Remote Agent Configuration Guide
Trend Micro OfficeScan Corporate Edition
Trend Micro Incorporated

This product includes software developed by the Apache Software Foundation (www.apache.org).

This guide contains background information, installation notes, and other information about OfficeScan Remote Agent.

Before installing, Trend Micro highly recommends reading this guide to learn how you can take advantage of the capabilities of Remote Agent.


Contents


What is Remote Agent?  

What you can do with Remote Agent

Types of agents

Minimum system requirements

Planning for installation

Generating the setup packages

Installing Remote Agent

Modifying the default settings


What is Remote Agent?   

OfficeScan clients in remote offices sometimes have problems connecting to the server in the main office because of low-bandwidth connections. This can prevent the proper deployment of OfficeScan components, especially the pattern files, which help keep the clients protected against the latest virus threats.

To ensure that clients (especially those in low-bandwidth remote offices) are always updated, Trend Micro developed Remote Agent. Remote Agent allows clients in low-bandwidth remote offices to get updated pattern files and scan engine directly from the Trend Micro update server, instead of only from the OfficeScan server. With this tool, clients are sure to get program updates, even if deployment of new pattern files from the server is not possible because of bandwidth limitations.

Although clients by themselves can download updates directly from the Trend Micro update server with Update Now (if you grant them this privilege), using Remote Agent minimizes bandwidth consumption. You only need to configure a single client to download updates and share these with other clients in the low-bandwidth office. Other clients no longer have to download the updates themselves, thereby helping optimize bandwidth usage in low-bandwidth offices.

Back to top

What you can do with Remote Agent

Using Remote Agent, you can do the following:

  • Detect the client’s network connection to enable it to switch between roaming and normal modes, and vice versa.

  • Allow mobile clients to get updates from the Trend Micro update server, instead of only from the OfficeScan server.

  • Assign a client in the remote office to download updates from both the server in the main office and the Trend Micro update server, and to share these updates with other clients in the remote office. This reduces network traffic because the other clients no longer have to connect to the server in the main office to get updates.

  • Configure the agent to periodically verify its connection status with the server

  • Schedule an update

  • View update results from the agent log

  • Configure the settings and update sources

  • Perform a manual update (Update Now)    

Back to top

Types of agents

There are three types of Remote Agents:

  • Master agent

  • Normal agent

  • Mobile agent

Master agent

The master agent is installed on a client in a low-bandwidth remote office to download updates from the OfficeScan server or the Trend Micro update server. It acts as a 'mini' OfficeScan server by sharing these updates with other clients on the local network that are running the normal agent.

The maximum number of clients that can get updates from the master agent depends on the Apache server's default settings, and your network and machine environment.

Master agent runs as a process (not as a service) on the host computer. This means that when you log off the host computer, master agent shuts down.

To change the Apache server’s default settings

  1. Open C:\Program Files\Trend Micro\OfficeScan Client\apache\conf\httpd.conf.

  2. Modify the values for "threadsperchild" and "maxkeepaliverequests".

  3. Restart the service.

For detailed instructions on how to edit the master agent's Apache server settings, visit http://httpd.apache.org/docs-2.0/index.html.en

Normal agent

The normal agent is installed on other clients in the low-bandwidth remote office to get updates from the master agent. If the master agent is not available, the normal agent can still get updates from the OfficeScan server and even directly from the Trend Micro update server.

Mobile agent

The mobile agent is installed on clients that are frequently disconnected from the network (thus the term "mobile"). Examples of mobile clients are notebook computers that employees disconnect from the network to take home with them. To keep the client’s protection updated, the mobile agent downloads updates directly from the Trend Micro update server.

Back to top

Minimum system requirements

There are two requirements for installing Remote Agent on the client:

  • The OfficeScan client must be installed on the computer where you want to install Remote Agent

  • The user of the computer where the master agent will be installed must have administrator privileges to share the downloaded updates to other clients on the local network.

If you are installing the master agent on a machine without an HTTP server, Setup will automatically install an Apache server for you. See the Apache installation requirements below.

WARNING! Trend Micro does not recommend installing the master agent on a Windows 95/98 computer.

Apache™ installation requirements

Apache 1.3 is designed to run on Windows NT 4.0 and Windows 2000. The binary installer will only work with the x86 family of processors, such as Intel's. Apache may also run on Windows 95 and 98, but these have not been tested and are never recommended for production servers. In all cases, TCP/IP networking must be installed.

If running on NT 4.0, installing Service Pack 3 or 6 is recommended, as Service Pack 4 created known issues with TCPIP/WinSock integrity that were resolved in later Service Packs.

Note: Winsock 2 is required for Apache 1.3.7 and later.

If running on Windows 95, the "Winsock2" upgrade must be installed before Apache will run. "Winsock2" for Windows 95 is available at the following links:

www.microsoft.com/windows95/downloads/

www.microsoft.com/windows95/downloads/contents/WUAdminTools/S_WUNetworkingTools/W95Sockets2/Default.asp

Be warned that the Dialup Networking 1.2 (MS DUN) updates include a Winsock2 that is entirely insufficient, and the Winsock2 update must be reinstalled after installing Windows 95 dialup networking.

MSI Binary Distribution Packages

The Apache httpd Project is working to minimize your download time. With the arrival of version 1.3.17 of Apache, we distribute the Apache httpd Server in an MSI package. This should resolve problems that Windows ME users had with the older installer, and minimizes the download time. However, only Windows ME and 2000 users have built-in MSI support with the installation of Windows. Users of Windows NT 4.0, 95 and 98 must download the MSI installer, if it was not already installed by another product's installation.

If you are unsure if the Windows Installer is present, or the required version 1.10.1029.1 or later, then run the MSIEXEC command from the Start -> Run dialog to determine if the Windows Installer is on your machine. It will report "Incorrect command line parameters", and also tell you its version number. Apache's .msi packages require Windows Installer V 1.10 or later, which you can install or upgrade with the following Microsoft downloads:

www.microsoft.com/downloads/release.asp?ReleaseID=17344

www.microsoft.com/downloads/release.asp?ReleaseID=17343

Once you have downloaded and installed the MSI installer application, you should not need to do so again. You will be ready to run the Apache .msi binary installer distributions above. Because a small but significant number of users have encountered problems running the Win32 installer, we have provided the

Troubleshooting pages to help you diagnose and fix most installation problems at www.apache.org/dist/httpd/binaries/win32/TROUBLESHOOTING.html.

Back to top

Planning for installation

You need to plan before you start installing the agents. Here is a to-do list to help you install Remote Agent in the remote office. You can get the Remote Agent files from the \PCCSRV\Admin\Utility\RemoteAgent folder of the OfficeScan server.

  1. Identify the client in the remote office that will host the master agent. Note down the computer name; you will need this information when you generate the Remote Agent setup packages.

  2. Generate the setup packages for the master, normal, and mobile agents.

  3. Send the setup packages to users in the remote office by email, CD-ROM, or similar media. You can also place the setup packages in a shared folder that client users can conveniently access and install from or download. If you choose to share the setup packages, you must instruct users which setup package they should install to their computers.

Back to top

Generating the setup packages

This section discusses how to generate the following:

  • Remote office package

  • Mobile agent setup package

Generating the remote office package

The remote office package contains the setup files for the remote office agents— the master agent and the normal agent.

  • The master agent is installed on a client in the remote office and is designated as the client that will get updates either from the Trend Micro update server or the server in the main office.

  • The normal agents get updates from the master agent, instead of the server in the main office.

To generate the remote office packages:

  1. Double-click the Remote Agent Packager (RAPacker.exe) icon to open the console. The Remote Agent Packager console is displayed.

  2. Click Create master agent and normal agent setup packages, and then click Start.

  3. In Master agent computer name, type the name of the computer to which you will install the master agent.

  4. In Virtual directory name, type a name for the folder that will be shared on the master agent. The default name is RAUShare.

  5. Click Next to continue. The Update Source Settings screen is displayed.

  6. Select Get updates from a Trend Micro update server, and then choose a source from the drop-down list. The default source is http://officescan-p.activeupdate.trendmicro.com/Activeupdate.

  7. If you also want the master agent to check the OfficeScan server for updates, select Get updates from the OfficeScan server. You need not specify any information about the server; the master agent will automatically retrieve this information.

  8. Click Next to continue. The Proxy Settings screen is displayed.

  9. If the computers in the remote office use a proxy server to connect to the Internet, select Use a proxy server, and then type the proxy information in the text boxes. If you use SOCKS, select Use SOCKS.

  10. To apply the same proxy settings to all normal agents, select Use the same proxy server for all normal clients.

  11. Click Next to continue. The Update Schedule screen is displayed.

Note: Agents can only get pattern file updates from the OfficeScan server. To update the scan engine, you must configure the master agent to connect to the Trend Micro update server. If you use a proxy to connect to the Internet, you need to configure your proxy settings to enable the master agent to get updates from the Internet.

  1. Specify a schedule when the master agent will check for updates. You can:

  2. Click Check for updates once daily, and then specify the time of the day when the master agent will perform the task.

  3. Click Check for updates based on the following interval, and then specify the exact minute it will start checking after the master agent is started and the hourly interval thereafter.

  1. If you want all normal agents to use the same update settings, select Use the same settings for all normal agents.

  2. Click Next to continue. The Verify Server Connection Settings screen is displayed.

  3. If you want the master agent to periodically check its connection with the OfficeScan server, select Schedule verify connection. Then, set a schedule when it will perform this task. The options are Daily and Hourly.

  4. If you want the normal agents to the same connection verification settings, select Use the same settings for all normal agents.

  5. Click Next to continue. The Package Destination screen is displayed.

  6. Specify the folders where the packages will be created and the file names for the master agent and normal/mobile agent setup files. The default output folder is C:\RAOutput and the default file names are MasterSetup.exe and AgentSetup.exe for the master agent and normal/mobile agent, respectively.

  7. If you want users to be able to unload or turn off the agents, select Allow unload under the output folder.

  8. Click Next to continue. A confirmation message appears.

  9. Click Yes. Remote Agent Packager creates the remote office package. After the package is created, a screen appears, displaying the name of the package you have created.

  10. To open the output folder and verify that the setup files were created successfully, click View setup packages. To create another setup package, click Done. To close Remote Agent Packager, click Exit.

Generating the mobile agent setup package

The mobile agent setup package allows mobile clients to get updates directly from the Internet.

To generate the setup package for the mobile clients

  1. Double-click the Remote Agent Packager (RAPacker.exe) icon to open the console. The Remote Agent Packager console is displayed.

  2. Click Create mobile agent setup packages, and then click Start.

  3. Select a Trend Micro update server from the drop-down list. The default source is http://officescan-p.activeupdate.trendmicro.com/Activeupdate.

  4. If the computers in the remote office use a proxy server to connect to the Internet, select Use a proxy server, and then type your proxy information in the text boxes. If you use SOCKS, select Use SOCKS.

  5. Click Next to continue. The Update Schedule screen is displayed.

  6. Specify a schedule when the mobile agent will check for updates. You can:

  7. Click Check for updates once daily, and then specify the time of the day when the mobile agent will perform the task.

  8. Click Check for updates based on the following interval, and then specify the exact minute it will start checking after the mobile agent is started and the hourly interval thereafter.

  1. Click Next to continue. The Verify Server Connection Settings screen is displayed.

  2. If you want the mobile agent to periodically check its connection with the OfficeScan server, select Schedule verify connection. Then, set a schedule when it will perform this task. The options are daily and hourly.

  3. Click Next to continue. The Package Destination screen is displayed.

  4. Specify the folder where the setup file will be created and the file name for the mobile agent setup file. The default output folder is C:\RAOutput and the default file name is AgentSetup.exe.

  5. Click Next to continue. A confirmation message appears.

  6. Click Yes. Remote Agent Packager creates the mobile agent setup package. After the package is created, a screen appears, displaying the name of the package you have created.

  7. To open the output folder and verify that the mobile agent setup file was created successfully, click View setup packages.

  8. To create another setup package, click Done.

  9. To close Remote Agent Packager, click Exit.

Back to top

Installing Remote Agent

This section discusses how to install the master agent, normal agent, and mobile agent.

Installing the master agent

After creating the setup packages, send the master agent package to the OfficeScan client in the remote office designated to get updates from the OfficeScan server or to download updates from the Trend Micro update server. You may send the setup package via email, CD-ROM or any other similar media.

To install the master agent, simply double-click the setup icon. The setup program will run in the background. When finished, a dialog box appears, informing you that the master agent has been installed successfully. The Remote Agent icon will appear in the Windows system tray.

If you are installing the master agent on a Windows NT/2000 server

  1. Check if ServerProtect is installed on the Windows NT/2000 Server. You must remove ServerProtect before you install the OfficeScan client and master agent.

  2. Install the OfficeScan client (for Windows XP/2000/NT) on the Windows NT/2000 Server. To install the OfficeScan client:

  3. Go to the PCCSRV\PccNT\Disk1 folder of the OfficeScan server, where install.exe is located.

  4. Double-click install.exe to start installing the client software.

  1. Install the master agent with Apache server on the Windows NT/2000 server using port 80. If IIS is running on the Windows NT or 2000 Server using port 80, you need to create an update source manually for the normal agents. To create an update source manually for normal agents:

  2. Go to the OfficeScanNT\RAUshare folder.

  3. Use Web Sharing to share this folder and use the virtual directory name as the share name (default name is RAUshare). The virtual directory name depends on the name you have set during the setup of the master agent package.

If IIS is running on the Windows NT/2000 Server without using port 80, the Apache server can be installed successfully with the master agent.

Installing the normal agent

The normal agent setup package is intended for OfficeScan clients in the remote office that are not hosting the master agent and are not frequently disconnected from the network. You may send the normal agent setup package by email, CD-ROM or any other similar media to these clients. You may also choose to put the normal agent setup package in a shared folder where the remote office clients can download it.

To install the normal agent, simply double-click the setup icon. You will not see anything on the screen during installation; it will be running in the background. When finished, a dialog box appears, informing you that the normal agent has been installed successfully.

Installing the mobile agent

The mobile agent setup package is for OfficeScan clients that are frequently disconnected from the network.

To install the mobile agent, simply double-click the setup icon. You will not see anything on the screen during the installation because it will be running in the background. When finished, a dialog box appears, informing you that the mobile agent has been installed successfully.

Back to top

Modifying the default settings

To open the Remote Agent configuration screen, right-click the Remote Agent icon in the system tray, and then click Main Window. The screen displays the latest update information, including the pattern and engine versions, update source, and so on.

Checking for updates

By default, the Check for updates check box is selected. To disable update checking, clear the check box. However, Trend Micro recommends that you keep this selected at all times.

You can modify the frequency when the mobile agent will check the download site you have specified for available updates. You can configure it to check once daily or at specified intervals.

  • If you select Check for updates once daily, specify the time of the day when the agent will perform the task.

  • If you select Check for updates based on the following interval, specify the exact minute when it will start checking after the agent is started and the hourly interval thereafter.

Settings

To change the update sources or to check the connection with the OfficeScan server, click Settings. The Settings screen appears, displaying the Update Sources and Verify Server Connection Status tabs.

For information on how to add, delete, or rename an update source, or to modify the settings to an update source, refer to Configuring update sources.

For information on how to verify the connection of the master agent with the OfficeScan server manually or automatically, refer to Verifying server connection.

Configuring update sources

Remote agent allows you to configure update sources to ensure that you get the updates when you want it. You can add, delete, or rename an update source, or to modify the settings of an existing update source.

To add an update source

  1. In Update Sources, click New. The Properties screen is displayed.

  2. Under Settings, type a name for the update source you are creating.

  3. Under Server location, type the URL from where the master agent will download the updates.

  4. Under Port, type the port number that has been opened for downloads.

  5. Under User, type your user name if the update requires one.

  6. Under Password, type the password that will allow you to gain access to the updates on the server.

  7. If you use a proxy server to connect to the Internet, select Use a proxy server. Then type your proxy login information in the text boxes, including:

  8. Proxy address

  9. Port number

  10. User name

  11. Password

If your proxy server uses SOCKS 4 to handle TCP, select Use SOCKS 4.

  1. Click Apply to save your settings.

To delete an update source

  1. On Update Sources, select the update source that you want to delete.

  2. Click Delete. A confirmation window appears.

  3. Click OK.

To rename an update source

  1. In Update Sources, select the update source that you want to rename.

  2. Click Rename. The source name becomes editable.

  3. Type a new name for the source name.

  4. Press Enter.

To modify the update source settings

  1. In Update Sources, select the update source that you want to modify.

  2. Click Properties. The Properties screen appears.

  3. Modify the settings.

  4. Click Apply to save your settings.

Verifying server connection

You can verify master agent-server connection manually or you can configure a scheduled verification.

  • To verify master agent-server connection manually, click Verify Connection under Verify Connection Now. The result is displayed next to Result.

  • To configure a scheduled verification, select Enable scheduled verification, and then set a schedule. You can choose either Daily at or Hourly interval.

  • If you click Daily at, specify when scheduled verification will run by selecting a time in the spin box.

  • If you click Hourly interval, specify the time interval by moving the slider.

Click OK to save your settings.

Note: You may advise the master and normal agent users to increase the update interval to prevent Remote Agent from updating frequently.

Back to top