Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Deep Security 10.3
Azure Marketplace
Trend Micro Incorporated reserves the right to make changes to this document and to theproducts described herein without notice. Before installing and using the software, please reviewthe release notes and the latest version of the applicable user documentation, which areavailable from the Trend Micro Web site at:
https://help.deepsecurity.trendmicro.com/software.html
Trend Micro, and the Trend Micro t-ball logo are trademarks or registered trademarks of TrendMicro Incorporated. All other company or product names may be trademarks or registeredtrademarks of their owners. Information contained in this document is subject to change withoutnotice.
© 2017 Trend Micro Incorporated. All rights reserved
Protected by U.S. Patent No. 7,630,982 B2.
Privacy Policy
Trend Micro, Inc. is committed to protecting your privacy. Please read the Trend Micro PrivacyPolicy available at www.trendmicro.com.
Document Number: APEM108112_171204
Publication Date: 6/7/2018 3:57 PM
Legal Notices
https://help.deepsecurity.trendmicro.com/software.htmlhttp://www.trendmicro.com/
Trend Micro Deep Security for Azure Marketplace 10.3
3
Contents
Contents 3
Get Started 52
Read the release notes 52
Buy Deep Security Manager from the AzureMarketplace 52
What's new? 53
Deep Security 10.3 feature release 53
Before you install 53
Feature releases 53
Version numbers 54
Feature release life cycle 55
Platform support 55
Support services 55
About the Deep Security components 56
System requirements 57
Deep Security Manager 58
Deep Security Agent 10.3 61
Deep Security Notifier 62
Deep Security Manager - Agent compatibility by platform 63
Docker support 65
Deep Security Agent Linux kernel support 66
Supported features by platform 67
Platforms 67
Windows (10.3 Agents) 68
Red Hat Enterprise Linux (10.3 Agents) 71
CentOS (10.3 Agents) 72
Oracle Linux (10.3 Agents) 73
Trend Micro Deep Security for Azure Marketplace 10.3
4
SUSE Linux (10.3 Agents) 74
Ubuntu (10.3 Agent) 75
Debian (10.3 Agent) 75
Cloud Linux (10.3 Agent) 76
Amazon (10.3 Agents) 76
Azure (10.3 Agents) 79
Agentless (NSX) (10.3 Agents) 81
Supported Features by Platform documentation for previous versions of Deep Security 86
Sizing 86
Database disk space 86
Disk space estimates 87
Database sizing considerations 88
Deep Security Manager sizing 88
Multiple server nodes 89
Sizing for AzureMarketplace 89
Deep Security Manager 90
Database 90
Notes 91
Port numbers 91
Deep Security Manager ports 93
Incoming (listening ports) 93
Outgoing 94
Deep Security Relay ports 100
Incoming (listening) 100
Outgoing 101
Deep Security Agent ports 102
Incoming (listening ports) 102
Outgoing 103
Prepare a database for Deep Security Manager 108
Trend Micro Deep Security for Azure Marketplace 10.3
5
Hardware considerations 110
Dedicated server 110
Hardware recommendations 110
Microsoft SQL Server 111
General requirements 111
Transport protocol 111
Databasemaintenance 111
Oracle Database 111
Oracle RAC (Real Application Clusters) support 112
PostgreSQL recommendations 112
General requirements 113
Tuning PostgreSQL settings 113
Logging settings 114
Lock management 115
Maximum connections 115
Shared buffers 115
Work memory andmaintenance work memory 115
Effective cache size 116
Checkpoints 116
Write-ahead log (WAL) 116
Autovacuum settings 116
High availability 117
Backup and recovery 117
Linux recommendations 117
Transparent Huge Pages (Linux) 117
Strengthen host-based authentication (Linux) 117
Set up authentication for SQL Server 118
Active Directory 118
The Deep Security Manager computer 119
Trend Micro Deep Security for Azure Marketplace 10.3
6
Windows 119
Linux 120
Microsoft SQL Server 121
Synchronize system clocks 121
Microsoft SQL Server Express considerations 121
Supported versions 122
Limited number of hosts 122
Security module limitations 122
Minimize the agent size 122
Database pruning 122
Deploy Deep Security 123
Deploy the Deep Security Manager VM for AzureMarketplace 123
Buy Deep Security from the AzureMarketplace 123
Add aMicrosoft Azure account to Deep Security 125
Create a policy 125
Deploy Deep Security Agents 126
Generate and run a deployment script 126
Add a custom script extension to an existing virtual machine 126
RunDeep Security Manager onmultiple nodes 127
Add a node 128
Remove a node 128
Viewing node statuses 129
Network Mapwith Activity Graph 129
Jobs by Node 130
Jobs by Type 131
Total jobs by node and type 132
Update the load balancer's certificate 133
Configure SMTP settings for email notifications 135
Install the agents 136
Trend Micro Deep Security for Azure Marketplace 10.3
7
Get Deep Security Agent software 136
Download agent software packages into Deep Security Manager 137
Export the agent installer 137
Manually install the Deep Security Agent 138
Install aWindows agent 139
Installation on AmazonWorkSpaces 139
Installation onWindows 2012 Server Core 140
Install a Red Hat, SUSE, Oracle Linux, or Cloud Linux agent 140
Install an Ubuntu or Debian agent 141
Install a Solaris agent 141
Install an HP-UX agent 143
Install an AIX agent 144
Install the agent on aMicrosoft Azure VM 144
Install the agent on aMicrosoft Azure VM 145
Bake the agent into your AMI orWorkSpace bundle 146
Before you begin 146
Step 1. Configure the activation type 147
Step 2. Launch a 'master' Amazon EC2 instance or AmazonWorkSpace 147
Step 3. Install and activate an agent on themaster 147
Step 4. Verify that the agent was installed and activated properly 149
Step 5. (Optional) Set up policy auto-assignment 149
Step 6. Create an AMI or customWorkSpace bundle based on themaster 150
Step 7. Use the AMI 150
Configure communication between components 151
Agent-manager communication 151
Configure the heartbeat 151
Configure communication directionality 153
Supported cipher suites for agent-manager communication 155
SSL implementation and credential provisioning 156
Trend Micro Deep Security for Azure Marketplace 10.3
8
Use agent-initiated communication with cloud accounts 157
Enable agent-initiated communication on the policy 157
Assign the policy to a deployment script 158
Connect agents behind a proxy 158
Requirements 158
Register the proxy in Deep Security Manager 159
Connect agents, appliances, and relays to security updates via proxy 159
Connect agents to security services via proxy 159
Connect agents to a relay via proxy 160
Connect agents to a relay's private IP address 160
Remove a proxy setting 161
Windows 161
Linux 161
Subsequent agent deployments 161
Configure agents that have no Internet access 162
Solutions 162
Use a proxy 162
Install a Smart Protection Server locally 163
Install a relay and supporting components in your DMZ or Internet-ready area 164
Disable the features that use TrendMicro security services 166
Proxy protocols supported by Deep Security 168
Proxy settings 169
Proxy server use 169
Proxy servers 171
Manage trusted certificates 171
Import trusted certificates 171
View trusted certificates 172
Remove trusted certificates 173
Trend Micro Deep Security for Azure Marketplace 10.3
9
If I have disabled the connection to the Smart Protection Network, is any other information sent toTrendMicro? 174
Activate the agent 174
Deactivate the agent 176
Stop or start the agent 176
Stop or start the appliance 177
Diagnose problems with agent deployment (Windows) 177
Configure teamedNICs 177
Windows 177
Solaris 178
Agent settings 179
Hostnames 179
Agent-Initiated Activation 179
Data Privacy 181
Agentless vCloud Protection 181
Create an Azure app for Deep Security 181
Record the Azure Active Directory ID 181
Create the Azure app 182
Record the Azure app ID and password 182
Record the Subscription ID 182
Assign the Azure app a reader role and add it to your Azure Subscription 183
Distribute security and software updates with relays 183
How relays work 183
Relay groups 184
Determine the number of relays to use 184
Number of agents 184
Geographic region of agents 185
Network configuration and bandwidth 185
Frequency of agent updates 185
Trend Micro Deep Security for Azure Marketplace 10.3
10
Sizing recommendations 186
Configure one or more relays 186
Create one or more relay groups 186
Enable one or more relays 188
Assign agents to a relay group 188
Configure relay settings for security and software updates 189
Security updates 189
Software updates 190
Remove relay functionality from an agent 190
10.2 or later 191
10.1 or earlier 191
DevOps, automation and scaling 192
Command-line basics 193
Deep Security Agent 193
dsa_control 193
Usage 194
Agent-initiated activation ("dsa_control -a") 196
Agent-Initiated activation over a private network via proxy 197
Agent-initiated heartbeat command ("dsa_control -m") 198
Activate an agent 205
Windows 205
Linux 206
Configure a proxy for anti-malware and rule updates 206
Windows 206
Linux 206
Configure a proxy for connections to themanager 206
Windows 206
Linux 207
Force the agent to contact themanager 207
Trend Micro Deep Security for Azure Marketplace 10.3
11
Windows 207
Linux 207
Initiate amanual anti-malware scan 207
Windows 207
Linux 207
Create a diagnostic package 208
Windows 208
Linux 208
Reset the agent 208
Windows 208
Linux 209
dsa_query 209
Usage 209
Check CPU usage and RAM usage 210
Windows 210
Linux 210
Check that ds_agent processes or services are running 210
Windows 210
Linux 210
Restart an agent on Linux 210
Use the Deep Security REST API 210
Getting Started 211
Enabling the Status Monitoring API (Optional) 211
Creating aWeb Service User Account 212
Obtaining Deep Security Manager's SSLCertificate 212
Developing a REST API Client Application 213
Using the REST API 213
Basic API Access 214
Using the Provided Java REST API Client 214
Trend Micro Deep Security for Azure Marketplace 10.3
12
Example Java Code 215
Using the Java Sample Code 219
API Documentation 219
Response Processing 219
HTTP Status Codes 219
Error Responses 220
API Calls Returning javax.ws.rs.core.Response 221
Other Considerations 221
Specifying Dates in Query Parameters 221
Multi-Tenant Permissions 222
Schedule Deep Security to perform tasks 222
Create scheduled tasks 222
Enable or disable a scheduled task 224
Set up recurring reports 224
Automatically perform tasks when a computer is added or changed 225
Create an event-based task 225
Edit or stop an existing event-based task 225
Events that you canmonitor 225
Conditions 226
Actions 229
Order of execution 229
Temporarily disable an event-based task 229
Azure virtual machine scale sets and Deep Security 230
Step 1: (Recommended) Add your Azure account to Deep Security Manager 230
Step 2: Prepare a deployment script 231
Step 3: Add the agent through a custom script extension to your VMSS instances 231
Example 1: Create a new VMSS that includes the agent 232
Example 2: Add the agent to an existing VMSS 234
Use deployment scripts to add and protect computers 237
Trend Micro Deep Security for Azure Marketplace 10.3
13
Troubleshooting and tips 239
Protect 240
Intrusion Prevention 240
Anti-Malware 240
Firewall 241
WebReputation 241
Integrity Monitoring 241
Log Inspection 242
Application Control 242
Manage protected computers 242
Add computers and other resources to Deep Security Manager 242
Add computers to themanager 243
Group computers 243
Export your computers list 244
Delete a computer 244
Add local network computers 244
Agent-initiated activation 244
Manually add a computer 245
Discover computers 246
Add AWS cloud accounts 247
Configure an IAM policy 249
Add your AWS accounts using an IAM user and cross account role 250
Step 1. Log in to AWS Account X and complete these tasks: 251
Step 2. Log in to AWS Account Y and complete these tasks: 252
Step 3. Log in to Deep Security Manager and add the access keys: 252
Add your AWS account using AWS access keys 253
Edit a cloud account 254
Remove a cloud account from themanager 255
Add AmazonWorkSpaces 255
Trend Micro Deep Security for Azure Marketplace 10.3
14
Protect AmazonWorkSpaces if you already added your AWS account 255
Protect AmazonWorkSpaces if you have not yet added your AWS account 256
How do I migrate to the new cloud connector functionality? 256
Add aMicrosoft Azure account to Deep Security 258
Configure a proxy setting for the Azure account 258
Add virtual machines from aMicrosoft Azure account to Deep Security 259
Quick 259
Advanced 260
Manage Azure classic virtual machines with the Azure ResourceManager connector 260
Remove an Azure account 261
Create an Azure app for Deep Security 261
Record the Azure Active Directory ID 262
Create the Azure app 262
Record the Azure app ID and password 262
Record the Subscription ID 263
Assign the Azure app a reader role and add it to your Azure Subscription 263
Why should I upgrade to the new Azure ResourceManager connection functionality? 263
Add virtual machines hosted on VMware vCloud 264
Proxy setting for cloud accounts 265
Create a VMware vCloudOrganization account for themanager 265
Import computers from a VMware vCloudOrganization Account 266
Import computers from a VMware vCloud Air data center 266
Configure software updates for cloud accounts 267
Remove a cloud account 267
Add computer groups fromMicrosoft Active Directory 268
Additional Active Directory options 269
Remove Directory 269
Synchronize Now 269
Server certificate usage 269
Trend Micro Deep Security for Azure Marketplace 10.3
15
Filter Active Directory objects 270
Import users and contacts 270
Keep Active Directory objects synchronized 271
Disable Active Directory synchronization 272
Remove computer groups from Active Directory synchronization 272
Delete Active Directory users and contacts 272
Protect Docker containers 273
Deep Security protection for the Docker host 274
Deep Security protection for Docker containers 274
Limitation on intrusion prevention recommendation scans 274
Computer and agent statuses 275
Status column - computer states 275
Status column - agent or appliance states 276
Task(s) column 276
Computer errors 279
Protectionmodule status 280
Perform other actions on your computers 281
Computers icons 285
Status information for different types of computers 286
Ordinary computer 286
Relay 286
Deep Security Scanner 287
Docker hosts 287
Automatic configuration of iptables 288
Rules added for amanager 288
Rules added for an agent 288
Enable or disable agent self-protection 289
Via Deep Security Manager 289
Via command line 290
Trend Micro Deep Security for Azure Marketplace 10.3
16
Are "Offline" agents still protected by Deep Security? 290
Deep Security Notifier 291
How the notifier works 291
Create policies to protect your computers and other resources 295
Create a new policy 296
Other ways to create a policy 296
Edit the settings for a policy or individual computer 297
Assign a policy to a computer 298
Immediately send policy changes 298
Export a policy 299
Policies, inheritance, and overrides 299
Inheritance 300
Overrides 301
Manage and run recommendation scans 302
What gets scanned? 302
Scan limitations 303
Run a recommendation scan 304
Create a scheduled task to regularly run recommendation scans 305
Configure an ongoing scan 306
Manually run a recommendation scan 306
Cancel a recommendation scan 306
Exclude a rule or application type from recommendation scans 307
Automatically implement recommendations 307
Check scan results andmanually assign rules 308
Configure recommended rules 310
Implement additional rules for common vulnerabilities 310
Troubleshooting: Recommendation Scan Failure 311
Communication 311
Server resources 312
Trend Micro Deep Security for Azure Marketplace 10.3
17
Timeout values 312
Detect and configure the interfaces available on a computer 312
Configure a policy for multiple interfaces 313
Enforce interface isolation 313
Overview section of the computer editor 314
General tab 314
Computer status 315
Protectionmodule status 316
VMware virtual machine summary 318
Actions tab 318
Activation 318
Policy 318
Agent Software 318
Support 319
TPM tab 319
System Events tab 320
Overview section of the policy editor 320
General tab 320
General 320
Inheritance 321
Modules 321
Computer(s) Using This Policy tab 321
Events tab 321
Network engine settings 321
Define rules, lists, and other common objects used by policies 332
Rules 332
Lists 332
Other 332
Create a firewall rule 333
Trend Micro Deep Security for Azure Marketplace 10.3
18
Add a new rule 333
Select the behavior and protocol of the rule 334
Select a Packet Source and Packet Destination 336
Configure rule events and alerts 337
Alerts 338
Set a schedule for the rule 338
Assign a context to the rule 338
See policies and computers a rule is assigned to 338
Export a rule 338
Delete a rule 338
Configure intrusion prevention rules 339
See the list of intrusion prevention rules 339
See information about an intrusion prevention rule 340
General Information 340
Details 340
See the list of intrusion prevention rules 341
General Information 341
Identification (TrendMicro rules only) 341
See information about the associated vulnerability (TrendMicro rules only) 342
Assign and unassign rules 342
Automatically assign updated required rules 343
Configure event logging for rules 343
Generate alerts 344
Setting configuration options (TrendMicro rules only) 345
Schedule active times 345
Exclude from recommendations 346
Set the context for a rule 346
Override the behavior mode for a rule 347
Override rule and application type configurations 347
Trend Micro Deep Security for Azure Marketplace 10.3
19
Export and import rules 348
Create an integrity monitoring rule 348
Add a new rule 349
Enter integrity monitoring rule information 350
Select a rule template and define rule attributes 350
Registry Value template 350
File template 350
Custom (XML) template 351
Configure TrendMicro integrity monitoring rules 351
Configure rule events and alerts 352
Real-time event monitoring 352
Alerts 353
See policies and computers a rule is assigned to 353
Export a rule 353
Delete a rule 353
Define a log inspection rule for use in policies 353
Create a new log inspection rule 354
Decoders 356
Subrules 357
Groups 357
Rules, ID, and Level 358
Description 359
Decoded As 360
Match 360
Conditional Statements 361
Hierarchy of Evaluation 362
Restrictions on the Size of the Log Entry 363
Composite Rules 364
Real world examples 365
Trend Micro Deep Security for Azure Marketplace 10.3
20
Log inspection rule severity levels and their recommended use 374
strftime() conversion specifiers 375
Examine a log inspection rule 376
Log inspection rule structure and the event matching process 376
Duplicate Sub-rules 378
Create a list of directories for use in policies 379
Import and export directory lists 381
See which policies use a directory list 381
Create a list of file extensions for use in policies 381
Import and export file extension lists 382
See whichmalware scan configurations use a file extension list 382
Create a list of files for use in policies 382
Import and export file lists 385
See which policies use a file list 385
Create a list of IP addresses for use in policies 385
Import and export IP lists 386
See which rules use an IP list 386
Create a list of ports for use in policies 386
Import and export port lists 387
See which rules use a port list 387
Create a list of MAC addresses for use in policies 387
Import and export MAC lists 388
See which policies use aMAC list 388
Define contexts for use in policies 388
Configure settings used to determine whether a computer has internet connectivity 388
Define a context 389
Define stateful firewall configurations 390
Add a stateful configuration 390
Enter stateful configuration information 391
Trend Micro Deep Security for Azure Marketplace 10.3
21
