Detect emerging threats using Predictive Machine Learning

Use Predictive Machine Learning to detect unknown or low-prevalence malware. (For more information, see Predictive Machine Learning.)

Predictive Machine Learning uses the Advanced Threat Scan Engine (ATSE) to extract file features and sends the report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart Protection Network. To enable Predictive Machine Learning, perform the following tasks:

  1. Ensure Internet connectivity
  2. Enable Predictive Machine Learning

As with all detected malware, Predictive Machine Learning logs an event when it detects malware. (See Event collection in Deep Security.) You can also create an exception for any false positives. (See Create anti-malware exceptions.)

Ensure Internet connectivity

Predictive Machine Learning requires access to the Global Census Service and Predictive Machine Learning Service that are hosted on the Smart Protection Network. If your Deep Security Agents or Virtual Appliance cannot access the Internet directly, configure a proxy to enable access.

When agents or your virtual appliance cannot connect to the Global Census Service or Predictive Machine Learning Service, Predictive Machine Learning does not function correctly and your protection is downgraded. For example, new or unknown ransomware might not be detected.

Deep Security does not ensure that your proxy settings are valid. If you have configured the Smart Protection Server proxy settings in the computer or policy editor, you may want to use the same settings (go to Anti-Malware > Smart Protection > Smart Protection Server for File Reputation Service).

Configure the proxy settings in a policy or for individual computers.

  1. In the policy or computer editor, go to Settings > General.
  2. In the Network Setting for Census, Good File Reputation Service, and Predictive Machine Learning section, if the Inherited check box is selected, the proxy settings are inherited from the parent policy. To change the settings for this policy or computer, clear the check box.
  3. Ensure that When accessing Global Server, use proxy check box is selected, and in the list select New.
  4. In the dialog box that appears, configure the proxy settings.

Enable Predictive Machine Learning

Predictive Machine Learning is configured as part of a real-time scan configuration that is applied to a policy or individual computer. (See Configure malware scans.) After you configure the scan configuration, apply it to a policy or computer.

Predictive Machine Learning protects only the files and directories that real-time scan is configured to scan. See Specify the files to scan.

These settings can only be applied to the real-time scan configuration for Windows computers.

  1. Go to Policies > Common Objects > Other > Malware Scan Configurations.
  2. Select the real-time scan configuration to configure and click Details.

    You can also create a new real-time scan configuration if desired.

  3. On the General tab, under Predictive Machine Learning, select Enable Predictive Machine Learning.
  4. Click OK.
  5. Open the policy or computer editor to which you want to apply the scan configuration and go to Anti-Malware > General.
  6. Ensure that Anti-Malware State is On or Inherited (On).
  7. In the Real-Time Scan section, select the malware scan configuration.
  8. Click Save.