Views:

To resolve the issue:

  1. Get the user requirement to prepare the configuration INI file.
    For example, whitelist.ini. The content of whitelist.ini should be something like this:
     
    Choose either IP or IPV6.

    [Global Setting]
    SEG_WhiteListIPNum=2
    SEG_WhiteListIP0=211.76.0.0
    SEG_WhiteListIP0_Mask=255.255.0.0
    SEG_WhiteListIP1=225.72.16.0
    SEG_WhiteListIP1_Mask=255.255.255.0

    or

    [Global Setting]
    SEG_WhiteListIPV6Num=1
    SEG_WhiteListIPV60=240800405fff014cc97f0050f043dbe6
    SEG_WhiteListIPV60_Mask=ffffffffffffffffffffffffffffffff

    Here are the format and details of the ini file:

    SEG_WhiteListIPNum=x, where “x” is the number of approved Web site IPs or subnets to be specified in IPv4. The maximum value of “x” is “1000”.
    SEG_WhiteListIP0=192.168.16.22
    SEG_WhiteListIP0_Mask=255.255.255.0
    SEG_WhiteListIP1=192.168.16.35

    SEG_WhiteListIP999=

     
    SEG_WhiteListIP{X}_Mask is optional, default subnet mask is "255.255.255.255".

    or

    [Global Setting]
    SEG_WhiteListIPV6Num=y, where y is the number of approved Web site IP's or subnet's to be specified in IPv6, maximum value is "1000"
    SEG_WhiteListIPV60=fec00000000000000220edfffe6a0f76
    SEG_WhiteListIPV60_Mask=ffffffffffffffff0000000000000000
    SEG_WhiteListIPV61=240800405fff014cc97f0050f043dbe6

    SEG_WhiteListIPV6999=

     
    SEG_WhiteListIP6{X}_Mask is optional, default subnet mask is "ffffffffffffffffffffffffffffffff".
  2. Create a fixlet to establish the IP whitelist configuration to target computers, then configure CPM accordingly.

    Below is a sample fixlet that will create whitelist.ini in CPM folder and will then execute this command:

    TMCPMCLI.exe CONFIG –i whitelist.ini

    Sample fixlet:

    delete whitelist.ini
    delete "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"
    createfile until __DONE
    [Global Setting]
    SEG_WhiteListIPNum=2
    SEG_WhiteListIP0=211.76.0.0
    SEG_WhiteListIP0_Mask=255.255.0.0
    SEG_WhiteListIP1=225.72.16.0
    SEG_WhiteListIP1_Mask=255.255.255.0
    __DONE
    copy __createfile "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"
    waithidden "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\TMCPMCLI.exe" CONFIG -i "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"

    The result checking is:

    • Checking“HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM\CLI\LastExistCode”, it should be 0
    • If we run the command via DOS prompt, we may use “echo %errorlevel%” command,  it should be 0.
  3. Restart the OfficeScan NT Proxy Service either manually or via fixlet. This can be done by the existing fixlets.
  4. If necessary, verify the result by checking the registry or collecting CDT.
    1. Check the following key under the "HKEY_LOCAL_MACHINEh\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList":

      SEG_WhiteListIPNum(String Value): Set the number of white-list. The value could be 1-1000

    2. Check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\

      WhiteList\SEG_WhiteListIP0(could be 0~999):

      • Under registry key “SEG_WhiteListIP0”, registry IPv4 (DWORD) 00004CD3 (reversed)
      • Under registry key “SEG_WhiteListIP0”, registry IPv4Mask (DWORD) 0000FFFF (reversed)

    Here is a verification sample:

    White-list ip addr range
    IP addr: 211.76.0.0
    Mask:   255.255.0.0
    Split the IP into and IP and mask address and translate it into hexadecimal:
    IP addr: D3 4C 00 00
    Mask:   FF FF 00 00

Keywords: configuring the registry key for ip safelisting,ip safelist,WhiteListIP