Mitigation Tasks
When Threat Mitigator detects that an endpoint requires mitigation, one or several of the following mitigation tasks are carried out:
|
Mitigation tasks |
|
Task |
Description |
|
Assessment |
For details about this task, see Assessment. The assessment task runs automatically. |
|
Post-assessment cleanup |
For details about this task, see Post-assessment Cleanup. You can configure cleanup to run automatically after the assessment or you can run it manually from the Threat Management screen. If you choose to run cleanup manually, enable email notifications. Threat Mitigator sends a notification reminding you to run cleanup. See step 4 below for details about the email notification. |
|
Case submission |
For details about this task, see Case Submission. Case submission is performed from the Threat Management screen and cannot be configured to run automatically. |
|
Pattern deployment |
For details about this task, see Pattern Deployment. After Threat Mitigator downloads the required pattern (either a custom pattern or the Smart Scan Agent Pattern), the pattern can be deployed automatically, or you can manually deploy the pattern from the Threat Management screen. If you choose to manually deploy the pattern, enable email notifications. Threat Mitigator sends a notification reminding you to deploy the pattern. See step 4 below for details about the email notification. |
To configure mitigation tasks:
Mitigation Settings > Mitigation Tasks
Select the tasks that will run when Threat Mitigator detects that an endpoint requires mitigation.
Assess the endpoint only: Assesses the endpoint based on the information received from data sources. If a threat is found during assessment, run post-assessment cleanup from the Threat Management screen. For details on running post-assessment cleanup, see Require post-assessment cleanup.
Assess and then automatically run cleanup if required: Automates the endpoint assessment and post-assessment cleanup tasks. Check the status of the tasks from the threat event logs. For details, see Threat Event Logs.
If cleanup was unsuccessful, a security expert at TrendLabs notifies you to submit a case. For details in submitting a case, see Submit a Case to TrendLabs.
Specify how to deploy the custom pattern downloaded from Threat Management Services, or the Smart Scan Agent Pattern downloaded by default from the Trend Micro ActiveUpdate server:
Automatically deploy the pattern and run cleanup: Automates the pattern deployment and custom cleanup tasks. Check the status of the tasks from the threat event logs. For details, see Threat Event Logs.
Do not run any task: Allows you to manually deploy the pattern, which you can perform from the Threat Management screen. For details on deploying the pattern, see Require custom cleanup.
After the pattern deploys, custom cleanup runs automatically.
Select the scan type to use when the agent runs custom cleanup.
Quick scan: Scans only the following directories:
All fixed drives, such as C:\, D:\, and so on (excludes removable drives)
%SystemRoot%
%SystemRoot%\system
%SystemRoot%\system32
%SystemRoot%\system32\drivers
%TEMP%
Full scan: Scans the entire computer
Select Enable notification if you chose the following options:
Assess the endpoint only: Threat Mitigator sends an email after the assessment is complete, notifying you to run post-assessment cleanup.
Do not run any task: Threat Mitigator sends an email after downloading the pattern required to run custom cleanup, notifying you to deploy the pattern to endpoints.
Configure email notification settings from the Email Notifications screen. For details, see Email Notifications.
Click Save.
See also: