This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

TrendMicro Officescan Updates aren´t recognized correctly

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

TrendMicro Officescan Updates aren´t recognized correctly

VUGD
L1 Bithead

‎08-26-2013 04:49 AM

Hey folks,


I´ve been having some trouble regarding TrendMicro Officescan.

I made a policy which allows ‘trendmicro’, ‘trendmicro-officescan’ and ‘web-browsing’. The reason for adding ‘web-browsing’ was, that trendmicro usually get updates via normal http on Port 8080. I did this even though ‘trendmicro-officescan’ lists tcp port 8080 as one of the used ports in the application description. Besides that, I set application-default option for the used ports.

What I now experience is that the update connections get recognized as ‘web-browsing’. However, in my understanding, they are supposed to be identified as ‘trendmicro-officescan’. The second problem is, that the session gets blocked, even though web-browsing is in the allowed application list. A potential reason for that could be the application-default option, which allows makes web-browsing only on tcp/80.

Does anyone here have an idea, or made the same experience with TrendMicro officescan?

Is there any way I can make one policy for Officescan with application-default enabled? Or is it necessary to declare all ports individually?

0 Likes Likes
2 REPLIES 2

panos
L6 Presenter

‎12-01-2013 11:22 AM

did you replicate this after updating applications to last version ?

still having the issue ?

0 Likes Likes

hyadavalli
L5 Sessionator

‎12-02-2013 04:40 AM

Hello,

If you are specifying application-default in service column that means web-browsing should be identified on port 80 not on port 8080.

Please use service column as any and verify it is working or not.

Adding to that if you are on OS 5.0.x version application should be identified as trendmicro-officescan after the first packet it received on web-browsing traffic.

Please make sure you are on latest Apps & Threats version and if you still see the similar behavior please open a case with support and they can forward to App team to modify the signature.

Regards,

Hari Yadavalli

0 Likes Likes
  • 2438 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks