Centralize management of Trend Vision One Endpoint Security agent settings with endpoint security policies.
Important
|
Endpoint security policies are a tool you can use to centrally manage endpoint settings
for your connected Trend Vision One Endpoint Security agent, including agents with
Standard Endpoint Protection and Server & Workload Protection installed. The table
below details what settings and features you can configure using an endpoint security
policy:
Setting
|
Description
|
||
Endpoint sensor detection and response
|
Sends activity data for state-of-the-art threat detection and alerts (required for
advanced XDR detections and Workbench alerts)
The detection and response feature collects endpoint activity data that helps provide
alerts and enhanced investigation data whenever a suspected attack occurs. The collected
data is also used by Attack Surface Risk Management applications to help identify risky endpoint and user behavior, and to identify endpoint
vulnerabilities.
|
||
Monitoring level
|
Controls the sensitivity of endpoint sensor detections
Requires enabling Endpoint sensor detection and response.
Raising the monitoring level increases the sensitivity of the endpoint sensor, which
increases the number of detections and alerts. Higher levels allow for more strict
monitoring to help with situations like on-going threat investigations, but might
generate a large number of nonessential logs and impact endpoint performance. Some
components used by higher monitoring levels are not available on all platforms.
The default setting is 2 - Moderate. Trend Micro recommends using the default setting to balance more relevant data with
minimal impact on your endpoints.
|
||
Deepfake detector
|
Analyzes ongoing video calls to determine if they contain synthesized images
Requires enabling Endpoint sensor detection and response.
|
||
Advanced risk telemetry
|
Analyzes endpoints for potential security posture weaknesses and performs vulnerability
assessments for zero-day threats
The advanced risk telemetry feature collects data that specifically helps detect zero-day
threats and identify weaknesses in your endpoint, user, and security configuration
settings.
|
Additional settings for Standard Endpoint Protection and Server & Workload Protection
can be configured in the Protection Managers. Central management of agent and component
versions is coming soon.
The first time you access the Endpoint Security Policies screen, the system imports your sensor settings from Endpoint Inventory to create
several general policies along with the Default Endpoint Policy. Your endpoints are
automatically assigned to the general policies. You can edit, delete, or rename the
general policies.
-
For customers using the Trend Vision One Foundation Services release, the system creates the following policies.:
-
Standard Endpoint Protection General Policy
-
Server & Workload Protection General Policy
-
Sensor Only General Policy
-
Default Endpoint Policy
-
-
For customers using Trend Vision One Legacy, the system creates the following policies:
-
Endpoint Sensor General Policy
-
Default Endpoint Policy
-