Views:

Security Agents can log and block all connections made between endpoints and addresses in the Global C&C IP list. You can also log, but still allow access to, IP addresses configured in the User-defined Blocked IP List.

Security Agents can also monitor connections that may be the result of a botnet or other malware threat. After detecting a malware threat, Security Agents can attempt to clean the infection.

  1. Enable the Detect network connections made to addresses in the Global C&C IP list setting to monitor connections made to Trend Micro confirmed C&C servers and select to Log only or Block connections.

    • To allow agents to connect to addresses in the User-defined Blocked IP list, enable the Log and allow access to User-defined Blocked IP list addresses setting.

    Note:

    You must enable network connection logging before Security Agents can allow access to addresses in the User-defined Blocked IP list.

  2. Enable the Detect connections using malware network fingerprinting setting and select to Log only or Block connections.

    • To allow Security Agents to attempt to clean connections made to C&C servers, enable the Clean suspicious connections when a C&C callback is detected setting. Security Agents use GeneriClean to clean the malware threat and terminate the connection to the C&C server.

    Note:

    You must enable Log connections using malware network fingerprinting before Security Agents can attempt to clean the connections made to C&C servers detected by packet structure matching.

Parent topic: Unknown Threat Protection