Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Simplified process for OfficeScan (OSCE) Suspicious Object (SO) list subscription

    • Updated:
    • 17 Oct 2016
    • Product/Version:
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Platform:
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Server R2
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Standard
    • Windows 2012 Standard R2
Summary

Suspicious Object (SO) subscription is a new feature that allows OfficeScan to obtain the SO list from Control Manager (TMCM). This feature is introduced in the following OfficeScan (OSCE) 11.0 releases:

  • OSCE 11.0 SP1 Critical Patch 4150 (for English customers)
  • OSCE 11.0 SP1 (for Non-English customers)
  • OSCE XG
Details
Public

With this enhancement, OfficeScan administrators will no longer need to input TMCM server information in the Suspicious Object List Settings page. After the OfficeScan server has been registered to the TMCM server, the TMCM server information under Suspicious Object List Settings page will be automatically populated within 10 minutes. OfficeScan administrator just need to click the Subscribe button to enable this feature.

The previous Suspicious Object List Settings page looks like this:

Old SO list subscription

After the enhancement, the Suspicious Object List Settings page is similar to the following:

Enhanced SO list

Administrators can also configure OfficeScan to directly obtain the SO list from Deep Discovery Analyzer (DDAn). After applying the patch release above, OfficeScan will still obtain the SO list from DDAn.

However, when the OfficeScan administrator clicks the Unsubscribe button under the Suspicious Object List Settings, the warning message below will appear, but it will require you to install TMCM and subscribe to SO via TMCM.

After you unsubscribe OfficeScan from Deep Discovery Analyzer, it is not possible to re-subscribe. OfficeScan must subscribe to Control Manager to synchronize suspicious objects.

Unsubscribing in SO list from DDAn

It is also possible to modify the frequency of SO update.
To change the SO-File and SO-IP update frequency:

  1. Modify the following parameters on ofcserver.ini file:

    [CCCA]
    CCCASOBLUpdateFrequency=6 (6 means minutely and 4 means hourly)
    CCCASOBLUpdateMinute=5 (minimum is 1 and maximum is 59)

  2. Restart the OfficeScan Master Service for the changes to take effect.

To change the SO-URL update frequency:

  1. On the LWCS/CCCAServer.ini file, set the value of the following parameter in minutes:

    UpdateSchedule = 5 (value in minutes; minimum is 1 and maximum is 60)

  2. Restart the LWCSService for the changes to take effect.

Suspicious Object (SO) list will be synchronized whenever an OfficeScan update is triggered, for example, OSCE agent initializes a manual update, or OSCE server notifies the agents.

Premium
Internal
Rating:
Category:
Update
Solution Id:
1112194
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.