Control Manager 6.0 Service Pack 3
> Downloading and Deploying Components
Online Help Center Home
Control Manager 6.0 SP3 Features and Enhancements
Connected Threat Defense Product Integration
Suspicious Object Management and Handling Process
IOC Management
Impact Assessment
Retro Scan
Endpoint Isolation and Connection Restoration
Control Manager 6.0 SP2 Features and Enhancements
Control Manager 6.0 SP1 Features and Enhancements
Control Manager 6.0 Patch 3 Features and Enhancements
Control Manager 6.0 Patch 2 Features and Enhancements
Control Manager 6.0 Features and Enhancements
Control Manager Documentation
Document Conventions
Introducing Trend Micro Control Manager
Control Manager Standard and Advanced
Introducing Control Manager Features
Understanding Trend Micro Management Communication Protocol
Reduced Network Loading and Package Size
NAT and Firewall Traversal Support
HTTPS Support
One-Way Communication
Two-Way Communication
Single Sign-on (SSO) Support
Control Manager Architecture
Trend Micro Smart Protection Network
Email Reputation
File Reputation Services
Web Reputation Services
Smart Feedback
Getting Started with Control Manager
Using the Management Console
Main Menu
Drop-Down Menu
Working Area
Help Menu
Understanding the Function-Locking Mechanism
Accessing the Management Console
Accessing the Web Console Locally from the Control Manager Server
Accessing the Console Remotely
Changing Access to the Management Console
Assigning HTTPS Access to the Control Manager Web Console
Configuring Web Console Settings
Configuring Command Time-out Settings
Logging Off from the Management Console
Configuring User Access
Understanding User Access
Root Account Information
Understanding User Roles
About Adding User Roles
Adding a User Role
About Editing User Roles
Editing a User Role
Understanding User Accounts
Setting Access Rights
About Adding/Importing User Accounts
Adding/Importing a User Account
About Editing User Accounts
Editing a User Account
Disabling a User Account
Deleting a User Account
Understanding My Account
Understanding User Groups
Adding a User Group
Editing a User Group
Deleting a User Group
User/Endpoint Directory Basics
Understanding the User/Endpoint Directory
Accessing the User Tree
Displaying User Details
Security Threats (User)
Affected Users
General Information for Security Threats
Policy Status
Contact Information
Synchronizing Contact Information with Active Directory
Accessing the Endpoint Tree
Displaying Endpoint Details
Security Threats (Endpoint)
Affected Users
General Information for Security Threats
Policy Status
Notes for Endpoints
General Information for Endpoints
Understanding the Active Directory Synchronization
Accessing the Active Directory Tree
Troubleshooting Issues Related to Active Directory Integration
Searching for Users or Endpoints
Advanced Search Categories
Using the Basic Search
Using the Advanced Search
Understanding Custom Tags and Filters
General Recommendations
Working with Custom Tags
Creating a Custom Tag
Deleting a Custom Tag
Applying a Custom Tag to Selected Users/Endpoints
Disassociating a Custom Tag from Selected Users/Endpoints
Working with Filters
Default Endpoint Filters
Creating a Custom Filter
Deleting a Custom Filter
Working with User or Endpoint Importance
Product Directory Basics
Understanding the Product Directory
Grouping Managed Products Using Directory Management
Product Directory Structure Recommendations
Default Folders for the Product Directory
Accessing the Product Directory
Understanding Cascading Management
Working with Managed Servers
Understanding Managed Servers
Adding a Server
Editing a Server
Deleting a Server
Configuring Proxy Settings for Managed Products
Configuring the Cloud Service Settings
Stop Managing Cloud Services
Downloading and Deploying Components
Downloading and Deploying New Components
Manually Downloading Components
Step 1: Configure a Deployment Plan for Your Components
Step 2: Configure Your Proxy Settings (If You Use a Proxy Server)
Step 3: Select the Components to Update
Step 4: Configure the Download Settings
Step 5: Configure the Automatic Deployment Settings
Step 6: Complete the Manual Download
Understanding Scheduled Download Exceptions
Configuring Scheduled Download Exceptions
Configuring Scheduled Downloads
Step 1: Configure a Deployment Plan for Your Components
Step 2: Configure Your Proxy Settings (If You Use a Proxy Server)
Step 3: Select the Components to Update
Step 4: Configure the Download Schedule
Step 5: Configure the Download Settings
Step 6: Configure the Automatic Deployment Settings
Step 7: Enable the Schedule and Save Settings
Configuring Scheduled Download Schedule and Frequency
Configuring Scheduled Download Settings
Configuring Scheduled Download Automatic Deployment Settings
Understanding Deployment Plans
Creating Deployment Plans
Modifying a Deployment Plan
Duplicating a Deployment Plan
Removing a Deployment Plan
Configuring the Proxy Settings for Component Updates
Configuring Update/Deployment Settings
Enabling HTTPS Download
Enabling UNC Download
Setting "Log on as batch job" Policy
Working with the Dashboard and Widgets
Using the Dashboard
User Accounts and the Dashboard
Understanding Tabs
Default Tabs
Summary Tab
Working with a Legacy Summary Tab
DLP Incident Investigation Tab
Data Loss Prevention Tab
Compliance Tab
Threat Detection Tab
Smart Protection Network Tab
Adding Tabs
Configuring Tab Settings
Understanding Widgets
Widget Requirements
Configuring Active Directory and Endpoint Protection Verification Widget Settings
Endpoint Encryption Connection Settings
Using Widgets
Detailed Widget Information
Widget Categories and Help Information
Configuring Widgets
Editing Widgets
Adding Widgets
Configuring Smart Protection Network Settings
Using Command Tracking
Understanding Command Tracking
Understanding Command Details
Managed Products or Services Involved
Details for Individual Products or Services
Querying and Viewing Commands
Using Notifications
Understanding Event Center
Alert Events
Advanced Threat Activity
Update Alert Events
Unusual Alert Events
Security Violation Events
Data Loss Prevention Events
Customizing Notification Messages
Enabling or Disabling Notifications
Understanding Notification Methods
Configuring Notification Method Settings
Setting Email Notifications
Setting Pager Notifications
Setting SNMP Notifications
Setting Syslog Notifications
Triggering a Specified Application
Setting MSN Messenger Notifications
Configuring Notification Recipients and Testing Notification Delivery
Configuring Alert Settings
Configuring Virus Outbreak Alert Settings
Configuring Special Virus Alert Settings
Configuring Special Spyware/Grayware Alert Settings
Configuring Network Virus Alert Settings
Configuring Potential Vulnerability Attack Detected Settings
Configuring C&C Callback Alert Settings
Configuring C&C Callback Outbreak Alert Settings
Configuring Advanced Threat Activity Alert Settings
Configuring Data Loss Prevention Settings
Configuring Significant Incident Increase Settings
Configuring Scheduled Incident Summary Settings
Configuring Incident Details Updated Settings
Working with Logs
Using Logs
Understanding Control Manager Generated Logs
Understanding Managed Product Logs
Understanding Log Aggregation
Configuring Log Aggregation Settings
Querying Log Data
Understanding Data Views
Product Information
Security Threat Information
Data Protection Information
Data View Terminology
Understanding Ad Hoc Queries
Performing an Ad Hoc Query
Step 1: Specify the Origin of the Information
Step 2: Specify a Data View for the Query
Step 3: Specify the Display Sequence
Step 4: Specify the Filtering Criteria
Step 5: Save and Complete the Query
Step 6: Export the Query Results to CSV or XML
Working with Saved and Shared Ad Hoc Queries
Editing Saved Ad Hoc Queries
Step 1: Specify the Origin of the Information
Step 2: Specify a Data View for the Query
Step 3: Specify the Display Sequence
Step 4: Specify the Filtering Criteria
Step 5: Save and Complete the Query
Step 6: Export the Query Results to CSV or XML
Sharing Saved Ad Hoc Queries
Working With Shared Ad Hoc Queries
Deleting Logs
Configuring Automatic Log Deletion Settings
Working with Reports
Understanding Reports
Understanding Control Manager Report Templates
Understanding Custom Templates
Understanding Static Templates
Adding Custom Templates
Step 1: Access the Add Report Template Screen and Name the Template
Step 2: Specify the Template Component to Add to the Report Template
Step 3: Specify the Data View for the Template
Step 4: Specify the Query Criteria for the Template
Step 5: Specify the Data to Appear in the Report and the Order in Which the Data Appears
Configuring Bar Chart Settings
Configuring Pie Chart Settings
Configuring Dynamic Table Settings
Configuring Line Chart Settings
Configuring Grid Table Settings
Step 6: Complete Report Template Creation
Understanding One-time Reports
Adding One-time Reports
Step 1: Access the Add One-time Report Screen and Select the Report Type
Step 2: Specify the Product/Products From Which the Report Data Generates
Step 3: Specify the Date That the Product/Products Produced the Data
Step 4: Specify the Recipient of the Report:
Understanding Scheduled Reports
Adding Scheduled Reports
Step 1: Access the Add Scheduled Report Screen and Select the Report Type
Step 2: Specify the Product/Products from Which the Report Data Generates
Step 3: Specify the Date that the Product/Products Produced the Data
Step 4: Specify the Recipient of the Report
Enabling/Disabling Scheduled Reports
Viewing Generated Reports
Viewing One-Time Reports
Viewing Scheduled Reports
Configuring Report Maintenance
Understanding My Reports
MCP and Control Manager Agents
Understanding Agents
Understanding Communicators
Understanding Connection Status Icons
Understanding Control Manager Security Levels
Using the Agent Communication Schedule
Understanding the Agent/Communicator Heartbeat
MCP Heartbeat
Using the Schedule Bar
Determining the Right Heartbeat Setting
Configuring Agent Communication Schedules
Setting an Agent Communication Schedule for a Managed Product
Modifying the Default Agent Communication Schedule
Configuring the Agent Communicator or Managed Server Heartbeat
Stopping and Restarting Control Manager Services
Modifying the Control Manager External Communication Port
Changing the External Communication Port on the Control Manager Server
Modifying the Security Level for TMI Agents
Modifying the Communicator Heartbeat Protocol
Verifying the Communication Method Between MCP and Control Manager
Verifying Control Manager Uses Two-way Communication
Verifying Control Manager Uses Two-way Communication from the Web Console
Understanding Control Manager Agent Remote Installation
Administering Managed Products
Manually Deploying Components Using the Product Directory
Viewing Status Summaries for Managed Products
Accessing Through the Dashboard
Accessing Through the Product Directory
Configuring Managed Products
Issuing Tasks to Managed Products
Querying and Viewing Managed Product Logs
About Recovering Managed Products Removed From the Product Directory
Recovering Managed Products Removed From the Product Directory
Changing Control Manager 2.x Agent Connection Re-Verification Frequency
Searching for Managed Products, Product Directory Folders, or Computers
Searching for a Folder or Managed Product
Performing an Advanced Search
Refreshing the Product Directory
Understanding the Directory Management Screen
Using the Directory Management Screen Options
Using the Directory Management Screen
Accessing the Directory Management Screen
Creating Folders
Renaming Folders or Managed Products
Moving Folders or Managed Products
Deleting User-Defined Folders
Activating Control Manager and Managed Products
Activating and Registering Managed Products
Understanding License Management
Activating Managed Products
Renewing Managed Product Licenses
Renewing Managed Product Licenses from the License Management Screen
Renewing Managed Product Licenses from the Product Directory
About Activating Control Manager
Understanding License Information
Activating Control Manager
Renewing Maintenance for Control Manager or Managed Service
Renewing Maintenance Using Check Status Online
Renewing Maintenance by Manually Entering an Updated Activation Code
Managing Child Servers
Understanding Parent-Child Communication
Registering or Unregistering Child Servers
Registering a Child Server
Checking the Status in the Control Manager Web Console
Unregistering a Child Server
Accessing the Cascading Folder
Viewing Child Server Status Summaries
Configuring Log Upload Settings
Enabling or Disabling Child Server Connection
Issuing Tasks to Child Servers
Viewing Child Server Reports
Refreshing the Product Directory
Renaming a Child Server
Removing Child Servers Accidentally Removed from the Cascading Manager
Policy Management
Understanding Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Working with Legacy Policy Settings and Permissions
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Understanding the Policy List
Reordering the Policy List
Updating the Policy Templates
Understanding Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for Customized Expression
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How Keyword Lists Work
Customized Keyword Lists
Customized Keyword List Criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Customized DLP Templates
Condition Statements and Logical Operators
Creating a Template
Importing Templates
Investigating Data Loss Prevention Incidents
Administrator Tasks
Setting Up Manager Information in Active Directory Users
Understanding DLP User Roles
Creating DLP Auditing Logs
DLP Incident Review Process
Understanding the Incident Information List
Reviewing Incident Details
Responding to Targeted Attacks and Advanced Threats
Virtual Analyzer Suspicious Objects
Suspicious Objects Tasks
Handling Process
Exceptions
Exceptions Tasks
User-Defined Suspicious Objects
User-Defined Suspicious Objects Tasks
Distribution Settings
Indicators of Compromise (IOCs)
Indicators of Compromise (IOCs) Tasks
At-risk Endpoints
At-risk Endpoints Tasks
Detailed Mindmap
Pending Agents and Agents with Issues
Administering the Database
Understanding the Control Manager Database
Understanding the db_ControlManager Tables
Backing Up db_ControlManager Using osql
Restoring Backup db_ControlManager Using osql
Backing Up db_ControlManager Using SQL Server Management Studio
Restoring Backup db_ControlManager Using SQL Server Management Studio
Shrinking db_ControlManager_Log.LDF Using SQL Commands
Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008/2005 SP 3/2012
Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2005
Using Trend Micro Services
Understanding Trend Micro Services
Understanding Enterprise Protection Strategy
Highlighting the Value of EPS
Understanding Outbreak Prevention Services
Benefits of Outbreak Prevention Services
Activating Outbreak Prevention Services
Viewing Outbreak Prevention Services Status
Preventing Virus Outbreaks and Understanding Outbreak Prevention Mode
Understanding Outbreak Prevention Policies
Accessing the Outbreak Prevention Services Settings Screen
Updating Outbreak Prevention Policies
Updating Outbreak Prevention Policies Manually
Configuring Automatic Updates for Outbreak Prevention Policies
Starting Outbreak Prevention Mode
Editing an Outbreak Prevention Policy
Setting Automatic Outbreak Prevention Mode
Configuring Outbreak Prevention Mode Download Settings
Stopping Outbreak Prevention Mode
Viewing Outbreak Prevention Mode History
Using Outbreak Prevention Mode
Step 1: Identifying the Source of the Outbreak
Step 2: Evaluating Existing Policies
Virus Covered by Existing Policies
Virus Not Covered by Existing Policies
Step 3: Starting Outbreak Prevention Mode
Considerations for Starting Outbreak Prevention
Evaluating or Modifying Any of the Product Settings
Step 4: Follow-Up Procedures
Using Control Manager Tools
Using Syslog Forwarder
Debug Logging for Syslog Forwarder
Retrieving Logs with a Particular Engine Update Status
Retrieving Logs with a Particular Pattern Update Status
Using Agent Migration Tool (AgentMigrateTool.exe)
Using the Control Manager MIB File
Using the NVW Enforcer SNMPv2 MIB File
Using the DBConfig Tool
Getting Support
Before Contacting Technical Support
Contacting Technical Support
Resolve Issues Faster
TrendLabs
Other Useful Resources
Control Manager System Checklists
Server Address Checklist
Ports Checklist
Control Manager 2.x Agent Installation Checklist
Control Manager Conventions
Core Process and Configuration Files
Communication and Listening Ports
