Kansas State University


IT News

Trend Micro Web Reputation Services enabled to help battle malware infections

To assist in the battle against malware that daily threatens K-State computers, Web Reputation Services (WRS), also known as “Web Threat Protection Services”, was enabled last week in K-State’s Trend Micro OfficeScan for those managed by the central IT Trend Micro server. WRS augments the antivirus and antispyware protection already offered in OfficeScan to add another layer of prevention against the rapidly evolving, increasingly sophisticated, quickly spreading, and growing number of malicious threats faced by K-Staters as they browse the Internet.

Web Reputation Services works by checking every web address you attempt to visit in a web browser and blocking access to those found in a list of known malicious sites. WRS works with all major web browsers, including Internet Explorer and Firefox.

Why WRS is needed

Given the high number of new types of malware generated every day and the frequency with which it changes, traditional pattern-based antivirus software cannot prevent all infections. This is a challenge for all antivirus products, not just Trend Micro. When we hear about a new form of malware received by someone at K-State and we can get a copy of the file(s) (which is often difficult), we submit the information to Trend Micro through our premium support channel. Trend Micro support typically responds very quickly, so OfficeScan is able to detect and remove these threats within 24 hours. However, in 24 hours virulent malware can literally spread around the world and do considerable damage, so we need the added protection provided by WRS to help prevent infection until the antivirus pattern files are updated to detect and clean it.

Furthermore, the Web is now the most common vector for infections, whether through malicious links injected into a compromised, public website or via links to a malicious website embedded in an e-mail, so WRS is a critical tool in K-State’s security arsenal.

How it works

When OfficeScan detects an attempt to access a malicious site, it warns the user with a pop-up message:

OfficeScan malicious-site warning
OfficeScan malicious-site warning

And it prevents access to the site, offering the following notice in the browser:

WRS blocked-site notice
WRS blocked-site notice

Reporting “false positives”

The security level in WRS is currently set to “Low”, which means only sites confirmed to be malicious are blocked. K-State has the ability to “white list” websites, so if you try to visit a website blocked by WRS that you believe is legitimate, contact the IT Help Desk.

Viewing Web Reputation logs

To see the history of websites blocked by WRS on a computer, view the OfficeScan logs. Open the OfficeScan Console (right-click on the blue Trend Micro icon in the system tray — tm-icon), select the Logs tab, pull down the list of different logs that are available and select Web Reputation Logs, then select View Logs.

More information

For more information about different types of web threats, see Trend Micro’s Web Threats website, which includes a video that explains their web-threat protection technology.

Faculty/staff: Check with your local IT support person if you are not sure whether your OfficeScan installation has enabled Web Reputation Services.

System administrators interested in enabling WRS in the Trend Micro environment they manage can contact Shea McGrew (slmcgrew@k-state.edu, 785-532-4925) if they have any questions.

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer