Views:

Note: Not All platforms with Deep Security Agent is supported by the XBC agent

  1. Before the Solution Center is ready for Deep Security support team, Endpoint Basecamp package should be provided by Trend Micro Support Team
    1. Request Trend Micro Support Team to create a new company in XBC backend for this customer, please provide either the following information:
    2. Trend Micro Support Team provides Endpoint Basecamp packages (with the specific token), the package only can be used in this customer
      1. Windows (X86/X64) : EndpointBasecamp.exe

        Platform Support:

        • Windows 7 SP1 and later version
      2. Linux : tmxbc_linux64.tgz

        Platform Support:

        • Amazon Linux
        • Amazon Linux2
        • CentOS 6
        • CentOS 7
        • Red Hat Enterprise Linux 6
        • Red Hat Enterprise Linux 7
  2. Install Endpoint Basecamp into the target endpoints
    1. Windows: (Online help:https://docs.trendmicro.com/en-us/enterprise/trend-micro-xdr-online-help/apps/endpoint-inventory_001/getting-started-with.aspx)
      1. For Windows endpoints that not require proxy to connect to external networks
        1. Run EndpointBasecamp.exe with administrator permission
      2. For Windows endpoints that require a proxy server to connect to external networks, open a command line editor as an administrator and execute the following command:

        1. EndpointBasecamp.exe /proxy_server_port <proxy_server_ip_or_fqdn:port>

          For example:

          EndpointBasecamp.exe /proxy_server_port 10.1.1.1:80

    2. Linux : (Online help : https://docs.trendmicro.com/en-us/enterprise/trend-micro-xdr-help/LinuxDeployment)

      1. To install the Endpoint Basecamp program without a proxy, execute the following command:

        $ ./tmxbc install

      2. To install the Endpoint Basecamp program with a proxy, execute the following command:

        $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

        For example:

        $ ./tmxbc install --proxyURL http://10.1.1.1:80

Here are the steps to get the Deep Security Manager GUID (Optional if you have provided the CLP Company ID)

Login to the DSM Server and open the cmd for Windows or Terminal for Linux and run the following command

  • Windows:

    C:\> "\Program Files\Trend Micro\Deep Security Manager\dsm_c" -action viewsetting -name settings.configuration.dsmGUID

  • Linux:

    # /opt/dsm/dsm_c -action viewsetting -name settings.configuration.dsmGUID

  1. Deep Security support team will help to create SCP tool for case troubleshooting depending on the issue reported, the tool might perform the following actions
    1.  Debug information collection (refer to “Collected Information” section”
    2. Agent recovery
    3. Other troubleshooting actions
  2. Register the SCP actions to the specific endpoint (Executed by Deep Security support team by XBC API script)
    1. Only when a support ticket being created and deployment plan being acknowledged by customers, Deep Security support team will deploy SCP to agent side. Without SCP, Endpoint Basecamp will only send agent GUID to Trend Micro backend for task check on 10 minutes basis.
  3. Once Support Connector Package (SCP) is executed, it will be removed from the endpoint and will feedback the result to Trend Micro backend server and Technical Support team will proceed to solve the issue.

Depending on the troubleshooting scope, the Support Connector Tool collects one or more of the following information, but not limited to:

  • GUID
  • User account
  • Host name
  • Domain name
  • IP address
  • MAC address
  • File name/path/owner
  • Process name/path/owner
  • URL
  • Registry hive
 
Some of the collected information may contain Personally Identifiable Information (PII).
 

To disable the XBC Agent, please reach out to Technical Support.
 

  1. Would Endpoint Basecamp and SCP collect any Personally Identifiable Information (PII) without notice?
    • Endpoint Basecamp will NOT collect PII without user notice. It will only send GUID for task checking on 10 minutes basis.
    • ONLY when a support ticket has been created and customer acknowledged the deployment plan, a SCP could be deployed to agent side for debug information collection.
  2. How Endpoint Basecamp connection being secured?
    • Endpoint Basecamp connection to backend is secured by HTTPS, thus TCPport shall be allowed on agent side.
  3. How Endpoint Basecamp agent being secured?
    • Endpoint Basecamp checks all SCP files, only the files are provided from Trend Micro and only for Support Connector Packages can be executed on the endpoints 
    • Only authenticated Endpoint Basecamp agent can be communicated with Endpoint Basecamp backend
Keywords: SCP, XBC, Troubleshooting