Pls check my previous blogs for the Trend Micro Deep Security 9.5 on the below topics and in this blog we will see the installation of Smart Scanning Protection Server – SSP Server and its function.
Deep Security Smart Protection Server
Deep Security Relay is there to allow the Deep Security Manager to see what components are available for download from the Trend Micro ActiveUpdate site, whenever you trigger a component update in Deep Security Manager, the Deep Security Relay is the one responsible for carrying out the download activities. The downloaded files are stored in the Deep Security Relay. When computers performed their updates, they download directly from the Deep Security Relay. The relay holds all the update components with the exception of Smart Scan Pattern and the BF pattern file which is used by Smart Scanning.
The Smart Scan Pattern file is a cloud pattern that resides on the internet on our Smart Protection Network or locally via a Standalone Smart Protection Server.Like the Relay server we can have the separate Smart Protection Server in each location.
When anti-malware is enabled and is configured to use Smart Scanning, what happens is that a file scanning is verified against a local pattern file (Smart Scan Agent Pattern) this contains half of the virus signature. The file hash signature is then compared against the BF pattern which also resides locally, the BF pattern will determine if the file hash signature needs to be sent to Smart Protection Server. If scanning is required, the file information is sent to Smart Protection Server to be verified against the Smart Scan Pattern file.When anti-malware is using conventional scanning model, the file is verified against the local virus pattern file.
There is a feature called “Web Reputation” which is used by the DSVA. When someone tries to access a URL on the VM, the rating of that URL is checked by the DSVA first. This makes sure that the URL is not a malicious URL. To check the rating of the URL, DSVA has to send that query to the Smart Protection Server. Smart Protection Network is available globally on the Internet by Trend Micro. By default DSVA will use that. Ensure these sites are allowed through your company firewall/proxy when using the global Smart Protection Server:
ds90-en.url.trendmicro.com (Used for Web Reputation queries – WRS) ds8.icrc.trendmicro.com (Used for File Reputation queries – Anti-Malware Smart Scan) To void Internet traffic going to the global servers, it is recommended to install a local standalone Smart Protection Server
To achieve Smart Scanning full capability, the computer needs to be able to download “Smart Scan Agent Pattern” from the Deep Security Relay and at the same time able to connect via port 80 or 443 to a Smart Protection Server.
The Standalone Smart Protection Server installer can be downloaded from this URL.
If using VMware, create a new Virtual Machine with CentOS 5 64-bit.
If your VMWare version (such as 3.5 and 4.0) does not support CentOS, use Red Hat(R) Enterprise Linux(R) 5 64-bit.
Note: Only Virtual NIC E1000 and VMware VMXNET3 NICs are supported.
Installation Steps of Smart Protection Server.
Copy the ISO in the new installed Smart Protection Server.
Click Install Smart Protection Server
Once the Installation is done then login using the admin credentials
Pls find the below commands which we can use to configure the Smart Protection Server.
Use the below command to configure the Hostname and IP Address.
Configure hostname <HOSTNAME>
Configure ipv4 static IP \ NetMask \ Firwall.
Show ipv4 address – To show the IP.
Show ipv4 gateway – To show the Gateway.
Show ipv4 route – To shoe the route.
Or we can provide during the installation itself.
Once the configuration is done then reboot the server .
Login using the IP configured in the web console with the admin credentials.
Pls note the link in the server address above from the Smart Protection Server http:/IP/tmcss.
Go to the DSM – Policy – Anti-Malware – Smart Protection – Remove the Default and choose the locally installed Smart Protection server and add the http:/IP/tmcss.
Use the same method if enabling the web Reputation in the policy.
In my next Blog we will see configuring the policy to the VMs and setting up the exclusions.