Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Best Practice Guide (BPG) for malware protection

    • Updated:
    • 2 Jul 2021
    • Product/Version:
    • Deep Security 12.0
    • Deep Security 12.5
    • Platform:
Summary

Learn about the additional layers of security configuration in Deep Security to protect you from malware infections.

Details
Public

Follow these steps depending on your preferred scan configuration process.

Real-time malware scan configuration

  1. On the Deep Security console go to Policies > Malware Scan Configuration > New > New Real-time Scan Configuration.

    Module state

  2. Under General tab, name the policy.

    Module state

    1. Enable Document Exploit Protection.

      Module state

    2. Enable Predictive Machine Learning (Set to quarantine).

      Module state

    3. Enable Behavior Monitoring.

      Module state

    4. Enable AMSI, Spyware, Grayware, Intellitrap, Process Memory Scan, and Alert.

      Module state

  3. Under Inclusions tab, make sure to select All Directories.

    Module state

  4. Go to the Advanced tab. Follow the settings indicated in the following screenshots:

    Module state

    Module state

Manual/scheduled malware scan configuration

  1. On the Deep Security console go to Policies > Malware Scan Configuration > New > Manual Scan Configuration.

    Module state

  2. Under General tab, name the policy. Follow the settings indicated in the following screenshot:

    Module state

  3. Under the Inclusions tab, select All Directories.

    Module state

  4. Go to the Advanced tab. Follow the settings indicated in the following screenshots:

    Module state

    Module state

Policy creation

  1. On Deep Security console go to Policies > Duplicate Base Policy.

    Module state

  2. Right-click the newly created Duplicate then select Details.

    Module state

  3. Under the Overview tab, name the policy and click Save.

    Module state

  4. On the left panel go to Anti-Malware > General tab. Apply the policy created earlier with Default unchecked.

    Module state

  5. Under the Smart Protection tab, make sure Smart Scan is set to On.

    Module state

  1. On the new policy, go to Web-Reputation on the left menu. Under General tab, turn it on then click Save.

    Module state

  2. Under the Smart Protection tab, follow the settings indicated in the following screenshot:

    Module state

From the left menu, select Settings. Under General tab, apply Agent Self Protection by following the settings indicated in the screenshot below, then click Save.

Module state

From the main console, go to Administration > System Settings > Smart Feedback tab. Follow the settings indicated in the screenshot below, then click Save.

Module state

From the left menu, go to Application Control. Set Application Control State to On. Follow the rest of the settings indicated in the screenshot below.

Module state

Scheduled tasks for Security Updates

  1. From the main console, go to Administration > Scheduled tasks > New > Check for Security Updates then select Daily. Click Next.

    Module state

  2. Set preferred time and time zone.

    Module state

  3. Select All Computers.

    Module state

  4. Name the task and click Finish.

    Module state

Scheduled tasks for Malware Scan

  1. From the main console, go to Administration > Scheduled Tasks > New > Scan Computers for Malware then select Weekly. Click Next.

    Module state

  2. Set preferred time, day and time zone. Click Next.

    Module state

  3. Select All Computers.

    Module state

     
    Depending on environment size, you may divide the scanning per group.
     
  4. Name the tasks, and make sure to enable them. Click Finish.

    Module state

Firewall & Intrusion Prevention

The configuration of the Firewall and Intrusion Prevention may be complicated due to different environment setup. Please refer to the following articles for more detailed information:

Integrity Monitoring

The detailed configuration of the Integrity Monitoring (IM) is shown in the following articles:

The detailed information on IM events is shown in the article, Integrity monitoring events.

Log Inspection

The detailed information of the Log Inspection (LI) is shown in the article, Set up Log Inspection.

Users could create their own LI rules. The article, Define a Log Inspection rule for use in policies, shows detailed information for creating LI rules,

The detailed information of the LI events is shown in the article, Log inspection events.

Scanning for Recommendations (Task)

  1. From main console, go to Administration > Scheduled tasks > New > Scan Computers for Recommendations then select Weekly. Click Next.

    Module state

  2. Set preferred time, day and time zone. Click Next.

    Module state

  3. Set Group depending on your preference.

    Module state

     
    Depending on environment size, you may divide the scanning per group or per policy.
     
  4. Name the tasks, and make sure to enable them. Click Finish.

    Module state

Premium
Internal
Partner
Rating:
Category:
Configure; Remove a Malware / Virus
Solution Id:
000286880
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.