trend micro incorporated reserves the right to make changes to … · 2017-09-20 · • network...

Trend Micro Incorporated reserves the right to make changes to this document and tothe service described herein without notice. Before installing and using the service,review the readme files, release notes, and/or the latest version of the applicabledocumentation, which are available from the Trend Micro website at:

http://docs.trendmicro.com/en-us/smb/trend-micro-remote-manager.aspx

Trend Micro, the Trend Micro t-ball logo, Worry-Free Business Security, Worry-FreeBusiness Security Services, Cloud App Security, Hosted Email Security, Cloud Edge, andInterScan Web Security as a Service are trademarks or registered trademarks of TrendMicro Incorporated. All other product or company names may be trademarks orregistered trademarks of their owners.

Copyright © 2017. Trend Micro Incorporated. All rights reserved.

Document Part No.: APEMS7998/170901

Release Date: September 2017

Protected by U.S. Patent No.: Patents pending.

http://docs.trendmicro.com/en-us/smb/trend-micro-remote-manager.aspx

This documentation introduces the main features of the service and/or providesinstallation instructions for a production environment. Read through the documentationbefore installing or using the service.

Detailed information about how to use specific features within the service may beavailable at the Trend Micro Online Help Center and/or the Trend Micro KnowledgeBase.

Trend Micro always seeks to improve its documentation. If you have questions,comments, or suggestions about this or any Trend Micro document, please contact us [email protected].

Evaluate this documentation on the following site:

http://www.trendmicro.com/download/documentation/rating.asp

mailto:%[email protected]


i

Table of Contents

Part I: Introducing Remote ManagerChapter 1: Introduction

Trend Micro Remote Manager ..................................................................... 1-2

What's New ..................................................................................................... 1-2

Features ............................................................................................................ 1-3

Browser Requirements ................................................................................... 1-8

Supported Products ........................................................................................ 1-8

Overall Infrastructure .................................................................................... 1-9

Key Terminology .......................................................................................... 1-11

Part II: Managing CustomersChapter 2: Remote Manager Customers

Customers Overview ...................................................................................... 2-2

Adding Customers .......................................................................................... 2-6

Assigning Default Settings Templates to Existing Customers ................ 2-8

Mass Policy Updates to Multiple Customers ............................................ 2-10

Merging Multiple Remote Manager Accounts in Licensing ManagementPlatform ......................................................................................................... 2-24

Chapter 3: Individual Customer SettingsCustomer Information ................................................................................... 3-2

Customer Products ......................................................................................... 3-3

Trend Micro Remote Manager Administrator's Guide

ii

Customer Licenses ....................................................................................... 3-13

Company Profile ........................................................................................... 3-16

Contact Information .................................................................................... 3-16

Customer Notifications ............................................................................... 3-17

ConnectWise Settings for Individual Customers ..................................... 3-19

Part III: Managing Trend Micro ProductsChapter 4: Cloud App Security in Remote Manager

Cloud App Security ........................................................................................ 4-2

Registering Cloud App Security .................................................................... 4-2

Managing Cloud App Security ...................................................................... 4-2

Cloud App Security Events ........................................................................... 4-3

Cloud App Security Notifications ................................................................ 4-5

Chapter 5: Cloud Edge in Remote ManagerCloud Edge ...................................................................................................... 5-2

Registering Customers with Cloud Edge Devices ..................................... 5-2

Managing Cloud Edge ................................................................................... 5-3

Cloud Edge Events ........................................................................................ 5-4

Cloud Edge Notifications .............................................................................. 5-8

Chapter 6: Hosted Email Security in Remote ManagerHosted Email Security ................................................................................... 6-2

Registering Hosted Email Security ............................................................... 6-2

Managing Hosted Email Security ................................................................. 6-4

Table of Contents

iii

Chapter 7: InterScan Web Security as a Service in RemoteManager

InterScan Web Security as a Service ............................................................ 7-2

Registering InterScan Web Security as a Service (IWSaaS) ...................... 7-3

Managing InterScan Web Security as a Service .......................................... 7-4

InterScan Web Security as a Service Events ............................................... 7-4

InterScan Web Security as a Service Notifications .................................... 7-5

Chapter 8: Worry-Free Business Security in RemoteManager

Worry-Free Business Security ....................................................................... 8-2

Registering Worry-Free Business Security Standard and Advanced ....... 8-2

Managing Agents ............................................................................................ 8-6

Managing Worry-Free Business Security Standard .................................. 8-21

Managing Worry-Free Business Security Advanced ................................ 8-22

Worry-Free Business Security Events ....................................................... 8-23

Worry-Free Business Security Notifications ............................................ 8-27

Chapter 9: Worry-Free Business Security Services inRemote Manager

Worry-Free Business Security Services ....................................................... 9-2

Registering Worry-Free Business Security Services ................................... 9-2

Managing Worry-Free Business Security Services ..................................... 9-4

Worry-Free Business Security Services Events ........................................ 9-10

Worry-Free Business Security Services Notifications ............................. 9-12

Part IV: Integrating Third-Party Solutions


iv

Chapter 10: AutoTask SupportIntegrating Autotask .................................................................................... 10-2

Supported Trend Micro Product Events in Autotask ............................. 10-6

Chapter 11: ConnectWise SupportIntegrating ConnectWise ............................................................................. 11-2

Supported Trend Micro Product Events in ConnectWise ................... 11-57

Chapter 12: Kaseya SupportIntegrating Kaseya ........................................................................................ 12-2

Managing Trend Micro Customers in Kaseya ....................................... 12-20

Managing Worry-Free Security Agents in Kaseya ................................. 12-24

Trend Micro Dashboard ............................................................................ 12-29

Supported Trend Micro Product Events in Kaseya .............................. 12-30

Chapter 13: LabTech SupportIntegrating LabTech ..................................................................................... 13-2

Managing Trend Micro Customers in LabTech ....................................... 13-8

Managing Worry-Free Security Agents in LabTech .............................. 13-15

Monitoring Worry-Free Business Security Services Agents ................ 13-20

Supported Trend Micro Product Events in LabTech ........................... 13-23

Part V: Monitoring CustomersChapter 14: Understanding the Dashboard

Dashboard Status Screens ........................................................................... 14-2

Working with Tabs and Widgets ................................................................ 14-2

Remote Manager Widgets ........................................................................... 14-7

Viewing Product-Specific Events ............................................................ 14-19

Table of Contents

v

Cloud App Security Widgets .................................................................... 14-20

Cloud Edge Widgets .................................................................................. 14-21

Hosted Email Security Widgets ................................................................ 14-24

InterScan Web Security as a Service Widgets ........................................ 14-27

Worry-Free Business Security Services Widgets .................................... 14-28

Notification Center .................................................................................... 14-30

Event Logs .................................................................................................. 14-34

Chapter 15: Managing EventsUnderstanding Events ................................................................................. 15-2

Managed Product Events ............................................................................ 15-3

Viewing Product-Specific Events ............................................................ 15-16

Chapter 16: Managing ReportsReports Overview ......................................................................................... 16-2

Creating Reports ........................................................................................... 16-2

Viewing Reports ........................................................................................... 16-6

Editing Reports ............................................................................................. 16-6

Downloading and Sending Reports ........................................................... 16-6

Subscribing to Reports ................................................................................ 16-7

Part VI: Administering Remote ManagerChapter 17: Administering Remote Manager

Administration Settings ............................................................................... 17-2

Configuring Global Notification Settings ................................................. 17-3

Configuring Console Settings ................................................................... 17-19

Default Setting Templates ......................................................................... 17-20

Viewing Administration Logs ................................................................... 17-23


vi

Part VII: Getting HelpChapter 18: Troubleshooting and Frequently AskedQuestions

Troubleshooting ............................................................................................ 18-2

Frequently Asked Questions ....................................................................... 18-7

Chapter 19: Technical SupportContacting Support ...................................................................................... 19-2

Sending Suspicious Content to Trend Micro ........................................... 19-3

Troubleshooting Resources ......................................................................... 19-4

Part IIntroducing Remote Manager

1-1

Chapter 1

IntroductionThis section contains the following topics:

• Trend Micro™ Remote Manager™ on page 1-2

• What's New on page 1-2

• Features on page 1-3

• Browser Requirements on page 1-8

• Supported Products on page 1-8

• Overall Infrastructure on page 1-9

• Key Terminology on page 1-11


1-2

Trend Micro™ Remote Manager™Trend Micro™ Remote Manager™ is a robust console that works in parallel with TrendMicro Licensing Management Platform™ to provide managed security services to smalland medium businesses.

Trend Micro Remote Manager enables you to monitor the health of multiple managednetworks through multiple, managed products and services. Trend Micro RemoteManager allows reseller administrators to issue commands to manage critical aspects ofnetwork security.

Trend Micro Remote Manager is hosted on regional Trend Micro Data Center serverswhere resellers obtain an account. Resellers can use Trend Micro Remote Manager toestablish customer accounts, monitor customer networks, and manage security using theTrend Micro Remote Manager web console.

Remote Manager offers a structured view of customer networks and allows resellers toissue commands and manage the following aspects of network security:

• Component updates and updates to the managed server

• Vulnerability assessment

• Damage cleanup

• Automatic outbreak response

• Firewall and Real-time Scan settings

• Manual scans

Trend Micro Remote Manager also supports comprehensive reporting features andallows resellers to subscribe individuals to automatically generated reports.

What's NewRelease Date: September 2017

The following table outlines the new features and enhancements in Trend Micro™Remote Manager™.

Introduction

1-3

Feature Description

RedesignedDashboard

The Remote Manager redesigned dashboard provides a quick view ofthe security, system, and license statuses of all customers.

For more information, see Understanding the Dashboard on page14-1.

OverallDetectionswidget

This interactive widget provides an overview of all the threat detectionsand policy violations across the network during the selected period.Access links to additional data views and detailed event logs directlyfrom the widget.

For more information, see Overall Detections Widget on page 14-9.

EnhancedNotificationCenter

Access the Notification Center through the Customers withNotifications widget, which provides a quick way to identifycustomers with “Action required” or “Warning” events. TheNotification Center allows you to view detailed logs of customerevents.

For more information, see Notification Center on page 14-30.

Customizableemail contentfor Worry-FreeBusinessSecurityServices andCloud Edge

You can customize individual email messages for “Action required” or“Warning” events. Specify recipients, message content, messagefrequency, and more.

For more information, see Customizing Email Notification Content onpage 17-10.

Mass policydeployment

Remote Manager provides you the ability to configure a single Worry-Free Business Security Services policy and deploy the settings tomultiple customers in one batch deployment.

For more information, see Mass Policy Updates to Multiple Customerson page 2-10.

FeaturesTrend Micro Remote Manager offers the following features.


1-4

Table 1-1. Remote Manager Features

Feature Description

Integrated Platform Remote Manager works in parallel with Trend Micro™ LicensingManagement Platform, but with a more robust interface. You cando the following from the Remote Manager portal:

• Create new accounts

• Renew licenses for individual accounts

• Add more seats

Remote Manager also monitors and manages multiple protectednetworks from a single console by communicating with a RemoteManager Agent that runs on the managed servers. In addition,Remote Manager also offers event monitoring based on keysecurity indicators.

Dashboard Widgets Customize the widgets on the dashboard page. These widgetscan let you know if you need to renew licenses, add moreallocated seats, or even let you know which customers experiencethe most threats.

CustomizableSettings for NewAccounts

When creating accounts, you can customize the basic defaultsettings that new accounts will use by default or select thesettings from templates you have configured and saved.

Security Status The Remote Manager Events screen provides the status of thefollowing aspects of network security:

• Worry-Free Business Security Standard and Advanced

• Anti-spam

• Behavior Monitoring

• Device Control (versions 7.x, 8.x and 9.x only)

• Network Virus

• Outbreak Defense

• Spyware/Grayware

• URL Filtering (versions 6.x and up only)

• Virus/Malware

Introduction

1-5

Feature Description• Web Reputation

• Worry-Free Business Security Services

• Application Control


• Network Virus


• Predictive Machine Learning


• URL Filtering

• Virus/Malware

• Web Reputation

• Hosted Email Security

• Accepted Email Message Size

• Threat Summary

• Top Spam Recipients

• Top Virus Recipients

• Total Email Message Traffic

• Cloud App Security

• Antivirus

• File Blocking

• Virtual Analyzer

• Web Reputation

• Cloud Edge

• Botnet

• C&C callback

• Intrusion Prevention System (IPS)


1-6

Feature Description• Predictive Machine Learning

• Ransomware



• Virus/Malware

• Web Reputation

• InterScan Web Security as a Service

• Anti-spyware

• App Control

• Antivirus

• URL Filtering

• Web Reputation

Remote Manager provides details about these aspects includingstatistical data such as the number of infected computers andvirus/malware incidents. Reseller administrators can also checkdetailed information including the names of affected computers orthe threats.

System Status Reseller administrators can check the following system-relatedaspects of network security through the Remote Manager Eventsscreen:

• Smart Protection Services

• Component updates

• Disk Shortage

• Device/agent offline

• Cloud email scanning availability

• AD/LDAP Sync Issues

• Firmware Update

• Resource Shortage

Introduction

1-7

Feature Description• Account sync issues

License Status Reseller administrators can view the following license-relateddetails:

• Total seats purchased

• Number of seats in use

• Expired licenses, including date of expiry

• Expiring licenses, including number of days before expiration

NetworkManagement

Remote Manager offers a structured view of managed networksand allows reseller administrators to issue commands andmanage the following critical aspects of network security:

• Component updates and updates to the managed server

• Vulnerability assessment

• Automatic outbreak response

• Damage cleanup

• Firewall and Real-time Scan settings

• Manual scans

Reporting In addition to notifications for security events, Remote Managercan automatically generate and send reports at regular intervals.You can create the reports according to customer, product,frequency, and content and saved in various formats.

Integration withThird-Party Tools

Enable log monitoring using third-party tools, includingAutotask™, Kaseya™, or ConnectWise™ to standardize the tasksand processes you monitor.

FeedbackSubmission

Trend Micro would like to provide the best and most usefulplatform for the users. However, Trend Micro does not know whatservices or features are important to you. And to this end, RemoteManager welcomes your feedback and suggestions through theSubmit Feedback button, which is accessible and visible fromthe banner. Trend Micro can then process and determine whichfeatures would help the most number of users.


1-8

Browser Requirements• Connection to the Internet

• Remote Manager account information from Trend Micro

• Supported browsers:

• Latest Google™ Chrome™ version (Recommended)

• Latest Firefox™ version

• Microsoft Edge

• Internet Explorer™ 11

Supported ProductsThe following table lists the Trend Micro products and product versions that TrendMicro Remote Manager can monitor.

Product Supported Versions

Trend Micro CloudApp Security

Latest version

For more information, see Cloud App Security in RemoteManager on page 4-1.

Trend Micro CloudEdge

Latest version

For more information, see Cloud Edge in Remote Manager onpage 5-1.

Trend Micro HostedEmail Security™

Latest version

For more information, see Hosted Email Security in RemoteManager on page 6-1.

Trend MicroInterScan WebSecurity as aService™

Latest version

For more information, see InterScan Web Security as a Service inRemote Manager on page 7-1.

Introduction

1-9

Product Supported Versions

Worry-FreeBusiness Security™Standard (formerlyClient Server Suite)

6.x, 7.x, 8.x, 9.x

For more information, see Worry-Free Business Security inRemote Manager on page 8-1.

Worry-FreeBusiness SecurityAdvanced (formerlyClient ServerMessaging Suite)

6.x, 7.x, 8.x, 9.x

For more information, see Worry-Free Business Security inRemote Manager on page 8-1.

Worry-FreeBusiness SecurityServices

Latest version

For more information, see Worry-Free Business Security Servicesin Remote Manager on page 9-1.

Trend Micro Remote Manager also integrates with the following third-party tools toprovide alternative methods of managing your Trend Micro products:

Third-party Tools Reference

Autotask™ AutoTask Support on page 10-1

ConnectWise™ ConnectWise Support on page 11-1

Kaseya™ Kaseya Support on page 12-1

LabTech™ LabTech Support on page 13-1

Overall InfrastructureTrend Micro Remote Manager consists of three basic parts:

• The partner

• The Trend Micro data center

• The customer network


1-10

Figure 1-1. Remote Manager overall architecture

The partner accesses a Trend Micro Data Center (currently on different continents)through the Remote Manager web console via the Internet. The partner does not needto install anything to be able to use the product. The partner must add and configureeach customer on the Remote Manager web console before the partner can managecustomer accounts.

Each Worry-Free Business Security Standard and Advanced managed server hasa Remote Manager Agent installed which allows communication to and fromthe Remote Manager servers. The Remote Manager Agent, which can be installed fromthe Remote Manager web console, runs on the Worry-Free Business Security Standardand Advanced managed server inside the customer’s network. The Remote Manager

Introduction

1-11

Agent sends information to the Remote Manager server where you can access the datafrom your console 24/7 using an Internet connection.

Worry-Free Business Security Services (WFBS-SVC) and Hosted Email Security (HES)are both hosted on the Trend Micro Data Center. InterScan Web Security as a Service(IWSaaS), Cloud App Security (CAS), and Cloud Edge (CE) are all hosted on the cloud.WFBS-SVC, HES, IWSaaS, CAS, and CE all send data directly to the Remote Managerserver.

Key TerminologyKnowing the following terms can help you work with Remote Manager more efficiently:

Term Definition

Agent Installed on Worry-Free Business Security Standard andAdvanced servers, this program allows Remote Manager tomonitor and manage Worry-Free Business Security Standardand Advanced.

Assessment Regular checks done on data collected from customer networksto determine the health of monitored networks. These checksuse key indicators called assessment indexes.

Assessmentindexes

The basis for security assessments; reseller administrators cancustomize these indexes individually to control assessmentintervals, ranges, and notifications.

Client SecurityAgent (CSA)

The Agent that reports to the Worry-Free Business Securityserver. The CSA sends event status information in real time.Agents report events such as threat detection, Agent startup,agent shutdown, start of a scan, and completion of an update.The CSA provides three methods of scanning: real-time scan,scheduled scan, manual scan. You can configure scan settingson Agents from the web console.

Dashboard The dashboard in Remote Manager is the main screen (Hometab) that displays the web console and the widgets.


1-12

Term Definition

Detection The discovery of a threat; a detection does not constitute asystem infection, but simply indicates that malware has reachedthe computer. The detection of the same threat on differentcomputers can constitute an outbreak.

Event The occurrence of a condition in a monitored domain.

Globally UniqueIdentifier (GUID) orAuthorization Key

A unique reference number used as an identifier in computersoftware.

Infection The condition in which a threat is able to run its payloads in acomputer; Remote Manager considers an infection to haveoccurred whenever the antivirus scanner detects a virus/malware and is unable to clean, delete, or quarantine the threat.A spyware/grayware infection occurs when the computer cannotbe completely cleaned unless it is restarted.

managed product /services

Any Trend Micro product or service that Remote Managersupports

Messaging SecurityAgent (MSA)

The Agent that resides on Microsoft Exchange Servers andreports to Client Server Messaging and Worry-Free BusinessSecurity Advanced servers. This Agent protects against virus/malware, Trojans, worms and other email born threats. It alsoprovides spam blocking, content filtering, and attachmentblocking.

Reseller Generic term to refer to organizations that directly providesecurity monitoring and management services to customers inRemote Manager.

Reselleradministrators

Administrators in the reseller side that perform service-relatedtasks using Remote Manager.

Trend Micro DataCenter

The Trend Micro monitoring and management center that hostsRemote Manager (and Hosted Email Security) servers andprovides support to reseller administrators.

Security Server The Worry-Free Business Security Standard and Advancedserver computer.

Introduction

1-13

Term Definition

Virus alert A state of vigilance that is declared by TrendLabs℠ to preparecustomer networks for a virus outbreak; TrendLabs alertsdifferent Trend Micro products and delivers preventive solutionsthat IT administrators can implement as a first line of defensebefore a pattern becomes available.

Virus outbreak The rapid propagation of a virus threat to different computersand networks; depending on the prevalence of the threat, anoutbreak can be internal, regional, or global.

Part IIManaging Customers

2-1

Chapter 2

Remote Manager CustomersThis section contains the following topics:

• Customers Overview on page 2-2

• Adding Customers on page 2-6

• Assigning Default Settings Templates to Existing Customers on page 2-8

• Mass Policy Updates to Multiple Customers on page 2-10

• Merging Multiple Remote Manager Accounts in Licensing Management Platform on page 2-24


2-2

Customers OverviewThe Customers screen provides a list of all previously configured customers that yourcompany manages. You can use this screen to view basic customer contact informationand identify whether customers require immediate attention regarding notable threat,system, or licensing events.

TipYou can filter the Customers list using the search pane to the right of list.

For more information, see Filtering the Customers List on page 2-5.

The following table outlines the tasks available on the Customers screen.

Task Description Applicable For

Add newcustomers

Click New Customer to set up a company profileand user account, assign a service plan, andconfigure default product settings.

For more information, see Adding Customers onpage 2-6.

• CustomerLicensingPortalaccounts

• LicensingManagementPlatformaccounts

Remote Manager Customers

2-3


Delete existingcustomers

Select an existing customer and click Delete toremove the customer account from theCustomers list.

NoteAll products must be removed from theselected customer before the customer canbe deleted.

WARNING!Once customer accounts are deleted, theycannot be recovered.


Assign defaultproducttemplates toexistingcustomers

Select an existing customer and click AssignTemplate to choose from preconfigured productsettings.

NoteRemote Manager only supports defaultproduct templates for Worry-Free BusinessSecurity Services and Cloud Edge.

For more information, see Assigning DefaultSettings Templates to Existing Customers onpage 2-8.


Deploy policysettings tomultiplecustomers

Select existing customers and click PolicySettings to select from the available Worry-FreeBusiness Security Services policies that you canapply to all selected customers.

For more information, see Mass Policy Updates toMultiple Customers on page 2-10.


Update CloudEdge devicefirmware

Select existing Cloud Edge customers and clickUpdate Firmware. Remote Manager notifies anyselected Cloud Edge customers requiring afirmware update to obtain the update package.



2-4


Renew productlicenses

Select existing customers and click RenewLicense. Remote Manager allows you to renewany customers with expired licenses.

For more information, see Renewing Licenses onpage 3-14.


Exportcustomerinformation

• Select customers and click Export to save aCSV file with the selected customerinformation

• Click Export All to save a CSV file with alldisplayed customer information



ChangeRemoteManagerCustomersview settings

Click Settings to change whether RemoteManager displays all customers with LicensingManagement Platform accounts or only thosecustomers with products managed by RemoteManager.


Customers DataThe Customers screen provides you with basic customer information and displays asummary count of important events affecting your customers.

ImportantTo modify individual customer information, you must sign in with a LicensingManagement Platform account and click the Licensing Management Platform link atthe top right corner of the screen. You cannot modify customer information directly fromthe Remote Manager console.


2-5

Table 2-1. Customers Data

Item Description

Company The name of the company as configured in LicensingManagement Platform

Click the Company name to manage individual customer andlicensing settings.

For more information, see Individual Customer Settings on page3-1.

Contact Person The contact name for the company as configured in LicensingManagement Platform

Phone The contact phone number for the company as configured inLicensing Management Platform

Products A comma-separated list of all products licensed by the company

Threat and SystemEvents

A summary count of all “Action required” (red) and “Warning”(yellow) threat or system events currently affecting the customer

Click the count to open the <Customer> screen and view specificdetails regarding the event type.

For more information, see Managed Product Events on page15-3.

License Events A summary count of all “Action required” (red) and “Warning”(yellow) licensing events currently affecting the customer

Click the count to open the <Customer> screen and view specificdetails regarding the event type.

For more information, see Renewing Licenses on page 3-14.

Last Transaction The last date and time that an event change (e.g. a licensetransaction or a system threat) occurred for the customer.

Filtering the Customers ListFilter the Customers list using the search pane on the right-hand side of the screen.


2-6

Procedure

1. Go to Customers.

2. On the right-hand side, select one or more fields from the search pane.

Note

The Threat Categories, System Events, and License Events options in the drop-down menus do not change based on your Products selection. If you select a searchoption that is incompatible with the product you selected, it is the same as selectingan additional product.

For example, selecting Products > Hosted Email Security (HES) and SystemEvents > Cloud email scanning is the same as selecting both Hosted EmailSecurity (HES) and Cloud Edge (CE) from the Products drop-down.

3. (Optional) Click Export to generate a CSV file of your filtered customers.

Adding CustomersYou should identify basic customer information before you create the customer account.Fields to note include First and Last Name (as it will appear on reports andnotifications), Time zone (of the customer), and Language (in which the customer willreceive reports and notifications). Before you add a customer and install the Agent onthe managed server, make sure you have written approval to perform tasks to access,monitor, and manage the customer's resources.

Procedure

1. From the Remote Manager web console banner, click New Customer.

Note

You can click New Customer from the Banner, or from the Customers tab.

2. Provide the customer information.


2-7

Figure 2-1. Customer Info Screen

3. Click Next >.

4. Assign a service plan, license start date, and the number of units per license.

5. Set up the product default settings for this account. These are:

NoteThis feature is only for Worry-Free Business Security Services and Cloud Edge.

• Basic product settings: Configure only the settings on this screen that newcustomer accounts will use.


2-8

Figure 2-2. Basic product settings

• Templates: Use this option to select a default setting template. Configure thesettings from Admin > Configure default settings template.

6. Verify all the information and then click Done.

NoteAfter adding the customer, profile changes can only be made from the Trend MicroLicensing Management Platform.

Assigning Default Settings Templates toExisting Customers

Default settings templates are available only if Trend Micro Remote Manager integrateswith Licensing Management Platform.

You can assign default settings templates to existing customers to enable ransomwareprotection by assigning default templates with Behavior Monitoring enabled.

For more information on the configurable settings, refer to the product documentation.


2-9

http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services.aspx

Note

Templates can only be assigned to companies using Worry-Free Business Security Services.

Procedure

1. Go to Customers.

The Customers screen appears.

2. Select one or more customers from the Company list.

3. Click the Assign Template tab.

The Assign Template screen appears.

4. Select a template from the list.



2-10

5. Click Next >.

The confirmation screen appears listing only companies with supported products.

6. Click Assign.

The templates are successfully assigned to the selected customers.

Mass Policy Updates to Multiple CustomersRemote Manager provides you the ability to configure a single Worry-Free BusinessSecurity Services policy and deploy the settings to multiple customers in one batchdeployment. Depending on the policy type, you can deploy policies to specific devicegroups per customer or update customers' global settings for later use. Deployingpolicies to multiple customers and customer device groups reduces the overhead ofmanually configuring lists on a per customer basis.

Remote Manager provides the following mass policy deployment options:

• Configuring the Approved/Blocked URLs List on page 2-11

• Configuring the Antivirus Exclusions for Real-time Scans on page 2-13

• Configuring the Behavior Monitoring Exception List on page 2-16

• Configuring the Predictive Machine Learning Exception List on page 2-18

• Configuring Predictive Machine Learning Settings on page 2-19

• Configuring Ransomware Settings on page 2-21


2-11

Configuring the Approved/Blocked URLs ListYou can configure the Approved/Blocked URLs list for your Worry-Free BusinessSecurity Services customers and deploy the list to multiple customers, device groups, orat the global settings level.

NoteDeploying the Approved/Blocked URLs list policy settings to specific device groupsautomatically enables the customized approved/blocked URLs list on Security Agents.

For more information, see the Worry-Free Business Security Services Online Help.

Note

• The policy configuration settings for the Approved URLs list apply to both the WebReputation and URL Filtering features.

• The policy configuration settings for the Blocked URLs list only apply to the URLFiltering feature.

