Views:

Trend Micro Endpoint Basecamp is a program running on the endpoint side to provide a robust channel for Trend Micro to deploy endpoint applications. When a customer wants to deploy more endpoint applications, Endpoint Basecamp will download the endpoint application package from Trend Micro backend and install it. The customer does not need to do another agent deployment for the new endpoint application.

Trend Micro Endpoint Basecamp also provides the essential but lightweight common functions to endpoint applications, which includes the following:

  • Authentication: Trend Micro service and endpoint application can authenticate with each other via Endpoint Basecamp's authentication mechanism.
  • Application performance data:
    • Endpoint Basecamp collects agent process performance data and crash counts for further development enhancement.
    • No personal / privacy data are collected.
 
Endpoint applications are executable files that perform endpoint-related tasks such as collecting information and performing actions in endpoints. The user has to enable this function from Trend Micro Vision One before the endpoint application is deployed.

The current available endpoint applications deployed via Endpoint Basecamp are the following:

  • Endpoint Sensor (xES) and Endpoint Response application - Enabled from Vison One Endpoint Inventory
  • Assessment Tool for Windows Endpoints - from Trend Micro Vision One Security Assessment
 

Trend Micro Endpoint Basecamp is a pure user-mode application without system/application event interception behavior. It does not include kernel driver and there is no possibility to create endpoint failure, e.g. BSoD.

Trend Micro Endpoint Basecamp plug-in is a user-mode program that can provide additional features. It will be installed along with the Endpoint Basecamp. Currently, there are two plug-in services:

  • Trend Micro Web Service Communicator

    • A program of Endpoint Basecamp running in the endpoint to establish a persistent connection between endpoint and Trend Micro backend.
    • It provides near real-time communication to make sure the endpoint gets the server's events more efficient. e.g. apply agent policy.
  • Trend Micro Cloud Endpoint Telemetry Service

    • A program of Endpoint Basecamp running in the endpoint to collect endpoint metrics. The information contains Trend Micro's endpoint performance metrics and helps to monitor the health status of the endpoint.
    • It gives us a way to monitor the health status of Trend Micro's endpoint.

There are two ways to get Endpoint Basecamp installed:

  • Upgrade the Apex One security agent or OfficeScan agent.
    • If you are using Apex One as a Service version:

      The security agent should be upgraded to Build 14.0.0.8509 or a later version.

    • If you are using Apex One on-prem version:
      1. Accept "Enhanced Support Service" during Apex One server upgrade, or decline "Enhanced Support Service" during the upgrade and then onboard Trend Micro Vision One from Apex One server console afterward.
      2. The security agent should be upgraded to Build 8378 or a later version.
    • If you are using OfficeScan XG SP1 server:
      1. Accept "Enhanced Support Service" during OfficeScan server upgrade, or decline "Enhanced Support Service" during the upgrade and then onboard Trend Micro Vision One from OfficeScan server console afterward.
      2. The OfficeScan agent should be upgraded to Build 6029 or a later version.
  • If it is not Apex One security agent or OfficeScan agent, download the agent installer from the Trend Micro Vision One Endpoint Inventory console and trigger it to install.
 
To allow Apex One Security Agents (for both SaaS and On-Premise) to download Endpoint Basecamp for installation, please verify the following update settings:
Privileges and Other Settings > Other SettingsSecurity Agents only update the following components: is set to "All Components (including hotfixes and the agent program)".

Privileges and Other Settings

Click the image to enlarge.

For verification, the following registry keys will be added/changed to the endpoint machine:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC–cillinNTCorp\CurrentVersion\Misc.
  • Key: NoProgramUpgrade Value: 0

 

 

Endpoint Basecamp provides the endpoint application deployment capability. The Trend Micro endpoint detection and response solution are provided by other endpoint applications. When a new endpoint application is deployed, Endpoint Basecamp downloads the endpoint application installer and launches it. Endpoint application installer will install the necessary components into the system silently. The Endpoint Basecamp and endpoint application are separate programs that work independently. Endpoint application could provide the function for a customer but will not influence Endpoint Basecamp program behavior and vice versa.

The following diagram illustrates the relationship flow. When a user triggers the Endpoint Basecamp agent, Endpoint Basecamp will be installed but without any other endpoint application deployed. Endpoint Basecamp only waits for the agent deployment request from Trend Micro Vision One.

Relationship flow

When a user enables Endpoint Sensor for Trend Micro Vision One Endpoint Inventory, Endpoint Inventory will request Endpoint Basecamp service to deploy Endpoint Sensor and Response App to the selected endpoint. Endpoint Basecamp will download and launch the installer of the Endpoint Sensor and Response App. After installation, Endpoint Sensor and Response App will communicate to their corresponding services in Trend Micro Vision One without being dependent on Endpoint Basecamp. Endpoint Basecamp will wait if another agent needs to be deployed from Trend Micro Vision One.

Module state

Program profile

Windows service
  • Trend Micro Endpoint Basecamp
  • Trend Micro Cloud Endpoint Telemetry Service
  • Trend Micro Web Service Communicator
Binary list
  • C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
  • C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe
  • C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe
Windows scheduled jobTrend Micro Endpoint Basecamp
Deployment size
  • EndpointBasecamp.exe: about 2.5 MB
  • CETASvc.exe: about 3.6 MB
  • WSCommunicator.exe: about 1.5 MB

Note: During the upgrade, only changed binary would be downloaded.

What URLs that Endpoint Basecamp would connect to

  • *.xbc.trendmicro.com
  • *.mgcp.trendmicro.com
  • *.manage.trendmicro.com
  • *-ats.iot.eu-central-1.amazonaws.com (EU only)
  • *-ats.iot.ap-northeast-1.amazonaws.com (JP only)
  • *-ats.iot.ap-southeast-1.amazonaws.com (SG only)
  • *-ats.iot.ap-southeast-2.amazonaws.com (AU only)
  • *-ats.iot.ap-south-1.amazonaws.com (IN only)

Endpoint Basecamp communication frequency

  • Frequency to connect to Endpoint Basecamp back-end service every hour
  • Frequency to send agent telemetry data to backend every 4 hours
  • Create one persistent connection with AWS IoT for push notification
  • Why upgrade to Trend Micro Endpoint Basecamp?
    • When the Trend Micro development team finds an issue in Endpoint Basecamp and fixes it, they will upgrade Endpoint Basecamp.
    • Since all the common functions provided by Endpoint Basecamp are basic for Trend Micro products, keeping Endpoint Basecamp updated provides a more robust deployment experience and a more stable service to endpoint applications. The up-to-date Endpoint Basecamp is required.
    • During the Endpoint Basecamp upgrade process, all integration application function still runs and works as usual.
  • The Endpoint Basecamp upgrade behavior
    1. The Endpoint Basecamp agent will check the back-end every hour to see if there is a new version of the Endpoint Basecamp agent available.
    2. If there is a new version, the Endpoint Basecamp agent will download the new package.
    3. It will upgrade itself by replacing Endpoint Basecamp binaries, and restart the service.
  • No interruption to endpoint user during the upgrade
    • Endpoint Basecamp upgrade is done in system background silently. There is no end-user-facing behavior (e.g. pop-up windows).
    • No machine reboot is required for the Endpoint Basecamp upgrade.
  • What is the Endpoint Basecamp upgrade frequency?

    Trend Micro upgrades the Endpoint Basecamp agent once a month.

  • DevOps practice of phase agent deployment and continuous monitoring on deployment status

    Endpoint Basecamp upgrade applies phased deployment and monitoring practice. Every deployment starts from a small batch scope program and agent health is monitored in its lifecycle. The practice is:

    1. Upgrade 0.1% of all tenant devices to the latest version.
    2. Monitor the agent performance and health telemetry in the back-end.
    3. Gradually enlarge the percentage if no problems occurred in the previous phase.
       
      • If the problem is found, apply the modified module or rollback on the backend side.
      • If you set "Bandwidth throttling" setting, the agent upgrade module will gradually deliver according to its set value.
       
    4. Deployment finishes until Endpoint Basecamp is upgraded to the latest version.

     

The main purpose of Endpoint Basecamp is to provide a convenient way for the deployment of Trend Micro endpoint protection agent, detection sensor, and response agent in a customer environment. Trend Micro also utilizes Endpoint basecamp to deliver the solution to customer endpoints when Trend Micro finds the vulnerability or any outbreaks in the early stage. Thus removing endpoint basecamp on the agent would affect the security protection provided by Trend Micro.

If there is a need to remove the Endpoint Basecamp on the agent machines, such as troubleshooting or cleanup purposes, you can contact Trend Micro Technical Support for assistance.