Trend Micro Endpoint Encryption 5.0 Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • about
    • account types [1]
    • authentication [1]
    • client-server architecture [1]
    • Control Manager integration [1]
    • Encryption Management for Apple FileVault [1]
    • Encryption Management for Microsoft BitLocker [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Service [1]
    • File Encryption [1] [2]
    • FIPS [1]
    • Full Disk Encryption
      • Encryption Management for Apple FileVault [1]
      • Encryption Management for Microsoft BitLocker [1]
    • groups [1]
    • Legacy Web Service [1]
    • Maintenance Agreement [1]
    • OfficeScan [1]
    • PolicyServer [1] [2] [3]
    • PolicyServer MMC [1]
    • users [1]
    • widgets [1]
  • Accessibility
    • on-screen keyboard [1]
  • accounts
  • Active Directory [1] [2] [3] [4] [5]
  • agents [1]
  • agent tree [1] [2]
    • about [1]
    • specific tasks [1]
  • alerts [1]
  • appendices [1]
  • authentication [1]
  • authentication methods [1]
  • automatic deployment settings
    • Scheduled Download [1]
  • burning discs [1]
  • centrally managed [1]
  • central management [1] [2]
  • changing passwords [1]
  • changing setting permissions [1]
  • client-server architecture [1]
  • ColorCode [1] [2]
  • Command Line Helper [1] [2] [3]
  • Command Line Helper Installer [1]
  • community [1]
  • components
    • downloading [1]
  • configuring [1]
    • managed products [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • user accounts [1]
  • configuring proxy settings
    • managed server list [1]
  • Control Manager [1] [2] [3] [4] [5]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • copying policy settings [1]
  • creating
  • creating policies
    • centrally managed [1]
    • copying settings [1]
    • setting permissions [1]
  • CSV [1]
  • DAAutoLogin [1] [2] [3]
  • dashboard
  • data protection [1]
  • data recovery [1]
  • data views
    • understand [1]
  • Decrypt Disk [1]
  • decryption
    • Recovery Console [1]
  • deleting
  • deleting policies [1]
  • demilitarized zone [1]
  • deployment
  • deployment plans [1]
  • device [1]
  • devices [1] [2] [3] [4] [5]
  • Directory Management options [1]
  • Directory Manager [1]
  • domain authentication [1] [2]
    • File Encryption [1]
  • Download Center [1]
  • download components
  • downloading and deploying components [1]
  • draft policies [1]
  • editing managed servers [1]
  • editing policies [1] [2] [3]
  • encryption [1] [2]
    • archiving [1]
    • digital certificate [1]
    • features [1]
    • file and folder [1]
    • file encryption [1]
    • File Encryption
      • archive and burn [1]
    • FIPS [1]
    • fixed password key [1]
    • full disk [1]
    • hardware-based [1] [2]
    • keys
    • local key [1]
    • self-extracting [1]
    • software-based [1] [2]
  • Encryption Management for Apple FileVault
  • Encryption Management for Microsoft BitLocker
  • Endpoint Encryption
  • error messages
  • features [1]
  • File Encryption [1]
    • agent service [1]
    • archive [1]
    • archive and burn [1] [2]
    • authentication [1]
    • burn archive with certificate [1]
    • burn archive with fixed password [1]
    • change PolicyServer [1]
    • changing password [1]
    • changing PolicyServer [1]
    • digital certificate [1]
    • encryption [1]
    • file encryption [1]
    • first-time use [1]
    • fixed password key
    • local key [1] [2]
    • PolicyServer sync [1]
    • Remote Help [1] [2]
    • reset password [1] [2]
    • secure delete [1]
    • shared key [1]
    • single sign-on [1]
    • smart cards [1]
    • syncing with PolicyServer [1]
    • sync offline files [1]
    • tray icon
    • unlock device [1] [2]
  • filtered policies [1]
    • reordering [1]
  • FIPS
    • about [1]
    • FIPS 140-2 [1]
    • security levels [1]
  • fixed password [1]
  • folders
  • Full Disk Encryption [1]
    • agent service [1]
    • authentication [1] [2]
      • changing password [1]
    • change [1] [2]
    • change PolicyServer [1]
    • changing enterprises [1]
    • clean up files [1]
