Views:

Cloud Syslog Forwarding

Removing “Server address” and Disabling Cloud Syslog Forwarding prevents the mentioned data from being sent to Trend Micro.

Data collected	IP address
Console location	Logs & Reports > Cloud Syslog Forwarding > Enable
Console settings	Server address ^{Click the image to enlarge.}

Okta Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected	URL Digital certificate
Console location	Administration > Directory Services > Click here > “Okta” Authentication Method
Console settings	Server URL Public SSL certificate ^{Click the image to enlarge.}

Microsoft Entra ID Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected	URL Digital certificate
Console location	Administration > Directory Services > Click here > “Microsoft Entra ID” Authentication Method
Console settings	Server URL Public SSL certificate ^{Click the image to enlarge.}

Virtual Gateway

Trend Micro Web Security virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

Disabling virtual gateways prevents the mentioned data from being sent to Trend Micro, but users need to enter their user name and password for authentication before they can access Internet services.

Data collected	IP addresses
Console location	Gateways > Add/Edit Virtual Gateway > Basic Information
Console settings	Static IP address ^{Click the image to enlarge.}

On-premises Gateway

Trend Micro Web Security on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

Disabling on-premises gateways prevents the mentioned data from being sent to Trend Micro, but user traffic need to be transmitted to the Trend Micro Web Security cloud.

Console settings	Gateways ^{Click the image to enlarge.}
Data collected	IP addresses
Console location	Gateways ^{Click the image to enlarge.}

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious objects. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.

Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect advanced malware.

Data collected	IP addresses URLs Hostnames File names/paths
Console location	Policies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings	Cloud Virtual Analyzer ^{Click the image to enlarge.} The detected suspicious objects are shown on: Policies > CLOUD VIRTUAL ANALYZER > Suspicious Objects ^{Click the image to enlarge.}

Web Reputation

Trend Micro Web Security leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.

Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect malicious URLs.

Data collected	URLs
Console location	Policies > Threat Protection > Add/Edit > Web Reputation
Console settings	Enable: On ^{Click the image to enlarge.}

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.

Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect new, previously unidentified, or unknown threats.

Data collected	IP addresses URLs Hostnames File names/paths
Console location	Policies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings	Predictive Machine Learning: On ^{Click the image to enlarge.}

HTTPS Inspection

Trend Micro Web Security allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro to establish a trusted relationship between the Trend Micro Web Security CA certificate and your organization's own CA certificate.

Disabling cross-signed CA certificate prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.

HTTPS Inspection (CA certificate)
Data collected	Digital certificates
Console location	Policies > Global Settings Enable HTTPS Inspection Policies > Decryption Rules > Add/Edit > Certificate Cross-signed certificate: [Choose file...] ^{Click the image to enlarge.}
Console settings

Trend Micro Web Security manages CA certificates to determine that a web server's signature is trusted.

Disabling certificate management prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.

HTTPS Inspection (Certificate Management)
Data collected	Digital certificates
Console location	Policies > Global Settings > HTTPS Inspection Enable certificate management Policies > Digital Certificates > CA Certificates Trusted CA Certificates or Untrusted CA Certificates > Add Policies > Digital Certificates > Exceptions Add ^{Click the image to enlarge.}
Console settings

Trend Micro Web Security allows administrators to maintain a list of trusted domains, whose HTTPS traffic will not be subject to Trend Micro Web Security policy rules, and always be accessible by end users without being decrypted and inspected by Trend Micro Web Security.

Disabling HTTPS tunneling prevents the mentioned data from being sent to Trend Micro, but failure pages will always display if HTTPS decryption fails.

HTTPS Inspection (HTTPS tunneling)
Data collected	Domains
Console location	Policies > Global Settings > HTTPS Inspection Enable HTTPS Inspection Enable HTTPS tunneling Policies > HTTPS Tunnels > Tunneled Domains Add to Tunneled Domains List or Add to Exceptions List ^{Click the image to enlarge.} Policies > HTTPS Tunnels > Failed HTTPS Accesses Enable auto tunneling for fatal failures: On Add to Tunneled Domains List or Add to Exceptions List ^{Click the image to enlarge.}
Console settings

Customized URL Categories

Trend Micro Web Security allows administrators to add customized URL categories to subject URLs that are not part of the Trend Micro predefined categories to cloud access rules and HTTPS decryption rules.

