- 10 Dec 2024
- 14 Minutes to read
- Print
FAQs - Endpoint Protection
- Updated on 10 Dec 2024
- 14 Minutes to read
- Print
Product FAQs for TXOne Endpoint Protection Solutions: Stellar Series
This document collects and answers the most commonly asked questions about TXOne Endpoint Protection Solutions - Stellar Series. This series includes StellarOne, StellarProtect (Legacy Mode), and StellarProtect. Possible categories include but are not limited to Configuration, Deployment, Installation/Uninstall, Upgrade, Migration, Specification, License, etc.
License
Trend AC | TXOne License Key | TXOne License File | ||
---|---|---|---|---|
StellarOne with Internet | Yes | Yes | Yes | |
StellarOne without Internet | Yes | No | Yes | |
StellarOne Trend Renewed AC | Internet | Yes | - | - |
No internet | No | - | - | |
StellarOne TXOne Renewed LK | Internet | - | Yes | Yes |
No internet | - | No | Yes | |
Standalone Agent New License | Internet | Yes | No | Yes |
No internet | Yes | No | Yes | |
Standalone Agent Renewed License | Internet | No | No | Yes |
No internet | No | No | Yes |
Q. How to distinguish between the Trend Micro Activation Code (AC) Key and the TXOne License Key(LK)?
• The format of Trend Micro Activation Code (AC), 37 characters: TE-24RF-Q9UN9-S9QQN-XXXXX-XXXXX-XXXXX
• The format of TXOne License Key, 19 characters: FIJN-HPYB-XXXX-XXXX
• Trend Micro RK (Registration Key): TE-XXXX-XXXX-XXXX-XXXX (RK cannot be used as the
License Key)
Q. Is it possible to activate a new Trial License on top of an already activated Trial License for Stellar?
• For a trial Activation Code (AC) , it is not possible to activate an additional trial license while another trial AC is active. To proceed, you have two options: either redeploy a new StellarOne and utilize your new Trial License or alternatively continue with the existing StellarOne but fully activate it by using a Paid/Full License.
• For a trial License Key (LK) / License File (LF) , however, it is permissible to activate an additional LK trial license on top of an existing one.
Change to TXOne Trial LK/LF | Change to TXOne Full LK/LF | Change to Trend Trial AC | Change to Trend Full AC | |
---|---|---|---|---|
Start from TXOne Trial LK/LF | Supported *1 | Supported | Not Supported | Supported |
Start from TXOne Full LK/LF | Not Supported | Supported | Not Supported | Not Supported |
Start from Trend Trial AC | Supported | Supported | Not Supported | Supported |
Start from Trend Full AC | Not Supported | Supported | Not Supported | Supported |
*1 : Applicable from Stellar version 3.1 Patch1 or later
Q. How does the license behave upon expiration?
• Essentially, all protective functions will be deactivated and rendered inaccessible.
Q. The TXOne Stellar OEM edition includes five years of standard support. What happens afterward, particularly if a critical patch is issued in the sixth year?
• The TXOne Stellar OEM Edition will extend standard support up to a 60 month/5-year duration, allowing customers to apply patches during this license period.
• Beyond the initial 5 years, the product will remain functional, but product support will no longer be available, therefore no patches in the sixth year can be applied.
Q. When devices are in air-gapped environments, how can StellarOne or standalone Stellar agents’ licenses be renewed?
Trend Micro Activation Code: It is necessary to apply a new Activation Code. StellarOne or Stellar agents will check the information from the new Activation Code to carry out the activation.
TXOne License File: It is necessary to download a new License File using the existing License Key after the license is renewed.
Standalone agents cannot use a renewed Activation Code or a renewed TXOne License Key; they can only work with a new Activation Code or TXOne License File.
Q. How to proceed if customers have issues with a renewed key?
• A TXOne license key MUST have access to the Internet to check with the license server. If there is no Internet access, please download License File to import for StellarOne.
• StellarOne needs the Internet access to get extended information of a renewed Trend Activation Code and then deploy the extended information to its managed agents. After StellarOne gets a valid license, it can deploy it to all managed agents with policy sync.
• If no Internet access is available, please request a new AC (not an expired or extended AC).
Q. When can I activate a license offline?
• Trend Micro Activation Code can be used for offline activation ONLY when its initial expiration date has NOT passed; otherwise, a new AC is required.
• TXOne License Key CANNOT be used for offline activation. (Please choose “License File” to activate the TXOne license when StellarOne doesn’t have an internet connection.)
Q. Encountered an issue generating the License File?
Only a TXOne License Key can provide the License File.
License Issued By | Trend Micro | Txone | ||
---|---|---|---|---|
License Type | Activation Code | License File | License Key | License File |
Usage | Online/Offline Activation | N/A | Online Activation Only | Mainly for Offline Activation |
Q. Can a TrendMicro License be replaced with a TXOne License?
• Stellar 3.1 (With 3.1 SP/SPLM Agents) or later versions can switch licenses from the Trend Activation Code to the TXOne License Key.
• For Stellar V3.0 or earlier versions, the TXOne License Key cannot replace the TrendMicro License if the license had already been activated, and vice versa.
Installation
1. Is Stellar compatible with other security solutions?
- Stellar agents cannot be installed on an endpoint with the following Trend Micro Solutions:
o Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Titanium, or other Trend Micro endpoint solutions. - Moreover, Stellar agents may encounter issues in installation, performance and functionality when installed on an endpoint with a 3rd party security solution already installed, such as:
o Windows Defender
o Other 3rd party security solutions
2. What would happen if the number of installed agents were to exceed the license seat count number?
The new installation would still work. However, since the number of installed agents is higher than the license seat count number, the latest installed agents will be listed under 'Inactive Agents' and will not have the security policy applied to them.
3. What operating systems do StellarProtect agents support?
Client OS:
o Windows 2000 (SP4) [Professional] (32bit)
o Windows XP (SP1/SP2/SP3) [Professional/Professional for Embedded Systems] (32bit)
o Windows Vista (NoSP/SP1/SP2) [Business/Enterprise/Ultimate] (32bit)
o Windows 7 (NoSP/SP1) [Professional/Enterprise/Ultimate/Professional for Embedded Systems/Ultimate for Embedded Systems] (32/64bit)
o Windows 8 (NoSP) [Pro/Enterprise] (32/64bit)
o Windows 8.1 (NoSP) [Pro/Enterprise/with Bing] (32/64bit)
o Windows 10 [Pro/Enterprise/IoT Enterprise] (32/64bit), LTSC 2015, Anniversary Update, LTSC 2016, Creators Update, Fall Creators Update, April 2018 Update, October 2018 Update*, LTSC 2019, May 2019 Update, November 2019 Update, May 2020 Update, October 2020 Update, May 2021 Update, November 2021 Update, LTSC 2021, 2022 Update
o Windows 11 (NoSP) [Pro/Enterprise] (64bit) 2022 Update
o Windows Embedded POSReady 2009 (32bit)
o Windows Embedded Standard 7 (NoSP/SP1) (32/64bit)
o Windows Embedded POSReady 7 (NoSP) (32/64bit)
o Windows Embedded 8 Standard (NoSP) (32/64bit)
o Windows Embedded 8 Industry (NoSP) [Pro/Enterprise] (32/64bit)
o Windows Embedded 8.1 Industry (NoSP) [Pro/Enterprise/Sideloading] (32/64bit)Server OS:
o Windows Server 2000 (SP4) (32bit)
o Windows Server 2003 (SP1/SP2) [Standard/Enterprise/Storage] (32bit)
o Windows Server 2003 R2 (NoSP/SP2) [Standard/Enterprise/Storage] (32bit)
o Windows Server 2008 (SP1/SP2) [Standard/Enterprise/ Storage] (32/64bit)
o Windows Server 2008 R2 (NoSP/SP1) (Standard/Enterprise/Storage] (64bit)
o Windows Server 2012 (NoSP) (Essentials/Standard] (64bit)
o Windows Server 2012 R2 (NoSP) (Essentials/Standard] (64bit)
o Windows Server 2016 (NoSP) [Standard] (64bit)
o Windows Server 2019 (NoSP) [Standard] (64bit)
o Windows Server 2022 (NoSP) [Standard] (64bit)
o Windows Storage Server 2012 (NoSP) [Standard] (64bit)
o Windows Storage Server 2012 R2 (NoSP) [Standard] (64bit)
o Windows Storage Server 2016 (NoSP) (64bit)
Pease check the product installation guide for up-to-date information
4. Can Stellar agents support silent installation/uninstallation without GUI interaction?
Yes, Stellar agents can be installed silently with pre-defined setting files and uninstalled files silently via the corresponding command line.
5. What should I do when Stellar agents fail to install due to incompatible Windows Defender?
- For the client operating systems, please make sure you turn Windows Defender off.
- For server platforms, please go to the server manager and remove the ‘Window Defender Antivirus’ feature and restart.
6. What should I do when StellarProtect agents fail to install due to the .NET framework missing?
Most StellarProtect supported OS has .NET Framework 3.5 installed by default. If you see this error message: “This application requires .NET Framework 3.5 or above. Please install the .NET Framework then run this installer again.”, you may need to reinstall or repair .NET Framework.
7. Can admins pre-select which StellarOne group an agent will be assigned to during installation?
Yes, this feature is supported and implemented in Stellar version 1.2 with the patch released in Q2/2022. Please check the administration guide for details.
