Apex One installation & Best practice guide

Download as pdf or txt
Download as pdf or txt
You are on page 1of 22

2024

Trend Micro Apex One


A COMPREHENSIVE GUIDE FOR EFFECTIVE DEPLOYMENT AND ONGOING
SECURITY MAINTENANCE
RAH INFOTECH
`

Privacy Notice
At RAH Infotech, we respect the privacy of our users. This guide includes best practices for
setting up and configuring Trend Micro Apex One On-Premise, which collects and processes
information in order to ensure effective protection against security threats. All data handled
during installation or while using Apex One will be managed in accordance with your
organization's privacy policy and industry regulations.

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way
intended to represent any real individual, company, product, or event, unless otherwise noted.
Complying with all applicable copyright laws is the responsibility of the user.

Copyright © 2024 Trend Micro Incorporated. All rights reserved.

No part of this publication may be reproduced, photocopied, stored in a retrieval


system, or transmitted without the express prior written consent of Trend Micro
Incorporated.

All other brand and product names are trademarks or registered trademarks of
their respective companies or organizations.
`

Table of Contents
Contents
INTRODUCTION ..................................................................................................................... 3
Trend Micro Apex One ......................................................................................................... 3
On-Premises Deployment................................................................................................... 3
Real-World Examples: ........................................................................................................ 3
TREND MICRO APEX CENTRAL ............................................................................................... 4
System Requirement .............................................................................................................. 5
Scan Method Deployment During Installation ......................................................................... 6
Security Agent........................................................................................................................ 7
Table Summary .................................................................................................................... 12
Web Reputation ................................................................................................................... 13
Behaviour Monitoring ........................................................................................................... 14
Predictive Machine Learning ................................................................................................. 15
Configure Device Control ..................................................................................................... 16
Enabling Application Control Integration ............................................................................... 17
Enabling Vulnerability Protection Settings ............................................................................. 18
Product: Apex One ............................................................................................................... 19
The Apex One Server ............................................................................................................ 19
The Dashboard .................................................................................................................... 20
Active Directory Integration .................................................................................................. 20
`

INTRODUCTION

Trend Micro Apex One


Trend Micro Apex One is a next-generation endpoint protection platform designed to provide
real-time security against a broad range of threats, including malware, ransomware, web
attacks, and zero-day exploits. It offers a multi-layered defence approach, leveraging
signature-based detection, behavioural analysis, machine learning, and data loss prevention
features.

On-Premises Deployment
On-premises deployments allow organizations to retain full control over their security
environment, including data management, policy customization, and direct access to threat
response capabilities. This is ideal for organizations with specific compliance needs, such as
those in regulated industries like finance, healthcare, or government.

Real-World Examples:
• Scenario 1: A large financial institution requires Apex One to protect sensitive
customer data, where compliance regulations demand the data never leaves the
organization's premises. Apex One ensures endpoint protection while maintaining
compliance with security regulations like GDPR and HIPAA.

• Scenario 2: A manufacturing company uses Apex One to secure its factory floor
devices, including legacy systems and modern IoT devices. With Apex One, the
organization is able to apply consistent security policies across all types of devices,
from old servers to mobile phones
`

TREND MICRO APEX CENTRAL

Apex Central is a security management solution that gives an administrator the ability to control
the enterprise products or appliances from a central location --regardless of the program or the
appliance's physical location or platform. It allows the formulation of effective deployment and
response plans.

Apex Central allows system administrators to monitor and report on activities such as
infections, security violations, or virus entry points.

System administrators can download and deploy components throughout the network, helping
ensure that protection is consistent and up to date.

Apex Central allows both manual and pre-scheduled updates, and the configuration and
administration of products as groups or as individuals for added flexibility

Policy Management
Policy management allows administrators to enforce product settings on managed products
and endpoints from a single management console. They create a policy by selecting the targets
and configuring a list of product settings.

