Views:
The following firewall exceptions apply to networks with:

Trend Vision One Authentication

Service
Region
Exceptions
Trend Vision One
  • All
  • signin.v1.trendmicro.com
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net

Endpoint Security Exceptions

Service / Agent
Region
Exceptions
Endpoint Sensor Agents
  • All
  • assessment-ap5.mgcp.trendmicro.com
  • release-us1.mgcp.trendmicro.com
  • api-ap5.xbc.trendmicro.com
  • tgw-ap5.mgcp.trendmicro.com
  • support-connector-api.manage.trendmicro.com
  • supportconnectorpacks.manage.trendmicro.com
  • rpcollectedthings.manage.trendmicro.com
  • cloudendpoint-ap5.mgcp.trendmicro.com
  • er-ws-as1.xdr.trendmicro.com
  • era-as1.xdr.trendmicro.com
  • endpointpolicy-cdn-ap5.xbc.trendmicro.com
  • files.trendmicro.com
  • xlogr-as1.xdr.trendmicro.com
  • api.in.xdr.trendmicro.com
  • api-cert.in.xdr.trendmicro.com
  • upload.in.xdr.trendmicro.com
  • wsc-ap5.xbc.trendmicro.com
Endpoint Sensor Agents with Sandbox Analysis
  • All
  • sandbox-threatconnect.trendmicro.com
Standard Endpoint Protection Agents
Important
Important
If you enable endpoint sensor detection and response, you must also add the Endpoint Sensor Agents exceptions.
  • All
  • <Apex One console_DNS>.manage.trendmicro.com
    (refer to license email)
  • licenseupdate.trendmicro.com
  • asm01-nabu-prod.aot.trendmicro.com
  • api-nabu.aot.trendmicro.com
  • osce14-p.activeupdate.trendmicro.com
  • tmsm35-p.activeupdate.trendmicro.com
  • activeupdate.trendmicro.com
  • osce14.icrc.trendmicro.com
  • osce14-0-en.url.trendmicro.com
  • osce140-en.fbs25.trendmicro.com
  • osce14-en.gfrbridge.trendmicro.com
  • osce14-en-census.trendmicro.com
  • osce14bak-en-census.trendmicro.com
  • osce140-en-f.trx.trendmicro.com
  • oscecmp140-en-f.trx.trendmicro.com
  • osce140-en-b.trx.trendmicro.com
  • mcs.trendmicro.com
  • www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/
  • files.trendmicro.com
Server & Workload Protection Agents
Important
Important
If you enable endpoint sensor detection and response, you must also add the Endpoint Sensor Agents exceptions.
  • All regions
  • workload.in-1.cloudone.trendmicro.com
  • agents.workload.in-1.cloudone.trendmicro.com
  • <agents-001 through agents-010>.workload.in-1.cloudone.trendmicro.com
  • agent-comm.workload.in-1.cloudone.trendmicro.com
  • dsmim.workload.in-1.cloudone.trendmicro.com
  • relay.workload.in-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.in-1.cloudone.trendmicro.com
  • files.trendmicro.com
  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com
  • dsaas1100-en-census.trendmicro.com
  • ds200-en.fbs25.trendmicro.com
  • ds200-jp.fbs25.trendmicro.com
  • dsaas.icrc.trendmicro.com
  • dsaas-en-f.trx.trendmicro.com
  • dsaas-en-b.trx.trendmicro.com
  • deepsecaas11-en.gfrbridge.trendmicro.com
  • dsaas.url.trendmicro.com
  • gateway.workload.in-1.cloudone.trendmicro.com
  • gateway-control.workload.in-1.cloudone.trendmicro.com

Zero Trust Secure Access Exceptions

Service
Region
Exceptions
Access Module
  • All
  • prod.ztsaagent.trendmicro.com
  • upload.in.xdr.trendmicro.com
  • event-in.ztsaagent.trendmicro.com
Authentication
  • All
  • agent-in-rel.ztna.trendmicro.com
  • signin.v1.trendmicro.com
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net
Internet Access Service
  • All
  • auth.ztsa-iag.trendmicro.com
  • pac.in.ztsa-iag.trendmicro.com
  • auth.in.ztsa-iag.trendmicro.com
Internet Access Cloud Gateway
  • All
  • proxy.ztsa-iag.trendmicro.com
  • proxy.in.ztsa-iag.trendmicro.com
Internet Access On-Premises Gateway with Smart Protection Network: Off
  • All
  • xlogr-an1.xdr.trendmicro.com
  • api.ap-south-1.in.ddcloud.trendmicro.com
  • iwsh30-en.url.trendmicro.com
  • api-ap-southeast-1.crs.trendmicro.com
  • iwsh300-en.census.trendmicro.com
  • iwsaas30-en-f.trx.trendmicro.com
  • iwsh30-p.activeupdate.trendmicro.com
Internet Access On-Premises Gateway with Smart Protection Network: On
  • All
  • xlogr-an1.xdr.trendmicro.com
  • api.ap-south-1.in.ddcloud.trendmicro.com
  • ctapi.trendmicro.com
  • iwsh30-p.activeupdate.trendmicro.com
Private Access Connector
  • All
  • agent-in-rel.ztna.trendmicro.com
  • saseztnaprodinsagen2.blob.core.windows.net
  • saseztnaprodinsa.blob.core.windows.net
  • sase-ztna-prod-in-iothub-cntevt.azure-devices.net
  • speedtest.in.ztna.trendmicro.com
  • ztnaextacr.azurecr.io
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org
Private Access Connector
(if not using the Trend Cloud Proxy service)
Australia
  • 20.5.69.128/28
Europe
  • 20.4.51.32/28
India
  • 20.219.254.160/28
Israel
  • 20.217.194.0/28
Japan
  • 52.140.246.128/28
Singapore
  • 52.187.118.64/28
United States
  • 20.7.52.240/28
Brazil
  • 4.228.193.144/28

Service Gateway Exceptions

Service
Region
Exceptions
Firmware
  • All
  • sgi-tunneling.in.xdr.trendmicro.com
  • sgi-iot.in.xdr.trendmicro.com
  • api.in.xdr.trendmicro.com
  • upload.in.xdr.trendmicro.com
Smart Protection Network proxy: On
  • All
  • ctapi.trendmicro.com
  • sg-tmsps10-p.activeupdate.trendmicro.com
  • activeupdate.trendmicro.com
Smart Protection Network proxy: Off
  • All
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
  • grid-global.trendmicro.com
  • rest.mars.trendmicro.com
  • sg-tmsps10-en.gfrbridge.trendmicro.com
  • sg-tmsps10-p.activeupdate.trendmicro.com
  • sg-tmsps10-en-backup.url.trendmicro.com
  • activeupdate.trendmicro.com
Local ActiveUpdate
  • All
Refer to ActiveUpdate session of each product/agent

Trend Vision One Container Security

Service
Region
Exceptions
Artifact Scanner
  • All
  • artifactscan.in-1.cloudone.trendmicro.com
  • asaas-scan-upload-ap-south-1-prod.s3.ap-south-1.amazonaws.com
  • asaas-scan-vuln-ap-south-1-prod.s3.ap-south-1.amazonaws.com
  • cli.artifactscan.cloudone.trendmicro.com
Runtime Security
  • All
  • sensor-components-prod-componentsstoragebucket-4t1tmfipzmxq.s3.amazonaws.com
  • container.in-1.cloudone.trendmicro.com
  • iot.container.in-1.cloudone.trendmicro.com
  • vcs-iot-in.xdr.trendmicro.com
  • sensor-components-producti-componentsstoragebucket-w7dlr08cm4gx.s3.amazonaws.com
  • rules-production-rulesstoragebucket-cydhihkfho8q.s3.amazonaws.com
  • rules-prod-rulesstoragebucket-1l0asxstzm8y1.s3.ap-south-1.amazonaws.com
Anti-malware Scanner
  • All
  • antimalware.in-1.cloudone.trendmicro.com
Inventory
  • All
  • cs-inventory-landing-ap-south-1-275357989408.s3.us-east-1.amazonaws.com
  • container.in-1.cloudone.trendmicro.com
  • v1cs-inventory-landing-ap-south-1-484917860638.s3.ap-south-1.amazonaws.com
Telemetry Collection
  • All
  • telemetry.deepsecurity.trendmicro.com
AWS ECS Task Definition Patcher
  • All
  • raw.githubusercontent.com
Default Container Image Access
  • All
  • public.ecr.aws

