TXOne Networks StellarProtect™ 1.

1 Installation and Administrator's

Guide
TXOne Networks reserves the right to make changes to this document and to
the product described herein without notice. Before installing and using the
product, review the readme files, release notes, and/or the latest version of
the applicable documentation, which are available from the TXOne Networks
website at:
http://docs.trendmicro.com/en-us/enterprise/txone-stellarenforce.aspx
© 2021 TXOne Networks. All rights reserved. TXOne Networks, StellarProtect,
and StellarOne are trademarks or registered trademarks of TXOne Networks.
All other product or company names may be trademarks or registered
trademarks of their owners.
Document Part No.: SLEM19396/210826
Release Date: September 2021
Protected by U.S. Patent No.: Patents pending.
This documentation introduces the main features of the product and/or
provides installation instructions for a production environment. Read
through the documentation before installing or using the product.
Detailed information about how to use specific features within the product
may be available at the TXOne Networks Online Help Center and/or the
TXOne Networks Knowledge Base.
TXOne Networks always seeks to improve its documentation. If you have
questions, comments, or suggestions about this or any TXOne Networks
document, please contact us at docs@trendmicro.com.
Evaluate this documentation on the following site:
http://docs.trendmicro.com/en-us/survey.aspx
Privacy and Personal Data Collection Disclosure
Certain features available in TXOne Networks products collect and send
feedback regarding product usage and detection information to TXOne
Networks. Some of this data is considered personal in certain jurisdictions
and under certain regulations. If you do not want TXOne Networks to collect
personal data, you must ensure that you disable the related features.
The following link outlines the types of data that TXOne StellarProtect
collects and provides detailed instructions on how to disable the specific
features that feedback the information.
https://success.trendmicro.com/data-collection-disclosure
Data collected by TXOne Networks is subject to the conditions stated in the
Trend Micro Privacy Notice:
https://www.trendmicro.com/privacy
Table of Contents
Preface
Preface ................................................................................. v
About the Documentation ...................................................... v
Audience ............................................................................. vi
Document Conventions ........................................................ vi

Chapter 1: Introduction
About the TXOne™ Stellar™ Series and StellarProtect™ .......... 1-2
What's New .................................................................. 1-2
Agent Features and Benefits .......................................... 1-3

Chapter 2: Installation
System Requirements ......................................................... 2-2
System Requirements ................................................... 2-2
Operating Systems ........................................................ 2-3
Local Installation ................................................................ 2-4
Getting the StellarProtect Agent Package ........................ 2-4
Installing the StellarProtect Agent .................................. 2-7
Silent Installation .............................................................. 2-18
Configuring Silent Installation ..................................... 2-18
Silent Installation of the StellarProtect Agent ................ 2-22
Preparing the Agent for Upgrade to a Later Version ............. 2-26

Chapter 3: Uninstalling StellarProtect

Chapter 4: Using the Agent Console

Overview ............................................................................ 4-2
ICS Applications ................................................................. 4-3

i
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

ICS Certificates ................................................................... 4-4

Scan Components ............................................................... 4-6
Password ........................................................................... 4-6
Industrial-Grade Next-Generation Antivirus ......................... 4-7
USB Vector Control ............................................................. 4-8
ICS Application Safeguard ................................................... 4-8
Operations Behavior Anomaly Detection .............................. 4-9
DLL Injection Prevention .................................................... 4-9
Settings ............................................................................ 4-10

Chapter 5: Using the Agent Command Line Interface (CLI)

Using OPCmd at the Command Line Interface (CLI) ............. 5-2
Overview ............................................................................ 5-2
List of All Commands .......................................................... 5-4

Chapter 6: Events
Overview of StellarProtect Events ........................................ 6-2
Agent Event List ................................................................. 6-2

Chapter 7: Technical Support

Troubleshooting Resources ................................................. 7-2
Using the Support Portal ............................................... 7-2
Threat Encyclopedia ..................................................... 7-2
Contacting Trend Micro ...................................................... 7-3
Speeding Up the Support Call ........................................ 7-4
Sending Suspicious Content to Trend Micro ......................... 7-4
Email Reputation Services ............................................. 7-4
File Reputation Services ................................................ 7-5
Web Reputation Services ............................................... 7-5
Other Resources ................................................................. 7-5
Download Center .......................................................... 7-5

ii
 Table of Contents

Documentation Feedback .............................................. 7-6

Index
Index ............................................................................... IN-1

iii
 Preface
This Administrator's Guide introduces TXOne Networks StellarProtect and
covers all aspects of product management.

Topics in this chapter include:

• About the Documentation on page v

• Audience on page vi

• Document Conventions on page vi

About the Documentation

TXOne Networks StellarProtect documentation includes the following:
Table 1. TXOne Networks StellarProtect Documentation

Documentation Description

Installation Guide A PDF document that discusses requirements and procedures for
installing StellarProtect.

Administrator's Guide A PDF document that discusses getting started information and
StellarProtect usage and management.

Readme File Contains a list of known issues. It may also contain late-breaking
product information not found in the printed documentation.

Knowledge Base An online database of problem-solving and troubleshooting

information. It provides the latest information about known
product issues. To access the Knowledge Base, go to the
following website:
http://esupport.trendmicro.com

Download the latest version of the PDF documents and Readme at:

http://docs.trendmicro.com

v
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Audience
TXOne Networks StellarProtect documentation is intended for
administrators responsible for StellarProtect management, including agent
installation.

Document Conventions
The following table provides the official terminology used throughout the
TXOne Networks StellarProtect documentation:
Table 2. Document Conventions

Convention Description

UPPER CASE Acronyms, abbreviations, and names of certain commands and

keys on the keyboard

Bold Menus and menu commands, command buttons, tabs, and

options

Italics References to other documents

Monospace Sample command lines, program code, web URLs, file names,
and program output

Navigation > Path The navigation path to reach a particular screen

For example, File > Save means, click File and then click Save on
the interface

Configuration notes
Note

Recommendations or suggestions
Tip

Information regarding required or default configuration settings

Important
and product limitations

vi
Convention Description

Critical actions and configuration options

WARNING!

vii
 Chapter 1

Introduction
This chapter introduces TXOne StellarProtect 1.1, which provides industrial-
grade next-generation antivirus protection for your assets, and gives an
overview of its functions.
• About the TXOne™ Stellar™ Series and StellarProtect™ on page 1-2
• Agent Features and Benefits on page 1-3

1-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

About the TXOne™ Stellar™ Series and

StellarProtect™
TXOne’s Stellar series is a first-of-its-kind OT endpoint protection platform
which includes:

• StellarProtect™, industrial-grade next-generation antivirus endpoint

security for modernized ICS endpoints

• StellarEnforce™, for trust list-based application lockdown of legacy and

fixed-use ICS endpoints with on-demand AV scan

• StellarOne™, the ONE centralized management console for the Stellar

series

TXOne StellarProtect is an ICS-compatible, high performance and zero touch

endpoint protection solution.

What's New
TXOne StellarProtect 1.1 includes the following new features and
enhancements.
Table 1-1. What's New in TXOne StellarProtect 1.1

Feature Description

Compatibility with Trend Micro Portable StellarProtect 1.1 is now compatible with
Security 2 and 3 Trend Micro Portable Security products.

Remote patching from StellarOne is now Starting from version 1.1, StellarProtect can
supported be patched from the StellarOne console.

Scan components can now update from For air-gapped environments, StellarProtect
StellarOne now can perform scan component updates
from StellarOne.

Scan components now update before prescan StellarProtect will now update scan
components before beginning the prescan.

1-2
 Introduction

Feature Description

Silent install has been enhanced A new silent install method is now available.

Support added to the command line for Users can now restore quarantined files on
restoring quarantined files the standalone agent using the CLI.

New Windows platform support added StellarProtect 1.1 now officially support
Windows Server 2008 and Windows 10 21H1.

Various bug fixes and enhancements Bugs were fixed and many enhancements
were added, including new kinds of event
blocking based on user-defined rules.

Agent Features and Benefits

StellarProtect includes the following features and benefits.

Feature Benefit

Industrial-Grade Next-Generation Antivirus ICS root of trust and advanced threat scan
secure OT assets with no interruption to
operations

Operations Behavior Anomaly Detection Detect abnormal operations and exercise

least privilege-based control to prevent
malware-free attacks

ICS Application Safeguard Intelligently locate and secure the integrity of

the ICS process from ICS targeted attacks by
device

USB Vector Control Prevent insider threats by only allowing usage

of USB ports on a case-by-case administrator-
reviewed basis

1-3
 Chapter 2

Installation
This chapter shows how to install the TXOne StellarProtect agent. The
StellarProtect agent provides several installation types including local
installation and silent installation.
Topics in this chapter include:
• System Requirements on page 2-2
• Local Installation on page 2-4
• Silent Installation on page 2-18

2-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

System Requirements
This section introduces the system requirements for StellarProtect, including
hardware and OS requirements.

System Requirements
TXOne StellarProtect does not have specific hardware requirements beyond
those specified by the operating system, with the following exceptions:
Table 2-1. Required Software for StellarProtect

Software Description

.NET framework Ver 3.5 SP1 or 4.0 available

Table 2-2. Required Hardware for StellarProtect

Hardware Description

Available disk space 200MB minimum

300MB recommended

Monitor resolution 640 x 480

By default, StellarProtect uses port 14336, which is sometimes blocked by

firewalls. Please make sure this port is kept open for StellarProtect's use.

Important
StellarProtect cannot be installed on a system that already runs one of the
following:

• Trend Micro OfficeScan

• Trend Micro Titanium

• Other Trend Micro endpoint solutions

• Other antivirus products

2-2
 Installation

Important
Ensure that the following root certification authority (CA) certificates are
installed with intermediate CAs, which are found in StellarProtectSetup.exe and
StellarProtect.exe. These root CAs should be installed on the StellarProtect
agent environment to communicate with StellarOne.

• Intermediate Symantec Class 3 SHA256 Code Signing CA

• Root VeriSign Class 3 Public Primary Certification Authority - G5

To check root CAs, refer to the Microsoft support site:

https://technet.microsoft.com/en-us/library/cc754841.aspx

Operating Systems
Client OS:

• Windows 7 (No SP/SP1) [Professional / Enterprise / Ultimate] (32/64bit)

• Windows 8 (No SP) [Pro/Enterprise] (32/64bit)

• Windows 10 (RS1/RS2/RS3/RS4/RS5/20H1/20H2/21H1) [Pro/

Enterprise/IoT Enterprise] (32/64bit)

• Windows Embedded 8 Standard (No SP) (32/64bit)

• Windows Embedded 8.1 [Pro/Industry Pro](No SP) (32/64bit)

• Windows Embedded POSReady 7 (32/64bit)

Server OS:

• Windows Server 2008 SP1/SP2 (32-bit and 64-bit)

• Windows Server 2008 R2 (SP1) [Standard / Enterprise / Storage] (64bit)

• Windows Server 2012 (No SP) [Essentials/Standard] (64bit)

• Windows Server 2012 R2 (No SP) [Essentials/Standard] (64bit)

• Windows Storage Server 2012 Standard (64bit)

2-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

• Windows Server 2016 (No SP) [Standard] (64bit)

• Windows Server 2019 Standard (64bit)

Local Installation
This section mainly explains the steps for installing StellarProtect, including
downloading the installation file from StellarOne, running the installer,
doing setup, and uninstalling StellarProtect.

Getting the StellarProtect Agent Package

Procedure
1. First log into StellarOne (default ID and password are admin/txone), the
system will guide the user to change their ID and password to ensure
account security.

2. Change the administrator password. StellarOne will check the quality of

the new login name (ID), and will direct the user to input a strong
password twice for confirmation.

2-4
 Installation

3. After first password change on StellarOne, there will be a page for

setting Date and Time.

4. The system will ask the user to input an activation code (AC) for
StellarOne service activation.

Note
The AC can be provided by the TXOne product center or another
authorized agency.

2-5
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

5. Download the install package from the StellarOne web console. The user
can visit Administration > Updates to download the StellarProtect
installation package. The downloaded package is packed by StellarOne
and can be installed by all agents.

2-6
 Installation

Installing the StellarProtect Agent

Procedure

1. Launch the installer, StellarProtectSetup.exe.

2. To start the installation, please click Next.

2-7
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

3. The End-User License Agreement (EULA) will be shown. Please read the
content, then click I accept the terms of the license agreement and
Next.

4. Input your Product Activation Code and choose an administrator

password. Please use a strong administrator password with good quality
in 8 to 64 alphanumeric characters.

2-8
 Installation

5. Please input the asset information of the installed device with correct
ICS-relative information such as vendor name, model, location and a
description.

2-9
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

6. Confirm installation settings including installation directory and

optional component settings.

Note
Users can choose to whether or not to add an icon to the start menu,
create a desktop icon, or create a system tray icon.

