IOS content filtering on trend micro subscription

Similar Messages

• Expiring ios content filtering

  hello
  now that IOS Content Filtering using Trend Micro is EOL and replaced by ScanSafe, can someone tell if ScanSafe is a subscription based and what are the new SKUs for ScanSafe
  thanks

  Yeah, Scansafe won't work until you purchase the subscription, and get that activated within the cloud since it is Web Security on the cloud solution.
  Try to contact [email protected], and let them know your country and ask them if they can refer you to a local Sales Rep for ScanSafe.

• IOS content filtering on 29xx

  IOS content fitlering through trend micro has been discontinued on 2800's (now) and 2900's (December 2012).
  1. Is there a replacement solution for cloud based URL filtering on 2800's?
  2. Looking at ScanSafe ISR Web Security on 2900's which I believe will work similar to TRM. I can't seem to find any SKUs for this solution through. Anyone knows anything about this?

  Hmm... no thoughts over the weekend. Anyone?

• [Trend Micro Ios content filtering] parameter-type command under policy map not available

  Hi, all:
  I'm trying to configure TrendMicro IOS content filtering. I have this working on a separate box, running 15.1.
  On this particular testbed, I have a 2900 running:
  System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T1.bin"
  And the following licensing:
  Technology Package License Information for Module:'c2900'
  Technology    Technology-package           Technology-package
                Current       Type           Next reboot 
  ipbase        ipbasek9      Permanent      ipbasek9
  security      securityk9    Permanent      securityk9
  uc            uck9          Permanent      uck9
  data          datak9        Permanent      datak9
  Configuration register is 0x2102
  CUBE_GOLD_MEX#show ip trm subscription status
         Package Name:  Security & Productivity (Trial)
               Status:  Active
  Status Update Time:  18:02:51 CST Mon Jul 23 2012
      Expiration-Date:  Mon Aug 20 02:00:00 2012
      Last Req Status:  Processed response successfully
  Last Req Sent Time:  18:02:51 CST Mon Jul 23 2012
  CUBE_GOLD_MEX#
  Also, I have the following config lines on it:
  ip host trps.trendmicro.com 216.104.8.100
  ip name-server 4.2.2.2
  ip cef
  multilink bundle-name authenticated
  parameter-map type urlfpolicy trend tm-pmap
  allow-mode on
  [snip]
  parameter-map type trend-global trend-glob-map
  class-map type inspect match-all http-imap
  match protocol http
  class-map type urlfilter trend match-any drop-category
  match url category Abortion
  match url category Activist-Groups
  match url category Adult-Mature-Content
  match url reputation ADWARE
  match url reputation DIALER
  match url reputation DISEASE-VECTOR
  match url reputation HACKING
  match url reputation PASSWORD-CRACKING-APPLICATIONS
  match url reputation PHISHING
  match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
  match url reputation SPYWARE
  match url reputation VIRUS-ACCOMPLICE
  policy-map type inspect urlfilter trend-policy
  class type urlfilter trend drop-category
  I have not been able to get to the good part of configuring the ZBF.
  I've looked over several configuration examples and can't figure out what I'm doing wrong, since I'm not able to see the command 'parameter-map' under the 'policy-map urlfiltering'
  XXXXXX(config)#policy-map type inspect urlfilter trend-policy
  XXXXXX(config-pmap)#?
  Policy-map configuration commands:
    class        policy criteria
    description  Policy-Map description
    exit         Exit from policy-map configuration mode
    no           Negate or set default values of a command
  XXXXXX(config-pmap)#
  I thought it might be an issue with version 15.2.3, but according to configuration guides, commands are the same.
  Can anyone provide some assistance?
  TIA.
  c.

  Hi Carlos,
  I am having the same problem.  I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2.  Maybe they forgot it :-)
  I guess I will open a TAC case as I do not want to downgrade...
  I will keep you posted if I find the answer.
  Regards,
  Troy

• IOS Content Filtering Using TrendMicro: Can I customize the block-page redirect-url?

  I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription.
  Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
  Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page http://global.sitesafety.trendmicro.com/result.php or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
  I know I can use the 'parameter-map type urlfpolicy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect-url') but I wonder if anyone has any ideas on how to do more with either the built in page or the redirect-url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
  Thanks!
  Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?

  Hmm... no thoughts over the weekend. Anyone?

