Trend Micro Deep Security 9.5 ( Smart Scanning Protection Server – SSP Server) – Part 7

Pls check my previous blogs for the Trend Micro Deep Security 9.5 on the below topics and in this blog we will see the installation of Smart Scanning Protection Server – SSP Server and its function.

Previous Topics.

Trend Micro Deep Security 9.5 ( DSM ) -Part 1

Trend Micro Deep Security 9.5 (Relay Server) -Part 2

Trend Micro Deep Security 9.5 ( vShield Endpoint ) – Part 3

Trend Micro Deep Security 9.5 ( Filter Driver Installation ) – Part 4

Trend Micro Deep Security 9.5 ( Deep Security Virtual Appliance-DSVA) – Part 5

Trend Micro Deep Security 9.5 ( Deep Security Agent ) – Part 6

 

Deep Security Smart Protection Server

Deep Security Relay is there to allow the Deep Security Manager to see what components are available for download from the Trend Micro ActiveUpdate site, whenever you trigger a component update in Deep Security Manager, the Deep Security Relay is the one responsible for carrying out the download activities.  The downloaded files are stored in the Deep Security Relay.  When computers performed their updates, they download directly from the Deep Security Relay.  The relay holds all the update components with the exception of Smart Scan Pattern and the BF pattern file which is used by Smart Scanning.

 The Smart Scan Pattern file is a cloud pattern that resides on the internet on our Smart Protection Network or locally via a Standalone Smart Protection Server.Like the Relay server we can have the separate Smart Protection Server in each location.

When anti-malware is enabled and is configured to use Smart Scanning, what happens is that a file scanning is verified against a local pattern file (Smart Scan Agent Pattern) this contains half of the virus signature.  The file hash signature is then compared against the BF pattern which also resides locally, the BF pattern will determine if the file hash signature needs to be sent to Smart Protection Server.  If scanning is required, the file information is sent to Smart Protection Server to be verified against the Smart Scan Pattern file.When anti-malware is using conventional scanning model, the file is verified against the local virus pattern file.

There is a feature called “Web Reputation” which is used by the DSVA. When someone tries to access a URL on the VM, the rating of that URL is checked by the DSVA first. This makes sure that the URL is not a malicious URL. To check the rating of the URL, DSVA has to send that query to the Smart Protection Server. Smart Protection Network is available globally on the Internet by Trend Micro. By default DSVA will use that. Ensure these sites are allowed through your company firewall/proxy when using the global Smart Protection Server:

ds90-en.url.trendmicro.com (Used for Web Reputation queries – WRS) ds8.icrc.trendmicro.com (Used for File Reputation queries – Anti-Malware Smart Scan) To void Internet traffic going to the global servers, it is recommended to install a local standalone Smart Protection Server

To achieve Smart Scanning full capability, the computer needs to be able to download “Smart Scan Agent Pattern” from the Deep Security Relay and at the same time able to connect via port 80 or 443 to a Smart Protection Server.

The Standalone Smart Protection Server installer can be downloaded from this URL.

http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4556&lang_loc=1

If using VMware, create a new Virtual Machine with CentOS 5 64-bit.

If your VMWare version (such as 3.5 and 4.0) does not support CentOS, use Red Hat(R) Enterprise Linux(R) 5 64-bit.

Note: Only Virtual NIC E1000 and VMware VMXNET3 NICs are supported.

Installation Steps of Smart Protection Server.

Copy the ISO in the new installed Smart Protection Server.

SMS

 

Click Install Smart Protection Server

sps1 sps2 sps3

If its not match the system requirements then it will show the below warnings.sps4

sps5 sps7

We need to give the Root and Admin password details.sps9 sps10 sps11 sps12 sps13 sps14

Once the Installation is done then login using the admin credentials

sps15

sps16

 

Pls find the below commands which we can use to configure the Smart Protection Server.

sps17

Use the below command to configure the Hostname and IP Address.

Configure hostname  <HOSTNAME>

Configure ipv4 static IP \ NetMask \ Firwall.

Show ipv4 address – To show the IP.

Show ipv4 gateway – To show the Gateway.

Show ipv4 route – To shoe the route.

sps18

Or we can provide during the installation itself.

.sps19 sps20

Once the configuration is done then reboot the server .

Login using the IP configured in the web console with the admin credentials.

sps21

sps22_censored

Pls note the link in the server address above from the Smart Protection Server http:/IP/tmcss.

Go to the DSM – Policy – Anti-Malware – Smart Protection – Remove the Default and choose the locally installed Smart Protection server and add the http:/IP/tmcss.

SMs_censored

Use the same method if enabling the web Reputation in the policy.

 

In my next Blog we will see configuring the policy to the VMs and setting up the exclusions.

 

 

 

 

Advertisements
This entry was posted in Trend Micro Deep Security, VMware and tagged , , . Bookmark the permalink.

One Response to Trend Micro Deep Security 9.5 ( Smart Scanning Protection Server – SSP Server) – Part 7

  1. Pingback: Trend Micro Deep Security 9.5 ( Deep Security Agent ) – Part 6 | Techbrainblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s