Views:

Edit and create proxy policies for your endpoint agents.

Important
Important
This is a "Pre-release" sub-feature and is not considered an official release. Please review the Pre-release sub-feature disclaimer before using the feature.
This feature is not available in all regions.
Runtime Proxy Settings only supports Endpoint Sensor, Standard Endpoint Protection, and Server & Workload Protection agents deployed using the agent installer downloaded from Endpoint Inventory.
Sensor-only endpoints and Endpoint Sensors deployed to endpoints managed by a connected endpoint security product only apply the Sensor Policy in Runtime Proxy Settings. You cannot add or remove target groups from the Sensor Policy.
You must update the agent to use this feature. Runtime Proxy Settings supports the following versions:
  • Standard Endpoint Protection (Windows) version 14.0.13139 or later
  • Server and Workload Protection (Windows/Linux ) version 20.0.1.9400 or later
  • Trend Vision One Endpoint agent package May 2024 release or later
Runtime Proxy Settings do not apply to connected endpoint security agents. The settings only apply to the Endpoint Sensor deployed to those endpoints. You must configure the proxy settings for your connected agents through the respective product consoles.
Create or edit runtime proxy policies to assign proxy settings to your agents. Runtime proxy policies are applied to agents after successfully registering to Trend Vision One.
Trend Micro recommends reviewing the following before configuring new proxy policies:
  • Endpoint groups not assigned to any policy default to the Base Policy. Sensor-only endpoints and Endpoint Sensors deployed to endpoints managed by a connected endpoint security product only apply the Sensor Policy. Trend Micro recommends reviewing and configuring the Sensor Policy and Base Policy before adding any new proxy policies.
  • If you want to use a Service Gateway as a proxy, make sure to deploy and configure a Service Gateway with the Forward Proxy Service enabled. For more information, see Deploy a Service Gateway and Configure Firewall Exceptions.
  • The Base Policy defaults to using all available Service Gateways. If you do not want to use a Service Gateway, you can either modify the Base Policy or create a new policy with no Service Gateways selected. Read the steps below for more information.
  • The endpoint name criteria uses a partial match to apply the criteria to target endpoints. You can use the search function in Endpoint Inventory to test values to ensure the endpoints you want to target are included.

Procedure

  1. In the Trend Vision One console, go to Endpoint SecurityEndpoint Inventory
  2. Click the Default and Global Settings icon (global-settings.png) and then click Global settings.
  3. Go to the Runtime Proxy Settings tab.
  4. Click Add Policy to create a new policy, or click a policy name to edit.
    The Runtime Proxy Policy Settings window appears.
  5. Configure the General Settings.
    1. Specify the Policy name.
    2. To select the target endpoint groups, click the edit icon (proxyconfigicon.jpg).
    3. In the window that appears, select one or more endpoint groups to target.
      Selecting a parent group automatically selects all child groups, and includes any child groups added later. You can clear the selection for specific child groups you do not want included in the policy. You can select a child group even if the parent group is already targeted by another policy.
      Important
      Important
      Endpoint groups which are not assigned to a policy apply the Base Policy.
    4. Click Select.
  6. To add a priority, click the add icon (add-icon.png).
    The Runtime Proxy Policy Settings window displays each priority as a tab in order of priority from left to right with the Default tab always on the right. New priorities are always added as the highest priority. You can rearrange priorities by clicking and dragging. You can delete a priority by clicking the remove icon (xmark-icon.png). You cannot delete the Default tab.
  7. Set the priority criteria.
    • All: Target all endpoints
      The Default priority is set to All and cannot be changed.
    • Operating system: Target endpoints by operating system type
      After selecting this type, a drop-down appears. Select one or more operating system types to apply the criteria to.
    • Endpoint name: Target endpoints by name
      After selecting this type, a text box appears. Specify a value and type a comma (,) or press ENTER to separate values.
      You do not have to specify a specific endpoint name. The policy is applied to any endpoints with a name that contains at least one of the specified values.
      For example, an endpoint with the name sarah-mac5-US-sales can be targeted by the tags mac5, US-sales, or sarah.
  8. Specify the Service Gateway policy.
    Important
    Important
    You must have at least one Service Gateway with Forward Proxy Service enabled to connect using this method.
    • Click Use selected Service Gateways to specify which Service Gateway appliances to connect
      After selecting this option, a drop-down appears. Select one or more Service Gateway appliances. Hover over the info icon (infoicon.png) to view the associated IPv4 address and enabled services.
    • Click Use all available Service Gateways to allow the endpoint agent to connect to any Service Gateway based on availability
    • Do not select anything and leave the settings blank if you do not want the targeted endpoints to connect to a Service Gateway appliance
  9. Specify the Primary Custom Proxy Settings.
    Leave the settings blank if you do not want the targeted endpoints to use a proxy server to connect to Trend Vision One.
    • Proxy address: The IPv4 address or FQDN of the proxy server
    • Port: The connection port for the proxy server
    • If the proxy server requires credentials, select Require authentication credentials, and provide the Account and Password.
  10. Specify the Default System Proxy Settings.
    Important
    Important
    Linux agents do not support using the default system proxy.
    Server & Workload Protection agents do not support connecting with a default system proxy that requires authentication credentials.
    • If your endpoint system proxy requires authentication credentials, select Require authentication credentials, and provide the Account and Password.
    • Otherwise, leave blank.
  11. After you have configured your priority settings, click Save.
    The policy appears on the Runtime Proxy Settings list. Target endpoints apply the proxy settings the next time they connect with Trend Vision One.