Endpoint Sensor Investigation

The Endpoint Sensor Investigation widget connects with a remote Trend Micro Endpoint Sensor server to start an investigation and display the results from this investigation directly from the Apex Central dashboard.

Click Start a New Investigation to initiate a new investigation, and then select an investigation method:

• Historical Records to Investigate historical events based on user-defined criteria
• System Snapshot to investigate the current state of the selected endpoints

Once the New Investigation page appears, fill in the required criteria. The following investigation types are available:

Click Investigate to start the investigation. To stop an ongoing investigation, click Cancel.

The widget refreshes periodically to display the progress of the investigation. The widget displays a doughnut chart which gives a visual representation of the total endpoints classified as:

• Matched: indicates the number of endpoints where a matched object was found.
• Safe: indicates the number of endpoints where a matched object was not found.
• Pending: indicates the number of endpoints not yet investigated.
• Canceled: indicates the number of endpoints that meet any of the following criteria:
  • The investigation performed on the endpoint encountered an error
  • The endpoint is offline, or all commands sent to the endpoint result in a timeout
  • The investigation for the endpoint was manually interrupted by the user

A breakdown of the totals is given on the right of the doughnut chart. Click the count for each classification to view the Investigation Results screen. This screen gives more details regarding the latest investigation results started from Apex Central.