IBM Support

How can I setup the Trend Core Protection Module Server to work in an air-gapped deployment for Pattern Definitions?

Technote (troubleshooting)


Problem(Abstract)

The limiting factor is that the TMCPMAuHelper.exe
process cannot access the internet to download new pattern-sets, requiring a manual solution that involves mimicking the same actions of the 'Set
ActiveUpdate Server Pattern Update Interval' task across two machines:

Resolving the problem

In an air-gapped environment, the limiting factor is that the TMCPMAuHelper.exe process cannot access the internet to download new pattern-sets. This will require a manual solution that involves mimicking the same actions of the 'Set ActiveUpdate Server Pattern Update Interval' task across two machines:

  1. Install the CPM Server Components to the air-gapped TEM Server using ID# 15 Task: Core Protection Module - Install Server Components.
  2. Install the CPM Server Components to a machine that has internet access using ID# 15 Task: Core Protection Module - Install Server Components.
    Note: This does not have to be another TEM Server.
    Note: You will have to make a custom copy of this task without the applicability relevance, as it will restrict installation to only TEM Servers.
  3. On the networked machine, run the TMCPMAuHelper.exe (double-click or from the command line). It is located by default: C:\Program Files\Trend Micro\Core Protection Module Server\TMCPMAuHelper.exe.
  4. After the TMCPMAuHelper.exe completes downloading, the new pattern-set will be stored in folder:
    C:\Program Files\Trend Micro\Core Protection Module Server\Components
  5. If you ran TMCPMAuHelper.exe recently, this folder may be empty because it may already have the latest pattern-set. That is determined by the contents of complimentary cache folder
    C:\Program Files\Trend Micro\Core Protection Module Server\download
  6. If you want to download a new copy of the latest pattern-set regardless of what it currently has, delete the contents of the 'download' directory and run TMCPMAuHelper.exe again.
  7. After a new pattern-set is downloaded, copy all the contents from the 'components' directory from the networked machine onto the same 'components' directory of the air-gapped BES Server.
  8. When the new pattern-set has been copied over, manually run TrendMirrorScript.exe on the air-gapped TEM Server.
  9. After TrendMirrorScript.exe completes, in the CPM Dashboard navigate to the Pattern Updates Wizard and refresh the dashboard using the menu button. The pattern definition you have transferred is now available for distribution to clients manually or via the automatic update process.

Historical Number

1803

Document information

More support for: IBM BigFix family

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 1506239

Modified date: 12 August 2011


Translate this page: