Hi Ryan,

Thanks for explaining the differences between these 2 products. I will have to decide on which product to be use on my server platforms. But I have another question with regards to my experience with the office scan clients. I've seen virus warning messages popping out from my office scan 7.3 clients but most of the time the files are being quarantined and cannot be clean? And I have to clean all those virus infected computer using Microsoft one live online scanner to removed the virus and registry keys. So it seems that the office scan 7.3 can only block and not cleaning up infected computers? I've upgraded the office scan to version 10.0. I really hope that it will be able to clean up infected computers this time round.

Hello,

Firstly about the pop-up messages on your OSSE 7.3 office scan clients. The OSCE 7.3 is dead, completely. You must to move to OSCE 10 SP1 without waiting because the OSCE 7.3 cannot catch  most today viruses. From other side, the most viruses is un-cleanable, from my experience, only viruses from PE* family can be cleaned.

More about virus names you can find here.

About firewall, the SP not have firewall module, so, the SP not stop windows firewall and you need to open communication ports for Server protect self. Ports list

Regards, Kirill

As Kirill said, OfficeScan 7.3 is end of life now and we no longer support it, and since it is a number of years old and 2 versions behind the previous generation, moving to 10.0 would be a smart move.

As for the behavior you were seeing, let me point out a few things.

1. The concept of "clean" is not really relevant in today's threat landscape.  This feature came from a time when the bad guys would append viruses to good files, and we could clean them by removing the virus, leaving the good file intact.  Today, most viruses are the entire file, so cleaning is not really the right term or action for taking care of those threats.  Therefore, Quarantine, which is an administratively chosen action, is a better action.  With all of our products, 2 actions are tried on every detected file.  By default this is Clean, and if Clean doesn't work, then Quarantine.  Long story short, this is how the product should work and it sounds like it is working properly, even though it is an old version.

2. You may have meant to say that files couldn't be cleaned or quarantined.  If that is the case, this is common with files that are locked by the operating system.  Those files typically are the Internet Explorer temp files, System Restore files, and files in the Recycle Bin.  We can't delete/quarantine them because the operating system won't let us.  We encrypt though, which renders them harmless.  In OfficeScan 7.3, this didn't look very nice in the logs, but in OfficeScan 10, the resulting log files indicates that the file is encrypted to give you piece of mind.  The only way to really clean these are the empty out the IE temp directory, delete the infected system restore point, or empty the recycle bin.

3. Lastly, we did add some heuristic technology a number of years ago, but the default settings are set to Pass because of false positive concerns on the part of customers.  This may concern you because you might see things like "Passed" in the log files instead of Clean, Quarantine, or Delete.  These are detections like MAL_OTORUN, TROJ_GENERIC, etc.  Fortunately, there is a way to change the behavior, unfortunately it isn't in the GUI.  Here are the instructions to change this (I would recommend Clean, Quarantine or Clean, Delete as the actions you choose):

http://esupport.trendmicro.com/pages/Configuring-OfficeScan-10-for-generic-detection.aspx

And as Kirill said, there is no firewall component in ServerProtect, so it doesn't make any changes to any firewall you may already have in place.

Ryan

There are a few instances where you might prefer ServerProtect over the OSCE or DS products.

If your server is a Terminal or Citrix Server that typically has over 20 users logged in at one time, then ServerProtect is a must have.

OSCE is improving with every version, but it is also, by a very large magnitude, a much heavier product that takes up a lot of resources.

ServerProtect is a light weight, very fast, very lean a/v scanner that is completely aware of Terminal server and Citrix, so it doesn't spawn multiple copies when multiple users login.

If you've got a very busy server, or terminal/citrix, your best bet is to use ServerProtect.

For anything else, you can safely use OSCE.

Thanks guys for explaining to me on the features of this new release. Now I have this issue of the officescan program directory increasing drastically in size over the past 2 days. Installed the program on 26 March and after doing some online updating. The program directory was about 1.67GB. Had a check on 28 march and the folder size was 2.1GB and another check today the folder size was 2.6GB. Cleared all the quarantined files which cleared only 7mb.

I am now worried that this folder will go all the way increasing by 500 MB daily and soon enough, my hard drive will be out of space. It there something wrong with it? Is there any tools to do some maintenance on it?

Hello Ryan

I am new to Trend Micro and I need to replace the present Antivirus software on all our Windows Server Platform, so I need to decide between OfficeScan and ServerProtect. I will appreciate if you could elaborate more on the following

1) Since more and more of ServerProtect features are being incorporated into OfficeScan and there are only minor changes being effected in ServerProtect itself, is it the plan that ServerProtect will be decommissioned at one point?

2) What would be your remarks relating to MCaspers's comment on OSCE needing more resources in comparison to ServerProtect? I am asking this because we will be implementing whichever product we echoed also on Terminla/Citrix servers.

3) Does OSCE also support other Operating Systems (Linux, Mac, Netware) or are there such plans in the pipeline as OSCE takes up more of ServerProtect features.

Though we licensed "Endpoint Security suite with Exchange", but I woould not like to introduce 2 different products on the Servers platform.

Thanks

Hello Ryan,

Do you have any information on roadmap of Server Proetct 5.8. What will be next version? Our client is on Server Proetct 5.8, and he wants to plan for upgrade. But there is no information on Trend Micro site. can you please help on this?