Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Best Practice Guide in Protecting your Endpoints from Threats using Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 5 Nov 2019
    • Product/Version:
    • Worry-Free Business Security Services 6.0
    • Worry-Free Business Security Services 6.0
    • Worry-Free Business Security Services 6.1
    • Worry-Free Business Security Services 6.1
    • Worry-Free Business Security Services 6.2
    • Worry-Free Business Security Services 6.6
    • Platform:
    • N/A N/A
Summary

In the past few years, there has been a drastic change in how threats are spreading in the digital world. Nowadays, there are numerous vector points that attackers use in order to spread malicious software that has a purpose to either disrupt business or gain profit.

This article aims to aid Trend Micro customers configure their Trend Micro Worry-Free Business Security Services to protect them from advanced persistent threats that can harm their business.

Details
Public

Configure the following under Administration > Global Settings.

Security Settings tab

  1. Under General Scan, enable the following:

    • Enable deferred scanning on file operations
       
      Enabling this feature significantly improves performance, but may introduce a slight security risk.
       
    • Exclude the Microsoft Exchange Server 2003 folders
    • Exclude the Microsoft domain controller folders (Not applicable to manual and scheduled spyware/grayware scans)
    • Exclude Shadow Copy sections
    • Resume a missed scheduled scan at the same time next day
  2. Under Virus Scan, enable the following:
    • Configure Scan Settings for large compressed files (Keep the default settings for compressed files)
    • Clean compressed files
    • Scan up to ___ OLE layer(s) (Keep the default settings)
    • Add Manual Scan to the Windows shortcut menu on clients
  3. Under Spyware/Grayware Scan, enable the following:
    • Scan for cookies
    • Add cookie detections to the Spyware log
  4. Under Behavior Monitoring, enable the following:
    • Enable warning messages for low-risk changes or other monitored actions
    • Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded)
  5. Under HTTPS Web Threat Protection, enable the following:
    • Enable HTTPS checking for Web Reputation and URL Filtering on Chrome and Microsoft Edge
    • Display a notification above the Security Agent icon when an update to the feature requires users to restart Chrome

Approved/Blocked Settings tab

  1. Configure the following under Policies > Global Exceptions List.
  2. Make sure to only add URLs under Approved URLs that are verified as safe. If unsure if the website is safe, visit the Site Safety Center to check for the reputation of the website before adding it in the approved URLs list.

Agent Control tab

  1. Under Watchdog, tick the Enable the Security Agent Watchdog service service and keep the default agent status checking time interval.
  2. Under Uninstallation, make sure to select Require the end user to enter a password to uninstall the Security Agent..

    Require users to provide password

  3. Under Security Agent Exit/Unlock Password, enable the Require a password to exit the Security Agent or unlock advanced settings box to prevent end users from disabling the security agent in the workstations.

    Require a password

Under Security Agents > Manual Groups, select Server (Default) group and then configure policy.

Scan Method

The recommended scan method is Smart Scan, to lessen the bandwidth consumption, storage consumption, and network traffic.

Antivirus/Anti-spyware

  1. Select Configure Policy and go to Scan Settings.
  2. Under Real-Time Scan, click Configure Settings.
  3. Choose IntelliScan: uses "true file type" identification.
  4. Expand Advanced Settings and tick the following:

    • Enable IntelliTrap
    • Scan compressed files (keep the default value of two (2) Maximum Layers)

      Advanced Settings

     
    Enabling other settings may cause performance issues on the servers.
     

Web Reputation

  1. Toggle the slide to enable Web Reputation.
  2. Under Security Level, choose Medium, which is recommended for Web Reputation Service.
  3. Under Browser Exploit Prevention, enable Block pages containing malicious script.

    Web Reputation

URL Filtering

  1. Toggle the switch to enable URL Filtering.
  2. Set the Filter Strength to Medium.

    Set the Filter Strength

  3. For servers, tick All days (24x7) for Business Hours.

    Business Hours

Predictive Machine Learning

Enabling Predictive Machine Learning for Servers is not recommended especially for file servers as it may result in false positive detections specifically for internally developed application.

Predictive Machine Learning

Behavior Monitoring

  1. Toggle the switch to enable Behavior Monitoring.
  2. Configure Behavior Monitoring using the procedure in this article: Enabling ransomware protection for Worry-Free Business Security Services (WFBS-SVC).

Device Control

It is recommended to enable the Block the autorun function on USB storage devices option.

Device Control

Agent Privileges

  1. Navigate to Privileges and Other Settings > Other Settings > Security Agent Self-Protection.
  2. Enable Prevent users or other processes from modifying Trend Micro program files, registries and processes.

    Agent Privileges

Under Security Agents > Manual Groups, select Device (Default) group and then configure the policy.

Scan Method

The recommended scan method is Smart Scan, to lessen the bandwidth consumption, storage consumption, and network traffic.

Antivirus/Anti-spyware

  1. Select Configure Policy and go to Scan Settings.
  2. Under Real-Time Scan, click Configure Settings.
  3. Choose IntelliScan: uses "true file type" identification.
  4. Expand Advanced Settings and tick the following:

    • Enable IntelliTrap
    • Scan compressed files (keep the default value of two (2) Maximum Layers)

      Advanced Settings

       
      Enabling other settings may cause performance issues on the servers.
       

Web Reputation

  1. Toggle the switch to enable Web Reputation.
  2. Under Security Level, choose Medium, which is the recommended for Web Reputation Service.
  3. Under Browser Exploit Prevention, enable Block pages containing malicious script.

    Web Reputation

URL Filtering

  1. Toggle the switch to enable URL Filtering.
  2. Set the Filter Strength to Medium.

    Set filter strength

  3. For servers, tick All days (24x7) for Business Hours.

    Business Hours

Predictive Machine Learning

Enabling Predictive Machine Learning for Servers is not recommended especially for file servers as it may result in false positive detections specifically for internally developed application.

Predictive Machine Learning

Behavior Monitoring

    1. Toggle the slide to enable Behavior Monitoring.
    2. Configure Behavior Monitoring using the procedure in this article: Enabling ransomware protection for Worry-Free Business Security Services (WFBS-SVC).

 

Device Control

It is recommended to enable the Block the autorun function on USB storage devices option.

Device Control

Agent Privileges

  1. Navigate to Privileges and Other Settings > Other Settings > Security Agent Self-Protection.
  2. Enable Prevent users or other processes from modifying Trend Micro program files, registries and processes.

    Agent Privileges

Application Control

Enable Application to block applications/path that is restricted on each group that you create (i.e. per department on your department). For the complete procedure in configuring the Application Control, refer to this article: Configuring Application Control in Worry-Free Business Security Services (WFBS-SVC).

Currently, the known Microsoft vulnerability that attackers, specifically ransomware authors, are using is the MS17-010 vulnerability. Here are the update links from Microsoft to patch the said vulnerability:

For Windows OS users, Microsoft also provides Security Bulletin for documentation and download links for critical information such as patch availability, new vulnerabilities, and critical updates. You can find the lists of those vulnerabilities and updates on the following websites:

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1118857
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.