Security Compliance can query unmanaged endpoints in the network to which the OfficeScan/Apex One server belongs. You can use Active Directory and IP addresses to query endpoints and install the OfficeScan/Apex One agent.
To synchronize the Active Directory in the OfficeScan/Apex One server:
- Go to Administration > Active Directory > Active Directory Integration.
- Under Active Directory Domains, specify the Active Directory domain name.
- Specify credentials that the OfficeScan/Apex One server will use when synchronizing data with the specified Active Directory domain.
The credentials are required if the server is not part of the domain. Otherwise, the credentials are optional. Be sure that these credentials do not expire or the server will not be able to synchronize data.
- Click the + button to add more domains.
If necessary, specify domain credentials for any of the added domains.
- Click the + button to delete domains.
- Specify encryption settings if you specified domain credentials.
As a security measure, OfficeScan/Apex One encrypts the domain credentials you specified before saving them to the database. When OfficeScan/Apex One synchronizes data with any of the specified domains, it will use an encryption key to decrypt the domain credentials.
If the file is removed or the file path changes, OfficeScan/Apex One will not be able to synchronize data with all of the specified domains.
- Go to the Encryption Settings for Domain Credentials section.
- Type an encryption key that does not exceed 128 characters.
- Specify a file to which to save the encryption key.
You can choose a popular file format, such as .txt. Type the file's full path and name, such as C:\AD_Encryption\EncryptionKey.txt.
- Click one of the following:
- Save: Save the settings only. Because synchronizing data may strain network resources, you can choose to save the settings only and synchronize at a later time, such as during non-critical business hours.
- Save and Synchronize: Save the settings and synchronize data with the Active Directory domains.
- Log in to the OfficeScan/Apex One web console.
- Go to Assessment > Unmanaged Endpoints.
- Under Unmanaged Endpoints, click Define Scope.
- In the Define Scope page, either choose to search for endpoint via Active Directory or IP address:
- Via Active Directory:
- Go to the Active Directory Scope section.
- Select "Use on-demand assessment to perform real-time queries and get more accurate results".
Disabling this option causes OfficeScan/Apex One to query the database instead of each OfficeScan/Apex One agent. Querying only the database can be quicker but is less accurate.
- Select the objects to query.
If querying for the first time, select an object with less than 1,000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.
- To define an IP address scope:
- Go to the IP Address Scope section.
- Select Enable IP Address Scope.
- Via Active Directory:
- Specify an IP address range and click the plus (+) or minus (-) button to add or delete IP address ranges:
- For a pure IPv4 OfficeScan/Apex One server, type an IPv4 address range.
- For a pure IPv6 OfficeScan/Apex One server, type an IPv6 prefix and length.
- For a dual-stack OfficeScan/Apex One server, type an IPv4 address range and/or IPv6 prefix and length.
The IPv6 address range limit is 16 bits, which is similar to the limit for IPv4 address ranges. The prefix length should therefore be between 112 and 128.
- Under Advanced Setting, specify ports used by OfficeScan/Apex One servers to communicate with agents. Setup randomly generates the port number during OfficeScan/Apex One server installation.
To view the communication port used by the OfficeScan/Apex One server, go to Agents > Agent Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.
- To check the endpoints connectivity using a particular port number, select "Declare an endpoint unreachable by checking port <x>".
- When connection is not established, OfficeScan/Apex One immediately treats the endpoint as unreachable. The default port number is 135. Enabling this setting speeds up the query.
- When connection to endpoints cannot be established, the OfficeScan/Apex One server no longer needs to perform all the other connection verification tasks before treating endpoints as unreachable.
- To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only.
The Outside Server Management screen displays the result of the query.
- Choose the endpoint where you want to install the OfficeScan/Apex One agent and click Install.
- Enter a domain administrator credential and click Log on.
- Wait for the installation to be finished.
- Once the OfficeScan/Apex One agent is installed, you will get a pop up like this:
The security status of unmanaged endpoints can be any of the following:
|Managed by another Apex One server||The Security Agents installed on the computers are managed by another Apex One server. Security Agents are online and run either this Apex One version or an earlier version.|
|No Security Agent installed||The Security Agent is not installed on the endpoint.|
|Unreachable||The Apex One server cannot connect to the endpoint and determine its security status.|
|Unresolved Active Directory assessment||The endpoint belongs to an Active Directory domain but the Apex One server is unable to determine its security status.
The Apex One server database contains a list of agents that the server manages. The server queries Active Directory for the computers' GUIDs and then compares them with GUIDs stored in the database. If a GUID is not in the database, the endpoint will fall under the Unresolved Active Directory Assessment category.
One possible reason why the endpoints might fall under the Unresolved Active Directory Assessment category is that the security agents are corrupted, not running or the installation folder is empty.
Kindly also check if port 135 is allowed on your network or firewall. Reference: Ports and protocols used by OfficeScan/Apex One that should be allowed through a firewall or router
For further assistance, please contact Trend Micro Technical Support.