Anti-Threat Toolkit (ATTK) includes the following modules which, when enabled, will cause the corresponding data to be transmitted to Trend Micro. Each of these modules can be disabled as shown below
Smart Feedback
| DATA COLLECTED |
- IP Address
- Logon name
- Computer name
- Filepath
- Detected malicious files
|
|---|
| SERVICE ENABLE/DISABLE LOCATION |
- ATTK for Windows (GUI):
Main Page > Settings > Smart Feedback > Enable Trend Micro Smart Feedback
- ATTK for Windows (CLI):
Not configurable. Please do not use this ATTK package if you don’t want your data being transmitted to Trend Micro.
- ATTK for Linux (TUI):
Main Page > [Settings] Configure Options > [Smart Feedback] Configure Smart Feedback > Enable Trend Micro Smart Feedback
- ATTK for Linux (CLI):
Not configurable. Please do not use this ATTK package if you don’t want your data being transmitted to Trend Micro.
|
|---|
| NOTES |
If disabled, these data will not be transmitted. |
|---|
Advanced Collector Module
| DATA COLLECTED |
- IP Address
- Logon name
- Computer name
- Filepath
- Detected malicious files
|
|---|
| ADDITIONAL DATA COLLECTED |
- Master File Table (MFT)
- Windows Event Logs (every raw .evt or .evtx files)
- Registry hives:
- %SYSTEMROOT%\System32\config\default
- %SYSTEMROOT%\system32\config\SYSTEM
- %SYSTEMROOT%\system32\config\SOFTWARE
- %SYSTEMROOT%\system32\config\SECURITY
- %SYSTEMROOT%\system32\config\SAM
- ntuser.dat file under user folder
|
|---|
| SERVICE ENABLE/DISABLE LOCATION |
- This is enabled by default if ATTK Advanced Collector is used from spnsupport.trendmicro.com:
|
| NOTES |
Additional data collected by the ATTK Advanced Collector Tool are not automatically sent to Trend Micro Inc. These data collected as included in the output.zip file which is manually submitted to Trend Micro for further analysis.
|
|---|
To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.
