The article answers frequently asked questions about the Integrated Vulnerability Protection feature in Apex One.
Apex One Vulnerability Protection uses a host-based intrusion prevention system (HIPS) to virtually patch known and unknown vulnerabilities before a patch is available or deployable. The Firewall feature has also been removed from the Policy as the Apex One agent already has built-in Firewall capabilities.
Additionally, the Intrusion Prevention rules available will focus on Endpoint Solution and it is part of a comprehensive multilayer protection of Apex One to protect Endpoints.
You can take advantage of Trend Micro™ Deep Security, which is a comprehensive server security platform designed to protect dynamic data centers comprising of physical, virtual, and cloud servers, as well as virtual desktops. It also consists of IPS rules designed to protect server platforms.
Trend Micro Vulnerability Protection 2.0 has over 4000+ IPS rules, which is why the major purpose of Recommendation Scan is to help user select the best rules to apply based on the result.
The Integrated Vulnerability Protection pattern in Apex One agent has over 200+ IPS rules, which is based on Trend Micro’s global backend analysis, that makes the best recommendation for the endpoint’s environment to apply. The number of rules has reduced, therefore using Recommendation Scan is no longer needed.
Performance Priority ensures protection against known vulnerability issues. It also has the essential IPS rules we recommend to apply with the consideration of balance with agent performance.
Security Priority protects against known vulnerability issues and provides enhanced protection against suspicious network activities.
Administrators can use Security Mode to maximize security being offered by Apex One Vulnerability Protection’s IDP rules.
It should not affect the protection of the endpoint as a whole because the other features of Apex One cover other features.
It covers known vulnerabilities that are not covered by other protection modules of Apex One.
The following were removed from the IPS rules:
- Document Scan Rules (covered by Apex One agent’s Anti-Malware Solution)
- Web Exploit Rules (covered by Apex One agent’s Browser Exploit Solution)
- Application Control Rules (covered by Apex One agent’s Application Control feature)
You can select Network Engine Settings, which is used by the Apex One agent’s network driver to further configure their Vulnerability Protection module:
|Network Engine Mode|| |
|ESTABLISHED Timeout||Configure how long to stay in the ESTABLISHED state before closing the connection.|
|LAST_ACK Timeout||Configures how long to stay in the LAST-ACK state before closing the connection.|
|Cold Start Timeout||Configures the amount of time to allow non-SYN packets that could belong to a connection that was established before the stateful mechanism was started.|
|UDP Timeout||Configures the maximum duration of a UDP connection.|
|Maximum TCP Connections||Configures the maximum simultaneous TCP Connections.|
|Maximum UDP Connections||Configures maximum simultaneous UDP Connections.|
|Ignore Status Code||This option lets you ignore certain types of Events. You can specify up to three Events to ignore.|
|Advanced Logging Policy|| |
Lets you select from the following settings:
The patterns are updated on a weekly basis. It also depends on the urgency of the vulnerability whether the pattern is released more often.
They can co-exist, but be sure to turn off the Apex One Vulnerability Protection Service. Additionally, when the Apex One Vulnerability Protection Policy is installed, it will uninstall the Trend Micro Vulnerability Protection 2.0 agent automatically when it exists.
Apex One Vulnerability Protection Service is triggered and a detection log will be generated and can be queried from Apex Central, but the end user won’t get a detection notification on the endpoint machine.