You’re offline. This is a read only version of the page.
Online Help Center
Search
Support
For Home
For Business
English (US)
Bahasa Indonesia (Indonesian)
Dansk (Danish)
Deutsch (German)
English (Australia)
English (US)
Español (Spanish)
Français (French)
Français Canadien
(Canadian French)
Italiano (Italian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português - Brasil
(Portuguese - Brazil)
Português - Portugal
(Portuguese - Portugal)
Svenska (Swedish)
ภาษาไทย (Thai)
Tiếng Việt (Vietnamese)
Türkçe (Turkish)
Čeština (Czech)
Ελληνικά (Greek)
Български (Bulgarian)
Русский (Russian)
עברית (Hebrew)
اللغة العربية (Arabic)
日本語 (Japanese)
简体中文
(Simplified Chinese)
繁體中文
(Traditional Chinese)
繁體中文 HK
(Traditional Chinese)
한국어 (Korean)
Cancel
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More
Yes, I agree
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
Preface
Documentation
Audience
Document Conventions
Terminology
Introduction
The Dashboard
About the Dashboard
Tabs and Widgets
Working with Tabs
Working with Widgets
Summary Tab
Critical Threats Widget
Users with Threats Widget
Endpoints with Threats Widget
Product Component Status Widget
Product Connection Status Widget
Ransomware Prevention Widget
Threat Investigation Tab
Critical Threats Widget
Security Posture Tab
Compliance Indicators
Critical Threats
Resolved Events
Security Posture Chart
Security Posture Details Pane
Data Loss Prevention Tab
DLP Incidents by Severity and Status Widget
DLP Incident Trends by User Widget
DLP Incidents by User Widget
DLP Incidents by Channel Widget
DLP Template Matches Widget
Top DLP Incident Sources Widget
DLP Violated Policy Widget
Compliance Tab
Product Application Compliance Widget
Product Component Status Widget
Product Connection Status Widget
Agent Connection Status Widget
Threat Statistics Tab
Apex Central Top Threats Widget
Apex Central Threat Statistics Widget
Threat Detection Results Widget
Policy Violation Detections Widget
C&C Callback Events Widget
Policy Management
Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Changing the Policy Owner
Understanding the Policy List
Reordering the Policy List
Policy Status
Policy Resources
Application Control Criteria
Defining Allowed Application Criteria
Defining Blocked Application Criteria
Application Match Methods
Application Reputation List
File Paths
File Path Example Usage
Certificates
Hash Values
Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for custom expressions
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How keyword lists work
Number of keywords condition
Distance condition
Custom keyword lists
Custom keyword list criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Custom DLP templates
Condition statements and logical pperators
Creating a Template
Importing Templates
Intrusion Prevention Rules
Intrusion Prevention Rule Properties
Device Control Allowed Devices
Apex Central Widgets
Apex Central Dashboard Widgets
Apex Central Top File-based Threats Widgets
Endpoint Protection Verification Widget
Hosts with C&C Callback Attempts Widget
Policy Status
Quick Launch
Unique Compromised Hosts Over Time Widget
Apex One Widgets
Apex One Dashboard Widgets
Top Blocked Applications
Top Endpoints Affected by IPS Events Widget
Top IPS Attack Sources
Top IPS Events
Top Violated Application Control Criteria
Apex One Security Agent Policies
Agent Configurations
Additional Service Settings
Configuring Additional Security Agent Services
Privileges and Other Settings
Configuring Agent Privileges
Configuring Other Agent Settings
Cache Settings for Scans
Digital Signature Cache
On-demand Scan Cache
POP3 Mail Scan
Update Agents
Assigning Security Agents as Update Agents
Application Control Policy Settings
Application Control
Configuring Application Control Settings (Agent)
Behavior Monitoring Policy Settings
Behavior Monitoring
Behavior Monitoring Rules
Behavior Monitoring Exception List
Exception List Wildcard Support
Exception List Environment Variable Support
Configuring Behavior Monitoring Rules and Exceptions
Anti-malware Scans
General Settings
Guidelines for Switching Scan Methods
Real-time Scan
Configuring Real-time Scan Settings
