Workload Security enables you to generate a variety of reports. Reports display data
for a time period that you specify. You can generate reports for particular computers,
groups of computers, computers using a particular policy. You can also filter for
certain event tags. For details on configuring reports, see Generate reports about alerts and other activity.
One of the reports that you can generate is the Attack Report, which contains a summary
table and some additional information about the most frequent events. The summary
tables provides this information:
|
Detect Mode:
Numbers of events where Workload Security is configured to detect
issues and log events, but not take other actions.
|
Prevent Mode:
Numbers of events where Workload Security is configured to detect
issues, generate events, and take some sort of action.
|
Total:
Total of the numbers in the Detect Mode and Prevent Mode
columns
|
Ratio:
Percentage of events prevented compared to total number
detected
|
|
|
Anti-Malware
|
Passed: Workload Security detected malware and logged an event.
For information on how to change the action that Workload Security takes when it detects
malware, see Configure malware scans.
|
Cleaned: Workload Security cleaned an infected file by terminating processes or deleting registries,
files, cookies, or shortcuts, depending on the type of malware.
Quarantined: Workload Security moved an infected file to the "identified files" folder.
Deleted: Workload Security deleted an infected file.
Access Denied: Workload Security prevented an infected file from being accessed, without removing
the file from the system.
Terminated: A behavior monitoring scan determined that a process was compromised and terminated
the process to prevent further infection. For details, see Enhanced anti-malware and ransomware scanning with behavior monitoring.
|
||
|
Firewall
|
Displays the number of events triggered by rule-based checks and
configuration-based checks. For a list of events generated by
configuration-based checks, see the events with IDs less than
200 in Firewall events.
|
|||
|
Reconnaissance Scan
|
Number of reconnaissance scans detected by the Firewall module. For details about
the types
of reconnaissance scans and suggested actions, see Warning:
Reconnaissance Detected. For information on configuring
reconnaissance scan detection, see Firewall settings.
|
Reconnaissance scans are only performed in inline mode.
|
||
|
Exploit
|
Number of events generated by the Intrusion Prevention rules
provided by Trend Micro. There are 3 main types of Intrusion
Prevention rules provided by Trend Micro:
Intrusion Prevention rules also have an associated severity,
depending on the severity of the issue that the rule identifies:
Critical, High, Medium, Low.
|
|||
|
Vulnerability
|
||||
|
Smart
|
||||
|
Policy
|
||||
|
Info
|
||||
|
Custom
|
Number of events generated by custom Intrusion Prevention rules
that you have written.
Intrusion Prevention rules have an associated severity, depending
on the severity of the issue that the rule identifies:
Critical, High, Medium, Low.
|
|||
|
Non-Rule Based
|
Number of events found by the Intrusion Prevention engine code,
rather than by a rule.
|
|||