    • connectivity [1]
    • Decrypt Disk [1]
    • menu options [1]
    • network configuration [1]
    • Network Setup [1]
    • patching [1]
    • PolicyServer settings [1]
    • port settings [1]
    • Recovery Console [1]
      • manage policies [1]
      • manage users [1]
      • Windows [1]
    • recovery methods [1]
    • Remote Help [1] [2]
    • Self Help [1]
    • synchronize policies [1]
    • TCP/IP access [1]
    • tools [1]
    • uninstall [1]
    • Windows patches [1]
  • Full Disk Encryption Preboot [1]
    • authentication [1]
    • keyboard layout [1]
    • menu options [1]
    • network connectivity [1]
    • on-screen keyboard [1]
    • wireless connection [1]
  • groups [1] [2]
    • creating offline groups [1]
    • install to group [1]
    • modifying [1]
    • offline groups [1]
    • remove device [1] [2]
    • removing [1]
    • subgroups [1]
    • types [1]
  • help desk policies [1]
  • importing users [1]
  • key features [1]
  • LDAP [1]
  • LDAP Proxy [1] [2]
  • log events [1]
  • logs [1] [2] [3]
    • alerts [1]
    • managing events [1]
    • querying [1]
    • setting alerts [1]
  • maintenance [1]
  • Maintenance Agreement
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managed server list [1]
    • configuring proxy settings [1]
    • editing servers [1]
  • manually download components [1]
  • MBR
    • replacing [1]
  • MCP [1] [2]
  • modifying
  • Network Setup [1]
  • OfficeScan
    • uninstalling agents [1]
  • online
    • community [1]
  • on-screen keyboard [1]
  • passwords [1] [2] [3]
    • change fixed password [1]
    • change method [1]
    • Remote Help [1]
    • resetting [1] [2] [3]
      • Active Directory [1]
      • Enterprise Administrator [1]
      • Enterprise Authenticator [1]
      • Group Administrator [1]
      • Group Authenticator [1]
      • user [1] [2]
    • resetting active directory [1]
    • resetting Enterprise Administrator/Authenticator [1]
    • resetting fixed password [1]
    • resetting Policy Administrator/Authenticator [1]
    • resetting to fixed password [1]
    • resetting user [1] [2]
    • Self Help [1]
  • pending targets [1]
  • Personal Identification Number (PIN) [1]
  • Plug-in Manager [1]
  • policies [1] [2]
  • policy
    • install devices [1]
  • policy control [1]
  • policy list [1] [2]
  • policy management [1]
    • centrally managed [1]
    • copying policy settings [1]
    • deleting policies [1]
    • draft policies [1]
    • editing managed servers [1]
    • editing policies [1] [2] [3]
    • filtered policies [1]
    • managed server list [1]
    • pending targets [1]
    • policy list [1] [2]
    • policy priority [1] [2]
    • reordering policies [1]
    • setting permissions [1]
    • specified policies [1]
    • targets [1]
    • understanding [1]
    • upgrading policy templates [1]
  • policy mapping
    • Control Manager [1]
    • PolicyServer [1]
  • policy priority [1]
  • PolicyServer
  • PolicyServer MMC [1]
  • policy settings
  • policy targets [1]
  • policy templates [1]
  • policy types
  • product components [1]
  • product definitions [1]
  • Product Directory
    • deploying components [1]
  • product overview [1]
  • proxy settings
    • managed server list [1]
  • query logs [1]
  • recovering
    • managed products [1]
  • recovery
    • clean up files [1]
  • recovery console
  • Recovery Console [1]
    • access [1]
    • changing enterprises [1]
    • changing PolicyServer [1] [2]
    • Decrypt Disk [1]
    • functions [1]
    • log on [1]
    • manage policies [1]
    • manage users [1]
    • Mount Partitions [1]
    • network configuration [1]
    • Network Setup [1]
    • recovery methods [1]
    • Repair CD [1]
    • Restore Boot [1]
    • users
    • view logs [1]
  • recovery methods [1]
  • registering
    • to Control Manager [1]
  • registration
  • Remote Help [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
  • renaming
    • folders [1]
    • managed products [1]
  • Repair CD [1] [2] [3]
    • data recovery [1]
    • decryption [1]
  • reporting [1] [2]
  • reports [1] [2]
  • report templates [1]
