Online Help Center Home
Control Manager 6.0 SP3 Features and Enhancements
- Connected Threat Defense Product Integration
- Suspicious Object Management and Handling Process
- IOC Management
- Impact Assessment
  - Retro Scan
- Endpoint Isolation and Connection Restoration
Control Manager 6.0 SP2 Features and Enhancements
Control Manager 6.0 SP1 Features and Enhancements
Control Manager 6.0 Patch 3 Features and Enhancements
Control Manager 6.0 Patch 2 Features and Enhancements
Control Manager 6.0 Features and Enhancements
Control Manager Documentation
Document Conventions
Introducing Trend Micro Control Manager
- Control Manager Standard and Advanced
- Introducing Control Manager Features
- Understanding Trend Micro Management Communication Protocol
- Control Manager Architecture
- Trend Micro Smart Protection Network
Getting Started with Control Manager
- Using the Management Console
- Understanding the Function-Locking Mechanism
- Accessing the Management Console
  - Accessing the Web Console Locally from the Control Manager Server
  - Accessing the Console Remotely
- Changing Access to the Management Console
  - Assigning HTTPS Access to the Control Manager Web Console
- Configuring Web Console Settings
- Configuring Command Time-out Settings
- Logging Off from the Management Console
Configuring User Access
- Understanding User Access
  - Root Account Information
- Understanding User Roles
  - About Adding User Roles
    - Adding a User Role
  - About Editing User Roles
    - Editing a User Role
- Understanding User Accounts
- Understanding User Groups
User/Endpoint Directory Basics
- Understanding the User/Endpoint Directory
- Understanding the Active Directory Synchronization
  - Accessing the Active Directory Tree
  - Troubleshooting Issues Related to Active Directory Integration
- Searching for Users or Endpoints
- Understanding Custom Tags and Filters
Product Directory Basics
- Understanding the Product Directory
- Grouping Managed Products Using Directory Management
- Understanding Cascading Management
Working with Managed Servers
- Understanding Managed Servers
- Adding a Server
- Editing a Server
- Deleting a Server
- Configuring Proxy Settings for Managed Products
- Configuring the Cloud Service Settings
- Stop Managing Cloud Services
Downloading and Deploying Components
- Downloading and Deploying New Components
- Manually Downloading Components
- Understanding Scheduled Download Exceptions
  - Configuring Scheduled Download Exceptions
- Configuring Scheduled Downloads
- Understanding Deployment Plans
- Configuring the Proxy Settings for Component Updates
- Configuring Update/Deployment Settings
Working with the Dashboard and Widgets
- Using the Dashboard
  - User Accounts and the Dashboard
- Understanding Tabs
- Understanding Widgets
- Configuring Smart Protection Network Settings
Using Command Tracking
- Understanding Command Tracking
  - Understanding Command Details
    - Managed Products or Services Involved
    - Details for Individual Products or Services
- Querying and Viewing Commands
Using Notifications
- Understanding Event Center
- Customizing Notification Messages
- Enabling or Disabling Notifications
- Understanding Notification Methods
  - Configuring Notification Method Settings
- Configuring Notification Recipients and Testing Notification Delivery
- Configuring Alert Settings
- Configuring Data Loss Prevention Settings
Working with Logs
- Using Logs
  - Understanding Control Manager Generated Logs
  - Understanding Managed Product Logs
- Understanding Log Aggregation
  - Configuring Log Aggregation Settings
- Querying Log Data
Working with Reports
- Understanding Reports
- Understanding Control Manager Report Templates
  - Understanding Custom Templates
  - Understanding Static Templates
- Adding Custom Templates
- Understanding One-time Reports
  - Adding One-time Reports
- Understanding Scheduled Reports
  - Adding Scheduled Reports
  - Enabling/Disabling Scheduled Reports
- Viewing Generated Reports
  - Viewing One-Time Reports
  - Viewing Scheduled Reports
- Configuring Report Maintenance
- Understanding My Reports
MCP and Control Manager Agents
- Understanding Agents
  - Understanding Communicators
  - Understanding Connection Status Icons
- Understanding Control Manager Security Levels
- Using the Agent Communication Schedule
- Understanding the Agent/Communicator Heartbeat
- Configuring Agent Communication Schedules
  - Setting an Agent Communication Schedule for a Managed Product
  - Modifying the Default Agent Communication Schedule
- Configuring the Agent Communicator or Managed Server Heartbeat
- Stopping and Restarting Control Manager Services
- Modifying the Control Manager External Communication Port
- Verifying the Communication Method Between MCP and Control Manager
  - Verifying Control Manager Uses Two-way Communication
  - Verifying Control Manager Uses Two-way Communication from the Web Console
- Understanding Control Manager Agent Remote Installation
Administering Managed Products
- Manually Deploying Components Using the Product Directory
- Viewing Status Summaries for Managed Products
  - Accessing Through the Dashboard
  - Accessing Through the Product Directory
- Configuring Managed Products
- Understanding the Directory Management Screen
Activating Control Manager and Managed Products
- Activating and Registering Managed Products
- Understanding License Management
  - Activating Managed Products
  - Renewing Managed Product Licenses
    - Renewing Managed Product Licenses from the License Management Screen
    - Renewing Managed Product Licenses from the Product Directory
- About Activating Control Manager
Managing Child Servers
- Understanding Parent-Child Communication
- Registering or Unregistering Child Servers
  - Registering a Child Server
    - Checking the Status in the Control Manager Web Console
  - Unregistering a Child Server
- Accessing the Cascading Folder
- Viewing Child Server Status Summaries
- Configuring Log Upload Settings
  - Enabling or Disabling Child Server Connection
- Issuing Tasks to Child Servers
- Viewing Child Server Reports
  - Refreshing the Product Directory
- Renaming a Child Server
- Removing Child Servers Accidentally Removed from the Cascading Manager
Policy Management
- Understanding Policy Management
- Updating the Policy Templates
- Understanding Data Loss Prevention
  - Data Identifier Types
  - Data Loss Prevention Templates
    - Predefined DLP Templates
    - Customized DLP Templates
Investigating Data Loss Prevention Incidents
- Administrator Tasks
- DLP Incident Review Process
  - Understanding the Incident Information List
  - Reviewing Incident Details
Responding to Targeted Attacks and Advanced Threats
- Virtual Analyzer Suspicious Objects
- User-Defined Suspicious Objects
  - User-Defined Suspicious Objects Tasks
- Distribution Settings
- Indicators of Compromise (IOCs)
Administering the Database
- Understanding the Control Manager Database
  - Understanding the db_ControlManager Tables
- Backing Up db_ControlManager Using osql
  - Restoring Backup db_ControlManager Using osql
- Backing Up db_ControlManager Using SQL Server Management Studio
  - Restoring Backup db_ControlManager Using SQL Server Management Studio
- Shrinking db_ControlManager_Log.LDF Using SQL Commands
- Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008/2005 SP 3/2012
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2005
Using Trend Micro Services
- Understanding Trend Micro Services
- Understanding Enterprise Protection Strategy
  - Highlighting the Value of EPS
- Understanding Outbreak Prevention Services
  - Benefits of Outbreak Prevention Services
    - Activating Outbreak Prevention Services
    - Viewing Outbreak Prevention Services Status
- Preventing Virus Outbreaks and Understanding Outbreak Prevention Mode
  - Understanding Outbreak Prevention Policies
- Using Outbreak Prevention Mode
Using Control Manager Tools
- Using Syslog Forwarder
- Using Agent Migration Tool (AgentMigrateTool.exe)
- Using the Control Manager MIB File
- Using the NVW Enforcer SNMPv2 MIB File
- Using the DBConfig Tool
Getting Support
- Before Contacting Technical Support
- Contacting Technical Support
  - Resolve Issues Faster
- TrendLabs
- Other Useful Resources
Control Manager System Checklists
- Server Address Checklist
- Ports Checklist
- Control Manager 2.x Agent Installation Checklist
- Control Manager Conventions
- Core Process and Configuration Files
- Communication and Listening Ports
- Control Manager Product Version Comparison
Data Views
- Data View: Product Information
- Data View: Security Threat Information
- Data View: Data Protection Information
  - Data Loss Prevention Information
    - DLP Incident Information
    - DLP Template Match Information
  - Data Discovery Information
    - Data Discovery Data Loss Prevention Detection Information
    - Data Discovery Endpoint Information
IPv6 Support in Control Manager
- Control Manager Server Requirements
- IPv6 Server Limitations
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Checking Policy Status
- Policy Status

Handling Process

The Handling Process screen breaks down the suspicious object handling process into phases.

Note:

A detailed explanation of the handling process is discussed in Suspicious Object Management and Handling Process.

Table 1. Suspicious Object Handling Process
Phase	Focus
Sample Submission	First and last submission of a sample that triggered the detection of the suspicious object
Analysis	The analyzing product, a link to an analysis report, and a list of notable characteristics exhibited by the suspicious object
Distribution	A list of Trend Micro products to which Control Manager sends suspicious objects
Impact Assessment	List of at-risk endpoints (endpoints affected by suspicious objects) and suspicious activities on these endpoints Managed products took a "passive" action (such as Log or Pass) against these suspicious objects. If products took an "active" action, the endpoints will be listed under the Mitigation tab. Click a link under Suspicious Activities to investigate further or open a new screen showing the sequence of activities in a graph.
Mitigation	"Active" actions (such as Block, Quarantine, or Delete) taken against suspicious objects during mitigation tasks