Procedure

1. Go to Customers.


3. Click Policy Settings and select Approved/Blocked URLs List.

The Approved/Blocked URLs List screen appears.

4. Select the Targets for the policy settings.

• Customers (Global Settings): Applies changes only to the global settings forthe selected customers in the list

ImportantAny changes made to the global settings do not apply to any preexisting devicegroups. You must select Device Groups to immediately apply changes toexisting device groups.


2-12

• Device groups: Applies changes to the selected device groups in the list

NoteTo select specific types of device groups, use the Select Groups drop-downbutton to select or remove device groups from the policy setting. By default,Remote Manager selects all device groups for all customers.

5. Click Configure Policy >.

6. Configure the policy settings for the Approved List and Blocked List.

a. Use the drop-down box to specify how changes affect each list.

• Select an action: The default setting which does not apply any changesthe current policy settings

• Append: Remote Manager adds the specified items to the existing list

• Delete: Remote Manager removes the specified items from the existinglist

NoteIf Remote Manager does not locate the specified item in the existing list,Remote Manager does not perform any action on the list.

• Overwrite: Remote Manager deletes all items from the existing list andreplaces the list with the specified items

WARNING!You cannot undo this action. If you choose to replace the entire list, youcannot recover the previous list items.

b. Type the URLs that apply to the policy.

NoteIf the number of entries added to the Approved/Blocked URLs list causes thelist to exceed the maximum allowable value, then the list deployment will fail.


2-13

Specify multiple entries using the space character, comma (,), semicolon (;), orENTER key.

URLs can use an asterisk (*) as a wildcard (the asterisk matches zero or morecharacters).

7. Click Deploy Policy Settings.

Remote Manager deploys the changes to the specified customers or device groups.You can monitor the status of the policy deployment from the Administrationlogs.

For more information, see Viewing Administration Logs on page 17-23.

Configuring the Antivirus Exclusions for Real-time Scans

You can configure the Antivirus Exclusions list for your Worry-Free Business SecurityServices customers and deploy the list to multiple customers or device groups.

Note

Enabling Antivirus Exclusions automatically enables real-time antivirus and antispywarescanning on the affected Security Agents.

Procedure

1. Go to Customers.


3. Click Policy Settings and select Antivirus Exclusions.

The Antivirus Exclusions screen appears.

4. Select the customers or specific device groups that you want to configure.


2-14

Note

To select specific types of device groups, use the Select Groups drop-down buttonto select or remove device groups from the policy setting. By default, RemoteManager selects all device groups for all customers.


6. Use the drop-down box to specify how changes affect each list.

• Select an action: The default setting which does not apply any changes thecurrent policy settings

• Enable Antivirus Exclusions: Remote Manager enables antivirus exclusionsfor the selected device groups.

The Exclusions for Windows and Exclusions for Mac sections appear.

• Disable Antivirus Exclusions: Remote Manager disables antivirusexclusions for the selected device groups.

7. In the Exclusions for Windows and Exclusions for Mac sections:





Note

If Remote Manager does not locate the specified item in the existing list,Remote Manager does not perform any action on the list.



2-15

WARNING!

You cannot undo this action. If you choose to replace the entire list, youcannot recover the previous list items.

b. Type the necessary exclusions in the following fields:

• Directory path: Excludes the specified directory and all sub-directories

Important

Mac devices do not support the directory path list.

Note

Directory path entries can use an asterisk (*) as a wildcard.

• File name or file name with full path: Excludes the specified filebased on file name or file name with full path

Note

File name and file name with full path entries can use an asterisk (*) as awildcard.

• File extension: Excludes all files with the specified extension

Note

File extensions are entered in the field without a period. E.g. txt, not .txt.

Specify multiple entries using the semicolon (;) or ENTER key.





2-16

Configuring the Behavior Monitoring Exception List

You can configure the Behavior Monitoring Exception List for your Worry-FreeBusiness Security Services customers and deploy the list to multiple customers or devicegroups.

Important

When deploying the Behavior Monitoring Exception List settings, be aware of thefollowing:

• For the Device (Default) group, Security Agents automatically enable BehaviorMonitoring.

• For the Server (Default) group, Security Agents automatically enable BehaviorMonitoring and the Unauthorized Change Prevention Service.

• For manual groups:

• Security Agents installed on desktop platforms automatically enable BehaviorMonitoring.

• Security Agents installed on server platforms automatically enable BehaviorMonitoring, but you must manually enable the Unauthorized Change PreventionService using the Worry-Free Business Security Services console.


Procedure

1. Go to Customers.


3. Click Policy Settings and select Behavior Monitoring Exception List.

The Behavior Monitoring Exception List screen appears.



2-17

NoteTo select specific types of device groups, use the Select Groups drop-down buttonto select or remove device groups from the policy setting. By default, RemoteManager selects all device groups for all customers.


6. Configure the policy settings for the Approved Program List and/or the BlockedProgram List.





NoteIf Remote Manager does not locate the specified item in the existing list,Remote Manager does not perform any action on the list.


WARNING!You cannot undo this action. If you choose to replace the entire list, youcannot recover the previous list items.

b. Type the full program paths that apply to the policy.





2-18


Configuring the Predictive Machine Learning ExceptionList

You can configure the Predictive Machine Learning Exception List for your Worry-FreeBusiness Security Services customers and deploy the list to multiple customers at theglobal settings level.

Important

Any changes made to the global settings do not apply to any preexisting device groups.

Procedure

1. Go to Customers.


3. Click Policy Settings and select Predictive Machine Learning Exception List.

The Predictive Machine Learning Exception List screen appears.

4. Select the customers that you want to configure.


6. Configure the policy settings for the Predictive Machine Learning Exception List.

a. Use the drop-down box to specify how changes affect the list.





2-19

Note

If Remote Manager does not locate the specified item in the existing list,Remote Manager does not perform any action on the list.


WARNING!

You cannot undo this action. If you choose to replace the entire list, youcannot recover the previous list items.

b. Type the SHA-1 file hashes that apply to the policy.



Remote Manager deploys the changes to the specified customers. You can monitorthe status of the policy deployment from the Administration logs.


Configuring Predictive Machine Learning SettingsYou can configure the Predictive Machine Learning Settings list for your Worry-FreeBusiness Security Services customers and deploy the list to multiple customers or devicegroups.

Note

Predictive Machine Learning requires a functional Internet connection to connect to theSmart Protection Network.

Procedure

1. Go to Customers.


2-20


3. Click Policy Settings and select Predictive Machine Learning Settings.

The Predictive Machine Learning Settings screen appears.


Note

To select specific types of device groups, use the Select Groups drop-down buttonto select or remove device groups from the policy setting. By default, RemoteManager selects all device groups for all customers.


6. Select the Action to apply to the policy.


• Enable Predictive Machine Learning: Enables Predictive MachineLearning on the selected device groups

The Detection Settings section appears.

• Disable Predictive Machine Learning: Disables Predictive MachineLearning on the selected device groups

7. Under Detection Settings, select the type of detections and related action thatPredictive Machine Learning takes.

Detection Type Actions

File • Quarantine: Select to automatically quarantine files thatexhibit malware-related features based on the PredictiveMachine Learning analysis

• Log only: Select to scan unknown files and log thePredictive Machine Learning analysis for further in-houseinvestigation of the threat


2-21

Detection Type Actions

Process • Terminate: Select to automatically terminate processesor scripts that exhibit malware-related behaviors basedon the Predictive Machine Learning analysis

ImportantPredictive Machine Learning attempts to clean thefiles that executed the malicious processes. If theclean action is unsuccessful, the managed productquarantines the affected files.

• Log only: Select to scan unknown processes or scriptsand log the Predictive Machine Learning analysis forfurther in-house investigation of the threat




Configuring Ransomware SettingsYou can configure ransomware settings for your Worry-Free Business Security Servicescustomers and deploy the settings to multiple customers or device groups.


2-22

ImportantWhen deploying ransomware settings, be aware of the following:

• For the Device (Default) group, Security Agents automatically enable BehaviorMonitoring.

• For the Server (Default) group, Security Agents automatically enable BehaviorMonitoring and the Unauthorized Change Prevention Service.

• For manual groups:

• Security Agents installed on desktop platforms automatically enable BehaviorMonitoring.

• Security Agents installed on server platforms automatically enable BehaviorMonitoring, but you must manually enable the Unauthorized Change PreventionService using the Worry-Free Business Security Services console.


Procedure

1. Go to Customers.


3. Click Policy Settings and select Ransomware Settings.

The Ransomware Settings screen appears.


NoteTo select specific types of device groups, use the Select Groups drop-down buttonto select or remove device groups from the policy setting. By default, RemoteManager selects all device groups for all customers.


6. Select the Action to apply to the policy.



2-23

• Enable Ransomware Protection: Enables ransomware protection on theselected device groups

The Settings section appears.

• Disable Ransomware Protection: Disables ransomware protection on theselected device groups

7. When enabling ransomware protection, select which ransomware protectionfeatures you want to apply.

• Enable document protection against unauthorized encryption ormodification: Stops potential ransomware threats from encrypting ormodifying the contents of documents

• Automatically back up and restore files modified by suspiciousprograms: Creates backup copies of files being encrypted on endpointsto prevent any loss of data if the managed product detects a ransomwarethreat

Note

Automatic file backup requires at least 100 MB of disk space on the agentendpoint and only backs up files that are less than 10 MB in size.

• Enable blocking of processes commonly associated with ransomware:Blocks processes associated with known ransomware threats before anyencryption or modification of documents can occur

• Enable program inspection to detect and block compromisedexecutable files: Program inspection monitors processes and performs APIhooking to determine if a program is behaving in an unexpected manner.Although this procedure increases the overall detection ratio of compromisedexecutable files, it may result in decreased system performance.




2-24


Merging Multiple Remote Manager Accounts inLicensing Management Platform

If you manage other Trend Micro Remote Manager accounts that have not migrated tothe new Licensing Management Platform, you can merge those accounts with thecurrent one.

Procedure

1. Sign into a Remote Manager account that has been migrated to LicensingManagement Platform.

The Dashboard screen opens.

2. Click the arrow next to the sign in name and click Merge Another Account >Yes.

WARNING!If you merge an account to the current one, all data from the other account will bemoved. For example, if you are currently signed in as admin1 and you mergeadmin2 to the admin1 account, all the data from the admin2 account will bedeleted from the admin2 account. This data has been merged with the admin1account. You will still be able to open the admin2 account but all the data will be inthe admin1 account.

3. Enter the user name and password of the account you want to merge with thecurrent one.

4. Click Merge.

Wait a couple of minutes for the data to be merged.


2-25

What to do next

After migrating the account, you will always see the following when adding a newcustomer:

• With an active Licensing Management Platform account: If the new customeralready has an account in Licensing Management Platform.

• With existing product servers that need to be connected to this account: Ifthe new customer has a product/service but the account has not been integratedinto Licensing Management Platform.

3-1

Chapter 3

Individual Customer SettingsThis section contains the following topics:

• Customer Information on page 3-2

• Customer Products on page 3-3

• Customer Licenses on page 3-13

• Company Profile on page 3-16

• Contact Information on page 3-16

• Customer Notifications on page 3-17

• ConnectWise Settings for Individual Customers on page 3-19


3-2

Customer InformationThe <Customer> screen consists of multiple tabs that allow you to view individualcustomer information regarding associated products, licenses, company data,notifications, and ConnectWise settings.

Table 3-1. Customer Tabs

Tab Description

Products Provides a list of all products associated with the customeraccount and displays a list of all product-related events that mayrequire immediate attention

You can use the Products tab to configure individual productsettings.

NoteIf any products have “Action required” (red) or “Warning”(yellow) events, Remote Manager displays a summarycount directly on the tab.

For more information, see Customer Products on page 3-3.

Licenses Provides a list of all products and service plans associated withthe customer account

NoteIf any products have “Expired” (red) or “Expiring soon”(yellow) events, Remote Manager displays a summarycount directly on the tab.

For more information, see Customer Licenses on page 3-13.

Company Profile Displays general information about the company as configured inLicensing Management Platform

For more information, see Company Profile on page 3-16.

Individual Customer Settings

3-3

Tab Description

Contact Information Displays contact information about the customer as configured inLicensing Management Platform

For more information, see Contact Information on page 3-16.

Notification Displays all notification configuration settings for the customer

For more information, see Customer Notifications on page 3-17.

ConnectWise Displays the ConnectWise integration settings for the customer

For more information, see ConnectWise Settings for IndividualCustomers on page 3-19.

Customer ProductsThe customer Products tab displays all products currently associated with the customeraccount and lists all related event notifications.

TipYou can filter the Notification Events list using the View by drop-down boxes above thetable.

The following table outlines the tasks available on the Products tab.

Task Description

Add new products Click the Add button to assign new products and service plans tothe customer.

For more information, see Adding New Products Using aLicensing Management Platform Account on page 3-8 orAdding New Products Using a Customer Licensing Portal Accounton page 3-11.


3-4

Task Description

Manage productsettings

Select a product in the product tree to display event notificationsand configuration settings specific to that product

For more information, see specific product setting information forthe following products:

• Cloud App Security on page 4-2

• Cloud Edge on page 5-2

• Hosted Email Security on page 6-2

• InterScan Web Security as a Service on page 7-2

• Worry-Free Business Security on page 8-2

• Worry-Free Business Security Services on page 9-2

For more information about the icons that display in the producttree, see Network Tree Status Icons on page 3-12.

View threat andsystem eventnotifications

By default, Remote Manager displays all event notifications for allproducts associated with the customer account. To view eventnotifications for a specific product, select the product from theproduct tree.

For more information, see Managed Product Events on page15-3.

To view details about a specific event, click the Occurrencescount.

Product/Service InformationThe dashboard lists only customers that need attention. To get details for any product,including those that are not listed on the dashboard, go to the Customers tab andaccess the product on the customer tree.

Click Customers > {customer} > {product} to display additional information.

NoteThe displayed options differ for each product/service.


3-5

Product Options

Cloud App Security • Events: Displays system and threat events

• Users: Allows you to create or delete Cloud App Securityusers, and reset users' passwords

Cloud Edge • For service plans:

• Events: Displays a summary of events from all CloudEdge devices in the service plan

• Firmware Updates: Displays the current firmwareversion of each device and the latest available version;provides the option to manually update firmware

• Devices: Displays the name and serial number of eachregistered device

• For registered devices:

• Events: Displays system and threat events

• Components: Displays the current version of eachcomponent, the latest available version, and the date ofthe last update

• Network: Displays the user name, remote IP address,and MAC address of endpoints that connected to thenetwork through the Cloud Edge device

• VPN: Displays the user name, remote IP address, andvirtual IP address of endpoints that connected to thenetwork through a Virtual Private Network and the CloudEdge device

NoteTo make more detailed changes, access the Cloud Edgeconsole.


3-6

Product Options

Hosted EmailSecurity

• Live Status: Displays the latest Hosted Email Securityinformation.

• Policy Settings: Lists all the available policies.

• Approved Senders: Lists all senders that are not subject toIP reputation-based, spam, phish, or marketing messagefiltering.

• Blocked Senders: Lists all the addresses or domains thatwill blocked from sending messages.

NoteTo make more detailed changes, access the Hosted EmailSecurity console.

InterScan WebSecurity as aService

Displays the latest InterScan Web Security as a Service threatand system information.

NoteTo make more detailed changes, access the InterScan WebSecurity as a Service console.


3-7

Product Options

Worry-FreeBusiness Security

• Events: Lists system and threat events that may or may notneed an action.

• Groups: Lists the different groups configured on the server.You can request to start or stop a scan from here.

• Domain Settings: Configure settings for the entire domain.

Refer to the Trend Micro Worry-Free Business Securitydocumentation for detailed information:

http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx.

NoteSecurity settings of individual groups cannot beconfigured from here. You will need to access theWorry-Free Business Security console to make thesechanges.

• Managed Server: Displays all the details of the server. Youcan request to update the server and update agents fromhere.

• TMRM Agent: Contains general information about the TrendMicro Remote Manager agent including the availability, theGlobally Unique Identifier (GUID) or Authorization Key, andthe IP address.

• Devices: Lists the name, IP Address, online/offline status,and details of the scan engine, pattern file, and the platform.

NoteYou can see Devices and Security Settings once youexpand the product and click Servers or Desktops.

• Security Settings: Configure the security settings of aparticular group (applicable only for Worry-Free BusinessSecurity 6.0 and above). Refer to the Trend Micro Worry-FreeBusiness Security documentation for detailed information.

http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx





3-8

Product Options


• Events: Lists system and threat events that may or may notneed an action.

• Groups: Lists the configured groups and the types.

• Devices: Lists the name, IP Address, online/offline status,and details of the scan engine, pattern file, and the platform.

NoteYou can see Devices and Security Settings once youexpand the product and click Servers or Desktops.

• Security Settings: Configure the security settings of Worry-Free Business Security Services. Refer to the Trend MicroWorry-Free Business Security Services documentation fordetailed information:


NoteTo make more detailed changes, access the Worry-FreeBusiness Security Services console.

Adding New Products Using a Licensing ManagementPlatform Account

Procedure

1. Go to Customers > {customer name} > Products > Add.




3-9

2. Specify the service plan, the start date, and the units per license.

3. Click Next > or Save.

4. Configure the default settings for the product. You can choose one of thefollowing:

NoteThis feature will show only if you selected Worry-Free Business Security Services.


3-10

• Basic: Configure only the settings shown.

• Approved List for Web Reputation and URL Filtering

NoteIf you are adding a URL to the Approved list, make sure it has not beenadded to the Blocked List, and vice versa.


3-11

• Blocked List for URL Filtering

• Scheduled Scan for the Server and device

• Templates: Go to Administration > Configure default setting templatesto set up more settings, using a console similar to Worry-Free BusinessSecurity.

5. Click Save.

The product/service is added and the details of the addition appear.

Note

If you are adding a Worry-Free Business Security product, make note of the Worry-Free Business Security Activation Code and complete the installation in the LicensingManagement Platform console.

6. Click Connect to get information on how to connect the product/service to theconsole.

Adding New Products Using a Customer Licensing PortalAccount

You can only add the following products using a CLP account:


• Worry-Free Business Security


Procedure

1. On the Remote Manager console, go to Customers > [customer] > Products >Add.

The Add Product screen appears.


3-12

2. In the Product type drop-down, select the product you want to register to thecustomer.

3. Type a Product description.

4. Click Save.

A confirmation screen appears with further instructions.

5. Copy the “Authorization Key” or “GUID” that you must use to register themanaged product to Remote Manager.

6. On the managed product console, go to Administration > Trend Micro RemoteManager.

7. Provide the “Authorization Key” or “GUID” in the available field.

8. Click Connect.

The managed product connects to Remote Manager and registers to the previouslyselected customer account.

Verify that the registration of the managed product was successful by opening theRemote Manager console and viewing the customer product list.

Network Tree Status IconsOn the left side of the Product tab, the screen displays a tree representation of yourcustomer's products.

Table 3-2. Network tree objects

Icon NetworkObject Description

Product/service This product/service is not connected to RemoteManager.

Product/service This product/service is connected to RemoteManager.

Device The device is offline.


3-13

Icon NetworkObject Description

Device The device is online.

Group Desktop Group

Group Worry-Free Business Security Services device groupcomprised of different device types.

Exchange server Exchange Server computer; this computer runs theMessaging Security Agent (MSA).

Group Server Group; this group manages several ClientSecurity Agents (CSAs).

Customer LicensesThe customer Licenses tab displays all products currently licensed to the customeraccount and the current status of each license.

The following table outlines the tasks available on the Licenses tab.

Task Description

Renew licenses Select products and click the Renew License button to extendthe licensing period of the selected products.

For more information, see Renewing Licenses on page 3-14.

Modify seatallocation

Select products and click the Modify Seat Allocation button tochange the number of seats associated with each service plan.

For more information, see Modifying Seat Allocation on page3-15.

The following table outlines the information displayed in the Licenses table.


3-14

Item Description

Status icon The status icon provides a quick way to identify issues withlicenses

• : Normal

• : Expiring soon

• : Expired

• : Exceeded allocation

Product Indicates the product name

Click the available link to single-sign on to the product console.

Service Plan Indicates the service plan associated with the product

Provisioned Indicates the number of seats allocated to the product

Used Indicates the number of seats that the customer has activated

Expiration Date Indicates the expiration date of the license

Auto-renew Indicates whether the license automatically extends the licensingperiod

Renewing LicensesRenew licenses for customers you manage.

NoteThis feature is only applicable if you are using an account that has been integrated with theTrend Micro Licensing Management Platform.

Procedure

1. There are several ways to see the Renew Licenses window:

• From the Remote Manager web console:


3-15

a. Click Customers.

b. Select the customer that has the expired license or will be expiring soon.

c. Click Renew License.

• From the Notifications widget, click the Renew now link beside thenotification.

• From the email notification message, click the Renew now button.

2. Specify the change to the license terms.

3. Click Submit.

Modifying Seat AllocationEach reseller can specify how many seats they can allocate per customer. If they exceedthe allocated number of seats, resellers can add more seats per customer.

Note

This feature is only applicable if you are using an account that has been integrated with theTrend Micro Licensing Management Platform.

Procedure

1. Go to Customers > {customer name} > Licenses.

Tip

You can also view the short list of customers that need additional seats by clicking thenumber of customer(s) who requested more seats from the Notifications widget.

2. Select the product(s) that you want to modify.

3. Click Modify Seat Allocation.

The Modify Seat Allocation screen appears.


3-16

4. Specify the number of new seats that you want to add for each product under theNew Seats column.

5. Click Submit.

Company ProfileThe customer Company Profile tab displays general information about the customer'scompany as stored in Licensing Management Platform.

The following table outlines the information available on the Company Profile tab.

Item Description

Company name The name of the customer's company

Address The street address of the customer's company

City The city in which the customer's company is located

State The state/province/region in which the customer's company islocated

Postal code The postal code / zip code for the customer's company

Country The country in which the customer's company is located

Logon URL The URL that the customer can use to sign into LicensingManagement Platform

Company logo The customized banner for the customer's company that candisplay on supported Trend Micro product consoles

Contact InformationThe customer Contact Information tab displays information about the main customercontact as stored in Licensing Management Platform.

The following table outlines the information available on the Contact Information tab.


3-17

Item Description

Account The contact's account name

User role The user role assigned to the contact

Contact name The main contact's name

Contact number The phone number of the main contact

Email The email address of the main contact

Time zone The time zone in which the contact is located

Language The preferred language of the contact

Customer NotificationsThe customer Notifications tab allows you to configure the types of event notificationsthat Remote Manager sends to the configured recipients, third-party remotemanagement and monitoring tools, and the type of email content sent.

You can accept the global notification settings or customize the settings per customer.

For more information about global notification settings, see Configuring Global NotificationSettings on page 17-3.

Procedure

1. Go to Customers > [customer].

2. Click the Notifications tab.

3. In the Recipients section, select from the following settings:

• Use global notification recipient settings: Automatically sends the eventnotifications to the email addresses specified on the global notifications screen

• Use custom recipient settings

• Account manager: Select the Licensing Management Account for therepresentative that manages the customer


3-18

• Additional recipients: Type the email addresses of any other peoplethat you want Remote Manager to notify about the customer's events

4. In the Third-party Notifications section, select the remote management andmonitoring tools that you have integrated with Remote Manager.

• ConnectWise

Important

You must first integrate Remote Manager with ConnectWise and also enableindividual ConnectWise settings per customer before Remote Manager can sendthe notifications.

For more information, see Integrating ConnectWise™ on page 11-2 andConnectWise Settings for Individual Customers on page 3-19.

• Kaseya

For more information, see Integrating Kaseya™ on page 12-2.

• Autotask

For more information, see Integrating Autotask™ on page 10-2.

5. In the Message Content section, accept the globally-configured content settingsor click the Change the global message content settings link to modify themessage content for all Remote Manager customers.

6. In the Event section, select from the following settings:

• Use global notification event settings: Applies the globally-configuredevent settings to the customer

Click the link to view the global settings and make any necessarymodifications that apply to all Remote Manager customers.

• Use custom notification event settings: Select to display a list of all eventsettings for all products available in Remote Manager

Enable the required notification event types and configure any necessarysettings for the products specific to the customer.


3-19

For more information about the event types available, see:

• Worry-Free Business Security Services Notifications on page 17-12

• Worry-Free Business Security Notifications on page 17-14

• Cloud App Security Notifications on page 17-16

• Cloud Edge Notifications on page 17-18

• InterScan Web Security as a Service Notifications on page 17-19

7. Click Save.

ConnectWise Settings for IndividualCustomers

You must enable ConnectWise notifications and integration for each Trend Microcustomer on the Remote Manager console if you want to automate Remote Managernotifications.

For more information on global ConnectWise integration settings, see IntegratingConnectWise™ on page 11-2.

Important

To begin receiving notifications in the ConnectWise system, you must first configure theConnectWise notification settings for each customer.

For more information, see Customer Notifications on page 3-17.

Procedure

1. Go to Customers > [customer].

2. Click the ConnectWise tab.

3. Select Enable integration.


3-20

4. Specify the ConnectWise Company ID for this customer.

NoteClick Test Validity to verify the company ID.

5. Click Save.

Trend Micro Remote Manager syncs the customer information from ConnectWiseand loads any available agreement information. The following screen appears:

6. In the Agreements section, you can assign ConnectWise Agreements to TrendMicro products.

NoteAssigning agreements to Trend Micro products allows ConnectWise to provideautomated billing services for Trend Micro Remote Manager customers.

Important

• If you previously configured ConnectWise using the “TMRM ManagementSolution” or “Managed Service” agreement type, “Default” appears next to theTrend Micro product name.

• If you did not configure ConnectWise using the “TMRM ManagementSolution” or “Managed Service” agreement type, you can assign ConnectWiseagreements to Trend Micro products.

a. Click Set Up.


3-21

The Product Agreements screen appears.

b. For each product, first select the agreement type and then select theagreement name.

c. Click OK.

7. Select either of the following integration settings:

• Select Use global settings from Administration > Configure third-partyintegration > ConnectWise settings to apply the global integration settings.

• Select Use custom settings to configure customer-specific notifications forbilling and executive summaries.

• Send billing information for the following products toConnectWise every month on day X: Select the day of the month toreceive billing information for the products you select.

NoteIf you select 29, 30, or 31 and the month does not contain that day,Remote Manager sends the notification on the last day of the month.

• Send the following information from Hosted Email Security toConnectWise every <day, week, or month>: Remote Manager sendsthe selected detection information from Hosted Email Security at thespecified frequency.

8. Click Save.

Part IIIManaging Trend Micro

Products

4-1

Chapter 4

Cloud App Security in RemoteManager

This section contains the following topics:

• Cloud App Security on page 4-2

• Registering Cloud App Security on page 4-2

• Managing Cloud App Security on page 4-2

• Cloud App Security Events on page 4-3

• Cloud App Security Notifications on page 4-5


4-2

Cloud App SecurityTrend Micro Cloud App Security provides advanced protection for Microsoft Office365 services, Box, Dropbox and Google Drive, enhancing security with powerfulenterprise-class threat and data protection control. Cloud App Security providesprotection against phishing scams, zero-day and hidden malware, and unauthorizedtransmission of sensitive data.

Cloud App Security integrates cloud-to-cloud with Exchange Online, SharePoint Online,OneDrive for Business, Box, Dropbox and Google Drive to maintain high availabilityand administrative functionality.

Registering Cloud App Security

Procedure

1. Add a new customer on the Remote Manager web console.

2. Add Cloud App Security to that customer's service plan.

For more information, see Adding New Products Using a Licensing Management PlatformAccount on page 3-8.

3. Go to the Cloud App Security web console to activate the license.

Note

Cloud App Security data will automatically sync with Remote Manager.

