A couple of other community members and I will be visiting Trend Micro’s SMB R&D Team in Taipei in a few weeks. Our mission – to take our real world experience into the heart of the team and show them how we deal with the problems we face on a day to day basis. I’ve already got a list of things I feel are important, but wanted to reach out to you all and see if you had anything you wanted raised at the same time. It’s been two years since I last did this trip, and I can see how they’ve adopted many of the suggestions I took to them in that time. So please – post comments on this blog post so I can take the feedback right back to them and help them understand how WE need their products to work for US and our clients.
9th April 2010 – UPDATE: Karen Christian, Steven Banks and Kevin Royalty are also coming on this adventure to Taipei. We all want to take back as much community feedback as we can to Trend Micro, so please give us lots of ammunition to take.
Rod Arthur says
SBS default Folder and File Exclusion lists should be able to be selected. Ability to upload, copy and export exclusion lists from one client to another. Make this easier please.
Ability to resize the WFBS console to view more columns at the same time on screen rather than scroll across to right all the time to see additional information.
WFRM agent (Installed using WFBS v6.x) on SBS 2008 – “Unable to connect to the remote server” But it is working and updating if you go online to WFRM in the cloud. The traffic light icon shows red instead of green.
The ability to see status of remote laptops (regardless if in roaming mode) updating on the internal company WFBS console. (Yes I know we can open ports, but not really secure??)
Mike Hatfield says
Server console should be able to report on clients that either failed to complete or perform a scheduled scan.
Mike Hatfield says
Partners should receive notification (maybe by subscription) of product updates, hotfixes and service packs.
An available updates option on the server console would be good.
Kieran says
Hi there Wayne,
I want to thank you publicly for the continuing efforts you put in to helping us improve our product so that they best suit the field’s requirements.
I know for a fact that there are many great things about the WF and other products which simply would not exist without the input you take from the field.
I have been with Trend for a number of years now, and it gives me untold amounts of pleasure to know that our organisation is open enough to take input from the field and act on it so readily. It is vastly different from other vendor organisations I have worked with.
Once again, Thank you
Rod,
These are good requests – echoed from the SMBiT conference the other week.
– I recently did a WFBS6Sp2 install on a WinSBS2008 server – the RM agent went in without the error you are suggesting.
May I suggest that the knowledge base has a number of articles relating to this error, plus I have seen it previously on my test servers, and more often than not it has ended up being a config or connection issue. Otherwise if the KB articles do not resolve it – give the partner support hotline a try on this one.
On the remote laptop side of things – I’d STRONGLY recommend you check out the new Services Product WFBS-Svc. This is a solid offering, and perfect for environments where laptops are constantly out of the office. We have tried implementing this type of environment with the on premise installation, with less than favourable results. The big thing that got us was the private IP address behind the firewall was not allowing the correct info to get to the “open” WF server. Only other solution is VPN – logmein, and one I just discovered, teamviewer appear to have some form of private network/VPN functionality – I don’t know for sure if this would work as I have not tested it myself, but might be worth investigating. Without a VPN how else do you expect to get information to the console securely?
Use WFBS-Svc in combination with on-premise WFBS – then manage them both from WF Remote Manager.
It really is a very tidy solution which gives you that visibility you are looking for.
I hope this helps. Ping me off-line if you have any other questions – you have my details!
regs
Kieran
Kieran says
BTW:
a couple of the links did not work in that post:
The knowledge base articles I was referring to can be found at:
https://esupport.trendmicro.com/smb/FASTSearch.aspx?t=1&p=Worry-Free%20Remote%20Manager&q=Unable%20to%20connect%20to%20the%20remote%20server
regs
Kieran
Dipper says
Subscription expiry letter (or emails) to be sent to the reseller along with the end user.
The ability to change the from email address when notifications are sent from WFBS.
Chris says
I shouldn’t have to change the administrator password to install a remote Exchange Server agent. If it’s long, and complex, like all of my administrator passwords are, then it must be changed prior to installing. That’s stupid, and a PITA.
Be able to import/export exclusions.
Excluding AD and Exchange checkboxes should hold true for EVERYTHING. Not just On Access Scans.
Stop generating ID 537s with crap for details. Like (the ‘Dot’ in the example is actually some non-english character set, I’m guessing, and doens’t display correctly in this post):
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 4/9/2010
Time: 8:29:12 AM
User: NT AUTHORITY\SYSTEM
Computer:
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: ”
Authentication Package: NTLM
Workstation Name:
Status code: 0x80090308
Substatus code: 0x0
Caller User Name: –
Caller Domain: –
Caller Logon ID: –
Caller Process ID: –
Transited Services: –
Source Network Address: –
Source Port: –
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Chris
Duke says
How about the ability to remotely scan a single workstation from the management console? Like select the workstation from the list, then select scan remotely from the action list.
Gregg Hill says
At several times during the past year, I have given this information to William Kam, Melody Liu, and Laura Martinez, and they have given it to others at Trend Micro. It can’t hurt to have it hand-delivered to more folks there!
I had asked if it would be possible to somehow use the SMTP ability to strip attachments by file type and port that to the desktop firewall or HTTP filter stream so that admins could block the download of EXE or DLL files during web browsing.
I have my WatchGuard firewall set to block executables by MIME type except for files from trusted sites, and **NO** executable file gets past it, even when visiting known-infected sites from a test system with no patches and no antivirus.
If Trend Micro’s programmers could create a feature to allow us to block all executable file downloads, and give us the ability to trust certain sites (Microsoft, Trend Micro, etc), then they would ***blow away*** the competition, because they would no longer have to rely upon **detection** of new threats. I have run into a few sites that have infected files that **no** major AV vendor (according to http://www.virustotal.com) has classified yet, and I can click OK on their little “protect me now” window and not get hit because my WatchGuard firewall blocks the EXE, SYS, and DLL files.
These new features should be selectable by computer group as we have now with firewall, etc, features, and allow having a bypass password that managers can use to download the file if it is truly needed.
That is the ONLY way to have true “zero-day” protection. I have done extensive testing of the feature via my WatchGuard firewall, and not one of these bad boys can get into my systems. I have a bypass password that can be entered to download the files, which I have done for testing Trend Micro’s ability to catch them, and frequently found that Trend did not recognize the threat. Neither did some other big names that I tested via sending the files to the http://www.virustotal.com site, and via direct testing with their products installed.
Just a thought!
Gregg Hill
Gregg Hill says
To “Dipper”:
The ability to change the “from” email address when notifications are sent from WFBS can be done now from the Preferences > Notifications > Settings tab.
Gregg Hill
Gregg Hill says
Here are some more:
—————————-
Improve speed. Using Smart Scan KILLS the network.
—————————-
Ability to resize the WFBS Security Settings console page to view more columns, remove undesired columns, rearrange columns, and to have these settings SAVED so that I don’t have to re-order them each time I open the console.
—————————-
Change their “Active Action” stance from allowing something into the network for two weeks while they investigate its threat level. MANY emails sent back and forth between Laura and I regarding this issue. Basically, Trend is so afraid of a false-positive, that they let in malware for two weeks while they certify if it is a legitimate threat. No wonder their catch rate is so low in real-life networks. Then again, if they adopt my “block executable downloads” suggestions, this point will be moot. I just reviewed my Trend emails, and William Kam said that the “block executable downloads” suggestion got “the positive nod” in early February 2010.
—————————-
Move the Vulnerability Assessment out from under Outbreak Defense and give it its own Live Status page item. Make it go yellow if there are **ANY** computers found with **even a single vulnerability** no matter the severity level. William Kam has LONG emails from me regarding this feature’s shortcomings. I can email them to you if desired.
—————————-
Ability in WFBS and WFRM to alert ONLY if license **EXCEEDS** 100% of purchased licenses. I keep getting alerts that they are over 80% and I have the box unchecked for that alert.
—————————-
Exclude Microsoft Domain Controller folders for ALL scans.
—————————-
Add “Disable Firewall and uninstall drivers” to the Security Settings section so it can be applied selectively rather than globally.
—————————-
Fix problems with the popup that says “Install driver and reboot” for the firewall driver. It keeps coming up, and I have followed all the articles. Haven’t had time to pursue it further.
—————————-
Ability to force scans of individual workstations as well as groups.
Michael Pope says
1. I ditto the request to be able to export and import file and folder exclusions so that standard exclusions can be more easily deployed across installations. It would also be nice to be able to script the import by providing an executable with a file containing an export.
2. I ditto the WFBS console width problems. For some reason, some of the installations require me to scroll back and forth to see all of the information even though there is a lot of unused border space on either side of the table.