Select packet inspection options 391
IP packet inspection 391
TCP packet inspection 391
FTP Options 393
UDP packet inspection 393
ICMP packet inspection 394
Export a stateful configuration 394
Delete a stateful configuration 395
See policies and computers a stateful configuration is assigned to 395
Define a schedule that you can apply to rules 395
Lock down software with application control 396
What does app control detect as software? 398
Local vs. shared vs. global rulesets 399
Enable application control 399
Turn on application control 400
Verify application control is enabled 402
Automatically enable application control on new computers 404
Monitor for application control events 405
Choose which application control events to log 406
View application control event logs 406
Respond to application control security events 407
Interpret aggregated security events 407
Monitor application control alerts 409
Allow or block software 409
Allow or block software 410
Example: Allow All in application control 413
Allow software updates 413
Reuse shared allow and block rules on other computers 415
Change from shared to computer-specific allow and block rules 416
Trend Micro Deep Security for Azure Marketplace 10.3
22
Globally block by hash 417
Reset application control after toomuch software change 418
Reset application control after toomuch software change 419
Undo blocking or allowing software 420
View application control rulesets 421
Delete an application control ruleset 422
Delete an individual application control rule 423
Delete a global rule 423
Change the action of one application control rule 423
Undomany new rules and rule changes with the decision log 426
Deploy application control rulesets via relays 428
Protect against malware 433
Types of malware scans 434
Real-time scan 434
Manual scan 435
Scheduled scan 435
Quick scan 435
Scan objects and sequence 436
Malware scan configurations 436
Malware events 437
SmartScan 437
PredictiveMachine Learning 438
Malware types 438
Virus 438
Trojans 439
Packer 440
Spyware/grayware 440
Cookie 441
Other threats 441
Trend Micro Deep Security for Azure Marketplace 10.3
23
Possible malware 441
Enable and configure anti-malware 441
Turn on the anti-malwaremodule 442
Select the types of scans to perform 442
Configure scan exclusions 443
Ensure that Deep Security can keep up to date on the latest threats 443
Configuremalware scans 444
Create or edit a malware scan configuration 445
Scan for specific types of malware 446
Scan for spyware and grayware 446
Scan for compressed executable files (real-time scans only) 446
Scan process memory (real-time scans only) 447
Scan compressed files 447
Scan embeddedMicrosoft Office objects 448
Specify the files to scan 448
Inclusions 448
Exclusions 449
Syntax for directory lists 450
Syntax of file lists 451
Syntax of file extension lists 453
Syntax of process image file lists (real-time scans only): 453
Scan a network directory (real-time scan only) 454
Specify when real-time scans occur 454
Configure how to handlemalware 454
Customizemalware remedial actions 454
ActiveAction actions 455
Generate alerts for malware detection 456
Identify malware files by file hash digest 456
Configure notifications on the computer 457
Trend Micro Deep Security for Azure Marketplace 10.3
24
Performance tips for anti-malware 457
Minimize disk usage 457
Optimize CPU usage 458
Optimize RAM usage 459
DisableWindows Defender after installing Deep Security anti-malware onWindows Server 2016 460
Installing the Anti-Malwaremodule whenWindows Defender is already disabled 460
Detect emerging threats using PredictiveMachine Learning 460
Ensure Internet connectivity 461
Enable PredictiveMachine Learning 461
Enhanced anti-malware and ransomware scanning with behavior monitoring 462
How does enhanced scanning protect you? 462
How to enable enhanced scanning 463
What happens when enhanced scanning finds a problem? 464
What if my agents can't connect to the Internet directly? 469
Smart Protection in Deep Security 469
Anti-malware and Smart Protection 469
Enable Smart Scan 469
Smart Protection Server for File Reputation Service 470
WebReputation and Smart Protection 471
Smart Feedback 472
Handlemalware 472
View and restore identifiedmalware 473
See a list of identified files 473
Working with identified files 474
Search for an identified file 475
Restore quarantined files 477
Create a scan exclusion for the file 477
Restore the file 480
Manually restore quarantined files 480
Trend Micro Deep Security for Azure Marketplace 10.3
25
Create anti-malware exceptions 480
Create an exception from an anti-malware event 481
Manually create an anti-malware exception 482
Exception strategies for spyware and grayware 482
Scan exclusion recommendations 483
Increase debug logging for anti-malware in protected Linux instances 483
Block exploit attempts using intrusion prevention 484
Intrusion prevention rules 485
Application types 485
Rule updates 486
Recommendation scans 486
Use behavior modes to test rules 486
Override the behavior mode for rules 487
Intrusion prevention events 488
Support for secure connections 488
Contexts 488
Interface tagging 489
Set up intrusion prevention 489
Enable intrusion prevention in Detect mode 489
Test intrusion prevention 491
Apply recommended rules 492
Monitor your system 494
Monitor system performance 494
Check intrusion prevention events 494
Enable 'fail open' for packet or system failures 494
Switch to prevent mode 494
Implement best practices for specific rules 495
HTTP Protocol Decoding rule 495
Cross-site scripting and generic SQL injection rules 495
Trend Micro Deep Security for Azure Marketplace 10.3
26
Configure intrusion prevention rules 496
See the list of intrusion prevention rules 497
See information about an intrusion prevention rule 497
General Information 497
Details 498
See the list of intrusion prevention rules 498
General Information 498
Identification (TrendMicro rules only) 499
See information about the associated vulnerability (TrendMicro rules only) 499
Assign and unassign rules 500
Automatically assign updated required rules 500
Configure event logging for rules 501
Generate alerts 502
Setting configuration options (TrendMicro rules only) 502
Schedule active times 503
Exclude from recommendations 503
Set the context for a rule 504
Override the behavior mode for a rule 504
Override rule and application type configurations 505
Export and import rules 506
Configure an SQL injection prevention rule 506
What is an SQL injection attack? 507
What are common characters and strings used in SQL injection attacks? 507
How does the Generic SQL Injection Prevention rule work? 509
Examples of the rule and scoring system in action 511
Example 1: Logged and dropped traffic 511
Example 2: No logged or dropped traffic 512
Configure the Generic SQL Injection Prevention rule 513
Character encoding guidelines 516
Trend Micro Deep Security for Azure Marketplace 10.3
27
Application types 518
See a list of application types 518
General Information 519
Connection 519
Configuration 520
Options 520
Assigned To 520
Inspect SSL or TLS traffic 520
Configure SSL inspection 521
Change port settings 522
Work around Perfect Forward Secrecy 522
Special considerations for Apache servers 523
Supported ciphers 524
Supported protocols 525
Configure anti-evasion settings 525
Performance tips for intrusion prevention 528
Maximum size for configuration packages 529
Control endpoint traffic using the firewall 530
Firewall rules 530
Set up the Deep Security firewall 531
Test firewall rules before deploying them 532
Test in Tapmode 533
Test in Inlinemode 533
Enable 'fail open' behavior 534
Turn on firewall 535
Default firewall rules 536
Default Bypass rule for Deep Security Manager Traffic 537
Restrictive or permissive firewall design 537
Restrictive firewall 537
Trend Micro Deep Security for Azure Marketplace 10.3
28
Permissive firewall 538
Firewall rule actions 538
Firewall rule priorities 539
Allow rules 539
Force Allow rules 539
Bypass rules 540
Recommended firewall policy rules 540
Reconnaissance scans 540
Stateful inspection 542
Example 542
Important things to remember 543
Create a firewall rule 544
Add a new rule 545
Select the behavior and protocol of the rule 545
Select a Packet Source and Packet Destination 548
Configure rule events and alerts 549
Alerts 549
Set a schedule for the rule 549
Assign a context to the rule 550
See policies and computers a rule is assigned to 550
Export a rule 550
Delete a rule 550
Allow trusted traffic to bypass the firewall 550
Create a new IP list of trusted traffic sources 551
Create incoming and outbound firewall rules for trusted traffic using the IP list 551
Assign the firewall rules to a policy used by computers that trusted traffic flows through 552
Firewall rule actions and priorities 552
Firewall rule actions 552
More about Allow rules 553
Trend Micro Deep Security for Azure Marketplace 10.3
29
More about Bypass rules 553
Default Bypass rule for Deep Security Manager traffic 554
More about Force Allow rules 555
Firewall rule sequence 555
A note on logging 556
How firewall rules work together 557
Rule Action 557
Rule priority 559
Putting rule action and priority together 559
Firewall settings 560
General 561
Firewall 561
Firewall Stateful Configurations 561
Port Scan (Computer Editor only) 561
Assigned Firewall Rules 562
Interface Isolation 562
Interface Isolation 562
Interface Patterns 562
Reconnaissance 563
Reconnaissance Scans 563
Advanced 566
Events 566
Events 566
Firewall settings with Oracle RAC 566
Add a rule to allow communication between nodes 566
Add a rule to allow UDP port 42424 567
Allow other RAC-related packets 569
Ensure that the Oracle SQL Server rule is assigned 572
Ensure that anti-evasion settings are set to "Normal" 572
Trend Micro Deep Security for Azure Marketplace 10.3
30
Define stateful firewall configurations 573
Add a stateful configuration 574
Enter stateful configuration information 574
Select packet inspection options 574
IP packet inspection 574
TCP packet inspection 575
FTP Options 576
UDP packet inspection 577
ICMP packet inspection 577
Export a stateful configuration 578
Delete a stateful configuration 578
See policies and computers a stateful configuration is assigned to 578
Scan for open ports 579
Monitor for system changes with integrity monitoring 580
Set up integrity monitoring 580
How to enable Integrity Monitoring 580
Turn on Integrity Monitoring 581
Run a Recommendation scan 582
Apply the Integrity Monitoring rules 583
Build a baseline for the computer 585
Periodically scan for changes 585
When Integrity Monitoring scans are performed 585
Integrity Monitoring scan performance settings 586
Limit CPU usage 586
Change the content hash algorithm 587
Enable a VM Scan Cache configuration 587
Integrity Monitoring event tagging 587
Create an integrity monitoring rule 588
Add a new rule 589
Trend Micro Deep Security for Azure Marketplace 10.3
31
Enter integrity monitoring rule information 589
Select a rule template and define rule attributes 590
Registry Value template 590
File template 590
Custom (XML) template 591
Configure TrendMicro integrity monitoring rules 591
Configure rule events and alerts 592
Real-time event monitoring 592
Alerts 592
See policies and computers a rule is assigned to 592
Export a rule 592
Delete a rule 592
Integrity monitoring rules language 593
Entity Sets 594
Hierarchies and wildcards 595
Syntax and concepts 596
Include tag 597
Exclude tag 598
Case sensitivity 598
Entity features 599
ANDs andORs 601
Order of evaluation 602
Entity attributes 602
Shorthand attributes 603
onChange attribute 604
Environment variables 604
Environment variable overrides 605
Registry values 605
Use of ".." 606
Trend Micro Deep Security for Azure Marketplace 10.3
32
Best practices 606
DirectorySet 607
Tag Attributes 607
Entity Set Attributes 608
Short Hand Attributes 609
Meaning of "Key" 609
Sub Elements 609
FileSet 610
Tag Attributes 610
Entity Set Attributes 610
Short Hand Attributes 612
Drives Mounted as Directories 612
Alternate Data Streams 612
Meaning of "Key" 613
Sub Elements 613
Special attributes of Include and Exclude for FileSets: 614
GroupSet 614
Tag Attributes 614
Entity Set Attributes 614
Short Hand Attributes 615
Meaning of "Key" 615
Include and Exclude 615
InstalledSoftwareSet 615
Tag Attributes 616
Entity Set Attributes 616
Short Hand Attributes 617
Meaning of "Key" 617
Sub Elements 617
Special attributes of Include and Exclude for InstalledSoftwareSets: 617
Trend Micro Deep Security for Azure Marketplace 10.3
33
PortSet 618
Tag Attributes 618
Entity Set Attributes 618
Meaning of "Key" 619
IPV6 619
Matching of the Key 619
Sub Elements 620
Special attributes of Include and Exclude for PortSets: 620
ProcessSet 621
Tag Attributes 621
Entity Set Attributes 621
Short Hand Attributes 622
Meaning of "Key" 622
Sub Elements 623
Special attributes of Include and Exclude for ProcessSets: 623
RegistryKeySet 624
Tag Attributes 624
Entity Set Attributes 625
Short Hand Attributes 625
Meaning of "Key" 625
Sub Elements 625
RegistryValueSet 626
Tag Attributes 626
Entity Set Attributes 626
Short Hand Attributes 627
Meaning of "Key" 627
Default Value 627
Sub Elements 628
ServiceSet 628
Trend Micro Deep Security for Azure Marketplace 10.3
34
Tag Attributes 628
Entity Set Attributes 629
Short Hand Attributes 630
Meaning of "Key" 630
Sub Elements 630
Special attributes of Include and Exclude for ServiceSets: 631
UserSet 631
Tag Attributes 631
Entity Set Attributes 631
Common Attributes 631
Windows-only Attributes 632
Linux-only Attributes 633
Short Hand Attributes 633
Meaning of "Key" 634
Sub Elements 634
Include and Exclude 634
Special attributes of Include and Exclude for UserSets 634
WQLSet 635
Entity Set Attributes 637
Meaning of Key 639
Include Exclude 639
Analyze logs with log inspection 639
Set up log inspection 640
Turn on the log inspectionmodule 641
Run a recommendation scan 641
Apply the recommended log inspection rules 642
Configure log inspection event forwarding and storage 643
Define a log inspection rule for use in policies 644
Create a new log inspection rule 644
Trend Micro Deep Security for Azure Marketplace 10.3
35
Decoders 646
Subrules 648
Groups 648
Rules, ID, and Level 648
Description 650
Decoded As 650
Match 651
Conditional Statements 652
Hierarchy of Evaluation 652
Restrictions on the Size of the Log Entry 654
Composite Rules 654
Real world examples 656
Log inspection rule severity levels and their recommended use 665
strftime() conversion specifiers 666
Examine a log inspection rule 667
Log inspection rule structure and the event matching process 667
Duplicate Sub-rules 669
Block access tomalicious URLs with web reputation 670
Turn on the web reputationmodule 671
Switch between inline and tapmode 671
Enforce the security level 672
To configure the security level: 672
Create exceptions 673
To create URL exceptions: 673
Configure the Smart Protection Server 674
Smart Protection Server ConnectionWarning 675
Edit advanced settings 675
Blocking Page 675
Alert 676
Trend Micro Deep Security for Azure Marketplace 10.3
36
Ports 676
Test WebReputation threshold values 676
Deep Security Best Practice Guide 677
Maintain 677
Check your license information 677
Licensing for AzureMarketplace 678
Back up and restore your database 678
Microsoft SQL Server Database 679
Restore the database only 679
Restore both the Deep Security Manager and the database 680
Export objects in XML or CSV format 680
Import objects 681
Keep your security up to date 682
How do agents validate the content of updates provided by themanager? 682
Update Deep Security software 682
How updates are performed 683
Determine how to distribute the software updates 684
Import software updates into Deep Security Manager 684
Manually import software updates 684
Automatically import software updates 685
Delete a software package from the Deep Security database 685
Upgrade agents following an alert 686
Initiate an upgrade 687
Use a web server to distribute software updates 688
Web server requirements 688
Copy the folder structure 688
Configure agents to use the new software repository 690
Get and distribute security updates 690
Configure a security update source and settings 693
Trend Micro Deep Security for Azure Marketplace 10.3
37
Perform security updates 694
Special case: configure updates on a relay-enabled agent in an air-gapped environment 694
Check your security update status 695
See details about pattern updates 695
See details about rule updates 696
Disable emails for New Pattern Update alerts 697
Harden Deep Security 698
Protect Deep Security Manager with an agent 698
Replace the Deep Security Manager SSL certificate 699
See your trusted certificates 700
Replace the SSL certificate in aWindows environment 701
Create a new .keystore file and add your certificates to the cacerts file 701
Create a PKCS12 keychain file and import it into the new .keystore file 702
Configure Deep Security Manager to use the new .keystore file 703
Replace the SSL certificate in a Linux environment 704
Create a new .keystore file and add your certificates to the cacerts file 704
Create a PKCS12 keychain file and import it into the new .keystore file 705
Configure the Deep Security Manager to use the new .keystore file 706
Encrypt communication between the Deep Security Manager and the database 706
Encrypt communication between themanager and database 707
Microsoft SQL Server database (Linux) 707
Microsoft SQL Server (Windows) 708
Oracle Database 709
PostgreSQL 710
Running an agent on the database server 711
Disable encryption between themanager and database 711
Microsoft SQL Server database (Linux) 711
Microsoft SQL Server (Windows) 712
Oracle Database 712
Trend Micro Deep Security for Azure Marketplace 10.3
38
PostgreSQL 712
Change the Deep Security Manager database password 713
Change your Microsoft SQL Server password 713
Change your Oracle password 713
Change your PostgreSQL password 714
Enable Content Security Policy and HTTP Public Key Pinning 715
Add a content security policy or public key pin policy 715
Reset your configuration 715
Content security policy 715
Public key pin policy 716
Enforce user password rules 716
Specify password requirements 716
Use another identity provider for sign-on 717
Add amessage to the Deep Security Manager Sign In page 718
Present users with terms and conditions 718
Other Security settings 718
Set upmulti-factor authentication 718
Enablemulti-factor authentication 719
Disablemulti-factor authentication 720
Supportedmulti-factor authentication (MFA) applications 721
TroubleshootingMFA 721
What if my MFA is enabled but not working? 721
What if my MFA device is lost or stops working? 722
Configure alerts 722
View alerts in Deep Security Manager 723
Configure alert settings 723
Set up email notification for alerts 724
Turn alert emails on or off 725
Configure an individual user to receive alert emails 726
Trend Micro Deep Security for Azure Marketplace 10.3
39
Configure recipients for all alert emails 726
Generate reports about alerts and other activity 727
Set up a single report 727
Set up a recurring report 730
Customize the dashboard 731
Date and time range 732
Computers and computer groups 732
Filter by tags 733
Select dashboard widgets 734
Change the layout 734
Save andmanage dashboard layouts 735
Event collection in Deep Security 736
Where are event logs on the agent? 736
When are events sent to themanager? 736
How long are events stored? 737
System events 737
Security events 737
See the events associated with a policy or computer 738
View details about an event 738
Filter the list to search for an event 739
Export events 740
Improve logging performance 740
