Views:

Default Collection

Anti-Threat Toolkit (ATTK) includes the following modules which, when enabled, will cause the corresponding data to be transmitted to Trend Micro. Each of these modules can be disabled as shown below

Smart Feedback

DATA COLLECTED
  • IP Address
  • Logon name
  • Computer name
  • Filepath
  • Detected malicious files
SERVICE ENABLE/DISABLE LOCATION
  • ATTK for Windows (GUI):

    Main Page > Settings > Smart Feedback > Enable Trend Micro Smart Feedback

    Enable Trend Micro Smart Feedback

  • ATTK for Windows (CLI):

    Not configurable. Please do not use this ATTK package if you don’t want your data being transmitted to Trend Micro.

  • ATTK for Linux (TUI):

    Main Page > [Settings] Configure Options > [Smart Feedback] Configure Smart Feedback > Enable Trend Micro Smart Feedback

    Enable Trend Micro Smart Feedback

  • ATTK for Linux (CLI):

    Not configurable. Please do not use this ATTK package if you don’t want your data being transmitted to Trend Micro.

NOTES If disabled, these data will not be transmitted.

Advanced Collector Module

DATA COLLECTED
  • IP Address
  • Logon name
  • Computer name
  • Filepath
  • Detected malicious files
ADDITIONAL DATA COLLECTED
  • Master File Table (MFT)
  • Windows Event Logs (every raw .evt or .evtx files)
  • Registry hives:
    • %SYSTEMROOT%\System32\config\default
    • %SYSTEMROOT%\system32\config\SYSTEM
    • %SYSTEMROOT%\system32\config\SOFTWARE
    • %SYSTEMROOT%\system32\config\SECURITY
    • %SYSTEMROOT%\system32\config\SAM
    • ntuser.dat file under user folder
SERVICE ENABLE/DISABLE LOCATION
  • This is enabled by default if ATTK Advanced Collector is used from spnsupport.trendmicro.com:

NOTES

Additional data collected by the ATTK Advanced Collector Tool are not automatically sent to Trend Micro Inc. These data collected as included in the output.zip file which is manually submitted to Trend Micro for further analysis.

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

[Back to top]

Add a comment