Running Simulations on Endpoints with Deep Security Agents

Enable Activity Monitoring on Deep Security agents, and then run the demonstration script to trigger detections in Trend Micro Vision One.

  1. Enable Activity Monitoring on Deep Security agents.
    1. On the Cloud One - Workload Security console, go to Policies, select a policy and click Details.
    2. Go to Activity Monitoring > General.
    3. Set the Activity Monitoring State to On.
    1. Click Save.
  2. Run the desired simulations on the Windows endpoint.
    1. On the Trend Micro Vision One console, go to Resource Center > Simulations and select the desired app.

      The selected app appears and displays information about the simulations feature and the selected app.

    2. Click Try Simulations.

      The Simulations dialog appears and displays information about the selected simulation.

      Click the right () and left () arrows to browse available simulations.

    3. Click Download Demo Script to download an archive file to the Windows endpoint.
    4. Extract the archive file on the Windows endpoint.
      Note:

      The archive file is password protected. The password is displayed on the Simulations dialog.

    5. Run the .bat demo script file on the Windows endpoint.

      The Windows Command Prompt opens.

    6. Follow the instructions in the Windows Command Prompt window to execute the demonstration commands.
    7. After executing the commands, go to the Trend Micro Vision One with the expected results.
      Note:

      Trend Micro Vision One may take a few minutes to provide results.