Перейти к содержанию

Recommended Posts

Сергей Ильин

The Intrusion Defense Firewall Plug-in is a separate firewall module for OfficeScan. Intrusion Defense Firewall can be deployed and managed via the web-based OfficeScan console, without requiring an update to the OfficeScan infrastructure.

The Intrusion Defense Firewall Plug-in provides advanced firewall and virtual patching capabilities for OfficeScan clients. IDF is based on a high performance deep packet inspection engine that monitors all incoming and outgoing traffic for protocol deviations, content that signals an attack, or policy violations. When necessary, the Intrusion Defense Firewall can neutralize the threat by blocking malicious traffic and protect endpoints from emerging threats and zero-day attacks.

New Features for IDF 1.5

· Increased scalability to 20,000 clients per single management server

· Single unified client tree for OfficeScan and IDF

· VDI-aware recommendation scans avoid resource contention in virtualized environments

Key Features:

· Blended approach

Ø Host-based stateful firewall with high performance deep packet inspection engine that examines all incoming and outgoing traffic for protocol deviations, content that signals an attack, or policy violations.

· Intrusion detection/prevention rules

Ø The Plug-in can operate in detection and prevention mode at the rule, host and profile level.

· Security updates

Ø Rules that shield newly discovered vulnerabilities are automatically delivered within hours by Trend Micro's ActiveUpdate service, and can be pushed out to thousands of hosts in minutes, without a system reboot.

· Logs, alerts and notifications

Ø Detailed logs provide information on who attacked, when they attacked and what they attempted to exploit.

· Detailed reporting

Ø Detailed reports document attempted attacks, and provide an auditable history of security configurations and changes.

· Recommendation scan

Ø Identifies applications running on hosts and recommends which IPS rules should be applied to the hosts, ensuring the correct protection is in place, with minimal effort.

· Risk ranking

Ø Security events can be viewed based on asset value as well as vulnerability information.

Additional Information:

· Requires OfficeScan management server and clients.

· At this time, the Intrusion Defense Firewall Plug-in does not support TMCM (Trend Micro Control Manager).

· The Intrusion Defense Firewall Plug-in is an additional, more advanced host-based firewall that can be deployed instead of the OfficeScan Personal Firewall. Trend Micro recommends disabling the OfficeScan Personal Firewall if the Intrusion Defense Firewall Plug-in is going to be deployed.

To disable the native OfficeScan Firewall perform the following:

· Login to the OfficeScan Server click Administration in the left panel. Click Product License and then in the Additional Services panel select the Disable button for Firewall for networked computers.

· At this time, Trend Micro does not support the concurrent use of both firewalls on an endpoint.

Подробности как всегда здесь https://www.trendbeta.com/pages/product_info/view/688

Поделиться сообщением

Ссылка на сообщение
Поделиться на другие сайты

  • Сообщения

    • Vvvyg
    • akoK
      А обсуждение еще живое или форум по UVS переехал?
    • PR55.RP55
      Тема:  https://forum.esetnod32.ru/messages/forum3/topic16196/message111006/#message111006 Как видно применён твик: № 18 В итоге по логу FRST видим: HKLM\...\Policies\Explorer: [DisallowRun] 0
      HKLM\...\Policies\Explorer: [RestrictRun] 0
      HKU\S-1-5-19\...\Policies\Explorer: [DisallowRun] 0
      HKU\S-1-5-19\...\Policies\Explorer: [RestrictRun] 0
      HKU\S-1-5-20\...\Policies\Explorer: [DisallowRun] 0
      HKU\S-1-5-20\...\Policies\Explorer: [RestrictRun] 0
      HKU\S-1-5-21-1616146017-2463400075-1735324224-1000\...\Policies\Explorer: [DisallowRun] 0
      HKU\S-1-5-21-1616146017-2463400075-1735324224-1000\...\Policies\Explorer: [RestrictRun] 0
      HKU\S-1-5-18\...\Policies\Explorer: [DisallowRun] 0
      HKU\S-1-5-18\...\Policies\Explorer: [RestrictRun] 0 т.е. мало того, что от uVS   на данный момент БЕСПОЛЕЗЕН так ещё и создаются параметры которых  НЕ было изначально. т.е. мусор. uVS не проверяет - есть там, что, или нет. Просто вносит\добавляет свои записи. Почему uVS Бесполезен ? Достаточно посмотреть темы - на любом форуме. Антивирусы\сканеры, как правило, ещё до применения таких программ как: FRST; uVS и т.д. зачищают угрозы. Остаются внесённые в систему изменения: Правила\запреты; Папки\Каталоги; Сетевые Параметры и т.д. Какова роль uVS  ? 
    • PR55.RP55
      Пока форум не работал по ошибкам, предложениям, замечаниям публиковал здесь: https://forum.esetnod32.ru/forum8/topic15904/?PAGEN_1=5 ------------ ------------
      Образ в теме:  https://forum.esetnod32.ru/messages/forum6/topic16189/message110932/#message110932    
    • santy
      Форум открыт для доступа и комментариев и предложений. Можно продолжить по  работе с uVS здесь.