Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Dealing with many aggressive or false positive detections in Discovery Inspector (DDI) 5.7

    • Updated:
    • 7 Mar 2021
    • Product/Version:
    • Platform:
Summary

If Deep Discovery Inspector (DDI) detects many aggressive or false positive detections, but actually they are legitimate, it might be caused by the current configuration, or you need to adjust a configuration to fit your environment.

Details
Public

To mitigate those unnecessary detections, do the following:

  1. Check that Deep Discovery Inspector is configured correctly. Refer to linked articles under Recommended DDI Configurations in Deep Discovery Inspector (DDI) 5.7 Best Practice Guides.
  2. Check the detection details through Detections > All Detections, then identify triggered rules and objects.
  3. In order to mitigate aggressive or false positive detection on Deep Discovery Inspector, update any or all of the following configurations depending on the situation:
    1. To ignore detections by a specific detection rule, go to Administration > Monitoring/Scanning > Detection Rules, and disable a detection rule which is considered unnecessary.

      allow connection

    2. To ignore a detection which meets a particular criteria, such as Host name, Protocol, or File SHA-1 etc, go to Administration > Monitoring/Scanning > Detection Exceptions, and then register an appropriate criteria into the Detection Exception list.

      ignore detection

    3. To allow the connection to particular entities, go to Administration > Monitoring/Scanning > Deny List/Allow List, and then register File SHA-1, IP address, URL or domain into Allow List.

      ignore detection

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000285865
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.