Agent from disabled status to normal functionality. Disable: Agent stops collecting information but continues to query the server for commands every 10 minutes. 8-8

113 Worry-Free Business Security in Remote Manager Start Vulnerability Assessment: Performs a vulnerability assessment scan. Start Damage Cleanup Services: Scans and cleans computer of file-based and network viruses, and virus and worm remnants. 3. Go to Customers > {customers} > {product} > Managed Server (tab). Select one of the following commands: Update Managed Server: Downloads and installs managed server updates. Update Security Agent: Downloads and installs agent updates. Viewing Agent Details Procedure 1. Go to Customers > {customer} > Products (tab) > WFBS-S/WFBS-A > Endpoint. The following information is displayed: Status Computer name GUID: Globally unique identifier; Remote Manager generates this string automatically. Provide the GUID to the administrator who will install the Agent program. IP address: IP address of the server where the Agent is installed. Registered on Last update: Date and time the Agent was last updated Agent version Managed product: Product managed through the Agent 8-9

114 Trend Micro Remote Manager Administrator's Guide Managed product version: Version of the product managed through the Agent Managing Agents from the Managed Server This section contains information on how to manage agents from the managed server. Agent Status Messages On the managed server, the Agent displays one of the following system tray icons: Table 8-3. System tray icons Icon Description A green icon indicates that the Agent is connected to the Remote Manager communication server. The Agent is working normally. A red icon indicates that the Agent isn t connected to the Remote Manager communication server or the version of the Agent is mismatched with the server and needs to be updated. An icon with a red arrow indicates that the Agent has logged off from Remote Manager. An icon with a red "X" means that the Agent has been disabled. Changing the Agent GUID on the Managed Server If you entered an incorrect Globally Unique Identifier (GUID) during Remote Manager Agent installation, delete the agent and install it again using the correct GUID. If you are unable to do this procedure, you can do the following: Procedure 1. Go to C:\Program Files\Trend Micro\TMRMAgentForWFBS. 2. Open the AgentSysConfig.xml file using a text editor. 8-10

Worry-Free Business Security in Remote Manager 3. Look for the GUID between the parameters <AgentGUID> and </AgentGUID>. 4. Edit the GUID and then save the file. 5.

115 Worry-Free Business Security in Remote Manager 3. Look for the GUID between the parameters <AgentGUID> and </AgentGUID>. 4. Edit the GUID and then save the file. 5. In the same folder, open the csmsysconfig.xml file using a text editor. 6. Look for the GUID between the parameters <ProductGUID> and </ ProductGUID>. 7. Edit the GUID and then save the file. 8. Right-click the Trend Micro Remote Manager Agent icon on the task bar and then click Restart Service. Using the Agent Configuration Tool The Agent Configuration Tool allows changes to be made to Remote Manager Agent configuration settings. Go to Start > Programs > Trend Micro Remote Manager Agent > Agent Configuration Tool or right-click the tray icon and click Configure. See Agent Configuration on page 8-11 for more information. Agent Configuration Agent Configuration Menu To configure the Agent, right click on the tray icon to open the following menu: Figure 8-2. Agent Configuration Tool pop-up menu 8-11

116 Trend Micro Remote Manager Administrator's Guide The following items appear: Configure: Opens the Agent configuration screen. Select Language: In addition to other possible languages, the "English" language always exists. Service: Start, Stop, Restart. Exit: Exiting the tool does not stop the Remote Manager service. It only closes the Configuration Tool and removes the icon from the task bar. The tool can be restarted at any time. 8-12

Worry-Free Business Security in Remote Manager Configuration Tool Main Dialog Right-click on the tray icon and click Configure on the Agent configuration menu to open the Agent configuration tool

117 Worry-Free Business Security in Remote Manager Configuration Tool Main Dialog Right-click on the tray icon and click Configure on the Agent configuration menu to open the Agent configuration tool General tab. Figure 8-3. Agent Configuration Tool "General" tab The following sections of the Agent configuration screen are the only presently relevant sections of this tool. Server Settings: Configure server communication by setting the following: Server address: The fully qualified domain name (FQDN) of the Remote Manager communication server. The FQDN varies in each region as follows: 8-13

118 Trend Micro Remote Manager Administrator's Guide Asia Pacific: wfrm-apaca.trendmicro.com Europe and the Middle East: wfrm-emea.trendmicro.com Japan: wfrm-jpa.trendmicro.com Latin America: wfrm-lara.trendmicro.com North America: wfrm-usa.trendmicro.com Port: The port that the Remote Manager server uses to communicate with the Agent. This should be 80 for HTTP and 443 for HTTPS. Protocol: The protocol used for communication between the server and the Agent. Proxy Server Settings: Enable this area by clicking the Proxy server settings checkbox if the user s network requires a proxy to communicate with the Remote Manager server. Address: The IP address of the proxy server Port: The port or the proxy server Protocol Test Connection button: The Test Connection button is used to test communication between the Agent and the Remote Manager server. Use this function to test if the basic connection to the communication server works well. If it fails (a popup dialog box will appear if the tool cannot connect to the server), there may be a basic issue such as the address of the communication server and its port, or the Proxy server address and its port. Backing Up and Restoring Agent Settings If you need to uninstall and then reinstall the Agent using the same GUID within a span of three days, keep the Agent settings to avoid any overlapping data. To do this, back up the configuration files manually and then replace the configuration files with the backup after reinstalling the Agent. 8-14

119 Worry-Free Business Security in Remote Manager Backing Up Settings Procedure 1. On the managed server, right click the Agent system tray icon and click Stop Service to stop the Agent service. 2. Copy all the.xml,.dat, and.ini files from the installation folder: C: \Program Files\Trend Micro\TMRMAgentForWFBS or C:\Program Files (x86)\trend Micro\TMRMAgentForWFBS..xml files csmsysconfig.xml csmlocalconfig.xml csmlogdef.xml AgentWorkConfig.xml AgentSysConfig.xml AgentStatus.xml AgentLocalConfig.xml.dat files MSA.dat logbuf.dat group.dat CSA.dat CriticalVA.dat.ini files csmstatusdata.ini 3. Copy all the files from the \Cache folder. 8-15

120 Trend Micro Remote Manager Administrator's Guide 4. Restart the Agent service. Restoring Settings Procedure 1. Remove the Agent locally if you haven t already. For detailed instructions, see Removing Agents Locally on page Note When removing the Agent locally, the Agent will unregister from Remote Manager which automatically deletes all data associated with the Agent. To prevent the Agent from unregistering, modify the Server address value in Agent interface before removing the Agent. 2. Reinstall the Agent. Ensure that you use the same GUID which can be obtained from agentsysconfig.xml. 3. On the managed server, right click the Agent system tray icon and click Stop Service to stop the Agent service. 4. Replace the configuration files with the backup files. 5. Right-click the Agent system tray icon and click Start Service to restart the Agent service. Finding the Agent Build Number You can check the build number of the Agent either from the console or directly, on the Agent. 8-16

121 Worry-Free Business Security in Remote Manager From the Remote Manager Web Console Procedure 1. Click the Customers tab. 2. Select the target domain from the View by drop-down list in the left pane. 3. Click All Customers > {customer} > {agent} > Server/Agent Details > TMRM Agent Details. 4. Check the agent version in the General Information table. On the Agent Procedure 1. Go to the C:\Program Files\Trend Micro\WFRMAgentForCSM directory. 2. Right-click the csmplugin.dll file and then click Properties > Version (tab) to see the build number. Location of Agent Logs and Configuration Files Agent configuration files are located in: <install path>\trend Micro\TMRMAgentForWFBS\*.xml <install path>\trend Micro\TMRMAgentForWFBS\*.ini Log files are located in: <install path>\trend Micro\TMRMAgentForWFBS\log\ 8-17

122 Trend Micro Remote Manager Administrator's Guide Enabling the Agent Debug Log Normally the Agent will only log warning and error information. If more detail log information is required, enable the Agent's debug log. Resolution 1. Open the file AgentLocalConfig.xml in <install path>\trend Micro \TMRMAgentForWFBS\ in a text editor. 2. Change <DebugLogLevel> from LL_FOR_ERROR to LL_FOR_ALL. 3. Restart the Agent service by right-clicking the Remote Manager Agent on the task bar, then clicking Restart Service. 4. The Agent log file is located in <install path>\trend Micro \TMRMAgentForWFBS. Removing Agents This section contains information on how to remove agents. Removing Agents Locally Before removing an Agent, refer to Backing Up and Restoring Agent Settings on page WARNING! Unregistering an Agent from Remote Manager deletes all data associated with the Remote Manager Agent. To prevent the Agent from unregistering (and deleting its data), modify the server address value on the Remote Manager Agent interface before removing the Remote Manager Agent. There are three ways to remove an Remote Manager Agent locally: Directly uninstall the Remote Manager Agent. Uninstall the Remote Manager Agent via the Control Panel. 8-18

123 Worry-Free Business Security in Remote Manager Uninstall the Remote Manager Agent manually. Directly Uninstall the Remote Manager Agent Procedure 1. Open the Remote Manager Agent installation file (WFRMAgentforCSM.exe or WFRMAgentforWFBS.exe). 2. Click Yes to confirm the Confirm Uninstall dialogue box. Note During removal, you will be prompted to close certain applications. Close these applications and click Retry to continue. 3. Click Finish to close the wizard after the uninstallation is complete. Uninstall the Remote Manager Agent from the Control Panel Procedure 1. Open the Windows Control Panel. 2. Locate the list of currently installed programs. For example, in Windows 7, go to Programs > Programs and Features. 3. Select Trend Micro Remote Manager Agent and then click the Uninstall/ Change button. 4. Follow the on-screen instructions. Uninstall the Remote Manager Agent Manually If for any reason an Agent cannot be removed through standard ways, try these steps: 8-19

124 Trend Micro Remote Manager Administrator's Guide Procedure 1. Stop the Remote Manager Agent service. a. Open the command prompt as an Administrator. b. Run the following command: net stop "Trend Micro remote manager agent" 2. Remove the Remote Manager Agent service: a. On the command line, use the change directory (cd) command to go to the Remote Manager Agent directory. b. Run the following command: TMICAgent -u 3. Remove the program files. Delete <install path>\trend Micro\TMRMAgentForWFBS\ 4. Open the Registry Editor (regedit.exe) and remove the following registry keys: Note Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the "Restoring the Registry" Help topic in regedit.exe or the "Restoring a Registry Key" Help topic in regedt32.exe. HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIC4CSM\Agent \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products \23FC8F347B51DD440AD13A73D13A73D22D58E6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Installer\UserData\S \Products \23FC8F347B51DD440AD13A73D13A73D22D58E6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\{43F8CF32-15B7-44DD-A01D- A3372DD2856E} 8-20

125 Worry-Free Business Security in Remote Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\InstallShield Uninstall Information\{43F8CF32-15B7-44DD-A01D-A3372DD2856E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\InstallShield_ \{43F8CF32-15B7-44DD-A01D-A3372DD2856E} 5. Remove the Remote Manager Agent shortcut from the Start menu. a. On the desktop, click My Computer. b. Change the current directory to..\documents and Settings\All Users\Start Menu\Programs. c. Delete the Remote Manager Agent folder. Managing Worry-Free Business Security Standard Remote Manager allows you to complete the following tasks for a registered Worry-Free Business Security Standard installation. Table 8-4. Worry-Free Business Security Standard Management Tasks Task Description View events Scan groups View a list of Worry-Free Business Security Standard events from the Events tab. Start or stop scans from the Groups tab. 8-21

126 Trend Micro Remote Manager Administrator's Guide Task Manage domain settings Description Perform any of the following tasks from the Domain Settings tab. Enable domain settings Disable domain settings Start vulnerability assesment Start damage cleanup services Manage the managed server Perform any of the following tasks from the Managed Server tab. Update managed server Update security agent View component status View Remote Manager agent information Save server information View the Remote Manager agent information from the TMRM Agent tab. Save and access information about the WFBS server by clicking Server Information. Managing Worry-Free Business Security Advanced Remote Manager allows you to complete the following tasks for a registered Worry-Free Business Security Advanced installation. Table 8-5. Worry-Free Business Security Advanced Management Tasks Task Description View events Scan groups View a list of Worry-Free Business Security Standard events from the Events tab. Start or stop scans from the Groups tab. 8-22

127 Worry-Free Business Security in Remote Manager Task Manage domain settings Description Perform any of the following tasks from the Domain Settings tab. Enable domain settings Disable domain settings Start vulnerability assesment Start damage cleanup services Manage the managed server Perform any of the following tasks from the Managed Server tab. Update managed server Update security agent View component status View Remote Manager agent information Save server information View the Remote Manager agent information from the TMRM Agent tab. Save and access information about the WFBS server by clicking Server Information. Worry-Free Business Security Events Table 8-6. Threat Events Event Category Antispam Details Spam detections in total messages received exceed Event Status : The ratio of detected spam messages in total messages received exceeds the configured threshold within 1 hour (as configured on the managed product console) 8-23

128 Trend Micro Remote Manager Administrator's Guide Event Category Antispyware Details Detections requiring device restart Spyware/Grayware detections exceed Event Status : Displays the number of endpoints infected with spyware/grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 8-24

129 Worry-Free Business Security in Remote Manager Event Category Antivirus Details Real-time Scan disabled on endpoints Real-time Scan disabled on Exchange server(s) Threats unresolved Event Status : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files : Exchange servers with Real-time Scan disabled allow all attachments in messages to pass, leaving the customer network susceptible to massmailing worms. : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Behavior Monitoring Virus detections on endpoints exceed Virus detections on Exchange servers exceed Behavior Monitoring violations exceed Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. : The detected virus/malware count on endpoints exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected virus/malware count on Exchange servers exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 8-25

130 Trend Micro Remote Manager Administrator's Guide Event Category Device Control Network virus Outbreak Defense URL Filtering Web Reputation Details Device Control violations exceed Network virus detections exceed Outbreak Defense enabled Outbreak Defense disabled URL violations exceed URL violations exceed Event Status : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Outbreak Defense enabled on desktop/server platforms in response to abnormal threat activity : Outbreak Defense disabled on desktop/server platforms and normal network conditions restored : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 8-7. System Events Event Category Resource shortage Details Remaining disk space below Event Status : The amount of remaining disk space on the server has dropped below the configured alert threshold. 8-26

131 Worry-Free Business Security in Remote Manager Event Category Smart Protection Services Details Service unavailable Event Status : The Worry-Free Business Security console cannot connect to the Smart Scan Server Update Outdated agents : Over <number> of the Security Agents did not receive the latest antivirus patterns in the last hour Outdated Exchange servers : Outdated components detected on Exchange server(s) Worry-Free Business Security Notifications Table 8-8. Threat Events Event Antispam - Spam detections in total messages received exceed Antispyware - Detections requiring device restart Antispyware - Spyware/Grayware detections exceed Antivirus - Real-time Scan disabled on endpoints Details : The ratio of detected spam messages in total messages received exceeds the configured threshold within 1 hour (as configured on the managed product console) : Displays the number of endpoints infected with spyware/ grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files 8-27

132 Trend Micro Remote Manager Administrator's Guide Event Antivirus - Real-time Scan disabled on Exchange server(s) Antivirus - Threats unresolved Details : Exchange servers with Real-time Scan disabled allow all attachments in messages to pass, leaving the customer network susceptible to mass-mailing worms. : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Antivirus - Virus detections on endpoints exceed Antivirus - Virus detections on Exchange servers exceed Behavior Monitoring - Behavior Monitoring violations exceed Device Control - Device Control violations exceed Network virus - Network virus detections exceed URL Filtering - URL violations exceed : The detected virus/malware count on endpoints exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected virus/malware count on Exchange servers exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 8-28

133 Worry-Free Business Security in Remote Manager Event Web Reputation - URL violations exceed Details : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 8-9. System Events Event Resource shortage - Remaining disk space below Smart Protection Services - Service unavailable Update - Outdated Exchange servers Update - Outdated agents Details : The amount of remaining disk space on the server has dropped below the configured alert threshold. : The Worry-Free Business Security console cannot connect to the Smart Scan Server : Outdated components detected on Exchange server(s) : Over <number> of the Security Agents did not receive the latest antivirus patterns in the last hour 8-29

134

135 Chapter 9 Worry-Free Business Security Services in Remote Manager This section contains the following topics: Worry-Free Business Security Services on page 9-2 Registering Worry-Free Business Security Services on page 9-2 Managing Worry-Free Business Security Services on page 9-4 Worry-Free Business Security Services Events on page 9-10 Worry-Free Business Security Services Notifications on page

136 Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Services Trend Micro Worry-Free Business Security Services is a comprehensive, centrallymanaged solution for small- and medium-sized business. Worry-Free Business Security Services provides most of the advantages of Worry-Free Business Security Standard. Because Worry-Free Business Security Services is a hosted service, you can centrally manage security from anywhere without the need to add, install, configure, or maintain a server. Trend Micro security experts host and constantly update the service for you. Trend Micro Remote Manager monitors and manages Worry-Free Business Security Services servers located at Trend Micro data centers. For information about Worry-Free Business Security Services, refer to the documentation at: Registering Worry-Free Business Security Services 1. Add a new customer on the Remote Manager web console. 2. Add the main customer contact. 3. Add at least one service to that customer's account. 4. Enter the Authorization Key on the customer s service console. Connecting a Worry-Free Business Security Services Customer to the Remote Manager Web Console To manage Worry-Free Business Security Services from the Trend Micro Remote Manager web console, a customer s Worry-Free Business Security Services account must register with Remote Manager by carrying out the following: 9-2

