Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to set the registry key for IP WhiteList in Core Protection Module (CPM)

    • Updated:
    • 23 Sep 2015
    • Product/Version:
    • Core Protection Module 10.5
    • Core Protection Module 10.6
    • Platform:
    • Windows 2000 Server
    • Windows 2003 Enterprise Server
    • Windows 2003 Standard Server Edition
    • Windows Vista 32-bit
    • Windows XP Home
Summary

You want to set the whitelist to a certain private IP range (10.x.x.x) or (192.168.x.x) so that TMUFE will not check the IP. However, you are unable to set the registry key properly.

Details
Public

To resolve the issue:

  1. Get the user requirement to prepare the configuration INI file.
    For example, whitelist.ini. The content of whitelist.ini should be something like this:
     
    Choose either IP or IPV6.

    [Global Setting]
    SEG_WhiteListIPNum=2
    SEG_WhiteListIP0=211.76.0.0
    SEG_WhiteListIP0_Mask=255.255.0.0
    SEG_WhiteListIP1=225.72.16.0
    SEG_WhiteListIP1_Mask=255.255.255.0

    or

    [Global Setting]
    SEG_WhiteListIPV6Num=1
    SEG_WhiteListIPV60=240800405fff014cc97f0050f043dbe6
    SEG_WhiteListIPV60_Mask=ffffffffffffffffffffffffffffffff

    Here are the format and details of the ini file:

    SEG_WhiteListIPNum=x, where “x” is the number of approved Web site IPs or subnets to be specified in IPv4. The maximum value of “x” is “1000”.
    SEG_WhiteListIP0=192.168.16.22
    SEG_WhiteListIP0_Mask=255.255.255.0
    SEG_WhiteListIP1=192.168.16.35

    SEG_WhiteListIP999=

     
    SEG_WhiteListIP{X}_Mask is optional, default subnet mask is "255.255.255.255".

    or

    [Global Setting]
    SEG_WhiteListIPV6Num=y, where y is the number of approved Web site IP's or subnet's to be specified in IPv6, maximum value is "1000"
    SEG_WhiteListIPV60=fec00000000000000220edfffe6a0f76
    SEG_WhiteListIPV60_Mask=ffffffffffffffff0000000000000000
    SEG_WhiteListIPV61=240800405fff014cc97f0050f043dbe6

    SEG_WhiteListIPV6999=

     
    SEG_WhiteListIP6{X}_Mask is optional, default subnet mask is "ffffffffffffffffffffffffffffffff".
  2. Create a fixlet to establish the IP whitelist configuration to target computers, then configure CPM accordingly.

    Below is a sample fixlet that will create whitelist.ini in CPM folder and will then execute this command:

    TMCPMCLI.exe CONFIG –i whitelist.ini

    Sample fixlet:

    delete whitelist.ini
    delete "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"
    createfile until __DONE
    [Global Setting]
    SEG_WhiteListIPNum=2
    SEG_WhiteListIP0=211.76.0.0
    SEG_WhiteListIP0_Mask=255.255.0.0
    SEG_WhiteListIP1=225.72.16.0
    SEG_WhiteListIP1_Mask=255.255.255.0
    __DONE
    copy __createfile "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"
    waithidden "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\TMCPMCLI.exe" CONFIG -i "{(value "Application Path" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM" of registry as string)}\whitelist.ini"

    The result checking is:

    • Checking“HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM\CLI\LastExistCode”, it should be 0
    • If we run the command via DOS prompt, we may use “echo %errorlevel%” command,  it should be 0.
  3. Restart the OfficeScan NT Proxy Service either manually or via fixlet. This can be done by the existing fixlets.
  4. If necessary, verify the result by checking the registry or collecting CDT.
    1. Check the following key under the "HKEY_LOCAL_MACHINEh\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList":

      SEG_WhiteListIPNum(String Value): Set the number of white-list. The value could be 1-1000

    2. Check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\

      WhiteList\SEG_WhiteListIP0(could be 0~999):

      • Under registry key “SEG_WhiteListIP0”, registry IPv4 (DWORD) 00004CD3 (reversed)
      • Under registry key “SEG_WhiteListIP0”, registry IPv4Mask (DWORD) 0000FFFF (reversed)

    Here is a verification sample:

    White-list ip addr range
    IP addr: 211.76.0.0
    Mask:   255.255.0.0
    Split the IP into and IP and mask address and translate it into hexadecimal:
    IP addr: D3 4C 00 00
    Mask:   FF FF 00 00

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1054872
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.