Data Sources

Data Sources

Threat information received from the following data sources prompts Threat Mitigator to issue mitigation tasks to the affected endpoints:

Threat Discovery Appliance

Register Threat Discovery Appliance to Threat Mitigator to allow the appliance to send threat event information. Registration is done from the Threat Discovery Appliance console.

Endpoint Security Risk Logs

Threat Management Agent can monitor Trend Micro™ OfficeScan™ security risk logs and perform mitigation if necessary.

The log monitoring feature supports OfficeScan 10 or later and only checks virus/malware detection logs during Real-time Scan.

Threat mitigation is triggered when virus/malware detection logs contain any of the following scan results:

During threat mitigation, the agent retrieves the path of an infected file and then uses the Pattern-free Mitigation Engine to check for other files or processes associated with the infected file.

  1. Open the Threat Discovery Appliance console.

  2. Navigate to Mitigation > Mitigation Settings.

  3. Click Enable beside Mitigation Device Enforcement.

  4. Type the Threat Mitigator server name or IP address, and description.

  5. Specify the IP address ranges that will receive mitigation tasks from Threat Discovery Appliance.

  6. Click Register. The Cleanup Settings screen appears.

  7. (Optional) Select the Types of Security Risks/Threats to send to Threat Mitigator.

  8. Click Apply.

  1. Select Monitor virus/malware logs to allow the agent to monitor security risk logs.

  2. Click Save.

  3. View the Threat Discovery Appliances registered to Threat Mitigator.

  4. Use the trash bin icon to remove Threat Discovery Appliance from the list. When you remove the appliance from the list, the appliance continues to send mitigation requests to Threat Mitigator, but Threat Mitigator ignores the requests. Unregister Threat Discovery Appliance from Threat Mitigator to prevent the appliance from sending mitigation requests. Unregistration is done from the Threat Discovery Appliance console.

See also: