08-26-2013 04:49 AM
I´ve been having some trouble regarding TrendMicro Officescan.
I made a policy which allows ‘trendmicro’, ‘trendmicro-officescan’ and ‘web-browsing’. The reason for adding ‘web-browsing’ was, that trendmicro usually get updates via normal http on Port 8080. I did this even though ‘trendmicro-officescan’ lists tcp port 8080 as one of the used ports in the application description. Besides that, I set application-default option for the used ports.
What I now experience is that the update connections get recognized as ‘web-browsing’. However, in my understanding, they are supposed to be identified as ‘trendmicro-officescan’. The second problem is, that the session gets blocked, even though web-browsing is in the allowed application list. A potential reason for that could be the application-default option, which allows makes web-browsing only on tcp/80.
Does anyone here have an idea, or made the same experience with TrendMicro officescan?
Is there any way I can make one policy for Officescan with application-default enabled? Or is it necessary to declare all ports individually?
12-02-2013 04:40 AM
If you are specifying application-default in service column that means web-browsing should be identified on port 80 not on port 8080.
Please use service column as any and verify it is working or not.
Adding to that if you are on OS 5.0.x version application should be identified as trendmicro-officescan after the first packet it received on web-browsing traffic.
Please make sure you are on latest Apps & Threats version and if you still see the similar behavior please open a case with support and they can forward to App team to modify the signature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!