Views:

Cloud Syslog Forwarding

Removing “Server address” and Disabling Cloud Syslog Forwarding prevents the mentioned data from being sent to Trend Micro.

Data collectedIP address
Console locationLogs & Reports > Cloud Syslog Forwarding > Enable
Console settings

Server address

Cloud Syslog Forwarding

Click the image to enlarge.

Back to top

Okta Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected
  • URL
  • Digital certificate
Console locationAdministration > Directory Services > Click here > “Okta” Authentication Method
Console settings
  • Server URL
  • Public SSL certificate

Identity Provider Settings

Click the image to enlarge.

Back to top

Microsoft Entra ID Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected
  • URL
  • Digital certificate
Console locationAdministration > Directory Services > Click here > “Microsoft Entra ID” Authentication Method
Console settings

 

  • Server URL
  • Public SSL certificate

Identity Provider Settings-2

Click the image to enlarge.

Back to top

Virtual Gateway

Trend Micro Web Security virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling virtual gateways prevents the mentioned data from being sent to Trend Micro, but users need to enter their user name and password for authentication before they can access Internet services.
 
Data collectedIP addresses
Console locationGateways > Add/Edit Virtual Gateway > Basic Information
Console settings

Static IP address

Static IP address

Click the image to enlarge.

Back to top

On-premises Gateway

Trend Micro Web Security on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling on-premises gateways prevents the mentioned data from being sent to Trend Micro, but user traffic need to be transmitted to the Trend Micro Web Security cloud.
 
Data collectedIP addresses
Console location

Gateways

IP Address

Click the image to enlarge.

Console settings

Back to top

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious objects. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.

 
Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect advanced malware.
 
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Cloud Virtual Analyzer

Cloud Virtual Analyzer

Click the image to enlarge.

 

The detected suspicious objects are shown on:

Policies > CLOUD VIRTUAL ANALYZER > Suspicious Objects

Suspicious Objects

Click the image to enlarge.

 

Back to top

Web Reputation

Trend Micro Web Security leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.

 
Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect malicious URLs.
 
Data collectedURLs
Console locationPolicies > Threat Protection > Add/Edit > Web Reputation
Console settings

Enable: On

Enable Web Reputation

Click the image to enlarge.

Back to top

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.

 
Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect new, previously unidentified, or unknown threats.
 
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Predictive Machine Learning: On

Predictive Machine Learning

Click the image to enlarge.

Back to top

HTTPS Inspection

Trend Micro Web Security allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro to establish a trusted relationship between the Trend Micro Web Security CA certificate and your organization's own CA certificate.

 
Disabling cross-signed CA certificate prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
 
HTTPS Inspection (CA certificate)
Data collectedDigital certificates
Console location

Policies > Global Settings

  • Enable HTTPS Inspection

Policies > Decryption Rules > Add/Edit > Certificate

  • Cross-signed certificate: [Choose file...]

    Choose File

    Click the image to enlarge.

Console settings

Trend Micro Web Security manages CA certificates to determine that a web server's signature is trusted.

 
Disabling certificate management prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
 
HTTPS Inspection (Certificate Management)
Data collectedDigital certificates
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable certificate management

Policies > Digital Certificates > CA Certificates

  • Trusted CA Certificates or Untrusted CA Certificates > Add

Policies > Digital Certificates > Exceptions

  • Add

Digital Certificates

Click the image to enlarge.

Console settings

Trend Micro Web Security allows administrators to maintain a list of trusted domains, whose HTTPS traffic will not be subject to Trend Micro Web Security policy rules, and always be accessible by end users without being decrypted and inspected by Trend Micro Web Security.

 
Disabling HTTPS tunneling prevents the mentioned data from being sent to Trend Micro, but failure pages will always display if HTTPS decryption fails.
 
HTTPS Inspection (HTTPS tunneling)
Data collectedDomains
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable HTTPS Inspection
  • Enable HTTPS tunneling

Policies > HTTPS Tunnels > Tunneled Domains

  • Add to Tunneled Domains List or Add to Exceptions List

    Tunneled Domains

    Click the image to enlarge.

Policies > HTTPS Tunnels > Failed HTTPS Accesses

  • Enable auto tunneling for fatal failures: On
  • Add to Tunneled Domains List or Add to Exceptions List

    Failed HTTPS Accesses

    Click the image to enlarge.

Console settings

Back to top

Customized URL Categories

Trend Micro Web Security allows administrators to add customized URL categories to subject URLs that are not part of the Trend Micro predefined categories to cloud access rules and HTTPS decryption rules.

 
Disabling Customized URL Categories prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies to URLs that are not part of the Trend Micro predefined categories.
 
Data collected
  • IP addresses
  • URLs
  • Domains
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export URL Categories or select a URL category to edit

Customized URL Categories

Click the image to enlarge.

