Deep Security 8.0 Implementation Guide

Trend Micro Confidential
Nondisclosure Agreement is required for non-Trend Micro employees to view this document

Deep Security 8.0
Implementation Guide

F Fe eb br ru ua ar ry y 2 2, , 2 20 01 12 2
A Al lw wi in n Y Yu u, , J Ji il ll l a ac ce ed da a a an nd d a a! !m mo oo od d A A" "m ma at t

2
Table of contents
PREFACE ......................................................................................................................................................6
1. PRODUCT INTRODUCTION .............................................................................................................7
1.1. DSM (Deep Securt! Mana"er# .................................................................................................................... $
1.1.1. Recommended System Requirements (Software) .......................................................................................... 7
1.1.2. Recommended System Requirements (Hardware) ......................................................................................... 8
1.%. Deep Securt! A"ent (DSA# ......................................................................................................................... &
1.2.1. Recommended System Requirements ............................................................................................................ 8
1.'. Deep Securt! Rela! (DSR# .......................................................................................................................... (
1.). Deep Securt! Notfer ................................................................................................................................ (
1.*. Deep Securt! +rtual Applance (DS+A# ..................................................................................................... 1,
1.5.1. Recommended System Requirements .......................................................................................................... 1
1.5.2. Hardware Requirements ............................................................................................................................... 11
1.5.3. !S"# $om%ati&i'ity (atri) ............................................................................................................................ 11
1.-. Database .................................................................................................................................................. 11
1.*.1. Recommended !ata&ase +n,ines ................................................................................................................. 11
%. PRE.DEP/O0MENT ASSESSMENT AND P/ANNIN1 ................................................................... 12
%.1. Un2erstan2n" t3e E4stn" En5ron6ent ................................................................................................... 1%
2.1.1. +)istin, -irewa'' So'ution ............................................................................................................................... 12
2.1.2. .%,radin, from !ee% Security 7.5 ................................................................................................................ 13
2.1.3. -res/ insta''ation of !ee% Security 8. .......................................................................................................... 14
%.%. Cons2eratons for Deep Securt! Mana"er Deplo!6ent ............................................................................. 1)
2.2.1. 0indows or 1inu) .......................................................................................................................................... 14
2.2.2. !edicated or (u'ti%'e !S(s ......................................................................................................................... 14
2.2.3. !ee% Security (ana,er 1ocation wit/ res%ect to t/e data&ase ................................................................... 15
2.2.4. Hi,/ #2ai'a&i'ity and !isaster Reco2ery ........................................................................................................ 1*
2.2.5. !ata&ase Si3in, .............................................................................................................................................. 17
2.2.*. (u'ti%'e !ata&ases !e%'oyment ................................................................................................................... 17
2.2.7. 4/ird 5arty 6nte,ration (S6+(7 Sys'o,) ........................................................................................................... 18
%.'. Re7ure2 Open Ports for Deep Securt! Co66uncaton ............................................................................. 1(
2.3.1. !ee% Security (ana,er ................................................................................................................................. 2
2.3.2. !ee% Security #,ent ...................................................................................................................................... 2
2.3.3. !ee% Security Re'ay ....................................................................................................................................... 2
2.3.4. !ata&ase $ommunication ............................................................................................................................. 2
2.3.1. "irtua' #%%'iance $ommunication ................................................................................................................. 21
2.3.2. Sys'o, $ommunication .................................................................................................................................. 21
3
%.). Net8or9 Co66uncaton .......................................................................................................................... %1
2.4.1. !8S Reso'ution .............................................................................................................................................. 21
2.4.2. 9i:directiona' ................................................................................................................................................. 21
2.4.3. (ana,er 6nitiated .......................................................................................................................................... 22
2.4.4. #,ent 6nitiated ............................................................................................................................................... 22
%.*. Date:T6e Mana"e6ent ........................................................................................................................... %%
2.5.1. 4ime Sync/roni3ation .................................................................................................................................... 22
%.-. Protecton 8t3 A"ents ............................................................................................................................. %%
2.*.1. Hardware Requirements $/ec;'ist ................................................................................................................ 22
2.*.2. Software Requirements $/ec;'ist ................................................................................................................. 23
2.*.3. 5roduct 1icense $/ec;'ist .............................................................................................................................. 23
2.*.4. #dministrati2e 5ri2i'e,e $/ec;'ist ................................................................................................................. 23
2.*.5. <uic; =2er2iew of Setu% 5rocess .................................................................................................................. 23
%.$. Protecton usn" A"entless for +rtual;e2 En5ron6ent ............................................................................. %)
2.7.1. Hardware Requirements $/ec;'ist ................................................................................................................ 24
2.7.2. Software Requirements $/ec;'ist ................................................................................................................. 24
2.7.3. 5roduct 1icense $/ec;'ist .............................................................................................................................. 25
2.7.4. #dministrati2e 5ri2i'e,e $/ec;'ist ................................................................................................................. 25
2.7.5. <uic; =2er2iew of Setu% 5rocess .................................................................................................................. 2*
%.&. Protecton n M4e2 En5ron6ent .............................................................................................................. %-
2.8.1. $oordinated #%%roac/ .................................................................................................................................. 2*
%.(. <o8 to Ma46;e Deep Securt! Protecton n !our Net8or9 ...................................................................... %$
2.9.1. <uantifyin, Hosts .......................................................................................................................................... 27
2.9.2. $'assifyin, Hosts ............................................................................................................................................ 28
2.9.3. <ua'ifyin, Hosts ............................................................................................................................................ 29
%.1,. /6tatons to Deplo!n" A"ent Soft8are ............................................................................................... ',
'. DEP/O0MENT P<ASE ................................................................................................................... 31
'.1. Installn" aroun2 an E4stn" Soluton ........................................................................................................ '1
3.1.1. 0indows -irewa'' .......................................................................................................................................... 31
3.1.2. =fficeScan -irewa'' ........................................................................................................................................ 31
'.%. Up"ra2e fro6 pre5ous 5erson of Deep Securt! Mana"er ......................................................................... '%
3.2.1. +)istin, !ata in t/e !ata&ase ........................................................................................................................ 33
3.2.2. .%,radin, t/e !ee% Security (ana,er ......................................................................................................... 33
3.2.2.1. 32:&it to *4:&it !ee% Security (ana,er .%,rade ..................................................................................... 33
3.2.2.2. 32:&it to 32:&it !ee% Security (ana,er .%,rade ..................................................................................... 33
3.2.3. .%,radin, #dditiona' !ee% Security (ana,er 8ode .................................................................................... 34
3.2.4. #ction 6tems in !ee% Security &efore .%,radin, "(ware 5roduct to 2S%/ere 2ersion 5. ......................... 34
3.2.5. <uic; =2er2iew of .%,radin, to "(ware 2S%/ere 5. ................................................................................. 35
'.'. Preparn" a +M8are En5ron6ent for A"entless Protecton ....................................................................... '-
3.3.1. Ser2er 5re%aration ........................................................................................................................................ 37
3.3.1.1. "(ware +S>i 5. Setu% (Host #) ............................................................................................................... 37
3.3.1.2. "(ware 2$enter 5. Setu% ....................................................................................................................... 37
3.3.1.3. "(ware 2S/ie'd (ana,er (2S() 5. Setu% ............................................................................................... 38
3.3.1.4. 5re%arin, ?uest =S for !ata&ase Ser2er ................................................................................................... 38
4
3.3.1.5. 5re%arin, ?uest =S for !ee% Security (ana,er ....................................................................................... 38
3.3.2. ?uest =S 5re%aration .................................................................................................................................... 38
3.3.2.1. +S> 5. Setu% (Host 9) ............................................................................................................................... 38
3.3.2.2. 5re%arin, ?uest =S for #,ent'ess 5rotection ............................................................................................ 39
'.). Installn" a Database Ser5er for Deep Securt! Mana"er ............................................................................. '(
'.*. Installn" Deep Securt! Mana"er (=n2o8s# ............................................................................................. ),
'.-. Installn" Deep Securt! Rela! .................................................................................................................... )1
'.$. A22tonal Conf"uraton for +M8are Inte"raton ...................................................................................... )1
3.7.1. "(ware 2S/ie'd +nd%oint !e%'oyment on +S> /osts ................................................................................... 41
3.7.2. #dd 2$enter into !ee% Security (ana,er 0e& $onso'e ............................................................................... 42
3.7.3. 6m%ortin, Software 5ac;a,es into !ee% Security (ana,er .......................................................................... 43
3.7.4. 5re%arin, +S> Hosts ....................................................................................................................................... 43
3.7.5. !e%'oyin, !ee% Security "irtua' #%%'iance ................................................................................................... 44
3.7.*. 6ncreasin, !ee% Security "irtua' #%%'iance (emory .................................................................................... 45
3.7.7. #cti2atin, !ee% Security "irtua' #%%'iance ................................................................................................... 45
3.7.8. #cti2atin, ?uest "irtua' (ac/ines ................................................................................................................ 4*
'.&. Installn" Deep Securt! A"ents ................................................................................................................. )-
3.8.1. 0indows ........................................................................................................................................................ 4*
3.8.1.1. #utomation usin, +)istin, !e%'oyment 4oo's ........................................................................................... 4*
3.8.1.2. 4/e need for doin, (anua' 6nsta''ation .................................................................................................... 4*
3.8.2. Red Hat 1inu) ................................................................................................................................................. 47
3.8.3. Sun So'aris 1 (wit/ .%date 4 or a&o2e) ....................................................................................................... 47
3.8.4. #6> ................................................................................................................................................................. 47
3.8.5. H5:.> ............................................................................................................................................................ 47
3.8.*. #ddin, t/e $om%uters to !ee% Security (ana,er........................................................................................ 48
3.8.7. #cti2atin, t/e $om%uters .............................................................................................................................. 48
'.(. Installn" Deep Securt! Notfer ................................................................................................................ )&
). POST INSTA//ATION CONFI1URATION AND RE+IE= .............................................................. 50
).1. Conf"urn" SMTP ser5er for E6al Notfcaton .......................................................................................... *,
).%. Create Roles an2 Users ............................................................................................................................. *,
).'. <ost 1roupn" .......................................................................................................................................... *,
4.3.1. 4y%e of =S and 4y%e of #%%'ication Ser2er ................................................................................................... 5
4.3.2. ?eo,ra%/ic 1ocations .................................................................................................................................... 51
4.3.3. 9andwidt/ of t/e 1in;s .................................................................................................................................. 51
).). Conf"ure Up2ates .................................................................................................................................... *1
4.4.1. $onfi,ure !ee% Security Re'ay ...................................................................................................................... 51
4.4.2. $onfi,ure #,ent .%dates 2ia Re'ay ............................................................................................................... 52
4.4.2.1. !ee% Security Re'ay and $om%onent .%dates in an #ir:?a%%ed +n2ironment ........................................ 53
).*. Appl!n" ser5ce pac9s:patc3es ................................................................................................................. *)
).-. Ot3er 6portant settn"s to cons2er ......................................................................................................... *)
4.*.1. 1o, Retention ................................................................................................................................................ 54
5
4.*.2. Recommendation Scans ................................................................................................................................ 55
4.*.3. 9ui'din, $ustomi3ed Security 5rofi'es7 Ru'es and $om%onents .................................................................... 55
*. APP/0 T<E >EST PRACTICES 1UIDE FOR DEEP SECURIT0 .................................................. *-

6
Preface
4rend (icro 6ncor%orated reser2es t/e ri,/t to ma;e c/an,es to t/is document and to t/e %roducts descri&ed
/erein wit/out notice. 9efore insta''in, and usin, t/e software7 %'ease re2iew t/e readme fi'e and t/e 'atest
2ersion of t/e a%%'ica&'e user documentation.
4/e 4rend (icro !ee% Security 28. 6m%'ementation ?uide %ro2ides t/e users wit/ t/e ;now'ed,e to
im%'ement t/e %roduct in a more effecti2e way. 4/e to%ics co2ered are t/e /i,/ 'e2e' %'annin, to de%'oy t/e
%roduct in an or,ani3ation@s infra structure7 as we'' as an in de%t/ 'oo; into t/e some confi,urations and
scenarios t/at require t/e effecti2e and successfu' im%'ementation of t/e %roduct.
6f detai'ed information is required wit/ re,ard to certain features or certain confi,urationa' %arameters t/en
%'ease refer to t/e !ee% Security 8. insta'' ,uide and !ee% Security 8. user ,uide. 4/ese ,uides can &e
down'oaded from t/e %roduct %a,e atA
/tt%ABBdown'oadcenter.trendmicro.comBinde).%/%Cre,sD8#9.Ec';D'atestEc';2a'D38E'an,F'ocD1
#t 4rend (icro7 we are a'ways see;in, to im%ro2e our documentation. 6f you /a2e questions7 comments7 or
su,,estions a&out t/is or any 4rend (icro documents7 %'ease contact your 4ec/nica' #ccount (ana,er.

7
1. Pro2uct Intro2ucton
4rend (icroG !ee% SecurityG 8. %ro2ides ad2anced %rotection for systems in t/e dynamic datacenter H from
2irtua' des;to%s to %/ysica'7 2irtua' or c'oud ser2ers. !ee% Security %ro2ides com%re/ensi2e %rotection7
inc'udin,A
#nti:(a'ware
0e& Re%utation
-irewa''
!56
6ntrusion !etection and 5re2ention (6!SB65S)
0e& #%%'ication 5rotection
#%%'ication $ontro' 6nte,rity (onitorin, 1o, 6ns%ection
!ee% Security consists of t/e fo''owin, set of com%onents t/at wor; to,et/er to %ro2ide %rotectionA
I !ee% Security (ana,er
!ee% Security #,ent
!ee% Security Re'ay
!ee% Security 8otifier
I !ee% Security "irtua' #%%'iance
I !ata&ase Ser2er
1.1. DSM (Deep Securt! Mana"er#
!ee% Security (ana,er (Jt/e (ana,erJ) is a %owerfu'7 centra'i3ed we&:&ased mana,ement system t/at
a''ows security administrators to create and mana,e com%re/ensi2e security %o'icies and trac; t/reats and
%re2enti2e actions ta;en in res%onse to t/em. !ee% Security (ana,er inte,rates wit/ different as%ects of t/e
datacenter inc'udin,A "(ware 2$enter7 (icrosoft #cti2e !irectory and /as a we& ser2ices #56 for inte,ration
wit/ datacenter automation en2ironments.
1.1.1. Reco66en2e2 S!ste6 Re7ure6ents (Soft8are#
Co6ponent Reco66en2e2
=%eratin, System (icrosoft 0indows Ser2er 28 (*4 &it recommended)
(icrosoft 0indows Ser2er 23 S52 (*4 &it recommended)
!ata&ases =rac'e 1,B11,
(icrosoft S<1 28

8
1.1.%. Reco66en2e2 S!ste6 Re7ure6ents (<ar28are#
R#( 8?9
!is; S%ace 5?9 recommended:must &e on an 84-S %artition
$5. *4 &it 6nte' >eon wit/ at 'east two 'o,ica' 3.) ?H3 $5.s or equi2a'ent
1.%. Deep Securt! A"ent (DSA#
4/e !ee% Security #,ent is a /i,/ %erformance7 sma'' foot%rint7 software com%onent t/at sits direct'y on a
com%uter to %ro2ide %rotection. 6t is res%onsi&'e for a'' %rotection functiona'ity on a /ost com%uter.
1.%.1. Reco66en2e2 S!ste6 Re7ure6ents
R#( 512 (9
!is; S%ace 1 (9 (2 (9 recommended7 %rimari'y for 'o,,in,)
0indows 0indows 7 (32 and *4 &it)7
0indows 28 (32 and *4 &it)7
0indows 28 R2 (*4 &it)7
0indows "ista (32 and *4 &it)7
0indows 23 S52 (32 and *4 &it)7
0indows >5 S53 (32 and *4 &it)
So'aris (4ier 2 Re'ease) So'aris 9 and 17 (*4:&it S%arc)7
So'aris 1 (*4:&it )8*)
1inu) (4ier 2 Re'ease) Red Hat 4 (32:&it and *4:&it)7
Red Hat 5 (32:&it and *4:&it)7
Red Hat * (32:&it and *4:&it)7
SuS+ 1 (32:&it and *4:&it)7
SuS+ 11 (32:&it and *4:&it)7
SuS+ 11 S51 (32:&it and *4:&it)
#6> (4ier 2 Re'ease) #6> 5.37 *.1
H5:.> 11i 23 (11.31)

9
I6portant t3n"s to 9no8A
4rend (icro endea2ors to %ro2ide !ee% Security #,ents for new 2ersions of eac/ %'atform as t/ey are
re'eased and may discontinue su%%ort for retired 2ersions.
0indows #,ents runnin, on 0indows >5 or 0indows 23 wi'' not function in an 652* en2ironment.
4/e #6> and H5:.> #,ents on'y su%%ort 6nte,rity (onitorin, and 1o, 6ns%ection. -or t/e 'atest
information7 consu't t/e 6nsta'' ?uide and t/e #,ent re'ease notes.
1.'. Deep Securt! Rela! (DSR#
4/e !ee% Security Re'ay is a modified 2ersion of t/e !ee% Security #,ent w/ic/ ,i2es it t/e a&i'ity to ser2e as
an u%date ser2er. 6t Kre'aysL u%dates from t/e 4rend (icro ,'o&a' #cti2e.%date Ser2er to !ee% Security
networ;s t/at t/ey ser2e. #t 'east one !ee% Security Re'ay is a'ways required to forward u%dates to t/e !ee%
Security (ana,er.
1.'.1. Reco66en2e2 S!ste6 Re7ure6ents
R#( 512 (9
!is; S%ace 1 (9 (2 (9 recommended7 %rimari'y for 'o,,in,)
0indows 0indows 7 (*4 &it)7
0indows 28BR2 (*4 &it)7
0indows 23 S52 (*4 &it)7
0indows >5 S53 (*4 &it)
1inu) Red Hat 5 (*4:&it)7
Red Hat * (*4:&it)

