Control Manager 7.0
> Appendices
Online Help Center Home
Preface
Documentation
Audience
Document Conventions
Terminology
Introduction
Introducing Control Manager
About Control Manager
What's New in Control Manager 7.0
Key Features and Benefits
Control Manager Architecture
Smart Protection Network Participation
Getting Started
The Web Console
About the Web Console
Web Console Requirements
Assigning HTTPS Access to the Control Manager Web Console
Accessing the Web Console
Configuring Web Console Settings
Configuring Smart Protection Network Settings
The Dashboard
About the Dashboard
Tabs and Widgets
Working with Tabs
Working with Widgets
The Operation Center
Compliance Indicators
Critical Threats
Resolved Events
Operation Center Chart
Operation Center Details Pane
Summary Tab
Critical Threats Widget
Users with Threats Widget
Endpoints with Threats Widget
Control Manager Top Threats Widget
Product Component Status Widget
Product Connection Status Widget
Ransomware Prevention Widget
DLP Incident Investigation Tab
DLP Incident Trends by User Widget
DLP Incidents by Severity and Status Widget
DLP Incidents by User Widget
Data Loss Prevention Tab
DLP Incidents by Channel Widget
DLP Template Matches Widget
Top DLP Incident Sources Widget
DLP Violated Policy Widget
Compliance Tab
Product Application Compliance Widget
Product Component Status Widget
Product Connection Status Widget
Agent Connection Status Widget
Threat Detection Tab
Control Manager Top Threats Widget
Control Manager Threat Statistics Widget
Threat Detection Results Widget
Policy Violation Detections Widget
C&C Callback Events Widget
Account Management
User Accounts
Root Account
Adding a User Account
Managed Product Access Control
Editing a User Account
Enabling or Disabling Two-Factor Authentication
Viewing or Editing User Account Information
User Roles
Default User Roles
Adding a User Role
Editing a User Role
License Management
Control Manager Activation and License Information
Activating Control Manager
Viewing and Renewing Control Manager License Information
Managed Product Activation and Registration
License Management Details
Activating Managed Products
Renewing Managed Product Licenses
Active Directory and Compliance Settings
Active Directory Integration
Configuring Active Directory Connection Settings
Troubleshooting Active Directory Synchronization
Compliance Indicators
Configuring the Antivirus Pattern Compliance Indicators
Configuring the Data Loss Prevention Compliance Indicator
Endpoint and User Grouping
Sites
Creating a Custom Site
Merging Sites
Reporting Lines
Creating a Custom Reporting Line
Merging Reporting Lines
User/Endpoint Directory
User/Endpoint Directory
User Details
Security Threats for Users
Policy Status
Contact Information
Synchronizing Contact Information with Active Directory
Endpoint Details
Endpoint - [name] Information
Security Threats on Endpoints
Policy Status
Notes for Endpoints
General Information for Endpoints
Active Directory Details
Affected Users
General Information for Security Threats
Assessing Impact on Affected Users
Retro Scan in Deep Discovery Inspector
Using the Advanced Search
Advanced Search Categories
Custom Tags and Filters
Custom Tags
Creating a Custom Tag
Assigning Custom Tags to Users/Endpoints
Filters
Default Endpoint Filters
Creating a Custom Filter
User or Endpoint Importance
Managed Product Integration
Managed Product Registration
Managed Product Registration Methods
Server Registration
Managed Server Details
Adding a Managed Server
Editing a Managed Server
Deleting a Managed Server
Configuring Proxy Settings for Managed Products
Configuring Cloud Service Settings
Managed Product Communication
Modifying the Default Agent Communication Schedule
Configuring Agent Communication Schedules
Configuring Managed Product Heartbeat Intervals
Stopping and Restarting Control Manager Services
Security Agent Installation
Downloading Security Agent Installation Packages
OfficeScan Agent Installations
Fresh Installations on Windows Endpoint Platforms
Fresh Installations on Windows Embedded System Platforms
Fresh Installations on Windows Server Platforms
Update Agents
OfficeScan SaaS Agent System Requirements
Fresh Installations on Windows Endpoint Platforms
Windows 7 (32-bit / 64-bit) Requirements
Windows 8 / 8.1 (32-bit / 64-bit) Requirements
Windows 10 (32-bit / 64-bit) Requirements
Fresh Installations on Windows Server Platforms
Windows Server 2008 (32-bit) Platforms
Windows Server 2008 (64-bit) Platforms
Windows MultiPoint Server 2010 (64-bit) Platform
Windows MultiPoint Server 2011 (64-bit) Platform
Windows Server 2012 (64-bit) Platforms
Windows Server 2016 (64-bit) Platforms
Trend Micro Security (for Mac) Agent Installation
Agent Installation Requirements
Agent Installation Methods and Setup Files
Agent Post-installation