Intrusion Prevention Configuration Exceptions

Service
Region
Exceptions
Intrusion Prevention Configuration
Australia
  • a1mmnfkx71i3sj-ats.iot.ap-southeast-2.amazonaws.com
Europe
  • a1mmnfkx71i3sj-ats.iot.eu-central-1.amazonaws.com
India
  • a1mmnfkx71i3sj-ats.iot.ap-south-1.amazonaws.com
Japan
  • a1mmnfkx71i3sj-ats.iot.ap-northeast-1.amazonaws.com
Singapore
  • a1mmnfkx71i3sj-ats.iot.ap-southeast-1.amazonaws.com
United States
  • a1mmnfkx71i3sj-ats.iot.us-east-1.amazonaws.com

Network Inventory

Service
Region
Exceptions
Virtual Network Sensor
India
  • xns-p.activeupdate.trendmicro.com
  • api.in.xdr.nacloud.trendmicro.com
  • xns-en.fbs25.trendmicro.com
  • xlogr-as1.xdr.trendmicro.com
  • api-ni-in.xdr.trendmicro.com
  • licenseupdate.trendmicro.com
  • api.ddcloud.trendmicro.com
  • api.in.ddcloud.trendmicro.com
Deep Discovery Inspector version 6.7 or later with Smart Protection Network Proxy: On
India
  • api-ni.xdr.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • xlogr-ue1.xdr.trendmicro.com
  • api.us.xdr.nacloud.trendmicro.com
  • api.en.ddcloud.trendmicro.com
  • grid-global.trendmicro.com
  • licenseupdate.trendmicro.com
  • rest.mars.trendmicro.com
  • ddaaas.trendmicro.com
  • ddi67-p.activeupdate.trendmicro.com/activeupdate
  • ddi6-7-en-t0.url.trendmicro.com
  • ddi67-en-f.trx.trendmicro.com
  • intelliconnect.trendmicro.com
  • ddi67.retroscan.trendmicro.com
  • gp.fbs.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.7 or later with Smart Protection Network Proxy: Off
India
  • api-ni.xdr.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • xlogr-ue1.xdr.trendmicro.com
  • api.us.xdr.nacloud.trendmicro.com
  • api.en.ddcloud.trendmicro.com
  • grid-global.trendmicro.com
  • licenseupdate.trendmicro.com
  • rest.mars.trendmicro.com
  • ddaaas.trendmicro.com
  • ddi67-p.activeupdate.trendmicro.com/activeupdate
  • ddi6-7-en-t0.url.trendmicro.com
  • ddi67-en-f.trx.trendmicro.com
  • intelliconnect.trendmicro.com
  • ddi67.retroscan.trendmicro.com
  • gp.fbs.trendmicro.com
  • ddi6-7-en.url.trendmicro.com
  • ddi6-7-en-wis.trendmicro.com
  • ddi670-en-census.trendmicro.com
  • ddi670-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.6 or earlier with Smart Protection Network Proxy: On
India
  • api-ni.xdr.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • xlogr-ue1.xdr.trendmicro.com
  • api.us.xdr.nacloud.trendmicro.com
  • api.en.ddcloud.trendmicro.com
  • grid-global.trendmicro.com
  • licenseupdate.trendmicro.com
  • rest.mars.trendmicro.com
  • ddaaas.trendmicro.com
  • ddi66-p.activeupdate.trendmicro.com/activeupdate
  • ddi65-p.activeupdate.trendmicro.com/activeupdate
  • ddi62-p.activeupdate.trendmicro.com/activeupdate
  • ddi60-p.activeupdate.trendmicro.com/activeupdate
  • ddi58-p.activeupdate.trendmicro.com/activeupdate
  • ddi57-p.activeupdate.trendmicro.com/activeupdate
  • ddi6-6-en-t0.url.trendmicro.com
  • ddi6-5-en-t0.url.trendmicro.com
  • ddi6-2-en-t0.url.trendmicro.com
  • ddi6-0-en-t0.url.trendmicro.com
  • ddi5-8-en-t0.url.trendmicro.com
  • ddi5-7-en-t0.url.trendmicro.com
