Views:

Centralize management of Trend Vision One Endpoint Security agent settings with endpoint security policies.

Important
Important
  • Endpoint security policies only support endpoints with the Trend Vision One Endpoint Security agent version October 2024 release or later installed.
  • Certain settings require credits to enable.
  • The first time you enable endpoint sensor detection and response, your currently deployed Trend Vision One Endpoint Security agent install the new Network Content Inspection Engine. For more information, see Network Content Inspection Engine.
Endpoint security policies are a tool you can use to centrally manage endpoint settings for your connected Trend Vision One Endpoint Security agent, including agents with Standard Endpoint Protection and Server & Workload Protection installed. The table below details what settings and features you can configure using an endpoint security policy:

Setting
Description
Endpoint sensor detection and response
Sends activity data for state-of-the-art threat detection and alerts (required for advanced XDR detections and Workbench alerts)
The detection and response feature collects endpoint activity data that helps provide alerts and enhanced investigation data whenever a suspected attack occurs. The collected data is also used by Attack Surface Risk Management applications to help identify risky endpoint and user behavior, and to identify endpoint vulnerabilities.
Monitoring level
Controls the sensitivity of endpoint sensor detections
Requires enabling Endpoint sensor detection and response.
Raising the monitoring level increases the sensitivity of the endpoint sensor, which increases the number of detections and alerts. Higher levels allow for more strict monitoring to help with situations like on-going threat investigations, but might generate a large number of nonessential logs and impact endpoint performance. Some components used by higher monitoring levels are not available on all platforms.
The default setting is 2 - Moderate. Trend Micro recommends using the default setting to balance more relevant data with minimal impact on your endpoints.
Important
Important
Monitoring level only supports Windows endpoints.
Deepfake detector
Analyzes ongoing video calls to determine if they contain synthesized images
Requires enabling Endpoint sensor detection and response.
Important
Important
Deepfake detector only supports Windows endpoints.
Advanced risk telemetry
Analyzes endpoints for potential security posture weaknesses and performs vulnerability assessments for zero-day threats
Note
Note
Not supported on macOS or non-persistent virtual desktops.
The advanced risk telemetry feature collects data that specifically helps detect zero-day threats and identify weaknesses in your endpoint, user, and security configuration settings.
Additional settings for Standard Endpoint Protection and Server & Workload Protection can be configured in the Protection Managers. Central management of agent and component versions is coming soon.
The first time you access the Endpoint Security Policies screen, the system imports your sensor settings from Endpoint Inventory to create several general policies along with the Default Endpoint Policy. Your endpoints are automatically assigned to the general policies. You can edit, delete, or rename the general policies.
  • For customers using the Trend Vision One Foundation Services release, the system creates the following policies.:
    • Standard Endpoint Protection General Policy
    • Server & Workload Protection General Policy
    • Sensor Only General Policy
    • Default Endpoint Policy
  • For customers using Trend Vision One Legacy, the system creates the following policies:
    • Endpoint Sensor General Policy
    • Default Endpoint Policy