Agent Uninstallation
Trend Micro Security (for Mac) SaaS Agent Installation
Trend Micro Security (for Mac) SaaS Agent System Requirements
Trend Micro Security (for Mac) SaaS Agent Installation Methods
Trend Micro Security (for Mac) SaaS Agent Post-installation
Product Directory
Product Directory
Managed Product Icons
Connection Status Icons
Viewing Managed Product Status Summaries
Performing an Advanced Search of the Product Directory
Executing Managed Product Tasks
Configuring Managed Product Settings
Querying Logs from the Product Directory
Directory Management
Using Directory Management
Recovering Managed Products
Policy Management
Policy Management
Creating a New Policy
Filtering by Criteria
Assigning Endpoints to Filtered Policies
Specifying Policy Targets
Working with Parent Policy Settings
Copying Policy Settings
Inheriting Policy Settings
Modifying a Policy
Importing and Exporting Policies
Deleting a Policy
Changing the Policy Owner
Understanding the Policy List
Reordering the Policy List
Updating the Policy Templates
Data Loss Prevention
Data Identifier Types
Expressions
Predefined Expressions
Viewing Settings for Predefined Expressions
Customized Expressions
Criteria for Customized Expressions
Creating a Customized Expression
Importing Customized Expressions
File Attributes
Creating a File Attribute List
Importing a File Attribute List
Keywords
Predefined Keyword Lists
How Keyword Lists Work
Number of Keywords Condition
Distance Condition
Customized Keyword Lists
Customized Keyword List Criteria
Creating a Keyword List
Importing a Keyword List
Data Loss Prevention Templates
Predefined DLP Templates
Customized DLP Templates
Condition Statements and Logical Operators
Creating a Template
Importing Templates
Policy Status
Component Updates
Component Updates
Component List
Update Source
Deployment Plan
Adding a Deployment Schedule
Configuring Scheduled Update Settings
Configuring Manual Update Settings
Configuring Proxy Settings for Component and License Updates
Command Tracking
Command Tracking
Querying and Viewing Commands
Command Details
Configuring Command Time-out Settings
Security Monitoring
Logs
Log Queries
Working with Log Queries
Log Query Data Views
Configuring Log Aggregation
Deleting Logs
Notifications
Event Notifications
Notification Method Settings
Configuring SMTP Server Settings
Configuring SNMP Trap Settings
Configuring Syslog Settings
Configuring Trigger Application Settings
Contact Groups
Adding Contact Groups
Editing Contact Groups
Advanced Threat Activity Events
Watchlisted Recipients at Risk
C&C Callback Alert
C&C Callback Outbreak Alert
Correlated Incident Detections
Email Messages with Advanced Threats
High Risk Virtual Analyzer Detections
High Risk Host Detections
Known Targeted Attack Behavior
Potential Document Exploit Detections
Rootkit or Hacking Tool Detections
SHA-1 Deny List Detections
Worm or File Infector Propagation Detections
Content Policy Violation Events
Email Policy Violation
Web Access Security Violation
Data Loss Prevention Events
Incident Details Updated
Scheduled Incident Summary
Significant Incident Increase
Significant Incident Increase by Channel
Significant Incident Increase by Sender
Significant Incident Increase by User
Significant Template Match Increase
Known Threat Activity Events
Network Virus Alert
Special Spyware/Grayware Alert
Special Virus Alert
Spyware/Grayware Found - Action Successful
Spyware/Grayware Found - Further Action Required
Virus Found - First Action Successful
Virus Found - First Action Unsuccessful and Second Action Unavailable
Virus Found - First and Second Actions Unsuccessful
Virus Found - Second Action Successful
Virus Outbreak Alert
Network Access Control Events
Network VirusWall Policy Violations
Potential Vulnerability Attacks
Unusual Product Behavior Events
Managed Product Unreachable
Product Service Started
Product Service Stopped
Real-time Scan Disabled
Real-time Scan Enabled
Updates
Antispam Rule Update Successful
Antispam Rule Update Unsuccessful
Pattern File/Cleanup Template Update Successful
Pattern File/Cleanup Template Update Unsuccessful
Scan Engine Update Successful
Scan Engine Update Unsuccessful
Reports
Reports Overview
Custom Templates
Adding or Editing Custom Templates
Configuring the Static Text Report Element
Configuring the Bar Chart Report Element
Configuring the Line Chart Report Element
Configuring the Pie Chart Report Element
Configuring the Dynamic Table Report Element
Configuring the Grid Table Report Element
One-time Reports
Creating One-time Reports
Viewing One-Time Reports
Scheduled Reports
Adding Scheduled Reports
Editing Scheduled Reports
Viewing Scheduled Reports
Configuring Report Maintenance
Viewing My Reports
Connected Threat Defense
About Connected Threat Defense
Feature Requirements
