Views:

General

IAM System Settings
Description	IAM system settings allow Trend Micro to access user data on your Identity and Access Management (IAM) system for user authentication and access control in Zero Trust Secure Access.
Data Collected	User ID User display name User principal name IP address Groups Location (city, state, country) Email address Job title Department Given name Surname Email nickname IM addresses
Console Location	Zero Trust Secure Access > Secure Access Rules > IAM System Settings

Endpoint with Secure Access Module
Description	Install the Secure Access Module on endpoints to control access to internal applications and the internet.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses OS type OS version Agent ID Software name Software version Unpatched CVE list Debug log MAC address Hostname Network diagnostic information User behavior of UI click events
Console Location	Zero Trust Secure Access > Private/Internet Access Configuration > Endpoint with Secure Access Module > Available Endpoints > Remove Module Secure Access Module (Windows) > Debug Settings Secure Access Module (macOS) > (gear icon) > Debug Settings Removing module only prevents Zero Trust Secure Access from accessing the data collected by Endpoint Sensors. To prevent Endpoint Sensor from collecting data, uninstall Endpoint Sensor from the Endpoint Inventory.

Private Access

The Private Access in Zero Trust Secure Access includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Permission control
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	IP address OS type User Principal Name HTTP URL
Console Location	Zero Trust Secure Access > Secure Access Rules > Permission Control

Access Control History
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	IP address OS type OS version User Principal Name HTTP URL Hostname User Agent
Console Location	Zero Trust Secure Access > Access Control History > Action count

Device Posture Profile
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	Firewall status Antivirus status EDR status Joined domain Screen lock status Full disk encryption status
Console Location

Internet Access

The Internet Access in Zero Trust Secure Access includes the following modules which, when enabled, will cause the corresponding data to be transmitted to Trend Micro. Each of these modules can be disabled as shown below.

Cloud Gateway
Description	The public IP addresses & time zone of customers where their Internet traffic is, is forwarded to the Internet Access Gateway.
Data Collected	IP address Time zone
Console Location	Secure Access Configuration > Internet Access Configuration > Gateways > Corporate Network Location Static IP address Time zone

On-Premises Gateways
Description	Disabling the service or uninstalling Service Gateway/On-premises gateway prevents the mentioned data being sent to Trend Micro.
Data Collected	Syslog server IP address/FQDN Syslog server port Syslog server protocol
Console Location	Secure Access Configuration > Internet Access Configuration > Gateways > Edit an On-Premises Gateway > Log Forwarding Server address Port Protocol

Web Reputation Services
Description	Disabling Web Reputation prevents the mentioned data being sent to Trend Micro, but it will greatly impact the Internet Access Gateway's ability to detect C&C and malicious activities.
Data Collected	URL
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Web Reputation:

Predictive Machine Learning
Description	Disabling Predictive Machine Learning prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File name File path File signature
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning:

Suspicious Objects
Description	Disabling Suspicious Objects prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File SHA-1 URL Domain IP address
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning

Cloud Virtual Analyzer
Description	Disabling Cloud Virtual Analyzer prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File URL IP Address
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning:

File Profile
Description	Deleting File Profile prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to recognize transferred files by name or type.
Data Collected	File name
Console Location	Secure Access Resources > File Profiles > Add/Edit File Profile > File Names

Tenancy Restrictions
Description	Deleting Tenancy Restrictions prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to restrict users from accessing cloud apps based on tenant information.
Data Collected	URL Tenant ID
Console Location	Secure Access Resources > Tenancy Restrictions > Add/Edit Tenancy Restriction Rule

HTTP/HTTPS Request Filters
Description	Deleting HTTP/HTTPS Filters prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to identify the HTTP/HTTPS request for internet access rule matching.
Data Collected	URL HTTP Request Header
Console Location	Secure Access Resources > HTTP/HTTPS Request Filters > Add/Edit HTTP/HTTPS Request Filter Settings

IP Address Group
Description	Deleting IP Address Group prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to identify the HTTP/HTTPS request for internet access rule matching.
Data Collected	IP
Console Location	Secure Access Resources > IP Address Groups > Add/Edit IP Address Group Settings

Internet Access Control
Description	Disabling the Selected User/User group or IP group or public/home network locations prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway ability to match internet access control rule by user/user group or IP address or geolocation for roaming user traffic.
Data Collected	Geolocation User/User Group name IP address
Console Location	Secure Access Rules > Internet Access Control > Add/Edit Rule

AI service Access Control
Description	Disabling the Selected User/User group or IP group or public/home network locations or AI content inspection prevents the mentioned data being sent to Trend Micro, but it will impact the AI service Access Control ability to control AI service access and to do advanced content inspection on GenAI prompt & response.
Data Collected	Geolocation User/User Group name IP address Prompt Response
Console Location	Secure Access Rules > AI service Access Control > Add/Edit AI Rule

HTTPS Inspection rule
Description	Disabling the Selected public/home network locations prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway ability to match HTTPS inspection rule by geolocation for roaming user traffic.
Data Collected	Geolocation
Console Location	Secure Access Rules > HTTPS Inspection > Inspection Rule >l Add/Edit HTTPS Inspection