Disabling Customized URL Categories prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies to URLs that are not part of the Trend Micro predefined categories.

Data collected	IP addresses URLs Domains
Console location	Policies > Objects > Customized URL Categories
Console settings	Add, Duplicate or Import/Export URL Categories or select a URL category to edit ^{Click the image to enlarge.}

IP Address Groups

Trend Micro Web Security allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.

Disabling IP Address Groups prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies or settings based on IP addresses.

Data collected	IP addresses
Console location	Policies > Objects > Customized URL Categories
Console settings	Add, Duplicate or Import/Export IP Groups or select an IP address group to edit ^{Click the image to enlarge.}

Log Analysis

Logs cannot be disabled unless you choose to NOT use Trend Micro Web Security.

Trend Micro Web Security saves logs for 181 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from Trend Micro Web Security.

Data collected	Time User names Departments Domains URLs IP addresses
Console location	Logs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer
Console settings	Log Analysis Policy Enforcement Internet Access Virtual Analyzer ^{Click the image to enlarge.}

Log Favorites

Disabling Log Favorites prevents the mentioned data from being sent to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.

Data collected	User names Departments Gateways Domains URLs
Console location	Logs & Reports > Log Favorites
Console settings	^{Click the image to enlarge.}

Reports

Disabling Reports prevents the mentioned data from being sent to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.

Data collected	IP addresses User names
Console location	Logs & Reports > Reports
Console settings	Add, Duplicate or select a report to edit. ^{Click the image to enlarge.}

PAC Files

PAC files are used to forward web traffic from your organization's desktops to Trend Micro Web Security.

Disabling PAC Files prevents the mentioned data from being sent to Trend Micro, but some websites may fail to open.

Data collected	IP addresses Domains
Console location	Administration > SERVICE DEPLOYMENT > PAC Files
Console settings	Add, Duplicate or select a PAC file to edit. ^{Click the image to enlarge.}

Enforcement Agent

Uninstall the Enforcement Agent

Data collected	Client IP address Application name User name User id
Console location	Administration > Service Deployment > Enforcement Agent > Click “Agent platform for Windows” > Click the “Windows Download” Button
Console settings	^{Click the image to enlarge.}

Data collected	Client IP address Application name User name User ID
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS
Console settings	Server address ^{Click the image to enlarge.}

Data collected	Debug logs for Agent behavior PAC file content User name
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS iOS/iPadOS Agent app > Settings > Contact Us
Console settings	^{Click the image to enlarge.} ^{Click the image to enlarge.}

Certain features available in Trend Micro Web Security Agent collect and send feedback data regarding product usage to Trend Micro. Some of the data may be considered personal data in certain jurisdictions and under certain regulations. By installing Trend Micro Web Security Agent, the following data will be collected. You cannot disable the collection of this data.

Email address and password (required to log on to TMWS end user portal)
URLs (required for blocking malicious websites and filtering websites inappropriate for your company)

Data collected	HTTP traffic data in the browser Token
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > Android
Console settings	^{Click the image to enlarge.} When the Agent app is deployed through Microsoft Intune with the always-on VPN mode enabled, the data collection cannot be disabled. ^{Click the image to enlarge.} When the Agent app is deployed through Microsoft Intune without enabling the always-on VPN mode, or is not deployed through Microsoft Intune, the data collection can be disabled manually. ^{Click the image to enlarge.}

Data collected	Debug logs for TMWS Agent behavior Basic mobile information (device model, Android OS version, locale, TMWS Agent version)
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > Android Android Agent app > Settings > Contact Us
Console settings	^{Click the image to enlarge.} ^{Click the image to enlarge.}

Email address and password (required to log on to TMWS end user portal)

Directory Services

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Disabling Directory Services prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not authenticate and apply policies to AD users of your organization.

