Views:

Pre-Assessment Installer

Security Agent Web Installation (Trend Micro Endpoint Basecamp)

 
If you do not want to allow Trend Micro to collect this personal data, do not install the agent program.
Security Agent Web Installation (Trend Micro Endpoint Basecamp)
Data collected
  • Endpoint name
  • Endpoint IP address
  • MAC address
Console locationNot configurable using the web console

Back to top

Apex Central Console

Security Agent Installation

 
If you do not want to allow Trend Micro to collect this personal data, do not install the agent program.
Security Agent Installation
Data collected
  • Endpoint name
  • Logon user name
  • Agent IP address
  • MAC address
  • Agent GUID
Console locationNot configurable using the web console

Active Directory Synchronization

Active Directory synchronization maps the User/Endpoint Directory according to your existing organizational structure.

Active Directory Synchronization
Data collected

Active Directory site information

  • AD site GUID (Guid)
  • AD site name (Name)
  • AD site location (Location)
  • AD site subnet name (subnet name)
  • AD site subnet range (subnet range)

Active Directory group information

  • AD group GUID (objectGUID)
  • AD group common name (cn)
  • AD group distinguished name (distinguishedName)
  • AD group member (member)
  • AD group SID (objectSid)

Organizational Unit information

  • OU GUID (objectguid)
  • OU name (name)
  • OU distinguished name (distinguishedname)
  • OU last logon time (lastLogonTimestamp)

User information

  • User account name (sAMAccountName)
  • User distinguished name (distinguishedName)
  • Manager (manager)
  • Direct reports (directReports)
  • User GUID (objectGUID)
  • Email addresses (mail, proxyAddresses)
  • Job title (title)
  • Department (department)
  • Telephone numbers (telephoneNumber, homePhone)
  • Office name (physicalDeliveryOfficeName)
  • Principal name (userPrincipalName)
  • Display name (displayName)
  • User SID (objectSID)
  • User account properties (userAccountControl)
Console locationApex Central console
Administration > Settings > Active Directory and Compliance Settings
Console settings

Enable Active Directory Synchronization

User Accounts

User account information includes personal data.

User Accounts
Data collected

User account information

  • User name
  • Full name
  • Password
  • Email address
  • Telephone number
  • Mobile phone number
Console locationApex Central console
Administration > Account Management > User Accounts
Console settings
  • Add
  • Edit

Contact Groups

Contact Groups for event notifications can include manually added email addresses for additional recipients.

Contact Groups
Data collected
  • Email address
Console locationApex Central console
Detections > Notifications > Contact Groups
Console settings

Additional recipients

Application Control Criteria

Application Control supports different types of Application Control Criteria for filtering.

Application Control Criteria
Data collected
  • File path
  • File name
  • File certificate signer
  • Description of hash values
Console locationApex Central console
Policies > Policy Resources > Application Control Criteria > [new or existing policy resources]
Console settings
  • In File paths match method, type the file path information

  • In Certificates match method, type the certificate properties

  • In Hash values match method, type information in the Description field

  • In Hash values match method, import an existing hash values file that specifies file path information

DLP Data Identifiers

Keyword lists contain special words or phrases that define digital assets belonging to your organization.

DLP Data Identifiers
Data collected
  • Keywords
Console locationApex Central console
Policies > Policy Resources > DLP Data Identifiers > Keyword Lists
Console settings
  • Add
  • Edit (Click the Name of a list to edit keywords)
  • Copy
  • Import

Historical Investigation

Historical Investigations can quickly identify endpoints which are possible candidates for further analysis.

Historical Investigation
Data collected
  • User name
  • File name
  • File directory
  • FQDN/IP address/Host name
  • Destination URL
  • Registry key
  • Registry value name
  • Registry value data
  • CLI command
Console locationApex Central console
Response > Historical Investigation
Console settingsAssessment > User-defined [criteria]

Live Investigation: Scan disk files using OpenIOC

Live Investigations perform the investigation on the current system state. Live Investigations can be configured to run at specific periods, and also support a wider set of criteria through the use of OpenIOC and YARA rules.

Live Investigation: Scan disk files using OpenIOC
Data collected
  • File name
  • File path
Console location

Apex Central console

  • Response > Live Investigation > One-time Investigation > Scan disk files using OpenIOC
  • Response > Live Investigation > Scheduled Investigation > Scan disk files using OpenIOC
Console settings

Upload OpenIOC File

Live Investigation: Search registry

Live Investigations perform the investigation on the current system state. Live Investigations can be configured to directly search registry keys, names, and data stored in the Windows Registry database to investigate registry changes.

Live Investigation: Search registry
Data collected
  • Registry key
  • Registry value name
  • Registry value data
Console location

Apex Central console

  • Response > Live Investigation > One-time Investigation
  • Response > Live Investigation > Scheduled Investigation
Console settings

Search registry

Managed Detection and Response Service

The Managed Detection and Response Service sends threat investigation data to the Trend Micro Threat Investigation Center to investigate and help identify potential attacks on your environment.

Managed Detection and Response Service
Data collected
  • Endpoint name
  • User name
  • File name/path/owner
  • Process name/path/owner
  • Registry dump
  • URL
  • IP address
  • File sample
  • MAC address
  • Windows event logs
    • User account name
    • User account domain
    • Endpoint name
Console locationApex Central console
Response > Managed Detection and Response > Settings
Console settings

Unregister

Syslog Forwarding Service

With the syslog forwarding service enabled, Apex Central will forward logs to the specified syslog server.

Syslog Forwarding Service
Data collected
  • Endpoint name
  • User name
  • File name/path/owner
  • Process name/path/owner
  • Registry dump
  • URL
  • IP address
  • MAC address
Console locationApex Central console
Administration > Settings > Syslog Settings
Console settings

Enable syslog forwarding

Troubleshooting Settings

Support may collect this information during troubleshooting operations to solve issues with Security Agent program.

Troubleshooting Settings
Data collected
  • User account
  • Host name
  • Domain name
  • IP address
  • MAC address
  • File name
  • File path
  • URL
Console locationApex Central console
Administration > Settings > Troubleshooting Settings
Console settings

Back to top

Apex One Security Agent Policy Settings

Application Control

Application Control prevents unwanted and unknown applications from executing on your endpoints.

Application Control
Data collected
  • User name
  • File name
  • File path
  • File certificate signer
  • Process owner name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Application Control Settings
Console settings

Enable Application Control

Application Control: Active Directory accounts

You can specify the user or group names of Active Directory accounts that specific Application Control criteria apply to.

Application Control: Active Directory accounts
Data collected
  • AD user name
  • AD group name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Application Control Settings > Assign Rule
Console settings

Type user or group name of Active Directory accounts

Behavior Monitoring

Behavior Monitoring provides a necessary layer of additional threat protection from programs that exhibit malicious behavior.

Behavior Monitoring
Data collected
  • URL
  • File name
  • File path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Behavior Monitoring Settings > Rules > Malware Behavior Blocking
Console settings

Enable Malware Behavior Blocking

Behavior Monitoring: Approved/Blocked Program lists

The Behavior Monitoring exception list contains programs that the Security Agent does not monitor using Behavior Monitoring. Behavior Monitoring automatically takes the specified action according to the list type.

Behavior Monitoring: Approved/Blocked Program lists
Data collected
  • File name
  • Full program path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Behavior Monitoring Settings > Exceptions
Console settings

Data Loss Prevention

Data Loss Prevention monitors endpoints and network traffic and can prevent the transmission of sensitive information.

Data Loss Prevention
Data collected
  • User name
  • Domain
  • Process name
  • Process
  • Source
  • Destination
  • Email sender
  • Email subject
  • Email recipients
  • URL
  • FTP user
  • Rule name
  • Forensic data
Console locationApex Central console
Policies > Policy Management > Apex One Data Loss Prevention > [new or existing policy] > Apex One DLP > [new or existing rule] > Action
Console settings

Record data

Data Loss Prevention Exceptions

The Data Loss Prevention Exceptions list contains network locations that the OfficeScan agent does not monitor for sensitive information. Data Loss Prevention automatically takes the specified action according to the list type.

Data Loss Prevention Exceptions
Data collected
  • IP address
  • Endpoint name
  • FQDN
Console locationApex Central console
Policies > Policy Management > Apex One Data Loss Prevention > [new or existing policy] > Apex One DLP > Exceptions
Console settings

Data Discovery

Data Discovery searches endpoints for the presence of sensitive information.

