References > Template Reference > Trend Micro > Trend Micro Server Protect (Windows)

Trend Micro Server Protect (Windows)

This template assesses the status and overall performance of Trend Micro Server Protect for Windows. You should assign this template on all Normal servers which you want to monitor. This template uses the Windows System Event Log, Windows Service, TCP Port, and PowerShell monitors.

Prerequisites

Before using this template you should open the Trend Micro Server Protect Management Console and create or reconfigure the STATISTIC task on the target Normal server. The STATISTIC task (Run Statistics) should be created as a scheduled task with Hourly frequency. The All Dates time range should be enabled as well as the Export Statistic to CSV file option. The task owner should be Admin and this task should be created as the default task.

WinRM should be properly configured on the target server.

Credentials

Windows administrator on target server.

Monitored Components

For details on monitors, see SAM Component Monitor Types.

Service: Trend Server Protect

This monitor returns CPU and memory usage of Trend Server Protect service.

Trend Server Protect TCP Port

This component monitor tests the ability of a Trend Server Protect service to accept incoming sessions. By default it monitors TCP port 5168.

Events: Update Failure

This monitor returns the number of events that occur when there is:

  • A pattern update failure;
  • An engine update failure;
  • A program update failure;
  • An encyclopedia update failure.

Type of event: Error. Event ID: 3, 5, 7, 9.

Check Event Viewer for more details.

Events: Start Scan Failure

This monitor returns the number of events when the following occurs:

  • An error: starting a real-time scan;
  • An error: starting a manual scan;
  • An error: staring a scheduled scan.

Type of event: Error. Event ID: 11, 14, 17.

Check Event Viewer for more details.

Events: Virus Pattern is Out of Date

This monitor returns the number of virus pattern is out of date events.

Type of event: Error. Event ID: 52.

Check Event Viewer for more details.

Events: Virus Found

This monitor returns the number of events that occur when:

  • A virus is found;
  • Virus found during a real-time scan;
  • Virus found during a manual scan;
  • Virus found during a scheduled scan.

Type of event: Error. Event ID: 1, 101, 102, 103.

Check Event Viewer for more details.

Events: Configuration Errors

This monitor returns the number of events when the following occurs:

  • An error: setting configuration data for real time scanning;
  • An error: performing a scan-now task;
  • An error: performing a pattern update task;
  • An error: purging logs by a task;
  • An error: exporting logs by a task;
  • An error: printing logs by a task;
  • An error: running statistics by a task.

Type of event: Error. Event ID: 304, 306, 308, 310, 312, 314, 316.

Check Event Viewer for more details.

Events: Exception Occurred

This monitor returns the number of events that occur when:

  • An exception has occurred in "module name;"
  • An exception has occurred in TmRpcSrv;
  • An error: starting a RPC server.

Type of event: Error. Event ID: 201, 202, 203.

Check Event Viewer for more details.

Client Statistics

This monitor returns Normal Server statistics from an exported CSV file. Returned values are as follows:

  • Infected Users – This component returns the number of network users who were detected handling infected files.
  • Infected Files – This component returns the number of infected files detected by ServerProtect.
  • Non Cleanable Viruses – This component returns the number of viruses detected on the network that could not be cleaned.
  • Non Cleanable Files – This component returns the number of infected files that could not be cleaned of their virus code.

This monitor uses the following arguments:
path_to_CSV_stat_file
where
path_to_CSV_stat_file – Full path to exported statistic CSV file.

Example:
C:\Program Files\Trend\SProtect\Statistc.CSV