1. On the Apex Central, log on to the Management Console.

2. Go to Policies > Policy Management.

We can Create, manage, and deploy policies for Trend Micro Apex One Antivirus, Data Loss
Prevention, and Device Control, and assign privileges directly to Security Agents from the Apex
Central console.
`

System Requirement
Operating System Support
The following table outlines the operating system support and migration
availability for the Apex One server

Operating System Office Office Scan APEX ONE


scan XG XG SP1 2019
Windows Server 2008 Yes - -
Windows Server 2008 R2 Yes Yes -
Windows Server 2012 Yes Yes Yes
Windows Server 2012 R2 Yes Yes Yes
Windows Server 2016 Yes Yes Yes
Windows Server 2019 - - Yes

SQL Server Requirements


Apex One discontinues support of the older database model used by
previous Office Scan versions. You can prepare your own SQL Server before
installation or allow the Apex One Setup program to install SQL Server 2016
SP1 Express during the server installation process.

The following table outlines the database support and migration availability
for the Apex One server.

DATABASe Office Office Apex One Apex One with


scan XG Scan XG 1 Endpoint
Sensor
Codebase Yes Yes - -
SQL Server 2008 Yes Yes Yes -
Express SP2
SQL Server 2008 Yes Yes Yes -
SQL Server 2008 R2 Yes Yes Yes -
SQL Server 2012 Yes Yes Yes -
SQL Server 2014 Yes Yes Yes -
SQL Server 2016 Yes Yes Yes -
SQL Server 2016 SP1 Yes Yes Yes Yes
SQL Server 2016 - Yes Yes -
Express SP1
SQL Server 2017 - - Yes Yes
`

Scan Method Deployment During Installation


In this Apex One version, you can configure agents to use either Smart Scan or Conventional
Scan.

Conventional Scan
Conventional Scan is the scan method used in all earlier Apex One versions. A
conventional scan agent stores all Apex One components on the agent endpoint and
scans all files locally.

Smart Scan
Smart Scan leverages threat signatures that are stored in-the-cloud. When in Smart
scan mode, the Apex One agent first scans for security risks locally. If the agent cannot
determine the risk of the file during the scan, the agent connects to a Smart Protection
Server.

Smart Scan provides the following features and benefits:


• Provides fast, real-time security status lookup capabilities in the cloud
• Reduces the overall time it takes to deliver protection against emerging
threats
• Reduces network bandwidth consumed during pattern updates. The
bulk of pattern definition updates only need to be delivered to the cloud
and not to many agents.
• Reduces the cost and overhead associated with corporate-wide pattern
deployments
• Lowers kernel memory consumption on endpoints. Consumption
increases minimally over time.
`

Security Agent
Protect Windows endpoints from security risks by installing the Security Agent on each
endpoint.

Security Agents report to the server from which they were installed. They send event information
such as threat detection, Security Agent startup, Security Agent shutdown, start of a scan, and
completion of an update to the server in real time.

The following table lists the policy configurations available in Apex Central

Apex One Policy Management Types in Apex Central


Policy Type Features
• Additional Service Settings
• Application Control Settings
• Behaviour Monitoring Settings
• Device Control Settings
• Endpoint Sensor Settings
• Manual Scan Settings
• Predictive Machine Learning Settings
• Privileges and Other Settings
• Real-time Scan Settings
Apex One • Sample Submission
Antivirus
and Agent Settings • Scan Methods
• Scan Now Settings
• Scheduled Scan Settings

• Spyware/Grayware Approved List


• Suspicious Connection Settings
• Trusted Program List
• Update Agent Settings
• Vulnerability Protection Settings
• Web Reputation Settings

Data Protection Data Loss Prevention Policy Settings


`

Configuring Scan Method


1. On the Apex Central, log on to the Management Console.

2. Go to Policies > Policy Management.

3. Create or select the policy created.

4. On targets select Manage Targets and select target Apex One agents.

5. Under Apex One Agent Settings select Scan Methods

6. Select > Smart Scan

Scan Types :
Apex One provides the following scan types to protect Security Agent computers from security
risks:

