Views:

Configure and manage the Advanced Risk Telemetry module settings.

Important
Important
  • Advanced Risk Telemetry supports Windows and Linux deployments.
  • Advanced Risk Telemetry does not support non-persistent virtual desktops.
  • Navigating between the security modules or leaving the Policy Settings screen discards any unsaved changes. To avoid losing your work, always click Save before leaving the current screen.
Advanced Risk Telemetry performs vulnerability assessments for threats such as time-critical zero-day and N-day CVEs.
Advanced Risk Telemetry collects the following data from endpoints to enhance local app visibility and assist Vulnerability Assessment in identifying vulnerabilities:
  • Local app installation file paths
  • Local app executable hashes and properties
  • Related local app metadata from registry entries, file content, or running services and processes
Local app information enables app control in Attack Surface Discovery. The collected information is displayed in the Applications tab in Attack Surface Discovery. Time-critical zero-day vulnerability information is displayed in the Exposure Overview section of Cyber Risk Overview.

Procedure

  1. To allow Advanced Risk Telemetry to assess and monitor your endpoints, select Enable.
    Enabling Advanced Risk Telemetry sends an average of 60 KB of additional data per endpoint to TrendAI Vision One™ per day. The actual amount of data transferred varies by endpoint and depends on the number of apps installed on the endpoint. Scans occur more frequently when threats such as time-critical zero-day and N-day CVEs are present.
  2. To allow scanning of executable files, configure the Executable scanning and hashing settings.
    Enable the scanning and hashing of executable files on endpoints for additional context about installed applications and visibility over portable executables in the Local Apps section of Attack Surface Discovery. You can view scanned information and enable auto-blocking in Attack Surface Discovery. For more information, see Applications.
    Important
    Important
    Executable scanning and hashing only supports Windows deployments with agent version 202511 or later.
    Scanning Non-associated executable files is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
    • Executable files associated with installed applications: Select to enable scanning and hashing of executable files associated with Windows applications installed on the endpoint
    • Non-associated executable files: Select to enable scanning and hashing of executable files on Windows endpoints that are not associated with installed applications