137 Worry-Free Business Security Services in Remote Manager Note If the reseller added the product to your account from Licensing Management Platform, you do not need to do the following steps. Procedure 1. Add the product to the Remote Manager web console and save the GUID or Authorization Key. For more information, refer to Adding New Products Using a Licensing Management Platform Account on page Sign into the customer s Worry-Free Business Security Services account. 3. Go to Administration > Trend Micro Remote Manager. 4. Type the Authorization Key and click Connect. Disconnecting a Worry-Free Business Security Services Customer from the Remote Manager Web Console To disconnect Worry-Free Business Security Services from the Remote Manager web console: If the account has been integrated with Licensing Management Platform, the reseller can delete the service plan from the Licensing Management Platform web console. Once the service plan has been deleted, the customer will be disconnected from the Remote Manager web console. For other accounts, the customer can open the Remote Manager screen on the Worry-Free Business Security Services web console and click Disconnect. The customer will then be notified on the Worry-Free Business Security Services console. 9-3

138 Trend Micro Remote Manager Administrator's Guide Managing Worry-Free Business Security Services Remote Manager allows you to complete the following tasks for a registered Worry-Free Business Security Services installation. Table 9-1. Worry-Free Business Security Services Management Tasks Task Description View events Scan groups Access the Worry-Free Business Security Services console View a list of Worry-Free Business Security Standard events from the Events tab. Start or stop scans from the Groups tab. Access the Worry-Free Business Security Services console by clicking Open Console. Security Settings for Worry-Free Business Security Services Feature Description Scan Method Smart Scan: The client uses its own scan engine, but instead of using only a local pattern file to identify threats, it primarily relies on the pattern file held on the Scan Server. Conventional Scan: The client uses its own scan engine and local pattern file to identify threats. Antivirus/Anti- Spyware Enable real-time Antivirus/Anti-Spyware: Real-time scanning provides protection against file-based threats. 9-4

139 Worry-Free Business Security Services in Remote Manager Feature Description Firewall Enable Firewall: The firewall can block or allow certain types of network traffic by creating a barrier between the client and the network. Additionally, the firewall will identify patterns in network packets that may indicate an attack on clients. Simple mode: Enables the firewall with Trend Micro default settings Advanced mode:configure the security level, IDS, notifications and expectations. Important After selecting advanced mode, you must configure the advanced settings using the Worry-Free Business Security Services console. 9-5

140 Trend Micro Remote Manager Administrator's Guide Feature Web Reputation Description Enable Web Reputation: Web Reputation enhances protection against malicious websites. Web Reputation leverages Trend Micro's extensive web security database to check the reputation of URLs that Clients are attempting to access or URLs embedded in messages that are contacting websites. High: Blocks the following pages: Dangerous: Verified to be fraudulent or known sources of threats Highly suspicious: Suspected to be fraudulent or possible sources of threats Suspicious: Associated with spam or possibly compromised Untested: While Trend Micro actively tests web pages for safety, users may encounter untested pages when visiting new or less popular websites. Blocking access to untested pages can improve safety but can also prevent access to safe pages Medium: Blocks the following pages: Dangerous: Verified to be fraudulent or known sources of threats Highly suspicious: Suspected to be fraudulent or possible sources of threats Low (default): Blocks the following pages: Dangerous: Verified to be fraudulent or known sources of threats 9-6

141 Worry-Free Business Security Services in Remote Manager Feature Description URL Filtering Enable URL Filtering: URL filtering helps you control access to websites to reduce unproductive employee time, decrease Internet bandwidth usage, and create a safer Internet environment. You can choose a level of URL filtering protection or customize which types of websites you want to screen. High: Blocks known or potential security threats, inappropriate or possibly offensive content, content that can affect productivity or bandwidth, and unrated pages Medium: Blocks known security threats and inappropriate content Low (default): Blocks known security threats Custom: Select your own categories, and whether you want to block the categories during business hours or leisure hours. 9-7

142 Trend Micro Remote Manager Administrator's Guide Feature Behavior Monitoring Description Enable Behavior Monitoring: Behavior Monitoring protects clients from unauthorized changes to the operating system, registry entries, other software, or files and folders. Enable all ransomware protection features Enable document protection against unauthorized encryption or modification: Protects documents from unauthorized changes. Note Enabling this option stops processes that rename, modify and delete files, and then quarantines the programs that are running these processes. Automatically back up and restore files modified by suspicious programs: Automatically backs up files modified by suspicious programs if document protection is enabled. Enable blocking of processes commonly associated with ransomware: Protects endpoints from ransomware attacks by blocking processes commonly associated with hijacking attempts. Enable program inspection to detect and block compromised executable files: Increases detection by monitoring processes for ransomware-like behavior. Enable Intuit QuickBooks Protection: Protects all Intuit QuickBooks files and folders from unauthorized changes by other programs. Enabling this feature will not affect changes made from within Intuit QuickBooks programs, but will only prevent changes to the files from other unauthorized applications. 9-8

143 Worry-Free Business Security Services in Remote Manager Feature Predictive Machine Learning Description Enable Predictive Machine Learning: Predictive Machine Learning protects your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. File Quarantine: Select to automatically quarantine files that exhibit malware-related features based on the Predictive Machine Learning analysis Log only: Select to scan unknown files and log the Predictive Machine Learning analysis for further in-house investigation of the threat Process Terminate: Select to automatically terminate processes or scripts that exhibit malware-related behaviors based on the Predictive Machine Learning analysis Important Predictive Machine Learning attempts to clean the files that executed the malicious processes or scripts. If the clean action is unsuccessful, the trend_client_program_single quarantines the affected files. Log only: Select to scan unknown processes or scripts and log the Predictive Machine Learning analysis for further in-house investigation of the threat Mail Scan Enable POP3 message scanning: The POP3 Mail Scan plug-in protects clients in real-time against security risks and spam transmitted through POP3 messages. For more details, see the Worry-Free Business Security Services Online Help. 9-9

144 Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Services Events Table 9-2. Threat Events Event Category Antispyware Details Detections requiring device restart Spyware/Grayware detections exceed Event Status : Displays the number of endpoints infected with spyware/grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) Antivirus Real-time Scan disabled : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files Threats unresolved : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Virus detections exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 9-10

145 Worry-Free Business Security Services in Remote Manager Event Category Application Control Behavior Monitoring Device Control Network virus Details Application Control violations exceed Behavior Monitoring violations exceed Device Control violations exceed Network virus detections exceed Event Status : The detected Application Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) Outbreak Defense Predictive Machine Learning URL Filtering Outbreak Defense enabled Outbreak Defense disabled Predictive Machine Learning detections exceed URL violations exceed : Outbreak Defense enabled on desktop/server platforms in response to abnormal threat activity : Outbreak Defense disabled on desktop/server platforms and normal network conditions restored : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 9-11

146 Trend Micro Remote Manager Administrator's Guide Event Category Web Reputation Details URL violations exceed Event Status : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 9-3. System Events Event Category Smart Protection Services Details Agents disconnected Event Status : Security Agents cannot connect to the Smart Protection Network Update Outdated agents : Security Agents with outdated patterns after two hours of antivirus pattern release exceeded threshold Worry-Free Business Security Services Notifications Important For events with a configurable threshold, you must configure the threshold value separately for each customer on the Worry-Free Business Security Services console. 9-12

147 Worry-Free Business Security Services in Remote Manager Table 9-4. Threat Events Event Antivirus - Threats unresolved Details : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Antivirus - Real-time Scan disabled Antivirus - Virus detections exceed Antispyware - Detections requiring device restart Antispyware - Spyware/Grayware detections exceed Web Reputation - URL violations exceed URL Filtering - URL violations exceed : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Displays the number of endpoints infected with spyware/ grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 9-13

148 Trend Micro Remote Manager Administrator's Guide Event Predictive Machine Learning - Predictive Machine Learning detections exceed Behavior Monitoring - Behavior Monitoring violations exceed Network virus - Network virus detections exceed Device Control - Device Control violations exceed Application Control - Application Control violations exceed Details : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Application Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table 9-5. System Events Event Update - Outdated agents Smart Protection Services - Agents disconnected Details : Security Agents with outdated patterns after two hours of antivirus pattern release exceeded threshold : Security Agents cannot connect to the Smart Protection Network 9-14

149 Part IV Integrating Third-Party Solutions

150

151 Chapter 10 AutoTask Support This section describes how to integrate Remote Manager with Autotask and the supported event notifications for Trend Micro products and services. Topics include: Integrating Autotask on page 10-2 Supported Trend Micro Product Events in Autotask on page

152 Trend Micro Remote Manager Administrator's Guide Integrating Autotask Configure the following settings to integrate Autotask with Remote Manager: Integrating Remote Manager with Autotask Procedure 1. Log on to the Autotask web console at 2. Go to the Autotask Logo Menu > ADMIN. The ADMIN screen appears. 3. Expand APPLICATION-WIDE (SHARED) FEATURES and click Incoming Processing. The INCOMING PROCESSING screen appears. 4. Hover over the Add Ticket Service (ATES) menu icon ( ) and click Edit. The PROCESSING MAILBOX - ADD TICKET SERVICE (ATES) screen appears. 5. Make a note of your Service Provider ID and Service Provider Password, so you can enter these details later. 6. Log on to the Remote Manager web console. 7. Go to Administration > Configure third-party integration. 8. In the Autotask section, select Enable Integration, and then type the Logon ID and Logon password you noted down earlier. From the Language drop-down menu, select your preferred language. 10-2

AutoTask Support 9. Click Save. 10. Go to the Customers screen. 11. Select the company you want to receive Autotask notifications from. 12. Click the Notification tab. 13.

153 AutoTask Support 9. Click Save. 10. Go to the Customers screen. 11. Select the company you want to receive Autotask notifications from. 12. Click the Notification tab. 13. Select Me as the recipient to ensure that you will receive notifications. Add additional recipients, if necessary, by typing their addresses in the Additional recipients field. 14. Select Autotask from the Third-party notifications list. 15. Select one of the following options: Use default real-time notification settings 10-3

154 Trend Micro Remote Manager Administrator's Guide Use custom settings Enabling Autotask to Display Remote Manager Notifications Procedure 1. Log on to the Autotask web console at 2. Go to the Autotask Logo Menu > ADMIN. The ADMIN screen appears. 3. Expand SERVICE DESK (TICKETS), and go to Issue & Sub-Issue Types > Managed Services Alert. 4. Add the following fields into the ticketing system: Trend Micro Threat Events Trend Micro System Events Trend Micro License Events 5. Click Save & Close. 6. Go to the Autotask Logo Menu to return to the ADMIN page. 7. Expand APPLICATION-WIDE (SHARED) FEATURES, and go to Incoming Processing. The INCOMING PROCESSING screen appears. 8. Point the cursor over the Add Ticket Service (ATES) menu icon ( ) and click Edit. The PROCESSING MAILBOX - ADD TICKET SERVICE (ATES) screen appears. 9. Click the Ticket tab. 10-4

155 AutoTask Support 10. From the Sub-Issue Type drop-down menu, select Trend Micro Threat Events. 11. Click Save & Close. 12. Go to the Autotask Logo Menu to return to the ADMIN page. 13. Expand APPLICATION-WIDE (SHARED) FEATURES, and go to USER- DEFINED FIELDS > + New. The USER-DEFINED FIELDS screen appears. 14. Type Trend Micro Site ID in the Name field, and select the Required check box. 15. Click Save & Close. Enabling Autotask to Generate Account Tickets Procedure 1. Go to Autotask Logo Menu > CRM. The ACCOUNT SEARCH screen appears. 2. Click + New Account. In the new pop-up window which opens, enter the account information, including the Trend Micro Site ID. Note The Trend Micro Site ID is the unique ID exported from Remote Manager. You can locate this ID by logging onto the Remote Manager console and going to Customers > Export All. In the exported.csv file, the Unique ID is to the right of the Company name. 3. Click Save & Close. 4. Go to CRM > My Account Tickets (under Reports) to view your account tickets. 10-5

156 Trend Micro Remote Manager Administrator's Guide Supported Trend Micro Product Events in Autotask Remote Manager can send the following event notifications to the Autotask system. Product Cloud Edge Botnet Intrusion Prevention System (IPS) Events Web Reputation Virus Hosted Security InterScan Web Security as a Service Worry- Free Business Security Standard and Advanced Total Message Traffic Accepted Message Size Threat Summary Antivirus Anti-spyware Web Reputation Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Network Virus Anti-Spam Outdated Managed Servers Top Spam Recipients Top Virus Recipients URL Filtering App Control Unusual System Events License Expiration URL Filtering Device Control Exchange Server Shutdown Active Directory Synchronization Issues Worry-Free Business Security Standard and Advanced Server Shutdown 10-6

157 AutoTask Support Product Worry- Free Business Security Services Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Network Virus Events Outdated Managed Servers Unusual System Events License Expiration URL Filtering Exchange Server Shutdown Active Directory Synchronization Issues 10-7

158

159 Chapter 11 ConnectWise Support This section describes how to integrate Remote Manager with ConnectWise and the supported event notifications for Trend Micro products and services. Topics include: Integrating ConnectWise on page 11-2 Supported Trend Micro Product Events in ConnectWise on page

160 Trend Micro Remote Manager Administrator's Guide Integrating ConnectWise ConnectWise is a professional services automation (PSA) and remote monitoring and management (RMM) solution that provides Managed Service Providers and Resellers real-time dashboards and reporting, incident management, service asset and configuration management, and automated billing services. Remote Manager can send event information to ConnectWise in the form of messages that are transformed into ConnectWise tickets. For this to occur, you must add notification recipients to the Remote Manager web console and several fields to the ConnectWise ticketing system. To successfully integrate Remote Manager, begin receiving notifications, and generate account tickets in ConnectWise, complete the following integration steps: 1. Configure prerequisite ConnectWise settings before integrating with Remote Manager: Configuring Settings in ConnectWise and Later Versions on page 11-2 Configuring Settings in ConnectWise and Earlier Versions on page Configuring Global ConnectWise Integration Settings in Remote Manager on page Configuring Customer-specific ConnectWise Integration Settings in Remote Manager on page Configuring Settings in ConnectWise Integrate Remote Manager with the ConnectWise versions listed below: Configuring Settings in ConnectWise and Later Versions Trend Micro Remote Manager requires that you configure the following ConnectWise settings before integrating the two products: Add Companies to ConnectWise on page

161 ConnectWise Support Create a Contact on page 11-5 Change the Default Status of Companies to Active on page 11-7 Tip Trend Micro recommends configuring Service Boards in ConnectWise to more easily view your customer data. For more information, see Create a Service Board on page Follow the steps below to configure Trend Micro Remote Manager integration with ConnectWise and later versions: Procedure 1. Create an Integrator Login on page For Hosted Security customers, Integrate Hosted Security with ConnectWise on page Add Trend Micro Products to ConnectWise on page For customers using ConnectWise Management Solutions: a. Create a Management Solution on page b. Create Cross-references on page Create an Agreement on page General ConnectWise Settings The following ConnectWise settings should be configured before integrating Trend Micro Remote Manager with ConnectWise: Add Companies to ConnectWise Add the Trend Micro Remote Manager companies that you manage using ConnectWise. 11-3

Trend Micro Remote Manager Administrator's Guide Note This procedure displays screens from ConnectWise 2015.1. Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1.

162 Trend Micro Remote Manager Administrator's Guide Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Companies > Companies. The Company Search screen appears. 2. Click New Item ( ) to create a new company. The New Company screen appears. 3. Specify the following details: Company 11-4

163 ConnectWise Support Address 1 Company ID 4. Click Save. Tip Trend Micro recommends using the Trend Micro Remote Manager cutomer name. ConnectWise adds the company information. Create a Contact Contacts allow you to assign Agreements to companies. For details on creating Agreements, see Create an Agreement on page Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Companies > Companies. The Company Search screen appears. 2. Type the company name in the Company Name field and click Search. 11-5

164 Trend Micro Remote Manager Administrator's Guide The {Company} screen appears. 3. Click the Contacts tab. 4. Click New Item ( ) to create a new contact for the company. The New Contact screen appears. 5. Type a name in the Name field. 6. Provide any additional information as required. 7. Click Save. 11-6

165 ConnectWise Support ConnectWise adds the contact to the company. Change the Default Status of Companies to Active Setting the default status of your companies to Active ensures that they appear on the Trend Micro Remote Manager console for billing and ticketing. Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables. The Setup Tables screen appears. 2. Type company status in the Table field and click Search. 11-7

166 Trend Micro Remote Manager Administrator's Guide The Company Status setup table appears. 3. Click the Company Status setup table name. The Company Status List screen appears. 4. In the Description column, click Active. 11-8

ConnectWise Support The Company Status screen appears. 5. Ensure that Default Flag is enabled. 6. Click Save. You can now view the company on the Trend Micro Remote Manager console.

