Trend Micro updates for CSC SSM

Similar Messages

• Signature Updates for AIP-SSM 10

  Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me

  Here is the main file download page for the IPS sensors.
  Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
  You can then download which ever signature update you want.
  NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
  NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
  On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
  If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
  NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads.

• Which part number for CSC-SSM with Plus license?

  Dear All,
  Which part number for CSC-SSM with Plus License? i saw the part number for standard license.
  could you let me know?
  Best regards,

  Hi,
  The part number is the following:
  ASA-CSCX-YP-ZY
  where X is your CSC model, Y is the number of seats of the license and Z is the number of years.
  For instance, if you need a 2 year plus license for a CSC10 with 250 seats, the part number would be ASA-CSC10-250P-2Y
  Regards,
  Nicolas

• ASA 5520 : IP address for CSC SSM

  Hi All,
  I have an ASA 5520 with CSC SSM. I have base and plus license and want to activate it. T he IP address and gateway have to be configured on the CSC SSM. I have configured IP addresses for the INSIDE,OUTSIDE,DMZ and MGMT. The outside is a public IP address. Now for the CSC SSM what range should i give?
  There is an ISA server on the DMZ where all user IP's get PATed and on ASA this gets NATed on the ASA. Direct access to the internet exists for the servers (bypassing proxy).
  My basic doubt is about the IP address and gateway that the CSC SSM should have and is it related ot the management interface ip address?
  Thanks and Regards.
  Sonu

  Hi
  put your CSC ip address as outside interface subnet.because CSC needs automatic updates from internet.and you can able to manage CSC from remote itself.
  for EX
  your outside ip is 10.0.0.1/24,make CSC IP As 10.0.0.2/24,Gateway 10.0.0.1
  Hopes this helps
  regs
  S.Mohana sundaram

• Password recovery for CSC-SSM

  i have CSC ssm module in my lab. i forgot its username/password and also the ip address of csc module. when i tried to do reimgine the csc module, setup asks for ip address of csc module. is there is any way to recover password without knowing the ip address of CSC module.

  This document describes how to recover a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the Advanced Inspection and Prevention Security Services Module (AIP-SSM) without having to re-image the device.
  http://cisco.com/en/US/partner/products/ps6120/products_password_recovery09186a00807f5a59.shtml

• I have Trend Micro antivirus for Windows 7, but I am being told it is not compatible with Mozilla 9.1, how do I get an older version or adapt?

  I am using a lap top, just reinstalled everything, and now have Firefox 9.1 and am being told it is not compatible with my antivirus, Trend Micro Titanium. I am running Windows 7.

  See:
  * http://community.trendmicro.com/t5/Home-and-Home-Office-Forum/Read-Me-Before-Posting-Titanium-Hotfixes/m-p/55632

• License violation has been detected on the InterScan for CSC SSM

  We are receiving this everyday at 1 AM, but there is no traffic on the network at this time. What can I do on the ASA or CSC to find out where and what this traffic is?
  There are currently 559 active nodes while you only have 500 seats of license. 59 more seats of license is required.

  This issue has confused us for a while too… Here’s the deal:
  Even after the license violation the traffic for all the users will be scanned by the module. Despite the error message that you are seeing, the CSC will not drop connections due strictly to license violations.  It is only a warning at this point. 
  With a high number of nodes, it is likely that you will overwhelm the CSC processing capacity.  If the users are overly aggressive in their connections, they can easily max out the capacity.
  Here's a high level link:
  http://www.cisco.com/en/US/customer/products/ps6120/products_white_paper0900aecd805c3cd6.shtml
  Can you increase the license?  It only goes up to 1,000.
  How can you tell what the count is?  Use the following command from the ASA CLI:
  show csc node-count yesterday
  Here's the link:
  http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s2_72.html#wp1186101
  Hope this helps!

• InterScan for CSC SSM Notification

  I have received this message from my ASA5500 with SSM module:Compact Flash storage is nearly out of space
  After that I have received other one with the message: Scan services have recovered from a previous failure. The SSM system is now back to normal.
  I think the SSM module hasa Flash with a 1GB, someone knows it is normal or something is wrong??

  We opened a TAC case for this. And we received the following response...The error your getting is a known cosmetic error. It will not affect anything. There is currently no work around at the moment. This is normal, there is a built in mechanism that automatically cleans up the flash."

• Filtering sub-categories on Interscan for CSC SSM

  Does anyone no how to identify what URL's are classified as a part of each sub-category? Is there a published list somewhere that I can tell which sites are part of certain categories?
  Thanks,
  Larry

  Try this link:
  http://www.cisco.com/univercd/cc/td/doc/product/multisec/modules/cscssm/cscssm61/csc61adm/

• ASA Trend Micro SSM Application is down!

  Hi,
  i have a big problem with the ASA Trend Micro module. The SSM Application is down, after module restart it is up again but not for long.
  How can i solve this problem?

  Sorry but i don't understand what you want to say. How can that solve my problem.
  The CSC-SSM module shuts down always after 60min, then i have to start it again with this command "hw-module module 1 reset". License is ok, it expires in 2008. First i thought its because of overload, but after work time it shut after 60 min too.
  Thanks in advance.

• Trend-Micro Smart Surfing for Mac

  I know that malware is not a big concern for Mac users, yet. However, I am interested in trying new products as they come out. I use Trend-Micro products for Windows at work on a daily basis and they are a fantastic company when it comes to malware protection. They just came out with their first product for Mac: Trend-Micro Smart Surfing for Mac. I was thinking of using the 15-day trial just for the heck of it. Does anyone have any experience with this software?

