Trend Micro Endpoint Basecamp (a.k.a. XBC) provides a robust way to deploy Trend Micro solutions to endpoint side and also introduce important common endpoint functions for Trend Micro agents. For better customer support and functionality for Trend Micro agent, Trend Micro suggest to keep Trend Micro Endpoint Basecamp always up-to-date. This article provides information about what is Trend Micro Endpoint Basecamp and why it keeps up-to-date.
Trend Micro Endpoint Basecamp is a program running in endpoint to provide a robust channel for Trend Micro deploy endpoint application. When a customer wants to deploy more endpoint application, Endpoint Basecamp will download the endpoint application package from Trend Micro backend and install it. Customer does not need to do another agent deployment for new endpoint application.
Trend Micro Endpoint Basecamp also provides essential but lightweight common function to endpoint application, which includes the following:
- Authentication: Trend Micro service and endpoint application can authenticate with each other via Endpoint Basecamp's authentication mechanism.
- Application performance data:
- Endpoint Basecamp collects agent process performance data and crash count for further development enhancement.
- No personal / privacy data are collected.
Current available endpoint application deployed via Endpoint Basecamp are the following:
- Endpoint Sensor (xES) and Endpoint Response application - Enabled from Vison One Endpoint Inventory
- Assessment Tool for Windows Endpoints - from Vision One Security Assessment
Trend Micro Endpoint Basecamp is a pure user mode application without system / application event interception behavior. It does not include kernel driver and there is no possibility to create endpoint failure, e.g. BSoD.
Trend Micro Endpoint Basecamp plug-in is a user-mode program that can provide additional features. It will be installed along with the Endpoint Basecamp. Currently, there are two plug-in services:
Trend Micro Web Service Communicator
- A program of Endpoint Basecamp running in the endpoint to establish a persistent connection between endpoint and Trend Micro backend.
- It provides near real-time communication to make sure the endpoint gets the server's event more efficient. e.g. apply agent policy.
Trend Micro Cloud Endpoint Telemetry Service
- A program of Endpoint Basecamp running in the endpoint to collect endpoint metrics. The information contains Trend Micro's endpoint performance metrics and helps to monitor the health status of the endpoint.
- It gives us a way to monitor the health status of Trend Micro's endpoint.
There are two ways to get Endpoint Basecamp installed:
- Upgrade the Apex One security agent / OfficeScan agent.
- If you are using Apex One SaaS version:
The security agent should be upgrade to Build 220.127.116.1109 or a later version.
- If you are using Apex One on-prem version:
- Accept "Enhanced Support Service" during Apex One server upgrade, or decline "Enhanced Support Service" during the upgrade and then onboard Vision One from Apex One server console afterwards.
- The security agent should be upgraded to Build 8378 or a later version.
- If you are using OfficeScan XG SP1 server:
- Accept "Enhanced Support Service" during OfficeScan server upgrade, or decline "Enhanced Support Service" during the upgrade and then onboard Vision One from OfficeScan server console afterwards.
- The OfficeScan agent should be upgraded to Build 6029 or a later version.
- If you are using Apex One SaaS version:
- If it is not Apex One security agent or OfficeScan agent, download the agent installer from Vision One Endpoint Inventory console and trigger it to install.
Endpoint Basecamp provides the endpoint application deployment capability. The Trend Micro endpoint detection and response solution are provided by other endpoint application. When a new endpoint application is deployed, Endpoint Basecamp downloads the endpoint application installer and launches it. Endpoint application installer will install the necessary components into system silently. Endpoint Basecamp and endpoint application are separate programs that work independently. Endpoint application could provide the function for a customer but will not influence Endpoint Basecamp program behavior and vice versa.
The following diagram illustrates the relationship flow. When a user triggers Endpoint Basecamp agent, Endpoint Basecamp will be installed but without any other endpoint application deployed. Endpoint Basecamp only waits for the agent deployment request from Vision One.
When a user enables Endpoint Sensor for Vision One Endpoint Inventory, Endpoint Inventory will request Endpoint Basecamp service to deploy Endpoint Sensor and Response App to the selected endpoint. Endpoint Basecamp will download and launch the installer of Endpoint Sensor and Response App. After installation, Endpoint Sensor and Response App will communicate to their corresponding services in Vision One without being dependent on Endpoint Basecamp. Endpoint Basecamp will wait if another agent needs to be deployed from Vision One.
|Windows scheduled job||Trend Micro Endpoint Basecamp|
Note: During the upgrade, only changed binary would be downloaded.
What URLs that Endpoint Basecamp would connect to
- *-ats.iot.eu-central-1.amazonaws.com (EU only)
- *-ats.iot.ap-northeast-1.amazonaws.com (JP only)
- *-ats.iot.ap-southeast-1.amazonaws.com (SG only)
- *-ats.iot.ap-southeast-2.amazonaws.com (AU only)
- *-ats.iot.ap-south-1.amazonaws.com (IN only)
Endpoint Basecamp communication frequency
- Frequency to connect to Endpoint Basecamp back-end service every hour
- Frequency to send agent telemetry data to backend every 4 hours
- Create one persistent connection with AWS IoT for push notification
- Why upgrade to Trend Micro Endpoint Basecamp?
- When Trend Micro development team finds an issue in Endpoint Basecamp and fixes it, they will upgrade Endpoint Basecamp.
- Since all the common functions provided by Endpoint Basecamp are basic for Trend Micro products, keeping Endpoint Basecamp updated provides more robust deployment experience and more stable service to endpoint application. The up-to-date Endpoint Basecamp is required.
- During the Endpoint Basecamp upgrade process, all integration application function still runs and works as usual.
- The Endpoint Basecamp upgrade behavior
- Endpoint Basecamp agent will check back-end every hour to see if there is new version of Endpoint Basecamp agent available.
- If there is a new version, Endpoint Basecamp agent will download the new package.
- It will upgrade itself by replacing Endpoint Basecamp binaries and restarting service.
- No interruption to endpoint user while upgrade
- Endpoint Basecamp upgrade is done in system background silently. There are no end-user facing behavior (e.g. pop-up windows).
- No machine reboot is required for Endpoint Basecamp upgrade.
- What is the Endpoint Basecamp upgrade frequency?
Basically, Trend Micro upgrades the Endpoint Basecamp agent once a month.
- DevOps practice of phase agent deployment and continuous monitoring on deployment status
Endpoint Basecamp upgrade applies phase deployment and monitoring practice. Every deployment starts from a small batch scope program and agent health is monitored in its lifecycle. The practice is:
- Upgrade 0.1% devices to the latest version.
- Monitor the agent performance and health telemetry in the back-end.
- Gradually enlarge the percentage if no problems occurred in previous phase.
- Deployment finishes until Endpoint Basecamp is upgraded to the latest version.