User's Guide
The User's Guide describes how to configure and manage the components of Vulnerability ProtectionDeep Security from the system in general to configuration of the individual protection modules.
- Quick Start: System Configuration: A guide to configuring the basic Vulnerability ProtectionDeep Security system settings from enabling regular automatic Security Updates to setting up email notifications.
- Quick Start: Protecting a Server: A guide to protecting a standard Windows server with Deep Security.
- Quick Start: Protecting a Computer: A guide to protecting a standard Windows computer with Vulnerability Protection.
- System: Describes the functionality and configuration of Vulnerability ProtectionDeep Security system settings:
- Communication describes how the different Vulnerability ProtectionDeep Security components communicate with each other.
- Customize the Dashboard describes how to create and save customized dashboard layouts.
- Email Notifications describes how to configure Vulnerability ProtectionDeep Security to send email notifications of important Vulnerability ProtectionDeep Security Events to various users.
- Alerts describes how to configure which Events will raise Alerts, what the severity of those Alerts will be, and whether to send email notifications of the Alerts.
- Port Scan Settings describes how to set which ports are scanned during one of Vulnerability ProtectionDeep Security's Port Scans.
- Syslog Integration (SIEM) describes how to configure Vulnerability ProtectionDeep Security to send Events to a SIEM via Syslog.
- Relay Groups describes how to configure and use Relay Groups to automate the process of keeping your Vulnerability ProtectionDeep Security system updated with the latest security and software updates from Trend Micro.
- Security Updates describes how to manage Vulnerability ProtectionDeep Security Security Updates.
- Software Updates describes how to manage Vulnerability ProtectionDeep Security software updates.
- Virtual Appliance Scan Caching describes how to take advantage of the Vulnerability ProtectionDeep Security Appliance's scan caching ability which significantly improves the performance of Malware and Integrity scanning on virtual machines.
- User Management describes how to manage Users of Vulnerability ProtectionDeep Security including how to use role-based access control to restrict the access of Users specific areas of Vulnerability ProtectionDeep Security and your network.
- Database Backup and Recovery describes how to perform (and automate) a backup of your Vulnerability ProtectionDeep Security data.
- Adding Computers: To protect computers with Vulnerability ProtectionDeep Security, they must first be added to the Computers list in the Vulnerability ProtectionDeep Security Manager. New computers can be added to your Computers List by:
- Importing computers from a local network If you are protecting computers on a locally accessible network you can add them individually by supplying their IP address or hostname or you can perform a Discovery operation to search for all computers visible to the Vulnerability ProtectionDeep Security Manager.
- Importing a Directory You can import a Microsoft Active Directory or any other LDAP-based directory service.
- Importing computers from a VMware vCenter You can import a VMware vCenter and provide the hosted VMs with Agent-based or Agentless protection.
- Importing computers from a Cloud Provider You can import virtual machines being hosted on VMware vCloud, Amazon EC2, or Microsoft Azure infrastructures.
- Using a deployment script If you are going to be adding/protecting a large number of computers you may want to automate the process of installing and activating Agents. You can use the Vulnerability ProtectionDeep Security Manager's deployment script generator to generate scripts you can run on your computers which will install the Agents and optionally perform subsequent tasks like activation and Policy assignment. The scripts are also useful as a starting
template to create your own customized scripts to execute various additional available commands.
- Deploying Protection: How to enable protection on your computers using the Vulnerability ProtectionDeep Security Agent or Agentlessly using the Vulnerability ProtectionDeep Security Virtual Appliance.
- Protection Modules: Describes configuration of the Vulnerability ProtectionDeep Security protection modules.
- The Anti-Malware module protects your computers from viruses, trojans, spyware and other software that is intended to harm your computer or perform operations without your consent.
- The Web Reputation module protects against web threats by blocking access to malicious URLs. Vulnerability ProtectionDeep Security uses Trend Micro's Web security databases from Smart Protection Network sources to check the reputation of Web sites that users are attempting to access. The Web site's reputation is correlated with the specific Web reputation policy enforced on the computer. Depending on the Web Reputation Security Level being enforced, Deep
Security will either block or allow access to the URL.
- The Firewall is a bidirectional, stateful firewall that is responsible for making sure that packets originating from unauthorized sources do not reach the applications on its host.
- The Intrusion Prevention module protects computers from being exploited by attacks against known and zero-day vulnerability attacks as well as against SQL injections attacks, cross-site scripting attacks, and other web application vulnerabilities. It shields vulnerabilities until code fixes can be completed. It identifies malicious software accessing the network and increases visibility into, or control over, applications accessing the
network.
- The Integrity Monitoring module allows you to monitor specific areas on a computer for changes. Vulnerability ProtectionDeep Security has the ability to monitor installed software, running services, processes, files, directories, listening ports, registry keys, and registry values. It functions by performing a baseline scan of the areas on the computer specified in the assigned rules and then periodically rescanning those areas to look for changes. The Vulnerability ProtectionDeep Security
Manager ships with predefined Integrity Monitoring Rules and new Integrity Monitoring Rules are provided in Security Updates.
- The Log Inspection module allows you to monitor the logs and events generated by the operating systems and applications running on the computers. Log Inspection Rules can be assigned directly to computers or can be made part of a Security Profile. Like Integrity Monitoring Events, Log Inspection events can be configured to generate alerts in the Vulnerability ProtectionDeep Security Manager.
- Recommendation Scans: How to configure Recommendation Scans which are performed on computers to identify known vulnerabilities. The operation scans the operating system but also installed applications. Based on what is detected, Vulnerability ProtectionDeep Security will recommend security Rules that should be applied.
- SSL Data Streams: How to configure filtering of SSL traffic.
- Events, Alerts, and Reports: The functionality and configuration of Vulnerability ProtectionDeep Security Events, Alerts, and Reports.
- Deep Security Notifier: A description of the Deep Security Notifier, a Windows System Tray application that communicates Deep Security status information locally on protected machines.
- Multi-Tenancy: How to enable, configure, and manage the Multi-Tenancy capabalities of Vulnerability ProtectionDeep Security which let you create multiple distinct management environments using a single Vulnerability ProtectionDeep Security Manager and database server installation.
- Protecting a Mobile Laptop: How to protect a mobile laptop, with information about using the location awareness of Vulnerability ProtectionDeep Security.
- Load Balancers: How to use a load balancer with Vulnerability Protection.