datasheet

Trend Micro™

Endpoint Application Control

Prevents Unwanted and Unknown Applications from Executing

Organizations are becoming increasingly aware that traditional signature-based antivirus software
approaches do not provide adequate defense against modern threats and targeted attacks.
Protection Points
This is exacerbated by the hundreds of thousands of new malicious software applications
•• Endpoints
being rolled out daily, making it extremely difficult to protect against all potential threats.
•• Servers
Without proper protection, you risk losing private company data that resides on endpoints.
•• Embedded and Point of Sale
In addition, the machines can be used as a springboard for malicious threats to enter
(POS) devices
the network. This increases the need to safeguard data and machines against both
inadvertent end-user behavior or unauthorized infiltration and the resulting execution Threat Protection
of new unwanted or malicious applications. •• Vulnerability Exploits
•• Malicious Applications (executables,
Trend Micro Endpoint Application Control allows you to enhance your defenses against DLLs, device drivers, Windows® store
malware and targeted attacks by preventing unknown and unwanted applications from apps, and others)
executing on your corporate endpoints. With a combination of flexible, dynamic policies,
whitelisting and blacklisting capabilities, as well as an extensive application catalog, this
easy-to-manage solution significantly reduces your endpoint attack exposure. For even
greater insight into threats, user-based visibility and policy management are available in the
local administration console or in the centrally-managed Trend Micro™ Control Manager™.

key features
Enhanced protection defends against malware, •• Uses intelligent and dynamic policies that •• Ensures that patches/updates associated
targeted attacks, and zero-day threats still allow users to install valid applications with whitelisted applications can be installed,
based on reputation-based variables like the as well as allowing your update programs
•• Prevents potential damage from unwanted prevalence, regional usage, and maturity of to install new patches/updates, with trusted
or unknown applications (executables, DLLs, the application sources of change
Windows App store apps, device drivers,
control panels, and other Portable Executable •• Provides greater insight into threat outbreaks •• Features roll-your-own application
(PE) files) with user-based visibility, policy management, whitelisting and blacklisting for in-house
and log aggregation. Enables reporting and unlisted applications
•• Provides global and local real-time threat across multiple layers of Trend Micro security
intelligence based on good file reputation •• Delivers unparalleled breadth of applications
solutions through Control Manager
data correlated across a global network and good file data
•• Easily deployed using existing OfficeScan
•• Interconnects with additional layers of endpoint security or other third-party
security to better correlate threat data Compliance with internal IT policies helps
deployment tools
and stop more threats, more often reduce legal and financial liabilities
•• Categorizes the applications and provides
•• Leverages threat data analyzed and correlated regular updates to simplify administration •• Limits application usage to a specific list
from 347 million unique files and 4+ billion using Trend Micro’s Certified Safe of applications supported by data loss
good file records (Trend Micro™ Smart Software Service prevention (DLP) products for specific
Protection Network™) users or endpoints
•• Integrates with Trend Micro Complete User •• Collects and limits application usage for
In-depth whitelisting and blacklisting blocks
Protection to complement antivirus, host software licensing compliance
unknown and unwanted applications
intrusion prevention, data loss prevention,
•• Features system lockdown to harden
mobile security, and more •• Uses application name, path, regular
end-user systems by preventing new
expression, or certificate for basic
applications from being executed
application whitelisting and blacklisting
Simplified management speeds protection
•• Contains broad coverage of pre-categorized
•• Increases convenience of implementing applications that can be easily selected
granular control with a customizable from Trend Micro’s application catalog
dashboard and management console (with regular updates)

Page 1 of 2 • datasheet • endpoint application control

 key benefits Complete User Protection
Endpoint Application Control is part of the
•• Protects against users or machines executing malicious software
Trend Micro™ Smart Protection Suites™.
•• Further simplifies deployment when used with OfficeScan These interconnected, multi-layered
•• Provides advanced features for centralized enforcement of corporate policies with security suites protect your users and
Control Manager their data regardless of the device they
•• Utilizes extensive categorized application catalog (analyzed and correlated threat data use, or where they are working. The
from billions of files in the Trend Micro Smart Protection Network) Smart Protection Suites combine the
broadest range of endpoint and mobile
•• Employs dynamic policies to allow users to install valid applications based on many
threat protection capabilities with multiple
reputation-based variables such as prevalence, regional usage, and maturity
layers of email, collaboration, and
gateway security. And, you can manage
users across multiple threat vectors from
a single management console that gives
PLATFORM ARCHITECTURE you complete user-based visibility of the
Trend Micro Endpoint Application Control can scale up to 20,000 endpoints per server and more security of your environment.
with a cluster of servers or multiple servers managed by Control Manager. As an on-premises
software application, Endpoint Application Control integrates with other Trend Micro threat
protection solutions to enhance overall malware protection. Two components are required:
Trend Micro Control Manager
This centralized security management
•• Server installs on supported Windows platforms and is managed through a web-browser
console ensures consistent security
•• Agent installs on supported Windows platforms management and complete visibility,
policy management, and reporting
across multiple layers of interconnected
security from Trend Micro. It also extends
visibility and control across on-premises,
Systems Requirements
cloud, and hybrid deployment models.
Centralized management combines with
Minimum Recommended Server Requirements
user-based visibility to improve protection,
Server Operating Systems: reduce complexity, and eliminate
•• Microsoft Windows Server 2008 and 2008 R2 (x86/x64) redundant and repetitive tasks in security
•• Microsoft Windows Server 2012 and 2012 R2 (x86/x64) administration. Control Manager also
•• (Optional) IIS v7.0 or higher with these modules: CGI, ISAPI, ISAPI Extensions provides access to actionable threat
intelligence from the Trend Micro™ Smart
Server Platform: Protection Network™, which uses global
•• Processor: 1.7 GHz Intel Core i3 (2 CPU cores) or better threat intelligence to deliver real-time
•• Memory: 6 GB RAM recommended security from the cloud, blocking threats
•• Disk Space: 45 GB of free disk space before they reach you.

Minimum Recommended agent Requirements

Agent Operating System:
•• Windows (x86/x64) XP Editions
•• Windows (x86/x64) Vista Editions
•• Windows (x86/x64) 7 Editions
•• Windows (x86/x64) 8, 8.1 Editions
•• Windows (x86/x64) 10 Editions
•• Microsoft Windows (x86/x64) Server 2003, 2003 R2
•• Microsoft Windows (x86/x64) Server 2008, 2008 R2
•• Microsoft Windows Server 2012, 2012 R2
•• Windows Embedded Enterprise, POSReady 2009, POSReady 7, XPe, Standard 2009, Standard 7
©2015 by Trend Micro Incorporated. All rights reserved. Trend Micro, the
Agent Platform: Trend Micro t-ball logo, Smart Protection Network, and Control Manager
are trademarks or registered trademarks of Trend Micro Incorporated. All
•• Processor: 300 MHz Intel Pentium or equivalent other company and/or product names may be trademarks or registered
trademarks of their owners. Information contained in this document is
•• Memory: 512 MB RAM subject to change without notice. [DS08_EAC_151006US]

•• Disk Space: 350 MB

Detailed requirements are available here:

http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control/requirements.aspx

Page 2 of 2 • datasheet • endpoint application control