The information below shows how to set up and configure WRS and Anti-malware features in Deep Security.

Setting up the Smart Protection System Settings

1. Log on to the Deep Security Manager (DSM).
2. Go to System > System Settings.
3. Go to the Anti-malware tab to access the Smart Scan section.

   

   By default, this feature is enabled (ON) for the Deep Security Agent (DSA) and disabled (OFF) for Virtual Appliance.

Configuring the Smart Protection source

1. Log on to the Deep Security Manager (DSM).
2. Go to System > System Settings.
3. Go to the Smart Protection tab.

   

   There are a number of settings in this section, but there are three (3) essential options:

   • Global Smart Protection Network

     This setting can be used for machines that are connected to the Internet. It requires that the machine has access to:
     ds8.icrc.trendmicro.com
     ds80-en.url.trendmicro.com

     This is the global server maintained by Trend Micro that is updated when new merging threats are detected. When this setting is selected, the DSA will communicate with these servers to determine if threats exist.

     

   • Local Smart Protection Server

     In some environments, machines may not have direct Internet access and customers may wish to set up their own local Smart Protection Server. This is a server that is installed in the customer’s environment that is connected to the global Smart Protection Network. Each machine on the network can then connect to the local server for threat detection.

     

   • Local Smart Protection Server with Roaming enabled

     In some environments, there may be laptops that go off domain and no longer have connection to the local Smart Protection Server. In this case, administrators may allow access to the global Smart Protection Network when the computer is “off domain”.

     

     The “When Roaming” option is linked closely to the location awareness feature of Deep Security, which means the feature is dependent on the machine on a domain. If you have a machine that is on a domain and you have a local SPS with the “When Roaming” check box enabled, then DSA will check for the domain controller (using an ICMP ping) at a regular interval. If the domain controller is present, DSA will assume that you are on the domain and will continue to use the local SPS. However, if connection to the domain controller cannot be established, the agent will assume that you are “Off domain” and will switch to using global SPS instead.

      

     If you select the “When Roaming” option on a machine that is not part of a domain or a machine that cannot ping the domain controller (because of a firewall rule, for example), then that machine will always use the global SPS. Therefore, this option should only be selected for machines that are part of a domain and have the potential to go off domain (i.e. laptops). It is not meant as a failover in case the local Smart Protection Server fails.