Re: Frustrated with Trend CSM!

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Chester (chester_at_NOSPAMprosoundusa.com)
Date: 08/09/04 

Date: Mon, 9 Aug 2004 17:01:46 -0400

Top of the day to you! Thanks Merv!

Chester

"Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
news:Oml3B0kfEHA.3536@TK2MSFTNGP12.phx.gbl...
> And let's give Chester you instructions for installing and configuring
> Trend
> CSM...
>
> How to install Trend C/S/M for SMB
> http://msmvps.com/kwsupport/archive/2004/03/23/4153.aspx
>
> Configuring Exchange & Trend for spam/filtering
> http://msmvps.com/kwsupport/archive/2004/06/19/8543.aspx
>
> --
> Merv Porter [SBS MVP]
> ===================================
> "Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> wrote in message
> news:eoV5gvifEHA.236@tk2msftngp13.phx.gbl...
>> Chester,
>>
>> I suspect the Officescan (file space A/V) component may be scanning the
>> Exchange folder(s) and/or database. You must exclude them from
>> Officescan,
>> on the server.
>>
>> <snip>
>> 1. In the CSM console, click on the Clients view so you can see the
>> Officescan 'domain'. Your SBS will be listed there.
>> 2. Create a new Officescan 'domain', and move your SBS computer to the
>> new
>> domain. The original domain will be used for workstations.
>> 3. Click on your SBS computer icon, and set the client priveliges to your
>> liking.
>> 4. Click on Scan options | Real time Scan settings, and find the
> Exclusions
>> link.
>> 5. Put <drive> pagefile.sys in the lower 'file' exclusion list.
>> 6. Put <these are default locations> c:\Program files\exchsrvr, \trend,
>> \trend micro in the directory exclusion area. Note that if you have moved
>> your exchange data and or logs somewhere, be sure to exclude them. Note
> also
>> you can be more granular with your exclusions if you want - you don't
>> have
>> to exclude the entire directory. Another note - there is a tick box for
>> excluding Trend product directories, but I do it manually anyway. Yet
>> another note - On all screens make sure you APPLY the settings by
> scrolling
>> down to the bottom and clicking the button.
>>
>> What you've done with the two Officescan 'domains', is enabled different
>> settings for the server versus the clients. Now when you add client
>> machines, you can set the options on that domain (rather than each
>> workstation) so they apply to all workstations, but not the server.
> Sometime
>> <endsnip>
>>
>> --
>> Les Connor [SBS MVP]
>> -------------------------------------
>> SBS Rocks !
>>
>>
>>
>> "Chester" <chester@NOSPAMprosoundusa.com> wrote in message
>> news:ueffgnifEHA.2908@TK2MSFTNGP10.phx.gbl...
>> > Thanks Phil, Lanwench, and Merv,
>> >
>> > I did check the log, and what bothers me is there are several messages
>> like
>> > "Virus successfully detected, but infected file can neither be cleaned
> nor
>> > quarantined"
>> > and the other one that bugs me is "See scan result in compressed file :
>> > NTFS_5131bc4801c47be600000235.EML"
>> >
>> > The details show the virus name and things, but should I worry about
>> these?
>> > The log shows the path as being to the ..\Queue, but of course, they
>> > are
>> > gone from there now.
>> >
>> > Sorry if this all sounds elementary, I'm trying to get my head wrapped
>> > around the security issues here.
>> >
>> > Thanks for the help!
>> >
>> > Chester
>> > "Phil" <phil@phil.com> wrote in message
>> > news:O9IhSWifEHA.2812@tk2msftngp13.phx.gbl...
>> > > Chester,
>> > >
>> > > See reply inline
>> > >
>> > > Thanks,
>> > > Phil
>> > >
>> > > "Chester" <chester@NOSPAMprosoundusa.com> wrote in message
>> > > news:%23697P0$eEHA.3988@tk2msftngp13.phx.gbl...
>> > > > I have torn out my hair trying to understand how this program
>> > > > works.
> I
>> > > guess
>> > > > I've just missed the boat on this one.
>> > > >
>> > > > 1. Installed the program several months ago, and got it set to
>> > > > check
>> for
>> > > > updates hourly
>> > > > 2. Installed the clients at the same time, and everything came up
>> clean.
>> > > >
>> > > > Now, when I look at the console on the server, it keeps telling me
>> that
>> > > the
>> > > > server has 50 infected files, and that one of the clients has 1
>> infected
>> > > > file. So I use the "Damage Cleanup Service" on the server and on
>> > > > the
>> > > client,
>> > > > and NOTHING CHANGES!!! They DCS reports "no malware found" and when
> I
>> do
>> > a
>> > > > manual scan, it reports "No viruses found!" What is UP!?!?! Why
> can't
>> I
>> > > > grasp this!?!
>> > >
>> > > DCS only cleans up a computer that is actually infected. You need to
>> > check
>> > > the virus log for the clients/server that is infected and see what
>> action
>> > > has been taken. If they have been quarantined or deleted, then you
> have
>> > > nothing to worry about. The status (the PC on fire icon) is
> associated
>> > with
>> > > the number of viruses that the computer has encountered and does not
>> > > necessarily mean that the computer is currently infected. (That's why
>> you
>> > > need to check the virus logs) If you'd like to be able to track the
>> > number
>> > > of viruses and the source, etc. on the summary page, you need to
>> > > leave
>> > > everything as is. However if seeing the PC on fire icons are really
>> > > bothering you, you must view the status of the client and click
>> > > "Reset
>> > Virus
>> > > Count", or if there is more than one select the domain and click
> "Reset
>> > > Virus Count".
>> > >
>> > > >
>> > > > Any help from someone with Trend CSM would be VERY much
>> > > > appreciated.
>> > > >
>> > > > The reason I'm sure we have a virus is because we keep getting
>> > > > virus
>> > > > notifications in our email from the server saying it has removed an
>> > > > attachment. The strange thing is, those emails (which are being
> routed
>> > to
>> > > > the users Junk Mail folder) are now showing as coming from people
>> > > > we
>> > know
>> > > > and communicate with, but those people are not sending us email!
>> > > >
>> > >
>> > > Someone is spoofing their addresses. I had someone internally here
> get
>> > > spoofed and the email got sent to another user here which caused a
>> little
>> > > confusion for them. As long as the viruses are getting cleaned or
>> removed
>> > I
>> > > would not worry about it.
>> > >
>> > > > Thanks for your help!
>> > > > 3.
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>>
>>
>
>

Quantcast