Background

Trend Micro Cloud One Workload Security recently announced the “Advanced TLS Inspection” feature that enables decryption of SSL/TLS encrypted traffic used in HTTPS protocol on web servers.

Advanced TLS traffic inspection is enabled by default when the intrusion prevention module is turned on. You can verify the status of the feature by viewing the policy properties: Policy > Intrusion Prevention > General > Advanced TLS Traffic Inspection.

To utilize this feature, it is necessary to monitor HTTPS traffic, requiring the addition of port 443 in web server Application Types.

Details

The following Application Type(s) have been updated to reflect this change. This page will be updated for more Application Types are they are released.

• Web Application Tomcat
• Web Server SharePoint
• Web Server IIS
• Web Application Common
• Web Server Apache
• Web Server Miscellaneous
• Web Application Ruby Based

Recommendation

If the “Advanced TLS Inspection” feature on current versions of Deep Security or “SSL Inspection” on older versions of DS are not enabled, then it is recommended port 443 be removed from the Application Types. Otherwise, monitoring encrypted traffic could result in false positives within some environments.