Support
Open Console
English
日本語
Support
Open Console
Home
Workload Security
Billing account change
Table of contents
About Workload Security
About the Workload Security components
About the Workload Security protection modules
Intrusion Prevention
Anti-Malware
Firewall
Web Reputation
Integrity Monitoring
Log Inspection
Application Control
About billing and pricing
What Workload Security considers as a protection-hour
When protection-hours start and stop
Trial or subscription expired
Legacy Workload Security billing methods
Workload Security release strategy and life cycle policy
Compatibility
Agent platforms
Agent platform support table
Docker support
Systemd support
SELinux support
Linux minor version support
Agent Linux kernel support
Supported features by platform
Microsoft Windows
Red Hat Enterprise Linux
CentOS Linux
Oracle Linux
SUSE Linux
Ubuntu Linux
Debian Linux
CloudLinux
Amazon Linux
Solaris
AIX
System requirements
Trend Micro - Cloud One console requirements
Deep Security Agent requirements
Deep Security Relay requirements
Sizing
Deep Security Agent and Relay sizing
Port numbers, URLs, and IP addresses
Workload Security port numbers
Workload Security URLs
Workload Security IP addresses
Get started
Try the Workload Security demo
Transitioning from Deep Security as a Service
Start protecting computers
Add AWS EC2 instances to Workload Security
Add Azure virtual machines to Workload Security
Add Google Cloud Platform (GCP) virtual machines to Workload Security
Deploy Deep Security Agents to your AWS EC2 instances or Azure virtual machines
Protect your instances with policies
Check digital signatures on software packages
Check the signature on software ZIP packages
Check the signature on installer files (EXE, MSI, RPM or DEB files)
Deploy a relay
Deploy the agent
Get agent software
View a list of available agent software
Export the agent installer
Solaris-version-to-agent-package mapping table
AIX agent package naming format
Install the agent
Install the agent manually
Install the agent using other methods
Post-installation tasks
Install the agent on Amazon EC2 and WorkSpaces
Add your AWS accounts to Workload Security
Configure the activation type
Open ports
Deploy agents to your Amazon EC2 instances and WorkSpaces
Verify that the agent was installed and activated properly
Assign a policy
Install the agent on an AMI or WorkSpace bundle
Add your AWS account to Workload Security
Configure the activation type
Launch a 'master' Amazon EC2 instance or Amazon WorkSpace
Deploy an agent on the master
Verify that the agent was installed and activated properly
(Recommended) Set up policy auto-assignment
Create an AMI or custom WorkSpace bundle based on the master
Use the AMI
Install the agent on Azure VMs
Install the agent on Google Cloud Platform VMs
Activate the agent
Deactivate the agent
Start or stop the agent
Automate
Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
Automate using the API and SDK
API reference
The API and SDK - DevOps tools for automation
The API and SDK
API versions
Legacy REST and SOAP APIs
Next Step
Send your first request using the API
Set up your development environment
Authenticate with Workload Security
Perform a GET request: list policies
Perform a POST request: search firewall rules
Get the Workload Security version
Next Steps
Notes about resource property values
How to express a null value
Valid values for Boolean properties
Include only changed values when modifying resources
About the overrides parameter
Search for resources
Searchable fields
Search computer sub-objects
Field names in Python code
Use wildcards in string searches
Perform a date-range search
Search for null values
Sort order
Limit search results and paging
API rate limits
Handle rate limit errors in your code
Performance tips
Minimize computer response size
Use the overrides parameter
Directly configure rule assignments
Interact directly with single settings
Page your search results
Troubleshooting tips
Obtain error information
Authentication errors
Authorization errors
Resource not found errors
Bad request errors
Check SDK compatibility
API cookbook
About the API cookbook
Set Up to Use Bash or PowerShell
Bash or PowerShell?
