Trend Micro - Securing Your Journey to the Cloud Business
Success
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Web Security Data Collection Notice

    • Updated:
    • 16 Dec 2020
    • Product/Version:
    • Trend Micro Web Security All
    • Platform:
    • N/A
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

Details
Public

Cloud Syslog Forwarding

Removing “Server address” and Disabling Cloud Syslog Forwarding prevents the mentioned data from being sent to Trend Micro.

Data collectedIP address
Console locationLogs & Reports > Cloud Syslog Forwarding > Enable
Console settings

Server address

Cloud Syslog Forwarding

Back to top

Okta Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected
  • URL
  • Digital certificate
Console locationAdministration > Directory Services > Click here > “Okta” Authentication Method
Console settings
  • Server URL
  • Public SSL certificate

Okta Authentication

Back to top

Azure AD Authentication

Clearing the content in the text box, uploading a fake certificate, or choosing another authentication method prevents the mentioned data from being sent to Trend Micro.

Data collected
  • URL
  • Digital certificate
Console locationAdministration > Directory Services > Click here > “Azure AD” Authentication Method
Console settings

 

  • Server URL
  • Public SSL certificate

Azure AD Authentication

Back to top

Virtual Gateway

Trend Micro Web Security virtual gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling virtual gateways prevents the mentioned data from being sent to Trend Micro, but users need to enter their user name and password for authentication before they can access Internet services.
 
Data collectedIP addresses
Console locationGateways > Add/Edit Virtual Gateway > Basic Information
Console settings

Static IP address

Static IP address

Back to top

On-premises Gateway

Trend Micro Web Security on-premises gateways inspect and filter users’ network traffic requests based on configured policies to secure your organization’s environment against network threats.

 
Disabling on-premises gateways prevents the mentioned data from being sent to Trend Micro, but user traffic need to be transmitted to the Trend Micro Web Security cloud.
 
Data collectedIP addresses
Console location

Gateways

IP Address

Console settings

Back to top

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious objects. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.

 
Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect advanced malware.
 
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Cloud Virtual Analyzer

Cloud Virtual Analyzer

 

The detected suspicious objects are shown on:

Policies > CLOUD VIRTUAL ANALYZER > Suspicious Objects

Suspicious Objects

 

Back to top

Web Reputation

Trend Micro Web Security leverages Trend Micro Web Reputation Services to scan URLs that users access to detect malicious URLs based on their reputation scores.

 
Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect malicious URLs.
 
Data collectedURLs
Console locationPolicies > Threat Protection > Add/Edit > Web Reputation
Console settings

Enable: On

Enable Web Reputation

Back to top

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features.

 
Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Web Security to detect new, previously unidentified, or unknown threats.
 
Data collected
  • IP addresses
  • URLs
  • Hostnames
  • File names/paths
Console locationPolicies > Threat Protection > Add/Edit > Advanced Threat Scanning
Console settings

Predictive Machine Learning: On

Enable Predictive Machine Learning

Back to top

HTTPS Inspection

Trend Micro Web Security allows administrators to cross-sign your organization's own CA certificate with the Certificate Signing Request (CSR) file provided by Trend Micro to establish a trusted relationship between the Trend Micro Web Security CA certificate and your organization's own CA certificate.

 
Disabling cross-signed CA certificate prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
 
HTTPS Inspection (CA certificate)
Data collectedDigital certificates
Console location

Policies > Global Settings

  • Enable HTTPS Inspection

Policies > Decryption Rules > Add/Edit > Certificate

  • Cross-signed certificate: [Choose file...]

    Select a CA to upload

Console settings

Trend Micro Web Security manages CA certificates to determine that a web server's signature is trusted.

 
Disabling certificate management prevents the mentioned data from being sent to Trend Micro, but the client browsers will display a certificate warning each time users access an HTTPS website.
 
HTTPS Inspection (Certificate Management)
Data collectedDigital certificates
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable certificate management

Policies > Digital Certificates > CA Certificates

  • Trusted CA Certificates or Untrusted CA Certificates > Add

Policies > Digital Certificates > Exceptions

  • Add

Digital Certificates

Console settings

Trend Micro Web Security allows administrators to maintain a list of trusted domains, whose HTTPS traffic will not be subject to Trend Micro Web Security policy rules, and always be accessible by end users without being decrypted and inspected by Trend Micro Web Security.

 
Disabling HTTPS tunneling prevents the mentioned data from being sent to Trend Micro, but failure pages will always display if HTTPS decryption fails.
 