Suspicious Object List Management
Suspicious Object Lists
Adding Exceptions to the Virtual Analyzer Suspicious Object List
Suspicious Object Scan Actions
Configuring Distribution Settings
Suspicious Object Detection
Viewing At Risk Endpoints and Recipients
Assessing Impact Using Endpoint Sensor
Retro Scan in Endpoint Sensor
Viewing the Handling Process
Preemptive Protection Against Suspicious Objects
Adding Objects to the User-Defined Suspicious Object List
Importing User-Defined Suspicious Object Lists
Assessing Impact and Responding to IOCs
Isolating Endpoints
Connected Threat Defense Product Integration
Control Manager
Deep Discovery Analyzer
Trend Micro Endpoint Sensor
Deep Discovery Inspector
Deep Security
OfficeScan
Smart Protection Server
InterScan Messaging Security Virtual Appliance
InterScan Web Security Virtual Applicance
ScanMail for Microsoft Exchange
Trend Micro Endpoint Application Control
Deep Discovery Email Inspector
Cloud App Security
Data Loss Prevention Incidents
Administrator Tasks
Setting Up Manager Information in Active Directory Users
Understanding DLP User Roles
Creating DLP Auditing Logs
DLP Incident Review Process
Understanding the Incident Information List
Reviewing Incident Details
Tools and Support
Administering the Database
Understanding the Control Manager Database
Understanding the db_ControlManager Tables
Backing Up db_ControlManager Using SQL Server Management Studio
Restoring Backup db_ControlManager Using SQL Server Management Studio
Shrinking db_ControlManager_Log.ldf Using SQL Commands
Shrinking db_ControlManager_log.ldf Using SQL Server Management Studio
Shrinking the db_ControlManager_log.ldf File Size on Microsoft SQL Server 2008 (or later)
Control Manager Tools
About Control Manager Tools
Using the Agent Migration Tool (AgentMigrateTool.exe)
Using the Database Configuration Tool (DBConfig.exe)
Suspicious Object Hub and Node Control Manager Architecture
Suspicious Object Hub and Node Control Manager Architecture
Configuring the Suspicious Object Hub and Nodes
Unregistering a Suspicious Object Node from the Hub Control Manager
Configuration Notes
Suspicious Object List Exporter and Importer User Guide
Suspicious Object List Exporter and Importer User Guide
Using the Suspicious Object List Exporter (SuspiciousObjectExporter.exe)
Modifying the Configuration File
Using Control Manager to Export the Virtual Analyzer Exception List
Using Control Manager to Export the User-Defined List
Using the Suspicious Object List Importer (ImportSOFromCSV.exe)
Using Control Manager to Import the Virtual Analyzer Exception List
Using Control Manager to Import the User-Defined List
Using the LogForwarder Tool (LogForwarder.exe)
Introduction
System Requirements
Limitations
Configuring LogForwarder Settings
Starting and Stopping Log Forwarding
Suspicious Object Migration Tool User Guide
Suspicious Object Migration Tool User Guide
Preparing the Check Point Firewall Server
Preparing the Authentication Certificate Configuration Files
Using the Suspicious Object Migration Tool
Using the Suspicious Object List Exporter (SuspiciousObjectExporter.exe)
Modifying the Configuration File
Using the Check Point Suspicious Activity Monitoring Client Tool
Technical Support
Troubleshooting Resources
Using the Support Portal
Threat Encyclopedia
Contacting Trend Micro
Speeding Up the Support Call
Sending Suspicious Content to Trend Micro
Email Reputation Services
File Reputation Services
Web Reputation Services
Other Resources
Download Center
Documentation Feedback
Automation API Guide
Getting Started with Control Manager Automation APIs
Using Control Manager Automation APIs
Adding an Application
Using the Automation API Demo Project for Visual Studio
Using the Automation API Demo Project for Python
Authorization Token Structure
Sample of a Decoded JWT Token
Checksum Calculation
Automation API Responses
Automation API Result Codes
Supported Automation APIs
Control Manager Automation APIs
ProductServers :: List
ProductAgents :: List
ProductAgents :: Isolate
ProductAgents :: Restore
ProductAgents :: Relocate
ProductAgents :: Uninstall
FileUDSO :: Add
Automation API References
Automation API Product Values
Automation API Isolation Statuses
Automation API Actions/Capabilities
Automation API Result Codes
Appendices
Control Manager System Checklists
Server Address Checklist
Port Checklist
Control Manager Conventions
Core Processes and Configuration Files
Communication and Listening Ports
Data Views
Data View: Security Logs
Virus/Malware Information
Overall Virus/Malware Summary
Virus/Malware Source Summary
Virus/Malware Endpoint Summary
Virus/Malware Action/Result Summary
Virus/Malware Detection Over Time Summary
Detailed Virus/Malware Information
Endpoint Virus/Malware Information
Web Virus/Malware Information
