The following firewall exceptions apply to networks with:
-
Service Gateway installed and cloud service extension turned off
-
No Service Gateway installed
TrendAI Vision One™ Authentication
|
Service
|
Region
|
Exceptions
|
|
TrendAI Vision One™
|
|
signin.v1.trendmicro.com tm.login.trendmicro.com iamservice.trendmicro.com Other custom IDP services Google reCAPTCHA:
www.gstatic.com fonts.gstatic.com Plus one of the following: www.google.com (recommended) www.recaptcha.net |
Endpoint Security Exceptions
|
Service / Agent
|
Region
|
Exceptions
|
||
|
Endpoint Sensor features
|
|
assessment-ap2.mgcp.trendmicro.com release-us1.mgcp.trendmicro.com api-ap2.xbc.trendmicro.com tgw-ap2.mgcp.trendmicro.com support-connector-api.manage.trendmicro.com supportconnectorpacks.manage.trendmicro.com rpcollectedthings.manage.trendmicro.com cloudendpoint-ap2.mgcp.trendmicro.com er-ws-ane1.xdr.trendmicro.com era-ane1.xdr.trendmicro.com endpointpolicy-cdn-ap2.xbc.trendmicro.com files.trendmicro.com xlogr-ane1.xdr.trendmicro.com api.xdr.trendmicro.co.jp api-cert.xdr.trendmicro.co.jp upload.xdr.trendmicro.co.jp wsc-ap2.xbc.trendmicro.com files.trendmicro.com ipv6-iaus.trendmicro.com ipv6-iaus.activeupdate.trendmicro.com iaus.activeupdate.trendmicro.com iaus.trendmicro.com |
||
|
Browser extension
|
|
clients2.google.com/service/update2/crx edge.microsoft.com/extensionwebstorebase/v1/crx |
||
|
Sandbox Analysis
|
|
sandbox-threatconnect.trendmicro.com |
||
|
Standard Endpoint Protection features
|
|
<Apex One console_DNS>.manage.trendmicro.com licenseupdate.trendmicro.com asm01-nabu-prod.aot.trendmicro.com api-nabu.aot.trendmicro.com osce14-p.activeupdate.trendmicro.co.jp tmsm35-p.activeupdate.trendmicro.co.jp activeupdate.trendmicro.co.jp osce14-jp.icrc.trendmicro.com osce14-0-jp.url.trendmicro.com osce140-jp.fbs25.trendmicro.com osce14-jp.gfrbridge.trendmicro.com osce14-jp-census.trendmicro.com osce14bak-jp-census.trendmicro.com osce140-jp-f.trx.trendmicro.com oscecmp140-jp-f.trx.trendmicro.com osce140-jp-b.trx.trendmicro.com mcs.trendmicro.com www.trendmicro.com/vinfo/jp/threat-encyclopedia/malware/ files.trendmicro.com aurd-test2.activeupdate.trendmicro.com support-connector-api.manage.trendmicro.com support-connector-service.manage.trendmicro.com supportconnectorpacks.manage.trendmicro.com rpcollectedthings.blob.core.windows.net macOS Agents:
tmsm35-jp.icrc.trendmicro.com/ss tmsm3-5-jp.url.trendmicro.com tmsm35-jp.gfrbridge.trendmicro.com tmsm350-jp.fbs25.trendmicro.com |
||
|
Server & Workload Protection features
|
|
workload.jp-1.cloudone.trendmicro.com agents.workload.jp-1.cloudone.trendmicro.com agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com agent-comm.workload.jp-1.cloudone.trendmicro.com dsmim.workload.jp-1.cloudone.trendmicro.com relay.workload.jp-1.cloudone.trendmicro.com xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com files.trendmicro.com iaus.activeupdate.trendmicro.com iaus.trendmicro.com ipv6-iaus.trendmicro.com ipv6-iaus.activeupdate.trendmicro.com dsaas1100-en-census.trendmicro.com ds200-en.fbs25.trendmicro.com ds200-jp.fbs25.trendmicro.com dsaas.icrc.trendmicro.com dsaas-en-f.trx.trendmicro.com dsaas-en-b.trx.trendmicro.com deepsecaas11-en.gfrbridge.trendmicro.com dsaas.url.trendmicro.com gateway.workload.jp-1.cloudone.trendmicro.com gateway-control.workload.jp-1.cloudone.trendmicro.com relay.deepsecurity.trendmicro.com Firewall EIP Block
workload.jp-1.cloudone.trendmicro.com( 35.75.131.96/27, 18.99.69.160/27) agents.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27) relay.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27) dsmim.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27) agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27) |
Zero Trust Secure Access Exceptions
 |
ImportantYou must also specify the exceptions for the Endpoint Sensor Agents. These exceptions
are found at Endpoint Sensor Agents.
|
|
Service
|
Region
|
Exceptions
|
|
Access Module
|
|
prod.ztsaagent.trendmicro.com upload.xdr.trendmicro.co.jp event-jp.ztsaagent.trendmicro.com |
|
Authentication
|
|
agent-jp-rel.ztna.trendmicro.com signin.v1.trendmicro.com tm.login.trendmicro.com iamservice.trendmicro.com Other custom IDP services Google reCAPTCHA:
www.gstatic.com fonts.gstatic.com Plus one of the following: www.google.com (recommended) www.recaptcha.net |
|
Internet Access Service
|
|
auth.ztsa-iag.trendmicro.com pac.jp.ztsa-iag.trendmicro.com auth.jp.ztsa-iag.trendmicro.com |
|
Internet Access Cloud Gateway
|
|
proxy.ztsa-iag.trendmicro.com proxy.jp.ztsa-iag.trendmicro.com d9vbqsel5dvrs.cloudfront.net |
|
Internet Access On-Premises Gateway with Smart Protection Network: Off
|
|
xlogr-ane1.xdr.trendmicro.com api.ap-northeast-1.jp.ddcloud.trendmicro.com iwsh30-en.url.trendmicro.com api.crs.trendmicro.com iwsh300-en.census.trendmicro.com iwsaas30-en-f.trx.trendmicro.com iwsh30-p.activeupdate.trendmicro.com d9vbqsel5dvrs.cloudfront.net |
|
Internet Access On-Premises Gateway with Smart Protection Network: On
|
|
xlogr-ane1.xdr.trendmicro.com api.ap-northeast-1.jp.ddcloud.trendmicro.com ctapi.trendmicro.com iwsh30-p.activeupdate.trendmicro.com d9vbqsel5dvrs.cloudfront.net |
|
Private Access Connector
|
|
agent-jp-rel.ztna.trendmicro.com saseztnaprodjpsagen2.blob.core.windows.net saseztnaprodjpsa.blob.core.windows.net sase-ztna-prod-jp-iothub-cntevt.azure-devices.net speedtest.jp.ztna.trendmicro.com ztnaextacr.azurecr.io 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org |
|
Private Access Connector
(if not using the Trend Cloud Proxy service)
|
Australia
|
20.5.69.128/28 |
|
Europe
|
20.4.51.32/28 |
|
|
India
|
20.219.254.160/28 |
|
|
Israel
|
20.217.194.0/28 |
|
|
Japan
|
52.140.246.128/28 |
|
|
Singapore
|
52.187.118.64/28 |
|
|
United States
|
20.7.52.240/28 |
|
|
Brazil
|
4.228.193.144/28 |
|
|
MEA
|
20.74.229.224/28 |
|
|
United Kingdom
|
20.0.229.192/28 |
|
|
Canada
|
40.82.166.0/28 |
Service Gateway Exceptions
|
Service
|
Region
|
Exceptions
|
|
Firmware
|
|
sgi-tunneling.jp.xdr.trendmicro.co.jp sgi-iot.xdr.trendmicro.co.jp api.xdr.trendmicro.co.jp upload.xdr.trendmicro.co.jp |
|
Smart Protection Network proxy: On
|
|
ctapi.trendmicro.com sg-tmsps10-p.activeupdate.trendmicro.com activeupdate.trendmicro.com |
|
Smart Protection Network proxy: Off
|
|
sg-tmsps10-en.url.trendmicro.com sg-tmsps10-en-wis.trendmicro.com sg-tmsps100-en-census.trendmicro.com sg-tmsps100-en-domaincensus.trendmicro.com grid-global.trendmicro.com rest.mars.trendmicro.com sg-tmsps10-en.gfrbridge.trendmicro.com sg-tmsps10-p.activeupdate.trendmicro.com sg-tmsps10-en-backup.url.trendmicro.com activeupdate.trendmicro.com |
|
Local ActiveUpdate
|
|
Refer to ActiveUpdate session of each product/agent
|
Forensics and Analysis
|
Service / Agent
|
Region
|
Exceptions
|