• Time pattern to allow user breakthrough URLFilter over IOS content filtering

  hi
  i have a client did request me to create such thing for them over IOS content filtering + Trend Micro based subscrition (till this level i'm pretty not sure it is feasible or what)
  scenario would be:
  like group 1 of users are the martketing subnet, then setting the time from 0800 hour to 1700 hour are prohibited to access any of the block blackilist site (either from local and/or trend micro reputation / category blacklist URL)
  is there any way round i can enable the router to recognize the time then let user to gain access after 1700 hour?
  Can TCL do this? any other way round for this
  thank you
  Noel

  Hi Carlos,
  I am having the same problem.  I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2.  Maybe they forgot it :-)
  I guess I will open a TAC case as I do not want to downgrade...
  I will keep you posted if I find the answer.
  Regards,
  Troy

• IOS Content Filtering - Is No More ?

  Cisco very quickly End of Lifed the IOS Content Filtering offering last year
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/eol_c51-698205.html
  For something with a minimum of a yearly lic involved, the EOL timing is shocking - you could have ordered product with a 1 year lic and come back now to find the offering is now dead (as in our case) so much for ROI !
  Cisco are pushing Scansafe as their current offering, which has probably led toa  falling out with Trend who provided the underlying service for
  IOS Content Filtering. Scansafe does not economically cover the low end application, for which IOS Content Filtering was ideal i.e SMB space with 8xx or low end ISR routers. The Cisco answer is basically "perhaps you want to go and investigate solutions form other suppliers"
  So we are left with a router platform which is fine and  content filtering which was fine but are now unable to re-licence the URL filtering service and will stop working in about 30 days and there is apparently nothing we can do about it
  Does anyone know if Trend still operate the URL filtering subscription service and whether theire is a way of geting a subscription renewal direct ?
  (i'm not holding my breath on that - I am guessing the IOS content filtering hooks for the service being certificate based + Cisco license process will make that hard for anyone but Cisco)
  Or of any alternative simple and cost effective solution we can configure the router to use
  (please tell me we're not back to SurfControl/Websense solutions again..)
  thanks
  Sez

  Approached the Cisco AM - frankly there was little or no interest in fixing such a low value problem. The spin was the Trend relationship ending was beyond Cisco control and Cisco hands tied - i.e. its not our fault (but strangely the problem is the customers)
  Yes we could get some TMP discount - against the original hardware purchase but the hardware for lowend installs is negligible, it is the services time/cost in getting solution (and any replacement) into deployment which is the costly part and TMP makes no allowance for that.
  Also scansafe solution is much more expensive, compared to IOS URL Filtering, so even taking off the minor TMP discount the answer form Cisco is basically - yep spend more money with us and we'll fix the problem we created for you. And why is there so little normal info on Cisoc.com for scansafe - i.e. covering SKU/ordering models etc... It always just ays 'ask your Cisco AM for details' - that may have worked when Scansafe was a separate company but a Cisco AM is unlikely to even answer the phone to talk about a $3K order
  If Cisco really wanted to protect customer investment, why couldn't it provide through Scansafe a replacement service for IOS URL Filtering service, at similar cost and pricing model to that provided by the Trend integration? i.e. same kit, same config but pointed at scansafe cloud rather than Trend cloud. Then there would be no issue and a clean migration path provided for Ciscos valued customers
  Probably answering my own question but scansafe appears to return to a cost related to the user count, whereas IOS URL Filtering service was a simple one off cost per router. This was ideal for low end application (the ISR800 series size of deployment) and comparable scansafe is way more expensive.
  I have found we are not alone in this, most customers are only finding out about this mess when existing IOS URL Filtering licence's expire and go for renewal only to find the 3 month EOL process has stealthily boatanchored their implementation.
  Sez

• How can I achieve IOS content filtering using a Cisco router

  Good day Everybody.
  I would like to set up content filtering using IOS on my Cisco router. I already know how to do URL filtering but I want to restrict access to sites based on categories.
  Is this possible without having to introduce an external device?

  Natively in IOS this is not possible. However you can configure CWS (Cisco Web Security). The router will forward web requests to a cloud based web security service.
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11720/data_sheet_c78-729637.html

• IOS Content Filtering

  Hello, I have just purchased content filtering for an SR520 and an 881.
  I find guides on Cisco.com relating to confiuration of filtering, but nothing with regards to reporting. I'm looking to log every time a page is denied, and what user (or IP) requested the blocked page.

