Configure agents that have no Internet access

If your agents or relays don't have access to the internet (also called "air-gapped agents"), then they won't be able to access several of the security services provided by the Trend Micro Smart Protection Network. These security services are necessary for the full and successful operation of the Server & Workload Protection Anti-Malware and Web Reputation features.

The Trend Micro Smart Protection Network security services are:

Service name	Required for these features
Smart Scan Service	Smart Scan
Web Reputation Service	Web Reputation
Global Census Service	Behavior monitoring, predictive machine learning
Good File Reputation Service	Behavior monitoring, predictive machine learning, process memory scans
Predictive Machine Learning Service	Predictive machine learning

In addition to the above services, the agent and relay-enabled agent also need access to the Trend Micro Update Server (also called Active Update), which is not part of the Smart Protection Network, but is a component that is hosted by Trend Micro and accessed over the internet.

If any of your agents or relay-enabled agents can't reach the services above, you have several solutions, described below.

Solutions

Use a proxy
Install a Smart Protection Server locally
Disable the features that use Trend Micro security services

Use a proxy

If your agents or relay-enabled agents can't connect to the internet, you can install a proxy that can. Your agents and relays connect to the proxy, and the proxy then connects outbound to the Trend Micro security services in the Smart Protection Network.

Note

With a proxy, each Smart Scan or Web Reputation request goes out over the internet to the Smart Protection Network. Consider instead using a Smart Protection Server inside your LAN to keep these requests within your network and reduce extranet bandwidth usage.

To use a proxy, see Connect agents behind a proxy.

Install a Smart Protection Server locally

If your agents and relay-enabled agents can't connect to the internet, you can install a Smart Protection Server in your local area network (LAN) to which they can connect. The local Smart Protection Server periodically connects outbound over the internet to the Smart Protection Network to retrieve the latest Smart Scan Anti-Malware patterns and Web Reputation information. This information is cached on the Smart Protection Server and queried by your agents and relay-enabled agents. The Smart Protection Server does not push updates to the air-gapped agents or relay-enabled agents.

If you decide to use this solution, remember that:

Functionality is limited. Only the Smart Scan and Web Reputation features are supported with a local Smart Protection Server.
Use the proxy solution if you need the behavior monitoring, predictive machine learning, and process memory scanning features. See Use a proxy above for details. If you decide not to use these features, you must disable them to prevent a query failure and to improve performance. For instructions on disabling these features, see Disable the features that use Trend Micro security services.

To deploy a Smart Protection Server:

install it manually. See the Smart Protection Server documentation for details. OR
if your agents or relay-enabled agents are inside AWS, install it using an AWS CloudFormation template created by Trend Micro. See Deploy a Smart Protection Server in AWS for details.

Disable the features that use Trend Micro security services

You can disable the features that use Trend Micro security services. Doing so improves performance because the air-gapped agent no longer tries (and fails) to query the services.

Note

Without Trend Micro security services, your malware detection is downgraded significantly, ransomware is not detected at all, and process memory scans are also affected. It is therefore strongly recommended that you use one of the other solutions to allow access to Trend Micro security services. If this is impossible, only then should you disable features to realize performance gains.

Disable Smart Scans

Open the Computer or Policy editor .
On the left, click Anti-Malware.
In the main pane, click Smart Protection.
Under Smart Scan, deselect Inherited (if it is selected) and then select Off.
Click Save.

Disable Web Reputation

Open the Computer or Policy editor.
On the left, click Web Reputation.
In the main pane, make sure the General tab is selected.
From the Configuration drop-down list, select Off.
Click Save.

Disable Smart Feedback

In the Server & Workload Protection console, click Administration at the top.
Click System Settings on the left.
In the main pane, click the Smart Feedback tab.
Deselect Enable Trend Micro Smart Feedback (recommended).
Click Save.

Disable process memory scans

In the Server & Workload Protection console, click Policies at the top.
On the left, expand Common Objects → Other and then click Malware Scan Configurations.
Double-click a malware scan configuration with a SCAN TYPE of Real-Time.
On the General tab, under Process Memory Scan, deselect Scan process memory for malware.
Click OK.

Disable predictive machine learning

Make sure you still have a real-time malware scan configuration open.
On the General tab, under Predictive Machine Learning, deselect Enable Predictive Machine Learning.
Click OK.

Disable behavior monitoring

Make sure you still have a real-time malware scan configuration open.
On the General tab, under Behavior Monitoring, deselect both options, namely, Detect suspicious activity and unauthorized changes (incl. ransomware) and Back up and restore ransomware-encrypted files.
Click OK.