Home >Documents >Service Descriptions >Host-based Security v2.1.9 >Managed Anti-Virus

Managed Anti-Virus

This page is a service description for DeepSecurity 20.0 version.

For the old version (Deep Security 9.6) , please refer to here.

For the old version (Deep Security 11.0) , please refer to here.

Overview

Overview

Managed Anti-Virus can be used on Enterprise Cloud 2.0 / Enterprise Cloud 1.0 / Enterprise Cloud for ERP, host connected to SD-Exchange (on-premises environment connected to SD-Exchange, host running on AWS etc.), providing integrated security features.

You can use it by installing Agent on the operating system (OS) on the host and connecting to the management server on the Internet.

(Hereafter, Managed Anti-Virus is referred to as this menu.)

Features

Following are the features of this menu:

1. Protecting Hosts from Virus Infection Threats

Protect the host from threats such as malwares, viruses, Trojan horses, spywares, etc. Customers, without having to own the assets, can use it when needed without an initial investment and without a minimum usage period.

2. Immediate setting change by self operation

Customers can operate on their own online to update settings through Enterprise Cloud 2.0 portal’s security control panel .

3. Management server equipment is operated safely and secured by NTT Com’s managed service

The Security Operation Center (SOC), which has a global security management system, monitors the management servers provided in this menu.

Available Functions

List of Functions

Following functions are available with Customers with this menu:

Functions	Overview	Descriptions
Anti-malware	Detection of malware	Using pattern files and search engines for anti-malware measures offered by Trend Micro, we detect attacks from malicious persons using malware.
	Update pattern file	Using date and time set by the customer as the start time, the unupdated pattern file for anti-malware measures will be updated. (The update time is the time of issue of the update start task, and the start time differs depending on the action conditions on the Agent (Deep Security Agent) side.)
	Schedulescan	Using date and time set by the customer as the start time, the scan of malware will be started. (The start time is the time of issue of the scan start task, and the start time differs depending on the action conditions of the Agent side.)
Control Panel		Function that allows the customer to send applications and do setting of each function from the Security Control Panel of the Enterprise Cloud 2.0 Portal.

Description of Functions

Functions provided in this menu are described below.

Anti-malware

Prevents the hosts from being infected with malware.

It protects the hosts from being infected with malware by using real time search where detection is made when malware tries to intrude the host or scheduled search where search is made by task at a date and time specified by the customer.

Following functions are available with Anti-Virus:

Item	Descriptions
Functions Settings	Set the function either with ON (valid) and / or OFF (invalid).
Type of scan	The followings are the types of scan by timing: Real Time Scan Scan every time the operation on the file is performed. Manual Scan It’s possible to Scan at any time. Scheduled Scan Automatically the scan is executed in the specified date and time.
Scan Setting	Specify the directory, file for scan.
Scan Exclusion Setting	Specify the directory, file, file extension for scan exclusion.
Actions	Select the action to be taken when a malware is detected. Trend Micro recommended Automatically determines the processing to be executed. Custom actions The action to be executed can be specified. The types of action to be performed are as follow: Pass Nothing done to the infected file and it’s recorded in the log. Clean Remove only the infected parts from the infected file. Delete Remove each infected file. Deny Access （real time scan only） If the customer tries to manipulate the infected file, the process will be blocked immediately. Quarantine Move the file to a quarantine directory on the host.
Smart Scan	A minimum of pattern files on the local and using the complete pattern file of Trend Micro’s server on the internet, to determine the presence or absence of danger.
Scan Limitations	It is possible to specify the maximum size of files to scan. (Files that are larger than this size are not scanned)

Note

• Recommended action by Trend Micro is to handle properly the detection of individual malicious programs and the action will be adjusted on an ongoing basis. Recommended action of Trend Micro will be updated and at the same time the virus patterns will be updated.

• In the manual scan or scheduled scan, if the malware scan setting, that has the “Deny Access” option selected, is selected then the “Pass” processing is applied.

• If the smart scan is on, the size of the local is examined in a small pattern files, files that were regarded as “Possible Malware”, and access to the Trend Micro server on the Internet. Compare with the full pattern file on the server, to determine the presence or absence of danger. In this method, the size of the local pattern file is kept small, also reduces the size and number of the necessary updates in the Agent.

• If you set a 0 to the value of the limit of the scan, which means that there is no maximum size, all of the files will be scanned.

2. Control Panel

The functions of Control Panel are as follow.

For details, see the Enterprise Cloud 2.0 tutorial.

Item	Descriptions
Order	Customers can subscribe the Security Menu
Operation	Setting/Management of this menu is possible.

● Order

Following actions are processable from the Order Panel:

Item	Descriptions
New	Start a new order
Change Function	It is possible to change the usage menu.
Change Quantity	It is possible to change the quantity of the menu.
Cancel	Terminate the use of the menu

● Operation

The operable items from the operation are as follows.

Item	Descriptions
Computer	It is possible to carry out the setting of various security functions.
Policy	It is possible to define rules and settings collectively and assign the same settings to multiple computers.
Alert	Alert will be issued to the administrator when a event, that requires attention, has occurred.
Report	It is possible to output various reports.
Management	It is possible to carry out the management of the setting of scheduled tasks (for example, scheduling the security updates and scheduled scans), pattern file and rules.

Note

• Available period of logs is 4 weeks on Security Control Panel. This menu does not ensure completeness of logs. Please export logs regularly by customer self.

• When customer wants to manage this menu on one operation screen among multi region or tenant, Please subscribe this menu on 1 region and tenant for usage in use. Price information will be shown on the tenant which is subscribed.

Menu

Plan

There is no plan in this menu.

Application Process

Customers with Enterprise Cloud 2.0 can basically request to subscribe this menu.

Subscriptions types, Subscription methods and Delivery are as follows:

Subscriptions types	Contents	Order Methods	Offering Date
New	New Subscription	Subscription by customer on Enterprise Cloud 2.0 Portal through Security Control Panel.	Immediate
Change Function	Modify Menu	Same as the above.	Same as the above.
Change Quantity	Modify the quantities of subscriptions	Same as the above.	Same as the above.
Cancel	Termination of Use	Same as the above.	Same as the above.

Note

• For one tenant of the Enterprise Cloud 2.0, it is possible to use any one of the menu of the host-based Security.

  • Managed Anti-Virus

  • Managed Virtual Patch

  • Managed Host-based Security Package

• Until the process of one order is complete, it will not be able to perform the next order.

• Change Function (Modify Menu), is an order where all the host of the menu are changed to other host-based security’s menu.

  • Managed Anti-Virus → Managed Virtual Patch
  • Managed Anti-Virus → Managed Host-based Security Package

• Please stop communications between Agent and management server, and uninstall Agent, before customer places an order for termination.

• New Host-based security order is not available after 2 weeks when customer terminate this menu on the tenant.

Restrictions In Subscriptions

Following is the unit for one subscription and the maximum number of the units for sale:

Unit	Maximum Number
1	256

Note

• Customers are advised to consult with NTT Com Sales in charge if the required availability exceeds 256 units.

Terms and Conditions

Device requirements

Agent system requirements

To use this service, installation of Agent to the host is required.

When Agent is installed, the following system requirements should be met.

Item	Contents
Memory	1 GB or more 2 GB or more is recommended when anti-malware measures and intrusion prevention are used. 5 GB or more is recommended if Managed Host-based Security Package is used and all functions are enabled.
Internal Disk	More than 500MB Recommend over 1GB if Anti-Virus is enable. 8GB or more is recommended when Relay function [1] is enabled (various update files and Agent programs are stored. Therefore, the disk capacity should be 30GB or more, larger than the vendor recommended 8GB or more. It is recommended.)

[1]	Relay function can download pattern file and rule from TrendMicro server, and deliver host which install Agent.

System requirements of Deep Security Notifier

Deep Security Notifier is a Windows application to display Agent state on the desktop, prepared for Windows system OS and installed at the same time as the Agent installation.

With this, you can make a simplified check of enabled/disabled state of a function, check the pattern file state and notification at the time of malware detection.

Item	Contents
Memory	3MB
Internal Disk	1MB

Target OS (Microsoft Windows)

Windows 7 (32/64bit)

Windows 8 (32/64bit)

Windows 8.1 (32/64bit)

Windows 10、10 TH2 (32/64bit)

Windows 10 RS2 (32/64-bit)

Windows 10 RS3 (32/64-bit)

Windows Server 2008 (32/64bit)

Windows Server 2008 R2 (64bit)

Windows Server 2008 R2 Hyper-V

Windows Server 2012 (64bit)

Windows Server 2012 (64bit)

Windows Server 2012 R2 Hyper-V

Windows Server Core 2012 (64bit)

Windows Server Core 2012 R2 (64bit)

Windows Server 2016 (64bit)

Windows Server 2016 RS3 (64bit)

Windows Server 2019 Version 1809 (64bit)

Note

• A Windows product whose edition is not specified will be guaranteed of its operation within the vendor support range regardless of the edition.

• Service packs that are not listed in the system requirements, but are newer than those listed in the requirements, are guaranteed to work within the vendor’s support. For more information, please see here

• Relay function can work on 64bit above OS.

• The following environments are outside of our support even if they are the targets of vendor support.

  • Windows Server 2008/2012 (Server Core)
  • Microsoft Virtual Server 2005 R2 SP1

Target OS (Linux)

Red Hat 6、7、 8 (32/64 bit)

CentOS 6、7、 8 (32/64 bit)

SUSE 12 (64bit)

SUSE 15 (64bit)

Ubuntu Linux 16.04、 18.04 (64bit)

Oracle Linux 6 RedHat/Unbreakable Kernel (32/64 bit)

Oracle Linux 7 RedHat/Unbreakable Kernel (64 bit)

CloudLinux 6 (32/64bit)

CloudLinux 7 (64bit)

Amazon Red Hat 6 EC2 (32/64bit)

Amazon Red Hat 7 EC2 (64bit)

Amazon SUSE 12 EC2 (64bit)

Amazon Ubuntu 16.04 LTS (64bit)

Note

• The Linux version of Agent must also support your kernel. For the supported kernel versions, see the Tutorial - Linux OS kernel support and the following product Q&A.

• Available functions differ depending on the version of Agent to be installed and the type of OS on which it is installed. Please refer to Supported function list .

• For information on installing the OS on cloud environments such as Amazon Web Services and Microsoft Azure, please refer to the following product Q&A .

• Deep Security supports only UTF-8 as multi-byte character encoding, and in Linux / UNIX environment, you need to set the OS locale to UTF-8 (e.g. ja_JP.UTF-8). For more details, please refer to the following product Q&A .

• Relay function can work on 64bit above OS.

• Concerning some OSs, we may not be able to offer them even if they are among the targets of vendor support. For details of the some OSs, please talk with us through the Enterprise Cloud 2.0 ticket system.

• DSA operation with RHEL8, CentOS8, and Ubuntu 18.04 enabled for secure boot is not supported. Please disable Secure Boot in advance. For DSA secure boot support, please refer to Product Q&A.

• CentOS8 cannot be installed by script. Please enable it after manually installing the Agent.

Communication Requirements

Agent communication requirements

This Menu’s network connectivity requirements are as follows:

• The Agent installed on the host needs to connect with the management server via the Internet. Similarly, when using some functions, it is necessary to connect with Trend Micro server.

• If environments such as fire wall exist, set them adequately.

• Name resolution is necessary to communicate management server and TrendMicro server. Please configure host installing Agent to perform name resolution.

• If hosts cannot directly connect internet, please configure internet communication through Proxy server. When a host use internet communication via Proxy server, please prepare host which enable Relay function in customer environment. The host installing Agent can enable Relay function.

  • If Agent communicate with Relay, please configure host installing Agent to perform name resolution for connecting the host which enable Relay function.

  • Installation of the internal distribution server (Deep Security Relay Server) is recommended even in the environment where the number of management devices of the environment exceeds 5, or where you want to restrain the traffic to the Internet. Installation of the internal distribution server (Deep Security Relay Server) is essential in the environment where the number of management devices of the environment exceeds 20.

Transmissions Details	Destination	Port
Manager Server	hbs01.jp.ivs.wideanglentt.com hbs02.jp.ivs.wideanglentt.com hbs03.jp.ivs.wideanglentt.com hbs04.jp.ivs.wideanglentt.com hbs05.jp.ivs.wideanglentt.com hbs06.jp.ivs.wideanglentt.com hbs07.jp.ivs.wideanglentt.com hbs08.jp.ivs.wideanglentt.com hbs09.jp.ivs.wideanglentt.com hbs10.jp.ivs.wideanglentt.com	TCP 80, 443
Connection to a host which enable Relay function. * When customer prepare in customer environment.	The host enabling Relay function.	TCP 4122

For functions listed below, access to the server released by Trend Micro is essential. Because of this, please prepare an environment where Agent can access the server released by Trend Micro at port 80 and 443 through the Internet.

・ Web reputation

・ Census (Behavior monitoring)

・ Machine learning-type search

Note

• Click here for behavior monitoring.

• Click here search for machine learning type .