Data Discovery
Data collected
  • Endpoint domain
  • User name
  • User domain
  • File name
  • File path
Console locationApex Central console
Policies > Policy Management > Apex One Data Loss Prevention > [new or existing policy] > Apex One Data Discovery
Console settings

Enable Data Discovery

Device Control

To add a rule for specific AD user to control (allow, block, restrict access) user’s devices

Device Control
Data collected
  • AD User account
Console locationApex One as a Service
Policies > Policy Management > Apex One Security Agent > Device Control Settings > External Agents/Internal Agents
Console settings

Add Device Control Rule

Device Control: Allowed Programs

The Device Control Allowed Programs list contains program or publisher names that the Security Agent does not block using Device Control. Programs in the specified path or by the specified publisher can execute or perform read/write operations on files in restricted storage devices.

Device Control: Allowed Programs
Data collected
  • Program path
  • File name
  • Digital signature provider
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Device Control Settings > External Agents/Internal Agents > All users (default) > Allowed Programs
Console settings

Manual Scan Exclusion (Directories)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Manual Scan.

Manual Scan: Scan Exclusion List (Directories)
Data collected
  • Directory path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Manual Scan Setting > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Endpoint Sensor

Endpoint Sensor is a powerful monitoring and investigation tool used to identify the presence, location, and entry point of threats. Through the use of detailed system event recording and historical analysis, you can perform Historical Investigations to discover hidden threats throughout your network and locate all affected endpoints.

Endpoint Sensor
Data collected
  • Command line
  • File name
  • File owner
  • File signer
  • Host name
  • IP address
  • Process owner
  • Registry data
  • User name
  • URL
  • Windows event log
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Endpoint Sensor Settings
Console settings

Enable Endpoint Sensor

Endpoint Sensor: Attack Discovery

Attack Discovery identifies threats using Indicators of Attack (IoA), and logs detections that match known indicators. Attack Discovery shares threat information with Smart Feedback and Threat Investigation Center.

Endpoint Sensor: Attack Discovery
Data collected
  • File owner
  • File path
  • File signer
  • Host name
  • IP address
  • Process owner
  • URL
  • Windows event log
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Endpoint Sensor Settings > Advanced Settings
Console settings
  • Enable event recording
  • Enable Attack Discovery to detect known attack indicators on endpoints

Manual Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Manual Scan.

Manual Scan: Scan Exclusion List (Files)
Data collected
  • File name
  • Directory path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Manual Scan Setting > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Predictive Machine Learning

Predictive Machine Learning performs in-depth file analysis to detect emerging unknown security risks.

Predictive Machine Learning
Data collected
  • URL
  • File name
  • File path
  • File hash
  • Digital signature signer
  • Attachment file name
  • Agent GUID
  • Agent IP address
  • Process name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Predictive Machine Learning Settings
Console settings

Predictive Machine Learning Exception List

The Predictive Machine Learning Exception List contains file hashes that the Security Agent does not scan during Predictive Machine Learning scanning.

Predictive Machine Learning Exception List
Data collectedNotes
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Predictive Machine Learning Setting > Exceptions > Add file hash
Console settings

Real-time Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Real-time Scan: Malware detection
Data collected
  • File name
  • File path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Real-time Scan Settings
Console settings

Enable virus/malware scan

Real-time Scan: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Real-time Scan.

Real-time Scan: Scan Exclusion List (Directories)
Data collectedDirectory path
Console locationApex Central console
Policies > Policy Management > Apex One Agent > Real-time Scan Setting > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Real-time Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Real-time Scan.

Real-time Scan: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Real-time Scan Setting > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Sample Submission

Sample Submission enables the Security Agent to detect and send suspicious files that may contain previously unknown threats directly to the Virtual Analyzer for further analysis.

Sample Submission
Data collected
  • Suspicious executable file
  • Files detected heuristically (downloaded through supported web browsers or email channels)
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Sample Submission Settings
Console settings

Enable suspicious file submission to Virtual Analyzer

Scan Now: Malware detection

Virus/Malware scanning checks files for known security risks.

Scan Now: Malware detection
Data collected
  • File name
  • File path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Scan Now Settings
Console settings

Enable virus/malware scan

Scan Now: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during Scan Now.

Scan Now: Scan Exclusion List (Directories)
Data collectedDirectory path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Scan Now Settings > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Scan Now: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during Scan Now.

Scan Now: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Scan Now Settings > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Scheduled Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Scheduled Scan: Malware detection
Data collected
  • File name
  • File path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Scheduled Scan Settings
Console settings

Enable virus/malware scan

Scheduled Scan: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Scheduled Scan.

Scheduled Scan: Scan Exclusion List (Directories)
Data collectedDirectory path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Scheduled Scan Setting > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Scheduled Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the Security Agent does not scan during a Scheduled Scan.

Scheduled Scan: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > Scheduled Scan Setting > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Suspicious Connection Detection

Suspicious Connection manages the User-defined and Global IP C&C lists, and monitors the behavior of connections that endpoints make to potential C&C servers.

Suspicious Connection Detection
Data collected
  • IP address
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Suspicious Connection Settings
Console settings

Detect network connections made to addresses in the Global C&C IP list

Trusted Program List

Add programs to the Trusted Programs List to exclude processes from suspicious activity monitoring. The programs should have a valid digital signature.

Trusted Program List
Data collectedProgram full path
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Trusted Program List
Console settings

Web Reputation Service

Web reputation technology tracks the credibility of web domains accessed by endpoints.

Web Reputation Service
Data collected
  • URL
  • Image SHA1 of the process that initiated the URL request
  • IP address
  • Endpoint name
  • Logon user name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Web Reputation Settings > External/Internal Agents > Enable Web Reputation on the following operation systems
Console settings
  • Windows desktop platforms
  • Windows Server platforms

Web Reputation Service: Browser Exploit Prevention

Browser Exploit Prevention identifies web browser exploits and malicious scripts, and prevents the use of these threats from compromising the web browser.

Web Reputation Service: Browser Exploit Prevention
Data collected
  • Suspicious or malicious URLs
  • HTTP header/HTML files from Suspicious or malicious URLs
  • Browser information
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Web Reputation Settings > External/Internal Agents > Browser Exploit Prevention
Console settings
  • Block pages containing malicious script

Web Reputation Service: Approved/Blocked URL List

The Approved/Blocked URL Lists contain URLs that the Security Agent does not monitor using Web Reputation. Web Reputation automatically takes the specified action according to the list type.

Web Reputation Service: Approved/Blocked URL List
Data collectedURL
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Web Reputation Settings > External Agents/Internal Agents > Approved/Blocked URL List
Console settings

Vulnerability Protection

Vulnerability Protection automates the application of virtual patches before official patches become available.

Vulnerability Protection
Data collected
  • IP address
  • MAC address
  • Application name
Console locationApex Central console
Policies > Policy Management > Apex One Security Agent > [new or existing policy] > Vulnerability Protection Settings
Console settings

Enable Vulnerability Protection

Back to top

Apex One (Mac) Policy Settings

Device Control

Enable Device Control and set permission to Read Only or Block. When the Apex One (Mac) Security Agent detects and blocks a device, the system generates a log entry.

Endpoint Sensor Settings
Data collected
  • Device Name
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Device Control Settings
Console settings

Endpoint Sensor Settings

Endpoint Sensor is a powerful monitoring and investigation tool that identifies the presence, location, and entry point of threats based on endpoint information (such as computer name, IP address, domain file, and processes).

Endpoint Sensor Settings
Data collected
  • File name
  • File path
  • File signer
  • IP address
  • Process name
  • Process command
  • Host name
  • URL
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Endpoint Sensor Settings
Console settings

Enable Endpoint Sensor

Manual Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Endpoint Sensor Settings
Data collected
  • File name
  • File path
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Manual Scan Settings
Console settings

Predictive Machine Learning

Predictive Machine Learning performs in-depth file analysis to detect emerging unknown security risks.

Predictive Machine Learning
Data collected
  • URL
  • File name
  • File path
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Predictive Machine Learning Settings
Console settings

Enable Predictive Machine Learning

Real-time Scan: Malware detection

Virus/Malware scanning checks files for known security risks based on the file operation performed.

Real-time Scan (Malware detection, Suspicious objects)
Data collected
  • File path
  • File name
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Real-time Scan Settings
Console settings

Enable Real-time Scan

Scan Exclusion Settings

The Scan Exclusion Lists contain directories and file extensions that the Apex One (Mac) Security Agent does not scan.

Scan Exclusion Settings
Data collected
  • File path
  • File name
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Scan Exclusion Settings
Console settings

Enable scan exclusion

Scheduled Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Scan Exclusion Settings
Data collected
  • File path
  • File name
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Scheduled Scan Settings
Console settings

Scheduled Scan Settings

The Specify path or full path list contains directories or full file paths that Apex One (Mac) Security Agent scans during a Scheduled Scan.

Scheduled Scan Settings
Data collected
  • File path
  • File name
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Scheduled Scan Settings
Console settings

Specify path or full path

Trusted Program List

Add programs to the Trusted Programs List to exclude processes from suspicious activity monitoring.

Scheduled Scan Settings
Data collected
  • Program full path
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Trusted Program List
Console settings

Web Reputation Service

Web reputation technology tracks the credibility of web domains accessed by endpoints.

 

Apex One (Mac) Security Agent sends queries to the Trend Micro Global Smart Scan Server for the following when the Send queries to Smart Protection Servers option is not selected:

  • External agents
  • Agents that are unable to connect to the on-premises Smart Protection Server (standalone or integrated)
 
Web Reputation Service
Data collectedURL
Console locationApex Central™ as a Service > Policies > Policy Management > Apex One (Mac) > [new or existing policy] > Web Reputation Settings
Console settings
  • Enable Web Reputation policy (External Agents)

  • Enable Web Reputation policy (Internal Agents)

Back to top

Apex One Cloud Console

Smart Feedback

Smart Feedback shares protected threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats.

Smart Feedback
Data collected
  • Email address
  • File name
  • File path
  • Host name
  • Suspicious executable files
  • URL
Console locationSSO to Apex One Server
Administration > Smart Protection > Smart Feedback
Console settings

Enable Trend Micro Smart Feedback (recommended)

Certified Safe Software Service

The Certified Safe Software Service queries Trend Micro data centers to verify the safety of a program detected by Malware Behavior Blocking, Event Monitoring, Firewall, or antivirus scans.

Certified Safe Software Service
Data collected
  • File name
  • Company
Console locationSSO to Apex One Server
Agents > Global Agent Settings > System > Certified Safe Software Service Settings
Console settings

Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans

Configuring Global User-defined IP List Settings

Administrators can configure Apex One to allow, block, or log all connections between agents and user-defined C&C IP addresses.

Configuring Global User-defined IP List Settings
Data collected
  • IP address
Console locationSSO to Apex One Server
Agents > Global Agent Settings > Security Settings > Suspicious Connection Settings > Edit User-defined IP list
Console settings 

Firewall: Policy Exception

Security Agents can perform specific actions on network traffic (block or allow) that meets the exception criteria for the traffic direction (inbound or outbound).

Configuring Global User-defined IP List Settings
Data collected
  • Program full path
  • Host name
  • Registry Key
  • IP Address
Console locationSSO to Apex One Server
Agents > Firewall > Policies > Add/Edit Policy > Add Exception
Console settings

Add

Firewall: Profile

Firewall profiles provide flexibility by allowing you to choose the attributes that a single agent or group of agents must have before applying a policy.

Firewall: Profile
Data collected
  • IP address
  • Description
  • Domain
  • Logon user name
Console locationSSO to Apex One Server
Agents > Firewall > Profiles
Console settings

Add

Apex One User Accounts

Creating a user account is only required in specific network environments. If you have an on-premises Apex Central server that you want to manage Apex One (Mac) as a Service and the Apex One Cloud Console, you must create a user account to facilitate the communication between Apex One (Mac) as a Service and the Apex One Cloud Console through Apex Central.

Apex One User Accounts
Data collected
  • User name
  • Description
  • Email address
Console locationSSO to Apex One server
Administration > Account Management > User Accounts
Console settings

Agent Proxy Settings

Agents use the proxy server settings configured in Windows Internet Options when connecting to the Apex One server and the Trend Micro Smart Protection Network.

Agent Proxy Settings
Data collectedProxy user name
Console locationSSO to Apex One server
Administration > Settings > Proxy
Console settings

Apex Central Registration

You can register to a different on-premises Apex Central server if required (for example, you want to subscribe to Suspicious Object Lists from an on-premises Apex Central server).

Apex Central Registration
Data collected
  • IP address
  • User Name
Console locationSSO to Apex One server
Administration > Settings > Apex Central > Register to a Different Apex Central Server
Console settings

Endpoint Location

Apex One classifies Security Agents that cannot connect to a configured reference server or gateway IP address as being in an external network. Security Agents in an external network apply different policy settings.

Endpoint Location
Data collected
  • Gateway IP address
  • MAC Address
Console locationSSO to Apex One server
Agents > Endpoint Location
Console settings

Outbreak Prevention: Deny Write Access to Files and Folders

Configure to prevent viruses/malware from modifying or deleting files and folders on Security Agent endpoints.

