Impact Assessment

There are several ways to initiate impact assessment.

Impact Assessment on Suspicious Objects

Initiate impact assessment to check for suspicious activities associated with suspicious objects. Endpoints with suspicious activities are considered at risk.

Impact assessment on suspicious objects requires a Trend Micro product called Deep Discovery Endpoint Sensor.

To initiate the assessment, go to Administration > Suspicious Objects > Virtual Analyzer Objects.

Impact Assessment on Security Threats

Initiate impact assessment on security threats to check which endpoints they affect. This is especially useful for checking stealthy and sophisticated threats that have previously evaded detection.

Impact assessment on security threats requires both Deep Discovery Endpoint Sensor and Deep Discovery Inspector. These products use Retro Scan to perform the assessment.

If only one of these products is registered to Control Manager, a partial impact assessment will be performed.

To initiate the assessment:

  1. Go to the Security Threats (User) or Security Threats (Endpoint) screen.

  2. Click a threat name. This opens the Affected Users screen, with the Assess Impact option.

Learn more:

Retro Scan

Impact Assessment on IOC files

Initiate impact assessment to check for suspicious activities based on the indicators listed in the IOC files. Endpoints with suspicious activities are considered at risk.

Impact assessment on IOC files requires a Trend Micro product called Deep Discovery Endpoint Sensor.

To initiate the assessment, go to Administration > Indicators of Compromise.