Supported OS

• Desktop: Windows 7 SP1 – Windows 10 RS5
• Server: Server 2008 R2 SP1 – Server 2019

Communication

• HTTPS with TLS 1.2

Apex One™ as a Service supports the following web browsers:

• Microsoft Edge
• Google Chrome

Size of Deployment Package

• For the full Security Agent MSI Setup Package:
  • 32-bit Setup Package (Smart Scan) = 234 MB
  • 64-bit Setup Package (Smart Scan) = 288 MB
• For the coexist Security Agent MSI Setup Package:
  • 32-bit Setup Package (Smart Scan) = 234 MB
  • 64-bit Setup Package (Smart Scan) = 288 MB

  The Apex One™ (Mac) Security Agent can be installed on endpoints running supported Mac platforms. Visit the following website for a complete list of system requirements: Online Help Center: Apex One™ as a Service.

• For the Apex One (Mac) Security Agent ZIP Setup Package = 90.6 MB

To configure the proxy settings:

1. Log in to the Apex One™ as a Service console.
2. Go to Administration > Managed Servers > Server Registration.
3. From the Server Type drop-down list, select OfficeScan.

   

4. Click the Apex One™ Server URL link to log in using Single Sign-On (SSO) to the OfficeScan server console.
5. Go to Administration > Settings > Proxy.
6. Configure the proxy settings for server and/or agents, then click Save.

   

Test Requirements

Before testing this module, make sure you have the following:

• One or more physical or virtual machines (VMs) protected by an OfficeScan Cloud Agent

Test Procedure for Anti-Malware

1. Activate a physical or virtual machine with Apex One™ Cloud Agent installed.
2. Download the EICAR test fileon the virtual machine. The file should be quarantined.

   

3. Click on the number next to the detection or on the Apex One™ Security Agent, and then click Logs.

   

4. Verify the detection showing in the agent logs.

   

5. On the Apex One™ as a Service console, go to Detections > Logs > Logs Query > Virus/Malware Detections. Choose additional filters if needed to narrow down results if the product has been active for a while.

   After 10 to 20 minutes, you will be able to see the detection in the logs.

   

6. Set up a scheduled scan:
   1. On the Apex One™ as a Service web console, go to Policies > Policy Management then click Create (verify that Apex One™ agent is selected as the product). We will be creating a single machine test policy to apply only to our test machine.
   2. Click Specify Targets > Select.

      

   3. Use Search to specify a machine or use Browse to navigate to the machine and select it.

      

   4. Expand Scheduled Scan Settings.
   5. Tick the "Enable virus/malware scan" checkbox.

      

   6. Go to Privileges and Other Settings > Privilegestab.

      

   7. Set the Unlock Password for the agent.

      

   8. Click the Deploy button at the bottom of the page.
   9. Run a manual update on the agent located on the endpoint.
   10. Open the Agent on the endpoint.
   11. Click the padlock icon and enter the password to unlock the Agent, and then click the gear iconto open Settings.

       

   12. On the Protection tab, select Scheduled Scan from the drop-down list and confirm that it has been enabled.

       

7. Demonstrate file exclusions:
   1. On the Apex One™ as a Service web console, re-open the Single-Machine Test policy by clicking on it.
   2. Expand Real-Time Scan Settings.
   3. Click the Scan Exclusion tab.
   4. Go to Scan Exclusion List (Directories).
   5. Specify the path of the directory you want to exclude from the scan e.g. C:\Test Folder, and then click the plus (+) button.

      

   6. Click Deploy at the bottom of the page.
   7. Run a manual update on the agent located on the endpoint.
   8. Open the Agent on the endpoint.
   9. Unlock the Agent, and then open Settings.

      

   10. Select Real-Time Scan from the drop-down and confirm that it has the exclusion.

       

   11. On the Endpoint, open notepad.exe and type in the following:

       X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

   12. Save the file in C:\Test Folder as eicar.com. The file should save successfully and show a size of 1 KB. Due to the exclusion, no detection should occur.

       

   13. Attempt to copy the file to another folder, such as C:\temp. As the other folder is not excluded, the file should immediately be detected by OfficeScan and quarantined.

Configure

1. Log in to the Apex One™ as a Service Console.
2. Go to Policies > Policy Management.
3. Select Apex One™ Agent for the Product and click Create.

   

4. Name the policy "TEST_OSCE_Web_Policy".
5. For Targets, choose Specify Target(s) then click Select.
6. Find and specify the test agent, and then click OK.
7. Expand Additional Service Settings.
8. Enable Advanced Protection Service for both Desktop and Server platforms.
9. Expand Web Reputation Settings:
   1. Go to the External Agents tab:
      1. Set the security level to Medium.
      2. Enable "Block pages containing malicious script".

         

      3. Enable "Allow agents to send logs to the OfficeScan Server".

         

   2. Go to the Internal Agents tab:
      1. Verify that "Check HTTPS URLs" is checked.
      2. Verify that "Scan common HTTP ports only" is unchecked.
      3. Set security level to Low.
      4. Enable "Block pages containing malicious script".

         

      5. Enable "Allow agents to send logs to the OfficeScan Server".

         

10. Click Deploy.
11. Wait until it shows deployed or run Update Now on the agent.

Testing

1. On the test agent, open Internet Explorer.
2. Go to Internet Options > Advancedand verify that "Enable third-party browser extensions" is enabled.

   

3. Go to Internet Options > Programs > Manage Add-onsand verify that Trend Micro Osprey Plug-in and Trend Micro IE Protection are enabled.

   

4. Click OK to close Internet Options.
5. If "Enable third-party browser extensions" has to be enabled, restart Internet Explorer.