  • Restore Boot [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • searching
    • managed products [1]
  • security
    • account lock [1] [2]
    • account lockout action [1] [2]
    • account lockout period [1] [2]
    • anti-malware/antivirus protection [1]
    • device lock [1] [2]
    • erase device [1] [2]
    • failed login attempts allowed [1] [2]
    • remote authentication required [1] [2]
    • time delay [1] [2]
  • Self Help [1] [2] [3] [4]
    • answers [1]
    • defining answers [1]
    • password support [1]
  • setting permissions [1]
  • showing permissions [1]
  • smart card [1] [2] [3]
    • authentication [1]
  • smart cards [1] [2] [3]
  • specified policies [1]
  • SSO [1]
  • summary dashboard [1]
    • adding tabs [1]
    • deleting tabs [1]
    • modifying tabs [1]
    • tabs [1]
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • synchronization
    • File Encryption [1]
  • tabs
    • about [1]
    • deleting [1]
    • modifying [1]
    • summary dashboard [1]
  • targets [1]
  • terminology [1]
  • tokens [1] [2] [3]
  • tools
    • Command Line Helper [1]
    • DAAutoLogin [1]
    • Recovery Console [1]
    • Repair CD [1]
  • top group [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager
    • managed product user access [1]
    • registering to [1]
  • trial license [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • understanding
    • Endpoint Encryption [1]
  • uninstalling
  • upgrading policy templates [1]
  • URLs
    • registration [1]
  • users [1] [2] [3] [4]
    • Active Directory passwords [1]
    • adding [1] [2]
    • adding existing user to group [1] [2] [3]
    • adding existing user to policy [1]
    • adding new user to group [1] [2] [3]
    • add new enterprise user [1] [2]
    • change default group [1]
    • change default policy [1]
    • finding [1]
    • group membership [1]
    • group vs enterprise changes [1]
    • import from AD [1] [2]
    • importing with CSV [1]
    • install to group [1]
    • install to policy [1]
    • lockout [1] [2]
    • modifying [1]
    • passwords [1] [2]
    • policy membership [1]
    • remove from group [1] [2]
    • remove user from policy [1]
    • restore deleted [1] [2] [3]
  • users and groups [1]
  • viewing
    • managed products logs [1]
  • widgets
    • adding [1]
    • adding tabs [1]
    • configuring [1]
    • customizing [1]
    • deleting [1]
    • description [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Device Lockout [1]
    • Endpoint Encryption Security Violations Report [1]
    • Endpoint Encryption Status [1]
    • Endpoint Encryption Unsuccessful Device Logon [1]
    • Endpoint Encryption Unsuccessful User Logon [1]
    • options [1]
    • understanding [1]
  • Windows patch management [1]

Glossary Parent topic

The following table explains the terminology used throughout the Endpoint Encryption documentation.

Endpoint Encryption Terminology

Term Description
Agent
Software installed on an endpoint that communicates with a management server.
Authentication
The process of identifying a user.
ColorCode™
The authentication method requiring a color-sequence password.
Command Line Helper
A Trend Micro tool for creating encrypted values to secure credentials when creating Endpoint Encryption agent installation scripts.
Command Line Installer Helper
A Trend Micro tool for creating encrypted values to secure credentials when creating Endpoint Encryption agent installation scripts.
Control Manager
Trend Micro Control Manager is a central management console that manages Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels.
Domain authentication
The authentication method for single sign-on (SSO) using Active Directory.
DriveTrust™
Hardware-based encryption technology by Seagate™.
Encryption Management for Microsoft BitLocker
The Endpoint Encryption Full Disk Encryption agent for Microsoft Windows environments that simply need to enable Microsoft BitLocker on the hosting endpoint.
Use the Encryption Management for Microsoft BitLocker agent to secure endpoints with Trend Micro full disk encryption protection in an existing Windows infrastructure.
For more information, see About Full Disk Encryption.
Encryption Management for Apple FileVault
The Endpoint Encryption Full Disk Encryption agent for Mac OS environments that simply need to enable Apple FileVault on the hosting endpoint.
Use the Encryption Management for Apple FileVault agent to secure endpoints with Trend Micro full disk encryption protection in an existing Mac OS infrastructure.
For more information, see About Full Disk Encryption.
Endpoint Encryption Device
Any computer, laptop, or removal media (external drive, USB drive) managed by Endpoint Encryption.
Endpoint Encryption Service
The PolicyServer service that securely manages all Endpoint Encryption 5.0 agent communication. For more information, see About PolicyServer.
For Endpoint Encryption 3.1.3 and below agent communication, see Legacy Web Service.
Enterprise
The Endpoint Encryption Enterprise is the unique identifier about the organization in the PolicyServer database configured when installing PolicyServer. One PolicyServer database may have multiple Enterprise configurations. However, Endpoint Encryption configurations using Control Manager may only have one Enterprise.
File Encryption
The Endpoint Encryption agent for file and folder encryption on local drives and removable media.
Use File Encryption to protect files and folders located on virtually any device that appears as a drive within the host operating system.
For more information, see About File Encryption.
FIPS
Federal Information Processing Standard. The computer security standard established by the United States federal government.
Fixed password
The authentication method for using a standard user password consisting of letters and/or numbers and/or special characters.
Full Disk Encryption
The Endpoint Encryption agent for hardware and software encryption with preboot authentication.
KeyArmor
The Endpoint Encryption password-protected, encrypted USB device.
Note
Note
Endpoint Encryption 5.0 does not have KeyArmor devices. However, legacy KeyArmor devices are supported.
Legacy Web Service
The PolicyServer service that securely manages all Endpoint Encryption 3.1.3 and below agent communication. For details, see About PolicyServer.
For Endpoint Encryption 5.0 communication, see Endpoint Encryption Service.
OCSP
Online Certificate Status Protocol. The protocol used for X.509 digital certificates.
OfficeScan
OfficeScan protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of an agent that resides at the endpoint and a server program that manages all agents.
OPAL
Trusted Computing Group's Security Subsystem Class for client devices.
Password
Any type of authentication data used in combination with a user name, such as fixed, PIN, and ColorCode.
PIN
The authentication method for using a Personal Identification Number, commonly used for ATM transactions.
PolicyServer
The central management server that deploys encryption and authentication policies to the Endpoint Encryption agents.
Remote Help
The authentication method for helping Endpoint Encryption users who forget their credentials or Endpoint Encryption devices that have not synchronized policies within a pre-determined amount of time.
Recovery Console
 The Full Disk Encryption interface to recover Endpoint Encryption devices in the event of primary operating system failure, troubleshoot network issues, and manage users, policies, and logs.
Repair CD
 The Full Disk Encryption bootable CD that can decrypt a drive before removing Full Disk Encryption in the event that the disk becomes corrupted.
RESTful
Representational State Transfer web API . The AES-GCM encrypted communications protocol used by Endpoint Encryption 5.0 agents. After a user authenticates, PolicyServer generates a token related to the specific policy configuration. Without authentication, the service denies all policy transactions.
Note
Note
For information about AES-GCM, visit: http://tools.ietf.org/html/rfc5084#ref-GCM%3F
RSA SecurID
 A mechanism for performing two-factor authentication for a user to a network resource.
SED
Secure Encrypted Device. A hard drive, or other device, which is encrypted.
Self Help
The authentication method for helping Endpoint Encryption users provide answers to security questions instead of contacting Technical Support for password assistance.
Smart card
The authentication method requiring a physical card in conjunction with a PIN or fixed password.
SOAP
Simple Object Access Protocol. The encrypted communications protocol used by all Endpoint Encryption 3.1.3 and older agents to communicate with PolicyServer. Under certain situations, SOAP may allow insecure policy transactions without user authentication. Legacy Web Service filters SOAP calls by requiring authentication and limiting the commands that SOAP accepts.