Data Collection Disclosure - Trend Micro Cybersecurity Assessment Service

Trend Micro Security Assessment Service Data Collection Disclosure

- Updated:
- 30 Dec 2020
- Product/Version:
- Apex One as a Service
- Cloud App Security
- Platform:

Registration

The Assessment Service uses the information to:

Identify users
Assign a confirmation number to each user (The number is used to log on to the portal.)
Assign an ID to the company (The ID is embedded in the Endpoint Assessment Tool package.)
Send status updates
Generate email and endpoint reports

The information will automatically be deleted 90 days after the report is generated.

Data collected	First name Last name Email address Phone number Company Number of employees Job title Country
Console location	Registration page
Console settings	Click Start

Email Assessment (Office 365)

The Assessment Service needs permission to access mailboxes for scanning. Trend Micro does not access and store users’ Office 365 credentials.

Email Assessment combines machine learning, document exploit detection, and behavior analysis to protect Exchange Online users from BEC, ransomware, advanced phishing, and other high-profile attacks.

The information will automatically be deleted 90 days after the report is generated.

Data collected	Azure Active Directory: Domain, user, and group information Exchange Online: Mailbox information Global administrator email address used to grant permissions to the Assessment Service Email senders Email recipients Email locations Email subjects Email attachments File modifiers File locations File names URLs in email body URLs in email attachments URLs in files Suspicious executable files and scripts in cloud storage services Suspicious executable files and scripts in email attachments Metadata of suspicious executable files and scripts in cloud storage services Metadata of suspicious executable files and scripts in email attachments IP addresses of upstream MTAs for IP rating query Domain, user, device and group information in Azure Active Directory
Console location	Cloud Email
Console settings	Click Office 365

Email Assessment (G Suite)

The Assessment Service needs permission to access mailboxes for scanning. Trend Micro does not access and store users’ G Suite credentials.

Email Assessment combines machine learning, document exploit detection, and behavior analysis to protect Exchange Online users from BEC, ransomware, advanced phishing, and other high-profile attacks.

The information will automatically be deleted 90 days after the report is generated.

Data collected	Domain, user, and group information Global administrator email address for Gmail Email senders Email recipients Email locations Email subjects Email attachments File modifiers File locations File names URLs in email body URLs in email attachments URLs in files Suspicious executable files and scripts in cloud storage services Suspicious executable files and scripts in email attachments Metadata of suspicious executable files and scripts in cloud storage services Metadata of suspicious executable files and scripts in email attachments IP addresses of upstream MTAs for IP rating query Domain, user, device and group information in Azure Active Directory
Console location	Cloud Email
Console settings	Click G Suite

Endpoint Assessment (Windows)

The assessment tool scans Windows endpoints for malicious files, critical vulnerabilities, and threat indicators collected from global intelligence sources. After collecting system information, the tool automatically uploads the data to the service for in-depth analysis and reporting.

The information will be automatically deleted after one (1) year.

Data collected	Host name Endpoint name IP address MAC address File name File path Unpatched critical vulnerabilities
Console location	Endpoints
Console settings	Click Windows

Endpoint Assessment (macOS)

The assessment tool scans macOS endpoints for file-based threat, network detection and operation system possible security risks. After collecting system information, the tool automatically uploads the data to the service for in-depth analysis and reporting.

The information will automatically be deleted 90 days after the report is generated.

Data collected	Installed Apps primary executable attributes: file path, file hash, create time, owner use name, file mode, code sign status Active process's image file attributes: file path, file hash, create time, owner use name, file mode, code sign status All persistent items files attributes: file path, file hash, create time, owner use name, file mode, code sign status Installed applications, active processes, and persistent processes: File path File hash value Time created User name of owner File permission Code signing status All suspicious network connections basic information: Source IP address/port Destination IP address/port Relating process information Suspicious connections: Source IP address and port Destination IP address and port Related process information Operating system: Version macOS user account Status of key security features
Console location	Endpoints
Console settings	Click macOS

Need More Help?

Trend Micro Security Assessment Service Data Collection Disclosure

Registration

Email Assessment (Office 365)

Email Assessment (G Suite)

Endpoint Assessment (Windows)

Endpoint Assessment (macOS)