Unauthorized File Encryption is a Behavior Monitoring feature that blocks unwanted file encryption or modification which can indicate a potential ransomware behavior.

Below is a sample detection:

^{Click the image to enlarge.}

To enable the feature:

1. Login to Apex One server web console.
2. Go to Agents > Agent Management.
3. Right-click the desired domain group or endpoint.
4. Go to Settings > Behavior Monitoring Settings.
5. Select "Protect documents against unauthorized encryption or modification". Then under this option select "Automatically back up files changed by suspicious programs".

   

6. Click Save or Apply to All Agents.

Malware Behavior Blocking is a security feature in OSCE that does the following:

• For known threats, it blocks behavior associated with known malware threats
• For known and potential threats, it blocks behavior associated with known threats and takes action on potentially malicious behavior

Below is a sample detection:

^{Click the image to enlarge.}

To enable the feature:

1. Login to Apex One server web console.
2. Go to Agents > Agent Management.
3. Right-click the desired domain group or endpoint.
4. Go to Settings > Behavior Monitoring Settings.
5. Select Enable Malware Behavior Blocking.

   

6. Click Save or Apply to All Agents.

Compromised Executable File is a behavior monitoring detection leveraging ATSE (Advance Threat Scan Engine) heuristics for programs that exhibits abnormal behavior associated with exploit attacks.

Below is a sample detection:

Click image to enlarge.

To enable the feature:

1. Login to Apex One server web console.
2. Go to Agents > Agent Management.
3. Right-click the desired domain group or endpoint.
4. Go to Settings > Behavior Monitoring Settings.
5. Select Enable program inspection to detect and block compromised executable files.

   

6. Click Save or Apply to all Agents.

Newly Encountered Program recognition is a feature designed to help prevent 0-day attacks. TrendMicro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

Below is a sample detection:

^{Click the image to enlarge.}

To enable the feature:

1. Login to Apex One server web console.
2. Go to Agents > Agent Management.
3. Right-click the desired domain group or endpoint.
4. Go to Settings > Behavior Monitoring Settings.
5. Put a check on Monitor newly encountered programs downloaded through web or email application channels.

   

6. Click Save or Apply to All Agents.

This feature requires the following to be enabled:

• Unauthorized Change Prevention Service

  To enable the feature:

  1. Navigate to Agents > Agent Management.
  2. Right-click the desired domain group or endpoint.
  3. Go to Settings > Additional Services Settings.

     

• Web Reputation

  To enable the feature:

  1. In the Apex One web console, go to Agents > Agent Management > Settings > Web Reputation Settings.
  2. Select Enable Web reputation policy on the following operating systems.

     

• Apex One Real-time Scan

  To enable the feature:

  1. In the Apex One web console, go to Agents > Agent Management > Settings > Real-time Scan Settings.
  2. Select Enable virus/malware scan.