Log and event storage best practices 740
Troubleshooting 742
Limit log file sizes 742
Event logging tips 744
Apply tags to identify and group events 744
Manual tagging 745
Auto-tagging 746
Trend Micro Deep Security for Azure Marketplace 10.3
40
Set the precedence for an auto-tagging rule 746
Auto-tagging log inspection events 747
Trusted source tagging 747
Local trusted computer 748
How does Deep Security determine whether an event on a target computer matches an event on atrusted source computer? 748
Tag events based on a local trusted computer 749
Tag events based on the TrendMicro Certified Safe Software Service 749
Tag events based on a trusted common baseline 750
Delete a tag 751
Reduce the number of logged events 751
Rank events to quantify their importance 753
Web reputation event risk values 753
Firewall rule severity values 754
Intrusion prevention rule severity values 754
Integrity monitoring rule severity values 754
Log inspection rule severity values 754
Asset values 755
Forward Deep Security events to an external syslog or SIEM server 755
Forward system events to a syslog or SIEM server 756
Forward security events to a syslog or SIEM server 756
Forward security events directly from agent computers to a syslog or SIEM server 757
Forward security events from the agent computers via the Deep Security Manager 757
Define a syslog configuration 758
Troubleshooting 760
"Failed to Send SyslogMessage" alert 760
Can't edit syslog configurations 761
Can't see the syslog configuration sections of Deep Security Manager 761
Syslog not transferred due to an expired certificate 761
Trend Micro Deep Security for Azure Marketplace 10.3
41
Syslog not delivered due to an expired or changed server certificate 761
Syslog or SIEM servers used for testing 761
Syslogmessage formats 762
CEF syslogmessage format 762
LEEF 2.0 syslogmessage format 764
Events originating in theManager 765
System event log format 765
Events originating in the agent 766
Anti-malware event format 766
Application control event format 775
Firewall event log format 780
Integrity monitoring log event format 784
Intrusion prevention event log format 787
Log inspection event format 794
Web reputation event format 796
Configure Red Hat Enterprise Linux to receive event logs 798
Set up a Syslog on RedHat Enterprise Linux 6 or 7 798
Set up a Syslog on RedHat Enterprise Linux 5 799
Access events with Amazon SNS 800
Create an AWS user 800
Create an Amazon SNS topic 801
Enable SNS 801
Create subscriptions 802
JSON SNS configuration 802
Version 803
Statement 803
Topic 803
Condition 804
Bool 804
Trend Micro Deep Security for Azure Marketplace 10.3
42
Exists 805
IpAddress 806
NotIpAddress 806
NumericEquals 807
NumericNotEquals 808
NumericGreaterThan 809
NumericGreaterThanEquals 809
NumericLessThan 810
NumericLessThanEquals 811
StringEquals 811
StringNotEquals 812
StringEqualsIgnoreCase 813
StringNotEqualsIgnoreCase 813
StringLike 813
StringNotLike 814
Event Description 815
Event Data Types 815
Event Properties 816
Example events in JSON format 832
Example Configurations 834
Send all critical intrusion prevention events to an SNS topic 834
Send different events to different SNS topics 835
Multiple statements vs. multiple conditions 836
Multiple statements 836
Multiple conditions 837
DevOps, automation and scaling 837
DevOps, automation and scaling 837
Forward system events to a remote computer via SNMP 838
Lists of events and alerts 838
Trend Micro Deep Security for Azure Marketplace 10.3
43
Predefined alerts 839
Agent events 849
System events 853
Anti-malware events 877
What information is displayed for anti-malware events? 877
List of all anti-malware events 878
Firewall events 879
What information is displayed for firewall events? 880
List of all firewall events 881
Intrusion prevention events 888
What information is displayed for intrusion prevention events? 888
List of all intrusion prevention events 889
Integrity monitoring events 892
What information is displayed for integrity monitoring events? 892
List of all integrity monitoring events 893
Log inspection events 895
What information is displayed for log inspection events? 895
List of all log inspection events 896
Web reputation events 897
What information is displayed for web reputation events? 897
Add a URL to the list of allowed URLs 897
Troubleshoot common events, alerts, and errors 897
Why am I seeing firewall events when the firewall module is off? 898
Why am I getting "Unrecognized Client" events? 899
Troubleshoot "Smart Protection Server disconnected" errors 899
Check the error details 899
Is the issue on a Deep Security Virtual Appliance? 900
Error: Activation Failed 900
Activation Failed - Protocol Error 900
Trend Micro Deep Security for Azure Marketplace 10.3
44
Agent-initiated communication 901
Bidirectional communication 901
Activation Failed - Unable to resolve hostname 901
Activation Failed - No Agent/Appliance 901
Error: Agent version not supported 902
Error: Installation of Feature 'dpi' failed: Not available: Filter 902
Additional information 902
Error: Interface out of sync 903
Check the specific virtual computer interfaces 903
Check the virtual computer interface information in vCenter 903
Check the vmx file and the virtual computer interface information in Deep Security Manager 904
Check the virtual computer interface information in the Deep Security Virtual Appliance 904
WorkaroundOptions 905
Option 1 905
Option 2 905
Option 3 905
Further Troubleshooting 905
Error: Integrity Monitoring Engine Offline and other errors occur after activating a virtual machine 907
Error: Module installation failed (Linux) 907
Error: There are one or more application type conflicts on this computer 908
Resolution 908
Consolidate ports 909
Disable the inherit option 909
Error: Unable to connect to the cloud account 910
Your AWS account access key ID or secret access key is invalid 910
The incorrect AWS IAM policy has been applied to the account being used by Deep Security 910
NAT, proxy, or firewall ports are not open, or settings are incorrect 911
Error: Unable to resolve instance hostname 911
Error: Anti-malware engine offline 911
Trend Micro Deep Security for Azure Marketplace 10.3
45
Agent-based protection 912
If your agent is Windows: 912
If your agent is Linux: 913
Agentless protection 913
Error: Check Status Failed 914
Error: Log Inspection Rules Require Log Files 915
If the file's location is required: 915
If the files listed do not exist on the protectedmachine: 915
Alert: Integrity Monitoring information collection has been delayed 916
Alert: Thememory warning threshold of Manager Node has been exceeded 916
Increase the allocatedmemory on aWindows server 917
Increase the allocatedmemory on a Linux server 917
Verify thememory allocation change 917
Alert: Relay Update Service Unavailable 917
Alert: Manager TimeOut of Sync 918
Event: Max TCP connections 918
Warning: Reconnaissance Detected 919
Types of reconnaissance scans 919
Suggested actions 919
Warning: Insufficient disk space 920
Tips 921
Create andmanage users 921
Synchronize with an Active Directory 921
Filtering the Active Directory 922
Add or edit an individual user 923
Change a user's password 926
Lock out a user or reset a lockout 926
View system events associated with a user 926
Delete a user 926
Trend Micro Deep Security for Azure Marketplace 10.3
46
Define roles for users 926
Add or edit a role 928
Default settings for full access, auditor, and new roles 934
Add users who can only receive reports 942
Add or edit a contact 942
Delete a contact 942
Unlock a locked out user name 943
Unlock users as an administrator 943
Unlock administrative users from a command line 943
Implement SAML single sign-on 944
What are SAML and single sign-on? 944
How SAML single sign-on works in Deep Security 944
Establishing a trust relationship 944
Creating Deep Security accounts from user identities 944
Implement SAML single sign-on in Deep Security 945
Getting started with SAML single sign-on 946
Configure pre-set up requirements 946
Configure Deep Security as a SAML service provider 947
Configure SAML in Deep Security 948
Import your identity provider's SAMLmetadata document 948
Create Deep Security roles for SAML users 949
Provide information for your identity provider administrator 949
Download the Deep Security Manager service provider SAMLmetadata document 949
Send URNs and the Deep Security SAMLmetadata document to the identity provider administrator 949
SAML claims structure 950
Deep Security user name (required) 950
Sample SAML data (abbreviated) 950
Deep Security user role (required) 951
Sample SAML data (abbreviated) 951
Trend Micro Deep Security for Azure Marketplace 10.3
47
Maximum session duration (optional) 951
Sample SAML data (abbreviated) 951
Preferred language (optional) 952
Sample SAML data (abbreviated) 952
Test SAML single sign-on 952
Review the set-up 953
Create a Diagnostic Package 953
Service and identity provider settings 953
Navigate and customize Deep Security Manager 953
Group computers dynamically with smart folders 954
Create a smart folder 954
Edit a smart folder 956
Clone a smart folder 957
Focus your search using sub-folders 957
Automatically create sub-folders 958
Searchable Properties 958
General 958
AWS 961
Azure 962
vCenter 963
vCloud 963
Folder 964
Operators 964
View active Deep Security Manager nodes 965
Customize advanced system settings 967
Primary Tenant Access 967
Load Balancers 968
Multi-tenant Mode 968
Deep Security Manager Plug-ins 968
Trend Micro Deep Security for Azure Marketplace 10.3
48
SOAPWeb Service API 969
Status Monitoring API 969
Export 969
Whois 969
Licenses 970
Scan Cache Configurations 970
CPU Usage During Recommendation Scans 970
Logo 970
Manager AWS Identity 970
Application control 971
Meet PCI DSS requirements with Deep Security 976
Bypass vulnerability management scan traffic in Deep Security 977
Create a new IP list from the vulnerability scan provider IP range or addresses 977
Create firewall rules for incoming and outbound scan traffic 978
Assign the new firewall rules to a policy to bypass vulnerability scans 979
Upgrade Deep Security Manager VM for AzureMarketplace 979
Will my virtual machines still be protected during the upgrade? 980
Before you begin 980
Upgrade to the latest version 980
Migrate aMicrosoft SQL Server Express database to Enterprise 982
Uninstall Deep Security 984
Uninstall Deep Security Relay 984
Uninstall a relay (Windows) 984
Uninstall a relay (Linux) 985
Uninstall Deep Security Agent 985
Uninstall an agent (Windows) 985
Uninstall an agent (Linux) 986
Uninstall an agent (Solaris 9 or 10) 986
Uninstall an agent (Solaris 11) 987
Trend Micro Deep Security for Azure Marketplace 10.3
49
Uninstall an agent (AIX) 987
Uninstall an agent (HP-UX) 987
Uninstall Deep Security Notifier 987
Uninstall Deep Security Manager 987
Uninstall themanager (Windows) 987
Uninstall themanager (Linux) 988
FAQs 988
Deep Security release life cycle and support policy 988
Support milestones for major releases 989
Major release support services 989
How do I get news about Deep Security? 990
Deep Security Manager uses TLS 1.2 991
Support for TLS 1.2 onWindows computers 991
Support for TLS 1.2 on Linux computers 991
Use agent deployment scripts on older operating systems 992
Make DSVAs available to VMware vCenter 5.5 servers 992
Agent deployment scripts for older operating systems 992
Windows script 992
Linux script 993
Re-enable TLS 1.0 on the Deep Security Manager 994
How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment? 994
Troubleshooting 995
Troubleshooting common issues 995
Troubleshooting: Purple screen of death 996
Troubleshooting: "Offline" agent 996
Causes 996
Verify that the agent is running 997
Verify DNS 998
Allow outbound ports (agent-initiated heartbeat) 998
Trend Micro Deep Security for Azure Marketplace 10.3
50
Allow inbound ports (manager-initiated heartbeat) 999
Allow ICMP on Amazon AWS EC2 instances 1000
Troubleshooting: Security update connectivity 1000
Communication 1001
Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC) 1001
Why does my Windows machine lose network connectivity when I turn on protection? 1003
Enable diagnostic logging 1003
Start the Diagnostic Logging wizard 1003
Create a diagnostic package 1004
Create a diagnostic package for the Deep Security Manager 1004
Create a diagnostic package for an agent 1004
Create a diagnostic package for an agent from the Deep Security Manager 1005
Create a diagnostic package directly from an agent 1005
Why can't I addmy Azure server using the Azure cloud connector? 1006
Why can't I view all of the VMs in an Azure subscription in Deep Security? 1006
Trend Micro Deep Security for Azure Marketplace 10.3
51
Trend Micro Deep Security for Azure Marketplace 10.3
52
Get Started
Read the release notes
You can find the release notes for all Deep Security software on the Deep Security Softwarepage. On the page, click
next to the software item to reveal the link to the related release notes.
Buy Deep Security Manager from the Azure Marketplace
To buy Deep Security Manager from the Azure Marketplace, you first need to obtain a license forDeep Security. For help with obtaining one, contact [email protected].
Once you have a license, see "Deploy the Deep Security Manager VM for Azure Marketplace"on page 123 for instructions on how to purchase and install the Deep Security Manager VM, anddeploy Deep Security Agents to your Azure virtual machines.
https://help.deepsecurity.trendmicro.com/software.htmlmailto:[email protected]
Trend Micro Deep Security for Azure Marketplace 10.3
53
What's new?
Deep Security 10.3 feature release
Below are major changes in Deep Security 10.3, which is a feature release (see "Featurereleases" below for details about feature release support). For a list of new features that wereincluded in previous releases, choose a different Deep Security version from the version selectorat the top of the page.
l Cloud VDI (Amazon WorkSpaces support): Amazon WorkSpaces is a fully managed,secure desktop computing service that runs on the AWS cloud. Deep Security 10.3 offersimproved management capabilities for Amazon WorkSpaces. For more information, see"Add Amazon WorkSpaces" on page 255.
l Relay management: This release makes it easier to manage your relay-enabled agents.With previous releases, customers sometimes accidentally promoted Deep SecurityAgents to act as relays. With this release, the "Enable Relay" button has been removedfrom the Computers page. You can now perform all actions related to relays from the newAdministration > Relay Management page. For customers who have accidentallypromoted an agent to a relay, demoting the relay back to an agent is now a much simplerprocess. For more information, see "Distribute security and software updates with relays"on page 183.
Before you install
Feature releases
Major releases of Deep Security Manager, such as Deep Security Manager 10.0, are madeavailable on an annual basis, and include new functionality and enhancements for existingfunctionality. Feature Releases are interim versions of Deep Security that provide early accessto new functionality and are made available at regular intervals between major releases. Thismeans that with Feature Releases you can immediately benefit from new functionality withouthaving to wait for the next major release of Deep Security. Feature Releases meet the same
Trend Micro Deep Security for Azure Marketplace 10.3
54
quality and release criteria as major releases, and are intended for use in productionenvironments.
Feature Releases are comprised of new versions of Deep Security Manager and Agent. Thenew manager is compatible with both the new and older versions of agent. However, newfeatures in a Feature Release can require that both the new manager and the new agent areused. For information about which new features require an agent update, see “What’s New”.
While several Feature Releases may become available between major releases, thefunctionality of all Feature Releases is cumulative and is ultimately rolled into the next majorrelease, which continue to be made available on an annual basis. For example, if you are nowusing the latest major release of Deep Security, you can obtain the Deep Security FeatureRelease to immediately take advantage of new functionality that it provides.
Note: If you are constrained to longer adoption cycles, wait for the next major release tobenefit from the new functionality.
For more information about major releases and support services, see "Deep Security release lifecycle and support policy" on page 988.
Version numbers
You can easily distinguish major releases and Feature Releases by the version number:
l Major releases use the x.0.z version pattern, for example the 10.0 GM version number is10.0.3259, where 10 is the major version, 0 is the minor version, and 3259 is the buildnumber:l Maintenance update versions are distinguished on the Deep Security Software pagewith a “U” suffix, for example 10.0_U1.
l Maintenance updates have the build number incremented, for example the firstmaintenance update of 10.0 is 10.0.3271.
l Feature Releases increment the minor version number, for example 10.1.z, or 10.2.z,where z is the build number.
You can obtain Feature Releases from the Feature Releases tab on the Deep Security Softwarepage.
https://help.deepsecurity.trendmicro.com/software.htmlhttps://help.deepsecurity.trendmicro.com/software.html
Trend Micro Deep Security for Azure Marketplace 10.3
55
Feature release life cycle
Deep Security Feature Releases have a shorter life cycle than major releases, and you shouldupgrade to the next major release when it becomes available. If you do not upgrade, you riskrunning an unsupported version of Deep Security. To ease the challenges of scheduling theupgrade in your production environment, support for Feature Releases is provided until 6months after the next major release is available. The following diagram illustrates the timing ofFeature Release availability and the support duration with respect to that of the major releases.
Platform support
Feature Releases support the same platforms that the next major release supports. Do notequate the platform support of the current major release with that of Feature Releases. To see alist of older operating system versions and Deep Security Agents that are supported, see"Supported features by platform" on page 67.
Support services
Most support items are provided for Feature Releases.
Support itemMajorrelease
FeatureRelease
Deliverymechanism
Small enhancements (no change to core functionality) ✔ Update
Linux kernel updates ✔ ✔Linux KernelPackage (LKP)
General bug fixes ✔ Update
Trend Micro Deep Security for Azure Marketplace 10.3
56
Support itemMajorrelease
FeatureRelease
Deliverymechanism
Critical bug fixes (system crash or hang, or loss of majorfunctionality)
✔ ✔ Update or Hot-fix
Critical and high vulnerability fixes ✔ ✔ Update or Hot-fix
Medium and low vulnerability fixes ✔ Update
Anti-Malware pattern updates ✔ ✔iAU (ActiveUpdate)
Intrusion prevention system, integrity monitoring, and loginspection rules updates
✔ ✔ iAU
Support for Agents and Deep Security Manager on new versionsof supported operating systems
✔ Update
Although updates that include small enhancements, general bug fixes, and support for newversions of operating systems are not provided for Feature Releases, these improvements areincluded in new Feature Release versions. For example, if you use 10.1, to benefit from any ofthese support items you need to obtain 10.2 when it is released. You should use the currentlyavailable Feature Release to benefit from these continual improvements.
