The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.
- Cloud Syslog Forwarding
- Okta Authentication
- Azure AD Authentication
- Virtual Gateway
- On-premises Gateway
- Virtual Analyzer
- Web Reputation
- Predictive Machine Learning
- HTTPS Inspection
- Customized URL Categories
- IP Address Groups
- Log Analysis
- Log Favorites
- Reports
- PAC Files
- Enforcement Agent
- Directory Services
- Hosted Users
- Administrator Alerts
- Bandwidth Control
- Approved/Blocked URLs
- Digital Certificates
- Sync Agent
- Cloud Service Filters
- Target Domain Groups
To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.
Cloud Syslog Forwarding
Removing “Server address” and Disabling Cloud Syslog Forwarding prevents the mentioned data from being sent to Trend Micro.
Data collected | IP address |
---|---|
Console location | Logs & Reports > Cloud Syslog Forwarding > Enable |
Console settings |
Server address |
Okta Authentication
Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.
Data collected |
|
---|---|
Console location | Administration > Directory Services > Click here > “Okta” Authentication Method |
Console settings |
|
Azure AD Authentication
Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.
Data collected |
|
---|---|
Console location | Administration > Directory Services > Click here > “Azure AD” Authentication Method |
Console settings |
|
Virtual Gateway
Trend Micro Web Security virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.
Data collected | IP addresses |
---|---|
Console location | Gateways > Add/Edit Virtual Gateway > Basic Information |
Console settings |
Static IP address |
On-premises Gateway
Trend Micro Web Security on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.
Virtual Analyzer
Virtual Analyzer is a cloud sandbox designed for analyzing suspicious objects. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.
Data collected |
|
---|---|
Console location | Policies > Threat Protection > Add/Edit > Advanced Threat Scanning |
Console settings |
Cloud Virtual Analyzer |
Web Reputation
Trend Micro Web Security leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.
Data collected | URLs |
---|---|
Console location | Policies > Threat Protection > Add/Edit > Web Reputation |
Console settings |
Enable: On |
Predictive Machine Learning
Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.
Data collected |
|
---|---|
Console location | Policies > Threat Protection > Add/Edit > Advanced Threat Scanning |
Console settings |
Predictive Machine Learning: On |
HTTPS Inspection
Trend Micro Web Security allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro to establish a trusted relationship between the Trend Micro Web Security CA certificate and your organization's own CA certificate.
HTTPS Inspection (CA certificate) | |
---|---|
Data collected | Digital certificates |
Console location |
Policies > Global Settings
Policies > Decryption Rules > Add/Edit > Certificate |
Console settings |
Trend Micro Web Security manages CA certificates to determine that a web server's signature is trusted.
HTTPS Inspection (Certificate Management) | |
---|---|
Data collected | Digital certificates |
Console location |
Policies > Global Settings > HTTPS Inspection
Policies > Digital Certificates > CA Certificates
Policies > Digital Certificates > Exceptions
|
Console settings |
Trend Micro Web Security allows administrators to maintain a list of trusted domains, whose HTTPS traffic will not be subject to Trend Micro Web Security policy rules, and always be accessible by end users without being decrypted and inspected by Trend Micro Web Security.
HTTPS Inspection (HTTPS tunneling) | |
---|---|
Data collected | Domains |
Console location |
Policies > Global Settings > HTTPS Inspection
Policies > HTTPS Tunnels > Tunneled Domains Policies > HTTPS Tunnels > Failed HTTPS Accesses |
Console settings |
Customized URL Categories
Trend Micro Web Security allows administrators to add customized URL categories to subject URLs that are not part of the Trend Micro predefined categories to cloud access rules and HTTPS decryption rules.
Data collected |
|
---|---|
Console location | Policies > Objects > Customized URL Categories |
Console settings |
Add, Duplicate or Import/Export URL Categories or select a URL category to edit |
IP Address Groups
Trend Micro Web Security allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.
Data collected | IP addresses |
---|---|
Console location | Policies > Objects > Customized URL Categories |
Console settings |
Add, Duplicate or Import/Export IP Groups or select an IP address group to edit |
Log Analysis
Logs cannot be disabled unless you choose to NOT use Trend Micro Web Security.