6. Go to http://wrs49.winshipway.com. The browser should open a Website Blocked page and OfficeScan will pop-up a Malicious URL notification.

   

7. Go to https://wrs49.winshipway.com. This time, the connection is over HTTPS on port 443. However, it should be blocked the same as before and the URL will change to reflect being blocked by the Osprey plug-in that handles HTTPS traffic.

   

8. Wait 10 minutes.
9. From the Apex One™ as a Service console, go to Detections > Logs > Log Query.
10. Click Network Events > Web Violation.

    

11. Verify and check the times and URL shown in the logs for the test agent.

    

Download new components and deploy them to the Apex One™ server:

1. Log in to the Apex One™ as a Service console.
2. Go to Administration > Updates > Manual Update.
3. Select only the Apex One™ server in the Products drop-down list.

   

4. On the Types drop-down list, unselect Program and then click Apply.

   

5. Select "Deploy to all selected managed products immediately" and click Download Now.

   

   A manual update bar will appear at the top of the screen.

   

6. Click Administration > Command Tracking. A Manual Download will be listed and show successful and unsuccessful updates.

   

7. Go to the Dashboard > Compliance tab to check the status of the components.

Configure which portions of the Apex One™ agent should be updated:

1. Log in to the Apex One™ as a Service console.
2. Go to Policies > Policy Management.
3. Select Apex One™ Agent for the Product then click Create.
4. Name the policy, select Specify Targets, and add the target endpoints.
5. Expand Privilege and Other Settings, and then go to Other settings.

   

6. Under the Update Settings section, select any one of the items from the drop-down list:
   • Pattern files
   • Pattern files, engines, drivers
   • All components (including hotfixes and agent program)

   The default setting is "All components (including hotfixes and agent program)".

   

7. Click Deploy.
8. Go to one of the target endpoints.
9. Open regedit.
10. Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
    • Value of NoProgramUpgrade will be 1 for Pattern and Pattern files, engines, drivers. Value will be 0 if All components (including hotfixes and agent program) is selected.
    • Value of NoEngineUpgrade will be 1 for Pattern Files. Value will be 0 for Pattern files, engines, drivers and All components (including hotfixes and agent program).

Configure

1. Log in to the Apex One™ as a Service console.
2. Go to Policies > Policy Management.
3. Select Apex One™ Agent for the Product then click Create.
4. Specify/Add Target machine(s).
5. Expand the Predictive Machine Learning Settings section and configure the following Detection Settings:
   • File: Quarantine
   • Process: Terminate

   These are the default settings.

   

6. Click Deploy.

Optional for Servers

To enable on servers, the Unauthorized Change Prevention Service and the Advanced Protection Service will also need to be enabled for servers:

1. On the same policy, expand Additional Service Settings.
2. Under the Unauthorized Change Prevention Service section, select Windows Server Platforms.
3. Under the Advanced Protection Service section, select Windows Server Platforms.

   

4. Click Deploy.

Agent Procedure

1. After the policy has been deployed, run "taskmgr.exe" on the machine.
2. Verify that TMBMSRV.exe and TMCCSF.exe are running on the agent.

Logs

1. Log in to the Apex One™ as a Service console.
2. Go to Detections > Logs > Log Query.
3. Select Security Logs > System Events > Predictive Machine Learning detections.

   

4. Click on All Products and select Specified Products from the drop-down list.
5. Choose Directory, and then expand the Apex Central as a Service > Local folder.
6. Select Apex One™ as a Service, and then click OK.

   

7. Click Searchto see the results.

   

8. Go back to Directories > Users/Endpoints.
9. In Advanced Search Criteria, specify the following, and then click Search:
   • Users
   • Threat Type
   • Predictive Machine Learning Logs

   

   

10. Click the number in the Threats column for a user (only if threats have been found).
11. Click View.

Configure

1. Open the Apex One™ as a Service web console.
2. Go to Administration > Account Management > User Accounts.
3. Create a new account or open an existing account.
4. Configure the email address for the added user account then click Next.

   

5. Return to Administration > Account Management > User Accounts.
6. Click Enable Two-Factor Authentication and click Enableon the pop-up screen.

   

   The link will change to Disable Two-Factor Authentication.

   

7. Upon next login, the user will be prompted to request the Email Confirmation, which should arrive in 10 – 20 minutes.

   

   Providing the confirmation code will then take the user to the Two-Factor setup page.

   

   After entering the confirmation code, the user can login.

Generate Emergency Code

1. Open the Apex One™ as a Service login page.
2. Enter Credentials, and then click Login.
3. Click Email me an emergency access code.
4. Click Send Email.
5. An email with an emergency access code will be sent.

   

6. Type the access code received via email, and then click Submit.

Testing

1. 1. Have 2 machines: 1 with Apex One™ installed and 1 without protection.
   2. Configure Box or OneDrive on both machines to the same account.
   3. Move an EICAR or other test file to the sync folder on the unprotected server and wait for it to sync. The agent will detect the test sample with a pop-up notification.

      

The virus detail logs on the agent will display the detection and the Infection channel is "Cloud synchronization". The detection also appears on the Behavior Monitoring Log, Predictive Machine Learning Log, and Spyware/Grayware Log.

Threat Report

1. Log in to the Apex One™ as a Service web console.
2. Go to Reports > One-time Reports.
3. Click Add.
4. Specify a Name and select Static Templates > Executive Summary.

   

5. Choose the following report contents:
   • Top users with threats
   • Top endpoints with threats
   • Users and endpoints overview
   • Threat detections by channel and product
6. Select Adobe PDF and click Next.
7. Select Apex One™ as a Service for the Target.
8. Click Next.
9. Specify the time range.
10. Click Finish.

    

    It may take some time for the report to generate.