Mitigation Tasks
When Threat Mitigator detects that an endpoint requires mitigation, one or several of the mitigation tasks listed in Mitigation tasks are carried out. For a detailed explanation of these tasks, see Threat Mitigation.
Task |
Description |
Assessment |
Threat Mitigator notifies Threat Management Agent to assess the endpoint after receiving a mitigation request from its data source. Assessment runs automatically. |
Post-assessment cleanup |
If the assessment confirms the presence of threats in the endpoint, Threat Management Agent runs post-assessment cleanup to eliminate threats. You can configure cleanup to run automatically after the assessment or you can run it manually from the Threat Management screen. If you choose to run cleanup manually, enable email notifications. Threat Mitigator sends an email reminding you to run cleanup. See step 4 below for details about the email notification. |
Threat analysis |
If there are unresolved threats after post-assessment cleanup, Threat Management Agent collects forensic data and sends the data to Threat Mitigator. Perform case submission from the Threat Management screen to upload the data to TMSP and have the threats analyzed by a Trend Micro security expert. See Submit a Case for details. |
Pattern deployment and custom cleanup |
Trend Micro issues either a custom pattern or a new version of smart protection patterns to resolve the remaining threats. After Threat Mitigator downloads the required pattern, it can automatically deploy the pattern to the endpoint or you can manually deploy the pattern from the Threat Management screen. If you choose to manually deploy the pattern, enable email notifications. Threat Mitigator sends an email reminding you to deploy the pattern. See step 4 below for details about the email notification. |
To configure mitigation tasks:
Mitigation Settings > Mitigation Tasks
Select the tasks that will run when Threat Mitigator detects that an endpoint requires mitigation.
Assess the endpoint only: Assesses the endpoint based on the information received from data sources. If a threat is found during assessment, run post-assessment cleanup from the Threat Management screen. For details on running post-assessment cleanup, see Endpoints that require post- assessment cleanup.
Assess and then automatically run post-assessment cleanup if required: Automates the endpoint assessment and post-assessment cleanup tasks. Check the status of the tasks from the threat event logs. For details, see Threat Event Logs.
Specify how to deploy the custom pattern downloaded from TMSP, or the Smart Scan Agent Pattern downloaded from the Trend Micro ActiveUpdate server:
Automatically deploy the pattern and run custom cleanup: Automates the pattern deployment and custom cleanup tasks. Check the status of the tasks from the threat event logs. For details, see Threat Event Logs.
Do not run any task: Allows you to manually deploy the pattern, which you can perform from the Threat Management screen. For details on deploying the pattern, see Endpoints that require custom cleanup.
After the pattern deploys, custom cleanup runs automatically.
Select the scan type to use when Threat Management Agent runs custom cleanup.
Quick scan: Scans only the following directories:
All fixed drives, such as C:\, D:\, and so on (excludes removable drives)
%SystemRoot%
%SystemRoot%\system
%SystemRoot%\system32
%SystemRoot%\system32\drivers
%TEMP%
Full scan: Scans the entire computer
Post-assessment cleanup or pattern deployment should be performed on the Threat Management screen
If you choose Assess the endpoint only in step 1, Threat Mitigator sends an email after the assessment is complete, notifying you to run post-assessment cleanup.
If you choose Do not run any task in step 2, Threat Mitigator sends an email after downloading the required pattern, notifying you to deploy the pattern to endpoints.
Post-assessment cleanup is unsuccessful
Configure email notification settings from the Email Notifications screen. For details, see Email Notifications.
Click Save.
See also: