Trend Vision One agent will try to use the following sequence to get an available network connection in sequence

• Service Gateway configured from Trend Vision One console
• Proxy settings configured from Trend Vision One console
• System proxy (for Windows and Mac endpoints)
• Direct connection to the internet

If the agent has disconnected from Trend Vision One backend because of a network environment change, the following step can be used to update the network configuration to the agent

1. Configure and save the proxy / Service Gateway in the Trend Vision One console
   • The agents belonging to this group/instance will also change the proxy setting after pressing the save button on the proxy setting page.
   • Service Gateway is a company-wise setting that will affect all the agents belonging to this company.
2. Download and install the Trend Vision One Endpoint Security agent deployment package again
3. The network connection setting contained in the Trend Vision One agent deployment package will be applied automatically after installation

To exclude the Trend Vision One Endpoint Sensor process from Server & Workload Protection

• The Server & Workload Protection endpoint includes a built-in exclusion list with every update. However, it is recommended that users also apply the pre-defined exclusion list provided in the management console to ensure that endpoints always receive the most up-to-date exclusions.
• If there is a pre-defined file list "Trend Vision One Endpoint Sensor Exclusion List" under Server & Workload Protection → Policies → Common Objects → List → File Lists → "Trend Vision One Endpoint Sensor Exclusion List", apply the pre-defined file list content into the Exclusions of the used Malware Scan Configurations
• Otherwise, copy the below Trend Vision One Endpoint Sensor file list into the Exclusions of the used Malware Scan Configurations

  C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.exe
  C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe
  C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe C:\Program Files\Trend Micro\Cloud Endpoint\CloudEndpointService.exe
  C:\Program Files (x86)\Trend Micro\EndpointResponse\ResponseService.exe
  C:\Program Files\Trend Micro\ZTSA\ZTSAMonitorService.exe
  C:\Program Files\Trend Micro\ZTSA\ZTSAWindows.exe
  C:\Program Files\Trend Micro\Net Filter\tm_netsrv.exe
  C:\Program Files\Trend Micro\Net Filter\tm_netinst.exe
  C:\Program Files\Trend Micro\Net Filter\tm_netagent.exe
  C:\ProgramData\Trend Micro\Native Hosting v2\dsa-wrs-app.exe 
  /opt/TrendMicro/EndpointBasecamp/bin/tmxbc
  /opt/TrendMicro/EndpointBasecamp/modules/dvas/asrm
  /opt/TrendMicro/vls_agent/vls_agent
  /opt/TrendMicro/vls_agent/vls_am
  /opt/TrendMicro/vls_agent/vlsa 
  

Apply the file list in the exception list of Malware Scan Configurations by following the steps (use real-time scan exception as an example)

1. Select the policy would like to be applied exception, click Details
2. Click Anti-Malware
3. Under the Real-Time Scan section, click Edit under Malware Scan Configuration
4. Select the Exclusion tab in the Default Real-Time Scan Configuration Properties window.
5. On the Process Image File List section, click Edit.
6. Add the file list you want to exclude (copied from the above file list or copied from "Trend Vision One Endpoint Sensor Exclusion List") into the list. Note that you can only add one file per line.
7. Click Apply to save changes.

For Server & Workload Protection Application Control, we suggest customers use Application Control by the guide of the online help here: Set up Application Control.

In Application Control Lockdown Mode, customers must follow the steps below to add Trend Vision One Endpoint Sensor to the Trust Rule. To exclude the Trend Vision One Endpoint Sensor process from the block action, apply the below trust rules to the used trust rule set.