SSL/TLS Certificates
Description	Uploading no cross-signed certificate prevents the mentioned data being sent to Trend Micro, but customers need to import the built-in CA certificate to the endpoints of their users for HTTPS inspection.
Data Collected	Cross-signed certificate
Console Location	Secure Access Configuration > Internet Access Configuration > HTTPS Inspection > Inspection Rules > Settings > Manage Default Certificate Select File

SSL/TLS Certificates
Description	Configuring no HTTPS inspection rules prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect threats embedded in HTTPS traffic.
Data Collected	Web server certificate Root or intermediate CA certificate
Console Location	Secure Access Configuration > Internet Access Configuration > HTTPS Inspection > Inspection Rules > Add/Edit HTTPS Inspection Rule > Certificate

URL Categories
Description	Customers add specific URL categories to control users’ Internet access based on destination URLs.
Data Collected	IP address URL Domain
Console Location	Secure Access Resources > Custom URL Categories > Add/Edit URL Category

PAC File
Description	Customers use PAC files to forward users’ Internet traffic to the Internet Access Gateway for scanning. Customers can delete the PAC files to prevent the mentioned data being sent to Trend Micro.
Data Collected	IP address Domain
Console Location	Secure Access Configuration > Internet Access Configuration > PAC Files > Add/Edit PAC File

Allow List/Deny List
Description	Customer can add URLs to directly bypass specific URLs (Allow List) or block specific URLs (Deny List) based on the destination URL in users’ traffic. Customers can delete the URLs to prevent the mentioned data being sent to Trend Micro.
Data Collected	Domain URL
Console Location	Secure Access Configuration > Internet Access Configuration > Allow List/Deny List > URL Allow List > Add/Edit Allow List Internet Access Configuration > Allow List/Deny List > URL Deny List > Add/Edit Deny List

SSO with On-Premises AD
Description	Disabling the service prevents the mentioned data being sent to Trend Micro.
Data Collected	AD server IP/FQDN AD server port Certificate
Console Location	Internet Access Configuration > Global Settings > Single Sign-On with Activity Directory (On-Premises): Server address Port Custom certificate

Keywords: ZTSA,private access,internet access,Zero trust,collect data,inspection,control,AI service,machine learning

Trend Vision One Zero Trust Secure Access Data Collection Notice

Product / Version includes:

Trend Vision OneAll

Last updated: 2024/06/17

Solution ID: KA-0016841

Category: Configure

Summary

Zero Trust Secure Access includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instruction are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

General
Private Access
Internet Access

General

IAM System Settings
Description	IAM system settings allow Trend Micro to access user data on your Identity and Access Management (IAM) system for user authentication and access control in Zero Trust Secure Access.
Data Collected	User ID User display name User principal name IP address Groups Location (city, state, country) Email address Job title Department Given name Surname Email nickname IM addresses
Console Location	Zero Trust Secure Access > Secure Access Rules > IAM System Settings

Endpoint with Secure Access Module
Description	Install the Secure Access Module on endpoints to control access to internal applications and the internet.
Data Collected	Endpoint name Logon username User principal name Logon user domain IP addresses OS type OS version Agent ID Software name Software version Unpatched CVE list Debug log MAC address Hostname Network diagnostic information User behavior of UI click events
Console Location	Zero Trust Secure Access > Private/Internet Access Configuration > Endpoint with Secure Access Module > Available Endpoints > Remove Module Secure Access Module (Windows) > Debug Settings Secure Access Module (macOS) > (gear icon) > Debug Settings Removing module only prevents Zero Trust Secure Access from accessing the data collected by Endpoint Sensors. To prevent Endpoint Sensor from collecting data, uninstall Endpoint Sensor from the Endpoint Inventory.

Private Access

Permission control
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	IP address OS type User Principal Name HTTP URL
Console Location	Zero Trust Secure Access > Secure Access Rules > Permission Control

Access Control History
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	IP address OS type OS version User Principal Name HTTP URL Hostname User Agent
Console Location	Zero Trust Secure Access > Access Control History > Action count

Device Posture Profile
Description	Customers may opt-out of collection by stop using ZTNA.
Data Collected	Firewall status Antivirus status EDR status Joined domain Screen lock status Full disk encryption status
Console Location

Internet Access

Cloud Gateway
Description	The public IP addresses & time zone of customers where their Internet traffic is, is forwarded to the Internet Access Gateway.
Data Collected	IP address Time zone
Console Location	Secure Access Configuration > Internet Access Configuration > Gateways > Corporate Network Location Static IP address Time zone

On-Premises Gateways
Description	Disabling the service or uninstalling Service Gateway/On-premises gateway prevents the mentioned data being sent to Trend Micro.
Data Collected	Syslog server IP address/FQDN Syslog server port Syslog server protocol
Console Location	Secure Access Configuration > Internet Access Configuration > Gateways > Edit an On-Premises Gateway > Log Forwarding Server address Port Protocol

Web Reputation Services
Description	Disabling Web Reputation prevents the mentioned data being sent to Trend Micro, but it will greatly impact the Internet Access Gateway's ability to detect C&C and malicious activities.
Data Collected	URL
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Web Reputation:

