Trend Micro CSM Suite v2 and ISA 2004

Hi, anybody got a how-to on post installation tasks in ISA 2004 to allow ssl
access to Office Scan Management Console? I have use 4343 as SSL port 8090
for the web site. I have configured an SSL rule and a web publishing rule
but I they don't work and I have no idea why.

 

Hi Bill,

I'm wondering what the motivation is for SSL? Are you accessing the console
directly from external locations? Typically, the management console is
accessed from the server console itself, or from a workstation on the lan -
and under those cicumstances I don't see where SSL would be required. I've
never bothered with SSL for the console, and therefore can't offer any
troubleshooting tips.

 

Hi Les,

Put it down to my stupidity. It looked to me like the install wanted me to
use SSL so I did . I will re-install without!

Cheers,
Bill

 

I wouldn't be so hard on yourself ;-).

SSL is the default, and it should work. But to simplify - I de-select it.

Here's an old post, worth repeating now that I prefer CSM 2 over 3.

Here's the procedure for Trend CSM for SMB.

1. Decide whether you want to use the Adminstrator account for CSM, or
another account. If you don't want to use the Administrator account, create
an account. (I use the Administrator account.)

2. Run setup - install on IIS is generally the only selection available.
3. Enter the FQDN server.domain.local OR the IP of the SBS. I prefer the IP,
it seems to work better.
4. Install into IIS Virtual Web Site (New site, not the default web site)
5. Use port 8085 for communication. NOTE: - any unused port is fine, check
IIS to ensure the one you select is not in use.
6. Deselect SSL.
7. Use Administrator account - If ISA enter proxy info, if no ISA enter
nothing in proxy.
8. If you don't have the activation code - register now, the email with the
code comes real quick. (note that you can go this far prior to the actual
install if you like, and get the activation code so you don't have to do
this while installing).
9. Accept the server/client port.
10. Accept the client installation for the SBS (installs the Officescan
client on the server)
11. The install proceeds, then open the admin console.

- This completes Officescan installation, now on to Scanmail.

12. Go to the Scanmail link on the left, and install Scanmail to the IP of
your SBS. Scanmail and eManager are installed.

- This completes the installation of CSM SMB. Now you need to make some
settings.

1. In the CSM console, click on the Clients view so you can see the
Officescan 'domain'. Your SBS will be listed there.
2. Create a new Officescan 'domain', and move your SBS computer to the new
domain. The original domain will be used for workstations.
3. Click on your SBS computer icon, and set the client priveliges to your
liking.
4. Click on Scan options | Real time Scan settings, and find the Exclusions
link.
5. Put <drive> pagefile.sys in the lower 'file' exclusion list.
6. Put <these are default locations>

c:\Program files\exchsrvr
\trend,
\trend micro in the directory exclusion area.
Note that if you have moved your exchange data and or logs somewhere, be
sure to exclude them. Note also you can be more granular with your
exclusions if you want - you don't have to exclude the entire directory.

Another note - there is a tick box for excluding Trend product directories,
but I do it manually anyway.
Yet another note - On all screens make sure you APPLY the settings by
scrolling down to the bottom and clicking the button.

What you've done with the two Officescan 'domains', is enabled different
settings for the server versus the clients. Now when you add client
machines, you can set the options on that domain (rather than each
workstation) so they apply to all workstations, but not the server. Sometime
this is useful.

7. Click on Updates, Server updates, Automatic Update, check the options and
set the frequency to hourly.

8. Click on Manual Update, select the options you want, and update now to
get the lates files and make sure connectiviy is there.

9. Log off Officescan console.

Scanmail

1. Use the non HTML console from start | all programs.
2. Log on, click on Scheduled Update.
3. Enable scheduled update, and set it to hourly, select pattern file and
engine.
4. If you use ISA, click on the Proxy Settings button and enter the proxy
info.
5. Click on Update Now, select the options, set proxy info if you use ISA,
and click on Update now.

Those are the basics to get protection. You can learn the fine tuning and
option stuff (including eManager) as you go.



--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius

 

Hi Les,

Thanks for getting back so quickly. I will give this a try tonight I am at
a client's site all day today.

I got a bit frustrated when I did the first install of Trend CSM, accepting
most of the defaults and then got a security error when I tried to open the
Manager web page! I thought that ISA 2004 was blocking access to the site
so I started looking at how to allow access! My ISA skills are, to say the
least, rudimentary so I probably made a hash of it.

I uninstalled and reinstalled using information I foind at isaserver.org
using port 4343 for SSL and 8090 for the web site. Same error.

Cheers,
Bill

 

Hi Les,

OK installed as per your how-to (without SSL). First attempt to open the
Management Console generated an authorisation error. Second attempt opened
the Management Console Login. After password entry, was informed that I
need active x to run the console but did not offer to install. Closed page
and reopened, same error. Third time lucky Console opened!

Each time I open a new page from the console I get a prompt to Install
Officescan. If I don't accept I can go no further, e.g. OK button was
greyed out in Install Scanmail unless I installed. What's with this? Very
confusing because you appear to be installing the same thing about three
times.

All installed, configured and running. Will I bother with SSL? Thanks for
your help Les.

Cheers,
Bill

 

Hi Bill,

Add the Officescan web site to your trusted sites.

You have to use the Officescan web site for configuration of that piece -
Scanmail has both a web config and an application, use the Application
interface as it works much better than the web interface. eManager has only
the application interface.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius