Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Optimizing Deep Security Recommendation Scans for EOL Platforms

    • Updated:
    • 31 Mar 2020
    • Product/Version:
    • Deep Security All
    • Platform:
Summary
With new vulnerabilities out daily, Deep Security’s Recommendation Scan provides an easy way to stay protected using the Intrusion Prevention System, or IPS. This system assigns a rule that will potentially detect the exploitation of a vulnerability for you to apply to your environment before needing to apply the vendor provided patches.

Deep Security can help in these situations via IPS rules which target major vulnerabilities. Determining which rules to apply can be done with minimal effort from the administrator by allowing systems to be scanned and appropriate rules to be applied based on your environment. Once the system is updated, the rules can then also be removed by a Recommendation Scan as well. 

Deep Security supports various End of Life (EOL) operating systems such as Microsoft Windows 2000 and Windows 2003. These systems are typically kept in production as they serve a necessary function in a particular line of business. As they are "end of life," these systems will not be updated from the vendors. 

In many cases, the systems running these legacy applications are doing so with limited resources. We can optimize the application of IPS rules by preventing certain classes of rules from even being recommended.

We classify these rules under the following Application Types:
  1. Web Client Common
  2. Web Client Internet Explorer / Edge
  3. Microsoft Office
  4. Web Client Mozilla Firefox
Removing unnecessary rules  greatly enhance resource allocation without compromising safety. 

Note: These are general guidelines. This list is not meant to be exhaustive or definitive and every deployment must be evaluated carefully before configuring any exclusions. In addition to Application Types, individual rules can also be excluded for more fine-grained control.
Details
Public

To exclude a specific Application Type from Recommendation scans


These steps can be followed on either Policy or on a specific computer and will ensure you continue to benefit from recommendation scans and have protection against any new vulnerabilities, with all rules in this application type being excluded from the future recommendation scans.

1.  Open the Policy (or Computer)

2.  In the left pane, click on 'Intrusion Prevention'



3.  Click on the 'Assign/Unassign' button



4.  Find an IPS Rule that has the Application Type that should be excluded from Recommendation and right click on it.  Select 'Application Type Properties' (not 'Application Type Properties (Global)').



5.  Click on the 'Options' tab.



6.  From the drop-down menu, select 'Yes' and click 'OK'.



7.  You may now close any open windows.

Note: If you have not performed any other modifications to settings in the IPS module, the ‘Save’ button will be greyed out. This is normal, no other save actions are required and you may simply close the browser window.

 
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000249219
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.