Assessing Impact on Affected Users

You can perform a full or partial historical impact assessment of security threats in your environment on the Affected Users screen in Control Manager.

Deep Discovery Inspector assesses the impact of suspicious URLs, IP addresses, and domains based on historical network traffic information collected by Trend Micro Retro Scan.

Endpoint Sensor assesses the impact of suspicious files, IP addresses, and domains in your environment by contacting agents and performing a historical scan of the agent logs to determine if the suspicious objects have affected your environment for a period of time without detection.

Control Manager Version

Managed Products

Performing an impact assessment requires the following version of Control Manager:

  • Control Manager 7.0 (or later)

Control Manager requires at least one of the following products to perform an impact assessment.

  • Endpoint Sensor 1.5 (or later)

  • Deep Discovery Inspector 3.8 (or later)

    Important:

    You must have Retro Scan enabled in Deep Discovery Inspector to perform the impact assessment.

  1. On the Control Manager console, go to Dashboard.
  2. On the Users with Threats or Endpoints with Threats widgets, click a number.
  3. On the screen that appears, click a Security Threat name in the Security Threat Details table.
    Tip:

    You can identify suspicious object detections using the File Path / Email Subject / Rule Name column. Any detections by the "Virtual Analyzer" or "User-Defined" list are suspicious objects.

    The Affected Users screen appears.

  4. Click Assess Impact.

    Deep Discovery Inspector and Endpoint Sensor (if available) scan historical network traffic and logs for any detections of the suspicious object.

    For more information, see Retro Scan in Deep Discovery Inspector and Retro Scan in Endpoint Sensor.