Contents

TDR and Trend Micro

Deployment Overview

Threat Detection and Response (TDR) is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats.

As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection. In some cases, the TDR Host Sensor might have conflicts with the antivirus software installed on your endpoints. To resolve this issue, you can configure exclusions in the antivirus software and in TDR.

This document includes information about the integration of a TDR Host Sensor with a host that runs Trend Micro software. It does not describe the procedure to set up Threat Detection and Response. For information about how to set up your TDR account, how to enable TDR on a Firebox, and how to install a Host Sensor, see Quick Start — Set Up Threat Detection and Response.

This integration includes Trend Micro Worry-Free Business Security Services and Trend Micro Apex One as a Service.

Integration Summary

To avoid conflicts between the TDR Host Sensor and Trend Micro, add these exclusions:

  • Exclusions in TDR for Trend Micro Worry-Free Business Security Services — For Windows:
    • C:\Program Files (x86)\Trend Micro\
    • C:\Program Files\Trend Micro\
    • C:\ProgramData\Trend Micro\
  • Exclusions in TDR for Trend Micro Worry-Free Business Security Services — For Mac:
    • /Library/Application Support/TrendMicro/
  • Exclusions in TDR for Trend Micro Apex One as a Service— For Windows:
    • C:\Program Files (x86)\Trend Micro\
    • C:\Program Files\Trend Micro\
    • C:\ProgramData\Trend Micro\
    • C:\Users\Administrator\AppData\Local\Trend Micro\
  • Exclusions in TDR for Trend Micro Apex One as a Service— For Mac:
    • /Library/Application Support/TrendMicro/
  • Exclusions in Trend Micro Worry-Free Business Security Services for the TDR Host Sensor — For Windows:
    • C:\Program Files (x86)\WatchGuard\Threat Detection and Response\
    • C:\Program Files\WatchGuard\Threat Detection and Response\
  • Exclusions in Trend Micro Apex One as a Service for the TDR Host Sensor — For Windows:
    • C:\Program Files (x86)\WatchGuard\Threat Detection and Response\
    • C:\Program Files\WatchGuard\Threat Detection and Response\
  • Exclusions in Trend Micro Worry-Free Business Security Services for the TDR Host Sensor — For Mac:
    • /usr/local/watchguard/
    • /Applications/WatchGuard/
  • Exclusions in Trend Micro Apex One as a Service for the TDR Host Sensor — For Mac:
    • /usr/local/watchguard/
    • /Applications/WatchGuard/

If the Host Sensor and Trend Micro software detect and respond to a threat at the same time, this can cause high utilization of system resources such as CPU, memory, and disk I/O.

Configuration Details

To complete this deployment, you must have:

  • An active Threat Detection and Response subscription with Host Sensor licenses
  • Trend Micro Worry-Free Business Security Services (Windows):
    • Trend Micro Security Agent 6.6.2501/14.1.1548
  • Trend Micro Apex One as a Service (Windows):
    • Trend Micro Apex One Security Agent 14.0.4033
  • Trend Micro Worry-Free Business Security Services (Mac):
    • Trend Micro Security Agent 3.5.1134
  • Trend Micro Apex One as a Service(Mac):
    • Trend Micro Apex One Security Agent 3.5.3028

The TDR and Fireware versions tested for this deployment included:

  • TDR Host Sensor 5.8.1.8987
  • Firebox with Fireware v12.5 or higher

The Windows test environment for this deployment included:

  • Windows 7, 8.1, 10 Enterprise 64-bit Operating System
  • Memory (RAM) — 8 GB
  • Processor — 2 CPU Cores

The Mac test environment for this deployment included:

  • macOS 10.13
  • Memory (RAM) — 8 GB
  • Processor — Intel Core i5

Configure Exclusions in TDR

In your TDR account, add the exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. Before you deploy a Host Sensor on computers that have Trend Micro installed, add exclusions for the Trend Micro file paths as TDR Exclusions in your TDR account.

In your TDR account, add the TDR exclusions for the paths shown in the Integration Summary.

Unless otherwise noted, configure each TDR exclusion with these options, which are selected by default:

  • Also exclude subfolders
  • Entities to exclude: Files and Processes

To add an exclusion in TDR:

  1. Log in to your TDR account or managed account as a user with Operator privileges.
  2. Select Configuration > Exclusion.
  3. Click Add Exclusion.
    The Add Exclusion dialog box appears.
  4. In the Path text box, type the path to exclude. Folders specified in an exclusion must end with a backslash.
  5. To apply the exception to all hosts, in the Hosts / Groups text box, specify the group All Hosts.
  6. Click Save & Close.

Repeat these steps to add each exclusion.

Configure Exclusions in Trend Micro Worry-Free Business Security Services

To prevent conflicts between the Trend Micro Worry-Free Business Security Services and TDR, we recommend you add exclusions in Trend Micro Worry-Free Business Security Services for the paths indicated for the TDR Host Sensor in the Integration Summary.

To add an exclusion in Trend Micro Worry-Free Business Security Services — For Windows:

  1. Log in to the Trend Micro Customer Licensing Portal with your account credentials, and then click Open console.
  2. Click Security Agents.
    A group tree with all devices and servers appears.
  3. Click Manual Groups > Device (Default).
  4. Select the group that you want to configure, and click Configure Policy.
  5. From the navigation, select Windows OS and then click Exception Lists > Scan Exclusions.
  6. On the Target tab, in the Real-Time Scan / Scheduled Scan / Manual Scan section, click +Add.
  7. Copy and paste the paths we provide in this guide, make sure that Real-Time Scan, Scheduled Scan and Manual Scan are selected. Then click Add.
  8. Click Save.

To add an exclusion in Trend Micro Worry-Free Business Security Services — For Mac:

  1. Log in to the Trend Micro Customer Licensing Portal with your account credentials, and then click Open console.
  2. Click Security Agents.
    A group tree with all devices and servers appears.
  3. Click Manual Groups > Device (Default).
  4. Select the group that you want to configure, right click the group name, and click Configure Policy.
  5. From the navigation, select Mac OS and then click Exception Lists > Scan Exclusions.
  6. In the Scan Exclusion Lists section, click +Add.
  7. Type the TDR path to exclude, click Add.
  8. Click Save.

Configure Exclusions in Trend Micro Apex One as a Service

To exclude directories used by the TDR Host Sensor, add the exclusions for the paths listed in the Integration Summary.

There are two ways to exclude directories in Trend Micro Apex One For Windows. You can choose either method.

To add an exclusion in Trend Micro Apex One as a Service in client — For Windows:

  1. Open Security Agent Console in client.
  2. Click Unlock icon.
  3. Click Settings icon.
  4. Click Protection > Exclusions.
  5. In the Directories text box, type the TDR path, click Add.
  6. Click Apply > OK.
  7. Click Lock icon.

To add an exclusion in Trend Micro Apex One as a Service in web console — For Windows:

  1. Log in to the Trend Micro Customer Licensing Portal with your account credentials, and then click Open console.
  2. Click Policies > Policy Management.
  3. From the Product drop-down list select Apex One Security Agent.
  4. Click Create, in the Policy Name text box type a name.
  5. In the Targets section, check Filter by Criteria and then click Set Filter.
  6. In the Filter by Criteria section, check Operating systems.
  7. From the Operating systems drop-down list, select Windows 7, Windows 8 and Windows 10.
    You can choose other criteria as you want.
  8. Click Save.
  9. Unfold Scheduled Scan Settings > Scan Exclusion.
  10. Check Enable scan exclusion, in the Scan Exclusion List (Directories) text box, type the TDR path.
  11. Click +.
  12. Click Deploy.

To add an exclusion in Trend Micro Apex One as a Service — For Mac:

  1. Log in to the Trend Micro Customer Licensing Portal with your account credentials, and then click Open console.
  2. Click Policies > Policy Management.
  3. From the Product drop-down list select Apex One (Mac).
  4. Click Create, in the Policy Name text box type a name.
  5. In the Targets section, check Filter by Criteria and then click Set Filter.
  6. In the Filter by Criteria section, check Operating systems.
  7. From the Operating systems drop-down list, select Mac OS.
  8. Click Save.
  9. Unfold Scan Exclusion Settinigs, check Enable scan exclusion.
  10. In the Scan Exclusion List (Files) text box, type the TDR path.
  11. Click Add.
  12. Click Deploy.

For information about the integration testing methodology, see TDR Testing Methodology.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search