Command & Control Contact Alert Services Parent topic

Trend Micro Command & Control (C&C) Contact Alert Services provides enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks. C&C Contact Alert Services integrate with Web Reputation Services which determines the action taken on detected callback addresses based on the web reputation security level.
The C&C IP list further enhances C&C callback detections using the Network Content Inspection Engine to identify C&C contacts through any network channel.
For details on configuring the Web Reputation Services security level, see Configuring a Web Reputation Policy.

C&C Contact Alert Services Features

Feature
Description
Global Intelligence list
Trend Micro Smart Protection Network compiles the Global Intelligence list from sources all over the world and tests and evaluates the risk level of each C&C callback address. Web Reputation Services uses the Global Intelligence list in conjunction with the reputation scores for malicious websites to provide enhanced security against advanced threats. The web reputation security level determines the action taken on malicious websites or C&C servers based on assigned risk levels.
Deep Discovery Advisor integration and the Virtual Analyzer list
Smart Protection Servers can integrate with Deep Discovery Advisor to obtain the Virtual Analyzer C&C server list. The Deep Discovery Advisor Virtual Analyzer evaluates potential risks in a secure environment and, through use of advanced heuristics and behavioral testing methods, assigns a risk level to the analyzed threats. The Virtual Analyzer populates the Virtual Analyzer list with any threat that attempts to connect to a possible C&C server. The Virtual Analyzer list is highly company-specific and provides a more customized defense against targeted attacks.
Smart Protection Servers retrieve the list from Deep Discovery Advisor and can evaluate all possible C&C threats against both the Global Intelligence and the local Virtual Analyzer list.
For details on connecting the integrated Smart Protection Server to Deep Discovery Advisor, see Configuring Integrated Smart Protection Server Settings.
C&C IP list
The C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel.
OfficeScan logs all connection information to servers in the C&C IP list for evaluation.
For details on configuring the C&C IP list logs, see Configuring Global C&C Callback Settings.
Administrator notifications
Administrators can choose to receive detailed and customizable notifications after detecting a C&C callback.
For details, see Configuring C&C Callback Notifications for Administrators.
Endpoint notifications
Administrators can choose to send detailed and customizable notifications to end users after detecting a C&C callback on an endpoint.
For details, see Enabling Web Reputation and C&C Callback Notifications.
Outbreak notifications
Administrators can customize outbreak notifications specific to C&C callback events and specify whether the outbreak occurs on a single endpoint or across the entire network.
For details, see C&C Callback Outbreaks.
C&C callback logs
Logs provide detailed information regarding all C&C callback events.
For details, see Viewing C&C Callback Logs.