Threat Management
The Threat Management screen appears after you log on to the Threat Mitigator console (or click Threat Management on the left menu bar). In the screen, run mitigation tasks that are not configured to run automatically. Tasks include:
Running post-assessment cleanup
Submitting a case to TrendLabs
Deploying a custom pattern issued by TrendLabs
The screen also allows you to view endpoints that encountered On-demand Scan problems. If Threat Management Agent exists on the endpoint, you can launch On-demand Scan remotely from the Threat Management screen.
Query endpoints by using predefined query criteria or by typing the endpoint’s IP address or host name. After the query, you can begin to run threat mitigation tasks and launch On-demand Scan on the affected endpoints.
Query endpoints by using predefined query criteria or by typing the endpoints' IP addresses/host names.
Predefined query criteria. MORE >>
Click the link for each predefined query criteria to display the affected endpoints in the table at the lower section of the screen.
Predefined Query Criteria |
Description |
Tasks |
Require post-assessment cleanup |
Indicates the number of endpoints that require manual cleanup. The number will always be 0 (zero) if you enabled automatic cleanup on the Mitigation Tasks screen (by selecting the option Assess and then automatically run cleanup if required). |
|
Require custom cleanup |
Indicates the number of endpoints that require manual custom cleanup. MORE >> When threats are not completely removed from the endpoint after either manual or automatic cleanup, you can submit a case to TrendLabs. TrendLabs then issues a custom pattern to eliminate the threats. After Threat Mitigator downloads the custom pattern, the number in this area is updated to allow you to deploy the pattern and run custom cleanup on the affected endpoint. The number will always be 0 (zero) if you enabled automatic custom cleanup on the Mitigation Tasks screen (by selecting the option Automatically deploy the pattern and run cleanup). |
|
Encountered On-demand Scan problems |
Indicates the number of endpoints (with or without Threat Management Agent installed) where user-initiated On-demand Scan was launched. The scan was unsuccessful because one or several infected files were not cleaned.
|
|
Connected |
Indicates the number of endpoints with Threat Management Agents that can connect to Threat Mitigator. These endpoints may or may not require mitigation. An agent is considered "connected" if it was able to send a heartbeat message to Threat Mitigator at the specified time interval (15 minutes by default). Configure the time interval from the Agent Settings screen. |
|
Disconnected |
Indicates the number of endpoints with Threat Management Agents that cannot connect to Threat Mitigator. An agent is considered "disconnected" if it was unable to send a heartbeat message to Threat Mitigator at the specified time interval.
|
|
Endpoints' IP addresses/host names. MORE >>
Type any of the following to display endpoints in the table at the lower section of the screen:
One or several valid IP addresses. Separate IP addresses by commas.
A partial IP address (for example, typing 192.168.0 queries all endpoints with IP addresses 192.168.0.1 to 192.168.0.255)
One or several complete/partial host names. Separate host names by commas.
Note: Endpoints listed in the Mitigation Exceptions screen can be queried but you cannot deploy a custom pattern, run cleanup, or launch On-demand Scan on these endpoints.
When the endpoints display on the table, you can run the following tasks on connected endpoints:
Launch On-demand Scan. If this scan encountered problems, Threat Management Agent collects endpoint data to be sent to TrendLabs.
Note: For agentless endpoints, provide the On-demand Scan URL to users and instruct them to launch On-demand Scan. The URL can be found on the Threat Mitigator's logon screen and on the On-demand Scan screen.
Deploy a custom pattern (recommended on endpoints that require custom cleanup).
Run cleanup (recommended on endpoints that require post-assessment cleanup).
When post-assessment cleanup (manual or automatic) was unable to remove threats completely, Threat Management Agent starts to collect endpoint data. When data collection is complete, a Trend Micro security expert may request you to send the data to TrendLabs so that a custom pattern can be issued to respond to the threats.
Type the IP address or host name provided by the security expert and click Search.
Click Submit. Threat Management Agent sends the data to Threat Mitigator, which then uploads the data to Threat Management Services. These tasks run automatically and the status for each task is displayed in the Current Status field. If there are problems related to these tasks, click Submit again.