Running Simulations on Endpoints with XDR

Install the Agent on a Windows endpoint, enable XDR, and then run the demonstration script to trigger detections in Trend Micro Vision One.

  1. Install the Agent on a Windows endpoint.
    1. Go to Inventory Management > Endpoint Inventory.
    2. Click Download the Agent Installer to obtain the installation package or a URL link to the Windows installer. Install the Agent on the Windows endpoint.

      For Windows endpoints that require a proxy server to connect to external networks, open a command line editor as an administrator and execute the following command:

      EndpointBasecamp.exe /proxy_server_port <proxy_server_ip_or_fqdn:port>

      For example:

      EndpointBasecamp.exe /proxy_server_port 10.1.1.1:80

      Important:

      Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

      Important:

      The Agent installer is specifically configured to report to your Trend Micro Vision One console.

    3. After installing the Agent, allow some time for the Windows endpoint to report back to Trend Micro Vision One.
  2. Enable XDR on the Windows endpoint.
    1. Go to Inventory Management > Endpoint Inventory.
    2. On the Available endpoints tab, locate the Windows endpoint you installed the Agent on, select the check box next to the Windows endpoint, and then click Enable to install the necessary XDR components.
    3. Wait until the Windows endpoint appears on the Reporting to XDR tab.
  3. Run the desired simulations on the Windows endpoint.
    1. On the Trend Micro Vision One console, go to Resource Center > Simulations and select the desired app.

      The selected app appears and displays information about the simulations feature and the selected app.

    2. Click Try Simulations.

      The Simulations dialog appears and displays information about the selected simulation.

      Click the right () and left () arrows to browse available simulations.

    3. Click Download Demo Script to download an archive file to the Windows endpoint.
    4. Extract the archive file on the Windows endpoint.
      Note:

      The archive file is password protected. The password is displayed on the Simulations dialog.

    5. Run the .bat demo script file on the Windows endpoint.

      The Windows Command Prompt opens.

    6. Follow the instructions in the Windows Command Prompt window to execute the demonstration commands.
    7. After executing the commands, go to the Trend Micro Vision One with the expected results.
      Note:

      Trend Micro Vision One may take a few minutes to provide results.