Online Help Center Home
Control Manager 6.0 SP3 Features and Enhancements
- Connected Threat Defense Product Integration
- Suspicious Object Management and Handling Process
- IOC Management
- Impact Assessment
  - Retro Scan
- Endpoint Isolation and Connection Restoration
Control Manager 6.0 SP2 Features and Enhancements
Control Manager 6.0 SP1 Features and Enhancements
Control Manager 6.0 Patch 3 Features and Enhancements
Control Manager 6.0 Patch 2 Features and Enhancements
Control Manager 6.0 Features and Enhancements
Control Manager Documentation
Document Conventions
Introducing Trend Micro Control Manager
- Control Manager Standard and Advanced
- Introducing Control Manager Features
- Understanding Trend Micro Management Communication Protocol
- Control Manager Architecture
- Trend Micro Smart Protection Network
Getting Started with Control Manager
- Using the Management Console
- Understanding the Function-Locking Mechanism
- Accessing the Management Console
  - Accessing the Web Console Locally from the Control Manager Server
  - Accessing the Console Remotely
- Changing Access to the Management Console
  - Assigning HTTPS Access to the Control Manager Web Console
- Configuring Web Console Settings
- Configuring Command Time-out Settings
- Logging Off from the Management Console
Configuring User Access
- Understanding User Access
  - Root Account Information
- Understanding User Roles
  - About Adding User Roles
    - Adding a User Role
  - About Editing User Roles
    - Editing a User Role
- Understanding User Accounts
- Understanding User Groups
User/Endpoint Directory Basics
- Understanding the User/Endpoint Directory
- Understanding the Active Directory Synchronization
  - Accessing the Active Directory Tree
  - Troubleshooting Issues Related to Active Directory Integration
- Searching for Users or Endpoints
- Understanding Custom Tags and Filters
Product Directory Basics
- Understanding the Product Directory
- Grouping Managed Products Using Directory Management
- Understanding Cascading Management
Working with Managed Servers
- Understanding Managed Servers
- Adding a Server
- Editing a Server
- Deleting a Server
- Configuring Proxy Settings for Managed Products
- Configuring the Cloud Service Settings
- Stop Managing Cloud Services
Downloading and Deploying Components
- Downloading and Deploying New Components
- Manually Downloading Components
- Understanding Scheduled Download Exceptions
  - Configuring Scheduled Download Exceptions
- Configuring Scheduled Downloads
- Understanding Deployment Plans
- Configuring the Proxy Settings for Component Updates
- Configuring Update/Deployment Settings
Working with the Dashboard and Widgets
- Using the Dashboard
  - User Accounts and the Dashboard
- Understanding Tabs
- Understanding Widgets
- Configuring Smart Protection Network Settings
Using Command Tracking
- Understanding Command Tracking
  - Understanding Command Details
    - Managed Products or Services Involved
    - Details for Individual Products or Services
- Querying and Viewing Commands
Using Notifications
- Understanding Event Center
- Customizing Notification Messages
- Enabling or Disabling Notifications
- Understanding Notification Methods
  - Configuring Notification Method Settings
- Configuring Notification Recipients and Testing Notification Delivery
- Configuring Alert Settings
- Configuring Data Loss Prevention Settings
Working with Logs
- Using Logs
  - Understanding Control Manager Generated Logs
  - Understanding Managed Product Logs
- Understanding Log Aggregation
  - Configuring Log Aggregation Settings
- Querying Log Data
Working with Reports
- Understanding Reports
- Understanding Control Manager Report Templates
  - Understanding Custom Templates
  - Understanding Static Templates
- Adding Custom Templates
- Understanding One-time Reports
  - Adding One-time Reports
- Understanding Scheduled Reports
  - Adding Scheduled Reports
  - Enabling/Disabling Scheduled Reports
- Viewing Generated Reports
  - Viewing One-Time Reports
  - Viewing Scheduled Reports
- Configuring Report Maintenance
- Understanding My Reports
MCP and Control Manager Agents
- Understanding Agents
  - Understanding Communicators
  - Understanding Connection Status Icons
- Understanding Control Manager Security Levels
- Using the Agent Communication Schedule
- Understanding the Agent/Communicator Heartbeat
- Configuring Agent Communication Schedules
  - Setting an Agent Communication Schedule for a Managed Product
  - Modifying the Default Agent Communication Schedule
- Configuring the Agent Communicator or Managed Server Heartbeat
- Stopping and Restarting Control Manager Services
- Modifying the Control Manager External Communication Port
- Verifying the Communication Method Between MCP and Control Manager
  - Verifying Control Manager Uses Two-way Communication
  - Verifying Control Manager Uses Two-way Communication from the Web Console
- Understanding Control Manager Agent Remote Installation
Administering Managed Products
- Manually Deploying Components Using the Product Directory
- Viewing Status Summaries for Managed Products
  - Accessing Through the Dashboard
  - Accessing Through the Product Directory
- Configuring Managed Products
- Understanding the Directory Management Screen
Activating Control Manager and Managed Products
- Activating and Registering Managed Products
- Understanding License Management
  - Activating Managed Products
  - Renewing Managed Product Licenses
    - Renewing Managed Product Licenses from the License Management Screen
    - Renewing Managed Product Licenses from the Product Directory
- About Activating Control Manager
Managing Child Servers
- Understanding Parent-Child Communication
- Registering or Unregistering Child Servers
  - Registering a Child Server
    - Checking the Status in the Control Manager Web Console
  - Unregistering a Child Server
- Accessing the Cascading Folder
- Viewing Child Server Status Summaries
- Configuring Log Upload Settings
  - Enabling or Disabling Child Server Connection
- Issuing Tasks to Child Servers
- Viewing Child Server Reports
  - Refreshing the Product Directory
- Renaming a Child Server
- Removing Child Servers Accidentally Removed from the Cascading Manager
Policy Management
- Understanding Policy Management
- Updating the Policy Templates
- Understanding Data Loss Prevention
  - Data Identifier Types
  - Data Loss Prevention Templates
    - Predefined DLP Templates
    - Customized DLP Templates
Investigating Data Loss Prevention Incidents
- Administrator Tasks
- DLP Incident Review Process
  - Understanding the Incident Information List
  - Reviewing Incident Details
Responding to Targeted Attacks and Advanced Threats
- Virtual Analyzer Suspicious Objects
- User-Defined Suspicious Objects
  - User-Defined Suspicious Objects Tasks
- Distribution Settings
- Indicators of Compromise (IOCs)
Administering the Database
- Understanding the Control Manager Database
  - Understanding the db_ControlManager Tables
- Backing Up db_ControlManager Using osql
  - Restoring Backup db_ControlManager Using osql
- Backing Up db_ControlManager Using SQL Server Management Studio
  - Restoring Backup db_ControlManager Using SQL Server Management Studio
- Shrinking db_ControlManager_Log.LDF Using SQL Commands
- Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008/2005 SP 3/2012
  - Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2005
Using Trend Micro Services
- Understanding Trend Micro Services
- Understanding Enterprise Protection Strategy
  - Highlighting the Value of EPS
- Understanding Outbreak Prevention Services
  - Benefits of Outbreak Prevention Services
    - Activating Outbreak Prevention Services
    - Viewing Outbreak Prevention Services Status
- Preventing Virus Outbreaks and Understanding Outbreak Prevention Mode
  - Understanding Outbreak Prevention Policies
- Using Outbreak Prevention Mode
Using Control Manager Tools
- Using Syslog Forwarder
- Using Agent Migration Tool (AgentMigrateTool.exe)
- Using the Control Manager MIB File
- Using the NVW Enforcer SNMPv2 MIB File
- Using the DBConfig Tool
Getting Support
- Before Contacting Technical Support
- Contacting Technical Support
  - Resolve Issues Faster
- TrendLabs
- Other Useful Resources
Control Manager System Checklists
- Server Address Checklist
- Ports Checklist
- Control Manager 2.x Agent Installation Checklist
- Control Manager Conventions
- Core Process and Configuration Files
- Communication and Listening Ports
- Control Manager Product Version Comparison
Data Views
- Data View: Product Information
- Data View: Security Threat Information
- Data View: Data Protection Information
  - Data Loss Prevention Information
    - DLP Incident Information
    - DLP Template Match Information
  - Data Discovery Information
    - Data Discovery Data Loss Prevention Detection Information
    - Data Discovery Endpoint Information
IPv6 Support in Control Manager
- Control Manager Server Requirements
- IPv6 Server Limitations
- Configuring IPv6 Addresses
- Screens That Display IP Addresses
Checking Policy Status
- Policy Status

