Unauthorized File Encryption is a Behavior Monitoring feature that blocks unwanted file encryption or modification which can indicate a potential ransomware behavior.

Below is a sample detection:

Click image to enlarge.

To enable the feature:

1. Login to OfficeScan server web console.
2. Go to Agents > Agent Management.
3. In the Agent Tree, select OfficeScan Server/Domain/Computer.
4. Go to Settings > Behavior Monitoring Settings.
5. Select "Protect documents against unauthorized encryption or modification". Then under this option select "Automatically back up files changed by suspicious programs".

   

Malware Behavior Blocking is a security feature in OSCE that does the following:

• For known threats, it blocks behavior associated with known malware threats
• For known and potential threats, it blocks behavior associated with known threats and takes action on potentially malicious behavior

Below is a sample detection:

Click image to enlarge.

To enable the feature:

1. Login to OfficeScan server web console.
2. Go to Agents > Agent Management.
3. In the Agent Tree, select OfficeScan Server/Domain/Computer.
4. Go to Settings > Behavior Monitoring Settings.
5. Select "Enable Malware Behavior Blocking".

   

Compromised Executable File is a behavior monitoring detection leveraging ATSE (Advance Threat Scan Engine) heuristics for programs that exhibits abnormal behavior associated with exploit attacks.

Below is a sample detection:

Click image to enlarge.

To enable the feature:

1. Login to OfficeScan server web console.
2. Go to Agents > Agent Management.
3. In the Agent Tree, select OfficeScan Server/Domain/Computer.
4. Go to Settings > Behavior Monitoring Settings.
5. Select "Enable program inspection to detect and block compromised executable files".

   

Newly Encountered Program recognition is a feature designed to help prevent 0-day attacks. TrendMicro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

Below is a sample detection:

Click image to enlarge.

To enable the feature:

1. Login to OfficeScan server web console.
2. Go to Agents > Agent Management > Settings > Additional Services Settings.
3. In the Agent Tree, select OfficeScan Server/Domain/Computer.

   

This feature requires the following to be enabled:

• Unauthorized Change Prevention Service

  To enable the feature:

  1. Navigate to Agents > Agent Management.
  2. In the Agent Tree, select OfficeScan Server/Domain/Computer.
  3. Go to Settings > Behavior Monitoring Settings.
  4. Put a check on "Monitor newly encountered programs downloaded through web or email application channels" and click Apply to All Agents.

     

• Web Reputation

  To enable the feature:

  1. In the management console, go to Agents > Agent Management > Settings > Web Reputation Settings.
  2. Select "Enable Web reputation policy on the following operating systems".

     

• OfficeScan Real-time Scan

  To enable the feature:

  1. In the management console, go to Agents > Agent Management > Settings > Scan Settings > Real-time Scan Settings.
  2. Select "Enable virus/malware scan".