You’re offline. This is a read only version of the page.
Online Help Center
Search
Support
For Home
For Business
English (US)
Bahasa Indonesia (Indonesian)
Dansk (Danish)
Deutsch (German)
English (Australia)
English (US)
Español (Spanish)
Français (French)
Français Canadien
(Canadian French)
Italiano (Italian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português - Brasil
(Portuguese - Brazil)
Português - Portugal
(Portuguese - Portugal)
Svenska (Swedish)
ภาษาไทย (Thai)
Tiếng Việt (Vietnamese)
Türkçe (Turkish)
Čeština (Czech)
Ελληνικά (Greek)
Български (Bulgarian)
Русский (Russian)
עברית (Hebrew)
اللغة العربية (Arabic)
日本語 (Japanese)
简体中文
(Simplified Chinese)
繁體中文
(Traditional Chinese)
繁體中文 HK
(Traditional Chinese)
한국어 (Korean)
Cancel
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More
Yes, I agree
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
Privacy and Personal Data Collection Disclosure
Preface
Documentation
Audience
Document Conventions
Terminology
Introduction
Introducing Apex Central
About Apex Central
What's New
Key Features and Benefits
Apex Central Architecture
Getting Started
The Web Console
About the Web Console
Web Console Requirements
Assigning HTTPS Access to the Web Console
Accessing the Web Console
Configuring Web Console Settings
The Dashboard
About the Dashboard
Tabs and Widgets
Working with Tabs
Working with Widgets
Security Posture Tab
Compliance Indicators
Critical Threats
Resolved Events
Security Posture Chart
Security Posture Details Pane
Summary Tab
Critical Threats Widget
Users with Threats Widget
Endpoints with Threats Widget
Apex Central Top Threats Widget
Product Component Status Widget
Product Connection Status Widget
Ransomware Prevention Widget
Data Loss Prevention Tab
DLP Incident Trends by User Widget
DLP Incidents by Severity and Status Widget
DLP Incidents by User Widget
DLP Incidents by Channel Widget
DLP Template Matches Widget
Top DLP Incident Sources Widget
DLP Violated Policy Widget
Compliance Tab
Product Application Compliance Widget
Product Component Status Widget
Product Connection Status Widget
Agent Connection Status Widget
Threat Statistics Tab
Apex Central Top Threats Widget
Apex Central Threat Statistics Widget
Threat Detection Results Widget
Policy Violation Detections Widget
C&C Callback Events Widget
Account Management
User Accounts
Root Account
Adding a User Account
Managed Product Access Control
Editing a User Account
Enabling or Disabling Two-Factor Authentication
Viewing or Editing User Account Information
User Roles
Default User Roles
Adding a User Role
Editing a User Role
License Management
Apex Central Activation and License Information
Activating Apex Central
Viewing and Renewing Apex Central License Information
Managed Product Activation and Registration
License Management Details
Managed Product License Information
Activating Managed Products
Renewing Managed Product Licenses
Active Directory and Compliance Settings
Active Directory Integration
Configuring Active Directory Connection Settings
Troubleshooting Active Directory Synchronization
Compliance Indicators
Configuring the Antivirus Pattern Compliance Indicators
Configuring the Data Loss Prevention Compliance Indicator
Endpoint and User Grouping
Sites
Creating a Custom Site
Merging Sites
Reporting Lines
Creating a Custom Reporting Line
Merging Reporting Lines
User/Endpoint Directory
User/Endpoint Directory
User Details
Security Threats for Users
Policy Status
Contact Information
Synchronizing Contact Information with Active Directory
Endpoint Details
Endpoint Information
Security Threats on Endpoints
Policy Status
Notes for Endpoints
General Information for Endpoints
Isolating Endpoints
Active Directory Details
Affected Users
General Information for Security Threats
Analyzing Impact on Affected Users
Performing a Retro Scan on Affected Users
Retro Scan in Deep Discovery Inspector
Using the Advanced Search
Advanced Search Categories
Custom Tags and Filters
Custom Tags
Creating a Custom Tag
Assigning Custom Tags to Users/Endpoints
Filters
Default Endpoint Filters
Creating a Custom Filter
User or Endpoint Importance
Managed Product Integration
Managed Product Registration
Managed Product Registration Methods
Server Registration
Managed Server Details
Adding a Managed Server
Editing a Managed Server
Deleting a Managed Server
Configuring Proxy Settings for Managed Products
Configuring Cloud Service Settings
Managed Product Communication
Modifying the Default Agent Communication Schedule
Configuring Agent Communication Schedules
Configuring Managed Product Heartbeat Intervals
Security Agent Installation
Downloading Security Agent Installation Packages
Apex One Security Agent System Requirements
Windows Endpoint Platforms
Windows 7 (32-bit / 64-bit) Service Pack 1 Requirements
Windows 8.1 (32-bit / 64-bit) Requirements
Windows 10 (32-bit / 64-bit) Requirements
Windows Server Platforms
Windows Server 2008 R2 (64-bit) Platforms
Windows MultiPoint Server 2010 (64-bit) Platform
Windows MultiPoint Server 2011 (64-bit) Platform
Windows Server 2012 (64-bit) Platforms
Windows Server 2016 (64-bit) Platforms
Windows Server 2019 (64-bit) Platforms
Apex One (Mac) Security Agent Installation
Apex One (Mac) Security Agent System Requirements
Product Directory
Product Directory
Connection Status Icons
Viewing Managed Product Status Summaries
Performing an Advanced Search of the Product Directory
Executing Managed Product Tasks
Configuring Managed Product Settings
Querying Logs from the Product Directory
Directory Management
Managing the Product Directory
Recovering Managed Products
Component Updates
Component Updates
Component List
Update Source
Deployment Plan
Adding a Deployment Schedule
Configuring Scheduled Update Settings
Configuring Manual Update Settings
Configuring Proxy Settings for Component/License Updates, Cloud Services, and Syslog Forwarding
Command Tracking and Product Communication
Command Tracking
Querying and Viewing Commands
Command Details
Configuring Communication Time-out Settings
Policies
Policy Management
Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Changing the Policy Owner
Understanding the Policy List
Reordering the Policy List
Policy Status
Policy Resources
Application Control Criteria
Defining Allowed Application Criteria
Defining Blocked Application Criteria
Application Match Methods
Application Reputation List
File Paths
File Path Example Usage
Certificates
Hash Values
Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for Customized Expressions
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How Keyword Lists Work
Number of Keywords Condition
Distance Condition
Customized Keyword Lists
Customized Keyword List Criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Customized DLP Templates
Condition Statements and Logical Operators
Creating a Template
Importing Templates
Intrusion Prevention Rules
Intrusion Prevention Rule Properties
Device Control Allowed Devices
Detections
Logs
Log Queries
Querying Logs
Log Names and Data Views
Configuring Log Aggregation
Configuring Syslog Forwarding
Disabling Syslog Forwarding
Supported Log Types and Formats
Deleting Logs
Notifications
Event Notifications
Notification Method Settings
Configuring SMTP Server Settings
Configuring SNMP Trap Settings
Configuring Syslog Settings
Configuring Trigger Application Settings
Contact Groups
Adding Contact Groups
Editing Contact Groups
Advanced Threat Activity Events
Attack Discovery Detections
Behavior Monitoring Violations
C&C Callback Alert
C&C Callback Outbreak Alert
Correlated Incident Detections
Email Messages with Advanced Threats
High Risk Virtual Analyzer Detections
High Risk Host Detections
Known Targeted Attack Behavior
Potential Document Exploit Detections
Predictive Machine Learning Detections
Rootkit or Hacking Tool Detections
SHA-1 Deny List Detections
Watchlisted Recipients at Risk
Worm or File Infector Propagation Detections
Content Policy Violation Events
Email Policy Violation
Web Access Security Violation
Data Loss Prevention Events
Incident Details Updated
Scheduled Incident Summary
Significant Incident Increase
Significant Incident Increase by Channel
Significant Incident Increase by Sender
Significant Incident Increase by User
Significant Template Match Increase
Known Threat Activity Events
Network Virus Alert
Special Spyware/Grayware Alert
Special Virus Alert
Spyware/Grayware Found - Action Successful
Spyware/Grayware Found - Further Action Required
Virus Found - First Action Successful
Virus Found - First Action Unsuccessful and Second Action Unavailable
Virus Found - First and Second Actions Unsuccessful
Virus Found - Second Action Successful
Virus Outbreak Alert
Network Access Control Events
Network VirusWall Policy Violations
Potential Vulnerability Attacks
Unusual Product Behavior Events
Managed Product Unreachable
Product Service Started
Product Service Stopped
Real-time Scan Disabled
Real-time Scan Enabled
Updates
Antispam Rule Update Successful
Antispam Rule Update Unsuccessful
Pattern File/Cleanup Template Update Successful
Pattern File/Cleanup Template Update Unsuccessful
Scan Engine Update Successful
Scan Engine Update Unsuccessful
Reports
Reports Overview
Custom Templates
Adding or Editing Custom Templates
Configuring the Static Text Report Element
Configuring the Bar Chart Report Element
Configuring the Line Chart Report Element
Configuring the Pie Chart Report Element
Configuring the Dynamic Table Report Element
Configuring the Grid Table Report Element
One-time Reports
Creating One-time Reports
Viewing One-Time Reports
