Trend Micro Cloud One
TM
Support
Open Console
English
日本語
Support
Open Console
Home
Workload Security
User manage
Table of contents
Workload Security coverage of Log4j vulnerability
About Workload Security
About the Workload Security components
About the Workload Security protection modules
Anti-Malware
Firewall
Web Reputation
Device Control
Activity Monitoring
Application Control
Intrusion Prevention
Integrity Monitoring
Log Inspection
About billing and pricing
Protection-hours in Workload Security
Protection-hours start and stop
Trial or subscription expired
Legacy Workload Security billing methods
Workload Security release strategy and life cycle policy
Compatibility
System requirements
Trend Cloud One console requirements
Agent requirements
Relay requirements
Agent requirements
Agent platform compatibility
Minor Linux version compatibility
Docker compatibility
Linux kernel compatibility
Disable optional Linux kernel support package updates
Linux file system compatibility
Linux systemd support
Linux Secure Boot support
Deep Security Agent 20 LTS
Deep Security Agent 12 FR
Deep Security Agent 12 LTS
Deep Security Agent 11 LTS
SELinux support
Supported features by platform
AIX
AlmaLinux
Amazon Linux
CentOS Linux
CloudLinux
Debian Linux
Miracle Linux
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux
Ubuntu Linux
Red Hat OpenShift
Solaris
macOS
Microsoft Windows
Sizing
Agent and relay sizing
Estimated Agent resource consumption
Port numbers, URLs, and IP addresses
Required Workload Security IP addresses and port numbers
Required Workload Security URLs
Get started
Try the Workload Security demo
Transitioning from Deep Security as a Service
Migrate from an on-premises Deep Security Manager
Trend Cloud One - Endpoint & Workload Security
Configure Endpoint Security
Check digital signatures on software packages
Check the signature on software ZIP packages
Check the signature on installer files (EXE, MSI, RPM, DEB files)
Check relay connectivity
Deploy the agent
Get agent software
View a list of available agent software
Export the agent installer
Solaris-version-to-agent-package mapping table
AIX agent package naming format
Configure Linux Secure Boot for agents
Download the Trend Micro public keys
Enroll a Secure Boot key for AWS
Enroll a Secure Boot key for Google Cloud Platform
Enroll a Secure Boot key for VMware vSphere platform
Enroll a Secure Boot key for physical computers
Enroll a Secure Boot key for Oracle Linux
Enroll a Secure Boot key for Azure
Configure Mobile Device Management for the macOS agent
Configure required permissions
Deploy agents from Mobile Device Management (MDM)
Install the agent
Manual installation
Install the agent using other methods
Post-installation tasks
Install the agent on Amazon EC2 and WorkSpaces
Add your AWS accounts to Workload Security
Configure the activation type
Open ports
Deploy agents to your Amazon EC2 instances and WorkSpaces
Verify that the agent was installed and activated{#Step2}
Assign a policy
Install the agent on an AMI or WorkSpace bundle
Add your AWS account to Workload Security
Configure the activation type
Launch a master Amazon EC2 instance or Amazon WorkSpace
Deploy an agent on the master
Verify that the agent was installed and activated properly
Set up policy auto-assignment
Create an AMI or custom WorkSpace bundle based on the master
Use the AMI
Install the agent on Azure VMs
Install the agent on Google Cloud Platform VMs
Activate the agent
Deactivate the agent
Start or stop the agent
Automate
Automate using the API and SDK
API reference
The API and SDK - DevOps tools for automation
The API and SDK
API versions
Legacy REST and SOAP APIs
Next Step
Send request using the API
Set up your development environment
Authenticate with Workload Security
Perform a GET request: list policies
Perform a POST request: search firewall rules
Get the Workload Security version
Next Steps
About resource property values
How to express a null value
Valid values for Boolean properties
Include only changed values when modifying resources
About the overrides parameter
Search for resources
Searchable fields
Search computer subobjects
Field names in Python code
Use wildcards in string searches
Perform a date-range search
Search for null values
Sort order
Limit search results and paging
API rate limits
Handle rate limit errors in your code
Performance tips
Minimize computer response size
Use the overrides parameter
Directly configure rule assignments
Interact directly with single settings
Page your search results
Troubleshooting
Obtain error information
Authentication errors
Authorization errors
Resource not found errors
Bad request errors
Check SDK compatibility
API cookbook
About the API cookbook
Set Up to Use Bash or PowerShell
Bash or PowerShell?
Check your environment
Create an API key
Test your setup
Final comments
Get a List of Computers (Bash and PowerShell)
Before you begin
Bash
PowerShell
Search for a policy (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Assign a policy to a computer using Bash and PowerShell
Before you begin
Bash
PowerShell
Notes
Assign a policy to many computers (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Related Resources
SDK guides
Python SDK
Prepare to use the Python SDK
SDK version compatibility
Upgrade scenarios
Run the code examples
Index of code examples
Anti-Malware
API Client
API keys
Application Control
Computers
Firewall
Integrity Monitoring
Intrusion Prevention (IDS/IPS)
Lists
Log Inspection
Policies
Recommendations
Reporting
Roles
Rules
Scheduled tasks
Schedules
Security updates
Search
Settings
Web Reputation
Deploy Workload Security
Use the API to generate an agent deployment script
General steps
Example
Integrate Workload Security with AWS Services
Workflow pattern
Amazon GuardDuty
Amazon Macie
Amazon Inspector
AWS WAF
AWS Config
Add Computers
Add a Google Cloud Platform Connector
Submit a Synchronization Action for a GCP Connector
Control Access Using Roles
General steps
Example: Create a role
Create and manage API keys
About API keys
Create an API Key Using Code
Create an API key using the console
Manage API keys after their creation
Configure Workload Security system settings
Retrieve, modify, or reset a single system setting
List or modify multiple system settings
Monitor Workload Security events
Configure protection
Create and configure a policy
Create a policy
Assign a policy to a computer
Configure policy and default policy settings
Reset policy overrides
Configure Firewall
General steps
Example
Create a firewall rule
Limitations to modifying stateful configurations
Configure Intrusion Prevention
General steps
Example
Create an Intrusion Prevention rule
Configure Anti-Malware
General steps
Example
Create and modify malware scan configurations
Configure Web Reputation
General steps
Example
Configure Device Control
General steps
Example
Create a USB Device Exception
Configure Application Control
Configure Application Control for a policy
Allow or Block Unrecognized Software
Create a shared ruleset
Add Global Rules
Configure maintenance mode during upgrades
Configure Integrity Monitoring
General steps
Example
Create an Integrity Monitoring rule
Configure Log Inspection
General steps
Example
Create a Log Inspection rule
Create and modify lists
Create and configure schedules
Override policies on a computer
Discover overrides
Configure computer overrides
Rule overrides
Maintain protection
Report on computer status
Discover unprotected computers
Get computer configurations
Discover the Anti-Malware configuration of a computer
Get applied intrusion prevention rules
Patch unprotected computers
Example: Find the Intrusion Prevention rule for a CVE
Example: Find computers that are not protected against a CVE
Example: Add intrusion prevention rules to computers' policies
Assign rules with recommendation scans
Obtain the date of the last recommendation scan
Apply recommendations
Maintain protection using scheduled tasks
Related classes
Create a scheduled task
Create, run, and delete a scheduled task
Run an existing scheduled task
Settings reference
Default policy, policy, and computer settings
Use the legacy APIs
Provide access for legacy APIs
Transition from the SOAP API
Terminology
Specific tasks
Java class structure
Capabilities
Related code examples
Use the legacy REST API
Set up your environment to use the REST API
Develop a REST API client application
Special Considerations
Automate using the console
Schedule Workload Security to perform tasks
Create scheduled tasks
Enable or disable a scheduled task
Set up scheduled reports
Automatically perform tasks when a computer is added or changed
Create an event-based task
Edit or stop an existing event-based task
Events to monitor
Conditions
Actions
Order of execution
Temporarily disable an event-based task
AWS Auto Scaling and Workload Security
Preinstall the agent
Install the agent with a deployment script
Delete instances from Workload Security as a result of Auto Scaling
Azure virtual machine scale sets and Workload Security
Step 1: Add your Azure account to Workload Security (recommended)
Step 2: Prepare a deployment script
Step 3: Add the agent through a custom script extension to your VMSS instances
GCP auto scaling and Workload Security
Preinstall the agent
Install the agent with a deployment script
Delete instances from Workload Security as a result of GCP MIGs
Use deployment scripts to add and protect computers
Generate a deployment script
Troubleshooting and tips
URL format for the agent download
Agent download URL format
Exceptions for backwards compatibility
Agent version control
Automatically assign policies using cloud provider tags and labels
Command-line basics
dsa_control
dsa_query
dsa_scan
User Guide
Add computers
About adding computers
Add computers to Workload Security
Group computers
Export your computers list
Delete a computer
Add local network computers
Manually add a computer
Set up a data center gateway
Verify system requirements
Grant permissions
Download the data center gateway software
Download the credential files
Configure the vCenter and Active Directory servers and proxies
Install the data center gateway
Troubleshooting
Upgrade the data center gateway
Add Active Directory computers
Add a data center gateway
Add an Active Directory
Additional Active Directory options
Server certificate usage
Keep Active Directory objects synchronized
Disable Active Directory synchronization
Add VMware VMs
Add a VMware vCenter to Workload Security
Add a data center gateway
Add a VMware vCenter
Protect workloads in VMware
Add virtual machines hosted on VMware vCloud
Benefits of adding a vCloud account
Proxy setting for cloud accounts
Create a VMware vCloud Organization account for Workload Security
Import computers from a VMware vCloud Organization Account
Import computers from a VMware vCloud Air data center
Remove a cloud account
Add AWS instances
About adding AWS accounts
What happens when you add an AWS account?
Benefits of adding an AWS account
Supported AWS regions
Add an AWS account using the quick setup
Add an AWS account using a cross-account role
Add the account through the API
Add Amazon WorkSpaces
Protect Amazon WorkSpaces if you already added your AWS account
Protect Amazon WorkSpaces if you have not yet added your AWS account
Manage an AWS account
Edit an AWS account
Remove an AWS account
Synchronize an AWS account
Manage an AWS account external ID
About the external ID
Configure the external ID
Update the external ID
Retrieve the external ID
Disable retrieval of the external ID
Protect an account running in AWS Outposts
What does the Cloud Formation template do when I add an AWS account?
Add Azure instances
Create an Azure application for Workload Security
Assign the correct roles
Create the Azure application
Record the Azure application ID, Microsoft Entra ID, and password
Record the Subscription IDs
Assign the Azure application a role and connector
Add a Microsoft Azure account to Workload Security
Benefits of adding an Azure account
Supported Azure regions
Add virtual machines from a Microsoft Azure account to Workload Security
Manage Azure classic virtual machines with the Azure Resource Manager connector
Remove an Azure account
Synchronize an Azure account
Why should I upgrade to the new Azure Resource Manager connection functionality?
Add GCP instances
Create a Google Cloud Platform service account
Prerequisite: Enable the Google APIs
Create a GCP service account
Add more projects to the GCP service account
Create multiple GCP service accounts
Add a Google Cloud Platform account
Benefits of adding a GCP account
Configure a proxy setting for the GCP account
Add a GCP account to Workload Security
Remove a GCP account
Synchronize a GCP account
Manually upgrade your AWS account connection
Verify the permissions associated with the AWS role
Migrate to the new cloud connector functionality
Protect Docker containers
Workload Security protection for the Docker host
Workload Security protection for Docker containers
Limitation on Intrusion Prevention recommendation scans
Protect OpenShift containers
Configure policies
Create policies
Create a new policy
Alternative ways to create a policy
Edit the settings for a policy or individual computer
Assign a policy to a computer
Disable automatic policy updates
Send policy changes manually
Export a policy
Policies, inheritance, and overrides
Inheritance
Overrides
View the overrides on a computer or policy at a glance
Manage and run recommendation scans
Scanned artifacts
Scan limitations
Run a recommendation scan
Automatically implement recommendations
Check scan results and manually assign rules
Configure recommended rules
Implement additional rules for common vulnerabilities
Troubleshooting: Recommendation Scan Failure
Detect and configure interfaces available on a computer
Configure a policy for multiple interfaces
Enforce interface isolation
Overview section of the computer editor
General tab
Actions tab
System Events tab
Exceptions tab
Overview section of the policy editor
General tab
Computers using the Policy tab
Events tab
Exceptions tab
Network engine settings
User mode solution
Define rules, lists, and other common objects used by policies
About common objects
Rules
Lists
Other
Manage role-based access control for common objects
Configure access scope for roles
Create a firewall rule
Configure intrusion prevention rules
Create an Integrity Monitoring rule
Define a Log Inspection rule for use in policies
Create a list of directories for use in policies
Import and export directory lists
View policies that use a directory list
Create a list of file extensions for use in policies
Import and export file extension lists
View malware scan configurations that use a file extension list
Create a list of files for use in policies
Import and export file lists
View policies that use a file list
Create a list of IP addresses for use in policies
Import and export IP lists
View rules that use an IP list
Create a list of ports for use in policies
Import and export port lists
View rules that use a port list
Create a list of MAC addresses for use in policies
Import and export MAC lists
View policies that use a MAC list
Define contexts for use in policies
Configure internet connectivity for the computer
Define a context
Define stateful firewall configurations
Define a schedule to apply to rules
Configure protection modules
Configure Intrusion Prevention
About Intrusion Prevention
Intrusion Prevention rules
Use behavior modes to test rules
Intrusion Prevention events
Support for secure connections
Contexts
Interface tagging
Set up Intrusion Prevention
Enable Intrusion Prevention in Detect mode
Enable Auto Apply core Endpoint & Workload rules
Test Intrusion Prevention
Apply recommended rules
Monitor your system
Enable fail open for packet or system failures
Switch to Prevent mode
Implement best practices for specific rules
Configure intrusion prevention rules
The intrusion prevention rules list
Intrusion prevention license types
View information about intrusion prevention rules
View information about associated vulnerability (Trend Micro rules only)
Assign and unassign rules
Automatically assign core Endpoint & Workload rules
Automatically assign updated required rules
Configure event logging for rules
Generate alerts
Setting configuration options (Trend Micro rules only)
Schedule active times
Exclude from recommendations
Set the context for a rule
Override the behavior mode for a rule
Override rule and application type configurations
Export and import rules
Configure an SQL injection prevention rule
About SQL injection attacks
Common characters and strings used in SQL injection attacks
About the Generic SQL Injection Prevention rule
Examples of the rule and scoring system in action
Configure the Generic SQL Injection Prevention rule
Character encoding guidelines
Application types
View a list of application types
General Information
Connection
Configuration
Options
Assigned To
Inspect TLS traffic
Enable Advanced TLS traffic inspection
Configure SSL inspection (legacy)
Use Intrusion Prevention when traffic is encrypted with Perfect Forward Secrecy (PFS)
Supported cipher suites
Supported protocols
TLS inspection support
Manage TLS inspection support package updates
Configure anti-evasion settings
Performance tips for intrusion prevention
Maximum size for configuration packages
Configure Anti-Malware
About Anti-Malware
Types of malware scans
Malware scan configurations
Malware events
Smart Scan
Predictive Machine Learning
Malware types
Set up Anti-Malware
Enable and configure anti-malware
Enable the Anti-Malware module
Select the types of scans to perform
Configure scan inclusions
Configure scan exclusions
Configure multiple scan list exclusions or inclusions
Ensure that Workload Security can keep up to date on the latest threats
Configure malware scans
Create or edit a malware scan configuration
Scan for specific types of malware
Enable a manual scan for the notifier application
Specify the files to scan
Scan a network directory (real-time scan only)
Specify when real-time scans occur
Configure malware handling
Identify malware files by file hash digest
Configure notifications on the computer
Run scheduled scans when Workload Security is not accessible
Troubleshooting
Performance tips for anti-malware
Minimize disk usage
Optimize CPU usage
Optimize RAM usage
Configure Deep Security and Windows Defender
Microsoft Defender Antivirus application files for exclusion list for Deep Security Agent
Deep Security Agent folders and processes for Microsoft Defender Antivirus exclusion list
Tamper protection
Microsoft Defender Antivirus Endpoint Detection and Response (EDR) in block mode for endpoint
Detect emerging threats with Predictive Machine Learning
Enable Predictive Machine Learning
Enhanced anti-malware and ransomware scanning with behavior monitoring
Enhanced scanning protection
Enable enhanced scanning
What happens when enhanced scanning finds a problem?
Smart Protection in Workload Security
Anti-Malware and Smart Protection
Web Reputation and Smart Protection
Smart Feedback
Disable Smart Feedback
Handle malware
View and restore identified malware
See a list of identified files
Working with identified files
Search for an identified file
Restore identified files
Create anti-malware exceptions
Create an exception from an Anti-Malware event
Manually create an Anti-Malware exception
Exception strategies for spyware and grayware
Scan exclusion recommendations
Exclude files signed by a trusted certificate
Increase debug logging for anti-malware in protected Linux instances
Configure Firewall
About Firewall
Firewall rules
Set up the Workload Security firewall
Test Firewall rules before deploying them
Enable fail open behavior
Enable Firewall
Default Firewall rules
Restrictive or permissive Firewall design
Firewall rule actions
Firewall rule priorities
Recommended Firewall policy rules
Reconnaissance scans
Stateful inspection
Example
Important considerations
Create a firewall rule
Add a new rule
Select the behavior and protocol of the rule
Select a Packet Source and Packet Destination
Configure rule events and alerts
Set a schedule for the rule
Assign a context to the rule
View policies and computers to which a rule is assigned
Export a rule
Delete a rule
Allow trusted traffic to bypass the firewall
Create a new IP list of trusted traffic sources
Create incoming and outgoing firewall rules for trusted traffic using the IP list
Assign the firewall rules to a policy used by computers through which trusted traffic flows
Firewall rule actions and priorities
Firewall rule actions
Firewall rule sequence
Firewall rules working together
Rule priority
Putting rule action and priority together
Firewall settings
General
Interface Isolation
Reconnaissance
Advanced
Firewall Events
Define stateful firewall configurations
Add a stateful configuration
Enter stateful configuration information
Select packet inspection options
Export a stateful configuration
Delete a stateful configuration
View policies and computers with assigned stateful configuration
Container Firewall rules
Configure Container Protection
Apply real-time scan
Apply your firewall settings
Apply your intrusion prevention settings
Configure Web Reputation
Enable the Web Reputation module
Enable the Trend Micro Toolbar
Switch between inline and tap mode
Enforce the security level
Create exceptions
Configure the Smart Protection Server
Edit advanced settings
Test Web Reputation
Configure Device Control
Device Control protocols
Set up Device Control
Configure protocols
Configure USB Device Exceptions
Device Control event tagging
Configure Integrity Monitoring
About Integrity Monitoring
Set up Integrity Monitoring
Enable and configure Integrity Monitoring
The timing of Integrity Monitoring scans
Integrity Monitoring scan performance settings
Integrity Monitoring event tagging
Create an Integrity Monitoring rule
Add a new rule
Enter Integrity Monitoring rule information
Select a rule template and define rule attributes
Configure Trend Micro Integrity Monitoring rules
Configure rule events and alerts
See policies and computers to which a rule is assigned
Export a rule
Delete a rule
Integrity Monitoring rules language
About the Integrity Monitoring rules language
Entity sets
Hierarchies and wildcards
Syntax and concepts
Include tag
Exclude tag
Case sensitivity
