Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling Suspicious Connection Service in Apex One Central and Apex One On-Premise

    • Updated:
    • 9 May 2019
    • Product/Version:
    • Apex Central All.All
    • Apex One All.All
    • Platform:
    • N/A N/A
Summary

OfficeScan agents can log and block all connections made between endpoints and addresses in the Global C&C IP list. You can also log, but still allow access to IP addresses configured in the User-defined Blocked IP List.

OfficeScan agents can also monitor connections that may be the result of a botnet or other malware threat. After detecting a malware threat, OfficeScan agents can attempt to clean the infection.

Details
Public

To enable Suspicious Connection Service:

  1. Go to the OfficeScan Management console > Policies tab > Policy Management.

    Suspicious Connection Settings

  2. Click Create.

    Suspicious Connection Settings

  3. Create Policy name.
  4. Select “Specify Target(s)” and click Select.

    Suspicious Connection Settings

  5. Assign a target to policy.

    Specifying Target can be done multiple ways:

    • Match Keywords (Hostname/Apex Central display name/Apex Once domain heirarchy)

      Suspicious Connection Settings

    • IP Address
    • Operating System
    • Browse the Product Directory

      Suspicious Connection Settings

  6. Once a target is selected, click Add selected Targets > Ok.

    Suspicious Connection Settings

    The page will be redirected back to Policy management.

  7. Scroll down and look for Suspicious Connection Settings, then click the drop-down.
  8. Enable the following:
    • Detect network connections made to addresses in the Global C&C IP list
    • Detect connections using malware network fingerprinting:
      • Indicate the action as either BLOCK or LOG

        Suspicious Connection Settings

  9. Click Deploy.

    Suspicious Connection Settings

  1. Go to the Apex One Management console > Agents tab > Agent Management.

    Suspicious Connection Settings

  2. Select the Group to configure.
  3. Click Settings > Suspicious Connection Settings.

    Suspicious Connection Settings

  4. Enable the following:
    • Detect network connections made to addresses in the Global C&C IP list
    • Detect connections using malware network fingerprinting:
      • Indicate the action as either BLOCK or LOG

        Suspicious Connection Settings

  5. Click Apply To all Agents/Apply to Future Domains Only.
Premium
Test Now
Internal
Rating:
Category:
Configure
Solution Id:
1122611
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.