Scheduled Reports
Adding Scheduled Reports
Editing Scheduled Reports
Viewing Scheduled Reports
Configuring Report Maintenance
Viewing My Reports
Data Loss Prevention Incidents
Administrator Tasks
Setting Up Manager Information in Active Directory Users
Understanding DLP User Roles
Creating DLP Auditing Logs
DLP Incident Review Process
Understanding the Incident Information List
Reviewing Incident Details
Threat Intelligence and Response
Connected Threat Defense
About Connected Threat Defense
Feature Requirements
Suspicious Object List Management
Suspicious Object Lists
Adding Exceptions to the Virtual Analyzer Suspicious Object List
Suspicious Object Scan Actions
Configuring Distribution Settings
Suspicious Object Detection
Viewing At Risk Endpoints and Recipients
Analyzing Impact from Virtual Analyzer Suspicious Objects
Historical Investigations in Endpoint Sensor
Viewing the Handling Process
Preemptive Protection Against Suspicious Objects
Adding Objects to the User-Defined Suspicious Object List
Importing User-Defined Suspicious Object Lists
Adding STIX Objects to the User-Defined Suspicious Object List
Adding OpenIOC Objects to the User-Defined Suspicious Object List
Analyzing Impact and Responding to IOCs from User-Defined Suspicious Objects
Isolating Endpoints
Connected Threat Defense Product Integration
Apex Central
Apex One
Apex One Endpoint Sensor
Apex One Sandbox as a Service
Cloud App Security
Deep Discovery Analyzer
Deep Discovery Director
Deep Discovery Email Inspector
Deep Discovery Inspector
Deep Discovery Web Inspector
Deep Security Manager
Email Security
InterScan Messaging Security Virtual Appliance
InterScan Web Security Virtual Applicance
ScanMail for Microsoft Exchange
Smart Protection Server
Endpoint Application Control
Web Security
Threat Investigation
Threat Investigation Overview
Endpoint Sensor Metadata
Historical Investigations
Using User-defined Criteria for Historical Investigations
Supported Formats for User-defined Criteria
Using OpenIOC files for a Historical Investigation
Supported IOC Indicators for Historical Investigations
Starting a Root Cause Analysis from an Assessment
Root Cause Analysis Results
Live Investigations
Starting a One-time Investigation
One-Time Investigation
Starting a Scheduled Investigation
Scheduled Investigation
Reviewing the Scheduled Investigation History
Supported IOC Indicators for Live Investigations
Investigation Results
Analysis Chains
Object Details: Profile Tab
Object Details: Related Objects Tab
Navigating the Analysis Chain
Root Cause Analysis Icons
Object Details
Managed Detection and Response
Managed Detection and Response Overview
Registering Apex Central to the Threat Investigation Center
Unregistering from the Threat Investigation Center Server
Suspending or Resuming the Managed Detection and Response Service
Approving or Rejecting Investigation Tasks
Threat Investigation Center Task Commands
Endpoint Sensor Service Statuses
Tracking Investigation Tasks
Threat Investigation Center Task Statuses
Threat Investigation Center Command Statuses
Viewing Automated Analyses
Tracking Managed Detection and Response Task Commands
Command Details
Querying Supported Targets
The Threat Investigation Center Agent for Managed Detection and Response
Suspicious Object Hub and Node Architecture
Suspicious Object Hub and Node Apex Central Servers
Configuring the Suspicious Object Hub and Nodes
Unregistering a Suspicious Object Node from the Hub Apex Central
Configuration Notes
Automation Center
Apex Central Automation Center
Tools and Support
Administering the Database
Understanding the Apex Central Database
Understanding the db_ApexCentral Tables
Backing Up db_ApexCentral Using SQL Server Management Studio
Restoring Backup db_ApexCentral Using SQL Server Management Studio
Shrinking db_ApexCentral_Log.ldf Using SQL Commands
Shrinking db_ApexCentral_log.ldf Using SQL Server Management Studio
Shrinking the db_ApexCentral_log.ldf File Size on Microsoft SQL Server 2008 (or later)
Apex Central Tools
About Apex Central Tools
Using the Agent Migration Tool (AgentMigrateTool.exe)
Using the Database Configuration Tool (DBConfig.exe)
Technical Support
Troubleshooting Resources
Using the Support Portal
Threat Encyclopedia
Contacting Trend Micro
Speeding Up the Support Call
Sending Suspicious Content to Trend Micro
Email Reputation Services
File Reputation Services
Web Reputation Services
Other Resources
Download Center
Documentation Feedback
Appendices
Apex Central System Checklists
Server Address Checklist
Port Checklist
Apex Central Conventions
Core Processes and Configuration Files
Communication and Listening Ports
Data Views
Data View: Security Logs
Advanced Threat Information
Detailed C&C Callback Information
Detailed Predictive Machine Learning Information
Detailed Suspicious File Information
Virtual Analyzer Detection Information
Detailed Virtual Analyzer Suspicious Object Impact Information
Attack Discovery Detections
Attack Discovery Detection Information
Detailed Attack Discovery Detection Information
Content Violation Information
Content Violation Action/Result Summary
Content Violation Detection Over Time Summary
Content Violation Policy Summary
Content Violation Sender Summary
Detailed Content Violation Information
Email Messages with Advanced Threats
Data Discovery Information
Data Discovery Data Loss Prevention Detection Information
Data Discovery Endpoint Information
Data Loss Prevention Information
DLP Incident Information
DLP Template Match Information
Deep Discovery Information
Detailed Correlation Information
Detailed Mitigation Information
Detailed Suspicious Threat Information
Overall Suspicious Threat Summary
Suspicious Source Summary
Suspicious Riskiest Endpoints Summary
Suspicious Riskiest Recipient Summary
Suspicious Sender Summary
Suspicious Threat Protocol Detection Summary
Suspicious Threat Detection Over Time Summary
Gray Detection Information
Overall Threat Information
Network Protection Boundary Information
Network Security Threat Analysis Information
Security Threat Endpoint Analysis Information
Security Threat Entry Analysis Information
Security Threat Source Analysis Information
Policy/Rule Violation Information
Device Access Control Information
Detailed Application Activity
Detailed Application Control Violation Information
Detailed Behavior Monitoring Information
Detailed Endpoint Security Compliance Information
Detailed Endpoint Security Violation Information
Detailed Firewall Violation Information
Detailed Intrusion Prevention Information
Integrity Monitoring Information
Network Content Inspection Information
Spam Violation Information
Detailed Spam Information
Overall Spam Violation Summary
Spam Connection Information
Spam Detection Over Time Summary
Spam Recipient Summary
Spyware/Grayware Information
Detailed Spyware/Grayware Information
Endpoint Spyware/Grayware
Endpoint Spyware/Grayware Summary
Email Spyware/Grayware
Network Spyware/Grayware
Overall Spyware/Grayware Summary
Spyware/Grayware Action/Result Summary
Spyware/Grayware Detection Over Time Summary
Spyware/Grayware Source Summary
Web Spyware/Grayware
Virus/Malware Information
Detailed Virus/Malware Information
Endpoint Virus/Malware Information
Email Virus/Malware Information
Network Virus/Malware Information
Overall Virus/Malware Summary
Virus/Malware Action/Result Summary
Virus/Malware Detection Over Time Summary
Virus/Malware Endpoint Summary
Virus/Malware Source Summary
Web Virus/Malware Information
Web Violation/Reputation Information
Detailed Web Reputation Information
Detailed Web Violation Information
Overall Web Violation Summary
Web Violation Detection Over Time Summary
Web Violation Detection Summary
Web Violation Endpoint Summary
Web Violation Filter/Blocking Type Summary
Web Violation URL Summary
Data View: Product Information
Apex Central Information
Apex Central Event Information
Command Tracking Information
Detailed Command Tracking Information
Unmanaged Endpoint Information
User Access Information
Component Information
Endpoint Pattern/Engine Status Summary
Endpoint Pattern/Rule Update Status Summary
Engine Status
Pattern/Rule Status
Pattern File/Rule Status Summary
Product Component Deployment
Scan Engine Status Summary
License Information
Detailed Product License Information
Product License Information Summary
Product License Status
Managed Product Information
Product Auditing Event Log
Product Distribution Summary
Product Event Information
Product Status Information
Token Variables
Standard Token Variables
Advanced Threat Activity Token Variables
Attack Discovery Token Variables
C&C Callback Token Variables
Content Policy Violation Token Variables
Data Loss Prevention Token Variables
Known Threat Activity Token Variables
Network Access Control Token Variables
Web Access Policy Violation Token Variables
IPv6 Support
Apex Central Server Requirements
IPv6 Support Limitations
Configuring IPv6 Addresses
Screens That Display IP Addresses
MIB Files
Using the Apex Central MIB File
Using the NVW Enforcer SNMPv2 MIB File
Syslog Content Mapping - CEF
CEF Attack Discovery Detection Logs
CEF Behavior Monitoring Logs
CEF C&C Callback Logs
CEF Content Security Logs
Filter Action Mapping Table
Filter Action Result Mapping Table
CEF Data Loss Prevention Logs
Action Result Mapping Table
Channel Mapping Table
CEF Device Access Control Logs
Product ID Mapping Table
CEF Endpoint Application Control Logs
CEF Engine Update Status Logs
CEF Intrusion Prevention Logs
CEF Managed Product Logon/Logoff Events
CEF Network Content Inspection Logs
CEF Pattern Update Status Logs
CEF Predictive Machine Learning Logs
Threat Type Mapping Table
CEF Product Auditing Events
CEF Sandbox Detection Logs
CEF Spyware/Grayware Logs
Action Mapping Table
Spyware/Grayware Scan Type Mapping Table
Spyware/Grayware Risk Type Mapping Table
CEF Suspicious File Logs
CEF Virus/Malware Logs
Second Action Mapping Table
CEF Web Security Logs
Filter/Blocking Type Mapping Table
Protocol Mapping Table
Introduction
Introducing Apex Central
Table of Contents
Privacy and Personal Data Collection Disclosure
Preface
Documentation
Audience
Document Conventions
Terminology
Introduction
Introducing Apex Central
About Apex Central
What's New
Key Features and Benefits
Apex Central Architecture
Getting Started
The Web Console
About the Web Console
Web Console Requirements
Assigning HTTPS Access to the Web Console
Accessing the Web Console
Configuring Web Console Settings
The Dashboard
About the Dashboard
Tabs and Widgets
Working with Tabs
Working with Widgets
Security Posture Tab
Compliance Indicators
Critical Threats
Resolved Events
Security Posture Chart
Security Posture Details Pane
Summary Tab
Critical Threats Widget
Users with Threats Widget
Endpoints with Threats Widget
Apex Central Top Threats Widget
Product Component Status Widget
Product Connection Status Widget
Ransomware Prevention Widget
Data Loss Prevention Tab
DLP Incident Trends by User Widget
DLP Incidents by Severity and Status Widget
DLP Incidents by User Widget
DLP Incidents by Channel Widget
DLP Template Matches Widget
Top DLP Incident Sources Widget
DLP Violated Policy Widget
Compliance Tab
Product Application Compliance Widget
Product Component Status Widget
Product Connection Status Widget
Agent Connection Status Widget
Threat Statistics Tab
Apex Central Top Threats Widget
Apex Central Threat Statistics Widget
Threat Detection Results Widget
Policy Violation Detections Widget
C&C Callback Events Widget
Account Management
User Accounts
Root Account
Adding a User Account
Managed Product Access Control
Editing a User Account
Enabling or Disabling Two-Factor Authentication
Viewing or Editing User Account Information
User Roles
Default User Roles
Adding a User Role
Editing a User Role
License Management
Apex Central Activation and License Information
Activating Apex Central
Viewing and Renewing Apex Central License Information
Managed Product Activation and Registration
License Management Details
Managed Product License Information
Activating Managed Products
Renewing Managed Product Licenses
Active Directory and Compliance Settings
Active Directory Integration
Configuring Active Directory Connection Settings
Troubleshooting Active Directory Synchronization
Compliance Indicators
Configuring the Antivirus Pattern Compliance Indicators
Configuring the Data Loss Prevention Compliance Indicator
Endpoint and User Grouping
Sites
Creating a Custom Site
Merging Sites
Reporting Lines
Creating a Custom Reporting Line
Merging Reporting Lines
User/Endpoint Directory
User/Endpoint Directory
User Details
Security Threats for Users
Policy Status
Contact Information
Synchronizing Contact Information with Active Directory
Endpoint Details
Endpoint Information
Security Threats on Endpoints
Policy Status
Notes for Endpoints
General Information for Endpoints
Isolating Endpoints
Active Directory Details
Affected Users
General Information for Security Threats
Analyzing Impact on Affected Users
Performing a Retro Scan on Affected Users
Retro Scan in Deep Discovery Inspector
Using the Advanced Search
Advanced Search Categories
Custom Tags and Filters
Custom Tags
Creating a Custom Tag
Assigning Custom Tags to Users/Endpoints
Filters
Default Endpoint Filters
Creating a Custom Filter
User or Endpoint Importance
Managed Product Integration
Managed Product Registration
Managed Product Registration Methods
Server Registration
Managed Server Details
Adding a Managed Server
Editing a Managed Server
Deleting a Managed Server
Configuring Proxy Settings for Managed Products
Configuring Cloud Service Settings
Managed Product Communication
Modifying the Default Agent Communication Schedule
Configuring Agent Communication Schedules
Configuring Managed Product Heartbeat Intervals
Security Agent Installation
Downloading Security Agent Installation Packages
Apex One Security Agent System Requirements
Windows Endpoint Platforms
Windows 7 (32-bit / 64-bit) Service Pack 1 Requirements
Windows 8.1 (32-bit / 64-bit) Requirements
Windows 10 (32-bit / 64-bit) Requirements
Windows Server Platforms
Windows Server 2008 R2 (64-bit) Platforms
Windows MultiPoint Server 2010 (64-bit) Platform
Windows MultiPoint Server 2011 (64-bit) Platform
Windows Server 2012 (64-bit) Platforms
Windows Server 2016 (64-bit) Platforms
Windows Server 2019 (64-bit) Platforms
Apex One (Mac) Security Agent Installation
Apex One (Mac) Security Agent System Requirements
Product Directory
Product Directory
Connection Status Icons
Viewing Managed Product Status Summaries
Performing an Advanced Search of the Product Directory
Executing Managed Product Tasks
Configuring Managed Product Settings
Querying Logs from the Product Directory
Directory Management
Managing the Product Directory
Recovering Managed Products
Component Updates
Component Updates
Component List
Update Source
Deployment Plan
Adding a Deployment Schedule
Configuring Scheduled Update Settings
Configuring Manual Update Settings
Configuring Proxy Settings for Component/License Updates, Cloud Services, and Syslog Forwarding
Command Tracking and Product Communication
Command Tracking
Querying and Viewing Commands
Command Details
Configuring Communication Time-out Settings
Policies
Policy Management
Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Changing the Policy Owner
Understanding the Policy List
Reordering the Policy List
Policy Status
Policy Resources
Application Control Criteria
Defining Allowed Application Criteria
Defining Blocked Application Criteria
Application Match Methods
Application Reputation List
File Paths
File Path Example Usage
Certificates
Hash Values
Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for Customized Expressions
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How Keyword Lists Work
Number of Keywords Condition
Distance Condition
Customized Keyword Lists
Customized Keyword List Criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Customized DLP Templates
Condition Statements and Logical Operators
Creating a Template
Importing Templates
Intrusion Prevention Rules
Intrusion Prevention Rule Properties
Device Control Allowed Devices
Detections
Logs
Log Queries
Querying Logs
Log Names and Data Views
Configuring Log Aggregation
Configuring Syslog Forwarding
Disabling Syslog Forwarding
Supported Log Types and Formats
Deleting Logs
Notifications
Event Notifications
Notification Method Settings
Configuring SMTP Server Settings
Configuring SNMP Trap Settings
Configuring Syslog Settings
Configuring Trigger Application Settings
Contact Groups
Adding Contact Groups
Editing Contact Groups
Advanced Threat Activity Events
Attack Discovery Detections
Behavior Monitoring Violations
C&C Callback Alert
C&C Callback Outbreak Alert
Correlated Incident Detections
Email Messages with Advanced Threats
High Risk Virtual Analyzer Detections
High Risk Host Detections
Known Targeted Attack Behavior
Potential Document Exploit Detections
Predictive Machine Learning Detections
Rootkit or Hacking Tool Detections
SHA-1 Deny List Detections
Watchlisted Recipients at Risk
Worm or File Infector Propagation Detections
Content Policy Violation Events
Email Policy Violation
Web Access Security Violation
Data Loss Prevention Events
Incident Details Updated
Scheduled Incident Summary
Significant Incident Increase
Significant Incident Increase by Channel
Significant Incident Increase by Sender
Significant Incident Increase by User
Significant Template Match Increase
Known Threat Activity Events
Network Virus Alert
Special Spyware/Grayware Alert
Special Virus Alert
Spyware/Grayware Found - Action Successful
Spyware/Grayware Found - Further Action Required
Virus Found - First Action Successful
Virus Found - First Action Unsuccessful and Second Action Unavailable
Virus Found - First and Second Actions Unsuccessful
Virus Found - Second Action Successful
Virus Outbreak Alert
Network Access Control Events
Network VirusWall Policy Violations
Potential Vulnerability Attacks
Unusual Product Behavior Events
Managed Product Unreachable
Product Service Started
Product Service Stopped
Real-time Scan Disabled
Real-time Scan Enabled
Updates
Antispam Rule Update Successful
Antispam Rule Update Unsuccessful
Pattern File/Cleanup Template Update Successful
Pattern File/Cleanup Template Update Unsuccessful
Scan Engine Update Successful
Scan Engine Update Unsuccessful
Reports
Reports Overview
Custom Templates
Adding or Editing Custom Templates
Configuring the Static Text Report Element
Configuring the Bar Chart Report Element
Configuring the Line Chart Report Element
Configuring the Pie Chart Report Element
Configuring the Dynamic Table Report Element
Configuring the Grid Table Report Element
One-time Reports
Creating One-time Reports
Viewing One-Time Reports
Scheduled Reports
Adding Scheduled Reports
Editing Scheduled Reports
Viewing Scheduled Reports
Configuring Report Maintenance
Viewing My Reports
Data Loss Prevention Incidents
Administrator Tasks
Setting Up Manager Information in Active Directory Users
Understanding DLP User Roles
Creating DLP Auditing Logs
DLP Incident Review Process
Understanding the Incident Information List
Reviewing Incident Details
Threat Intelligence and Response
Connected Threat Defense
About Connected Threat Defense
Feature Requirements
Suspicious Object List Management
Suspicious Object Lists
Adding Exceptions to the Virtual Analyzer Suspicious Object List
Suspicious Object Scan Actions
Configuring Distribution Settings
Suspicious Object Detection
Viewing At Risk Endpoints and Recipients
Analyzing Impact from Virtual Analyzer Suspicious Objects
Historical Investigations in Endpoint Sensor
Viewing the Handling Process
Preemptive Protection Against Suspicious Objects
Adding Objects to the User-Defined Suspicious Object List
Importing User-Defined Suspicious Object Lists
Adding STIX Objects to the User-Defined Suspicious Object List
Adding OpenIOC Objects to the User-Defined Suspicious Object List
Analyzing Impact and Responding to IOCs from User-Defined Suspicious Objects
Isolating Endpoints
Connected Threat Defense Product Integration
Apex Central
Apex One
Apex One Endpoint Sensor
Apex One Sandbox as a Service
Cloud App Security
Deep Discovery Analyzer
Deep Discovery Director
Deep Discovery Email Inspector
Deep Discovery Inspector
Deep Discovery Web Inspector
Deep Security Manager
Email Security
InterScan Messaging Security Virtual Appliance
InterScan Web Security Virtual Applicance
ScanMail for Microsoft Exchange
Smart Protection Server
Endpoint Application Control
Web Security
Threat Investigation
Threat Investigation Overview
Endpoint Sensor Metadata
Historical Investigations
Using User-defined Criteria for Historical Investigations
Supported Formats for User-defined Criteria
Using OpenIOC files for a Historical Investigation
Supported IOC Indicators for Historical Investigations
Starting a Root Cause Analysis from an Assessment
Root Cause Analysis Results
Live Investigations
Starting a One-time Investigation
One-Time Investigation
Starting a Scheduled Investigation
Scheduled Investigation
Reviewing the Scheduled Investigation History
Supported IOC Indicators for Live Investigations
Investigation Results
Analysis Chains
Object Details: Profile Tab
Object Details: Related Objects Tab
Navigating the Analysis Chain
Root Cause Analysis Icons
Object Details
Managed Detection and Response
Managed Detection and Response Overview
Registering Apex Central to the Threat Investigation Center
Unregistering from the Threat Investigation Center Server
Suspending or Resuming the Managed Detection and Response Service
Approving or Rejecting Investigation Tasks
Threat Investigation Center Task Commands
Endpoint Sensor Service Statuses
Tracking Investigation Tasks
Threat Investigation Center Task Statuses
Threat Investigation Center Command Statuses
Viewing Automated Analyses
Tracking Managed Detection and Response Task Commands
Command Details
Querying Supported Targets
The Threat Investigation Center Agent for Managed Detection and Response
Suspicious Object Hub and Node Architecture
Suspicious Object Hub and Node Apex Central Servers
Configuring the Suspicious Object Hub and Nodes
Unregistering a Suspicious Object Node from the Hub Apex Central
Configuration Notes
Automation Center
Apex Central Automation Center
Tools and Support
Administering the Database
Understanding the Apex Central Database
Understanding the db_ApexCentral Tables
Backing Up db_ApexCentral Using SQL Server Management Studio
Restoring Backup db_ApexCentral Using SQL Server Management Studio
Shrinking db_ApexCentral_Log.ldf Using SQL Commands
Shrinking db_ApexCentral_log.ldf Using SQL Server Management Studio
Shrinking the db_ApexCentral_log.ldf File Size on Microsoft SQL Server 2008 (or later)
Apex Central Tools
About Apex Central Tools
Using the Agent Migration Tool (AgentMigrateTool.exe)
Using the Database Configuration Tool (DBConfig.exe)
Technical Support
Troubleshooting Resources
Using the Support Portal
Threat Encyclopedia
Contacting Trend Micro
Speeding Up the Support Call
Sending Suspicious Content to Trend Micro
Email Reputation Services
File Reputation Services
Web Reputation Services
Other Resources
Download Center
Documentation Feedback
Appendices
Apex Central System Checklists
Server Address Checklist
Port Checklist
Apex Central Conventions
Core Processes and Configuration Files
Communication and Listening Ports
Data Views
Data View: Security Logs
Advanced Threat Information
Detailed C&C Callback Information
Detailed Predictive Machine Learning Information
Detailed Suspicious File Information
Virtual Analyzer Detection Information
Detailed Virtual Analyzer Suspicious Object Impact Information
Attack Discovery Detections
Attack Discovery Detection Information
Detailed Attack Discovery Detection Information
Content Violation Information
Content Violation Action/Result Summary
Content Violation Detection Over Time Summary
Content Violation Policy Summary
Content Violation Sender Summary
Detailed Content Violation Information
Email Messages with Advanced Threats
Data Discovery Information
Data Discovery Data Loss Prevention Detection Information
Data Discovery Endpoint Information
Data Loss Prevention Information
DLP Incident Information
DLP Template Match Information
Deep Discovery Information
Detailed Correlation Information
Detailed Mitigation Information
Detailed Suspicious Threat Information
Overall Suspicious Threat Summary
Suspicious Source Summary
Suspicious Riskiest Endpoints Summary
Suspicious Riskiest Recipient Summary
Suspicious Sender Summary
Suspicious Threat Protocol Detection Summary
Suspicious Threat Detection Over Time Summary
Gray Detection Information
Overall Threat Information
Network Protection Boundary Information
Network Security Threat Analysis Information
Security Threat Endpoint Analysis Information
Security Threat Entry Analysis Information
Security Threat Source Analysis Information
Policy/Rule Violation Information
Device Access Control Information
Detailed Application Activity
Detailed Application Control Violation Information
Detailed Behavior Monitoring Information
Detailed Endpoint Security Compliance Information
Detailed Endpoint Security Violation Information
Detailed Firewall Violation Information
Detailed Intrusion Prevention Information
Integrity Monitoring Information
Network Content Inspection Information
Spam Violation Information
Detailed Spam Information
Overall Spam Violation Summary
Spam Connection Information
Spam Detection Over Time Summary
Spam Recipient Summary
Spyware/Grayware Information
Detailed Spyware/Grayware Information
Endpoint Spyware/Grayware
Endpoint Spyware/Grayware Summary
Email Spyware/Grayware
Network Spyware/Grayware
Overall Spyware/Grayware Summary
Spyware/Grayware Action/Result Summary
Spyware/Grayware Detection Over Time Summary
Spyware/Grayware Source Summary
Web Spyware/Grayware
Virus/Malware Information
Detailed Virus/Malware Information
Endpoint Virus/Malware Information
Email Virus/Malware Information
Network Virus/Malware Information
Overall Virus/Malware Summary
Virus/Malware Action/Result Summary
Virus/Malware Detection Over Time Summary
Virus/Malware Endpoint Summary
Virus/Malware Source Summary
Web Virus/Malware Information
Web Violation/Reputation Information
Detailed Web Reputation Information
Detailed Web Violation Information
Overall Web Violation Summary
Web Violation Detection Over Time Summary
Web Violation Detection Summary
Web Violation Endpoint Summary
Web Violation Filter/Blocking Type Summary
Web Violation URL Summary
Data View: Product Information
Apex Central Information
Apex Central Event Information
Command Tracking Information
Detailed Command Tracking Information
Unmanaged Endpoint Information
User Access Information
Component Information
Endpoint Pattern/Engine Status Summary
Endpoint Pattern/Rule Update Status Summary
Engine Status
Pattern/Rule Status
Pattern File/Rule Status Summary
Product Component Deployment
Scan Engine Status Summary
License Information
Detailed Product License Information
Product License Information Summary
Product License Status
Managed Product Information
Product Auditing Event Log
Product Distribution Summary
Product Event Information
Product Status Information
Token Variables
Standard Token Variables
Advanced Threat Activity Token Variables
Attack Discovery Token Variables
C&C Callback Token Variables
Content Policy Violation Token Variables
Data Loss Prevention Token Variables
Known Threat Activity Token Variables
Network Access Control Token Variables
Web Access Policy Violation Token Variables
IPv6 Support
Apex Central Server Requirements
IPv6 Support Limitations
Configuring IPv6 Addresses
Screens That Display IP Addresses
MIB Files
Using the Apex Central MIB File
Using the NVW Enforcer SNMPv2 MIB File
Syslog Content Mapping - CEF
CEF Attack Discovery Detection Logs
CEF Behavior Monitoring Logs
CEF C&C Callback Logs
CEF Content Security Logs
Filter Action Mapping Table
Filter Action Result Mapping Table
CEF Data Loss Prevention Logs
Action Result Mapping Table
Channel Mapping Table
CEF Device Access Control Logs
Product ID Mapping Table
CEF Endpoint Application Control Logs
CEF Engine Update Status Logs
CEF Intrusion Prevention Logs
CEF Managed Product Logon/Logoff Events
CEF Network Content Inspection Logs
CEF Pattern Update Status Logs
CEF Predictive Machine Learning Logs
Threat Type Mapping Table
CEF Product Auditing Events
CEF Sandbox Detection Logs
CEF Spyware/Grayware Logs
Action Mapping Table
Spyware/Grayware Scan Type Mapping Table
Spyware/Grayware Risk Type Mapping Table
CEF Suspicious File Logs
CEF Virus/Malware Logs
Second Action Mapping Table
CEF Web Security Logs
Filter/Blocking Type Mapping Table
Protocol Mapping Table