Real-time Scan: Target Tab
Real-time Scan: Action Tab
Real-time Scan: Scan Exclusion Tab
Scheduled Scan
Configuring Scheduled Scan Settings
Scheduled Scan: Target Tab
Scheduled Scan: Action Tab
Scheduled Scan: Scan Exclusion Tab
Manual Scan
Configuring Manual Scan Settings
Manual Scan: Target Tab
Manual Scan: Action Tab
Manual Scan: Scan Exclusion Tab
Scan Now
Configuring Scan Now Settings
Scan Now: Target Tab
Scan Now: Action Tab
Scan Now: Scan Exclusion Tab
Scan Actions
ActiveAction
Custom Scan Actions
Quarantine Directory
Uncleanable Files
Files Infected with Trojans
Files Infected with Worms
Write-protected Infected Files
Password-protected Files
Backup Files
Scan Exclusion Support
Trend Micro Product Directory Exclusions
Wildcard Exceptions
Web Reputation Policy Settings
Web Reputation
Configuring a Web Reputation Policy
HTTPS URL Scan Support
Unknown Threat Protection
Predictive Machine Learning
Configuring Predictive Machine Learning Settings
Configuring Sample Submission Settings
Configuring Suspicious Connection Settings
Device Control Policy Settings
Device Control
Configuring Device Control Settings
Permissions for Devices
Wildcard Support for the Device Control Allowed Programs List
Specifying a Digital Signature Provider
Exceptions
Trusted Program List
Configuring the Trusted Programs List
Rule Exceptions
Configuring Rule Exceptions
Spyware/Grayware Approved List
Managing the Spyware/Grayware Approved List
Endpoint Sensor Policy Settings
Endpoint Sensor
Configuring Endpoint Sensor Settings
Vulnerability Protection Policy Settings
Vulnerability Protection
Configuring Vulnerability Protection Settings
Advanced Logging Policy Modes
Apex One Server Policies
Apex One Server Policy Settings
Global Agent Settings
Security Settings
System Settings
Root Certificate Locations
Network Settings
Agent Control Settings
Apex One Data Loss Prevention Policies
Apex One Data Loss Prevention Policy Settings
Data Loss Prevention (DLP)
Configuring a Data Loss Prevention Policy
Configuring Data Loss Prevention Rules
Transmission Scope and Targets for Network Channels
Network Channels
Email Clients
System and Application Channels
Device List Tool
Running the Device List Tool
Data Loss Prevention Actions
Data Loss Prevention Exceptions
Defining Non-monitored and Monitored Targets
Transmission Scope: All Transmissions
Transmission Scope: Only Transmissions Outside the Local Area Network
Decompression Rules
Apex One Data Discovery Dashboard Widgets
Top Sensitive File Policy Detections Widget
Top Endpoints with Sensitive Files Widget
Top Data Discovery Template Matches Widget
Top Sensitive Files Widget
Apex One Data Discovery Policy Settings
Creating Data Discovery Policies
Apex One (Mac) Widgets and Policies
Apex One (Mac) Dashboard Widgets
Key Performance Indicators Widget
Configuring Key Performance Indicators
Configuring Widget Settings
Apex One (Mac) Policy Settings
General Settings
Scan Methods Compared
Switching from Smart Scan to Conventional Scan
Switching from Conventional Scan to Smart Scan
Scan Types
Real-time Scan
Configuring Real-time Scan Settings
Real-time Scan: Target Tab
Real-time Scan: Action Tab
Supported Compressed File Types
Scan Actions
Manual Scan
Configuring Manual Scan Settings
Manual Scan: Target Tab
Manual Scan: Action Tab
Supported Compressed File Types
Scan Actions
Scheduled Scan
Configuring Scheduled Scan Settings
Scheduled Scan: Target Tab
Scheduled Scan: Action Tab
Supported Compressed File Types
Scan Actions
Cache Settings for Scans
Scan Exclusions
Configuring Scan Exclusion Lists
Update Settings
Pure IPv6 Agent Limitations
Configuring Agent Update Settings
Web Reputation
Configuring Web Reputation Settings
Configuring the Approved and Blocked URL Lists
Device Control
Configuring Device Control Settings
Permissions for Storage Devices
Endpoint Sensor
Configuring Endpoint Sensor Settings
Exception Lists
Configuring the Trusted Program List
Predictive Machine Learning Settings
Privileges and Other Settings
Protected Security Agent Files
Password-protected Files
Includes password-protected compressed files or password-protected Microsoft Office files.
