Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing the AC Agent from performing initial inventory scan in Endpoint Application Control (EAC) 2.0

    • Updated:
    • 2 Oct 2017
    • Product/Version:
    • Endpoint Application Control 2.0
    • Platform:
    • N/A N/A
Summary

An AC Agent performs immediate local disk scan after deployment to endpoints. In some environment where there is limited network bandwidth, installing the AC agent to a large number of endpoints can generate huge traffic if all agents will send its Inventory DB to the server and submit application events all at once. It is ideal in TMEAC to allow only a small group of endpoints to connect to the server, to avoid overloading the network especially during the initial phase of agent deployment.

Details
Public
 
Refer to the following KB to learn more about AC Agent’s network bandwidth requirement: Average bandwidth consumption of AC Agents when connecting to the server.

You can temporarily prevent the agent registration to avoid the initial Inventory Scan when you install the agent component on the endpoints. This is possible by employing an IP/Domain Restriction or Access Control List (ACL) policy to deny traffic specific to TMEAC from different network segments. This gives the administrator full control over which network segments to allow agent registration at a given time and let the present group of agents finish sending their Inventory DB to the server and download applicable policy before enabling TMEAC traffic to other segments.

The following is an example of an IP-based restriction policy configuration via Microsoft IIS:

  1. On the EAC Server, install the IP and Domain Restriction features in IIS.
  2. Open IIS and go to Sites > EndpointApplicationControl.

    EAC Site

  3. Click IP Address and Domain Restrictions.

    IP Address and Domain Restrictions

  4. Right-click in the IP Address and Domain Restrictions window and select Add Deny Restriction Rule.

    Add Deny Entry

  5. In the Add Deny Restriction Rulewindow, select either Specific IP Address or IP address range.

    Add Deny Restriction Rule

  6. Type IPv4 Addresses in the field.

     
    If both the server and endpoint computers are IPv6 enabled, then the AC Agent will use IPv6 to connect to the AC Server. Therefore, to deny this traffic in IIS, you need to specify the IPv6 address in the configuration file (applicationHost.config). For more information, refer to the following IIS blog:Using IPv6 with IIS7.

To setup firewall Access Control List (ACL), refer to your router’s manual or contact your Firewall Vendor for assistance.

Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1118464
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.