Important
We suggest that users should also check Enable Trusted ICS Certificates.
This feature ensures that StellarProtect can sync up trusted ICS certificates
and enhance ICS applications, and that installers can always be recognized
by StellarProtect.

7. Please click the Scan button to start the pre-scan task. Please note, this
step is extremely important – please agree to allow StellarProtect to scan
the ICS device to learn which ICS applications are installed.

2-10
 Installation

Important
If you skip the pre-scan, StellarProtect will not be able to recognize the ICS
application before it resumes production, and will need to learn them
when as they are executed for the first time. In addition, this may cause
delays in ICS applications, so we strongly recommend that you click Scan
to allow StellarProtect learn about installed ICS applications in advance.

8. During the installation, the installer will show the status with a progress
bar.

2-11
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

9. To detect potential pre-existing issues, users should run an Endpoint

Prescan. You can view the scan settings and click the Start button to
launch the StellarProtect Endpoint Prescan task.

Note
Before the prescan starts, the installer will perform a component update
based on the chosen configuration. For the standalone agent installer
package, connecting to the Trend Micro Active Update server will be
necessary to perform the update, so internet access is required.
The update process will display a message as shown below. Please note
that there is no need for concern when you see this window.

Scan settings are described as follows:

• Scan: This is the default anti-virus scan, following our template
• Scan Removable Drives: Selected removable drives are scanned
• Exclusion: Which files or folders won’t be scanned
• Scan Compressed Files: Scan up to 20 layers of compression
• Skip Files: Specific files that will be skipped

2-12
Installation

2-13
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

The progress bar shows the status of the prescan.

10. After the prescan, results will be shown for review.

2-14
 Installation

11. If a threat is detected, the user can choose from two options:

a. Quarantine: Quarantine the threat.

b. Continue: Take no action at this time.

12. After the prescan phase is complete, the StellarProtect application will
be installed.

2-15
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

13. When the installation is complete, you will see the window below.

14. Run TXOne StellarProtect and log in with your password.

2-16
 Installation

15. Upon logging into StellarProtect successfully, this window will display.

2-17
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Silent Installation
StellarProtect provides silent installation based on a pre-defined
configuration file. User can use the Configuration session to enable silent
installation based on the Setup.yaml, then execute
StellarProtectSetup.exe in silent mode.

Configuring Silent Installation

Users can pre-define the setup configuration for installation. The name is
fixed to Setup.yaml.
The launcher will parse Setup.yaml while executing.
You can find Setup.yaml in the installation folder as shown below:

• install:

• • activation_code: <ACTIVATION_CODE>

password: <PASSWORD>

asset_vendor: <ASSERT_VENDOR>

asset_model: <ASSET_MODEL>

asset_location: <ASSET_LOCATION>

2-18
 Installation

asset_description: <ASSET_DESCRIPTION>

install_location: <INSTALL_LOCATION>

enable_start_menu: <ENABLE_START_MENU>

enable_desktop_icon: <ENABLE_DESKTOP_ICON>

enable_systray_icon: <ENABLE_SYSTRAY_ICON>

enable_trusted_ics_cert: <ENABLE_TRUSTED_ICS_CERT>

enable_prescan: <ENABLE_PRESCAN>

enable_silent_install: <ENABLE_SILENT_INSTALL>

• prescan:

• • action: <PRESCAN_ACTION>

• server:

• • host: <SERVER_HOST>

• port: <SERVER_PORT>

• cert: <SERVER_CERT>

• listen: <LISTEN_PORT>

• client:

• • import_source: <IMPORT_SOURCE>

• proxy:

• • default:

• • intranet:

• • host: <INTRANET_PROXY_SERVER_HOST>

• port: <INTRANET_PROXY_SERVER_PORT>

• username: <INTRANET_PROXY_SERVER_USERNAME>

2-19
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

• password: <INTRANET_PROXY_SERVER_PASSWORD>

The following table lists parameters for Setup.yaml along with the details of
their use:

Parameter Type Default Value Description

ACTIVATION_CODE string empty string The StellarProtect

Activation Code (AC)
used for license
activation.

PASSWORD string empty string Administrator’s

password.
The Password will be
required by specific
functions, including
uninstall, the
command line
interface, and
support tools.

ASSET_VENDOR string empty string The vendor’s name of

the ICS asset.

ASSET_MODEL string empty string The model name of

the ICS asset.

ASSET_LOCATION string empty string The physical location

of the ICS asset.

ASSET_DESCRIPTIO string empty string The ICS asset

N description.

INSTALL_PATH string empty string → The installation path

default install path of the StellarProtect
installer.
C:\Program Files
\TXOne (default
install path is decided
in MSI installer)

2-20
 Installation

Parameter Type Default Value Description

ENABLE_START_MEN boolean true Enable StellarProtect

U in the Windows start
menu.

ENABLE_DESKTOP_I boolean true Enable StellarProtect

CON icon to be placed on
the desktop.

ENABLE_SYSTRAY_I boolean true Enable StellarProtect

CON icon in the Windows
system tray.

ENABLE_TRUSTED_I boolean true Allow the installer to

CS_CERT install ICS code
signing certificates
during installation.

ENABLE_PRESCAN boolean true Enable virus scan

during installation.

ENABLE_SILENT_IN boolean false Hide the installation

STALL UI.
ACTIVATION_CODE
and PASSWORD must
be given during silent
installation.

PRESCAN_ACTION int 1 0: None

1: Quarantine

SERVER_HOST string empty string StellarOne hostname

or IP

SERVER_PORT int 9443 StellarOne's port for

connecting to the
client

SERVER_CERT string server.crt The certificate

filename for
communicating with
StellarOne

2-21
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Parameter Type Default Value Description

LISTEN_PORT int 14336 The client listening

port for StellarOne

IMPORT_SOURCE string empty string This is the path to the

folder containing the
config to be imported

DEFAULT_PROXY_SE string empty string FQDN, hostname or

RVER_HOST IP address of Intranet
proxy server

DEFAULT_PROXY_SE int -1 Port number of

RVER_PORT Intranet proxy server

DEFAULT_PROXY_SE string empty string Username of Intranet

RVER_USERNAME proxy server, required
only when the proxy
server is configured
to authenticate by
username and
password

DEFAULT_PROXY_SE string empty string Password of Intranet

RVER_PASSWORD proxy server, required
only when the proxy
server is configured
to authenticate by
username and
password

Silent Installation of the StellarProtect Agent

Procedure

1. Please input the activation code and password, then enable silent
installation by changing the enable_silent_install value to true in
the configuration file. If you would like to manage the agent using
StellarOne, please configure the server session host value with the
server IP address.

