Trend Micro - Securing Your Journey to the Cloud Business
Success
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling the required services for Targeted Attack Detection

    • Updated:
    • 29 Oct 2021
    • Product/Version:
    • Apex One
    • Apex One as a Service
    • OfficeScan XG
    • Platform:
    • N/A
Summary

This article discusses which services are required for Targeted Attack Detection app and how to enable them.

Details
Public

If you have not yet enabled the Smart Feedback, Predictive Machine Learning or Behavior Monitoring in your product, you can activate these features and run the scan again. Data shared through these features allows Trend Micro to identify and address new threats such as Sunburst.

Please read through the steps first, since multiple configuration settings can be done at one configuration menu per product.

Enable Smart Feedback

  1. Use single sign-on to Apex One server. Go to Directories > Product Servers and click Apex One as a Service URL.
  2. Go to Administration > Smart Protection.
  3. Click the Enable Trend Micro Smart Feedback.
  4. Select the Industry type to help Trend Micro understand your organization.
  5. Tick the Enable feedback of suspicious program files check box to send information about potential security threats in the files on your Security Agents.
  6. Set the number of detections for the specific amount of time that triggers the feedback to configure the criteria for sending feedback.
  7. Specify the maximum bandwidth Apex One can use when sending feedback to minimize network interruptions.
  8. Click Save.

  1. Use single sign-on to Apex One server. Go to Directories > Product Servers and click Apex One (Mac) as a Service URL.
  2. Go to Administration > Smart Feedback.
  3. Click Enable Trend Micro Smart Feedback.
  4. Click Save.

  1. On the console, navigate to Administration > Smart Protection.
  2. Click Enable Trend Micro Smart Feedback.
  3. Select the Industry type to help Trend Micro understand your organization.
  4. Tick the Enable feedback of suspicious program files check box to send information about potential security threats in the files on your Security Agents.
  5. Set the number of detections for the specific amount of time that triggers the feedback to configure the criteria for sending feedback.
  6. Specify the maximum bandwidth Apex One can use when sending feedback to minimize network interruptions.
  7. Click Save.

  1. Log in to Trend Micro Cloud One > Workload Security.
  2. Go to Administration > Smart Feedback.
  3. Click Enable Trend Micro Smart Feedback.
  4. Select the Industry type to help Trend Micro understand your organization.
  5. Tick the Send suspicious file signatures along with feedback option.
  6. Set the number of detections for the specific amount of time that triggers the feedback to configure the criteria for sending feedback.
  7. Specify the maximum bandwidth Cloud One Workload Security can use when sending feedback to minimize network interruptions.
  8. Click Save.

Reference: Protection in Workload Security

  1. Log in to Trend Micro Cloud App Security > Advanced Threat Protection.
  2. Choose the Default Exchange Policy ATP > Advanced Spam Protection, and tick Allow Trend Micro to collect suspicious email information to improve its detection capabilities.
  3. Next, choose the Default Exchange Policy ATP > Malware Scanning, tick Allow Trend Micro to collect suspicious file information to improve its detection capabilities and click Save.
  4. Review other policies and ensure that the same option has been enabled.

  1. Log in to Deep Discovery Inspector > Administration > Threat Detections.
  2. Ensure that Enable All Threat Detections is enabled, and that Enable threat detections is ticked.
  3. Click Save.

 

Enable Predictive Machine Learning

  1. Go to Policies > Policy Management.
  2. For Apex One Security Agent, create a new policy or click an existing policy to modify its setting.
  3. In the Advanced Threat Protection section, click Predictive Machine Learning.
  4. Select Enable Predictive Machine Learning.
  5. Under Detection Settings, select the type of detections and related action that Predictive Machine Learning takes.
  6. Repeat steps 1 – 5, but this time create a policy for Apex One (Mac).

  1. Go to Agents > Agent Management.
  2. In the agent tree, click the root domain icon to include all agents or select specific domains or agents.
  3. Click Settings > Predictive Machine Learning Settings. The Predictive Machine Learning Settings screen appears.
  4. Select Enable Predictive Machine Learning.
  5. Under Detection Settings, select the type of detections and related action that Predictive Machine Learning takes.

  1. Log in to Trend Micro Cloud One > Workload Security.
  2. Go to Policies > Common Objects > Other > Malware Scan Configurations.
  3. Select the real-time scan configuration to configure and click Details.
  4. On the General tab, under Predictive Machine Learning, select Enable Predictive Machine Learning. In the Action to take list, choose the remediation action Predictive Machine Learning takes.
  5. Click Apply, and then OK.
  6. Finally, ensure that the policies applied at the Agents also indicate that the Anti-Malware State is On.

Reference: Detect emerging threats using Predictive Machine Learning

  1. Log in to Trend Micro Cloud App Security > Advanced Threat Protection.
  2. Choose the Default Exchange Policy ATP > Malware Scanning, tick Enable Predictive Machine Learning and click Save.
  3. Review other policies and ensure that the same option has been enabled.

  1. Log in to Deep Discovery Inspector > Administration > Threat Detections.
  2. Under Smart Feedback, ensure that both Enable Smart Feedback and Submit suspicious files to Trend Micro is ticked.
  3. Click Save.

 

Enable Behavior Monitoring

  1. Go to Policies > Policy Management.
  2. Create a new policy or click an existing policy to modify its setting.
  3. In the Advanced Threat Protection section, click Behavior Monitoring.
  4. Select Enable Malware Behavior Monitoring.
  5. Under Threats to block, select the type of detections and related action that Behavior Blocking would block.
  6. Review the Ransomware Protection section, and enable features as deemed necessary. Note that it’s highly recommended to have all settings under Malware Behavior Blocking enabled.

  1. Go to Agents > Agent Management.
  2. In the agent tree, click the root domain icon to include all agents or select specific domains or agents.
  3. Click Settings > Behavior Monitoring Settings. The Behavior Monitoring Settings screen appears.
  4. Select Enable Malware Behavior Blocking.
  5. Under Threats to block, select the type of detections and related action that Behavior Blocking would block.
  6. Review the Ransomware Protection section, and enable features as deemed necessary. Note that it’s highly recommended to have all settings under Malware Behavior Blocking enabled.

  1. Log into Trend Micro Cloud One > Workload Security.
  2. Go to Policies > Common Objects > Other > Malware Scan Configurations.
  3. Select the real-time scan configuration to configure and click Details.
  4. On the General tab, under Behavior Monitoring, select Enable Behavior Monitoring. In the Action to take list, choose the remediation action Behavior Monitoring takes.
  5. Click Apply, and then OK.
  6. Finally, ensure that the policies applied at the Agents also indicate that the Anti-Malware State is On.

Reference: Enhanced Anti-Malware and ransomware scanning with behavior monitoring

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283790
Feedback
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.

Learn More Ok, got it