Since a couple of months we are using the Trendmicro module in a Cisco ASA5520 firewall. To be honest, I am not very happy with the way the thing works. It is often all or nothing. Let me explain: it seems wise to block .exe downloads, since you don't want that users download possibly malicious code and/or install software. However, when you enable file blocking, this means that all users, including IT department cannot download .exe files. This means that our WSUS (windows update servers) cannot download their updates anymore. There are no groups of users or ip addresses you can exclude from the scanner and this is very annoying. I was wondering how other CSC SSM module users cope with this.
Rolf Utrecht, Netherlands