2-22
 Installation

Please refer to the text below for an example silent installation

configuration file:
• install:
• activation_code: TE-XXXXX-SAMPL-EXXXX-CODES-XXXXX-
TXONESP

• password: 11111111
• asset_vendor: ABB
• asset_model: ABB-1X2Y
• asset_location: Factory1 North Area
• asset_description: This is a machine
• install_location: C:\test
• enable_start_menu: true
• enable_desktop_icon: true
• enable_systray_icon: true
• enable_trusted_ics_cert: true
• enable_prescan: true
• enable_silent_install: true
• prescan:
• action: 1
• server:
• • host: 10.1.195.100
• port: 9443
• cert: server.crt
• listen: 14336

2-23
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

2. Double-click the installer, StellarProtectSetup.exe.

Note
Please note that there are two methods for beginning the silent
installation.
• For a silent installation with a GUI, double-click the installer
StellarProtectSetup.exe.

• For a silent installation without any GUI, instead of double-clicking

the executable in step 2, instead use the command prompt to execute
StellarProtectSetup.exe with the argument -s. Please note that
with this method, pop-up windows mentioned in the following steps
will not be shown. To view information related to the installation,
check logs filed under C:\Windows\Temp\StellarProtect.

3. After the installation is complete, this message box will appear.

2-24
 Installation

4. Run StellarProtect and log in with the configured password.

5. After successfully logging into StellarProtect, this window will be

displayed.

2-25
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Preparing the Agent for Upgrade to a Later Version

This version of StellarProtect supports upgrade from the following version:
• StellarProtect 1.0
The latest updates can be downloaded from the StellarProtect Software
Download Center at http://downloadcenter.trendmicro.com/.

Important
Before upgrading, take the appropriate actions below as noted for your chosen
installation method and the version of your installed StellarEnforce agent.

2-26
 Installation

Table 2-3. Fresh Installation of the StellarProtect Agent

Installation Installed Agent

Required Action Settings Retained
Method Version

Local installation StellarProtect 1.0 Manually uninstall No settings retained

using Windows
installer

Local installation StellarProtect 1.0 Manually uninstall No settings retained

using command line
interface installer

Table 2-4. Post-Installation Agent Upgrade

Installation Installed Agent

Required Action Settings Retained
Method Version

Extract patch zip file StellarProtect 1.0 No preparation Compatible settings

and patching by needed retained
running
txone_sp_full_pa
tch_win_en.exe.

Remote Installation Not supported Not supported Not supported

2-27
 Chapter 3

Uninstalling StellarProtect
Note
StellarProtect's administrator password is required to uninstall StellarProtect
from an endpoint.

Important
Please make sure the StellarProtect UI is not open.

Procedure
1. On an endpoint with the StellarProtect agent installed, launch
StellarProtect Setup.
2. Follow the steps listed here according to your operating system:

3-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Operating System Procedure

• Windows 10 Enterprise a. Go to Start > Settings.

• Windows 10 IoT Enterprise b. Depending on your version of

Windows 10, locate the Apps &
• Windows 10 Professional Features section under one of the
following categories:
• Windows 10 Fall Creators
• System
• Update (Redstone 3)
• Apps
• Windows 10 April 2018
c. On the left pane, click Apps &
• Update (Redstone 4) Features.
• Windows 10 October 2018 d. In the list, click StellarProtect.
• Update (Redstone 5) e. Click Uninstall.

• Windows Server 2016 a. Go to Start > Control Panel >

Programs and Features.
• Windows Server 2012
b. In the list, double-click TXOne
• Windows Storage Server 2016 StellarProtect.
• Windows 8
• Windows 7

3. After the StellarProtect Setup opens, click Next.

3-2
 Uninstalling StellarProtect

4. Enter in the StellarProtect administrator password, and click Next.

5. Make sure StellarProtect's UI is completely closed before you click OK.

3-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

6. After the software is finished uninstalling, click Finish.

3-4
 Chapter 4

Using the Agent Console

This chapter describes how to operateTXOne StellarProtect's various
functions using the agent console on the endpoint.
Topics in this chapter include:
• Overview on page 4-2
• Settings on page 4-10

4-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Overview
Overview is a description of the current status of the StellarProtect system.
The shield shape indicates if the endpoint is currently protected by
StellarProtect's Next-Generation Antivirus. The column on the right is the
endpoint's ICS asset information including Model, Location, Vendor and
Description.
The following current information about endpoint protection will be shown:
• Number of ICS apps: How many ICS applications are in the endpoint
• Last ICS inventory update on: The date and time the ICS Inventory was
last updated on this endpoint
• Last blocked event: Clicking the link shows the most recent blocked
events
• License expires on: When StellarProtect’s current license will expire

4-2
 Using the Agent Console

ICS Applications
This function lists all ICS application systems recognized by StellarProtect on
this endpoint, and lists the software name, vendor name, product version
and installation path of each application system.
The number of ICS application systems that StellarProtect can recognize will
continue to increase with updates to the ICS Application Inventory, which is
maintained by the TXOne research laboratory based on ICS product analysis.

4-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

This information will be synchronized to the StellarOne backend for device

management.

ICS Certificates
Digital signature is currently the most secure software product identification
technology, which can ensure that the signed software component is not
illegally modified, and can identify that the software was released by the
original manufacturer.
The number of ICS certificates that StellarProtect can recognize will increase
with updates from the ICS Application Inventory. This inventory is produced
by the TXOne research laboratory and based on ICS product analysis.

4-4
 Using the Agent Console

This information will be synchronized to the StellarOne backend for

management.

4-5
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Scan Components
List all critical scan engines and patterns with versions used by
StellarProtect.

Password
This is the StellarProtect administrator password change function. The user
must enter the correct old password, then enter the same new password

4-6
 Using the Agent Console

twice, confirm that the length of the new password meets the requirements,
and press Save to complete the change.

Industrial-Grade Next-Generation Antivirus

Industrial-grade next-generation antivirus software is the core protection of
StellarProtect. We integrate signature-based and AI-based antivirus software
to provide real-time scanning of any file or process activity.
StellarProtect has built-in ICS application recognition technology to prevent
false alarms.

4-7
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

USB Vector Control

USB Vector Control is the function of StellarProtect to control external USB
storage devices to ensure that only authorized USB devices can be used on
endpoints protected by StellarProtect.

When an unauthorized USB storage device is inserted into the endpoint

device, StellarProtect will send a blocked event to StellarOne, and the
administrator can view the blocked event in the StellarOne console and
decide to continue blocking or approve access.

The USB Vector Control use case is as follows:

1. Plug in the USB

2. The USB will be blocked if USB Vector Control is enabled and the device
is untrusted

3. Windows will show a pop-up, as in the screenshots below

4. The USB device can be allowed access until unplugged

ICS Application Safeguard

ICS application patches or hard fixes may cause anti-virus false alarms,
including potential blocking. StellarProtect can use PKI and ICS inventory
technology to verify legal updates for the ICS, and can keep recognized ICS
applications updated without blocking or alerts.

4-8
 Using the Agent Console

Operations Behavior Anomaly Detection

Operationally abnormal behavior may be caused by advanced attacks (such
as fileless attacks). StellarProtect can detect the behavior of these threats and
keep logs for later analysis.
In addition, this function can be applied in aggressive mode to protect the
endpoint with high security protection.

DLL Injection Prevention

DLL injection is a high-risk attack in the ICS field, and StellarProtect can
prevent this type of attack when this feature is enabled.

Note
DLL injection can only be enabled in 32-bit Windows OSes.

4-9
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Settings
This section mainly describes the StellarProtect settings, including the
aforementioned four main protection functions and DLL Injection
Protection. Each function has a switch that can be turned on or off.

Industrial-Grade Next-Generation Antivirus

This function mainly provides real-time NGAV protection. StellarProtect
integrates ICS application system recognition technology, which can greatly
reduce the occurrence of false alarms.
The user can click the switch to turn the function on or off.

4-10
 Using the Agent Console

USB Vector Control

This function mainly provides identification and protection from external
USB storage devices. Use the USB device's Vendor ID (VID), Product ID (PID)
and Serial Number (SN) to determine whether the device is a trusted USB
storage device.
At present, in addition to adding or deleting the trusted device list from
StellarOne, when an unauthorized device is inserted for the first time the
user will be prompted to enter the administrator password. This is set up as a
single authorization to increase user convenience.
USB Vector Control has a one-time allow function to approve USB storage
access after administrator authentication.
Users can click the switch to turn on or off the function.

ICS Application SafeGuard

This function supports StellarProtect by identifying ICS application
technology and providing protection that is consistent with ICS application
system updates.
After enabling "Protect files and folders from unauthorized changes",
StellarProtect will monitor and protect the files and folders defined by the
user on StellarOne.
After enabling "Protect ICS Applications", ICS application executable files will
be protected automatically without user definitions.

Administrators can use StellarOne to set related exception files, registry

entries, or directories.

4-11
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Operations Behavior Anomaly Detection

This function mainly allows StellarProtect to monitor specific high-risk

applications, including wscript.exe, cscript.exe, mshta.exe,
powershell.exe and psexec.exe, to stop legitimate programs from being
misused. Users can add other monitoring processes on the StellarOne web
console.

This function has four modes, including:

• Learning Mode

After activating this function, StellarProtect will monitor unrecognized

program calls and add them to the approved list to learn more about ICS-
related program call behaviors.

• Detection Mode

After activating this function, StellarProtect will monitor unrecognized

program calls and log them for future analysis.

• Prevention Mode

4-12
 Using the Agent Console

After activating this function, StellarProtect will monitor unrecognized

program calls and block them to secure the endpoint.

• Disabled Mode

When Operations Behavior Anomaly Detection is set to Disable,

protection is turned off.

The Operations Behavior Anomaly Detection function additionally has

an Aggressive Mode, and can activate protection through process
parameter recognition.

Users can check the process and parameters under monitoring.

DLL Injection Prevention

This feature specifically prevents DLL injection-based attacks.

4-13
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Note
DLL injection can only be enabled in 32-bit Windows OSes.

About

This includes StellarProtect product information, version and build number,

as well as third-party license information.

Proxy

StellarProtect use a proxy for both communication with StellarOne and scan
component updates.

It is configurable using Setup.yaml before installation and the command

line interface afterwards.

• For more information about configuring the proxy before installation

using Setup.yaml, please see Configuring Silent Installation on page 2-18.

4-14
 Using the Agent Console

• For more information about configuring the proxy after configuration

via the command line interface, please see List of All Commands on page
5-4.

4-15
 Chapter 5

Using the Agent Command Line Interface

(CLI)
This chapter describes how to configure and use TXOne StellarProtect using
the command line interface (CLI).
Topics in this chapter include:
• Using OPCmd at the Command Line Interface (CLI) on page 5-2
• List of All Commands on page 5-4

5-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Using OPCmd at the Command Line Interface (CLI)

Administrators can work with TXOne StellarProtect directly from the
command line interface (CLI) using the OPCmd.exe program.

Procedure
1. Open a command prompt window with Windows administrator
privileges.
2. Navigate to the TXOne StellarProtect installation folder using the cd
command.
For example, type the following command to reach the default location:
cd /d "c:\Program Files\TXOne\StellarProtect\"

3. Type OPCmd.exe.

Overview
The CLI provides a POSIX-style command line interface. The general usage is
as follows:
C:> opcmd.exe [global-options] [command [options]]

The global-options are options that affect all commands, and must come
before the command. A command consists of one or more words, followed
by any options that are specific to that command. If an option requires an
argument, you may specify the argument in one of the following syntaxes:
Options
--option=<argument>

Separate long option and argument with an equal sign.

-o<argument>

Argument follows the option character immediately.

5-2
 Using the Agent Command Line Interface (CLI)

-o <argument>

If the argument is not optional, you may also separate the option and
argument with a space.

Important
All options are optional, including global options and command-specific
options. In the commands below, if it says an argument is required, it means
the argument is required when that option is used.

For the short forms of options, multiple option characters can be combined
in one word as long as the option with argument comes last. For example,
the following commands are equivalent:
• opcmd.exe foo -a -b 15 -c

• opcmd.exe foo -ac -b15

• opcmd.exe foo -cab 15

• opcmd.exe foo -acb15

Global Options
• Global Option: -h, --help
Description: When used alone, shows a brief summary of how to use the
CLI. When used with a command, shows help text for that command.
Argument: No
• Global Option: -p, --password [<password>]
Description: Specifies the administrator password for executing
protected commands. The -p option is mandatory for protected
commands. If you don't provide an administrator password with this
option on protected commands, the CLI asks for a password before
executing the command and may not execute command if the password
is incorrect. If you need to run protected commands from a batch file,
provide your password with -p and make the batch file readable only to
authorized users.

5-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Note
To prevent your administrator password from leaking accidently, use -p
without argument to avoid the shell (cmd.exe) from recording your
password in the command history.

