Retro Scan is a cloud-based service that scans historical web access logs for callback
attempts
to C&C servers and other related activities in your network. Web access logs may include
undetected and unblocked connections to C&C servers that have only recently been discovered.
Examination of such logs is an important part of forensic investigations to determine
if your
network is affected by attacks.
Retro Scan stores the following log information in the Smart Protection Network:
Retro Scan then periodically scans the stored log entries to check for callback attempts
to
C&C servers in the following lists:
-
Trend Micro Global Intelligence List: Trend Micro compiles the list from multiple sources
and evaluates the risk level of each C&C callback address. The C&C list is updated
and
delivered to enabled products daily.
-
User-defined list: Retro Scan can also scan logs against your own C&C server list.
Addresses must be stored in a text file.
 |
Important
The Retro Scan screen in Deep Discovery Inspector
only displays information for scans that use the Trend Micro Global Intelligence List.
|
