Support Open Console
English
日本語
Support
Open Console
  • Home
  • Workload Security
  • Billing account change
Table of contents
About Workload Security
  • About the Workload Security components
  • About the Workload Security protection modules
    • Intrusion Prevention
    • Anti-Malware
    • Firewall
    • Web Reputation
    • Integrity Monitoring
    • Log Inspection
    • Application Control
  • About billing and pricing
    • What Workload Security considers as a protection-hour
    • When protection-hours start and stop
    • Trial or subscription expired
    • Legacy Workload Security billing methods
  • Workload Security release strategy and life cycle policy
Compatibility
  • Agent platforms
    • Agent platform support table
    • Docker support
    • Systemd support
    • SELinux support
    • Linux minor version support
  • Agent Linux kernel support
  • Supported features by platform
    • Microsoft Windows
    • Red Hat Enterprise Linux
    • CentOS Linux
    • Oracle Linux
    • SUSE Linux
    • Ubuntu Linux
    • Debian Linux
    • CloudLinux
    • Amazon Linux
    • Solaris
    • AIX
  • System requirements
    • Trend Micro - Cloud One console requirements
    • Deep Security Agent requirements
    • Deep Security Relay requirements
  • Sizing
    • Deep Security Agent and Relay sizing
  • Port numbers, URLs, and IP addresses
    • Workload Security port numbers
    • Workload Security URLs
    • Workload Security IP addresses
Get started
  • Try the Workload Security demo
  • Transitioning from Deep Security as a Service
  • Start protecting computers
    • Add AWS EC2 instances to Workload Security
    • Add Azure virtual machines to Workload Security
    • Add Google Cloud Platform (GCP) virtual machines to Workload Security
    • Deploy Deep Security Agents to your AWS EC2 instances or Azure virtual machines
    • Protect your instances with policies
  • Check digital signatures on software packages
    • Check the signature on software ZIP packages
    • Check the signature on installer files (EXE, MSI, RPM or DEB files)
  • Deploy a relay
  • Deploy the agent
    • Get agent software
      • View a list of available agent software
      • Export the agent installer
      • Solaris-version-to-agent-package mapping table
      • AIX agent package naming format
    • Install the agent
      • Install the agent manually
      • Install the agent using other methods
      • Post-installation tasks
    • Install the agent on Amazon EC2 and WorkSpaces
      • Add your AWS accounts to Workload Security
      • Configure the activation type
      • Open ports
      • Deploy agents to your Amazon EC2 instances and WorkSpaces
      • Verify that the agent was installed and activated properly
      • Assign a policy
    • Install the agent on an AMI or WorkSpace bundle
      • Add your AWS account to Workload Security
      • Configure the activation type
      • Launch a 'master' Amazon EC2 instance or Amazon WorkSpace
      • Deploy an agent on the master
      • Verify that the agent was installed and activated properly
      • (Recommended) Set up policy auto-assignment
      • Create an AMI or custom WorkSpace bundle based on the master
      • Use the AMI
    • Install the agent on Azure VMs
    • Install the agent on Google Cloud Platform VMs
    • Activate the agent
      • Deactivate the agent
      • Start or stop the agent
Automate
  • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
  • Automate using the API and SDK
    • API reference
    • The API and SDK - DevOps tools for automation
      • The API and SDK
      • API versions
      • Legacy REST and SOAP APIs
      • Next Step
    • Send your first request using the API
      • Set up your development environment
      • Authenticate with Workload Security
      • Perform a GET request: list policies
      • Perform a POST request: search firewall rules
      • Get the Workload Security version
      • Next Steps
    • Notes about resource property values
      • How to express a null value
      • Valid values for Boolean properties
      • Include only changed values when modifying resources
    • About the overrides parameter
    • Search for resources
      • Searchable fields
      • Search computer sub-objects
      • Field names in Python code
      • Use wildcards in string searches
      • Perform a date-range search
      • Search for null values
      • Sort order
      • Limit search results and paging
    • API rate limits
      • Handle rate limit errors in your code
    • Performance tips
      • Minimize computer response size
      • Use the overrides parameter
      • Directly configure rule assignments
      • Interact directly with single settings
      • Page your search results
    • Troubleshooting tips
      • Obtain error information
      • Authentication errors
      • Authorization errors
      • Resource not found errors
      • Bad request errors
      • Check SDK compatibility
    • API cookbook
      • About the API cookbook
      • Set Up to Use Bash or PowerShell
        • Bash or PowerShell?
        • Check your environment
        • Create an API key
        • Test your setup
        • Final comments
      • Get a List of Computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Search for a Policy (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a policy to a computer (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a policy to many computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
        • Related Resources
    • SDK guides
      • Python SDK
        • Get set up to use the Python SDK
      • SDK version compatibility
        • Upgrade scenarios
      • Run the code examples
      • Index of code examples
        • Anti-Malware
        • API Client
        • API keys
        • Application Control
        • Computers
        • Firewall
        • Integrity Monitoring
        • Intrusion Prevention (IDS/IPS)
        • Lists
        • Log Inspection
        • Policies
        • Recommendations
        • Reporting
        • Roles
        • Rules
        • Scheduled tasks
        • Schedules
        • Security updates
        • Search
        • Settings
        • Web Reputation
      • Deploy Workload Security
        • Use the API to generate an agent deployment script
          • General steps
          • Example
        • Integrate Workload Security with AWS Services
          • Workflow pattern
          • Amazon GuardDuty
          • Amazon Macie
          • Amazon Inspector
          • AWS WAF
          • AWS Config
        • Add Computers
        • Add a Google Cloud Platform Connector
          • Submit a Sync Action for a GCP Connector
        • Control Access Using Roles
          • General steps
          • Example: Create a role
        • Create and manage API keys
          • About API keys
          • Create an API Key Using Code
          • Create an API key using the console
          • Manage API keys after their creation
        • Configure Workload Security system settings
          • Retrieve, modify, or reset a single system setting
          • List or modify multiple system settings
        • Monitor Workload Security events
      • Configure protection
        • Create and configure a policy
          • Create a policy
          • Assign a policy to a computer
          • Configure policy and default policy settings
          • Reset policy overrides
        • Configure Firewall
          • General steps
          • Example
          • Create a firewall rule
          • Limitations to configuring stateful configurations
        • Configure Intrusion Prevention
          • General steps
          • Example
          • Create an Intrusion Prevention rule
        • Configure Anti-Malware
          • General steps
          • Example
          • Create and modify malware scan configurations
        • Configure Web Reputation
          • General steps
          • Example
        • Configure Application Control
          • Configure Application Control for a policy
          • Allow or Block Unrecognized Software
          • Create a shared ruleset
          • Add Global Rules
          • Configure maintenance mode during upgrades
        • Configure Integrity Monitoring
          • General steps
          • Example
          • Create an Integrity Monitoring rule
        • Configure Log Inspection
          • General steps
          • Example
          • Create a Log Inspection rule
        • Create and modify lists
        • Create and configure schedules
        • Override policies on a computer
          • Discover overrides
          • Configure computer overrides
          • Rule overrides
      • Maintain protection
        • Report on computer status
          • Discover unprotected computers
          • Get computer configurations
          • Discover the Anti-Malware configuration of a computer
          • Get applied intrusion prevention rules
        • Patch unprotected computers
          • Example: Find the Intrusion Prevention rule for a CVE
          • Example: Find computers that are not protected against a CVE
          • Example: Add intrusion prevention rules to computers' policies
        • Assign rules with recommendation scans
          • Find when recommendation scans last ran
          • Apply recommendations
        • Maintain protection using scheduled tasks
          • Related classes
          • Create a scheduled task
          • Create, run, and delete a scheduled task
          • Run an existing scheduled task
    • Settings reference
      • Default policy, policy, and computer settings
      • System settings
    • Use the legacy APIs
      • Provide access for legacy APIs
      • Transition from the SOAP API
        • Terminology
        • Specific tasks
        • Java class structure
        • Capabilities
        • Related code examples
      • Use the legacy REST API
        • When to use the legacy REST API
        • Set up your environment to use the REST API
        • Develop a REST API client application
        • Special Considerations
  • Automate using the console
    • Schedule Workload Security to perform tasks
      • Create scheduled tasks
      • Enable or disable a scheduled task
      • Set up scheduled reports
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
      • Create an event-based task
      • Edit or stop an existing event-based task
      • Events that you can monitor
      • Conditions
      • Actions
      • Order of execution
      • Temporarily disable an event-based task
    • AWS Auto Scaling and Workload Security
      • Pre-install the agent
      • Install the agent with a deployment script
      • Delete instances from Workload Security as a result of Auto Scaling
    • Azure virtual machine scale sets and Workload Security
      • Step 1: (Recommended) Add your Azure account to Workload Security
      • Step 2: Prepare a deployment script
      • Step 3: Add the agent through a custom script extension to your VMSS instances
    • GCP auto scaling and Workload Security
      • Pre-install the agent
      • Install the agent with a deployment script
      • Delete instances from Workload Security as a result of GCP MIGs
    • Use deployment scripts to add and protect computers
      • Generate a deployment script
      • Troubleshooting and tips
    • URL format for download of the agent
      • Agent download URL format
      • Exceptions for backwards compatibility
      • Using agent version control to define which agent version is returned
    • Automatically assign policies by AWS instance tags
  • Command-line basics
    • dsa_control
    • dsa_query
User Guide
  • Add computers
    • About adding computers
      • Add computers to Workload Security
      • Group computers
      • Export your computers list
      • Delete a computer
    • Add local network computers
      • Agent-initiated activation
      • Manually add a computer
    • Add AWS instances
      • About adding AWS accounts
        • Overview of methods for adding AWS accounts
        • What happens when you add an AWS account?
        • What are the benefits of adding an AWS account?
        • What AWS regions are supported?
      • Add an AWS account using the quick setup
      • Add an AWS account using a cross-account role
        • Add the account through the API
      • Add Amazon WorkSpaces
        • Protect Amazon WorkSpaces if you already added your AWS account
        • Protect Amazon WorkSpaces if you have not yet added your AWS account
      • Manage an AWS account
        • Edit an AWS account
        • Remove an AWS account
        • Synchronize an AWS account
      • Manage an AWS account external ID
        • What is the external ID?
        • Configure the external ID
        • Update the external ID
        • Retrieve the external ID
        • Disable retrieval of the external ID
      • Protect an account running in AWS Outposts
      • What does the Cloud Formation template do when I add an AWS account?
    • Add Azure instances
      • Create an Azure app for Workload Security
        • Assign the correct roles
        • Create the Azure app
        • Record the Azure app ID, Active Directory ID, and password
        • Record the Subscription ID(s)
        • Assign the Azure app a role and connector
      • Add a Microsoft Azure account to Workload Security
        • What are the benefits of adding an Azure account?
        • Add virtual machines from a Microsoft Azure account to Workload Security
        • Manage Azure classic virtual machines with the Azure Resource Manager connector
        • Remove an Azure account
        • Synchronize an Azure account
      • Why should I upgrade to the new Azure Resource Manager connection functionality?
    • Add GCP instances
      • Create a Google Cloud Platform service account
        • Prerequisite: Enable the Google APIs
        • Create a GCP service account
        • Add more projects to the GCP service account
        • Create multiple GCP service accounts
      • Add a Google Cloud Platform account
        • What are the benefits of adding a GCP account?
        • Configure a proxy setting for the GCP account
        • Add a GCP account to Workload Security
        • Remove a GCP account
        • Synchronize a GCP account
    • Add VMware VMs
      • Add virtual machines hosted on VMware vCloud
        • What are the benefits of adding a vCloud account?
        • Proxy setting for cloud accounts
        • Create a VMware vCloud Organization account for Workload Security
        • Import computers from a VMware vCloud Organization Account
        • Import computers from a VMware vCloud Air data center
        • Remove a cloud account
      • Set up a data center gateway
        • Set up a data center gateway
        • Check the data center gateway status and connection
        • Upgrade the data center gateway
        • Security best practices
        • High availability deployment plan
      • Add a VMware vCenter to Workload Security
        • Add a data center gateway
        • Add a VMware vCenter
        • Protect workloads in VMware
    • Manually upgrade your AWS account connection
      • Verify the permissions associated with the AWS role
    • How do I migrate to the new cloud connector functionality?
    • Protect Docker containers
      • Workload Security protection for the Docker host
      • Workload Security protection for Docker containers
      • Limitation on Intrusion Prevention recommendation scans
  • Configure policies
    • Create policies
      • Create a new policy
      • Other ways to create a policy
      • Edit the settings for a policy or individual computer
      • Assign a policy to a computer
      • Disable automatic policy updates
      • Send policy changes manually
      • Export a policy
    • Policies, inheritance, and overrides
      • Inheritance
      • Overrides
      • View the overrides on a computer or policy at a glance
    • Manage and run recommendation scans
      • What gets scanned?