Communication with Trend Micro server

reference

Functions	URL
Download Center or web server - Hosts software.	files.trendmicro.com
Smart Protection Network - Certified Safe Software Service (CSSS)	gacl.trendmicro.com grid-global.trendmicro.com grid.trendmicro.com
Smart Protection Network - Global Census Service - Used for behavior monitoring, and predictive machine learning.	ds2000-en-census.trendmicro.com ds2000-jp-census.trendmicro.com
Smart Protection Network - Good File Reputation Service - Used for behavior monitoring, predictive machine learning, and process memory scans.	deepsec20-en.gfrbridge.trendmicro.com deepsec20-jp.gfrbridge.trendmicro.com
Smart Protection Network - Smart Scan Service	ds20.icrc.trendmicro.com ds20-jp.icrc.trendmicro.com
Smart Protection Network - predictive machine learning - Used for predictive machine learning.	ds20-en-b.trx.trendmicro.com ds20-jp-b.trx.trendmicro.com ds20-en-f.trx.trendmicro.com ds20-jp-f.trx.trendmicro.com
Update Server (also called Active Update) - Hosts security updates.	iaus.activeupdate.trendmicro.com iaus.trendmicro.com ipv6-iaus.trendmicro.com ipv6-iaus.activeupdate.trendmicro.com

The above FQDN may change in the future, so please refer to the link below.

List of Trend Micro web servers to which Deep Security 10.x or later connects

Mail communication requirements

The communication requirements of the e-mail notification of this menu are as follows.

• To use e-mail notification, please indicate customer managed SMTP server on Security Control Panel . If SMTP server restrict a connection, please allow below IP addresses.

  • 210.161.150.240～248

• Port number waiting for the SMTP server of the customer is specified as the following:

  • tcp 25 or 587

Conditions for This Service in Combining with Other Services

This menu does not specifically limit as with combined usage with any other services.

Minimum Usage Period

This menu does not require minimum usage period.

Price

Initial Fee

Regardless of subscriptions types Customers request, there will be no initial fee required with this menu.

Monthly Fees

This menu, regardless of the use of time, has a monthly fixed fee.

If in any case the Customers decided to change the quantities of subscriptions or even modify the menu details, the billing will be calculated so that the highest charge amount will be applied to the billing based upon the comparison of monthly charges with quantities Customers are subscribing based upon what menu they are utilizing, and the monthly charge will be so fit.

Quality of Service

Support Coverage

Management server

The functions and facilities equipments provided by Menu’s managed server, will be covered by the support.

Agent

Support behavior and service specification of installed Agent on host in the scope of license.

(With the details of permission of use, the details themselves will be shown at the beginning of installation of Agent.)

Note

• Settings values and operations methodologies and inquiries requiring consulting will not apply to the coverage of such support.

• Problems concerning other parts than Agent such as OS, virtual environment and network, shall be outside of our support. For problems arising from specification and setting of OS, or environment dependency, we may not be able to show solutions or workarounds for malfunctions.

• Monitoring and setting change work shall be outside of our support.

• Investigation of and action to incidents on the host caused as a result of malware infection or attacks from malicious persons shall be outside of our support.

• The virtual environment (Docker, etc.) that uses the container technology shall be outside of our support. If used in the Docker environment, the customer’s system may stop for some reason.

Operations

This menu is subject to the operational quality, which has been defined by the standard in Enterprise Cloud 2.0.

Management server

The menu performs the following operation in the management server:

Item	Descriptions
Applies security patches	Apply the security patch depending on the degree of influence
Product Life-cycle Management	Implementation of version upgrade
Monitoring / Maintenance	Implementation of the operation monitoring and fault response

Device management (host)

For the host management, Agent should be installed. Customers shall be responsible for the installation of the Agent. By the customer performing various settings for the corresponding Agent from the management console by oneself, security functions of the Agent are enabled and the protection from threats is started. Customers shall be responsible for the management of the Agent status and setting.

This service does not perform monitoring of the hosts from the Security Operation Center (SOC). The customer is expected to perform monitoring by oneself using event check on the management console provided in this service or event notification function that can be set on the management console.

Security event

The security events detected on the host can be confirmed on the management console. The events related with each function and outputted by the Agent installed on the host, are sent to the management server, and the occurrence time, detected event name and action details are displayed. It is possible to notify events to the customer by setting the targets and destinations to notify and conditions of the target events, with the event notification function of the management server.

System event

The system events detected on the host can be confirmed on the management console. The results of various actions taken by the Agent installed on the host are transferred to the management server. The results of various actions include information such as the results of security update, various scan results, and Agent errors, and you can check the occurrence time, event name and action status on the management server. It is possible to notify events to the customer by setting conditions of the targets and destinations to notify with the event notification function of the management server.

Failure isolation

For failures that occur on the boundary to a network where Internet connection to the host is possible, actions are left for the customer to take. For problems possibly related with operations of various functions or competitions with other products, the customer is requested to isolate the problem by enabling/disabling functions and products.　Please check various manuals and support pages released by Trend Micro, and online help that becomes accessible from the Management console, and investigate the problems. Please contact us if the problem is still unsolved even after using these sites. Contents we can support are those on the product only. Please understand beforehand that we are unable to respond to inquiries on the contents other than the services and the products, such as OSs and networks that you are using.

Security update management

The security update management can be performed on the management console. You can check the security update status with the contents of the system events outputted by Agent installed on the host, and with the alert indication. By setting conditions and destinations of the notification with the event notification function, you can automatically notify the update management events by mail according to your requirements.

Product update

Customers shall be responsible for the update of Agent used on the host. Please perform the regular update to use the newest version any time.

The update of Agent can be made with the operation from the management console. It is also possible to update by obtaining the installer from the management console.

Update of the management servers and distribution servers used by the Management Server groups will be conducted by the Security Operation Center (SOC). This update is scheduled after evaluation and verification in the Security Operation Center (SOC). Therefore, there is no guarantee that a management server/distribution server of the version that the customer want is available.

Note

• Life cycle of Agent used on the host conforms to the support specification of Trend Micro. Perform update of Agent and/or the host OS after confirming the support period.

  • Support life cycle .

  • Product and search engine support end notice .

  • Operating system middleware support policy .

Security incident report

The security incident reports can be created on the management console. By creating a report per function, status of the host can be confirmed. By cooperation of task function and event notification function, automatic report generation at the date/time set by the customer and its transmission by mail are also possible.

SLA

This menu does not cover SLA.

Restrictions

Constraints of this menu are as follows.

Common

• To install the Agent, you must be logged in as an administrator in the target host.

• In the Host on which you want to install the Agent, please do the time synchronization using NTP, etc. If the time is out of synchronization, it may fail to activate the Agent.

• Rebooting of the OS may become required at the time of installation/uninstallation, or when you update various modules. As an alert indicating the requirement of rebooting is displayed on the management console in these cases, reboot the OS promptly.

• In the case a module has to be replaced or switched over, temporary communication interruption (momentary interruption) may occur.

• If you enable the Web Reputation, Firewall, and Intrusion Prevention features, the network driver will be installed on the target host, causing a momentary interruption. Click here for details .

• Agent uses 4118 port and the port number cannot be changed. Please confirm other applications on host installing Agent do not use the port.

• Operation tests, including competition tests with products other than Trend Micro, have not been performed on the host on which the Agent is installed. Therefore, we cannot answer about coexistence with individual software. Please check the operation in your environment. There are also detailed conditions for coexistence with other Trend Micro products. For details, see Operation when coexisting with Trend Micro products and products of other companies .

• Please allow 80 port for CONNECT method, when Agent connects management server through Proxy server.

• Termination of use may occur to Customers when following case(s) fit(s) to the circumstances where Customers are involved with:

  • Usage of the menu with the Customers seems to greatly affect other customers who share the platform with them.

  • Back logs of the usage of the menu with the particular Customers seem particularly unmatched in terms of difference in between the actual usage and the usage claimed to be reported at subscription request.

• Each function and log provided by this menu does not ensure integrity, accuracy and compatibility for customer’s purpose of use.

• Following is required to be attained to provide details to developer and seller of this menu’s functions who had configured to produce these functions:

  • Setting details and data obtained at such time the menu is provisioned.

  • Information obtained with the menu functions

• We cannot ensure the recovery from flaw based on combinations between customer environment and function provided by this menu, and customer operation except for operation NTT communications indicate.

• If you use the Agent in an environment with SELinux enabled, the iptables rules may be initialized. We cannot provide any support for SELinux policy creation methods, including the purpose of avoiding this event. We will support the Agent even if SELinux is enabled, but please note that we may not be able to provide a solution for problems caused by SELinux. Click here for details.

Restrictions for Anti-malware

• Following files are excluded from Anti-malware:

  • Password-protected file

  • Files frozen with unsupported formats

  • Destructed file

  • Encrypted file

  • Files frozen for more than max six (6) times

  • Files that their sizes after been decompressed exceeds the set value

• Following usages of server does not appropriately set viral scan objects, which thereby causes the server performance a great deal of loads to downgrade the output. NTT Com recommends, in such cases, Customers duly exclude such scan setting. Primal examples will be as follows:

  • Server that mounts directories within network

  • Server where I/O is frequently generated, like database, Active Directory, etc.

  • Server that is so appropriately called “Big Data”

  • Mail Server (POP / IMAP)

---

Host-based Security

Managed Virtual Patch