Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Discovery Inspector 5.6 Data Collection Notice

    • Updated:
    • 9 Apr 2020
    • Product/Version:
    • Platform:
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

Smart Feedback

Smart Feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.

Data collected
  • IP address
  • URL
  • Filename/path
  • Hostname
  • Suspicious executables and partial file content
Console locationAdministration > Monitoring / Scanning > Threat Detections
Console settings
  • Enable Smart Feedback
  • Submit suspicious files to Trend Micro

smart feedback

Back to top

Virtual Analyzer

Disabling Virtual Analyzer prevents the mentioned data being sent to Trend Micro, but will severely impact DDI’s ability to detect advanced malware.

Data collected
  • IP address
  • URL
  • Hostname
  • Filename/path
Console locationAdministration > Virtual Analyzer > Setup
Console settings
  • Submit files to Virtual Analyzer
  • Virtual Analyzer: Internal

virtual analyzer

Back to top

Web Reputation

Disabling Web Reputation prevents the mentioned data being sent to Trend Micro, but will greatly impact DDI’s ability to detect C&C and malicious activities.

Data collectedURL
Console locationAdministration > Monitoring / Scanning > Web Reputation
Console settings

Enable Web Reputation

Enable Web Reputation

Back to top

Community File Reputation

Disabling Community File Reputation related rules prevents the mentioned data being sent to Trend Micro, but will impact DDI’s ability to detect advanced malware.

Data collectedURL
Console locationAdministration > Monitoring / Scanning > Detection Rules
Console settings

Enable/Disable rule 719, 733

Community File Reputation

Back to top

URL Retro Scan

Disabling URL Retro Scan prevents the mentioned data being sent to Trend Micro, but will impact DDI’s ability to detect C&C and malicious activities that occurred in the past but were just known to Trend Micro.

Data collected
  • Endpoint IP addresses
  • URL
Console locationAdministration > Monitoring / Scanning > Web Reputation
Console settings

Enable Retro Scan

Enable Retro Scan

Back to top

Threat Connect

Threat Connect allows admin to view related threat information from the global intelligence database.

Data is only sent out when an admin manually clicks the “View Threat Connect” button in Log detail view.

Data collected
  • IP address
  • URL
  • Hostname
Console location

User manually triggers Threat Connect connection in Log detail view:

  • Detection Details > Connection Details
Console settings

View in Threat Connect

view in Threat Connect

Back to top

Sandbox as a Service for macOS

Disabling Sandbox as a Service for macOS prevents the mentioned data being sent to Trend Micro, but will severely impact Deep Discovery Inspector’s ability to detect advance malware affecting the macOS platform.

Data collected
  • Suspicious files
  • Filename
Console locationAdministration > Virtual Analyzer > Internal Virtual Analyzer > Sandbox Management
Console settings
  • Sandbox for macOS
  • Send possible threats for macOS to Trend Micro Sandbox as a Service for analysis

Sandbox for macOS

Back to top

Sandbox as a Service for Windows

Disabling Sandbox as a Service for Windows prevents the mentioned data being sent to Trend Micro, but will severely impact Deep Discovery Inspector’s ability to detect advance malware affecting the Windows platform.

Data collected
  • Suspicious files
  • Filename
Console locationAdministration > Virtual Analyzer > Setup
Console settings
  • Submit files to Virtual Analyzer
  • Virtual Analyzer: Sandbox as a Service

Sandbox as a Service for Windows

Back to top

Threat Investigation Center

When disabled, all data indicated for this row will not be sent out to the Threat Investigation Center.

Data collected
  • IP address
  • MAC address
  • Hostname
  • Filename/path
  • Email address
  • Email subject
  • Username
  • Domain name
  • URL
  • Network group name
  • Retro Scan Report
  • All System Event Logs
Console locationAdministration > Integrated Products/Services > Threat Investigation Center
Console settings

Threat Investigation Center

Threat Investigation Center

When File Retrieval setting is disabled, all data indicated for this row will not be sent out to the Threat Investigation Center.

Data collected
  • Virtual Analyzer investigation package
  • detected file
  • pcap
Console locationAdministration > Integrated Products/Services > Threat Investigation Center
Console settings

Edit Threat Investigation Center Server

Add or Edit server

Back to top

Deep Discovery Director - Network Analytics as a Service

Unregistering DDD prevents the mentioned data being sent to Trend Micro, but will severely impact network analytics capability for the customer.

Data collected
  • Endpoint IP addresses
  • MAC address
  • Hostname
  • Domain username
  • Domain name
  • URL
  • Server IP address
  • Protocol
  • TCP Port
  • SMB Username
  • RDP username
  • RADIUS username
  • http protocol headers
  • duration of each TCP session
  • SSL certificate information
  • filename
  • email address
  • Size of the data transferred per IP Address per session
  • User realm
  • Certificate Related:

    • Issuer common name
    • Subject common name
    • Issuer organizational unit name
    • Subject organizational unit name
    • Issuer organization name
    • Subject organization name
    • Issuer state or province name
    • Subject state or province name
    • Issuer email address
    • Subject email address
    • Server Name Indication (SNI)
    • Subject Alternate Name
Console locationAdministration > Integrated Products/Services > Deep Discovery Director
Console settings

Management Server

DDD-NAaaS

After Deep Discovery Inspector registers to Deep Discovery Director, Deep Discovery Director admin will manually pair Deep Discovery Inspector to Deep Discovery Director- Network Analytics as a Service on Deep Discovery Director management console.

Back to top

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000232357
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.