  This topic has been brought up countless times on the forums. Search for the word "virus" and you'll get quite a few hits.
  Here's one: http://discussions.apple.com/thread.jspa?messageID=9244196&#9244196
  Limnos' post is probably the one to look at.
  Many of the long-time users here agree that the most effective anti-spyware/malware/adware/what have you protection is for the user to pay attention to what he/she is doing.
  -Create a standard user account and use that for daily tasks. Use the admin account to perform updates.
  -Don't download files from sites you don't know. Don't install anything unless you know what it is.
  We did use the Virex anti-virus system years ago for one of our Macs. It was running OS 7 (ancient history, really). None of our current Macs, all of which are running OS X Tiger or Leopard, have any anti-virus software installed, and we haven't had any problems.
  If you do choose to install anti-virus, the only real reason to do so is to prevent the spread of any Windows viruses that make their way onto your machine.
  ~Lyssa

• Installing signature update for IDSM-2 on AIP-SSM

  Hi every one,im not sure about this question but i think its beter to ask you experts.i want to know that if i have signature update for example for my IDSM-2 can i instal this sig update on my AIP-SSM --> suppose that IPS software on both devices are same and also i have installed valid license key on AIP-SSM.now can i do this or no? and i know that if you have not valid license installed on IDSM-2 you cant instal any sig update on IDSM-2 but what about AIP-SSM?i mean can i instal sig update on AIP-SSM without installed valid license key on AIP-SSM? thanks

  There are 3 main types of Signature Updates.
  1) IPS Sensor Signature Updates
  2) CSM Signature Updates for IPS Sensors
  3) IOS IPS Signature Updates
  The IPS Signature Update filename is in the form: IPS-sig-Sxxx-req-Ey.pkg
  This is most likely what you are referrnig to in your post. This file can be installed on ANY IDS/IPS Appliance or Module.
  The Requirement here is not the platform but rather the Engine Level. The "req-Ey" portion of the filename tells you that the sensor must already be running the "y" Engine level of software.
  So an IPS-sig-S436-req-E3.pkg file can be installed on any IDS/IPS Appliance or Module so long as the software on that sensor is an "E3" version.
  The CSM updates, are signature updates for the Cisco Security Manager. They contain special files that CSM uses to update itself, and then also included within the CSM update is the actual sensor update described above. CSM unpackages the CSM update, updates itself, and then uses that embedded file to upgrade the actual sensor.
  The third type of file is for IOS Routers loaded with special IOS software that has the special IOS IPS features where the Router itself (instead of a separate IDS/IPS module) does the signature monitoring.
  These IOS IPS Signature Updates get installed on the actual router, and are not installed on the IDS/IPS Sensor Appliances or Modules.
  So in answer to your question, yes the same Signature Update for your IDSM-2 is the exact same Signature Update for your SSM modules.
  The exact same file is available through multiple different paths on cisco.com. But it doesn't matter through which cisco.com path you downloaded the file you can still install it on all IDS/IPS Appliances and Modules.
  As for licensing, the license works the same on all IDS/IPS Appliances and Modules. A license must be on the sensor for the Signature Update to be applied.
  NOTE: A Trial License is available from cisco.com for new sensors to allow you time to get everything setup correctly for your sensor to be covered by a service contract, and get the standard license from the service contract.

• Trend Micro Interscan URL Filtering policies not working

  I have just inherited a ASA 5520 with a TrendMicro InterScan for CSC SSM (version 6.6.1125.0) with both Base and Plus licenses. We have several URL filtering policies setup with AD group checking via the Domain Controller Agents. These rules are currently in the order of most strict (only a couple of explicitly identified users and one IP address), then two different policies that block less content than the global list (each assigned to LDAP list based on AD group membership), then our global URL Filtering policy.
  The most common problem I have is when I try to open a site for one of the LDAP groups the site does not become accessible until I also add it to the HTTP Exceptions list on the Global Policy thus opening it for all users.
  Any suggestions?

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:Arial;
  mso-bidi-theme-font:minor-bidi;}
  Thanks,
  Right now I removed tick form Leisure Time. But everything is open which I blocked.
  But I wanna blocking 24hrs but During 7 to 8 I wanna leisure time.
  If I tick marked all categories for both Work and Leisure then all things blocked
  If I removed tick from Leisure column then everything open…
  Kindly View attached Screen Shot

• Trend Micro & OCS

  Hi,
  Is Trend Micro certified for OCS 10g ?
  Can it be configured to scan smtp traffic for a default single box installation of OCS 10g on Red Hat Linux with the smtp configured at port 25 ?
  Thanks

  I'm not sure trend micro is supported. But I guess you could configure it to act as a messaging gateway in front of oracle smtp, as we do with other products.

• Trend micro rubotted reports malicious dns query when accessing and reading release note page for 3.6.7 update

  Trend Micro RUBotted.exe reports the above. The recommended scan, Trend Micro House Call, completes in 2:40 minutes and does not find a bot on my system. I have done the above action twice, (reading and opening release note fixes) and both times the same identical warnings appeared. My system appears to be clean. However, the RUBotted.exe program is designed to flag bot-like behavior, and I think this finding is correct, and not a false-positive.
  This only happens when this page is opened, and I therefore think there is an embedded link that cannot be seen, and is run when this page is opened.
  I did update to version 3.6.7, but scanned the system before and after I updated to 3.6.7. Results are identical.
  == This happened ==
  Just once or twice
  == I was looking at the latest fixes for Firefox 3.6.7

  Trend Micro has a record of "false positives". Report the problem to them and let them investigate. Please post your results back in this thread for information for other users.