Security Agents can log and block all connections made between
endpoints and addresses in the Global C&C IP list. You can also log, but still
allow access to, IP addresses configured in the User-defined Blocked IP List.
Security Agents can also monitor connections that may be the
result of a botnet or other malware threat. After detecting a malware threat, Security Agents can attempt to clean the infection.
Procedure
- Enable the Detect network connections made
to addresses in the Global C&C IP list setting to monitor
connections made to Trend Micro confirmed C&C servers and select to
Log only or Block
connections.
-
To allow agents to connect to addresses in the User-defined Blocked IP list, enable the Log and allow access to User-defined Blocked IP list addresses setting.
Note
You must enable network connection logging before Security Agents can allow access to addresses in the User-defined Blocked IP list. -
- Enable the Detect connections using malware
network fingerprinting setting and select to Log
only or Block connections.
-
To allow Security Agents to attempt to clean connections made to C&C servers, enable the Clean suspicious connections when a C&C callback is detected setting. Security Agents use GeneriClean to clean the malware threat and terminate the connection to the C&C server.
Note
You must enable Log connections using malware network fingerprinting before Security Agents can attempt to clean the connections made to C&C servers detected by packet structure matching. -