Views:
Smart Protection Network integration is available for your computers and workloads through Anti-Malware and Web Reputation modules. Smart Feedback, which is set at the system level, allows you to provide continuous feedback to the Smart Protection Network.
For more about Trend Micro's Smart Protection Network, see Smart Protection Network.
If you are operating in a FedRAMP (Federal Risk and Authorization Management Program) environment, you cannot use Smart Feedback. If you have already enabled Smart Feedback, you must disable it.
In this topic:
See also Smart Protection Server documentation for instructions on manually deploying the server.

Benefits of Smart Scan Parent topic

Smart Scan provides the following features and benefits:
  • Provides fast, real-time security status lookup capabilities in the cloud.
  • Reduces the overall time it takes to deliver protection against emerging threats.
  • Reduces network bandwidth consumed during pattern updates. The bulk of pattern definition updates only needs to be delivered to the cloud, not to many endpoints.
  • Reduces the cost and overhead associated with corporate-wide pattern deployments.

Enable Smart Scan Parent topic

Smart Scan is available in the Anti-Malware module. It leverages Trend Micro's Smart Protection Network to allow local pattern files to be small and reduces the size and number of updates required by agents. When Smart Scan is enabled, the agent downloads a small version of the much larger full malware pattern from a Smart Protection Server. This smaller pattern can quickly identify files as either confirmed safe or possibly dangerous. Possibly dangerous files are compared against the larger complete pattern files stored on Trend Micro Smart Protection Servers to determine with certainty whether they pose a danger or not.
Without Smart Scan enabled, your relay agents must download the full malware pattern from a Smart Protection Server to be used locally on the agent. The pattern is only updated as scheduled security updates are processed. The pattern is typically updated once per day for your agents to download and is around 120 MB.
Verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs (see Port numbers for a list of URLs). If connectivity is blocked by a firewall, proxy, or AWS security group or if the connection is unreliable, it reduces Anti-Malware performance.

Procedure

  1. Go to Policies.
  2. Double-click a policy.
  3. Go to Anti-Malware Smart Protection.
  4. In the Smart Scan section, either:
    • Select Inherited if the parent policy has Smart Scan enabled.
    • Deselect Inherited, and then select either On.
  5. Click Save.
    A computer configured to use Smart Scan does not download full anti-malware patterns locally. Therefore, if your Anti-Malware license expires while a computer is configured to use Smart Scan, disabling Smart Scan does not result in local patterns being used to scan for malware since no anti-malware patterns are present locally.

Smart Protection Server for File Reputation Service Parent topic

Smart Protection Server for File Reputation Service is available in the Anti-Malware module. It supplies file reputation information required by Smart Scan.
To edit Smart Protection Server for File Reputation Service:

Procedure

  1. Go to Computers or Policies Anti-Malware Smart Protection.
  2. You can select to connect directly to Trend Micro's Smart Protection Server or to connect to one or more locally installed Smart Protection Servers.
  3. If you want to use a proxy for communication between agents and the Smart Protection Network, Trend Micro recommends that you create a proxy server specifically for the Smart Protection Network. You can view and edit the list of available proxies on the Proxies tab on the Administration System Settings page. For information on proxy protocols, see Supported proxy protocols.
    After you select a proxy, you need to restart any agents that will be using it.
  4. Select When off domain, connect to global Smart Protection Service (Windows and macOS only) to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller. This option is for Windows and macOS agents only.
    If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself.
  5. Set the Smart Protection Server Connection Warning to generate error events and alerts when a computer loses its connection to the Smart Protection Server.

Web Reputation and Smart Protection Parent topic

Smart Protection Server for Web Reputation supplies web reputation information required by the web reputation module.
To edit Smart Protection Server for Web Reputation Service:

Procedure

  1. Go to Computers or Policies Web Reputation Smart Protection.
  2. You can select to connect directly to Trend Micro's Smart Protection Server or to connect to one or more locally installed Smart Protection Servers.
  3. If you want to use a proxy for communication between agents and the Smart Protection Network, you should create a proxy server specifically for the Smart Protection Network. You can view and edit the list of available proxies on the Proxies tab on the Administration System Settings page. For information on proxy protocols, see Supported proxy protocols.
    After you select a proxy, you need to restart any agents that will be using it.
  4. Select When off domain, connect to global Smart Protection Service (Windows and macOS only) to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller. This option is for Windows and macOS agents only.
    If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself.
  5. Set Smart Protection Server Connection Warning to generate error events and alerts when a computer loses its connection to the Smart Protection Server.

Smart Feedback Parent topic

Trend Micro Smart Feedback provides continuous communication between Trend Micro products and the company's 24/7 threat research centers and technologies. With Smart Feedback, products become an active part of the Trend Micro Smart Protection Network, where large amounts of threat data is shared and analyzed in real time. This interconnection enables never before possible rates of analysis, identification, and prevention of new threats-a level of responsiveness that addresses the thousands of new threats and threat variants released daily.
Trend Micro Smart Feedback is a system setting in Workload Security. When enabled, Smart Feedback shares protected threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats. By default, Smart Feedback is enabled. You can disable it or adjust its settings by going to Administration System Settings Smart Feedback.
Note
Note
macOS agents support only the enabling and disabling of Smart Feedback. The parameters associated with Smart Feedback, such as selecing an industry and setting the frequency of sending feedback and the maximum bandwidth, are not supported by macOS agents. Other agents do support these parameters.
Smart Feedback uses the agents, appliances, and relays (security updates) proxy selected in the Proxy Server Use section on the Administration System Settings Proxies tab.

Disable Smart Feedback Parent topic

If you are operating in a FedRAMP (Federal Risk and Authorization Management Program) environment, you need to disable Smart Feedback:
1. In the Workload Security console, click **Administration** at the top.
2. Select **System Settings** on the left.
3. In the main pane, select the **Smart Feedback** tab.
4. Deselect **Enable Trend Micro Smart Feedback (recommended)**.
5. Select **Save**.