Directory Services
Data collected	AD hosts Domains AD users AD BaseDNs AD passwords In direct AD mode, TMWS requires the admin to input an AD username/password on TMWS console. This AD username/password will be used to synchronize the AD information (excluding passwords) into TMWS.
Console location	Administration > Users & Authentications > Click “here” > Direct
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Disabling SAML Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support ADFS authentication to authenticate AD users of your organization.

Directory Services (SAML Authentication)
Data collected	ADFS URLs Digital Certificates
Console location	Administration > Users & Authentications > Directory Services > Click “here” > SAML
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Disabling Agent Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support Agent authentication to authenticate AD users of your organization.

Directory Services (Agent Authentication)
Data collected	IP addresses
Console location	Administration > Users & Authentications > Directory Services > Click “here” > Agent
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Disabling Synchronization Agent prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not synchronize AD users from your organization to authenticate them using SAML or Agent authentication method.

Directory Services (Synchronization Agent)
Data collected	AD user information, including: User information: department, mail, userPrincipalName, sMAAccountName, memberOf, displayName, distinguishedName Group information: groupName
Console location	Administration > Users & Authentications > Directory Services > Click “here” > SAML/Agent
Console settings	Download the Synchronization Agent ^{Click the image to enlarge.}

Hosted Users

Trend Micro Web Security supports hosted user accounts to allow them to forward web traffic through Trend Micro Web Security.

Disabling Hosted Users prevents the mentioned data from being sent to Trend Micro, but hosted users will not be able to forward their network traffic to Trend Micro Web Security for policy enforcement.

Data collected	Email addresses Passwords groups departments
Console location	Administration > Users & Authentications > Hosted Users
Console settings	Add or Import/Export User Accounts or select a hosted user to edit ^{Click the image to enlarge.}

Administrator Alerts

Trend Micro Web Security uses Administrator Alerts to notify administrators of particular events as they occur.

Disabling Administrator Alerts prevents the mentioned data from being sent to Trend Micro, but administrators will not receive events of interest to monitor users’ abnormal network activities.

Data collected	Email addresses
Console location	Administration > ADMINISTRATOR ALERTS > Administrator Alerts
Console settings	Add or Duplicate or click on an Administrator alert to edit ^{Click the image to enlarge.}

Bandwidth Control

Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.

Disabling Bandwidth Control prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to control users’ network traffic based on your organization's actual Internet bandwidth settings.

Data collected	IP addresses Users
Console location	Gateways > Edit On-Premises Gateway
Console settings	Bandwidth Control ^{Click the image to enlarge.}

Approved/Blocked URLs

Approved URLs are websites that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. Blocked URLs are websites that you do not want users to visit.

Disabling Approved/Blocked URLs prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to always allow or block some websites.

Data collected	URLs
Console location	Policies > Approved/Blocked URLs
Console settings	Match mode: Web > Website Match [URL] or Import/Export URLs Add to Approved or Add to Blocked ^{Click the image to enlarge.}

Digital Certificates

Without cross sign CA, customer need import the CA into their clients.

Data collected	Cross-Sign Certificate
Console location	Policies > Decryption Rules > Add/Edit > Certificate
Console settings	Choose file and upload CA ^{Click the image to enlarge.}

Without certificate management, Customer will experience untrusted warning on the browsers.

Data collected	Web Service Certificates
Console location	Policies > Global Settings > HTTPS Inspections > Advanced Settings
Console settings	Enable HTTPS Inspections Enable certificate management ^{Click the image to enlarge.}

Data collected	Trusted CA
Console location	Policies > Digital Certificates > CA Certificates Add Untrusted CA Certificates Add Trusted CA Certificates Policies > Digital Certificates > Exceptions Add Exceptions
Console settings	^{Click the image to enlarge.}

Sync Agent

Data collected	AD user information, including: User information: department mail userPrincipalName sMAAccountName memberOf displayName distinguishedName Group information: groupName
Console location	Administration > Users & Authentications > Directory Service > Click “here” > AD FS/Agent
Console settings	Download Sync Agent and install on your AD.

Cloud Service Filters

Removing the filter prevents the mentioned data from being sent to Trend Micro.

