Behavior Monitor requires the following services:

• Unauthorized Change Prevention Service
• Advance Protection Service

To enable:

1. Open the Apex One console and log in to the Management Console.
2. Go to Agents > Agent Management.
3. Click on the Machine/Group that you want to configure > Settings.
4. Go to Additional Service Settings.
5. Under Unauthorized Change Prevention Service:
   1. Tick Enable Windows Desktops.
   2. Tick Enable Windows Server Platforms.
6. Go to Advance Protection Service:
   1. Tick Enable Windows Desktops.
   2. Tick Enable Windows Server Platforms.
7. Click Save.

To configure Behavior Monitoring and Ransomware Protection features:

1. Open the Apex One console and log in to the Management Console.
2. Go to Agents > Agent Management.
3. Click on the Machine/Group that you want to configure > Settings.
4. Go to Behavior Monitoring Settings:

   

   Setting	Description	Action
   Malware Behavior Blocking	Malware Behavior Blocking provides a necessary layer of additional threat protection from programs that exhibit malicious behavior. It observes system events over a period of time. As programs execute different combinations or sequences of actions, Malware Behavior Blocking detects known malicious behavior and blocks the associated programs. Use this feature to ensure a higher level of protection against new, unknown, and emerging threats.	Tick "Enable Malware Behavior Blocking".   Under "Threats to block", it is recommended to select "Known and potential threats".
   Ransomware Protection	Ransomware is a type of malware which restricts access to files and demands payment to restore the affected files. This type of threat can affect multiple files residing on your local and connected drives, it can also affect backups such as shadow copies. Ransomware Protection prevents the unauthorized modification or encryption of files on Apex One agents by “ransomware” threats.	Tick "Protect documents against unauthorized encryption or modification". Tick "Automatically backup and restore files changed by suspicious programs". Tick "Block processes commonly associated with ransomware".   To reduce the chance of Apex One detecting a safe process as malicious, ensure that the agent has internet access to perform additional verification processes using Trend Micro servers.   Tick "Enable program inspection to detect and block compromised executable files".   Program inspection provides increased security if you select “Known and potential threats” in the "Threats to block" drop-down.
   Anti-Exploit Protection	Anti-exploit protection works in conjunction with program inspection to monitor the behavior of programs and detect abnormal behavior that may indicate that an attacker has exploited program vulnerability. Once detected, Behavior Monitoring terminates the program processes.	Tick "Terminate programs that exhibit abnormal behavior associated with exploit attacks".   Anti-exploit Protection requires that you select Enable program inspection to detect and block compromised executable files.
   Newly Encountered Programs	Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file determine by the Smart Protection Network.	Tick "Monitor newly encountered programs downloaded through HTTP or email applications".   It is recommended to select "Prompt user".     This notification requires that Administrators enable Real-Time Scan and web Reputation.
   Event Monitoring	Event Monitoring provides a more generic approach to protecting against unauthorized software and malware attacks. It monitors system areas for certain events, allowing administrators to regulate programs that trigger such events. Use Event Monitoring if you have specific system protection requirements that are above and beyond what is provided by Malware Behavior Blocking.

5. Click Save.