web
You’re offline. This is a read only version of the page.
close

Online Help Center
  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More Yes, I agree
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • Log4j Vulnerability Coverage
  • About Workload Security
    • About the Workload Security components
    • Endpoint Security and Workload Security protection modules
    • About billing and pricing
    • Workload Security release strategy and lifecycle policy
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
        • Disable optional Linux kernel support package updates
        • Disable updates on a single computer
        • Disable updates on multiple computers
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
    • Port numbers, URLs, and IP addresses
      • Agent to Workload Security FQDNs for accounts created before 2020-11-23
      • Relays to Update Server FQDNs for accounts created before 2020-11-23
      • Relays to Download Center FQDNs for accounts created before 2020-11-23
      • Required Workload Security URLs for firewalls without wildcard support
  • Get started
    • Try the Workload Security demo
    • Transitioning from Deep Security as a Service
    • Migrate from an on-premises Deep Security Manager
    • Trend Cloud One - Endpoint & Workload Security
    • Configure Endpoint Security
    • Check digital signatures on software packages
      • Check the signature on software ZIP packages
      • Check the signature on installer files (EXE, MSI, RPM, DEB files)
      • Check the signature on an EXE or MSI file
      • Check the signature on an RPM file
      • Check the signature on a DEB file
    • Check relay connectivity
    • Deploy the agent
      • Get agent software
      • Configure Linux Secure Boot for agents
      • Configure Mobile Device Management on Workload Security for the macOS agent
      • Install the agent
        • Manual installation
        • Install the agent on Windows
        • Installation on Amazon WorkSpaces
        • Installation on Windows 2012 Server Core
        • Install the agent on Red Hat, Amazon, SUSE, Oracle, Alma, Rocky, Miracle, or Cloud Linux
        • Install the agent on Ubuntu or Debian
        • Install the agent on Solaris
        • Install the agent on AIX
        • Install the agent on macOS
        • Install the agent on Red Hat OpenShift
        • Install the agent using other methods
        • Post-installation tasks
      • Install the agent on Amazon EC2 and WorkSpaces
        • Add your AWS accounts to Workload Security
        • Configure the activation type
        • Open ports
        • Deploy agents to your Amazon EC2 instances and WorkSpaces
        • Verify that the agent was installed and activated
        • Assign a policy
      • Install the agent on an AMI or WorkSpace bundle
        • Add your AWS account to Workload Security
        • Configure the activation type
        • Launch a master Amazon EC2 instance or Amazon WorkSpace
        • Deploy an agent on the master
        • Verify that the agent was installed and activated properly
        • Set up policy auto-assignment
        • Create an AMI or custom WorkSpace bundle based on the master
        • Use the AMI
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Activate the agent
        • Deactivate the agent
        • Start or stop the agent
  • Automate
    • Automate using the API and SDK
      • API reference
      • API and SDK - DevOps tools for automation
      • Send request using the API
      • About resource property values
      • About the overrides parameter
      • Search for resources
      • API rate limits
      • Performance tips
      • Troubleshooting
      • API cookbook
        • About the API Cookbook
        • Set up to use Bash or PowerShell
          • Bash or PowerShell?
          • Check your environment
          • Check your connection to Workload Security
          • Check your cURL software
          • Check your PowerShell software
          • Create an API key
          • Test your setup
          • Bash
          • PowerShell
          • Final comments
          • Related resources
        • Get a List of Computers (Bash and PowerShell)
        • Search for a policy (Bash and PowerShell)
          • Before you begin
          • Bash
          • PowerShell
          • Notes
          • Related resources
        • Assign a policy to a computer using Bash and PowerShell
          • Before you begin
          • Bash
          • PowerShell
          • Notes
          • Related resources
        • Assign a policy to many computers (Bash and PowerShell)
          • Before you begin
          • jq for Bash
          • Required information
          • Bash
          • Bash script details
          • PowerShell
          • PowerShell script details
          • Notes
          • Related Resources
      • SDK guides
        • Python SDK
          • Prepare to use the Python SDK
          • Prerequisites
          • Download and install the Python SDK
          • Install a Python IDE
          • Add the SDK to a project in PyCharm
          • Next Steps
        • SDK version compatibility
        • Run the code examples
        • Index of code examples
        • Deploy Workload Security
          • Use the API to generate an agent deployment script
            • General steps
            • Example
          • Integrate Workload Security with AWS Services
            • Workflow pattern
            • Amazon GuardDuty
            • Amazon Macie
            • Amazon Inspector
            • AWS WAF
            • AWS Config
          • Add Computers
          • Add a Google Cloud Platform Connector
            • Submit a Synchronization Action for a GCP Connector
          • Control Access Using Roles
            • General steps
            • Example: Create a role
          • Create and manage API keys
            • About API Keys
            • Create an API Key using code
              • Obtain a role ID
              • Create an API key using an SDK
              • Create an API key using a username and password
              • Obtain a session cookie and a request ID
              • Create an API key using the session cookie and the request ID
            • Create an API Key using the Workload Security console
              • Lock out an existing API key
            • Manage API keys after their creation
          • Configure Workload Security system settings
            • Retrieve, modify, or reset a single system setting
            • Example: Modify a single system setting
            • List or modify multiple system settings
            • Example: Modify multiple system settings
          • Monitor Workload Security events
        • Configure protection
          • Create and configure a policy
            • Create a policy
            • Assign a policy to a computer
            • Configure policy and default policy settings
            • Default setting values and overrides
            • Policy setting and default policy setting classes
            • Retrieve the value of a policy setting or default policy setting
            • List all policy or default policy settings
            • Configure a single policy or default policy setting
            • Configure multiple policy and default policy settings
            • Reset policy overrides
            • Reset an ID reference
            • Reset a setting
            • Reset the status of a security module
            • Reset a rule
            • Reset all overrides of a rule
            • Selectively reset overrides of a rule
          • Configure Firewall
            • General steps
            • Example
            • Create a firewall rule
            • Limitations to modifying stateful configurations
          • Configure Intrusion Prevention
            • General steps
            • Example
            • Create an Intrusion Prevention rule
          • Configure Anti-Malware
            • General steps
            • Example
            • Create and modify malware scan configurations
            • General steps for creating malware scan configurations
            • Example malware scan configuration
          • Configure Web Reputation
            • General steps
            • Example
          • Configure Device Control
            • General steps
            • Example
            • Create a USB Device Exception
          • Configure Application Control
            • Configure Application Control for a policy
            • Allow or block unrecognized software
            • Create a shared ruleset
            • Add global rules
            • Configure maintenance mode during upgrades
          • Configure Integrity Monitoring
            • General steps
            • Example
            • Create an Integrity Monitoring rule
          • Configure Log Inspection
            • General steps
            • Example
            • Create a Log Inspection rule
            • Create a basic Log Inspection rule
            • Create a log inspection rule using XML
          • Create and modify lists
          • Create and configure schedules
          • Override policies on a computer
            • Discover overrides
            • Configure computer overrides
            • Configure a single computer setting
            • Configure settings and protection modules
            • Rule overrides
        • Maintain protection
          • Report on computer status
            • Discover unprotected computers
            • Find computers based on agent status
            • Find computers based on module status
            • See the state of a virtual machine
            • Get computer configurations
            • Discover the Anti-Malware configuration of a computer
            • Get applied intrusion prevention rules
          • Patch unprotected computers
            • Example: Find the Intrusion Prevention rule for a CVE
            • Example: Find computers that are not protected against a CVE
            • Example: Add intrusion prevention rules to computers' policies
          • Assign rules with recommendation scans
            • Determine when a recommendation scan last ran
            • Example: Get the date of the last recommendation scan for all computers
            • Apply recommendations
          • Maintain protection using scheduled tasks
            • Related classes
            • Create a scheduled task
            • Configure general properties
            • Create the schedule
            • Example: Daily schedule
            • Example: Monthly schedule
            • Configure the task
            • Example: Create a scheduled task
            • Create, run, and delete a scheduled task
            • Run an existing scheduled task
      • Settings reference
      • Use the legacy APIs
        • Provide access for legacy APIs
        • Transition from the SOAP API
        • Use the legacy REST API
    • Automate using the console
      • Schedule Workload Security to perform tasks
      • Automatically perform tasks when a computer is added or changed
      • AWS Auto Scaling and Workload Security
        • Preinstall the agent
        • Install the agent with a deployment script
        • Delete instances from Workload Security as a result of Auto Scaling
      • Azure virtual machine scale sets and Workload Security
      • GCP auto scaling and Workload Security
        • Preinstall the agent
        • Install the agent with a deployment script
        • Delete instances from Workload Security as a result of GCP MIGs
      • Use deployment scripts to add and protect computers
        • Generate a deployment script
        • Troubleshooting and tips
      • URL format for the agent download
      • Automatically assign policies using cloud provider tags and labels
    • Command-line basics
      • Agent-initiated activation (dsa_control -a)
      • Activate an agent
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
        • Manually add a computer
      • Set up a data center gateway
      • Add Active Directory computers
        • Add a data center gateway
        • Add an Active Directory
        • Additional Active Directory options
          • Remove directory
          • Synchronize
        • Server certificate usage
        • Keep Active Directory objects synchronized
        • Disable Active Directory synchronization
      • Add VMware VMs
        • Add a VMware vCenter to Workload Security
          • Add a data center gateway
          • Add a VMware vCenter
          • Protect workloads in VMware
        • Add virtual machines hosted on VMware vCloud
          • Benefits of adding a vCloud account
          • Configure proxy setting for cloud accounts
          • Create a VMware vCloud Organization account for Workload Security
          • Import computers from a VMware vCloud Organization account
          • Import computers from a VMware vCloud Air data center
          • Remove a cloud account
      • Add AWS instances
        • About adding AWS accounts
          • What happens when you add an AWS account?
          • Benefits of adding an AWS account
          • Supported AWS regions
          • Modify your AWS security group to allow outbound traffic over port 443
        • Add an AWS account using the quick setup
        • Add an AWS account using a cross-account role
          • Add the account using the Workload Security console
            • Note the Workload Security account ID
            • Configure the manager instance role
            • Retrieve the external ID
            • Configure an IAM policy for AWS Account A
            • Create a cross-account role for AWS Account A
            • Add AWS Account A to Workload Security
          • Add the account through the API
        • Add Amazon WorkSpaces
          • Protect Amazon WorkSpaces if you already added your AWS account
          • Protect Amazon WorkSpaces if you have not yet added your AWS account
        • Manage an AWS account
          • Edit an AWS account
          • Remove an AWS account
          • Synchronize an AWS account
        • Manage an AWS account external ID
          • About the external ID
          • Configure the external ID
          • Update the external ID
            • Use the Workload Security console to update the external ID
            • Use the Workload Security API to update the external ID
          • Retrieve the external ID
          • Disable retrieval of the external ID
        • Protect an account running in AWS Outposts
        • Cloud Formation template and added AWS account
      • Add Azure instances
        • Create an Azure application for Workload Security
          • Assign correct roles
          • Create the Azure application
          • Record the Azure application ID, Microsoft Entra ID, and password
          • Record the Subscription IDs
          • Assign the Azure application a role and connector
        • Add a Microsoft Azure account to Workload Security
          • Benefits of adding an Azure account
          • Supported Azure regions
          • Add virtual machines from a Microsoft Azure account to Workload Security
          • Manage Azure classic virtual machines with the Azure Resource Manager connector
          • Remove an Azure account
          • Synchronize an Azure account
        • Reasons to upgrade to the new Azure Resource Manager connection
      • Add GCP instances
        • Create a Google Cloud Platform service account
          • Prerequisite: Enable the Google APIs
          • Create a GCP service account
          • Add more projects to the GCP service account
          • Create multiple GCP service accounts
        • Add a Google Cloud Platform account
          • Benefits of adding a GCP account
          • Configure a proxy setting for the GCP account
          • Add a GCP account to Workload Security
          • Remove a GCP account
          • Synchronize a GCP account
      • Manually upgrade your AWS account connection
        • Verify the permissions associated with the AWS role
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect Red Hat OpenShift containers
      • Control CPU usage
      • Recommendation scans
        • Enhanced recommendation scan
        • Classic recommendation scan
          • Run a classic recommendation scan
          • Schedule a recommendation scan
          • Configure an ongoing recommendation scan
          • Manually run a classic recommendation scan
          • Cancel a classic recommendation scan
          • Exclude a rule or application type from classic recommendation scans
          • Automatically implement recommendations
          • Manually assign rules
          • Additional rules for common vulnerabilities
          • Troubleshooting classic recommendation scan
    • Configure policies
      • Create policies
        • Create a new policy
        • Alternative ways to create a policy
        • Import policies from an XML file
        • Duplicate an existing policy
        • Create a new policy based on the recommendation scan of a computer
        • Edit settings for a policy or individual computer
        • Assign a policy to a computer
        • Disable automatic policy updates
        • Send policy changes manually
        • Export a policy
      • Policies, inheritance, and overrides
      • Detect and configure interfaces available on a computer
        • Configure a policy for multiple interfaces
        • Enforce interface isolation
      • Overview section of the Computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Create a list of User Lists for use in policies
        • Import and export User Lists
        • View rules that use an User List
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Manage role-based access control for common objects
          • Configure access scope for roles
          • Roles' access to granted objects
          • Roles' use of granted objects
          • Roles with All access scope can import objects
          • Roles' permission to allow malware exclusions
        • Create a firewall rule
        • Configure intrusion prevention rules
          • Intrusion prevention rules list
          • Intrusion prevention license types
          • View information about intrusion prevention rules
          • General Information
          • Details
          • Identification (Trend Micro rules only)
          • View information about associated vulnerability (Trend Micro rules only)
          • Assign and unassign rules
          • Automatically assign core Endpoint & Workload rules
          • Automatically assign updated required rules
          • Configure event logging for rules
          • Generate alerts
          • Setting configuration options (Trend Micro rules only)
          • Schedule active times
          • Exclude from recommendations
          • Set the context for a rule
          • Override the behavior mode for a rule
          • Override rule and application type configurations
          • Export and import rules
        • Create an Integrity Monitoring rule
          • Add a new rule
          • Enter Integrity Monitoring rule information
          • Select a rule template and define rule attributes
          • Registry Value template
          • File template
          • Custom template
          • Configure Trend Micro Integrity Monitoring rules
          • Configure rule events and alerts
          • Real-time event monitoring
          • Alerts
          • View policies and computers to which a rule is assigned
          • Export a rule
          • Delete a rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
          • Import and export file extension lists
          • View malware scan configurations that use a file extension list
        • Create list of files for use in policies
        • Create a list of IP addresses for use in policies
          • Import and export IP lists
          • View rules that use an IP list
        • Create a list of ports for use in policies
          • Import and export port lists
          • View rules that use a port list
        • Create a list of MAC addresses for use in policies
          • Import and export MAC lists
          • View policies that use a MAC list
        • Recommended Exclusions
        • Define contexts for use in policies
          • Configure internet connectivity for the computer
          • Define a context
        • Define stateful firewall configurations
          • Add a stateful configuration
          • Provide stateful configuration information
          • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
          • Export a stateful configuration
          • Delete a stateful configuration
          • View policies and computers with assigned stateful configuration
        • Define a schedule to apply to rules
    • Configure protection modules
      • Configure Intrusion Prevention
        • About Intrusion Prevention
        • Set up Intrusion Prevention
          • Enable Intrusion Prevention in Detect mode
          • Enable Auto Apply core Endpoint & Workload rules
          • Test Intrusion Prevention
          • Apply recommended rules
          • Check Intrusion Prevention events
          • Enable fail open for packet or system failures
          • Switch to Prevent mode
          • Implement best practices for specific rules
          • HTTP Protocol Decoding rule
          • Cross-site scripting and generic SQL injection rules
        • Configure intrusion prevention rules
          • Intrusion prevention rules list
          • Intrusion prevention license types
          • View information about intrusion prevention rules
          • General Information
          • Details
          • Identification (Trend Micro rules only)
          • View information about associated vulnerability (Trend Micro rules only)
          • Assign and unassign rules
          • Automatically assign core Endpoint & Workload rules
          • Automatically assign updated required rules
          • Configure event logging for rules
          • Generate alerts
          • Setting configuration options (Trend Micro rules only)
          • Schedule active times
          • Exclude from recommendations
          • Set the context for a rule
          • Override the behavior mode for a rule
          • Override rule and application type configurations
          • Export and import rules
        • Configure a SQL injection prevention rule
        • Application types
          • View a list of application types
          • General Information
          • Connection
          • Configuration
          • Options
          • Assigned To
        • Inspect TLS traffic
        • TLS inspection support
          • Manage TLS inspection support package updates
          • Disable TLS inspection support package updates on a single agent
          • Disable TLS inspection support package updates by policy
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure Anti-Malware
            • Enable the Anti-Malware module
            • Select the types of scans to perform
            • Configure scan inclusions
            • Configure scan exclusions
            • Scan for recommended exclusions on computers
            • Configure multiple scan list exclusions or inclusions
            • Ensure that Workload Security can keep up to date on the latest threats
          • Configure malware scans
          • Performance tips for Anti-Malware
            • Minimize disk usage
            • Optimize CPU usage
              • Enable multi-threaded processing
            • Optimize RAM usage
          • Configure Deep Security and Microsoft Defender Antivirus for Windows
        • Detect emerging threats with Predictive Machine Learning
          • Enable Predictive Machine Learning
        • Enhanced Anti-Malware and ransomware scanning with behavior monitoring
          • Enhanced scanning protection
          • Enable enhanced scanning
          • What happens when enhanced scanning finds a problem?
        • Smart Protection in Workload Security
          • Anti-Malware and Smart Protection
          • Benefits of Smart Scan
          • Enable Smart Scan
          • Smart Protection Server for File Reputation Service
          • Web Reputation and Smart Protection
          • Smart Feedback
          • Disable Smart Feedback
        • Handle malware
          • View and restore identified malware
            • View a list of identified files
            • Work with identified files
            • Search for an identified file
            • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
          • Create Anti-Malware exceptions
          • Increase debug logging for Anti-Malware in protected Linux instances
      • Configure Firewall
        • About Firewall
        • Set up the Workload Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
          • Rule actions
            • Allow rules
            • Bypass rules
              • Default Bypass rule for Workload Security traffic
            • Force Allow rules
          • Rule processing sequence
            • Logging
          • Actions and priorities applied together
          • Rule priority
          • Rule action and priority order
        • Firewall settings
          • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
          • Interface Isolation
            • Interface patterns
          • Reconnaissance
          • Advanced
            • Events
          • Firewall Events
        • Define stateful firewall configurations
          • Add a stateful configuration
          • Provide stateful configuration information
          • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
          • Export a stateful configuration
          • Delete a stateful configuration
          • View policies and computers with assigned stateful configuration
        • Container firewall rules
      • Manage Container Protection
        • Apply real-time scan
        • Apply your firewall settings
        • Apply your intrusion prevention settings
      • Configure Web Reputation
        • Enable the Web Reputation module
        • Enable the Trend Micro Toolbar
        • Install the toolbar for macOS
        • Install the toolbar for Windows
        • Switch between inline and tap mode
        • Enforce the security level
        • Configure the security level
        • Create exceptions
        • Create URL exceptions
        • Configure the Smart Protection Server
        • Smart Protection Server connection warning
        • Edit advanced settings
        • Blocking Page
        • Alert
        • Ports
        • Test Web Reputation
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
          • Enable and configure Integrity Monitoring
          • Enable Integrity Monitoring
          • Run a recommendation scan
          • Disable real-time scanning
          • Apply the Integrity Monitoring rules
          • Build a baseline for the computer
          • Periodically scan for changes
          • Test Integrity Monitoring
          • Improve Integrity Monitoring scan performance
          • Limit resource usage
          • Change the content hash algorithm
          • Integrity Monitoring event tagging
        • Create an Integrity Monitoring rule
          • Add a new rule
          • Enter Integrity Monitoring rule information
          • Select a rule template and define rule attributes
          • Registry Value template
          • File template
          • Custom template
          • Configure Trend Micro Integrity Monitoring rules
          • Configure rule events and alerts
          • Real-time event monitoring
          • Alerts
          • View policies and computers to which a rule is assigned
          • Export a rule
          • Delete a rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
          • Enable the log inspection module
          • Run a recommendation scan
          • Apply the recommended log inspection rules
          • Test Log Inspection
          • Configure log inspection event forwarding and storage
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
          • Key software ruleset concepts
          • How do Application Control software rulesets work?
          • The Application Control interface
          • Application Control: Software Changes (Actions)
          • Application Control Software Rulesets
          • Security Events
          • Application Control Trust Entities
          • What does Application Control detect as a software change?
        • Set up Application Control
          • Turn on Application Control
          • Monitor new and changed software
          • Guidelines for handling changes
          • Turn on maintenance mode when making planned changes
          • Application Control tips and considerations
        • Verify that Application Control is enabled
        • Monitor Application Control events
          • Select Application Control events to log
          • View Application Control event logs
          • Interpret aggregated security events
          • Monitor Application Control alerts
        • View and change Application Control software rulesets
          • View Application Control software rulesets
          • Security Events
          • Change the action for an Application Control rule
          • Delete an individual Application Control rule
          • Delete an Application Control ruleset
        • Application Control Trust Entities
          • Trust Rulesets
            • Create a trust ruleset
            • Create a trust ruleset from the Policies tab
            • Create a trust ruleset from the the Computer or Policies tab
            • Assign or unassign a trust ruleset
            • Assign a trust ruleset
            • Unassign a trust ruleset
            • Delete a trust ruleset
          • Trust rules
            • Types of trust rules
            • Create a trust rule
            • Change trust rule properties
            • Delete a trust rule
          • Types of trust rule properties
          • Application Control event aggregation and analysis
          • Trust rule property limitations for Linux
        • Reset Application Control after extensive software change
        • Use the API to create shared and global rulesets
          • Create a shared ruleset
          • Change from shared to computer-specific allow and block rules
    • Configure events and alerts
      • Workload Security event logging
      • Log and event storage
        • Limit log file sizes
        • Event logging guidelines
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
        • Manual tagging
        • Auto-tagging
          • Set the precedence for auto-tagging rules
          • Auto-tagging log inspection events
        • Trusted source tagging
          • Tag events based on a local trusted computer
          • Workload Security event matching between target and trusted source computers
            • Tag events based on a local trusted computer
          • Tag events based on the Trend Micro Certified Safe Software Service
          • Tag events based on a trusted common baseline
        • Delete a tag
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Workload Security events to a Syslog or SIEM server
          • Allow event-forwarding network traffic
          • Define a Syslog configuration
          • Forward system events
          • Forward security events
          • Compatibility
          • Troubleshoot event forwarding
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
          • Set up a Syslog on Red Hat Enterprise Linux 8
          • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
          • Set up a Syslog on Red Hat Enterprise Linux 5
      • Access events with Amazon SNS
        • Set up Amazon SNS
          • Create an AWS user
          • Create an Amazon SNS topic
          • Enable SNS
          • Create subscriptions
        • SNS configuration in JSON format
        • Events in JSON format
      • Configure alerts
        • View alerts in the Workload Security console
        • Configure alert settings
        • Set up email notification for alerts
        • Enable and disable alert emails
        • Configure an individual user to receive alert emails
        • Configure recipients for all alert emails
      • Generate reports about alerts and other activity
        • Set up a single report
        • Set up a scheduled report
        • Troubleshoot: Scheduled report sending failed
        • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-Malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity Monitoring events
        • Log inspection events
        • Web Reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the Firewall module is disabled?
        • Troubleshoot event ID 771 Contact by Unrecognized Client
        • Troubleshoot Smart Protection Server Disconnected errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
          • Agent on Windows
          • Agent on Linux
        • Warning: Anti-Malware Engine has only Basic Functions
        • Error: Activity Monitoring Engine Offline
        • Warning: Activity Monitoring Engine has only Basic Functions
        • Error: Device Control Engine Offline
          • For Windows agents
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Intrusion Prevention Rule Compilation Failed
          • Apply Intrusion Prevention best practices
          • Manage rules
          • Unassign application types from a single port
        • Error: Log Inspection Rules Require Log Files
          • If the file location is required
          • If the files listed do not exist on the protected machine
        • Error: Module installation failed (Linux)
        • Error: MQTT Connection Offline
        • Error: There are one or more application type conflicts on this computer
          • Resolution
          • Consolidate ports
          • Disable the inherit option
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Event: Max TCP connections
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
      • Enable OS proxy
        • Enable OS proxy on the server console
        • Enable OS proxy from the endpoint
        • Configuration on agent side
        • Troubleshooting
    • Configure relays
      • About relays
      • Deploy more relays
        • Plan the number and location of relays
        • Create relay groups
        • Enable relays
        • Assign agents to a relay group
        • Connect agents to a relay's private IP address
      • Remove relay functionality from agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Communication between Workload Security and Deep Security Agent
      • Configure agents that have no Internet access
      • Activate and protect agents using agent-initiated activation and communication
        • Enable agent-initiated activation
        • Create or modify policies with agent-initiated communication enabled
        • Enable agent-initiated activation
        • Assign the policy to agents
        • Use a deployment script to activate the agents
      • Automatically upgrade agents on activation
      • Using the agent with iptables
      • Enable Managed Detection and Response
      • Configure agent self-protection
        • Configure self-protection through the Workload Security console
        • Configure self-protection using the command line
        • Limitations on Linux
        • Troubleshooting the Linux agent
      • Are Offline agents still protected by Workload Security?
      • Automate offline computer removal with inactive agent cleanup
        • Enable inactive agent cleanup
          • Keep offline computers protected
          • Prevent computers from being removed
        • Check the audit trail for removed computers
          • Search system events
          • System event details
      • Agent settings
      • Custom network configuration
        • Add a custom network configuration
        • JSON parameter configuration examples
      • User mode solution
      • Notifier application
        • About the notifier
        • Trigger a manual scan
        • macOS
        • Windows
    • Implement SAML single sign-on (SSO)
      • About SAML single sign-on (SSO)
      • Configure SAML single sign-on
        • Prerequisites
        • Configure SAML in Workload Security
        • Import your identity provider's SAML metadata document
        • Create Workload Security roles for SAML users
        • Provide information to your identity provider administrator
        • Download the Workload Security service provider SAML metadata document
        • Send URNs and the Workload Security SAML metadata document to the identity provider administrator
        • SAML claims structure
        • Workload Security username (required)
        • Workload Security user role (required)
        • Maximum session duration (optional)
        • Preferred language (optional)
        • Test SAML single sign-on
        • Service and identity provider settings
      • Configure SAML single sign-on with Microsoft Entra ID
    • Roles and contacts for accounts
      • Define roles for users
      • Add contacts (users who can only receive reports)
        • Add or edit a contact
        • Delete a contact
    • Navigate and customize the Workload Security console
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Use the Notification Service
    • Harden Workload Security
      • About Workload Security hardening
      • Manage trusted certificates
        • Import trusted certificates
        • View trusted certificates
        • Remove trusted certificates
      • SSL implementation and credential provisioning
      • Protect the agent
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Workload Security
      • About upgrades
      • Apply security updates
        • Configure the security update source
        • Initiate security updates
        • Check your security update status
        • View details about pattern updates
        • Revert, import, or view details about rule updates
        • Configure security updates
        • Enable automatic patches for rules
        • Enable automatic Anti-Malware engine updates
        • Change the alert threshold for late security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
        • Web server requirements
        • Copy the folder structure
        • Configure agents to use the new software repository
      • Upgrade a relay
        • Upgrade a relay from Workload Security
        • Upgrade a relay by running the installer manually
      • Upgrade the agent
        • Before you begin
        • Upgrade the agent starting from an alert
        • Upgrade multiple agents at once
        • Upgrade the agent from the Computers page
        • Upgrade the agent on activation
        • Upgrade the agent from a Scheduled Task
        • Upgrade the agent manually
        • Upgrade the agent on Windows
        • Upgrade the agent on Linux
        • Upgrade the agent on Solaris
        • Upgrade the agent on AIX
        • Best practices for agent upgrade
      • Install Trend Vision One Endpoint Security Agent via Deep Security Agent
        • Install Trend Vision One Endpoint Security agent
        • Schedule a task
        • Use Trend Vision One Endpoint Sensor
    • Uninstall the agent
      • Uninstall an agent on Windows
      • Uninstall an agent on Linux
      • Uninstall an agent on Solaris 10
      • Uninstall an agent on Solaris 11
      • Uninstall an agent on AIX
      • Uninstall an agent on macOS
      • Uninstall an agent on Red Hat OpenShift
      • Uninstall the notifier
    • Evaluate Trend Vision One
      • Foundation Services and Endpoint Protection prerequisites
      • Export policies and configurations
      • Import policies and configurations
      • Configure proxy settings
      • Deactivate the agent in Trend Cloud One - Endpoint & Workload Security
      • Reactivate the agent in Trend Vision One
      • Revert agents to Trend Cloud One - Endpoint & Workload Security
  • Integrations
    • Integrate with AWS Control Tower
      • Integrate with AWS Control Tower
      • Upgrade AWS Control Tower integration
      • Remove AWS Control Tower integration
    • Integrate with AWS Systems Manager Distributor
      • Create an IAM policy
      • Create a role and assign the policy
      • Create parameters
      • Create association
      • Protect your computers
    • Integrate with SAP NetWeaver
    • Integrate with Apex Central
    • Integrate with Trend Vision One
      • Integrate Workload Security with Trend Vision One
        • Register with Trend Vision One using the Product Instance app XDR
        • Register with Trend Vision One using the Product Connector app XDR
        • Forward security events to Trend Vision One XDR
        • Enable Activity Monitoring
      • Enable Trend Vision One SSO to Trend Cloud One
        • Enable single sign-on
      • Trend Vision One extended detection and response (XDR) file collection
        • Requirements
        • Collect objects using file collection
          • Trigger file collection
          • Create a File Collection Task
          • Monitor task status
          • Download sample file
        • Troubleshoot common issues
          • Trend Vision One settings
          • Security module settings for your computers
      • Trend Vision One extended detection and response (XDR) network isolation
        • Requirements
        • Isolate endpoints using network isolation
        • Trigger network isolation
        • Create an Isolate Endpoint Task
        • Monitor task status
        • Restore connection to an endpoint
        • Troubleshoot common issues
        • Trend Vision One settings
        • Security module settings for your computers
      • Trend Vision One extended detection and response (XDR) remote shell
      • Trend Vision One Threat Intelligence - user-defined suspicious object
      • Trend Vision One extended detection and response (XDR) custom script
        • Run a remote custom script task
        • Trigger a custom script using Remote Shell
      • Integrate with Service Gateway
        • Integrate Trend Vision One Service Gateway
        • Integrate the Service Gateway Forward Proxy
        • Integrate the Service Gateway ActiveUpdate service
          • Enable the ActiveUpdate services
          • Get Trend Cloud One - Endpoint & Workload Security ActiveUpdate source URL
          • Configure the ActiveUpdate service
          • Configure update source on Trend Cloud One - Endpoint & Workload Security
        • Integrate the Service Gateway Smart Protection service
          • Enable Smart Protection services
          • Configure local File Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
          • Configure local Web Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
      • Unregister Trend Cloud One - Endpoint & Workload Security from Trend Vision One
        • Use the Trend Vision One product connectors
        • Use Postman and an HTTP API
  • FAQs
    • Why does my Windows machine lose network connectivity when I enable protection?
    • How does agent protection work for Solaris zones?
    • Can Workload Security protect AWS GovCloud or Azure Government workloads?
    • Amazon Instance Metadata Service use by Deep Security Agent
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all VMs in an Azure subscription in Workload Security?
  • Troubleshooting
    • Offline agent
      • Causes
      • Verify that the agent is running
      • Verify DNS
      • Ensure that the DNS service is reliable
      • Allow outbound ports (agent-initiated heartbeat)
      • Allow ICMP on Amazon AWS EC2 instances
      • Fix the upgrade issue on Solaris 11
    • High CPU usage
    • Diagnose problems with agent deployment on Windows
    • Anti-Malware Windows platform update failed
      • An incompatible Anti-Malware component from another Trend Micro product
      • An incompatible Anti-Malware component from a third-party product
      • Other/unknown Error
    • Security update connectivity
    • Network Engine Status (Windows)
      • Network Engine Status warnings
      • Verify the driver status in Windows
      • Disable Network Engine Status warnings
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Issues adding your AWS account to Workload Security
      • AWS is taking longer than expected
      • Resource is not supported in this region
      • Template validation issue
      • Workload Security was unable to add your AWS account
    • Create a diagnostic package and logs
      • Agent diagnostics
      • Create an agent diagnostic package via Workload Security
      • Create an agent diagnostic package via CLI on a protected computer
      • Collect debug logs with DebugView on Windows
      • Collect debug logs with DebugView on macOS
    • Removal of older software versions
    • Troubleshoot SELinux alerts
      • SELinux blocks the Deep Security Agent service
      • Berkeley Packet Filter (BPF) operations blocked
    • Troubleshoot Azure Code Signing
  • Trust and compliance information
    • About compliance
    • Agent package integrity check
    • Meet PCI DSS requirements with Workload Security
    • GDPR
    • Set up AWS Config Rules
    • Bypass vulnerability management scan traffic in Workload Security
      • Create a new IP list from the vulnerability scan provider IP range or addresses
      • Create firewall rules for incoming and outbound scan traffic
      • Assign new firewall rules to a policy to bypass vulnerability scans
    • Use TLS 1.2 with Workload Security
      • TLS architecture
      • Enable the TLS 1.2 architecture
      • Deploy new agents and relays
      • Guidelines for using deployment scripts
    • Privacy and personal data collection disclosure
  • Release notes and scheduled maintenance
    • Maintenance
    • What's new in Workload Security?
    • What's new in Deep Security Agent for macOS
    • API changelog
Automate using the console
Related information
  • Schedule Workload Security to perform tasks
  • Automatically perform tasks when a computer is added or changed
  • AWS Auto Scaling and Workload Security
  • Azure virtual machine scale sets and Workload Security
  • GCP auto scaling and Workload Security
  • Use deployment scripts to add and protect computers
  • URL format for the agent download
  • Automatically assign policies using cloud provider tags and labels
Online Help Center
Support
For Home For Business
Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • Log4j Vulnerability Coverage
  • About Workload Security
    • About the Workload Security components
    • Endpoint Security and Workload Security protection modules
    • About billing and pricing
    • Workload Security release strategy and lifecycle policy
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
        • Disable optional Linux kernel support package updates
        • Disable updates on a single computer
        • Disable updates on multiple computers
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
    • Port numbers, URLs, and IP addresses
      • Agent to Workload Security FQDNs for accounts created before 2020-11-23
      • Relays to Update Server FQDNs for accounts created before 2020-11-23
      • Relays to Download Center FQDNs for accounts created before 2020-11-23
      • Required Workload Security URLs for firewalls without wildcard support
  • Get started
    • Try the Workload Security demo
    • Transitioning from Deep Security as a Service
    • Migrate from an on-premises Deep Security Manager
    • Trend Cloud One - Endpoint & Workload Security
    • Configure Endpoint Security
    • Check digital signatures on software packages
      • Check the signature on software ZIP packages
      • Check the signature on installer files (EXE, MSI, RPM, DEB files)
      • Check the signature on an EXE or MSI file
      • Check the signature on an RPM file
      • Check the signature on a DEB file
    • Check relay connectivity
    • Deploy the agent
      • Get agent software
      • Configure Linux Secure Boot for agents
      • Configure Mobile Device Management on Workload Security for the macOS agent
      • Install the agent
        • Manual installation
        • Install the agent on Windows
        • Installation on Amazon WorkSpaces
        • Installation on Windows 2012 Server Core
        • Install the agent on Red Hat, Amazon, SUSE, Oracle, Alma, Rocky, Miracle, or Cloud Linux
        • Install the agent on Ubuntu or Debian
        • Install the agent on Solaris
        • Install the agent on AIX
        • Install the agent on macOS
        • Install the agent on Red Hat OpenShift
        • Install the agent using other methods
        • Post-installation tasks
      • Install the agent on Amazon EC2 and WorkSpaces
        • Add your AWS accounts to Workload Security
        • Configure the activation type
        • Open ports
        • Deploy agents to your Amazon EC2 instances and WorkSpaces
        • Verify that the agent was installed and activated
        • Assign a policy
      • Install the agent on an AMI or WorkSpace bundle
        • Add your AWS account to Workload Security
        • Configure the activation type
        • Launch a master Amazon EC2 instance or Amazon WorkSpace
        • Deploy an agent on the master
        • Verify that the agent was installed and activated properly
        • Set up policy auto-assignment
        • Create an AMI or custom WorkSpace bundle based on the master
        • Use the AMI
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Activate the agent
        • Deactivate the agent
        • Start or stop the agent
  • Automate
    • Automate using the API and SDK
      • API reference
      • API and SDK - DevOps tools for automation
      • Send request using the API
      • About resource property values
      • About the overrides parameter
      • Search for resources
      • API rate limits
      • Performance tips
      • Troubleshooting
      • API cookbook
        • About the API Cookbook
        • Set up to use Bash or PowerShell
          • Bash or PowerShell?
          • Check your environment
          • Check your connection to Workload Security
          • Check your cURL software
          • Check your PowerShell software
          • Create an API key
          • Test your setup
          • Bash
          • PowerShell
          • Final comments
          • Related resources
        • Get a List of Computers (Bash and PowerShell)
        • Search for a policy (Bash and PowerShell)
          • Before you begin
          • Bash
          • PowerShell
          • Notes
          • Related resources
        • Assign a policy to a computer using Bash and PowerShell
          • Before you begin
          • Bash
          • PowerShell
          • Notes
          • Related resources
        • Assign a policy to many computers (Bash and PowerShell)
          • Before you begin
          • jq for Bash
          • Required information
          • Bash
          • Bash script details
          • PowerShell
          • PowerShell script details
          • Notes
          • Related Resources
      • SDK guides
        • Python SDK
          • Prepare to use the Python SDK
          • Prerequisites
          • Download and install the Python SDK
          • Install a Python IDE
          • Add the SDK to a project in PyCharm
          • Next Steps
        • SDK version compatibility
        • Run the code examples
        • Index of code examples
        • Deploy Workload Security
          • Use the API to generate an agent deployment script
            • General steps
            • Example
          • Integrate Workload Security with AWS Services
            • Workflow pattern
            • Amazon GuardDuty
            • Amazon Macie
            • Amazon Inspector
            • AWS WAF
            • AWS Config
          • Add Computers
          • Add a Google Cloud Platform Connector
            • Submit a Synchronization Action for a GCP Connector
          • Control Access Using Roles
            • General steps
            • Example: Create a role
          • Create and manage API keys
            • About API Keys
            • Create an API Key using code
              • Obtain a role ID
              • Create an API key using an SDK
              • Create an API key using a username and password
              • Obtain a session cookie and a request ID
              • Create an API key using the session cookie and the request ID
            • Create an API Key using the Workload Security console
              • Lock out an existing API key
            • Manage API keys after their creation
          • Configure Workload Security system settings
            • Retrieve, modify, or reset a single system setting
            • Example: Modify a single system setting
            • List or modify multiple system settings
            • Example: Modify multiple system settings
          • Monitor Workload Security events
        • Configure protection
          • Create and configure a policy
            • Create a policy
            • Assign a policy to a computer
            • Configure policy and default policy settings
            • Default setting values and overrides
            • Policy setting and default policy setting classes
            • Retrieve the value of a policy setting or default policy setting
            • List all policy or default policy settings
            • Configure a single policy or default policy setting
            • Configure multiple policy and default policy settings
            • Reset policy overrides
            • Reset an ID reference
            • Reset a setting
            • Reset the status of a security module
            • Reset a rule
            • Reset all overrides of a rule
            • Selectively reset overrides of a rule
          • Configure Firewall
            • General steps
            • Example
            • Create a firewall rule
            • Limitations to modifying stateful configurations
          • Configure Intrusion Prevention
            • General steps
            • Example
            • Create an Intrusion Prevention rule
          • Configure Anti-Malware
            • General steps
            • Example
            • Create and modify malware scan configurations
            • General steps for creating malware scan configurations
            • Example malware scan configuration
          • Configure Web Reputation
            • General steps
            • Example
          • Configure Device Control
            • General steps
            • Example
            • Create a USB Device Exception
          • Configure Application Control
            • Configure Application Control for a policy
            • Allow or block unrecognized software
            • Create a shared ruleset
            • Add global rules
            • Configure maintenance mode during upgrades
          • Configure Integrity Monitoring
            • General steps
            • Example
            • Create an Integrity Monitoring rule
          • Configure Log Inspection
            • General steps
            • Example
            • Create a Log Inspection rule
            • Create a basic Log Inspection rule
            • Create a log inspection rule using XML
          • Create and modify lists
          • Create and configure schedules
          • Override policies on a computer
            • Discover overrides
            • Configure computer overrides
            • Configure a single computer setting
            • Configure settings and protection modules
            • Rule overrides
        • Maintain protection
          • Report on computer status
            • Discover unprotected computers
            • Find computers based on agent status
            • Find computers based on module status
            • See the state of a virtual machine
            • Get computer configurations
            • Discover the Anti-Malware configuration of a computer
            • Get applied intrusion prevention rules
          • Patch unprotected computers
            • Example: Find the Intrusion Prevention rule for a CVE
            • Example: Find computers that are not protected against a CVE
            • Example: Add intrusion prevention rules to computers' policies
          • Assign rules with recommendation scans
            • Determine when a recommendation scan last ran
            • Example: Get the date of the last recommendation scan for all computers
            • Apply recommendations
          • Maintain protection using scheduled tasks
            • Related classes
            • Create a scheduled task
            • Configure general properties
            • Create the schedule
            • Example: Daily schedule
            • Example: Monthly schedule
            • Configure the task
            • Example: Create a scheduled task
            • Create, run, and delete a scheduled task
            • Run an existing scheduled task
      • Settings reference
      • Use the legacy APIs
        • Provide access for legacy APIs
        • Transition from the SOAP API
        • Use the legacy REST API
    • Automate using the console
      • Schedule Workload Security to perform tasks
      • Automatically perform tasks when a computer is added or changed
      • AWS Auto Scaling and Workload Security
        • Preinstall the agent
        • Install the agent with a deployment script
        • Delete instances from Workload Security as a result of Auto Scaling
      • Azure virtual machine scale sets and Workload Security
      • GCP auto scaling and Workload Security
        • Preinstall the agent
        • Install the agent with a deployment script
        • Delete instances from Workload Security as a result of GCP MIGs
      • Use deployment scripts to add and protect computers
        • Generate a deployment script
        • Troubleshooting and tips
      • URL format for the agent download
      • Automatically assign policies using cloud provider tags and labels
    • Command-line basics
      • Agent-initiated activation (dsa_control -a)
      • Activate an agent
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
        • Manually add a computer
      • Set up a data center gateway
      • Add Active Directory computers
        • Add a data center gateway
        • Add an Active Directory
        • Additional Active Directory options
          • Remove directory
          • Synchronize
        • Server certificate usage
        • Keep Active Directory objects synchronized
        • Disable Active Directory synchronization
      • Add VMware VMs
        • Add a VMware vCenter to Workload Security
          • Add a data center gateway
          • Add a VMware vCenter
          • Protect workloads in VMware
        • Add virtual machines hosted on VMware vCloud
          • Benefits of adding a vCloud account
          • Configure proxy setting for cloud accounts
          • Create a VMware vCloud Organization account for Workload Security
          • Import computers from a VMware vCloud Organization account
          • Import computers from a VMware vCloud Air data center
          • Remove a cloud account
      • Add AWS instances
        • About adding AWS accounts
          • What happens when you add an AWS account?
          • Benefits of adding an AWS account
          • Supported AWS regions
          • Modify your AWS security group to allow outbound traffic over port 443
        • Add an AWS account using the quick setup
        • Add an AWS account using a cross-account role
          • Add the account using the Workload Security console
            • Note the Workload Security account ID
            • Configure the manager instance role
            • Retrieve the external ID
            • Configure an IAM policy for AWS Account A
            • Create a cross-account role for AWS Account A
            • Add AWS Account A to Workload Security
          • Add the account through the API
        • Add Amazon WorkSpaces
          • Protect Amazon WorkSpaces if you already added your AWS account
          • Protect Amazon WorkSpaces if you have not yet added your AWS account
        • Manage an AWS account
          • Edit an AWS account
          • Remove an AWS account
          • Synchronize an AWS account
        • Manage an AWS account external ID
          • About the external ID
          • Configure the external ID
          • Update the external ID
            • Use the Workload Security console to update the external ID
            • Use the Workload Security API to update the external ID
          • Retrieve the external ID
          • Disable retrieval of the external ID
        • Protect an account running in AWS Outposts
        • Cloud Formation template and added AWS account
      • Add Azure instances
        • Create an Azure application for Workload Security
          • Assign correct roles
          • Create the Azure application
          • Record the Azure application ID, Microsoft Entra ID, and password
          • Record the Subscription IDs
          • Assign the Azure application a role and connector
        • Add a Microsoft Azure account to Workload Security
          • Benefits of adding an Azure account
          • Supported Azure regions
          • Add virtual machines from a Microsoft Azure account to Workload Security
          • Manage Azure classic virtual machines with the Azure Resource Manager connector
          • Remove an Azure account
          • Synchronize an Azure account
        • Reasons to upgrade to the new Azure Resource Manager connection
      • Add GCP instances
        • Create a Google Cloud Platform service account
          • Prerequisite: Enable the Google APIs
          • Create a GCP service account
          • Add more projects to the GCP service account
          • Create multiple GCP service accounts
        • Add a Google Cloud Platform account
          • Benefits of adding a GCP account
          • Configure a proxy setting for the GCP account
          • Add a GCP account to Workload Security
          • Remove a GCP account
          • Synchronize a GCP account
      • Manually upgrade your AWS account connection
        • Verify the permissions associated with the AWS role
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect Red Hat OpenShift containers
      • Control CPU usage
      • Recommendation scans
        • Enhanced recommendation scan
        • Classic recommendation scan
          • Run a classic recommendation scan
          • Schedule a recommendation scan
          • Configure an ongoing recommendation scan
          • Manually run a classic recommendation scan
          • Cancel a classic recommendation scan
          • Exclude a rule or application type from classic recommendation scans
          • Automatically implement recommendations
          • Manually assign rules
          • Additional rules for common vulnerabilities
          • Troubleshooting classic recommendation scan
    • Configure policies
      • Create policies
        • Create a new policy
        • Alternative ways to create a policy
        • Import policies from an XML file
        • Duplicate an existing policy
        • Create a new policy based on the recommendation scan of a computer
        • Edit settings for a policy or individual computer
        • Assign a policy to a computer
        • Disable automatic policy updates
        • Send policy changes manually
        • Export a policy
      • Policies, inheritance, and overrides
      • Detect and configure interfaces available on a computer
        • Configure a policy for multiple interfaces
        • Enforce interface isolation
      • Overview section of the Computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Create a list of User Lists for use in policies
        • Import and export User Lists
        • View rules that use an User List
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Manage role-based access control for common objects
          • Configure access scope for roles
          • Roles' access to granted objects
          • Roles' use of granted objects
          • Roles with All access scope can import objects
          • Roles' permission to allow malware exclusions
        • Create a firewall rule
        • Configure intrusion prevention rules
          • Intrusion prevention rules list
          • Intrusion prevention license types
          • View information about intrusion prevention rules
          • General Information
          • Details
          • Identification (Trend Micro rules only)
          • View information about associated vulnerability (Trend Micro rules only)
          • Assign and unassign rules
          • Automatically assign core Endpoint & Workload rules
          • Automatically assign updated required rules
          • Configure event logging for rules
          • Generate alerts
          • Setting configuration options (Trend Micro rules only)
          • Schedule active times
          • Exclude from recommendations
          • Set the context for a rule
          • Override the behavior mode for a rule
          • Override rule and application type configurations
          • Export and import rules
        • Create an Integrity Monitoring rule
          • Add a new rule
          • Enter Integrity Monitoring rule information
          • Select a rule template and define rule attributes
          • Registry Value template
          • File template
          • Custom template
          • Configure Trend Micro Integrity Monitoring rules
          • Configure rule events and alerts
          • Real-time event monitoring
          • Alerts
          • View policies and computers to which a rule is assigned
          • Export a rule
          • Delete a rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
          • Import and export file extension lists
          • View malware scan configurations that use a file extension list
        • Create list of files for use in policies
        • Create a list of IP addresses for use in policies
          • Import and export IP lists
          • View rules that use an IP list
        • Create a list of ports for use in policies
          • Import and export port lists
          • View rules that use a port list
        • Create a list of MAC addresses for use in policies
          • Import and export MAC lists
          • View policies that use a MAC list
        • Recommended Exclusions
        • Define contexts for use in policies
          • Configure internet connectivity for the computer
          • Define a context
        • Define stateful firewall configurations
          • Add a stateful configuration
          • Provide stateful configuration information
          • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
          • Export a stateful configuration
          • Delete a stateful configuration
          • View policies and computers with assigned stateful configuration
        • Define a schedule to apply to rules
    • Configure protection modules
      • Configure Intrusion Prevention
        • About Intrusion Prevention
        • Set up Intrusion Prevention
          • Enable Intrusion Prevention in Detect mode
          • Enable Auto Apply core Endpoint & Workload rules
          • Test Intrusion Prevention
          • Apply recommended rules
          • Check Intrusion Prevention events
          • Enable fail open for packet or system failures
          • Switch to Prevent mode
          • Implement best practices for specific rules
          • HTTP Protocol Decoding rule
          • Cross-site scripting and generic SQL injection rules
        • Configure intrusion prevention rules
          • Intrusion prevention rules list
          • Intrusion prevention license types
          • View information about intrusion prevention rules
          • General Information
          • Details
          • Identification (Trend Micro rules only)
          • View information about associated vulnerability (Trend Micro rules only)
          • Assign and unassign rules
          • Automatically assign core Endpoint & Workload rules
          • Automatically assign updated required rules
          • Configure event logging for rules
          • Generate alerts
          • Setting configuration options (Trend Micro rules only)
          • Schedule active times
          • Exclude from recommendations
          • Set the context for a rule
          • Override the behavior mode for a rule
          • Override rule and application type configurations
          • Export and import rules
        • Configure a SQL injection prevention rule
        • Application types
          • View a list of application types
          • General Information
          • Connection
          • Configuration
          • Options
          • Assigned To
        • Inspect TLS traffic
        • TLS inspection support
          • Manage TLS inspection support package updates
          • Disable TLS inspection support package updates on a single agent
          • Disable TLS inspection support package updates by policy
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure Anti-Malware
            • Enable the Anti-Malware module
            • Select the types of scans to perform
            • Configure scan inclusions
            • Configure scan exclusions
            • Scan for recommended exclusions on computers
            • Configure multiple scan list exclusions or inclusions
            • Ensure that Workload Security can keep up to date on the latest threats
          • Configure malware scans
          • Performance tips for Anti-Malware
            • Minimize disk usage
            • Optimize CPU usage
              • Enable multi-threaded processing
            • Optimize RAM usage
          • Configure Deep Security and Microsoft Defender Antivirus for Windows
        • Detect emerging threats with Predictive Machine Learning
          • Enable Predictive Machine Learning
        • Enhanced Anti-Malware and ransomware scanning with behavior monitoring
          • Enhanced scanning protection
          • Enable enhanced scanning
          • What happens when enhanced scanning finds a problem?
        • Smart Protection in Workload Security
          • Anti-Malware and Smart Protection
          • Benefits of Smart Scan
          • Enable Smart Scan
          • Smart Protection Server for File Reputation Service
          • Web Reputation and Smart Protection
          • Smart Feedback
          • Disable Smart Feedback
        • Handle malware
          • View and restore identified malware
            • View a list of identified files
            • Work with identified files
            • Search for an identified file
            • Restore identified files
              • Create a scan exclusion for the file
              • Restore the file
          • Create Anti-Malware exceptions
          • Increase debug logging for Anti-Malware in protected Linux instances
      • Configure Firewall
        • About Firewall
        • Set up the Workload Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
          • Rule actions
            • Allow rules
            • Bypass rules
              • Default Bypass rule for Workload Security traffic
            • Force Allow rules
          • Rule processing sequence
            • Logging
          • Actions and priorities applied together
          • Rule priority
          • Rule action and priority order
        • Firewall settings
          • General
            • Firewall
            • Firewall Stateful Configurations
            • Assigned Firewall Rules
          • Interface Isolation
            • Interface patterns
          • Reconnaissance
          • Advanced
            • Events
          • Firewall Events
        • Define stateful firewall configurations
          • Add a stateful configuration
          • Provide stateful configuration information
          • Select packet inspection options
            • IP packet inspection
            • TCP packet inspection
            • FTP Options
            • UDP packet inspection
            • ICMP packet inspection
          • Export a stateful configuration
          • Delete a stateful configuration
          • View policies and computers with assigned stateful configuration
        • Container firewall rules
      • Manage Container Protection
        • Apply real-time scan
        • Apply your firewall settings
        • Apply your intrusion prevention settings
      • Configure Web Reputation
        • Enable the Web Reputation module
        • Enable the Trend Micro Toolbar
        • Install the toolbar for macOS
        • Install the toolbar for Windows
        • Switch between inline and tap mode
        • Enforce the security level
        • Configure the security level
        • Create exceptions
        • Create URL exceptions
        • Configure the Smart Protection Server
        • Smart Protection Server connection warning
        • Edit advanced settings
        • Blocking Page
        • Alert
        • Ports
        • Test Web Reputation
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
          • Enable and configure Integrity Monitoring
          • Enable Integrity Monitoring
          • Run a recommendation scan
          • Disable real-time scanning
          • Apply the Integrity Monitoring rules
          • Build a baseline for the computer
          • Periodically scan for changes
          • Test Integrity Monitoring
          • Improve Integrity Monitoring scan performance
          • Limit resource usage
          • Change the content hash algorithm
          • Integrity Monitoring event tagging
        • Create an Integrity Monitoring rule
          • Add a new rule
          • Enter Integrity Monitoring rule information
          • Select a rule template and define rule attributes
          • Registry Value template
          • File template
          • Custom template
          • Configure Trend Micro Integrity Monitoring rules
          • Configure rule events and alerts
          • Real-time event monitoring
          • Alerts
          • View policies and computers to which a rule is assigned
          • Export a rule
          • Delete a rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
          • Enable the log inspection module
          • Run a recommendation scan
          • Apply the recommended log inspection rules
          • Test Log Inspection
          • Configure log inspection event forwarding and storage
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
          • Key software ruleset concepts
          • How do Application Control software rulesets work?
          • The Application Control interface
          • Application Control: Software Changes (Actions)
          • Application Control Software Rulesets
          • Security Events
          • Application Control Trust Entities
          • What does Application Control detect as a software change?
        • Set up Application Control
          • Turn on Application Control
          • Monitor new and changed software
          • Guidelines for handling changes
          • Turn on maintenance mode when making planned changes
          • Application Control tips and considerations
        • Verify that Application Control is enabled
        • Monitor Application Control events
          • Select Application Control events to log
          • View Application Control event logs
          • Interpret aggregated security events
          • Monitor Application Control alerts
        • View and change Application Control software rulesets
          • View Application Control software rulesets
          • Security Events
          • Change the action for an Application Control rule
          • Delete an individual Application Control rule
          • Delete an Application Control ruleset
        • Application Control Trust Entities
          • Trust Rulesets
            • Create a trust ruleset
            • Create a trust ruleset from the Policies tab
            • Create a trust ruleset from the the Computer or Policies tab
            • Assign or unassign a trust ruleset
            • Assign a trust ruleset
            • Unassign a trust ruleset
            • Delete a trust ruleset
          • Trust rules
            • Types of trust rules
            • Create a trust rule
            • Change trust rule properties
            • Delete a trust rule
          • Types of trust rule properties
          • Application Control event aggregation and analysis
          • Trust rule property limitations for Linux
        • Reset Application Control after extensive software change
        • Use the API to create shared and global rulesets
          • Create a shared ruleset
          • Change from shared to computer-specific allow and block rules
    • Configure events and alerts
      • Workload Security event logging
      • Log and event storage
        • Limit log file sizes
        • Event logging guidelines
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
        • Manual tagging
        • Auto-tagging
          • Set the precedence for auto-tagging rules
          • Auto-tagging log inspection events
        • Trusted source tagging
          • Tag events based on a local trusted computer
          • Workload Security event matching between target and trusted source computers
            • Tag events based on a local trusted computer
          • Tag events based on the Trend Micro Certified Safe Software Service
          • Tag events based on a trusted common baseline
        • Delete a tag
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Workload Security events to a Syslog or SIEM server
          • Allow event-forwarding network traffic
          • Define a Syslog configuration
          • Forward system events
          • Forward security events
          • Compatibility
          • Troubleshoot event forwarding
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
          • Set up a Syslog on Red Hat Enterprise Linux 8
          • Set up a Syslog on Red Hat Enterprise Linux 6 or 7
          • Set up a Syslog on Red Hat Enterprise Linux 5
      • Access events with Amazon SNS
        • Set up Amazon SNS
          • Create an AWS user
          • Create an Amazon SNS topic
          • Enable SNS
          • Create subscriptions
        • SNS configuration in JSON format
        • Events in JSON format
      • Configure alerts
        • View alerts in the Workload Security console
        • Configure alert settings
        • Set up email notification for alerts
        • Enable and disable alert emails
        • Configure an individual user to receive alert emails
        • Configure recipients for all alert emails
      • Generate reports about alerts and other activity
        • Set up a single report
        • Set up a scheduled report
        • Troubleshoot: Scheduled report sending failed
        • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-Malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity Monitoring events
        • Log inspection events
        • Web Reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the Firewall module is disabled?
        • Troubleshoot event ID 771 Contact by Unrecognized Client
        • Troubleshoot Smart Protection Server Disconnected errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
          • Agent on Windows
          • Agent on Linux
        • Warning: Anti-Malware Engine has only Basic Functions
        • Error: Activity Monitoring Engine Offline
        • Warning: Activity Monitoring Engine has only Basic Functions
        • Error: Device Control Engine Offline
          • For Windows agents
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Intrusion Prevention Rule Compilation Failed
          • Apply Intrusion Prevention best practices
          • Manage rules
          • Unassign application types from a single port
        • Error: Log Inspection Rules Require Log Files
          • If the file location is required
          • If the files listed do not exist on the protected machine
        • Error: Module installation failed (Linux)
        • Error: MQTT Connection Offline
        • Error: There are one or more application type conflicts on this computer
          • Resolution
          • Consolidate ports
          • Disable the inherit option
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Event: Max TCP connections
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
      • Enable OS proxy
        • Enable OS proxy on the server console
        • Enable OS proxy from the endpoint
        • Configuration on agent side
        • Troubleshooting
    • Configure relays
      • About relays
      • Deploy more relays
        • Plan the number and location of relays
        • Create relay groups
        • Enable relays
        • Assign agents to a relay group
        • Connect agents to a relay's private IP address
      • Remove relay functionality from agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Communication between Workload Security and Deep Security Agent
      • Configure agents that have no Internet access
      • Activate and protect agents using agent-initiated activation and communication
        • Enable agent-initiated activation
        • Create or modify policies with agent-initiated communication enabled
        • Enable agent-initiated activation
        • Assign the policy to agents
        • Use a deployment script to activate the agents
      • Automatically upgrade agents on activation
      • Using the agent with iptables
      • Enable Managed Detection and Response
      • Configure agent self-protection
        • Configure self-protection through the Workload Security console
        • Configure self-protection using the command line
        • Limitations on Linux
        • Troubleshooting the Linux agent
      • Are Offline agents still protected by Workload Security?
      • Automate offline computer removal with inactive agent cleanup
        • Enable inactive agent cleanup
          • Keep offline computers protected
          • Prevent computers from being removed
        • Check the audit trail for removed computers
          • Search system events
          • System event details
      • Agent settings
      • Custom network configuration
        • Add a custom network configuration
        • JSON parameter configuration examples
      • User mode solution
      • Notifier application
        • About the notifier
        • Trigger a manual scan
        • macOS
        • Windows
    • Implement SAML single sign-on (SSO)
      • About SAML single sign-on (SSO)
      • Configure SAML single sign-on
        • Prerequisites
        • Configure SAML in Workload Security
        • Import your identity provider's SAML metadata document
        • Create Workload Security roles for SAML users
        • Provide information to your identity provider administrator
        • Download the Workload Security service provider SAML metadata document
        • Send URNs and the Workload Security SAML metadata document to the identity provider administrator
        • SAML claims structure
        • Workload Security username (required)
        • Workload Security user role (required)
        • Maximum session duration (optional)
        • Preferred language (optional)
        • Test SAML single sign-on
        • Service and identity provider settings
      • Configure SAML single sign-on with Microsoft Entra ID
    • Roles and contacts for accounts
      • Define roles for users
      • Add contacts (users who can only receive reports)
        • Add or edit a contact
        • Delete a contact
    • Navigate and customize the Workload Security console
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Use the Notification Service
    • Harden Workload Security
      • About Workload Security hardening
      • Manage trusted certificates
        • Import trusted certificates
        • View trusted certificates
        • Remove trusted certificates
      • SSL implementation and credential provisioning
      • Protect the agent
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Workload Security
      • About upgrades
      • Apply security updates
        • Configure the security update source
        • Initiate security updates
        • Check your security update status
        • View details about pattern updates
        • Revert, import, or view details about rule updates
        • Configure security updates
        • Enable automatic patches for rules
        • Enable automatic Anti-Malware engine updates
        • Change the alert threshold for late security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
        • Web server requirements
        • Copy the folder structure
        • Configure agents to use the new software repository
      • Upgrade a relay
        • Upgrade a relay from Workload Security
        • Upgrade a relay by running the installer manually
      • Upgrade the agent
        • Before you begin
        • Upgrade the agent starting from an alert
        • Upgrade multiple agents at once
        • Upgrade the agent from the Computers page
        • Upgrade the agent on activation
        • Upgrade the agent from a Scheduled Task
        • Upgrade the agent manually
        • Upgrade the agent on Windows
        • Upgrade the agent on Linux
        • Upgrade the agent on Solaris
        • Upgrade the agent on AIX
        • Best practices for agent upgrade
      • Install Trend Vision One Endpoint Security Agent via Deep Security Agent
        • Install Trend Vision One Endpoint Security agent
        • Schedule a task
        • Use Trend Vision One Endpoint Sensor
    • Uninstall the agent
      • Uninstall an agent on Windows
      • Uninstall an agent on Linux
      • Uninstall an agent on Solaris 10
      • Uninstall an agent on Solaris 11
      • Uninstall an agent on AIX
      • Uninstall an agent on macOS
      • Uninstall an agent on Red Hat OpenShift
      • Uninstall the notifier
    • Evaluate Trend Vision One
      • Foundation Services and Endpoint Protection prerequisites
      • Export policies and configurations
      • Import policies and configurations
      • Configure proxy settings
      • Deactivate the agent in Trend Cloud One - Endpoint & Workload Security
      • Reactivate the agent in Trend Vision One
      • Revert agents to Trend Cloud One - Endpoint & Workload Security
  • Integrations
    • Integrate with AWS Control Tower
      • Integrate with AWS Control Tower
      • Upgrade AWS Control Tower integration
      • Remove AWS Control Tower integration
    • Integrate with AWS Systems Manager Distributor
      • Create an IAM policy
      • Create a role and assign the policy
      • Create parameters
      • Create association
      • Protect your computers
    • Integrate with SAP NetWeaver
    • Integrate with Apex Central
    • Integrate with Trend Vision One
      • Integrate Workload Security with Trend Vision One
        • Register with Trend Vision One using the Product Instance app XDR
        • Register with Trend Vision One using the Product Connector app XDR
        • Forward security events to Trend Vision One XDR
        • Enable Activity Monitoring
      • Enable Trend Vision One SSO to Trend Cloud One
        • Enable single sign-on
      • Trend Vision One extended detection and response (XDR) file collection
        • Requirements
        • Collect objects using file collection
          • Trigger file collection
          • Create a File Collection Task
          • Monitor task status
          • Download sample file
        • Troubleshoot common issues
          • Trend Vision One settings
          • Security module settings for your computers
      • Trend Vision One extended detection and response (XDR) network isolation
        • Requirements
        • Isolate endpoints using network isolation
        • Trigger network isolation
        • Create an Isolate Endpoint Task
        • Monitor task status
        • Restore connection to an endpoint
        • Troubleshoot common issues
        • Trend Vision One settings
        • Security module settings for your computers
      • Trend Vision One extended detection and response (XDR) remote shell
      • Trend Vision One Threat Intelligence - user-defined suspicious object
      • Trend Vision One extended detection and response (XDR) custom script
        • Run a remote custom script task
        • Trigger a custom script using Remote Shell
      • Integrate with Service Gateway
        • Integrate Trend Vision One Service Gateway
        • Integrate the Service Gateway Forward Proxy
        • Integrate the Service Gateway ActiveUpdate service
          • Enable the ActiveUpdate services
          • Get Trend Cloud One - Endpoint & Workload Security ActiveUpdate source URL
          • Configure the ActiveUpdate service
          • Configure update source on Trend Cloud One - Endpoint & Workload Security
        • Integrate the Service Gateway Smart Protection service
          • Enable Smart Protection services
          • Configure local File Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
          • Configure local Web Reputation service on Trend Cloud One - Endpoint & Workload Security Policy
      • Unregister Trend Cloud One - Endpoint & Workload Security from Trend Vision One
        • Use the Trend Vision One product connectors
        • Use Postman and an HTTP API
  • FAQs
    • Why does my Windows machine lose network connectivity when I enable protection?
    • How does agent protection work for Solaris zones?
    • Can Workload Security protect AWS GovCloud or Azure Government workloads?
    • Amazon Instance Metadata Service use by Deep Security Agent
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all VMs in an Azure subscription in Workload Security?
  • Troubleshooting
    • Offline agent
      • Causes
      • Verify that the agent is running
      • Verify DNS
      • Ensure that the DNS service is reliable
      • Allow outbound ports (agent-initiated heartbeat)
      • Allow ICMP on Amazon AWS EC2 instances
      • Fix the upgrade issue on Solaris 11
    • High CPU usage
    • Diagnose problems with agent deployment on Windows
    • Anti-Malware Windows platform update failed
      • An incompatible Anti-Malware component from another Trend Micro product
      • An incompatible Anti-Malware component from a third-party product
      • Other/unknown Error
    • Security update connectivity
    • Network Engine Status (Windows)
      • Network Engine Status warnings
      • Verify the driver status in Windows
      • Disable Network Engine Status warnings
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Issues adding your AWS account to Workload Security
      • AWS is taking longer than expected
      • Resource is not supported in this region
      • Template validation issue
      • Workload Security was unable to add your AWS account
    • Create a diagnostic package and logs
      • Agent diagnostics
      • Create an agent diagnostic package via Workload Security
      • Create an agent diagnostic package via CLI on a protected computer
      • Collect debug logs with DebugView on Windows
      • Collect debug logs with DebugView on macOS
    • Removal of older software versions
    • Troubleshoot SELinux alerts
      • SELinux blocks the Deep Security Agent service
      • Berkeley Packet Filter (BPF) operations blocked
    • Troubleshoot Azure Code Signing
  • Trust and compliance information
    • About compliance
    • Agent package integrity check
    • Meet PCI DSS requirements with Workload Security
    • GDPR
    • Set up AWS Config Rules
    • Bypass vulnerability management scan traffic in Workload Security
      • Create a new IP list from the vulnerability scan provider IP range or addresses
      • Create firewall rules for incoming and outbound scan traffic
      • Assign new firewall rules to a policy to bypass vulnerability scans
    • Use TLS 1.2 with Workload Security
      • TLS architecture
      • Enable the TLS 1.2 architecture
      • Deploy new agents and relays
      • Guidelines for using deployment scripts
    • Privacy and personal data collection disclosure
  • Release notes and scheduled maintenance
    • Maintenance
    • What's new in Workload Security?
    • What's new in Deep Security Agent for macOS
    • API changelog
Close