  • ddi66-en-f.trx.trendmicro.com
  • ddi65-en-f.trx.trendmicro.com
  • ddi62-en-f.trx.trendmicro.com
  • ddi60-en-f.trx.trendmicro.com
  • ddi58-en-f.trx.trendmicro.com
  • ddi57-en-f.trx.trendmicro.com
  • intelliconnect.trendmicro.com
  • ddi66.retroscan.trendmicro.com
  • ddi65-retroscan.trendmicro.com
  • ddi62-retroscan.trendmicro.com
  • ddi60-retroscan.trendmicro.com
  • ddi58-retroscan.trendmicro.com
  • ddi57-retroscan.trendmicro.com
  • ddi660-en.fbs25.trendmicro.com
  • ddi650-en.fbs25.trendmicro.com
  • ddi620-en.fbs25.trendmicro.com
  • ddi600-en.fbs25.trendmicro.com
  • ddi580-en.fbs25.trendmicro.com
  • ddi570-en.fbs25.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.6 or earlier with Smart Protection Network Proxy: Off
India
  • api-ni.xdr.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • xlogr-ue1.xdr.trendmicro.com
  • api.us.xdr.nacloud.trendmicro.com
  • api.en.ddcloud.trendmicro.com
  • grid-global.trendmicro.com
  • licenseupdate.trendmicro.com
  • rest.mars.trendmicro.com
  • ddaaas.trendmicro.com
  • ddi66-p.activeupdate.trendmicro.com/activeupdate
  • ddi65-p.activeupdate.trendmicro.com/activeupdate
  • ddi62-p.activeupdate.trendmicro.com/activeupdate
  • ddi60-p.activeupdate.trendmicro.com/activeupdate
  • ddi58-p.activeupdate.trendmicro.com/activeupdate
  • ddi57-p.activeupdate.trendmicro.com/activeupdate
  • ddi660-en-domaincensus.trendmicro.com
  • ddi650-en-domaincensus.trendmicro.com
  • ddi620-en-domaincensus.trendmicro.com
  • ddi600-en-domaincensus.trendmicro.com
  • ddi580-en-domaincensus.trendmicro.com
  • ddi570-en-domaincensus.trendmicro.com
  • ddi660-en-census.trendmicro.com
  • ddi650-en-census.trendmicro.com
  • ddi620-en-census.trendmicro.com
  • ddi600-en-census.trendmicro.com
  • ddi580-en-census.trendmicro.com
  • ddi570-en-census.trendmicro.com
  • ddi6-6-en-t0.url.trendmicro.com
  • ddi6-5-en-t0.url.trendmicro.com
  • ddi6-2-en-t0.url.trendmicro.com
  • ddi6-0-en-t0.url.trendmicro.com
  • ddi5-8-en-t0.url.trendmicro.com
  • ddi5-7-en-t0.url.trendmicro.com
  • ddi66-en-f.trx.trendmicro.com
  • ddi65-en-f.trx.trendmicro.com
  • ddi62-en-f.trx.trendmicro.com
  • ddi60-en-f.trx.trendmicro.com
  • ddi58-en-f.trx.trendmicro.com
  • ddi57-en-f.trx.trendmicro.com
  • intelliconnect.trendmicro.com
  • ddi66.retroscan.trendmicro.com
  • ddi65-retroscan.trendmicro.com
  • ddi62-retroscan.trendmicro.com
  • ddi60-retroscan.trendmicro.com
  • ddi58-retroscan.trendmicro.com
  • ddi57-retroscan.trendmicro.com
  • ddi660-en.fbs25.trendmicro.com
  • ddi650-en.fbs25.trendmicro.com
  • ddi620-en.fbs25.trendmicro.com
  • ddi600-en.fbs25.trendmicro.com
  • ddi580-en.fbs25.trendmicro.com
  • ddi570-en.fbs25.trendmicro.com
  • ddi6-6-en-wis.trendmicro.com
  • ddi6-5-en-wis.trendmicro.com
  • ddi6-2-en-wis.trendmicro.com
  • ddi6-0-en-wis.trendmicro.com
  • ddi5-8-en-wis.trendmicro.com
  • ddi5-7-en-wis.trendmicro.com
  • ddi6-6-en.url.trendmicro.com
  • ddi6-5-en.url.trendmicro.com
  • ddi6-2-en.url.trendmicro.com
  • ddi6-0-en.url.trendmicro.com
  • ddi5-8-en.url.trendmicro.com
  • ddi5-7-en.url.trendmicro.com