  Yes there is acache you can configure under the parameter-map.
  You can also view it using command shown below
  IOSrouter# sh
  policy-map type inspect zone-pair urlfilter cache detail
  policy exists on zp zp
  Zone-pair: zp
  Service-policy inspect : trend-global-policy
  Class-map: www (match-all)
  Match: protocol http
  Inspect
  Maximum number of bytes in cache: 262144
  Time to live for each cache entry (in hrs): 24
  Total number of bytes used by cache: 453
  Number of bytes used by domain type cache: 353
  Number of bytes used by directory type cache: 100
          URL                                       Age         Idle time/        Cat::Rep
          (Directory cache
  end with /)  (day:h:m:s)
  access #
          yahoo.com                             0:16:47:30           2           56::1                                                                               
  ad.doubleclick.net                
  0:00:00:10           1           72::1                                                                                                                       
  static.eharmony.com/static../
  0:00:00:06  0:00:00:04     12::1
  Unfortunately you can't see who accessed them.
  I hope it helps.
  PK

• IOS web content filtering cannot get trend micro filter

  hi, i just wondering how really i can get my router's content filtering connect to trps.trendmicro.com server again. previously it was success to get connect to the server, after i doing some changes on my zone-pair firewall then it cannot connect to the trend micro server anymore.
  sh ip trm subscription status showing that i successfully connected and registerd
  all the installation guide is doing accordingly,then i turn on my debug crypto pli validation and debug ip trm detail, all showing success connection to trendmicro site.
  parameter-map type trend-global <param> are pointing to the trps.trendmicro.com, my class-map and policy-map didn't have any changes since last success connection.
  zone-pair setting also attach with the right policy-map that serve for service-policy urlfilter <name>
  overall, after my zone-pair firewall is UP again, then my web content filtering is gone, while registeration is made..
  anyone have any idea what really happen?
  thanks
  Noel

  Hi Yongkhang,
  I think in order to figure out what is happening, we need to troubleshoot and see the config, data and other show commands.  I'm not sure if you would feel comfortable posting that here.  Therefore, i think its best to open up a case with tac on it so that it can be troubleshot to see why you cant access the trend micro server.
  can you let me know what you mean by when you turn on your ZBF, your web content filtering is gone.  Are you saying, when you turn on zbf, the web content filtering is no longer blocking or allowing sites?
  have you ran the following debugs?
  debug ip urlfilter detail
  debug ip urlfilter event
  debug ip url filter function-trace
  also, what does this show:
  show policy-map type inspect zone-pair urlfilter
  Are you sure you have the class maps in the proper order since its processed sequentially..
  regards,
  scott

• I recently upgraded by iMac iOS to Yosemite, and I find that my best buy provided Trend Micro stopped working. Question, what security software is recommended, if any for an iMac. Thanks

  I recently upgraded by iMac iOS to Yosemite, and I find that my best buy provided Trend Micro stopped working. Question, what security software is recommended, if any for an iMac. Thanks

  Uninstall Trend Micro software. It is not needed and could prevent your computer from operating properly. If there is no uninstaller for the software, then see the following:
  Uninstalling Software: The Basics
  Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.
  Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
  Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.
  Some applications may install a startupitem or a Log In item.  Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.
  Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
  If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, EasyFind, instead.
  Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.
  There are many utilities that can uninstall applications.  Here is a selection:
      1. AppZapper
      2. AppDelete
      3. Automaton
      4. Hazel
      5. AppCleaner
      6. CleanApp
      7. iTrash
      8. Amnesia
      9. Uninstaller
    10. Spring Cleaning
  For more information visit The XLab FAQs and read the FAQ on removing software.

• 3900 Content Filtering

  I have been looking everywhere for a configuration guide for the subscription based trend micro content filtering available on the routers, can someone point me in the right direction please, thanks.

  Never mind, if anyone else needs to know this is what I found:
  https://supportforums.cisco.com/docs/DOC-8028
  http://www.cisco.am/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/white_paper_c11_519293.html
  Really wish Cisco would do away with this, even the CSC on the ASA is better and I really hate it.

• Web Content Filtering / Virus Scanning appliance

  Hello all,
  I'm in the market for a content / url / virus scanning device for our network. We are currently using MXLogic's Web Defense service and while it's very cheap it is not suiting our needs. What I'm looking for is an appliance that will do content filtering but also virus / malware / spyware scanning on web traffic. I'd also need to be able to setup policies / groups for different set's of users. For instance the folks who purchase the products we sell need to be able to see our vendors media (streaming video) content while our sales folks don't. I can't currently do this with MXLogic, it's all or nothing.
  Our firewall is an ASA5510 and I've looked at the Content Security SSM-10 module with the plus license and while the pricing is definitely attractive I have a few questions about it. Does it integrate with MS Active Directory? In other words and it filter based on groups and policies or is it more IP / ACL based? Also does it perform well?
  I've also looked at the IronPort product cisco sell's and have similar questions regarding that mainly what are folks experience with it, is it something you would recommend?

