2. Access the Trend Micro CSC SSM console by doing the following:
a. Launch ASDM.
b. Choose Configuration > Trend Micro Content Security.
3. Choose Administrator > Product Upgrade from the menu.
4. Click Browse and select the .pkg file you downloaded.
5. Click Install.
6. Click Summary to confirm the installed software version.
7. Optional) Use an Eicar test file to confirm that the upgrade was successful and that the scanning services have been configured correctly.
CSC is not scanning e-mail traffic or is sending in a lot of SPAM.
check if the e-mail traffic is being sent to the module for scanning
Issue the following command where 192.168.1.1 is an inside PC and 10.2.2.2 is an external e-mail server and make sure csc-fail-open shows up in the flow inidcating that the module is indeed scanning the e-mail traffic.
CSC-ASA# sh service-policy flow tcp host 192.168.1.1 ho 10.2.2.2 eq 25
Global policy: Service-policy: global_policy Class-map: csc-traffic Match: access-list csc-acl Access rule: permit tcp any any eq www Action: Output flow: csc fail-open Class-map: class-default Match: any Action:
check if the Trend GUI is configured to scan inbound e-mail traffic
Under the Trend GUI >> Mail >> Scanning >> incoming - Make sure it is enabled. Check image here:
check if the e-mail header shows the Trend Micro stamp.
View All Message Headers in Outlook 2007:
E-mail message cannot be a message that was forwarded to you. Forwarding strips the e-mail headers.
The e-mail message should have been directly delivered to you or sent as an (mail item) attachment to you.
Open the email in a new window by double-clicking it.
Click the expansion button in the lower right corner of the Options toolbar box.
Find the headers under Internet headers:.
View All Message Headers in Outlook 2000, 2002 and 2003:
To display all of a message's headers lines in Outlook 2000 to Outlook 2003:
Open the message in a new window in Outlook.
Select View | Options... from the message's menu.
The header should show the following indicating that that piece of e-mail was indeed scanned by the CSC module.
1. The spam emails should be saved as .MSG or .EML format 2. The spam sample should be the original mail, not forwarded mails since forwarded mails do not contain the original mail contents and may contain customer related information that could lead to False Positives. 3. Original spam mail can be obtained by the following steps below: > Create a folder > Drag all undetected spam samples to the created folder > Place the undetected spam samples in a zip file and password-protect it using the word "novirus" without the quotes > Send the zip file
Here are the email addresses on where to send the samples:
Please be informed that TrendMicro has a large collection of Honeypots for collecting new and emerging spam threats. Once samples are received, they are automatically sent to the automated spam processing team.
CSC module status shows un-responsive
If the module shows unresponsive for the command "show module 1 detail" you can issue one of the following commands to reboot the module.
This does not reboot the ASA.
hw-module module 1 reset
hw-module module 1 reload
hw-module module 1 shutdown and then hw-module module 1 shutdown
Internet traffic is very slow
Check to see if you have http inspection enabled. If so, disable it and try the websites again. Issue "sh run policy-map" to see if you have http inspection enabled.
Make sure the CSC module has proper DNS servers configured so, the module is able to get name resolution without any problem.
How do I reset the CSC password?
1. Telnet/SSH to the ASA
2. issue the command "hw-module module 1password-reset
This will reset the CSC module password to the default password which is cisco.
How to enable the root account
1. SSH/Telnet to ASA
2. Session into the Module with the command: session 1
3. Login with the username 'cisco' and the CSC password
4. Select Troubleshooting Tools and then choose Enable root account
5. Logout and Login again to 'session 1' but this time using the 'root'
account (default password is 'cisco')
Unable to update grayware and spyware updates
1. First, enable the root account on your CSC module using the steps provided above.
2. Session into the Module with the command: session 1
3. Login with the username 'root' and 'cisco' for password
4. change to the /opt/trend/isvw/tmpfs/AU/AU_Log directory, and remove all files: -bash-3.00# cd /opt/trend/isvw/tmpfs/AU/AU_Log -bash-3.00# rm *
5. Change to the /opt/trend/isvw/tmpfs/AU/AU_Temp directory, and remove all files:
-bash-3.00# cd /opt/trend/isvw/tmpfs/AU/AU_Temp -bash-3.00# rm -rf *
6. Change to the /opt/trend/isvw/tmpfs/AU/AU_Workdir Remove all of the files and directories except the following directories:
piranhacache piranhaengine piranharule
-bash-3.00# cd /opt/trend/isvw/tmpfs/AU/AU_Workdir -bash-3.00# ll drwxr-xr-x 2 isvw isvw 60 Aug 18 02:49 AU_Backup drwxr-xr-x 2 isvw isvw 40 Aug 20 02:17 piranhacache drwxr-xr-x 2 isvw isvw 40 Jul 27 2007 piranhaengine drwxr-xr-x 2 isvw isvw 40 Aug 20 02:17 piranharule -rw-r--r-- 1 isvw isvw 8071 Aug 17 00:00 tmblack.121 -rw-rw-r-- 1 isvw isvw 1575731 Aug 18 02:49 tmwhite.459 -rw-r--r-- 1 isvw isvw 1580567 Aug 20 02:48 tmwhite.461
7. Then, exit and then session back into the module using the cisco account and restart the services.
8. Make sure manual update works without any errors.
Domain Controller shows up with a Red X
Verify Domain Controller Server Credentials on the CSC module. This needs to be a domain admin equivalent account.
Verify the account is not locked.
Unable to find user IDs in Active Directory
The machine what has the ID agent installed should be part of the windows domain
File Sharing should be enabled on the client machine
"Remote Registry" Service should be enabled.
On the windows firewall, select "Windows Management Instrumentation (WMI)" as an exception program to allow in bound WMI calls. Also, make sure the "File and Printer Sharing" is part of the exception list.