167 ConnectWise Support The Company Status screen appears. 5. Ensure that Default Flag is enabled. 6. Click Save. You can now view the company on the Trend Micro Remote Manager console. Create a Service Board Create a Trend Micro Remote Manager event notifications service board to allow you to manage all Trend Micro Remote Manager tickets through the ConnectWise Service Board screen. 11-9

168 Trend Micro Remote Manager Administrator's Guide Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables. The Setup Tables screen appears. 2. Type service board in the Table field and click Search. The Service Board setup table appears. 3. Click the Service Board setup table

169 ConnectWise Support The Service Board List screen appears. 4. Click New Item ( ) to create a new service board

170 Trend Micro Remote Manager Administrator's Guide The Service Board screen appears. 5. Specify the following information for your company: Board Name Location Business Unit Signoff Template 6. Click Save

ConnectWise Support A selection of tabs appears at the top of the screen. 7. To optionally create a service status to define the level of service that exists for the customer, click the Statuses tab.

171 ConnectWise Support A selection of tabs appears at the top of the screen. 7. To optionally create a service status to define the level of service that exists for the customer, click the Statuses tab. The Status List screen appears. 8. Click New Item ( ) to create a new service status. 9. Specify the following information: Status Description: Type new. Sort Order: Type 0. Ensure that Display On Board? is enabled. 10. Click Save. ConnectWise updates the service status

172 Trend Micro Remote Manager Administrator's Guide Note Complete the process to allow you to use the ConnectWise Service Board to manage Trend Micro Remote Manager tickets by enabling the service ticket API. For more information, see Create an Integrator Login on page Create an Integrator Login Creating an integrator login allows Trend Micro Remote Manager to send information to ConnectWise. Procedure 1. From the ConnectWise console, go to System > Setup Tables. The Setup Tables screen appears. 2. Type integrator login in the Table field and click Search

173 ConnectWise Support The Integrator Login setup table appears. 3. Click the Integrator Login setup table name. The Integrator Login List screen appears. 4. Click New Item ( ) to create a new integrator login

174 Trend Micro Remote Manager Administrator's Guide The Integrator Login screen appears. 5. Provide the Username and Password that you will use for the integrator login. 6. In the Access Level drop-down, select All records

175 ConnectWise Support 7. Enable the following available APIs: Service Ticket API Note Company API Product API Reporting API System API Optionally select preconfigured service boards from the Service Board dropdown list For more information, see Create a Service Board on page Configuration API Agreement API 8. Click Save. Trend Micro Remote Manager can now send information to ConnectWise. 9. Follow the steps below to continue configuring Trend Micro Remote Manager integration with ConnectWise and later versions: a. For Hosted Security customers, Integrate Hosted Security with ConnectWise on page b. Add Trend Micro Products to ConnectWise on page Integrate Hosted Security with ConnectWise Integrate Hosted Security with companies in ConnectWise to inform users of spam and virus detections

176 Trend Micro Remote Manager Administrator's Guide Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Companies > Companies. The Company Search screen appears. 2. Type the company name in the Company Name field and click Search. The {Company} screen appears. 3. Click the Configurations tab. 4. Click New Item ( ) to create a new configuration

177 ConnectWise Support The New Configuration screen appears. 5. Type the company ID in the Configuration Name field. 6. Select Spam Stats from the Type drop-down list. 7. Click Save

178 Trend Micro Remote Manager Administrator's Guide Note To specify how frequently Trend Micro Remote Manager should send spam stats to ConnectWise, see Configuring Global ConnectWise Integration Settings in Remote Manager on page Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and later versions: a. Add Trend Micro Products to ConnectWise on page Add Trend Micro Products to ConnectWise Integrate the following Trend Micro Remote Manager products/services with ConnectWise for billing purposes: Worry-Free Business Security Standard Worry-Free Business Security Advanced Worry-Free Business Security Services Hosted Security Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Procurement > Products

179 ConnectWise Support The Products screen appears. 2. Click New Item ( ) to add a new product

180 Trend Micro Remote Manager Administrator's Guide The Product Item screen appears. 3. Type the necessary Trend Micro Remote Manager managed product/service product IDs in the Product ID field. Table Trend Micro Product IDs for ConnectWise Integration Product/Service Product ID Worry-Free Business Security Standard WFBS-S 11-22

181 ConnectWise Support Product/Service Product ID Worry-Free Business Security Advanced Worry-Free Business Security Services Hosted Security WFBS-A WFBS-SVC HES 4. Specify the following information: Description Unit Price Customer Description 5. Click Save. ConnectWise adds the new product to the products list. 6. Follow the steps below to continue configuring Trend Micro Remote Manager integration with ConnectWise: a. For customers using ConnectWise Management Solutions, Create a Management Solution on page and Create Cross-references on page b. Create an Agreement on page Create a Management Solution Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables

182 Trend Micro Remote Manager Administrator's Guide The Setup Tables screen appears. 2. Type management it in the Table field and click Search. The Management IT setup table appears. 3. Click the Management IT setup table

183 ConnectWise Support The Management IT Solution List appears. 4. Click New Item ( ) to create a new management solution. The Solution Setup screen appears. 5. Specify the following information: Name: Type TMRM Management Setup. Management IT Solution: Select Custom. Custom Solution Name: Type TMRM Management Solution

184 Trend Micro Remote Manager Administrator's Guide 6. Click Save. Important Trend Micro Remote Manager requires that the specified values exactly match the examples provided. ConnectWise adds the management solution to the Management IT Solution List. 7. Associate the management solution with Trend Micro customers. a. Go to the Company screen for the Trend Micro customer. b. Click the Management tab. c. Next to Management Solutions, click New Item ( ). d. From the Solution drop-down, select TMRM Management Solution/ TMRM Management Setup. e. Specify a Managed ID. f. Click Save

185 ConnectWise Support The Management Solution is ready for use. 8. Follow the steps below to continue configuring Trend Micro Remote Manager integration with ConnectWise and later versions: a. For customers using ConnectWise Management Solutions, Create Crossreferences on page b. Create an Agreement on page Create Cross-references Create cross-references to associate Remote Manager products/services with ConnectWise. Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables

186 Trend Micro Remote Manager Administrator's Guide The Setup Tables screen appears. 2. Type managed devices integration in the Table field and click Search. The Managed Devices Integration setup table appears. 3. Click the Managed Devices Integration setup table

187 ConnectWise Support The Managed Devices Integration List appears. 4. Click TMRM Management Solution in the Management Solution column. Note For more information on creating a Management Solution, see Create a Management Solution on page

188 Trend Micro Remote Manager Administrator's Guide The Managed Devices Integration screen appears. 5. Click the Cross-References tab. 6. Click New Item ( ) to create a product. 7. Specify the required settings for each of your Remote Manager managed products/ services. Product/Service Worry-Free Business Security Standard Settings Type: T-WFBS-S Level: Standard Agreement Type: Managed Service Product: WFBS-S Configuration Type : Spam Stats 11-30

189 ConnectWise Support Product/Service Worry-Free Business Security Advanced Settings Type: T-WFBS-A Level: Advanced Agreement Type: Managed Service Product: WFBS-A Configuration Type: Spam Stats Worry-Free Business Security Services Type: T-WFBSS Level: Standard Agreement Type: Managed Service Product: WFBSS Configuration Type: Spam Stats Hosted Security Type: T-HES Level: Standard Agreement Type: Managed Service Product: HES Configuration Type: Spam Stats 8. Click Save. ConnectWise adds the product/service to the Cross-References. 9. Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and earlier versions: a. Create an Agreement on page Create an Agreement Create agreements for each company in order for ConnectWise to provide automated billing services to Trend Micro Remote Manager customers

190 Trend Micro Remote Manager Administrator's Guide Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Companies > Companies. The Company Search screen appears. 2. Type the company name in the Company Name field and click Search. The {Company} screen appears. 3. Click the Agreements tab. 4. Click New Item ( ) to create a new agreement

191 ConnectWise Support The New Agreement screen appears. 5. From the Agreement Type drop-down list, select Managed Service. 6. Specify an Agreement Name

Trend Micro Remote Manager Administrator's Guide 7. Specify the contact information. a. In the Contact field, type the contact name. b. Click Search. The Contacts screen appears. c. Select the contact from the list.

192 Trend Micro Remote Manager Administrator's Guide 7. Specify the contact information. a. In the Contact field, type the contact name. b. Click Search. The Contacts screen appears. c. Select the contact from the list. 8. Provide the Start Date for the billing. 9. Provide the End Date or select No Ending Date. 10. Click Save. ConnectWise creates the customer Agreement. Configuring Settings in ConnectWise and Earlier Versions Trend Micro Remote Manager requires that you configure the following ConnectWise settings before integrating the two products: Add Companies to ConnectWise on page 11-3 Create a Contact on page 11-5 Change the Default Status of Companies to Active on page

193 ConnectWise Support Tip Trend Micro recommends configuring Service Boards in ConnectWise to more easily view your customer data. For more information, see Create a Service Board on page Follow the steps below to configure Trend Micro Remote Manager integration with ConnectWise and earlier versions: Procedure 1. Create an Integrator Login on page For Hosted Security customers, Integrate Hosted Security with ConnectWise on page Add Trend Micro Products to ConnectWise on page Create a Management Solution on page Create Cross-references on page Create an Agreement on page Create an Integrator Login Creating an integrator login allows Trend Micro Remote Manager to send information to ConnectWise. Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables

194 Trend Micro Remote Manager Administrator's Guide The Setup Tables screen appears. 2. Type integrator login in the Table field and click Search. The Integrator Login setup table appears. 3. Click the Integrator Login setup table name

195 ConnectWise Support The Integrator Login List screen appears. 4. Click New Item ( ) to create a new integrator login

196 Trend Micro Remote Manager Administrator's Guide The Integrator Login screen appears. 5. Provide the Username and Password that you will use for the integrator login. 6. In the Access Level drop-down, select All records

197 ConnectWise Support 7. Enable the following available APIs: Service Ticket API Note Optionally select preconfigured service boards from the Service Board dropdown list For more information, see Create a Service Board on page Managed Services API Company API System API Configuration API 8. Click Save. Trend Micro Remote Manager can now send information to ConnectWise. 9. Follow the steps below to continue configuring Trend Micro Remote Manager integration with ConnectWise and earlier versions: a. For Hosted Security customers, Integrate Hosted Security with ConnectWise on page b. Add Trend Micro Products to ConnectWise on page Integrate Hosted Security with ConnectWise Integrate Hosted Security with companies in ConnectWise to inform users of spam and virus detections. Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary

198 Trend Micro Remote Manager Administrator's Guide Procedure 1. From the ConnectWise console, go to Companies > Companies. The Company Search screen appears. 2. Type the company name in the Company Name field and click Search. The {Company} screen appears. 3. Click the Configurations tab. 4. Click New Item ( ) to create a new configuration

199 ConnectWise Support The New Configuration screen appears. 5. Type the company ID in the Configuration Name field. 6. Select Spam Stats from the Type drop-down list. 7. Click Save

200 Trend Micro Remote Manager Administrator's Guide Note To specify how frequently Trend Micro Remote Manager should send spam stats to ConnectWise, see Configuring Global ConnectWise Integration Settings in Remote Manager on page Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and later versions: a. Add Trend Micro Products to ConnectWise on page Add Trend Micro Products to ConnectWise Integrate the following Trend Micro Remote Manager products/services with ConnectWise for billing purposes: Worry-Free Business Security Standard Worry-Free Business Security Advanced Worry-Free Business Security Services Hosted Security Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to Procurement > Products

201 ConnectWise Support The Products screen appears. 2. Click New Item ( ) to add a new product

202 Trend Micro Remote Manager Administrator's Guide The Product Item screen appears. 3. Type the necessary Trend Micro Remote Manager managed product/service product IDs in the Product ID field. Table Trend Micro Product IDs for ConnectWise Integration Product/Service Product ID Worry-Free Business Security Standard WFBS-S 11-44

203 ConnectWise Support Product/Service Product ID Worry-Free Business Security Advanced Worry-Free Business Security Services Hosted Security WFBS-A WFBS-SVC HES 4. Specify the following information: Description Unit Price Customer Description 5. Click Save. ConnectWise adds the new product to the products list. 6. Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and earlier versions: a. Create a Management Solution on page Create a Management Solution Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables

204 Trend Micro Remote Manager Administrator's Guide The Setup Tables screen appears. 2. Type management it in the Table field and click Search. The Management IT setup table appears. 3. Click the Management IT setup table

205 ConnectWise Support The Management IT Solution List appears. 4. Click New Item ( ) to create a new management solution. The Solution Setup screen appears. 5. Specify the following information: Name: Type TMRM Management Setup. Management IT Solution: Select Custom. Custom Solution Name: Type TMRM Management Solution

Trend Micro Remote Manager Administrator's Guide 6. Click Save. Important Trend Micro Remote Manager requires that the specified values exactly match the examples provided.

206 Trend Micro Remote Manager Administrator's Guide 6. Click Save. Important Trend Micro Remote Manager requires that the specified values exactly match the examples provided. ConnectWise adds the management solution to the Management IT Solution List. 7. Associate the management solution with Trend Micro customers. a. Go to the Company screen for the Trend Micro customer. b. Click the Management tab. c. Next to Management Solutions, click New Item ( ). d. From the Solution drop-down, select TMRM Management Solution/ TMRM Management Setup. e. Specify a Managed ID. f. Click Save

207 ConnectWise Support The Management Solution is ready for use. 8. Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and earlier versions: a. Create Cross-references on page Create Cross-references Create cross-references to associate Remote Manager products/services with ConnectWise. Note This procedure displays screens from ConnectWise Depending on the version of ConnectWise you are using, the screens may vary. Procedure 1. From the ConnectWise console, go to System > Setup Tables. The Setup Tables screen appears

The Managed Devices Integration setup table appears. 3. Click the Managed Devices Integration setup table.

208 Trend Micro Remote Manager Administrator's Guide 2. Type managed devices integration in the Table field and click Search. The Managed Devices Integration setup table appears. 3. Click the Managed Devices Integration setup table. The Managed Devices Integration List appears. 4. Click TMRM Management Solution in the Management Solution column. Note For more information on creating a Management Solution, see Create a Management Solution on page

209 ConnectWise Support The Managed Devices Integration screen appears. 5. Click the Cross-References tab. 6. Click New Item ( ) to create a product. 7. Specify the required settings for each of your Remote Manager managed products/ services. Product/Service Worry-Free Business Security Standard Settings Type: T-WFBS-S Level: Standard Agreement Type: Managed Service Product: WFBS-S Configuration Type : Spam Stats 11-51

210 Trend Micro Remote Manager Administrator's Guide Product/Service Worry-Free Business Security Advanced Settings Type: T-WFBS-A Level: Advanced Agreement Type: Managed Service Product: WFBS-A Configuration Type: Spam Stats Worry-Free Business Security Services Type: T-WFBSS Level: Standard Agreement Type: Managed Service Product: WFBSS Configuration Type: Spam Stats Hosted Security Type: T-HES Level: Standard Agreement Type: Managed Service Product: HES Configuration Type: Spam Stats 8. Click Save. ConnectWise adds the product/service to the Cross-References. 9. Follow the step below to continue configuring Trend Micro Remote Manager integration with ConnectWise and earlier versions: Create an Agreement on page Configuring Global ConnectWise Integration Settings in Remote Manager After preparing the ConnectWise console settings, you can configure the Remote Manager console to begin sending notifications to ConnectWise

ConnectWise Support Procedure 1. Go to Administration > Configure third-party integration. The Configure third-party integration screen appears. 2.

211 ConnectWise Support Procedure 1. Go to Administration > Configure third-party integration. The Configure third-party integration screen appears. 2. In the ConnectWise section, select Enable notification integration to allow ConnectWise to receive notifications from Trend Micro Remote Manager. 3. Specify the following information: ConnectWise URL: Type the URL of the service. Company ID: Type the company name used in the ConnectWise console. Logon ID: Type the integrator login username created in ConnectWise

212 Trend Micro Remote Manager Administrator's Guide Note For more information, see Create an Integrator Login on page Logon password: Type the integrator login password created in ConnectWise. 4. In the Notification Settings section: Enable Send billing information for all products to ConnectWise every month on day to perform automated billing of all Trend Micro products for all ConnectWise customers. Note Click Send Now to send the current bill to ConnectWise customers immediately. If you select 29, 30, or 31, and the month ends before the configured date, Remote Manager sends the billing information on the last day of the month instead. Enable Send the spam/ virus detections information from Hosted Security to ConnectWise every to perform automated security reporting for Hosted Security customers. 5. Click Save. ConnectWise can now receive notifications from Remote Manager. Configuring Customer-specific ConnectWise Integration Settings in Remote Manager You must enable ConnectWise notifications and integration for each Trend Micro customer on the Remote Manager console if you want to automate Remote Manager notifications

213 ConnectWise Support Procedure 1. To enable Remote Manager to send notifications to ConnectWise, go to Customers > {Company}. 2. Click the Notification tab. The following screen appears: 3. In the Third-party Notifications section, select ConnectWise. 4. Click Save. 5. To integrate the ConnectWise settings for this customer, click the ConnectWise tab. 6. Select Enable integration. 7. Specify the ConnectWise Company ID for this customer. Tip 8. Click Save. Click Test Validity to verify the company ID

Trend Micro Remote Manager Administrator's Guide Trend Micro Remote Manager syncs the customer information from ConnectWise and loads any available agreement information.

214 Trend Micro Remote Manager Administrator's Guide Trend Micro Remote Manager syncs the customer information from ConnectWise and loads any available agreement information. The following screen appears: 9. In the Agreements section, you can assign ConnectWise Agreements to Trend Micro products. Note Assigning agreements to Trend Micro products allows ConnectWise to provide automated billing services for Trend Micro Remote Manager customers. Important If you previously configured ConnectWise using the TMRM Management Solution or Managed Service agreement type, Default appears next to the Trend Micro product name. If you did not configure ConnectWise using the TMRM Management Solution or Managed Service agreement type, you can assign ConnectWise agreements to Trend Micro products. a. Click Set Up. The Product Agreements screen appears

215 ConnectWise Support b. For each product, first select the agreement type and then select the agreement name. c. Click OK. 10. Select either of the following integration settings: Select Use global settings from Administration > Configure third-party integration > ConnectWise settings to apply the global integration settings. Select Use custom settings to configure customer-specific notifications for billing and executive summaries. 11. Click Save. Supported Trend Micro Product Events in ConnectWise Remote Manager can send the following event notifications to the ConnectWise system. Product Cloud Edge Botnet Intrusion Prevention System (IPS) Events Web Reputation Virus Hosted Security InterScan Web Security as a Service Total Message Traffic Accepted Message Size Threat Summary Antivirus Anti-spyware Web Reputation Top Spam Recipients Top Virus Recipients URL Filtering App Control 11-57

216 Trend Micro Remote Manager Administrator's Guide Product Worry- Free Business Security Standard and Advanced Worry- Free Business Security Services Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Network Virus Anti-Spam Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Events Outdated Managed Servers Unusual System Events License Expiration URL Filtering Device Control Worry-Free Business Security Standard and Advanced Server Shutdown Exchange Server Shutdown Network Virus Outdated Managed Servers Unusual System Events License Expiration URL Filtering Exchange Server Shutdown 11-58

217 Chapter 12 Kaseya Support This section describes how to integrate Remote Manager with Kaseya and the supported event notifications for Trend Micro products and services. Topics include: Integrating Kaseya on page 12-2 Managing Trend Micro Customers in Kaseya on page Managing Worry-Free Security Agents in Kaseya on page Trend Micro Dashboard on page Supported Trend Micro Product Events in Kaseya on page

218 Trend Micro Remote Manager Administrator's Guide Integrating Kaseya The following topics contain information on integrating Kaseya with Remote Manager: Configuring Kaseya Notification Settings in Remote Manager Procedure 1. Go to Administration > Configure third-party integration. The Configure third-party integration screen appears. Figure The Kaseya section 2. In the Kaseya section, select Enable integration. 3. Type the Kaseya address. 4. Click Save. The Successful notification appears. 5. Go to Customers > {Company} > Notification. 12-2

219 Kaseya Support The following screen appears: 6. Select Me as a recipient if you want to receive notification s. 7. In the Additional recipients field, type the addresses of any additional recipients who may require receiving notification s. 8. Select Kaseya from the third-party notifications list. 9. Select the product notification settings that should be sent to Kaseya. Note 10. Click Save. Select the default real-time notification settings that are applicable to all products and customers, or specify the settings for this customer. 11. Repeat steps 6 to 10 for each customer. 12-3

220 Trend Micro Remote Manager Administrator's Guide Configuring Notification Settings in Kaseya Procedure 1. In Kaseya, add the following fields to the ticketing system to show Trend Micro Remote Manager notifications. Worry-Free Business Security Field Name TM_CreateTime TM_ProductName TM_AgentGUID TM_CustomerName TM_EventName TM_ServerName TM_MASClientName (optional) Purpose Event generation time Product name Remote Manager agent GUID Customer/Company name Event name Worry-Free Business Security server name Exchange server name (only affects the Exchange Server Shutdown event) 12-4

221 Kaseya Support Figure Kaseya Ticketing Fields Worry-Free Business Security Services Field Name TM_CreateTime TM_ProductName TM_CustomerName TM_EventName Purpose Event generation time Product name Customer/Company name Event name 12-5

Ensure that the email setting is correct, as shown

222 Trend Micro Remote Manager Administrator's Guide Figure Kaseya Ticketing Fields 2. Ensure that the setting is correct, as shown on the following screen: Figure Kaseya Settings 12-6

Kaseya Support When an event is triggered, Kaseya will receive the ticket: Figure 12-5.

223 Kaseya Support When an event is triggered, Kaseya will receive the ticket: Figure Kaseya Event Ticket Installing the Trend Micro Worry-Free Services Plug-in for Kaseya This plug-in allows Remote Manager to sync Worry-Free Business Security Services customer and detection data with Kaseya. Note The Trend Micro Worry-Free Services Plug-in for Kaseya is not supported for customers using a Customer Licensing Portal account. Procedure 1. Open the Remote Manager console, and go to Administration > Configure third-party integration. 12-7

224 Trend Micro Remote Manager Administrator's Guide The Configure third-party integration screen appears. 2. Go to the Kaseya section. 3. Under Worry-Free Services Plug-in for Kaseya, click Download to save the plug-in. 4. Save the file on the Kaseya VSA server. 5. Execute the TrendMicroWorryFreeServicesPluginForKaseya_X.X.X.msi file. The welcome screen appears. 6. Click Next. 12-8

225 Kaseya Support The End-User License Agreement screen appears. 7. If you agree to the terms in the License Agreement, select the I accept the terms in the License Agreement check box. 8. Click Next. 12-9

226 Trend Micro Remote Manager Administrator's Guide The Installation Directory screen appears. 9. Confirm the Kaseya installation folder and click Next

227 Kaseya Support The Ready to Install screen appears. 10. Click Install

228 Trend Micro Remote Manager Administrator's Guide After the installation completes, the Trend Micro Worry-Free Services Plug-in for Kaseya has been successfully installed screen appears. Note 11. Click Finish. During installation, Kaseya opens a browser window displaying information regarding the integration process. 12. Open the Kaseya web console and go to Trend Micro > Worry-Free Services

229 Kaseya Support The following screen appears: 13. Provide the Remote Manager activation credentials. URL (including https) Access token Secret key Note 14. Click Connect. To locate the activation credentials: a. Open the Remote Manager console and go to Administration > Configure third-party integration and go to the Kaseya section. b. Under Step 3. On the Kaseya console, go to Trend Micro > Worry-Free Services and activate the plug-in., click View credentials. c. Copy and paste the activation credentials to the Kaseya web console. The Activation Successful wizard appears which allows you to import your existing Kaseya customers to the Trend Micro Worry-Free Services Plug-in for Kaseya 12-13

230 Trend Micro Remote Manager Administrator's Guide For details, see Importing Kaseya Customers on page Updating the Trend Micro Worry-Free Services Plug-in for Kaseya Updating the Trend Micro Worry-Free Services Plug-in for Kaseya allows you to use all new features and enhancements. The updated version automatically applies all previously configured settings, including customer and Security Agent endpoint information. Procedure 1. Open the Remote Manager console, and go to Administration > Configure third-party integration. The Configure third-party integration screen appears. 2. Go to the Kaseya section. 3. Under Worry-Free Services Plug-in for Kaseya, click Download to save the plug-in. 4. Save the file on the Kaseya VSA server. 5. Execute the TrendMicroWorryFreeServicesPluginForKaseya_X.X.X.msi file

231 Kaseya Support The welcome screen appears. 6. Click Next

232 Trend Micro Remote Manager Administrator's Guide The End-User License Agreement screen appears. 7. If you agree to the terms in the License Agreement, select the I accept the terms in the License Agreement check box. 8. Click Next

233 Kaseya Support The Installation Directory screen appears. 9. Confirm the Kaseya installation folder and click Next

234 Trend Micro Remote Manager Administrator's Guide The Ready to Install screen appears. 10. Click Install

Kaseya Support After the installation completes, the Trend Micro Worry-Free Services Plug-in for Kaseya has been successfully installed screen appears. Note 11.

235 Kaseya Support After the installation completes, the Trend Micro Worry-Free Services Plug-in for Kaseya has been successfully installed screen appears. Note 11. Click Finish. During installation, Kaseya opens a browser window displaying information regarding the integration process. The Worry-Free Services Plug-in for Kaseya is updated

236 Trend Micro Remote Manager Administrator's Guide Managing Trend Micro Customers in Kaseya After activating the Trend Micro Worry-Free Services Plug-in for Kaseya, you can start associating Kaseya customers with Trend Micro Accounts and manage the customer associations directly from the Kaseya console. Importing Kaseya customers: Associates current Kaseya customers with preexisting, or new, Trend Micro Accounts For more information, see Importing Kaseya Customers on page Customers Summary screen: Displays associated Trend Micro customers and Kaseya customers not associated with Trend Micro Accounts For more information, see Customers Summary on page Importing Kaseya Customers Procedure 1. Go to the Integrate Kaseya Customers with Trend Micro Accounts screen. From the Kaseya navigation tree: a. Go to Trend Micro > Worry-Free Services > Customers. b. Click the Non-Trend Micro Customers tab. c. Select the check boxes next to the customers you want to associate with a Trend Micro Account. d. Click Import to Trend Micro. From the Activation Successful screen after activating the Kaseya plug-in for the first time, click Start. Important You must select the check boxes next to the Kaseya customers you want to integrate with Trend Micro Accounts on the Integrate Kaseya Customers with Trend Micro Accounts screen that appears

237 Kaseya Support The Integrate Kaseya Customers with Trend Micro Accounts screen appears. 2. In the Trend Micro Customer Account drop-down list: Select + Create a new Trend Micro Account to register a new customer in Licensing Management Platform Select from your existing Licensing Management Platform customers not already assigned to another account Note 3. Click Next >. If all your customers have already been assigned, no customer information will display in the list

notifications about the selected customers' environments sent to your registered email address. 5.

238 Trend Micro Remote Manager Administrator's Guide The Trend Micro Customer Notifications screen appears. 4. Select Send all customer notifications to my Remote Manager address if you want all notifications about the selected customers' environments sent to your registered address. 5. Click Next >. The Import Customers to Trend Micro screen appears. 6. Select a Service Plan for each customer

Kaseya Support 7. Verify that the number of Seats allocated to each customer is correct, then click Import > to add the selected customers to the list.

239 Kaseya Support 7. Verify that the number of Seats allocated to each customer is correct, then click Import > to add the selected customers to the list. Note By default, Remote Manager provisions 20% more seats than the number of endpoints that a client has registered in Kaseya (with a minimum of 10 seats per client). Customers Summary The customers screen displays after clicking the Customers node in the Kaseya navigation tree. This screen allows you to view all your Kaseya customers and disconnect a previously configured Kaseya customer from a Trend Micro Account. The following table outlines the major sections of the customers screen

240 Trend Micro Remote Manager Administrator's Guide Section Trend Micro Customers tab Description Displays a table that outlines Trend Micro Account information for Kaseya customers Note If a Kaseya customer is no longer a Trend Micro customer, select the check box next to the Kaseya customer name in the table and click Disconnect from Trend Micro Account to remove the customer from the list. Disconnecting a Kaseya customer from Trend Micro does not uninstall the Security Agent from the customer's managed endpoints. Non-Trend Micro Customers tab Displays a table that outlines account information for Kaseya customers not connected to Trend Micro Accounts Note To import Kaseya customers to Trend Micro, select the check boxes next to the customers you want to import and click Import to Trend Micro. For more information, see Importing Kaseya Customers on page Managing Worry-Free Security Agents in Kaseya The Trend Micro Worry-Free Security Services Plug-in for Kaseya provides some limited control of Security Agents through the Kaseya console. From the Kaseya console, you can perform the following Worry-Free Business Security Agent tasks: Deploying the Security Agent to Unmanaged Endpoints on page Scanning Worry-Free Security Agents on page

Kaseya Support Updating Worry-Free Security Agents on page 12-28 Deploying the Security Agent to Unmanaged Endpoints The Unmanaged Endpoints screen allows you to view the Kaseya list of all customer

241 Kaseya Support Updating Worry-Free Security Agents on page Deploying the Security Agent to Unmanaged Endpoints The Unmanaged Endpoints screen allows you to view the Kaseya list of all customer endpoints that do not currently have a Security Agent installed. Important Kaseya requires the Kaseya Agent Procedure script before you can deploy the Security Agent to endpoints. Tip You can export a list of unmanaged endpoints in CSV format for further evaluation. Procedure 1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services > Unmanaged Endpoints. The following screen appears: 2. Filter the search results using the Kaseya search bar. 3. Select the check boxes next to the machines on which you want to deploy the Worry-Free Business Security Agent. 4. Click Deploy Agent

242 Trend Micro Remote Manager Administrator's Guide The Deploy Security Agent screen appears. 5. Click Deploy. Note Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes. Installation only occurs on endpoints that do not already have the Security Agent installed. Scanning Worry-Free Security Agents Procedure 1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services > Endpoints. The following screen appears: 12-26

Kaseya Support 2. Filter endpoints using the drop-down list: All machines Online Offline Outdated With virus detections With spyware detections 3.

243 Kaseya Support 2. Filter endpoints using the drop-down list: All machines Online Offline Outdated With virus detections With spyware detections 3. Select the check boxes next to the endpoints you want to scan and click Scan. A confirmation screen appears. 4. Click Scan. Note Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes

244 Trend Micro Remote Manager Administrator's Guide Updating Worry-Free Security Agents Procedure 1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services > Endpoints. The following screen appears: 2. Filter endpoints using the drop-down list: All machines Online Offline Outdated With virus detections With spyware detections 3. Select the check boxes next to the endpoints you want to update and click Update. A confirmation screen appears. 4. Click Update

245 Kaseya Support Note Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes. Trend Micro Dashboard Use the Dashboard to get a quick view of your Kaseya customers' security status and the overall number of threats detected by Worry-Free Business Security Services. The Dashboard provides the following widgets: Action Required Events Widget on page Threat Management Widget on page Action Required Events Widget The Action Required Events widget lists your customers with endpoints that require attention. Events Action Unsuccessful Real-Time Scan Required Restart Required Update Required Description Click the Occurrences to go to the Worry-Free Business Security Services console and view unsuccessful scan results on a customer's endpoints. Click the Endpoints to go to the Worry-Free Business Security Services console and view endpoints with real-time scan disabled. Click the Occurrences to go to the Worry-Free Business Security Services console and view endpoints that need to restart to finish cleaning spyware/grayware. Click the Endpoints to go to the the Worry-Free Business Security Services console and view endpoints that require an update

246 Trend Micro Remote Manager Administrator's Guide Click a Company name to view information on the Remote Manager console. Threat Management Widget View the number of customers with different types of security detections. Click the threat Type to view detailed information on the Remote Manager console. Supported Trend Micro Product Events in Kaseya Remote Manager can send the following event notifications to the Kaseya system. Product Cloud Edge Botnet Intrusion Prevention System (IPS) Events Web Reputation Virus Hosted Security InterScan Web Security as a Service: Total Message Traffic Accepted Message Size Threat Summary Antivirus Anti-spyware Web Reputation Top Spam Recipients Top Virus Recipients URL Filtering App Control 12-30

247 Kaseya Support Product Worry- Free Business Security Standard and Advanced Worry- Free Business Security Services Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Network Virus Anti-Spam Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Events Outdated Managed Servers Unusual System Events License Expiration URL Filtering Device Control Worry-Free Business Security Standard and Advanced Server Shutdown Exchange Server Shutdown Network Virus Outdated Managed Servers Unusual System Events License Expiration URL Filtering Exchange Server Shutdown 12-31

248

249 Chapter 13 LabTech Support This section describes how to integrate Remote Manager with LabTech and the supported event notifications for Trend Micro products and services. Topics include: Integrating LabTech on page 13-2 Managing Trend Micro Customers in LabTech on page 13-8 Managing Worry-Free Security Agents in LabTech on page Monitoring Worry-Free Business Security Services Agents on page Supported Trend Micro Product Events in LabTech on page

250 Trend Micro Remote Manager Administrator's Guide Integrating LabTech The following topics contain information on integrating LabTech with Remote Manager: Installing the Trend Micro Worry-Free Services Plug-in for LabTech This plug-in allows Remote Manager to sync Worry-Free Business Security Services customer and detection data with LabTech. Note The Trend Micro Worry-Free Services Plug-in for LabTech is not supported for customers using a Customer Licensing Portal account. Important Some features of the Worry-Free Services Plug-in for LabTech require the latest version of Worry-Free Business Security Services. Update all of your Security Agents are to the latest version to ensure full support of all new features. Note This procedure displays screens from LabTech 11. Depending on the version of LabTech you are using, the screens may vary. Procedure 1. Download the Trend Micro Worry-Free Services Plug-in for LabTech from the LabTech Solution Center. 2. From the LabTech Control Center, go to Help > Plugin Manager. 13-2

251 LabTech Support The Plugin Manager screen appears. 3. Select Trend Micro Worry-Free Services Plug-in for LabTech and click Enable. 4. Update the remote agent. Tip If you are using LabTech 10.5 or earlier versions, go to Advanced > Reload Plugins > Update Remote Agent Plugins. 5. Exit and re-enter the LabTech Control Center. The Trend Micro icon is added to the toolbar. 6. Click the Trend Micro button in the toolbar. 13-3

Trend Micro Remote Manager Administrator's Guide The Activate Trend Micro Integration screen appears. 7. Provide the Remote Manager activation credentials.

