Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling ransomware protection for Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 2 Mar 2016
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Platform:
    • N/A N/A
Summary

Enabling Web Reputation Services, Behavior Monitoring and Behavior Monitoring warning messages will add another layer of protection to warn users before executing any programs.

Details
Public

Prompting users add another security layer before a program can be executed. This feature works when Behavior Monitoring and Web Reputation Services are enabled.

Behavior Monitoring protects clients from unauthorized changes to the operating system, registry entries, software, files and folders. The settings can be enabled or disabled only per group.

To configure:

  1. Go to Devices.
  2. Select a desktop or server group.
  3. Click Configure Policy.
  4. Choose Windows.
  5. Click Behavior Monitoring.
  6. Update the following as required:
    • Enable Behavior Monitoring
    • Malware Behavior Blocking

      Necessary layer of additional threat protection from programs that exhibit malicious behavior is given upon using this. It observes system events over a period of time. As programs execute different combinations or sequences of actions, Malware Behavior Blocking detects known malicious behavior and blocks the associated programs. Use this feature to ensure a higher level of protection against new, unknown, and emerging threats.

      Malware Behavior Monitoring provides the following threat-level scanning options:

      • Known threats: Blocks behaviors associated with known malware threats
      • Known and potential threats: Blocks behavior associated with known threats and takes action on behavior that is potentially malicious
    • Event Monitoring

      For a more generic approach to protecting against unauthorized software and malware attacks, Event monitoring oversees system areas for certain events, allowing administrators to regulate programs that trigger such events. Use Event Monitoring if you have specific system protection requirements that are above and beyond what is provided by Malware Behavior Blocking.

      Under Ransomware Protection, update the following as required:

      • Enable document protection against unauthorized encryption or modification: Protects documents from unauthorized changes.
         
        Enabling this option stops processes that rename, modify and delete files, and then quarantines the programs that are running these processes.
      • Enable blocking of processes commonly associated with ransomware: Protects endpoints from ransomware attacks by blocking processes commonly associated with hijacking attempts.
    • Exceptions

      Approved Program List and a Blocked Program List are included here. Programs in the Approved Programs List can be started even if they violate a monitored change, while programs in the Blocked Program List can never be started
  7. Click Save.

Behavior Monitoring protects clients from unauthorized changes to the operating system, registry entries, other software, files and folders.

When enabled, Worry-Free Business Security temporarily blocks a newly-encountered program downloaded through HTTP or email applications and prompts users to select an action ("Block once" or "Allow once"). If users do not select an action within the specified time period, the program is automatically blocked.

This feature is currently available only for Windows devices.
  1. Go to Administration > Global Settings > Security Settings > Behavior Monitoring.
  2. Select any of the following as required:
    • Enable warning messages for low-risk changes or other monitored actions: Agents warn users of low-risk changes or monitored actions.
    • Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded): After detecting a "newly encountered" file, administrators can choose to prompt users before executing the file. Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

       

      Behavior Monitoring

                                              Click image to enlarge.

  3. Click Save.
  4. Users will be prompted with the message:

    Newly Encountered Program Detected

    Security Agent message

Web Reputation enhances protection against malicious websites. Web Reputation leverages Trend Micro's extensive web security database to check the reputation of URLs that Clients are attempting to access or URLs embedded in email messages that are contacting websites.

To configure:

  1. Go to Devices.
  2. Select a desktop or server group.
  3. Click Configure Policy.
  4. Choose Windows.
  5. Click Behavior Monitoring > Web Reputation.
  6. Update the following as required:
    • Enable Behavior Monitoring
    • Security Level
      • High: Blocks the following pages:
        • Dangerous: Verified to be fraudulent or known sources of threats
        • Highly suspicious: Suspected to be fraudulent or possible sources of threats
        • Suspicious: Associated with spam or possibly compromised
        • Untested: While Trend Micro actively tests web pages for safety, users may encounter untested pages when visiting new or less popular websites. Blocking access to untested pages can improve safety but can also prevent access to safe pages
      • Medium: Blocks the following pages:
        • Dangerous: Verified to be fraudulent or known sources of threats
        • Highly suspicious: Suspected to be fraudulent or possible sources of threats
      • Low: Blocks the following pages:
        • Dangerous: Verified to be fraudulent or known sources of threats
  7. Click Modify Global Approved URLs to edit the list of approved websites. 
    This also adjusts your settings on the Global Settings screen. See Configuring Global Settings.
  8. Select Block pages to protect against browser exploits containing malicious script.
  9. Choose Save.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
1112168
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.