Smart Protection Network integration is available for your computers and workloads
through Anti-Malware and Web Reputation modules. Smart Feedback, which is set at the
system level, allows you to provide continuous feedback to the Smart Protection
Network.
For more about Trend Micro's Smart Protection Network, see Smart Protection Network.
In this topic:
See also Deploy a Smart Protection Server in AWS for AWS deployment instructions,
and the Smart Protection Server documentation for instructions on manually
deploying the server.
Anti-Malware and Smart Protection
Benefits of Smart Scan
Smart Scan provides the following features and benefits:
- Provides fast, real-time security status lookup capabilities in the cloud.
- Reduces the overall time it takes to deliver protection against emerging threats.
- Reduces network bandwidth consumed during pattern updates. The bulk of pattern definition updates only needs to be delivered to the cloud, not to many endpoints.
- Reduces the cost and overhead associated with corporate-wide pattern deployments.
Enable Smart Scan
Smart Scan is available in the Anti-Malware module. It leverages Trend Micro's
Smart Protection Network to allow local pattern files to be small
and reduces the size and number of updates required by agents and Appliances.
When Smart Scan is enabled, the agent downloads a small version of the much
larger full malware pattern from a Smart Protection Server. This smaller pattern
can quickly identify files as either "confirmed safe", or
"possibly dangerous". "Possibly dangerous" files are
compared against the larger complete pattern files stored on Trend Micro Smart
Protection Servers to determine with certainty whether they pose a danger or
not.
Without Smart Scan enabled, your relay agents must download the full malware
pattern from a Smart Protection Server to be used locally on the agent. The
pattern will only be updated as scheduled security updates are processed. The
pattern is typically updated once per day for your agents to download and is
around 120 MB.
NoteVerify that the computer can reliably connect to the global Trend Micro Smart Protection
Network
URLs (see Firewall exception requirements for Trend Vision One for a list of URLs). If connectivity is blocked by a firewall, proxy, or
AWS security group or if the connection is unreliable, it will reduce
Anti-Malware performance.
|
Procedure
- Go to Policies.
- Double-click a policy.
- Go to .
- In the Smart Scan section, either:
- select Inherited (if the parent policy has Smart Scan enabled)
- deselect Inherited, and then select either On or On for Deep Security Agent, Off for Virtual Appliance.
- Click Save.
What to do next
NoteA computer that is configured to use Smart Scan will not download full
anti-malware patterns locally. Therefore if your Anti-Malware license
expires while a computer is configured to use Smart Scan, switching Smart
Scan off will not result in local patterns being used to scan for malware
since no anti-malware patterns will be present locally.
|
Smart Protection Server for File Reputation Service
Smart Protection Server for File Reputation Service is available in the
Anti-Malware module. It supplies file reputation information required by Smart
Scan.
To edit Smart Protection Server for File Reputation Service:
Procedure
- Go to Computers or .
- You can select to connect directly to Trend Micro's Smart Protection Server
or to connect to one or more locally installed Smart Protection
Servers.
- If you want to use a proxy for communication between agents and the Smart
Protection Network, we recommend that you create a proxy server specifically
for the Smart Protection Network. You can view and edit the list of
available proxies on the Proxies tab on the Supported proxy protocols. page. For information on proxy protocols, see
Note
After you select a proxy, you will need to restart any agents that will be using it. - Select the When off domain, connect to global Smart Protection
Service (Windows and macOS only) option to use the global Smart
Protection Service if the computer is off domain. The computer is considered
to be off domain if it cannot connect to its domain controller. (This option
is for Windows and macOS agents only.)
Note
If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself. - Set the Smart Protection Server Connection Warning to generate
error events and alerts when a computer loses its connection to the Smart
Protection Server.
Web Reputation and Smart Protection
Smart Protection Server for Web Reputation supplies web reputation information
required by the web reputation module.
To edit Smart Protection Server for Web Reputation Service:
Procedure
- Go to Computers or Policies
.
- You can select to connect directly to Trend Micro's Smart Protection Server
or to connect to one or more locally installed Smart Protection
Servers.
- If you want to use a proxy for communication between agents and the Smart
Protection Network, we recommend that you create a proxy server specifically
for the Smart Protection Network. You can view and edit the list of
available proxies on the Proxies tab on the Supported proxy protocols. page. For information on proxy protocols, see
Note
After you select a proxy, you will need to restart any agents that will be using it. - Select the When off domain, connect to global Smart Protection
Service (Windows and macOS only) option to use the global Smart
Protection Service if the computer is off domain. The computer is considered
to be off domain if it cannot connect to its domain controller. (This option
is for Windows and macOS agents only.)
Note
If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself. - Set the Smart Protection Server Connection Warning to generate
error events and alerts when a computer loses its connection to the Smart
Protection Server.
Smart Feedback
Trend Micro Smart Feedback provides continuous communication between Trend Micro
products and the company's 24/7 threat research centers and technologies. With
Smart Feedback, products become an active part of the Trend Micro Smart
Protection Network, where large amounts of threat data is shared and analyzed in
real time. This interconnection enables never before possible rates of analysis,
identification, and prevention of new threats-a level of responsiveness that
addresses the thousands of new threats and threat variants released daily.
Trend Micro Smart Feedback is a system setting in Server & Workload Protection. When enabled, Smart Feedback
shares protected threat information with the Smart Protection Network, allowing
Trend Micro to rapidly identify and address new threats. By default, Smart
Feedback is enabled. You can disable it or adjust its settings by going to .
NotemacOS agents support only the enabling and disabling of Smart Feedback. The
parameters associated with Smart Feedback, such as selecing an industry and
setting the frequency of sending feedback and the maximum bandwidth, are not
supported by macOS agents. Other agents do support these
parameters.
|
NoteSmart Feedback will use the agents, appliances, and relays (security
updates) proxy selected in the Proxy Server Use section on the
tab. |