Suspicious Objects Tasks

The following table lists all options available:

Table 1. Suspicious Objects Tasks
Task	Steps
Export All	Click Export All to save all the objects to a CSV file.
Add to Exception	Select one or several objects that you consider harmless and then click Add to Exception . The objects move to the Exceptions tab.
Never Expire	Select one or several objects that you always want flagged as suspicious and then click Never Expire .
Expire Now	Select one or several objects that you want removed from the Objects tab and then click Expire Now . When the same object is detected in the future, it will be added back to the Objects tab.
Configure Scan Action	Select one or several objects that you want managed products to take an action against (or do not make any selection to select all objects) and then click Configure Scan Action. In the new window that opens, select the action. There are separate actions for files and IP addresses/URLs. Control Manager automatically deploys the actions to certain managed products. For a list of supported managed products, see Suspicious Object Management and Handling Process.
Assess Impact	Select one or several files or IP addresses and then click Assess Impact to see how many endpoints are affected by these objects. A message displays on top of the screen, informing you that impact assessment has started. Impact assessment on suspicious objects requires a Trend Micro product called Deep Discovery Endpoint Sensor. After the assessment is complete, check the At Risk Endpoints column to see the number of affected endpoints.
Data Filters	If there are too many entries in the table, limit the entries by performing these tasks: Select an object type in the View dropdown box. Type some characters in the text box next to View and then press Enter. Control Manager searches only the Object column for matches.
Records and Pagination Controls	The panel on the bottom right section of the screen shows the total number of objects. If all objects cannot be displayed at the same time, use the pagination controls to view the objects that are hidden from view.