1.). Deep Securt! Notfer
4/e !ee% Security 8otifier is a uti'ity for %/ysica' or 2irtua' mac/ines on 0indows on'y7 and %ro2ides 'oca'
notifications of ma'ware detection.
1.).1. Reco66en2e2 S!ste6 Re7ure6ents
R#( 25* (9
!is; S%ace 1 (9
0indows 0indows 7 (32 and *4 &it)7
10
0indows 28 (32 and *4 &it)7
0indows 28 R2 (*4 &it)7
0indows 23 S52 (32 and *4 &it)7
0indows >5 S53 (32 and *4 &it)
1.*. Deep Securt! +rtual Applance (DS+A#
4/e !ee% Security "irtua' #%%'iance is a security 2irtua' mac/ine &ui't for "(0are 2S%/ere en2ironments. 6t
%rotects t/e ot/er 2irtua' mac/ines on t/e same +S> Ser2er7 eac/ wit/ its own indi2idua' security %o'icy7 %ro2idin,
#nti:(a'ware7 6!SB65S7 -irewa''7 0e& #%%'ication 5rotection and #%%'ication $ontro' %rotection.
1.*.1. Reco66en2e2 S!ste6 Re7ure6ents
"irtua'i3ation 5'atform >asc DS+A functonalt! (Fre8all an2 DPI#?
"(ware 2$enter 5 . (at 'east &ui'd 4559*4)
"(ware +S>i 5. (at 'east %atc/ &ui'd 474*1)
>asc an2 Ant.Mal8are functonalt!A
"(ware $enter 5. (at 'east &ui'd 4559*4)
"(ware +S>i 5. (at 'east %atc/ &ui'd 474*1)
2S/ie'd +nd%oint 5. (at 'east &ui'd 44715)
2S/ie'd (ana,er 5. (at 'east &ui'd 472791)
"(ware 4oo's 5. (at 'east &ui'd 44331)
NoteA
# 2irtua'i3ed +S> en2ironment (+S> runnin, as a "() is not su%%orted.
"(ware +nd%oint
5rotection su%%orted
,uest %'atforms
0indows "ista (32:&it)7
0indows 7 (32:&it)7
0indows >5 S52 and a&o2e (32:&it)7
0indows 23 S52 and a&o2e (32:&it7 *4:&it)7
0indows 28 (32:&it7 *4:&it).
(-or t/e 'atest 'ist of su%%orted ,uest %'atforms7 see your "(ware
documentation.)
Su%%orted 2Switc/ Standard 2Switc/ or 3rd %arty 2Switc/ H $isco 8e)us 12

11
1.*.%. <ar28are Re7ure6ents
(emory 2?9 (for u% to 1* "(s)7 4?9 (for 33:*4 "(s)
!is; S%ace 2?9
$5. *4 &it7 6nte':"4 %resent and ena&'ed in 96=S
1.*.'. DS+A Co6patblt! Matr4

5Sp3ere ).1
SP':5S3el2 ).1
5Sp3ere ).1
SP':5S3el2 *.,
5Sp3ere *.,
:5S3el2 *.,
5Sp3ere *.,
:5S3el2 ).1
DS+A &.,
#,ent'ess #" 8o 8oM Nes 8B#
-0B!56 8o 8oM Nes 8B#
#,ent'ess 6( 8o 8oM Nes 8B#
DS+A $.*
#,ent'ess #" Nes 8oM 8oM 8B#
-0B!56 Nes 8oM 8oM 8B#
@ Not supporte2 2ue to nco6patblt! for t3e D+Flter 6o2ule bet8een 5Sp3ere ).1 an2 *.,
1.-. Database
!ee% Security requires (icrosoft S<1 Ser2er or =rac'e !ata&ase to /ouse confi,uration settin,s and 'o,s. -or
en2ironments u% to 5 com%uters t/e free 2ersions of &ot/ (icrosoft S<1 Ser2er 28 +)%ress7 and =rac'e
data&ase 1, +)%ress +dition7 wit/ t/eir data&ase si3e 'imits of 4 ?97 are suita&'e. -or en2ironments more
t/an 5 com%uters we recommend usin, (icrosoft S<1 Ser2er 28 or =rac'e !ata&ase 1, or 11,. 4/is
o%tion a'so faci'itates t/e use of t/ird %arty data&ase too's for redundancy and disaster reco2ery7 etc.
Note? if you intend to use (icrosoft S<1 Ser2er or =rac'e !ata&ase 1, or 11,7 you must insta'' it and create a
data&ase &efore you insta'' !ee% Security (ana,er.
1.-.1. Reco66en2e2 Database En"nes
!ata&ase =rac'e 1, 7 =rac'e 11,
(icrosoft S<1 Ser2er 25 S53
(icrosoft S<1 Ser2er 28 S53
12
%. Pre.2eplo!6ent Assess6ent an2 Plannn"
%.1. Un2erstan2n" t3e E4stn" En5ron6ent
%.1.1. E4stn" Fre8all Soluton
A. Mcrosoft =n2o8s Fre8all
(icrosoft 0indows -irewa'' w/en ena&'ed &'oc;s a'' in&ound connections un'ess e)%'icit'y a''owed 2ia firewa''
e)ce%tion ru'es. 0indows firewa'' a''ows you to s%ecify %ort e)ce%tion and a'so %rocess e)ce%tion.
5ort +)ce%tion a''ows you to o%en 4$5 or .!5 %orts.
5rocess +)ce%tion a''ows you to s%ecify an e)ecuta&'e fi'e you want to e)c'ude. Nou must define t/e
fu'' %at/ to t/e e)ecuta&'e to e)c'ude t/e %rocess. =nce e)c'uded7 windows firewa'' automatica''y
enumerates a'' t/e %orts used &y t/e %rocess (e.,. +)c'udin, 6netinfo.e)e automatica''y e)c'udes
%orts created dynamica''y &y t/e %rocessA 147 1437 144 and etc)
$ustomers w/o /a2e im%'emented 0indows -irewa'' on a wide sca'e usua''y confi,ured 0indows -irewa'' 2ia
?rou% 5o'icy =&Oect (?5=). 8orma''y if it is ena&'ed 2ia t/e domain 'e2e'7 administrators for&id users to
disa&'e t/e 0indows -irewa'' and /a2e a standard set of e)c'usions. 6n addition t/ey may a''ow users to add
custom %ort and %rocess e)c'usions on t/eir own 'oca''y.
0e recommend o&tainin, t/e fo''owin, information a&out 0indows -irewa'' &efore we decide /ow we want
to de%'oy !ee% Security #,ent.
1. 6s 0indows -irewa'' ena&'ed 2ia ?5=C
2. 0/at are t/e %orts and %rocesses e)c'uded in t/e ?5=C
3. #re users a''owed to add t/eir own custom %ort or %rocess e)ce%tionC
0e can c/ec; 2ia t/e ?5= in Act5e Drector! Users an2 Co6puters OU Propertes 1roup Polc! Tab
Co6puter Conf"uraton A26nstrat5e Te6plates Net8or9 Net8or9 Connectons PP =n2o8s
Fre8all
0e can a'so c/ec; 'oca''y on a mac/ine wit/ 0indows -irewa'' ena&'ed7 we can see if it is a !omain 5rofi'e
and w/at t/e %orts e)c'uded &y runnin, t/e fo''owin, commandA
C:\netsh <enter>
netsh>firewall <enter>
netsh firewall>show state <enter>
Sam%'e information dis%'ayed is as fo''owsA
Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
13
-------------------------------------------------------------------
21112 TCP Any (null)
$o''ect t/e information /ere and create a !ee% Security #,ent de%'oyment %'an t/at matc/es t/e settin,s
current'y %ro2ided &y 0indows -irewa''.
>. Tren2 Mcro OffceScan Fre8all
=fficeScan su%%orts 3 ty%es of firewa'' security 'e2e' (Hi,/7 (edium and 1ow)
Hi,/ (9'oc; a'' in&oundBout&ound traffic)
(edium (9'oc; in&ound traffic7 a''ow out&ound traffic)
1ow (#''ow a'' in&oundBout&ound traffic)
6t is im%ortant we ta;e note of t/e ty%e of security 'e2e' used &y =fficeScan. 4/e security 'e2e' wi'' define /ow
you confi,ure e)ce%tions to eit/er a''ow or dro% networ; traffic.
6n addition to t/e security 'e2e'7 we need to ta;e note of t/e e)ce%tion ru'es enumerated. (atc/in, t/e
e)ce%tions wit/ t/e Security 1e2e' defines /ow =fficeScan firewa'' %rotects t/e mac/ine. -or instance you
/a2e set K(ediumL Security 1e2e' and a''ow incomin, 4$5 %orts 8 and 4437 t/is %o'icy trans'ates to
=fficeScan a''owin, incomin, H445 (8) and SS1 (443) traffic and &'oc;in, a'' ot/er incomin, traffic and
a''owin, a'' out,oin, traffic.
4/e easiest way to 2iew t/e =fficeScan firewa'' %o'icy is 2ia t/e =fficeScan 0e& $onso'e. 0e can a'so 2iew
t/e =fficeScan firewa'' %o'icy on t/e =fficeScan $'ient mac/ine 2ia t/e c'ient conso'e7 e)ecutin, t/is command
Ktm%fw dum%L a'so e)%orts t/e firewa'' %o'icy to a fi'e ca''ed Q5fw!um%.t)t 'ocated under t/e =fficeScan
$'ient directory.
%.1.%. Up"ra2n" fro6 Deep Securt! $.*
6n u%,radin, from !ee% Security 7.57 !ee% Security (ana,er must &e u%,raded first. 6f a %re2ious 2ersion of
!ee% Security (ana,er is insta''ed on your system7 you are ,i2en t/e o%tion to 1.) .%,rade t/e e)istin,
insta''ation7 or to 2.) =2erwrite t/e e)istin, insta''ation. .%,radin, t/e insta''ation wi'' u%,rade t/e !ee%
Security (ana,er to t/e 'atest 2ersion &ut wi'' not o2erwrite your Security 5rofi'es7 !56 Ru'es7 -irewa'' Ru'es7
#%%'ication 4y%es. 6t a'so wi'' not c/an,e any of t/e current security settin,s a%%'ied to com%uters on your
networ;. =2erwritin, t/e e)istin, insta''ation wi'' erase a'' data associated wit/ t/e %re2ious insta''ation
and t/en insta'' t/e 'atest fi'ters7 ru'es7 %rofi'es7 etc.
!ata&ase &ac;u% s/ou'd a'so &e %erformed for disaster reco2ery %ur%oses. #side from t/e data&ase7
R6nsta''ation -o'derPS!ee% Security (ana,erSwe& c'ientSwe&a%%sSR==4S0+9:68-Sdsm.%ro%erties fi'e
s/ou'd a'so &e &ac;ed u%. !urin, u%,rades7 note t/at for 'ar,e data&ases7 sc/ema modification can ta;e
si,nificant amounts of time (8T /ours) so &e sure to a''ocate enou,/ time &efore /and.
Nou cannot u%,rade t/e !ee% Security (ana,er runnin, on 32:&it 2ersion on a *4:&it mac/ine to *4:&it
2ersion. 6f an u%,rade from 32:&it 2ersion to *4:&it 2ersion wi'' &e made7 %'ease refer to t/e !e%'oyment
5/ase section for t/e ste%s.

NoteA +2en if you /a2e %erformed a new insta''ation7 e)istin, security %rofi'es a%%'ied on !ee% Security
#,ents wi'' not &e affected7 unti' you use !ee% Security (ana,er to u%date t/e a,ents. 4o u%date #,ents
usin, a fres/ new insta''ation of t/e !ee% Security (ana,er7 you wi'' &e required to de:acti2ate and re:
acti2ate t/e #,ents to force a,ents to communicate wit/ t/e new !ee% Security (ana,er.
Tp? !ee% Security (ana,er can a'ways mana,e a,ent 1 maOor 2ersion &ac; (i.e. !S( 8. can mana,e
!S#B!S"# 7.7 7.57 8.)

14
6n !ee% Security 8.7 t/ere are c/an,es to t/e system requirements for a de%'oyin, t/e !ee% Security
"irtua' #%%'iance in a 2S%/ere en2ironment. Please refer to section 3.2 of this guide for more details.
%.1.'. Fres3 nstallaton of Deep Securt! &.,
4/ere are no s%ecia' considerations in t/e case of fres/ insta''7 as far as data is concerned7 since t/ere is
no e)istin, data. 4/e %oints to ;ee% in mind areA
How many !ee% Security (ana,ers need to &e insta''ed in t/e en2ironment
0/ere t/e !ee% Security "irtua' #%%'iance wi'' &e insta''ed.
0/ere to %'ace t/ese !ee% Security (ana,ers wit/ re,ards to t/e data&ase ser2ers and num&er
of a,ents t/ey wi'' &e /and'in,
.se of e)istin, de%'oyment too's to insta'' t/e !ee% Security #,ent software on t/e end %oints
6s t/ere any need of usin, more t/an one data&aseC
%.%. Cons2eratons for Deep Securt! Mana"er Deplo!6ent
%.%.1. =n2o8s or /nu4
4/ere is no si,nificant difference &etween t/e 0indows &ased !S( and t/e 1inu) &ased !S(. 4/e on'y
t/in, to consider in c/oosin, w/ic/ %'atform to use is t/e en2ironment and %reference. 6f you run a %ure
1inu) ser2er en2ironment and /a2e an =rac'e ser2er readi'y a2ai'a&'e7 c/oose to insta'' !S( in 1inu) to
a2oid settin, u% a se%arate 0indows &o) and (S S<1 Oust to /ouse !ee% Security. 6t is not recommended
to run a 1inu) &ased !S( t/at %oints to an (S S<1 ser2er.

1i;ewise7 if you a'ready /a2e a 0indows ser2er a2ai'a&'e7 t/en t/ere is no need to switc/ o2er to 1inu).
Su%%ort for 1inu) /as &een added to %ro2ide customers more o%tions and t/e f'e)i&i'ity to c/oose w/ic/
system t/ey %refer.
%.%.%. De2cate2 or Multple DSMs
!ee% Security (ana,er can &e run as mu'ti%'e nodes o%eratin, in %ara''e' usin, a sin,'e data&ase. Runnin,
t/e (ana,er as mu'ti%'e nodes %ro2ides increased re'ia&i'ity7 redundant a2ai'a&i'ity7 2irtua''y un'imited
sca'a&i'ity7 and &etter %erformance.

+ac/ node is ca%a&'e of a'' tas;s and no node is more im%ortant t/an any of t/e ot/ers. .sers can 'o, in to any
node to carry out t/eir tas;s. 4/e fai'ure of any node cannot 'ead to any tas;s not &ein, carried out. 4/e
fai'ure of any node cannot 'ead to t/e 'oss of any data. 6f one !S( is &usy7 or fai's7 t/en t/e rest of t/e
networ; can fai' o2er to t/e second. 4/erefore7 w/ene2er %ossi&'e7 /a2in, more t/an one node is ad2isa&'e.
4/e !S# randomi3es t/e !S( 'ist wit/ eac/ /eart&eat7 t/ere&y constant'y c/an,in, t/e !S( to w/ic/ it
connects. 4/is is desi,ned to s%read a %articu'ar !S#@s communication 'oad across t/e different nodes.

+ac/ node must &e runnin, t/e same 2ersion of t/e (ana,er software. -or networ;s wit/ u% to 27
a,entsBa%%'iances7 /a2in, at 'east two !S( nodes is ad2isa&'e7 &ut not required for sca'a&i'ity. #&o2e 277
/a2in, at 'east two nodes is recommended. .se t/e fo''owin, ru'e:of:t/um& formu'a for decidin, w/en it is
necessary to add anot/er node.

8um&er of nodes D 8um&er of de2ices B 57 T 1

15
A of
Mana"ers
Arc3tecture :
Me6or!
Ma4 Mana"e2
Instances
/e5el of +al2aton
1 !S( *4:&it 8? R#( 1:27 -u''y 4ested
2 !S(s *4:&it 8? R#( 27:57 ?.6 4ested7 5roOected
#cce%ta&'e 5erformance and
Resource .sa,e
3 !S(s *4:&it 8? R#( 57:17

9ased on actua' fie'd e)%erience7 administrators s/ou'd not ,o &eyond t/ree nodes. ?oin, &eyond t/is
recommended 'imit wi'' resu't in system insta&i'ity.

Deep
Security
Agent
Deep Security
Manager
(Primary)
Deep Security
Manager
(Secondary)
Connection
failure. Switch
to 2
nd
DSM
DSM
database

NoteA 4/e mu'ti:node !S( setu% is 8=4 meant to address ,eo,ra%/ic dis%ersion. #s suc/7 in eac/ %/ysica'
'ocation7 !S( nodes and t/e data&ase s/ou'd a'ways &e in t/e same networ; se,ment. (i.e. no !S(1B!9 in
1ondon wit/ !S(2 in 5aris connected 2ia 0#8).
%.%.'. Deep Securt! Mana"er /ocaton 8t3 respect to t3e
2atabase
!S( re'ies /ea2i'y on t/e data&ase to function. #ny increase in 'atency can /a2e a series ne,ati2e im%act
on !S( %erformance and a2ai'a&i'ity. 0/ic/ &rin,s us to discuss t/e most im%ortant consideration in
%'annin, your !ee% Security en2ironment7 w/ere to insta'' t/e data&aseC 6t is ,ood to note t/at t/e
data&ase and t/e !ee% Security (ana,er must &e co:'ocated on t/e same networ; wit/ a 1?9 1#8
connection to ensure un/indered communication &etween t/e two. # 2ms 'atency (%in, time of 'ess t/an
2 mi''ion nanoseconds or &etter) is recommended &etween t/e (ana,er and t/e !ata&ase. #ny fi,ure
/i,/er t/an t/is can cause un%redicta&'e %ro&'ems.

4/e !S( System 6nformation screen %ro2ides information a&out t/at connection s%eed wit/ t/e
data&ase.
16

6n addition7 &y defau't7 !S(:to:data&ase communication is not encry%ted. 0/en t/e !S( and its
data&ase are insta''ed on t/e same /ost7 or w/en t/e connection is 2ia a dedicated switc/ or crosso2er
ca&'e7 t/is s/ou'd not &e an issue.
Howe2er7 in ot/er remote data&ase scenarios7 t/is 'ac; of encry%tion means t/at data&ase
communication is 2u'nera&'e to snoo%in,. 6n t/ese instances7 ena&'ement of encry%tion functiona'ity is
recommended. =rac'e and (S S<1 require t/eir own %rocedures. 9ot/ are s/own &e'ow.
6n &ot/ instances7 t/e !S( ser2ice must &e sto%%ed and t/en re:started to ta;e effect.
MS SB/
#dd t/e fo''owin, 'ine to dsm.%ro%ertiesA
database.SqlServer.ssl=require
Oracle
#dd t/e fo''owin, 'ines to dsm.%ro%ertiesA
database.Oracle.oracle.net.encryption_types_client=(3DES168)
database.Oracle.oracle.net.encryption_client=E!"#ED
database.Oracle.oracle.net.crypto_c$ec%su&_types_client=('D()
database.Oracle.oracle.net.crypto_c$ec%su&_client=E!"#ED
%.%.). <"3 A5alablt! an2 Dsaster Reco5er!
Applcaton /e5el
!ee% Security can run mu'ti:node !S(s to address /i,/ a2ai'a&i'ity concerns as descri&ed in section 2.2.2.
#'' critica' !S( data stored in t/e data&ase7 in disaster reco2ery situationsU t/e on'y consideration to note
is t/e 'ocation of data&ase ser2er and aut/entication credentia's stored in dsm.%ro%erties. (..S5ro,ram
-i'esS4rend (icroS!ee% Security (ana,erSwe&c'ientSwe&a%%sSR==4S0+9:68- directory)
Database /e5el
#s a'' information and settin,s are stored in t/e data&ase7 it is im%ortant to ma;e sure re,u'ar &ac;u%s of
t/e !ee% Security data&ase is sc/edu'ed. !ata&ase c'usterin, is su%%orted in &ot/ =rac'e and (icrosoft
S<1 en2ironments and is recommended for disaster reco2ery situations. =rac'e !ata ?uard and (icrosoft
S<1 data&ase mirrorin, &ot/ /a2e no side effects in re,u'ar !ee% Security functiona'ity and can &e safe'y
used.

Note? 4o reco2er from a disaster7 ma;e sure t/e data&ase is fu''y mirrored or restored and a2ai'a&'e in
t/e en2ironment. 4/e !S( software 2ersion s/ou'd matc/ t/e 2ersion t/at is runnin, in t/e %roduction
en2ironment. Ha2e a co'd stand&y !S( ready and %oint it at t/e mirroredBrestored data&ase and start
t/e ser2ice.
17
%.%.*. Database S;n"
4/e e)terna' data&ase o%tion s/ou'd &e used in a'' %roduction de%'oyments t/at /a2e more t/an 1
#,ents. 4/is o%tion a'so faci'itates t/e use of t/ird %arty data&ase too's for redundancy and disaster
reco2ery7 etc.

Si3in, of t/e e)terna' data&ase is de%endent on t/e num&er of de%'oyed #,ents7 t/e num&er of e2ents
,enerated &y t/e #,ents7 and t/e %eriod of time t/at e2ents are retained in t/e data&ase. =n a2era,e7
-irewa'' and 65S e2ents wi'' use a%%ro)imate'y 25 &ytes in t/e data&ase. 8ote t/at if t/e 65S e2ents a'so
inc'ude t/e %ac;et data7 t/is si3e may increase &y an additiona' 15 &ytes.

4/e fo''owin, e)am%'es assume t/at a%%ro)imate'y 1V of 65S e2ents contain %ac;et data.
I 1 Hosts7 eac/ wit/ 2 -irewa'' e2ents and 1 65S e2ents %er day7 7 day retention D 5 (9
estimated data&ase si3e
I 1 Hosts7 eac/ wit/ 4 -irewa'' e2ents and 1 65S e2ents %er day7 7 day retention D 7.5 ?9
estimated data&ase si3e

NoteA 4/e data&ase si3es %ro2ided are e)am%'es. =t/er factors7 suc/ as t/e num&er of security u%dates
/e'd7 t/e num&er of Security 5rofi'es7 etc7 wi'' affect data&ase si3e. 6n ,enera'7 centra''y co''ected -irewa''
and 65S e2ent 'o,s form t/e &u'; of t/e data&ase 2o'ume.

4/e fo''owin, ta&'e s/ows t/e amount of data&ase s%ace t/at a !S( ty%ica''y requires in t/e indicated
state.
State:Descrpton Space Re7ure2
-res/ insta''7 no com%uters on $om%uters 'ist 11 (9
=%erationa' !S( wit/ ru'es7 %rofi'es7 and7 u%dates.
8o com%uters on $om%uters 'ist
1 ?9
+)%ected data&ase ,rowt/ %er com%uter 1:5 (9

TpA !ata&ase s%ace s/ou'd &e %re:a''ocated to a2oid auto ,rowt/. 0/en 'o,,in, is 'eft at defau't 'e2e's7
an a2era,e !ee% Security #,ent %rotectin, a com%uter wi'' require a%%ro)imate'y 5 (9 of data&ase
dis; s%ace for data and an additiona' 5(9 of s%ace for transaction 'o,s. So one t/ousand com%uters wi''
require 5 ?9 for data and 5 ?9 for transaction 'o,s7 two t/ousand com%uters wi'' require 1 ?9 for
data and 1 ?9 for transaction 'o,s7 etc.

%.%.-. Multple Databases Deplo!6ent
4/e networ; connection &etween t/e !S( and t/e data&ase is recommended to &e a 1?9 connection.
9ut if t/ere are any situations w/ere t/e !S( wi'' &e connected to t/e data&ase t/rou,/ a 0#8 'in;7
t/en it is not an idea' situation and %erformance dro% wi'' &e o&ser2ed for a &usy !S(.

#'' !ee% Security 8odes (!S( T !9) s/ou'd &e 'ocated in same datacenter. 6f &andwidt/ is a concern7 use
se%arate !S( infrastructures. 6t is more %roducti2e to /a2e a se%arate data&ase for t/at s%ecific !S( in
t/at 1#8.
18
%.%.$. T3r2 Part! Inte"raton (SIEMC S!slo"#
!ee% Security 3
rd
%arty inte,ration is done most'y t/rou,/ 0e&Ser2ices #56 or Sys'o,. 6f customer /as a 'ar,e
en2ironment and requires 'o, retention for a %eriod more t/an 3 mont/s7 it is recommended we re'y on
sys'o, and S6+( for 'o, stora,e and not t/e !ee% Security !ata&ase.

=ne 2ery im%ortant desi,n consideration is t/at sys'o, out%ut is sent direct'y from t/e !ee% Security #,ents7
if t/e a,ents are 'ocated on different networ; se,ments7 networ; and firewa'' restrictions must &e confi,ured
to a''ow connecti2ity to t/e sys'o, ser2er.

Note? Sys'o, is .!5 &ased and is an unsecured %rotoco'.

6f a customer wants to %u'' !ee% Security e2ents into t/eir S6+( %roduct &ut don@t /a2e sys'o, ser2ers
a2ai'a&'e in a'' required networ; se,ments7 t/e recommended a'ternati2eis to %u'' t/e e2ents direct'y from
!ee% Security (ana,er is usin, 0e&Ser2ices #56.

Note? 0e& Ser2ices #56 documents and sam%'es are a2ai'a&'e u%on request to customers t/at wou'd 'i;e to
%erform in:/ouse de2e'o%ment usin, a2ai'a&'e #56 to access !ee% Security information from t/eir in:/ouse
a%%'ication.

.sin, 0e&Ser2ices #567 you wi'' not &e ,ettin, e2ents in rea':time as a /eart&eat &etween t/e !ee% Security
(ana,er and !S#B!S"# wi'' need to occur &efore t/e e2ents a%%ear in t/e !ee% Security (ana,er.

Tp? .se dedicated 'o, co''ection de2icesBa%%'ications (#rcSi,/t7 S%'un;) for 'on, 'o, retention or 'ar,e
num&ers of e2ents.

19
%.'. Re7ure2 Open Ports for Deep Securt! Co66uncaton

20
%.'.1. Deep Securt! Mana"er
Port Drecton Purpose
4118 (4$5B.!5) -rom (ana,er to t/e #,ent (ana,er to #,ent
communication
412 (4$5B.!5) -rom t/e #,ent to t/e (ana,er #,ent to (ana,er
communication
4119 (4$5B.!5) ?oin, towards t/e !ee% Security
(ana,er $onso'e
!S( conso'e
443 (4$5B.!5) -rom (ana,er to "(ware 2$enter
Retrie2a' of 2irtua' en2ironment
information from t/e 2$enter ser2er
%.'.%. Deep Securt! A"ent
4118 (4$5B.!5) -rom (ana,er to t/e #,ent (ana,er to #,ent
communication
%.'.'. Deep Securt! Rela!
4122 (4$5B.!5) -rom networ; mem&ers to t/e
Re'ay.
Re'ay 'istenin, %ort
4123 (4$5B.!5) -rom !S"# to Re'ay. Required for a,ent'ess 6nte,rity
(onitorin,
443 (4$5B.!5) -rom Re'ay to t/e 6nternet i#. Security .%dates
%.'.). Database Co66uncaton
1433 (4$5B.!5) 9i:directiona' (icrosoft S<1 ser2er
1434 (4$5B.!5) 9i:directiona' (icrosoft S<1 ser2er
1521 (4$5B.!5) 9i:directiona' =rac'e S<1 Ser2er
21
%.'.1. +rtual Applance Co66uncaton
4118 (4$5B.!5) -rom (ana,er to t/e 2irtua'
a%%'iance (!S"#)
(ana,er to !S"# communication
443 (4$5B.!5) -rom !S"# to "(ware 2S/ie'd
(ana,er
Sendin, #nti:(a'ware functiona'ity
status information to t/e 2S/ie'd
(ana,er
%.'.%. S!slo" Co66uncaton
514 (4$5B.!5) 9i:directiona' $ommunication wit/ Sys'o, ser2er
%.). Net8or9 Co66uncaton
$/oosin, t/e most a%%ro%riate defau't /ost communication settin, for t/e en2ironment de%ends on t/e networ;
arc/itecture7 t/e 'ocation of t/e maOority of t/e mana,ed /osts7 and w/at is t/e ty%e of t/e /osts. -or e)am%'e7 if
a'' t/e tar,et /osts are wit/in t/e same su&net7 usin, t/e defau't confi,uration of K9i:directiona'L is t/e &est
c/oice.
+ac/ met/od is discussed &e'ow. 6t is im%ortant to note t/at a't/ou,/ K(ana,erB#,ent 6nitiated (9i:directiona')L
met/od is t/e defau't settin,7 t/e /ost communication met/od can &e o2erridden at t/e Security 5rofi'e or Host
'e2e'7 t/us %ro2idin, t/e most a%%ro%riate met/od for eac/ /ost or ,rou% of /osts.
%.).1. DNS Resoluton
#'' communications &etween your !ee% Security (ana,er and !ee% Security #,ents or "irtua' #%%'iances
uses !8S /ostnames.
6n order for !ee% Security #,entB#%%'ianceBRe'ay de%'oyments to &e successfu'7 you must ensure t/at eac/
com%uter can reso'2e t/e /ostname of t/e !ee% Security (ana,er. 4/is requires t/at t/e !ee% Security
(ana,er com%uter /a2e a !8S entry or an entry in t/e Re'ayB#,entB#%%'iance com%uter@s K/ostsL fi'e.

Note? Nou wi'' s%ecify t/is /ostname as %art of t/e !ee% Security (ana,er insta''ation %rocedure. 6f you do
not /a2e a !8S7 you wi'' /a2e to s%ecify an 65 address durin, t/e insta''ation.

%.).%. >.2rectonal
0/en c/oosin, &i:directiona' initiated communication7 t/e ;ey %oints to consider areA
1. !ee% Security #,ent 'istens on %ort 4118 on t/e %rotected /ost.
2. Requires a communication %at/ to &e a2ai'a&'e from t/e (ana,er to %ort 4118 on t/e %rotected /ost.
3. Requires a communication %at/ to &e a2ai'a&'e from t/e %rotected /ost to %ort 412 on t/e (ana,er.
4. #''ows tas;s and u%dates to &e immediate'y %us/ed out to t/e %rotected /ost
22
5. #''ows 'o,s to &e fetc/ed from t/e #,ent on:demand
*. 6f %rotected /osts are usin, !H$5 w/en t/e #,ent communicates wit/ t/e (ana,er durin, a /eart&eat7
t/e 65 address of t/e /ost is u%dated in t/e (ana,er@s data&ase.
%.).'. Mana"er Intate2
0/en c/oosin, mana,er initiated communication7 t/e ;ey %oints to consider areA
1. !ee% Security #,ent 'istens on %ort 4118 on t/e %rotected /ost
2. Requires a communication %at/ to &e a2ai'a&'e from t/e (ana,er to %ort 4118 on t/e %rotected /ost
3. #''ows tas;s and u%dates to &e immediate'y %us/ed to t/e %rotected /ost
4. #''ows 'o,s to &e fetc/ed from t/e #,ent on:demand
5. 6f %rotected /osts are usin, !H$5 dynamic !8S is required to ensure t/e (ana,er is a&'e to reso'2e t/e
/ostname to t/e current 65 address of t/e %rotected /ost.

Note? !ee% Security (ana,er sc/edu'es t/e a,ent /eart&eats. 4/is ta;es si,nificant amount of
timeB%rocessin, effort on t/e ser2er. 4/is met/od must on'y &e used if t/ere is no communication %at/ from
a,ent to t/e !S(.

%.).). A"ent Intate2
0/en c/oosin, a,ent initiated communication7 t/e ;ey %oints to consider areA
1. !ee% Security #,ent does not o%en a 'istenin, %ort on t/e %rotected /ost
2. Requires a communication %at/ from t/e %rotected /ost to %ort 412 on t/e (ana,er
3. #,ent tas;s and u%dates are retrie2ed on'y at t/e /eart&eat inter2a'
4. 1o,s can &e de'i2ered to t/e (ana,er on'y at t/e /eart&eat inter2a'
5. 6f %rotected /osts are usin, !H$57 w/en t/e #,ent communicates wit/ t/e (ana,er durin, a /eart&eat7
t/e 65 address of t/e /ost is u%dated in t/e (ana,er data&ase
%.*. Date:T6e Mana"e6ent
%.*.1. T6e S!nc3ron;aton
#'' com%uters on w/ic/ !ee% Security Software is runnin, s/ou'd &e sync/roni3ed wit/ a re'ia&'e time source.
6t is recommended t/e com%uters are re,u'ar'y communicatin, wit/ a 8etwor; 4ime 5rotoco' (845) ser2er.

Note? 4/e c'oc; on a !ee% Security Re'ay (!SR) mac/ine must &e sync/roni3ed wit/ !ee% Security (ana,er
(!S() to wit/in a %eriod of 24 /ours. =t/erwise u%date tas; wi'' not &e a&'e to com%'ete successfu''y.

%.-. Protecton 8t3 A"ents
%.-.1. <ar28are Re7ure6ents C3ec9lst
Hardware Requirements
Na6e Descrpton
23
!ee% Security (ana,er 1 5/ysica' or "irtua' 0indows Ser2er (*4:&it)
S<1 Ser2er 28 1 5/ysica' or "irtua' 0indows Ser2er (*4:&it)
!ee% Security #,ent 5/ysica' or "irtua' (ac/ine (#ny su%%orted %'atform)
%.-.%. Soft8are Re7ure6ents C3ec9lst
4rend (icro Software Requirements
Na6e Source +erson
!ee% Security (ana,er 8. !own'oad 8..131
!ee% Security Re'ay 8. !own'oad 8..1142
!ee% Security #,ent 8. !own'oad 8..1142

(icrosoft Software Requirements
Na6e Source +erson

S<1 28 Ser2er (any ser2ice%ac; 'e2e') !own'oad

%.-.'. Pro2uct /cense C3ec9lst
1icense Requirements
Na6e Proce2ure
!ee% Security #cti2ation $ode 1icense is required durin, %roduct insta''ation.

%.-.). A26nstrat5e Pr5le"e C3ec9lst
.ser 5ri2i'e,e Requirements

Na6e Descrpton
0indows #dministrator account 1oca' admin %ri2i'e,e for %roduct insta''ation
S<1 account d&o access to t/e !ee% Security data&ase
+mai' account -or !ee% Security (ana,er notification
%.-.*. Buc9 O5er5e8 of Setup Process
A. Create a 2atabase for Deep Securt! Mana"er

1. 6nsta'' a data&ase ser2er for use &y t/e !ee% Security (ana,er

Tp? #2oid usin, S<1 +)%ress 25B28 ,i2en t/e data&ase si3e 'imitation of 4?9. !o not use t/e !er&y
+m&edded data&ase t/at comes &y defau't wit/ t/e !ee% Security insta''er.

>. Deplo! t3e Deep Securt! En5ron6ent
24

2. 6nsta'' !ee% Security (ana,er
3. 6nsta'' at 'east one !ee% Security Re'ay.

Note? 6f t/e !ee% Security (ana,er and !ee% Security Re'ay insta''er are 'ocated wit/in t/e same
directory7 after !ee% Security (ana,er insta''ation com%'etes7 it wi'' a'so com%'ete t/e !ee% Security
Re'ay insta''ation automatica''y.

4. 5erform &asic confi,uration of !ee% Security (ana,er and !ee% Security Re'ay
5. 6nsta'' !ee% Security #,ent on 5/ysica' or "irtua' mac/ines to &e %rotected
C. Enable Protecton on co6puters

*. #dd t/e mac/ines to !ee% Security (ana,er 0e& $onso'e and acti2ate t/e a,ent mac/ines
7. #ssi,n t/e a%%ro%riate security %rofi'es to t/e acti2ated mac/ines.

%.$. Protecton usn" A"entless for +rtual;e2
En5ron6ent
%.$.1. <ar28are Re7ure6ents C3ec9lst
Hardware Requirements
!ee% Security (ana,er 1 5/ysica' or "irtua' 0indows Ser2er (*4:&it)
S<1 Ser2er 28 1 5/ysica' or "irtua' 0indows Ser2er (*4:&it)
2$enter Ser2er 5/ysica' (Recommended) or "irtua' 0indows Ser2er (*4:&it)
!ee% Security #,ents 5/ysica' or "irtua' (ac/ine (#ny su%%orted %'atform)
+S> Host (ac/ine # 1 5/ysica' Ser2er (#t 'east 2) $5. and 8?9 R#()
+S> Host (ac/ine 9 1 5/ysica' Ser2er (#t 'east 2) $5. and 8?9 R#()

Note? 6f you are runnin, "(ware 2$enter in a 2irtua' *4:&it 0indows =%eratin, System7 t/e 2irtua' mac/ine
must &e a''ocated at 'east 4?9 of memory.
%.$.%. Soft8are Re7ure6ents C3ec9lst
"(ware Software Requirements
Na6e Source +erson
2$enter 5. !own'oad 5...4559*4 or 'ater
2$enter .%date (ana,er !own'oad
2S%/ere $'ient !own'oad
2S%/ere +S>i 5. !own'oad 5...474*1 or 'ater
2S/ie'd (ana,er 5. !own'oad 5...473791 or 'ater
"(ware 4oo's 5. (com%'ete insta'')
25

4rend (icro Software Requirements

Na6e Source +erson
!ee% Security (ana,er 8. !own'oad 8..131
!ee% Security Re'ay 8. !own'oad 8..1142
!ee% Security #,ent 8. !own'oad 8..1142
!ee% Security -i'ter !ri2er !own'oad 8..1131
!ee% Security "irtua' #%%'iance 8. !own'oad 8..1131
!ee% Security 8otifier 8. !own'oad 8..1142

(icrosoft Software Requirements

Na6e Source +erson
S<1 28 Ser2er (any ser2ice %ac; 'e2e') !own'oad

%.$.'. Pro2uct /cense C3ec9lst
1icense Requirements
Na6e Proce2ure
"(ware 2$enter 5. 1icense is required durin, %roduct insta''ation.
"(ware 2S%/ere +S>i 5. 1icense is required durin, %roduct insta''ation.
"(ware 2S/ie'd +nd%oint
A22 t3e lcense nto 5Center
=n 2$enter $onso'e7 se'ect "iew Home
#dministration 1icensin,
(ana,e 2S%/ere 1icenses +nter t/e 'icense ;ey and
com%'ete t/e wi3ard
4rend (icro #cti2ation $ode 1icense is required durin, %roduct insta''ation.

%.$.). A26nstrat5e Pr5le"e C3ec9lst
.ser 5ri2i'e,e Requirements

Na6e Descrpton
0indows administrator account 1oca' admin %ri2i'e,e for %roduct insta''ation
S<1 account d&o access to t/e !ee% Security data&ase
2$enter administrator account
0indows administrator account used to 'o,in into 2$enter
wit/ root %ri2i'e,e.

2S/ie'd (ana,er administrator
account
Root admin access.
+mai' account -or !ee% Security (ana,er notification
26
%.$.*. Buc9 O5er5e8 of Setup Process
A. Prepare t3e +M8are en5ron6ent

Tp? 4/e "(ware 2S/ie'd (ana,er and "(ware 2S/ie'd +nd%oint dri2ers are required if you want to
im%'ement #nti:(a'ware %rotection on your 2irtua' mac/ines.

1. !e%'oy t/e 2S/ie'd (ana,er.
2. .sin, 2S/ie'd (ana,er7 insta'' 2S/ie'd +nd%oint to t/e +S>i 5. /ost.
3. 6nsta'' "(ware 4oo's inc'udin, ("($6) com%onent to 2irtua' mac/ines you want to %rotect
>. Create a 2atabase for Deep Securt! Mana"er

4. 6nsta'' a data&ase ser2er for use &y t/e !ee% Security (ana,er

Note? #2oid usin, S<1 +)%ress 25B28 ,i2en t/e 4?9 data&ase si3e 'imitation. !o not use t/e !er&y
+m&edded data&ase t/at comes &y defau't wit/ t/e !ee% Security insta''er.

C. Install t3e Deep Securt! En5ron6ent

5. 6nsta'' !ee% Security (ana,er
*. 6nsta'' at 'east one !ee% Security Re'ay.

Note? 6f t/e !ee% Security (ana,er and !ee% Security Re'ay insta''er are 'ocated wit/in t/e same
directory7 after !ee% Security (ana,er insta''ation com%'etes7 it wi'' a'so com%'ete t/e !ee% Security
Re'ay insta''ation automatica''y.

7. 5erform &asic confi,uration of !ee% Security (ana,er and !ee% Security Re'ay
8. #dd 2$enter Ser2er T 2S/ie'd (ana,er 6nformation usin, !ee% Security (ana,er we& conso'e.
9. 5re%are t/e +S>i /ost under t/e 2$enter $om%uter 4ree
1. !e%'oy t/e !S"# to t/e %re%ared +S>i /ost
11. 6nsta'' t/e !ee% Security 8otifier on t/e %rotected 2irtua' mac/ines. (o%tiona')
D. Enable Protecton on 5rtual 6ac3nes.

12. #cti2ate t/e !S"#.
13. #cti2ate t/e 2irtua' mac/ines.
14. #ssi,n t/e a%%ro%riate security %rofi'es to t/e acti2ated mac/ines.

I6portant? 8ew'y added 2irtua' mac/ines must /a2e "($6 dri2er insta''ed &efore t/ey can &e %ro2ided
wit/ #nti:(a'ware %rotection.
%.&. Protecton n M4e2 En5ron6ent
%.&.1. Coor2nate2 Approac3
.sin, t/e "irtua' #%%'iance to %rotect 2irtua' mac/ines doesnWt %rec'ude t/e use of !ee% Security #,ents for
2irtua' mac/ines on t/e same /ost. 0/en 2irtua' mac/ines are %rotected &y t/e coordinated a%%roac/7 if t/e
#,ent ,oes off'ine7 t/en %rotection from t/e #%%'iance is automatica''y acti2ated.
27
4/is coordinated a%%roac/ %ro2ides t/e fo''owin, &enefitsA
Recommendation Scans can &e run on t/e 2irtua' mac/ines.
5ro2ides mo&i'ity to t/e 2irtua' mac/ines. 4/ey can &e mo2ed &etween data centers or c'oud
%ro2iders and t/e %rotection mo2es wit/ t/em.
5erformance im%ro2ement. 0/i'e t/e !ee% Security #,ent is acti2e on t/e 2irtua' mac/ine7 t/e
"irtua' #%%'iance automatica''y %asses traffic t/rou,/ to t/e #,ent.
#''ows you to im%'ement t/e additiona' 6nte,rity (onitorin, and 1o, 6ns%ection modu'es on t/e
2irtua' mac/ine &y usin, t/e !ee% Security #,ent to %ro2ide t/e %rotection.
-or t/e $oordinated #%%roac/ to &e im%'emented for a %articu'ar %rotection modu'e7 &ot/ t/e #,ent and t/e
#%%'iance /a2e to im%'ement t/at %rotection. 4/e fo''owin, ta&'e s/ows t/e !ee% Security %rotection
modu'es t/at can ma;e use of t/e $oordinated #%%roac/A

Supporte2 b!
Applance
Supporte2 b!
A"ent@@
Coor2nate2 Approac3
A5alable
Ant.Mal8are Nes Nes 8o
=eb Reputaton Nes Nes Nes
Fre8all Nes Nes Nes
Deep Pac9et Inspecton Nes Nes Nes
Inte"rt! Montorn" Nes Nes 8o
/o" Inspecton 8o Nes 8o
@@ Some features are not a2ai'a&'e on a'' %'atforms. -or a com%'ete detai'ed 'ist of su%%orted features &y
%'atform7 see t/e on:'ine /e'% or .ser@s ?uide.

NoteA 6f you insta'' an #,ent on a 2irtua' mac/ine t/at was %re2ious'y &ein, %rotected on'y &y a !ee% Security
"irtua' #%%'iance7 t/e 2irtua' mac/ine wi'' /a2e to &e acti2ated a,ain from t/e (ana,er to re,ister t/e
%resence of t/e #,ent on t/e com%uter.
%.(. <o8 to Ma46;e Deep Securt! Protecton n !our
Net8or9
%.(.1. Buantf!n" <osts
6dentify /ow many mac/ines &ot/ %/ysica' and 2irtua' to &e %rotected &y !ee% Security (ana,er. Si3e t/e
!ee% Security (ana,er /ardware resource accordin, to t/e recommended system requirements.
4o sca'e !ee% Security (ana,er7 we can add additiona' !ee% Security (ana,er node de%endin, on t/e
num&er of %rotected /osts t/at are &ein, mana,ed.
=ne !ee% Security (ana,er for 1 to 27 /osts
4wo !ee% Security (ana,er for 27 to 57 /osts

I6portant? 4wo (2) !ee% Security (ana,er nodes are recommended e2en if t/e num&er of mana,ed /osts is
&e'ow 27 for redundancy and 'oad &a'ancin, %ur%oses. (ore t/an 3 !ee% Security (ana,er nodes is not
recommended.
28

%.(.%. Classf!n" <osts
=nce you /a2e identified t/e /osts you wis/ to tar,et for your de%'oyment t/e ne)t ste% is to c'assify t/ese
/osts in order to determine t/e %ro%er security %rofi'es t/at suit t/e ro'e of t/ese mac/ines.
Classfcaton b! <ost T!pes?
5/ysica' Ser2ers
o 4y%ica''y a'ways connectedB%owered on
"irtua' Ser2ers
o (ore frequent'y %owered offBon t/an %/ysica' ser2er
o "irtua' #,ent is a2ai'a&'e e2en w/en "( is %owered off
0or;stations
o 8ot a'ways %owered on
o $an &e re:ima,ed frequent'y
1a%to%s
o $an &e %/ysica''y remo2ed from networ;
o $an &e connected 2ia 6nternetB"58
Classfcaton b! <ost Roles?
0indows 23 !omain $ontro''ers
(u'ti:%ur%ose or ?eneric Ser2ers
0e& a%%'ication /osted on (icrosoft 66S we& ser2er
0e& a%%'ication /osted on #%ac/e we& ser2er
$ustom a%%'ication /osted on 0indows
$ustom a%%'ication /osted on 1inu)
(icrosoft +)c/an,e Ser2er
(icrosoft S<1 Ser2er
Classfcaton b! <ost /ocatons?
#re /osts from mu'ti%'e networ; se,ments in sco%e
o 1oca' #rea 8etwor;
o !(X
o Ynow'ed,e 0or;er 1#8
o 5$6 1#8
8etwor; %o'icy restrictions
o 6so'ated se,ments t/at is strict'y inde%endent from t/e rest of t/e networ;
29
o =ne way or two way communication
o 0/ic/ se,ment wi'' contain t/e maOority of t/e %rotected /osts
%.(.'. Bualf!n" <osts
0/en de%'oyin, !ee% Security in an en2ironment7 se2era' factors %'ay a %art in t/e se'ection of w/ic/ /osts
are to &e %rotected. 9e,in &y identifyin, t/e /ost o%eratin, systems in t/e en2ironment t/at are su%%orted &y
4rend (icro !ee% Security. Refer to t/e section 1.%.1 DSA Reco66en2e2 S!ste6 Re7ure6ents a&o2e. 8e)t7
answer t/e fo''owin, questionsA
A. 0/at are t/e issues t/at are &ein, encountered in t/e en2ironment t/at can &e so'2ed wit/ t/e 4rend
(icro !ee% Security softwareC -or e)am%'e7 are ser2ers or des;to%s t/e &i,,est issueC 6s %atc/in, in a
time'y fas/ion a si,nificant issueC #re we& a%%'ications 2u'nera&'e to attac;C #re unaut/ori3ed access
attem%ts a maOor concernC
Reco66en2atons?
Nou may tar,et t/ose mac/ines (ser2ersBwor;stations) w/ere t/e %atc/in, can@t &e done ri,/t away7
&ecause of any reason. Nou can %rotect t/ose /osts usin, !ee% Security7 unti' you %atc/ t/em u%. 6f your
we& a%%'ications are 2u'nera&'e t/en it is a ,ood idea to insta'' !S# on t/em. 4/ose mac/ines a'so qua'ify
as a ,ood candidate for !ee% Security #,ent t/at usua''y ,et a /i,/er num&er of unaut/ori3ed access
attem%ts. 0it/ !S you can monitor suc/ attem%ts and ta;e ste%s to %rotect t/e /ost from t/em.

>. 6s t/ere a centra'7 or defau't7 &ui'd for t/e ser2ers7 or do ser2er administrators &ui'd indi2idua' ser2ers
'eadin, to inconsistencies in your data centerC
Reco66en2atons?
6n t/is scenario you may use t/e 6nte,rity (onitorin, feature of !ee% Security 7. 4/is feature wi'' /e'%
you wit/ t/e e2ents and a'erts if t/ere are new %ro,rams &ein, insta''ed on t/e ser2ers

C. 0/at are t/e standard a%%'ications in t/e en2ironmentC
Reco66en2atons?
6f you wou'd 'i;e to standardi3e t/e a%%'ications in your en2ironment t/en 6nte,rity (onitorin, feature of
!ee% Security /e'%s you in monitorin,
6nsta''ed software
Runnin, ser2ices
5rocesses
-i'es
!irectories
1istenin, %orts
Re,istry ;eys
Re,istry 2a'ues

D. 0/at must &e inc'uded in t/e security %o'icies to ensure a%%ro%riate %rotectionC -or e)am%'e7 is it we&
or data&ase content t/at must &e %rotected from unaut/ori3ed modificationC S/ou'd a%%'ication owners
&e %re2ented from ena&'in, networ; access to new7 unaut/ori3ed7 or undocumented networ;
a%%'ications &y 'imitin, t/e o%en %orts on t/e /ostC
30
Reco66en2atons?
Suc/ mac/ines wi'' qua'ify as a ,ood candidate for !S 8. a,ent. Nou may use t/e %ort scan on sc/edu'ed
&asis to monitor t/e o%en %orts.

E. 0/ic/ /osts are most 2u'nera&'e to e)terna' and interna' attac;sC
Reco66en2atons?
Suc/ /osts are recommended to /a2e !S 8. a,ent on t/em for %rotection. Nou may a'so use t/e
interface iso'ation feature of !S 8. and se%arate set of security %rofi'es for different networ; se,ments
(interna' or e)terna').

F. 0/at ot/er security a%%'ications e)ist in t/e en2ironment todayC
Reco66en2atons?
Yee% in mind t/at you wi'' /a2e to uninsta'' any e)istin, security so'ution 'i;e firewa''s7 &efore you insta''
!S#. 6t is /e'%fu' to identify suc/ mac/ines in you en2ironment so t/at you wi'' &e aware of t/eir
e)istence and wi'' ma;e sure t/at t/ey are treated a%%ro%riate'y in your %roOect %'an.

1. 0/ic/ %orts do t/e a%%'ications use today and7 w/ic/ direction does communication ta;e %'ace and is it
necessary to o%en u% t/is communication to t/e wor'd or a 'imited set of /osts.
Reco66en2atons?
!ee% Security /as t/e a&i'ity to sto% traffic in any direction (incomin,Bout,oin,). 5ort scans can assist you
in e2a'uatin, t/e current situation of %orts for any end %oint.

<. 0/ic/ 2irtua'i3ation %'atform needs to &e %rotected usin, t/e a,ent:'ess %rotection7 %ro2ided &y t/e
!ee% Security 2irtua' a%%'ianceC
Reco66en2atons?
!ee% Security 8. /as t/e a&i'ity to %rotect 2irtua' mac/ines at t/e /y%er:2isor 'e2e'7 t/erefore you can
identify t/e "(s t/at are created 2ery often on certain 2irtua' ser2ers. 6nsta''in, t/e !S"# (!ee% Security
"irtua' #%%'iance) on suc/ 2irtua' ser2ers %ro2ide %rotection (#nti:(a'ware7 -irewa''7 !ee% 5ac;et
6ns%ection and 6nte,rity (onitorin,) immediate'y to t/e 2irtua' mac/ines ri,/t after t/ey ,et created (or
2(otioned onto)7 e2en if t/ere was no !S a,ent insta''ed on t/em yet.
%.1,. /6tatons to Deplo!n" A"ent Soft8are
!ee% Security re'ies on t/e e)istin, de%'oyment too's in use7 in t/e c'ient@s en2ironment. Nou cannot run t/e
a,ent insta''er o2er a .8$ %at/. 4/e insta''er s/ou'd &e &rou,/t o2er to t/e tar,et mac/ine and t/en t/e
insta''er s/ou'd &e in2o;ed. (a;e sure t/is strate,y is fo''owed no matter w/at too' of de%'oyment (S(S7
#'tiris etc.) is used.

31

'. Deplo!6ent P3ase
'.1. Installn" aroun2 an E4stn" Soluton
'.1.1. =n2o8s Fre8all
!ee% Security #,ent can &e insta''ed a'on,side 0indows -irewa''7 &ut it is recommended to turn off ot/er
firewa'' a%%'ications %rior to insta''in, !ee% Security #,ent. 9y defau't !ee% Security #,ent wi'' automatica''y
turn off 0indows -irewa'' u%on t/e a,ent insta''ation.
6f you %'an to insta'' !ee% Security #,ent and sti'' continue on usin, 0indows -irewa'' for your firewa''
%rotection7 insta'' !ee% Security #,ent wit/ a s%ecia' 4ransform -i'e (M.mst). 4/is transform fi'e instructs t/e
!ee% Security #,ent to not ma;e any c/an,es to t/e 0indows -irewa'' settin,s7 0indows -irewa'' may &e
ena&'ed 2ia ?5= and cannot &e turned off 'oca''y7 w/en !ee% Security #,ent tries to c/an,e 0indows
-irewa'' Settin,s it may cause unwanted modifications to t/e 0indows -irewa'' e)ce%tion ru'es.
6nsta'' !ee% Security #,ent usin, t/e fo''owin, msie)ec commandA
msiexec /i <path to Agent.msi> TRANSFORMS=<path to Leave_Firewall.mst> /L*v
c:\dsa_install.log
#fter !ee% Security #,ent is insta''ed7 assi,n t/e correct Security 5rofi'e t/at offers t/at same 'e2e' of firewa''
%rotection %ro2ided &y 0indows -irewa'' required on t/e mac/ine.
'.1.%. OffceScan Fre8all
!ee% Security #,ent can &e insta''ed a'on,side =fficeScan -irewa''7 &ut 2 firewa''s runnin, in t/e same
mac/ine is not recommended. 0e /i,/'y su,,est uninsta''in, =fficeScan -irewa'' dri2er %rior to insta''in,
!ee% Security #,ent.
4/ere are 2 ways to turn off =fficeScan firewa''. Nou can turn off t/e =fficeScan -irewa'' &y assi,nin, a
-irewa'' 5rofi'e wit/ firewa'' confi,uration settin, disa&'ed. 4/is 'ea2es t/e =fficeScan -irewa'' dri2er sti''
insta''ed on t/e mac/ine.
4/e recommended met/od is to turn off =fficeScan -irewa'' at t/e same time remo2in, t/e firewa'' dri2er.
4/is can &e accom%'is/ed wit/ t/e fo''owin, %rocedureA
1. ?o to t/e 5$$SR" fo'der and o%en t/e ofcscan.ini fi'e usin, a te)t editor.
2. 1oo; for t/e D1lobal Settn"E section and add t/e fo''owin, %arameterA Rm25-0if!isa&'edD1
3. 1o, on to t/e =fficeScan mana,ement conso'e.
4. ?o to Net8or9e2 Co6puters 1lobal Clent Settn"s.
5. $'ic; Sa5e to de%'oy t/e settin,s to t/e c'ients.
*. Sti'' on t/e conso'e7 ,o to A26nstraton Pro2uct /cense.
$. .nder A22tonal Ser5ces7 c'ic; t/e Dsable &utton to sto% t/e firewa''.
NoteA 4/e uninsta''ation of =fficeScan -irewa'' !ri2er wi'' reset a'' t/e 4$565 connections. .sers wi''
e)%erience a 5 to 1 seconds networ; disconnect and t/en e2eryt/in, s/ou'd &e &ac; to norma'.
4/e 6nsta''ation of !ee% Security #,ent a'so %erforms a 8etwor; !ri2er insta''ation7 so e)%ect t/e s/ort
32
networ; disconnect durin, t/e insta''ation %rocess as we''.
#fter =fficeScan firewa'' is remo2ed7 %roceed to insta'' !ee% Security #,ent usin, norma' met/od.
'.%. Up"ra2e fro6 pre5ous 5erson of Deep Securt!
Mana"er
6f you /a2e an e)istin, !ee% Security (ana,er en2ironment and wou'd &e u%,radin, to !ee% Security (ana,er
8.7 you must ta;e note of a'' t/ese im%ortant informationA
!ee% Security (ana,er must a'ways &e u%,raded first &efore u%,radin, ot/er !ee% Security
com%onents.
!ee% Security (ana,er can a'ways mana,e 1 (#Z=R 2ersion &ac;
o !ee% Security (ana,er 8. can mana,e !ee% Security #,ent B !S"# 7.7 7.57 8.)
2S/ie'dB"(safe inte,ration needs to &e considered
o !ee% Security 8. doesn@t su%%ort 2S/ie'd (ana,er 4
o !ee% Security 7.5 doesn@t su%%ort 2S/ie'd (ana,er 5
-or 'ar,e data&ases7 sc/ema modification can ta;e si,nificant amounts of time (8T /ours)
#%%'ications 'e2era,in, 0e& Ser2ices #56 may need to &e u%dated to su%%ort new 0S!1.
I6portant t3n"s to cons2er 83en up"ra2n"?
1. #'ways remem&er to &ac;u% t/e !ee% Security data&ase &efore startin, t/e u%,rade %rocess.
2. 6f you are usin, !ee% Security 7.B7.5 32:&it %ro,ram 2ersion7 t/e insta''er to u%,rade to !ee% Security 8.
must a'so &e usin, 32:&it %ro,ram 2ersion.
3. 0/en t/e first !ee% Security (ana,er ser2er node is u%,raded7 a'' ot/er nodes wit/in t/e ,rou% wi'' /a2e
t/e main ser2ice (!ee% Security (ana,er.e)e) turned off.
Note? Nou cannot run mu'ti:2ersion !ee% Security (ana,ers at t/e same time.
4. !urin, t/e u%,rade7 data&ase sc/ema can sometimes ta;e /ours to u%,rade de%endin, on t/e si3e of t/e
data&ase. 6t is not unusua' for t/e data&ase sc/ema to ta;e 1 to 2 /ours for it to &e com%'ete'y u%,raded.
5. #fter t/e u%,rade is com%'ete. 4/e !ee% Security #,ent %ro,ram 2ersion wi'' remain t/e same. 4/ey wi''
not &e u%,raded automatica''y &y t/e ser2er.
*. !ee% Security (ana,er 8. can continue to mana,e !ee% Security #,ents 7.B7.5.
Nou may u%,rade !ee% Security (ana,er *.17 7. or 7.5 to !ee% Security (ana,er 8.. -or ot/er 2ersions of
!ee% Security (ana,er7 %'ease contact 4rend (icro su%%ort for %ro%er u%,rade ste%s.
!ee% Security #,ents can &e u%,raded direct'y to t/e 'atest 2ersion and t/e u%,rade can &e done usin, t/e
!ee% Security (ana,er 0e& $onso'e. 4/e #,ent software u%,rade tas; /as to &e in2o;ed manua''y &y t/e
administrator.

NoteA 0/en you do an u%,rade and se'ected new insta''ation7 t/e e)istin, security %rofi'e a%%'ied on !ee%
Security #,ents remains t/e same. 6n order for t/e !ee% Security (ana,er to &e a&'e to communicate wit/
t/e a,ents a,ain7 you are required to de:acti2ate and re:acti2ate t/e #,ents. 4/is %rocess a''ows t/e a,ent to
recei2e t/e new certificate fi'e created &y t/e new insta''ation.

33

'.%.1. E4stn" Data n t3e Database
!ata&ase &ac;u% must &e %erformed &efore u%,radin, t/e !ee% Security (ana,er for disaster reco2ery
%ur%oses. #dministrators are a&'e to create sc/edu'ed data&ase &ac;u% tas;s usin, Deep Securt! =eb
Console S!ste6 Sc3e2ule2 Tas9s. Howe2er7 t/is can on'y &e used for t/e em&edded and (S S<1
data&ases. 6t wi'' not wor; on =rac'e data&ases. 5'ease refer to =rac'e documentation to determine /ow to
&ac;u% =rac'e data&ases.

NoteA 9efore u%,radin,7 ma;e sure t/at t/e data&ase credentia' is documented. =t/erwise7 &ac;u% t/e fi'e
R6nsta''ation -o'derPS!ee% Security (ana,erSwe&c'ientSwe&a%%sSR==4S0+9:68-Sdsm.%ro%erties.

'.%.%. Up"ra2n" t3e Deep Securt! Mana"er
'.%.%.1. '%.bt to -).bt Deep Securt! Mana"er Up"ra2e
Note? 0e recommend usin, a *4:&it !S( &ecause t/e 32:&it Z"( inc'uded wit/ a 32:&it !S( is restricted
to %ro2idin, 'ess t/an 2?9 of memory to t/e a%%'ication runnin, %rocess. 4/is wi'' %re2ent you from
sca'in, u% in t/e future if required and wou'd require t/e addition of a *4:&it !S( and decommissionin,
of t/e 32:&it !S(.

#n u%,rade from 32&it !ee% Security (ana,er to *4&it !ee% Security (ana,er wi'' not wor;7 and s/ou'd
not &e attem%ted. 6f you %'an on u%,radin, an e)istin, 32&it !ee% Security (ana,er t/at is runnin, on a
*4&it o%eratin, system to a *4&it !ee% Security (ana,er you wi'' need to %erform t/e fo''owin, ste%sA
1. 9ac;u% your !ee% Security (ana,er data&ase.
2. (a;e sure you /a2e a'' confi,uration information of your !ee% Security (ana,er (for instance7 !9
credentia's and 'ocation).
3. .%,rade !ee% Security (ana,er usin, t/e 32:&it insta''er to 2ersion 8.. (4/is wi'' u%,rade t/e
data&ase sc/ema to !ee% Security 8.)
4. .ninsta'' your e)istin, !ee% Security (ana,er 8. after t/e u%,rade is com%'ete.
5. 6nsta'' t/e *4:&it 2ersion of !ee% Security (ana,er t/at is t/e same 2ersion and &ui'd num&er as t/e
%re2ious 32:&it !ee% Security (ana,er 8. you Oust uninsta''ed.
*. $/oose t/e e)istin, !ee% Security data&ase7 and c/oose FA22 a ne8 Mana"er no2eF o%tion.
7. 6f you are u%,radin, a !ee% Security (ana,er infrastructure t/at /as mu'ti%'e nodes7 you can s;i%
ste% 3 for t/e succeedin, nodes. Nou can remo2e t/e o'd !ee% Security (ana,er and sim%'y insta''
new !ee% Security (ana,er and %oint t/em to t/e same data&ase and it wi'' &e added as an
additiona' !ee% Security (ana,er node.
'.%.%.%. '%.bt to '%.bt Deep Securt! Mana"er Up"ra2e
1. 9ac;u% your !ee% Security (ana,er data&ase.
2. +nsure you /a2e a'' confi,uration information for your !ee% Security (ana,er a2ai'a&'e (for instance7
!9 credentia's and 'ocation).
34
3. .%,rade your !ee% Security (ana,er usin, t/e 32&it insta''er to 8.. Nou are ,i2en t/e o%tion to
Gup"ra2e t3e e4stn" nstallatonH7 or to Go5er8rte t3e e4stn" nstallatonH.
4. .%,radin, t/e insta''ation wi'' u%,rade t/e !ee% Security (ana,er to 2ersion 8.. #'' confi,uration
settin,s are retained after t/e u%,rade is com%'ete.
'.%.'. Up"ra2n" A22tonal Deep Securt! Mana"er No2e
4/ere are no s%ecia' instructions for u%,radin, additiona' !ee% Security (ana,er. -o''ow t/e %rocedure in
section '.%.% Up"ra2n" t3e Deep Securt! Mana"er. Howe2er7 do note t/at w/en one node in a mu'ti:node
en2ironment is u%,raded7 t/e remainin, !ee% Security (ana,ers wi'' &ecome off'ine and wi'' not acce%t
connections unti' t/ey are u%,raded. 4/erefore7 it is recommended to %erform u%,rade of !ee% Security
(ana,ers in a mu'ti:node en2ironment one after t/e ot/er. =t/erwise7 a'' a,ents wi'' connect to on'y t/e
u%,raded !ee% Security (ana,er on'y.
'.%.). Acton Ite6s n Deep Securt! before Up"ra2n"
+M8are Pro2uct to 5Sp3ere 5erson *.,
4/is a%%roac/ requires some downtime to t/e #nti:(a'wareB-irewa''B!ee% 5ac;et 6ns%ection a,ent'ess
%rotectionU t/e %rocess to de:acti2ate /undreds of ,uest 2irtua' mac/ines may ta;e se2era' days in a 'ar,e
enter%rise en2ironment and wi'' need to &e %'anned accordin,'y.
1. !o not u%,rade any of t/e "(ware %roducts to 2S%/ere 5. yet. .%,radin, 2$enter to 2ersion 5. for
e)am%'e wi'' %re2ent !ee% Security 7.5 from functionin, correct'y and wi'' %re2ent us from confi,urin,
!ee% Security in %re%aration for t/e 2S%/ere 5 u%,rade.
2$enter 4.1
+S> 4.1
2S/ie'd (ana,er 4.1
2S/ie'd 4/in #,ent 1.
2. !e:acti2ate a'' t/e !S"# mac/ines.
+ac/ ,uest 2irtua' mac/ine on t/e +S> /ost may add 3 seconds to t/e de:acti2ation time of
!S"# (e.,. 2 mac/ines may ta;e 1 minutes to com%'ete t/e de:acti2ation tas; on a sin,'e
!S"# mac/ine)
$/ec; t/e 2$enter conso'e for reconfi,uration tas; initiated &y 2S/ie'd (ana,er. Nou wi'' see
mu'ti%'e tas;s &ein, e)ecuted in 2$enter $onso'e. 6t needs to ,o t/rou,/ a'' mac/ines@ "(> fi'e
and remo2e t/e 2fi'e %arameters. 1oo; for t/e fo''owin, 2$enter 4as;sA
5Center Tas9s? Reconfi,ure 2irtua' mac/ine
5Center Tas9s? >>> "irtua'(ac/ine.in2o;e-SR.'a&e' not found >>>
3. (a;e sure a'' !S"# mac/ines /a2e &een unre,istered from 2S/ie'd (ana,er.

I6portant? 6f de:acti2ation fai'ed7 re&oot t/e 2S/ie'd (ana,er7 acti2ate !S"# and try t/e de:acti2ation
a,ain7 ma;e sure t/e de:acti2ation com%'eted successfu''y.

4. $/ec; and ma;e sure t/e "-61+ %arameter /as &een remo2ed from t/e "(> fi'e on a'' ,uest 2irtua'
mac/ines.
35

#cti2ated mac/ines "(> fi'e wi'' /a2e t/e fo''owin, %arametersA
scsi0:0.filters = "VFILE"
VFILE.globaloptions = "svmip=169.254.50.39 svmport=8888"
#fter a successfu' deacti2ation7 t/e "(> fi'e "-61+ %arameters 2a'ue wi'' &e remo2edA
scsi0:0.filters = ""
VFILE.globaloptions = ""

Note? 6f t/e "-61+ %arameters sti'' /a2e 2a'ues assi,ned to t/em7 t/e 2irtua' mac/ine wi'' not &e a&'e to
2(otion from +S> 4.1 /ost to +S>i 5. /ost. 6t wi'' fai' durin, t/e 2(otion %rocess &ecause +S>i 5. /ost
doesn@t /a2e "-61+ dri2er required in t/e 2irtua' mac/ine "(> fi'e.

5. 6f t/e "-61+ 2a'ue did not ,et remo2ed %ro%er'y in t/e "(> fi'e of t/e 2irtua' mac/ines7 %'ease contact
"(ware and request for a &as/ scri%t t/at wi'' /e'% automate t/e remo2a' of t/e "-61+ %arameter.
*. 6f you are usin, "(ware "iew7 c/ec; and ma;e sure "(ware "iew sna%s/ot confi,uration is turned off.
.nder 5oo' Settin,s t/e KRefres/ at 'o,offL must not &e used7 ot/erwise u%on 'o,off7 t/e 2irtua' mac/ine
is restored &ac; to a %re2ious sna%s/ot and t/e "-61+ %arameter t/at was remo2ed durin, t/e !S"# de:
acti2ation wi'' &e added &ac; into t/e "(> fi'e.
7. Run t/e scri%ts to remo2e t/e "-61+ %arameter manua''y on eac/ ?uest "irtua' (ac/ine
8. .ninsta'' t/e "(ware 2S/ie'd 4/in #,ent on a'' ,uest 2irtua' mac/ines.

Note? Yee% a'' !S"# mac/ines %owered on w/en initiatin, fast sus%end and resume action. (4/e
"(ware &as/ scri%t %erforms t/e fast sus%end and resume action and it requires t/e !S"# mac/ines
on'ine in order to com%'ete t/e o%eration.)
'.%.*. Buc9 O5er5e8 of Up"ra2n" to +M8are 5Sp3ere *.,
Nou are now ready to u%,rade "(ware 2S%/ere 4.) to 2S%/ere 5..
1. .%,rade 2$enter 4.1 to 2ersion 5..
2. 5ut an +S> 4.1 /ost into maintenance mode. (2(otion a'' 2irtua' mac/ines off t/e +S> /ost)
3. .%,rade t/e +S> 4.1 /ost to +S>i 5..
4. #%%'y a'' t/e necessary %atc/es for +S>i 5.
I6portant? +nsure t/e +S> is %atc/ed to at 'east &ui'd 474*1
5. (o2e or 2(otion t/e ,uest "irtua' (ac/ines to t/e u%,raded +S>i 5.. Re%eat ste% 2 to 5 and u%,rade
a'' +S> 4.1 /osts to +S>i 5..
*. .%,rade t/e ,uest 2irtua' mac/ine "(0are too's to 5.. (6f 2S/ie'd 4/in #,ent is sti'' insta''ed. .ninsta''
it first and t/en insta'' t/e "(ware 4oo's and ma;e sure "($6 com%onent is se'ected as %art of t/e
insta''ation.)
Note? 5'ease refer to t/e officia' "(ware u%,rade document for 2S%/ere 5..
+M8are Pro2uct Interoperablt! Matr4?
36
/tt%ABB%artnerwe&.2mware.comBcom%F,uide2BsimBintero%Fmatri).%/%C
Interoperablt! C3art for ESI an2 5S3el2 Mana"er
4/is c/art s/ows t/e 2S/ie'd (ana,er &ui'dB2ersion t/at can run under t/e indicated +S> 2ersion.
ESI *.,
ESI:ESI ).1
U%
ESI:ESI ).1 U%
(Ne8 >ul2#
ESI:ESI ).1 U1 ESI:ESI ).1
5S3el2 En2pont
*., (5SM#
Nes Nes Nes Nes Nes
5S3el2 En2pont
1., (5SM# U1
Nes Nes Nes
5S3el2 En2pont
1., (5SM#
Nes Nes Nes
Interoperablt! C3art for ESI:5SM an2 DS+A
4/is c/art s/ows w/at !S"# 2ersion can &e ran under t/e indicated +S> 2ersion and t/e 2S/ie'd (ana,er
needed to su%%ort it.
ESI *.,
ESI:ESI ).1
U%
ESI:ESI ).1 U%
(Ne8 >ul2 T>D#
ESI:ESI ).1 U1 ESI:ESI ).1
5S3el2 En2pont
*., (5SM#
!S"# 8.
5S3el2 En2pont
1., (5SM# U1
!S"# 7.5 !S"# 7.5 !S"# 7.5 !S"# 7.5
5S3el2 En2pont
1., (5SM#
!S"# 7.5 !S"# 7.5 !S"# 7.5 !S"# 7.5

'.'. Preparn" a +M8are En5ron6ent for A"entless
Protecton
Reco66en2e2 En5ron6ent . O5er5e8
4/e fo''owin, descri&es a !ee% Security de%'oyment in a ty%ica' "(ware en2ironment.
0e recommend /a2in, at 'east two +S>i 5. HostsA
<ost A is an +S>i /y%er2isor on w/ic/ are runnin, indi2idua' 2irtua' mac/ines ("(s) for !ee% Security
(ana,er 8.7 2S/ie'd (ana,er 5.7 and 2$enter Ser2er 5. (can &e insta''ed on a %/ysica' mac/ine).
=%tiona''y7 4rend (icro Smart 5rotection Ser2er and !ee% Security Re'ay can &e insta''ed on 2irtua'
mac/ines on Host #. #n additiona' 2irtua' mac/ine can a'so &e %ro2ided for a second !ee% Security
(ana,er node. =ne "( s/ou'd a'so &e %ro2ided for insta''in, t/e !ee% Security !ata&ase.
<ost > is an +S> /y%er2isor on w/ic/ are runnin, !ee% Security "irtua' #%%'iance (!S"#) and t/e "(s
requirin, #nti:(a'ware %rotection.

I6portant? #'t/ou,/ t/e 2$enter Ser2er7 t/e 2S/ie'd (ana,er and t/e !ee% Security (ana,er can &e
insta''ed on %/ysica' mac/ines7 most enter%rises insta'' t/em on "(s &ecause t/e 2irtua'i3ed en2ironment
is ca%a&'e of su%%ortin, t/em. 4/ey are insta''ed on a se%arate +S>i &ecause t/e %rotected +S>i must &e
restarted durin, t/e course of !ee% Security de%'oyment. #'so note t/at t/e !ee% Security data&ase is not
37
s/own in t/is dia,ram. 6t a'so can &e insta''ed on a %/ysica' mac/ine or on a "( (&ut7 a,ain7 not on a
%rotected +S>i).

'.'.1. Ser5er Preparaton
'.'.1.1. +M8are ESI *., Setup (<ost A#
1. 6nsta'' +S>i 5. on Host #
2. $onfi,ure t/e +S>i /ost. (e.,. 8etwor; static 65 #ddress)
I6portant? +nsure t/e +S>i 5. is %atc/ed to at 'east &ui'd 474*1. =ne met/od to %atc/ +S> /ost is
usin, "(ware .%date (ana,er an additiona' com%onent t/at can &e added into 2$enter Ser2er.

'.'.1.%. +M8are 5Center *., Setup
1. 5re%are ?uest =S 0indows Ser2er 28 or 23 (*4 &it)
2. 9rowse to your +S>i we'come %a,e and down'oad 2$enter Ser2er and 2S%/ere $'ient
3. 6nsta'' 2$enter Ser2er 5.
4. 6nsta'' 2S%/ere $'ient on t/e same ?uest "( or on any ot/er com%uter e)ce%t on +S>i Host 9
5. =n 2$enter conso'e7 add +S>i Host # usin, JA22 <ostJ o%tion.

38
Note? 2$enter $onso'e refers to t/e 2S%/ere $'ient ?.6

'.'.1.'. +M8are 5S3el2 Mana"er (5SM# *., Setup
1. =n 2$enter $onso'e7 se'ect Fle Deplo! O+F Te6plate
2. 9rowse and se'ect t/e 2S/ie'd (ana,er ="# fi'e. (a;e sure you de%'oy 2S( on any +S>i /ost
e)ce%t Host 9
3. =nce 2S( is de%'oyed7 %ower on 2S( and 'o,in as admin:default from conso'e
a. 4y%e FenableF to turn on %ri2i'e,ed mode command wit/ Jdefau'tJ as %assword
&. 4y%e setup and fo''ow t/e ste%s to finis/ 2S( networ; confi,uration
4. 1o,in to 2S( &y usin, an internet &rowser and ,o to https://<vSM-ip>
5. (a;e sure 2S( we& conso'e is dis%'ayed
'.'.1.). Preparn" 1uest OS for Database Ser5er
4/is ?uest wi'' /ost your =rac'e or S<1 data&ase for use &y t/e !ee% Security (ana,er.
1. 5re%are a ,uest =S 0indows 28 R2 or 23 (*4 &it) ((a;e sure t/e 'atest %atc/es are a%%'ied).
'.'.1.*. Preparn" 1uest OS for Deep Securt! Mana"er
1. 5re%are a ,uest =S 0indows 28 R2 or 23 (*4 &it)
2. =%tiona''y if you wou'd 'i;e to /a2e mu'ti:node !ee% Security (ana,er. 5re%are additiona'
,uest =S for ot/er !ee% Security (ana,er nodes

Important: Only install Deep Security 'ana)er on t$e sa&e ES*i $ypervisor as one t$at is $ostin)
t$e +'s you ,ant to protect i- t$at ES*i is part o- an ES* cluster. .$is is because t$e Deep
Security 'ana)er ,ill -orce t$e ES*i to )o into &aintenance &ode. #- t$e ES*i is part o- a cluster/
t$e +'s/ includin) t$e Deep Security 'ana)er/ ,ill be v'otioned to anot$er ES*i $ost durin)
t$is process.

'.'.%. 1uest OS Preparaton
4/ese ,uest 2irtua' mac/ines are to &e %rotected &y !ee% Security a,ent'ess.
'.'.%.1. ESI *., Setup (<ost >#
1. 6nsta'' +S>i 5. on Host 9
2. $onfi,ure +S>i networ; settin,s (e.,. 8etwor; Static 65 #ddress)
3. =n 2$enter $onso'e7 add Host 9 2ia FA22 <ostF
I6portant? +nsure t/e +S>i 5. is %atc/ed to at 'east &ui'd 474*1. =ne met/od to %atc/ +S> /ost is
usin, "(ware .%date (ana,er an additiona' com%onent t/at can &e added into 2$enter Ser2er.

39
'.'.%.%. Preparn" 1uest OS for A"entless Protecton
1uest +M A1 to be protecte2 b! Deep Securt! Ant.Mal8areA
1. 6nsta'' ,uest =S. (6f usin, 0indows 23 Ser2er7 ma;e sure you insta'' Ser2ice 5ac; 2)
2. (a;e sure t/e ,uest "( /as a &asic dis; 2o'ume. !ynamic dis;s are not su%%orted.
Note? 4/e defau't insta''ation of 0indows 23 /as &asic dis;.
3. 6nsta'' t/e "(ware 2S/ie'd +nd%oint t/in a,ent to t/is mac/ine.
Since +S>i 5. %atc/ +S>i5:21191 t/e 2S/ie'd +nd%oint dri2er is contained wit/in t/e
2S/ie'd !ri2ers inc'uded in "(ware 4oo's.
Note: vS$ield Drivers are not installed by de-ault durin) t$e installation o- +',are .ools.

To nstall t3e 5S3el2 Dr5ers?
1. 1aunc/ t/e "(ware 4oo's insta''er and se'ect to %erform an 6nteracti2e 6nsta''.
2. !urin, "(ware 4oo's insta''ation7 se'ect H Custo6 Install
3. +)%and +M8are De5ce Dr5ers
4. +)%and +MCI Dr5er
5. Se'ect 5S3el2 Dr5ers and c/oose H T3s feature 8ll be nstalle2 on local 2r5e.
-. $'ic; F0esF to restart t/e mac/ine.
1uest +M A% to be protecte2 b! Deep Securt! Ant.Mal8areA
1. Nou may insta'' more t/an one su%%orted ,uest "( on Host 9. 5'ease fo''ow t/e same ste%s as
a&o2e and insta'' t/e 2S/ie'd +nd%oint 4/in #,ent %ac;a,e.

Note? 6f you %'an to use manua' or sc/edu'ed scans &e sure to turn off s'ee% and stand&y mode on
t/e ,uest 2irtua' mac/ines. 6f a ,uest 2irtua' mac/ine ,oes into s'ee% or stand&y mode durin, a scan
you wi'' see an error indicatin, t/at t/e #nti:(a'ware Scan 4erminated #&norma''y. "irtua' (ac/ines
must &e in t/e runnin, state for scans to com%'ete successfu''y.

Tp? 6n a "(ware Hi,/ #2ai'a&i'ity en2ironment7 4rend (icro stron,'y recommends t/at you
im%'ement #,ent:'ess #nti:(a'ware %rotection on a'' t/e +S>i /y%er2isors in a c'uster. 0/en a "( is
2(otioned from one +S> /ost to anot/er7 t/e "( a,ent'ess %rotection wi'' remain ena&'ed across a''
%rotected +S> /osts.

'.). Installn" a Database Ser5er for Deep Securt! Mana"er
1. 6nsta'' S<1 Ser2er to t/e "irtua' (ac/ine
2. #%%'y t/e 'atest (icrosoft %atc/es onto t/e ser2er.
3. 1aunc/ t/e S<1 (ana,ement Studio
4. 1o,in usin, an S<1 #ccount t/at wi'' a'so &e used as our !S( S<1 #ccount.
40
5. $reate a new data&ase usin, t/is S<1 account
*. 0rite down t/e data&ase name we Oust created.
Account Detals?
(a;e a note of t/e account detai's used in creation of your data&ase instance as t/ey wi'' &e required
durin, t/e !ee% Security (ana,er insta''ation %rocess.
Note? 0/en creatin, an S<1 data&ase7 t/e S<1 account must &e ,ranted !9F$reator Ser2er Ro'es and
!9F=wner of t/e !S( !ata&ase.

'.*. Installn" Deep Securt! Mana"er (=n2o8s#
Cop! t3e Installer Pac9a"es?
$o%y t/e a%%ro%riate !ee% Security (ana,er insta''er and !ee% Security Re'ay 6nsta''er to t/e tar,et
mac/ine.
Note? 8ote t/at one or more !ee% Security Re'ays are required for !ee% Security functiona'ity. 6f you
intend to insta'' a !ee% Security Re'ay co:'ocated on t/e !ee% Security (ana,er@s com%uter7 you s/ou'd
co%y a !ee% Security Re'ay insta''er %ac;a,e to t/e same 'ocation as your !ee% Security (ana,er insta''er
%ac;a,e. !urin, t/e !ee% Security (ana,er insta''ation7 t/e insta''er c/ec;s for t/e !ee% Security Re'ay
%ac;a,e and if %resent and se'ected7 wi'' automatica''y continue wit/ t/e !ee% Security Re'ay insta''ation
once t/e !ee% Security (ana,er /as successfu''y insta''ed.

1. 6nsta'' !S( 8. (%'ease fo''ow t/e 6nsta''ation wi3ard to com%'ete t/e insta''ation)
2. Start t/e insta''ation &y c'ic;in, on t/e insta''ation e)ecuta&'e fi'e.
3. Se'ect Ne4t for t/e 0e'come Screen
4. #cce%t t/e 1icense #,reement. $'ic; Ne4t
5. S%ecify t/e insta''ation %at/. $'ic; Ne4t
Note? 0/en se'ectin, a directory t/e insta''er may a%%end t/e su,,ested directory name on t/e end
of t/e directory %at/ you /a2e se'ected. Re2iew t/e directory entry &efore %roceedin, if you /a2e
used t/e W&rowseW &utton.
*. S%ecify t/e ty%e of data&ase you wis/ to use. $'ic; Ne4t
Note? 6f you are usin, an =rac'e or S<1 Ser2er data&ase7 it must &e created &efore !ee% Security
(ana,er is insta''ed. +nter t/e account detai's.
7. +nter t/e acti2ation code.
8. 6n t/e #ddress and 5ort Screen7 we recommend usin, -<!8 of t/e mac/ine. $'ic; Ne4t.
9. =n t/e credentia's screen7 enter a %assword for (aster#dmin. $'ic; Ne4t
1. Yee% #utomatic .%dates &o) se'ected. $'ic; Ne4t
11. Se'ect w/et/er to insta'' a co:'ocated !ee% Security Re'ay. $'ic; Ne4t
Note? 6f you do not /a2e t/e !ee% Security Re'ay insta''er %ac;a,e in t/e same 'ocation as t/e !ee%
Security (ana,er insta''er t/is ste% wi'' &e &y%assed. 6f you c/oose not to insta'' a co:'ocated re'ay at
t/is time7 you can do so 'ater.
41
12. +na&'e 4rend (icro Smart -eed&ac;. $'ic; Ne4t.
13. $onfirm Settin,s. "erify t/e information you entered. $'ic; Fns3.
14. =nce t/e insta''ation is done ma;e sure you can 'o,in to !S( usin, t/e (aster#dmin account.
Note? 6f you se'ected to insta'' a co:'ocated !ee% Security Re'ay in Ste% 117 t/e Re'ay insta''ation wi'' run
si'ent'y now.

'.-. Installn" Deep Securt! Rela!
4/e !ee% Security Re'ay insta''er insta''s &ot/ Re'ay Ser2er and !ee% Security #,ent functiona'ity on 0indows
mac/ines. Remem&er t/at you must /a2e administrator %ri2i'e,es to insta'' and run t/e !ee% Security Re'ay
on 0indows mac/ines.
1. !ou&'e:c'ic; t/e insta''ation fi'e to run t/e insta''er %ac;a,e. $'ic; H Ne4t to &e,in t/e insta''ation.
2. #cce%t t/e 'icense a,reement and c'ic; H Ne4t to continue.
3. Se'ect t/e features you want to insta'' (t/e #nti:(a'ware feature is an o%tiona' com%onent).
4. $'ic; H Install to %roceed wit/ t/e insta''ation.
5. $'ic; H Fns3 and com%'ete t/e insta''ation.
0/en you /a2e com%'eted t/e insta''ation7 use t/e !ee% Security (ana,er to $onfi,ure !ee% Security Re'ay as
descri&ed in secton ).) Conf"ure Up2ates.
Note? 6nsta''in, t/e !ee% Security Re'ay o2er 0indows Remote !es;to% is 8=4 recommended &ecause of t/e
tem%orary 'oss of connecti2ity durin, t/e insta'' %rocess. Howe2er7 usin, t/e fo''owin, command 'ine switc/
w/en startin, Remote !es;to% wi'' a''ow t/e insta'' %ro,ram to continue on t/e ser2er after t/e connection is
'ostA
=n 0indows Ser2er 28 or 0indows "ista S51 and 'ater or 0indows >5 S53 and 'ater7 useA &stsc.e0e 1ad&in
=n ear'ier 2ersions of 0indows7 useA &stsc.e0e 1console
'.$. A22tonal Conf"uraton for +M8are Inte"raton
At t3s pontC 6a9e sure t3e follo8n" te6s 3a5e been co6plete2.
A. 4/e "(ware +n2ironment is a'ready setu% as descri&ed in secton '.' J Preparn" a +M8are
En5ron6ent for A"entless Protecton.
9. !ee% Security (ana,er (and data&ase) is a'ready insta''ed.
$. # !ee% Security Re'ay /as &een insta''ed and confi,ured on t/e !S(.
'.$.1. +M8are 5S3el2 En2pont Deplo!6ent on ESI 3osts
1. 6nsta'' 2S/ie'd +nd%oint (+5S+$) to +S>i 5. /ost (Host 9)
2. 1o,in to 2S/ie'd (ana,er usin, an Internet >ro8ser to /tt%sABBR2S(:i%P
3. 1o,in to t/e 0e& $onso'e. 4/e defau't username and %assword is a26n:2efault.
4. =n t/e ri,/t side Conf"uraton ta&7 enter your 2$enter Ser2er 6nformation
5. Se'ect <ost K Cluster in t/e 'eft na2i,ation %ane
42
*. Se'ect an +S>i Host (Host 9) we want to insta'' 2S/ie'd +nd%oint modu'e.
7. =n t/e ri,/t %ane7 c'ic; Install 'in; under t/e Ser2ice item 5S3el2 En2pont
8. #fter t/e insta''ation7 %'ease ma;e sure t/e Ser2ice 5S3el2 En2pont /as 2ersion num&er dis%'ayed.
Nou notice t/e 6nsta'' 'in; c/an,ed to .ninsta''.
A22tonal Steps?
0e recommend re&ootin, t/e 2S/ie'd (ana,er after +S>i Host 2S/ie'd +nd%oint /as &een insta''ed to
ensure e2eryt/in, /as &een initia'i3ed correct'y.
1. =n 5Center Console7 ,o to t/e 5SM Console ta&.
2. 1o,in as a26n:2efault from conso'e
3. 4y%e enable to turn on %ri2i'e,ed mode command wit/ 2efault as %assword
4. 4y%e reboot to re&oot t/e 2S/ie'd (ana,er
5. 1o,in to 2S/ie'd (ana,er usin, 6nternet 9rowser wit/ t/e .R1 /tt%sABBR2S(:i%P
*. (a;e sure 2S/ie'd (ana,er 0e& $onso'e is dis%'ayed %ro%er'y.
7. 1o, into t/e 2S( we& conso'e and 2erify t/at status of t/e +S> Ser2er. $'ic; on t/e +S> Ser2er and
ma;e sure 2S/ie'd +nd%oint is s/owin, t/e correct 2ersion information.

Note: #- t$e status displays ,ron) in-or&ation/ clic% on t$e re-res$ lin% on t$e top ri)$t corner. #- t$e
version in-or&ation is incorrect or not displayed/ please contact +',are to resolve t$e proble&.

'.$.%. A22 5Center nto Deep Securt! Mana"er =eb Console
1. ?o to t/e Deep Securt! Mana"er =eb Console
2. -rom t/e 'eft na2i,ation %ane' se'ect Co6puters A22 +M8are 5CenterL
3. +nter 2$enter Ser2er -<!8 (-<!8 is recommended instead of usin, 65 #ddress)7 s%ecify .sername
and 5assword7 $'ic; Ne4t.

Note: 'a%e sure D2S is properly con-i)ured and is able to resolve 3!D2 to #4 5ddress correctly by all
&ac$ines in t$e environ&ent. Ot$er,ise use #4 5ddress instead.

4. +nter 2S/ie'd (ana,er Ser2er #ddress7 .sername and 5assword7 $'ic; Ne4t
5. .nder KDeep Securt! +rtual Applance "lobal net8or9L confi,uration. .se recommended defau't
confi,uration. $'ic; Ne4t

Note? 4/e "( Yerne' "86$ 65 &y defau't uses 1*9.254.1.1. 6t is %ossi&'e some ot/er 2S/ie'd %roducts
are a'ready insta''ed on t/e +S> Ser2er. 6f t/at is t/e case7 we wi'' ma;e use of t/e e)istin,
confi,uration.
6f t/ere is a'ready an e)istin, %roduct t/at created t/e 2mser2ice:2m;nic:%, and assi,ned an 65
#ddress 1*9.254.1.17 ma;e sure t/e 65 #ddress is confi,ured t/e same in "( Yerne' "86$ 65

*. #cce%t t/e 2S/ie'd Xones (ana,er SS1 certificate.
43
7. #cce%t t/e "(ware defau't certificate.
8. Re2iew 2$enter information and t/en $'ic; Fns3.
9. K4/e "(ware 2$enter /as &een successfu''y addedL messa,e wi'' &e dis%'ayed7 c'ic; Close.
10. $'ic; on Co6puters 5Center to ma;e sure t/e 2$enter is 'isted.