HTTPS Inspection (HTTPS tunneling)
Data collectedDomains
Console location

Policies > Global Settings > HTTPS Inspection

  • Enable HTTPS Inspection
  • Enable HTTPS tunneling

Policies > HTTPS Tunnels > Tunneled Domains

  • Add to Tunneled Domains List or Add to Exceptions List

    Tunneled Domains

Policies > HTTPS Tunnels > Failed HTTPS Accesses

  • Enable auto tunneling for fatal failures: On

  • Add to Tunneled Domains List or Add to Exceptions List

    Failed HTTPS Accesses

Console settings

Back to top

Customized URL Categories

Trend Micro Web Security allows administrators to add customized URL categories to subject URLs that are not part of the Trend Micro predefined categories to cloud access rules and HTTPS decryption rules.

 
Disabling Customized URL Categories prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies to URLs that are not part of the Trend Micro predefined categories.
 
Data collected
  • IP addresses
  • URLs
  • Domains
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export URL Categories or select a URL category to edit

Customized URL Categories

Back to top

IP Address Groups

Trend Micro Web Security allows administrators to add IP address groups that contain a single or a range of IP addresses to apply to cloud access rules, gateway settings, and reports.

 
Disabling IP Address Groups prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not apply configured policies or settings based on IP addresses.
 
Data collectedIP addresses
Console locationPolicies > Objects > Customized URL Categories
Console settings

Add, Duplicate or Import/Export IP Groups or select an IP address group to edit

IP Address Groups

Back to top

Log Analysis

 

Logs cannot be disabled unless you choose to NOT use Trend Micro Web Security.

Trend Micro Web Security saves logs for 90 days. After data is cleared, administrators cannot retrieve history data of user events and policy violations from Trend Micro Web Security.

 
Data collected
  • Time
  • User names
  • Departments
  • Domains
  • URLs
  • IP addresses
Console locationLogs & Reports > Log Analysis > Policy Enforcement/Internet Access/Virtual Analyzer
Console settings

Log Analysis

  • Policy Enforcement
  • Internet Access
  • Virtual Analyzer

Log Analysis

Back to top

Log Favorites

 
Disabling Log Favorites prevents the mentioned data from being sent to Trend Micro, but administrators have to set query conditions every time they need to search for logs under the same conditions.
 
Data collected
  • User names
  • Departments
  • Gateways
  • Domains
  • URLs
Console locationLogs & Reports > Log Favorites
Console settings

Log Favorites

Back to top

Reports

 
Disabling Reports prevents the mentioned data from being sent to Trend Micro, but administrators cannot get reports to analyze threats and security-related events from an overall perspective.
 
Data collected
  • IP addresses
  • User names
Console locationLogs & Reports > Reports
Console settings

Add, Duplicate or select a report to edit.

Reports

Back to top

PAC Files

PAC files are used to forward web traffic from your organization's desktops to Trend Micro Web Security.

 
Disabling PAC Files prevents the mentioned data from being sent to Trend Micro, but some websites may fail to open.
 
Data collected
  • IP addresses
  • Domains
Console locationAdministration > SERVICE DEPLOYMENT > PAC Files
Console settings

Add, Duplicate or select a PAC file to edit.

PAC Files

Back to top

Enforcement Agent

Uninstall the Enforcement Agent

Data collected
  • Client IP address
  • Application name
  • User name
  • User id
Console locationAdministration > Service Deployment > Enforcement Agent > Click “Agent platform for Windows” > Click the “Windows Download” Button
Console settings

Enforcement Agent

Back to top

Directory Services

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Directory Services prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not authenticate and apply policies to AD users of your organization.
 
Directory Services
Data collected
  • AD hosts
  • Domains
  • AD users
  • AD BaseDNs

  • AD passwords

     
    In direct AD mode, TMWS requires the admin to input an AD username/password on TMWS console. This AD username/password will be used to synchronize the AD information (excluding passwords) into TMWS.
     
Console locationAdministration > Users & Authentications > Click “here” > Direct
Console settings

AD Integration

Direct

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling SAML Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support ADFS authentication to authenticate AD users of your organization.
 
Directory Services (SAML Authentication)
Data collected
  • ADFS URLs
  • Digital Certificates
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML
Console settings

AD Integration

SAML

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Agent Authentication prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not support Agent authentication to authenticate AD users of your organization.
 
Directory Services (Agent Authentication)
Data collectedIP addresses
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > Agent
Console settings

AD Integration

Agent

Trend Micro Web Security integrates one or multiple Active Directory domains of your organization to authenticate Active Directory users who forward web traffic to Trend Micro Web Security.

 
Disabling Synchronization Agent prevents the mentioned data from being sent to Trend Micro, but Trend Micro Web Security will not synchronize AD users from your organization to authenticate them using SAML or Agent authentication method.
 
Directory Services (Synchronization Agent)
Data collected

AD user information, including:

  • User information: department, mail, userPrincipalName, sMAAccountName, memberOf, displayName, distinguishedName
  • Group information: groupName
Console locationAdministration > Users & Authentications > Directory Services > Click “here” > SAML/Agent
Console settings

Download the Synchronization Agent

SAML_Agent

Back to top

Hosted Users

Trend Micro Web Security supports hosted user accounts to allow them to forward web traffic through Trend Micro Web Security.

 
Disabling Hosted Users prevents the mentioned data from being sent to Trend Micro, but hosted users will not be able to forward their network traffic to Trend Micro Web Security for policy enforcement.
 
Data collected
  • Email addresses
  • Passwords
  • groups
  • departments
Console locationAdministration > Users & Authentications > Hosted Users
Console settings

Add or Import/Export User Accounts or select a hosted user to edit

Hosted Users

Back to top

Administrator Alerts

Trend Micro Web Security uses Administrator Alerts to notify administrators of particular events as they occur.

 
Disabling Administrator Alerts prevents the mentioned data from being sent to Trend Micro, but administrators will not receive events of interest to monitor users’ abnormal network activities.
 
Data collectedEmail addresses
Console locationAdministration > ADMINISTRATOR ALERTS > Administrator Alerts
Console settings

Add or Duplicate or click on an Administrator alert to edit

Administrator Alerts

Back to top

Bandwidth Control

Bandwidth control gives all users fair access to resources and ensures better access to resources that are more central to the organization.

 
Disabling Bandwidth Control prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to control users’ network traffic based on your organization's actual Internet bandwidth settings.
 
Data collected
  • IP addresses
  • Users
Console locationGateways > Edit On-Premises Gateway
Console settings

Bandwidth Control

Bandwidth Control

Back to top

Approved/Blocked URLs

Approved URLs are websites that you consider trustworthy. As such, they are not subject to any policy and users are always allowed to visit them. Blocked URLs are websites that you do not want users to visit.

 
Disabling Approved/Blocked URLs prevents the mentioned data from being sent to Trend Micro, but administrators will not be able to always allow or block some websites.
 
Data collectedURLs
Console locationPolicies > Approved/Blocked URLs
Console settings
  • Match mode: Web > Website Match [URL] or Import/Export URLs
  • Add to Approved or Add to Blocked

Approved_Blocked URLs

Back to top

Digital Certificates

Without cross sign CA, customer need import the CA into their clients.

Data collectedCross-Sign Certificate
Console locationPolicies > Decryption Rules > Add/Edit > Certificate
Console settings

Choose file and upload CA

upload CA

Without certificate management, Customer will experience untrusted warning on the browsers.

Data collectedWeb Service Certificates
Console locationPolicies > Global Settings > HTTPS Inspections > Advanced Settings
Console settings
  • Enable HTTPS Inspections
  • Enable certificate management

Enable certificate management

Data collectedTrusted CA
Console location

Policies > Digital Certificates > CA Certificates

  • Add Untrusted CA Certificates
  • Add Trusted CA Certificates

Policies > Digital Certificates > Exceptions

  • Add Exceptions
Console settings

Trusted CA

Back to top

Sync Agent

Data collected

AD user information, including:

  • User information:

    • department
    • mail
    • userPrincipalName
    • sMAAccountName
    • memberOf
    • displayName
    • distinguishedName

  • Group information:

    • groupName
Console locationAdministration > Users & Authentications > Directory Service > Click “here” > AD FS/Agent
Console settingsDownload Sync Agent and install on your AD.

Back to top

Cloud Service Filters

Removing the filter prevents the mentioned data from being sent to Trend Micro.

Data collectedDomains
Console locationPolicies > Cloud Service Filters > Add/Edit a filter
Console settings

URLs > Host

Host

Back to top

Target Domain Groups

Removing the domain group prevents the mentioned data from being sent to Trend Micro.

Data collectedDomains
Console locationPolicies > Target Domain Groups > Add/Edit a domain group
Console settings

Domain Name

Domain Name

Back to top

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1119974
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles