Configuring Security Settings

  1. Go to POLICIES > Global Security Agent Settings.
  2. Click Security Settings.
  3. Configure the required settings.



    General Scan

    • Enable deferred scanning on file operations: Administrators can configure Worry-Free Services to defer the scanning of files. Worry-Free Services allows the user to copy files and then scans the files after the copy process completes. This deferred scanning improves the performance of the copy and scan processes.

    • Exclude the Microsoft Exchange Server 2003 folders: Prevents Security Agents installed on the Microsoft Exchange server from scanning Microsoft Exchange 2003 folders.

      For information on excluding other versions of Exchange server folders, see

    • Exclude the Microsoft domain controller folders (Not applicable to Manual and Scheduled spyware/grayware scans): Prevents Agents installed on the domain controller from scanning domain controller folders. These folders store user information, user names, passwords, and other information.

    • Exclude Shadow Copy sections: Shadow Copy or Volume Snapshot Services takes manual or automatic backup copies or snapshots of a file or folder on a specific volume.

    • Resume a missed scheduled scan at the same time next day: Indicates whether a missed weekly or monthly scan should resume the next day. When this option is enabled, if an Agent is unavailable when the scan is scheduled to start, the scan will run at the same time the next day the Agent is available. However, if the Scheduled Scan has started and is canceled or aborted by the user (for example, by shutting down the computer), the Agent will not resume the Scheduled Scan.

    Virus Scan

    • Configure scan settings for large compressed files: Specify the maximum size of the extracted file and the number of files in the compressed file the Agent should scan.

    • Clean compressed files: Agents will try to clean infected files within a compressed file.

    • Scan up to {} OLE layer(s): Agents will scan the specified number of Object Linking and Embedding (OLE) layers. OLE allows users to create objects with one application and then link or embed them in a second application. For example, an .xls file embedded in a .doc file.

    • Add Manual Scan to the Windows shortcut menu on endpoints: With this, users can right-click a file or folder (on the Desktop or in Windows Explorer) and manually scan the file or folder.

    Spyware/Grayware Scan

    • Scan for cookies: Agents will scan for and remove tracking cookies downloaded to clients by visiting websites. Detected tracking cookies are added to the spyware/grayware counter on the Live Status screen.

    • Add cookie detections to the spyware/grayware log: Adds each detected spyware cookie to the spyware log.

    Behavior Monitoring

    • Enable warning messages for low-risk changes or other monitored actions: Agents warn users of low-risk changes or monitored actions.

    • Prompt users before executing newly encountered programs downloaded through HTTP or email applications: After detecting a "newly encountered" file, administrators can choose to prompt users before executing the file. Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

    HTTPS Web Threat Protection

    • Enable HTTPS checking for Web Reputation and URL Filtering on Chrome, Firefox and Microsoft Edge: HTTPS checking does not require additional add-ons for the Chrome, Firefox, or Microsoft Edge browsers and supports the HTTP/2 protocol.


      HTTPS checking support for Internet Explorer is enabled by default in Web Reputation policies and requires an additional browser add-on.

  4. Click Save.