252 Trend Micro Remote Manager Administrator's Guide The Activate Trend Micro Integration screen appears. 7. Provide the Remote Manager activation credentials. URL (including https) Access token Secret key Tip 8. Click Connect. To locate the activation credentials: a. Open the Remote Manager console and go to Administration > Configure Third-party integration > LabTech. b. Click View credentials. The Activation Successful screen appears. You can begin integrating LabTech client data with Trend Micro Accounts by clicking Start. 13-4

LabTech Support For details, see Importing LabTech Clients on page 13-8. Note To integrate accounts at a later time, click the Trend Micro button in the toolbar and go to Non-Trend Micro Customers.

253 LabTech Support For details, see Importing LabTech Clients on page Note To integrate accounts at a later time, click the Trend Micro button in the toolbar and go to Non-Trend Micro Customers. Assigning Trend Micro User Permissions in LabTech After installing the Trend Micro Worry-Free Business Services Plug-in for LabTech, you must assign permissions to LabTech users before they can access all of the plug-in features. Procedure 1. In the LabTech Control Center navigation tree, go to Admin > Users and doubleclick the user you want to assign permissions to. 13-5

254 Trend Micro Remote Manager Administrator's Guide The Editing the information for {user} screen appears. 2. Click the Permissions tab. 13-6

255 LabTech Support 3. Under the User Classes field, click the Open User Class Manager ( ) icon. The User Class Manager screen appears. 4. Select the following check boxes to assign the appropriate permissions. Permission Type Clients Contacts Database Scripts Read Read Access Read 5. Click SAVE. 6. Click the Plugin tab. 7. Next to Trend Micro Worry-Free Services Plug-in for LabTech, select the Access check box. 8. Click SAVE. 13-7

256 Trend Micro Remote Manager Administrator's Guide The LabTech user can access Trend Micro Worry-Free Services Plug-in for LabTech features. Managing Trend Micro Customers in LabTech After activating the Trend Micro Worry-Free Services Plug-in for LabTech, you can start associating LabTech customers with Trend Micro Accounts and manage the customer associations directly from the LabTech console. Importing LabTech customers: Associates current LabTech customers with preexisting, or new, Trend Micro Accounts For more information, see Importing LabTech Clients on page Customers Summary screen: Displays associated Trend Micro customers and LabTech customers not associated with Trend Micro Accounts For more information, see Customers Summary on page Importing LabTech Clients Procedure 1. Go to the Integrate LabTech Clients with Trend Micro Accounts screen. From the LabTech Control Center: a. Click the Trend Micro button in the toolbar and go to Non-Trend Micro Customers. b. Select the check boxes next to the LabTech clients you want to import. c. Click Import to Trend Micro. From the Activation Successful screen after activating the LabTech plug-in for the first time, click Start. 13-8

LabTech Support Important You must select the check boxes next to the LabTech clients you want to integrate with Trend Micro Accounts on the Integrate LabTech Clients with Trend Micro Accounts:

257 LabTech Support Important You must select the check boxes next to the LabTech clients you want to integrate with Trend Micro Accounts on the Integrate LabTech Clients with Trend Micro Accounts: Select Clients screen that appears. The Integrate LabTech Clients with Trend Micro Accounts: Select Clients screen appears. 2. In the Trend Micro Customer Account drop-down list: Any LabTech clients that match a Remote Manager customer account display in the list. If the matching records are not correct, select a different company account or create a new Trend Micro Account. 13-9

258 Trend Micro Remote Manager Administrator's Guide Select + Create a new Trend Micro Account to automatically register a new customer account in Remote Manager using the LabTech client name as the company name. Select from your existing Remote Manager customers not already assigned to another account. Note 3. Click Next>. If you have already assigned all of your customers, no customer information displays in the list. The Set Notification screen appears

LabTech Support 4. Select Send all customer notifications to my email address if you want all email notifications about the selected customers' environments sent to your registered email address. 5.

259 LabTech Support 4. Select Send all customer notifications to my address if you want all notifications about the selected customers' environments sent to your registered address. 5. Click Next>. The Assign Service Plan screen appears. 6. If you selected + Create a new Trend Micro Account for any LabTech clients, specify the following for each: a. Service Plan b. Seats: By default, Remote Manager provisions 20% more seats than the number of endpoints that a client has registered in LabTech (with a minimum of 10 seats per client)

260 Trend Micro Remote Manager Administrator's Guide Note You cannot modify the settings for preexisting users. 7. Click Next to add the selected customers to the list. Important You must have sufficient licenses available in Licensing Management Platform for the number of selected LabTech clients. If you do not have sufficient licenses available, the plug-in only imports the first clients in the list for which licenses are available. The Assign Template screen appears. 8. In the Template drop-down list, assign a template to each customer

261 LabTech Support Important 9. Click Import. The settings applied by the original template used for preexisting Trend Micro customers may have been customized. Verify all settings after assigning templates to ensure your customers receive the best possible protection. The Complete Importing screen appears. 10. Click Done to exit the setup wizard

262 Trend Micro Remote Manager Administrator's Guide Customers Summary The Trend Micro Customers screen displays after clicking the Trend Micro button in the toolbar or clicking the Trend Micro Customers node in the client tree. This screen allows you to view all your LabTech clients with Trend Micro Accounts and disconnect a previously configured LabTech client from a Trend Micro Account. The following table outlines the major sections of the Trend Micro Customers screen. Section Client summary Clients tab Description Provides an overview of all your Trend Micro Accounts managed through LabTech Clients: Click the count to view all Trend Micro Accounts in the table on the Clients tab Action required: Click the count to view all Trend Micro Accounts that require attention in the table on the Clients tab Managed machines: Displays the total number of machines with the Worry-Free Business Services Security Agent installed Unmanaged machines: Displays the total number of machines associated with Trend Micro Accounts that do not have the Security Agent installed Displays a table that outlines Trend Micro Account information for LabTech clients and whether a client requires immediate attention Note If a LabTech client is no longer a Trend Micro customer, select the check box next to the LabTech Client name in the table and click Disconnect from Trend Micro to remove the client from the list. Disconnecting a LabTech client from Trend Micro does not uninstall the Security Agent from the client's managed endpoints

263 LabTech Support Section Statistics tab Description Displays a dashboard with widgets that provide an overview of all the Trend Micro Accounts managed using LabTech Available widgets: Action Required Events Widget on page Threat Management Widget on page Managing Worry-Free Security Agents in LabTech The Trend Micro Worry-Free Security Services Plug-in for LabTech provides some limited control of Security Agents through the Kaseya console. From the LabTech console, you can perform the following Worry-Free Business Security Agent tasks: Managing Trend Micro LabTech Clients on page Using Trend Micro Scripts in LabTech on page Managing Trend Micro LabTech Clients The client information screen provides basic LabTech client summary information including the main client contact, address, and the current license status for Worry-Free Business Security Services. Important Some features of the Worry-Free Services Plug-in for LabTech require the latest version of Worry-Free Business Security Services. Update all of your Security Agents are to the latest version to ensure full support of all new features

Trend Micro Remote Manager Administrator's Guide Use the information on the Endpoints and Unmanaged Endpoints tabs to send commands to the Worry-Free Security Services Security Agent, or to deploy

264 Trend Micro Remote Manager Administrator's Guide Use the information on the Endpoints and Unmanaged Endpoints tabs to send commands to the Worry-Free Security Services Security Agent, or to deploy the agent to endpoints. Note You can select to view specific client/endpoint information at any level under the Trend Micro Customers node of the client tree. Common Worry-Free Business Security Services agent commands are also available using LabTech scripts. For more information, see Using Trend Micro Scripts in LabTech on page Procedure 1. Open the LabTech Control Center, go to Trend Micro > Trend Micro Customers, and select a client in the navigation tree. The title of the screen that appears depends on the level of the client information selected in the client tree. The following image displays the Trend Micro Customers > {Client} screen

265 LabTech Support 2. View details about the available Worry-Free Business Security Services licenses from Remote Manager by clicking the license expiration date. 3. View specific endpoints by clicking the any of the following counts: Managed machines: Displays a list of machines with the Worry-Free Business Services Security Agent installed on the Endpoints tab Unmanaged machines: Displays a list of machines that do not have the Worry-Free Business Services Security Agent installed on the Unmanaged Endpoints tab Viruses detected: Displays a list of Worry-Free Business Services Security Agents with virus detections on the Endpoints tab Spyware detected: Displays a list of Worry-Free Business Services Security Agents with spyware detections on the Endpoints tab Tip For clients with a large number of Worry-Free Business Services Security Agents displaying on the Endpoints tab, you can further filter the results using the status information in the Show drop-down. 4. On the Endpoints tab, select the check box for the endpoint you want to manage, and click the buttons above the list to send the necessary commands. Scan: Triggers the Security Agent on the selected endpoints to perform a Manual Scan during the next server synchronization Update: Triggers the Security Agent to check for component updates during the next server synchronization Other Actions: Displays the following commands: Unload Agent: Unloads the Security Agent from the selected endpoints for a specified period of time during the next server synchronization Remove Agent: Uninstalls the Security Agent from the selected endpoints during the next server synchronization 13-17

266 Trend Micro Remote Manager Administrator's Guide WARNING! Removing the Security Agent may leave the endpoints vulnerable to security threats. Note You must confirm that you want to send the command to the selected Security Agents. Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes. 5. On the Unmanaged Endpoints tab: Select the unmanaged endpoints that you want to install the Security Agent on and click Deploy Agent. Note You must confirm that you want to send the command to the selected endpoints. Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes. Select the unmanaged endpoints that you want to save as a list in CSV format and click Export. Using Trend Micro Scripts in LabTech The Worry-Free Business Security Service LabTech Plug-in provides the following scripts, accessible through the Scripts > Anti-Virus > Trend Micro right-click menu

267 LabTech Support Important You must assign specific LabTech User Classes permission to access each script for before the right-click script items appear, You can only access the right-click Scripts menu for LabTech clients associated with a Trend Micro Account. To associate a LabTech client with a Trend Micro Account, see Importing LabTech Clients on page 13-8 Deploy Security Agent: Deploys the Security Agent to the selected endpoints Remove Security Agent: Uninstalls the Security Agent from the selected endpoints WARNING! Removing the Security Agent may leave the endpoints vulnerable to security threats. Restart Security Agent: Restarts the Security Agent on the selected endpoints Scan Now: Triggers the Security Agent on the selected endpoints to perform a Manual Scan Unload Security Agent: Unloads the Security Agent from the selected endpoints Update Now: Triggers the Security Agent to check for component updates 13-19

Trend Micro Remote Manager Administrator's Guide Figure 13-1.

268 Trend Micro Remote Manager Administrator's Guide Figure Trend Micro LabTech Scripts Note Endpoints receive the command the next time Remote Manager synchronizes with Worry-Free Business Security Services. The default synchronization time is five minutes. The commands only execute on valid endpoints. For example, if the selected endpoint does not have the Security Agent installed, the Scan Now function cannot execute. Monitoring Worry-Free Business Security Services Agents The Statistics provides an easy way to view all your Trend Micro customers that require further action or have detected security events using the Action Required Events and Threat Management widgets

269 LabTech Support Action Required Events Widget The Action Required Events widget lists your customers with endpoints that require attention. Events Action Unsuccessful Real-Time Scan Disabled Restart Required Update Required Description Click the Occurrences to go to the Worry-Free Business Security Services console and view unsuccessful scan results on a customer's endpoints. Click the Device(s) to go to the Worry-Free Business Security Services console and view endpoints with real-time scan disabled. Click the Occurrences to go to the Worry-Free Business Security Services console and view endpoints that need to restart to finish cleaning spyware/grayware. Click the Device(s) to go to the the Worry-Free Business Security Services console and view endpoints that require an update. Click a LabTech Client name to view information on the Remote Manager console

270 Trend Micro Remote Manager Administrator's Guide Threat Management Widget View the number of customers with different types of security detections. Click the links to view detailed information on the Remote Manager console. Figure The Threat Management Widget 13-22

271 LabTech Support Supported Trend Micro Product Events in LabTech Remote Manager can send the following event notifications to the LabTech system. Product Worry- Free Business Security Services Agent Abnormal Outbreak Defense Antivirus Anti-spyware Web Reputation Behavior Monitoring Events Network Virus Outdated Managed Servers Unusual System Events License Expiration URL Filtering Exchange Server Shutdown These events are sent to LabTech in the form of messages which are logged into LabTech. For this to occur, notification recipients need to be added to the Remote Manager web console and several fields need to be made to the LabTech ticketing system. For more information, refer to Integrating LabTech on page

272

273 Part V Monitoring Customers

274

275 Chapter 14 Understanding the Dashboard Trend Micro Remote Manager has a monitoring dashboard that provides a quick view of the security, system, and license statuses of all customers. This section contains the following topics: Dashboard Status Screens on page 14-2 Working with Tabs and Widgets on page 14-2 Remote Manager Widgets on page 14-7 Cloud App Security Widgets on page Cloud Edge Widgets on page Hosted Security Widgets on page InterScan Web Security as a Service Widgets on page Worry-Free Business Security Services Widgets on page Notification Center on page

Trend Micro Remote Manager Administrator's Guide Dashboard Status Screens The Dashboard is the central screen for reviewing the status of monitored networks.

276 Trend Micro Remote Manager Administrator's Guide Dashboard Status Screens The Dashboard is the central screen for reviewing the status of monitored networks. The Dashboard lists only the products whose statuses are not normal. For example, if a customer's Worry-Free Business Security Services license is expiring or if a customer has too many threats, those customers would be listed here. To access the Dashboard, open a compatible browser and sign into the Trend Micro Remote Manager site for your region. Figure Dashboard Threat Status Tab Most items on the Dashboard are linked to help you resolve an issue. Click an item (graph, link, number) to resolve the issue. For more information, see Product/Service Information on page 3-4. Working with Tabs and Widgets Tabs provide a container for widgets. Each tab on the Home screen can hold up to 20 widgets. The Home screen itself supports up to 30 tabs. Widgets are the core components of the dashboard. Widgets provide specific information about various security or license-related events. Some widgets allow you to perform certain tasks. 14-2

277 Understanding the Dashboard The information that a widget displays comes from: Cloud App Security Cloud Edge servers and clients Hosted Security services InterScan Web Security as a Service Worry-Free Business Security server and clients Worry-Free Business Security Services server Tab Tasks The following table lists all the tab-related tasks: Task Steps Add a tab Click the add icon ( ) on top of the Home screen. A new tab displays. Rename tab Hover over the tab name and click the down arrow ( ), then click Rename. Type a new name for a tab. Edit tab layout Hover over the tab name and click the down arrow ( ), then click Change Layout. The Change Layout window opens. For more information, see Change Layout Window on page Delete a tab Hover over the tab name and click the down arrow ( ), then click Delete. Click OK to delete the tab. Play tab slide show Click the Settings button to the right of the tab display ( ), then click the Tab Slide Show slider. In the drop-down menu beneath the slider, choose the interval at which the selected tabs should display. 14-3

278 Trend Micro Remote Manager Administrator's Guide Move tab Task Steps Use drag-and-drop to change a tab's position. Note Drag-and-drop functionality is not supported by all browsers. For more information on recommended browsers, see Browser Requirements on page 1-8. Change Layout Window The Change Layout window opens when you click the Change Layout option in the tab's drop-down menu ( ). 14-4

279 Understanding the Dashboard Tip Trend Micro recommends the following minimum screen resolutions, depending on your layout selection: 2 columns: 800 x 600 or above 3 columns: 1280 x 720 or above 4 columns: 1680 x 1050 or above 14-5

280 Trend Micro Remote Manager Administrator's Guide Widget Tasks The following table lists widget-related tasks: Task Add a widget Steps Open a tab and then click Add Widgets at the top right corner of the tab. The Add Widgets screen displays. Refresh widget data Click the refresh icon ( ). View help Click the Help ( ). Delete a widget Click the Close Widget ( ). This action removes the widget from the tab that contains it, but not from the other tabs that contain it or from the widget list in the Add Widgets screen. Move a widget Use drag-and-drop to move a widget to a different location within the tab. 14-6

281 Understanding the Dashboard Task Resize a widget Steps To resize a widget, point the cursor to the right edge of the widget. When you see a thick vertical line and an arrow (as shown in the following image), hold and then move the cursor to the left or right. Only widgets on multi-column tabs can be resized. These tabs have any of the following layouts and the highlighted sections contain widgets that can be resized. Remote Manager Widgets The dashboard shows the following Remote Manager widgets: 14-7

282 Trend Micro Remote Manager Administrator's Guide Customers with Notifications Widget This widget provides a count of the number of your Remote Managercustomers that currently have Action required or Warning event statuses. Hover over the customer count to view the top event categories for the most recently affected customers. To open the Notification Center and view a more detailed explanation for the current status, click the Occurrences count for a particular Category or click View all in Notification Center to view all affected customers. For more information, see Notification Center on page

283 Understanding the Dashboard Overall Detections Widget This widget provides an overview of all the threat detections and policy violations during the selected time frame. Hover over the threat or violation count to view a breakdown of the specific types of detections that occurred for each group. To switch views, click the table icon or the bar chart icon in the upper-right. To view the logs for a specific feature in table view, click the count to the right. To view the logs for a specific feature in the bar chart view, click the bar to the right. 14-9

284 Trend Micro Remote Manager Administrator's Guide Table Detection Categories Category Known Threats Description Displays all the features that detect security threats confirmed by Trend Micro Botnet C&C Callback File Blocking IPS Spam Virus/Malware Spyware/Grayware Web Reputation Network virus Unknown Threats Displays all the features that detect potential threats using advanced heuristics, analysis, or feature modeling Predictive Machine Learning Behavior Monitoring Virtual Analyzer Policy Violations Displays all the features that contain policy violations that are specific to your corporate security standards Application Control Device Control URL Filtering 14-10

285 Understanding the Dashboard Customers Needing the Most Attention Widget Shows the most recent number of customers with the highest number of events that need an immediate action or response. Data displays in a table and pie chart. You can switch between the table and pie chart by clicking the display icons ( ). If the number of clients for a particular status is 1 or more, you can click the number to view the events in the product tree. Click the customer name to view all the events for this customer or expand the customer name to see the events for certain categories. The number of events under Action Required are events that should be handled as soon as possible. The number of events under Warning are events that are not as urgent as the events under Action Required but will also need to be handled soon

286 Trend Micro Remote Manager Administrator's Guide License Management Widget Displays the current status of the licenses being used by customers. Shows the following license-related details for customers and products: Expiring soon: These are the number of licenses that have not yet expired, but will expire soon. Expired: These are licenses that have already expired. Note Trend Micro suggests renewing these licenses as soon as possible. Seats Used: These are the number of seats that are currently being used. Provisioned: These are the number of seats that the customer provisioned

287 Understanding the Dashboard License Usage Widget Displays a graphical analysis of seats that were allocated and those that were actually purchased, for the year. These can help determine whether you should increase or decrease your seat allocation. You can change the product/service by selecting from: All Hosted Security Worry-Free Business Security Worry-Free Business Security Services Cloud Edge InterScan Web Security as a Service Cloud App Security 14-13

Trend Micro Remote Manager Administrator's Guide Managed Customers and Products or Services Widget Shows the number of managed customers for each product within a specified time period.

288 Trend Micro Remote Manager Administrator's Guide Managed Customers and Products or Services Widget Shows the number of managed customers for each product within a specified time period. You can change the time range for the data shown by selecting from: Last month (default) Last 3 months Last 6 months Last year You can click the names of the registered products on the right side to add or remove the data from the graph

289 Understanding the Dashboard Each bar chart represents a week or month. The bar chart shows the total number of products/services. Ransomware Detections Widget Displays ransomware detection data from Cloud App Security, Hosted Security, Worry-Free Business Security Services, Cloud Edge, InterScan Web Security as a Service, and Worry-Free Business Security. You can change the time range for the data shown by selecting from: Last 24 hours (default) Last 7 days Last 30 days You can view ransomware event logs by clicking the following counts: Infection attempts: Shows ransomware event logs sorted by number of occurrences

290 Trend Micro Remote Manager Administrator's Guide Customers with ransomware detections: Shows ransomware event logs sorted by company name. Expand the information box ( ) to view the Maximize Ransomware Protection for Worry-Free Business Security Services link. Click the link to enable ransomware protection for all your customers. For more information about configuring ransomware protection in Remote Manager, see Maximizing Ransomware Protection FAQs on page System Management Widget Shows the current number of all system events for the registered products. You can use this to determine hardware issues or events for the server or agent. If the number of events for a particular category is 1 or more, you can click the number to view the event logs

291 Understanding the Dashboard Threat Management Widget Shows the threat event count for all the registered products. You can change the time range for the data shown by selecting from: Last 24 hours (default) 14-17

292 Trend Micro Remote Manager Administrator's Guide Last 7 days Last 30 days If the number of events for a particular category is 1 or more, you can click the number to view the event logs. Trial and Full License Usage Widget Shows how many trial or full licenses were used for the registered products. You can change the time range for the data shown by selecting from: Last month (default) Last 3 months Last 6 months Last year You can change the product/service by selecting from: 14-18

293 Understanding the Dashboard All Hosted Security Worry-Free Business Security Worry-Free Business Security Services Cloud Edge InterScan Web Security as a Service Cloud App Security Viewing Product-Specific Events A product-specific event displays a list of real-time events. Procedure 1. Go to Customers > {company name} > {product}. 2. Depending on the selected product, do one of the following. Product Cloud App Security Cloud Edge InterScan Web Security as a Service Worry-Free Business Security Worry-Free Business Security Services Steps Go to the Events tab. Go to the Events tab. The events list automatically appears when you select an IWSaaS product from the network tree. Go to the Events tab. Go to the Events tab

294 Trend Micro Remote Manager Administrator's Guide Cloud App Security Widgets The dashboard shows the following Cloud App Security widgets: Cloud App Security Customers with the Most Threats Widget Shows the Cloud App Security customers with the most threat events. Click a bar to view the event logs

295 Understanding the Dashboard Cloud App Security Data Loss Prevention Top Violations Widget Shows the Cloud App Security customers with the highest number of Data Loss Prevention template violations. Click a bar to view the event logs. Cloud Edge Widgets The dashboard shows the following Cloud Edge widgets: 14-21

296 Trend Micro Remote Manager Administrator's Guide Cloud Edge Customers with the Most Threats Widget Shows the Cloud Edge customers with the highest number of threat events. Data displays in a table and bar chart. You can switch between the table and bar chart by clicking the display icons ( ). You can change the time range for the data shown by selecting from: Last hour Last 24 hours Last 7 days Last 30 days (default) You can change the category of the data shown by selecting from: All Botnet C&C callback IPS Predictive Machine Learning Ransomware ( channel) Ransomware (network channel) 14-22

297 Understanding the Dashboard Ransomware (web channel) Spam Virtual Analyzer Virus ( channel) Virus (web channel) Web Reputation Click the customer name to view the customer information. Click the threat count to open the threat information from the Cloud Edge console. Cloud Edge Devices with the Most Threats Widget Shows the Cloud Edge devices with the highest number of threat events. You can change the time range for the data shown by selecting from: Last hour Last 24 hours Last 7 days 14-23

298 Trend Micro Remote Manager Administrator's Guide Last 30 days (default) You can change the category of the data shown by selecting from: All Botnet C&C callback IPS Predictive Machine Learning Ransomware ( channel) Ransomware (network channel) Ransomware (web channel) Spam Virtual Analyzer Virus ( channel) Virus (web channel) Web Reputation Click the customer name to view the customer information. Click the threat count to open the threat information from the Cloud Edge console. Hosted Security Widgets The dashboard shows the following Hosted Security widgets: 14-24

299 Understanding the Dashboard Hosted Security Customers with the Most Quarantined Messages Shows the Hosted Security customers with the most number of quarantined messages. Data displays in a table and pie chart. You can switch between the table and pie chart by clicking the display icons ( ). You can change the time range for the data shown by selecting from: Last 24 hours Last 7 days Last 30 days (default) You can change the direction type for the data shown by selecting from: Incoming Outgoing Click the customer name to view the customer information. Click the message count to view the event logs

300 Trend Micro Remote Manager Administrator's Guide Hosted Security Customers with the Most Threats Shows the Hosted Security customers with the highest number of threat events. Data displays in a table and pie chart. You can switch between the table and pie chart by clicking the display icons ( ). You can change the time range for the data shown by selecting from: Last 24 hours Last 7 days Last 30 days (default) You can change the threat type for the data shown by selecting from: Spam Virus All (default) You can change the direction type for the data shown by selecting from: Incoming Outgoing Click the customer name to view the customer information. Click the threat count to view the event logs

301 Understanding the Dashboard InterScan Web Security as a Service Widgets The dashboard shows the following InterScan Web Security as a Service widgets: InterScan Web Security as a Service Widget Shows the InterScan Web Security as a Service (IWSaaS) customers with the highest number of threat events. Data displays in a table and bar chart. You can switch between the table and bar chart by clicking the display icons ( ). You can change the threat type for the data shown by selecting from: All Antispyware Antivirus App Control URL Filtering Web Reputation Click the customer name to view the customer information

Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Services Widgets The dashboard shows the following Worry-Free Business Security Services widgets: Worry-Free Business

302 Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Services Widgets The dashboard shows the following Worry-Free Business Security Services widgets: Worry-Free Business Security Services Agent Status Shows the Worry-Free Business Security Services devices that have been offline or were unable to complete a scan for more than a month. Note The device count only includes Worry-Free Business Security Services agents with the Scheduled Scan setting enabled. Click the device count to view the event log

Understanding the Dashboard Worry-Free Business Security Services Customers with the Most Threats Widget Shows the Worry-Free Business Security Services customers with the highest number of threat

303 Understanding the Dashboard Worry-Free Business Security Services Customers with the Most Threats Widget Shows the Worry-Free Business Security Services customers with the highest number of threat events. Data displays in a table and pie chart. You can switch between the table and pie chart by clicking the display icons ( ). You can change the category of the data shown by selecting from: All Application Control Behavior Monitoring Device Control Network Virus Predictive Machine Learning Spyware/Grayware URL Filtering Virus/Malware Web Reputation Click the customer name to view customer and event information

304 Trend Micro Remote Manager Administrator's Guide Worry-Free Business Security Services Endpoint Operating Systems Shows the operating systems used on Worry-Free Business Security Services endpoints. You can change the device type for the data shown by selecting from: Desktop Server Mobile Click the operating system version from the table or on the pie chart to view event logs. Notification Center The Notification Center provides a quick way to identify customers with Action required and Warning events. Access the Notification Center through the Customers with Notifications widget

305 Understanding the Dashboard For more information, see Customers with Notifications Widget on page The following table outlines the options available on the Notification Center screen for both the Action Required and Warning tabs. Export All Dismiss Option Description Click to export a CSV file containing all data related to your customers with events. Dismiss notifications after you have taken manual action to resolve an issue on an endpoint that the managed product was unable to resolve directly. Select an event or multiple events for supported managed products and click Dismiss to remove the event data from the Notification Center, related Remote Manager widgets, and the following managed product consoles (if applicable): Worry-Free Business Security Worry-Free Business Security Services Note Dismissing an event does not delete any log data related to the event. Remote Manager only dismisses the event notification information. Configure Notifications Click to open the Administration > Configure notifications screen and configure the global notification settings in Remote Manager. For more information, see Configuring Global Notification Settings on page Company Click a Company name in the table to open the Customers > [customer] screen and view all events related to that particular customer. For more information, see Customer Products on page

306 Trend Micro Remote Manager Administrator's Guide Option Occurrences Description Click the Occurrences count to view more details for a particular event. Depending on the managed product, the event details display as follows: Worry-Free Business Security (Standard or Advanced): A pop-up screen appears outlining details for all occurrences of the particular event Worry-Free Business Security Services: The Event Details screen appears displaying addtional information about the event and suggested resolution actions. For more information, see Event Details on page All other managed products: Remote Manager opens the managed product console where you can find more information about events. Event Details The Event Details screen provides a more in-depth view of threat and system events affecting Worry-Free Business Security Services customers. The following table outlines the information provided on the Event Details screen. Information Event type Description Displays an icon and description for the following event types: Action Required Warning Event category Description Suggested action Describes the specific event displayed and the subcategory Describes the issue and any threshold settings related to the event notfication Provides recommendations for events that the managed product cannot directly resolve 14-32

307 Understanding the Dashboard Information Action buttons Description Available actions vary based on the specific event Possible actions include: Dismiss Notification: Dismisses the notification after you have taken manual action to resolve an issue on an endpoint that the managed product was unable to resolve directly. After dismissing an event notification, Remote Manager removes the event data from the Notification Center, related Remote Manager widgets, and the Worry-Free Business Security Services console. Note Dismissing an event does not delete any log data related to the event. Remote Manager only dismisses the event notification information. Download Tool: If another Trend Micro tool is available to help resolve the security threat, click to obtain the software package. Note You must manually run the tool on the affected endpoints to resolve the security threat. Enable Real-time Scan: Click to automatically enable the Real-time Scan service on the affected endpoints. Update Security Agents: Click to trigger the update process on the affected, outdated endpoints. Affected endpoints list Displays a list of the affected endpoints and specific event data related to the event category 14-33

308 Trend Micro Remote Manager Administrator's Guide Event Logs The Event Logs screen appears after clicking a count on the various widgets that display on the Dashboard. Event logs provide a detailed view of the detections reported by managed products for specific customers. You can click the Occurrences count to obtain more information about a specific type of event. Depending on the managed product, clicking the Occurrences count does the following: For Worry-Free Business Security Services events: Displays the WFBSS Log Query screen For more information, see Performing a WFBS-SVC Log Query on page For Worry-Free Business Security events: Displays a log screen for the detected events For all other managed products: Opens the managed product console where you can view product-specific logs for the affected customer Performing a WFBS-SVC Log Query You can query Worry-Free Business Security Services logs to determine how different event types have affected all your Remote Manager customers. Procedure 1. Go to Home. 2. Open the Event Logs screen by clicking a data link on any applicable Worry-Free Business Security Services widget. 3. Click the Occurrences count for any Worry-Free Business Security Services customer. The WFBS-SVC Log Query screen appears displaying detection information for the threat category related to the Occurrences count you clicked

309 Understanding the Dashboard 4. (Optional) View other Worry-Free Business Security Services log data. a. From the Period drop-down, specify the date range for the detection data. b. From the Category drop-down, select from the available threat categories. c. Click Display Logs. All Worry-Free Business Security Services logs that match the search criteria for all Remote Manager customers display. 5. (Optional) Click Export All to save the data to a CSV file

310

311 Chapter 15 Managing Events This section contains the following topics: Understanding Events on page 15-2 Managed Product Events on page 15-3 Viewing Product-Specific Events on page

312 Trend Micro Remote Manager Administrator's Guide Understanding Events Remote Manager defines an event as any activity that requires the administrator's attention. The available information varies depending on the selected product and event type. Remote Manager provides two types of event lists. Table Remote Manager Event Lists List Event logs Product-specific events Description Displays a list of events from a widget Remote Manager displays a list of events for the selected widget based on the specified range. Depending on the widget, you can choose to display information from the last 24 hours, 7 days, or 30 days. For more information, see Event Logs on page Displays a list of real-time events Remote Manager syncs with the supported products and refreshes the lists every 5 minutes. Note For more information, see Viewing Product-Specific Events on page Event Severity Product-specific events may have either the following severity levels. Action Required: Events that require immediate attention. Warning: Notifications that serve as a warning but do not require immediate attention. 15-2

313 Managing Events Event Status Product-specific events may have either the following statuses. Unresolved: Events that need attention. Dismissing/Updating: Events that have been addressed but still require updates from products or services. Managed Product Events Remote Manager events vary for each managed product/service. Cloud App Security Events on page 15-3 Cloud Edge Events on page 15-5 InterScan Web Security as a Service Events on page 15-8 Worry-Free Business Security Events on page 15-9 Worry-Free Business Security Services Events on page Cloud App Security Events Note If multiple Action required and Warning events occur, Remote Manager displays the icon for the most serious threat. 15-3

314 Trend Micro Remote Manager Administrator's Guide Table Threat Events Event Category Details Event Status Antivirus Virus detections exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) File Blocking Virtual Analyzer Web Reputation File Blocking violations exceed Virtual Analyzer High risk detections exceed Virtual Analyzer Medium/Low risk detections exceed URL violations exceed : The detected File Blocking violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for High risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for Medium/Low risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-4

315 Managing Events Table System Events Event Category Account sync issues Details Invalid Box access token Invalid Dropbox access token Invalid Google Drive access token Sync issues on delegate account(s) Event Status : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to sync with delegate account(s) Cloud Edge Events Note Some Threat Events from Cloud Edge may display additional channel information. Table Threat Events Event Category Details Event Status Antispam Spam detections exceed : The detected spam count exceeds the configured threshold within 1 hour (as configured on the managed product console) Antivirus Virus detections exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-5

316 Trend Micro Remote Manager Administrator's Guide Event Category Details Event Status Botnet Botnet detections exceed : The detected botnet count exceeds the configured threshold within 1 hour (as configured on the managed product console) C&C callback C&C callbacks exceed : The detected C&C callback count exceeds the configured threshold within 1 hour (as configured on the managed product console) IPS IPS detections exceed : The detected IPS count exceeds the configured threshold within 1 hour (as configured on the managed product console) Predictive Machine Learning Ransomwar e Virtual Analyzer Web Reputation Predictive Machine Learning detections exceed Ransomware detections exceed Virtual Analyzer detections exceed URL violations exceed : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for objects of any risk level exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-6

317 Managing Events Event Category Web Threats Details Web threat detections (including IPS, botnet, antivirus, or Web Reputation violations) exceed Event Status : The detected web threat count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Category Cloud scanning Firmware Update Offline Offline (Last 24 hours) Details Service unavailable Service became temporarily unavailable within the last 24 hours The last firmware update was unsuccessful. Open the <Cloud Edge cloud console> for more information. Outdated firmware Offline gateway. Policy deployment and log analysis may be affected. Offline gateway occurrences in the last 24 hours. Policy deployment and log analysis may have been affected. Event Status : Cloud Edge was unable to connect to the cloud scanning service : Cloud Edge was temporarily unable to connect to the cloud scanning service within the last 24 hours : Cloud Edge firmware was unable to successfully update to the latest firmware version : The current version of the Cloud Edge firmware is outdated : Cloud Edge cannot connect to the gateway or perform scanning : Cloud Edge was unable to maintain a dedicated connection to all registered gateways over the last 24 hours 15-7

318 Trend Micro Remote Manager Administrator's Guide Event Category Resource shortage Resource shortage (Last 24 hours) Unregistered Details Detected <number> issues Disk space usage exceeded CPU usage exceeded Memory usage exceeded Detected <number> issues Disk space usage exceeded CPU usage exceeded Memory usage exceeded Unable to perform cloud management. This gateway is not registered to the Cloud Edge cloud console. Event Status : The amount of remaining resources on the device have dropped below the configured alert threshold. : The amount of remaining resources on the device dropped below the configured alert threshold within the last 24 hours but were recovered : Cloud Edge cannot perform scanning on the gateway InterScan Web Security as a Service Events Table Threat Events Event Category Antispyware Details Spyware/Grayware detections Event Status : The detected spyware/grayware count during the last 24 hours Antivirus Virus detections : The detected virus/malware count during the last 24 hours Application Control Application Control violations : The detected Application Control violation count during the last 24 hours 15-8

319 Managing Events Event Category URL Filtering Web Reputation Details URL violations URL violations Event Status : The detected URL Filtering violation count during the last 24 hours : The blocked URL count during the last 24 hours Table System Events Event Category Account sync issues Details Sync issues with AD/LDAP Event Status : Unable to sync with AD/LDAP Worry-Free Business Security Events Table Threat Events Event Category Antispam Details Spam detections in total messages received exceed Event Status : The ratio of detected spam messages in total messages received exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-9

320 Trend Micro Remote Manager Administrator's Guide Event Category Antispyware Details Detections requiring device restart Spyware/Grayware detections exceed Event Status : Displays the number of endpoints infected with spyware/grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-10

321 Managing Events Event Category Antivirus Details Real-time Scan disabled on endpoints Real-time Scan disabled on Exchange server(s) Threats unresolved Event Status : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files : Exchange servers with Real-time Scan disabled allow all attachments in messages to pass, leaving the customer network susceptible to massmailing worms. : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Behavior Monitoring Virus detections on endpoints exceed Virus detections on Exchange servers exceed Behavior Monitoring violations exceed Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. : The detected virus/malware count on endpoints exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected virus/malware count on Exchange servers exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-11

322 Trend Micro Remote Manager Administrator's Guide Event Category Device Control Network virus Outbreak Defense URL Filtering Web Reputation Details Device Control violations exceed Network virus detections exceed Outbreak Defense enabled Outbreak Defense disabled URL violations exceed URL violations exceed Event Status : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Outbreak Defense enabled on desktop/server platforms in response to abnormal threat activity : Outbreak Defense disabled on desktop/server platforms and normal network conditions restored : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Category Resource shortage Details Remaining disk space below Event Status : The amount of remaining disk space on the server has dropped below the configured alert threshold

323 Managing Events Event Category Smart Protection Services Details Service unavailable Event Status : The Worry-Free Business Security console cannot connect to the Smart Scan Server Update Outdated agents : Over <number> of the Security Agents did not receive the latest antivirus patterns in the last hour Outdated Exchange servers : Outdated components detected on Exchange server(s) Worry-Free Business Security Services Events Table Threat Events Event Category Antispyware Details Detections requiring device restart Spyware/Grayware detections exceed Event Status : Displays the number of endpoints infected with spyware/grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-13

324 Trend Micro Remote Manager Administrator's Guide Event Category Details Event Status Antivirus Real-time Scan disabled : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files Threats unresolved : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Application Control Behavior Monitoring Device Control Virus detections exceed Application Control violations exceed Behavior Monitoring violations exceed Device Control violations exceed : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Application Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 15-14

325 Managing Events Event Category Network virus Outbreak Defense Predictive Machine Learning URL Filtering Web Reputation Details Network virus detections exceed Outbreak Defense enabled Outbreak Defense disabled Predictive Machine Learning detections exceed URL violations exceed URL violations exceed Event Status : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Outbreak Defense enabled on desktop/server platforms in response to abnormal threat activity : Outbreak Defense disabled on desktop/server platforms and normal network conditions restored : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Category Smart Protection Services Details Agents disconnected Event Status : Security Agents cannot connect to the Smart Protection Network 15-15

326 Trend Micro Remote Manager Administrator's Guide Event Category Details Event Status Update Outdated agents : Security Agents with outdated patterns after two hours of antivirus pattern release exceeded threshold Viewing Product-Specific Events A product-specific event displays a list of real-time events. Procedure 1. Go to Customers > {company name} > {product}. 2. Depending on the selected product, do one of the following. Product Cloud App Security Cloud Edge InterScan Web Security as a Service Worry-Free Business Security Worry-Free Business Security Services Steps Go to the Events tab. Go to the Events tab. The events list automatically appears when you select an IWSaaS product from the network tree. Go to the Events tab. Go to the Events tab

327 Chapter 16 Managing Reports This section contains the following topics: Reports Overview on page 16-2 Creating Reports on page 16-2 Viewing Reports on page 16-6 Editing Reports on page 16-6 Downloading and Sending Reports on page 16-6 Subscribing to Reports on page

Trend Micro Remote Manager Administrator's Guide Reports Overview Trend Micro Remote Manager lets you generate, download, and automatically send out reports.

328 Trend Micro Remote Manager Administrator's Guide Reports Overview Trend Micro Remote Manager lets you generate, download, and automatically send out reports. Reports provide an overview of license status, assessment results, threat incidents, major threats, and the most affected computers, files and addresses in your customers networks. Reports include a range of statistics from Worry-Free Business Security (all) and Hosted Security. Remote Manager allows for report profiles, one-time and periodic reports, date ranges, and multiple recipients. Remote Manager saves the 30 most recent daily reports, ten most recent weekly reports, and five most recent monthly reports. General reports are suitable for resellers and customers. Detailed reports are suitable for resellers and partners. Figure Reports Page Report profiles enable you to create multiple reports from a single profile. For example, create a one-time report today, generate that report, and tomorrow, change some options and regenerate without having to recreate the entire report. Remote Manager currently supports general and detailed reports. Creating Reports Trend Micro Remote Manager offers the following ways to create a report template: Click an existing report, modify the report, and click Save at the bottom of the screen. 16-2

Managing Reports Create a new report template. See Creating Report Templates on page 16-3 for more information. Creating Report Templates Procedure 1. Go to Reports > New Report.

329 Managing Reports Create a new report template. See Creating Report Templates on page 16-3 for more information. Creating Report Templates Procedure 1. Go to Reports > New Report. The New Report window opens. 2. Specify the following: Report name Report type: Refer to Reports Overview on page 16-2 for more information. 3. Select the date range: One-time report 16-3

330 Trend Micro Remote Manager Administrator's Guide Option Description Last 24 hours Calculates the report with data received from 12 midnight up until the moment the report is generated (based on the selected time zone). Note The time zone that the report depends on is the one that the reseller selected when creating the profile. It is not determined by the customer's machine. Last 7 days Calculates the report with data from the last 7 days (excluding today s data). Last 30 days Calculates the report with data from the last 30 days (excluding today s data). Specific range The "From" date must be later than or equal to the first date of the last month (Remote Manager only stores the last and current month's data); the "To" date cannot be later than today. Recurring report Option Daily report Description The end date must be later than today. Then every day in the specified range generates a report based on the previous day's data. For example, if the range is set from Jan to Jan , then: On the 27th, Remote Manager generates a report based on the 26th On the 28th, Remote Manager generates a report based on the 27th On the 29th, Remote Manager generates a report based on the 28th 16-4

331 Managing Reports Option Weekly report Monthly report Description Remote Manager generates the weekly report every Monday using the previous week's data. Therefore, to generate a report for this week, set the end date to at least Monday of the following week. Remote Manager generates the monthly report every second day of the month using the previous month's data. This means that to generate a report for this month, set the end date to at least the second day of the following month. 4. Specify the following report format elements: Option Report format Report language Note Description Reports can be exported to PDF or CSV files. Trend Micro Remote Manager supports English, French, German, Italian, Japanese, Simplified Chinese, and Spanish. This information is for internal use and does not display on the report itself. 5. Click Next. The Select Report Data screen appears. 6. Select a report template and the data to be generated. Note 7. Click Next. If the reseller is not connected to the customer s server or if no data is available, data does not display for the customer. The Generate report for specific customers screen displays. 8. Select the customers that will generate this report. 9. Specify the report details. Recipients under Mail To options come from the company contact list. You can also add addresses that will receive the generated reports. 16-5

332 Trend Micro Remote Manager Administrator's Guide Note Each selected customer will have different recipients. You can add or delete recipients depending on the customers. 10. Optional: Select Enable to display the customer's logo. 11. Click Done. Remote Manager adds the template to the list of report templates. Viewing Reports A report must have been generated at least once in order to view it. Go to Reports > {report name} > Report Files (tab) > {file under View}. Refer to Reports Overview on page 16-2 for more information. Editing Reports Go to Reports > {report name}. Refer to Creating Report Templates on page 16-3 for more information. Downloading and Sending Reports You can download and send reports to recipients. Although recipients were specified when you defined the report, the recipient list can be modified. Procedure 1. Go to Reports > {item or number of items under Report Files} > {report under View}. 16-6

333 Managing Reports 2. Select the reports you want to send or download. 3. Click Send or Download. See Subscribing to Reports on page 16-7 for more information. Subscribing to Reports Procedure 1. Go to Reports > {report name} > Target Audience (tab) > Add Target. 2. Select the customer report. Note The list of recipients when creating reports comes from Contact details. 3. Revise the subject line as required. 4. Click Save. 16-7

334

335 Part VI Administering Remote Manager

336

337 Chapter 17 Administering Remote Manager Note For information about third-party product integration, see Part IV: Integrating Third-Party Solutions. This section contains the following topics: Administration Settings on page 17-2 Configuring Global Notification Settings on page 17-3 Configuring Console Settings on page Default Setting Templates on page Viewing Administration Logs on page

338 Trend Micro Remote Manager Administrator's Guide Administration Settings The Administration screen allows you to configure global customer settings, Remote Manager console settings, view and set up third-party software integration, and view system logs. Section Description System Settings Configure notifications: Allows you to configure the global notification settings Tip Trend Micro recommends configuring global notification settings in such a way that the settings can apply to most of your customers. Global settings provide a quick way to configure individual customer notifications, although you can customize notification settings on a per customer basis. For more information, see Configuring Global Notification Settings on page Console settings: Allows you to change the banner image that appears on the Remote Manager console For more information, see Configuring Console Settings on page Third-party Integration View the current status of the Remote Manager features integrated with third-party software Configure third-party integration: Allows you to enable integration with supported third-party software and configure global integration settings For more information, see Part IV: Integrating Third-Party Solutions on page

339 Administering Remote Manager Section Default Settings for Products/Services Description Configure default setting templates: Allows you to configure the entire managed product/service console settings that you can apply to new or existing customers Tip Configuring templates can help save you time by preconfiguring security policies and exception lists for the managed product, which you can later apply to multiple customers. Important Remote Manager only supports default setting templates for Worry-Free Business Security Services and Cloud Edge. For more information, see Default Setting Templates on page System Logs Administration logs: Displays information related to Remote Manager console changes made by users For more information, see Viewing Administration Logs on page Configuring Global Notification Settings Set up global notifications to monitor common events that may require attention. Remote Manager provides notifications through messages, on the Customers with Notifications widget, or through your third-party software. Tip Trend Micro recommends configuring global notification settings in such a way that the settings can apply to most of your customers. Global settings provide a quick way to configure individual customer notifications, although you can customize notification settings on a per customer basis. 17-3

340 Trend Micro Remote Manager Administrator's Guide Procedure 1. Go to Administration. 2. In the System Settings section, click Configure notifications. The Administration > Configure notifications screen appears. 3. In the Message Settings section, specify the Recipients that receive the notification messages. Account manager: Select the Licensing Management Account for the primary Remote Manager administrator that should receive notifications for all customers. Additional recipients: Manually type the addresses of other people to whom Remote Manager should contact Note Separate multiple entries using semicolons (;). 4. In the Message Settings section, specify the Message Content that appears in the notification messages. 17-4

341 Administering Remote Manager Option Send separate consolidat ed messages for all Action Required events and all Warning events for all customers Send a single consolidat ed message for all Warning events but with individual messages for each Action Required event for each customer Description Remote Manager consolidates all Action Required events and all Warning events for all customers and sends a single message for each severity level with a summary of all events each time the Remote Manager server synchronizes with the managed product servers. Note Click Edit subject preface to specify a custom preface that appears as the initial text in the subject line. Remote Manager consolidates all Warning events for all customers and sends a single message with a summary of all the Warning events each time the Remote Manager server synchronizes with the managed product servers. Remote Manager also sends a new message each time a managed product reports an Action Required event for any customer. Note Click Edit warning subject preface to specify a custom preface that appears as the initial text in the subject line for the consolidated Warning event message. Possible Notifications One consolidated message with all Action Required events for all customers per managed product One consolidated message with all Warning events for all customers per managed product Separate messages for all License events, as configured in Event Notification Settings Separate messages for each Action Required event for each customer One consolidated message with all Warning events for all customers per managed product Separate messages for all License events, as configured in Event Notification Settings 17-5

342 Trend Micro Remote Manager Administrator's Guide Option Send individual messages for each Action Required and Warning event for each customer Description Remote Manager sends a new message each time a managed product reports a Warning or Action Required event for any customer. Possible Notifications Separate messages for each Action Required event for each customer Separate messages for each Warning/Information event for each customer Separate messages for all License events, as configured in Event Notification Settings Important You can customize the individual content for each Worry-Free Business Security Services and Cloud Edge Warning and Action Required events by clicking an event name in the Notification Event Settings after selecting this option. 5. In the Message Settings section under Language, select which language Remote Manager uses when sending the notification. 6. In the Message Settings section under Daily Notification Summary, enable Send a daily notification summary option to receive a daily report that summarizes all License Events, System Events, and Threat Events for all customers each day. Tip Click the View sample link to display a preview of the pie chart and table data that Remote Manager sends. 17-6

343 Administering Remote Manager 7. In the Notification Event Settings section, configure how Remote Manager sends notifications for specific products and event types. Common settings: Show in Notifications: Select the check box to display a notification event on the Customers with Threats widget and the Notification Center screen Select the check box to have Remote Manager send an message (based on the Message Content settings) whenever the event occurs Alert Threshold: If available, specify the threshold setting for the event Note Configure threshold settings for Worry-Free Business Security Services using each customer's Worry-Free Business Security Services web console. Notification product and event types: The notification events vary for each product and event type. Refer to the following list for specific information related to each section: Section All License Events Description Select specific event types that you want to monitor from the list provided. Note Remote Manager sends a separate consolidated message containing all License Notifications for all customers. For more information about the notification events, see License Notifications on page

344 Trend Micro Remote Manager Administrator's Guide Section Worry-Free Business Security Services Description Select specific event types that you want to monitor from the list provided. For more information about the notification events, see Worry-Free Business Security Services Notifications on page Important Enable Do not send notifications from the managed product to Remote Manager recipients to reduce the number of duplicate messages that the recipients specified in the Recipients section of the Message Settings. Remote Manager compares the recipients in the Message Settings with the recipients configured on the Worry-Free Business Security Services console for each customer. If an address appears in both lists, Remote Manager blocks the Worry-Free Business Security Services notifications to the duplicate addresses. Tip If you selected to receive individual messages for Warning or Action required events in the Message Content section, you can click an event name to customize the message content. For more information, see Customizing Notification Content on page Worry-Free Business Security You can only select whether to receive notifications based on the Threat and System event types. For more information about the notification events, see Worry-Free Business Security Notifications on page

345 Administering Remote Manager Section Cloud App Security Cloud Edge Description You can only select whether to receive notifications based on the Threat and System event types. For more information about the notification events, see Cloud App Security Notifications on page Select specific event types that you want to monitor from the list provided. For more information about the notification events, see Cloud Edge Notifications on page Important For Information event types, Remote Manager sends notifications based on the Warning event setting configured in the Message Content section. Tip If you selected to receive individual messages for Warning or Action required events in the Message Content section, you can click an event name to customize the message content. For more information, see Customizing Notification Content on page InterScan Web Security as a Service You can only select whether to receive notifications based on the System event type. For more information about the notification events, see InterScan Web Security as a Service Notifications on page Click Save. 17-9

346 Trend Micro Remote Manager Administrator's Guide Note You can revert all global notification settings to the default configuration by clicking Restore Defaults. Customizing Notification Content If you selected to receive individual messages for Warning or Action required events in the Message Content section, you can click an event name to customize the message content. For more information, see Configuring Global Notification Settings on page Important Customized message templates are only available for Worry-Free Business Security Services and Cloud Edge events. Tip Click the Preview sample link to understand the layout of notification messages before beginning to customize the notification content. Procedure 1. In the Subject field: Drag-and-drop fields from the Variable List to add dynamically-updated data. Important Drag-and-drop functionality is only supported when using Chrome or Firefox browsers. Manually type static text to improve readability. 2. In the Content field: 17-10

347 Administering Remote Manager Drag-and-drop fields from the Variable List list to add dynamically-updated data. Manually type static text to improve readability. Use the available editing toolbar buttons to format the message content. 3. Click Save. License Notifications Event Frequency Alert Threshold License - Expiring soon License - Expired Select from the following: Every 7 days: The system sends an notification every 7 days, starting from 14 days before expiration. Every 14 days: The system sends an notification every 14 days, starting from 28 days before expiration. Every 30 days: The system sends an notification every 30 days, starting from 60 days before expiration. By event Sends a notification if there are licenses that have already expired Remote Manager displays the Alert Threshold based on the Frequency setting: Every 7 days: License expiring in 14 days Every 14 days: License expiring in 28 days Every 30 days: License expiring in 60 days Not applicable 17-11

348 Trend Micro Remote Manager Administrator's Guide Event Frequency Alert Threshold License - Exceeded allocation By event Sends a notification if the percentage of used seats exceeds the provisioned number of seats Allocation exceeds (%): <number> Note You can specify the percentage of seats used that exceed the seats the customer provisioned. This can be any value between 100 to 120. Worry-Free Business Security Services Notifications Important For events with a configurable threshold, you must configure the threshold value separately for each customer on the Worry-Free Business Security Services console. Table Threat Events Event Antivirus - Threats unresolved Details : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Antivirus - Real-time Scan disabled : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files 17-12

349 Administering Remote Manager Event Antivirus - Virus detections exceed Antispyware - Detections requiring device restart Antispyware - Spyware/Grayware detections exceed Web Reputation - URL violations exceed URL Filtering - URL violations exceed Predictive Machine Learning - Predictive Machine Learning detections exceed Behavior Monitoring - Behavior Monitoring violations exceed Network virus - Network virus detections exceed Device Control - Device Control violations exceed Details : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Displays the number of endpoints infected with spyware/ grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Predictive Machine Learning count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 17-13

350 Trend Micro Remote Manager Administrator's Guide Event Application Control - Application Control violations exceed Details : The detected Application Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Update - Outdated agents Smart Protection Services - Agents disconnected Details : Security Agents with outdated patterns after two hours of antivirus pattern release exceeded threshold : Security Agents cannot connect to the Smart Protection Network Worry-Free Business Security Notifications Table Threat Events Event Antispam - Spam detections in total messages received exceed Antispyware - Detections requiring device restart Antispyware - Spyware/Grayware detections exceed Antivirus - Real-time Scan disabled on endpoints Details : The ratio of detected spam messages in total messages received exceeds the configured threshold within 1 hour (as configured on the managed product console) : Displays the number of endpoints infected with spyware/ grayware that the managed product was unable to completely clean and require the customer to restart the endpoint to complete the process : The detected spyware/grayware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : Security Agents with Real-time Scan disabled cannot protect endpoints from virus/malware in newly created or executed files 17-14

351 Administering Remote Manager Event Antivirus - Real-time Scan disabled on Exchange server(s) Antivirus - Threats unresolved Details : Exchange servers with Real-time Scan disabled allow all attachments in messages to pass, leaving the customer network susceptible to mass-mailing worms. : Unsuccessful actions indicate that a virus or malware has successfully circumvented antivirus defenses and has infected the endpoint. Note Remote Manager assumes that computers with an unsuccessfully cleaned, quarantined, or deleted virus or malware are infected. Antivirus - Virus detections on endpoints exceed Antivirus - Virus detections on Exchange servers exceed Behavior Monitoring - Behavior Monitoring violations exceed Device Control - Device Control violations exceed Network virus - Network virus detections exceed URL Filtering - URL violations exceed : The detected virus/malware count on endpoints exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected virus/malware count on Exchange servers exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Behavior Monitoring violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Device Control violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected network virus count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected URL Filtering violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 17-15

352 Trend Micro Remote Manager Administrator's Guide Event Web Reputation - URL violations exceed Details : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Resource shortage - Remaining disk space below Smart Protection Services - Service unavailable Update - Outdated Exchange servers Update - Outdated agents Details : The amount of remaining disk space on the server has dropped below the configured alert threshold. : The Worry-Free Business Security console cannot connect to the Smart Scan Server : Outdated components detected on Exchange server(s) : Over <number> of the Security Agents did not receive the latest antivirus patterns in the last hour Cloud App Security Notifications Table Threat Events Event Antivirus - Virus detections exceed File Blocking - File Blocking violations exceed Details : The detected virus/malware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected File Blocking violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) 17-16

353 Administering Remote Manager Event Ransomware - Ransomware detections exceed Virtual Analyzer - Virtual Analyzer detections exceed Details : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for Low risk or Medium risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected Virtual Analyzer detection count for High risk objects exceeds the configured threshold within 1 hour (as configured on the managed product console) Web Reputation - URL violations exceed : The detected Web Reputation violation count exceeds the configured threshold within 1 hour (as configured on the managed product console) Table System Events Event Account sync issues - Invalid Box access token Account sync issues - Invalid Dropbox access token Account sync issues - Invalid Google Drive access token Account sync issues -Sync issues on delegate account(s) Details : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to access the specified cloud storage : Unable to sync with delegate account(s) 17-17

354 Trend Micro Remote Manager Administrator's Guide Cloud Edge Notifications Table Threat Events Event Details Alert Threshold Web Threats - Web threat detections exceed C&C callback - C&C callback detections exceed Ransomware - Ransomware detections exceed : The detected web threat count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected C&C callback count exceeds the configured threshold within 1 hour (as configured on the managed product console) : The detected ransomware count exceeds the configured threshold within 1 hour (as configured on the managed product console) Specify a value between 1 to 300. Specify a value between 1 to 100. Specify a value between 1 to 100. Table System Events Event Details Alert Threshold Offline - Offline gateway detected : Cloud Edge cannot connect to the gateway or perform scanning Specify when Remote Manager sends the notification: Immediately: Trigger the notification as soon as Cloud Edge reports the incident to Remote Manager For more than X day(s): Trigger the notification if the gateway remains offline for the configured number of days 17-18

355 Administering Remote Manager Event Details Alert Threshold Offline - Offline device recovery Cloud scanning - Service unavailable Cloud scanning - Service restored Resource shortage - CPU, memory, or disk space usage exceeds : Cloud Edge restored the connection to an offline device : Cloud Edge was unable to connect to the cloud scanning service : Cloud Edge restored the connection to the cloud scanning service : The amount of remaining resources on the device have dropped below the configured alert threshold. Not applicable Not applicable Not applicable Specify the maximum amount of resources (between 80-95%) that can be in use before Remote Manager triggers the notification InterScan Web Security as a Service Notifications Table System Events Event Account sync issues - Sync issues with AD/LDAP Details : Unable to sync with AD/LDAP Configuring Console Settings Specify the logo that customers after signing into the service. Procedure 1. Click Administration > Console settings

356 Trend Micro Remote Manager Administrator's Guide 2. Select the image that you want to use in the banner. 3. Click Save. Important The logo must be a.png,.jpg,.bmp, or.gif image with a suggested size of 600 (width) by 60 (height). Default Setting Templates Default setting templates contain preconfigured settings for a specific customer or group. The templates are available only for Worry-Free Business Security Services and Cloud Edge, and if Trend Micro Remote Manager integrates with Licensing Management Platform. Trend Micro Remote Manager provides consoles similar to the Worry-Free Business Security Services and Cloud Edge consoles for template configuration. Settings configured on the template configuration consoles do not affect registered products. For more information on the configurable settings, refer to the product documentation. Configuring Default Setting Templates for Worry-Free Business Security Services Default setting templates are available only if Trend Micro Remote Manager integrates with Licensing Management Platform. For more information on the configurable settings, refer to the product documentation

Administering Remote Manager Procedure 1. Go to Administration > Configure default setting templates. The Configure default setting templates screen appears. 2.

357 Administering Remote Manager Procedure 1. Go to Administration > Configure default setting templates. The Configure default setting templates screen appears. 2. Under Worry-Free Business Security Services, click Create. 3. Type a name and description for the template. The Create Template window opens. 4. Click Configure Template. A console similar to the Worry-Free Business Security Services console opens. Note Settings configured on this console do not affect registered products. 5. Configure the following settings: Policies a. Go to Devices > Server (Default) > Configure Policies. b. Configure the default server policy settings. c. Go to Scans > Device (Default) > Configure Policies. d. Configure the default device policy settings. e. Click Save

for Small and Medium Business Quick Start Guide

for Small and Medium Business Quick Start Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products/services described herein without notice. Before using

More information

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central Trend Micro Apex One as a Service / Apex One Best Practice Guide for Malware Protection 1 Best Practice Guide Apex One as a Service / Apex Central Information in this document is subject to change without

More information

for Small and Medium Business Getting Started Guide for Resellers

for Small and Medium Business Getting Started Guide for Resellers Trend Micro Incorporated reserves the right to make changes to this document and to the products/services described herein without notice.

More information

Trend Micro OfficeScan XG

Trend Micro OfficeScan XG Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central... 1 Activate Your License...2 Overview... 3 Dashboard...3 Alerts...4 Logs & Reports... 10 People... 25 Devices... 34 Global Settings...50 Protect Devices...78 Endpoint

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central... 1 Activate Your License...2 Endpoint Protection...3 Dashboard...3 Alerts...4 Root Cause Analysis...9 Logs & Reports... 11 People... 24 Computers...33 Computer Groups...40

More information

Client Server Security3

Client Server Security3 for Small and Medium Business Getting Started Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

More information

Cloud Edge 3.8 Deployment Guide

Cloud Edge 3.8 Deployment Guide Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product,

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the product/service described herein without notice. Before installing and using the product/service, review the readme

More information

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1. Security information 1 Preface 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG Commissioning Manual Siemens Industrial 03/2018 A5E44395601-AA Legal

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central...1 Activate Your License... 2 Overview...3 Dashboard... 3 Alerts...4 Logs & Reports... 15 People...31 Devices... 41 Global Settings... 57 Protect Devices... 90 Endpoint

More information

ADMINISTRATION GUIDE Cisco Small Business

ADMINISTRATION GUIDE Cisco Small Business Cisco ProtectLink Endpoint 1.0 CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect,

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

2.5. Smart Protection Server Security Made Smarter. Administrator s Guide. Endpoint Security. Messaging Security

2.5. Smart Protection Server Security Made Smarter. Administrator s Guide. Endpoint Security. Messaging Security Smart Protection Server Security Made Smarter 2.5 Administrator s Guide e m p w Endpoint Security Messaging Security Protected t Cloud Web Security Trend Micro Incorporated reserves the right to make

More information

Sophos Central Partner. help

Sophos Central Partner. help help Contents About help...1 About...2 Dashboard... 3 Alerts...4 Logs... 5 Audit Logs...5 Sophos Central...7 Sophos Central customers...7 Sophos Central Licenses... 7 Managed Customer Usage... 9 Trial

More information

Partner Management Console Administrator's Guide

Partner Management Console Administrator's Guide Partner Management Console Administrator's Guide Documentation version: November 17, 2017 Legal Notice Copyright 2017 Symantec Corporation. All rights reserved.

More information

Sophos Enterprise Console Help. Product version: 5.3

Sophos Enterprise Console Help Product version: 5.3 Document date: September 2015 Contents 1 About Sophos Enterprise Console 5.3...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7

More information

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

Seqrite Endpoint Security

Seqrite Endpoint Security Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents

More information

User Guide. Version R95. English

User Guide. Version R95. English Anti-Malware (Classic) User Guide Version R95 English July 20, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept

More information

Kaseya 2. User Guide. Version 7.0. English

Kaseya 2. User Guide. Version 7.0. English Kaseya 2 AntiMalware User Guide Version 7.0 English January 6, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as

More information

ForeScout Extended Module for Symantec Endpoint Protection

ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection

More information

Sophos Enterprise Console help. Product version: 5.5

Sophos Enterprise Console help Product version: 5.5 Contents 1 About Sophos Enterprise Console...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7 2.2 Toolbar buttons...7

More information

Sophos Enterprise Console

Sophos Enterprise Console Help Product Version: 5.5 Contents About Sophos Enterprise Console...1 Guide to the Enterprise Console interface... 2 User interface layout... 2 Toolbar buttons...2 Dashboard

More information

Annexure E Technical Bid Format

Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security

More information

TREND MICROTM PortalProtectTM1.5

TREND MICROTM PortalProtectTM1.5 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software,

More information

McAfee Network Security Platform 8.3

8.3.7.44-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

TREND MICRO. InterScan VirusWall 6. FTP and POP3 Configuration Guide. Integrated virus and spam protection for your Internet gateway.

TREND MICRO. InterScan VirusWall 6. FTP and POP3 Configuration Guide. Integrated virus and spam protection for your Internet gateway. TM TREND MICRO TM TM InterScan VirusWall 6 Integrated virus and spam protection for your Internet gateway for Linux TM FTP and POP3 Configuration Guide Trend Micro Incorporated reserves the right to make

More information

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Quick Heal AntiVirus Pro. Tough on malware, light on your PC. Tough on malware, light on your PC. Features List Ransomware Protection Quick Heal anti-ransomware feature is more effective and advanced than other anti-ransomware tools. Signature based detection Detects

More information

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats. AntiVirus Pro Advanced Protects your computer from viruses, malware, and Internet threats. Features List Ransomware Protection anti-ransomware feature is more effective and advanced than other anti-ransomware

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

More information

Mission Control for the Microsoft Cloud. 5nine Cloud Security. Web Portal Version 12.o. Getting Started Guide

Mission Control for the Microsoft Cloud 5nine Cloud Security Web Portal Version 12.o Getting Started Guide 2018 5nine Software Inc. All rights reserved. All trademarks are the property of their respective

More information

10.2 Running process checklist Contacting TEMASOFT Support... 30

10.2 Running process checklist Contacting TEMASOFT Support... 30 2018 User manual Contents Table of Figures... 3 1. Introduction... 4 1.1. About TEMASOFT Ranstop... 4 1.2. How TEMASOFT Ranstop works... 5 1.3. TEMASOFT Ranstop components... 5 2. Installing TEMASOFT Ranstop...

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, please review the readme files,

More information

MOVE AntiVirus page-level reference

McAfee MOVE AntiVirus 4.7.0 Interface Reference Guide (McAfee epolicy Orchestrator) MOVE AntiVirus page-level reference General page (Configuration tab) Allows you to configure your McAfee epo details,

More information

Tivoli Endpoint Manager for Core Protection User's Guide

Tivoli Endpoint Manager for Core Protection User's Guide ii Tivoli Endpoint Manager for Core Protection User's Guide Contents Tivoli Endpoint Manager for Core Protection User's Guide........ 1 How CPM

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,

More information

Document Part No. PPEM25975/ Protected by U.S. Patent No. 5,951,698

Document Part No. PPEM25975/ Protected by U.S. Patent No. 5,951,698 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent

More information

McAfee Network Security Platform 8.3

8.3.7.28-8.3.7.6 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

Trend Micro Deep Discovery Training Advanced Threat Detection 2.0 for Certified. Professionals Course Description

Trend Micro Deep Discovery Training Advanced Threat Detection 2.0 for Certified Professionals Course Description Length Courseware 3 Day ebooks Trend Micro Deep Discovery Training Advanced Threat Detection

More information

McAfee Network Security Platform 8.3

8.3.7.28-8.3.3.9 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

OfficeScanTM 10 For Enterprise and Medium Business

OfficeScanTM 10 For Enterprise and Medium Business Administrator s Guide es Endpoint Security Trend Micro Incorporated reserves the right to make changes to this document and to the products described

More information

Trend Micro OfficeScan Client User Guide

Trend Micro OfficeScan Client User Guide Overview The purpose of this document is to provide users with information on the Trend Micro OfficeScan antivirus client. OfficeScan is the new anti-virus/anti-malware

More information

Detector Service Delivery System (SDS) Version 3.0

Detector Service Delivery System (SDS) Version 3.0 Detecting and Responding to IT Security Policy Violations Quick Start Guide 2018 RapidFire Tools, Inc. All rights reserved. V20180112 Contents Overview

More information

Document Part No. NVEM12103/41110

Document Part No. NVEM12103/41110 Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

CAS Quick Deployment Guide January 2018

CAS Quick Deployment Guide January 2018 CAS January 2018 Page 2 of 18 Trend Micro CAS January 2018 This document is to guide TrendMicro SE and Solution Architect team run a successful Cloud App Security POC with prospective customers. It is

More information

User Guide. Version R93. English

User Guide. Version R93. English Endpoint Security User Guide Version R93 English April 7, 2016 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS

More information

User Guide. Issued July DocAve Backup for Salesforce User Guide

User Guide. Issued July DocAve Backup for Salesforce User Guide DocAve Backup for Salesforce User Guide Issued July 2017 1 Table of Contents What s New in this Guide...4 About DocAve Backup for Salesforce...5 Supported Browsers...6 Submitting Documentation Feedback

More information

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2 Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Worry-Free TM Business Security Services

Worry-Free TM Business Security Services for Small and Medium Business User s Guide Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without

More information

User Guide. Version R93. English

User Guide. Version R93. English Anti-Malware User Guide Version R93 English March 17, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS

More information

User Guide. Version 2.1

User Guide. Version 2.1 Kaseya Endpoint Security User Guide Version 2.1 February 23, 2010 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations.

More information

Kaseya 2. User Guide. Version 1.1

Kaseya 2. User Guide. Version 1.1 Kaseya 2 Antivirus User Guide Version 1.1 June 29, 2011 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Endpoint Security. powered by HEAT Software. AntiVirus Best Practice Guide. Version 8.5 Update 2

Endpoint Security. powered by HEAT Software. AntiVirus Best Practice Guide. Version 8.5 Update 2 AntiVirus Best Practice Guide Version 8.5 Update 2 Endpoint Security powered by HEAT Software Contents Introduction 3 What Does AntiVirus Do? 3 Overview 4 Phase 1: Prepare Your Infrastructure 5 Remove

More information