Data collected	Domains
Console location	Policies > Cloud Service Filters > Add/Edit a filter
Console settings	URLs > Host ^{Click the image to enlarge.}

Target Domain Groups

Removing the domain group prevents the mentioned data from being sent to Trend Micro.

Data collected	Domains
Console location	Policies > Target Domain Groups > Add/Edit a domain group
Console settings	Domain Name ^{Click the image to enlarge.}

Keywords: data collection notice iwsaas,collected data by iwsaas,turn off data collection iwsaas,disable data gathering,Trend Micro Web Security dcn,tmws dcn,tmws data collection

Comments (0)

Trend Micro Web Security Data Collection Notice

Product / Version includes:

Trend Micro Web SecurityAll

Last updated: 2024/06/26

Solution ID: KA-0008422

Category: Configure

Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Cloud Syslog Forwarding
Okta Authentication
Microsoft Entra ID Authentication
Virtual Gateway
On-premises Gateway
Virtual Analyzer
Web Reputation
Predictive Machine Learning
HTTPS Inspection
Customized URL Categories
IP Address Groups
Log Analysis
Log Favorites
Reports
PAC Files
Enforcement Agent
Directory Services
Hosted Users
Administrator Alerts
Bandwidth Control
Approved/Blocked URLs
Digital Certificates
Sync Agent
Cloud Service Filters
Target Domain Groups

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Cloud Syslog Forwarding

Removing “Server address” and Disabling Cloud Syslog Forwarding prevents the mentioned data from being sent to Trend Micro.

Data collected	IP address
Console location	Logs & Reports > Cloud Syslog Forwarding > Enable
Console settings	Server address ^{Click the image to enlarge.}

Okta Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected	URL Digital certificate
Console location	Administration > Directory Services > Click here > “Okta” Authentication Method
Console settings	Server URL Public SSL certificate ^{Click the image to enlarge.}

Microsoft Entra ID Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected	URL Digital certificate
Console location	Administration > Directory Services > Click here > “Microsoft Entra ID” Authentication Method
Console settings	Server URL Public SSL certificate ^{Click the image to enlarge.}

Virtual Gateway

Trend Micro Web Security virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

Data collected	IP addresses
Console location	Gateways > Add/Edit Virtual Gateway > Basic Information
Console settings	Static IP address ^{Click the image to enlarge.}

On-premises Gateway

Trend Micro Web Security on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

Disabling on-premises gateways prevents the mentioned data from being sent to Trend Micro, but user traffic need to be transmitted to the Trend Micro Web Security cloud.

Console settings	Gateways ^{Click the image to enlarge.}
Data collected	IP addresses
Console location	Gateways ^{Click the image to enlarge.}

Virtual Analyzer

Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect advanced malware.

Data collected	IP addresses URLs Hostnames File names/paths
Console location	Policies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings	Cloud Virtual Analyzer ^{Click the image to enlarge.} The detected suspicious objects are shown on: Policies > CLOUD VIRTUAL ANALYZER > Suspicious Objects ^{Click the image to enlarge.}

Web Reputation

Trend Micro Web Security leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.

Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect malicious URLs.

Data collected	URLs
Console location	Policies > Threat Protection > Add/Edit > Web Reputation
Console settings	Enable: On ^{Click the image to enlarge.}

Predictive Machine Learning

Data collected	IP addresses URLs Hostnames File names/paths
Console location	Policies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings	Predictive Machine Learning: On ^{Click the image to enlarge.}

HTTPS Inspection

Disabling cross-signed CA certificate prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.

HTTPS Inspection (CA certificate)
Data collected	Digital certificates
Console location	Policies > Global Settings Enable HTTPS Inspection Policies > Decryption Rules > Add/Edit > Certificate Cross-signed certificate: [Choose file...] ^{Click the image to enlarge.}
Console settings

Trend Micro Web Security manages CA certificates to determine that a web server's signature is trusted.

Disabling certificate management prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.

HTTPS Inspection (Certificate Management)
Data collected	Digital certificates
Console location	Policies > Global Settings > HTTPS Inspection Enable certificate management Policies > Digital Certificates > CA Certificates Trusted CA Certificates or Untrusted CA Certificates > Add Policies > Digital Certificates > Exceptions Add ^{Click the image to enlarge.}
Console settings

Disabling HTTPS tunneling prevents the mentioned data from being sent to Trend Micro, but failure pages will always display if HTTPS decryption fails.

HTTPS Inspection (HTTPS tunneling)
Data collected	Domains
Console location	Policies > Global Settings > HTTPS Inspection Enable HTTPS Inspection Enable HTTPS tunneling Policies > HTTPS Tunnels > Tunneled Domains Add to Tunneled Domains List or Add to Exceptions List ^{Click the image to enlarge.} Policies > HTTPS Tunnels > Failed HTTPS Accesses Enable auto tunneling for fatal failures: On Add to Tunneled Domains List or Add to Exceptions List ^{Click the image to enlarge.}
Console settings

Customized URL Categories

Data collected	IP addresses URLs Domains
Console location	Policies > Objects > Customized URL Categories
Console settings	Add, Duplicate or Import/Export URL Categories or select a URL category to edit ^{Click the image to enlarge.}

IP Address Groups

Trend Micro Web Security allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.

Disabling IP Address Groups prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies or settings based on IP addresses.

Data collected	IP addresses
Console location	Policies > Objects > Customized URL Categories
Console settings	Add, Duplicate or Import/Export IP Groups or select an IP address group to edit ^{Click the image to enlarge.}

Log Analysis

Logs cannot be disabled unless you choose to NOT use Trend Micro Web Security.

Trend Micro Web Security saves logs for 181 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from Trend Micro Web Security.

Data collected	Time User names Departments Domains URLs IP addresses
Console location	Logs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer
Console settings	Log Analysis Policy Enforcement Internet Access Virtual Analyzer ^{Click the image to enlarge.}

Log Favorites

Disabling Log Favorites prevents the mentioned data from being sent to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.

Data collected	User names Departments Gateways Domains URLs
Console location	Logs & Reports > Log Favorites
Console settings	^{Click the image to enlarge.}

Reports

Disabling Reports prevents the mentioned data from being sent to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.

Data collected	IP addresses User names
Console location	Logs & Reports > Reports
Console settings	Add, Duplicate or select a report to edit. ^{Click the image to enlarge.}

PAC Files

PAC files are used to forward web traffic from your organization's desktops to Trend Micro Web Security.

Disabling PAC Files prevents the mentioned data from being sent to Trend Micro, but some websites may fail to open.

Data collected	IP addresses Domains
Console location	Administration > SERVICE DEPLOYMENT > PAC Files
Console settings	Add, Duplicate or select a PAC file to edit. ^{Click the image to enlarge.}

Enforcement Agent

Uninstall the Enforcement Agent

Data collected	Client IP address Application name User name User id
Console location	Administration > Service Deployment > Enforcement Agent > Click “Agent platform for Windows” > Click the “Windows Download” Button
Console settings	^{Click the image to enlarge.}

Data collected	Client IP address Application name User name User ID
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS
Console settings	Server address ^{Click the image to enlarge.}

Data collected	Debug logs for Agent behavior PAC file content User name
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > iOS/iPadOS iOS/iPadOS Agent app > Settings > Contact Us
Console settings	^{Click the image to enlarge.} ^{Click the image to enlarge.}

Email address and password (required to log on to TMWS end user portal)
URLs (required for blocking malicious websites and filtering websites inappropriate for your company)

Data collected	HTTP traffic data in the browser Token
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > Android
Console settings	^{Click the image to enlarge.} When the Agent app is deployed through Microsoft Intune with the always-on VPN mode enabled, the data collection cannot be disabled. ^{Click the image to enlarge.} When the Agent app is deployed through Microsoft Intune without enabling the always-on VPN mode, or is not deployed through Microsoft Intune, the data collection can be disabled manually. ^{Click the image to enlarge.}

Data collected	Debug logs for TMWS Agent behavior Basic mobile information (device model, Android OS version, locale, TMWS Agent version)
Console location	Administration > SERVICE DEPLOYMENT > Enforcement Agent > Android Android Agent app > Settings > Contact Us
Console settings	^{Click the image to enlarge.} ^{Click the image to enlarge.}

Email address and password (required to log on to TMWS end user portal)

Directory Services

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Disabling Directory Services prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not authenticate and apply policies to AD users of your organization.

