Views:

Edit and create proxy policies for your endpoint agents.

Important
Important
Runtime Proxy Settings only supports Endpoint Sensor, Standard Endpoint Protection, and Server & Workload Protection agents deployed using the agent installer downloaded from Endpoint Inventory.
Sensor-only endpoints and Endpoint Sensors deployed to endpoints managed by a connected endpoint security product only apply the Sensor Policy in Runtime Proxy Settings. You cannot add or remove target groups from the Sensor Policy.
You must update the agent to use this feature. Runtime Proxy Settings supports the following versions:
  • Standard Endpoint Protection (Windows) version 14.0.13139 or later
  • Server and Workload Protection (Windows/Linux ) version 20.0.1.9400 or later
  • Trend Vision One Endpoint agent package June 2024 release or later
Runtime Proxy Settings do not apply to connected endpoint security agents. The settings only apply to the Endpoint Sensor deployed to those endpoints. You must configure the proxy settings for your connected agents through the respective product consoles.
Create or edit runtime proxy policies to assign proxy settings to your agents. Runtime proxy policies are applied to agents after successfully registering to Trend Vision One.
Trend Micro recommends reviewing the following before configuring new proxy policies:
  • Endpoint groups not assigned to any policy default to the Base Policy. Sensor-only endpoints and Endpoint Sensors deployed to endpoints managed by a connected endpoint security product only apply the Sensor Policy. Trend Micro recommends reviewing and configuring the Sensor Policy and Base Policy before adding any new proxy policies.
  • If you want to use a Service Gateway as a proxy, make sure to deploy and configure a Service Gateway with the Forward Proxy Service enabled. For more information, see Deploy a Service Gateway and Configure Firewall Exceptions.
  • The Base Policy defaults to using all available Service Gateways. If you do not want to use a Service Gateway, you can either modify the Base Policy or create a new policy with no Service Gateways selected. Read the steps below for more information.
  • The endpoint name criteria uses a partial match to apply the criteria to target endpoints. You can use the search function in Endpoint Inventory to test values to ensure the endpoints you want to target are included.

Procedure

  1. In the Trend Vision One console, go to Endpoint SecurityEndpoint Inventory
  2. Click the Default and Global Settings icon (Global_Settings=GUID-1E10BFBD-3AFF-46DD-B853-0438EC2FD3F9.png) and then click Global settings.
  3. Go to the Runtime Proxy Settings tab.
  4. Click Add Policy to create a new policy, or click a policy name to edit.
    The Runtime Proxy Policy Settings window appears.
  5. Configure the General Settings.
    1. Specify the Policy name.
    2. To select the target endpoint groups, click the edit icon (proxyConfigIcon=20230614160101.jpg).
    3. In the window that appears, select one or more endpoint groups to target.
      Selecting a parent group automatically selects all child groups, and includes any child groups added later. You can clear the selection for specific child groups you do not want included in the policy. You can select a child group even if the parent group is already targeted by another policy.
      Important
      Important
      Endpoint groups which are not assigned to a policy apply the Base Policy.
    4. Click Select.
  6. To add a priority, click the add icon (add_icon=cf892c2f-1a1f-4d22-848f-023067e4a507.png).
    The Runtime Proxy Policy Settings window displays each priority as a tab in order of priority from left to right with the Default tab always on the right. New priorities are always added as the highest priority. You can rearrange priorities by clicking and dragging. You can delete a priority by clicking the remove icon (xmark_icon=773fb77a-7552-4201-85f7-8d8bfb8f3251.png). You cannot delete the Default tab.
  7. Set the priority criteria.

    Criteria type
    Description
    Input method
    All
    The priority rule applies to all endpoints in the selected endpoint groups
    The Default priority is set to All and cannot be changed.
    No input method, the rule applies to all endpoints.
    Operating system
    The priority rule applies to any endpoint with the specified operating system
    Click the edit icon (proxyConfigIcon=20230614160101.jpg) to select the OS family or a specific OS version.
    Endpoint name
    The priority rule applies to any endpoint containing at least one specified value in the endpoint name
    For example, if you specify Test, the priority rule applies to the endpoint Test01.
    Specify a value and either type a comma (,) or press ENTER to separate values.
    IP range
    The priority rule applies to any endpoint with an IP address within one of the specified ranges
    Specify an IP range in either IPv4 or IPv6 format. Click the add icon (add_icon=cf892c2f-1a1f-4d22-848f-023067e4a507.png) to add up to 3 IP ranges.
    Important
    Important
    Some criteria options are not available in all regions.
    Endpoints must connect to Trend Vision One to receive the proxy information. If you choose to use the IP range criteria and a targeted endpoint IP Address changes, make sure the endpoint can access Trend Vision One with the new IP address.
    For example, if you move an endpoint to a new location, causing the IP address to change, the endpoint must connect to Trend Vision One to retrieve the proxy settings for the new location.
  8. Specify the Service Gateway policy.
    Important
    Important
    You must have at least one Service Gateway with Forward Proxy Service enabled to connect using this method.
    • Click Use selected Service Gateways to specify which Service Gateway appliances to connect
      After selecting this option, a drop-down appears. Select one or more Service Gateway appliances. Hover over the info icon (infoIcon=5ca285cd-10f2-43bc-bcd6-147fcbd4db5a.png) to view the associated IPv4 address and enabled services.
    • Click Use all available Service Gateways to allow the endpoint agent to connect to any Service Gateway based on availability
    • Do not select anything and leave the settings blank if you do not want the targeted endpoints to connect to a Service Gateway appliance
  9. Specify the Primary Custom Proxy Settings.
    Leave the settings blank if you do not want the targeted endpoints to use a proxy server to connect to Trend Vision One.
    • Proxy address: The IPv4 address or FQDN of the proxy server
    • Port: The connection port for the proxy server
    • If the proxy server requires credentials, select Require authentication credentials, and provide the Account and Password.
  10. Specify the Default System Proxy Settings.
    Important
    Important
    Linux agents do not support using the default system proxy.
    Server & Workload Protection agents do not support connecting with a default system proxy that requires authentication credentials.
    • If your endpoint system proxy requires authentication credentials, select Require authentication credentials, and provide the Account and Password.
    • Otherwise, leave blank.
  11. After you have configured your priority settings, click Save.
    The policy appears on the Runtime Proxy Settings list. Target endpoints apply the proxy settings the next time they connect with Trend Vision One.