Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Default values of the monitored changes by Behavior Monitoring in Worry-Free Business Security (WFBS)

    • Updated:
    • 8 Oct 2015
    • Product/Version:
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2003 Home Server
    • Windows 2003 Standard Server Edition
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows Vista 32-bit
    • Windows XP Professional
Summary

Know the default values of the monitored changes in Behavior Monitoring of WFBS.

Details
Public

The agents constantly monitor clients for unusual modifications on the operating system or installed software. You can create exception lists that allow certain programs to start while violating a monitored change, or completely block certain programs. In addition, programs with a valid digital signature are always allowed to start.

Another feature of Behavior Monitoring is to protect EXE and DLL files from being deleted or modified. Users with this privilege can protect specific folders. Also, users can select to collectively protect all Intuit QuickBooks programs.

To view the description and default value of the monitored changes, refer to the following table:

Possible Changes Monitored
Monitored ChangeDescriptionDefault Value
Duplicated System FileMany malicious programs create copies of themselves or other malicious programs using filenames used by Windows system files. This is typically done to override or replace system files, avoid detection, or discourage users from deleting the malicious files.Ask when necessary.
Hosts file modificationThe Hosts file matches domain names with IP addresses. Many malicious programs modify the Hosts file so that the web browser is redirected to infected, non-existent, or fake websites.Always block
Suspicious BehaviorSuspicious behavior can be a specific action or a series of actions that is rarely carried out by legitimate programs. Programs exhibiting suspicious behavior should be used with caution.Ask when necessary
System file modificationCertain Windows system files determine system behavior, including startup programs and screensaver settings. Many malicious programs modify system files to launch automatically at startup and control system behavior.Always block
New Internet Explorer Plug-inSpyware/grayware programs often install unwanted Internet Explorer plug-ins, including toolbars and Browser Helper Objects.Ask when necessary
Internet Explorer Setting ModificationMany virus/malware change Internet Explorer settings, including the home page, trusted web sites, proxy server settings, and menu extensions.Always block
Security Policy ModificationModifications in Windows Security Policy can allow unwanted applications to run and change system settings.Always block
Firewall Policy ModificationThe Windows Firewall policy determines the applications that have access to the network, open ports for communication, and IP addresses that can communicate with the computer. Many malicious programs modify the policy to allow themselves to access the network and the Internet.Ask when necessary
Program Library InjectionMany malicious programs configure Windows so that all applications automatically load a program library (DLL). This allows the malicious routines in DLL to run every time an application starts.Ask when necessary
Shell ModificationMany malicious programs modify Windows shell settings to associate themselves to certain file types. This routine allows malicious programs to launch automatically if the users open the associated files in Windows Explorer. Changes to Windows shell settings can also allow malicious programs to track the programs used and start alongside legitimate applications.Ask when necessary
New ServiceWindows services are processes that have special functions and continuously run in the background with full administrative access. Malicious programs sometimes install themselves as services to stay hidden.Ask when necessary
System process modificationMany malicious programs perform various actions on built-in Windows processes. These actions may include terminating or modifying running processes.Ask when necessary
New Startup ProgramMany malicious programs configure Windows so that small applications automatically load a program library (DLL). This allows the malicious routines in the DLL to run every time an application starts.Ask when necessary
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1055332
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.