Entity features
AND and OR operators
Order of evaluation
Entity attributes
Shorthand attributes
onChange attribute
Environment variables
Registry values
Use of dot dot
Best practices
DirectorySet
Tag attributes
Entity set attributes
Shorthand attributes
Meaning of key
Subelements
FileSet
Tag attributes
Entity set attributes
Shorthand attributes
Drives mounted as directories
Alternate data streams
Meaning of key
Subelements
Special attributes of Include and Exclude for FileSets
GroupSet
Tag attributes
Entity set attributes
Shorthand attributes
Meaning of key
Include and exclude
InstalledSoftwareSet
Tag attributes
Entity set attributes
Shorthand attributes
Meaning of key
Subelements
Special attributes of Include and Exclude for InstalledSoftwareSets
PortSet
Tag attributes
Entity set attributes
Meaning of key
IPV6
Key matching
Subelements
Special attributes of Include and Exclude for PortSets
ProcessSet
Tag attributes
Entity set attributes
Shorthand Attributes
Meaning of key
Subelements
Special attributes of Include and Exclude for ProcessSets
RegistryKeySet
Tag attributes
Entity set attributes
Shorthand attributes
Meaning of key
Subelements
RegistryValueSet
Tag attributes
Entity set attributes
Shorthand attributes
Meaning of key
Default value
Subelements
ServiceSet
Tag attributes
Entity Set attributes
Shorthand attributes
Meaning of key
Subelements
Special attributes of Include and Exclude for ServiceSets
UserSet
Tag attributes
Entity set attributes
Common attributes
Windows-only attributes
Linux, AIX, and Solaris attributes
Shorthand attributes
Meaning of key
Subelements
Include and Exclude
Special attributes of Include and Exclude for UserSets
WQLSet
Entity set attributes
Meaning of key
Include and exclude
Configure Log Inspection
About Log Inspection
Set up Log Inspection
Enable the log inspection module
Run a recommendation scan
Apply the recommended log inspection rules
Test Log Inspection
Configure log inspection event forwarding and storage
Define a Log Inspection rule for use in policies
Create a new Log Inspection rule
Decoders
Subrules
Real world examples
Log Inspection rule severity levels and use
strftime() conversion specifiers
Examine a Log Inspection rule
Configure Application Control
About Application Control
Key software ruleset concepts
How do Application Control software rulesets work?
The Application Control interface
What does Application Control detect as a software change?
Set up Application Control
Turn on Application Control
Monitor new and changed software
Turn on maintenance mode when making planned changes
Application Control tips and considerations
Verify that Application Control is enabled
Monitor Application Control events
Choose which Application Control events to log
View Application Control event logs
Interpret aggregated security events
Monitor Application Control alerts
View and change Application Control software rulesets
View Application Control software rulesets
Change the action for an Application Control rule
Delete an individual Application Control rule
Delete an Application Control ruleset
Application Control Trust Entities
Trust rulesets
Trust rules
Types of trust rule properties
Application Control event aggregation and analysis
Trust rule property limitations for Linux
Reset Application Control after too much software change
Use the API to create shared and global rulesets
Create a shared ruleset
Change from shared to computer-specific allow and block rules
Configure events and alerts
Workload Security event logging
Location of event logs
Timing of sending events to Workload Security
Storage of long events
System events
Security events
See the events associated with a policy or computer
View details about an event
Filter the list to search for an event
Export events
Improve logging performance
Log and event storage best practices
Limit log file sizes
Event logging tips
Anti-Malware scan failures and cancellations
Anti-Malware scan failure events
Anti-Malware scan cancellation events
Apply tags to identify and group events
Manual tagging
Auto-tagging
Trusted source tagging
Delete a tag
Reduce the number of logged events
Rank events to quantify their importance
Web Reputation event risk values
Firewall rule severity values
Intrusion Prevention rule severity values
Integrity Monitoring rule severity values
Log Inspection rule severity values
Asset values
Forward events to a Syslog or SIEM server
Forward Workload Security events to a Syslog or SIEM server
Allow event-forwarding network traffic
Define a Syslog configuration
Forward system events
Forward security events
Troubleshoot event forwarding
Syslog message formats
CEF syslog message format
LEEF 2.0 syslog message format
Events originating in Workload Security
Events originating in the agent
Configure Red Hat Enterprise Linux to receive event logs
Set up a Syslog on Red Hat Enterprise Linux 8
Set up a Syslog on Red Hat Enterprise Linux 6 or 7
Set up a Syslog on Red Hat Enterprise Linux 5
Access events with Amazon SNS
Set up Amazon SNS
Create an AWS user
Create an Amazon SNS topic
Enable SNS
Create subscriptions
SNS configuration in JSON format
Version
Statement
Multiple statements vs. multiple conditions
Example SNS configurations
Events in JSON format
Valid event properties
Example events in JSON format
Configure alerts
View alerts in the Workload Security console
Configure alert settings
Set up email notification for alerts
Generate reports about alerts and other activity
Set up a single report
Set up a scheduled report
Troubleshoot: Scheduled report sending failed
Lists of events and alerts
Predefined alerts
Agent events
System events
Application Control events
What information is displayed for Application Control events?
