Online Help Center Home
Control Manager 6.0 SP3 Features and Enhancements
- Connected Threat Defense Product Integration
- Suspicious Object Management and Handling Process
- IOC Management
- Impact Assessment
  - Retro Scan
- Endpoint Isolation and Connection Restoration
Control Manager 6.0 SP2 Features and Enhancements
Control Manager 6.0 SP1 Features and Enhancements
Control Manager 6.0 Patch 3 Features and Enhancements
Control Manager 6.0 Patch 2 Features and Enhancements
Control Manager 6.0 Features and Enhancements
Control Manager Documentation
Document Conventions
Introducing Trend Micro Control Manager
- Control Manager Standard and Advanced
- Introducing Control Manager Features
- Understanding Trend Micro Management Communication Protocol
- Control Manager Architecture
- Trend Micro Smart Protection Network
Getting Started with Control Manager
- Using the Management Console
- Understanding the Function-Locking Mechanism
- Accessing the Management Console
  - Accessing the Web Console Locally from the Control Manager Server
  - Accessing the Console Remotely
- Changing Access to the Management Console
  - Assigning HTTPS Access to the Control Manager Web Console
- Configuring Web Console Settings
- Configuring Command Time-out Settings
- Logging Off from the Management Console
Configuring User Access
- Understanding User Access
  - Root Account Information
- Understanding User Roles
  - About Adding User Roles
    - Adding a User Role
  - About Editing User Roles
    - Editing a User Role
- Understanding User Accounts
- Understanding User Groups
User/Endpoint Directory Basics
- Understanding the User/Endpoint Directory
- Understanding the Active Directory Synchronization
  - Accessing the Active Directory Tree
  - Troubleshooting Issues Related to Active Directory Integration
- Searching for Users or Endpoints
- Understanding Custom Tags and Filters
Product Directory Basics
- Understanding the Product Directory
- Grouping Managed Products Using Directory Management
- Understanding Cascading Management
Working with Managed Servers
- Understanding Managed Servers
- Adding a Server
- Editing a Server
- Deleting a Server
- Configuring Proxy Settings for Managed Products
- Configuring the Cloud Service Settings
- Stop Managing Cloud Services
Downloading and Deploying Components
- Downloading and Deploying New Components
- Manually Downloading Components
- Understanding Scheduled Download Exceptions
  - Configuring Scheduled Download Exceptions
- Configuring Scheduled Downloads
- Understanding Deployment Plans
- Configuring the Proxy Settings for Component Updates
- Configuring Update/Deployment Settings
Working with the Dashboard and Widgets
- Using the Dashboard
  - User Accounts and the Dashboard
- Understanding Tabs
- Understanding Widgets
- Configuring Smart Protection Network Settings
Using Command Tracking
- Understanding Command Tracking
  - Understanding Command Details
    - Managed Products or Services Involved
    - Details for Individual Products or Services
- Querying and Viewing Commands
Using Notifications
- Understanding Event Center
- Customizing Notification Messages
- Enabling or Disabling Notifications
- Understanding Notification Methods
  - Configuring Notification Method Settings
- Configuring Notification Recipients and Testing Notification Delivery
- Configuring Alert Settings
- Configuring Data Loss Prevention Settings
Working with Logs
- Using Logs
  - Understanding Control Manager Generated Logs
  - Understanding Managed Product Logs
- Understanding Log Aggregation
  - Configuring Log Aggregation Settings
- Querying Log Data
Working with Reports
- Understanding Reports
- Understanding Control Manager Report Templates
  - Understanding Custom Templates
  - Understanding Static Templates
- Adding Custom Templates
- Understanding One-time Reports
  - Adding One-time Reports
- Understanding Scheduled Reports
  - Adding Scheduled Reports
  - Enabling/Disabling Scheduled Reports
- Viewing Generated Reports
  - Viewing One-Time Reports
  - Viewing Scheduled Reports
- Configuring Report Maintenance
- Understanding My Reports
MCP and Control Manager Agents
- Understanding Agents
  - Understanding Communicators
  - Understanding Connection Status Icons
- Understanding Control Manager Security Levels
- Using the Agent Communication Schedule
- Understanding the Agent/Communicator Heartbeat
- Configuring Agent Communication Schedules
  - Setting an Agent Communication Schedule for a Managed Product
  - Modifying the Default Agent Communication Schedule
- Configuring the Agent Communicator or Managed Server Heartbeat
- Stopping and Restarting Control Manager Services
- Modifying the Control Manager External Communication Port
- Verifying the Communication Method Between MCP and Control Manager
  - Verifying Control Manager Uses Two-way Communication
  - Verifying Control Manager Uses Two-way Communication from the Web Console
- Understanding Control Manager Agent Remote Installation
Administering Managed Products
- Manually Deploying Components Using the Product Directory
- Viewing Status Summaries for Managed Products
  - Accessing Through the Dashboard
  - Accessing Through the Product Directory
- Configuring Managed Products
- Understanding the Directory Management Screen
Activating Control Manager and Managed Products
- Activating and Registering Managed Products
- Understanding License Management
  - Activating Managed Products
  - Renewing Managed Product Licenses
    - Renewing Managed Product Licenses from the License Management Screen
    - Renewing Managed Product Licenses from the Product Directory
- About Activating Control Manager
Managing Child Servers
- Understanding Parent-Child Communication
- Registering or Unregistering Child Servers
  - Registering a Child Server
    - Checking the Status in the Control Manager Web Console
  - Unregistering a Child Server
- Accessing the Cascading Folder
- Viewing Child Server Status Summaries
- Configuring Log Upload Settings
  - Enabling or Disabling Child Server Connection
- Issuing Tasks to Child Servers
- Viewing Child Server Reports
  - Refreshing the Product Directory
- Renaming a Child Server
- Removing Child Servers Accidentally Removed from the Cascading Manager
Policy Management
- Understanding Policy Management
- Updating the Policy Templates
- Understanding Data Loss Prevention
  - Data Identifier Types
  - Data Loss Prevention Templates
    - Predefined DLP Templates
    - Customized DLP Templates
Investigating Data Loss Prevention Incidents
- Administrator Tasks
- DLP Incident Review Process
  - Understanding the Incident Information List
  - Reviewing Incident Details
Responding to Targeted Attacks and Advanced Threats
- Virtual Analyzer Suspicious Objects
- User-Defined Suspicious Objects
  - User-Defined Suspicious Objects Tasks
- Distribution Settings
- Indicators of Compromise (IOCs)
Administering the Database
- Understanding the Control Manager Database
  - Understanding the db_ControlManager Tables
- Backing Up db_ControlManager Using osql
  - Restoring Backup db_ControlManager Using osql
- Backing Up db_ControlManager Using SQL Server Management Studio
  - Restoring Backup db_ControlManager Using SQL Server Management Studio
- Shrinking db_ControlManager_Log.LDF Using SQL Commands
- Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008/2005 SP 3/2012
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2005
Using Trend Micro Services
- Understanding Trend Micro Services
- Understanding Enterprise Protection Strategy
  - Highlighting the Value of EPS
- Understanding Outbreak Prevention Services
  - Benefits of Outbreak Prevention Services
    - Activating Outbreak Prevention Services
    - Viewing Outbreak Prevention Services Status
- Preventing Virus Outbreaks and Understanding Outbreak Prevention Mode
  - Understanding Outbreak Prevention Policies
- Using Outbreak Prevention Mode
Using Control Manager Tools
- Using Syslog Forwarder
- Using Agent Migration Tool (AgentMigrateTool.exe)
- Using the Control Manager MIB File
- Using the NVW Enforcer SNMPv2 MIB File
- Using the DBConfig Tool
Getting Support
- Before Contacting Technical Support
- Contacting Technical Support
  - Resolve Issues Faster
- TrendLabs
- Other Useful Resources
Control Manager System Checklists
- Server Address Checklist
- Ports Checklist
- Control Manager 2.x Agent Installation Checklist
- Control Manager Conventions
- Core Process and Configuration Files
- Communication and Listening Ports
- Control Manager Product Version Comparison
Data Views
- Data View: Product Information
- Data View: Security Threat Information
- Data View: Data Protection Information
  - Data Loss Prevention Information
    - DLP Incident Information
    - DLP Template Match Information
  - Data Discovery Information
    - Data Discovery Data Loss Prevention Detection Information
    - Data Discovery Endpoint Information
IPv6 Support in Control Manager
- Control Manager Server Requirements
- IPv6 Server Limitations
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Checking Policy Status
- Policy Status

At-risk Endpoints

After running impact assessment, perform mitigation tasks on at-risk endpoints.

Column Name	Information
First Observed	Date and time when an artifact's presence is detected on target endpoints
Host Name	Name of the agent endpoint that harbors the matching suspicious object Clicking a value in the Host Name column opens a screen that shows a graph of the execution flow of any suspicious activities involving or originating from that endpoint. This lets you analyze the enterprise-wide chain of events involved in a targeted attack. For details, see Detailed Mindmap.
User Name	Name of the user logged on to the endpoint
IP Address	IPv4 or IPv6 address of the endpoint
Importance	Importance assigned by a Control Manager administrator to the endpoint. For details, see Working with User or Endpoint Importance. Take immediate action on important endpoints.
Matching Object(s)	Identifier(s) or component(s) of an attack that indicate what attacks are and how they are established
Action	Options to isolate or restore the connection of an endpoint. For details, see Endpoint Isolation and Connection Restoration.