Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

OfficeScan as a Service Data Collection Notice

    • Updated:
    • 7 Aug 2018
    • Product/Version:
    • OfficeScan as a Service X.X
    • Platform:
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows Server 2012 32-Bit
    • Windows Server 2012 64-Bit
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Details
Public

OfficeScan as a Service featuring Control Manager Console

OfficeScan Agent or Trend Micro Security (for Mac) Agent Installation

After users install the OfficeScan as a Service agent, the agent program reports the endpoint status and information to the server automatically. Administrators can view the endpoint information from the Agent Management screen.

OfficeScan Agent or Trend Micro Security (for Mac) Agent Installation
Data collected
  • Computer name
  • Logon user name
  • Agent IP address
  • MAC address
  • Agent GUID
Console locationNot configurable using the web console
 
If you do not want to allow Trend Micro to collect this personal data, do not install the agent program.
Console settings

Active Directory Synchronization

Active Directory synchronization maps the User/Endpoint Directory according to your existing organizational structure.

Active Directory Synchronization
Data collected

Active Directory site information

  • AD site GUID (Guid)
  • AD site name (Name)
  • AD site location (Location)
  • AD site subnet name (subnet name)
  • AD site subnet range (subnet range)

Active Directory group information

  • AD group GUID (objectGUID)
  • AD group common name (cn)
  • AD group distinguished name (distinguishedName)
  • AD group member (member)
  • AD group SID (objectSid)

Organizational Unit information

  • OU GUID (objectguid)
  • OU name (name)
  • OU distinguished name (distinguishedname)
  • OU last logon time (lastLogonTimestamp)

User information

  • User account name (sAMAccountName)
  • User distinguished name (distinguishedName)
  • Manager (manager)
  • Direct reports (directReports)
  • User GUID (objectGUID)
  • Email addresses (mail, proxyAddresses)
  • Job title (title)
  • Department (department)
  • Telephone numbers (telephoneNumber, homePhone)
  • Office name (physicalDeliveryOfficeName)
  • Principal name (userPrincipalName)
  • Display name (displayName)
  • User SID (objectSID)
  • User account properties (userAccountControl)
Console locationAdministration > Settings > Active Directory and Compliance Settings
Console settings

Enable Active Directory Synchronization

Properties

User Accounts

User account information includes personal data.

User Accounts
Data collected

User account information

  • User name
  • Full name
  • Password
  • Email address
  • Telephone number
  • Mobile phone number
Console locationAdministration > Account Management > User Accounts
Console settings
  • Add
  • Edit

Properties

Contact Groups

Contact Groups for event notifications can include manually added email addresses for additional recipients.

Contact Groups
Data collected

Additional recipients

  • Email address
Console locationNotifications > Contact Groups
Console settings

Additional recipients

Properties

DLP Data Identifiers

Keyword lists contain special words or phrases that define digital assets belonging to your organization.

DLP Data Identifiers
Data collected

Keyword lists

  • Keywords
Console locationPolicies > Policy Resources > DLP Data Identifiers > Keyword Lists
Console settings
  • Add
  • Edit (Click the Name of a list to edit keywords)
  • Copy
  • Import

Properties

Back to top

OfficeScan Agent Policy Settings

Behavior Monitoring

Behavior Monitoring provides a necessary layer of additional threat protection from programs that exhibit malicious behavior.

Behavior Monitoring
Data collected
  • URL
  • File name
  • File path
  • File hash
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Behavior Monitoring Settings > Rules > Malware Behavior Blocking
Console settings

Properties

Behavior Monitoring: Approved/Blocked Program lists

The Behavior Monitoring exception list contains programs that the OfficeScan agent does not monitor using Behavior Monitoring. Behavior Monitoring automatically takes the specified action according to the list type.

Behavior Monitoring: Approved/Blocked Program lists
Data collected
  • File name
  • Full program path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Behavior Monitoring Settings > Exceptions
Console settings

Properties

Data Loss Prevention

Data Loss Prevention monitors endpoints and network traffic and can prevent the transmission of sensitive information.

Data Loss Prevention
Data collected
  • User name
  • Domain
  • Process name
  • Process
  • Source
  • Destination
  • Email sender
  • Email subject
  • Email recipients
  • URL
  • FTP user
  • Rule name
  • Forensic file hash
  • Forensic data
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Data Loss Prevention > [new or existing policy] > OfficeScan DLP > [new or existing rule] > Action
Console settings

Record data

Properties

Data Loss Prevention Exceptions

The Data Loss Prevention Exceptions list contains network locations that the OfficeScan agent does not monitor for sensitive information. Data Loss Prevention automatically takes the specified action according to the list type.

Data Loss Prevention Exceptions
Data collected
  • IP address
  • Computer name
  • FQDN
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Data Loss Prevention > [new or existing policy] > OfficeScan DLP > Exceptions
Console settings

Properties

Data Discovery

Data Discovery searches endpoints for the presence of sensitive information.

Data Discovery
Data collected
  • Computer domain
  • User name
  • User domain
  • File name
  • File path
  • File hash
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Data Loss Prevention > [new or existing policy] > OfficeScan Data Discovery
Console settings

Enable Data Discovery

Properties

Device Control: Allowed Programs

The Device Control Allowed Programs list contains program or publisher names that the OfficeScan agent does not block using Device Control. Programs in the specified path or by the specified publisher can execute or perform read/write operations on files in restricted storage devices.

Device Control: Allowed Programs
Data collected
  • Program path
  • File name
  • Digital signature provider
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > Device Control Settings > External Agents/Internal Agents > All users (default) > Allowed Programs
Console settings

Properties

Manual Scan: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Manual Scan.

Manual Scan: Scan Exclusion List (Directories)
Data collectedDirectory path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Manual Scan Setting > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Properties

Manual Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Manual Scan.

Manual Scan: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Manual Scan Setting > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Properties

Predictive Machine Learning

Predictive Machine Learning performs in-depth file analysis to detect emerging unknown security risks.

Predictive Machine Learning
Data collected
  • URL
  • File name
  • File path
  • File hash
  • Digital signature signer
  • Attachment file name
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Predictive Machine Learning Settings
Console settings

Properties

Predictive Machine Learning Exception List

The Predictive Machine Learning Exception List contains file hashes that the OfficeScan agent does not scan during Predictive Machine Learning scanning.

Predictive Machine Learning Exception List
Data collectedFile hash
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Predictive Machine Learning Setting > Exceptions > Add file hash
Console settings

Properties

Real-time Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Real-time Scan: Malware detection
Data collected
  • File name
  • File path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Real-time Scan Settings
Console settings

Enable virus/malware scan

Properties

Real-time Scan: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Real-time Scan.

Real-time Scan: Scan Exclusion List (Directories)
Data collectedDirectory path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Real-time Scan Settings > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Properties

Real-time Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Real-time Scan.

Real-time Scan: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Real-time Scan Settings > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Properties

Scan Now: Malware detection

Virus/Malware scanning checks files for known security risks.

Scan Now: Malware detection
Data collected
  • File name
  • File path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scan Now Settings
Console settings

Enable virus/malware scan

Properties

Scan Now: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during Scan Now.

Scan Now: Malware detection
Data collectedDirectory path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scan Now Settings > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Properties

Scan Now: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during Scan Now.

Scan Now: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scan Now Settings > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Enable virus/malware scan

Properties

Scheduled Scan: Malware detection

Virus/Malware scanning checks files for known security risks.

Scheduled Scan: Malware detection
Data collected
  • File name
  • File path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scheduled Scan Settings
Console settings

Enable virus/malware scan

Properties

Scheduled Scan: Scan Exclusion List (Directories)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Scheduled Scan.

Scheduled Scan: Malware detection
Data collectedDirectory path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scheduled Scan Settings > Scan Exclusion > Scan Exclusion List (Directories)
Console settings

Enable virus/malware scan

Properties

Scheduled Scan: Scan Exclusion List (Files)

The Scan Exclusion Lists contain directories/file names that the OfficeScan agent does not scan during a Scheduled Scan.

Scheduled Scan: Scan Exclusion List (Files)
Data collected
  • Directory path
  • File name
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Scheduled Scan Settings > Scan Exclusion > Scan Exclusion List (Files)
Console settings

Properties

Trusted Program List

Add programs to the Trusted Programs List to exclude processes from suspicious activity monitoring. The programs should have a valid digital signature.

Trusted Program List
Data collectedProgram full path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Trusted Program List
Console settings

Properties

Web Reputation Service

Web reputation technology tracks the credibility of web domains accessed by endpoints.

Web Reputation Service
Data collectedURL
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Web Reputation Settings > External/Internal Agents > Enable Web Reputation on the following operation systems
Console settings
  • Windows desktop platforms
  • Windows Server platforms

Properties

Web Reputation Service: Browser Exploit Prevention

Browser Exploit Prevention identifies web browser exploits and malicious scripts, and prevents the use of these threats from compromising the web browser.

Web Reputation Service: Browser Exploit Prevention
Data collected
  • Suspicious or malicious URLs
  • HTTP header/HTML files from Suspicious or malicious URLs
  • Browser information
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Web Reputation Settings > External/Internal Agents > Browser Exploit Prevention
Console settings

Properties

Web Reputation Service: Approved/Blocked URL List

The Approved/Blocked URL Lists contain URLs that the OfficeScan agent does not monitor using Web Reputation. Web Reputation automatically takes the specified action according to the list type.

Web Reputation Service: Approved/Blocked URL List
Data collectedURL
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > OfficeScan Agent > [new or existing policy] > Web Reputation Settings > External Agents/Internal Agents > Approved/Blocked URL List
Console settings

Properties

Back to top

Trend Micro Security (for Mac) Policy Settings

Web Reputation Service

Web reputation technology tracks the credibility of web domains accessed by endpoints.

 

Trend Micro Security (for Mac) agents send queries to the Trend Micro Global Smart Scan Server when one of the following conditions is met:

  • External agents
  • Agents that are unable to connect to the on-premises Smart Protection Server (standalone or integrated)
  • When the Send queries to Smart Protection Servers option is not selected
Web Reputation Service
Data collectedURL
Console locationOfficeScan as a Service featuring Control Manager
  • Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Web Reputation Settings > External Agents
  • Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Web Reputation Settings > Internal Agents
Console settings

Enable Web Reputation policy

Properties

Properties

Smart Feedback

Smart Feedback shares anonymous threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats.

Smart Feedback
Data collected
  • IP address
  • URL
  • File name
  • File path
  • Host name
  • Suspicious executable files
Console locationOfficeScan as a Service featuring Control Manager
Administration > Smart Feedback
Console settings

Enable Trend Micro Smart Feedback (recommended)

Properties

Real-time Scan (Malware detection, Suspicious objects)

A Real-time Scan scans files with a file action applied (created, executed, or modified). When enabled, Smart Scan checks the reputation of each file against an extensive in-the-cloud database.

Real-time Scan (Malware detection, Suspicious objects)
Data collected
  • Host name
  • Logon user name
  • IP address
  • MAC address
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Real-time Scan Settings
Console settings

Enable Real-time scan

Properties

Scheduled Scan (Malware detection, Suspicious objects)

A Scheduled Scan scans files with a file action applied (created, executed, or modified). When enabled, Smart Scan checks the reputation of each file against an extensive in-the-cloud database.

Scheduled Scan (Malware detection, Suspicious objects)
Data collected
  • Host name
  • Logon user name
  • IP address
  • MAC address
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Scheduled Scan Settings
Console settings

Enable Scheduled scan

Properties

Scheduled Scan Settings (Scan Target)

For Scheduled Scan, you can specify the files or file directories to scan.

Scheduled Scan Settings (Scan Target)
Data collected
  • File name
  • File path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Scheduled Scan Settings > Scan Target
Console settings

File or folder name with full path

Properties

Scan Exclusion Settings

For Scheduled Scan, specify the files or file directories to exclude from scanning.

Scan Exclusion Settings
Data collected
  • File name
  • File path
Console locationOfficeScan as a Service featuring Control Manager
Policies > Policy Management > Trend Micro Security (for Mac) > [new or existing policy] > Scan Exclusion Settings > Scan Exclusion List (Files)
Console settings

Properties

Back to top

OfficeScan Cloud Console

Smart Feedback

Smart Feedback shares anonymous threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats.

Smart Feedback
Data collected
  • URL
  • File name
  • File path
  • Suspicious executables file
Console locationSSO to OfficeScan server
Administration > Smart Protection > Smart Feedback > Enable Trend Micro Smart Feedback (recommended)
Console settings

Properties

Certified Safe Software Service

The Certified Safe Software Service queries Trend Micro data centers to verify the safety of a program detected by Malware Behavior Blocking, Event Monitoring, Firewall, or antivirus scans.

Certified Safe Software Service
Data collected
  • File hash
  • File name
  • Company
Console locationSSO to OfficeScan server
Agents > Global Agent Settings > System > Certified Safe Software Service Settings
Console settings

Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans

Properties

Configuring Global User-defined IP List Settings

Administrators can configure OfficeScan to allow, block, or log all connections between agents and user-defined C&C IP addresses.

Configuring Global User-defined IP List Settings
Data collectedIP address
Console locationSSO to OfficeScan
Agents > Global Agent Settings > Security Settings > Suspicious Connection Settings > Edit User-defined IP List
Console settings

Properties

Firewall policy exception

OfficeScan agents can perform specific actions on network traffic (block or allow) that meets the exception criteria for the traffic direction (inbound or outbound).

Firewall policy exception
Data collected
  • Program full path
  • Host name
  • Registry Key
  • IP address
Console locationSSO to OfficeScan
Agents > Firewall > Policies > Add/Edit Policy > Exception
Console settings

Add

Properties

Firewall: Profile

Firewall profiles provide flexibility by allowing you to choose the attributes that a single agent or group of agents must have before applying a policy.

Firewall: Profile
Data collected
  • IP address
  • Description
  • Domain
  • Logon user name
Console locationSSO to OfficeScan
Agents > Firewall > Profiles
Console settings

Add

Properties

OfficeScan User Accounts

Creating a user account is only required in specific network environments. If you have an on-premises Control Manager server that you want to manage Trend Micro Security for Mac as a Service and the OfficeScan Cloud Console, you must create a user account to facilitate the communication between Trend Micro Security for Mac as a Service and the OfficeScan Cloud Console through Control Manager.

Firewall: Profile
Data collected
  • User name
  • Description
  • Email address
Console locationSSO to OfficeScan
Administration > User Accounts
Console settings

Properties

Agent Proxy Settings

Agents use the proxy server settings configured in Windows Internet Options when connecting to the OfficeScan server and the Trend Micro Smart Protection Network.

Agent Proxy Settings
Data collectedProxy user name
Console locationSSO to OfficeScan
Administration > Settings > Proxy
Console settings

Properties

Control Manager Registration

You can register to a different on-premises Control Manager server if required (for example, you want to subscribe to Suspicious Object Lists from an on-premises Control Manager server).

Control Manager Registration
Data collected
  • FQDN
  • IP address
  • User Name
Console locationSSO to OfficeScan
Administration > Settings > Control Manager
Console settings

Register to a Different Control Manager Server

Properties

Endpoint Location

OfficeScan classifies OfficeScan agents that cannot connect to a configured reference server or gateway IP address as being in an external network. OfficeScan agents in an external network apply different policy settings.

Endpoint Location
Data collected
  • Gateway IP address
  • MAC Address
Console locationSSO to OfficeScan
Agents > Endpoint Location
Console settings

Register to a Different Control Manager Server

Properties

Outbreak Prevention: Deny Write Access to Files and Folders

Configure to prevent viruses/malware from modifying or deleting files and folders on OfficeScan agent endpoints.

Outbreak Prevention: Deny Write Access to Files and Folders
Data collected
  • File name
  • File path
Console locationSSO to OfficeScan
Agents > Outbreak Prevention > Deny Write Access to Files and Folders
Console settings

Properties

Update Source

OfficeScan agents can update from custom update sources.

Update Source
Data collected
  • URL
  • IP address
Console locationSSO to OfficeScan
Updates > Agents > Update Source > Customized Update Source List > Add
Console settings

Properties

Back to top

Trend Micro Security (for Mac) as a Service Console

Standard Notifications

Trend Micro Security (for Mac) sends notifications to the specified recipients when a security risk is detected.

Standard Notifications
Data collectedEmail address
Console locationTrend Micro Security (for Mac)
Notifications > Standard Notifications
Console settings

To

Properties

Outbreak Notifications

Trend Micro Security (for Mac) sends notifications to the specified recipients when a security outbreak occurs.

Outbreak Notifications
Data collectedEmail address
Console locationTrend Micro Security (for Mac)
Notifications > Outbreak Notifications
Console settings

To

Properties

Web Reputation Approved/Blocked URL List

Add URLs to the Approved List or the Blocked List for Web Reputation. Web Reputation automatically allows all approved URL and rejects all blocked URL.

Web Reputation Approved/Blocked URL List
Data collectedURL
Console locationTrend Micro Security (for Mac)
Agents > Global Agent Settings > Web Reputation Approved/Blocked URL List
Console settings

Enter URL

Properties

Control Manager Registration

Create a new user account on the OfficeScan server before registering the Trend Micro Security (for Mac) as a Service server to a Control Manager server hosted on your network.

Control Manager Registration
Data collected
  • OfficeScan server FQDN
  • OfficeScan server port number
  • OfficeScan server user name
  • OfficeScan server user description
  • OfficeScan server password
Console locationTrend Micro Security (for Mac)
Administration > Account Management
Console settings

Add

Properties

Back to top

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1120644
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.