      • Scan limitations
      • Run a recommendation scan
      • Automatically implement recommendations
      • Check scan results and manually assign rules
      • Configure recommended rules
      • Implement additional rules for common vulnerabilities
      • Troubleshooting: Recommendation Scan Failure
    • Detect and configure the interfaces available on a computer
      • Configure a policy for multiple interfaces
      • Enforce interface isolation
    • Overview section of the computer editor
      • General tab
      • Actions tab
      • System Events tab
    • Overview section of the policy editor
      • General tab
      • Computer(s) Using This Policy tab
      • Events tab
    • Network engine settings
    • Define rules, lists, and other common objects used by policies
      • About common objects
        • Rules
        • Lists
        • Other
      • Create a firewall rule
      • Configure intrusion prevention rules
      • Create an Integrity Monitoring rule
      • Define a Log Inspection rule for use in policies
      • Create a list of directories for use in policies
        • Import and export directory lists
        • See which policies use a directory list
      • Create a list of file extensions for use in policies
        • Import and export file extension lists
        • See which malware scan configurations use a file extension list
      • Create a list of files for use in policies
        • Import and export file lists
        • See which policies use a file list
      • Create a list of IP addresses for use in policies
        • Import and export IP lists
        • See which rules use an IP list
      • Create a list of ports for use in policies
        • Import and export port lists
        • See which rules use a port list
      • Create a list of MAC addresses for use in policies
        • Import and export MAC lists
        • See which policies use a MAC list
      • Define contexts for use in policies
        • Configure settings used to determine whether a computer has internet connectivity
        • Define a context
      • Define stateful firewall configurations
      • Define a schedule that you can apply to rules
  • Configure protection modules
    • Configure Intrusion Prevention
      • About Intrusion Prevention
        • Intrusion Prevention rules
        • Use behavior modes to test rules
        • Intrusion Prevention events
        • Support for secure connections
        • Contexts
        • Interface tagging
      • Set up Intrusion Prevention
        • Enable Intrusion Prevention in Detect mode
        • Test Intrusion Prevention
        • Apply recommended rules
        • Monitor your system
        • Enable 'fail open' for packet or system failures
        • Switch to Prevent mode
        • Implement best practices for specific rules
      • Configure intrusion prevention rules
        • See the list of intrusion prevention rules
        • See information about an intrusion prevention rule
        • See the list of intrusion prevention rules
        • General Information
        • See information about the associated vulnerability (Trend Micro rules only)
        • Assign and unassign rules
        • Automatically assign updated required rules
        • Configure event logging for rules
        • Generate alerts
        • Setting configuration options (Trend Micro rules only)
        • Schedule active times
        • Exclude from recommendations
        • Set the context for a rule
        • Override the behavior mode for a rule
        • Override rule and application type configurations
        • Export and import rules
      • Configure an SQL injection prevention rule
        • What is an SQL injection attack?
        • What are common characters and strings used in SQL injection attacks?
        • How does the Generic SQL Injection Prevention rule work?
        • Examples of the rule and scoring system in action
        • Configure the Generic SQL Injection Prevention rule
        • Character encoding guidelines
      • Application types
        • See a list of application types
        • General Information
        • Connection
        • Configuration
        • Options
        • Assigned To
      • Inspect SSL or TLS traffic
        • Configure SSL inspection
        • Change port settings
        • Use Intrusion Prevention when traffic is encrypted with Perfect Forward Secrecy (PFS)
        • Supported cipher suites
        • Supported protocols
      • Configure anti-evasion settings
      • Performance tips for intrusion prevention
        • Maximum size for configuration packages
    • Configure Anti-Malware
      • About Anti-Malware
      • Set up Anti-Malware
        • Enable and configure anti-malware
          • Turn on the Anti-Malware module
          • Select the types of scans to perform
          • Configure scan exclusions
          • Ensure that Workload Security can keep up to date on the latest threats
        • Configure malware scans
          • Create or edit a malware scan configuration
          • Scan for specific types of malware
          • Specify the files to scan
          • Scan a network directory (real-time scan only)
          • Specify when real-time scans occur
          • Configure how to handle malware
          • Identify malware files by file hash digest
          • Configure notifications on the computer
        • Performance tips for anti-malware
          • Minimize disk usage
          • Optimize CPU usage
          • Optimize RAM usage
        • Disable Windows Defender on Windows Server 2016 or later
      • Detect emerging threats using Predictive Machine Learning
        • Enable Predictive Machine Learning
      • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • How does enhanced scanning protect you?
        • How to enable enhanced scanning
        • What happens when enhanced scanning finds a problem?
