Features and Benefits
CPM reduces business risks by preventing infection, identity theft, data loss, network downtime, lost productivity, and compliance violations. Additionally, it provides your large enterprise with a host of features and benefits.
Ease of Management
Uses small, state-of-the-art pattern files and enhanced log aggregation for faster, more efficient updates and reduced network utilization
Supports native 64-bit and 32-bit processing for optimized performance
Integrates with the BigFix Console to provide centralized security, including the centralized deployment of security policies, pattern files, and software updates on all protected clients and servers
Extended Platform Support
Works with most versions of Microsoft™ Windows™ including:
Microsoft Windows XP 32/64-bit Service Pack 3
Microsoft Windows Vista 32/64 bit
Microsoft Windows Server 2003 32/64-bit (including R2)
Microsoft Windows Server 2008 32/64-bit (including R2)
- Microsoft Windows 7
- Microsoft Windows Embedded POSReady 2009 32/64-bit
- MicrosoftWindows 8
- MicrosoftWindows Server 2012
- MicrosoftWindows Server 10
Superior Malware Protection
Delivers powerful protection against viruses, Trojans, worms, and new variants as they emerge
Protects against a wide variety of spyware/grayware, including adware, dialers, joke programs, remote-access tools, key loggers, and password-cracking applications
Detects and removes active and hidden rootkits
Cleans endpoints of malware, including processes and registry entries that are hidden or locked
Web Reputation Technology
The CPM Web Reputation technology pro-actively protects client computers within or outside the corporate network from malicious and potentially dangerous websites. Web Reputation breaks the infection chain and prevents downloading of malicious code.
In addition to file-based scanning, CPM now includes the capability to detect and block web-based security risks, including phishing attacks. Using the BigFix location awareness features, you can have CPM enforce different web reputation policies according to the client computer's location. The client's connection status with the BigFix Server or any Relay Server can be used to determine the location of the client.
Web Reputation opens a blocking page whenever access to a malicious site is detected. This page includes links to the Trend Micro Web Reputation Query system, where end users can find details about the blocked URL or send feedback to Trend Micro.
Proxy server authentication for Web Reputation is also supported. You can specify a set of proxy authentication credentials on the web console. HTTP proxy servers are supported.
Suspicious Connection Service
- The User-defined Approved and Blocked IP lists allow further control over whether endpoints can access specific IP addresses. Configure these lists when you want to allow access to an address blocked by the Global C&C IP list or block access to an address that may pose a security risk.
- The Global C&C IP list works in conjunction with the Network
Content Inspection Engine (NCIE) to detect network connections with
Trend Micro confirmed C&C servers. NCIE detects C&C server
contact through any network channel. The Suspicious Connection Service
logs all connection information to servers in the Global C&C IP
list for evaluation.
For details on enabling the Global C&C IP list, see Configuring Suspicious Connection Settings.
Suspicious Connections Components
- Global C&C IP List
- The Global C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel. CPM logs all connection information to servers in the Global C&C IP list for evaluation.
Command & Control Contact Alert Services
Trend Micro Command & Control (C&C) Contact Alert Services provides enhanced detection and alert capabilities to mitigate the damage caused by advanced persistent threats and targeted attacks. C&C Contact Alert Services are integrated with Web Reputation Services which determines the action taken on detected callback addresses based on the web reputation security level.
| Feature | Description |
|---|---|
| Global Intelligence list | Trend Micro Smart Protection Network compiles the Global Intelligence list from sources all over the world and tests and evaluates the risk level of each C&C callback address. Web Reputation Services uses the Global Intelligence list in conjunction with the reputation scores for malicious websites to provide enhanced security against advanced threats. The web reputation security level determines the action taken on malicious websites or C&C servers based on assigned risk levels. |
| C&C IP list | The C&C IP list works in conjunction with the Network Content Inspection Engine (NCIE) to detect network connections with known C&C servers. NCIE detects C&C server contact through any network channel. CPM logs all connection information to servers in the C&C IP list for evaluation. |
| Suspicious Connection Service | The Suspicious Connection Service manages the User-defined and Global IP C&C lists, and monitors the behavior of connections that computers make to potential C&C servers. |
Client-Side Firewall (Optional)
The CPM firewall protects clients and servers on the network using stateful inspection. You can create rules to filter connections by IP address, port number, or protocol, and then apply the rules to different users and groups.
Contact your Trend Micro sales representative if you do not have the firewall masthead for CPM 10.6 but are interested in using it.
Traffic Filtering
The CPM firewall can filter all incoming and outgoing traffic, providing the ability to block certain types of traffic based on the following criteria:
Direction (inbound/outbound)
Protocol (TCP/UDP)
Destination ports
Source and destination computers
Customizable Profiles and Policies
The CPM firewall gives you the ability to configure policies to block or allow specified types of network traffic. This provides a highly customizable means of organizing and configuring client firewall settings.
Stateful Inspection
The CPM firewall is a stateful inspection firewall; it monitors all connections to the client and records all connection states. It can identify specific conditions in any connection, predict what actions should follow, and detect disruptions in normal connections. Filtering decisions, therefore, are based not only on profiles and policies, but also on the context established by analyzing connections and filtering packets that pass through the firewall.
Damage Cleanup Services
Damage Cleanup Services™ cleans computers of file-based and network viruses, and virus and worm remnants (Trojans, registry entries, viral files) through a fully-automated process. To address the threats and nuisances posed by Trojans, Damage Cleanup Services does the following:
Detects and removes live Trojans
Kills processes that Trojans create
Repairs system files that Trojans modify
Deletes files and applications that Trojans drop
Because Damage Cleanup Services runs automatically in the background, you do not need to configure it. Users are not even aware when it runs. However, CPM may sometimes notify the user to restart their computer to complete the process of removing a Trojan.
Data Loss Prevention
Data Loss Prevention (DLP) safeguards an organization’s sensitive information against accidental or deliberate leakage. Data Loss Prevention allows you to:
Identify the data identifiers to protect
Create policies that limit or prevent the transmission of data identifiers through common transmission channels, such as email and external devices
Enforce compliance to established privacy standards
Device Control
Device Control regulates access to external storage devices and network resources connected to computers. Device Control helps prevent data loss and leakage and, combined with file scanning, helps guard against security risks.