[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] Trend.... v2 or v3? - THE OFFICIAL BLOG OF THE SBS DIVA
Sat, Jan 28 2006 15:52 bradley

Trend.... v2 or v3?

Les Connor has always been our "Les is More" guy... and when he posts...this is not done lightly...

 

Folks, I've been using Trends's products on SBS since 4.5 - it's been a pretty good trip.

 

CSM v2 was(is) the icing - very very reliable antivirus and anti-spam capabilities - as close to zero maintenance as you can get or would want. There were a couple of things that could have been better integrated - but on the whole a really solid solution for SMB.

 

I don't take this recommendation lightly - I've worked hard to try and make V3 work - but I just can't afford to use it any longer.

 

CSM v3 hasn't proven to be an improvement. The integrated console is nice - but the product (mostly the console) is unreliable, and the anti-spam feature is a step backwards in performance and features.

 

I'd recommend staying with V2, and would still recommend V2 for new installs - and will be installing V2 on new SBS networks - as IMHO it's still the best thing going.

 

I *do* have *some* faith that progress is being/will be made, and there will be an updated version of CSM for SMB that will be as good (probably better) than V2. I'll be among the first to acknowledge it when it arrives.

 

--

Les Connor [SBS Community Member - SBS MVP]

-----------------------------------------------------------

SBS Rocks !

 

In case you don't want to install V3, V2 still is available and the keys still work... 

http://www.trendmicro.com/download/product.asp?productid=39

Terry posts in.....

 

If you're having trouble connecting your workstation to your SBS server, and you've recently installed Trend Micro CSM 3.0, and you may also have recently upgraded to SBS SP1  ------ check to see if you have the following within the affected workstatation's event viewer/application log :

 

event ID 1006 - windows cannot bind to local domain, group policy processing aborted

event ID 1030 - windows cannot query for the list of group policy objects ....

 

If so, it's likely have the "Trend Micro Client/Server Security Agent Personal Firewall" service started on your SBS server.  Even though the default for Trend's Firewall utility is to have it disabled within the application, the service itself has been installed, started and set for automatic start up.  Stop this specific service on your server, change it's startup status to disabled, and the workstation error messages should disappear.

 

Additional ---- from what I've read elsewhere, this condition sometimes manifests itself on only a few workstations in your SBS environment....sometimes it's only one workstation that seems to be affected (haven't figured that one yet).  However, if you do have this configuration (using Trend Micro CSM 3.0), you might want to check the event viewer/application logs on your workstations for error codes 1006 & 1030.  A couple of the more notable symptoms is the increased time it takes a workstation to boot up (the "applying personal settings" splash screen runs longer than normal), and connecting to Exchange server via Outlook client is problematic.

 

Trend's KB link is here....

 

Filed under: ,

# re: Trend.... v2 or v3?

Saturday, January 28, 2006 6:32 PM by Amy

This is a strange blog post; my experience is completely the opposite. I've installed 5 Trend 3.0's. Some upgrades, some new installs. All successful with no glitchs. Everyone worked the very first time out with no hoops jumped.

An excerpt from a recent thread in praise of Trend v.3.

I just gotta say that the new version of Trend is
fabulous. Look what I got in my email today.

This notification is sent from Trend Micro Security
Server: SBS2003 Trend Micro has detected highly
critical vulnerabilities on computer(s) on your
network and sent you this notification. Refer to the
Outbreak Defense screen on your Security Server for
instructions on how to detect vulnerable computers and
install patches.

Vulnerable Computer(s) list from 1/18/2006 0:03:01 to
1/25/2006 0:03:12
Computer: MLS
Vulnerability: MS06-001;
Computer: FRONTDESK
Vulnerability: MS06-001;
Computer: OFFICEADMIN
Vulnerability: MS06-001;
Computer: LANWORKSTATION
Vulnerability: MS06-001;
Computer: DELLOPTIPLEX100
Vulnerability: MS06-001;
Computer: DAVESDESKTOP
Vulnerability: MS06-001;

So know I know that I've got a handful of PC's out
there that didn't get patched. Sweet! WSUS is
wonderful but I've got to remote into the site then
run a report on failed updates to know that I've got
some out there.

I'm finding the monitoring features of Trend to be
great new feature.

Amy


Amy - this is certainly one of the cool features in the v3.0 product - I
love the fact that I can use this as a kind of double-check against my
WSUS deployments - very cool.

Wayne Small - SBS MVP

Vince,

This is a non default setting that comes under the Vulnerability
Assessment Tab.
Select Outbreak Defense > Settings.
I enable this ans set it to Daily with a target group of All Groups.
This then performs a Vulnerability Assessment on all my computers in the
network and emails me daily if all systems are not patched according to
this security updates from MS. It will not tell you about Service Packs
and things like that, just the security updates.

One more little known fact is that if you use the Outbreak control
settings that during an outbreak it will fo a Vulnerability Assessment
of all systems covered under the outbreak control policy just to be sure
- that way if a major nasty gets out there and your network is not
patched, it will tell you about it

Pretty cool huh :-)

BTW - this and more info is coming in my guide for v3.0 available
shortly :-)


Regards,

Wayne Small [SBS-MVP]

Regards,

Wayne Small [SBS-MVP]

# re: Trend.... v2 or v3?

Saturday, January 28, 2006 8:12 PM by Les Connor

Installation and configuration isn't an issue, anyone who has installed Trend products before won't have any major issues or problems. Trend's products have always been 'good installers', CSM v3 is no different - clean or in-place.

The firewall is no longer enabled by default - but it was on the early available download of V3.

The vulnerability notifications are a good feature.

The reporting is OK. You soon get over the novelty of it, but you'll constantly be irritated by the fact that the report is a link to a .pdf that is useless unless you're connected to the lan the report was sent from. It's an internal link. Doesn't do much for remote monitoring, does it ;-). Just send me the pdf please.

Not having control over the sending email address for all reports and alerts is a bit silly as well - CSM v3 uses an invalid address by default, and it can only be changed for all emails CSM can send.

The firewall has a purpose beyond annoyance - it is part of the outbreak defence - and when it's turned off so is that feature. An SBS template for configuration would be a good solution.

I've had no issues with installation. But the spam filtering is far below the standard set by CSM v2 - for the first time ever, I have to put IMF out front to deflect spam.

End user quarantine is a good idea - some want that. But at the total loss of server side quarantine and logging? No, I have no customers that want EUQ. New customers think they want it, but that doesn't last. Eventually, it's just a chore their users don't need or want.

Officescan was the cornerstone of protection in CSM, it was solid up to V3.

Unfortunately, I've had it break on several installations some months after initial configuration. Some serious breaks, including losing all the R/T scan exclusions for the SBS. CSM v3 is 'exchange aware', but not AD DC aware, or SBS aware.

The console is nice, but unreliable. The http database is subject to corruption, leaving your console unpopulated and the client status unknown and unconfigurable until it's fixed.

I've had good experiences with Trend tech support in fixing things - but there comes a time when you long for something that doesn't need fixing again, or any more.

CSM v2 comes to mind.

Thanks to Trend for the interchangability of CSM 2 and 3 keys and activation codes - and keeping the CSM 2 product available for download.

For those of you running CSM 3 - don't take it for granted the way you did CSM 2, or you may have some very unhappy customers.

That's my experience - and that's all I have to give.

Les.


# re: Trend.... v2 or v3?

Saturday, January 28, 2006 8:20 PM by Amy

I believe you. Obvously you've had some bad experiences with the product. I could write almost the exact poor review of Trend 2 though. I had to jump hoops to make SSL work. In finally gave up on making the console work at all. I had no monitoring, no outbreak defense, no reports and no spam control at all. That the thing updated was good enough, I decided because even with the console problems it was still better than Symantec Bloat ware but now with v.3, it all works and more.

# re: Trend.... v2 or v3?

Saturday, January 28, 2006 9:18 PM by Susan

I never loaded it up with the SSL on the v2 version.

# re: Trend.... v2 or v3?

Sunday, January 29, 2006 12:55 AM by Les Connor

I could never see the purpose of SSL for an internal site, so never used it. Can't help on that one - sorry.

There were a few issues with CSM 2 when it first released, most notably a problem with OWA premium view. But they were resolved, and stayed that way.

The problem with no reporting on CSM v2 is that it's so good, customers forget there are such things as viruses and spam ;-).

If CSM 3 does go flaky on you and you need help with CSM v2 - I'll personally see to it that it works for you. Or, you can post your issue in microsoft.public.windows.server.sbs as there are many experienced users there.

Les.

# re: Trend.... v2 or v3?

Sunday, January 29, 2006 4:00 PM by Noah Kaufman

I wholeheartedly agree with Les on his opinions on Trend SMB CSM v3.0, although for different reasons than he mentions.

I've posted elsewhere on the issues my firm has had with Trend v3 - see my post on Yahoo at:
http://groups.yahoo.com/group/sbs2k/message/90822

The major problem with the product that we’ve seen is that the installation seems incredibly brittle and likely to fail more often than not; and if Les' observations are sound, it may be that there are problems with the quality of the product elsewhere as well.

Although I've spoken with the developers personally, and I'm sure that they will eventually fix the problems with v3, I agree with Les' assessment that it's probably best to avoid using the v3 product unless you have a customer specifically asking for it.
In the meantime, I'm starting to get interested in CA's new integrated anti-virus / anti-spam / patching tool that they've released for SMBs. They have been talking it up like crazy since last July at Velocity, and I'm excitedly awaiting the NFR copy that they are sending me to try it out.

Perhaps we have the possibility of a worthy alternative to Trend in the new CA package?

Noah

# re: Trend.... v2 or v3?

Monday, January 30, 2006 12:52 PM by Mark Welte

I have to agree with Les on this. I had one mess of a week thanks to Trend’s firewall service blocking traffic on the SBS server even though it was not enabled. Once I disabled the firewall service the problem went away. Now all of my computers are gone out of the configuration screen and it looks like I have to contact Trend to get it fixed. I had Trend v2 running for years and never had to mess with it except for the occasional patch. Version 3 has been much more of a handful than it should be. I will probably rip out v3 and reinstall v2 as I do not have the time to troubleshoot why the antivirus is not working as configured.