Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Behavior Monitoring in Worry-Free Business Security (WFBS)

    • Updated:
    • 11 Feb 2021
    • Product/Version:
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Advanced 9.5
    • Worry-Free Business Security Standard 7
    • Worry-Free Business Security Standard 8
    • Worry-Free Business Security Standard 8
    • Worry-Free Business Security Standard 9
    • Worry-Free Business Security Standard 9.5
    • Worry-Free Business Security Standard/Advanced 10.0
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Worry-Free Business Security Standard/Advanced 9.5
    • Platform:
    • Windows 2003 Home Server
    • Windows 2003 Standard Server Edition
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 7 32-bit
    • Windows Vista 32-bit
    • Windows XP Professional
Summary

You can do the following for Behavior Monitoring:

  • Enable/disable it.
  • Enable/disable Intuit QuickBooks Protection.
  • Enable/disable possible changes monitored by Behavior Monitoring. 
  • Approve or unblock a program.
  • Block a program.
Details
Public

Behavior Monitoring protects clients from unauthorized changes to the operating system, registry entries, other software, or files and folders.

To configure Behavior Monitoring:

  1. Open the WFBS console.
  2. Go to Security Settings Devices > Select a group > Configure Configure Policy > Behavior Monitoring.
  3. Under Malware Prevention, configure Behavior Monitoring as preferred.

    Behavior Monitoring

     
    To allow users to customize their own Behavior Monitoring settings, go to Devices > {group} > Configure Policy > Agent Privileges > Behavior Monitoring and then select "Allow users to modify Behavior Monitoring settings.

    Malware Behavior Monitoring provides the following threat-level scanning options:

    Malware behavior blocking is accomplished using a set of internal rules defined in pattern files. These rules identify known and suspicious threat behavior that is common amongst malware. Examples of suspicious behavior includes sudden and unexplainable new running services, changes to the firewall, or system file modifications.

    Known threatsBlocks behavior associated with known threats
    Known and potential threatsBlocks behavior associated with known threats and takes action on behavior that is potentially malicious

    Behavior Monitoring works in conjunction with Web Reputation to verify the prevalence of files downloaded through HTTP channels or email applications. After detecting a "newly encountered" file, administrators can choose to prompt users before executing the file. Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

     
    For HTTP channels, executable (.exe) files are scanned. For email applications (only Outlook and Windows Live Mail), executable (.exe) files in non-password protected archived (zip/rar) files are scanned.

    Protects all Intuit QuickBooks files and folders from unauthorized changes by other programs. Enabling this feature will not affect changes made from within Intuit QuickBooks programs, but will only prevent changes to the files from other unauthorized applications.

    The following products are supported:

    • QuickBooks Simple Start
    • QuickBooks Pro
    • QuickBooks Premier
    • QuickBooks Online
     
    All Intuit executable files have a digital signature and updates to these files will not be blocked. If other programs try to change the Intuit binary file, the Agent displays a message with the name of the program that is attempting to update the binary files. Other programs can be allowed to update Intuit files. To do this, add the required program to the Behavior Monitoring Exception List on the Agent. Remember to remove the program from the exception list after the update.

    Prevents the unauthorized modification or encryption of files on computers by "ransomware" threats. Ransomware is a type of malware which restricts access to files and demands payment to restore the affected files.

    Enable document protection against unauthorized encryption or modificationProtects documents from unauthorized changes
    Automatically back up files changed by suspicious programsAutomatically backs up files modified by suspicious programs if document protection is enabled
    Enable blocking of processes commonly associated with ransomwareProtects endpoints from ransomware attacks by blocking processes commonly associated with hijacking attempts
    (Desktop groups only) Enable program inspection to detect and block compromised executable filesIncreases detection by monitoring processes for ransomware-like behavior
    Terminate programs that exhibit abnormal behavior associated with exploit attacksAnti-exploit protection works in conjunction with program inspection to monitor the behavior of programs and detect abnormal behavior that may indicate that an attacker has exploited a program vulnerability. Once detected, Behavior Monitoring terminates the program processes.
     
    Anti-exploit Protection requires that you select Enable program inspection to detect and block compromised executable files.
     
    To reduce the chance of Worry-Free Business Security detecting a safe process as malicious, ensure that the computer has Internet access to perform additional verification processes using Trend Micro servers.

    Exceptions include an Approved Program List and a Blocked Program List. Programs in the Approved Programs List can be started even if they violate a monitored change, while programs in the Blocked Program List can never be started.

    Enter Program Full PathType the full Windows or UNC path of the program. Separate multiple entries with semicolons. Click Add to Approved List or Add to Blocked List. Use environment variables to specify paths, if required.
    Approved Program ListPrograms in this list can be started. Click the corresponding icon to delete an entry. The Approved Program List supports wildcards and environment variables.
    Approved Program ListPrograms in this list can be started. Click the corresponding icon to delete an entry. The Approved Program List supports wildcards and environment variables. For a list of supported environment variables, see Supported Environment Variables.
    Blocked Program ListPrograms in this list can never be started. Click the corresponding icon to delete an entry. The Blocked Program List only supports wildcards.
  4. Click Save.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1055333
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.