Views:

Agent Deployment

Endpoint typeInstruction
Standard Endpoint ProtectionUninstall Standard Endpoint Protection agents completely by following the steps:
  • Step 2: If there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Server & Workload ProtectionUninstall Server & Workload Protection agents completely by following the steps:
Sensor onlyIf there is a need to remove the Vision One Endpoint Sensor on the endpoint, you can contact Trend Micro Technical Support for assistance.
Agent Packet TypeInstruction
Standard Endpoint ProtectionStandard Endpoint Protection is able to used to upgrade Apex One agent if the targeted Apex One agent is registered to the same endpoint group manager
Server & Workload Protection

Server & Workload Protection is able to used to upgrade Deep Security Agent if the targeted Deep Security Agent is registered to the same protection manager

Note: if the targeted Deep Security Agent is self-protected, the agent upgrade will fail. Refer to Enable or disable agent self-protection to disable self-protection before the agent upgrade.

Endpoint SensorEndpoint Sensor is not able to upgrade Vision One Endpoint Sensor. Endpoint Sensor will be upgraded automatically from the backend.

Agent Connectivity

Trend Vision One agent will try to use the following sequence to get an available network connection in sequence

  • Service Gateway configured from Vision One console
  • Proxy settings configured from Vision One console
  • System proxy (for Windows and Mac endpoints)
  • Direct connection to the internet

If the agent has disconnected from Vision One backend because of a network environment change, the following step can be used to update the network configuration to the agent

  1. Configure and save the proxy / Service Gateway in the Vision One console
    • The agents belonging to this group/instance will also change the proxy setting after pressing the save button on the proxy setting page.
    • Service Gateway is a company-wise setting that will affect all the agents belonging to this company.
  2. Download and install the Vision One Endpoint Security agent deployment package again
  3. The network connection setting contained in the Vision One agent deployment package will be applied automatically after installation

Configurations

To exclude the Vision One Endpoint Sensor process from Server & Workload Protection

  • If there is a pre-defined file list "Trend Vision One Endpoint Sensor Exclusion List" under Server & Workload Protection -> Policies → Common Objects → File Lists → "Trend Vision One Endpoint Sensor Exclusion List", apply the pre-defined file list content into the Exclusions of the used Malware Scan Configurations
  • Otherwise, copy the below Vision One Endpoint Sensor file list into the Exclusions of the used Malware Scan Configurations
    C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
    
    C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe
    
    C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe
    
    C:\Program Files\Trend Micro\Cloud Endpoint\CloudEndpointService.exe
    
    C:\Program Files (x86)\Trend Micro\EndpointResponse\ResponseService.exe
    
    C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe
    
    C:\Program Files\Trend Micro\ZTSA\ZTSAWindows.exe
    
    /opt/TrendMicro/EndpointBasecamp/bin/tmxbc
    
    /opt/TrendMicro/vls_agent/vls_agent
    
    /opt/TrendMicro/vls_agent/vls_am
    
    /opt/TrendMicro/vls_agent/vlsa
    
    

Apply the file list in the exception list of Malware Scan Configurations by following the steps (use real-time scan exception as an example)

  1. Select the policy would like to be applied exception, click Details
  2. Click Anti-Malware
  3. Under the Real-Time Scan section, click Edit under Malware Scan Configuration
  4. Select the Exclusion tab in the Default Real-Time Scan Configuration Properties window.
  5. On the Process Image File List section, click Edit.
  6. Add the file list you want to exclude (copied from the above file list or copied from "Trend Vision One Endpoint Sensor Exclusion List") into the list. Note that you can only add one file per line.
  7. Click Apply to save changes.

For Server & Workload Protection Application Control, we suggest customers use Application Control by the guide of the online help here: Set up Application Control

To exclude the Vision One Endpoint Sensor process from the block action, apply the below trust rules to the used trust rule set.

PlatformUsageTrust Rules
#Types of trust rulesProperties
Windows

Vision One Endpoint Sensor

1Allow from Source

Signer Name* = Trend Micro, Inc.

2Allow by Target

Signer Name* = Trend Micro, Inc.

3Allow by Target

Signer Name* = OpenVPN Inc.

Product Name* = OpenVPN

4Allow by Target

Signer Name* = Microsoft Corporation EdgeBuild

Product Name* = Microsoft Edge Update

5Allow from Source

Signer Name* = Microsoft Corporation EdgeBuild

Product Name* = Microsoft Edge Update

6

Ignore by Source

ProcessName = C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe

LinuxVision One Endpoint Sensor1Allow by target

processName = /**/tmxbc

2Allow by Target

Paths = /opt/TrendMicro/EndpointBasecamp

3Allow by Target

Paths = /opt/TrendMicro/vls_agent