Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Optimizing Intrusion Prevention System (IPS) performance-related settings in Cloud One Workload Security

    • Updated:
    • 5 Aug 2020
    • Product/Version:
    • Cloud One - Workload Security All
    • Platform:

Learn about the steps to be performed to optimize performance-related settings and avoid IPS performance issues in Cloud One Workload Security.

  • Minimize the number of required rules

    For performance reasons, you should have less than 300 intrusion prevention rules assigned to a computer. When an agent is assigned too many intrusion prevention rules, the status of the agent could change to "Agent configuration package too large" and the event message "Configuration package too large" appears.

    To minimize the number of required rules, ensure all available patches are applied to the computer operation system and any third-party software that is installed.

    1. Apply available patches to the computer operating system.
    2. Apply available patches to any third-party software that is installed.
    3. Apply only the intrusion prevention rules that a recommendation scan recommends. Remove any rules from the computer or the assigned policy that are recommended for unassignment. (See Manage and run recommendation scans.)
    4. If you are managing intrusion prevention at the policy level and the configuration package is still too large, configure intrusion prevention in one of the following ways:
      • Make the policy more granular, so that all servers in that policy have the same operating system and applications.
      • Manage intrusion prevention at the server level so that rules are added and removed automatically for the computer.
  • Run a recommendation scan

    Because changes to your environment can affect which rules are recommended, it is best to run recommendation scans on a regular basis (the best practice is to perform recommendation scans on a weekly basis). Trend Micro releases new intrusion prevention rules on Tuesdays, so it is recommended that you schedule recommendation scans shortly after those releases. The use of system resources, including CPU cycles, memory, and network bandwidth, increases during a recommendation scan so it's best to schedule the scans at non-peak times.

  • Resolve related issues

    To resolve the error "too many application types apply to port", refer to this KB article.

  • Get more performance tips from online help:

    Performance tips for intrusion prevention

    Check scan results and manually assign rules

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.