Predictive Machine Learning
Description	Disabling Predictive Machine Learning prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File name File path File signature
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning:

Suspicious Objects
Description	Disabling Suspicious Objects prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File SHA-1 URL Domain IP address
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning

Cloud Virtual Analyzer
Description	Disabling Cloud Virtual Analyzer prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect advanced threats.
Data Collected	File URL IP Address
Console Location	Secure Access Resources > Threat Protection > Add/Edit Threat Protection Rule > Advanced Scanning:

File Profile
Description	Deleting File Profile prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to recognize transferred files by name or type.
Data Collected	File name
Console Location	Secure Access Resources > File Profiles > Add/Edit File Profile > File Names

Tenancy Restrictions
Description	Deleting Tenancy Restrictions prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to restrict users from accessing cloud apps based on tenant information.
Data Collected	URL Tenant ID
Console Location	Secure Access Resources > Tenancy Restrictions > Add/Edit Tenancy Restriction Rule

HTTP/HTTPS Request Filters
Description	Deleting HTTP/HTTPS Filters prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to identify the HTTP/HTTPS request for internet access rule matching.
Data Collected	URL HTTP Request Header
Console Location	Secure Access Resources > HTTP/HTTPS Request Filters > Add/Edit HTTP/HTTPS Request Filter Settings

IP Address Group
Description	Deleting IP Address Group prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to identify the HTTP/HTTPS request for internet access rule matching.
Data Collected	IP
Console Location	Secure Access Resources > IP Address Groups > Add/Edit IP Address Group Settings

Internet Access Control
Description	Disabling the Selected User/User group or IP group or public/home network locations prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway ability to match internet access control rule by user/user group or IP address or geolocation for roaming user traffic.
Data Collected	Geolocation User/User Group name IP address
Console Location	Secure Access Rules > Internet Access Control > Add/Edit Rule

AI service Access Control
Description	Disabling the Selected User/User group or IP group or public/home network locations or AI content inspection prevents the mentioned data being sent to Trend Micro, but it will impact the AI service Access Control ability to control AI service access and to do advanced content inspection on GenAI prompt & response.
Data Collected	Geolocation User/User Group name IP address Prompt Response
Console Location	Secure Access Rules > AI service Access Control > Add/Edit AI Rule

HTTPS Inspection rule
Description	Disabling the Selected public/home network locations prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway ability to match HTTPS inspection rule by geolocation for roaming user traffic.
Data Collected	Geolocation
Console Location	Secure Access Rules > HTTPS Inspection > Inspection Rule >l Add/Edit HTTPS Inspection

SSL/TLS Certificates
Description	Uploading no cross-signed certificate prevents the mentioned data being sent to Trend Micro, but customers need to import the built-in CA certificate to the endpoints of their users for HTTPS inspection.
Data Collected	Cross-signed certificate
Console Location	Secure Access Configuration > Internet Access Configuration > HTTPS Inspection > Inspection Rules > Settings > Manage Default Certificate Select File

SSL/TLS Certificates
Description	Configuring no HTTPS inspection rules prevents the mentioned data being sent to Trend Micro, but it will impact the Internet Access Gateway's ability to detect threats embedded in HTTPS traffic.
Data Collected	Web server certificate Root or intermediate CA certificate
Console Location	Secure Access Configuration > Internet Access Configuration > HTTPS Inspection > Inspection Rules > Add/Edit HTTPS Inspection Rule > Certificate

URL Categories
Description	Customers add specific URL categories to control users’ Internet access based on destination URLs.
Data Collected	IP address URL Domain
Console Location	Secure Access Resources > Custom URL Categories > Add/Edit URL Category

PAC File
Description	Customers use PAC files to forward users’ Internet traffic to the Internet Access Gateway for scanning. Customers can delete the PAC files to prevent the mentioned data being sent to Trend Micro.
Data Collected	IP address Domain
Console Location	Secure Access Configuration > Internet Access Configuration > PAC Files > Add/Edit PAC File

Allow List/Deny List
Description	Customer can add URLs to directly bypass specific URLs (Allow List) or block specific URLs (Deny List) based on the destination URL in users’ traffic. Customers can delete the URLs to prevent the mentioned data being sent to Trend Micro.
Data Collected	Domain URL
Console Location	Secure Access Configuration > Internet Access Configuration > Allow List/Deny List > URL Allow List > Add/Edit Allow List Internet Access Configuration > Allow List/Deny List > URL Deny List > Add/Edit Deny List

SSO with On-Premises AD
Description	Disabling the service prevents the mentioned data being sent to Trend Micro.
Data Collected	AD server IP/FQDN AD server port Certificate
Console Location	Internet Access Configuration > Global Settings > Single Sign-On with Activity Directory (On-Premises): Server address Port Custom certificate

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Vision One Zero Trust Secure Access Data Collection Notice

General

Private Access

Internet Access

Trend Vision One Zero Trust Secure Access Data Collection Notice

Product / Version includes:

Summary

General

Private Access

Internet Access