Email Virus/Malware Information
Network Virus/Malware Information
Spyware/Grayware Information
Overall Spyware/Grayware Summary
Spyware/Grayware Source Summary
Endpoint Spyware/Grayware Summary
Spyware/Grayware Detection Over Time Summary
Spyware/Grayware Action/Result Summary
Detailed Spyware/Grayware Information
Endpoint Spyware/Grayware
Web Spyware/Grayware
Email Spyware/Grayware
Network Spyware/Grayware
Content Violation Information
Content Violation Policy Summary
Content Violation Sender Summary
Content Violation Detection Over Time Summary
Content Violation Action/Result Summary
Detailed Content Violation Information
Email Messages with Advanced Threats
Spam Violation Information
Overall Spam Violation Summary
Spam Recipient Summary
Spam Detection Over Time Summary
Detailed Spam Information
Spam Connection Information
Policy/Rule Violation Information
Detailed Firewall Violation Information
Network Content Inspection Information
Detailed Endpoint Security Violation Information
Detailed Endpoint Security Compliance Information
Detailed Application Activity
Detailed Behavior Monitoring Information
Device Access Control Information
Detailed Endpoint Application Control Violation Information
Detailed Intrusion Prevention Information
Integrity Monitoring Information
Web Violation/Reputation Information
Overall Web Violation Summary
Web Violation Endpoint Summary
Web Violation URL Summary
Web Violation Filter/Blocking Type Summary
Web Violation Detection Over Time Summary
Web Violation Detection Summary
Detailed Web Violation Information
Detailed Web Reputation Information
Deep Discovery Information
Overall Suspicious Threat Summary
Suspicious Source Summary
Suspicious Riskiest Endpoints Summary
Suspicious Riskiest Recipient Summary
Suspicious Sender Summary
Suspicious Threat Protocol Detection Summary
Suspicious Threat Detection Over Time Summary
Detailed Suspicious Threat Information
Detailed Mitigation Information
Detailed Correlation Information
Advanced Threat Information
Detailed C&C Callback Information
Detailed Suspicious File Information
Detailed Predictive Machine Learning Information
Virtual Analyzer Detection Information
Detailed Virtual Analyzer Suspicious Object Impact Information
Overall Threat Information
Network Security Threat Analysis Information
Network Protection Boundary Information
Security Threat Entry Analysis Information
Security Threat Source Analysis Information
Security Threat Endpoint Analysis Information
Data Loss Prevention Information
DLP Incident Information
DLP Template Match Information
Data Discovery Information
Data Discovery Data Loss Prevention Detection Information
Data Discovery Endpoint Information
Data View: Product Information
License Information
Product License Status
Product License Information Summary
Detailed Product License Information
Managed Product Information
Product Distribution Summary
Product Status Information
Product Event Information
Product Auditing Event Log
Component Information
Engine Status
Pattern/Rule Status
Product Component Deployment
Scan Engine Status Summary
Pattern File/Rule Status Summary
Endpoint Pattern/Engine Status Summary
Endpoint Pattern/Rule Update Status Summary
Control Manager Information
User Access Information
Control Manager Event Information
Command Tracking Information
Detailed Command Tracking Information
Token Variables
About Token Variables
Standard Token Variables
Advanced Threat Activity Token Variables
C&C Callback Token Variables
Content Policy Violation Token Variables
Web Access Security Violation Token Variables
Data Loss Prevention Token Variables
Known Threat Activity Token Variables
Network Access Control Token Variables
IPv6 Support
Control Manager Server Requirements
IPv6 Support Limitations
Configuring IPv6 Addresses
Screens That Display IP Addresses
MIB Files
Using the Control Manager MIB File
Using the NVW Enforcer SNMPv2 MIB File
Syslog Content Mapping - CEF
CEF Data Loss Prevention Logs
Action Result Mapping Table
Channel Mapping Table
CEF Behavior Monitoring Logs
CEF Device Access Control Logs
Product ID Mapping Table
CEF Engine Update Status Logs
CEF Predictive Machine Learning Logs
Threat Type Mapping Table
CEF Pattern Update Status Logs
CEF Content Security Logs
Filter Action Mapping Table
CEF Spyware/Grayware Logs
Action Mapping Table
Spyware/Grayware Scan Type Mapping Table
Spyware/Grayware Risk Type Mapping Table
CEF Virus/Malware Logs
Second Action Mapping Table
CEF Web Security Logs
Filter/Blocking Type Mapping Table
Protocol Mapping Table
CEF C&C Callback Logs
CEF Suspicious File Logs
CEF Network Content Inspection Logs
CEF Endpoint Application Control Logs
CEF Sandbox Detection Logs
Appendices
Control Manager System Checklists
Data Views
Token Variables
IPv6 Support
MIB Files
Syslog Content Mapping - CEF
