Profile tuning | Trend Micro Service Central

Views:

Profile tuning enables you make the right decision on how to remediate a vulnerability. Remediation might involve updating an asset, scheduling a change window to execute a patch, or turning the Digital Vaccine filter on in absence of an update from the software vendor.

Procedure

Select Profiles → Vulnerability Scans (eVR) → Profile Tuning.

The SMS displays a list of available profiles including the version and the dates the profile was last modified and distributed.

Select a profile, and click Next.

The SMS correlates the CVEs provided through a scan to the CVEs of DV filters, and lists all filters that are currently Not Protected and Permit Traffic.

Column	Description
Name	Unique name and number used to identify a filter.
Action Set	Current action set assigned to a filter and are set to disabled by default.
Category	Every DV filter is assigned to a category and cannot be changed.
Source	All CVEs that match a filter.
Severity	Severity level assigned to a filter, which helps you prioritize the vulnerabilities found.

Review the list of Not Protected/Permitting Filters.

To remediate these vulnerabilities, you should apply a blocking action set (Block, Block + Notify, or Block + Notify + Trace) to every filter.

However, in some cases, you may need to override the recommended action for individual filters due to specific network requirements, or in cases where the recommended settings for a filter interact poorly with your network. After a filter is customized, it is not affected by the global category settings that specify the filter State and Action.
- To use the recommended policy: Select one or more filters, select a blocking action set from the Change these filters to drop-down list, and click Apply to Selected.
- To override the recommended policy: Select a filter, and select an action set from the Pending Action Set drop-down list.
  If you ignore an action set for a filter, select Show Ignored Filters to show or hide these filters.
Click Next.

The SMS lists all of the CVEs that are included in a vulnerability scan, but that do not match the CVEs of a DV filter.
Review the list of Vulnerabilities with no Protection, and do one of the following:
- Enter comments for the selected CVE.
- View CVE Details.
Click Next.

The SMS lists all of the modified filters including the pending action set changes.
Review the list of Modified Filters, and do one of the following:
- Enter the same comments for all of the modified filters within the profile.
- Click Launch distribution wizard when finished to immediately distribute the profile.
- Click Finish to save the updates to your security policy without distributing the profile.