Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to sync Control Manager (TMCM) Suspicious Objects with InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 4 Apr 2019
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

On the Control Manager console, under Administration > Suspicious Objects > Virtual Analyzer Objects > [select the specific SO] > ViewDistribution, IWSVA is not showing on the TMCM Suspicious Objects (SO) Distribution list.

TMCM console no IWSVA

When you check the IWSVA console, in HTTP > Advanced Threat Protection > Custom Defense > Custom Defense Settings tab, it does not show the Enable TMCM SO sync option. Only the Enable DDAn Submission and SO Sync option is present.

IWSVA no Enable TMCM SO sync

Details
Public

To resolve the issue:

 
Make sure that you are using IWSVA Service Pack 2 Hot Fix Build 1721. Hot Fix Build 1721 is included in Patch 2 (Build 1765), Patch 3 (Build 1809), and Patch 4 (Build 1844).
  1. Log in to IWSVA using putty and edit /etc/iscan/intscan.ini.

    log in IWSVA

  2. Set "so_integration_enabled=1" under [dtas] section as shown below and then save.

    so_integration_enabled1

    so_integration_enabled2

  3. Refresh the IWSVA web console and the option Enable TMCM SO Sync should now be available.

    IWSVA with Enable TMCM SO sync

    When the note stating "Control Manager will provide the suspicious object list. If both Control Manager and Deep Discovery Analyzer have been enabled, the InterScan Web Security Virtual Appliance will prioritize Control Manager for retrieving the suspicious objects. The submission feature in Deep Discovery Analyzer will still work correctly." appears, click OK.

    On TMCM 7.0, IWSVA should now be included in the SO Distribution list.

    TMCM console with IWSVA

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1120239
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.