  Hi Allen,
  To answer your questions related to the CSC module:
  1. No, the CSC module does not integrate with Active Directory. This is something that Trend Micro has in the works, but as of now there is no ETA for this functionality.
  2. The CSC module will perform fairly well if used in the environment it was designed for. I would recommend taking a look at the CSC sizing guide to see if the CSC-SSM-10 would be something that is scalable enough for your network:
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_paper0900aecd805c3cd6.html
  I cannot speak to the performance/functionality of IronPort as I have not used it personally, but I have heard good things. Also, external appliances from Websense seem to be a popular choice when you need a product that is a bit more scalable or granular than what the CSC module can provide.
  Hope that helps.
  -Mike

• Trend Micro Blocking worldsecuresystems

  I have a computer that came with Trend Micro Software (anti-virus)  installed. Today I manually typed in an address as http://site.worldsecuresystems.com but I forgot the "s" in https. To my surprise I was told this site was blocked due to malicious content and was dangerous. I was curious at this point and tried other BC sites using the worldsecuresystems domain without the "s". Every BC site I have tried without the s it blocks. If I put the s in it works.
  I filed a request with Trend Micro asking them to reclassify my domain. I wanted to let BC and others know that this is an issue.
  Here is an URL to try any website:
  http://global.sitesafety.trendmicro.com/

  Rule one of Virus protection software - be overly strict and forceful.
  That is how they work and most are way to bloated and I hate them. I buy a modem router with filtering and controls built into them so you never have to install anything on your computer, and of course I use mac
  Anyway, Would not worry about it at all Lynda and it is likey they wont change anything in terms of that message as that has been the same for years and years.

• 2821, IOS content filter-BUG? HTTP CORE process eating router alive

  HTTP CORE process in IOS router is causing network outage. Its 2821, zone based firewall with IOS content filter. IOS content filter was working fine for last month, all of the sudden today it is working faulty. Network is waving on and off with CPU being hogged. Tried reboot and problem returns. Any advice out there?
  IOS versions below
  CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 99%
  PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
  141 2228956 11329 196747 99.20% 99.29% 99.02% 0 HTTP CORE
  4 3428 294 11659 0.39% 0.09% 0.10% 0 Check heaps
  210 8 14040 0 0.07% 0.00% 0.00% 0 Atheros LED Ctro
  c2800nm-advsecurityk9-mz.124-22.T.bin
  #sh ip trm sub status
  Package Name: Security & Productivity
  Status: No subscription information available.
  Status Update Time: N/A
  Expiration-Date: N/A
  Last Req Status: Waiting for response
  Last Req Sent Time: 22:02:38 CST Sat Jan 24 2009
  sh ip trm ?
  config TRM config
  subscription Trend Subscription information
  #sh ip trm config
  Server: trps.trendmicro.com ( Default *)
  HTTPS Port: 443
  HTTP Port: 80
  Status: Active
  11111 11111 11111
  999999900000999999999999999999990000099999999990000099999999
  999999900000999999999999999999990000099999999990000099999999
  100 ************************************************************
  90 ************************************************************
  80 ************************************************************
  70 ************************************************************
  60 ************************************************************
  50 ************************************************************
  40 ************************************************************
  30 ************************************************************
  20 ************************************************************
  10 ************************************************************
  0....5....1....1....2....2....3....3....4....4....5....5....6
  0 5 0 5 0 5 0 5 0 5 0
  CPU% per second (last 60 seconds)
  11111111111 11 11111111111111 11 11
  0000000000090090000000000000099009900 5
  0000000000090090000000000000099009900355215223
  100 ####################################*
  90 #####################################
  80 #####################################
  70 #####################################
  60 #####################################
  50 ##################################### *
  40 ##################################### *
  30 ##################################### *
  20 ##################################### *
  10 ##################################### ** * #
  0....5....1....1....2....2....3....3....4....4....5....5....6
  0 5 0 5 0 5 0 5 0 5 0
  CPU% per minute (last 60 minutes)
  * = maximum CPU% # = average CPU%

  Try moving to 12.4(20)T2 like me
  Some issues have been corrected like object-groups for acls.
  I noticed all has not been solved, but it is quite better.
  On 12.4(22)T, I had memory fragmentation and overflow when I was issuing a lot of acl and object groups commands