List of all Application Control events
Anti-Malware events
List of all Anti-Malware events
Device Control events
Information displayed for Device Control events
Firewall events
Information displayed for firewall events
Filter the list to search for an event for User Name
List of all firewall events
Intrusion Prevention events
Information displayed for Intrusion Prevention events
Intrusion Prevention events
Integrity Monitoring events
Information displayed for Integrity Monitoring events
Integrity Monitoring events list
Log Inspection events
Information displayed for log inspection events
Log inspection security events
Web Reputation events
Information displayed for Web Reputation events
Add a URL to the list of allowed URLs
Troubleshoot common events, alerts, and errors
Why am I seeing firewall events when the Firewall module is off?
Troubleshoot event ID 771 "Contact by Unrecognized Client"
Uninstall the agent
Reactivate the computer or clone
Troubleshoot "Smart Protection Server disconnected" errors
Check the error details
Activation Failed
Protocol Error
Unable to resolve hostname
No agent/appliance
Blocked port
Expired subscription
Endpoint behind proxy
Reinstallation required
Agent version not supported
Anti-Malware Engine Offline
Agent on Windows
Agent on Linux
Anti-Malware Engine has only Basic Functions
Basic functions
Reason IDs
Activity Monitoring Engine Offline
Agent on Windows
Agent on Linux
Activity Monitoring Engine has only Basic Functions
Basic functions
Reason IDs
Device Control Engine Offline
If your agent is on Windows
Check Status Failed
Installation of Feature 'dpi' failed
Additional information
Intrusion Prevention Rule Compilation Failed
Apply Intrusion Prevention best practices
Manage rules
Unassign application types from a single port
Log Inspection Rules Require Log Files
If the file location is required
If the files listed do not exist on the protected machine
Module installation failed (Linux)
MQTT Connection Offline
There are one or more application type conflicts on this computer
Resolution
Unable to connect to the cloud account
Your AWS account access key ID or secret access key is invalid
The incorrect AWS IAM policy has been applied to the account being used by Workload Security
NAT, proxy, or firewall ports are not open, or settings are incorrect
Unable to resolve instance hostname
Integrity Monitoring information collection has been delayed
Max TCP connections
Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
Cause 1: The agent or relay-enabled agent doesn't have Internet access
Cause 2: A proxy was enabled but not configured properly
Insufficient disk space
Tips
Reconnaissance Detected
Types of reconnaissance scans
Suggested actions
Configure proxies
Configure proxies
Register a proxy in Workload Security
Supported proxy protocols
Connect to the primary security update source via proxy
Connect to Workload Security via proxy
Connect to relays via proxy
Connect to Workload Security and Relays via Proxy Auto_Configuration (PAC) proxy
Connect to the Smart Protection Network via proxy
Remove a proxy
Proxy settings
Proxy server use
Enable OS proxy
Enable OS proxy on the server console
Enable OS proxy from the endpoint
Configuration on agent side
Troubleshooting
Configure relays
About relays
Deploy your own relays
Deploy more relays
Plan the number and location of relays
Create relay groups
Enable relays
Assign agents to a relay group
Connect agents to a relay's private IP address
Remove relay functionality
Manage agents (protected computers)
Computer and agent statuses
Status column - computer states
Status column - agent states
Task(s) column
Computer errors
Protection module status
Perform other actions on your computers
Computers icons
Status information for different types of computers
Configure agent version control
Set up agent version control
Use agent version control with URL requests
Agent version control FAQs
Configure teamed NICs
Windows
Solaris
Communication between Workload Security and Deep Security Agent
Heartbeat alerts{#Configur2}
Communication directionality
Supported cipher suites for communication
Configure agents that have no Internet access
Solutions
Use a proxy
Install a Smart Protection Server locally
Disable functionality that uses Trend Micro security services
Activate and protect agents using agent-initiated activation and communication
Enable agent-initiated activation
Automatically upgrade agents on activation
Enable automatic agent upgrade
Check that agents were upgraded successfully
Using the agent with iptables
Rules required by the agent
Prevent the agent from automatically adding iptables rules
Enable Managed Detection and Response
Enable or disable agent self-protection
Configure self-protection through the Workload Security console
Configure self-protection using the command line
Known issues for Linux
Troubleshooting the Linux agent
Are "Offline" agents still protected by Workload Security?