Directory Services
Data collected	AD hosts Domains AD users AD BaseDNs AD passwords In direct AD mode, TMWS requires the admin to input an AD username/password on TMWS console. This AD username/password will be used to synchronize the AD information (excluding passwords) into TMWS.
Console location	Administration > Users & Authentications > Click “here” > Direct
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Directory Services (SAML Authentication)
Data collected	ADFS URLs Digital Certificates
Console location	Administration > Users & Authentications > Directory Services > Click “here” > SAML
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Directory Services (Agent Authentication)
Data collected	IP addresses
Console location	Administration > Users & Authentications > Directory Services > Click “here” > Agent
Console settings	AD Integration ^{Click the image to enlarge.}

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

Directory Services (Synchronization Agent)
Data collected	AD user information, including: User information: department, mail, userPrincipalName, sMAAccountName, memberOf, displayName, distinguishedName Group information: groupName
Console location	Administration > Users & Authentications > Directory Services > Click “here” > SAML/Agent
Console settings	Download the Synchronization Agent ^{Click the image to enlarge.}

Hosted Users

Trend Micro Web Security supports hosted user accounts to allow them to forward web traffic through Trend Micro Web Security.

Data collected	Email addresses Passwords groups departments
Console location	Administration > Users & Authentications > Hosted Users
Console settings	Add or Import/Export User Accounts or select a hosted user to edit ^{Click the image to enlarge.}

Administrator Alerts

Trend Micro Web Security uses Administrator Alerts to notify administrators of particular events as they occur.

Disabling Administrator Alerts prevents the mentioned data from being sent to Trend Micro, but administrators will not receive events of interest to monitor users’ abnormal network activities.

Data collected	Email addresses
Console location	Administration > ADMINISTRATOR ALERTS > Administrator Alerts
Console settings	Add or Duplicate or click on an Administrator alert to edit ^{Click the image to enlarge.}

Bandwidth Control

Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.

Data collected	IP addresses Users
Console location	Gateways > Edit On-Premises Gateway
Console settings	Bandwidth Control ^{Click the image to enlarge.}

Approved/Blocked URLs

Disabling Approved/Blocked URLs prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to always allow or block some websites.

Data collected	URLs
Console location	Policies > Approved/Blocked URLs
Console settings	Match mode: Web > Website Match [URL] or Import/Export URLs Add to Approved or Add to Blocked ^{Click the image to enlarge.}

Digital Certificates

Without cross sign CA, customer need import the CA into their clients.

Data collected	Cross-Sign Certificate
Console location	Policies > Decryption Rules > Add/Edit > Certificate
Console settings	Choose file and upload CA ^{Click the image to enlarge.}

Without certificate management, Customer will experience untrusted warning on the browsers.

Data collected	Web Service Certificates
Console location	Policies > Global Settings > HTTPS Inspections > Advanced Settings
Console settings	Enable HTTPS Inspections Enable certificate management ^{Click the image to enlarge.}

Data collected	Trusted CA
Console location	Policies > Digital Certificates > CA Certificates Add Untrusted CA Certificates Add Trusted CA Certificates Policies > Digital Certificates > Exceptions Add Exceptions
Console settings	^{Click the image to enlarge.}

Sync Agent

Data collected	AD user information, including: User information: department mail userPrincipalName sMAAccountName memberOf displayName distinguishedName Group information: groupName
Console location	Administration > Users & Authentications > Directory Service > Click “here” > AD FS/Agent
Console settings	Download Sync Agent and install on your AD.

Cloud Service Filters

Removing the filter prevents the mentioned data from being sent to Trend Micro.

Data collected	Domains
Console location	Policies > Cloud Service Filters > Add/Edit a filter
Console settings	URLs > Host ^{Click the image to enlarge.}

Target Domain Groups

Removing the domain group prevents the mentioned data from being sent to Trend Micro.

Data collected	Domains
Console location	Policies > Target Domain Groups > Add/Edit a domain group
Console settings	Domain Name ^{Click the image to enlarge.}

Was this article helpful?