Views:

Web Reputation

Deep Discovery Web Inspector integrates the Trend Micro Smart Protection Network, a cloud-based infrastructure that determines the reputation of websites that users attempt to access. Deep Discovery Web Inspector logs URLs that Smart Protection technology identifies as fraudulent or known sources of threats, and uploads the logs to the Threat Management Services Portal for report generation.

 
If you do not want to allow Trend Micro Web Reputation services to collect any data about URLs, do not install Trend Micro Deep Discovery Web Inspector.
 
Data collectedURLs
Console locationThis feature cannot be disabled. If you do not want this data to be collected, please uninstall the application.
Console settings

Back to top

Scan Policies

Deep Discovery Web Inspector uses scan policies to determine what incoming traffic should be scanned and the action to take if there is a policy match.

To prevent the transmission of data by scan policies, you can delete all custom policies and disable the default policy (which cannot be deleted).

 
Deleting all custom policies and disabling the default policy prevents the transmission of data to Trend Micro but also prevents Deep Discovery Web Inspector from inspecting traffic. All traffic will bypass scanning and traverse the appliance without scanning. This prevents Deep Discovery Web Inspector from detecting and protecting against security threats.
 
Data collected
  • File SHA1s
  • Filenames
  • URLs
Console locationPolicy > Policy > [Policy Name]
Console settings

Enable

Enable

Scan policy

Back to top

Smart Feedback

Smart Feedback enables you to participate, share, and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.

Data collected
  • IP addresses
  • URLs
  • Filenames/paths
  • Hostnames
  • Suspicious executable files
  • Partial file content
Console locationThis feature cannot be disabled from the product console. Contact Technical Support for assistance if you want to disable data collection from Smart Feedback.
Console settings

Back to top

Virtual Analyzer

Virtual Analyzer is a secure virtual environment that opens suspicious files submitted by Deep Discovery Web Inspector to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.

 
Disabling Virtual Analyzer prevents the transmission of data to Trend Micro but severely impacts the ability of Deep Discovery Web Inspector to detect advanced malware.
 
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • Filenames/paths
Console locationAdministration > Virtual Analyzer > Images
Console settings

[Image Name] > Delete

 
You must delete all images to prevent the transmission of data to Trend Micro.
 

Delete images

Back to top

Threat Connect

Threat Connect allows you to assess and understand the complete nature of an attack or threat based on a visual representation of relevant intelligence gathered by the Trend Micro Smart Protection Network™ and Trend Micro Threat Researchers. Threat Connect can characterize specific attack components such as malware and command & control activity, and map the complex relationships between the components.

Data collected
  • IP addresses
  • Hostnames
  • URLs
  • Filenames
  • File SHA1s
Console locationDetections > All Detections > [expand details] > Detection Information
Console settings

Threat name [link]

 
The only way to prevent the transmission of the data back to Trend Micro servers is to not click the Threat name link.
 

Threat name

Back to top

Keywords: data collection disclosure ddwi,ddwi collected data,generated data by deep discovery web inspector