Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

InterScan Web Security as a Service Data Collection Notice

    • Updated:
    • 18 Jun 2018
    • Product/Version:
    • InterScan Web Security as a Service 3.0
    • Platform:
    • N/A N/A
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Details
Public

Virtual Gateway

InterScan Web Security as a Service virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling virtual gateways prevents the mentioned data from being sent to Trend Micro, but users need to enter their user name and password for authentication before they can access Internet services.
Data collectedIP addresses
Console locationGateways > Add/Edit Virtual Gateway > Basic Information
Console settings

Static IP address

Static IP address

Back to top

On-premises Gateway

InterScan Web Security as a Service on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling on-premises gateways prevents the mentioned data from being sent to Trend Micro, but user traffic need to be transmitted to the IWSaaS cloud.
Data collectedIP addresses
Console location

Gateways

IP Address

Console settings

Back to top

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious objects. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.

 
Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of InterScan Web Security as a Service to detect advanced malware.
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Cloud Virtual Analyzer

Cloud Virtual Analyzer

 

The detected suspicious objects are shown on:

Policies > CLOUD VIRTUAL ANALYZER > Suspicious Objects

Suspicious Objects

Back to top

Web Reputation

InterScan Web Security as a Service leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.

 
Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of InterScan Web Security as a Service to detect malicious URLs.
Data collectedURLs
Console locationPolicies > Threat Protection > Add/Edit > Web Reputation
Console settings

Enable: On

Enable Web Reputation

Back to top

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.

 
Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of InterScan Web Security as a Service to detect new, previously unidentified, or unknown threats.
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Predictive Machine Learning: On

Enable Predictive Machine Learning

Back to top

HTTPS Inspection

InterScan Web Security as a Service allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro to establish a trusted relationship between the InterScan Web Security as a Service CA certificate and your organization's own CA certificate.

 
Disabling cross-signed CA certificate prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
HTTPS Inspection (CA certificate)
Data collectedDigital certificates
Console location

Policies > Global Settings

  • Enable HTTPS Inspection

Policies > Decryption Rules > Add/Edit > Certificate

  • Cross-signed certificate: [Choose file...]

    Select a CA to upload

Console settings

InterScan Web Security as a Service manages CA certificates to determine that a web server's signature is trusted.

 
Disabling certificate management prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
HTTPS Inspection (Certificate Management)
Data collectedDigital certificates
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable certificate management

Policies > Digital Certificates > CA Certificates

  • Trusted CA Certificates or Untrusted CA Certificates > Add

Policies > Digital Certificates > Exceptions

  • Add

Digital Certificates

Console settings

InterScan Web Security as a Service allows administrators to maintain a list of trusted domains, whose HTTPS traffic will not be subject to InterScan Web Security as a Service policy rules, and always be accessible by end users without being decrypted and inspected by InterScan Web Security as a Service.

 
Disabling HTTPS tunneling prevents the mentioned data from being sent to Trend Micro, but failure pages will always display if HTTPS decryption fails.
HTTPS Inspection (HTTPS tunneling)
Data collectedDomains
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable HTTPS Inspection
  • Enable HTTPS tunneling

Policies > HTTPS Tunnels > Tunneled Domains

  • Add to Tunneled Domains List or Add to Exceptions List

    Tunneled Domains

Policies > HTTPS Tunnels > Failed HTTPS Accesses

  • Enable auto tunneling for fatal failures: On
  • Add to Tunneled Domains List or Add to Exceptions List

    Failed HTTPS Accesses

Console settings

Back to top

Customized URL Categories

InterScan Web Security as a Service allows administrators to add customized URL categories to subject URLs that are not part of the Trend Micro predefined categories to cloud access rules and HTTPS decryption rules.

 
Disabling Customized URL Categories prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not apply configured policies to URLs that are not part of the Trend Micro predefined categories.
Data collected
  • IP addresses
  • URLs
  • Domains
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export URL Categories or select a URL category to edit

Customized URL Categories

Back to top

IP Address Groups

InterScan Web Security as a Service allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.

 
Disabling IP Address Groups prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not apply configured policies or settings based on IP addresses.
Data collectedIP addresses
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export IP Groups or select an IP address group to edit

IP Address Groups

Back to top

Log Analysis

 

Logs cannot be disabled unless you choose to NOT use InterScan Web Security as a Service.

InterScan Web Security as a Service saves logs for 90 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from InterScan Web Security as a Service.

Data collected
  • Time
  • User names
  • Departments
  • Domains
  • URLs
  • IP addresses
Console locationLogs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer
Console settings

Log Analysis

  • Policy Enforcement
  • Internet Access
  • Virtual Analyzer

Log Analysis

Back to top

Log Favorites

 
Disabling Log Favorites prevents the mentioned data from being sent to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.
Data collected
  • User names
  • Departments
  • Gateways
  • Domains
  • URLs
Console locationLogs & Reports > Log Favorites
Console settings

Log Favorites

Back to top

Reports

 
Disabling Reports prevents the mentioned data from being sent to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.
Data collected
  • IP addresses
  • User names
Console locationLogs & Reports > Reports
Console settings

Add, Duplicate or select a report to edit.

Reports

Back to top

PAC Files

PAC files are used to forward web traffic from your organization's desktops to InterScan Web Security as a Service.

 
Disabling PAC Files prevents the mentioned data from being sent to Trend Micro, but some websites may fail to open.
Data collected
  • IP addresses
  • Domains
Console locationAdministration > SERVICE DEPLOYMENT > PAC Files
Console settings

Add, Duplicate or select a PAC file to edit.

PAC Files

Back to top

Enforcement Agent

The InterScan Web Security as a Service Enforcement Agent is installed to client machines to enforce the use of a PAC file for traffic forwarding and to automatically deploy the InterScan Web Security as a Service certificate to supported browsers.

 
Disabling Enforcement Agent prevents the mentioned data from being sent to Trend Micro, but users will only use the already configured PAC files.
Data collectedURLs
Console locationAdministration > SERVICE DEPLOYMENT > Enforcement Agent
Console settings

Hosted PAC file > Customize

Enforcement Agent

Back to top

Directory Services

InterScan Web Security as a Service integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to InterScan Web Security as a Service.

 
Disabling Directory Services prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not authenticate and apply policies to AD users of your organization.
Directory Services
Data collected
  • AD hosts
  • Domains
  • AD users
  • AD passwords
  • AD BaseDNs
Console locationAdministration > Users & Authentications > Click “here” > Direct
Console settings

AD Integration

Direct

InterScan Web Security as a Service integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to InterScan Web Security as a Service.

 
Disabling SAML Authentication prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not support ADFS authentication to authenticate AD users of your organization.
Directory Services (SAML Authentication)
Data collected
  • ADFS URLs
  • Digital Certificates
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML
Console settings

AD Integration

SAML

InterScan Web Security as a Service integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to InterScan Web Security as a Service.

 
Disabling Agent Authentication prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not support Agent authentication to authenticate AD users of your organization.
Directory Services (Agent Authentication)
Data collectedIP addresses
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > Agent
Console settings

AD Integration

Agent

InterScan Web Security as a Service integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to InterScan Web Security as a Service.

 
Disabling Synchronization Agent prevents the mentioned data from being sent to Trend Micro, but InterScan Web Security as a Service will not synchronize AD users from your organization to authenticate them using SAML or Agent authentication method.
Directory Services (Synchronization Agent)
Data collectedAD users
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML/Agent
Console settings

Download the Synchronization Agent

SAML_Agent

Back to top

Hosted Users

InterScan Web Security as a Service supports hosted user accounts to allow them to forward web traffic through InterScan Web Security as a Service.

 
Disabling Hosted Users prevents the mentioned data from being sent to Trend Micro, but hosted users will not be able to forward their network traffic to InterScan Web Security as a Service for policy enforcement.
Data collected
  • Email addresses
  • Passwords
  • groups
  • departments
Console locationAdministration > Users & Authentications > Hosted Users
Console settings

Add or Import/Export User Accounts or select a hosted user to edit

Hosted Users

Back to top

Administrator Alerts

InterScan Web Security as a Service uses Administrator Alerts to notify administrators of particular events as they occur.

 
Disabling Administrator Alerts prevents the mentioned data from being sent to Trend Micro, but administrators will not receive events of interest to monitor users’ abnormal network activities.
Data collectedEmail addresses
Console locationAdministration > ADMINISTRATOR ALERTS > Administrator Alerts
Console settings

Add or Duplicate or click on an Administrator alert to edit

Administrator Alerts

Back to top

Bandwidth Control

Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.

 
Disabling Bandwidth Control prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to control users’ network traffic based on your organization's actual Internet bandwidth settings.
Data collected
  • IP addresses
  • Users
Console locationGateways > Edit On-Premises Gateway
Console settings

Bandwidth Control

Bandwidth Control

Back to top

Approved/Blocked URLs

Approved URLs are websites that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. Blocked URLs are websites that you do not want users to visit.

 
Disabling Approved/Blocked URLs prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to always allow or block some websites.
Data collectedURLs
Console locationPolicies > Approved/Blocked URLs
Console settings
  • Match mode: Web > Website Match [URL] or Import/Export URLs
  • Add to Approved or Add to Blocked

Approved_Blocked URLs

Back to top

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1119974
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.