Vulnerability Scanner

Use Vulnerability Scanner to detect installed antivirus solutions and to search for unprotected computers on your network. To determine if computers are protected, Vulnerability Scanner pings ports that are normally used by antivirus solutions.

Vulnerability Scanner can perform the following functions:

§  Ping computers on your network to check their status and retrieve their computer names, platform versions, and descriptions

§  Determine the antivirus solutions installed on the network. It can detect Trend Micro products (including, OfficeScan, ServerProtect for Windows NT and Linux, ScanMail for Microsoft Exchange, InterScan Messaging Security Suite, and PortalProtect) and third-party antivirus solutions (including, Norton AntiVirus Corporate Edition v7.5 and v7.6 and McAfee VirusScan ePolicy Orchestrator).

§  Display the server name and the version of the pattern file, scan engine and program for OfficeScan and ServerProtect for Windows NT

§  Send scan results via email

§  Run in silent mode (command prompt mode)

You can also automate Vulnerability Scanner by creating scheduled tasks. For information on how to automate Vulnerability Scanner, see To create scheduled tasks.

You can run Vulnerability Scanner on the server or on any Windows NT/2000 computer on the network. To run Vulnerability Scanner on a computer other than the server, copy the TMVS folder from the \PCCSRV\Admin\Utility folder of the server to the computer.

Warning

You cannot run Vulnerability Scanner on computers running Windows XP/Me/98/95.

To run Vulnerability Scanner

1.  Open the TMVS folder and double-click TMVS.exe. The Vulnerability Scanner console appears.

2.  Click Settings. The Settings screen appears.

3.  Under Product Query, select the products that you want to check for on your network. To prevent false alarms, Trend Micro recommends selecting all check boxes.

For example, if you have ServerProtect installed on a server but did not select the ServerProtect (NT/Linux) check box, Vulnerability Scanner will report that your server is unprotected.

If you have Trend Micro InterScan and Norton AntiVirus Corporate Edition installed on your network, click Settings next to the product name to verify that the port number that Vulnerability Scanner will check.

4.  Under Description Retrieval Settings, click the retrieval method that you want to use. Normal retrieval is more accurate, but it takes longer to complete.

If you click Normal retrieval, you can set Vulnerability Scanner to try to retrieve computer descriptions, if available, by selecting the Retrieve computer descriptions when available check box.

5.  If you want to automatically send the results to yourself or to other administrators in your organization, select the Email results to the system administrator check box under Alert Settings. Then, click Configure to specify your email settings.

§  In To, type the email address of the recipient.

§  In From, type your email address. This will let the recipient know who sent the message, if you are not only sending it to yourself.

§  In SMTP server, type the address of your SMTP server. For example, you can type smtp.company.com. The SMTP server information is required.

§  In Subject, type a new subject for the message or accept the default subject.

Click OK to save your settings.

6.  To display an alert on unprotected computers, click the Display alert on unprotected computers check box. Then, click Customize to set the alert message. The Alert Message screen appears. You can type a new alert message or accept the default message. Click OK.

7.  To save the results as a comma-separated value (CSV) data files, select the Automatically save the results to a CSV file check box. By default, CSV data files are saved to the TMVS folder. If you want to change the default CSV folder, click Browse. The Browse for folder screen appears.

Browse for a target folder on your computer or on the network and then click OK.

8.  Under Ping Settings, specify how Vulnerability Scanner will send packets to the computers and wait for replies. Accept the default settings or type new values in the Packet size and Timeout text boxes.

9.  Click OK to save your settings. The Vulnerability Scanner console appears.

10.  In IP Range to Check, type the IP address range that you want to check for installed antivirus solutions and unprotected computers. Note the Vulnerability Scanner only supports class B IP addresses.

11.  Click Start to begin checking the computers on your network. The results are displayed in the Results table.

Note

You can also run Vulnerability Scanner at the command prompt. For more information, see the Vulnerability Scanner online help.

To create scheduled tasks

1.  Under Scheduled Tasks, click Add/Edit. The Scheduled Task screen appears.

2.  Under Task Name, type a name for the task you are creating.

3.  Under IP Address Range, type the IP address range that you want to check for installed antivirus solutions and unprotected computers.

4.  Under Task Schedule, click a frequency for the task you are creating. You can set the task to run Daily, Weekly, or Monthly.

If you click Weekly, you must select a day from the list.

If you click Monthly, you must select a date from the list.

5.  In the Start time spin boxes, type or select the time when the task will run. Use the 24-hour clock format.

6.  Under Settings, click Use current settings if you want to use your existing settings, or click Modify settings.

If you click Modify settings, click Settings to change the configuration. For information on how to configure your settings, see steps 3 to 9 in To run Vulnerability Scanner.

7.  Click OK to save your settings. The task you have created appears under Scheduled Tasks.

Other settings

There are five other settings that can only be configured by modifying TMVS.ini. These are:

§  Debug - enable or disable the debug log

§  EchoNum - set the number of computers that Vulnerability Scanner will simultaneously ping

§  ThreadNumManual - set the number of computers that Vulnerability Scanner will simultaneously check for antivirus software

§  ThreadNumSchedule - set the number of computers that Vulnerability Scanner will simultaneously check for antivirus software when running scheduled tasks

§  ThreadNumSilent - set the number of computers that Vulnerability Scanner will simultaneously check for antivirus software when running the tool at the command prompt

To modify these settings

1.  Open the TMVS folder and look for TMVS.ini.

2.  Open TMVS.ini using Notepad or any text editor.

3.  To enable the debug log, change the value from Debug=0 to Debug=1.

4.  To set the number of computers that Vulnerability Scanner will simultaneously ping, change the value for EchoNum. Specify a value between 1 and 64.

For example, type EchoNum=60 if you want Vulnerability Scanner to ping 60 computers at the same time.

5.  To set the number of computer that Vulnerability Scanner will simultaneously check for antivirus software, change the value for ThreadNumManual. Specify a value between 8 and 64.

For example, type ThreadNumManual=60 if you want Vulnerability Scanner to check 60 computers for antivirus software at the same time.

6.  To set the number of computers that Vulnerability Scanner will simultaneously check for antivirus software when running scheduled tasks, change the value for ThreadNumSchedule. Specify a value between 8 and 64.

For example, type ThreadNumSchedule=60 if you want Vulnerability Scanner to check 60 computers for antivirus software at the same time whenever it runs a scheduled task.

7.  To set the number of computers that Vulnerability Scanner will simultaneously check for antivirus software when running the tool at the command prompt, change the value for ThreadNumSilent. Specify a value between 8 and 64.

For example, type ThreadNumSilent=60 if you want Vulnerability Scanner to check 60 computers for antivirus software at the same time whenever you run it at the command prompt.

8.  Save TMVS.ini.