Managing Cloud App SecurityRemote Manager allows you to complete the following tasks for a registered Cloud AppSecurity installation.

Cloud App Security in Remote Manager

4-3

Table 4-1. Cloud App Security Management Tasks

Task Description

View events View a list of Cloud App Security eventsfrom the Events tab.

Manage users Add and delete users, and resetpasswords from the Users tab.

Access the Cloud App Security console Access the Cloud App Security console byclicking Open Console.

Cloud App Security Events

NoteIf multiple “Action required” and “Warning” events occur, Remote Manager displays the

icon for the most serious threat.

Table 4-2. Threat Events

EventCategory Details Event Status

Antivirus Virus detections exceed : The detected virus/malware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

File Blocking File Blocking violationsexceed

: The detected File Blocking violationcount exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)


4-4


VirtualAnalyzer

Virtual Analyzer “High risk”detections exceed

: The detected Virtual Analyzerdetection count for “High risk” objectsexceeds the configured threshold within 1hour (as configured on the managedproduct console)

Virtual Analyzer“Medium/Low risk”detections exceed

: The detected Virtual Analyzerdetection count for “Medium/Low risk”objects exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)

WebReputation

URL violations exceed : The detected Web Reputationviolation count exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

Table 4-3. System Events


Accountsync issues

Invalid Box access token : Unable to access the specified cloudstorage

Invalid Dropbox accesstoken

: Unable to access the specified cloudstorage

Invalid Google Drive accesstoken


Sync issues on delegateaccount(s)

: Unable to sync with delegateaccount(s)

Cloud App Security in Remote Manager

4-5

Cloud App Security NotificationsTable 4-4. Threat Events

Event Details

Antivirus - Virusdetections exceed

: The detected virus/malware count exceeds the configuredthreshold within 1 hour (as configured on the managed productconsole)

File Blocking - FileBlocking violationsexceed

: The detected File Blocking violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)

Ransomware -Ransomwaredetections exceed

: The detected ransomware count exceeds the configuredthreshold within 1 hour (as configured on the managed productconsole)

Virtual Analyzer -Virtual Analyzerdetections exceed

: The detected Virtual Analyzer detection count for “Low risk”or “Medium risk” objects exceeds the configured threshold within1 hour (as configured on the managed product console)

: The detected Virtual Analyzer detection count for “High risk”objects exceeds the configured threshold within 1 hour (asconfigured on the managed product console)

Web Reputation -URL violationsexceed

: The detected Web Reputation violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)


Event Details

Account sync issues- Invalid Box accesstoken

: Unable to access the specified cloud storage

Account sync issues- Invalid Dropboxaccess token



4-6

Event Details

Account sync issues- Invalid GoogleDrive access token


Account sync issues-Sync issues ondelegate account(s)

: Unable to sync with delegate account(s)

5-1

Chapter 5

Cloud Edge in Remote ManagerThis section contains the following topics:

• Cloud Edge on page 5-2

• Registering Customers with Cloud Edge Devices on page 5-2

• Managing Cloud Edge on page 5-3

• Cloud Edge Events on page 5-4

• Cloud Edge Notifications on page 5-8


5-2

Cloud EdgeCloud Edge brings together the benefits of a next-generation on-premises firewall andthe convenience of security as a service for managed service providers.

By deeply scanning and filtering network packets on-premises or through the cloud,Cloud Edge stops threats at the gateway. Cloud Edge intelligently combines applicationcontrol with user and port identification, zero-day exploit detection, anti-malwarescanning, web reputation security, and URL filtering to protect your customers againstnetwork breaches and business disruptions. VPN support also secures connections frommobile devices, corporate sites, and remote employees.

Deploy the Cloud Edge on-premises appliance to customer offices anywhere in theworld and then centrally control user access and security policies through an intuitivecloud console, or through Trend Micro Remote Manager. Remote Manager works withCloud Edge by providing a single point of entry to access graphical reports andsummarized dashboard data for supported appliances and Trend Micro products. Youcan also use Remote Manager to manage licensing and billing of multiple customers.

Registering Customers with Cloud EdgeDevices

Procedure

1. Go to Customers > New Customer.

The Select New Customer window opens.

2. Select With an active Licensing Management Platform account.

3. Click Next.

The Enter Customer Information screen appears.

4. Type the required information.

5. Click Next.

The Assign Service Plan screen appears.

Cloud Edge in Remote Manager

5-3

6. Select a service plan and start date.

7. Type the number of units per license.

8. Optional: Click Add device and type the following information for each device.

• Device name: Type a name that is not identical to the company name.

• Serial number: The serial number is not case-sensitive.

Note

The number of devices must not exceed the specified seat count.

9. Click Next.

The Configure Product Default Settings screen appears.

10. Select a default setting template.

11. Optional: Change the default template, as needed.

For more information, see Configuring Default Setting Templates for Cloud Edge on page17-23.

12. Click Save.

The screen closes and the Customers screen appears.

Note

Because Licensing Management Platform has already linked your Cloud Edgeaccount, you do not need to enter your credentials to sign into Cloud Edge.

Managing Cloud EdgeRemote Manager allows you to complete the following tasks for a registered Cloud Edgeinstallation.


5-4

Table 5-1. Cloud Edge Management Tasks

Task Description

Assign a Virtual Analyzer service plan toCloud Edge

Click the Add button and select a VirtualAnalyzer service plan to assign to anexisting Cloud Edge device.

View events View a list of Cloud Edge events from theEvents tab.

Update firmware Update outdated devices from theFirmware Updates tab.

Register devices Register devices from the Devices tab.

Access the Cloud Edge console Access the Cloud Edge console by clickingOpen Console.

You can also select registered devices from the Product tree and view the following tabsfor information about specific devices:

• Events

• Components

• Network

• VPN

Cloud Edge Events

NoteSome Threat Events from Cloud Edge may display additional channel information.


5-5



Antispam Spam detections exceed : The detected spam count exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)


Botnet Botnet detections exceed : The detected botnet count exceedsthe configured threshold within 1 hour (asconfigured on the managed productconsole)

C&Ccallback

C&C callbacks exceed : The detected C&C callback countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

IPS IPS detections exceed : The detected IPS count exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)

PredictiveMachineLearning

Predictive MachineLearning detections exceed

: The detected Predictive MachineLearning count exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

Ransomware

Ransomware detectionsexceed

: The detected ransomware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)


5-6


VirtualAnalyzer

Virtual Analyzer detectionsexceed

: The detected Virtual Analyzerdetection count for objects of any risk levelexceeds the configured threshold within 1hour (as configured on the managedproduct console)

WebReputation


Web Threats Web threat detections(including IPS, botnet,antivirus, or WebReputation violations)exceed

: The detected web threat countexceeds the configured threshold within 1hour (as configured on the managedproduct console)



Cloud emailscanning

Service unavailable : Cloud Edge was unable to connect tothe cloud scanning service

Service became temporarilyunavailable within the last24 hours

: Cloud Edge was temporarily unable toconnect to the cloud scanning servicewithin the last 24 hours

FirmwareUpdate

The last firmware updatewas unsuccessful. Openthe <Cloud Edge cloudconsole> for moreinformation.

: Cloud Edge firmware was unable tosuccessfully update to the latest firmwareversion

Outdated firmware : The current version of the Cloud Edgefirmware is outdated


5-7


Offline Offline gateway. Policydeployment and loganalysis may be affected.

: Cloud Edge cannot connect to thegateway or perform scanning

Offline (Last24 hours)

Offline gatewayoccurrences in the last 24hours. Policy deploymentand log analysis may havebeen affected.

: Cloud Edge was unable to maintain adedicated connection to all registeredgateways over the last 24 hours

Resourceshortage

Detected <number> issues

• Disk space usageexceeded

• CPU usage exceeded

• Memory usageexceeded

: The amount of remaining resourceson the device have dropped below theconfigured alert threshold.

Resourceshortage(Last 24hours)





: The amount of remaining resourceson the device dropped below theconfigured alert threshold within the last 24hours but were recovered

Unregistered Unable to perform cloudmanagement. This gatewayis not registered to theCloud Edge cloud console.

: Cloud Edge cannot perform scanningon the gateway


5-8

Cloud Edge NotificationsTable 5-4. Threat Events

Event Details Alert Threshold

Web Threats -Web threatdetectionsexceed

: The detected web threatcount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)

Specify a value between 1 to 300.

C&C callback -C&C callbackdetectionsexceed

: The detected C&C callbackcount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)


Ransomware -Ransomwaredetectionsexceed

: The detected ransomwarecount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)




Offline - Offlinegatewaydetected

: Cloud Edge cannot connectto the gateway or performscanning

Specify when Remote Managersends the notification:

• Immediately: Trigger thenotification as soon as CloudEdge reports the incident toRemote Manager

• For more than X day(s):Trigger the notification if thegateway remains offline forthe configured number ofdays


5-9


Offline - Offlinedevice recovery

: Cloud Edge restored theconnection to an offline device

Not applicable

Cloud emailscanning -Serviceunavailable

: Cloud Edge was unable toconnect to the cloud scanningservice

Not applicable

Cloud emailscanning -Servicerestored

: Cloud Edge restored theconnection to the cloud scanningservice

Not applicable

Resourceshortage -CPU, memory,or disk spaceusage exceeds

: The amount of remainingresources on the device havedropped below the configuredalert threshold.

Specify the maximum amount ofresources (between 80 - 95%)that can be in use before RemoteManager triggers the notification

6-1

Chapter 6

Hosted Email Security in RemoteManager


• Hosted Email Security on page 6-2

• Registering Hosted Email Security on page 6-2

• Managing Hosted Email Security on page 6-4


6-2

Hosted Email SecurityTrend Micro™ Hosted Email Security blocks spam, viruses, phishing, and other emailthreats before they reach your network. As a hosted solution, it requires no hardware orsoftware to install and maintain and helps you reclaim IT staff time, user productivity,bandwidth, mail server storage and CPU capacity.

In addition, Trend Micro’s worldwide team of experts manages hot fixes, patches,updates and application tuning so that solution performance is continuously optimized.

Note

For information about Hosted Email Security, refer to the documentation at:

http://docs.trendmicro.com

Trend Micro Remote Manager monitors and manages Hosted Email Security-protectednetworks by communicating with the Hosted Email Security server located at TrendMicro data centers.

Registering Hosted Email Security1. Add a new customer on the Remote Manager web console.

2. Add the main customer contact.

3. Add at least one service to that customer's account.

4. Enter the Authorization Key on the customer’s service console.

Connecting a Hosted Email Security Customer to theRemote Manager Web Console

To manage Hosted Email Security from the Trend Micro Remote Manager web console,a customer's Hosted Email Security account must register with Remote Manager.


Hosted Email Security in Remote Manager

6-3

Note

If the reseller added the product to your account from Licensing Management Platform,you do not need to do the following steps.

Procedure

1. Add the product to the Remote Manager web console and save the GUID orAuthorization Key.

2. Sign into the customer's Hosted Email Security account.

3. Go to Administration > Remote Manager.

4. Type the GUID or Authorization Key and click Connect.

After entering the GUID or Authorization Key and clicking Connect, it can takeas long as ten minutesfor Hosted Email Security to complete the connection to theRemote Manager web console.

5. Review the connection status.

New Hosted Email Security data can take as long as three hours before it updateson the Remote Manager web console. Hosted Email Security Customerinformation is updated once a day.

Disconnecting a Hosted Email Security Customer fromthe Remote Manager Web Console

To disconnect Hosted Email Security from the Remote Manager web console:

• If the account has been integrated with Licensing Management Platform, thereseller can delete the service plan from the Licensing Management Platform webconsole. Once the service plan has been deleted, the customer will be disconnectedfrom the Remote Manager web console.

• For other accounts, the customer can open the Remote Manager screen on theHosted Email Security web console and click Discontinue.


6-4

The customer is then notified on the Hosted Email Security console and clicks OK.

Managing Hosted Email SecurityRemote Manager allows you to complete the following tasks for a registered HostedEmail Security installation.

Table 6-1. Hosted Email Security Management Tasks

Task Description

View events View a list of Hosted Email Security eventsfrom the Live Status tab.

View policies View a list of Hosted Email Securitypolicies from the Policies tab.

View the Approved Senders list View a list of approved senders from theApproved Senders tab.

View the Blocked Senders list View a list of blocked senders from theBlocked Senders tab.

Access the Hosted Email Security console Access the Hosted Email Security consoleby clicking Open Console.

7-1

Chapter 7

InterScan Web Security as a Servicein Remote Manager


• InterScan Web Security as a Service on page 7-2

• Registering InterScan Web Security as a Service (IWSaaS) on page 7-3

• Managing InterScan Web Security as a Service on page 7-4


7-2

InterScan Web Security as a ServiceSimple. Quick. Cost-effective Solution.

Trend Micro understands how important it is to safeguard your network and how costlythe technology infrastructure can be to do this. Therefore, with our expert cloudtechnology, we have created an elastic cloud-security gateway product—InterScan WebSecurity as a Service (IWSaaS).

As a cloud-based application, no capital expenditure needs to be invested in eitherhardware or software. By using IWSaaS, you can focus on strategic security, such aspolicy and architecture, rather than on the operational tasks of managing networkinfrastructure.

Our Cloud Solution Will Help You:

• Protect against viruses or other security risks in file-uploads and downloads usinghighly configurable Anti-Malware Protection technology. In addition, IWSaaS scansfor many types of spyware, grayware, and other risk types.

• Block websites determined by Web Reputation Service (WRS) to be malicious,based on a website’s reputation score.

• Control Internet applications discovered by Application Control using policies.

• Control access to any specific site using the Approved/Blocked lists.

• Scan traffic organized by URL categories, such as “Adult” and “Gambling”. Whena user requests a URL, IWSaaS, using URL Filtering policies, first looks up thecategory for that URL and then allows, denies, or monitors access based on thepolicies set up.

• Monitor and analyze web traffic status using the dashboard reporting and log queryfeature.

How IWSaaS Works

The diagram below illustrates how IWSaaS manages your network traffic in the cloud.When a user sends an HTTP request - whether inside or outside your firewall - thatuser's traffic is routed through the cloud. IWSaaS inspects the request, analyzes it, andfilters it based on policies set by administrators. If the request is allowed, and the user

InterScan Web Security as a Service in Remote Manager

7-3

logs onto IWSaaS, then IWSaaS sends the secure content back to the user. If the requestis not allowed, for example a request to a forbidden URL category, then IWSaaS blocksthe request and notifies the user.

Click the blue question mark button on any page to open help for that page. Page-levelhelp appears in a panel. Within this panel, information necessary to complete the screenis found in the "Steps" tab and any information supporting this procedure is found in a"More" tab.

You can access the table of content-type Help—the Help Contents from the Help menulocated in the main banner, along with the readme, Getting Started instructions, andGetting Start Guide.

Registering InterScan Web Security as aService (IWSaaS)


2. Add the IWSaaS service to that customer's account.



7-4

Note

Because Licensing Management Platform has already linked your IWSaaS account,you do not need to enter your credentials to sign into IWSaaS.

Managing InterScan Web Security as a ServiceRemote Manager allows you to complete the following tasks for a registered InterScanWeb Security as a Service (IWSaaS) installation.

Table 7-1. IWSaaS Management Tasks

Task Description

View events View a list of IWSaaS events.

Access the IWSaaS console Access the IWSaaS console by clickingOpen Console.

InterScan Web Security as a Service EventsTable 7-2. Threat Events


Antispyware Spyware/Graywaredetections

: The detected spyware/grayware countduring the last 24 hours

Antivirus Virus detections : The detected virus/malware countduring the last 24 hours

ApplicationControl

Application Controlviolations

: The detected Application Controlviolation count during the last 24 hours

URLFiltering

URL violations : The detected URL Filtering violationcount during the last 24 hours

InterScan Web Security as a Service in Remote Manager

7-5


WebReputation

URL violations : The blocked URL count during the last24 hours



Accountsync issues

Sync issues with AD/LDAP : Unable to sync with AD/LDAP

InterScan Web Security as a ServiceNotifications


Event Details

Account sync issues- Sync issues withAD/LDAP

: Unable to sync with AD/LDAP

8-1

Chapter 8

Worry-Free Business Security inRemote Manager


• Worry-Free Business Security on page 8-2

• Registering Worry-Free Business Security Standard and Advanced on page 8-2

• Managing Agents on page 8-6

• Managing Worry-Free Business Security Standard on page 8-21

• Managing Worry-Free Business Security Advanced on page 8-22

• Worry-Free Business Security Events on page 8-23

• Worry-Free Business Security Notifications on page 8-27


8-2

Worry-Free Business SecurityTrend Micro™ Worry-Free Business Security Standard and Worry-Free BusinessSecurity Advanced are comprehensive, centrally-managed solutions for small- andmedium-sized business.

Worry-Free Business Security Standard provides client-side antivirus and firewallprotection for desktops and servers. Worry-Free Business Security Advanced includesthe same features as Worry-Free Business Security Standard, but provides an anti-spamand email threat solution for mail servers running Microsoft™ Exchange Server. Worry-Free Business Security Standard and Advanced include a server-side component formonitoring and managing client protection from a central location.

Trend Micro Remote Manager monitors and manages Worry-Free Business SecurityStandard and Advanced protected networks by communicating with an Agent that runson Worry-Free Business Security Standard and Advanced servers

For information about Worry-Free Business Security Standard and Advanced, refer tothe documentation at:


Registering Worry-Free Business SecurityStandard and Advanced





Agent GUID or Authorization KeyTo distinguish between products and services, Remote Manager assigns a globally uniqueidentifier (GUID) or Authorization Key to each product and service. Every time you


Worry-Free Business Security in Remote Manager

8-3

add a product or service to the Remote Manager web console, Remote Managergenerates a new GUID or Authorization Key. The person who installs the Agent on themanaged server or adds the service to the Remote Manager web console must input theGUID or Authorization Key during installation to allow the product to register toRemote Manager.

The GUID or Authorization Key for a customer's products/services are always availablefrom: Customers > All Customers (on the tree) > {customer} > TMRM Agent(tab).

Figure 8-1. The Agent GUID or Authorization Key is always available (Worry-FreeBusiness Security Standard and Advanced)

Remote Manager Agent GUID

1A2B3C4567D8-E1FGHI23-J456-78K9-1L23

Agent Installation for Worry-Free Business Security 6.0and Above

There are several ways to install the Trend Micro Remote Manager Agent to the Worry-Free Business Security Standard or Advanced 6.0 and above server. The installationprocedures depend on whether the customer is new or already has an existing accounton the Remote Manager web console.

Verifying Trend Micro Remote Manager Agent InstallationVerify that the Agent has been installed successfully.


8-4

Checking the Agent Service StatusOn the computer where the Remote Manager Agent is installed, check if Trend MicroInformation Center for CSM has started.

Procedure

1. Click Start > Settings > Control Panel > Administrative Tools > Services.

2. Look for Trend Micro Remote Manager Agent.

3. Check if the Status has Started.

Checking the Start Menu ShortcutsOn the computer where the Trend Micro Remote Manager Agent is installed, check theProgram Group in the Start Menu.

Procedure

1. Click Start > Programs > Trend Micro Remote Manager Agent.

2. Verify that the Program Group contains the following items:

• Agent Configuration Tool

• Readme

Checking the System Tray IconOn the computer where the Trend Micro Remote Manager Agent is installed, check forthe Trend Micro Remote Manager Agent icon in the system tray. If for any reason theicon is not visible, you can start it by clicking Start > Programs > Trend MicroRemote Manager Agent > Agent Configuration Tool.

Exiting the tool does not stop the Trend Micro Remote Manager service. It only closesthe Configuration Tool and removes the icon from the task bar. The tool can berestarted at any time.


8-5

Suspend the mouse over the icon for status information.

Table 8-1. System Tray Icons

Icon Description

A green icon indicates that the Agent is connected to the Trend Micro RemoteManager communication server. The Agent is working normally.

A red icon indicates that the Agent is not connected to the Trend Micro RemoteManager communication server or the version of the Agent is mismatched withthe server and needs to be updated.

An icon with a red arrow indicates that the Agent has signed out from Trend MicroRemote Manager.

An icon with a red "X" means that the Agent has been disabled.

Checking the Connection Between the Agent and ServerTo ensure that the Trend Micro Remote Manager service is running smoothly, make surethat Agents have a status of "connected" or "online" on the Remote Manager webconsole.

Go to Customers > {customer} > Products (tab).

The tree lists the status of each Agent in the Status column. For details on each status,see Agent Status on page 8-6.

In addition to the current section, refer to Troubleshooting and Frequently Asked Questions onpage 18-1 for more issues dealing with Server/Agent connectivity.

Viewing Installation ErrorsThe Agent installation logs cover Agent installation activities. Collect these logs andsend them to your support provider if you encounter problems during installation. TheAgent installation logs can be obtained from the following location on the managedserver:

C:\Windows\Temp\Win_debug\TMRMAgentForCSM_Install.log


8-6

Managing AgentsThis section contains the following topics:

• Managing Agents from the Remote Manager Web Console on page 8-6

• Managing Agents from the Managed Server on page 8-10

• Backing Up and Restoring Agent Settings on page 8-14

• Finding the Agent Build Number on page 8-16

• Location of Agent Logs and Configuration Files on page 8-17

• Enabling the Agent Debug Log on page 8-18

• Removing Agents on page 8-18

Managing Agents from the Remote Manager Web ConsoleThis section contains information on how to manage agents from the Trend Micro™Remote Manager™ web console.

Checking the Connection Between the Agent and ServerTo ensure that the Trend Micro Remote Manager service is running smoothly, make surethat Agents have a status of "connected" or "online" on the Remote Manager webconsole.

Go to Customers > {customer} > Products (tab).

The tree lists the status of each Agent in the Status column. For details on each status,see Agent Status on page 8-6.

In addition to the current section, refer to Troubleshooting and Frequently Asked Questions onpage 18-1 for more issues dealing with Server/Agent connectivity.

Agent StatusThe status of a Remote Manager Agent indicates whether the Agent is able to collectdata and receive commands from the Remote Manager server. The status also indicates


8-7

the reason why the Agent cannot function properly and how you can handle thesituation. The table below describes the different Agent status types and ways to handlethe situation.

Table 8-2. Agent status types

Status Description Resolution

Online The Agent is running normally. NA

Abnormal The Agent appears offline and isnot responding to the RemoteManager server, but has not senta logoff request.

This status can occur if themanaged server did not shut downproperly. Ensure that the managedserver administrator is aware ofthis situation. Contact theadministrator if necessary.

Disabled This status is set manually fromthe console. When an Agent indisabled status, the Agent queriescommands from the server every10 minutes.

Submit a command to enable theAgent (See Submitting AgentCommands on page 8-8).

Offline The Agent closed normally afterhaving sent a logoff request to theRemote Manager server. Typically,an Agent is in this status if a userhas shut down the Agent serviceor the managed server has shutdown.

Ensure that the managed serveradministrator is aware that theserver has shut down. Contact themanaged server administrator ifnecessary.

Unknown The Agent is not working normally. Remove the Agent and have themanaged server administratorreinstall the Agent. Contact yoursupport provider if this issuepersists.

Plug-in errors The console has detected errors inthe Agent's service plug-incomponent.

Remove the Agent and ask themanaged server administrator tore-install the Agent. Contact yoursupport provider if this issuepersists.


8-8

Status Description Resolution

Unregistered The Agent has not registered tothe Remote Manager server.

The Agent may have not beeninstalled or has not been able tocommunicate successfully with theRemote Manager server. Contactthe managed server administrator.

Versionmismatch

Incompatibility between theversions of any of the followingcomponents has been detected:

• Agent

• Remote Manager

• Worry-Free Business Security(Standard and Advanced)

Upgrade the Agent and themanaged server. If this does notwork, report this problem to theTrend Micro Data Centeradministrator.

Submitting Agent CommandsAgent commands allow you to remotely resolve issues affecting the Worry-Free BusinessSecurity (Standard and Advanced) Agent. If an Agent is in abnormal or unregisteredstatus, you cannot submit a command to it.

Procedure

1. Go to Customers > {customers} > {product} > Groups (tab).

Select one of the following commands:

• Scan Now: Initiates a scan of the endpoint.

• Stop Scan: Stops the scanning process.

2. Go to Customers > {customers} > {product} > Domain Settings (tab).


• Enable: Restores the Agent from disabled status to normal functionality.

• Disable: Agent stops collecting information but continues to query the serverfor commands every 10 minutes.


8-9

• Start Vulnerability Assessment: Performs a vulnerability assessment scan.

• Start Damage Cleanup Services: Scans and cleans computer of file-basedand network viruses, and virus and worm remnants.

3. Go to Customers > {customers} > {product} > Managed Server (tab).


• Update Managed Server: Downloads and installs managed server updates.

• Update Security Agent: Downloads and installs agent updates.

Viewing Agent Details

Procedure

1. Go to Customers > {customer} > Products (tab) > WFBS-S/WFBS-A >Endpoint.

The following information is displayed:

• Status

• Computer name

• GUID: Globally unique identifier; Remote Manager generates this stringautomatically. Provide the GUID to the administrator who will install theAgent program.

• IP address: IP address of the server where the Agent is installed.

• Registered on

• Last update: Date and time the Agent was last updated

• Agent version

• Managed product: Product managed through the Agent


8-10

• Managed product version: Version of the product managed through theAgent

Managing Agents from the Managed ServerThis section contains information on how to manage agents from the managed server.

Agent Status MessagesOn the managed server, the Agent displays one of the following system tray icons:

Table 8-3. System tray icons

Icon Description

A green icon indicates that the Agent is connected to the Remote Managercommunication server. The Agent is working normally.

A red icon indicates that the Agent isn’t connected to the Remote Managercommunication server or the version of the Agent is mismatched with theserver and needs to be updated.

An icon with a red arrow indicates that the Agent has logged off from RemoteManager.

An icon with a red "X" means that the Agent has been disabled.

Changing the Agent GUID on the Managed ServerIf you entered an incorrect Globally Unique Identifier (GUID) during Remote ManagerAgent installation, delete the agent and install it again using the correct GUID. If you areunable to do this procedure, you can do the following:

Procedure

1. Go to C:\Program Files\Trend Micro\TMRMAgentForWFBS.

2. Open the AgentSysConfig.xml file using a text editor.


8-11

3. Look for the GUID between the parameters <AgentGUID> and </AgentGUID>.

4. Edit the GUID and then save the file.

5. In the same folder, open the csmSysConfig.xml file using a text editor.

6. Look for the GUID between the parameters <ProductGUID> and </ProductGUID>.

7. Edit the GUID and then save the file.

8. Right-click the Trend Micro Remote Manager Agent icon on the task bar and thenclick Restart Service.

Using the Agent Configuration ToolThe Agent Configuration Tool allows changes to be made to Remote Manager Agentconfiguration settings.

Go to Start > Programs > Trend Micro Remote Manager Agent > AgentConfiguration Tool or right-click the tray icon and click Configure.

See Agent Configuration on page 8-11 for more information.

Agent ConfigurationAgent Configuration Menu

To configure the Agent, right click on the tray icon to open the following menu:

Figure 8-2. Agent Configuration Tool pop-up menu


8-12

The following items appear:

• Configure: Opens the Agent configuration screen.

• Select Language: In addition to other possible languages, the "English" languagealways exists.

• Service: Start, Stop, Restart.

• Exit: Exiting the tool does not stop the Remote Manager service. It only closes theConfiguration Tool and removes the icon from the task bar. The tool can berestarted at any time.


8-13

Configuration Tool Main DialogRight-click on the tray icon and click Configure on the Agent configuration menu toopen the Agent configuration tool General tab.

Figure 8-3. Agent Configuration Tool "General" tab

The following sections of the Agent configuration screen are the only presently relevantsections of this tool.

• Server Settings: Configure server communication by setting the following:

• Server address: The fully qualified domain name (FQDN) of the RemoteManager communication server. The FQDN varies in each region as follows:


8-14

• Asia Pacific: wfrm-apaca.trendmicro.com

• Europe and the Middle East: wfrm-emea.trendmicro.com

• Japan: wfrm-jpa.trendmicro.com

• Latin America: wfrm-lara.trendmicro.com

• North America: wfrm-usa.trendmicro.com

• Port: The port that the Remote Manager server uses to communicate with theAgent. This should be 80 for HTTP and 443 for HTTPS.

• Protocol: The protocol used for communication between the server and theAgent.

• Proxy Server Settings: Enable this area by clicking the Proxy server settingscheckbox if the user’s network requires a proxy to communicate with the RemoteManager server.

• Address: The IP address of the proxy server

• Port: The port or the proxy server

• Protocol

• Test Connection button: The Test Connection button is used to testcommunication between the Agent and the Remote Manager server. Use thisfunction to test if the basic connection to the communication server works well. Ifit fails (a popup dialog box will appear if the tool cannot connect to the server),there may be a basic issue such as the address of the communication server and itsport, or the Proxy server address and its port.

Backing Up and Restoring Agent Settings

If you need to uninstall and then reinstall the Agent using the same GUID within a spanof three days, keep the Agent settings to avoid any overlapping data. To do this, back upthe configuration files manually and then replace the configuration files with the backupafter reinstalling the Agent.


8-15

Backing Up Settings

Procedure

1. On the managed server, right click the Agent system tray icon and click StopService to stop the Agent service.

2. Copy all the .xml, .dat, and .ini files from the installation folder: C:\Program Files\Trend Micro\TMRMAgentForWFBS or C:\ProgramFiles (x86)\Trend Micro\TMRMAgentForWFBS.

• .xml files

• csmSysConfig.xml

• csmLocalConfig.xml

• csmLogDef.xml

• AgentWorkConfig.xml

• AgentSysConfig.xml

• AgentStatus.xml

• AgentLocalConfig.xml

• .dat files

• MSA.dat

• logBuf.dat

• group.dat

• CSA.dat

• CriticalVA.dat

• .ini files

• csmStatusData.ini

3. Copy all the files from the \Cache folder.


8-16

4. Restart the Agent service.

Restoring Settings

Procedure

1. Remove the Agent locally if you haven’t already. For detailed instructions, seeRemoving Agents Locally on page 8-18.

NoteWhen removing the Agent locally, the Agent will unregister from Remote Managerwhich automatically deletes all data associated with the Agent. To prevent the Agentfrom unregistering, modify the Server address value in Agent interface beforeremoving the Agent.

2. Reinstall the Agent. Ensure that you use the same GUID which can be obtainedfrom agentSysConfig.xml.

3. On the managed server, right click the Agent system tray icon and click StopService to stop the Agent service.

4. Replace the configuration files with the backup files.

5. Right-click the Agent system tray icon and click Start Service to restart the Agentservice.

Finding the Agent Build NumberYou can check the build number of the Agent either from the console or directly, on theAgent.


8-17

From the Remote Manager Web Console

Procedure

1. Click the Customers tab.

2. Select the target domain from the View by drop-down list in the left pane.

3. Click All Customers > {customer} > {agent} > Server/Agent Details >TMRM Agent Details.

4. Check the agent version in the General Information table.

On the Agent

Procedure

1. Go to the C:\Program Files\Trend Micro\WFRMAgentForCSM directory.

2. Right-click the csmplugin.dll file and then click Properties > Version (tab) tosee the build number.

Location of Agent Logs and Configuration Files

Agent configuration files are located in:

• <install path>\Trend Micro\TMRMAgentForWFBS\*.xml

• <install path>\Trend Micro\TMRMAgentForWFBS\*.ini

Log files are located in:

• <install path>\Trend Micro\TMRMAgentForWFBS\log\


8-18

Enabling the Agent Debug LogNormally the Agent will only log warning and error information. If more detail loginformation is required, enable the Agent's debug log.

Resolution

1. Open the file AgentLocalConfig.xml in <install path>\Trend Micro\TMRMAgentForWFBS\ in a text editor.

2. Change <DebugLogLevel> from LL_FOR_ERROR to LL_FOR_ALL.

3. Restart the Agent service by right-clicking the Remote Manager Agent on the taskbar, then clicking Restart Service.

4. The Agent log file is located in <install path>\Trend Micro\TMRMAgentForWFBS.

Removing AgentsThis section contains information on how to remove agents.

Removing Agents Locally

Before removing an Agent, refer to Backing Up and Restoring Agent Settings on page 8-14.

WARNING!

Unregistering an Agent from Remote Manager deletes all data associated with the RemoteManager Agent. To prevent the Agent from unregistering (and deleting its data), modify theserver address value on the Remote Manager Agent interface before removing the RemoteManager Agent.

There are three ways to remove an Remote Manager Agent locally:

• Directly uninstall the Remote Manager Agent.

• Uninstall the Remote Manager Agent via the Control Panel.


8-19

• Uninstall the Remote Manager Agent manually.

Directly Uninstall the Remote Manager Agent

Procedure

1. Open the Remote Manager Agent installation file (WFRMAgentforCSM.exe orWFRMAgentforWFBS.exe).

2. Click Yes to confirm the Confirm Uninstall dialogue box.

Note

During removal, you will be prompted to close certain applications. Close theseapplications and click Retry to continue.

3. Click Finish to close the wizard after the uninstallation is complete.

Uninstall the Remote Manager Agent from the Control Panel

Procedure

1. Open the Windows Control Panel.

2. Locate the list of currently installed programs.

For example, in Windows 7, go to Programs > Programs and Features.

3. Select Trend Micro Remote Manager Agent and then click the Uninstall/Change button.

4. Follow the on-screen instructions.

Uninstall the Remote Manager Agent Manually

If for any reason an Agent cannot be removed through standard ways, try these steps:


8-20

Procedure

1. Stop the Remote Manager Agent service.

a. Open the command prompt as an Administrator.

b. Run the following command:

net stop "Trend Micro remote manager agent"

2. Remove the Remote Manager Agent service:

a. On the command line, use the change directory (cd) command to go to theRemote Manager Agent directory.

b. Run the following command:

TMICAgent -u

3. Remove the program files.

Delete <install path>\Trend Micro\TMRMAgentForWFBS\

4. Open the Registry Editor (regedit.exe) and remove the following registry keys:

NoteAlways create a backup before modifying the registry. Incorrect registry changes maycause serious issues. Should this occur, restore it by referring to the "Restoring theRegistry" Help topic in regedit.exe or the "Restoring a Registry Key" Help topicin regedt32.exe.

• HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMIC4CSM\Agent\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23FC8F347B51DD440AD13A73D13A73D22D58E6

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23FC8F347B51DD440AD13A73D13A73D22D58E6

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}


8-21

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield UninstallInformation\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}

5. Remove the Remote Manager Agent shortcut from the Start menu.

a. On the desktop, click My Computer.

b. Change the current directory to ..\Documents and Settings\AllUsers\Start Menu\Programs.

c. Delete the Remote Manager Agent folder.

Managing Worry-Free Business SecurityStandard

Remote Manager allows you to complete the following tasks for a registered Worry-FreeBusiness Security Standard installation.

Table 8-4. Worry-Free Business Security Standard Management Tasks

Task Description

View events View a list of Worry-Free Business SecurityStandard events from the Events tab.

Scan groups Start or stop scans from the Groups tab.


8-22

Task Description

Manage domain settings Perform any of the following tasks from theDomain Settings tab.

• Enable domain settings

• Disable domain settings

• Start vulnerability assesment

• Start damage cleanup services

Manage the managed server Perform any of the following tasks from theManaged Server tab.

• Update managed server

• Update security agent

• View component status

View Remote Manager agent information View the Remote Manager agentinformation from the TMRM Agent tab.

Save server information Save and access information about theWFBS server by clicking ServerInformation.

Managing Worry-Free Business SecurityAdvanced

Remote Manager allows you to complete the following tasks for a registered Worry-FreeBusiness Security Advanced installation.

Table 8-5. Worry-Free Business Security Advanced Management Tasks

Task Description




8-23

Task Description

Manage domain settings Perform any of the following tasks from theDomain Settings tab.

• Enable domain settings

• Disable domain settings

• Start vulnerability assesment

• Start damage cleanup services

Manage the managed server Perform any of the following tasks from theManaged Server tab.

• Update managed server

• Update security agent

• View component status

View Remote Manager agent information View the Remote Manager agentinformation from the TMRM Agent tab.

Save server information Save and access information about theWFBS server by clicking ServerInformation.

Worry-Free Business Security EventsTable 8-6. Threat Events


Antispam Spam detections in totalmessages received exceed

: The ratio of detected spam messagesin total messages received exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)


8-24


Antispyware Detections requiring devicerestart

: Displays the number of endpointsinfected with spyware/grayware that themanaged product was unable tocompletely clean and require the customerto restart the endpoint to complete theprocess

Spyware/Graywaredetections exceed

: The detected spyware/grayware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)


8-25


Antivirus Real-time Scan disabled onendpoints

: Security Agents with Real-time Scandisabled cannot protect endpoints fromvirus/malware in newly created or executedfiles

Real-time Scan disabled onExchange server(s)

: Exchange servers with Real-timeScan disabled allow all attachments inemail messages to pass, leaving thecustomer network susceptible to mass-mailing worms.

Threats unresolved : Unsuccessful actions indicate that avirus or malware has successfullycircumvented antivirus defenses and hasinfected the endpoint.

NoteRemote Manager assumes thatcomputers with an unsuccessfullycleaned, quarantined, or deletedvirus or malware are infected.

Virus detections onendpoints exceed

: The detected virus/malware count onendpoints exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

Virus detections onExchange servers exceed

: The detected virus/malware count onExchange servers exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

BehaviorMonitoring

Behavior Monitoringviolations exceed

: The detected Behavior Monitoringviolation count exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)


8-26


DeviceControl

Device Control violationsexceed

: The detected Device Control violationcount exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)

Networkvirus

Network virus detectionsexceed

: The detected network virus countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

OutbreakDefense

Outbreak Defense enabled : Outbreak Defense enabled ondesktop/server platforms in response toabnormal threat activity

Outbreak Defense disabled : Outbreak Defense disabled ondesktop/server platforms and normalnetwork conditions restored

URLFiltering

URL violations exceed : The detected URL Filtering violationcount exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)

WebReputation




Resourceshortage

Remaining disk spacebelow

: The amount of remaining disk spaceon the server has dropped below theconfigured alert threshold.


8-27


SmartProtectionServices

Service unavailable : The Worry-Free Business Securityconsole cannot connect to the Smart ScanServer

Update Outdated agents : Over <number> of the SecurityAgents did not receive the latest antiviruspatterns in the last hour

Outdated Exchange servers : Outdated components detected onExchange server(s)

Worry-Free Business Security NotificationsTable 8-8. Threat Events

Event Details

Antispam - Spamdetections in totalmessages receivedexceed

: The ratio of detected spam messages in total messagesreceived exceeds the configured threshold within 1 hour (asconfigured on the managed product console)

Antispyware -Detections requiringdevice restart

: Displays the number of endpoints infected with spyware/grayware that the managed product was unable to completelyclean and require the customer to restart the endpoint to completethe process

Antispyware -Spyware/Graywaredetections exceed

: The detected spyware/grayware count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)

Antivirus - Real-timeScan disabled onendpoints

: Security Agents with Real-time Scan disabled cannot protectendpoints from virus/malware in newly created or executed files


8-28

Event Details

Antivirus - Real-timeScan disabled onExchange server(s)

: Exchange servers with Real-time Scan disabled allow allattachments in email messages to pass, leaving the customernetwork susceptible to mass-mailing worms.

Antivirus - Threatsunresolved

: Unsuccessful actions indicate that a virus or malware hassuccessfully circumvented antivirus defenses and has infected theendpoint.

NoteRemote Manager assumes that computers with anunsuccessfully cleaned, quarantined, or deleted virus ormalware are infected.

Antivirus - Virusdetections onendpoints exceed

: The detected virus/malware count on endpoints exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)

Antivirus - Virusdetections onExchange serversexceed

: The detected virus/malware count on Exchange serversexceeds the configured threshold within 1 hour (as configured onthe managed product console)

Behavior Monitoring- BehaviorMonitoringviolations exceed

: The detected Behavior Monitoring violation count exceedsthe configured threshold within 1 hour (as configured on themanaged product console)

Device Control -Device Controlviolations exceed

: The detected Device Control violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)

Network virus -Network virusdetections exceed

: The detected network virus count exceeds the configuredthreshold within 1 hour (as configured on the managed productconsole)

URL Filtering - URLviolations exceed

: The detected URL Filtering violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)


8-29

Event Details




Event Details

Resource shortage -Remaining diskspace below

: The amount of remaining disk space on the server hasdropped below the configured alert threshold.

Smart ProtectionServices - Serviceunavailable

: The Worry-Free Business Security console cannot connectto the Smart Scan Server

Update - OutdatedExchange servers

: Outdated components detected on Exchange server(s)

Update - Outdatedagents

: Over <number> of the Security Agents did not receive thelatest antivirus patterns in the last hour

9-1

Chapter 9

Worry-Free Business SecurityServices in Remote Manager


• Worry-Free Business Security Services on page 9-2

• Registering Worry-Free Business Security Services on page 9-2

• Managing Worry-Free Business Security Services on page 9-4

• Worry-Free Business Security Services Events on page 9-10

• Worry-Free Business Security Services Notifications on page 9-12


9-2

Worry-Free Business Security ServicesTrend Micro™ Worry-Free Business Security Services is a comprehensive, centrally-managed solution for small- and medium-sized business.

Worry-Free Business Security Services provides most of the advantages of Worry-FreeBusiness Security Standard. Because Worry-Free Business Security Services is a hostedservice, you can centrally manage security from anywhere without the need to add,install, configure, or maintain a server. Trend Micro security experts host and constantlyupdate the service for you.

Trend Micro Remote Manager monitors and manages Worry-Free Business SecurityServices servers located at Trend Micro data centers.

For information about Worry-Free Business Security Services, refer to thedocumentation at:


Registering Worry-Free Business SecurityServices





Connecting a Worry-Free Business Security ServicesCustomer to the Remote Manager Web Console

To manage Worry-Free Business Security Services from the Trend Micro RemoteManager web console, a customer’s Worry-Free Business Security Services account mustregister with Remote Manager by carrying out the following:


Worry-Free Business Security Services in Remote Manager

9-3

Note

If the reseller added the product to your account from Licensing Management Platform,you do not need to do the following steps.

Procedure

1. Add the product to the Remote Manager web console and save the GUID orAuthorization Key.

For more information, refer to Adding New Products Using a Licensing ManagementPlatform Account on page 3-8.

2. Sign into the customer’s Worry-Free Business Security Services account.

3. Go to Administration > Trend Micro Remote Manager.

4. Type the Authorization Key and click Connect.

Disconnecting a Worry-Free Business Security ServicesCustomer from the Remote Manager Web Console

To disconnect Worry-Free Business Security Services from the Remote Manager webconsole:

• If the account has been integrated with Licensing Management Platform, thereseller can delete the service plan from the Licensing Management Platform webconsole. Once the service plan has been deleted, the customer will be disconnectedfrom the Remote Manager web console.

• For other accounts, the customer can open the Remote Manager screen on theWorry-Free Business Security Services web console and click Disconnect.

The customer will then be notified on the Worry-Free Business Security Servicesconsole.


9-4

Managing Worry-Free Business SecurityServices

Remote Manager allows you to complete the following tasks for a registered Worry-FreeBusiness Security Services installation.

Table 9-1. Worry-Free Business Security Services Management Tasks

Task Description



Access the Worry-Free Business SecurityServices console

Access the Worry-Free Business SecurityServices console by clicking OpenConsole.

Security Settings for Worry-Free Business SecurityServices

Feature Description

Scan Method • Smart Scan: The client uses its own scan engine, but instead ofusing only a local pattern file to identify threats, it primarily relieson the pattern file held on the Scan Server.

• Conventional Scan: The client uses its own scan engine andlocal pattern file to identify threats.

Antivirus/Anti-Spyware

• Enable real-time Antivirus/Anti-Spyware: Real-time scanningprovides protection against file-based threats.


9-5

Feature Description

Firewall • Enable Firewall: The firewall can block or allow certain types ofnetwork traffic by creating a barrier between the client and thenetwork. Additionally, the firewall will identify patterns in networkpackets that may indicate an attack on clients.

• Simple mode: Enables the firewall with Trend Microdefault settings

• Advanced mode:Configure the security level, IDS,notifications and expectations.

ImportantAfter selecting advanced mode, you must configure theadvanced settings using the Worry-Free BusinessSecurity Services console.


9-6

Feature Description

WebReputation

• Enable Web Reputation: Web Reputation enhances protectionagainst malicious websites. Web Reputation leverages TrendMicro's extensive web security database to check the reputationof URLs that Clients are attempting to access or URLs embeddedin email messages that are contacting websites.

• High: Blocks the following pages:

• Dangerous: Verified to be fraudulent or known sourcesof threats

• Highly suspicious: Suspected to be fraudulent orpossible sources of threats

• Suspicious: Associated with spam or possiblycompromised

• Untested: While Trend Micro actively tests web pagesfor safety, users may encounter untested pages whenvisiting new or less popular websites. Blocking access tountested pages can improve safety but can also preventaccess to safe pages

• Medium: Blocks the following pages:


• Highly suspicious: Suspected to be fraudulent orpossible sources of threats

• Low (default): Blocks the following pages:



9-7

Feature Description

URL Filtering • Enable URL Filtering: URL filtering helps you control access towebsites to reduce unproductive employee time, decreaseInternet bandwidth usage, and create a safer Internetenvironment. You can choose a level of URL filtering protection orcustomize which types of websites you want to screen.

• High: Blocks known or potential security threats,inappropriate or possibly offensive content, content that canaffect productivity or bandwidth, and unrated pages

• Medium: Blocks known security threats and inappropriatecontent

• Low (default): Blocks known security threats

• Custom: Select your own categories, and whether you wantto block the categories during business hours or leisurehours.


9-8

Feature Description

BehaviorMonitoring

• Enable Behavior Monitoring: Behavior Monitoring protectsclients from unauthorized changes to the operating system,registry entries, other software, or files and folders.

• Enable all ransomware protection features

• Enable document protection against unauthorizedencryption or modification: Protects documents fromunauthorized changes.

NoteEnabling this option stops processes that rename,modify and delete files, and then quarantines theprograms that are running these processes.

• Automatically back up and restore files modified bysuspicious programs: Automatically backs up filesmodified by suspicious programs if document protectionis enabled.

• Enable blocking of processes commonly associatedwith ransomware: Protects endpoints from ransomwareattacks by blocking processes commonly associated withhijacking attempts.

• Enable program inspection to detect and blockcompromised executable files: Increases detection bymonitoring processes for ransomware-like behavior.

• Enable Intuit QuickBooks Protection: Protects all IntuitQuickBooks files and folders from unauthorized changes byother programs. Enabling this feature will not affect changesmade from within Intuit QuickBooks programs, but will onlyprevent changes to the files from other unauthorizedapplications.


9-9

Feature Description


• Enable Predictive Machine Learning: Predictive MachineLearning protects your network from new, previously unidentified,or unknown threats through advanced file feature analysis andheuristic process monitoring.

• File

• Quarantine: Select to automatically quarantine files thatexhibit malware-related features based on the PredictiveMachine Learning analysis

• Log only: Select to scan unknown files and log thePredictive Machine Learning analysis for further in-houseinvestigation of the threat

• Process

• Terminate: Select to automatically terminate processesor scripts that exhibit malware-related behaviors basedon the Predictive Machine Learning analysis

ImportantPredictive Machine Learning attempts to clean thefiles that executed the malicious processes orscripts. If the clean action is unsuccessful, thetrend_client_program_single quarantines theaffected files.

• Log only: Select to scan unknown processes or scriptsand log the Predictive Machine Learning analysis forfurther in-house investigation of the threat

Mail Scan • Enable POP3 message scanning: The POP3 Mail Scan plug-inprotects clients in real-time against security risks and spamtransmitted through POP3 email messages.

For more details, see the Worry-Free Business Security Services Online Help.



9-10

Worry-Free Business Security Services EventsTable 9-2. Threat Events






Antivirus Real-time Scan disabled : Security Agents with Real-time Scandisabled cannot protect endpoints fromvirus/malware in newly created or executedfiles



Virus detections exceed : The detected virus/malware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)


9-11


ApplicationControl

Application Controlviolations exceed

: The detected Application Controlviolation count exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

BehaviorMonitoring



DeviceControl



Networkvirus



OutbreakDefense






URLFiltering



9-12


WebReputation





Agents disconnected : Security Agents cannot connect to theSmart Protection Network

Update Outdated agents : Security Agents with outdatedpatterns after two hours of antivirus patternrelease exceeded threshold

Worry-Free Business Security ServicesNotifications

ImportantFor events with a configurable threshold, you must configure the threshold value separatelyfor each customer on the Worry-Free Business Security Services console.


9-13


Event Details




Antivirus - Real-timeScan disabled













9-14

Event Details

Predictive MachineLearning -Predictive MachineLearning detectionsexceed

: The detected Predictive Machine Learning count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)







Application Control -Application Controlviolations exceed

: The detected Application Control violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)


Event Details


: Security Agents with outdated patterns after two hours ofantivirus pattern release exceeded threshold

Smart ProtectionServices - Agentsdisconnected

: Security Agents cannot connect to the Smart ProtectionNetwork

Part IVIntegrating Third-Party

Solutions

10-1

Chapter 10

AutoTask SupportThis section describes how to integrate Remote Manager with Autotask and thesupported event notifications for Trend Micro products and services.

Topics include:

• Integrating Autotask™ on page 10-2

• Supported Trend Micro Product Events in Autotask on page 10-6


10-2

Integrating Autotask™Configure the following settings to integrate Autotask™ with Remote Manager:

Integrating Remote Manager with Autotask

Procedure

1. Log on to the Autotask web console at https://ww2.autotask.net.

2. Go to the Autotask Logo Menu > ADMIN.

The ADMIN screen appears.

3. Expand APPLICATION-WIDE (SHARED) FEATURES and click IncomingEmail Processing.

The INCOMING EMAIL PROCESSING screen appears.

4. Hover over the Add Ticket Email Service (ATES) menu icon ( ) and clickEdit.

The EMAIL PROCESSING MAILBOX - ADD TICKET EMAIL SERVICE(ATES) screen appears.

5. Make a note of your Service Provider ID and Service Provider Password, soyou can enter these details later.

6. Log on to the Remote Manager web console.

7. Go to Administration > Configure third-party integration.

8. In the Autotask section, select Enable Integration, and then type the Logon IDand Logon password you noted down earlier. From the Language drop-downmenu, select your preferred language.

https://ww2.autotask.net

AutoTask Support

10-3

9. Click Save.

10. Go to the Customers screen.

11. Select the company you want to receive Autotask notifications from.

12. Click the Notification tab.

13. Select Me as the recipient to ensure that you will receive email notifications. Addadditional recipients, if necessary, by typing their email addresses in the Additionalrecipients field.

14. Select Autotask from the Third-party notifications list.

15. Select one of the following options:

• Use default real-time email notification settings


10-4

• Use custom settings

Enabling Autotask to Display Remote ManagerNotifications

Procedure

1. Log on to the Autotask web console at https://ww2.autotask.net.

2. Go to the Autotask Logo Menu > ADMIN.

The ADMIN screen appears.

3. Expand SERVICE DESK (TICKETS), and go to Issue & Sub-Issue Types >Managed Services Alert.

4. Add the following fields into the ticketing system:

• Trend Micro Threat Events

• Trend Micro System Events

• Trend Micro License Events

5. Click Save & Close.

6. Go to the Autotask Logo Menu to return to the ADMIN page.

7. Expand APPLICATION-WIDE (SHARED) FEATURES, and go toIncoming Email Processing.

The INCOMING EMAIL PROCESSING screen appears.

8. Point the cursor over the Add Ticket Email Service (ATES) menu icon ( ) andclick Edit.

The EMAIL PROCESSING MAILBOX - ADD TICKET EMAIL SERVICE(ATES) screen appears.

9. Click the Ticket tab.

https://ww2.autotask.net

AutoTask Support

10-5

10. From the Sub-Issue Type drop-down menu, select Trend Micro Threat Events.


12. Go to the Autotask Logo Menu to return to the ADMIN page.

13. Expand APPLICATION-WIDE (SHARED) FEATURES, and go to USER-DEFINED FIELDS > + New.

The USER-DEFINED FIELDS screen appears.

14. Type Trend Micro Site ID in the Name field, and select the Required checkbox.


Enabling Autotask to Generate Account Tickets

Procedure

1. Go to Autotask Logo Menu > CRM.

The ACCOUNT SEARCH screen appears.

2. Click + New Account. In the new pop-up window which opens, enter the accountinformation, including the Trend Micro Site ID.

Note

The Trend Micro Site ID is the unique ID exported from Remote Manager. Youcan locate this ID by logging onto the Remote Manager console and going toCustomers > Export All. In the exported .csv file, the Unique ID is to the rightof the Company name.


4. Go to CRM > My Account Tickets (under Reports) to view your accounttickets.


10-6

Supported Trend Micro Product Events inAutotask

Remote Manager can send the following event notifications to the Autotask system.

Product Events

CloudEdge

• Botnet

• Intrusion Prevention System(IPS)

• Web Reputation

• Virus

HostedEmailSecurity



• Threat Summary



InterScanWebSecurityas aService

• Antivirus

• Anti-spyware

• Web Reputation

• URL Filtering

• App Control

Worry-FreeBusinessSecurityStandardandAdvanced

• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus

• Anti-Spam

• Outdated Managed Servers

• Unusual System Events

• License Expiration

• URL Filtering

• Device Control

• Exchange Server Shutdown

• Active DirectorySynchronization Issues

• Worry-Free Business SecurityStandard and Advanced ServerShutdown

AutoTask Support

10-7

Product Events

Worry-FreeBusinessSecurityServices

• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus




• URL Filtering


• Active DirectorySynchronization Issues

11-1

Chapter 11

ConnectWise SupportThis section describes how to integrate Remote Manager with ConnectWise and thesupported event notifications for Trend Micro products and services.

Topics include:

• Integrating ConnectWise™ on page 11-2

• Supported Trend Micro Product Events in ConnectWise on page 11-57


11-2

Integrating ConnectWise™ConnectWise is a professional services automation (PSA) and remote monitoring andmanagement (RMM) solution that provides Managed Service Providers and Resellersreal-time dashboards and reporting, incident management, service asset andconfiguration management, and automated billing services.

Remote Manager can send event information to ConnectWise in the form of emailmessages that are transformed into ConnectWise tickets. For this to occur, you must addnotification recipients to the Remote Manager web console and several fields to theConnectWise ticketing system.

To successfully integrate Remote Manager, begin receiving notifications, and generateaccount tickets in ConnectWise, complete the following integration steps:

1. Configure prerequisite ConnectWise settings before integrating with RemoteManager:

• Configuring Settings in ConnectWise 2015.1 and Later Versions on page 11-2

• Configuring Settings in ConnectWise 2014.5 and Earlier Versions on page 11-34

2. Configuring Global ConnectWise Integration Settings in Remote Manager on page 11-52

3. Configuring Customer-specific ConnectWise Integration Settings in Remote Manager on page11-54

Configuring Settings in ConnectWiseIntegrate Remote Manager with the ConnectWise versions listed below:

Configuring Settings in ConnectWise 2015.1 and LaterVersions

Trend Micro Remote Manager requires that you configure the following ConnectWisesettings before integrating the two products:

• Add Companies to ConnectWise on page 11-3

ConnectWise Support

11-3

• Create a Contact on page 11-5

• Change the Default Status of Companies to Active on page 11-7

Tip

Trend Micro recommends configuring Service Boards in ConnectWise to more easily viewyour customer data.

