Malware Map
TMSP identifies malware that may potentially cause an outbreak by correlating malware mapping settings with Outbreak Containment Services logs. Trend Micro defines and updates malware mapping settings.
Threat Discovery Appliance sends Outbreak Containment Services logs to TMSP immediately after it generates them.
When TMSP receives Outbreak Containment Services logs, it scans the logs for content contained in malware mapping settings (see the Content column in the Malware Mapping Settings screen). If content in the logs and in the malware mapping settings is an exact match, TMSP extracts the malware name (the name that appears in the Malware Name column) and then reflects the name in the event notifications. If there is no match, TMSP does not send an event notification.
For details about event notifications, see Configuring Event Notifications.
Important details about malware mapping settings:
If there is no malware name under the Malware Name column, Trend Micro does not have enough information about the malware at the time the malware mapping settings were created. In the event notifications, the malware name is N/A.
If you see a particular malware name that you consider harmless or that you do not want to be notified about, locate the malware name in the Malware Mapping Settings screen and then click Delete.
When you update threat correlation rules (see Updating Threat Correlation Rules for details), TMSP removes all existing malware mapping settings and then adds the settings contained in the threat correlation rules. If you removed malware names previously but see them again after the update, manually remove them again if you still consider them harmless.
In the Malware Mapping Settings screen, you can ignore the numbers under the internal KBID and external KBID columns as these are Trend Micro-assigned numbers.