Online Help Center Home
Control Manager 6.0 SP3 Features and Enhancements
- Connected Threat Defense Product Integration
- Suspicious Object Management and Handling Process
- IOC Management
- Impact Assessment
  - Retro Scan
- Endpoint Isolation and Connection Restoration
Control Manager 6.0 SP2 Features and Enhancements
Control Manager 6.0 SP1 Features and Enhancements
Control Manager 6.0 Patch 3 Features and Enhancements
Control Manager 6.0 Patch 2 Features and Enhancements
Control Manager 6.0 Features and Enhancements
Control Manager Documentation
Document Conventions
Introducing Trend Micro Control Manager
- Control Manager Standard and Advanced
- Introducing Control Manager Features
- Understanding Trend Micro Management Communication Protocol
- Control Manager Architecture
- Trend Micro Smart Protection Network
Getting Started with Control Manager
- Using the Management Console
- Understanding the Function-Locking Mechanism
- Accessing the Management Console
  - Accessing the Web Console Locally from the Control Manager Server
  - Accessing the Console Remotely
- Changing Access to the Management Console
  - Assigning HTTPS Access to the Control Manager Web Console
- Configuring Web Console Settings
- Configuring Command Time-out Settings
- Logging Off from the Management Console
Configuring User Access
- Understanding User Access
  - Root Account Information
- Understanding User Roles
  - About Adding User Roles
    - Adding a User Role
  - About Editing User Roles
    - Editing a User Role
- Understanding User Accounts
- Understanding User Groups
User/Endpoint Directory Basics
- Understanding the User/Endpoint Directory
- Understanding the Active Directory Synchronization
  - Accessing the Active Directory Tree
  - Troubleshooting Issues Related to Active Directory Integration
- Searching for Users or Endpoints
- Understanding Custom Tags and Filters
Product Directory Basics
- Understanding the Product Directory
- Grouping Managed Products Using Directory Management
- Understanding Cascading Management
Working with Managed Servers
- Understanding Managed Servers
- Adding a Server
- Editing a Server
- Deleting a Server
- Configuring Proxy Settings for Managed Products
- Configuring the Cloud Service Settings
- Stop Managing Cloud Services
Downloading and Deploying Components
- Downloading and Deploying New Components
- Manually Downloading Components
- Understanding Scheduled Download Exceptions
  - Configuring Scheduled Download Exceptions
- Configuring Scheduled Downloads
- Understanding Deployment Plans
- Configuring the Proxy Settings for Component Updates
- Configuring Update/Deployment Settings
Working with the Dashboard and Widgets
- Using the Dashboard
  - User Accounts and the Dashboard
- Understanding Tabs
- Understanding Widgets
- Configuring Smart Protection Network Settings
Using Command Tracking
- Understanding Command Tracking
  - Understanding Command Details
    - Managed Products or Services Involved
    - Details for Individual Products or Services
- Querying and Viewing Commands
Using Notifications
- Understanding Event Center
- Customizing Notification Messages
- Enabling or Disabling Notifications
- Understanding Notification Methods
  - Configuring Notification Method Settings
- Configuring Notification Recipients and Testing Notification Delivery
- Configuring Alert Settings
- Configuring Data Loss Prevention Settings
Working with Logs
- Using Logs
  - Understanding Control Manager Generated Logs
  - Understanding Managed Product Logs
- Understanding Log Aggregation
  - Configuring Log Aggregation Settings
- Querying Log Data
Working with Reports
- Understanding Reports
- Understanding Control Manager Report Templates
  - Understanding Custom Templates
  - Understanding Static Templates
- Adding Custom Templates
- Understanding One-time Reports
  - Adding One-time Reports
- Understanding Scheduled Reports
  - Adding Scheduled Reports
  - Enabling/Disabling Scheduled Reports
- Viewing Generated Reports
  - Viewing One-Time Reports
  - Viewing Scheduled Reports
- Configuring Report Maintenance
- Understanding My Reports
MCP and Control Manager Agents
- Understanding Agents
  - Understanding Communicators
  - Understanding Connection Status Icons
- Understanding Control Manager Security Levels
- Using the Agent Communication Schedule
- Understanding the Agent/Communicator Heartbeat
- Configuring Agent Communication Schedules
  - Setting an Agent Communication Schedule for a Managed Product
  - Modifying the Default Agent Communication Schedule
- Configuring the Agent Communicator or Managed Server Heartbeat
- Stopping and Restarting Control Manager Services
- Modifying the Control Manager External Communication Port
- Verifying the Communication Method Between MCP and Control Manager
  - Verifying Control Manager Uses Two-way Communication
  - Verifying Control Manager Uses Two-way Communication from the Web Console
- Understanding Control Manager Agent Remote Installation
Administering Managed Products
- Manually Deploying Components Using the Product Directory
- Viewing Status Summaries for Managed Products
  - Accessing Through the Dashboard
  - Accessing Through the Product Directory
- Configuring Managed Products
- Understanding the Directory Management Screen
Activating Control Manager and Managed Products
- Activating and Registering Managed Products
- Understanding License Management
  - Activating Managed Products
  - Renewing Managed Product Licenses
    - Renewing Managed Product Licenses from the License Management Screen
    - Renewing Managed Product Licenses from the Product Directory
- About Activating Control Manager
Managing Child Servers
- Understanding Parent-Child Communication
- Registering or Unregistering Child Servers
  - Registering a Child Server
    - Checking the Status in the Control Manager Web Console
  - Unregistering a Child Server
- Accessing the Cascading Folder
- Viewing Child Server Status Summaries
- Configuring Log Upload Settings
  - Enabling or Disabling Child Server Connection
- Issuing Tasks to Child Servers
- Viewing Child Server Reports
  - Refreshing the Product Directory
- Renaming a Child Server
- Removing Child Servers Accidentally Removed from the Cascading Manager
Policy Management
- Understanding Policy Management
- Updating the Policy Templates
- Understanding Data Loss Prevention
  - Data Identifier Types
  - Data Loss Prevention Templates
    - Predefined DLP Templates
    - Customized DLP Templates
Investigating Data Loss Prevention Incidents
- Administrator Tasks
- DLP Incident Review Process
  - Understanding the Incident Information List
  - Reviewing Incident Details
Responding to Targeted Attacks and Advanced Threats
- Virtual Analyzer Suspicious Objects
- User-Defined Suspicious Objects
  - User-Defined Suspicious Objects Tasks
- Distribution Settings
- Indicators of Compromise (IOCs)
Administering the Database
- Understanding the Control Manager Database
  - Understanding the db_ControlManager Tables
- Backing Up db_ControlManager Using osql
  - Restoring Backup db_ControlManager Using osql
- Backing Up db_ControlManager Using SQL Server Management Studio
  - Restoring Backup db_ControlManager Using SQL Server Management Studio
- Shrinking db_ControlManager_Log.LDF Using SQL Commands
- Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008/2005 SP 3/2012
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2005
Using Trend Micro Services
- Understanding Trend Micro Services
- Understanding Enterprise Protection Strategy
  - Highlighting the Value of EPS
- Understanding Outbreak Prevention Services
  - Benefits of Outbreak Prevention Services
    - Activating Outbreak Prevention Services
    - Viewing Outbreak Prevention Services Status
- Preventing Virus Outbreaks and Understanding Outbreak Prevention Mode
  - Understanding Outbreak Prevention Policies
- Using Outbreak Prevention Mode
Using Control Manager Tools
- Using Syslog Forwarder
- Using Agent Migration Tool (AgentMigrateTool.exe)
- Using the Control Manager MIB File
- Using the NVW Enforcer SNMPv2 MIB File
- Using the DBConfig Tool
Getting Support
- Before Contacting Technical Support
- Contacting Technical Support
  - Resolve Issues Faster
- TrendLabs
- Other Useful Resources
Control Manager System Checklists
- Server Address Checklist
- Ports Checklist
- Control Manager 2.x Agent Installation Checklist
- Control Manager Conventions
- Core Process and Configuration Files
- Communication and Listening Ports
- Control Manager Product Version Comparison
Data Views
- Data View: Product Information
- Data View: Security Threat Information
- Data View: Data Protection Information
  - Data Loss Prevention Information
    - DLP Incident Information
    - DLP Template Match Information
  - Data Discovery Information
    - Data Discovery Data Loss Prevention Detection Information
    - Data Discovery Endpoint Information
IPv6 Support in Control Manager
- Control Manager Server Requirements
- IPv6 Server Limitations
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Checking Policy Status
- Policy Status

Advanced Threat Activity

Table 1. Advanced Threat Activity
Event	Description
C&C callback alert	Applicable to antivirus and threat discovery managed products
C&C callback outbreak alert	Applicable to antivirus and threat discovery managed products
High risk Virtual Analyzer detections	Suspicious objects with high severity detections, as reported by Virtual Analyzer
High risk host detections	Hosts with high severity detections
SHA-1 Deny List detections	Detections that match SHA-1 values in the Deny List
Known targeted attack behavior	Detections that match known targeted attack behavior
Potential document exploit detections	Detections that match embedded exploit code
Rootkit or hacking tool detections	Detections that match known rootkit characteristics
Worm or file infector propagation detections	Detections that match known worm or file infector characteristics
Correlated incidents	Detections that match the Deep Discovery Inspector correlation rule
Email Messages with Advanced Threats	Email messages with malicious and suspicious behavior, as detected by Deep Discovery Email Inspector Suspicious behavior includes anomalous behavior, false or misleading data, suspicious and malicious behavioral patterns, and strings that indicate system compromise but require further investigation to confirm.
Advanced threats sent to recipients in watchlist	Watchlist configured by Deep Discovery Email Inspector administrators that triggers an alert when suspicious or malicious email message are detected