Перейти к содержанию

Recommended Posts

Сергей Ильин

The Intrusion Defense Firewall Plug-in is a separate firewall module for OfficeScan. Intrusion Defense Firewall can be deployed and managed via the web-based OfficeScan console, without requiring an update to the OfficeScan infrastructure.

The Intrusion Defense Firewall Plug-in provides advanced firewall and virtual patching capabilities for OfficeScan clients. IDF is based on a high performance deep packet inspection engine that monitors all incoming and outgoing traffic for protocol deviations, content that signals an attack, or policy violations. When necessary, the Intrusion Defense Firewall can neutralize the threat by blocking malicious traffic and protect endpoints from emerging threats and zero-day attacks.

New Features for IDF 1.5

· Increased scalability to 20,000 clients per single management server

· Single unified client tree for OfficeScan and IDF

· VDI-aware recommendation scans avoid resource contention in virtualized environments

Key Features:

· Blended approach

Ø Host-based stateful firewall with high performance deep packet inspection engine that examines all incoming and outgoing traffic for protocol deviations, content that signals an attack, or policy violations.

· Intrusion detection/prevention rules

Ø The Plug-in can operate in detection and prevention mode at the rule, host and profile level.

· Security updates

Ø Rules that shield newly discovered vulnerabilities are automatically delivered within hours by Trend Micro's ActiveUpdate service, and can be pushed out to thousands of hosts in minutes, without a system reboot.

· Logs, alerts and notifications

Ø Detailed logs provide information on who attacked, when they attacked and what they attempted to exploit.

· Detailed reporting

Ø Detailed reports document attempted attacks, and provide an auditable history of security configurations and changes.

· Recommendation scan

Ø Identifies applications running on hosts and recommends which IPS rules should be applied to the hosts, ensuring the correct protection is in place, with minimal effort.

· Risk ranking

Ø Security events can be viewed based on asset value as well as vulnerability information.

Additional Information:

· Requires OfficeScan management server and clients.

· At this time, the Intrusion Defense Firewall Plug-in does not support TMCM (Trend Micro Control Manager).

· The Intrusion Defense Firewall Plug-in is an additional, more advanced host-based firewall that can be deployed instead of the OfficeScan Personal Firewall. Trend Micro recommends disabling the OfficeScan Personal Firewall if the Intrusion Defense Firewall Plug-in is going to be deployed.

To disable the native OfficeScan Firewall perform the following:

· Login to the OfficeScan Server click Administration in the left panel. Click Product License and then in the Additional Services panel select the Disable button for Firewall for networked computers.

· At this time, Trend Micro does not support the concurrent use of both firewalls on an endpoint.

Подробности как всегда здесь https://www.trendbeta.com/pages/product_info/view/688

Поделиться сообщением

Ссылка на сообщение
Поделиться на другие сайты

  • Сообщения

    • Ego Dekker
      Антивирусы для macOS были обновлены до версии 6.10.600. В числе прочего добавлена поддержка Big Sur 11.1 и 11.2.
    • PR55.RP55
      Поле нужно заполнять. Можно заполнять с пометкой: I  >> The Qt Company Ltd.  <<    I    Пустое поле когда есть реальная\полезная информация ? Это не дело. От пустого поля польза = 0.    
    • PR55.RP55
      На V.T.   видимо опять что-то изменили. VTOK [] 1613 VTOK [] 1572 VTOK [] 1585 ----------        
    • santy
      цифровая подпись может не соответствовать производителю, так что не стоит добавлять недостоверную информацию о производителе вместо незаполненного поля. например: файл: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7Z.DLL цифровая: Действительна, подписано Malwarebytes Inc производитель: Igor Pavlov   или C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\QT5WINEXTRAS.DLL Действительна, подписано Malwarebytes Inc The Qt Company Ltd.  
    • PR55.RP55
      И ещё момент. В  папке с vtcache скапливается по несколько тысяч файлов... т.е. файлы старше 3 или ( ∞ ) дней не удаляются. Я так понимаю программа проверяет\заменяет только тот файл который проверяется сейчас. А другие файлы могут годами сохраняться. ( сейчас посмотрел есть файлы от 2018 года )