About the Deep Security components
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloudservers. It protects enterprise applications and data from breaches and business disruptionswithout requiring emergency patching. This comprehensive, centrally managed platform helpsyou simplify security operations while enabling regulatory compliance and accelerating the ROIof virtualization and cloud projects.
For information on the protection modules that are available for Deep Security, see "Protect" onpage 240.
Deep Security consists of the following set of components that work together to provideprotection:
Trend Micro Deep Security for Azure Marketplace 10.3
57
l Deep Security Manager, the centralized web-based management console thatadministrators use to configure security policy and deploy protection to the enforcementcomponents: the Deep Security Virtual Appliance and the Deep Security Agent.
l Deep Security Virtual Appliance is a security virtual machine built for VMware vSphereenvironments that agentlessly provides anti-malware and integrity monitoring protectionmodules for virtual machines in a vShield environment. In an NSX environment, the anti-malware, integrity monitoring, firewall, intrusion prevention, and web reputation modulesare available agentlessly.
l Deep Security Agent is a security agent deployed directly on a computer which providesapplication control, anti-malware, web reputation service, firewall, intrusion prevention,integrity monitoring, and log inspection protection to computers on which it is installed.
l The Deep Security Agent contains a Relay module. A relay-enabled agent distributessoftware and security updates throughout your network of Deep Security components.
l Deep Security Notifier is a Windows System Tray application that communicatesinformation on the local computer about security status and events, and, in the case ofrelay-enabled agents, also provides information about the security updates beingdistributed from the local machine.
System requirements
Each part of a Deep Security deployment has its own system requirements.
l "Deep Security Manager" on the next page
l "Deep Security Agent 10.3" on page 61
l "Deep Security Notifier" on page 62
Requirements vary by version. For older versions of Deep Security Manager, agents, or relays,see their documentation:
l Deep Security 9.6 SP1 or earlier
l Deep Security 10.0
l Deep Security 10.1
l Deep Security 10.2
http://docs.trendmicro.com/en-us/enterprise/deep-security.aspxhttps://help.deepsecurity.trendmicro.com/10/0/Get-Started/Install/system-requirements.htmlhttps://help.deepsecurity.trendmicro.com/10_1/azure/Get-Started/Install/system-requirements.htmlhttps://help.deepsecurity.trendmicro.com/10_2/azure/Get-Started/Install/system-requirements.html
Trend Micro Deep Security for Azure Marketplace 10.3
58
Deep Security Manager
For a list of agents versions that are compatible with this version of Deep Security Manager, see"Deep Security Manager - Agent compatibility by platform" on page 63.
System component Requirements
Minimummemory(RAM)
8GB RAM, which includes:
l 4 GB for heap memory
l 1.5 GB for the Java virtual machine
l 2 GB for the operating system
Minimum RAM requirements depend on the number of agents that arebeing managed. (See "Sizing" on page 86.)
Note:On Linux, reserved system memory is separate from process memory.Therefore, although the installer's estimate might be similar, it willdetect less RAM than the computer actually has. To verify thecomputer's actual total RAM, log in with a superuser account andenter:grep MemTotal /proc/meminfo
Minimum disk space 1.5 GB (5 GB+ recommended)
Operating systeml Red Hat Enterprise Linux 7 (64-bit)
l Red Hat Enterprise Linux 6 (64-bit)
l Red Hat Enterprise Linux 5 (64-bit)
l Windows Server 2016 (64-bit)
l Windows Server 2012 or 2012 R2 (64-bit)
l Windows Server 2008 or 2008 R2 (64-bit)
Deep Security Manager for AWS Marketplace requires AWS Linux (64-bit).
Trend Micro Deep Security for Azure Marketplace 10.3
59
System component Requirements
Databasel Microsoft SQL Server 2016
l Microsoft SQL Server 2014
l Microsoft SQL Server 2012
l Microsoft SQL Server 2008
l Microsoft SQL Server 2008 R2
l Oracle Database 12c
l Oracle Database 11g
l PostgreSQL 9.6. Distributions that have been tested for use withDeep Security are:l PostgreSQL Core Distribution
l Amazon RDS for PostgreSQL
l Microsoft SQL RDS or Oracle RDS
l Azure SQL Database (SaaS) (only with Deep Security ManagerVM for Azure Marketplace)
Disk space required varies by the size of the deployment, dataretention, and frequency of logging. See "Sizing" on page 86.
Minimum free disk space = (2 x database size) + transaction log
For example, if your database plus transaction log is 40 GB, you musthave 80 GB (40 x 2) of free disk space for database schema upgrades.To free disk space, delete any unnecessary event log data andtransaction logs.
Note:l Co-locate the database and all Deep Security Manager nodes inthe same physical data center, with a 1 Gb link or better toensure 2 ms latency or less between them.
l Microsoft SQL Server 2008 and Microsoft SQL Server 2008 R2
https://www.postgresql.org/download/https://aws.amazon.com/rds/postgresql/
Trend Micro Deep Security for Azure Marketplace 10.3
60
System component Requirements
are deprecated and will not be supported by future releases.Plan to migrate to a newer version of Microsoft SQL Server ifyou're using them.
l Microsoft SQL Server Express is supported in very limiteddeployments. See "Microsoft SQL Server Expressconsiderations" on page 121 for important details.
l Oracle Database Express (XE) is not supported.
l Oracle container database (CDB) configuration is not supportedwith Deep Security Manager multi-tenancy.
l Apache Derby, which provided an embedded database forproof-of-concept and testing in previous versions of DeepSecurity, is not supported anymore.
Web browser Cookies must be enabled.
l Firefox 52.0.1+
l Microsoft Internet Explorer 11+ or Edge
l Google Chrome 57+
l Apple Safari 9+ (for Mac)
Monitor 1024 x 768 resolution at 256 colors or higher
Supported DeepSecurity Agent,Relay, or VirtualAppliance versions
l Deep Security Agent, Relay, or Virtual Appliance 10.3
l Deep Security Agent, Relay, or Virtual Appliance 10.2
l Deep Security Agent, Relay, or Virtual Appliance 10.1
l Deep Security Agent, Relay, or Virtual Appliance 10.0
l Deep Security Agent, Relay, or Virtual Appliance 9.6
Note: Relays must be 64-bit. 32-bit relays are not supported.
Trend Micro Deep Security for Azure Marketplace 10.3
61
System component Requirements
For some platforms, the supported versions of Deep Security Agentlisted above do not exist. Deep Security Manager 10.3 supports olderagents on these specific platforms:
l Deep Security Agent 9.0 on AIX 5.3, 6.1, 7.1 or 7.2
l Deep Security Agent 9.0 on HP-UX 11.31
l Deep Security Agent 9.0 on Solaris 10 Update 4 - 10
l Deep Security Agent 10.0 on Solaris 10 Update 11 (1/13) orSolaris 11
Note: When using an older agent, you must go to Administration> System Settings > Update and select Allow supported 8.0 and 9.0Agents to be updated. Otherwise Deep Security will conserve diskspace by not downloading older update formats.
Deep Security Agent 10.3
Systemcomponent
Requirements
Minimummemory(RAM)
Total systemmemory
Windows
l all protection enabled: 2 GB RAM (4 GB recommended)
l Deep Security Relay feature only: 2 GB RAM (4 GB recommended)
Linux
l all protection enabled: 1 GB RAM (5 GB recommended)
l Deep Security Relay feature only: 1 GB RAM (4 GB recommended)
Note: Requirements vary by OS version. Some versions may requireless RAM. Less RAM is required also if you don't enable all DeepSecurity features.
Trend Micro Deep Security for Azure Marketplace 10.3
62
Systemcomponent
Requirements
Minimum diskspace
l all protection enabled: 1 GB
l without anti-malware: 500 MB
l Deep Security Relay feature only: 30 GB
Note: Deep Security Relay must store packages for each of your agents'platforms. If you have many different platforms, more disk space isrequired.
Operatingsystem
For compatible Docker and OS platforms, see "Deep Security Manager -Agent compatibility by platform" on the next page.
Note: Supported Deep Security features vary by platform.
Note: On supported versions of Microsoft Windows, you must have atleast PowerShell version 4.0 to run the agent deployment script.
Deep Security Notifier
If installed, Deep Security Notifier appears in the Windows system tray. If anti-malware islicensed and enabled, it indicates the statuses of Deep Security Agent. Supported platformsinclude:
l Windows Server 2016 (64-bit)
l Windows Server 2012 or 2012 R2 (64-bit)
l Windows Server 2008 R2 (64-bit)
l Windows Server 2008 (32-bit and 64-bit)
l Windows 10 (32-bit and 64-bit)
l Windows 8.1 (32-bit and 64-bit)
l Windows 8 (32-bit and 64-bit)
Trend Micro Deep Security for Azure Marketplace 10.3
63
l Windows 7 (32-bit and 64-bit)
l Windows XP (32-bit and 64-bit)
Deep Security Manager - Agent compatibility by platform
Deep Security Agent compatibility varies by platform. Deep Security Manager 10.3 supports theDeep Security Agents in the table below.
Note: Not all Deep Security features are available on all platforms. See "Supported featuresby platform" on page 67.
DSA 10.1, 10.2, or 10.3Feature Release
DSA 10.0 DSA 9.6
Windows
XP SP3 (32/64-bit) ✔ ✔2003 R2 SP2 (32/64-bit) ✔ ✔7 (32/64-bit) ✔ ✔ ✔2008 (32/64-bit) and 2008 R2 (64-bit) ✔ ✔ ✔8 (32/64-bit) ✔ ✔ ✔8.1 (32/64-bit) ✔ ✔ ✔10 (32/64-bit) ✔ ✔ ✔2012 and 2012 R2 (64-bit) ✔ ✔ ✔2016 (64-bit) ✔ ✔ ✔XP Embedded ✔ ✔
Trend Micro Deep Security for Azure Marketplace 10.3
64
DSA 10.1, 10.2, or 10.3Feature Release
DSA 10.0 DSA 9.6
Linux
Red Hat 5 (32/64-bit) ✔ ✔RedHat 6 (32/64-bit) ✔ ✔ ✔RedHat 7 (64-bit) ✔ ✔ ✔Ubuntu 10.04 LTS (64-bit) ✔Ubuntu 12.04 LTS (64-bit) ✔Ubuntu 14.04 LTS (64-bit) ✔ ✔Ubuntu 16.04 LTS (64-bit) ✔ ✔ ✔CentOS 5 (32/64-bit) ✔ ✔CentOS 6 (32/64-bit) ✔ ✔ ✔CentOS 7 (64-bit) ✔ ✔ ✔Debian 6 (64-bit) ✔Debian 7 (64-bit) ✔ ✔Debian 8 (64-bit) ✔ ✔ *Amazon EC2 Linux (64-bit) ✔ ✔ ✔Oracle Linux 5 (32/64-bit) ✔ ✔Oracle Linux 6 (32/64-bit) ✔ ✔ ✔Oracle Linux 7 (64-bit) ✔ ✔ ✔SUSE 10 SP3 & SP4 (32/64-bit) ✔SUSE 11 SP1, SP2, SP3, SP4 (32/64-bit) ✔ ✔ ✔SUSE 12 (64-bit) ✔ ✔ ✔Cloud Linux 5 (32/64-bit) ✔Cloud Linux 6 (32/64-bit) ✔ ✔Cloud Linux 7 (64-bit) ✔ ✔ ✔
SolarisSolaris 10 Update 11 (1/13) ✔
Solaris 11.2/11.3 ✔
* indicates Deep Security 10.0 Update 1
Note:Deep Security Manager 10.1, 10.2, and 10.3 only support Deep Security Agent 9.6 and above,with exceptions for 9.0 agents on the following platforms:
l Solaris 9
l Solaris 10, Update 1/13
l Solaris 11.2/11.3
l AIX 5.3
l AIX 6.1
Trend Micro Deep Security for Azure Marketplace 10.3
65
l AIX 7.1 (9.0 Agent for AIX 7.1 is also compatible with AIX 7.2)
l HP-UX 11.31
If Deep Security Manager 10.1, 10.2, or 10.3 are managing any of the above 9.0 agents, go toAdministration > System Settings > Update, and then select Allow supported 8.0 and 9.0Agents.
Docker support
You can use Deep Security 10.0 or later to protect Docker hosts and containers running on Linuxdistributions. Windows is not supported.
With each Deep Security release, Deep Security supports the last two stable releases of DockerCommunity Edition (CE) and Docker Enterprise Edition (EE). (See Announcing DockerEnterprise Edition.) We do not officially support Docker Edge releases, but strive to test againstDocker Edge releases to the best of our ability.
Support for new stable Docker releases is introduced with each release of Deep Security. Werecommend that you refrain from upgrading to the latest stable release of Docker until TrendMicro documents the support statements for the latest Deep Security release.
Deep Security release Supported Docker Releases
Deep Security 10.0 Docker v1.12.x, v1.13.x
Deep Security 10.1 Docker 17.03-ce, v1.13.x
Deep Security 10.2 Docker 17.03, 17.06
Deep Security 10.3 Docker 17.03, 17.06
Deep Security is committed to supporting the environments, configurations, and platformssupported by Docker: https://docs.docker.com/engine/installation/.
Before deploying Deep Security into your target environment, you should ensure that Dockersupports your target environment and platform configuration.
https://blog.docker.com/2017/03/docker-enterprise-edition/https://blog.docker.com/2017/03/docker-enterprise-edition/https://docs.docker.com/engine/installation/
Trend Micro Deep Security for Azure Marketplace 10.3
66
Deep Security Agent Linux kernel support
l Deep Security Agent 10.3 Linux kernel support
l Deep Security Agent 10.2 Linux kernel support
l Deep Security Agent 10.1 Linux kernel support
l Deep Security Agent 10.0 Linux kernel support
l Deep Security Agent 9.6 SP1 Linux kernel support
l Deep Security Agent 9.5 SP1 Linux kernel support
http://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/10.3/Deep_Security_10_3_kernels_EN.htmlhttp://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/10.2/Deep_Security_10_2_kernels_EN.htmlhttp://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/10.1/Deep_Security_10_1_kernels_EN.htmlhttp://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/10.0/Deep_Security_10_kernels_EN.htmlhttp://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/9.6/Deep_Security_96_SP1_kernels_EN.htmlhttp://files.trendmicro.com/documentation/guides/deep_security/Kernel Support/9.5/Deep_Security_95_SP1_kernels_EN.html
Trend Micro Deep Security for Azure Marketplace 10.3
67
Supported features by platform
Available Deep Security 10.3 features vary by operating systems and platforms and which version of the Deep Security Agent (if any) is installed.
For previous versions of Deep Security, see "Supported Features by Platform documentation for previous versions of Deep Security" on page 86.
For information on what agent versions the Deep Security Manager 10.3 supports for each operating system, see "Deep Security Manager - Agent compatibility by platform"on page 63.
Platforms
l "Windows (10.3 Agents)" on the next page
l "Red Hat Enterprise Linux (10.3 Agents) " on page 71
l "CentOS (10.3 Agents) " on page 72
l "Oracle Linux (10.3 Agents) " on page 73
l "SUSE Linux (10.3 Agents) " on page 74
l "Ubuntu (10.3 Agent) " on page 75
l "Debian (10.3 Agent) " on page 75
l "Cloud Linux (10.3 Agent) " on page 76
l "Amazon (10.3 Agents) " on page 76
l "Azure (10.3 Agents) " on page 79
l "Agentless (NSX) (10.3 Agents) " on page 81
Trend Micro Deep Security for Azure Marketplace 10.3
68
Windows (10.3 Agents)
Anti-Malware
Web
Reputation
Service
Firewall
Intrusion
Prevention
System
Integrity
Monitoring
Log
Inspection
Application
Control
Recomm-
endation
Scan
Relay Scanner
Real-time On-demand Real-time On-demand
Feature
set 1
Feature
set 2
Feature
set 1
Feature
set 2
Unencrypted
Traffic
SSL
Encrypted
Traffic
File and
Directory
Scans
Scans of Running
Services,
Processes, Listening
Ports
File and
Directory
Scans
Registry
Scans
Scans of Running
Services,
Processes, Listening
Ports
Windows 7 32 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 7 64 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server 2008
32
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server 2008
64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server 2008
R2 64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 8 32 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 8 64 ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Trend Micro Deep Security for Azure Marketplace 10.3
69
Anti-Malware
Web
Reputation
Service
Firewall
Intrusion
Prevention
System
Integrity
Monitoring
Log
Inspection
Application
Control
Recomm-
endation
Scan
Relay Scanner
Real-time On-demand Real-time On-demand
Feature
set 1
Feature
set 2
Feature
set 1
Feature
set 2
Unencrypted
Traffic
SSL
Encrypted
Traffic
File and
Directory
Scans
Scans of Running
Services,
Processes, Listening
Ports
File and
Directory
Scans
Registry
Scans
Scans of Running
Services,
Processes, Listening
Ports
Windows 8.1
32✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 8.1
64✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
32✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
64✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
32 TH2✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
64 TH2✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
RS2 32✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows 10
RS2 64✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Trend Micro Deep Security for Azure Marketplace 10.3
70
Anti-Malware
Web
Reputation
Service
Firewall
Intrusion
Prevention
System
Integrity
Monitoring
Log
Inspection
Application
Control
Recomm-
endation
Scan
Relay Scanner
Real-time On-demand Real-time On-demand
Feature
set 1
Feature
set 2
Feature
set 1
Feature
set 2
Unencrypted
Traffic
SSL
Encrypted
Traffic
File and
Directory
Scans
Scans of Running
Services,
Processes, Listening
Ports
File and
Directory
Scans
Registry
Scans
Scans of Running
Services,
Processes, Listening
Ports
Windows
Server 2012
64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server 2012
R2 64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server Core
2012 64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
Server Core
2012 R2 64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Windows
server 2016
64
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Trend Micr