Solution: Remove the password protection to allow the
Security Agent
to clean these files.
Table of Contents
Preface
Documentation
Audience
Document Conventions
Terminology
Introduction
The Dashboard
About the Dashboard
Tabs and Widgets
Working with Tabs
Working with Widgets
Summary Tab
Critical Threats Widget
Users with Threats Widget
Endpoints with Threats Widget
Product Component Status Widget
Product Connection Status Widget
Ransomware Prevention Widget
Threat Investigation Tab
Critical Threats Widget
Security Posture Tab
Compliance Indicators
Critical Threats
Resolved Events
Security Posture Chart
Security Posture Details Pane
Data Loss Prevention Tab
DLP Incidents by Severity and Status Widget
DLP Incident Trends by User Widget
DLP Incidents by User Widget
DLP Incidents by Channel Widget
DLP Template Matches Widget
Top DLP Incident Sources Widget
DLP Violated Policy Widget
Compliance Tab
Product Application Compliance Widget
Product Component Status Widget
Product Connection Status Widget
Agent Connection Status Widget
Threat Statistics Tab
Apex Central Top Threats Widget
Apex Central Threat Statistics Widget
Threat Detection Results Widget
Policy Violation Detections Widget
C&C Callback Events Widget
Policy Management
Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Changing the Policy Owner
Understanding the Policy List
Reordering the Policy List
Policy Status
Policy Resources
Application Control Criteria
Defining Allowed Application Criteria
Defining Blocked Application Criteria
Application Match Methods
Application Reputation List
File Paths
File Path Example Usage
Certificates
Hash Values
Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for custom expressions
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How keyword lists work
Number of keywords condition
Distance condition
Custom keyword lists
Custom keyword list criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Custom DLP templates
Condition statements and logical pperators
Creating a Template
Importing Templates
Intrusion Prevention Rules
Intrusion Prevention Rule Properties
Device Control Allowed Devices
Apex Central Widgets
Apex Central Dashboard Widgets
Apex Central Top File-based Threats Widgets
Endpoint Protection Verification Widget
Hosts with C&C Callback Attempts Widget
Policy Status
Quick Launch
Unique Compromised Hosts Over Time Widget
Apex One Widgets
Apex One Dashboard Widgets
Top Blocked Applications
Top Endpoints Affected by IPS Events Widget
Top IPS Attack Sources
Top IPS Events
Top Violated Application Control Criteria
Apex One Security Agent Policies
Agent Configurations
Additional Service Settings
Configuring Additional Security Agent Services
Privileges and Other Settings
Configuring Agent Privileges
Configuring Other Agent Settings
Cache Settings for Scans
Digital Signature Cache
On-demand Scan Cache
POP3 Mail Scan
Update Agents
Assigning Security Agents as Update Agents
Application Control Policy Settings
Application Control
Configuring Application Control Settings (Agent)
Behavior Monitoring Policy Settings
Behavior Monitoring
Behavior Monitoring Rules
Behavior Monitoring Exception List
Exception List Wildcard Support
Exception List Environment Variable Support
Configuring Behavior Monitoring Rules and Exceptions
Anti-malware Scans
General Settings
Guidelines for Switching Scan Methods
Real-time Scan
Configuring Real-time Scan Settings
Real-time Scan: Target Tab
Real-time Scan: Action Tab
Real-time Scan: Scan Exclusion Tab
Scheduled Scan
Configuring Scheduled Scan Settings
Scheduled Scan: Target Tab
Scheduled Scan: Action Tab
Scheduled Scan: Scan Exclusion Tab
Manual Scan
Configuring Manual Scan Settings
Manual Scan: Target Tab
Manual Scan: Action Tab
Manual Scan: Scan Exclusion Tab
Scan Now
Configuring Scan Now Settings
Scan Now: Target Tab
Scan Now: Action Tab
Scan Now: Scan Exclusion Tab
Scan Actions
ActiveAction
Custom Scan Actions
Quarantine Directory
Uncleanable Files
Files Infected with Trojans
Files Infected with Worms
Write-protected Infected Files
Password-protected Files
Backup Files
Scan Exclusion Support
Trend Micro Product Directory Exclusions
Wildcard Exceptions
Web Reputation Policy Settings
Web Reputation
Configuring a Web Reputation Policy
HTTPS URL Scan Support
Unknown Threat Protection
Predictive Machine Learning
Configuring Predictive Machine Learning Settings
Configuring Sample Submission Settings
Configuring Suspicious Connection Settings
Device Control Policy Settings
Device Control
Configuring Device Control Settings
Permissions for Devices
Wildcard Support for the Device Control Allowed Programs List
Specifying a Digital Signature Provider
Exceptions
Trusted Program List
Configuring the Trusted Programs List
Rule Exceptions
Configuring Rule Exceptions
Spyware/Grayware Approved List
Managing the Spyware/Grayware Approved List
Endpoint Sensor Policy Settings
Endpoint Sensor
Configuring Endpoint Sensor Settings
Vulnerability Protection Policy Settings
Vulnerability Protection
Configuring Vulnerability Protection Settings
Advanced Logging Policy Modes
Apex One Server Policies
Apex One Server Policy Settings
Global Agent Settings
Security Settings
System Settings
Root Certificate Locations
Network Settings
Agent Control Settings
Apex One Data Loss Prevention Policies
Apex One Data Loss Prevention Policy Settings
Data Loss Prevention (DLP)
Configuring a Data Loss Prevention Policy
Configuring Data Loss Prevention Rules
Transmission Scope and Targets for Network Channels
Network Channels
Email Clients
System and Application Channels
Device List Tool
Running the Device List Tool
Data Loss Prevention Actions
Data Loss Prevention Exceptions
Defining Non-monitored and Monitored Targets
Transmission Scope: All Transmissions
Transmission Scope: Only Transmissions Outside the Local Area Network
Decompression Rules
Apex One Data Discovery Dashboard Widgets
Top Sensitive File Policy Detections Widget
Top Endpoints with Sensitive Files Widget
Top Data Discovery Template Matches Widget
Top Sensitive Files Widget
Apex One Data Discovery Policy Settings
Creating Data Discovery Policies
Apex One (Mac) Widgets and Policies
Apex One (Mac) Dashboard Widgets
Key Performance Indicators Widget
Configuring Key Performance Indicators
Configuring Widget Settings
Apex One (Mac) Policy Settings
General Settings
Scan Methods Compared
Switching from Smart Scan to Conventional Scan
Switching from Conventional Scan to Smart Scan
Scan Types
Real-time Scan
Configuring Real-time Scan Settings
Real-time Scan: Target Tab
Real-time Scan: Action Tab
Supported Compressed File Types
Scan Actions
Manual Scan
Configuring Manual Scan Settings
Manual Scan: Target Tab
Manual Scan: Action Tab
Supported Compressed File Types
Scan Actions
Scheduled Scan
Configuring Scheduled Scan Settings
Scheduled Scan: Target Tab
Scheduled Scan: Action Tab
Supported Compressed File Types
Scan Actions
Cache Settings for Scans
Scan Exclusions
Configuring Scan Exclusion Lists
Update Settings
Pure IPv6 Agent Limitations
Configuring Agent Update Settings
Web Reputation
Configuring Web Reputation Settings
Configuring the Approved and Blocked URL Lists
Device Control
Configuring Device Control Settings
Permissions for Storage Devices
Endpoint Sensor
Configuring Endpoint Sensor Settings
Exception Lists
Configuring the Trusted Program List
Predictive Machine Learning Settings
Privileges and Other Settings
Protected Security Agent Files