Host-based Security - FAQ
- What are the message for "Smart Protection Server disconnected for Smart Scan"?ECL2.0, Host-based Security
The "Smart Protection Server disconnected for Smart Scan" message appears when you are unable to connect to the Smart Protection Server (SPS).
The conditions that prevent you from connecting are OS- and environment-dependent issue as follows.
- The timing of the SPS database update
- Unable to connect to SPS due to network problems.
- The name resolution for connecting to SPS fails.
- Internal processing problems on a computer with a Deep Security Agent (DSA) installed
Smart Protection Server is designed to connect to Trend Micro via the Internet.
Please make sure that you have appropriate access restrictions.
If you see "Smart Protection Server Connected for Smart Scan" after "Smart Protection Server disconnected for Smart Scan" in the HBS WebUI, it is temporary and there is no operational problem.
- I installed Host-based Security (HBS) in an ECL 1.0 VM but the computer information is not registered on the WebUI. What is the cause of this problem and how do I fix it?ECL2.0, Host-based Security
When installing host-based security (HBS) in an ECL1.0 VM(The number of registrations on the HBS WebUI does not match due to duplicate registrations), some computers may not be registered correctly. This problem may occur depending on the specifications and construction status of the VM being used in your environment.
【Events & Reports】 in the upper part of the HBS WebUI
⇒【System Events】 in the left pane.
⇒ In 【All Computers】, Please check if the event "Activated" is outputted.
However, if the name of the computer is different from the name of the computer that performed the activation process, this event may have occurred.
In this case, please take the following measures
From the HBS WebUI, click 【Administration】 in the upper row
⇒【System Settings】 in the left pane.
⇒【 Agents 】
⇒ 【Agent-Initiated Activation】
⇒Change "Re-enable the existing Computer" to "Active a new Computer with the same name".
After this setting, please confirm that the computer will be registered correctly on the VM that is not registered correctly on the HBS WebUI by following the steps of "Disconnecting from the management server" and "Activation code execution".
In addition, the Agent of the computer already registered on the HBS WebUI may not operate normally due to this event. In that case, please follow the steps of "Disconnecting from the management server" and "Activation code execution" in the same way.
- When I install Managed Host-based Security Package, what types of processes and functions run on the host?ECL2.0, Host-based Security
The types and functions of processes running on the host are as follows (for Linux environment):
This is Main process of Agent.
This process runs when the anti-malware function is activated.
This process runs when the firewall or intrusion prevention function is activated.
- Can I change Username on Host-based Security Operation Screen?ECL2.0, Host-based Security
Please do not change Username or Password on Host-based Security Operation Screen. You will no longer access to Operation Screen because Single Sign On from Smart Data Platform Portal to Operation Screen will be unavailable. If you changed Username or Password, please ask us via Ticket System.
- Can I set multiple destinations for alert notification emails on Host-based Security menu?ECL2.0, Host-based Security
Yes. By setting "Individual Notifications" in addition to "Basic Alert Destination", you can set multiple notification destinations as desired.
- Please tell me the global IP address of Trend Micro Server (Smart Protection Server).ECL2.0, Host-based Security
Due to the specifications provided by Trend Micro, it is not disclosed.
- Is it possible to manage Host-based Security menus used in several regions / tenants in one security control panel screen?ECL2.0, Host-based Security
- On the Managed Anti-Virus administration screen, "Test SMTP Settings" is successful, but the actual alert mail fails.ECL2.0, Host-based Security
"Testing SMTP settings" is not for verifying whether alert mail is sent, but for verifying the connectivity to the mail server.
There is a possibility that the setting of the destination address is incomplete as a reason for failing to send the actual alert mail, please check it again.
- Is it possible to change the execution privilege such as ReadOnly restriction to a specific user with Security menu (Managed Firewall etc)?ECL2.0, Host-based Security, Network-based Security
As for security menu (ManagedUTM, Managed Firewall) and backup menu, it is not covered by API permission management function, so it is not possible to perform Read Only and access restrictions on specific users.
- How to check upgrade status of Agent in Host-based Security menu?ECL2.0, Host-based Security
You can check it from the management console.
For the current version, you can double-click the target host and check it in "Version" described in [Overview]> [Processing]> [Software].
The latest version is displayed in [Administration]> [Update]> [Software]> [Local], so you can check with it.
You can also confirm by setting alert from [Alert].
It is also possible to notify e-mails of alerts.