Note? =n a 2ery 'ar,e en2ironment wit/ more t/an 3 mac/ines re%ortin, to a 2$enter Ser2er7 t/is
im%ortant %rocess may ta;e 2 to 3 minutes to com%'ete. Nou can c/ec; t/e 2$enter Recent 4as;
section to 2erify if t/ere are acti2ities runnin,.

'.$.'. I6portn" Soft8are Pac9a"es nto Deep Securt!
Mana"er
!ee% Security (ana,er 0e& $onso'e confi,uration must &e %erformed &y usin, a !S( user account wit/
-u'' #ccess ri,/ts.
2. -rom t/e 'eft na2i,ation %ane' se'ect S!ste6 Up2ates
3. Scro'' down and se'ect I6port Soft8areL from Software 5ac;a,e section.
4. >ro8se and Se'ect -i'ter!ri2er Xi% -i'e 5ac;a,e (-i'ter!ri2er:+S>:8..:)))).)8*F*4.3i%). $'ic; Ne4t.
5. $'ic; Fns3 on t/e ne)t screen.
*. >ro8se and Se'ect #%%'iance Xi% -i'e 5ac;a,e (#%%'iance:+S>:8..:)))).)8*F*4.3i%). $'ic; Ne4t.
7. $'ic; Fns3 on t/e ne)t screen.
Note? 4/e %ac;a,e u%'oad may ta;e 5:1 minutes de%endin, on networ; &andwidt/
8. $'ic; on +e8 I6porte2 Soft8areL &utton and ma;e sure &ot/ t/e fi'ter dri2er and a%%'iance
%ac;a,e are u%'oaded.
'.$.). Preparn" ESI <osts
I6portant? 4/e +S>i wi'' &e %'aced in maintenance mode for t/is tas;. #'' 2irtua' mac/ines runnin, on t/is
+S>i must &e sto%%edB%aused or 2(otioned to anot/er +S>i /ost (ma;e sure a c'uster ser2er wit/
2(otion su%%ort is set u% so t/at t/is can &e done automatica''y)

2. Se'ect Co6puters 5Center <osts an2 Clusters
3. 4/e +S> Ser2ers wi'' &e 'isted. Ri,/t c'ic; on t/e +S> Ser2er and se'ect Actons Prepare ESI. $'ic;
Ne4t
4. Se'ect 0ES to automatica''y &rin, t/e +S> in and out of maintenance mode. $'ic; Fns3

Note? 4/e +S> Ser2er is re&ooted automatica''y durin, t/e %re%are %rocess. #t t/e start t/e +S> Ser2er
wi'' enter maintenance mode. #fter t/e re&oot it wi'' e)it out of maintenance mode automatica''y
44

5. 4/e +S> Ser2er %re%aration %rocess wi'' com%'ete a'' acti2ities wit/ no furt/er user in%ut necessary.
*. Nou can 'oo; at t/e 5Center Console tas;s to see /ow t/e +S> %re%aration is %ro,ressin,. ?oin, into
maintenance mode and e)itin, maintenance mode t/e %rocess is com%'eted.
7. =nce t/e %rocess is com%'ete. Se'ect KNo t3an9sC I 8ll 2eplo! later.L $'ic; Close. 0e wi'' insta'' t/e
!ee% Security "irtua' #%%'iance 'ater.
8. 4/is com%'etes t/e +S> %re%aration. 0ait for few minutes.
9. ?o &ac; to Co6puters 5Center and c/ec; t/e status of +S> Host is set to GPrepare2H.
'.$.*. Deplo!n" Deep Securt! +rtual Applance
-u'' #ccess ri,/ts. 8ote t/at a !S"# s/ou'd &e de%'oyed on eac/ %rotected +S>i 5. /ost.
2. Se'ect Co6puters 5Center
3. Ri,/t $'ic; on t/e +S> Host and se'ect Actons Deplo! Applance. $'ic; Ne4t.
4. +nter a Na6e for t/e #%%'iance and se'ect a Datastore for t/e a%%'iance. $'ic; Ne4t.
5. Se'ect t/e Mana"e6ent Net8or9 for t/e #%%'iance. $'ic; Ne4t.
*. !efine t/e #%%'iance <ostna6e. +nter t/e IP5- A22ress an2:or IP5) A22ress for t/e #%%'iance.
(!H$5 is ena&'ed &y defau't). $'ic; Ne4t.
7. Se'ect T3c9 Pro5sone2 for6at7 $'ic; Fns3 and wait for few minutes
8. 0ait for t/e %ac;a,e to &e created and u%'oaded to t/e +S> /ost.
9. #cce%t t/e SS1 $ertificate in t/e ne)t screen and wait for few minutes ti'' t/e a%%'iance is de%'oyed.
1. Nou s/ou'd see #%%'iance successfu''y de%'oyed messa,e.
11. .nder #cti2ate !ee% Security #%%'iance section7 se'ect JNo t3an9sC I 8ll act5ate t laterL. $'ic;
Close.
+erfcaton Steps?
1. $/ec; t/e 2$enter to ma;e sure t/e !S"# a%%'iance is u% and runnin,.
2. =n 5Center Console7 ,o to t/e !S"# JConsoleJ ta&
3. =n t/e !S"# main screen window. 4a;e note of t/e (ana,ement #ddress of !S"#7 sometimes it
uses et/ at times it uses et/1.
4. (a;e sure t/e networ; ada%ters are confi,ured correct'y and t/ey are on t/e correct networ; %oo'.
5. ?o to t/e +rtual Mac3ne Propertes Su66ar! Tab7 c'ic; on E2t Settn"s.
*. ?o to <ar28are 4a&7 t/ere are 3 interfaces a2ai'a&'e.

Note? 8etwor; ada%ter 1 is a'ways t/e mana,ement networ;. !S"# uses t/is interface to communicate
wit/ t/e !ee% Security (ana,er.
8etwor; #da%ter 2 is used &y !S"# to communicate wit/ t/e "( Yerne' "86$ 65. $/ec; t/e +S> 8etwor;
$onfi,uration. (a;e sure t/e networ; connection 56ser5ce.tren2.p" is on t/e same 2irtua' switc/ as
56ser5ce.569nc.p"
45

7. ?o to t/e command 'ine &y %ressin, Alt M F%7 'o,on usin, ds2aBds2a.
8. (a;e sure you can %in, t/e !ee% Security (ana,er -<!8.
4y%e t/e commandA
sudo ping <IP Address of the Deep Security Manager>
A22tonal Steps?
!RS and H# must &e turned off on t/e !S"# 2irtua' mac/ine7 t/e !S"# must stay wit/ t/e +S>i /ost it is
assi,ned to %rotect and must ne2er &e 2(otioned to anot/er +S>i /ost
1. -rom t/e 2$enter $onso'e7 ,o to t/e "( ?rou% Settn"s +rtual Mac3ne Optons.
2. Se'ect t/e !S"# mac/ine and under Auto6aton /e5el7 ma;e sure H# and !RS are &ot/ 2sable2.
'.$.-. Increasn" Deep Securt! +rtual Applance Me6or!
Here is t/e recommended memory we want to a''ocate to t/e !S"# mac/ine de%endin, on t/e num&er
of "irtua' (ac/ines %er +S>i Host.
1?9 of memory is assi,ned to t/e !S"# &y defau't.
6ncrease t/e memory to 4?9 for a !S"# %rotectin, 5 "irtua' (ac/ines.
6ncrease t/e memory to 8?9 for a !S"# %rotectin, 1T "irtua' (ac/ines.

1. =n 5Center Console7 ,o to t/e !S"# Console ta&.
2. 5ower:off t/e !S"#
a. Alt M F%7 'o,on usin, ds2aBds2a
&. 4y%e in t/e commandA sudo shutdown h now
3. ?o to t/e Su66ar! E2t Settn"s <ar28are 4a&
4. #''ocate 8?9 of memory to t/e 2irtua' a%%'iance.
5. 5ower:on t/e !S"#
'.$.$. Act5atn" Deep Securt! +rtual Applance
-u'' #ccess ri,/ts.
3. Ri,/t $'ic; on t/e !S"# a%%'iance mac/ine and se'ect Actons Act5ate Applance
4. $'ic; Ne4t
5. -or security %rofi'e se'ect Deep Securt! +rtual Applance. $'ic; Ne4t
*. !S"# starts t/e acti2ation %rocess.
7. !S"# wi'' re,ister itse'f into 2S/ie'd (ana,er.
8. .nder #cti2ate Host "irtua' (ac/ines7 se'ect FNo t3an9sC I 8ll act5ate t3e6 laterF. $'ic; Fns3.
46
9. $'ic; $'ose.
10. ?o &ac; to Co6puters 5Center and ma;e sure t/e !S"# status is set to Mana"e2 (Onlne#
'.$.&. Act5atn" 1uest +rtual Mac3nes
Ass"n 1uest +rtual Mac3nes to t3e ESI
1. #ssi,n ?uest "irtua' (ac/ines to t/e +S>i Host (Host 9)
2. 5ower:on t/e mac/ines if t/ey are off'ine.
Act5ate t3e +rtual Mac3nes
3. ?o to t/e !ee% Security (ana,er 0e& $onso'e
5. Ri,/t $'ic; on t/e "irtua' (ac/ine and se'ect Acton Act5ate
*. Ri,/t $'ic; on t/e "irtua' (ac/ine and se'ect Acton Ass"n Securt! Profle
7. Nou can use t/e =n2o8s Ant.Mal8are Protecton security %rofi'e. 4/is on'y /as anti:ma'ware
feature ena&'ed.
8. $/ec; t/e status of t/e mac/ine and ma;e sure Ant.Mal8are status is KOnL.
Note? 6f anti:ma'ware is acti2e7 you wi'' notice t/e ?reen &a'' status dis%'ayed under #nti:(a'ware
co'umn

'.&. Installn" Deep Securt! A"ents
'.&.1. =n2o8s
'.&.1.1. Auto6aton usn" E4stn" Deplo!6ent Tools
#s mentioned ear'ier7 c'ients /a2e to re'y on t/e e)istin, software de%'oyment too's in t/eir
en2ironment to de%'oy !ee% Security #,ents to t/e end%oints. $'ients s/ou'd identify t/e se,ments
w/ere t/ey can use t/ese too's (S(S7 #'tiris7 etc.) to de%'oy t/e !ee% Security #,ent (S6 6nsta''er
%ac;a,e.
8oteA 4o insta'' a'' a2ai'a&'e features in !S# usin, t/e (S6 insta''er7 use t/is commandA
msiexec /i c:\dsa\Agent-Windows-8.0.msi /q addlocal=all
'.&.1.%. T3e nee2 for 2on" Manual Installaton
4/ere cou'd &e some se,ments in t/e c'ient en2ironment w/ere t/ere wou'd &e no de%'oyment too's
a2ai'a&'e. 6n t/ose se,ments c'ient may /a2e to insta'' t/e !S# software manua''y. 6t is s ,ood
strate,y to identify suc/ se,ments &efore/and so t/at some e)tra time wou'd &e added to t/e
de%'oyment %roOect7 to accommodate suc/ scenarios and sti'' meet t/e dead'ines.
47
'.&.%. Re2 <at /nu4
1. 4o insta'' t/e !ee% Security #,ent on a 1inu) mac/ine7 you need to 'o, on as JrootJ. #'ternati2e'y7
you can use t/e JsudoJ uti'ity to insta'' t/e #,ent.
$ su
Password:
2. .se Jr%m :iJ to insta'' t/e dsFa,ent %ac;a,eA
# rpm -i Agent-RedHat_2.6.18_8.EL5_i686-8.0.0-xxxx.i386.rpm
Preparing... ########################################## [100%]
1:ds_agent ########################################## [100%]
Loading ds_filter_im module version 2.4.21-20.EL-i686 [ OK ]
Starting ds_agent: [ OK ]

NoteA .se \r%m :. to u%,rade from a %re2ious insta''. 4/is a%%roac/ wi'' %reser2e your %rofi'e
settin,s

3. 4/e !ee% Security #,ent wi'' &e started automatica''y u%on insta''ation.
'.&.'. Sun Solars 1, (8t3 Up2ate ) or abo5e#
1. .se t/e fo''owin, commands to e)tract t/e insta''er fi'e.
gunzip Agent-Solaris_5.x_sparc-7.x.x-xxxx.sparc.pkg.gz
2. .se t/e fo''owin, commands to insta'' !ee% Security #,ent.
pkgadd -d Agent-Solaris_5.x_sparc-7.x.x-xxxx.sparc.pkg all

Note? 6f you are insta''in, !ee% Security #,ent for So'aris 87 9 and 1 .%date 3 or &e'ow. 5'ease refer
to t/e !ee% Security 8. ?ettin, Started and 6nsta''ation ?uide.

'.&.). AII
1. 1o, in as Root
2. $o%y t/e %ac;a,e to a tem%orary fo'der (Btm%)
3. .n3i% t/e %ac;a,e usin, ,un3i%A
/tmp> gunzip Agent-AIX_5.3-7.x.x-x.powerpc.bff.gz
4. 6nsta'' t/e #,entA
/tmp> installp a d /tmp ds_agent
'.&.*. <P.UI
1. 1o, in as Root
2. $o%y t/e %ac;a,e to a tem%orary fo'der (Btm%)
3. .n3i% t/e %ac;a,e usin, ,un3i%A
/tmp> gunzip Agent-HPUX_11.23_ia64-7.x.x-x.ia64.depot.gz
48
4. 6nsta'' t/e #,ent
/tmp> swinstall s /tmp/Agent-HPUX_11.23_ia64-7.x.x-x.ia64.depot ds_agent

Note? 4/e %ac;a,e is referenced usin, t/e fu'' %at/. Re'ati2e %at/s wi'' not &e acce%ted.)

'.&.-. A22n" t3e Co6puters to Deep Securt! Mana"er
#dd com%uters t/at /a2e !ee% Security #,ents to !ee% Security (ana,er@s $om%uters 'ist. 4/ere are
four ways of addin, com%uters to t/e !ee% Security (ana,er $om%uters screenA
1. #ddin, com%uters indi2idua''y &y s%ecifyin, t/eir 65 addresses or /ostnames
2. !isco2erin, com%uters &y scannin, t/e networ;
3. $onnectin, to a (icrosoft #cti2e !irectory and im%ortin, a 'ist of com%uters
4. $onnectin, to a "(ware 2$enter and im%ortin, a 'ist of com%uters.
'.&.$. Act5atn" t3e Co6puters
6n en2ironments w/ere a 'ar,e num&er of #,ents are de%'oyed usin, t/ird:%arty software distri&ution
mec/anisms7 suc/ as (icrosoft S(S7 it may &e &eneficia' to ena&'e t/e K#,ent 6nitiated #cti2ationL
o%tion. 4/is a''ows t/e !ee% Security #,ent to %erform se'f:re,istration wit/ t/e !ee% Security (ana,er
&y e)ecutin, a command 'ine a%%'ication on t/e %rotected /ost fo''owin, t/e insta''ation of t/e #,ent.
4/is a''ows t/e acti2ation to &e scri%ted durin, insta''ation requirin, no additiona' ste%s &y t/e
administrator. 4/e command 'ine acti2ation uses dsaFcontro'.e)e &inary found under t/e !ee% Security
#,ent insta'' fo'derA
dsa_control.exe /a dsm://ip_address:4120/

Note? 5'ease use t/e artic'e &e'ow to ,et t/e information a&out ena&'in, t/e K#,ent 6nitiated #cti2ationL
and t/e synta) for t/e command to use in your scri%t.
/tt%ABBesu%%ort.trendmicro.comB%a,esBHow:can:a:remote'y:insta''ed:!ee%:Security:#,ent:
initiateacti2ation:wit/:t/e:!ee%:Security:(ana,er.as%)
'.(. Installn" Deep Securt! Notfer
1. !ou&'e:c'ic; t/e insta''ation fi'e to run t/e insta''er %ac;a,e. $'ic; Ne4t to &e,in t/e insta''ation
2. Read t/e 'icense a,reement and c'ic; H Ne4t.
3. $'ic; Install to %roceed wit/ t/e insta''ation.
4. $'ic; Fns3 to com%'ete t/e insta''ation.

Note? +na&'e "($6 w/en usin, t/e !ee% Security 8otifier on "irtua' mac/ines.
4o ena&'e "($67 Sto% t/e 2mware ima,e.
2. 6n 2$enter se'ect t/e ima,e and edit settin,s
3. =n t/e /ardware ta& se'ect t/e "($6 de2ice
49
4. $'ic; t/e +na&'e "($6 &etween "( 6ma,es c/ec;&o) and sa2e.

M "($6 is Oust a communication mec/anism. #nyt/in, 'ayered on to% of it ou,/t to im%'ement its own
aut/entication and security so t/at it can trust data t/at it recei2es &efore actin, u%on it. 4/is t/erefore is no
different from writin, anyt/in, e'se t/at sits on to% of a communication mec/anism.