Specifications
1. Is StellarProtect (Legacy Mode) capable of detecting malware?
Yes, StellarProtect (Legacy Mode) has an add-on feature to conduct real-time scans, scheduled scans, or on-demand scans on endpoints. This feature comes with licenses with the AV feature.
2. What does Intelligent Runtime Learning mean in the Stellar agent?
Stellar agent has an Application Lockdown feature that stops applications from running if they are not on the Approved List. However, since certain applications dynamically generate DLL files, they run the risk of being blocked, leading to potential operational disruptions. However, with the Stellar agent’s Intelligent Runtime Learning feature, we can prevent the blocking of dynamically generated DLL files by an application on the Approved List.
3. Is there a limit for User Defined Suspicious Object (UDSO) configurations via StellarOne support?
Currently, there is no limit for hashes in UDSO. However, controlling the number of UDSO submissions is recommended to avoid potential performance issues.
4. Can StellarOne serve as the update source for pattern files?
Yes, as of version 1.1, StellarOne can function as an update source for managed Stellar agents.
5. Which vendors are supported by StellarProtect OT Application Safeguard?
- As of this writing, the following vendors are supported: ABB, Autonics, Baker Hughes, BECKHOFF, Bürkert, Codesys, Delta electronics, Druck limited, Emerson, Epson Robots, Fanuc, Fisher controls, Fuji, GE, Idec, Keyence, Hitachi, Honeywell, Lovato Electric, Micromeritics, Mitsubishi, Motorola, National Instruments, Omron, Pactware, Phoenix Contact, Red Lion, Roboticsware, Rockwell, Seiko Epson, Schneider, Siemens, Verif-I, YASKAWA, Yokogawa, Yamaha, Zebra, 3S-Smart Software Solutions GmbH, etc. See the list here: https://www.txone.com/products/ics-applications-support/
- For supported applications, please contact us for details. We are happy to help and offer support for our customers’ applications.
6. Can StellarOne be installed or deployed on Microsoft Hyper-V?
Yes, StellarOne, as of version 1.2, officially supports deployment on Microsoft Hyper-V.
7. Can StellarOne be installed or deployed on Nutanix AHV or RedHat KVM?
No, StellarOne is not officially supported on Nutanix AHV or RedHAT KVM yet.
8. What kind of certificate format is supported for StellarProtect (Legacy Mode) certificate whitelisting?
As for the certificate format, Stellar supports *.pem, *.cer, *.crt formats.
9. I forgot my StellarOne web console master administrator password, what should I do?
Please log on to StellarOne VShell. Please input the command ‘web rest admin’ to reset your StellarOne web console password.
10. I forgot the password for accessing the Stellar agent console, what should I do?
- If Stellar agents are managed by StellarOne, users can modify the agent console password from the policy settings page.
- For standalone agents, it is necessary to reinstall the agent. In that case, please submit a SEG case for more instructions and use the SAR tool to remove agents.
11. Can I deploy StellarProtect or StellarProtect (Legacy Mode) in an air gapped environment?
Absolutely, both StellarProtect and StellarProtect (Legacy Mode) are fully compatible with deployment in an air-gapped environment. For detailed instructions on updating pattern files, please feel free to contact us.
12. What is the sync-up interval between the Stellar agent and StellarOne?
- The sync-up interval by default is 20 minutes.
- Users can change the sync-up interval via policy page.
13. Do we plan to integrate the StellarProtect (Legacy Mode) Lockdown agent and the StellarProtect agent into a unique all-in-1 agent?
- From StellarProtect version 2.1 (Q4/2022), we will be offering an all-in-1 agent that includes both real-time AV scan and lockdown to provide OT users “asset life cycle protection”.
- From Stellar 2.1 onwards, it will be possible to use a single installer to streamline the installation process.
14. Can you define which “Legacy” operating systems StellarProtect (Legacy Mode) can support?
- Client OS:
o Windows 2000 SP4 (32-bit)
o Windows XP SP1/SP2/SP3 (32-bit) (except Starter and Home editions)
o Windows Vista No-SP/SP1/SP2 (32-bit) (except Starter and Home editions)
o Windows (Standard) XP Embedded SP1/SP2 (32-bit) - Server OS:
o Windows 2000 Server SP4 (32-bit)
o Windows Server 2003 SP1/SP2 (32-bit)
o Windows Server 2003 R2 No-SP/SP2 (Standard/Enterprise/Storage) (32-bit)
o Windows Server 2008 R2 No-SP (64-bit)
15. Does the USB/Device control feature also filter USB devices (e.g., mouse, keyword, etc.)?
No, the USB/Device control feature does not support USB devices like mouses or keyboards, it only works with the storage device.
Configuration
1. If I need to update numerous applications or files with Application Lockdown feature on, what would be the best approach?
- Before updating anything, turn on “maintenance mode” and then proceed with the updates. Make sure “maintenance mode” is on for the duration of the updating process.
- Once the updates are finished, StellarProtect (Legacy Mode) / StellarProtect will check added/modified files and rebuild the approved list automatically.
2. If I want to upgrade OT applications with the OT Application Safeguard feature on, what would be the best approach?
To upgrade OT applications, we highly recommend that users turn on “maintenance mode” before proceeding. Users should also specify the amount of time that will be needed, so that during the upgrades, the OT Application Safeguard feature will not block the modification of critical application files.
3. What can I do to expedite the application of policy settings to Stellar agents, rather than waiting for the standard 20-minute sync-up period?
Users have the ability to initiate “Apply Policies” from StellarOne or initiate “Policy Sync” directly from Stellar agents.
4. What ports and URLs need to be permitted through the Stellar Series firewall?
- For Stellar version 1.2/2.0
StellarOne uses the port 443 and odc.cs.txone-networks.com for license verification and renewal. StellarOne uses the port 443 and following links for Active Update server.
- https://txse-p.activeupdate.trendmicro.com/activeupdate
- https://txsp-p.activeupdate.trendmicro.com/activeupdate
- For Stellar version 2.1 and after
StellarOne uses the port 443 and odc.cs.txone-networks.com for license verification and renewal. StellarOne uses the port 443 and the following links for Active Update server.
- https://ttau.cs.txone.com/protect
- https://ttau.cs.txone.com/enforce
- The following ports are critical and reserved for StellarOne or Stellar agent communication use, including:
o StellarOne’s listening port for StellarProtect (Legacy Mode): 8000
o StellarOne’s listening port for StellarProtect: 9443
o StellarOne’s listening port for pattern update: 443
o StellarProtect and StellarProtect (Legacy Mode)’s listening port: 14336
There are other ports reserved for private usage. For more details, please refer to the official installation guide.
5. What can we do if the second disk of StellarOne was not attached?
- If users forget to attach the second disk for StellarOne, the service cannot successfully start.
- Command 'env ls' could help you know current StellarOne running status from VShell.
- To attach the second disk, please power off the StellarOne virtual instance and assign the second disk based on estimated sizing, then turn the StellarOne virtual instance back on.
6. Can we configure or customize the table view of StellarOne for agent management?
Absolutely. Users can tailor the table view to their needs by selecting columns and adjusting their order through the 'Customize Table Display' button.
Integration
1. Can StellarOne integrate with Trend Micro Vision One to retrieve the User-Defined Suspicious Object (UDSO)?
No, this function is not officially supported yet.
2. Does StellarOne support the integration with Active Directory and synchronize groups?
No, this function is not officially supported yet.
3. Does StellarOne support integration with any SIEM tools?
Currently, the integration with SIEM tools has to be done via syslog forwarding feature.
4. Does StellarOne support integration with Trend Micro VisionOne?
Yes, it does; users can register their StellarOne to Trend Micro VisionOne platform to gain visibility on detection collected from StellarOne.
5. What syslog format does StellarOne support?
Currently, StellarOne only supports CEF format for syslog integration.
6. I have a list of IOC(s) shared by partners, how can I integrate those IOC(s) with StellarOne?
StellarOne supports the User-Defined Suspicious Object (UDSO) feature to help defend against suspicious files via hash value. You can import file hash values into StellarOne to prevent unauthorized execution from those suspicious files.
Troubleshooting
1. How do I collect the debug log when an installation has failed, or if I encounter unexpected issues after?
The TXOne StellarProtect (Legacy Mode) (WKSupporTool.exe) and StellarProtect (op_diagnostic.exe) diagnostic toolkits offer administrators the ability to perform several diagnostic functions, including debugging logs collection, please follow the Administration Guide > Troubleshooting session to collect the debug log and submit a case for further analysis.
Migration
1. Will there be a migration from Trend Micro Safe Lock (TMSL) to TXOne StellarProtect (Legacy Mode)?
- There will be no migration, so everything will have start fresh from license to deployment. However, we can make some recommendations to make the transition more seamless:
- You can export the following TMSL Agent configurations to StellarProtect (Legacy Mode)
o Configuration File (.xml from SLIM or Agent)
o Approved List (.csv from SLIM, .db from TMSL Agent) - Please make sure you understand the configuration file before importing it to StellarProtect (Legacy Mode).
2. Can managed Stellar agents report to a different StellarOne?
Yes, the migration from one StellarOne to another is doable. Please submit a case and request the migration script and detailed instructions.
3. Can standalone Stellar agents register a newly installed StellarOne?
Yes, it is doable if users would like to manage Stellar agents which were installed as standalone previously. Please submit a case and request detailed instructions.