Views:

Intrusion Prevention and Firewall

You can optionally configure Deep Security to use a Whois service to look up which domain name is associated with an IP address when you review the logged intrusion prevention and firewall events. The IP address is sent directly to the Whois service and not to Trend Micro.

Data collectedIP address
Console locationAdministration > System Settings > Advanced
Console settings

Whois URL

Whois URL

Back to top

Anti-Malware: Smart Protection

Smart Protection Server for File Reputation Service is used by the anti-malware module. It supplies file reputation information required by Smart Scan. Alternatively, you can use a locally installed Smart Protection Server.

Data collected
  • Product information
  • Client device OS
  • Malicious or suspicious file information
  • Suspicious file signatures
  • Malicious or suspicious process information
Console locationComputer or Policy editor > Anti-Malware > Smart Protection
Console settings

Connect directly to Global Smart Protection Service

Connect directly to Global Smart Protection Service

Back to top

Anti-Malware: Process Memory Scan

Process memory scans connect to the Good File Reputation Service. This information enables Deep Security to identify good file hashes.

Data collectedFile hashes (SHA1)
Console locationPolicies > Common Object > Other > Malware Scan Configurations > Real-Time Scan configuration > General
Console settings

Scan process memory for malware

Scan process memory for malware

Back to top

Anti-Malware: Predictive Machine Learning

Predictive machine learning enables identification of potential malicious files.

Data collected
  • File name
  • Path
  • Signer
  • Hashes (SHA1)
Console locationPolicies > Common Objects > Other > Malware Scan Configurations > Real-Time Scan configuration > General
Console settings

Enable Predictive Machine Learning

Enable Predictive Machine Learning

Back to top

Anti-Malware: Smart Scan

This information is sent when a file scan occurs and enables Deep Security to identify malicious file hashes.

Data collectedFile hashes (CRC)
Console locationComputer or policy editor > Anti-Malware > Smart Protection > Smart Scan
Console settings

Untick Inherited check box (if it's selected) and select Off.

Smart Scan configuration

Back to top

Anti-Malware: Behavior Monitoring

The behavior monitoring feature communicates with the Global Census Server and Good File Reputation Service. This enables Deep Security to identify good file hashes and to retrieve statistical data.

Data collectedFile hashes (SHA1)
Console locationPolicies > Common Objects > Other > Malware Scan Configuration > Real-Time Scan configuration > General
Console settings
  • Detect suspicious activity and unauthorized changes (incl. ransomware)
  • Back up and restore ransomware-encrypted files

Behavior Monitoring configuration

Back to top

Integrity Monitoring

You can configure Deep Security Manager to automatically tag integrity monitoring events. If you select the Certified Safe Software Service option, information is sent to the Trend Micro Certified Safe Software service. Alternatively, you can select one of the other options when configuring auto tagging, or don’t enable auto-tagging.

Data collectedFile hashes (SHA1) and additional information
Console locationEvents and Reports > Integrity Monitoring Events > Auto-Tagging > New Trusted Source
Console settings

Certified Safe Software Service

Certified Safe Software Service

Back to top

Web Reputation

The web reputation module uses the Trend Micro Smart Protection Network to determine whether URLs are malicious. When Connect directly to Global Smart Protection Service is selected, URLs are sent to Trend Micro. Alternatively, you can opt to use a locally installed Smart Protection Server. You must select one of these options to use the web reputation module. If you don’t want to use either of those options, go to the General tab and change the Web Reputation State to Off to disable the web reputation module.

Data collectedURL
Console locationComputer or Policy editor > Web Reputation > Smart Protection
Console settings

Connect directly to Global Smart Protection Service

Connect directly to Global Smart Protection Service

Back to top

Smart Feedback

Smart Feedback enables you to participate, share, and leverage Trend Micro’s global database of threat-related intelligence to rapidly identify and defend against potential threats within your unique network environment.

Data collected
  • IP address
  • Filename/Path
  • Hostname
  • Suspicious executables and partial file content
Console locationAdministration > System Settings > Smart Feedback
Console settings

Enable Trend Micro Smart Feedback

Enable Trend Micro Smart Feedback

Back to top

Managed Detection and Response

With industry-leading detection technologies managed and correlated by expert threat investigators, Trend Micro MDR service detects, analyzes, and responds to threat activities actively in timely manner for subscribed customers.

Data collected
  • Host name
  • IP
  • File information
  • URL information
  • Network traffic information
  • Log/event information
Console locationAdministration > System Settings > Managed Detection and Response ​​
 
Contact sales to enroll MDR service.
 
Console settings

Enable the MDR service

Enable MDR service

Back to top

BIF

This feature is used to calculate the installation base and system status of Trend Micro Deep Security.

Data collected
  • Activation Code and GUID
  • Product version
  • Feature enabled status
  • System status
Console locationThis feature cannot be disabled .
Console settings

Back to top

Keywords: data collection notice ds,deep security collected data