Automate offline computer removal with inactive agent cleanup
Enable inactive agent cleanup
Check the audit trail for removed computers
Agent settings
Agent-initiated activation (AIA)
Agent upgrade
Inactive agent cleanup
Data privacy
Custom network configuration
Add a custom network configuration
JSON parameter configuration examples
User mode solution
Modes available
Choose whether to use drivers for system protection
Supported agents
Workload Security Notifier
About the notifier
Trigger a manual scan
Implement SAML single sign-on (SSO)
About SAML single sign-on (SSO)
SAML and single sign-on
SAML single sign-on in Workload Security
Configure SAML single sign-on
Prerequisites
Configure SAML in Workload Security
Provide information to your identity provider administrator
SAML claims structure
Test SAML single sign-on
Service and identity provider settings
Configure SAML single sign-on with Microsoft Entra ID
About administrators involved in the process
Download Workload Security service provider SAML metadata document
Configure Microsoft Entra ID
Configure SAML in Workload Security
Define a role in Microsoft Entra ID
Service and identity provider settings
SAML claims structure
Roles and contacts for accounts
Define roles
Custom Workload Security rights
Add or edit a role
Default settings for full access, auditor, and new roles
Add contacts
Add or edit a contact
Delete a contact
Navigate and customize the Workload Security console
Customize the dashboard
Date and time range
Computers and computer groups
Filter by tags
Select dashboard widgets
Change the layout
Save and manage dashboard layouts
Group computers dynamically with smart folders
Create a smart folder
Edit a smart folder
Clone a smart folder
Focus your search using subfolders
Automatically create subfolders
Searchable Properties
Operators
Customize advanced system settings
Export
Manager AWS Identity
Asynchronous Tasks
Work faster with the Notification Service
Tasks supported by the Notification Service
Harden Workload Security
About Workload Security hardening
Manage trusted certificates
Import trusted certificates
View trusted certificates
Remove trusted certificates
SSL implementation and credential provisioning
Protect the agent
If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro
Upgrade Workload Security
About upgrades
Workload Security checks for software upgrades
Best practices for upgrades
Workload Security validation of update integrity
Apply security updates
Configure the security update source
Initiate security updates
Check your security update status
View details about pattern updates
Revert, import, or view details about rule updates
Configure security updates
Disable emails for New Pattern Update alerts
Use a web server to distribute software updates
Web server requirements
Copy the folder structure
Configure agents to use the new software repository
Upgrade the relay
Upgrade a relay from Workload Security
Upgrade a relay by running the installer manually
Upgrade the agent
Before you begin an upgrade
Upgrade the agent starting from an alert
Upgrade multiple agents at once
Upgrade the agent from the Computers page
Upgrade the agent on activation
Upgrade the agent from a Scheduled Task
Upgrade the agent manually
Upgrade best practices for agents
Uninstall the agent
Uninstall an agent on Windows
Uninstall an agent on Linux
Uninstall an agent on Solaris 10
Uninstall an agent on Solaris 11
Uninstall an agent on AIX
Uninstall an agent on macOS
Uninstall an agent on Red Hat OpenShift
Uninstall the notifier
Evaluate Trend Vision One
Prerequisite: Foundation Services and Endpoint Protection
Export policies and configurations
Import policies and configurations
Configure proxy settings
Deactivate the agent in Trend Cloud One - Endpoint & Workload Security
Reactivate the agent in Trend Vision One
Revert agents to Trend Cloud One - Endpoint & Workload Security
Integrations
Integrate with AWS Control Tower
Integrate with AWS Control Tower
Upgrade AWS Control Tower integration
Remove AWS Control Tower integration
Integrate with AWS Systems Manager Distributor
Create an IAM policy
Create a role and assign the policy
Create parameters
Create association
Protect your computers
Integrate with SAP NetWeaver
Workload Security and SAP components
Enable integration between Workload Security Scanner and SAP NetWeaver
Supported MIME types
Integrate with Apex Central
Integrate with Trend Vision One
Integrate Workload Security with Trend Vision One
Register with Trend Vision One using the Product Instance app XDR
Register with Trend Vision One using the Product Connector app XDR
Forward security events to Trend Vision One XDR
Enable Activity Monitoring
Enable Trend Vision One extended detection and response (XDR) SSO to Trend Cloud One
Enable single sign-on
Trend Vision One extended detection and response (XDR) file collection
Requirements
Collect objects using file collection
Troubleshoot common issues
Trend Vision One extended detection and response (XDR) network isolation
Requirements
Isolate endpoints using network isolation
Restore connection to an endpoint
Troubleshoot common issues
Trend Vision One extended detection and response (XDR) remote shell
Requirements
Start a remote shell session
Supported commands
Troubleshoot common issues
Trend Vision One extended detection and response (XDR) threat intelligence - User-defined suspicious object
Requirements
User Defined Suspicious Objects
Set up a connection to Trend Vision One
Configure the scan action for a suspicious file
Trend Vision One extended detection and response (XDR) custom script
Run a remote custom script task
Trigger a custom script using Remote Shell
Integrate with Service Gateway
Integrate with Service Gateway
Supported Service Gateway version
System requirements
Deploy Service Gateway
Enable Forward Proxy Service
Enable the Forward Proxy
Enable ActivateUpdate Service
Enable the ActiveUpdate services
Get Trend Cloud One - Endpoint & Workload Security ActiveUpdate source URL
Configure the ActiveUpdate service
Configure update source on Trend Cloud One - Endpoint & Workload Security
Enable Smart Protection Service
Enable Smart Protection services
Configure local File Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
Configure local Web Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
Unregister Trend Cloud One - Enpoint & Workload Security from Trend Vision One
Use the Trend Vision One product connectors
Use Postman and an HTTP API
FAQs
Why does my Windows machine lose network connectivity when I enable protection?