For more information, see Create a Service Board on page 11-9.

Follow the steps below to configure Trend Micro Remote Manager integration withConnectWise 2015.1 and later versions:

Procedure

1. Create an Integrator Login on page 11-14

2. For Hosted Email Security customers, Integrate Hosted Email Security with ConnectWiseon page 11-17.

3. Add Trend Micro Products to ConnectWise on page 11-20

4. For customers using ConnectWise Management Solutions:

a. Create a Management Solution on page 11-23

b. Create Cross-references on page 11-27

5. Create an Agreement on page 11-31

General ConnectWise Settings

The following ConnectWise settings should be configured before integrating TrendMicro Remote Manager with ConnectWise:

Add Companies to ConnectWise

Add the Trend Micro Remote Manager companies that you manage using ConnectWise.


11-4

Note

This procedure displays screens from ConnectWise 2015.1. Depending on the version ofConnectWise you are using, the screens may vary.

Procedure

1. From the ConnectWise console, go to Companies > Companies.

The Company Search screen appears.

2. Click New Item ( ) to create a new company.

The New Company screen appears.

3. Specify the following details:

• Company

ConnectWise Support

11-5

• Address 1

• Company ID

Tip

Trend Micro recommends using the Trend Micro Remote Manager cutomername.

4. Click Save.

ConnectWise adds the company information.

Create a Contact

Contacts allow you to assign Agreements to companies.

For details on creating Agreements, see Create an Agreement on page 11-31

Note


Procedure



2. Type the company name in the Company Name field and click Search.


11-6

The {Company} screen appears.

3. Click the Contacts tab.

4. Click New Item ( ) to create a new contact for the company.

The New Contact screen appears.

5. Type a name in the Name field.

6. Provide any additional information as required.

7. Click Save.

ConnectWise Support

11-7

ConnectWise adds the contact to the company.

Change the Default Status of Companies to Active

Setting the default status of your companies to “Active” ensures that they appear on theTrend Micro Remote Manager console for billing and ticketing.

Note


Procedure

1. From the ConnectWise console, go to System > Setup Tables.

The Setup Tables screen appears.

2. Type company status in the Table field and click Search.


11-8

The Company Status setup table appears.

3. Click the Company Status setup table name.

The Company Status List screen appears.

4. In the Description column, click Active.

ConnectWise Support

11-9

The Company Status screen appears.

5. Ensure that Default Flag is enabled.

6. Click Save.

You can now view the company on the Trend Micro Remote Manager console.

Create a Service Board

Create a Trend Micro Remote Manager event notifications service board to allow you tomanage all Trend Micro Remote Manager tickets through the ConnectWise ServiceBoard screen.


11-10

Note


Procedure



2. Type service board in the Table field and click Search.

The Service Board setup table appears.

3. Click the Service Board setup table.

ConnectWise Support

11-11

The Service Board List screen appears.

4. Click New Item ( ) to create a new service board.


11-12

The Service Board screen appears.

5. Specify the following information for your company:

• Board Name

• Location

• Business Unit

• Signoff Template

6. Click Save.

ConnectWise Support

11-13

A selection of tabs appears at the top of the screen.

7. To optionally create a service status to define the level of service that exists for thecustomer, click the Statuses tab.

The Status List screen appears.

8. Click New Item ( ) to create a new service status.

9. Specify the following information:

• Status Description: Type new.

• Sort Order: Type 0.

• Ensure that Display On Board? is enabled.

10. Click Save.

ConnectWise updates the service status.


11-14

Note

Complete the process to allow you to use the ConnectWise Service Board to manageTrend Micro Remote Manager tickets by enabling the service ticket API.

For more information, see Create an Integrator Login on page 11-14.

Create an Integrator Login

Creating an integrator login allows Trend Micro Remote Manager to send informationto ConnectWise.

Procedure



2. Type integrator login in the Table field and click Search.

ConnectWise Support

11-15

The Integrator Login setup table appears.

3. Click the Integrator Login setup table name.

The Integrator Login List screen appears.

4. Click New Item ( ) to create a new integrator login.


11-16

The Integrator Login screen appears.

5. Provide the Username and Password that you will use for the integrator login.

6. In the Access Level drop-down, select All records.

ConnectWise Support

11-17

7. Enable the following available APIs:

• Service Ticket API

Note

Optionally select preconfigured service boards from the Service Board drop-down list


• Company API

• Product API

• Reporting API

• System API

• Configuration API

• Agreement API

8. Click Save.

Trend Micro Remote Manager can now send information to ConnectWise.

9. Follow the steps below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2015.1 and later versions:

a. For Hosted Email Security customers, Integrate Hosted Email Security withConnectWise on page 11-17

b. Add Trend Micro Products to ConnectWise on page 11-20

Integrate Hosted Email Security with ConnectWise

Integrate Hosted Email Security with companies in ConnectWise to inform users ofspam and email virus detections.


11-18

Note


Procedure





3. Click the Configurations tab.

4. Click New Item ( ) to create a new configuration.

ConnectWise Support

11-19

The New Configuration screen appears.

5. Type the company ID in the Configuration Name field.

6. Select Spam Stats from the Type drop-down list.

7. Click Save.


11-20

NoteTo specify how frequently Trend Micro Remote Manager should send spam stats toConnectWise, see Configuring Global ConnectWise Integration Settings in Remote Manager onpage 11-52.

8. Follow the step below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2015.1 and later versions:

a. Add Trend Micro Products to ConnectWise on page 11-20

Add Trend Micro Products to ConnectWise

Integrate the following Trend Micro Remote Manager products/services withConnectWise for billing purposes:

• Worry-Free Business Security Standard

• Worry-Free Business Security Advanced



NoteThis procedure displays screens from ConnectWise 2015.1. Depending on the version ofConnectWise you are using, the screens may vary.

Procedure

1. From the ConnectWise console, go to Procurement > Products.

ConnectWise Support

11-21

The Products screen appears.

2. Click New Item ( ) to add a new product.


11-22

The Product Item screen appears.

3. Type the necessary Trend Micro Remote Manager managed product/serviceproduct IDs in the Product ID field.

Table 11-1. Trend Micro Product IDs for ConnectWise Integration

Product/Service Product ID

Worry-Free Business Security Standard WFBS-S

ConnectWise Support

11-23


Worry-Free Business Security Advanced WFBS-A

Worry-Free Business Security Services WFBS-SVC

Hosted Email Security HES


• Description

• Unit Price

• Customer Description

5. Click Save.

ConnectWise adds the new product to the products list.

6. Follow the steps below to continue configuring Trend Micro Remote Managerintegration with ConnectWise:

a. For customers using ConnectWise Management Solutions, Create a ManagementSolution on page 11-23 and Create Cross-references on page 11-27

b. Create an Agreement on page 11-31

Create a Management Solution

Note


Procedure



11-24


2. Type management it in the Table field and click Search.

The Management IT setup table appears.

3. Click the Management IT setup table.

ConnectWise Support

11-25

The Management IT Solution List appears.

4. Click New Item ( ) to create a new management solution.

The Solution Setup screen appears.


• Name: Type TMRM Management Setup.

• Management IT Solution: Select Custom.

• Custom Solution Name: Type TMRM Management Solution.


11-26

Important

Trend Micro Remote Manager requires that the specified values exactly matchthe examples provided.

6. Click Save.

ConnectWise adds the management solution to the Management IT SolutionList.

7. Associate the management solution with Trend Micro customers.

a. Go to the Company screen for the Trend Micro customer.

b. Click the Management tab.

c. Next to Management Solutions, click New Item ( ).

d. From the Solution drop-down, select TMRM Management Solution/TMRM Management Setup.

e. Specify a Managed ID.

f. Click Save.

ConnectWise Support

11-27

The Management Solution is ready for use.

8. Follow the steps below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2015.1 and later versions:

a. For customers using ConnectWise Management Solutions, Create Cross-references on page 11-27

b. Create an Agreement on page 11-31

Create Cross-references

Create cross-references to associate Remote Manager products/services withConnectWise.


Procedure



11-28


2. Type managed devices integration in the Table field and click Search.

The Managed Devices Integration setup table appears.

3. Click the Managed Devices Integration setup table.

ConnectWise Support

11-29

The Managed Devices Integration List appears.

4. Click TMRM Management Solution in the Management Solution column.

NoteFor more information on creating a Management Solution, see Create a ManagementSolution on page 11-23.


11-30

The Managed Devices Integration screen appears.

5. Click the Cross-References tab.

6. Click New Item ( ) to create a product.

7. Specify the required settings for each of your Remote Manager managed products/services.

Product/Service Settings

Worry-FreeBusiness SecurityStandard

• Type: T-WFBS-S

• Level: Standard

• Agreement Type: Managed Service

• Product: WFBS-S

• Configuration Type : Spam Stats

ConnectWise Support

11-31


Worry-FreeBusiness SecurityAdvanced

• Type: T-WFBS-A

• Level: Advanced


• Product: WFBS-A

• Configuration Type: Spam Stats


• Type: T-WFBSS

• Level: Standard


• Product: WFBSS



• Type: T-HES

• Level: Standard


• Product: HES


8. Click Save.

ConnectWise adds the product/service to the Cross-References.

9. Follow the step below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2015.1 and earlier versions:

a. Create an Agreement on page 11-31

Create an Agreement

Create agreements for each company in order for ConnectWise to provide automatedbilling services to Trend Micro Remote Manager customers.


11-32

Note


Procedure





3. Click the Agreements tab.

4. Click New Item ( ) to create a new agreement.

ConnectWise Support

11-33

The New Agreement screen appears.

5. From the Agreement Type drop-down list, select Managed Service.

6. Specify an Agreement Name.


11-34

7. Specify the contact information.

a. In the Contact field, type the contact name.

b. Click Search.

The Contacts screen appears.

c. Select the contact from the list.

8. Provide the Start Date for the billing.

9. Provide the End Date or select No Ending Date.

10. Click Save.

ConnectWise creates the customer Agreement.

Configuring Settings in ConnectWise 2014.5 and EarlierVersionsTrend Micro Remote Manager requires that you configure the following ConnectWisesettings before integrating the two products:

• Add Companies to ConnectWise on page 11-3

• Create a Contact on page 11-5

• Change the Default Status of Companies to Active on page 11-7

ConnectWise Support

11-35

Tip

Trend Micro recommends configuring Service Boards in ConnectWise to more easily viewyour customer data.


Follow the steps below to configure Trend Micro Remote Manager integration withConnectWise 2014.5 and earlier versions:

Procedure

1. Create an Integrator Login on page 11-35

2. For Hosted Email Security customers, Integrate Hosted Email Security with ConnectWiseon page 11-39

3. Add Trend Micro Products to ConnectWise on page 11-42

4. Create a Management Solution on page 11-45

5. Create Cross-references on page 11-49

6. Create an Agreement on page 11-31

Create an Integrator Login

Creating an integrator login allows Trend Micro Remote Manager to send informationto ConnectWise.

Note


Procedure



11-36


2. Type integrator login in the Table field and click Search.

The Integrator Login setup table appears.

3. Click the Integrator Login setup table name.

ConnectWise Support

11-37

The Integrator Login List screen appears.

4. Click New Item ( ) to create a new integrator login.


11-38

The Integrator Login screen appears.

5. Provide the Username and Password that you will use for the integrator login.

6. In the Access Level drop-down, select All records.

ConnectWise Support

11-39

7. Enable the following available APIs:

• Service Ticket API

Note

Optionally select preconfigured service boards from the Service Board drop-down list


• Managed Services API

• Company API

• System API

• Configuration API

8. Click Save.

Trend Micro Remote Manager can now send information to ConnectWise.

9. Follow the steps below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2014.5 and earlier versions:

a. For Hosted Email Security customers, Integrate Hosted Email Security withConnectWise on page 11-17

b. Add Trend Micro Products to ConnectWise on page 11-20

Integrate Hosted Email Security with ConnectWise

Integrate Hosted Email Security with companies in ConnectWise to inform users ofspam and email virus detections.

Note



11-40

Procedure





3. Click the Configurations tab.

4. Click New Item ( ) to create a new configuration.

ConnectWise Support

11-41

The New Configuration screen appears.

5. Type the company ID in the Configuration Name field.

6. Select Spam Stats from the Type drop-down list.

7. Click Save.


11-42

NoteTo specify how frequently Trend Micro Remote Manager should send spam stats toConnectWise, see Configuring Global ConnectWise Integration Settings in Remote Manager onpage 11-52.

8. Follow the step below to continue configuring Trend Micro Remote Managerintegration with ConnectWise 2014.5 and later versions:

a. Add Trend Micro Products to ConnectWise on page 11-42

Add Trend Micro Products to ConnectWise

Integrate the following Trend Micro Remote Manager products/services withConnectWise for billing purposes:

• Worry-Free Business Security Standard

• Worry-Free Business Security Advanced




Procedure

1. From the ConnectWise console, go to Procurement > Products.

ConnectWise Support

11-43

The Products screen appears.

2. Click New Item ( ) to add a new product.


11-44

The Product Item screen appears.

3. Type the necessary Trend Micro Remote Manager managed product/serviceproduct IDs in the Product ID field.

Table 11-2. Trend Micro Product IDs for ConnectWise Integration


Worry-Free Business Security Standard WFBS-S

ConnectWise Support

11-45


Worry-Free Business Security Advanced WFBS-A

Worry-Free Business Security Services WFBS-SVC

Hosted Email Security HES


• Description

• Unit Price

• Customer Description

5. Click Save.

ConnectWise adds the new product to the products list.


a. Create a Management Solution on page 11-45

Create a Management Solution


Procedure



11-46


2. Type management it in the Table field and click Search.

The Management IT setup table appears.

3. Click the Management IT setup table.

ConnectWise Support

11-47

The Management IT Solution List appears.

4. Click New Item ( ) to create a new management solution.

The Solution Setup screen appears.


• Name: Type TMRM Management Setup.

• Management IT Solution: Select Custom.

• Custom Solution Name: Type TMRM Management Solution.


11-48

Important

Trend Micro Remote Manager requires that the specified values exactly matchthe examples provided.

6. Click Save.

ConnectWise adds the management solution to the Management IT SolutionList.

7. Associate the management solution with Trend Micro customers.

a. Go to the Company screen for the Trend Micro customer.

b. Click the Management tab.

c. Next to Management Solutions, click New Item ( ).

d. From the Solution drop-down, select TMRM Management Solution/TMRM Management Setup.

e. Specify a Managed ID.

f. Click Save.

ConnectWise Support

11-49

The Management Solution is ready for use.


a. Create Cross-references on page 11-49

Create Cross-referencesCreate cross-references to associate Remote Manager products/services withConnectWise.


Procedure




11-50

2. Type managed devices integration in the Table field and click Search.

The Managed Devices Integration setup table appears.

3. Click the Managed Devices Integration setup table.

The Managed Devices Integration List appears.

4. Click TMRM Management Solution in the Management Solution column.

Note

For more information on creating a Management Solution, see Create a ManagementSolution on page 11-23.

ConnectWise Support

11-51

The Managed Devices Integration screen appears.

5. Click the Cross-References tab.

6. Click New Item ( ) to create a product.

7. Specify the required settings for each of your Remote Manager managed products/services.


Worry-FreeBusiness SecurityStandard

• Type: T-WFBS-S

• Level: Standard


• Product: WFBS-S

• Configuration Type : Spam Stats


11-52


Worry-FreeBusiness SecurityAdvanced

• Type: T-WFBS-A

• Level: Advanced


• Product: WFBS-A



• Type: T-WFBSS

• Level: Standard


• Product: WFBSS



• Type: T-HES

• Level: Standard


• Product: HES


8. Click Save.

ConnectWise adds the product/service to the Cross-References.


Create an Agreement on page 11-31

Configuring Global ConnectWise Integration Settings inRemote Manager

After preparing the ConnectWise console settings, you can configure the RemoteManager console to begin sending notifications to ConnectWise.

ConnectWise Support

11-53

Procedure


The Configure third-party integration screen appears.

2. In the ConnectWise section, select Enable notification integration to allowConnectWise to receive notifications from Trend Micro Remote Manager.


• ConnectWise URL: Type the URL of the service.

• Company ID: Type the company name used in the ConnectWise console.

• Logon ID: Type the integrator login username created in ConnectWise.


11-54

Note

For more information, see Create an Integrator Login on page 11-35

• Logon password: Type the integrator login password created inConnectWise.

4. In the Notification Settings section:

• Enable Send billing information for all products to ConnectWise everymonth on day __ to perform automated billing of all Trend Micro productsfor all ConnectWise customers.

Note

• Click Send Now to send the current bill to ConnectWise customersimmediately.

• If you select 29, 30, or 31, and the month ends before the configured date,Remote Manager sends the billing information on the last day of themonth instead.

• Enable Send the spam/email virus detections information from Hostedemail Security to ConnectWise every ___ to perform automated securityreporting for Hosted Email Security customers.

5. Click Save.

ConnectWise can now receive notifications from Remote Manager.

Configuring Customer-specific ConnectWise IntegrationSettings in Remote Manager

You must enable ConnectWise notifications and integration for each Trend Microcustomer on the Remote Manager console if you want to automate Remote Managernotifications.

ConnectWise Support

11-55

Procedure

1. To enable Remote Manager to send notifications to ConnectWise, go toCustomers > {Company}.

2. Click the Notification tab.

The following screen appears:

3. In the Third-party Notifications section, select ConnectWise.

4. Click Save.

5. To integrate the ConnectWise settings for this customer, click the ConnectWisetab.

6. Select Enable integration.

7. Specify the ConnectWise Company ID for this customer.

Tip

Click Test Validity to verify the company ID.

8. Click Save.


11-56

Trend Micro Remote Manager syncs the customer information from ConnectWiseand loads any available agreement information. The following screen appears:

9. In the Agreements section, you can assign ConnectWise Agreements to TrendMicro products.

Note

Assigning agreements to Trend Micro products allows ConnectWise to provideautomated billing services for Trend Micro Remote Manager customers.

Important

• If you previously configured ConnectWise using the “TMRM ManagementSolution” or “Managed Service” agreement type, “Default” appears next to theTrend Micro product name.

• If you did not configure ConnectWise using the “TMRM ManagementSolution” or “Managed Service” agreement type, you can assign ConnectWiseagreements to Trend Micro products.

a. Click Set Up.

The Product Agreements screen appears.

ConnectWise Support

11-57

b. For each product, first select the agreement type and then select theagreement name.

c. Click OK.

10. Select either of the following integration settings:

• Select Use global settings from Administration > Configure third-partyintegration > ConnectWise settings to apply the global integration settings.

• Select Use custom settings to configure customer-specific notifications forbilling and executive summaries.

11. Click Save.

Supported Trend Micro Product Events inConnectWise

Remote Manager can send the following event notifications to the ConnectWise system.

Product Events

CloudEdge

• Botnet


• Web Reputation

• Virus

HostedEmailSecurity



• Threat Summary



InterScanWebSecurityas aService

• Antivirus

• Anti-spyware

• Web Reputation

• URL Filtering

• App Control


11-58

Product Events


• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus

• Anti-Spam




• URL Filtering

• Device Control




• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus




• URL Filtering


12-1

Chapter 12

Kaseya SupportThis section describes how to integrate Remote Manager with Kaseya and the supportedevent notifications for Trend Micro products and services.

Topics include:

• Integrating Kaseya™ on page 12-2

• Managing Trend Micro Customers in Kaseya on page 12-20

• Managing Worry-Free Security Agents in Kaseya on page 12-24

• Trend Micro Dashboard on page 12-29

• Supported Trend Micro Product Events in Kaseya on page 12-30


12-2

Integrating Kaseya™The following topics contain information on integrating Kaseya with Remote Manager:

Configuring Kaseya Notification Settings in RemoteManager

Procedure



Figure 12-1. The Kaseya section

2. In the Kaseya section, select Enable integration.

3. Type the Kaseya email address.

4. Click Save.

The Successful notification appears.

5. Go to Customers > {Company} > Notification.

Kaseya Support

12-3


6. Select Me as a recipient if you want to receive notification emails.

7. In the Additional recipients field, type the email addresses of any additionalrecipients who may require receiving notification emails.

8. Select Kaseya from the third-party notifications list.

9. Select the product notification settings that should be sent to Kaseya.

NoteSelect the default real-time notification settings that are applicable to all products andcustomers, or specify the settings for this customer.

10. Click Save.

11. Repeat steps 6 to 10 for each customer.


12-4

Configuring Notification Settings in Kaseya

Procedure

1. In Kaseya, add the following fields to the ticketing system to show Trend MicroRemote Manager notifications.


Field Name Purpose

TM_CreateTime Event generation time

TM_ProductName Product name

TM_AgentGUID Remote Manager agent GUID

TM_CustomerName Customer/Company name

TM_EventName Event name

TM_ServerName Worry-Free Business Security servername

TM_MASClientName (optional) Exchange server name (only affectsthe Exchange Server Shutdownevent)

Kaseya Support

12-5

Figure 12-2. Kaseya Ticketing Fields


Field Name Purpose

TM_CreateTime Event generation time

TM_ProductName Product name

TM_CustomerName Customer/Company name

TM_EventName Event name


12-6

Figure 12-3. Kaseya Ticketing Fields

2. Ensure that the email setting is correct, as shown on the following screen:

Figure 12-4. Kaseya Email Settings

Kaseya Support

12-7

When an event is triggered, Kaseya will receive the ticket:

Figure 12-5. Kaseya Event Ticket

Installing the Trend Micro Worry-Free Services Plug-in forKaseya

This plug-in allows Remote Manager to sync Worry-Free Business Security Servicescustomer and detection data with Kaseya.

NoteThe Trend Micro Worry-Free Services Plug-in for Kaseya is not supported for customersusing a Customer Licensing Portal account.

Procedure

1. Open the Remote Manager console, and go to Administration > Configurethird-party integration.


12-8


2. Go to the Kaseya section.

3. Under Worry-Free Services Plug-in for Kaseya, click Download to save theplug-in.

4. Save the file on the Kaseya VSA server.

5. Execute theTrendMicroWorryFreeServicesPluginForKaseya_X.X.X.msi file.

The welcome screen appears.

6. Click Next.

Kaseya Support

12-9

The End-User License Agreement screen appears.

7. If you agree to the terms in the License Agreement, select the I accept the termsin the License Agreement check box.

8. Click Next.


12-10

The Installation Directory screen appears.

9. Confirm the Kaseya installation folder and click Next.

Kaseya Support

12-11

The Ready to Install screen appears.

10. Click Install.


12-12

After the installation completes, the Trend Micro Worry-Free Services Plug-infor Kaseya has been successfully installed screen appears.

NoteDuring installation, Kaseya opens a browser window displaying informationregarding the integration process.

11. Click Finish.

12. Open the Kaseya web console and go to Trend Micro > Worry-Free Services.

Kaseya Support

12-13


13. Provide the Remote Manager activation credentials.

• URL (including https)

• Access token

• Secret key

NoteTo locate the activation credentials:

a. Open the Remote Manager console and go to Administration > Configurethird-party integration and go to the Kaseya section.

b. Under Step 3. On the Kaseya console, go to Trend Micro > Worry-FreeServices and activate the plug-in., click View credentials.

c. Copy and paste the activation credentials to the Kaseya web console.

14. Click Connect.

The Activation Successful wizard appears which allows you to import yourexisting Kaseya customers to the Trend Micro Worry-Free Services Plug-in forKaseya


12-14

For details, see Importing Kaseya Customers on page 12-20.

Updating the Trend Micro Worry-Free Services Plug-in forKaseya

Updating the Trend Micro Worry-Free Services Plug-in for Kaseya allows you to use allnew features and enhancements. The updated version automatically applies allpreviously configured settings, including customer and Security Agent endpointinformation.

Procedure

1. Open the Remote Manager console, and go to Administration > Configurethird-party integration.


2. Go to the Kaseya section.

3. Under Worry-Free Services Plug-in for Kaseya, click Download to save theplug-in.

4. Save the file on the Kaseya VSA server.

5. Execute theTrendMicroWorryFreeServicesPluginForKaseya_X.X.X.msi file.

Kaseya Support

12-15

The welcome screen appears.

6. Click Next.


12-16

The End-User License Agreement screen appears.

7. If you agree to the terms in the License Agreement, select the I accept the termsin the License Agreement check box.

8. Click Next.

Kaseya Support

12-17

The Installation Directory screen appears.

9. Confirm the Kaseya installation folder and click Next.


12-18

The Ready to Install screen appears.

10. Click Install.

Kaseya Support

12-19

After the installation completes, the Trend Micro Worry-Free Services Plug-infor Kaseya has been successfully installed screen appears.

NoteDuring installation, Kaseya opens a browser window displaying informationregarding the integration process.

11. Click Finish.

The Worry-Free Services Plug-in for Kaseya is updated.


12-20

Managing Trend Micro Customers in KaseyaAfter activating the Trend Micro Worry-Free Services Plug-in for Kaseya, you can startassociating Kaseya customers with Trend Micro Accounts and manage the customerassociations directly from the Kaseya console.

• Importing Kaseya customers: Associates current Kaseya customers withpreexisting, or new, Trend Micro Accounts

For more information, see Importing Kaseya Customers on page 12-20.

• Customers Summary screen: Displays associated Trend Micro customers andKaseya customers not associated with Trend Micro Accounts

For more information, see Customers Summary on page 12-23.

Importing Kaseya Customers

Procedure

1. Go to the Integrate Kaseya Customers with Trend Micro Accounts screen.

• From the Kaseya navigation tree:

a. Go to Trend Micro > Worry-Free Services > Customers.

b. Click the Non-Trend Micro Customers tab.

c. Select the check boxes next to the customers you want to associate witha Trend Micro Account.

d. Click Import to Trend Micro.

• From the Activation Successful screen after activating the Kaseya plug-infor the first time, click Start.

ImportantYou must select the check boxes next to the Kaseya customers you want tointegrate with Trend Micro Accounts on the Integrate Kaseya Customerswith Trend Micro Accounts screen that appears.

Kaseya Support

12-21

The Integrate Kaseya Customers with Trend Micro Accounts screen appears.

2. In the Trend Micro Customer Account drop-down list:

• Select + Create a new Trend Micro Account to register a new customer inLicensing Management Platform

• Select from your existing Licensing Management Platform customers notalready assigned to another account

NoteIf all your customers have already been assigned, no customer information willdisplay in the list.

3. Click Next >.


12-22

The Trend Micro Customer Notifications screen appears.

4. Select Send all customer notifications to my Remote Manager email addressif you want all email notifications about the selected customers' environments sentto your registered email address.

5. Click Next >.

The Import Customers to Trend Micro screen appears.

6. Select a Service Plan for each customer.

Kaseya Support

12-23

7. Verify that the number of Seats allocated to each customer is correct, then clickImport > to add the selected customers to the list.

NoteBy default, Remote Manager provisions 20% more seats than the number ofendpoints that a client has registered in Kaseya (with a minimum of 10 seats perclient).

Customers SummaryThe customers screen displays after clicking the Customers node in the Kaseyanavigation tree. This screen allows you to view all your Kaseya customers anddisconnect a previously configured Kaseya customer from a Trend Micro Account.

The following table outlines the major sections of the customers screen.


12-24

Section Description

Trend MicroCustomers tab

Displays a table that outlines Trend Micro Account information forKaseya customers

NoteIf a Kaseya customer is no longer a Trend Micro customer,select the check box next to the Kaseya customer name in thetable and click Disconnect from Trend Micro Account toremove the customer from the list.

Disconnecting a Kaseya customer from Trend Micro does notuninstall the Security Agent from the customer's managedendpoints.

Non-TrendMicroCustomers tab

Displays a table that outlines account information for Kaseyacustomers not connected to Trend Micro Accounts

NoteTo import Kaseya customers to Trend Micro, select the checkboxes next to the customers you want to import and clickImport to Trend Micro.

For more information, see Importing Kaseya Customers onpage 12-20.

Managing Worry-Free Security Agents inKaseya

The Trend Micro Worry-Free Security Services Plug-in for Kaseya provides somelimited control of Security Agents through the Kaseya console.

From the Kaseya console, you can perform the following Worry-Free Business SecurityAgent tasks:

• Deploying the Security Agent to Unmanaged Endpoints on page 12-25

• Scanning Worry-Free Security Agents on page 12-26

Kaseya Support

12-25

• Updating Worry-Free Security Agents on page 12-28

Deploying the Security Agent to Unmanaged Endpoints

The Unmanaged Endpoints screen allows you to view the Kaseya list of all customerendpoints that do not currently have a Security Agent installed.

Important

Kaseya requires the Kaseya Agent Procedure script before you can deploy the SecurityAgent to endpoints.

Tip

You can export a list of unmanaged endpoints in CSV format for further evaluation.

Procedure

1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services >Unmanaged Endpoints.


2. Filter the search results using the Kaseya search bar.

3. Select the check boxes next to the machines on which you want to deploy theWorry-Free Business Security Agent.

4. Click Deploy Agent.


12-26

The Deploy Security Agent screen appears.

5. Click Deploy.

NoteEndpoints receive the command the next time Remote Manager synchronizes withWorry-Free Business Security Services. The default synchronization time is fiveminutes. Installation only occurs on endpoints that do not already have the SecurityAgent installed.

Scanning Worry-Free Security AgentsProcedure

1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services >Endpoints.


Kaseya Support

12-27

2. Filter endpoints using the drop-down list:

• All machines

• Online

• Offline

• Outdated

• With virus detections

• With spyware detections

3. Select the check boxes next to the endpoints you want to scan and click Scan.

A confirmation screen appears.

4. Click Scan.

Note

Endpoints receive the command the next time Remote Manager synchronizes withWorry-Free Business Security Services. The default synchronization time is fiveminutes.


12-28

Updating Worry-Free Security Agents

Procedure

1. Open the Kaseya web console, and go to Trend Micro > Worry-Free Services >Endpoints.


2. Filter endpoints using the drop-down list:

• All machines

• Online

• Offline

• Outdated

• With virus detections

• With spyware detections

3. Select the check boxes next to the endpoints you want to update and click Update.

A confirmation screen appears.

4. Click Update.

Kaseya Support

12-29

Note


Trend Micro DashboardUse the Dashboard to get a quick view of your Kaseya customers' security status andthe overall number of threats detected by Worry-Free Business Security Services.

The Dashboard provides the following widgets:

• Action Required Events Widget on page 12-29

• Threat Management Widget on page 12-30

Action Required Events WidgetThe Action Required Events widget lists your customers with endpoints that requireattention.

Events Description

ActionUnsuccessful

Click the Occurrences to go to the Worry-Free Business SecurityServices console and view unsuccessful scan results on acustomer's endpoints.

Real-Time ScanRequired

Click the Endpoints to go to the Worry-Free Business SecurityServices console and view endpoints with real-time scan disabled.

Restart Required Click the Occurrences to go to the Worry-Free Business SecurityServices console and view endpoints that need to restart to finishcleaning spyware/grayware.

Update Required Click the Endpoints to go to the the Worry-Free BusinessSecurity Services console and view endpoints that require anupdate.


12-30

Click a Company name to view information on the Remote Manager console.

Threat Management WidgetView the number of customers with different types of security detections. Click thethreat Type to view detailed information on the Remote Manager console.

Supported Trend Micro Product Events inKaseya

Remote Manager can send the following event notifications to the Kaseya system.

Product Events

CloudEdge

• Botnet


• Web Reputation

• Virus

HostedEmailSecurity



• Threat Summary



InterScanWebSecurityas aService:

• Antivirus

• Anti-spyware

• Web Reputation

• URL Filtering

• App Control

Kaseya Support

12-31

Product Events


• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus

• Anti-Spam




• URL Filtering

• Device Control




• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus




• URL Filtering


13-1

Chapter 13

LabTech SupportThis section describes how to integrate Remote Manager with LabTech and thesupported event notifications for Trend Micro products and services.

Topics include:

• Integrating LabTech™ on page 13-2

• Managing Trend Micro Customers in LabTech on page 13-8

• Managing Worry-Free Security Agents in LabTech on page 13-15

• Monitoring Worry-Free Business Security Services Agents on page 13-20

• Supported Trend Micro Product Events in LabTech on page 13-23


13-2

Integrating LabTech™The following topics contain information on integrating LabTech with RemoteManager:

Installing the Trend Micro Worry-Free Services Plug-in forLabTech

This plug-in allows Remote Manager to sync Worry-Free Business Security Servicescustomer and detection data with LabTech.

Note

The Trend Micro Worry-Free Services Plug-in for LabTech is not supported for customersusing a Customer Licensing Portal account.

Important

Some features of the Worry-Free Services Plug-in for LabTech require the latest version ofWorry-Free Business Security Services. Update all of your Security Agents are to the latestversion to ensure full support of all new features.

Note

This procedure displays screens from LabTech 11. Depending on the version of LabTechyou are using, the screens may vary.

Procedure

1. Download the Trend Micro Worry-Free Services Plug-in for LabTech from theLabTech Solution Center.

2. From the LabTech Control Center, go to Help > Plugin Manager.

LabTech Support

13-3

The Plugin Manager screen appears.

3. Select Trend Micro Worry-Free Services Plug-in for LabTech and clickEnable.

4. Update the remote agent.

Tip

If you are using LabTech 10.5 or earlier versions, go to Advanced > Reload Plugins> Update Remote Agent Plugins.

5. Exit and re-enter the LabTech Control Center.

The Trend Micro icon is added to the toolbar.

6. Click the Trend Micro button in the toolbar.


13-4

The Activate Trend Micro Integration screen appears.

7. Provide the Remote Manager activation credentials.

• URL (including https)

• Access token

• Secret key

TipTo locate the activation credentials:

a. Open the Remote Manager console and go to Administration > ConfigureThird-party integration > LabTech.

b. Click View credentials.

8. Click Connect.

The Activation Successful screen appears. You can begin integrating LabTechclient data with Trend Micro Accounts by clicking Start.

LabTech Support

13-5

For details, see Importing LabTech Clients on page 13-8.

Note

To integrate accounts at a later time, click the Trend Micro button in the toolbar andgo to Non-Trend Micro Customers.

Assigning Trend Micro User Permissions in LabTechAfter installing the Trend Micro Worry-Free Business Services Plug-in for LabTech, youmust assign permissions to LabTech users before they can access all of the plug-infeatures.

Procedure

1. In the LabTech Control Center navigation tree, go to Admin > Users and double-click the user you want to assign permissions to.


13-6

The Editing the information for {user} screen appears.

2. Click the Permissions tab.

LabTech Support

13-7

3. Under the User Classes field, click the Open User Class Manager ( ) icon.

The User Class Manager screen appears.

4. Select the following check boxes to assign the appropriate permissions.

Permission Type

Clients Read

Contacts Read

Database Access

Scripts Read

5. Click SAVE.

6. Click the Plugin tab.

7. Next to Trend Micro Worry-Free Services Plug-in for LabTech, select theAccess check box.

8. Click SAVE.


13-8

The LabTech user can access Trend Micro Worry-Free Services Plug-in forLabTech features.

Managing Trend Micro Customers in LabTechAfter activating the Trend Micro Worry-Free Services Plug-in for LabTech, you can startassociating LabTech customers with Trend Micro Accounts and manage the customerassociations directly from the LabTech console.

• Importing LabTech customers: Associates current LabTech customers withpreexisting, or new, Trend Micro Accounts

For more information, see Importing LabTech Clients on page 13-8.

• Customers Summary screen: Displays associated Trend Micro customers andLabTech customers not associated with Trend Micro Accounts

For more information, see Customers Summary on page 13-14.

Importing LabTech Clients

Procedure

1. Go to the Integrate LabTech Clients with Trend Micro Accounts screen.

• From the LabTech Control Center:

a. Click the Trend Micro button in the toolbar and go to Non-TrendMicro Customers.

b. Select the check boxes next to the LabTech clients you want to import.

c. Click Import to Trend Micro.

• From the Activation Successful screen after activating the LabTech plug-infor the first time, click Start.

LabTech Support

13-9

ImportantYou must select the check boxes next to the LabTech clients you want tointegrate with Trend Micro Accounts on the Integrate LabTech Clients withTrend Micro Accounts: Select Clients screen that appears.

The Integrate LabTech Clients with Trend Micro Accounts: Select Clientsscreen appears.

2. In the Trend Micro Customer Account drop-down list:

• Any LabTech clients that match a Remote Manager customer account displayin the list. If the matching records are not correct, select a different companyaccount or create a new Trend Micro Account.


13-10

• Select + Create a new Trend Micro Account to automatically register a newcustomer account in Remote Manager using the LabTech client name as thecompany name.

• Select from your existing Remote Manager customers not already assigned toanother account.

Note

If you have already assigned all of your customers, no customer information displaysin the list.

3. Click Next>.

The Set Notification Email screen appears.

LabTech Support

13-11

4. Select Send all customer notifications to my email address if you want all emailnotifications about the selected customers' environments sent to your registeredemail address.

5. Click Next>.

The Assign Service Plan screen appears.

6. If you selected + Create a new Trend Micro Account for any LabTech clients,specify the following for each:

a. Service Plan

b. Seats: By default, Remote Manager provisions 20% more seats than thenumber of endpoints that a client has registered in LabTech (with a minimumof 10 seats per client).


13-12

Note

You cannot modify the settings for preexisting users.

7. Click Next to add the selected customers to the list.

Important

You must have sufficient licenses available in Licensing Management Platform for thenumber of selected LabTech clients. If you do not have sufficient licenses available,the plug-in only imports the first clients in the list for which licenses are available.

The Assign Template screen appears.

8. In the Template drop-down list, assign a template to each customer.

LabTech Support

13-13

ImportantThe settings applied by the original template used for preexisting Trend Microcustomers may have been customized. Verify all settings after assigning templates toensure your customers receive the best possible protection.

9. Click Import.

The Complete Importing screen appears.

10. Click Done to exit the setup wizard.


13-14

Customers SummaryThe Trend Micro Customers screen displays after clicking the Trend Micro button inthe toolbar or clicking the Trend Micro Customers node in the client tree. This screenallows you to view all your LabTech clients with Trend Micro Accounts and disconnect apreviously configured LabTech client from a Trend Micro Account.

The following table outlines the major sections of the Trend Micro Customers screen.

Section Description

Client summary Provides an overview of all your Trend Micro Accounts managedthrough LabTech

• Clients: Click the count to view all Trend Micro Accounts in thetable on the Clients tab

• Action required: Click the count to view all Trend Micro Accountsthat require attention in the table on the Clients tab

• Managed machines: Displays the total number of machines withthe Worry-Free Business Services Security Agent installed

• Unmanaged machines: Displays the total number of machinesassociated with Trend Micro Accounts that do not have theSecurity Agent installed

Clients tab Displays a table that outlines Trend Micro Account information forLabTech clients and whether a client requires immediate attention

NoteIf a LabTech client is no longer a Trend Micro customer, selectthe check box next to the LabTech Client name in the table andclick Disconnect from Trend Micro to remove the client fromthe list.

Disconnecting a LabTech client from Trend Micro does notuninstall the Security Agent from the client's managedendpoints.

LabTech Support

13-15

Section Description

Statistics tab Displays a dashboard with widgets that provide an overview of all theTrend Micro Accounts managed using LabTech

Available widgets:

• Action Required Events Widget on page 13-21

• Threat Management Widget on page 13-22

Managing Worry-Free Security Agents inLabTech

The Trend Micro Worry-Free Security Services Plug-in for LabTech provides somelimited control of Security Agents through the Kaseya console.

From the LabTech console, you can perform the following Worry-Free BusinessSecurity Agent tasks:

• Managing Trend Micro LabTech Clients on page 13-15

• Using Trend Micro Scripts in LabTech on page 13-18

Managing Trend Micro LabTech Clients

The client information screen provides basic LabTech client summary informationincluding the main client contact, email address, and the current license status forWorry-Free Business Security Services.

Important

Some features of the Worry-Free Services Plug-in for LabTech require the latest version ofWorry-Free Business Security Services. Update all of your Security Agents are to the latestversion to ensure full support of all new features.


13-16

Use the information on the Endpoints and Unmanaged Endpoints tabs to sendcommands to the Worry-Free Security Services Security Agent, or to deploy the agent toendpoints.

Note

• You can select to view specific client/endpoint information at any level under theTrend Micro Customers node of the client tree.

• Common Worry-Free Business Security Services agent commands are also availableusing LabTech scripts.

For more information, see Using Trend Micro Scripts in LabTech on page 13-18

Procedure

1. Open the LabTech Control Center, go to Trend Micro > Trend MicroCustomers, and select a client in the navigation tree.

The title of the screen that appears depends on the level of the client informationselected in the client tree. The following image displays the Trend MicroCustomers > {Client} screen.

LabTech Support

13-17

2. View details about the available Worry-Free Business Security Services licensesfrom Remote Manager by clicking the license expiration date.

3. View specific endpoints by clicking the any of the following counts:

• Managed machines: Displays a list of machines with the Worry-FreeBusiness Services Security Agent installed on the Endpoints tab

• Unmanaged machines: Displays a list of machines that do not have theWorry-Free Business Services Security Agent installed on the UnmanagedEndpoints tab

• Viruses detected: Displays a list of Worry-Free Business Services SecurityAgents with virus detections on the Endpoints tab

• Spyware detected: Displays a list of Worry-Free Business Services SecurityAgents with spyware detections on the Endpoints tab

Tip

For clients with a large number of Worry-Free Business Services Security Agentsdisplaying on the Endpoints tab, you can further filter the results using the statusinformation in the Show drop-down.

4. On the Endpoints tab, select the check box for the endpoint you want to manage,and click the buttons above the list to send the necessary commands.

• Scan: Triggers the Security Agent on the selected endpoints to perform aManual Scan during the next server synchronization

• Update: Triggers the Security Agent to check for component updates duringthe next server synchronization

• Other Actions: Displays the following commands:

• Unload Agent: Unloads the Security Agent from the selected endpointsfor a specified period of time during the next server synchronization

• Remove Agent: Uninstalls the Security Agent from the selectedendpoints during the next server synchronization


13-18

WARNING!Removing the Security Agent may leave the endpoints vulnerable tosecurity threats.

NoteYou must confirm that you want to send the command to the selected SecurityAgents.


5. On the Unmanaged Endpoints tab:

• Select the unmanaged endpoints that you want to install the Security Agent onand click Deploy Agent.

NoteYou must confirm that you want to send the command to the selectedendpoints.

Endpoints receive the command the next time Remote Manager synchronizeswith Worry-Free Business Security Services. The default synchronization time isfive minutes.

• Select the unmanaged endpoints that you want to save as a list in CSV formatand click Export.

Using Trend Micro Scripts in LabTechThe Worry-Free Business Security Service LabTech Plug-in provides the followingscripts, accessible through the Scripts > Anti-Virus > Trend Micro right-click menu.

LabTech Support

13-19

ImportantYou must assign specific LabTech User Classes permission to access each script forbefore the right-click script items appear,

You can only access the right-click Scripts menu for LabTech clients associated with aTrend Micro Account. To associate a LabTech client with a Trend Micro Account, seeImporting LabTech Clients on page 13-8

• Deploy Security Agent: Deploys the Security Agent to the selected endpoints

• Remove Security Agent: Uninstalls the Security Agent from the selectedendpoints

WARNING!Removing the Security Agent may leave the endpoints vulnerable to security threats.

• Restart Security Agent: Restarts the Security Agent on the selected endpoints

• Scan Now: Triggers the Security Agent on the selected endpoints to perform aManual Scan

• Unload Security Agent: Unloads the Security Agent from the selected endpoints

• Update Now: Triggers the Security Agent to check for component updates


13-20

Figure 13-1. Trend Micro LabTech Scripts

Note

• Endpoints receive the command the next time Remote Manager synchronizes withWorry-Free Business Security Services. The default synchronization time is fiveminutes.

• The commands only execute on valid endpoints. For example, if the selected endpointdoes not have the Security Agent installed, the Scan Now function cannot execute.

Monitoring Worry-Free Business SecurityServices Agents

The Statistics provides an easy way to view all your Trend Micro customers that requirefurther action or have detected security events using the Action Required Events andThreat Management widgets.

LabTech Support

13-21

Action Required Events WidgetThe Action Required Events widget lists your customers with endpoints that requireattention.

Events Description

ActionUnsuccessful

Click the Occurrences to go to the Worry-Free Business SecurityServices console and view unsuccessful scan results on acustomer's endpoints.

Real-Time ScanDisabled

Click the Device(s) to go to the Worry-Free Business SecurityServices console and view endpoints with real-time scan disabled.

Restart Required Click the Occurrences to go to the Worry-Free Business SecurityServices console and view endpoints that need to restart to finishcleaning spyware/grayware.

Update Required Click the Device(s) to go to the the Worry-Free Business SecurityServices console and view endpoints that require an update.

Click a LabTech Client name to view information on the Remote Manager console.


13-22

Threat Management WidgetView the number of customers with different types of security detections. Click the linksto view detailed information on the Remote Manager console.

Figure 13-2. The Threat Management Widget

LabTech Support

13-23

Supported Trend Micro Product Events inLabTech

Remote Manager can send the following event notifications to the LabTech system.

Product Events


• Agent Abnormal


• Antivirus

• Anti-spyware

• Web Reputation


• Network Virus




• URL Filtering


These events are sent to LabTech in the form of email messages which are logged intoLabTech. For this to occur, notification recipients need to be added to the RemoteManager web console and several fields need to be made to the LabTech ticketingsystem.

For more information, refer to Integrating LabTech™ on page 13-2.

Part VMonitoring Customers

14-1

Chapter 14

Understanding the DashboardTrend Micro Remote Manager has a monitoring dashboard that provides a quick view ofthe security, system, and license statuses of all customers.


• Dashboard Status Screens on page 14-2

• Working with Tabs and Widgets on page 14-2

• Remote Manager Widgets on page 14-7

• Cloud App Security Widgets on page 14-20

• Cloud Edge Widgets on page 14-21

• Hosted Email Security Widgets on page 14-24

• InterScan Web Security as a Service Widgets on page 14-27

• Worry-Free Business Security Services Widgets on page 14-28

• Notification Center on page 14-30


14-2

Dashboard Status ScreensThe Dashboard is the central screen for reviewing the status of monitored networks.The Dashboard lists only the products whose statuses are not normal. For example, if acustomer's Worry-Free Business Security Services license is expiring or if a customer hastoo many threats, those customers would be listed here.

To access the Dashboard, open a compatible browser and sign into the Trend MicroRemote Manager site for your region.

Figure 14-1. Dashboard Threat Status Tab

Most items on the Dashboard are linked to help you resolve an issue. Click an item(graph, link, number) to resolve the issue.

For more information, see Product/Service Information on page 3-4.

Working with Tabs and WidgetsTabs provide a container for widgets. Each tab on the Home screen can hold up to 20widgets. The Home screen itself supports up to 30 tabs.

Widgets are the core components of the dashboard. Widgets provide specificinformation about various security or license-related events. Some widgets allow you toperform certain tasks.

Understanding the Dashboard

14-3

The information that a widget displays comes from:


• Cloud Edge servers and clients

• Hosted Email Security services


• Worry-Free Business Security server and clients

• Worry-Free Business Security Services server

Tab Tasks

The following table lists all the tab-related tasks:

Task Steps

Add a tab Click the add icon ( ) on top of the Home screen. A new tabdisplays.

Rename tab Hover over the tab name and click the down arrow ( ), thenclick Rename. Type a new name for a tab.

Edit tab layout Hover over the tab name and click the down arrow ( ), thenclick Change Layout. The Change Layout window opens.

For more information, see Change Layout Window on page14-4.

Delete a tab Hover over the tab name and click the down arrow ( ), thenclick Delete. Click OK to delete the tab.

Play tab slide show Click the Settings button to the right of the tab display ( ),then click the Tab Slide Show slider. In the drop-down menubeneath the slider, choose the interval at which the selectedtabs should display.


14-4

Task Steps

Move tab Use drag-and-drop to change a tab's position.

NoteDrag-and-drop functionality is not supported by allbrowsers.

For more information on recommended browsers, seeBrowser Requirements on page 1-8.

Change Layout WindowThe Change Layout window opens when you click the Change Layout option in thetab's drop-down menu ( ).


14-5

Tip

Trend Micro recommends the following minimum screen resolutions, depending on yourlayout selection:

• 2 columns: 800 x 600 or above




14-6

Widget TasksThe following table lists widget-related tasks:

Task Steps

Add a widget Open a tab and then click Add Widgets at the top right cornerof the tab. The Add Widgets screen displays.

Refresh widget data Click the refresh icon ( ).

View help Click the Help ( ).

Delete a widget Click the Close Widget ( ). This action removes the widgetfrom the tab that contains it, but not from the other tabs thatcontain it or from the widget list in the Add Widgets screen.

Move a widget Use drag-and-drop to move a widget to a different locationwithin the tab.


14-7

Task Steps

Resize a widget To resize a widget, point the cursor to the right edge of thewidget. When you see a thick vertical line and an arrow (asshown in the following image), hold and then move the cursorto the left or right.

Only widgets on multi-column tabs can be resized. These tabshave any of the following layouts and the highlighted sectionscontain widgets that can be resized.

Remote Manager WidgetsThe dashboard shows the following Remote Manager widgets:


14-8

Customers with Notifications Widget

This widget provides a count of the number of your Remote Managercustomers thatcurrently have “Action required” or “Warning” event statuses.

Hover over the customer count to view the top event categories for the most recentlyaffected customers.

To open the Notification Center and view a more detailed explanation for the currentstatus, click the Occurrences count for a particular Category or click View all inNotification Center to view all affected customers.

For more information, see Notification Center on page 14-30.


14-9

Overall Detections Widget

This widget provides an overview of all the threat detections and policy violationsduring the selected time frame.

Hover over the threat or violation count to view a breakdown of the specific types ofdetections that occurred for each group.

To switch views, click the table icon or the bar chart icon in the upper-right. To view thelogs for a specific feature in table view, click the count to the right. To view the logs fora specific feature in the bar chart view, click the bar to the right.


14-10

Table 14-1. Detection Categories

Category Description

Known Threats Displays all the features that detect security threats confirmed byTrend Micro

• Botnet

• C&C Callback

• File Blocking

• IPS

• Network virus

• Spam

• Virus/Malware


• Web Reputation

UnknownThreats

Displays all the features that detect potential threats using advancedheuristics, analysis, or feature modeling




PolicyViolations

Displays all the features that contain policy violations that are specificto your corporate security standards


• Device Control

• URL Filtering


14-11

Customers Needing the Most Attention WidgetShows the most recent number of customers with the highest number of events thatneed an immediate action or response. Data displays in a table and pie chart. You canswitch between the table and pie chart by clicking the display icons ( ).

• If the number of clients for a particular status is 1 or more, you can click thenumber to view the events in the product tree.

• Click the customer name to view all the events for this customer or expand thecustomer name to see the events for certain categories.

• The number of events under Action Required are events that should be handledas soon as possible.

• The number of events under Warning are events that are not as urgent as theevents under Action Required but will also need to be handled soon.


14-12

License Management WidgetDisplays the current status of the licenses being used by customers.

Shows the following license-related details for customers and products:

• Expiring soon: These are the number of licenses that have not yet expired, butwill expire soon.

• Expired: These are licenses that have already expired.

NoteTrend Micro suggests renewing these licenses as soon as possible.

• Seats Used: These are the number of seats that are currently being used.

• Provisioned: These are the number of seats that the customer provisioned.


14-13

License Usage Widget

Displays a graphical analysis of seats that were allocated and those that were actuallypurchased, for the year. These can help determine whether you should increase ordecrease your seat allocation.

You can change the product/service by selecting from:

• All




• Cloud Edge




14-14

Managed Customers and Products or Services WidgetShows the number of managed customers for each product within a specified timeperiod.

• You can change the time range for the data shown by selecting from:

• Last month (default)

• Last 3 months

• Last 6 months

• Last year

• You can click the names of the registered products on the right side to add orremove the data from the graph.


14-15

• Each bar chart represents a week or month.

• The bar chart shows the total number of products/services.

Ransomware Detections WidgetDisplays ransomware detection data from Cloud App Security, Hosted Email Security,Worry-Free Business Security Services, Cloud Edge, InterScan Web Security as a Service,and Worry-Free Business Security.


• Last 24 hours (default)

• Last 7 days

• Last 30 days

• You can view ransomware event logs by clicking the following counts:

• Infection attempts: Shows ransomware event logs sorted by number ofoccurrences.


14-16

• Customers with ransomware detections: Shows ransomware event logssorted by company name.

• Expand the information box ( ) to view the Maximize RansomwareProtection for Worry-Free Business Security Services link. Click the link toenable ransomware protection for all your customers.

For more information about configuring ransomware protection in RemoteManager, see Maximizing Ransomware Protection FAQs on page 18-12.

System Management Widget

Shows the current number of all system events for the registered products. You can usethis to determine hardware issues or events for the server or agent.

If the number of events for a particular category is 1 or more, you can click the numberto view the event logs.


14-17

Threat Management Widget

Shows the threat event count for all the registered products.


• Last 24 hours (default)


14-18

• Last 7 days

• Last 30 days

• If the number of events for a particular category is 1 or more, you can click thenumber to view the event logs.

Trial and Full License Usage WidgetShows how many trial or full licenses were used for the registered products.

You can change the time range for the data shown by selecting from:

• Last month (default)

• Last 3 months

• Last 6 months

• Last year

You can change the product/service by selecting from:


14-19

• All




• Cloud Edge



Viewing Product-Specific EventsA product-specific event displays a list of real-time events.

Procedure

1. Go to Customers > {company name} > {product}.

2. Depending on the selected product, do one of the following.

Product Steps

Cloud App Security Go to the Events tab.

Cloud Edge Go to the Events tab.

InterScan Web Security as a Service The events list automatically appearswhen you select an IWSaaS productfrom the network tree.

Worry-Free Business Security Go to the Events tab.

Worry-Free Business Security Services Go to the Events tab.


14-20

Cloud App Security WidgetsThe dashboard shows the following Cloud App Security widgets:

Cloud App Security Customers with the Most ThreatsWidget

Shows the Cloud App Security customers with the most threat events.

Click a bar to view the event logs.


14-21

Cloud App Security Data Loss Prevention Top ViolationsWidget

Shows the Cloud App Security customers with the highest number of Data LossPrevention template violations.

Click a bar to view the event logs.

Cloud Edge WidgetsThe dashboard shows the following Cloud Edge widgets:


14-22

Cloud Edge Customers with the Most Threats Widget

Shows the Cloud Edge customers with the highest number of threat events. Datadisplays in a table and bar chart. You can switch between the table and bar chart byclicking the display icons ( ).


• Last hour

• Last 24 hours

• Last 7 days

• Last 30 days (default)

• You can change the category of the data shown by selecting from:

• All

• Botnet

• C&C callback

• IPS


• Ransomware (email channel)

• Ransomware (network channel)


14-23

• Ransomware (web channel)

• Spam


• Virus (email channel)

• Virus (web channel)

• Web Reputation

• Click the customer name to view the customer information.

