Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Changes to Behavioral Monitoring and Predictive Machine Learning in Deep Security Manager 20.0.313 and how the pass action affects older agents

    • Updated:
    • 2 Feb 2021
    • Product/Version:
    • Cloud One - Workload Security All
    • Deep Security All
    • Platform:
Summary

Deep Security Manager 20.0.313 is introducing changes to “default real-time scan configuration” that affects Behavioral Monitoring and Predictive Machine Learning with the introduction of the "Action to Take" option setting.    This change also affects the way Behavioral Monitoring and Predictive Machine Learning can be enabled or disabled on the Deep Security Agent.

Details
Public

When you upgrade to Deep Security Manager version 20.0.313, there are configuration changes that takes effect automatically inside “default real-time scan configuration”. It will "Turn On" automatically BM (Behavior Monitoring) and PML (Predictive Machine Learning) and the "Action to take" option will be set to "Pass". This configuration will offer the best protection and at the same time reduce the impact it may have on running applications.

This change will only affect BM or PML if the configuration is "Turned Off". This change does not affect customers who have either BM or PML already enabled.

When the scan configuration is enabled for BM or PML and the custom action is set to "Pass". Once this policy is applied, we can expect the following behavior on the agent.

  • Deep Security Agent (Windows) 20.0.0.1559 and above will Turn On Behavior Monitoring. The "Pass" action is fully supported starting with this agent version.
  • Deep Security Agent (Linux) 20.0.0-1822 and above now includes Behavior Monitoring.The "Pass" action is fully supported starting with this agent version.
  • The following agents does not support the "Pass" action. If Pass Action is selected in Realtime Scan Configuration, Behavior Monitoring or Predictive Machine Learning will be disabled on the agent.

    • Deep Security Agent 9.x
    • Deep Security Agent 10, 11, 12
    • Deep Security Agent 20 (Windows) version lower than 20.0.0.1559
    • Deep Security Agent 20 (Linux) version lower than 20.0.0.1822

Since “default real-time scan configuration” is a global setting, changes to this configuration will apply to all Deep Security Agents if customer uses default policies.

Deep Security Manager upgrade will modify the “default real-time scan configuration” setting for BM (Behavior Monitor) and PML (Predictive Machine Learning) to "Enabled" if it is previously disabled. The "Action to take" will be set to "Pass".

DSM upgrage modifications

Behavior Monitoring and Predictive Machine Learning with “Pass” action is a new feature that works only with the following Agent versions:

  • Deep Security Agent for Windows 20.0.0-1559
  • Deep Security Agent for Linux 20.0.0-1822

All agent versions lower than what has been mentioned here, the “Pass” action is not supported. Behavior Monitoring and Predictive Machine Learning will be turned off if "Action to take" is configured to "Pass" action.

 
Behavior Monitoring and Predictive Machine Learning may appear enabled on the Web Console. However, if pass action is selected, these 2 features will be disabled as older agents do not support the pass action.
 
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000284760
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.