Argument: Optional. Password in plaintext.

• Global Option: -v, --version

Description: Show CLI program version.

Argument: No

List of All Commands

Command Description Options

opcmd.exe about You can browse versions of None

components components from the GUI
program, or you can get the
list in YAML format with this
command.

opcmd.exe -p appinv The StellarProtect service will None

make re-detect installed ICS
applications when your
schedued change window
ends. You can also use this
command to perform the
detection manually at any
time.

opcmd.exe appinv list You can browse the list of None

detected ICS applications
from the GUI program oy use
this command to get the list
in YAML format.

5-4
 Using the Agent Command Line Interface (CLI)

Command Description Options

opcmd.exe -p config Decrypt an encrypted -i, --input INPUT-

decrypt [-i INPUT-FILE] configuration file, output FILE : Required argument.
[-o OUTPUT-FILE] decrypted plaintext. Specifies the filename of an
input file. If omitted, will read
Please note that the data from standard input.
security of this command is
designed for the protection of -o, --output OUTPUT-
configuration files. Do not FILE: Required argument.
rely on this command to Specifies filename of output
protect personal privacy data. file. If omitted, write to
standard output.

opcmd.exe -p config Encrypt a plaintext -i, --input INPUT-FILE:

encrypt [-i INPUT-FILE] configuration file, output Required argument. Specifies
[-o OUTPUT-FILE] encrypted ciphertext. the filename of input file. If
filename is omitted, will read
Please note the data security from standard input.
of this command is designed
for protection of -o, --output OUTPUT-
configuration files. Do not FILE : Required argument.
rely on this command to Specifies filename of output
protect any personal privacy file. If omitted, will write to
data. standard output.

opcmd.exe -p config Exports product configuration None

export OUTPUT-FOLDER settings to the specified
folder.

opcmd.exe -p config Imports product -n, --no_ptn Do not import

import INPUT-FOLDER configuration settings from pattern files
the specified folder.

opcmd.exe -p dip Disables the DLL None

disable Injection Prevention
function.

opcmd.exe -p dip enable Enables the DLL Injection None

Prevention function.

opcmd.exe -p lock Disables ICS Application None

appinv disable Inventory protection.

5-5
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Command Description Options

opcmd.exe -p lock Enables ICS Application None

appinv disable Inventory protection.

opcmd.exe -p lock Disables ICS application -d, --duration

disable [-d DURATION] safeguard to allow file DURATION: Required
[-s START-TIME] changes on protected files. argument. Specifies the
You can also specify a duration of a change window.
duration and start-time to ICS application safeguard is
schedule a Change Window re-enabled after the change
that allows file changes and window duration has
enable protection elapsed. Duration is specified
automatically. in hours, minutes, or both.
(ex. -d 30m, -d 2h, -d
If -d is not specified, ICS 2h30m)
application safeguard will be
disabled until it is manually -s, --start START-TIME:
enabled. If -s is not specified, Required argument. Specifies
the ICS application safeguard starting time of a change
is disabled immediately. Only window. The START-TIME is
one change window can be in ISO8601 format without
scheduled at a time, and new time zone. (ex. -s
settings from the CLI or policy 2021-04-14T18:00:00)
settings will always overwrite
previous settings.

opcmd.exe -p lock Enables ICS application None

enable safeguard to prevent file
changes on protected files. If
ICS application safeguard is
disabled by a scheduled
Change Window, this
command ends the Change
Window immediately.

opcmd.exe -p oad Disables Operations Behavior None

disable Anomaly Detection.

5-6
 Using the Agent Command Line Interface (CLI)

Command Description Options

opcmd.exe -p oad enable Enables Operations Behavior -m, --mode MODE: Required
-m MODE [-l LEVEL] Anomaly Detection. argument. Enables
Operations Behavior Anomaly
Detection into a specific
mode (learning,
detection, prevention).

-l, --level LEVEL

Required argument. Sets the
scan to be normal or
aggressive.

opcmd.exe -p oad info Shows information about None

Operations Behavior
Anomaly Detection.

opcmd.exe -p oad remove Removes approved -i, --id ID: Required

-i ID operations from Operations argument. Integer operation
Behavior Anomaly Detection. ID.

opcmd.exe password Allows administrator to None

change the administrator
password from command
line. You are required to enter
the old password before
setting a new password.

opcmd.exe -p proxy get Shows proxy server settings. None

5-7
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Command Description Options

opcmd.exe -p proxy set Sets proxy server settings. -h, --host HOST Required
[-h HOST -p PORT [-u argument. Specifies the
USERNAME] [-P
To disable proxy use, use this FQDN, hostname, or IP
PASSWORD]] command without any address of the proxy server.
options.
-p, --port PORT: Required
argument. Specifies the port
number of the proxy server.
-u, --username
USERNAME: Required
argument. Specifies the
username for proxy server
authentication.
-P, --password PASSWORD
Required argument. Specifies
the password for proxy server
authentication.

opcmd.exe -p scan-task Schedules a recurring scan -s, --start START-TIME:

-s START-TIME --daily task at specified start time. Required argument. Specifies
--weekly --monthly starting time of a scheduled
scan. The START-TIME is in
ISO8601 format without time
zone. (ex. -s
2021-04-14T18:00:00)

--daily: Sets the scheduled

scan to run daily.
--weekly: Sets the
scheduled scan to run
weekly.
--monthly: Sets the
scheduled scan to run
monthly.

5-8
 Using the Agent Command Line Interface (CLI)

Command Description Options

opcmd.exe -p service After installation, the None

start StellarProtect service will
automatically start when your
system is powered on. If your
StellarProtect service was
stopped for some reason, you
can use this command to
start the StellarProtect
service manually.

opcmd.exe -p service This stops StellarProtect None

stop service until the system is
powered off. If you need to
stop StellarProtect service,
you can use this command to
stop StellarProtect service
manually.

opcmd.exe update [-s Updates product -s, --source: Required

SOURCE] components. argument. URL Specifies the
update source URL, ex: -s
http://
tmut.contoso.com/
iau_server

opcmd.exe -p update Stops the currently running None

stop update.

opcmd.exe -p usb add [- Adds a trusted USB device. -v, --vid VID: Required
v VID -p PID -s SN] [- argument. Specifies Vendor
o] ID by hexadecimal string.
-p, --pid PID: Required
argument. Specifies Product
ID by hexadecimal string.
-s --sn SN: Required
argument. Specifies serial
number.
-o, --onetime: Grants one
time access to a USB device.

