Smart Protection in Deep Security

Smart Protection Network integration is available for your computers and workloads through anti-malware and web reputation modules. Smart Feedback, which is set at the system level, allows you to provide continuous feedback to the Smart Protection Network.

For more about Trend Micro's Smart Protection Network, see Smart Protection Network.

In this topic:

See also Integrate with Smart Protection Server for AWS deployment instructions and Smart Protection Server documentation for instructions on manually deploying the server.

Anti-malware and Smart Protection

Benefits of Smart Scan

Smart Scan provides the following features and benefits:

  • Provides fast, real-time security status lookup capabilities in the cloud.
  • Reduces the overall time it takes to deliver protection against emerging threats.
  • Reduces network bandwidth consumed during pattern updates. The bulk of pattern definition updates only needs to be delivered to the cloud, not to many endpoints.
  • Reduces the cost and overhead associated with corporate-wide pattern deployments.

Enable Smart Scan

Smart Scan is available in the anti-malware module. It uses Trend Micro's Smart Protection Network to allow local pattern files to be small and reduces the size and number of updates required by agents and Appliances. When Smart Scan is enabled, the agent downloads a small version of the much larger full malware pattern from a Smart Protection Server. This smaller pattern can quickly identify files as either confirmed safe or possibly dangerous. Possibly dangerous files are compared against the larger complete pattern files stored on Trend Micro Smart Protection Servers to determine with certainty whether they pose a danger or not.

Without Smart Scan enabled, your relay agents must download the full malware pattern from a Smart Protection Server to be used locally on the agent. The pattern will only be updated as scheduled security updates are processed. The pattern is typically updated once per day for your agents to download and is around 120 MB.

You should verify that the computer can reliably connect to the global Trend Micro Smart Protection Network URLs. For details, see Port numbers, URLs, and IP addresses. If connectivity is blocked by a firewall, proxy, or AWS security group, or if the connection is unreliable, it anti-malware performance is reduced.

  1. Go to Policies.
  2. Double-click a policy.
  3. Go to Anti-Malware > Smart Protection.
  4. In the Smart Scan section, either:

    • Select Inherited (if the parent policy has Smart Scan enabled).
    • Deselect Inherited, and then select either On or On for Deep Security Agent, Off for Virtual Appliance.
  5. Click Save.

A computer that is configured to use Smart Scan does not download full anti-malware patterns locally. Therefore, if your anti-malware license expires while a computer is configured to use Smart Scan, switching Smart Scan off does not result in local patterns being used to scan for malware since no anti-malware patterns is present locally.

Smart Protection Server for File Reputation Service

Smart Protection Server for File Reputation Service is available in the anti-malware module. It supplies file reputation information required by Smart Scan.

You edit Smart Protection Server for File Reputation Service as follows:

  1. Go to Computers or Policies > Anti-Malware > Smart Protection.
  2. Select to connect directly to Trend Micro's Smart Protection Server or to connect to one or more locally installed Smart Protection Servers.
  3. If you want to use a proxy for communication between agents and the Smart Protection Network, you should create a proxy server specifically for the Smart Protection Network. You can view and edit the list of available proxies on the Proxies tab on the Administration > System Settings page. For information on proxy protocols, see Supported proxy protocols.
    After selecting a proxy, you need to restart any agents that will be using it.
  4. Select the When off domain, connect to global Smart Protection Service (Windows only) option to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller (this option is for Windows agents only).
    If you have a locally installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself.
  5. Set Smart Protection Server Connection Warning to generate error events and alerts when a computer loses its connection to the Smart Protection Server.

Web Reputation and Smart Protection

Smart Protection Server for Web Reputation supplies web reputation information required by the web reputation module.

You edit Smart Protection Server for Web Reputation Service as follows:

  1. Go to Computers or Policies > Web Reputation > Smart Protection.
  2. Select to connect directly to Trend Micro's Smart Protection Server or to connect to one or more locally installed Smart Protection Servers.
  3. If you want to use a proxy for communication between agents and the Smart Protection Network, you should create a proxy server specifically for the Smart Protection Network. You can view and edit the list of available proxies on the Proxies tab on the Administration > System Settings page. For information on proxy protocols, see Supported proxy protocols.
    After you select a proxy, you need to restart any agents that will be using it.
  4. Select When off domain, connect to global Smart Protection Service (Windows only) to use the global Smart Protection Service if the computer is off domain. The computer is considered to be off domain if it cannot connect to its domain controller (this option is for Windows agents only).
    If you have a locally-installed Smart Protection Server, this option should be set to Yes on at least one computer so that you are notified if there is a problem with the Smart Protection Server itself.
  5. Set Smart Protection Server Connection Warning to generate error events and alerts when a computer loses its connection to the Smart Protection Server.

Smart Feedback

Trend Micro Smart Feedback provides continuous communication between Trend Micro products and the company's 24/7 threat research centers and technologies. With Smart Feedback, products become an active part of the Trend Micro Smart Protection Network, where large amounts of threat data is shared and analyzed in real time. This interconnection enables never before possible rates of analysis, identification, and prevention of new threats-a level of responsiveness that addresses the thousands of new threats and threat variants released daily.

Trend Micro Smart Feedback is a system setting in the Deep Security Manager. When enabled, Smart Feedback shares protected threat information with the Smart Protection Network, allowing Trend Micro to rapidly identify and address new threats. By default, Smart Feedback is enabled. You can disable it or adjust its settings by going to Administration > System Settings > Smart Feedback.

Smart Feedback uses Update Source Proxy in the Relay Group Properties area via Administration > Updates > Relay Management. For details, see Connect to the Primary Security Update Source via proxy.