• Click the threat count to open the threat information from the Cloud Edgeconsole.

Cloud Edge Devices with the Most Threats Widget

Shows the Cloud Edge devices with the highest number of threat events.


• Last hour

• Last 24 hours

• Last 7 days


14-24



• All

• Botnet

• C&C callback

• IPS


• Ransomware (email channel)

• Ransomware (network channel)

• Ransomware (web channel)

• Spam


• Virus (email channel)

• Virus (web channel)

• Web Reputation


• Click the threat count to open the threat information from the Cloud Edgeconsole.

Hosted Email Security WidgetsThe dashboard shows the following Hosted Email Security widgets:


14-25

Hosted Email Security Customers with the MostQuarantined Messages

Shows the Hosted Email Security customers with the most number of quarantinedmessages. Data displays in a table and pie chart. You can switch between the table andpie chart by clicking the display icons ( ).


• Last 24 hours

• Last 7 days


• You can change the direction type for the data shown by selecting from:

• Incoming

• Outgoing


• Click the message count to view the event logs.


14-26

Hosted Email Security Customers with the Most Threats

Shows the Hosted Email Security customers with the highest number of threat events.Data displays in a table and pie chart. You can switch between the table and pie chart byclicking the display icons ( ).


• Last 24 hours

• Last 7 days


• You can change the threat type for the data shown by selecting from:

• Spam

• Virus

• All (default)

• You can change the direction type for the data shown by selecting from:

• Incoming

• Outgoing


• Click the threat count to view the event logs.


14-27

InterScan Web Security as a Service WidgetsThe dashboard shows the following InterScan Web Security as a Service widgets:

InterScan Web Security as a Service WidgetShows the InterScan Web Security as a Service (IWSaaS) customers with the highestnumber of threat events. Data displays in a table and bar chart. You can switch betweenthe table and bar chart by clicking the display icons ( ).

• You can change the threat type for the data shown by selecting from:

• All

• Antispyware

• Antivirus

• App Control

• URL Filtering

• Web Reputation



14-28

Worry-Free Business Security ServicesWidgets

The dashboard shows the following Worry-Free Business Security Services widgets:

Worry-Free Business Security Services Agent StatusShows the Worry-Free Business Security Services devices that have been offline or wereunable to complete a scan for more than a month.

NoteThe device count only includes Worry-Free Business Security Services agents with theScheduled Scan setting enabled.

Click the device count to view the event log.


14-29

Worry-Free Business Security Services Customers withthe Most Threats Widget

Shows the Worry-Free Business Security Services customers with the highest number ofthreat events. Data displays in a table and pie chart. You can switch between the tableand pie chart by clicking the display icons ( ).


• All



• Device Control

• Network Virus



• URL Filtering

• Virus/Malware

• Web Reputation

• Click the customer name to view customer and event information.


14-30

Worry-Free Business Security Services EndpointOperating Systems

Shows the operating systems used on Worry-Free Business Security Services endpoints.

• You can change the device type for the data shown by selecting from:

• Desktop

• Server

• Mobile

• Click the operating system version from the table or on the pie chart to view eventlogs.

Notification CenterThe Notification Center provides a quick way to identify customers with “Actionrequired” and “Warning” events.

Access the Notification Center through the Customers with Notifications widget.


14-31

For more information, see Customers with Notifications Widget on page 14-8.

The following table outlines the options available on the Notification Center screenfor both the Action Required and Warning tabs.

Option Description

Export All Click to export a CSV file containing all data related to yourcustomers with events.

Dismiss Dismiss notifications after you have taken manual action toresolve an issue on an endpoint that the managed product wasunable to resolve directly.

Select an event or multiple events for supported managedproducts and click Dismiss to remove the event data from theNotification Center, related Remote Manager widgets, and thefollowing managed product consoles (if applicable):



NoteDismissing an event does not delete any log data related tothe event. Remote Manager only dismisses the eventnotification information.

ConfigureNotifications

Click to open the Administration > Configure notificationsscreen and configure the global notification settings in RemoteManager.

For more information, see Configuring Global Notification Settingson page 17-3.

Company Click a Company name in the table to open the Customers >[customer] screen and view all events related to that particularcustomer.

For more information, see Customer Products on page 3-3.


14-32

Option Description

Occurrences Click the Occurrences count to view more details for a particularevent.

Depending on the managed product, the event details display asfollows:

• Worry-Free Business Security (Standard or Advanced): Apop-up screen appears outlining details for all occurrences ofthe particular event

• Worry-Free Business Security Services: The Event Detailsscreen appears displaying addtional information about theevent and suggested resolution actions.

For more information, see Event Details on page 14-32.

• All other managed products: Remote Manager opens themanaged product console where you can find moreinformation about events.

Event Details

The Event Details screen provides a more in-depth view of threat and system eventsaffecting Worry-Free Business Security Services customers.

The following table outlines the information provided on the Event Details screen.

Information Description

Event type Displays an icon and description for the following event types:

• Action Required

• Warning

Event category Describes the specific event displayed and the subcategory

Description Describes the issue and any threshold settings related to theevent notfication

Suggested action Provides recommendations for events that the managed productcannot directly resolve


14-33

Information Description

Action buttons Available actions vary based on the specific event

Possible actions include:

• Dismiss Notification: Dismisses the notification after youhave taken manual action to resolve an issue on an endpointthat the managed product was unable to resolve directly.

After dismissing an event notification, Remote Managerremoves the event data from the Notification Center, relatedRemote Manager widgets, and the Worry-Free BusinessSecurity Services console.

NoteDismissing an event does not delete any log datarelated to the event. Remote Manager only dismissesthe event notification information.

• Download Tool: If another Trend Micro tool is available tohelp resolve the security threat, click to obtain the softwarepackage.

NoteYou must manually run the tool on the affectedendpoints to resolve the security threat.

• Enable Real-time Scan: Click to automatically enable theReal-time Scan service on the affected endpoints.

• Update Security Agents: Click to trigger the update processon the affected, outdated endpoints.

Affected endpointslist

Displays a list of the affected endpoints and specific event datarelated to the event category


14-34

Event LogsThe Event Logs screen appears after clicking a count on the various widgets thatdisplay on the Dashboard. Event logs provide a detailed view of the detections reportedby managed products for specific customers.

You can click the Occurrences count to obtain more information about a specific typeof event. Depending on the managed product, clicking the Occurrences count does thefollowing:

• For Worry-Free Business Security Services events: Displays the WFBSS LogQuery screen

For more information, see Performing a WFBS-SVC Log Query on page 14-34.

• For Worry-Free Business Security events: Displays a log screen for the detectedevents

• For all other managed products: Opens the managed product console where youcan view product-specific logs for the affected customer

Performing a WFBS-SVC Log Query

You can query Worry-Free Business Security Services logs to determine how differentevent types have affected all your Remote Manager customers.

Procedure

1. Go to Home.

2. Open the Event Logs screen by clicking a data link on any applicable Worry-FreeBusiness Security Services widget.

3. Click the Occurrences count for any Worry-Free Business Security Servicescustomer.

The WFBS-SVC Log Query screen appears displaying detection information forthe threat category related to the Occurrences count you clicked.


14-35

4. (Optional) View other Worry-Free Business Security Services log data.

a. From the Period drop-down, specify the date range for the detection data.

b. From the Category drop-down, select from the available threat categories.

c. Click Display Logs.

All Worry-Free Business Security Services logs that match the search criteriafor all Remote Manager customers display.

5. (Optional) Click Export All to save the data to a CSV file.

15-1

Chapter 15

Managing EventsThis section contains the following topics:

• Understanding Events on page 15-2

• Managed Product Events on page 15-3

• Viewing Product-Specific Events on page 14-19


15-2

Understanding EventsRemote Manager defines an event as any activity that requires the administrator'sattention. The available information varies depending on the selected product and eventtype.

Remote Manager provides two types of event lists.

Table 15-1. Remote Manager Event Lists

List Description

Event logs Displays a list of events from a widget

Remote Manager displays a list of events for the selected widgetbased on the specified range. Depending on the widget, you canchoose to display information from the last 24 hours, 7 days, or 30days.

For more information, see Event Logs on page 14-34.

Product-specificevents

Displays a list of real-time events

Remote Manager syncs with the supported products andrefreshes the lists every 5 minutes.

NoteFor more information, see Viewing Product-Specific Eventson page 14-19.

Event SeverityProduct-specific events may have either the following severity levels.

• Action Required: Events that require immediate attention.

• Warning: Notifications that serve as a warning but do not require immediateattention.

Managing Events

15-3

Event StatusProduct-specific events may have either the following statuses.

• Unresolved: Events that need attention.

• Dismissing/Updating: Events that have been addressed but still require updatesfrom products or services.

Managed Product EventsRemote Manager events vary for each managed product/service.

• Cloud App Security Events on page 15-3

• Cloud Edge Events on page 15-5

• InterScan Web Security as a Service Events on page 15-8

• Worry-Free Business Security Events on page 15-9

• Worry-Free Business Security Services Events on page 15-13

Cloud App Security Events

NoteIf multiple “Action required” and “Warning” events occur, Remote Manager displays the

icon for the most serious threat.


15-4




File Blocking File Blocking violationsexceed

: The detected File Blocking violationcount exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)

VirtualAnalyzer

Virtual Analyzer “High risk”detections exceed

: The detected Virtual Analyzerdetection count for “High risk” objectsexceeds the configured threshold within 1hour (as configured on the managedproduct console)

Virtual Analyzer“Medium/Low risk”detections exceed

: The detected Virtual Analyzerdetection count for “Medium/Low risk”objects exceeds the configured thresholdwithin 1 hour (as configured on themanaged product console)

WebReputation


Managing Events

15-5



Accountsync issues

Invalid Box access token : Unable to access the specified cloudstorage

Invalid Dropbox accesstoken


Invalid Google Drive accesstoken


Sync issues on delegateaccount(s)

: Unable to sync with delegateaccount(s)

Cloud Edge Events

Note

Some Threat Events from Cloud Edge may display additional channel information.



Antispam Spam detections exceed : The detected spam count exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)



15-6


Botnet Botnet detections exceed : The detected botnet count exceedsthe configured threshold within 1 hour (asconfigured on the managed productconsole)

C&Ccallback

C&C callbacks exceed : The detected C&C callback countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

IPS IPS detections exceed : The detected IPS count exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)




Ransomware

Ransomware detectionsexceed

: The detected ransomware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

VirtualAnalyzer

Virtual Analyzer detectionsexceed

: The detected Virtual Analyzerdetection count for objects of any risk levelexceeds the configured threshold within 1hour (as configured on the managedproduct console)

WebReputation


Managing Events

15-7


Web Threats Web threat detections(including IPS, botnet,antivirus, or WebReputation violations)exceed

: The detected web threat countexceeds the configured threshold within 1hour (as configured on the managedproduct console)



Cloud emailscanning

Service unavailable : Cloud Edge was unable to connect tothe cloud scanning service

Service became temporarilyunavailable within the last24 hours

: Cloud Edge was temporarily unable toconnect to the cloud scanning servicewithin the last 24 hours

FirmwareUpdate

The last firmware updatewas unsuccessful. Openthe <Cloud Edge cloudconsole> for moreinformation.

: Cloud Edge firmware was unable tosuccessfully update to the latest firmwareversion

Outdated firmware : The current version of the Cloud Edgefirmware is outdated

Offline Offline gateway. Policydeployment and loganalysis may be affected.

: Cloud Edge cannot connect to thegateway or perform scanning

Offline (Last24 hours)

Offline gatewayoccurrences in the last 24hours. Policy deploymentand log analysis may havebeen affected.

: Cloud Edge was unable to maintain adedicated connection to all registeredgateways over the last 24 hours


15-8


Resourceshortage





: The amount of remaining resourceson the device have dropped below theconfigured alert threshold.

Resourceshortage(Last 24hours)





: The amount of remaining resourceson the device dropped below theconfigured alert threshold within the last 24hours but were recovered

Unregistered Unable to perform cloudmanagement. This gatewayis not registered to theCloud Edge cloud console.

: Cloud Edge cannot perform scanningon the gateway

InterScan Web Security as a Service EventsTable 15-6. Threat Events


Antispyware Spyware/Graywaredetections

: The detected spyware/grayware countduring the last 24 hours

Antivirus Virus detections : The detected virus/malware countduring the last 24 hours

ApplicationControl

Application Controlviolations

: The detected Application Controlviolation count during the last 24 hours

Managing Events

15-9


URLFiltering

URL violations : The detected URL Filtering violationcount during the last 24 hours

WebReputation

URL violations : The blocked URL count during the last24 hours



Accountsync issues

Sync issues with AD/LDAP : Unable to sync with AD/LDAP

Worry-Free Business Security EventsTable 15-8. Threat Events


Antispam Spam detections in totalmessages received exceed

: The ratio of detected spam messagesin total messages received exceeds theconfigured threshold within 1 hour (asconfigured on the managed productconsole)


15-10






Managing Events

15-11


Antivirus Real-time Scan disabled onendpoints

: Security Agents with Real-time Scandisabled cannot protect endpoints fromvirus/malware in newly created or executedfiles

Real-time Scan disabled onExchange server(s)

: Exchange servers with Real-timeScan disabled allow all attachments inemail messages to pass, leaving thecustomer network susceptible to mass-mailing worms.



Virus detections onendpoints exceed

: The detected virus/malware count onendpoints exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

Virus detections onExchange servers exceed

: The detected virus/malware count onExchange servers exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

BehaviorMonitoring




15-12


DeviceControl



Networkvirus



OutbreakDefense



URLFiltering


WebReputation




Resourceshortage

Remaining disk spacebelow

: The amount of remaining disk spaceon the server has dropped below theconfigured alert threshold.

Managing Events

15-13



Service unavailable : The Worry-Free Business Securityconsole cannot connect to the Smart ScanServer

Update Outdated agents : Over <number> of the SecurityAgents did not receive the latest antiviruspatterns in the last hour

Outdated Exchange servers : Outdated components detected onExchange server(s)

Worry-Free Business Security Services EventsTable 15-10. Threat Events







15-14


Antivirus Real-time Scan disabled : Security Agents with Real-time Scandisabled cannot protect endpoints fromvirus/malware in newly created or executedfiles



Virus detections exceed : The detected virus/malware countexceeds the configured threshold within 1hour (as configured on the managedproduct console)

ApplicationControl

Application Controlviolations exceed

: The detected Application Controlviolation count exceeds the configuredthreshold within 1 hour (as configured onthe managed product console)

BehaviorMonitoring



DeviceControl



Managing Events

15-15


Networkvirus



OutbreakDefense






URLFiltering


WebReputation





Agents disconnected : Security Agents cannot connect to theSmart Protection Network


15-16


Update Outdated agents : Security Agents with outdatedpatterns after two hours of antivirus patternrelease exceeded threshold

Viewing Product-Specific EventsA product-specific event displays a list of real-time events.

Procedure

1. Go to Customers > {company name} > {product}.

2. Depending on the selected product, do one of the following.

Product Steps

Cloud App Security Go to the Events tab.

Cloud Edge Go to the Events tab.

InterScan Web Security as a Service The events list automatically appearswhen you select an IWSaaS productfrom the network tree.

Worry-Free Business Security Go to the Events tab.

Worry-Free Business Security Services Go to the Events tab.

16-1

Chapter 16

Managing ReportsThis section contains the following topics:

• Reports Overview on page 16-2

• Creating Reports on page 16-2

• Viewing Reports on page 16-6

• Editing Reports on page 16-6

• Downloading and Sending Reports on page 16-6

• Subscribing to Reports on page 16-7


16-2

Reports OverviewTrend Micro Remote Manager lets you generate, download, and automatically send outreports. Reports provide an overview of license status, assessment results, threatincidents, major threats, and the most affected computers, files and email addresses inyour customers’ networks.

Reports include a range of statistics from Worry-Free Business Security (all) and HostedEmail Security. Remote Manager allows for report profiles, one-time and periodicreports, date ranges, and multiple email recipients. Remote Manager saves the 30 mostrecent daily reports, ten most recent weekly reports, and five most recent monthlyreports. General reports are suitable for resellers and customers. Detailed reports aresuitable for resellers and partners.

Figure 16-1. Reports Page

Report profiles enable you to create multiple reports from a single profile. For example,create a one-time report today, generate that report, and tomorrow, change someoptions and regenerate without having to recreate the entire report. Remote Managercurrently supports general and detailed reports.

Creating ReportsTrend Micro Remote Manager offers the following ways to create a report template:

• Click an existing report, modify the report, and click Save at the bottom of thescreen.

Managing Reports

16-3

• Create a new report template. See Creating Report Templates on page 16-3 for moreinformation.

Creating Report Templates

Procedure

1. Go to Reports > New Report.

The New Report window opens.

2. Specify the following:

• Report name

• Report type: Refer to Reports Overview on page 16-2 for more information.

3. Select the date range:

• One-time report


16-4

Option Description

Last 24 hours Calculates the report with data received from 12midnight up until the moment the report isgenerated (based on the selected time zone).

NoteThe time zone that the report depends onis the one that the reseller selected whencreating the profile. It is not determined bythe customer's machine.

Last 7 days Calculates the report with data from the last 7days (excluding today’s data).

Last 30 days Calculates the report with data from the last 30days (excluding today’s data).

Specific range The "From" date must be later than or equal tothe first date of the last month (Remote Manageronly stores the last and current month's data); the"To" date cannot be later than today.

• Recurring report

Option Description

Daily report The end date must be later than today. Then every day inthe specified range generates a report based on theprevious day's data.

For example, if the range is set from Jan-27-2009 toJan-29-2009, then:

• On the 27th, Remote Manager generates a reportbased on the 26th



Managing Reports

16-5

Option Description

Weekly report Remote Manager generates the weekly report everyMonday using the previous week's data. Therefore, togenerate a report for this week, set the end date to at leastMonday of the following week.

Monthly report Remote Manager generates the monthly report everysecond day of the month using the previous month's data.This means that to generate a report for this month, set theend date to at least the second day of the following month.

4. Specify the following report format elements:

Option Description

Report format Reports can be exported to PDF or CSV files.

Reportlanguage

Trend Micro Remote Manager supports English, French,German, Italian, Japanese, Simplified Chinese, and Spanish.

Note This information is for internal use and does not display on thereport itself.

5. Click Next.

The Select Report Data screen appears.

6. Select a report template and the data to be generated.

NoteIf the reseller is not connected to the customer’s server or if no data is available, datadoes not display for the customer.

7. Click Next.

The Generate report for specific customers screen displays.

8. Select the customers that will generate this report.

9. Specify the email report details. Recipients under Mail To options come from thecompany contact list. You can also add email addresses that will receive thegenerated reports.


16-6

Note

Each selected customer will have different email recipients. You can add or deleteemail recipients depending on the customers.

10. Optional: Select Enable to display the customer's logo.

11. Click Done.

Remote Manager adds the template to the list of report templates.

Viewing ReportsA report must have been generated at least once in order to view it.

Go to Reports > {report name} > Report Files (tab) > {file under View}.

Refer to Reports Overview on page 16-2 for more information.

Editing ReportsGo to Reports > {report name}.

Refer to Creating Report Templates on page 16-3 for more information.

Downloading and Sending ReportsYou can download and send reports to recipients. Although recipients were specifiedwhen you defined the report, the recipient list can be modified.

Procedure

1. Go to Reports > {item or number of items under Report Files} > {reportunder View}.

Managing Reports

16-7

2. Select the reports you want to send or download.

3. Click Send or Download.

See Subscribing to Reports on page 16-7 for more information.

Subscribing to Reports

Procedure

1. Go to Reports > {report name} > Target Audience (tab) > Add Target.

2. Select the customer report.

NoteThe list of email recipients when creating reports comes from Contact details.

3. Revise the subject line as required.

4. Click Save.

Part VIAdministering Remote

Manager

17-1

Chapter 17

Administering Remote ManagerNoteFor information about third-party product integration, see Part IV: Integrating Third-PartySolutions.


• Administration Settings on page 17-2

• Configuring Global Notification Settings on page 17-3

• Configuring Console Settings on page 17-19

• Default Setting Templates on page 17-20

• Viewing Administration Logs on page 17-23


17-2

Administration SettingsThe Administration screen allows you to configure global customer settings, RemoteManager console settings, view and set up third-party software integration, and viewsystem logs.

Section Description

System Settings • Configure notifications: Allows you to configure the globalnotification settings

TipTrend Micro recommends configuring globalnotification settings in such a way that the settings canapply to most of your customers. Global settingsprovide a quick way to configure individual customernotifications, although you can customize notificationsettings on a per customer basis.

For more information, see Configuring Global NotificationSettings on page 17-3.

• Console settings: Allows you to change the banner imagethat appears on the Remote Manager console

For more information, see Configuring Console Settings onpage 17-19.

Third-partyIntegration

• View the current status of the Remote Manager featuresintegrated with third-party software

• Configure third-party integration: Allows you to enableintegration with supported third-party software and configureglobal integration settings

For more information, see Part IV: Integrating Third-PartySolutions on page 1.

Administering Remote Manager

17-3

Section Description

Default Settings forProducts/Services

Configure default setting templates: Allows you to configure theentire managed product/service console settings that you canapply to new or existing customers

TipConfiguring templates can help save you time bypreconfiguring security policies and exception lists for themanaged product, which you can later apply to multiplecustomers.

ImportantRemote Manager only supports default setting templatesfor Worry-Free Business Security Services and CloudEdge.

For more information, see Default Setting Templates on page17-20.

System Logs Administration logs: Displays information related to RemoteManager console changes made by users

For more information, see Viewing Administration Logs on page17-23.

Configuring Global Notification SettingsSet up global notifications to monitor common events that may require attention.Remote Manager provides notifications through email messages, on the Customerswith Notifications widget, or through your third-party software.

TipTrend Micro recommends configuring global notification settings in such a way that thesettings can apply to most of your customers. Global settings provide a quick way toconfigure individual customer notifications, although you can customize notificationsettings on a per customer basis.


17-4

Procedure

1. Go to Administration.

2. In the System Settings section, click Configure notifications.

The Administration > Configure notifications screen appears.

3. In the Email Message Settings section, specify the Recipients that receive thenotification email messages.

• Account manager: Select the Licensing Management Account for theprimary Remote Manager administrator that should receive email notificationsfor all customers.

• Additional recipients: Manually type the email addresses of other people towhom Remote Manager should contact

NoteSeparate multiple entries using semicolons (;).

4. In the Email Message Settings section, specify the Message Content thatappears in the notification email messages.


17-5

Option Description PossibleNotifications

Sendseparateconsolidated emailmessagesfor allActionRequiredevents andallWarningevents forallcustomers

Remote Manager consolidates all ActionRequired events and all Warning eventsfor all customers and sends a singleemail message for each severity levelwith a summary of all events each timethe Remote Manager serversynchronizes with the managed productservers.

NoteClick Edit subject preface tospecify a custom preface thatappears as the initial text in theemail subject line.

• One consolidatedemail message withall Action Requiredevents for allcustomers permanaged product

• One consolidatedemail message withall Warning events forall customers permanaged product

• Separate emailmessages for allLicense events, asconfigured in EventNotificationSettings

Send asingleconsolidated emailmessagefor allWarningevents butwithindividualemailmessagesfor eachActionRequiredevent foreachcustomer

Remote Manager consolidates allWarning events for all customers andsends a single email message with asummary of all the Warning events eachtime the Remote Manager serversynchronizes with the managed productservers. Remote Manager also sends anew email message each time amanaged product reports an ActionRequired event for any customer.

NoteClick Edit warning subjectpreface to specify a custompreface that appears as the initialtext in the email subject line forthe consolidated Warning eventmessage.

• Separate emailmessages for eachAction Requiredevent for eachcustomer

• One consolidatedemail message withall Warning events forall customers permanaged product



17-6

Option Description PossibleNotifications

Sendindividualemailmessagesfor eachActionRequiredandWarningevent foreachcustomer

Remote Manager sends a new emailmessage each time a managed productreports a Warning or Action Requiredevent for any customer.

• Separate emailmessages for eachAction Requiredevent for eachcustomer

• Separate emailmessages for eachWarning/Informationevent for eachcustomer


Important

You can customize the individual email content for each Worry-Free BusinessSecurity Services and Cloud Edge “Warning” and “Action Required” events byclicking an event name in the Notification Event Settings after selecting thisoption.

5. In the Email Message Settings section under Language, select which languageRemote Manager uses when sending the email notification.

6. In the Email Message Settings section under Daily Notification Summary,enable Send a daily notification summary option to receive a daily email reportthat summarizes all License Events, System Events, and Threat Events for allcustomers each day.

Tip

Click the View sample link to display a preview of the pie chart and table data thatRemote Manager sends.


17-7

7. In the Notification Event Settings section, configure how Remote Managersends notifications for specific products and event types.

• Common settings:

• Show in Notifications: Select the check box to display a notificationevent on the Customers with Threats widget and the NotificationCenter screen

• Email: Select the check box to have Remote Manager send an emailmessage (based on the Message Content settings) whenever the eventoccurs

• Alert Threshold: If available, specify the threshold setting for the event

NoteConfigure threshold settings for Worry-Free Business Security Servicesusing each customer's Worry-Free Business Security Services web console.

• Notification product and event types: The notification events vary for eachproduct and event type. Refer to the following list for specific informationrelated to each section:

Section Description

All LicenseEvents

Select specific event types that you want to monitor fromthe list provided.

NoteRemote Manager sends a separate consolidatedemail message containing all License Notificationsfor all customers.

For more information about the notification events, seeLicense Notifications on page 17-11.


17-8

Section Description

Worry-FreeBusinessSecurity Services

Select specific event types that you want to monitor fromthe list provided.

For more information about the notification events, seeWorry-Free Business Security Services Notifications onpage 17-12.

ImportantEnable Do not send notifications from themanaged product to Remote Managerrecipients to reduce the number of duplicate emailmessages that the recipients specified in theRecipients section of the Email MessageSettings. Remote Manager compares therecipients in the Email Message Settings with therecipients configured on the Worry-Free BusinessSecurity Services console for each customer. If anemail address appears in both lists, RemoteManager blocks the Worry-Free Business SecurityServices notifications to the duplicate emailaddresses.

TipIf you selected to receive individual emailmessages for “Warning” or “Action required” eventsin the Message Content section, you can click anevent name to customize the email messagecontent.

For more information, see Customizing EmailNotification Content on page 17-10.

Worry-FreeBusinessSecurity

You can only select whether to receive notifications basedon the Threat and System event types.

For more information about the notification events, seeWorry-Free Business Security Notifications on page17-14.


17-9

Section Description

Cloud AppSecurity

You can only select whether to receive notifications basedon the Threat and System event types.

For more information about the notification events, seeCloud App Security Notifications on page 17-16.

Cloud Edge Select specific event types that you want to monitor fromthe list provided.

For more information about the notification events, seeCloud Edge Notifications on page 17-18.

ImportantFor “Information” event types, Remote Managersends notifications based on the “Warning” eventsetting configured in the Message Content section.

TipIf you selected to receive individual emailmessages for “Warning” or “Action required” eventsin the Message Content section, you can click anevent name to customize the email messagecontent.

For more information, see Customizing EmailNotification Content on page 17-10.

InterScan WebSecurity as aService

You can only select whether to receive notifications basedon the System event type.

For more information about the notification events, seeInterScan Web Security as a Service Notifications onpage 17-19.

8. Click Save.


17-10

NoteYou can revert all global notification settings to the default configuration by clickingRestore Defaults.

Customizing Email Notification ContentIf you selected to receive individual email messages for “Warning” or “Action required”events in the Message Content section, you can click an event name to customize theemail message content.

For more information, see Configuring Global Notification Settings on page 17-3.

ImportantCustomized email message templates are only available for Worry-Free Business SecurityServices and Cloud Edge events.

TipClick the Preview sample link to understand the layout of notification messages beforebeginning to customize the notification content.

Procedure

1. In the Subject field:

• Drag-and-drop fields from the Variable List to add dynamically-updateddata.

ImportantDrag-and-drop functionality is only supported when using Chrome or Firefoxbrowsers.

• Manually type static text to improve readability.

2. In the Content field:


17-11

• Drag-and-drop fields from the Variable List list to add dynamically-updateddata.

• Manually type static text to improve readability.

• Use the available editing toolbar buttons to format the message content.

3. Click Save.

License Notifications

Event Frequency Alert Threshold

License -Expiring soon

Select from the following:

• Every 7 days: The systemsends an email notificationevery 7 days, starting from14 days before expiration.



Remote Manager displays theAlert Threshold based on theFrequency setting:

• Every 7 days: Licenseexpiring in 14 days



License -Expired

By event

Sends a notification if there arelicenses that have already expired

Not applicable


17-12

Event Frequency Alert Threshold

License -Exceededallocation

By event

Sends a notification if thepercentage of used seatsexceeds the provisioned numberof seats

Allocation exceeds (%):<number>

NoteYou can specify thepercentage of seats usedthat exceed the seats thecustomer provisioned. Thiscan be any value between100 to 120.

Worry-Free Business Security Services Notifications

Important

For events with a configurable threshold, you must configure the threshold value separatelyfor each customer on the Worry-Free Business Security Services console.


Event Details




Antivirus - Real-timeScan disabled



17-13

Event Details











Predictive MachineLearning -Predictive MachineLearning detectionsexceed

: The detected Predictive Machine Learning count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)








17-14

Event Details

Application Control -Application Controlviolations exceed

: The detected Application Control violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)


Event Details


: Security Agents with outdated patterns after two hours ofantivirus pattern release exceeded threshold

Smart ProtectionServices - Agentsdisconnected

: Security Agents cannot connect to the Smart ProtectionNetwork

Worry-Free Business Security Notifications


Event Details

Antispam - Spamdetections in totalmessages receivedexceed

: The ratio of detected spam messages in total messagesreceived exceeds the configured threshold within 1 hour (asconfigured on the managed product console)





Antivirus - Real-timeScan disabled onendpoints



17-15

Event Details

Antivirus - Real-timeScan disabled onExchange server(s)

: Exchange servers with Real-time Scan disabled allow allattachments in email messages to pass, leaving the customernetwork susceptible to mass-mailing worms.




Antivirus - Virusdetections onendpoints exceed

: The detected virus/malware count on endpoints exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)

Antivirus - Virusdetections onExchange serversexceed

: The detected virus/malware count on Exchange serversexceeds the configured threshold within 1 hour (as configured onthe managed product console)










17-16

Event Details




Event Details

Resource shortage -Remaining diskspace below

: The amount of remaining disk space on the server hasdropped below the configured alert threshold.

Smart ProtectionServices - Serviceunavailable

: The Worry-Free Business Security console cannot connectto the Smart Scan Server

Update - OutdatedExchange servers

: Outdated components detected on Exchange server(s)


: Over <number> of the Security Agents did not receive thelatest antivirus patterns in the last hour

Cloud App Security NotificationsTable 17-5. Threat Events

Event Details



File Blocking - FileBlocking violationsexceed

: The detected File Blocking violation count exceeds theconfigured threshold within 1 hour (as configured on the managedproduct console)


17-17

Event Details

Ransomware -Ransomwaredetections exceed

: The detected ransomware count exceeds the configuredthreshold within 1 hour (as configured on the managed productconsole)

Virtual Analyzer -Virtual Analyzerdetections exceed

: The detected Virtual Analyzer detection count for “Low risk”or “Medium risk” objects exceeds the configured threshold within1 hour (as configured on the managed product console)

: The detected Virtual Analyzer detection count for “High risk”objects exceeds the configured threshold within 1 hour (asconfigured on the managed product console)




Event Details

Account sync issues- Invalid Box accesstoken


Account sync issues- Invalid Dropboxaccess token


Account sync issues- Invalid GoogleDrive access token


Account sync issues-Sync issues ondelegate account(s)

: Unable to sync with delegate account(s)


17-18

Cloud Edge NotificationsTable 17-7. Threat Events


Web Threats -Web threatdetectionsexceed

: The detected web threatcount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)


C&C callback -C&C callbackdetectionsexceed

: The detected C&C callbackcount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)


Ransomware -Ransomwaredetectionsexceed

: The detected ransomwarecount exceeds the configuredthreshold within 1 hour (asconfigured on the managedproduct console)




Offline - Offlinegatewaydetected

: Cloud Edge cannot connectto the gateway or performscanning

Specify when Remote Managersends the notification:

• Immediately: Trigger thenotification as soon as CloudEdge reports the incident toRemote Manager

• For more than X day(s):Trigger the notification if thegateway remains offline forthe configured number ofdays


17-19


Offline - Offlinedevice recovery

: Cloud Edge restored theconnection to an offline device

Not applicable

Cloud emailscanning -Serviceunavailable

: Cloud Edge was unable toconnect to the cloud scanningservice

Not applicable

Cloud emailscanning -Servicerestored

: Cloud Edge restored theconnection to the cloud scanningservice

Not applicable

Resourceshortage -CPU, memory,or disk spaceusage exceeds

: The amount of remainingresources on the device havedropped below the configuredalert threshold.

Specify the maximum amount ofresources (between 80 - 95%)that can be in use before RemoteManager triggers the notification

InterScan Web Security as a Service NotificationsTable 17-9. System Events

Event Details

Account sync issues- Sync issues withAD/LDAP

: Unable to sync with AD/LDAP

Configuring Console SettingsSpecify the logo that customers after signing into the service.

Procedure

1. Click Administration > Console settings.


17-20

2. Select the image that you want to use in the banner.

Important

The logo must be a .png, .jpg, .bmp, or .gif image with a suggested size of 600(width) by 60 (height).

3. Click Save.

Default Setting TemplatesDefault setting templates contain preconfigured settings for a specific customer orgroup. The templates are available only for Worry-Free Business Security Services andCloud Edge, and if Trend Micro Remote Manager integrates with LicensingManagement Platform.

Trend Micro Remote Manager provides consoles similar to the Worry-Free BusinessSecurity Services and Cloud Edge consoles for template configuration. Settingsconfigured on the template configuration consoles do not affect registered products.



http://docs.trendmicro.com/en-us/smb/cloud-edge.aspx

Configuring Default Setting Templates for Worry-FreeBusiness Security Services

Default setting templates are available only if Trend Micro Remote Manager integrateswith Licensing Management Platform.







17-21

Procedure

1. Go to Administration > Configure default setting templates.

The Configure default setting templates screen appears.

2. Under Worry-Free Business Security Services, click Create.

3. Type a name and description for the template.

The Create Template window opens.

4. Click Configure Template.

A console similar to the Worry-Free Business Security Services console opens.

Note

Settings configured on this console do not affect registered products.

5. Configure the following settings:

• Policies

a. Go to Devices > Server (Default) > Configure Policies.

b. Configure the default server policy settings.

c. Go to Scans > Device (Default) > Configure Policies.

d. Configure the default device policy settings.

e. Click Save.


17-22

• Scan settings

a. Go to Scans > Manual Scan (tab).

b. Configure the default server and device settings.

c. Go to Scans > Scheduled Scan (tab).

d. Configure the default server and device settings.

e. Click Save.

• Notification settings

a. Go to Administration > Notifications > Events (tab).

b. Specify the events and recipients that will trigger an event notification.

c. Click Save.

• Global settings

a. Go to Administration > Global Settings > Security Settings (tab).

b. Make the necessary changes to the scan, behavior monitoring, oroutbreak prevention settings.

c. Go to Administration > Global Settings > Approved/BlockedSettings (tab).

d. Add or remove sites to the approved or blocked sites.

e. Go to Administration > Global Settings > Agent Control (tab).

f. Change the agent settings.

g. Go to Administration > Global Settings > Device Management(tab).

h. Change the user-based device management settings.

i. Click Save.


17-23

Configuring Default Setting Templates for Cloud EdgeDefault setting templates are available only if Trend Micro Remote Manager integrateswith Licensing Management Platform.



Procedure

1. Go to Administration > Configure default setting templates.

The Configure default setting templates screen appears.

2. Under Cloud Edge, click Create.

The Create Template window opens.

3. Type a name and description for the template.

4. Click Configure Template.

A console similar to the Cloud Edge cloud console opens.

Note

Settings configured on this console do not affect registered products.

5. Configure the required settings.

Viewing Administration LogsThe administration log lists actions performed by Remote Manager administrators.

Procedure

1. Go to Administration > System logs.



17-24

2. Click Administration logs.

3. Specify the data range using the drop-down list or by specifying dates using thecalendars.

4. Click Display Logs.

The Administration logs table appears.

5. For policy deployment logs, click the link in the Description column to view moredetails about the successful or unsuccessful policy deployment actions.

Part VIIGetting Help

18-1

Chapter 18

Troubleshooting and FrequentlyAsked Questions


• Troubleshooting on page 18-2

• Frequently Asked Questions on page 18-7


18-2

TroubleshootingIf you experience issues while working with Remote Manager, attempt to locateresolution steps for the following issues:

• Trend Micro Remote Manager Web Console Issues on page 18-2

• Agent Issues on page 18-4

• Managed Product or Third-party Software Connection Issues on page 18-6

Trend Micro Remote Manager Web Console Issues

The following topics describe troubleshooting information related to Trend MicroRemote Manager web console issues:

• Access Issues on page 18-2

• Inconsistent Status Icons on page 18-3

• Node on Tree Cannot Be Expanded on page 18-3

• Page Cannot be Displayed on page 18-3

Access Issues

A user cannot sign into Trend Micro Remote Manager.

Resolution

There are two possible reasons for this issue:

• JavaScript is disabled on the browser. Remote Manager requires this option to beenabled. Refer to your browser's documentation for instructions.

• Profile has not been synchronized. If you just registered on Trend Micro LicensingManagement Platform and cannot sign in, wait for a few minutes for theinformation to synchronize.

Troubleshooting and Frequently Asked Questions

18-3

Inconsistent Status Icons

During the initial stages of data gathering (right after the Agent registers with theserver), Remote Manager may display antivirus and anti-spam status icons that areinconsistent with the displayed number of virus and spam incidents.

Right after it registers with the server, the Agent transmits the current antivirus and anti-spam statuses from Worry-Free Business Security (all), but does not transmit thehistorical data on which these statuses are based. As a result, it may display, for example,a red status symbol but show no incidents.

Resolution

Remote Manager will display the correct icon and data as soon as Worry-Free BusinessSecurity (all) detects an incident.

Node on Tree Cannot Be Expanded

If a node on the domain tree (under the Customers tab) does not expand when clicked,group and client information on the Worry-Free Business Security server and the TrendMicro Remote Manager server may be out of sync.

To resolve this issue:

1. Go to the Customers > [customer] screen.

2. Hover over the node on the Products tab that does not expand.

3. Click the Settings icon ( ).

4. Click Sync.

Trend Micro Remote Manager instructs the Worry-Free Business Security server toresend the group information.

Page Cannot be Displayed

Page cannot be displayed shows up when trying to open the Trend MicroRemote Manager Server URL. This happens if:


18-4

• The URL is incorrect.

• The Trend Micro Remote Manager Server's URL is not an Internet ExplorerTrusted Site.

Resolution

1. Make sure that the Trend Micro Remote Manager Server's URL is an InternetExplorer Trusted Site.

a. Open Internet Explorer.

b. Click Tools > Internet Options > Security > Trusted Site > Sites.

c. Check if the Trend Micro Remote Manager Server URL is in the list. If not,type it in and then click OK.

Agent IssuesWhenever you move your mouse over the system tray icon, it displays a status messagethat indicates whether the Agent is functioning normally or not.

Table 18-1. Status messages displayed by the Agent’s system tray icon

Message Description

Unknown errorencountered. Check thesystem or restart theAgent.

Unknown error encountered. Check the system or restartthe Agent.

Unexpected errors, typically system errors, are preventingthe Agent from functioning properly.

Resolution:

Check the managed server for low memory or other systemproblems.


18-5

Message Description

Unable to register withthe remote server.

The GUID you provided may be incorrect or there may be anetwork issue.

Resolution

There are two situations that may cause this:

• Verify that you have used the correct GUID. See AgentGUID or Authorization Key on page 8-2 to find thecorrect GUID on the Remote Manager web console.

• If the network has an issue, the Agent cannot connectto the server. Check the network connection betweenWorry-Free Business Security (Standard andAdvanced) server and the Trend Micro RemoteManager server.

Unable to connect to theremote server.

The managed server may be experiencing Internetconnectivity problems.

Resolution

Check Internet connectivity on the managed server. Also,check the Agent’s proxy settings and the specified serveraddress and port.

Agent disabled byRemote Manager.

The Agent has been temporarily disabled through theRemote Manager web console.

Resolution

Enable the Agent through the Remote Manager webconsole.

Agent does not match theClient Server MessagingSecurity (CSM).

The Client Server or Client Server Messaging Security Suiteand Agent versions do not match.

Resolution

Upgrade the Client Server or Client Server MessagingSecurity Suite server to the latest version and install thelatest Agent.


18-6

Message Description

Agent service stopped. Agent has logged off from Remote Manager.

Resolution

Start the Agent service by right-clicking the Agent systemtray icon and clicking Start Service.

Unable to loadcomponents. You mayneed to reinstall theAgent.

The Agent encountered problems while loading somecomponents.

Resolution

First try restarting the Agent service by right-clicking theAgent system tray icon and clicking Restart Service orStart Service. If this does not work, uninstall and thenreinstall the Agent. Make sure you use the same GUID.

Managed Product or Third-party Software ConnectionIssues

• Connection Issues with Hosted Email Security on page 18-6

• Unable to Connect to ConnectWise Customers on page 18-7

Connection Issues with Hosted Email Security

If you are unable to connect or disconnect Hosted Email Security, any of the followingmay display at the bottom of the page:

Messages Resolution

Unable to connect to Remote Managerserver. Please check the networkconnection and remote manager status.

Check the network connection and remotemanager status then again.

Invalid authorization key Verify the GUID. If the GUID is incorrect.delete the agent and try to connect again.


18-7

Messages Resolution

Duplicate authorization key Verify the GUID. If the GUID is incorrect.delete the agent and try to connect again.

Unable to connect to remotemanagerRemote Manager server. Checkthe network connection and RemoteManager server status.

Check the network connection and remotemanager status then try again.

Server internal error Contact your support provider.

Unable to Connect to ConnectWise CustomersRemote Manager is unable to connect to ConnectWise customer information if anupdate to a company ID occurs on the ConnectWise server.

To resolve this issue:

From the Remote Manager Customer screen in ConnectWise, update the new companyID.

Frequently Asked QuestionsThe following sections outline common questions regarding Remote Managerconfigurations:

• Web Console FAQs on page 18-7

• Maximizing Ransomware Protection FAQs on page 18-12

• Hosted Email Security FAQs on page 18-15

• Report FAQs on page 18-16

Web Console FAQs• How long do changes to my Customer Licensing Portal account take to appear on the MyAccount

screen? on page 18-8


18-8

• Why does the Remote Manager console not display an updated status right after updating settings?on page 18-8

• Why do I receive a sign-in error when trying to open the Worry-Free Business Security Servicesconsole? on page 18-8

• After creating a new customer in Licensing Management platform, why does the customer notdisplay in Remote Manager? on page 18-9

• How do I add new products to existing Remote Manager customer accounts? on page 18-9

• How do I access a managed product console from Remote Manager? on page 18-9

• Does Remote Manager support role-based administration? on page 18-10

• What differences exist for Licensing Management Platform accounts and Customer LicensingPortal accounts in Remote Manager? on page 18-10

How long do changes to my Customer Licensing Portalaccount take to appear on the MyAccount screen?

After making changes to your Customer Licensing Portal account information, thesystem can take up to 2 hours to synchronize the changes with the Remote Managerweb console.

Why does the Remote Manager console not display anupdated status right after updating settings?

It takes a few minutes for the data to synchronize across the services. Some examples ofa delayed change include updating the license or seats, resetting counters, and so on.

Why do I receive a sign-in error when trying to open theWorry-Free Business Security Services console?

This happens if Worry-Free Business Security Services is down for maintenance or ifthere is an issue with Licensing Management Platform. Wait a few moments beforetrying to access the console again.


18-9

After creating a new customer in Licensing Managementplatform, why does the customer not display in RemoteManager?

It takes a few minutes for the data to synchronize across the services.

How do I add new products to existing Remote Managercustomer accounts?

Depending on the type of Trend Micro Account you are using, the method of addingproducts to existing Remote Manager customer accounts varies.

• Licensing Management Platform accounts: You can add new products to existingRemote Manager customer accounts directly from the Remote Manager webconsole.


• Online Registration portal accounts: You can only add Worry-Free BusinessSecurity, Worry-Free Business Security Services, and Hosted Email Securityproducts to existing Remote Manager customers by receiving an Authorization Keyfor the managed product and registering the product from the managed productconsole.

For more information, see Adding New Products Using a Customer Licensing PortalAccount on page 3-11.

How do I access a managed product console from RemoteManager?

On the Remote Manager web console, go to Customers > [customer] > Productsand click a product name in the tree view.

In the right corner of the table, an Open Console link should appear. Click the link toopen the managed product console.


18-10

Does Remote Manager support role-based administration?No. Remote Manager only supports the use of a fully-functional administrator account.

What differences exist for Licensing Management Platformaccounts and Customer Licensing Portal accounts inRemote Manager?The following table outlines the functionality differences in Remote Manager whenusing different account types.

Feature Licensing ManagementPlatform Account

Customer LicensingPortal Account

Customer management -Deleting customers

Not supported Supported

Product management -Deleting products


Product description -Editing


Supported products • Cloud App Security

• Cloud Edge


• InterScan WebSecurity as a Service

• Worry-Free BusinessSecurity (Standard andAdvanced)

• Worry-Free BusinessSecurity Services


• Worry-Free BusinessSecurity (Standard andAdvanced)



18-11

Feature Licensing ManagementPlatform Account

Customer LicensingPortal Account

Third-party plug-in support • Autotask

• ConnectWise

• Kaseya

• LabTech

• Autotask

• ConnectWise

Template management Supported for:

• Cloud Edge


Not supported

Template assignment tonew customers

Supported for:

• Cloud Edge


Not supported

Template assignment toexisting customers

Supported for:

• Cloud Edge


Not supported

My Account information Not supported Supported

Product registration toRemote Manager

Automatic registrationsupported through serviceplan assignment

Authorization Key required

Merging OLR accounts Supported Not applicable

Licensing ManagementPlatform access

Supported Not supported

Long beta version Supported Not supported

License renewal and seatallocation

Supported Not supported


18-12

Maximizing Ransomware Protection FAQs

• What happens when I click the Maximize Ransomware Protection button on the Home screen?on page 18-12

• How can I verify that all ransomware-related settings are enabled? on page 18-12

• What are the risks of enabling Ransomware Protection? on page 18-15

What happens when I click the Maximize RansomwareProtection button on the Home screen?

The Maximize Ransomware Protection for Worry-Free Business Security Servicesfor All Customers screen appears.

Clicking Enable All automatically enables the following features for all your customersfor all groups, except the Server (Default) group"


• Ransomware Protection

• Web Reputation

• Newly Encountered Program Detection

How can I verify that all ransomware-related settings areenabled?

Verify that all ransomware-related settings are enabled on the Security Settings tab onthe Customers screen.

Important

You can only verify that the Newly Encountered Program Detection feature is enabled byopening the Worry-Free Business Security Services console.


18-13

Procedure

1. Go to Customers > {Company}.


2. On the Products tab, expand the Worry-Free Business Security Services productplan in the product tree.

3. Select Device (Default).

The Devices and Security Settings tabs appear.

4. Click the Security Settings tab.


18-14



18-15

5. Under Web Reputation, verify that the following feature is enabled:

• Enable Web Reputation

6. Under Behavior Monitoring, verify that the following features are enabled:

• Enable Behavior Monitoring

• Enable all ransomware protection features

7. Click Save.

Agents are notified to make the changes.

What are the risks of enabling Ransomware Protection?

Enabling Ransomware Protection features may pose any of the following risks:

• Enabling Behavior Monitoring and Ransomware Protection may cause somecompatibility issues with certain applications.

To resolve this issue, add the applications to the Exceptions list or disable BehaviorMonitoring and Ransomware Protection.

If the issue persists, contact your support provider.

• Enabling the automatic backup feature of Ransomware Protection requires anadditional storage space of 100MB.

• Enabling Program Inspection increases the detection of compromised executablefiles and the overall detection ratio but may decrease system performance.

Hosted Email Security FAQs

Why is the latest 3 hours data not displayed on Live Status?

On the Hosted Email Security server, data collection takes places over a two-hourperiod. To be certain that the Remote Manager server will have integrated data from theHosted Email Security server, data collection is delayed for 3 hours.


18-16

Why are Sync with Server and Go to Customer Console grayed outwhen right-clicking on Hosted Email Security on the customer tree?

There are three possible reasons for Hosted Email Security is not being active.

• Hosted Email Security hasn't yet been connected to Remote Manager.

• The customer terminated the connection. See Connecting a Hosted Email SecurityCustomer to the Remote Manager Web Console on page 6-2.

• The customer tree may need to be refreshed.

Why do I get the error message "Your Hosted Email Security customerhas not connected to Remote Manager or has been disconnected byHosted Email Security. Contact your administrator" when I try toredirect to the customer's Hosted Email Security console after thecustomer connected Hosted Email Security to Remote Manager?

After entering the GUID or Authorization Key and clicking Connect, it can take as longas ten minutes for Hosted Email Security to complete the connection to the RemoteManager web console. If the problem persists, contact Trend Micro Support.

Why does an Hosted Email Security customer's Activation Code (AC)and Expiration Date show "N/A" on the Remote Manager web console?

If a Hosted Email Security customer has not connected the Hosted Email Securityservice to Remote Manager or has disconnected, Remote Manager cannot retrieve data.The other reason is that Hosted Email Security cannot find a valid Activation Code andExpiration Date for this customer. This is a rare occurrence.

Report FAQs

Is there a limitation on the number of reports that can be stored?

Yes. Remote Manager limits the number of stored reports. After the quota is met, olderreports are automatically deleted. The number of reports that are stored is:

• Daily reports: A maximum of 30 reports are stored.

• Weekly reports: A maximum of 10 reports are stored.


18-17

• Monthly reports: A maximum of 5 reports are stored.

Why is there no new report generated in the report history after creatinga one-time report profile?

Wait for one or two minutes after creating the report profile. The report will show up inthe report history. If the report still cannot be generated, open the report profile andsave it again. If the issue persists, contact Trend Micro support.

Why can't I receive daily/weekly/monthly reports via email when thereare reports in report history?

Make sure the customer's email address is valid and is in the list of report profilerecipients. If both are OK, it may be a network issue.

On a generated report, why isn't the data time displayed according tomy time zone?

The time zone that the report depends on is the one that the reseller selected whencreating the profile. It is not determined by the customer's computer.

What does the "N/A" means after creating a one-time report?

For a one-time report, the status column will always show "N/A". This happens becausethere is no status for the one-time report (cannot disable, enable, suspend, etc.).

Cannot view reports when using SSL (HTTPS) connections.

"Do not save encrypted pages to disk" is a security setting for Internet Explorer andcomes into play when dealing with SSL (HTTPS) connections. If you check this setting,nothing will be saved to the cache, and you will not be able to open or downloadreports.

In order to fix this in Internet Explorer 11.0, click Tools > Internet Options >Advanced > Security and disable the Do not save encrypted pages to disk option.

19-1

Chapter 19

Technical SupportLearn about the following topics:

• Contacting Support on page 19-2

• Sending Suspicious Content to Trend Micro on page 19-3

• Troubleshooting Resources on page 19-4


19-2

Contacting Support• Using the Support Portal on page 19-2

• Speeding Up the Support Call on page 19-2

Using the Support PortalThe Trend Micro Support Portal is a 24x7 online resource that contains the most up-to-date information about both common and unusual problems.

Procedure

1. Go to https://success.trendmicro.com/business-support.

2. Use the Search Support text box to search for available solutions or keywords.

3. Click the All Products drop-down and select your product.

4. If no solution is found, click Contact Support and select the type of supportneeded.

Tip

To submit a support case online, visit the following URL:

http://esupport.trendmicro.com/srf/SRFMain.aspx

A Trend Micro support engineer investigates the case and responds in 24 hours orless.

Speeding Up the Support CallTo improve problem resolution, have the following information available:

• Steps to reproduce the problem

https://success.trendmicro.com/business-support

http://esupport.trendmicro.com/srf/SRFMain.aspx

Technical Support

19-3

• Appliance or network information

• Computer brand, model, and any additional connected hardware or devices

• Amount of memory and free hard disk space

• Operating system and service pack version

• Version of the installed agent

• Serial number or Activation Code

• Detailed description of install environment

• Exact text of any error message received

Sending Suspicious Content to Trend MicroSeveral options are available for sending suspicious content to Trend Micro for furtheranalysis.

Email Reputation ServicesQuery the reputation of a specific IP address and nominate a message transfer agent forinclusion in the global approved list:

https://ers.trendmicro.com/

Refer to the following Knowledge Base entry to send message samples to Trend Micro:

http://esupport.trendmicro.com/solution/en-US/1112106.aspx

File Reputation ServicesGather system information and submit suspicious file content to Trend Micro:

http://esupport.trendmicro.com/solution/en-us/1059565.aspx

Record the case number for tracking purposes.

https://ers.trendmicro.com/

http://esupport.trendmicro.com/solution/en-US/1112106.aspx

http://esupport.trendmicro.com/solution/en-us/1059565.aspx


19-4

Web Reputation Services

Query the safety rating and content type of a URL suspected of being a phishing site, orother so-called "disease vector" (the intentional source of Internet threats such asspyware and malware):

http://global.sitesafety.trendmicro.com/

If the assigned rating is incorrect, send a re-classification request to Trend Micro.

Troubleshooting ResourcesBefore contacting technical support, consider visiting the following Trend Micro onlineresources.

Threat Encyclopedia

Most malware today consists of blended threats, which combine two or moretechnologies, to bypass computer security protocols. Trend Micro combats this complexmalware with products that create a custom defense strategy. The Threat Encyclopediaprovides a comprehensive list of names and symptoms for various blended threats,including known malware, spam, malicious URLs, and known vulnerabilities.

Go to http://about-threats.trendmicro.com/us/threatencyclopedia#malware to learnmore about:

• Malware and malicious mobile code currently active or "in the wild"

• Correlated threat information pages to form a complete web attack story

• Internet threat advisories about targeted attacks and security threats

• Web attack and online trend information

• Weekly malware reports

http://global.sitesafety.trendmicro.com/

http://about-threats.trendmicro.com/us/threatencyclopedia#malware

Technical Support

19-5

Download CenterFrom time to time, Trend Micro may release a patch for a reported known issue or anupgrade that applies to a specific product or service. To find out whether any patchesare available, go to:

http://www.trendmicro.com/download/

If a patch has not been applied (patches are dated), open the Readme file to determinewhether it is relevant to your environment. The Readme file also contains installationinstructions.

Documentation FeedbackTrend Micro always seeks to improve its documentation. If you have questions,comments, or suggestions about this or any Trend Micro document, please go to thefollowing site:


http://www.trendmicro.com/download/