Agent protection for Solaris zones
Intrusion Prevention (IPS), Firewall, and Web Reputation
Anti-Malware, Integrity Monitoring, and Log Inspection
Can Workload Security protect AWS GovCloud or Azure Government workloads?
How the agent uses Amazon Instance Metadata Service
Why can I not add my Azure server using the Azure cloud connector?
Why can I not view all of the VMs in an Azure subscription in Workload Security?
Troubleshooting
Offline agent
Causes
Verify that the agent is running
Verify DNS
Allow outbound ports (agent-initiated heartbeat)
Allow ICMP on Amazon AWS EC2 instances
Fix the upgrade issue on Solaris 11
High CPU usage
Diagnose problems with agent deployment on Windows
Anti-Malware Windows platform update failed
An incompatible Anti-Malware component from another Trend Micro product
An incompatible Anti-Malware component from a third-party product
Other/unknown Error
Security update connectivity
Network Engine Status (Windows)
Network Engine Status warnings
Verify the driver status in Windows
Disable Network Engine Status warnings
Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
Issues adding your AWS account to Workload Security
AWS is taking longer than expected
Resource is not supported in this region
Template validation issue
Workload Security was unable to add your AWS account
Create a diagnostic package and logs
Agent diagnostics
Removal of older software versions
Troubleshoot SELinux alerts
SELinux blocks the Deep Security Agent service
Berkeley Packet Filter (BPF) operations blocked
Troubleshoot Azure Code Signing
Trust and compliance information
About compliance
Agent package integrity check
Troubleshoot
Supported relay versions
Meet PCI DSS requirements with Workload Security
GDPR
Set up AWS Config Rules
Bypass vulnerability management scan traffic in Workload Security
Create a new IP list from the vulnerability scan provider IP range or addresses
Create firewall rules for incoming and outbound scan traffic
Assign new firewall rules to a policy to bypass vulnerability scans
Use TLS 1.2 with Workload Security
TLS architecture
Enable the TLS 1.2 architecture
Next steps: deploy new agents and relays
Privacy and personal data collection disclosure
Release notes and scheduled maintenance
Scheduled maintenance
What's new in Workload Security
What's new in Deep Security Agent for macOS
Deep Security Agent for macOS - 20.0.0-243 (20 LTS Update 2024-11-13)
Deep Security Agent for macOS - 20.0.0-236 (20 LTS Update 2024-07-17)
Deep Security Agent for macOS - 20.0.0-224 (20 LTS Update 2024-01-17)
Deep Security Agent for macOS - 20.0.0-223 (20 LTS Update 2023-11-21)
Deep Security Agent for macOS - 20.0.0-213 (20 LTS Update 2023-08-29)
Deep Security Agent for macOS - 20.0.0-208 (20 LTS Update 2023-04-25)
Deep Security Agent for macOS - 20.0.0-198 (20 LTS Update 2023-02-16)
Deep Security Agent for macOS - 20.0.0-190 (20 LTS Update 2022-12-15)
Deep Security Agent for macOS - 20.0.0-183 (20 LTS Update 2022-11-22)
Deep Security Agent for macOS - 20.0.0-182 (20 LTS Update 2022-10-21)
Deep Security Agent for macOS - 20.0.0-180 (20 LTS Update 2022-09-22)
Deep Security Agent for macOS - 20.0.0-173 (20 LTS Update 2022-08-29)
Deep Security Agent for macOS - 20.0.0-167 (20 LTS Update 2022-07-26)
Deep Security Agent for macOS - 20.0.0-158 (20 LTS Update 2022-07-11)
API changelog
June 3, 2020
June 1, 2020
May 19, 2020
April 9, 2020
February 27, 2020
January 07, 2020
January 09, 2020
keyboard_arrow_up