To drop or reject the packets?

Before you decide which action to enforce on your clients, perhaps you need to understand the effect of doing it.

Drop will drop the packet without response
Reject will reject packet but with response that the packet has been rejected (ICMP unreachable equivalent send to the source)

List of ports when using NVW and TMCM

A customer asked, what ports to allow since he deploys two units of NVW the NVW registered to TMCM in the network.

Ports used by NVW and TMCM to communicate:

1. TCP 80 Listening/Outbound (HTTP)
2. TCP 443 Listening/Outbound (HTTPS)
3. UDP 10323 (Inbound)
4. UDP 514 Outbound (Syslog)

Ports used by NVW and protected machines to communicate:

1. TCP 20901-2 Listening & TCP 20903 Interprocess (Damage Cleanup Services). This is also used by Vulnerability Assessment

2. UDP 123 (Inbound). Port used by the Trend Micro Network Time Protocol. It is also used by Network VirusWall to synchronize time with the TMCM server.

3. UDP 10323 (Inbound). Default Heartbeat Port of TMCM for MCP-based agents. Heartbeats will indicate to the TMCM server that an agent is active.

4. 5088 - Peagent

5. 5091 - Threat management agent. You can also modify this port in NVW console > Policy enforcement > TMAgent settings.

CDI for NVWe2500

Issue:
A customer reported that her NVWe2500 unit is not able to update either manual or scheduled. Clicking on the update button will take almost forever to come out with the page.

Normally the Available Version column should indicate the latest component version but since the problem occur, she only see N/A as the description.

How to run CDI to further troubleshoot on this issue?

Answer:
The Case Diagnostic Information (CDI) gathers information for diagnostic and debugging purposes. Trend Micro can use this information to diagnose problems and issues with NVWe. You can collect the CDI by clicking on the Administration menu, then the Tools link, and then the download link. The Tools pane will appear.



Save the file to your computer and then send it to Trend Support for further investigation. We cannot open the file as it is encrypted. It can only be read by their service engineering group.

Network Viruswall to exclude mobile device from assessment

Question:
Saril of NRE asked me on how to exclude mobile devices from assessment by Network Viruswall.

Answer:
To exclude smart phones/PDA from being assessed by Network Viruswall you can either;

1. Add in the smart phones/PDA IP address or MAC Address in the Global Exception List
2. Tick option to "Disable endpoint detection for non-windows Operating Systems" in the Network Viruswall console > Policy Enforcement > Policies.

Hope this helps.

Manually delete PEAgent for Network Viruswall

Question/Concern/Inquiry:
Based on your message, you moved the NVWe and would like to re-deploy the PE agent. During uninstallation of PE Agent at vista machine, you encounter the following error whenever try to remove the PE Agent via Add/Remove Program .."..another installation is in progress.." If we try to use self installer i.e. peagent_config.exe we will receive the same error too.


Solution/Recommendation:

Please follow the steps below to manually uninstall the PE Agent to these machine:

1. On System Tray, right click PEAgent icon, then click "Uninstall Real-Time Scan".
2. Right click PEAgent icon, then click Exit.
3. Run command "\%WinDir%\PEAgent\PEAgent.exe /delete".
4. Delete the folder \%WinDir%\PEAgent.