Behavior Monitoring constantly monitors endpoints for unusual modifications to the operating system or on installed software. Behavior Monitoring protects endpoints through Malware Behavior Blocking and Event Monitoring. Complementing these two features are a user-configured exception list and the Certified Safe Software Service.
- Behavior Monitoring does not support Windows XP 64-bit or Windows Server 2003 64-bit platforms.
- By default, Behavior Monitoring is disabled on all versions of Windows Server platforms.
OfficeScan applies global agent settings to all agents or only to agents with certain privileges.
To configure Behavior Monitoring Settings:
- Go to Agents > Global Agent Settings.
- Click the Security Settings tab.
- Go to the Behavior Monitoring Settings section.
- Configure the "Automatically take action if the user does not respond within __ second(s)" setting as required.
This setting only works if Event Monitoring is enabled and the action for a monitored system event is "Ask when necessary". This action prompts a user to allow or deny programs associated with the event. If the user does not respond within a certain time period, OfficeScan automatically allows the program to run.
For details, see Event Monitoring.
- Click the System tab.
- Go to the Certified Safe Software Service Settings section and enable the Certified Safe Software Service as required.
The Certified Safe Software Service queries Trend Micro datacenters to verify the safety of a program detected by Malware Behavior Blocking, Event Monitoring, Firewall, or antivirus scans. Enable Certified Safe Software Service to reduce the likelihood of false positive detections.
Ensure that OfficeScan agents have the correct proxy settings (for details, see OfficeScan Agent Proxy Settings) before enabling Certified Safe Software Service. Incorrect proxy settings, along with an intermittent Internet connection, can result in delays or failure to receive a response from Trend Micro datacenters, causing monitored programs to appear unresponsive.
In addition, pure IPv6 OfficeScan agents cannot query directly from Trend Micro datacenters. A dual-stack proxy server that can convert IP addresses, such as DeleGate, is required to allow the OfficeScan agents to connect to the Trend Micro datacenters.
- Click Save.