Meerkat is a detection improvement to prevent 0-day attacks. This feature leverages Behavior Monitoring and Web Reputation, thus both must be enabled for Meerkat Blocking to function properly.
Before enabling Meerkat
- Enable AEGIS (TMBMSRV.exe) to monitor the process launch.
- Go to Agents > Agent Management.
- Go to the Agents tree > Settings > Additional service settings.
- Enable Unauthorized Change Prevention Service.
- Click Save.
- Enable Web Reputation (tmproxy.exe) to monitor the file download and the agent will save the records in C:\Program Files\Trend Micro\OfficeScan client\EventsDB.
- Go to Agents > Agent Management.
- Go to the Agents tree > Settings > Web Reputation Settings.
- Enable Web Reputation policy.
- Click Save.
- The OfficeScan agent should be able to connect to the internet.
The OfficeScan agent will check the prevalence value in the Trend Micro Census Server. A value greater than 10 means that the program is popular and the message will not be displayed.
Enabling Meerkat on desktop platform
- Go to Agents > Global Agent Settings.
- Under Behavior Monitoring Settings, select Prompt users before executing newly encountered programs downloaded through HTTP or email application.
- Click Save.
Enabling Meerkat on server platform
By default, you cannot activate the Meerkat feature on the server platform using the console.
To activate this feature on the server:
- In the OfficeScan installation directory, go to the \PCCSRV folder and open the ofcscan.ini file.
- Manually add the following registry key under [Global Setting]:
EnableMeerkatServerDetection=1
- Save the changes and close the file.
- Open the OfficeScan server console.
- Go to the Agents > Global Agent Settings.
- Click Save to deploy the setting to all agents.
- Open the OfficeScan agent registry which is the Windows server platform. Windows server platform will create the key “EnableMeerkatServerDetection=1” under: HKEY_LOCAL_MACHINE\SOFTWARE\{Wow6432Node}\TrendMicro\PC- cillinNTCorp\CurrentVersion\Misc.
Meerkat is now enabled successfully.