Threat Management
The Threat Management screen appears after you log on to the Threat Mitigator console (or click Threat Management on the left menu bar). In the screen, run mitigation tasks that are not configured to run automatically. Tasks include:
Running post-assessment cleanup
Submitting a case to TrendLabs
Deploying a custom pattern issued by TrendLabs or the required Smart Scan Agent Pattern version
The screen also allows you to view endpoints that encountered On-demand Scan problems. If Threat Management Agent exists on the endpoint, you can launch On-demand Scan remotely from the Threat Management screen. For details about launching On-demand Scan remotely, see To launch On-demand Scan remotely:.
Query endpoints by using predefined query criteria or by typing the endpoint’s IP address or host name. After the query, you can begin to run threat mitigation tasks and launch On-demand Scan on the affected endpoints.
Click the link for each predefined query criteria to display the affected endpoints in the table at the lower section of the screen.
Threat Management screen with predefined query criteria highlighted
The following table discusses the tasks you can perform on the endpoints included in the query result.
Predefined query criteria |
Query Criteria |
Description |
Tasks |
Indicates the number of endpoints that require manual cleanup. The number will always be 0 (zero) if you enabled automatic cleanup on the Mitigation Tasks screen (by selecting the option Assess and then automatically run cleanup if required). For details about the Mitigation Tasks screen, see Mitigation Tasks. |
|
|
Indicates the number of endpoints that require manual custom cleanup. When threats are not completely removed from the endpoint after either manual or automatic cleanup, a TrendLabs security expert informs you can submit a case to TrendLabs. TrendLabs then provides a solution by issuing either a custom pattern through Threat Management Services or smart scan related patterns (Smart Scan Agent Pattern or Smart Scan Pattern, or both). After Threat Mitigator obtains the required pattern, the number in this area is updated to allow you to deploy the pattern and run custom cleanup on the affected endpoint. The number will always be 0 (zero) if you enabled automatic custom cleanup on the Mitigation Tasks screen (by selecting the option Automatically deploy the pattern and run cleanup). |
|
|
Encountered On-demand Scan problems |
Indicates the number of endpoints (with or without Threat Management Agent installed) where user-initiated On-demand Scan was launched. The scan was unsuccessful because one or several infected files were not cleaned.
|
|
Connected |
Indicates the number of Connected Endpoints. These endpoints may or may not require mitigation. |
|
Disconnected |
Indicates the number of Disconnected Endpoints. If these endpoints require mitigation, mitigation tasks will only run when connection to Threat Mitigator is established.
|
|
Type any of the following to display endpoints in the table at the lower section of the screen:
One or several valid IP addresses. Separate IP addresses by commas.
A partial IP address (for example, typing 192.168.0 queries all endpoints with IP addresses 192.168.0.1 to 192.168.0.255)
One or several complete/partial host names. Separate host names by commas.
Endpoints listed in the Mitigation Exceptions screen can be queried but you cannot deploy a custom pattern, run cleanup, or launch On-demand Scan on these endpoints. For details about mitigation exceptions, see Mitigation Exceptions.
Threat Management screen with the Search endpoints text box highlighted
When the endpoints display on the table, you can run the following tasks on connected endpoints:
Launch On-demand Scan. If this scan encountered issues, Threat Management Agent collects endpoint data to be sent to TrendLabs. To send endpoint data, see Submit a Case to TrendLabs.
For agentless endpoints, provide the On-demand Scan URL to users and instruct them to launch On-demand Scan. For details, see Running On-demand Scan.
Deploy a custom pattern, or the Smart Scan Agent pattern if custom patterns are not available to you (recommended on endpoints that require custom cleanup).
Run cleanup (recommended on endpoints that require post-assessment cleanup).
When post-assessment cleanup (manual or automatic) was unable to remove threats completely, Threat Management Agent starts to collect endpoint data. When data collection is complete, a Trend Micro security expert notifies you to send the data to TrendLabs so that the threat can be analyzed and a targeted solution can be issued.
Threat Management screen - Submit a Case to TrendLabs section
To submit a case to TrendLabs:
Type the IP address or host name provided by the security expert and click Search.
Click Submit. Threat Management Agent sends the data to Threat Mitigator, which then uploads the data to Threat Management Services. These tasks run automatically and the status for each task is displayed in the Current Status field. If there are problems related to these tasks, click Submit again.
See also: