Learn about the different Behavior Monitoring detection component features.
Unauthorized File Encryption is a Behavior Monitoring feature that blocks unwanted file encryption or modification which can indicate a potential ransomware behavior.
Below is a sample detection:
Click image to enlarge.
To enable the feature:
- Login to OfficeScan server web console.
- Go to Agents > Agent Management.
- In the Agent Tree, select OfficeScan Server/Domain/Computer.
- Go to Settings > Behavior Monitoring Settings.
- Select "Protect documents against unauthorized encryption or modification". Then under this option select "Automatically back up files changed by suspicious programs".
Malware Behavior Blocking is a security feature in OSCE that does the following:
- For known threats, it blocks behavior associated with known malware threats
- For known and potential threats, it blocks behavior associated with known threats and takes action on potentially malicious behavior
Below is a sample detection:
Click image to enlarge.
To enable the feature:
Compromised Executable File is a behavior monitoring detection leveraging ATSE (Advance Threat Scan Engine) heuristics for programs that exhibits abnormal behavior associated with exploit attacks.
Below is a sample detection:
Click image to enlarge.
To enable the feature:
Newly Encountered Program recognition is a feature designed to help prevent 0-day attacks. TrendMicro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.
Below is a sample detection:
Click image to enlarge.
To enable the feature:
- Login to OfficeScan server web console.
- Go to Agents > Agent Management > Settings > Additional Services Settings.
- In the Agent Tree, select OfficeScan Server/Domain/Computer.
This feature requires the following to be enabled:
- Unauthorized Change Prevention Service
To enable the feature:
- Web Reputation
To enable the feature:
- OfficeScan Real-time Scan
To enable the feature: