Mitigation Tasks

Mitigation Tasks

When Threat Mitigator detects that an endpoint requires mitigation, one or several of the mitigation tasks listed in Mitigation tasks are carried out. For a detailed explanation of these tasks, see Threat Mitigation.

Mitigation tasks

Task

Description

Assessment

Threat Mitigator notifies Threat Management Agent to assess the endpoint after receiving a mitigation request from its data source.

Assessment runs automatically.

Post-assessment cleanup

If the assessment confirms the presence of threats in the endpoint, Threat Management Agent runs post-assessment cleanup to eliminate threats.

You can configure cleanup to run automatically after the assessment or you can run it manually from the Threat Management screen. If you choose to run cleanup manually, enable email notifications. Threat Mitigator sends an email reminding you to run cleanup. See step 4 below for details about the email notification.

Threat analysis

If there are unresolved threats after post-assessment cleanup, Threat Management Agent collects forensic data and sends the data to Threat Mitigator. Perform case submission from the Threat Management screen to upload the data to TMSP and have the threats analyzed by a Trend Micro security expert. See Submit a Case for details.

Pattern deployment and custom cleanup

Trend Micro issues either a custom pattern or a new version of smart protection patterns to resolve the remaining threats.

After Threat Mitigator downloads the required pattern, it can automatically deploy the pattern to the endpoint or you can manually deploy the pattern from the Threat Management screen. If you choose to manually deploy the pattern, enable email notifications. Threat Mitigator sends an email reminding you to deploy the pattern. See step 4 below for details about the email notification.

  1. Select the tasks that will run when Threat Mitigator detects that an endpoint requires mitigation.

  2. Specify how to deploy the custom pattern downloaded from TMSP, or the Smart Scan Agent Pattern downloaded from the Trend Micro ActiveUpdate server:

  3. After the pattern deploys, custom cleanup runs automatically.

  4. Select the scan type to use when Threat Management Agent runs custom cleanup.

  5. Choose to send an email when:

  6. Click Save.

See also: