Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using Security Compliance to query endpoints and install the OfficeScan/Apex One agent

    • Updated:
    • 21 Jun 2019
    • Product/Version:
    • Apex One 2019.All
    • Apex One All.All
    • OfficeScan XG.All
    • Platform:
    • Windows 10
    • Windows 2003 32-Bit
    • Windows 2003 64-Bit
    • Windows 2008 32-Bit
    • Windows 2008 64-Bit
    • Windows 2012
    • Windows 2012 Server R2
    • Windows 2016
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
Summary

Security Compliance can query unmanaged endpoints in the network to which the OfficeScan/Apex One server belongs. You can use Active Directory and IP addresses to query endpoints and install the OfficeScan/Apex One agent.

Details
Public

To synchronize the Active Directory in the OfficeScan/Apex One server:

  1. Go to Administration > Active Directory > Active Directory Integration.

    Security Compliance Installation

  2. Under Active Directory Domains, specify the Active Directory domain name.

    Security Compliance Installation

  3. Specify credentials that the OfficeScan/Apex One server will use when synchronizing data with the specified Active Directory domain.

    The credentials are required if the server is not part of the domain. Otherwise, the credentials are optional. Be sure that these credentials do not expire or the server will not be able to synchronize data.

    1. Click Specify Domain Credentials.
    2. In the popup window that opens, type the username and password.

      The username can be specified using any of the following formats:

      • domain\username
      • username@domain

      Security Compliance Installation

    3. Click Save.
  4. Click the + button to add more domains.

    If necessary, specify domain credentials for any of the added domains.

  5. Click the + button to delete domains.
  6. Specify encryption settings if you specified domain credentials.

    As a security measure, OfficeScan/Apex One encrypts the domain credentials you specified before saving them to the database. When OfficeScan/Apex One synchronizes data with any of the specified domains, it will use an encryption key to decrypt the domain credentials.

    1. Go to the Encryption Settings for Domain Credentials section.
    2. Type an encryption key that does not exceed 128 characters.
    3. Specify a file to which to save the encryption key.

      You can choose a popular file format, such as .txt. Type the file's full path and name, such as C:\AD_Encryption\EncryptionKey.txt.

     
    If the file is removed or the file path changes, OfficeScan/Apex One will not be able to synchronize data with all of the specified domains.

    Security Compliance Installation

  7. Click one of the following:
    • Save: Save the settings only. Because synchronizing data may strain network resources, you can choose to save the settings only and synchronize at a later time, such as during non-critical business hours.
    • Save and Synchronize: Save the settings and synchronize data with the Active Directory domains.
  1. Log in to the OfficeScan/Apex One web console.
  2. Go to Assessment > Unmanaged Endpoints.

    Security Compliance Installation

  3. Under Unamanged Endpoints, click Define Scope.

    Security Compliance Installation

  4. In the Define Scope page, either choose to search for endpoint via Active Directory or IP address:
    • Via Active Directory:
      1. Go to the Active Directory Scope section.
      2. Select "Use on-demand assessment to perform real-time queries and get more accurate results".

        Disabling this option causes OfficeScan/Apex One to query the database instead of each OfficeScan/Apex One agent. Querying only the database can be quicker but is less accurate.

        Security Compliance Installation

      3. Select the objects to query.

        If querying for the first time, select an object with less than 1,000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.

    • To define an IP address scope:
      1. Go to the IP Address Scope section.
      2. Select Enable IP Address Scope.
  5. Specify an IP address range and click the plus (+) or minus (-) button to add or delete IP address ranges:
    • For a pure IPv4 OfficeScan/Apex One server, type an IPv4 address range.
    • For a pure IPv6 OfficeScan/Apex One server, type an IPv6 prefix and length.
    • For a dual-stack OfficeScan/Apex One server, type an IPv4 address range and/or IPv6 prefix and length.

      The IPv6 address range limit is 16 bits, which is similar to the limit for IPv4 address ranges. The prefix length should therefore be between 112 and 128.

    Security Compliance Installation

  6. Under Advanced Setting, specify ports used by OfficeScan/Apex One servers to communicate with agents. Setup randomly generates the port number during OfficeScan/Apex One server installation.

    Security Compliance Installation

    To view the communication port used by the OfficeScan/Apex One server, go to Agents > Agent Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.

    1. Click Specify ports.

      Security Compliance Installation

    2. Type the port number and click Add. Repeat this step until you have all the port numbers you want to add.

      Security Compliance Installation

    3. Click Save.
  7. To check the endpoints connectivity using a particular port number, select "Declare an endpoint unreachable by checking port <x>".
    • When connection is not established, OfficeScan/Apex One immediately treats the endpoint as unreachable. The default port number is 135. Enabling this setting speeds up the query.
    • When connection to endpoints cannot be established, the OfficeScan/Apex One server no longer needs to perform all the other connection verification tasks before treating endpoints as unreachable.
  8. To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only.

    The Outside Server Management screen displays the result of the query.

    Security Compliance Installation

  9. Choose the endpoint where you want to install the OfficeScan/Apex One agent and click Install.

    Security Compliance Installation

  10. Enter a domain administrator credential and click Log on.

    Security Compliance Installation

  11. Wait for the installation to be finished.

    Security Compliance Installation

  12. Once the OfficeScan/Apex One agent is installed, you will get a pop up like this:

    Security Compliance Installation

Premium
Internal
Rating:
Category:
Configure; Install
Solution Id:
1122146
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.