Trend Micro Web Security saves logs for 90 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from Trend Micro Web Security.
Data collected |
|
---|---|
Console location | Logs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer |
Console settings |
Log Analysis
|
Log Favorites
Data collected |
|
---|---|
Console location | Logs & Reports > Log Favorites |
Console settings |
Reports
Data collected |
|
---|---|
Console location | Logs & Reports > Reports |
Console settings |
Add, Duplicate or select a report to edit. |
PAC Files
PAC files are used to forward web traffic from your organization's desktops to Trend Micro Web Security.
Data collected |
|
---|---|
Console location | Administration > SERVICE DEPLOYMENT > PAC Files |
Console settings |
Add, Duplicate or select a PAC file to edit. |
Enforcement Agent
Uninstall the Enforcement Agent
Data collected |
|
---|---|
Console location | Administration > Service Deployment > Enforcement Agent > Click “Agent platform for Windows” > Click the “Windows Download” Button |
Console settings |
Directory Services
Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.
Directory Services | |
---|---|
Data collected |
|
Console location | Administration > Users & Authentications > Click “here” > Direct |
Console settings |
AD Integration |
Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.
Directory Services (SAML Authentication) | |
---|---|
Data collected |
|
Console location | Administration > Users & Authentications > Directory Services > Click “here” > SAML |
Console settings |
AD Integration |
Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.
Directory Services (Agent Authentication) | |
---|---|
Data collected | IP addresses |
Console location | Administration > Users & Authentications > Directory Services > Click “here” > Agent |
Console settings |
AD Integration |
Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.
Directory Services (Synchronization Agent) | |
---|---|
Data collected |
AD user information, including:
|
Console location | Administration > Users & Authentications > Directory Services > Click “here” > SAML/Agent |
Console settings |
Download the Synchronization Agent |
Hosted Users
Trend Micro Web Security supports hosted user accounts to allow them to forward web traffic through Trend Micro Web Security.
Data collected |
|
---|---|
Console location | Administration > Users & Authentications > Hosted Users |
Console settings |
Add or Import/Export User Accounts or select a hosted user to edit |
Administrator Alerts
Trend Micro Web Security uses Administrator Alerts to notify administrators of particular events as they occur.
Data collected | Email addresses |
---|---|
Console location | Administration > ADMINISTRATOR ALERTS > Administrator Alerts |
Console settings |
Add or Duplicate or click on an Administrator alert to edit |
Bandwidth Control
Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.
Data collected |
|
---|---|
Console location | Gateways > Edit On-Premises Gateway |
Console settings |
Bandwidth Control |
Approved/Blocked URLs
Approved URLs are websites that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. Blocked URLs are websites that you do not want users to visit.
Data collected | URLs |
---|---|
Console location | Policies > Approved/Blocked URLs |
Console settings |
|
Digital Certificates
Without cross sign CA, customer need import the CA into their clients.
Data collected | Cross-Sign Certificate |
---|---|
Console location | Policies > Decryption Rules > Add/Edit > Certificate |
Console settings |
Choose file and upload CA |
Without certificate management, Customer will experience untrusted warning on the browsers.
Data collected | Web Service Certificates |
---|---|
Console location | Policies > Global Settings > HTTPS Inspections > Advanced Settings |
Console settings |
|
Data collected | Trusted CA |
---|---|
Console location |
Policies > Digital Certificates > CA Certificates
Policies > Digital Certificates > Exceptions
|
Console settings |
Sync Agent
Data collected |
AD user information, including:
|
---|---|
Console location | Administration > Users & Authentications > Directory Service > Click “here” > AD FS/Agent |
Console settings | Download Sync Agent and install on your AD. |
Cloud Service Filters
Removing the filter prevents the mentioned data from being sent to Trend Micro.
Data collected | Domains |
---|---|
Console location | Policies > Cloud Service Filters > Add/Edit a filter |
Console settings |
URLs > Host |
Target Domain Groups
Removing the domain group prevents the mentioned data from being sent to Trend Micro.
Data collected | Domains |
---|---|
Console location | Policies > Target Domain Groups > Add/Edit a domain group |
Console settings |
Domain Name |