|
IR Tool Download for Agent
|
|
resources.prod-ap-northeast-1.irs.trendmicro.com |
TrendAI Vision One™ Container Security
|
Service
|
Region
|
Exceptions
|
|
Mandatory for Container Security
|
|
api.xdr.trendmicro.co.jp vcs-storage-jp.xdr.trendmicro.com |
|
Artifact Scanner
|
|
api.xdr.trendmicro.co.jp ast-upload-jp.xdr.trendmicro.com ast-report-jp.xdr.trendmicro.com ast-cli.xdr.trendmicro.com antimalware.jp-1.cloudone.trendmicro.com antimalware-ane1.xdr.trendmicro.com |
|
Runtime Security
|
|
api.xdr.trendmicro.co.jp api.jp.xdr.trendmicro.co.jp vcs-iot-jp.xdr.trendmicro.com vcs-storage-jp.xdr.trendmicro.com |
|
Runtime Malware Scanning
|
|
activeupdate.trendmicro.com |
|
Default Container Image Access
|
|
public.ecr.aws *.cloudfront.net |
TippingPoint Exceptions
|
Service
|
Region
|
Exceptions
|
|
TippingPoint
|
Australia
|
a1mmnfkx71i3sj-ats.iot.ap-southeast-2.amazonaws.com |
|
Europe
|
a1mmnfkx71i3sj-ats.iot.eu-central-1.amazonaws.com |
|
|
India
|
a1mmnfkx71i3sj-ats.iot.ap-south-1.amazonaws.com |
|
|
Japan
|
a1mmnfkx71i3sj-ats.iot.ap-northeast-1.amazonaws.com |
|
|
Singapore
|
a1mmnfkx71i3sj-ats.iot.ap-southeast-1.amazonaws.com |
|
|
United Kingdom
|
a1mmnfkx71i3sj-ats.iot.eu-west-2.amazonaws.com |
|
|
United States
|
a1mmnfkx71i3sj-ats.iot.us-east-1.amazonaws.com |
Network Inventory
|
Service
|
Region
|
Exceptions
|
||
|
Virtual Network Sensor
|
Japan
|
xns-p.activeupdate.trendmicro.com gp.fbs.trendmicro.com xlogr-ane1.xdr.trendmicro.com api.xdr.trendmicro.co.jp licenseupdate.trendmicro.com For customers with "Send to Sandbox" enabled, add the following as well:
ctapi.trendmicro.com api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com |
||
|
Deep Discovery Inspector version 6.8 Service Pack 1 / 6.8 Service Pack 2
|
Japan
|
api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.xdr.trendmicro.co.jp ctapi.trendmicro.com ddaaas.trendmicro.com ddi681jp.retroscan.trendmicro.com ddi68-p.activeupdate.trendmicro.co.jp gp.fbs.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com xlogr-ane1.xdr.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.8
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com api.xdr.trendmicro.co.jp ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi68-ja-f.trx.trendmicro.com ddi68-p.activeupdate.trendmicro.co.jp/activeupdate ddi68jp.retroscan.trendmicro.com ddi6-8-ja-t0.url.trendmicro.com ddi6-8-ja-wis.trendmicro.com ddi6-8-ja.url.trendmicro.com ddi680-ja-census.trendmicro.com ddi680-ja-domaincensus.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.7 / 6.7 Service Pack 1
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com api.xdr.trendmicro.co.jp ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi67-ja-f.trx.trendmicro.com ddi67-p.activeupdate.trendmicro.co.jp/activeupdate ddi67jp.retroscan.trendmicro.com ddi6-7-ja-t0.url.trendmicro.com ddi6-7-ja-wis.trendmicro.com ddi6-7-ja.url.trendmicro.com ddi670-ja-census.trendmicro.com ddi670-ja-domaincensus.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.6
