Retro Scan is a cloud-based service that scans historical web access logs for callback
attempts
to C&C servers and other related activities in your network. Web access logs may include
undetected and unblocked connections to C&C servers that have only recently been discovered.
Examination of such logs is an important part of forensic investigations to determine
if your
network is affected by attacks.
Retro Scan stores the following log information in the Smart Protection Network:
-
IP addresses of endpoints monitored by Deep Discovery Inspector
-
URLs accessed by endpoints
-
GUID of Deep Discovery Inspector
Retro Scan then periodically scans the stored log entries to check for callback attempts
to
C&C servers in the following lists:
-
Trend Micro Global Intelligence list: Trend Micro compiles the list from multiple sources and evaluates the risk level of each C&C callback address. The C&C list is updated and delivered to enabled products daily.
-
User-defined list: Retro Scan can also scan logs against your own C&C server list. Addresses must be stored in a text file.
 |
ImportantThe Retro Scan screen in Deep Discovery Inspector only displays information for scans
that use
the Trend Micro Global Intelligence list.
|