5-9
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Command Description Options

opcmd.exe -p usb enable Enables USB Vector Control. None

opcmd.exe -p usb Disables USB Vector Control. None

disable

opcmd.exe -p usb info - Show USB information of the -d, --drive DRIVE:
d DRIVE specified drive. Required argument. Specifies
the drive path (ex. E:).

opcmd.exe -p usb list Lists trusted USB devices. None

opcmd.exe -p usb remove Removes a trusted USB -v, --vid VID: Required
[-v VID -p PID -s SN] device. argument. Specifies Vendor
ID by hexadecimal string.
-p, --pid PID: Required
argument. Specifies Product
ID by hexadecimal string.
-s --sn SN: Required
argument. Specifies serial
number.

opcmd.exe -p usb status Shows USB Vector Control None

status.

opcmd.exe -p quarantine Shows the list of quarantined None

show files.

opcmd.exe -p quarantine Restores the specified None

restore [QUARANTINE- quarantined file.
NAME]

5-10
 Chapter 6

Events
This chapter describes events as they will be recorded within the TXOne
StellarProtect Agent.
Topics in this chapter include:
• Overview of StellarProtect Events on page 6-2
• Agent Event List on page 6-2

6-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Overview of StellarProtect Events

The StellarProtect agent logs events within three classifications.
• Level 0: Information logs important tasks.
• Level 1: Warning logs incidents.
• Level 2: Critical logs when critical functions turn on or off.

Agent Event List

Event
Event ID Level Category Event Details
Content

0x0100 Information (0) system (1) Service started

0x1100 Warning (1) system (1) Service stopped

0x0101 Information (0) system (1) Policy applied

successfully
(Version:
%version%)

0x1101 Warning (1) system (1) Unable to apply

policy (Version:
%version%)

0x0201 Information (0) intelli_av (2) ICS Inventory

List Update
Succeeded

0x0202 Information (0) intelli_av (2) Real Time Scan

Enabled

0x2202 Critical (2) intelli_av (2) Real Time Scan

Disabled

6-2
 Events

Event
Event ID Level Category Event Details
Content

0x1207 Warning (1) intelli_av (2) Application Application

Execution execution was
Blocked By blocked by
Antivirus: antivirus.
%PATH%
Target Process:
%PATH%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%

0x1209 Warning (1) intelli_av (2) Application Application

Execution execution was
Blocked By Next- blocked by next-
Generation generation
Antivirus: antivirus.
%PATH%
Target Process:
%PATH%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%

6-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Event
Event ID Level Category Event Details
Content

0x1201 Warning (1) intelli_av (2) Incoming Files Incoming files

Scanned, Action were scanned by
Taken by antivirus. Action
Antivirus: were taken
%PATH% according to
settings.
File Path: %PATH
%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%
Action Result:
%INTEGER%
Quarantine Path:
%PATH%

6-4
 Events

Event
Event ID Level Category Event Details
Content

0x1202 Warning (1) intelli_av (2) Incoming Files Incoming files

Scanned, Action were scanned by
Taken by Next- next-generation
Generation antivirus.
Antivirus: Actions were
%PATH% taken according
to settings.
File Path: %PATH
%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%
Action Result:
%INTEGER%
Quarantine Path:
%PATH%

6-5
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Event
Event ID Level Category Event Details
Content

0x1203 Warning (1) intelli_av (2) Local Files Local files were
Scanned, Action scanned by
Taken by antivirus.
Antivirus: Actions were
%PATH% taken according
to settings.
File Path: %PATH
%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%
Action Result:
%INTEGER%
Quarantine Path:
%PATH%

6-6
 Events

Event
Event ID Level Category Event Details
Content

0x1204 Warning (1) intelli_av (2) Local Files Local files were
Scanned, Action scanned by next-
Taken by Next- generation
Generation antivirus.
Antivirus: Actions were
%PATH% taken according
to settings.
File Path: %PATH
%
File Hash:
%STRING%
Threat Type:
%STRING%
Threat Name:
%STRING%
Action Result:
%INTEGER%
Quarantine Path:
%PATH%

0x1205 Warning (1) intelli_av (2) Suspicious Suspicious

Program program
Execution execution was
Blocked: %PATH blocked.
%
File Path: %PATH
%
File Hash:
%STRING%

0x0300 Information (0) anomaly_detect Operations Mode: %Mode%

(3) Behavior
Anomaly Level: %Level%
Detection
Enabled

6-7
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Event
Event ID Level Category Event Details
Content

0x1300 Warning (1) anomaly_detect Operations

(3) Behavior
Anomaly
Detection
Disabled

0x0301 Information (0) anomaly_detect Added Access User:

(3) Operations %USERNAME%
Behavior
Anomaly Id:%ID%
Detection Target Process:
Approved %PATH%
Operation %ARGUMENT%
Parent Process
1: %PATH%
%ARGUMENT%
Parent Process
2: %PATH%
%ARGUMENT%
Parent Process
3: %PATH%
%ARGUMENT%
Parent Process
4: %PATH%
%ARGUMENT%

6-8
 Events

Event
Event ID Level Category Event Details
Content

0x0302 Information (0) anomaly_detect Removed Id:%ID%

(3) Operations
Behavior Target Process:
Anomaly %PATH%
Detection %ARGUMENT%
Approved Parent Process
Operation 1: %PATH%
%ARGUMENT%
Parent Process
2: %PATH%
%ARGUMENT%
Parent Process
3: %PATH%
%ARGUMENT%
Parent Process
4: %PATH%
%ARGUMENT%

0x1301 Warning (1) anomaly_detect Process Allowed Access User:

(3) by Operations %USERNAME%
Behavior
Anomaly Parent Process
Detection: 1: %PATH%
%PATH% %ARGUMENT%
%ARGUMENT% Parent Process
2: %PATH%
%ARGUMENT%
Parent Process
3: %PATH%
%ARGUMENT%
Parent Process
4: %PATH%
%ARGUMENT%
Mode: Detection

6-9
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Event
Event ID Level Category Event Details
Content

0x1302 Warning (1) anomaly_detect Process Blocked Access User:

(3) by Operations %USERNAME%
Behavior
Anomaly Parent Process
Detection: 1: %PATH%
%PATH% %ARGUMENT%
%ARGUMENT% Parent Process
2: %PATH%
%ARGUMENT%
Parent Process
3: %PATH%
%ARGUMENT%
Parent Process
4: %PATH%
%ARGUMENT%
Mode:
Protection

0x2400 Critical (2) change_control Change Window

(4) Start

0x2401 Critical (2) change_control Change Window

(4) End

0x1400 Warning (1) change_control ICS File Change ICS File change
(4) Blocked by to executable
SafeGuard: file were blocked
%PATH% by SafeGuard.
Blocked Process:
%PATH%
Target File:
%PATH%

0x0500 Information (0) device_control USB Vector

(5) Control Enabled

0x1500 Warning (1) device_control USB Vector

(5) Control Disabled

6-10
 Events

Event
Event ID Level Category Event Details
Content

0x0501 Information (0) device_control Trusted USB Vendor ID: %HEX

(5) Device Added %
Product ID:
%HEX%
Serial Number:
%STRING%
Type:
permanent or
onetime

0x0502 Information (0) device_control Trusted USB Vendor ID: %HEX

(5) Device Removed %
Product ID:
%HEX%
Serial Number:
%STRING%

0x1501 Warning (1) device_control USB Access Access Image

(5) Blocked: %PATH Path: %PATH%
%
Access User:
%USERNAME%
Vendor ID: %HEX
%
Product ID:
%HEX%
Serial Number:
%STRING%

6-11
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Event
Event ID Level Category Event Details
Content

0x1102 Warning (1) system (1) Unable to Unable to

update file: update file.
%dst_path%
Source Path:
%src_path%
Destination
Path: %dst_path
%
Error Code:
%err_code%

0x0102 Information (0) system (1) Patch applied. Patch applied.

File Name:
%file_name% File Name:
%file_name%

0x1103 Warning (1) system (1) Unable to apply Unable to apply

patch. File patch.
Name:
%file_name% File Name:
%file_name%
Error Code:
%err_code%

6-12
 Chapter 7

Technical Support
TXOne Networks is a joint venture of Trend Micro and Moxa, and support for
TXOne Networks products is provided by Trend Micro. All technical support
goes through Trend Micro engineers.
Learn about the following topics:
• Troubleshooting Resources on page 7-2
• Contacting Trend Micro on page 7-3
• Sending Suspicious Content to Trend Micro on page 7-4
• Other Resources on page 7-5

7-1
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

Troubleshooting Resources
Before contacting technical support, consider visiting the following Trend
Micro online resources.

Using the Support Portal

The Trend Micro Support Portal is a 24x7 online resource that contains the
most up-to-date information about both common and unusual problems.

Procedure
1. Go to https://success.trendmicro.com.
2. Select from the available products or click the appropriate button to
search for solutions.
3. Use the Search Support box to search for available solutions.
4. If no solution is found, click Contact Support and select the type of
support needed.

Tip
To submit a support case online, visit the following URL:
https://success.trendmicro.com/sign-in

A Trend Micro support engineer investigates the case and responds in 24

hours or less.

Threat Encyclopedia
Most malware today consists of blended threats, which combine two or more
technologies, to bypass computer security protocols. Trend Micro combats
this complex malware with products that create a custom defense strategy.

7-2
 Technical Support

The Threat Encyclopedia provides a comprehensive list of names and

symptoms for various blended threats, including known malware, spam,
malicious URLs, and known vulnerabilities.

Go to https://www.trendmicro.com/vinfo/us/threat-encyclopedia/#malware
to learn more about:

• Malware and malicious mobile code currently active or "in the wild"

• Correlated threat information pages to form a complete web attack story

• Internet threat advisories about targeted attacks and security threats

• Web attack and online trend information

• Weekly malware reports

Contacting Trend Micro

In the United States, Trend Micro representatives are available by phone or
email:

Address Trend Micro, Incorporated

225 E. John Carpenter Freeway, Suite 1500
Irving, Texas 75062 U.S.A.

Phone Phone: +1 (817) 569-8900

Toll-free: (888) 762-8736

Website https://www.trendmicro.com

Email address support@trendmicro.com

• Worldwide support offices:

https://www.trendmicro.com/us/about-us/contact/index.html

• Trend Micro product documentation:

7-3
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

https://docs.trendmicro.com

Speeding Up the Support Call

To improve problem resolution, have the following information available:
• Steps to reproduce the problem
• Appliance or network information
• Computer brand, model, and any additional connected hardware or
devices
• Amount of memory and free hard disk space
• Operating system and service pack version
• Version of the installed agent
• Serial number or Activation Code
• Detailed description of install environment
• Exact text of any error message received

Sending Suspicious Content to Trend Micro

Several options are available for sending suspicious content to Trend Micro
for further analysis.

Email Reputation Services

Query the reputation of a specific IP address and nominate a message
transfer agent for inclusion in the global approved list:
https://www.ers.trendmicro.com/
Refer to the following Knowledge Base entry to send message samples to
Trend Micro:

7-4
 Technical Support

https://success.trendmicro.com/solution/1112106

File Reputation Services

Gather system information and submit suspicious file content to Trend
Micro:
https://success.trendmicro.com/solution/1059565
Record the case number for tracking purposes.

Web Reputation Services

Query the safety rating and content type of a URL suspected of being a
phishing site, or other so-called "disease vector" (the intentional source of
Internet threats such as spyware and malware):
https://global.sitesafety.trendmicro.com/
If the assigned rating is incorrect, send a re-classification request to Trend
Micro.

Other Resources
In addition to solutions and support, there are many other helpful resources
available online to stay up to date, learn about innovations, and be aware of
the latest security trends.

Download Center
From time to time, Trend Micro may release a patch for a reported known
issue or an upgrade that applies to a specific product or service. To find out
whether any patches are available, go to:
https://www.trendmicro.com/download/

7-5
TXOne Networks StellarProtect™ 1.1 Installation and Administrator's Guide

If a patch has not been applied (patches are dated), open the Readme file to
determine whether it is relevant to your environment. The Readme file also
contains installation instructions.

Documentation Feedback
Trend Micro always seeks to improve its documentation. If you have
questions, comments, or suggestions about this or any Trend Micro
document, please go to the following site:
https://docs.trendmicro.com/en-us/survey.aspx

7-6
Index
A
agents
features and benefits, 1-3
system requirements, 2-2
D
documentation, v
documentation feedback, 7-6
E
events, 6-2
L
local installation, 2-1, 2-4
O
OPCmd Program
using, 5-2
R
requirements, 2-2
S
silent installation, 2-1, 2-18
StellarEnforce, 1-2
StellarOne, 1-2
StellarProtect, 1-2
Stellar series, 1-2
support
resolve issues faster, 7-4
system requirements, 2-2
U
uninstallation, 3-1
upgrade, 2-26

IN-1