Back to top

IP Address Groups

Trend Micro Web Security allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.

 
Disabling IP Address Groups prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies or settings based on IP addresses.
 
Data collectedIP addresses
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export IP Groups or select an IP address group to edit

IP Address Groups

Click the image to enlarge.

Back to top

Log Analysis

 

Logs cannot be disabled unless you choose to NOT use Trend Micro Web Security.

Trend Micro Web Security saves logs for 181 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from Trend Micro Web Security.

 
Data collected
  • Time
  • User names
  • Departments
  • Domains
  • URLs
  • IP addresses
Console locationLogs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer
Console settings

Log Analysis

  • Policy Enforcement
  • Internet Access
  • Virtual Analyzer

Log Analysis

Click the image to enlarge.

Back to top

Log Favorites

 
Disabling Log Favorites prevents the mentioned data from being sent to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.
 
Data collected
  • User names
  • Departments
  • Gateways
  • Domains
  • URLs
Console locationLogs & Reports > Log Favorites
Console settings

Log Favorites

Click the image to enlarge.

Back to top

Reports

 
Disabling Reports prevents the mentioned data from being sent to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.
 
Data collected
  • IP addresses
  • User names
Console locationLogs & Reports > Reports
Console settings

Add, Duplicate or select a report to edit.

Reports

Click the image to enlarge.

Back to top

PAC Files

PAC files are used to forward web traffic from your organization's desktops to Trend Micro Web Security.

 
Disabling PAC Files prevents the mentioned data from being sent to Trend Micro, but some websites may fail to open.
 
Data collected
  • IP addresses
  • Domains
Console locationAdministration > SERVICE DEPLOYMENT > PAC Files
Console settings

Add, Duplicate or select a PAC file to edit.

PAC Files

Click the image to enlarge.

Back to top

Enforcement Agent

Uninstall the Enforcement Agent

Data collected
  • Client IP address
  • Application name
  • User name
  • User id
Console locationAdministration > Service Deployment > Enforcement Agent > Click “Agent platform for Windows” > Click the “Windows Download” Button
Console settings

Enforcement Agent_New

Click the image to enlarge.

Data collected
  • Client IP address
  • Application name
  • User name
  • User ID
Console locationAdministration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS
Console settings

Server address

DCN_TMWS_iOS1

Click the image to enlarge.

Data collected
  • Debug logs for Agent behavior
  • PAC file content
  • User name
Console location
  • Administration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS
  • iOS/iPadOS Agent app > Settings > Contact Us
Console settings

DCN_TMWSA_iOS2

Click the image to enlarge.

DCN_TMWSA_iOS3b

Click the image to enlarge.

 
Certain features available in Trend Micro Web Security Agent collect and send feedback data regarding product usage to Trend Micro. Some of the data may be considered personal data in certain jurisdictions and under certain regulations. By installing Trend Micro Web Security Agent, the following data will be collected. You cannot disable the collection of this data.
  • Email address and password (required to log on to TMWS end user portal)
  • URLs (required for blocking malicious websites and filtering websites inappropriate for your company)
 
Data collected
  • HTTP traffic data in the browser
  • Token
Console locationAdministration > SERVICE DEPLOYMENT > Enforcement Agent > Android
Console settings

DCN_TMWS_Android1

Click the image to enlarge.

When the Agent app is deployed through Microsoft Intune with the always-on VPN mode enabled, the data collection cannot be disabled.

DCN_TMWS_Android2

Click the image to enlarge.

When the Agent app is deployed through Microsoft Intune without enabling the always-on VPN mode, or is not deployed through Microsoft Intune, the data collection can be disabled manually.

DCN_TMWS_Android3

Click the image to enlarge.

Data collected
  • Debug logs for TMWS Agent behavior
  • Basic mobile information (device model, Android OS version, locale, TMWS Agent version)
Console location
  • Administration > SERVICE DEPLOYMENT > Enforcement Agent > Android
  • Android Agent app > Settings > Contact Us
Console settings

DCN_TMWS_Android4

Click the image to enlarge.

DCN_TMWS_Android5

Click the image to enlarge.

 
Certain features available in Trend Micro Web Security Agent collect and send feedback data regarding product usage to Trend Micro. Some of the data may be considered personal data in certain jurisdictions and under certain regulations. By installing Trend Micro Web Security Agent, the following data will be collected. You cannot disable the collection of this data.
  • Email address and password (required to log on to TMWS end user portal)
 

Back to top

Directory Services

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Directory Services prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not authenticate and apply policies to AD users of your organization.
 
Directory Services
Data collected
  • AD hosts
  • Domains
  • AD users
  • AD BaseDNs
  • AD passwords

     
    In direct AD mode, TMWS requires the admin to input an AD username/password on TMWS console. This AD username/password will be used to synchronize the AD information (excluding passwords) into TMWS.
     
Console locationAdministration > Users & Authentications > Click “here” > Direct
Console settings

AD Integration

Direct

Click the image to enlarge.

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling SAML Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support ADFS authentication to authenticate AD users of your organization.
 
Directory Services (SAML Authentication)
Data collected
  • ADFS URLs
  • Digital Certificates
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML
Console settings

AD Integration

SAML

Click the image to enlarge.

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Agent Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support Agent authentication to authenticate AD users of your organization.
 
Directory Services (Agent Authentication)
Data collectedIP addresses
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > Agent
Console settings

AD Integration

Agent

Click the image to enlarge.

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Synchronization Agent prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not synchronize AD users from your organization to authenticate them using SAML or Agent authentication method.
 
Directory Services (Synchronization Agent)
Data collected

AD user information, including:

  • User information: department, mail, userPrincipalName, sMAAccountName, memberOf, displayName, distinguishedName
  • Group information: groupName
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML/Agent
Console settings

Download the Synchronization Agent

SAML_agent

Click the image to enlarge.

Back to top

Hosted Users

Trend Micro Web Security supports hosted user accounts to allow them to forward web traffic through Trend Micro Web Security.

 
Disabling Hosted Users prevents the mentioned data from being sent to Trend Micro, but hosted users will not be able to forward their network traffic to Trend Micro Web Security for policy enforcement.
 
Data collected
  • Email addresses
  • Passwords
  • groups
  • departments
Console locationAdministration > Users & Authentications > Hosted Users
Console settings

Add or Import/Export User Accounts or select a hosted user to edit

Hosted users

Click the image to enlarge.

Back to top

Administrator Alerts

Trend Micro Web Security uses Administrator Alerts to notify administrators of particular events as they occur.

 
Disabling Administrator Alerts prevents the mentioned data from being sent to Trend Micro, but administrators will not receive events of interest to monitor users’ abnormal network activities.
 
Data collectedEmail addresses
Console locationAdministration > ADMINISTRATOR ALERTS > Administrator Alerts
Console settings

Add or Duplicate or click on an Administrator alert to edit

Administrator alerts

Click the image to enlarge.

Back to top

Bandwidth Control

Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.

 
Disabling Bandwidth Control prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to control users’ network traffic based on your organization's actual Internet bandwidth settings.
 
Data collected
  • IP addresses
  • Users
Console locationGateways > Edit On-Premises Gateway
Console settings

Bandwidth Control

Bandwidth Control

Click the image to enlarge.

Back to top

Approved/Blocked URLs

Approved URLs are websites that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. Blocked URLs are websites that you do not want users to visit.

 
Disabling Approved/Blocked URLs prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to always allow or block some websites.
 
Data collectedURLs
Console locationPolicies > Approved/Blocked URLs
Console settings
  • Match mode: Web > Website Match [URL] or Import/Export URLs
  • Add to Approved or Add to Blocked

Approved-Block-URLs

Click the image to enlarge.

Back to top

Digital Certificates

Without cross sign CA, customer need import the CA into their clients.

Data collectedCross-Sign Certificate
Console locationPolicies > Decryption Rules > Add/Edit > Certificate
Console settings

Choose file and upload CA

Cross Sign

Click the image to enlarge.

Without certificate management, Customer will experience untrusted warning on the browsers.

Data collectedWeb Service Certificates
Console locationPolicies > Global Settings > HTTPS Inspections > Advanced Settings
Console settings
  • Enable HTTPS Inspections
  • Enable certificate management

Web Service Certificates

Click the image to enlarge.

Data collectedTrusted CA
Console location

Policies > Digital Certificates > CA Certificates

  • Add Untrusted CA Certificates
  • Add Trusted CA Certificates

Policies > Digital Certificates > Exceptions

  • Add Exceptions
Console settings

Trusted-CA

Click the image to enlarge.

Back to top

Sync Agent

Data collected

AD user information, including:

  • User information:

    • department
    • mail
    • userPrincipalName
    • sMAAccountName
    • memberOf
    • displayName
    • distinguishedName
  • Group information:

    • groupName
Console locationAdministration > Users & Authentications > Directory Service > Click “here” > AD FS/Agent
Console settingsDownload Sync Agent and install on your AD.

Back to top

Cloud Service Filters

Removing the filter prevents the mentioned data from being sent to Trend Micro.

Data collectedDomains
Console locationPolicies > Cloud Service Filters > Add/Edit a filter
Console settings

URLs > Host

Cloud Service Filters

Click the image to enlarge.

Back to top

Target Domain Groups

Removing the domain group prevents the mentioned data from being sent to Trend Micro.

Data collectedDomains
Console locationPolicies > Target Domain Groups > Add/Edit a domain group
Console settings

Domain Name

Target-Domain-Groups

Click the image to enlarge.

Back to top