SCAN TYPE DESCRIPTION

Real-time Scan Automatically scans a file on the endpoint as it is received, opened, downloaded,
copied, or modified
Manual Scan A user-initiated scan that scans a file or a set of files requested by the user

Scheduled Automatically scans files on the endpoint based on the schedule configured by the
Scan administrator or end user
Scan Now An administrator-initiated scan that scans files on one or several target computers

Configuring Manual Scan Settings


Manual Scan is an on-demand scan and starts immediately after a user runs the scan on the
Security Agent console. The time it takes to complete scanning depends on the number of files
to scan and the Security Agent endpoint's hardware resources
`

1. Go to Policies > Policy Management


2. On targets select Manage Targets and select target Apex One agents.
3. Under Apex One Agent Settings select Manual Scan Settings.

Configuring Real-time Scan Settings


Real-time Scan is a persistent and ongoing scan. Each time a file is received, opened,
downloaded, copied, or modified; Real-time Scan scans the file for security risks.

1. Go to Agents > Agent Management.


2. Click Settings > Scan Settings > Real-time Scan Settings.
`

Scheduled Scan
Scheduled Scan runs automatically on the appointed date and time. Use Scheduled Scan to
automate routine scans on the agent and improve scan management efficiency.
`

Scan Now
Scan Now is initiated remotely by administrators through the web console and can be targeted
to one or several Security Agent endpoints.

1. Go to Policies > Policy Management


2. On targets select Manage Targets and select target Apex One agents.
3. Under Apex One Agent Settings select Scan Now Settings.
`

Table Summary
Scans Real-time Manual Scan Scheduled Scan Now
Scan Scan
Files to scan All Scannable All Scannable All Scannable All Scannable
Scan hidden folders ✓

Scan floppy disks during ✓


shutdown
Scan floppy disks during ✓
shutdown
Scan boot sector of USB ✓
storage device after
plugging in
Scan all files in removable ✓
storage devices after plugging
in
Quarantine malware variants ✓
detected in memory
Scan compressed files* ✓ 3 layers ✓ 6 layers ✓ 6 layers ✓ 6 layers
Scan OLE objects* ✓ 3 layers ✓ 3 layers ✓ 6 layers ✓ 6 layers
Detect exploit code in OLE files ✓ ✓ ✓ ✓

Enable Intellitrap ✓

Enable CVE exploit scanning


for files downloaded through ✓
web and email channels

Scan boot area ✓ ✓ ✓

CPU usage Medium Medium Medium


Cleanup type for Damage Advanced Advanced Advanced
Cleanup Services Cleanup Cleanup Cleanup
Run cleanup for probable virus ✓ ✓ ✓ ✓

Clean action for detected ✓ ✓ ✓ ✓


Spyware
`

Web Reputation
Web reputation technology tracks the credibility of web domains by assigning a reputation
score based on factors such as a website's age, historical location changes, and indications of
suspicious activities discovered through malware behaviour analysis.

Trend Micro continually analyses websites and updates web reputation scores to prevent users
from accessing potentially malicious content.

Web Reputation allows you to add websites that you consider safe or dangerous to Approved or
Blocked lists.

To configure Web Reputation Service, please do the following:


1. On the Apex Central, log on to the Management Console.
2. Go to Policies > Policy Management.
3. Create or select the policy name created.
4. On targets select Manage Targets and select target Apex One agents.
5. Select the Web Reputation Setting
`

Behaviour Monitoring
Behaviour Monitoring constantly monitors endpoints for unusual modifications to the operating
system or on installed software. Behaviour Monitoring protects endpoints through Malware
Behaviour Blocking and Event Monitoring.

