Mitigation
Perform threat mitigation tasks if you have Threat Mitigator as part of your threat management strategy.
When threats are not be removed completely from an endpoint during post-assessment cleanup, the following tasks are initiated:
Threat Management Agent notifies Threat Mitigator about the event (that is, that there are unresolved threats in the endpoint).
Threat Mitigator logs the event.
When the Threat Mitigator administrator checks the logs and finds out about the event, the administrator initiates case submission from Threat Mitigator’s Threat Management screen.
Threat Mitigator Threat Management screen - Submit a Case section
During case submission:
Threat Mitigator notifies the agent to collect forensic data that will be used to analyze unresolved threats. The agent encrypts the data and archives it into a .zip file.
Sample .zip file containing forensic data
The agent uploads the .zip file to Threat Mitigator.
Threat Mitigator uploads the .zip file to TMSP.
After TMSP receives the .zip file, it displays the file name in the administrative console’s Case List screen.
If you enabled event notifications, TMSP sends an email informing you about the .zip file.
Configure notifications from the Notifications screen. For details, see Configuring Event Notifications.
Perform the following threat mitigation tasks:
Download and send the forensic data (.zip file) to Trend Micro. For details, see Downloading Forensic Data.
Manage pattern files issued by Trend Micro. For details, see Managing Pattern Files Issued by Trend Micro.
In addition to managing forensic data and pattern files, you can also monitor nonconforming endpoints, which are endpoints that require threat mitigation or those with threat mitigation issues. For example, if the Threat Management Agent was unable to run cleanup because the custom pattern is corrupted, you can re-issue the pattern from TMSP. For details, see Viewing Nonconforming Endpoints.