Check your environment
Create an API key
Test your setup
Final comments
Get a List of Computers (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Search for a Policy (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Assign a policy to a computer (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Assign a policy to many computers (Bash and PowerShell)
Before you begin
Bash
PowerShell
Notes
Related Resources
SDK guides
Python SDK
Get set up to use the Python SDK
SDK version compatibility
Upgrade scenarios
Run the code examples
Index of code examples
Anti-Malware
API Client
API keys
Application Control
Computers
Firewall
Integrity Monitoring
Intrusion Prevention (IDS/IPS)
Lists
Log Inspection
Policies
Recommendations
Reporting
Roles
Rules
Scheduled tasks
Schedules
Security updates
Search
Settings
Web Reputation
Deploy Workload Security
Use the API to generate an agent deployment script
General steps
Example
Integrate Workload Security with AWS Services
Workflow pattern
Amazon GuardDuty
Amazon Macie
Amazon Inspector
AWS WAF
AWS Config
Add Computers
Add a Google Cloud Platform Connector
Submit a Sync Action for a GCP Connector
Control Access Using Roles
General steps
Example: Create a role
Create and manage API keys
About API keys
Create an API Key Using Code
Create an API key using the console
Manage API keys after their creation
Configure Workload Security system settings
Retrieve, modify, or reset a single system setting
List or modify multiple system settings
Monitor Workload Security events
Configure protection
Create and configure a policy
Create a policy
Assign a policy to a computer
Configure policy and default policy settings
Reset policy overrides
Configure Firewall
General steps
Example
Create a firewall rule
Limitations to configuring stateful configurations
Configure Intrusion Prevention
General steps
Example
Create an Intrusion Prevention rule
Configure Anti-Malware
General steps
Example
Create and modify malware scan configurations
Configure Web Reputation
General steps
Example
Configure Application Control
Configure Application Control for a policy
Allow or Block Unrecognized Software
Create a shared ruleset
Add Global Rules
Configure maintenance mode during upgrades
Configure Integrity Monitoring
General steps
Example
Create an Integrity Monitoring rule
Configure Log Inspection
General steps
Example
Create a Log Inspection rule
Create and modify lists
Create and configure schedules
Override policies on a computer
Discover overrides
Configure computer overrides
Rule overrides
Maintain protection
Report on computer status
Discover unprotected computers
Get computer configurations
Discover the Anti-Malware configuration of a computer
Get applied intrusion prevention rules
Patch unprotected computers
Example: Find the Intrusion Prevention rule for a CVE
Example: Find computers that are not protected against a CVE
Example: Add intrusion prevention rules to computers' policies
Assign rules with recommendation scans
Find when recommendation scans last ran
Apply recommendations
Maintain protection using scheduled tasks
Related classes
Create a scheduled task
Create, run, and delete a scheduled task
Run an existing scheduled task
Settings reference
Default policy, policy, and computer settings
System settings
Use the legacy APIs
Provide access for legacy APIs
Transition from the SOAP API
Terminology
Specific tasks
Java class structure
Capabilities
Related code examples
Use the legacy REST API
When to use the legacy REST API
Set up your environment to use the REST API
Develop a REST API client application
Special Considerations
Automate using the console
Schedule Workload Security to perform tasks
Create scheduled tasks
Enable or disable a scheduled task
Set up scheduled reports
Automatically perform tasks when a computer is added or changed (event-based tasks)
Create an event-based task
Edit or stop an existing event-based task
Events that you can monitor
Conditions
Actions
Order of execution
Temporarily disable an event-based task
AWS Auto Scaling and Workload Security
Pre-install the agent
Install the agent with a deployment script
Delete instances from Workload Security as a result of Auto Scaling
Azure virtual machine scale sets and Workload Security
Step 1: (Recommended) Add your Azure account to Workload Security
Step 2: Prepare a deployment script
Step 3: Add the agent through a custom script extension to your VMSS instances
GCP auto scaling and Workload Security
Pre-install the agent
Install the agent with a deployment script
Delete instances from Workload Security as a result of GCP MIGs
Use deployment scripts to add and protect computers
Generate a deployment script
Troubleshooting and tips
URL format for download of the agent
Agent download URL format
Exceptions for backwards compatibility
Using agent version control to define which agent version is returned
Automatically assign policies by AWS instance tags
Command-line basics
dsa_control
dsa_query
User Guide
Add computers
About adding computers
Add computers to Workload Security
Group computers
Export your computers list
Delete a computer
Add local network computers
Agent-initiated activation
Manually add a computer
Add AWS instances
About adding AWS accounts
Overview of methods for adding AWS accounts
What happens when you add an AWS account?
What are the benefits of adding an AWS account?
What AWS regions are supported?
Add an AWS account using the quick setup
Add an AWS account using a cross-account role
Add the account through the API
Add Amazon WorkSpaces
Protect Amazon WorkSpaces if you already added your AWS account
Protect Amazon WorkSpaces if you have not yet added your AWS account
Manage an AWS account
Edit an AWS account
Remove an AWS account
Synchronize an AWS account
Manage an AWS account external ID
What is the external ID?
Configure the external ID
Update the external ID
Retrieve the external ID
Disable retrieval of the external ID
Protect an account running in AWS Outposts
What does the Cloud Formation template do when I add an AWS account?
Add Azure instances
Create an Azure app for Workload Security
Assign the correct roles
Create the Azure app
Record the Azure app ID, Active Directory ID, and password
Record the Subscription ID(s)
Assign the Azure app a role and connector
Add a Microsoft Azure account to Workload Security
What are the benefits of adding an Azure account?
Add virtual machines from a Microsoft Azure account to Workload Security
Manage Azure classic virtual machines with the Azure Resource Manager connector
Remove an Azure account
Synchronize an Azure account
Why should I upgrade to the new Azure Resource Manager connection functionality?
Add GCP instances
Create a Google Cloud Platform service account
Prerequisite: Enable the Google APIs
Create a GCP service account
Add more projects to the GCP service account
Create multiple GCP service accounts
Add a Google Cloud Platform account
What are the benefits of adding a GCP account?
Configure a proxy setting for the GCP account
Add a GCP account to Workload Security
Remove a GCP account
Synchronize a GCP account
Add VMware VMs
Add virtual machines hosted on VMware vCloud
What are the benefits of adding a vCloud account?
Proxy setting for cloud accounts
Create a VMware vCloud Organization account for Workload Security
Import computers from a VMware vCloud Organization Account
Import computers from a VMware vCloud Air data center
Remove a cloud account
Set up a data center gateway
Set up a data center gateway
Check the data center gateway status and connection
Upgrade the data center gateway
Security best practices
High availability deployment plan
Add a VMware vCenter to Workload Security
Add a data center gateway
Add a VMware vCenter
Protect workloads in VMware
Manually upgrade your AWS account connection
Verify the permissions associated with the AWS role
How do I migrate to the new cloud connector functionality?
Protect Docker containers
Workload Security protection for the Docker host
Workload Security protection for Docker containers
Limitation on Intrusion Prevention recommendation scans
Configure policies
Create policies
Create a new policy
Other ways to create a policy
Edit the settings for a policy or individual computer
Assign a policy to a computer
Disable automatic policy updates
Send policy changes manually
Export a policy
Policies, inheritance, and overrides
Inheritance
Overrides
View the overrides on a computer or policy at a glance
Manage and run recommendation scans
What gets scanned?
Scan limitations
Run a recommendation scan
Automatically implement recommendations
Check scan results and manually assign rules
Configure recommended rules
Implement additional rules for common vulnerabilities
Troubleshooting: Recommendation Scan Failure
Detect and configure the interfaces available on a computer
Configure a policy for multiple interfaces
Enforce interface isolation
Overview section of the computer editor
General tab
Actions tab
System Events tab
Overview section of the policy editor
General tab
Computer(s) Using This Policy tab
Events tab
Network engine settings
Define rules, lists, and other common objects used by policies
About common objects
Rules
Lists
Other
Create a firewall rule
Configure intrusion prevention rules
Create an Integrity Monitoring rule
Define a Log Inspection rule for use in policies
Create a list of directories for use in policies
Import and export directory lists
See which policies use a directory list
Create a list of file extensions for use in policies
Import and export file extension lists
See which malware scan configurations use a file extension list
Create a list of files for use in policies
Import and export file lists
See which policies use a file list
Create a list of IP addresses for use in policies
Import and export IP lists
See which rules use an IP list
Create a list of ports for use in policies
Import and export port lists
See which rules use a port list
Create a list of MAC addresses for use in policies
Import and export MAC lists
See which policies use a MAC list
Define contexts for use in policies
Configure settings used to determine whether a computer has internet connectivity
Define a context
Define stateful firewall configurations
Define a schedule that you can apply to rules
Configure protection modules
Configure Intrusion Prevention
About Intrusion Prevention
Intrusion Prevention rules
Use behavior modes to test rules
Intrusion Prevention events
Support for secure connections
Contexts
Interface tagging
Set up Intrusion Prevention
Enable Intrusion Prevention in Detect mode
Test Intrusion Prevention
Apply recommended rules
Monitor your system
Enable 'fail open' for packet or system failures
Switch to Prevent mode
Implement best practices for specific rules
Configure intrusion prevention rules
See the list of intrusion prevention rules
See information about an intrusion prevention rule
See the list of intrusion prevention rules
General Information
See information about the associated vulnerability (Trend Micro rules only)
Assign and unassign rules
Automatically assign updated required rules
Configure event logging for rules
Generate alerts
Setting configuration options (Trend Micro rules only)
Schedule active times
Exclude from recommendations
Set the context for a rule
Override the behavior mode for a rule
Override rule and application type configurations
Export and import rules
Configure an SQL injection prevention rule
What is an SQL injection attack?
What are common characters and strings used in SQL injection attacks?
How does the Generic SQL Injection Prevention rule work?
Examples of the rule and scoring system in action
Configure the Generic SQL Injection Prevention rule
Character encoding guidelines
Application types
See a list of application types
General Information
Connection
Configuration
Options
Assigned To
Inspect SSL or TLS traffic
Configure SSL inspection
Change port settings
Use Intrusion Prevention when traffic is encrypted with Perfect Forward Secrecy (PFS)
Supported cipher suites
Supported protocols
Configure anti-evasion settings
Performance tips for intrusion prevention
Maximum size for configuration packages
Configure Anti-Malware
About Anti-Malware
Set up Anti-Malware
Enable and configure anti-malware
Turn on the Anti-Malware module
Select the types of scans to perform
Configure scan exclusions
Ensure that Workload Security can keep up to date on the latest threats
Configure malware scans
Create or edit a malware scan configuration
Scan for specific types of malware
Specify the files to scan
Scan a network directory (real-time scan only)
Specify when real-time scans occur
Configure how to handle malware
Identify malware files by file hash digest
Configure notifications on the computer
Performance tips for anti-malware
Minimize disk usage
Optimize CPU usage
Optimize RAM usage
Disable Windows Defender on Windows Server 2016 or later
Detect emerging threats using Predictive Machine Learning
Enable Predictive Machine Learning
Enhanced anti-malware and ransomware scanning with behavior monitoring
How does enhanced scanning protect you?
How to enable enhanced scanning
What happens when enhanced scanning finds a problem?
Smart Protection in Workload Security
Anti-Malware and Smart Protection
Web Reputation and Smart Protection
Smart Feedback
Handle malware
View and restore identified malware
See a list of identified files
Working with identified files
Search for an identified file
Restore identified files
Create anti-malware exceptions
Create an exception from an Anti-Malware event
Manually create an Anti-Malware exception
Exception strategies for spyware and grayware
Scan exclusion recommendations
Increase debug logging for anti-malware in protected Linux instances
Configure Firewall
About Firewall
Firewall rules
Set up the Workload Security firewall
Test Firewall rules before deploying them
Enable 'fail open' behavior
Turn on Firewall
Default Firewall rules
Restrictive or permissive Firewall design
Firewall rule actions
Firewall rule priorities
Recommended Firewall policy rules
Reconnaissance scans
Stateful inspection
Example
Important things to remember
Create a firewall rule
Add a new rule
Select the behavior and protocol of the rule
Select a Packet Source and Packet Destination
Configure rule events and alerts
Set a schedule for the rule
Assign a context to the rule
See policies and computers a rule is assigned to
Export a rule
Delete a rule
Allow trusted traffic to bypass the firewall
Create a new IP list of trusted traffic sources
Create incoming and outbound firewall rules for trusted traffic using the IP list
Assign the firewall rules to a policy used by computers that trusted traffic flows through
Firewall rule actions and priorities
Firewall rule actions
Firewall rule sequence
How firewall rules work together
Rule priority
Putting rule action and priority together
Firewall settings
General
Interface Isolation
Reconnaissance
Advanced
Events
Define stateful firewall configurations
Add a stateful configuration
Enter stateful configuration information
Select packet inspection options
Export a stateful configuration
Delete a stateful configuration
See policies and computers a stateful configuration is assigned to
Container Firewall rules
Kubernetes Firewall rules
Swarm Firewall rules
Configure Web Reputation
Turn on the Web Reputation module
Switch between inline and tap mode
Enforce the security level
Create exceptions
Configure the Smart Protection Server
Edit advanced settings
Test Web Reputation
Configure Integrity Monitoring
About Integrity Monitoring
Set up Integrity Monitoring
How to enable Integrity Monitoring
When Integrity Monitoring scans are performed
Integrity Monitoring scan performance settings
Integrity Monitoring event tagging
Create an Integrity Monitoring rule
Add a new rule
Enter Integrity Monitoring rule information
Select a rule template and define rule attributes
Configure Trend Micro Integrity Monitoring rules
Configure rule events and alerts
See policies and computers a rule is assigned to
Export a rule
Delete a rule
Integrity Monitoring rules language
About the Integrity Monitoring rules language
Entity Sets
Hierarchies and wildcards
Syntax and concepts
Include tag
Exclude tag
Case sensitivity
Entity features
ANDs and ORs
Order of evaluation
Entity attributes
Shorthand attributes
onChange attribute
Environment variables
Registry values
Use of ".."
Best practices
DirectorySet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
FileSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Drives Mounted as Directories
Alternate Data Streams
Meaning of "Key"
Sub Elements
Special attributes of Include and Exclude for FileSets:
GroupSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Include and Exclude
InstalledSoftwareSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
Special attributes of Include and Exclude for InstalledSoftwareSets:
PortSet
Tag Attributes
Entity Set Attributes
Meaning of "Key"
IPV6
Matching of the Key
Sub Elements
Special attributes of Include and Exclude for PortSets:
ProcessSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
Special attributes of Include and Exclude for ProcessSets:
RegistryKeySet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
RegistryValueSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Default Value
Sub Elements
ServiceSet
Tag Attributes
Entity Set Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
Special attributes of Include and Exclude for ServiceSets:
UserSet
Tag Attributes
Entity Set Attributes
Common Attributes
Windows-only Attributes
Linux, AIX, and Solaris Attributes
Short Hand Attributes
Meaning of "Key"
Sub Elements
Include and Exclude
Special attributes of Include and Exclude for UserSets
WQLSet
Entity Set Attributes
Meaning of Key
Include Exclude
Configure Log Inspection
About Log Inspection
Set up Log Inspection
Turn on the log inspection module
Run a recommendation scan
Apply the recommended log inspection rules
Test Log Inspection
Configure log inspection event forwarding and storage
Define a Log Inspection rule for use in policies
Create a new Log Inspection rule
Decoders
Subrules
Real world examples
Log Inspection rule severity levels and their recommended use
strftime() conversion specifiers
Examine a Log Inspection rule
Configure Application Control
About Application Control
Key concepts
How does application control work?
A tour of the application control interface
What does application control detect as a software change?
Set up Application Control
Turn on Application Control
Monitor new and changed software
Turn on maintenance mode when making planned changes
Application Control tips and considerations
Verify that Application Control is enabled
Monitor Application Control events
View and change Application Control rulesets
View Application Control rulesets
Change the action for an Application Control rule
Delete an individual Application Control rule
Delete an Application Control ruleset
Reset Application Control after too much software change
Use the API to create shared and global rulesets
Create a shared ruleset
Change from shared to computer-specific allow and block rules
Deploy Application Control shared rulesets via relays
Considerations when using relays with shared rulesets
Configure events and alerts
About Workload Security event logging
Where are event logs on the agent?
When are events sent to Workload Security?
How long are events stored?
System events
Security events
See the events associated with a policy or computer
View details about an event
Filter the list to search for an event
Export events
Improve logging performance
Log and event storage best practices
Limit log file sizes
Event logging tips
Anti-Malware scan failures and cancellations
Anti-Malware scan failure events
Anti-Malware scan cancellation events
Apply tags to identify and group events
Manual tagging
Auto-tagging
Trusted source tagging
Delete a tag
Reduce the number of logged events
Rank events to quantify their importance
Web Reputation event risk values
Firewall rule severity values
Intrusion Prevention rule severity values
Integrity Monitoring rule severity values
Log Inspection rule severity values
Asset values
Forward events to a Syslog or SIEM server
Forward Workload Security events to a Syslog or SIEM server
Allow event forwarding network traffic
Define a Syslog configuration
Forward system events
Forward security events
Troubleshoot event forwarding
Syslog message formats
CEF syslog message format
LEEF 2.0 syslog message format
Events originating in Workload Security
Events originating in the agent
Configure Red Hat Enterprise Linux to receive event logs
Set up a Syslog on Red Hat Enterprise Linux 6 or 7
Set up a Syslog on Red Hat Enterprise Linux 5
Access events with Amazon SNS
Set up Amazon SNS
Create an AWS user
Create an Amazon SNS topic
Enable SNS
Create subscriptions
SNS configuration in JSON format
Version
Statement
Multiple statements vs. multiple conditions
Example SNS configurations
Events in JSON format
Valid event properties
Example events in JSON format
Configure alerts
View alerts in the Workload Security console
Configure alert settings
Set up email notification for alerts
Generate reports about alerts and other activity
Set up a single report
Set up a scheduled report
Check billing and usage for Workload Security
Troubleshoot: Scheduled report sending failed
Lists of events and alerts
Predefined alerts
Agent events
System events
Application Control events
What information is displayed for Application Control events?
List of all Application Control events
Anti-Malware events
What information is displayed for Anti-Malware events?
List of all Anti-Malware events
Firewall events
What information is displayed for firewall events?
List of all firewall events
Intrusion Prevention events
What information is displayed for intrusion prevention events?
List of all intrusion prevention events
Integrity Monitoring events
What information is displayed for Integrity Monitoring events?
List of all Integrity Monitoring events
Log Inspection events
What information is displayed for log inspection events?
List of log inspection security events
Web Reputation events
What information is displayed for Web Reputation events?
Add a URL to the list of allowed URLs
Troubleshoot common events, alerts, and errors
Why am I seeing firewall events when the firewall module is off?
Troubleshoot event ID 771 "Contact by Unrecognized Client"
Uninstall Deep Security Agent
Reactivate the computer or clone
Troubleshoot "Smart Protection Server disconnected" errors
Check the error details
Activation Failed
Protocol Error
Unable to resolve hostname
No agent/appliance
Blocked port
Maximum five protected computers
Endpoint behind proxy
Reinstallation required
Agent version not supported
Anti-Malware Engine Offline
If your agent is on Windows:
If your agent is on Linux:
Check Status Failed
Installation of Feature 'dpi' failed
Additional information
Intrusion Prevention Rule Compilation Failed
Apply Intrusion Prevention best practices
Manage rules
Unassign application types from a single port
Log Inspection Rules Require Log Files
If the file's location is required:
If the files listed do not exist on the protected machine:
Module installation failed (Linux)
There are one or more application type conflicts on this computer
Resolution
Unable to connect to the cloud account
Your AWS account access key ID or secret access key is invalid
The incorrect AWS IAM policy has been applied to the account being used by Workload Security
NAT, proxy, or firewall ports are not open, or settings are incorrect
Unable to resolve instance hostname
Integrity Monitoring information collection has been delayed
Max TCP connections
Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
Cause 1: The agent or relay-enabled agent doesn't have Internet access
Cause 2: A proxy was enabled but not configured properly
Insufficient disk space
Tips
Reconnaissance Detected
Types of reconnaissance scans
Suggested actions
Configure proxies
Configure proxies
Register a proxy in Workload Security
Supported proxy protocols
Connect to the 'primary security update source' via proxy
Connect to Workload Security via proxy
Connect to relays via proxy
Connect to the Smart Protection Network via proxy
Remove a proxy
Proxy settings
Proxy server use
Configure relays
How relays work
Relay hierarchy, cost, and performance
Deploy additional relays
Plan the best number and location of relays
Configure the update source
Configure relays
Remove relay functionality
Manage agents (protected computers)
Computer and agent statuses
Status column - computer states
Status column - agent states
Task(s) column
Computer errors
Protection module status
Perform other actions on your computers
Computers icons
Status information for different types of computers
Configure agent version control
Set up agent version control
Use agent version control with URL requests
Agent version control FAQs
Configure teamed NICs
Windows
Solaris
Communication between Workload Security and the agent
Configure the heartbeat
Configure communication directionality
Supported cipher suites for communication
Configure agents that have no internet access
Solutions
Use a proxy
Install a Smart Protection Server locally
Disable the features that use Trend Micro security services
Activate and protect agents using agent-initiated activation and communication
Enable agent-initiated activation and communication
Automatically upgrade agents on activation
Enable automatic agent upgrade
Check that agents were upgraded successfully
Using Deep Security Agent with iptables
Rules required by Deep Security Agent
Prevent Deep Security Agent from automatically adding iptables rules
Enable Managed Detection and Response
Enable or disable agent self-protection
Configure self-protection through the Workload Security console
Configure self-protection using the command line
Are "Offline" agents still protected by Workload Security?
Automate offline computer removal with inactive agent cleanup
Enable inactive agent cleanup
Check the audit trail for computers removed by an inactive cleanup job
Agent settings
Agent-initiated activation (AIA)
Agent Upgrade
Inactive Agent Cleanup
Data Privacy
Linux Secure Boot support for agents
Upgrade the agent if you're using Secure Boot
Workload Security Notifier
How the notifier works
Navigate and customize the Workload Security console
Customize the dashboard
Date and time range
Computers and computer groups
Filter by tags
Select dashboard widgets
Change the layout
Save and manage dashboard layouts
Group computers dynamically with smart folders
Create a smart folder
Edit a smart folder
Clone a smart folder
Focus your search using sub-folders
Automatically create sub-folders
Searchable Properties
Operators
Customize advanced system settings
Export
Manager AWS Identity
Application control
Harden Workload Security
About Workload Security hardening
Manage trusted certificates
Import trusted certificates
View trusted certificates
Remove trusted certificates
SSL implementation and credential provisioning
Protect Deep Security Agent
If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro
Upgrade Workload Security
About upgrades
How Workload Security checks for software upgrades
Best practices for upgrades
How Workload Security validates update integrity
Apply security updates
Initiate security updates
Check your security update status
View details about pattern updates
Revert, import, or view details about rule updates
Configure security updates
Disable emails for New Pattern Update alerts
Use a web server to distribute software updates
Web server requirements
Copy the folder structure
Configure agents to use the new software repository
Upgrade the relay
Upgrade a relay from Workload Security
Upgrade a relay by running the installer manually
Upgrade the agent
Before you begin an upgrade
Upgrade the agent starting from an alert
Upgrade multiple agents at once
Upgrade the agent from the Computers page
Upgrade the agent on activation
Upgrade the agent manually
Upgrade best practices for agents
Uninstall the Deep Security Agent
Uninstall Deep Security Agent
Uninstall Deep Security Notifier
Integrations
Integrate with AWS PrivateLink
Connecting to Workload Security without AWS PrivateLink
How does AWS PrivateLink work with Workload Security?