      • Smart Protection in Workload Security
        • Anti-Malware and Smart Protection
        • Web Reputation and Smart Protection
        • Smart Feedback
      • Handle malware
        • View and restore identified malware
          • See a list of identified files
          • Working with identified files
          • Search for an identified file
          • Restore identified files
        • Create anti-malware exceptions
          • Create an exception from an Anti-Malware event
          • Manually create an Anti-Malware exception
          • Exception strategies for spyware and grayware
          • Scan exclusion recommendations
        • Increase debug logging for anti-malware in protected Linux instances
    • Configure Firewall
      • About Firewall
        • Firewall rules
      • Set up the Workload Security firewall
        • Test Firewall rules before deploying them
        • Enable 'fail open' behavior
        • Turn on Firewall
        • Default Firewall rules
        • Restrictive or permissive Firewall design
        • Firewall rule actions
        • Firewall rule priorities
        • Recommended Firewall policy rules
        • Reconnaissance scans
        • Stateful inspection
        • Example
        • Important things to remember
      • Create a firewall rule
        • Add a new rule
        • Select the behavior and protocol of the rule
        • Select a Packet Source and Packet Destination
        • Configure rule events and alerts
        • Set a schedule for the rule
        • Assign a context to the rule
        • See policies and computers a rule is assigned to
        • Export a rule
        • Delete a rule
      • Allow trusted traffic to bypass the firewall
        • Create a new IP list of trusted traffic sources
        • Create incoming and outbound firewall rules for trusted traffic using the IP list
        • Assign the firewall rules to a policy used by computers that trusted traffic flows through
      • Firewall rule actions and priorities
        • Firewall rule actions
        • Firewall rule sequence
        • How firewall rules work together
        • Rule priority
        • Putting rule action and priority together
      • Firewall settings
        • General
        • Interface Isolation
        • Reconnaissance
        • Advanced
        • Events
      • Define stateful firewall configurations
        • Add a stateful configuration
        • Enter stateful configuration information
        • Select packet inspection options
        • Export a stateful configuration
        • Delete a stateful configuration
        • See policies and computers a stateful configuration is assigned to
      • Container Firewall rules
        • Kubernetes Firewall rules
        • Swarm Firewall rules
    • Configure Web Reputation
      • Turn on the Web Reputation module
      • Switch between inline and tap mode
      • Enforce the security level
      • Create exceptions
      • Configure the Smart Protection Server
      • Edit advanced settings
      • Test Web Reputation
    • Configure Integrity Monitoring
      • About Integrity Monitoring
      • Set up Integrity Monitoring
        • How to enable Integrity Monitoring
        • When Integrity Monitoring scans are performed
        • Integrity Monitoring scan performance settings
        • Integrity Monitoring event tagging
      • Create an Integrity Monitoring rule
        • Add a new rule
        • Enter Integrity Monitoring rule information
        • Select a rule template and define rule attributes
        • Configure Trend Micro Integrity Monitoring rules
        • Configure rule events and alerts
        • See policies and computers a rule is assigned to
        • Export a rule
        • Delete a rule
      • Integrity Monitoring rules language
        • About the Integrity Monitoring rules language
          • Entity Sets
          • Hierarchies and wildcards
          • Syntax and concepts
          • Include tag
          • Exclude tag
          • Case sensitivity
          • Entity features
          • ANDs and ORs
          • Order of evaluation
          • Entity attributes
          • Shorthand attributes
          • onChange attribute
          • Environment variables
          • Registry values
          • Use of ".."
          • Best practices
        • DirectorySet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
        • FileSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Drives Mounted as Directories
          • Alternate Data Streams
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for FileSets:
        • GroupSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Include and Exclude
        • InstalledSoftwareSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for InstalledSoftwareSets:
        • PortSet
          • Tag Attributes
          • Entity Set Attributes
          • Meaning of "Key"
          • IPV6
          • Matching of the Key
          • Sub Elements
          • Special attributes of Include and Exclude for PortSets:
        • ProcessSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for ProcessSets:
        • RegistryKeySet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
        • RegistryValueSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Default Value
          • Sub Elements
        • ServiceSet
          • Tag Attributes
          • Entity Set Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Special attributes of Include and Exclude for ServiceSets:
        • UserSet
          • Tag Attributes
          • Entity Set Attributes
          • Common Attributes
          • Windows-only Attributes
          • Linux, AIX, and Solaris Attributes
          • Short Hand Attributes
          • Meaning of "Key"
          • Sub Elements
          • Include and Exclude
          • Special attributes of Include and Exclude for UserSets
        • WQLSet
          • Entity Set Attributes
          • Meaning of Key
          • Include Exclude
    • Configure Log Inspection
      • About Log Inspection
      • Set up Log Inspection
        • Turn on the log inspection module
        • Run a recommendation scan
        • Apply the recommended log inspection rules
        • Test Log Inspection
        • Configure log inspection event forwarding and storage
      • Define a Log Inspection rule for use in policies
        • Create a new Log Inspection rule
        • Decoders
        • Subrules
        • Real world examples
        • Log Inspection rule severity levels and their recommended use
        • strftime() conversion specifiers
        • Examine a Log Inspection rule
    • Configure Application Control
      • About Application Control
        • Key concepts
        • How does application control work?
        • A tour of the application control interface
        • What does application control detect as a software change?
      • Set up Application Control
        • Turn on Application Control
        • Monitor new and changed software
        • Turn on maintenance mode when making planned changes
        • Application Control tips and considerations
      • Verify that Application Control is enabled
      • Monitor Application Control events
      • View and change Application Control rulesets
        • View Application Control rulesets
        • Change the action for an Application Control rule
        • Delete an individual Application Control rule
        • Delete an Application Control ruleset
      • Reset Application Control after too much software change
      • Use the API to create shared and global rulesets
        • Create a shared ruleset
        • Change from shared to computer-specific allow and block rules
        • Deploy Application Control shared rulesets via relays
        • Considerations when using relays with shared rulesets
  • Configure events and alerts
    • About Workload Security event logging
      • Where are event logs on the agent?
      • When are events sent to Workload Security?
      • How long are events stored?
      • System events
      • Security events
      • See the events associated with a policy or computer
      • View details about an event
      • Filter the list to search for an event
      • Export events
      • Improve logging performance
    • Log and event storage best practices
      • Limit log file sizes
      • Event logging tips
    • Anti-Malware scan failures and cancellations
      • Anti-Malware scan failure events
      • Anti-Malware scan cancellation events
    • Apply tags to identify and group events
      • Manual tagging
      • Auto-tagging
      • Trusted source tagging
      • Delete a tag
    • Reduce the number of logged events
    • Rank events to quantify their importance
      • Web Reputation event risk values
      • Firewall rule severity values
      • Intrusion Prevention rule severity values
      • Integrity Monitoring rule severity values
      • Log Inspection rule severity values
      • Asset values
    • Forward events to a Syslog or SIEM server
      • Forward Workload Security events to a Syslog or SIEM server
        • Allow event forwarding network traffic
        • Define a Syslog configuration
        • Forward system events
        • Forward security events
        • Troubleshoot event forwarding
      • Syslog message formats
        • CEF syslog message format
        • LEEF 2.0 syslog message format
        • Events originating in Workload Security
        • Events originating in the agent
      • Configure Red Hat Enterprise Linux to receive event logs
        • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
        • Set up a Syslog on Red Hat Enterprise Linux 5
    • Access events with Amazon SNS
      • Set up Amazon SNS
        • Create an AWS user
        • Create an Amazon SNS topic
        • Enable SNS
        • Create subscriptions
      • SNS configuration in JSON format
        • Version
        • Statement
        • Multiple statements vs. multiple conditions
        • Example SNS configurations
      • Events in JSON format
        • Valid event properties
        • Example events in JSON format
    • Configure alerts
      • View alerts in the Workload Security console
      • Configure alert settings
      • Set up email notification for alerts
    • Generate reports about alerts and other activity
      • Set up a single report
      • Set up a scheduled report
      • Check billing and usage for Workload Security
      • Troubleshoot: Scheduled report sending failed
    • Lists of events and alerts
      • Predefined alerts
      • Agent events
      • System events
      • Application Control events
        • What information is displayed for Application Control events?
        • List of all Application Control events
      • Anti-Malware events
        • What information is displayed for Anti-Malware events?
        • List of all Anti-Malware events
      • Firewall events
        • What information is displayed for firewall events?
        • List of all firewall events
      • Intrusion Prevention events
        • What information is displayed for intrusion prevention events?
        • List of all intrusion prevention events
      • Integrity Monitoring events
        • What information is displayed for Integrity Monitoring events?
        • List of all Integrity Monitoring events
      • Log Inspection events
        • What information is displayed for log inspection events?
        • List of log inspection security events
      • Web Reputation events
        • What information is displayed for Web Reputation events?
        • Add a URL to the list of allowed URLs
    • Troubleshoot common events, alerts, and errors
      • Why am I seeing firewall events when the firewall module is off?
      • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Uninstall Deep Security Agent
        • Reactivate the computer or clone
      • Troubleshoot "Smart Protection Server disconnected" errors
        • Check the error details
      • Activation Failed
        • Protocol Error
        • Unable to resolve hostname
        • No agent/appliance
        • Blocked port
        • Maximum five protected computers
        • Endpoint behind proxy
        • Reinstallation required
      • Agent version not supported
      • Anti-Malware Engine Offline
        • If your agent is on Windows:
        • If your agent is on Linux:
      • Check Status Failed
      • Installation of Feature 'dpi' failed
        • Additional information
      • Intrusion Prevention Rule Compilation Failed
        • Apply Intrusion Prevention best practices
        • Manage rules
        • Unassign application types from a single port
      • Log Inspection Rules Require Log Files
        • If the file's location is required:
        • If the files listed do not exist on the protected machine:
      • Module installation failed (Linux)
      • There are one or more application type conflicts on this computer
        • Resolution
      • Unable to connect to the cloud account
        • Your AWS account access key ID or secret access key is invalid
        • The incorrect AWS IAM policy has been applied to the account being used by Workload Security
        • NAT, proxy, or firewall ports are not open, or settings are incorrect
      • Unable to resolve instance hostname
      • Integrity Monitoring information collection has been delayed
      • Max TCP connections
      • Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Cause 1: The agent or relay-enabled agent doesn't have Internet access
        • Cause 2: A proxy was enabled but not configured properly
      • Insufficient disk space
        • Tips
      • Reconnaissance Detected
        • Types of reconnaissance scans
        • Suggested actions
  • Configure proxies
    • Configure proxies
      • Register a proxy in Workload Security
      • Supported proxy protocols
      • Connect to the 'primary security update source' via proxy
      • Connect to Workload Security via proxy
      • Connect to relays via proxy
      • Connect to the Smart Protection Network via proxy
      • Remove a proxy
    • Proxy settings
      • Proxy server use
  • Configure relays
    • How relays work
      • Relay hierarchy, cost, and performance
    • Deploy additional relays
      • Plan the best number and location of relays
      • Configure the update source
      • Configure relays
    • Remove relay functionality
  • Manage agents (protected computers)
    • Computer and agent statuses
      • Status column - computer states
      • Status column - agent states
      • Task(s) column
      • Computer errors
      • Protection module status
      • Perform other actions on your computers
      • Computers icons
      • Status information for different types of computers
    • Configure agent version control
      • Set up agent version control
      • Use agent version control with URL requests
      • Agent version control FAQs
    • Configure teamed NICs
      • Windows
      • Solaris
    • Communication between Workload Security and the agent
      • Configure the heartbeat
      • Configure communication directionality
      • Supported cipher suites for communication
    • Configure agents that have no internet access
      • Solutions
      • Use a proxy
      • Install a Smart Protection Server locally
      • Disable the features that use Trend Micro security services
    • Activate and protect agents using agent-initiated activation and communication
      • Enable agent-initiated activation and communication
    • Automatically upgrade agents on activation
      • Enable automatic agent upgrade
      • Check that agents were upgraded successfully
    • Using Deep Security Agent with iptables
      • Rules required by Deep Security Agent
      • Prevent Deep Security Agent from automatically adding iptables rules
    • Enable Managed Detection and Response
    • Enable or disable agent self-protection
      • Configure self-protection through the Workload Security console
      • Configure self-protection using the command line
    • Are "Offline" agents still protected by Workload Security?
    • Automate offline computer removal with inactive agent cleanup
      • Enable inactive agent cleanup
      • Check the audit trail for computers removed by an inactive cleanup job
    • Agent settings
      • Agent-initiated activation (AIA)
      • Agent Upgrade
      • Inactive Agent Cleanup
      • Data Privacy
    • Linux Secure Boot support for agents
      • Upgrade the agent if you're using Secure Boot
    • Workload Security Notifier
      • How the notifier works
  • Navigate and customize the Workload Security console
    • Customize the dashboard
      • Date and time range
      • Computers and computer groups
      • Filter by tags
      • Select dashboard widgets
      • Change the layout
      • Save and manage dashboard layouts
    • Group computers dynamically with smart folders
      • Create a smart folder
      • Edit a smart folder
      • Clone a smart folder
      • Focus your search using sub-folders
      • Automatically create sub-folders
      • Searchable Properties
      • Operators
    • Customize advanced system settings
      • Export
      • Manager AWS Identity
      • Application control
  • Harden Workload Security
    • About Workload Security hardening
    • Manage trusted certificates
      • Import trusted certificates
      • View trusted certificates
      • Remove trusted certificates
    • SSL implementation and credential provisioning
    • Protect Deep Security Agent
    • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro
  • Upgrade Workload Security
    • About upgrades
      • How Workload Security checks for software upgrades
      • Best practices for upgrades
      • How Workload Security validates update integrity
    • Apply security updates
      • Initiate security updates
      • Check your security update status
      • View details about pattern updates
      • Revert, import, or view details about rule updates
      • Configure security updates
    • Disable emails for New Pattern Update alerts
    • Use a web server to distribute software updates
      • Web server requirements
      • Copy the folder structure
      • Configure agents to use the new software repository
    • Upgrade the relay
      • Upgrade a relay from Workload Security
      • Upgrade a relay by running the installer manually
    • Upgrade the agent
      • Before you begin an upgrade
      • Upgrade the agent starting from an alert
      • Upgrade multiple agents at once
      • Upgrade the agent from the Computers page
      • Upgrade the agent on activation
      • Upgrade the agent manually
      • Upgrade best practices for agents
  • Uninstall the Deep Security Agent
    • Uninstall Deep Security Agent
    • Uninstall Deep Security Notifier
Integrations
  • Integrate with AWS PrivateLink
    • Connecting to Workload Security without AWS PrivateLink
    • How does AWS PrivateLink work with Workload Security?
