Intrusion Prevention and Firewall
You can optionally configure Deep Security to use a Whois service to look up which domain name is associated with an IP address when you review the logged intrusion prevention and firewall events. The IP address is sent directly to the Whois service and not to Trend Micro.
Data collected | IP address |
---|---|
Console location | Administration > System Settings > Advanced |
Console settings |
Whois URL |
Anti-Malware: Smart Protection
Smart Protection Server for File Reputation Service is used by the anti-malware module. It supplies file reputation information required by Smart Scan. Alternatively, you can use a locally installed Smart Protection Server.
Data collected |
|
---|---|
Console location | Computer or Policy editor > Anti-Malware > Smart Protection |
Console settings |
Connect directly to Global Smart Protection Service |
Anti-Malware: Process Memory Scan
Process memory scans connect to the Good File Reputation Service. This information enables Deep Security to identify good file hashes.
Data collected |
|
---|---|
Console location | Policies > Common Object > Other > Malware Scan Configurations > Real-Time Scan configuration > General |
Console settings |
Scan process memory for malware |
Anti-Malware: Predictive Machine Learning
Predictive machine learning enables identification of potential malicious files.
Data collected |
|
---|---|
Console location | Policies > Common Objects > Other > Malware Scan Configurations > Real-Time Scan configuration > General |
Console settings |
Enable Predictive Machine Learning |
Anti-Malware: Smart Scan
This information is sent when a file scan occurs and enables Deep Security to identify malicious file hashes.
Data collected |
|
---|---|
Console location | Computer or policy editor > Anti-Malware > Smart Protection > Smart Scan |
Console settings |
Untick Inherited check box (if it's selected) and select Off. |
Anti-Malware: Behavior Monitoring
The behavior monitoring feature communicates with the Global Census Server and Good File Reputation Service. This enables Deep Security to identify good file hashes and to retrieve statistical data.
Data collected |
|
---|---|
Console location | Policies > Common Objects > Other > Malware Scan Configuration > Real-Time Scan configuration > General |
Console settings |
|
Integrity Monitoring
You can configure Deep Security Manager to automatically tag integrity monitoring events. If you select the Certified Safe Software Service option, information is sent to the Trend Micro Certified Safe Software service. Alternatively, you can select one of the other options when configuring auto tagging, or don’t enable auto-tagging.
Data collected |
|
---|---|
Console location | Events and Reports > Integrity Monitoring Events > Auto-Tagging > New Trusted Source |
Console settings |
Certified Safe Software Service |
Web Reputation
The web reputation module uses the Trend Micro Smart Protection Network to determine whether URLs are malicious. When Connect directly to Global Smart Protection Service is selected, URLs are sent to Trend Micro. Alternatively, you can opt to use a locally installed Smart Protection Server. You must select one of these options to use the web reputation module. If you don’t want to use either of those options, go to the General tab and change the Web Reputation State to Off to disable the web reputation module.
Data collected | URL |
---|---|
Console location | Computer or Policy editor > Web Reputation > Smart Protection |
Console settings |
Connect directly to Global Smart Protection Service |
Smart Feedback
Smart Feedback enables you to participate, share, and leverage Trend Micro’s global database of threat-related intelligence to rapidly identify and defend against potential threats within your unique network environment.
Data collected |
|
---|---|
Console location | Administration > System Settings > Smart Feedback |
Console settings |
Enable Trend Micro Smart Feedback |
Managed Detection and Response
With industry-leading detection technologies managed and correlated by expert threat investigators, Trend Micro MDR service detects, analyzes, and responds to threat activities actively in timely manner for subscribed customers.
Data collected |
|
---|---|
Console location | Administration > System Settings > Managed Detection and Response
Contact sales to enroll MDR service.
|
Console settings |
Enable the MDR service |
Grid and Census Queries
The Census, Good File Reputation, and Predictive Machine Learning services are security services hosted by Trend Micro in its Smart Protection Network. They are necessary for the full and successful operation of the Deep Security behavior monitoring, predictive machine learning, and process memory scan features.
If you have disabled all of the settings listed in this article, you may find that Deep Security still attempts to connect to these services. You can disable the grid and census queries by running the following commands on your Deep Security Manager. For details on the dsm_c command, see the Deep Security Help Center article, Command-line basics.
dsm_c -action changesetting -name settings.configuration.enableCensusQuery - value false -tenantname <tenantname> dsm_c -action changesetting -name settings.configuration.enableGridQuery - value false -tenantname <tenantname>
BIF
This feature is used to calculate the installation base and system status of Trend Micro Deep Security.
Data collected |
|
---|---|
Console location | This feature can be disabled. If you do not want this data to be collected, please go to System Settings > Advanced > Product Usage Data Collection and deselect Enable Product Usage Data Collection. |
Console settings |