50

). Post Installaton Conf"uraton an2 Re5e8
).1. Conf"urn" SMTP ser5er for E6al Notfcaton
!ee% Security (ana,er requires an S(45 re'ay to de'i2er emai' a'erts and sc/edu'ed re%ortin,. 4/e S(45
re'ay settin, (address7 aut/entication information) is confi,ured in t/e ,'o&a' !S( settin,s.
).%. Create Roles an2 Users
I2entf! 2fferent accounts to be create2 an2 t3er r"3ts
!ee% Security uses ro'e:&ased access contro' to restrict .sers@ access to 2arious %arts of t/e !ee% Security
system. =nce you /a2e insta''ed t/e !ee% Security (ana,er you s/ou'd create indi2idua' accounts for eac/
.ser and assi,n eac/ .ser a Ro'e w/ic/ wi'' restrict t/eir acti2ities to a'' &ut t/ose necessary for t/e
com%'etion of t/eir duties.
!ee% Security comes %re:confi,ured wit/ two Ro'esA
Full Access? 4/e -u'' #ccess Ro'e ,rants t/e .ser a'' %ossi&'e %ri2i'e,es in terms of mana,in, t/e
!ee% Security system inc'udin, creatin,7 editin,7 and de'etin, com%uters7 com%uter ,rou%s7
Security 5rofi'es7 Ru'es7 #nti:(a'ware confi,urations7 com%onents7 and ot/ers.
Au2tor? 4/e #uditor Ro'e ,i2es t/e .ser t/e a&i'ity to 2iew a'' t/e information in t/e !ee% Security
system &ut wit/out t/e a&i'ity to ma;e any modifications e)ce%t to t/eir own %ersona' settin,s7
suc/ as %assword7 contact information7 das/&oard 'ayout %references7 and ot/ers.
Nou can create new Ro'es w/ic/ can restrict .sers from editin, or e2en seein, e'ements of t/e !ee% Security
system suc/ as s%ecific com%uters7 t/e %ro%erties of security Ru'es7 or t/e System Settin,s.
9efore creatin, .ser accounts7 identify t/e Ro'es t/at your .sers wi'' ta;e and itemi3e w/at e'ements of t/e
!ee% Security system t/ose Ro'es wi'' require access to and w/at t/e nature of t/at access wi'' &e (2iewin,7
editin,7 creatin,7 etc.). =nce you /a2e created your Ro'es7 you can t/en &e,in creatin, .ser accounts and
assi,nin, t/em s%ecific Ro'es.
-or detai's on /ow to create Ro'es and .ser accounts7 see t/e corres%ondin, sections of t/e on'ine /e'% or t/e
.ser@s ?uide.
).'. <ost 1roupn"
9e'ow you wi'' find different e)am%'es of ,rou%in, t/e /osts into a ,rou%. 4/ese are some recommendations.
$'ients are free to use w/ate2er ty%e of c'assification to ,rou% t/eir /osts as %er t/eir en2ironment. Nou can
use t/e sc/emes &e'ow in a com&ined way as /osts can &e ,rou%ed into mu'ti:'e2e' ,rou%s in !ee% Security
8.
).'.1. T!pe of OS an2 T!pe of Applcaton Ser5er
4/e recommended met/od of ,rou%in, t/e /osts is to ,rou% t/em on t/e &asis of t/eir o%eratin, system
and t/en ,rou% t/em on t/e &asis of #%%'ication runnin, on t/em (in case of ser2ers). So you may ,et a''
t/e +)c/an,e (ai' ser2ers in one ,rou% and #'' t/e So'aris &ased (4# ser2ers in anot/er ,rou%. 4/is way
it wi'' &e easier to create and de%'oy t/e security %rofi'es accordin, to t/e ty%e of t/e ser2er a%%'ication.
51
-o''owin, t/e same 'o,ic of ,rou%in,7 t/e wor;station &ased o%eratin, systems wi'' automatica''y end u%
,ettin, t/eir own ,rou%.
).'.%. 1eo"rap3c /ocatons
#not/er strate,y to ,rou% t/e /osts cou'd &e to ,rou% t/em on t/e &asis of t/eir ,eo,ra%/ic 'ocation. -or
,'o&a' com%anies t/is cou'd &e im%ortant to /a2e different set of ru'es to de%'oy to ac/ie2e certain
com%'iances in certain re,ions.
).'.'. >an282t3 of t3e /n9s
#not/er factor to decide for t/e ,rou%in, cou'd &e t/e concern a&out t/e &andwidt/ for certain /osts in a
remote 'ocation or 'ocation wit/ narrow &andwidt/. Ru'es can &e a%%'ied different'y in suc/ cases to /a2e
t/e minimum num&er of e2ents &ein, sent &ac; to t/e !S(. Sc/edu'ed of t/e scans7 'i;e recommendation
scans7 can a'so &e sc/edu'ed wit/ a different frequency as com%ared to t/e /osts on a &roader &andwidt/.
+2en t/e confi,urationa''y c/an,es can &e sc/edu'ed to &e %us/ed down to t/em on a s%ecia' sc/edu'e.
).). Conf"ure Up2ates
!ee% Security (ana,er requires at 'east one !ee% Security Re'ay to %u'' down u%dates from t/e new 4rend (icro
#cti2e.%date Ser2er. .%dates are required for a'' %rotection functiona'ity e)ce%t -irewa''.
!ee% Security (ana,er ,ets u%date information on'y from t/e !ee% Security Re'ay. # ty%ica' confi,uration is for
t/e !ee% Security (ana,er to use a !ee% Security Re'ay co:'ocated on t/e same com%uter. 6f you /a2e c/osen not
to insta'' t/e co:'ocated !ee% Security Re'ay7 you s/ou'd insta'' a !ee% Security Re'ay on anot/er com%uter.

Note? 0/en usin, Re'ay ?rou%s7 !ee% Security Re'ays on 1inu) wi'' not u%date correct'y if t/ey use !ee% Security
Re'ays on 0indows as t/eir u%date source. 6t is recommended t/at !ee% Security Re'ays on 0indows and 1inu)
on'y e2er &e confi,ured to u%date from t/e 4rend (icro ?'o&a' .%date source7 or from Re'ays of t/e same
%'atform.

4/e c'oc; on a !ee% Security Re'ay (!SR) mac/ine must &e sync/roni3ed wit/ !ee% Security (ana,er (!S() to
wit/in a %eriod of 24 /ours. 6f t/e !SR c'oc; is &e/ind t/e !S( c'oc; t/en an J#,ent #cti2ateJ o%eration wi'' fai'
&ecause t/e certificate ,enerated for t/e !SR &y !ee% Security (ana,er wi'' not yet &e 2a'id.

Note? 6f t/is condition is encountered an J#,ent #cti2ate -ai'edJ e2ent wi'' &e recorded in t/e System +2entsA J#
c'ient error occurred in t/e !ee% Security (ana,er to !ee% Security #,ent %rotoco'A H445 c'ient error recei2edA
certificate is not yet 2a'idJ.

).).1. Conf"ure Deep Securt! Rela!
A. Act5ate t3e Deep Securt! Rela!?
1. 1o, into t/e Deep Securt! Mana"er =eb Console. ?o to t/e Co6puters section. A22 t/e com%uter on
w/ic/ t/e !ee% Security Re'ay is insta''ed. Act5ate t/e mac/ine.
2. $/ec; t/at t/e !ee% Security Re'ay status is s/owin, Mana"e2 (Onlne#.
52
3. =n t/e !ee% Security Re'ay com%uter7 dou&'e c'ic; on t/e !ee% Security 8otifier icon in System 4ray and
c/ec; t/e status if it is dis%'ayin, =Y.
>. Up2atn" t3e Deep Securt! Rela!
1. 6n t/e !ee% Security (ana,er 0e& $onso'e7 ,o to S!ste6 S!ste6 Settn"s Up2ates.
2. $'ic; t/e +e8 Rela! 1roups &utton.
3. =n t/e Re'ay ?rou%s window7 c'ic; Ne87 and create a ne8 rela! "roup7 select t/e new'y added !ee%
Security Re'ay com%uter in t/e (em&ers section. $'ic; ON.
4. ?o to S!ste6 Up2ates. Nou s/ou'd see t/e new'y added Re'ay as a mem&er of t/e Re'ay ?rou% in t/e
Re'ays section.
5. 6n t/e Securt! Up2ates section7 t/e 'ist of $om%onents wi'' a'' s/ow K8ot u%datedL yet. $'ic; Up2ate
Co6ponents No8L7 and t/en in t/e $om%onent .%date 0i3ard c'ic; Fns3.
*. .%datin, t/e $om%onents on t/e !ee% Security Re'ay may ta;e a few minutes.
7. 0/en t/e $om%onent .%date 0i3ard s/ows t/at t/e u%date /as com%'eted7 c'ic; Fns3.
8. Return to S!ste6 Up2ates. 6n t/e Securt! Up2ates section7 t/e 'ist of $om%onents wi'' a''
s/ow \1V .%dated.
9. =n t/e !ee% Security Re'ay com%uter7 o%en t/e !ee% Security 8otifier and you wi'' see t/at t/e
$om%onents 'ist /as &een u%dated.

Note? !ee% Security (ana,er@s a&i'ity to %erform com%onents u%date re'ies on t/e !ee% Security Re'ay. 6t is a
necessary modu'e t/at must &e insta''ed as %art of t/e !ee% Security setu%.
!ee% Security #,ents and #%%'iances a'so u%dates from a !ee% Security Re'ay. !ee% Security #,ents can &e
confi,ured to fa''&ac; to 4rend (icro #cti2e.%date Ser2er for u%dates if !ee% Security Re'ay is not a2ai'a&'e.
4/is o%tion is disa&'ed &y defau't under S!ste6 S!ste6 Settn"s Up2ate Tab Allo8
A"ents:Applances to up2ate fro6 t3s source f Deep Securt! Rela!s are not a5alable.

).).%. Conf"ure A"ent Up2ates 5a Rela!
9y defau't a'' mac/ines are assi,ned to t/e Default Rela! 1roup7 t/is re'ay ,rou% contains a'' !ee% Security
Re'ays t/at /a2e not &een assi,ned to any user created re'ay ,rou%s.

Tp? 6f you /a2e one f'at networ; w/ere a'' mac/ines are connectin, to t/e same source for com%onents
u%date. 4/ere is no need to confi,ure Re'ay ?rou%s. #'' e)istin, !ee% Security Re'ay in %'ace wi''
automatica''y &e used &y mac/ines as t/eir u%date source.
Howe2er if you /a2e a se,re,ated networ; and eac/ su&net must /a2e a desi,nated u%date source7 you wi''
need to create a Re'ay ?rou% for eac/ su&net and assi,n t/e a%%ro%riate !ee% Security Re'ay into t/e Re'ay
?rou%. (ac/ines wit/in t/at su&net must &e assi,ned t/eir Re'ay ?rou% so t/ey can down'oad from t/eir
c'osest !ee% Security Re'ay wit/in t/eir su&net.

4o se'ect a Re'ay for an #,ent B #%%'iance7 on t/e Co6puters screen r"3t.clc9 t3e A"ent : Applance
from t/e Actons menu se'ect Ass"n Rela! 1roup.
53
).).%.1. Deep Securt! Rela! an2 Co6ponent Up2ates n an Ar.1appe2
En5ron6ent
6f your en2ironment does not a''ow !ee% Security Re'ay to connect direct'y to #cti2e.%date 2ia t/e
internet7 an a'ternati2e met/od is a2ai'a&'e to im%ort a %ac;a,e of .%dates to a Re'ay for distri&ution to
ot/er !ee% Security Software $om%onents.
A. Usn" a Deep Securt! Rela! to "enerate an Up2ates pac9a"e
.se a !ee% Security Re'ay t/at is a&'e to down'oad t/e 'atest u%dates from t/e 4rend (icro ?'o&a'
#cti2e.%date Ser2er.
1. 4o create a Re'ay .%dates &und'e from t/e command 'ine7 enter t/e fo''owin,A dsaFcontro' B&
2. 4/e command 'ine out%ut wi'' s/ow t/e name and 'ocation of t/e.3i% fi'e t/at was ,enerated.
3. $o%y t/e Re'ay .%dates &und'e .3i% fi'e to t/e insta''ed 'ocation of t/e !ee% Security Re'ay t/at you
want to im%ort t/e .%dates.

Note? Nou s/ou'd a'ways ,enerate a !ee% Security u%dates %ac;a,e from a !ee% Security Re'ay runnin,
on t/e same %'atform as t/e one t/at wi'' &e im%ortin, t/e &und'e.

#n u%dates %ac;a,e ,enerated from a !ee% Security Re'ay on 0indows cannot &e successfu''y im%orted
&y a !ee% Security Re'ay runnin, on 1inu). 6f you /a2e a mi)ed (0indows and 1inu)) en2ironment7 t/en
you s/ou'd a'ways ,enerate t/e u%dates &und'e on a 1inu) !ee% Security Re'ay to ensure t/at is can &e
im%orted &y a'' ot/er Re'ays.
>. I6portn" Up2ates to Deep Securt! Rela!
0/en a $om%onent .%date is initiated from t/e !ee% Security (ana,er (eit/er sc/edu'ed or manua')7 if
t/e !ee% Security Re'ay is una&'e to ,et t/e u%date from t/e confi,ured #cti2e.%date 'ocation t/en it
wi'' automatica''y c/ec; for t/e %resence of a Re'ay .%dates &und'e .3i% fi'e in t/e insta''ed 'ocation.
6f t/e Re'ay .%dates &und'e fi'e is found7 t/en t/e !ee% Security Re'ay e)tracts and im%orts t/e .%dates
from t/e fi'e.

Note? Remem&er to remo2e t/e Re'ay .%dates &und'e .3i% fi'e after t/e .%dates /a2e &een successfu''y
im%orted to t/e Re'ay.

C. $onfi,urin, an .%date Source for an #ir:?a%%ed Re'ay
#ir:,a%%ed Re'ays wi'' sti'' try to contact an .%date ser2er to c/ec; for .%dates. 4o a2oid .%date fai'ure
#'erts7 set t/e Re'ay to use itse'f as an .%date sourceA
1. 6n t/e Re'ay@s !etai's window7 ,o to System System Settin,s .%dates
2. 6n t/e Re'ays area7 se'ect K=t/er .%date SourceAL and enter https://localhost:4122
3. $'ic; Sa2e.

54
).*. Appl!n" ser5ce pac9s:patc3es
6t is stron,'y recommended t/at t/e most recent %atc/Bser2ice %ac; &e a'ways used and de%'oyed in t/e !ee%
Security en2ironment.
Refer to t/e fo''owin, quic; ste%s on /ow to a%%'y %atc/es and ser2ice %ac;s to eac/ com%onent.
Deep Securt! Mana"er?
1. !own'oad %atc/Bser2ice %ac; from t/e 4rend (icro !own'oad $enter or from t/e 'ocation %ro2ided
&y su%%ort.
2. $o%y t/e insta''er to t/e !ee% Security (ana,er ser2er and run t/e insta'' on to%.
3. $/oose K.%,rade t/e e)istin, insta''ation (maintains current confi,uration)L to u%,rade t/e mana,er
and retain a'' settin,s.
Deep Securt! A"ent:Rela!:Flter Dr5er:+rtual Applance?
1. !own'oad %atc/Bser2ice %ac; from t/e 4rend (icro !own'oad $enter or from t/e 'ocation %ro2ided
&y su%%ort.
2. 1o,in to t/e !ee% Security (ana,er conso'e and ,o to System P .%dates.
3. Se'ect K6m%ort SoftwareL and im%ort t/e %atc/Bser2ice %ac; down'oaded in ste% 1.
4. $'ic; K8e)tL7 2erify t/e fin,er%rint and /it K-inis/L.
5. $'ic; on K"iew 6m%orted SoftwareL to 2erify t/e u%'oad.
*. ?o to $om%uters and se'ect t/e com%onentB/ost (!S#B!SRB!S-!B!S"#) to u%,rade.
ie. 4o u%,rade t/e fi'ter dri2er7 se'ect t/e +S> /ost7 ri,/t c'ic; and c/oose t/e o%tion to u%,rade t/e
fi'ter dri2er.
).-. Ot3er 6portant settn"s to cons2er
).-.1. /o" Retenton
4/ere are different ty%es of 'o,s stored in t/e !ee% Security (ana,er data&ase.
-irewa'' 'o,s
!56 'o,s
6nte,rity (onitorin, 'o,s
1o, 6ns%ection 'o,s
System +2ents
6t is recommended to de'ete 'o,s o'der t/an 7 days7 de%endin, on audit %ur%oses sometimes it may &e
necessary to store 'o,s 'on,er t/an usua'. Howe2er if you are required to ;ee% 'o,s7 it is recommended
not to ;ee% 'o,s o'der t/an 3 days. (a;e sure t/at 'o, %ur,e is ena&'ed in !ee% Security (ana,er and
'o, de'eted is confi,ured for a'' ty%es of 'o, (System System Se]n,s System 4a& 5rune).
5roduct 'o,s are stored in t/e data&ase7 it is norma' for t/e data&ase si3e to ,row to 2?9 for a 'o,
retention %o'icy of 3 days. 6f you need to store 'o,s 'on,er t/an 3 days7 %'ease ma;e sure you a''ocate
enou,/ dis; s%ace &eyond 2?9 to a''ow am%'e dis; s%ace for t/e data&ase to ,row. #'so note t/at t/e
&i,,er t/e data&ase7 S<1 re'ated queries can often times s'ow down in re'ation to t/e si3e of t/e
data&ase7 so we want to %ur,e 'o,s as muc/ as %ossi&'e and ;ee% on'y t/e 'o,s we need.
55
).-.%. Reco66en2aton Scans
Recommendation scan7 if started for a'' t/e com%uters at t/e same time7 can uti'i3e more $5. and t/e
&andwidt/. #s a &est %ractice7 recommendations scan s/ou'd &e run after t/e e2ents &e'ow /a%%enA
8ew security u%dates were a%%'ied to t/e /osts
Some c/an,es too; %'ace on t/e /ardwareBsoftware side for certain /ost(s)
(icrosoft %atc/esBser2ice %ac;s were a%%'ied to t/e /osts
6t &een a 'on, time (7 days) since t/e 'ast recommendations scan
6t is a'so a &est %ractice to sc/edu'e t/e scans for different ,rou%s of com%uters on different
times.
For 6ore 2etalsC please refer to t3e >est Practce 1u2e for Deep Securt! &.,.
).-.'. >ul2n" Custo6;e2 Securt! ProflesC Rules an2
Co6ponents
(a;e it a /a&it to du%'icate t/e defau't %rofi'es7 ru'es and com%onents instead of direct'y editin, t/e
ori,ina' ones. 0/en creatin, custom ru'esB%rofi'es7 it is a ,ood idea to a%%end a 'a&e' (ie. $om%any
8ame)7 to t/e ru'e created. (e). 4R+8! (6$R= H !eny 5ort 25)

56

*. Appl! t3e >est Practces 1u2e for Deep Securt!
4/is ,uide focuses more towards t/e /i,/ 'e2e' de%'oyment arc/itecture %'annin, and t/en de%'oyment
im%'ementation and re'ated to%ics and confi,urations. -or com%re/ensi2e &est %ractice confi,urations in
!ee% Security 8. %'ease refer to t/e 9est 5ractices ?uide.

Deep Security 8.0 Implementation Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Deep Security 8.0 Implementation Guide

Uploaded by

Copyright:

Available Formats

Trend Micro Confidential

You might also like