Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing Smart Scan from automatically switching to Conventional Scan in InterScan Web Security Virtual Appliance (IWSVA) 6.5

    • Updated:
    • 3 Dec 2018
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

When you use Smart Scan and InterScan Web Security Virtual Appliance (IWSVA) fails to connect to the Smart Scan server for three consecutive times, IWSVA automatically switches to Conventional Scan.

You want to know how to stop IWSVA from automatically changing the scan method from Smart Scan to Conventional Scan.

Details
Public

Smart Scan contacts the Global Smart Protection Server or the Local Smart Protection Server via HTTP if necessary to scan unknown threats. IWSVA checks whether it can access to the server every five minutes.

If the check fails for three consecutive times, IWSVA automatically changes the scan method into Conventional Scan. You must manually set Smart Scan again in Administration > IWSVA Configuration > Scan Method if necessary.

IWSVA uses the Global Smart Protection Server by default, which might cause a frequent switch to Conventional Scan when using IWSVA under unstable network circumstances.

The following are helpful methods to prevent the switch.

  • Implement Local Smart Protection Server

    Implement a Local Smart Protection Server (another Trend Micro product) along with IWSVA and select "Smart Scan with Local SPS" in Administration > IWSVA Configuration > Scan Method.

    This should prevent the switch because the Smart Scan's HTTP access is done within the local network.

    You can also set a secondary Local Smart Protection Server using "Enable Local SPS HA" option in Administration > IWSVA Configuration > Scan Method.

  • Disable the automatic failover to Conventional Scan

    IWSVA 6.5 Service Pack 2 (SP2) Patch 1 provides a feature where the automatic failover to Conventional Scan is disabled. To disable it, do the following after applying SP2 Patch 1.

    To disable the automatic failover:

    1. Log on to IWSVA as root via SSH (for example with a SSH shell such as PuTTy).
    2. Create a backup of /etc/iscan/intscan.ini:

      # cp /etc/iscan/intscan.ini /etc/iscan/intscan.ini.bak

    3. Use vi to edit the file /etc/iscan/intscan.ini.

      # vi /etc/iscan/intscan.ini

    4. Add the following line in [Scan-configuration] section:

      enable_auto_switch=0

    5. Save the file and quit.
    6. Run the following commands to reload FTP/HTTP scan service.

      # /etc/iscan/S99ISproxy stop
      # /etc/iscan/S99ISproxy start

The following is what happens when the Smart Scan server cannot be reached:

  • Displaying websites take a long time, until the connection timeout of the Smart Scan server.
  • As the malicious content information is not included in the CRC cache generated by the Smart scan query, the security level is temporarily decreased until the Smart Scan server comes back up online.
  • However, pattern file matching and CRC cache still work and cover malicious content detection.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1121672
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.