Views:

To add the TMProxy Approved List in Core Protection Module/Endpoint Security Platform:

  1. Disable Client Self Protection First in Core Protection Module using a fixlet.
  2. Make sure that Trend Micro Behavior Monitoring Service is disabled:
    1. Run services.msc.
    2. Make sure that Trend Micro Unauthorized Change Prevention Service is disabled/stopped.

  1. Open ..\Program Files\Trend Micro\Core Protection Module\CpmConfig.ini.
  2. Add the following keys under the [Global Setting] section and assign the appropriate value:

    [Global Setting]
    SEG_WhiteListProcNum=x

    where x is the number of approved processes;
    Note: The maximum value is 10.

    Example:
    SEG_WhiteListProcNum=0
    SEG_WhiteListProc1=javaw.exe
    where javaw.exe are user-approved process names.

  3. Save and close the file.

  1. Open the Registry Editor.
  2. Go to HKLM > Software > TrendMicro > NSC > TMProxy > WhiteList.
  3. Right-click SEG_WhiteListProcNum and select Modify.
  4. Enter a number from 0 to 10, where 0 = 1 process, 10 = 9 processes to be whitelisted.
  5. Click OK.
  6. Right-click WhiteList folder and select New > Key.
  7. Name the new key the same as the name of the process to be whitelisted without the .exe extension.

    Example: javaw for javaw.exe.

  8. Click on the new key, right-click on an empty space on the right pane, and select New > String Value.
  9. Enter "ProcessImageName" as its Name.
  10. Right-click ProcessImagename and select Modify.
  11. Enter the process name (i.e. javaw.exe) in the Value data field.

    To add another process to the TMProxy whitelist, repeat Step 2: Modify the CpmConfig.ini.

  12. Restart the CPM/ESP client.

    CPM/ESP does not automatically create the registry entries so make sure you add it manually.

Keywords: whitelist,core protection module whitelisting