Optimizing Trend Micro™ Deep Security™ Recommendation Scans for EOL Platforms

Product / Version includes:

Deep Security All

Last updated: 2025/07/04

Solution ID: KA-0010379

Category: Configure

Summary

With new vulnerabilities out daily, Deep Security’s Recommendation Scan provides an easy way to stay protected using the Intrusion Prevention System, or IPS. This system assigns a rule that will potentially detect the exploitation of a vulnerability for you to apply to your environment before needing to apply the vendor provided patches.

Deep Security can help in these situations via IPS rules which target major vulnerabilities. Determining which rules to apply can be done with minimal effort from the administrator by allowing systems to be scanned and appropriate rules to be applied based on your environment. Once the system is updated, the rules can then also be removed by a Recommendation Scan as well.

Deep Security supports various End of Life (EOL) operating systems such as Microsoft Windows 2000 and Windows 2003. These systems are typically kept in production as they serve a necessary function in a particular line of business. As they are "end of life," these systems will not be updated from the vendors.

In many cases, the systems running these legacy applications are doing so with limited resources. We can optimize the application of IPS rules by preventing certain classes of rules from even being recommended.

We classify these rules under the following Application Types:
• Web Client Common
• Web Client Internet Explorer / Edge
• Microsoft Office
• Web Client Mozilla Firefox
Removing unnecessary rules greatly enhance resource allocation without compromising safety.

Note: These are general guidelines. This list is not meant to be exhaustive or definitive and every deployment must be evaluated carefully before configuring any exclusions. In addition to Application Types, individual rules can also be excluded for more fine-grained control.

To exclude a specific Application Type from Recommendation scans:

These steps can be followed on either Policy or on a specific computer and will ensure you continue to benefit from recommendation scans and have protection against any new vulnerabilities, with all rules in this application type being excluded from the future recommendation scans.

Open the Policy (or Computer).
In the left pane, click Intrusion Prevention.
Click Assign/Unassign.
Find an IPS Rule that has the Application Type that should be excluded from Recommendation and right click on it. Select Application Type Properties (not Application Type Properties (Global)).
Click on the Options tab.
From the drop-down menu, select Yes and click OK.
You may now close any open windows.

If you have not performed any other modifications to settings in the IPS module, the Save button will be greyed out. This is normal, no other save actions are required and you may simply close the browser window.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Optimizing Trend Micro™ Deep Security™ Recommendation Scans for EOL Platforms

Optimizing Trend Micro™ Deep Security™ Recommendation Scans for EOL Platforms

Product / Version includes:

Summary