Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling Retro Scan in Deep Discovery Inspector (DDI) 3.8

    • Updated:
    • 18 Oct 2017
    • Product/Version:
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

C&C-related traffic in targeted attacks is often difficult to locate. Attackers change and redirect addresses, use legitimate sites and even set up C&C servers inside a company's network. Moreover, most security technologies focus solely on detecting and blocking addresses that are known to be malicious at that point in time. This is problematic because reputation scores constantly change. Addresses that are considered safe today can easily become malicious within the next hour or day.

Details
Public

Recommendation

Retro Scan examines historical web access logs to help you discover suspicious connections regardless of when the address is identified as malicious. Trend Micro recommends to enable Retro Scan to provide better protection and minimize the impact of targeted attacks.

Configuration

Retro Scan functions independently from DDI and is disabled by default. To enable Retro Scan, do the following:

  1. Go to Administration > Monitoring / Scanning > Web Reputation.

    Go to Web Reputation

    Click image to enlarge

  2. Click Enable Web Reputation (The Default option is Selected).

    Click Enable Web Reputation

  3. Under Smart Protection Settings, select Trend Micro Smart Protection Network.

    Select Trend Micro Smart Protection Network

  4. Select Enable Retro Scan. The Service and Terms window appears.

    Enable Retro Scan

  5. Read the information and click Accept.

  6. Click Save.

After Retro Scan is enabled, DDI will periodically check Retro Scan for scan reports. If the scan reports are available, DDI will display the summarized information on the Detection > Retro Scan screen.

Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1118588
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.