Behaviour Monitoring requires the following services:


• Unauthorized Change Prevention Service

• Advance Protection Service


`

Predictive Machine Learning


Trend Micro Predictive Machine Learning uses advanced machine learning technology to
correlate threat information and perform in-depth file analysis to detect emerging unknown
security risks through API mapping, and other file features.

Predictive Machine Learning also performs behavioural analysis on unknown or low-prevalence


processes to determine if an emerging or unknown threat is attempting to infect your network.

To enable Predictive Machine Learning:


1. On the Apex Central, log on to the Management Console.

2. Go to Policies > Policy Management.

3. Create or Select the Policy Name created.

4. On targets select Manage Targets and select target Apex One agents.

5. Go to Predictive Machine Learning Settings.


`

Configure Device Control


Device Control regulates access to external storage devices and network resources connected
to computers. Device Control helps prevent data loss and leakage and combined with file
scanning, helps guard against security risks.

Device Control requires the following services:

• Unauthorized Change Prevention Service

• Data protection service

To configure Device Control:


1. On the Apex Central, log on to the Management Console
2. Go to Policies > Policy Management.
3. Create or Select the Policy Name created.
4. On targets select Manage Targets and select target Apex One agents.
5. Go to Device Control Settings.
`

Enabling Application Control Integration


Integration with Application Control provides Apex One users with advanced application
blocking and endpoint lockdown capabilities.

Configure Application Control criteria that you can then assign to Security Agent policy rules.
You can create "Allow" and "Block" criteria to limit the applications that users can execute or
install on protected endpoints.

To enable Application Control,


1. On the Apex Central, log on to the Management Console.

2. Go to Policies > Policy Management.

3. Create or Select the Policy Name created.

4. On targets select Manage Targets and select target Apex One agents.

5. Go to Application Control Settings.

6. Click Enable Application Control.


`

Enabling Vulnerability Protection Settings


Integration with Vulnerability Protection protects Apex One users by automating the application
of virtual patches before official patches become available. Trend Micro provides protected
endpoints with recommended Intrusion Prevention rules based on your network performance
and security priorities.

To enable Vulnerability Protection service


1. On the Apex Central, log on to the Management Console.

2. Go to Policies > Policy Management.

3. Create or Select the Policy Name created.

4. On targets select Manage Targets and select target Apex One agents.

5. Go to Vulnerability Protection Settings.

6. Click Enable Vulnerability Protection.

7. Under Intrusion Prevention Rules tab go to Mode or Profile and choose between
Recommended/Aggressive.

8. Select Define by mode (Enabled). or Define (Enabled).


`

Product: Apex One


Trend Micro Apex One™ protects enterprise networks from malware, network viruses, web-
based threats, spyware, and mixed threat attacks. An integrated solution, Apex One consists of
the Security Agent program that resides at the endpoint and a server program that manages all
agents.

The Apex One Server


The Apex One server is the central repository for all agent configurations, security risk logs, and
updates.

The server performs two important functions:

• Installs, monitors, and manages Security Agents

• Downloads most of the components needed by agents. The Apex One server downloads
components from the Trend Micro Active Update server and then distributes them to agents.

above figure shows how apex one server works


`

The Dashboard
The Dashboard appears when you open the Apex One web console or click Dashboard in the
main menu.

Each web console user account has a completely independent dashboard. Any changes to a
user account’s dashboard will not affect the dashboards of the other user accounts.

The Dashboard screen contains the following:

• Product License Status section

• Widgets

• Tabs

Active Directory Integration


Integrate Apex One with your Microsoft™ Active Directory™ structure to manage Security Agents
more efficiently, assign web console permissions using Active Directory accounts, and
determine which agents do not have security software installed.

• Go to Administration > Active Directory > Active Directory Integration


`

Apex One
Agent Tree
Icon
The Apex One agent
tree icons provide
visual hints that
indicate the type
of endpoint
and the status of
Security Agents
that Apex One
manages.

Apex
One Agent

You might also like