3. When you select the automatically exclude options for either domain controllers, Exchange server or Trend Micro folders, it would be really handy for these folders to show up in the list of folder exclusions. It makes it easier to understand exactly which folders are being excluded by enabling those checkboxes.
4. Scriptability. It would be nice to be able to force signature updates and check signature version levels using scripting.
5. Eliminate the “Install driver and reboot” alerts when performing upgrades. They’re a huge nuisance.
6. When changing from using EUQ to the integrated Junk E-mail folder, the Spam Mail folder needs to be deleted. We have seen inconsistent results with this across installations. Some users still have their spam email directed to the Spam Mail folder while others have it directed to the Junk E-mail, even when sharing the same security server.
7. SBS 2008 report integration needs improvement. Some reports show yellow for no apparent reason. It says everything is normal but it still shows yellow. It’s a distracting nuisance each morning when we check reports.
8. Space usage. Space requirements on the security server seem to be increasing exponentially. What’s the deal?
9. TEST UPGRADES. We have tons of problems when upgrading Trend Micro – even when just installing service packs.
Dipper says
A few other things for WFBS Services:
– the ability to change the email subject line for all notifications in one go (ie the ability to put the clients name in the subject line)
– have an Australian time for jobs and scans in WFBS Services
Dipper says
To Greg Hill
> The ability to change the “from” email address when
> notifications are sent from WFBS can be done now
> from the Preferences > Notifications > Settings tab.
I can’t see that in WFBS Services???
Gregg Hill says
To Dipper:
I was referring to when notifications are sent from WFBS Standard or Advanced because you had not stated originally that it applied to the Services product. I have not used that product, so I don’t have an answer for you.
Gregg
Mark Wilton says
I ditto the request about the WFRM traffic lights eing red on SBS 2008, even though it is working. Is green when first install, but on reboot it comes up red. When check connectivity it states all is OK, but stays red. Uninstall and reinstall is green until reboot, then back to red. Has been same before and after applying SP2. Have not done a new install of SP2 though.
I ditto the requests for the “Ability to resize the WFBS Security Settings console page to view more columns, remove undesired columns, rearrange columns, and to have these settings SAVED so that I don’t have to re-order them each time I open the console.”
It is insane that when I open the console that the columns I see first are the irrelevant version numbers, and I have to scroll right EVERY TIME to see the information I want, which is number of detections.
Currently you can rearrange the order of the columns to what you want, but the new column order is not saved. Have been asking for this seemingly simple change for AGES, but Trend do not seem to see it as significant.
Matt Stevenson says
1. Regarding the comments about the “install firewall and reboot” issue. Considering I always do a Trend Micro upgrade afterhours. I see it more effective if an option in the group settings could push a forced reboot on systems not logged in, as this would resolve most of the systems requiring this for certain systems. Obviously there are particular systems not desired to be restarted automatically, so those systems could be controlled on a per group basis in this way.
2. Regarding the exclusions copying requests, I see the option for “import/Export” in WFBSA 6.0 which seems to imply that all the settings are exported for the selected group on that server and can be thus imported on another installation. It does not explicitly specify that the exclusions are included and based on others feedback, I will assume that they are not. Can’t the exclusions be added into this export component and stated in the notification information?
3. Fix the MSA issues regarding installation on a Windows 2008 system with UAC enabled. That is an annoyance, and having to lower the security level of the server by disabling UAC is not good for a “security product”. Although some recent experiences with Symantec make Trend look wonderful.
Considering there has been lots of good and interesting suggestions given already, some of which are great ideas. I think it would be appreciated by the community if Trend gave a brief summary response to these requests highlighting what will be considered/implemented and what is to be crossed of as not possible. Understandably we can’t all get what we want, or the product becomes bloated and useless, but I see it is a bit disheartening to the community at large if a lot of feedback is given and no action is taken on that request as evidenced by one of the posts here.
Cheers,
Matt
Matt Stevenson says
Note: on my previous post # 17, yes i know that if the built in administrator account can be used, but that didn’t work in a recent installation and UAC required to be disabled.
Dave Phillips says
1.Tighter integration between WFBS and IMHS – preferably all management inside the WFBS console.
2. Optional logging of internet access – URL filtering and Web Reputation are good tools but it would be useful to see where else users are going.
3. A method of receiving email traffic from IMHS when the normal SMTP IP address is not available. My clients use Telstra NextG modems as backup to ADSL and these have a 10.X.X.X IP address preventing incoming SMTP traffic. ETRN or similar would help.