Views:

Agent Deployment

How to uninstall Standard Endpoint Protection / Server & Workload Protection / Endpoint Sensor

Endpoint type	Instruction
Standard Endpoint Protection	Uninstall Standard Endpoint Protection agents completely by following the steps: Step 1: Uninstall the Vision One Standard Endpoint Protection EPP module by the online help article: Uninstall the Standard Endpoint Protection Agent Step 2: If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Server & Workload Protection	Uninstall Server & Workload Protection agents completely by following the steps: Step 1: Uninstall the Vision One Server & Standard Endpoint Protection EPP module by the online help article: Uninstall the Server & Workload Protection Agent Step 2: If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Sensor only	If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.

Could Vision One Endpoint Security Agent Installation Package being used to upgrade agents

Agent Packet Type	Instruction
Standard Endpoint Protection	Standard Endpoint Protection is able to used to upgrade Apex One agent if the targeted Apex One agent is registered to the same endpoint group manager
Server & Workload Protection	Server & Workload Protection is able to used to upgrade Deep Security Agent if the targeted Deep Security Agent is registered to the same protection manager Note: if the targeted Deep Security Agent is self-protected, the agent upgrade will fail. Refer to Enable or disable agent self-protection to disable self-protection before the agent upgrade.
Endpoint Sensor	Endpoint Sensor is not able to upgrade Vision One Endpoint Sensor. Endpoint Sensor will be upgraded automatically from the backend.

Agent Connectivity

EXPAND ALL

How Vision One agents decide network connection methods

Trend Vision One agent will try to use the following sequence to get an available network connection in sequence

Service Gateway configured from Vision One console
Proxy settings configured from Vision One console
System proxy (for Windows and Mac endpoints)
Direct connection to the internet

How to recover disconnected endpoint network connection

If the agent has disconnected from Vision One backend because of a network environment change, the following step can be used to update the network configuration to the agent

Configure and save the proxy / Service Gateway in the Vision One console
- The agents belonging to this group/instance will also change the proxy setting after pressing the save button on the proxy setting page.
- Service Gateway is a company-wise setting that will affect all the agents belonging to this company.
Download and install the Vision One Endpoint Security agent deployment package again
The network connection setting contained in the Vision One agent deployment package will be applied automatically after installation

Configurations

EXPAND ALL

How to configure Server & Workload Protection scan exception to exclude Endpoint Sensor

To exclude the Vision One Endpoint Sensor process from Server & Workload Protection

If there is a pre-defined file list "Trend Vision One Endpoint Sensor Exclusion List" under Server & Workload Protection -> Policies → Common Objects → File Lists → "Trend Vision One Endpoint Sensor Exclusion List", apply the pre-defined file list content into the Exclusions of the used Malware Scan Configurations

Otherwise, copy the below Vision One Endpoint Sensor file list into the Exclusions of the used Malware Scan Configurations

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe

C:\Program Files\Trend Micro\Cloud Endpoint\CloudEndpointService.exe

C:\Program Files (x86)\Trend Micro\EndpointResponse\ResponseService.exe

C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe

C:\Program Files\Trend Micro\ZTSA\ZTSAWindows.exe

/opt/TrendMicro/EndpointBasecamp/bin/tmxbc

/opt/TrendMicro/vls_agent/vls_agent

/opt/TrendMicro/vls_agent/vls_am

/opt/TrendMicro/vls_agent/vlsa

Apply the file list in the exception list of Malware Scan Configurations by following the steps (use real-time scan exception as an example)

Select the policy would like to be applied exception, click Details
Click Anti-Malware
Under the Real-Time Scan section, click Edit under Malware Scan Configuration
Select the Exclusion tab in the Default Real-Time Scan Configuration Properties window.
On the Process Image File List section, click Edit.
Add the file list you want to exclude (copied from the above file list or copied from "Trend Vision One Endpoint Sensor Exclusion List") into the list. Note that you can only add one file per line.
Click Apply to save changes.

How to configure Server & Workload Protection application control trust rule set to exclude Endpoint Sensor

For Server & Workload Protection Application Control, we suggest customers use Application Control by the guide of the online help here: Set up Application Control

To exclude the Vision One Endpoint Sensor process from the block action, apply the below trust rules to the used trust rule set.

Platform	Usage	Trust Rules
Platform	Usage	#	Types of trust rules	Properties
Windows	Vision One Endpoint Sensor	1	Allow from Source	Signer Name* = Trend Micro, Inc.
		2	Allow by Target	Signer Name* = Trend Micro, Inc.
		3	Allow by Target	Signer Name* = OpenVPN Inc. Product Name* = OpenVPN
		4	Allow by Target	Signer Name* = Microsoft Corporation EdgeBuild Product Name* = Microsoft Edge Update
		5	Allow from Source	Signer Name* = Microsoft Corporation EdgeBuild Product Name* = Microsoft Edge Update
		6	Ignore by Source	ProcessName = C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe
Linux	Vision One Endpoint Sensor	1	Allow by target	processName = /**/tmxbc
		2	Allow by Target	Paths = /opt/TrendMicro/EndpointBasecamp
		3	Allow by Target	Paths = /opt/TrendMicro/vls_agent

Keywords: V1ES, endpoint management, agent deployment, agent connectivity, configurations

Trend Vision One Endpoint Security Endpoint Management FAQ

Product / Version includes:

Trend Vision OneAll

Last updated: 2023/09/19

Solution ID: KA-0015011

Category: Configure , Troubleshoot , Uninstall

Summary

This FAQ will help you address questions related to Trend Vision One Endpoint Security endpoint management.

Agent Deployment

EXPAND ALL

How to uninstall Standard Endpoint Protection / Server & Workload Protection / Endpoint Sensor

Endpoint type	Instruction
Standard Endpoint Protection	Uninstall Standard Endpoint Protection agents completely by following the steps: Step 1: Uninstall the Vision One Standard Endpoint Protection EPP module by the online help article: Uninstall the Standard Endpoint Protection Agent Step 2: If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Server & Workload Protection	Uninstall Server & Workload Protection agents completely by following the steps: Step 1: Uninstall the Vision One Server & Standard Endpoint Protection EPP module by the online help article: Uninstall the Server & Workload Protection Agent Step 2: If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Sensor only	If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.

Could Vision One Endpoint Security Agent Installation Package being used to upgrade agents

Agent Packet Type	Instruction
Standard Endpoint Protection	Standard Endpoint Protection is able to used to upgrade Apex One agent if the targeted Apex One agent is registered to the same endpoint group manager
Server & Workload Protection	Server & Workload Protection is able to used to upgrade Deep Security Agent if the targeted Deep Security Agent is registered to the same protection manager Note: if the targeted Deep Security Agent is self-protected, the agent upgrade will fail. Refer to Enable or disable agent self-protection to disable self-protection before the agent upgrade.
Endpoint Sensor	Endpoint Sensor is not able to upgrade Vision One Endpoint Sensor. Endpoint Sensor will be upgraded automatically from the backend.

Agent Connectivity

EXPAND ALL

How Vision One agents decide network connection methods

Trend Vision One agent will try to use the following sequence to get an available network connection in sequence

Service Gateway configured from Vision One console
Proxy settings configured from Vision One console
System proxy (for Windows and Mac endpoints)
Direct connection to the internet

How to recover disconnected endpoint network connection

If the agent has disconnected from Vision One backend because of a network environment change, the following step can be used to update the network configuration to the agent

Configure and save the proxy / Service Gateway in the Vision One console
- The agents belonging to this group/instance will also change the proxy setting after pressing the save button on the proxy setting page.
- Service Gateway is a company-wise setting that will affect all the agents belonging to this company.
Download and install the Vision One Endpoint Security agent deployment package again
The network connection setting contained in the Vision One agent deployment package will be applied automatically after installation

Configurations

EXPAND ALL

How to configure Server & Workload Protection scan exception to exclude Endpoint Sensor

To exclude the Vision One Endpoint Sensor process from Server & Workload Protection

If there is a pre-defined file list "Trend Vision One Endpoint Sensor Exclusion List" under Server & Workload Protection -> Policies → Common Objects → File Lists → "Trend Vision One Endpoint Sensor Exclusion List", apply the pre-defined file list content into the Exclusions of the used Malware Scan Configurations

Otherwise, copy the below Vision One Endpoint Sensor file list into the Exclusions of the used Malware Scan Configurations

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe

C:\Program Files\Trend Micro\Cloud Endpoint\CloudEndpointService.exe

C:\Program Files (x86)\Trend Micro\EndpointResponse\ResponseService.exe

C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe

C:\Program Files\Trend Micro\ZTSA\ZTSAWindows.exe

/opt/TrendMicro/EndpointBasecamp/bin/tmxbc

/opt/TrendMicro/vls_agent/vls_agent

/opt/TrendMicro/vls_agent/vls_am

/opt/TrendMicro/vls_agent/vlsa

Apply the file list in the exception list of Malware Scan Configurations by following the steps (use real-time scan exception as an example)

Select the policy would like to be applied exception, click Details
Click Anti-Malware
Under the Real-Time Scan section, click Edit under Malware Scan Configuration
Select the Exclusion tab in the Default Real-Time Scan Configuration Properties window.
On the Process Image File List section, click Edit.
Add the file list you want to exclude (copied from the above file list or copied from "Trend Vision One Endpoint Sensor Exclusion List") into the list. Note that you can only add one file per line.
Click Apply to save changes.

How to configure Server & Workload Protection application control trust rule set to exclude Endpoint Sensor

For Server & Workload Protection Application Control, we suggest customers use Application Control by the guide of the online help here: Set up Application Control

To exclude the Vision One Endpoint Sensor process from the block action, apply the below trust rules to the used trust rule set.

Platform	Usage	Trust Rules
Platform	Usage	#	Types of trust rules	Properties
Windows	Vision One Endpoint Sensor	1	Allow from Source	Signer Name* = Trend Micro, Inc.
		2	Allow by Target	Signer Name* = Trend Micro, Inc.
		3	Allow by Target	Signer Name* = OpenVPN Inc. Product Name* = OpenVPN
		4	Allow by Target	Signer Name* = Microsoft Corporation EdgeBuild Product Name* = Microsoft Edge Update
		5	Allow from Source	Signer Name* = Microsoft Corporation EdgeBuild Product Name* = Microsoft Edge Update
		6	Ignore by Source	ProcessName = C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe
Linux	Vision One Endpoint Sensor	1	Allow by target	processName = /**/tmxbc
		2	Allow by Target	Paths = /opt/TrendMicro/EndpointBasecamp
		3	Allow by Target	Paths = /opt/TrendMicro/vls_agent

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Vision One Endpoint Security Endpoint Management FAQ

Agent Deployment

How to uninstall Standard Endpoint Protection / Server & Workload Protection / Endpoint Sensor

Could Vision One Endpoint Security Agent Installation Package being used to upgrade agents

Agent Connectivity

How Vision One agents decide network connection methods

How to recover disconnected endpoint network connection

Configurations

How to configure Server & Workload Protection scan exception to exclude Endpoint Sensor

How to configure Server & Workload Protection application control trust rule set to exclude Endpoint Sensor

Trend Vision One Endpoint Security Endpoint Management FAQ

Product / Version includes:

Summary

Agent Deployment

How to uninstall Standard Endpoint Protection / Server & Workload Protection / Endpoint Sensor

Could Vision One Endpoint Security Agent Installation Package being used to upgrade agents

Agent Connectivity

How Vision One agents decide network connection methods

How to recover disconnected endpoint network connection

Configurations

How to configure Server & Workload Protection scan exception to exclude Endpoint Sensor

How to configure Server & Workload Protection application control trust rule set to exclude Endpoint Sensor