Before you deploy WFBS-SVC, check if the following are installed:

• Security Agent and OneCare
  The Security Agent cannot be installed with the Microsoft Windows Live OneCare client. The Security Agent installer will automatically remove OneCare from client computers.
• Other Firewall Applications

  Trend Micro recommends removing or disabling any other firewall applications (including Internet Connection Firewall (ICF) provided by Windows Vista, Windows XP SP2, and Windows Server 2003) if you want to install the WFBS-SVC firewall.

A client is a computer/device where you plan to install a security agent or a profile. Windows desktops, servers, and portable computers, Mac, and Android devices install a security agent. iOS devices install a profile. It helps if you know how many clients the installation will support.

When planning for deployment, consider the network traffic that WFBS-SVC will generate. WFBS-SVC generates network traffic when the WFBS-SVC Server and clients communicate with each other.

The WFBS-SVC Server/Scan Server generates traffic when:

• Notifying clients about configuration changes
• Notifying clients to download updated components
• Connecting to the Trend Micro ActiveUpdate Server to check for and download updated components
• Performing scans on the clients who are configured for Smart Scan
• Sending feedback to the Trend Micro Smart Protection Network

Clients generate traffic when:

• Starting up
• Shutting down
• Generating logs
• Performing scheduled updates
• Performing manual updates ("Update Now")
• Connecting to the Scan Server for Smart Scan

Network traffic is generated whenever Trend Micro releases an updated version of any product component.

To reduce network traffic generated during pattern file updates, WFBS-SVC uses a method called incremental update. Instead of downloading the full updated pattern file every time, new patterns that have been added since the last release are downloaded.

WFBS-SVC also uses Active and Inactive Agents. The Active Agent will update itself from the Trend Micro Active Update Server and so will generate Internet traffic. The Inactive Agents will update themselves from the Active Agent and so will generate internal network traffic.

Regularly updated clients only have to download the incremental pattern, which is approximately 5KB to 200KB. The full pattern is substantially larger even when compressed and takes longer to download.

Trend Micro releases new pattern files daily. However, if a particularly damaging virus is actively circulating, Trend Micro releases a new pattern file as soon as a pattern for the threat is available.

Every Agent must belong to a security group. The members of a security group all share the same configuration and run the same tasks. By organizing clients in groups, you can simultaneously configure, manage, and apply a customized configuration to one group without affecting the configuration of other groups.

An WFBS-SVC security group is different from a Windows domain. You can create multiple security groups within a single Windows domain. You may also assign computers from different Windows domains to the same security group.

You can group clients based on the departments they belong to or the functions they perform. Alternatively, you can group clients that are at a greater risk of infection and apply a more secure configuration than you may wish to apply to other clients. You will need at least one group for every unique client configuration that you wish to create.

If you have a small office, you may only have one group.

WFBS-SVC provides multiple options to deploy Agents/Profiles. Determine which ones are most suitable for your environment based on your current management practices and the account privileges that end users are assigned.

Windows computers

• For single-site deployment, IT administrators can choose to deploy using a Login Script Setup. The Agent is deployed in the background and the end user does not notice the installation process.
• In organizations where IT policies are strictly enforced Login Script Setup is recommended. Login-script setups do not require administrative privileges to be assigned to the end user. Instead, the administrator configures the installation program itself with the password to an administrative account. You do not need to modify the end user’s permissions.
• In organizations where IT policies are less strictly enforced, Agent/Profile installation using simple Agent download is recommended. The administrator sends out an email message instructing users to visit the download site where they can install the Agent. Using this method, however, requires that end users who will install the Agent have administrator privileges.

MAC computers

In organizations that also have Macs in the environment, Agent installation using the email link is recommended. The administrator sends out an email message instructing users to visit the download site where they can install Agent. Using this method, however, requires that end users who will install the Agent have administrator privileges.

Android devices

In organizations also have Android devices in the environment, Agent installation using Google Play is recommended. Users download the Agent from Google Play and use the authentication code they receive from the administrator to enroll the device and activate the agent.

iOS devices

iOS devices use profiles not agents. Before deploying profiles, administrators must first create an APNs certificate.

• Security Agent and OneCare

  The Security Agent cannot be installed with the Microsoft Windows Live™ OneCare client. The installer will automatically remove OneCare from client computers.

• Other firewall applications

  Trend Micro recommends removing or disabling any other firewall applications (including Internet Connection Firewall (ICF) provided by Windows Vista, Windows XP SP3, and Windows Server 2003) if you want to install the WFBS-SVC firewall.