VPC Service Endpoints for use with AWS PrivateLink
Workload Security VPC Service Endpoint region support
Configure PrivateLink for use with Workload Security
What if my traffic originates from a region without a VPC service endpoint?
Integrate with AWS Control Tower
Overview
Integrate with AWS Control Tower
Upgrade AWS Control Tower integration
Remove AWS Control Tower integration
Integrate with AWS Systems Manager Distributor
Create an IAM policy
Create a role and assign the policy
Create parameters
Integrate with AWS Systems Manager Distributor
Protect your computers
Integrate with Apex Central
Integrate with Smart Protection Server
Integrate with Trend Micro Vision One
Register to Trend Micro Vision One (XDR)
Forward security events to Trend Micro Vision One (XDR)
Enable Activity Monitoring
FAQs
How are features released in Workload Security?
Previews
General Availability
Why does my Windows machine lose network connectivity when I turn on protection?
How does agent protection work for Solaris zones?
Intrusion Prevention (IPS), Firewall, and Web Reputation
Anti-Malware, Integrity Monitoring, and Log Inspection
How do I protect Azure Government instances?
How does the agent use the Amazon Instance Metadata Service?
How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
Why can I not add my Azure server using the Azure cloud connector?
Why can I not view all of the VMs in an Azure subscription in Workload Security?
Troubleshooting
Offline agent
Causes
Verify that the agent is running
Verify DNS
Allow outbound ports (agent-initiated heartbeat)
Allow ICMP on Amazon AWS EC2 instances
Fix the upgrade issue on Solaris 11
High CPU usage
Diagnose problems with agent deployment (Windows)
Anti-Malware Windows platform update failed
An incompatible Anti-Malware component from another Trend Micro product
An incompatible Anti-Malware component from a third-party product
Other/unknown Error
Security update connectivity
Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
Issues adding your AWS account to Workload Security
AWS is taking longer than expected
Resource is not supported in this region
Template validation issue
Workload Security was unable to add your AWS account
Create a diagnostic package and logs
Deep Security Agent diagnostics
Removal of older software versions
Troubleshoot SELinux alerts
Trust and compliance information
About compliance
Agent package integrity check
Troubleshoot
Supported Deep Security Relay versions
Meet PCI DSS requirements with Workload Security
GDPR
Set up AWS Config Rules
Bypass vulnerability management scan traffic in Workload Security
Create a new IP list from the vulnerability scan provider IP range or addresses
Create firewall rules for incoming and outbound scan traffic
Assign the new firewall rules to a policy to bypass vulnerability scans
Use TLS 1.2 with Workload Security
TLS architecture
Enable the TLS 1.2 architecture
Next steps (deploy new agents and relays)
Privacy and personal data collection disclosure
Release notes and scheduled maintenance
Scheduled maintenance
Next scheduled maintenance
What's new in Workload Security
API changelog
June 3, 2020
June 1, 2020
May 19, 2020
April 9, 2020
February 27, 2020
January 07, 2020
January 09, 2020