    • VPC Service Endpoints for use with AWS PrivateLink
    • Workload Security VPC Service Endpoint region support
    • Configure PrivateLink for use with Workload Security
    • What if my traffic originates from a region without a VPC service endpoint?
  • Integrate with AWS Control Tower
    • Overview
    • Integrate with AWS Control Tower
    • Upgrade AWS Control Tower integration
    • Remove AWS Control Tower integration
  • Integrate with AWS Systems Manager Distributor
    • Create an IAM policy
    • Create a role and assign the policy
    • Create parameters
    • Integrate with AWS Systems Manager Distributor
    • Protect your computers
  • Integrate with Apex Central
  • Integrate with Smart Protection Server
  • Integrate with Trend Micro Vision One
    • Register to Trend Micro Vision One (XDR)
    • Forward security events to Trend Micro Vision One (XDR)
    • Enable Activity Monitoring
FAQs
  • How are features released in Workload Security?
    • Previews
    • General Availability
  • Why does my Windows machine lose network connectivity when I turn on protection?
  • How does agent protection work for Solaris zones?
    • Intrusion Prevention (IPS), Firewall, and Web Reputation
    • Anti-Malware, Integrity Monitoring, and Log Inspection
  • How do I protect Azure Government instances?
  • How does the agent use the Amazon Instance Metadata Service?
  • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
  • Why can I not add my Azure server using the Azure cloud connector?
  • Why can I not view all of the VMs in an Azure subscription in Workload Security?
Troubleshooting
  • Offline agent
    • Causes
    • Verify that the agent is running
    • Verify DNS
    • Allow outbound ports (agent-initiated heartbeat)
    • Allow ICMP on Amazon AWS EC2 instances
    • Fix the upgrade issue on Solaris 11
  • High CPU usage
  • Diagnose problems with agent deployment (Windows)
  • Anti-Malware Windows platform update failed
    • An incompatible Anti-Malware component from another Trend Micro product
    • An incompatible Anti-Malware component from a third-party product
    • Other/unknown Error
  • Security update connectivity
  • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
  • Issues adding your AWS account to Workload Security
    • AWS is taking longer than expected
    • Resource is not supported in this region
    • Template validation issue
    • Workload Security was unable to add your AWS account
  • Create a diagnostic package and logs
    • Deep Security Agent diagnostics
  • Removal of older software versions
  • Troubleshoot SELinux alerts
Trust and compliance information
  • About compliance
  • Agent package integrity check
    • Troubleshoot
    • Supported Deep Security Relay versions
  • Meet PCI DSS requirements with Workload Security
  • GDPR
  • Set up AWS Config Rules
  • Bypass vulnerability management scan traffic in Workload Security
    • Create a new IP list from the vulnerability scan provider IP range or addresses
    • Create firewall rules for incoming and outbound scan traffic
    • Assign the new firewall rules to a policy to bypass vulnerability scans
  • Use TLS 1.2 with Workload Security
    • TLS architecture
    • Enable the TLS 1.2 architecture
    • Next steps (deploy new agents and relays)
  • Privacy and personal data collection disclosure
Release notes and scheduled maintenance
  • Scheduled maintenance
    • Next scheduled maintenance
  • What's new in Workload Security
  • API changelog
    • June 3, 2020
    • June 1, 2020
    • May 19, 2020
    • April 9, 2020
    • February 27, 2020
    • January 07, 2020
    • January 09, 2020
Data Protection Legal Browser Requirements
© 2021 Trend Micro Incorporated. All rights reserved.