Presentation is loading. Please wait.

Presentation is loading. Please wait.

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

Similar presentations

Presentation on theme: "InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)"— Presentation transcript:

1 InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)

2 InterScan AppletTrap Trend Micro InterScan AppletTrap is a policy-based, centrally-managed enterprise solution at the Internet gateway that monitors the behavior of malicious applets, ActiveX, JavaScript and VBScript. Wheres AppletTrap

3 InterScan AppletTrap SurfinShield: Client solution. Replace Java library in browsers administration issue(deploy, upgrade) SurfinGate: Server Solution. Static parsing at server. Heavy load on server The competitors

4 InterScan AppletTrap Distribute work between client and server evenly Balance between runtime monitoring and static scanning Low administration cost Support resign for Jar file AppletTrap

5 InterScan AppletTrap How AppletTrap works?

6 InterScan AppletTrap AppletTrap Proxy AppletTrap stands as a HTTP proxy and not require any client-side modification Implemented Cache Support Http, Https and Ftp

7 InterScan AppletTrap Jar File Controls Check the block list firstly Check the certification Do instrument Repack the Jar file Resign with imported sign key

8 InterScan AppletTrap Class File Controls Check the block list firstly Do instrument

9 InterScan AppletTrap Instrument Alter java code sequence during downloading Server: static scan java code to find insecure function Server: insert monitoring instruction before and after insecure function Client: run original code and monitoring code Client: send report back if malicious code found

10 InterScan AppletTrap Certification checks Check the integrality of certification to prove that the certification not be modified Check whether the CP are trusted with our CP list Check the integrality of software with the public key of CP

11 InterScan AppletTrap Certification A certificate is a set of data that identifies an entity. The data in a certificate includes the public cryptographic key. A certification include CP and CA

12 InterScan AppletTrap CA & CP The trusted organization that issues the certificate is a Certification Authority (CA) and is known as the certificate's issuer. CP is some one who publish the software, as well as the certificate, and we can verify the authenticity of that CP by verifying the digital signature and the certificate

13 InterScan AppletTrap Re-Sign Break the integrity of digitally signed Applets Re-sign by specified signer Client: only accept specified signer

14 InterScan AppletTrap ActiveX Signature Scanning AppletTrap can check the certification and block unsafe PE (Portable Executable) formats (for example,.exe,.ocx etc.) and cabinet (.cab) files with hash list.

15 InterScan AppletTrap HTML Script Filtering AppletTrap just gets out all the script from the html file. AppletTrap only filter scripts from Hypertext Markup Language file and will not do script filter for a normal script file.

16 InterScan AppletTrap URL Blocking AppletTrap provides the ability to forbid all the clients access the given URLs Administrator can add a remote folder and set recursive to forbid access all the files and all subfolders in it.

17 InterScan AppletTrap TVCS compatible InterScan AppletTrap comes fully compatible with the Trend Virus Control System TVCS registration supports through a proxy and supports

18 InterScan AppletTrap Update Block Lists Upload all blocked java,URL and ActiveX to server and download trend identified block list

19 InterScan AppletTrap Configure Controls Support remote configure InterScan AppletTrap comes with a web-based administrator console for central management on the network.

20 InterScan AppletTrap Q & A

21 InterScan AppletTrap Known issues #1 UTF8 name file can't exact correctly and report error in server log

22 InterScan AppletTrap Known issues #2 If cached file quantity is large and shut down the PC abnormal, restart the applettrap service will take long time.

23 InterScan AppletTrap Known issues #3 Can t access some website chat room or forum with Applettrap. For example, chat rooms in

24 InterScan AppletTrap Known issues #4 We only support digital ID which is for Netscape Object signing purpose and can export to.p12 format by Netscape browser.Digital ID from Verisign is recommended.

25 InterScan AppletTrap Known issues #5 If the disk space is near to full, the all ActiveX can pass through, AppletTrap cant block it.

26 InterScan AppletTrap Known issues #6 If update licensed version 2.0 to Version 2.5, it is still trial run version, user must input the license key again

Download ppt "InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)"

Similar presentations

Ads by Google