Control Manager Product Version Comparison
Data Views
Data View: Product Information
License Information
Product License Status
Product License Information Summary
Detailed Product License Information
Managed Product Information
Product Distribution Summary
Product Status Information
Product Event Information
Product Auditing Event Log
Component Information
Engine Status
Pattern/Rule Status
Product Component Deployment
Scan Engine Status Summary
Pattern/Rule Status Summary
Endpoint Pattern/Engine Status Summary
Control Manager Information
User Access Information
Control Manager Event Information
Command Tracking Information
Detailed Command Tracking Information
Data View: Security Threat Information
Virus/Malware Information
Overall Virus/Malware Summary
Virus/Malware Source Summary
Virus/Malware Endpoint Summary
Virus/Malware Action/Result Summary
Virus/Malware Detection Over Time Summary
Detailed Virus/Malware Information
Endpoint Virus/Malware Information
Web Virus/Malware Information
Email Virus/Malware Information
Network Virus/Malware Information
Spyware/Grayware Information
Overall Spyware/Grayware Summary
Spyware/Grayware Source Summary
Endpoint Spyware/Grayware Summary
Spyware/Grayware Detection Over Time Summary
Spyware/Grayware Action/Result Summary
Detailed Spyware/Grayware Information
Endpoint Spyware/Grayware
Web Spyware/Grayware
Email Spyware/Grayware
Network Spyware/Grayware
Content Violation Information
Content Violation Policy Summary
Content Violation Sender Summary
Content Violation Detection Over Time Summary
Content Violation Action/Result Summary
Detailed Content Violation Information
Email Messages with Advanced Threats
Spam Violation Information
Overall Spam Violation Summary
Spam Recipient Summary
Spam Detection Over Time Summary
Detailed Spam Information
Spam Connection Information
Policy/Rule Violation Information
Detailed Firewall Violation Information
Network Content Inspection Information
Detailed Endpoint Security Violation Information
Detailed Endpoint Security Compliance Information
Detailed Application Activity
Detailed Behavior Monitoring Information
Device Access Control Information
Detailed Endpoint Application Control Violation Information
Detailed Intrusion Prevention Information
Integrity Monitoring Information
Web Violation/Reputation Information
Overall Web Violation Summary
Web Violation Endpoint Summary
Web Violation URL Summary
Web Violation Filter/Blocking Type Summary
Web Violation Detection Over Time Summary
Web Violation Detection Summary
Detailed Web Violation Information
Detailed Web Reputation Information
Deep Discovery Information
Overall Suspicious Threat Summary
Suspicious Source Summary
Suspicious Riskiest Endpoints Summary
Suspicious Riskiest Recipient Summary
Suspicious Sender Summary
Suspicious Threat Protocol Detection Summary
Suspicious Threat Detection Over Time Summary
Detailed Suspicious Threat Information
Detailed Mitigation Information
Detailed Correlation Information
Advanced Threat Information
Detailed C&C Callback Information
Detailed Suspicious File Information
Overall Threat Information
Network Security Threat Analysis Information
Network Protection Boundary Information
Security Threat Entry Analysis Information
Security Threat Source Analysis Information
Security Threat Endpoint Analysis Information
Data View: Data Protection Information
Data Loss Prevention Information
DLP Incident Information
DLP Template Match Information
Data Discovery Information
Data Discovery Data Loss Prevention Detection Information
Data Discovery Endpoint Information
IPv6 Support in Control Manager
Control Manager Server Requirements
IPv6 Server Limitations
Configuring IPv6 Addresses
Screens That Display IP Addresses
Checking Policy Status
Policy Status
Downloading and Deploying Components
The Product Directory displays all managed products registered to a
Control Manager
server.
Downloading and Deploying New Components
Manually Downloading Components
Understanding Scheduled Download Exceptions
Configuring Scheduled Downloads
Understanding Deployment Plans
Configuring the Proxy Settings for Component Updates
Configuring Update/Deployment Settings
