Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Best Practices in enhancing protection against malware threats in Worry-Free Business Security/Services (WFBS/WFBS-SVC)

    • Updated:
    • 3 Nov 2016
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Services for Dell 5.6
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2000 Professional
    • Windows 2000 Small Business Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 7 32-bit
    • Windows Vista 32-bit
    • Windows XP Professional
Summary

This article contains recommended practices in ensuring optimum malware protection using WFBS or WFBS-SVC.

Details
Public

To ensure enhanced malware protection:

  1. To prevent the malware from downloading new variants of itself or other types of malware, log on to the WFBS console. Go to Security Settings > Servers/Desktops group > Web Reputation and set the Security Level section to Medium. This will also flag highly suspicious sites.
  2. To prevent users accessing an infected mapped drive, disable the Windows autorun feature. Refer to Microsoft KB 967715 for additional information.
  3. Make sure that all of your machines are fully patched, especially against the MS10-046 vulnerability.
  4. Enable the SPN Feedback. This will help Trend Micro to acquire undetected malicious files.
  5. Enable the Scan mapped drives and shared folders on the network for Manual Scan and Scheduled Scans.
  6. Enable Behavior Monitoring (BM). Make sure that you have the latest BM patterns and enable ransomware protection by following these steps.

    For WFBS 6.x, WFBS 7.x, WFBS 8.x or WFBS 9.0 SP1 we do recommend you to upgrade to WFBS 9.0 SP3 to have better ransomware protection. You view the instructions here on how to upgrade to WFBS 9.0 SP3.

  7. Set your WFBS agents scan method to Smart Scan. This method will acquire new patterns that can detect different variants of VOBFUS malware.
  8. Configure the Manual Scan Exclusions to scan Trend Micro folders. It is possible that the reason you keep getting reinfected is because the malware dropper positioned itself on the WFBS folder:
    1. Log on to the WFBS console and go to Scans tab > Manual Scan.
    2. Uncheck Do not scan the directories where Trend Micro products are installed.
    3. Click Save and run a manual scan.

    If you have exclusions on the Real-time Scan, make sure that they are not excluded on the Manual Scan and Scheduled scan.

  9. Read the following Best Practice Guide according to your WFBS version:

    WFBS 9.0 SP3

    The WFBS 9.0 SP3 Best Practice Guide contains information on the following topics:

    • Applying the latest patches for WFBS
    • Configuring Smart Scan
    • Configuring Real-time Scan settings
    • Configuring Manual Scan settings
    • Configuring Scheduled Scan settings
    • Enabling Behavior Monitoring
    • Enabling Enabling Web Reputation Service and Device Access Control
    • Enabling Ransomware Protection
    • Configuring Location Awareness
    • Configuring the scanning of compressed/decompressed files
    • Making sure that security agents are updated
    • Enabling Smart Feedback
    • Running Microsoft Baseline Security Analyzer
    • Educating end-users not to access untrusted URLs and to be cautious in executing unknown files

    WFBS 8.0

    The WFBS 8.0 Best Practice Guide contains information on the following topics:

    • Applying the latest patches for WFBS
    • Configuring Smart Scan
    • Configuring Real-time Scan settings
    • Configuring Manual Scan settings
    • Configuring Scheduled Scan settings
    • Enabling Web Reputation Service
    • Enabling Behavior Monitoring
    • Enabling Device Access Control
    • Configuring Location Awareness
    • Configuring the scanning of compressed/decompressed files
    • Make sure that security agents are updated
    • Enabling Smart Feedback
    • Running Microsoft Baseline Security Analyzer
    • Educating end-users not to access untrusted URLs and to be cautious in executing unknown files

    WFBS 7.0

    The Best Practice Configurations for WFBS 7.0 document contains information on the following topics:

    • Configuring Manual Scan Settings
    • Configuring Scheduled Scan Settings
    • Configuring Location Awareness
    • Configuring the scanning of compressed/decompressed files
    • Configuring Security Server to get the latest updates from Trend Micro
    • Making sure all Security Agents are up-to-date with the latest engine/pattern
    • Enabling Smart Feedback
    • Applying the latest patches for WFBS
    • Running Microsoft Baseline Security Analyzer once a month to check unpatched PCs
    • Disabling System Restore
    • Educating users not to click on links they do not trust
  1. To prevent users accessing an infected mapped drive, disable the Windows autorun feature. Refer to How to disable the Autorun functionality in Windows article.
  2. Make sure that all of your machines are fully patched, especially against the MS10-046 vulnerability.
  3. Activate the SPN Feedback. This will help Trend Micro to acquire undetected malicious files.
  4. Enable Ransomware protection for WFBS-SVC. You may check Enabling ransomware protection for Worry-Free Business Security Services (WFBS-SVC)
  5. Configure the Manual Scan Exclusions to scan Trend Micro folders. It is possible that the reason you keep getting reinfected is because the malware dropper positioned itself on the WFBS-SVC folder.
    1. Log on to the WFBS-SVC console and go to Devices > Select the target Group > Configure Policy > Antivirus/Anti-spyware.
    2. Under Exclusions, untick Do not scan the directories where Trend Micro products are installed.
    3. Click Save and run a Manual scan.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1039099
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.