Outbreak Prevention: Deny Write Access to Files and Folders
Data collected
  • File name
  • File path
Console locationSSO to Apex One server
Agents > Outbreak Prevention > Start Outbreak Prevention > Deny Write Access to Files and Folders
Console settings

Update Source

Security agents can update from custom update sources.

Update Source
Data collected
  • URL
  • IP address
Console locationSSO to Apex One server
Updates > Agents > Update Source > Customized Update Source List > Add
Console settings

Apex One Agent Management

Security Agents send the endpoint status and information to the Apex One server.

Apex One Agent Management
Data collected
  • Computer Name
  • Logon User Name
  • IP Address
  • MAC Address
Console locationSSO to Apex One
Agents > Agent Management
Console settings

Back to top

Apex One (Mac) Cloud Console

Scan Now: Malware detection

Virus/Malware scanning checks files for known security risks.

Smart Feedback
Data collected
  • File name
  • File path
Console locationSSO to Apex One (Mac) server
Agents > Agent Management > Tasks > Scan Now
Console settings

Scan Now

Smart Feedback

Smart Feedback shares protected threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats.

Smart Feedback
Data collected
  • URL
  • File name
  • File path
  • Suspicious executable files
Console locationSSO to Apex One™ (Mac) as a Service
Administration > Smart Feedback
Console settings

Enable Trend Micro Smart Feedback (recommended)

Web Reputation Approved/Blocked URL List

The Approved/Blocked URL Lists contain URLs that Apex One™ (Mac) Security Agent does not monitor using Web Reputation. Web Reputation automatically takes the specified action according to the list type.

Web Reputation Approved/Blocked URL List
Data collected
  • URL
Console locationSSO to Apex One™ (Mac) as a Service
Agents > Global Agent Settings > Web Reputation Approved/Blocked URL list
Console settings

Certified Safe Software Service

Certified Safe Software Service queries Trend Micro data centers to verify the safety of a program detected by Malware Behavior Blocking, Event Monitoring, Firewall, or antivirus scans.

Certified Safe Software Service
Data collected
  • File name
  • Company
Console locationSSO to Apex One™ (Mac) as a Service
Agents > Global Agent Settings > Certified Safe Software Service
Console settings

Enable Certified Safe Software Service for antivirus scan

Standard Notifications

Apex One™ (Mac) server sends notifications to the specified recipients when a security risk is detected.

Standard Notifications
Data collected
  • Email address
Console locationSSO to Apex One™ (Mac) as a Service
Notifications > Standard Notification (Email)
Console settings

Outbreak Notifications

Apex One (Mac) server sends notifications to the specified recipients when a security outbreak occurs.

Outbreak Notifications
Data collected
  • Email address
Console locationSSO to Apex One™ (Mac)
Notifications > Outbreak Notifications (Email)
Console settings

Back to top

Telemetry Agents

Apex One Telemetry Agent / Cloud Endpoint Telemetry Agent

Data collected
  • GUID
  • IP Address
  • File name/path*
  • Process name/path*
  • Apex One program file versions
  • Apex One program settings
  • Apex One performance data
  • Windows file versions
  • Windows performance data

*Some of the collected information may contain Personally Identifiable Information (PII).

Console locationN/A

Back to top

User Behavior Tracking

User Behavior Tracking collects data from web browsers used to access the Trend Micro product web consoles. The collected data help Trend Micro understand how administrators use the web consoles and enhance the user experience.

Data collected
  • IP address
  • Domain name
Console locationNot configurable using the web console
Console settingsNot configurable using the web console. If you want to disable the User Behavior Tracking feature, please contact Trend Micro Support.

Back to top

Azure Data Explorer (ADX)

Apex One integrates with Trend Micro Vision One to utilize fast real-time data analysis using Azure Data Explorer (ADX).

Vision One integration
Data collected
  • Company GUID
  • Server GUID
  • Agent GUID
  • Host name
  • IP address
  • MAC address
  • OS information (version, build, architecture, and TLS protocol)
  • Apex One program version
  • Apex One program settings
  • File name/path/owner
  • Process name/path/owner
  • URL
Console locationNot configurable using the web console

Back to top

Keywords: DCN,OSCE SaaS DCN,GDPR,data collection disclosure