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi66-ja-f.trx.trendmicro.com ddi66-p.activeupdate.trendmicro.co.jp/activeupdate ddi66jp.retroscan.trendmicro.com ddi6-6-ja-t0.url.trendmicro.com ddi6-6-ja-wis.trendmicro.com ddi6-6-ja.url.trendmicro.com ddi660-ja-census.trendmicro.com ddi660-ja-domaincensus.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.5
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi65-ja-f.trx.trendmicro.com ddi65-p.activeupdate.trendmicro.co.jp/activeupdate ddi65jp.retroscan.trendmicro.com ddi6-5-ja-t0.url.trendmicro.com ddi6-5-ja-wis.trendmicro.com ddi6-5-ja.url.trendmicro.com ddi650-ja-census.trendmicro.com ddi650-ja-domaincensus.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.2
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi62-ja-f.trx.trendmicro.com ddi62-p.activeupdate.trendmicro.co.jp/activeupdate ddi62jp.retroscan.trendmicro.com ddi6-2-ja-t0.url.trendmicro.com ddi6-2-ja-wis.trendmicro.com ddi6-2-ja.url.trendmicro.com ddi620-ja-census.trendmicro.com ddi620-ja-domaincensus.trendmicro.com
|
||
|
Deep Discovery Inspector version 6.0
|
Japan
|
api-ni.xdr.trendmicro.co.jp api.ddcloud.trendmicro.com api.jp.ddcloud.trendmicro.com api.jp.xdr.nacloud.trendmicro.com ddaaas.trendmicro.com gp.fbs.trendmicro.com grid-global.trendmicro.com intelliconnect.trendmicro.com licenseupdate.trendmicro.com portal-01.dddxdr.trendmicro.com portal-02.dddxdr.trendmicro.com rest.mars.trendmicro.com xlogr-ane1.xdr.trendmicro.com ddi60-ja-f.trx.trendmicro.com ddi60-p.activeupdate.trendmicro.co.jp/activeupdate ddi60jp.retroscan.trendmicro.com ddi6-0-ja-t0.url.trendmicro.com ddi6-0-ja-wis.trendmicro.com ddi6-0-ja.url.trendmicro.com ddi600-ja-census.trendmicro.com ddi600-ja-domaincensus.trendmicro.com
|
Mobile Seciurity for Android
|
Server
|
Region
|
Port
|
Exceptions
|
|
TrendMicro Mobile Security Backend
|
All
|
|
*.mobile.trendmicro.com *.xdr.trendmicro.com https://portal.mobile.trendmicro.com/ui/ami/mobile/h5/worryfree/openAndroidApp.html?productCode=wfbss&authCode=HWQj7aab&userPrincipalName= rest.mars.trendmicro.com rest-g.mars.trendmicro.com rest-g-au.mars.trendmicro.com mint.mars.trendmicro.com portal-sg.mobile.trendmicro.com *.ztna.trendmicro.com *.ztsa-iag.trendmicro.com logs.trendmicro.com spnsupport.trendmicro.com mxdr1-0.url.trendmicro.com mxdr1-0-im.url.trendmicro.com http://*.trendmicro.com https://*.trendmicro.com |
|
Trendmicro website for Japan
|
Japan
|
|
http://*.trendmicro.co.jp https://*.trendmicro.co.jp |
|
GooglePlay / Firebase Server
|
All
|
|
*.google.com *.firebase.com *.googleapis.com *.firebaseio.com |
|
Log feedback
|
All
|
|
https://cognito-identity.us-west-2.amazonaws.com |
Mobile Security for iOS
|
Server
|
Region
|
Port
|
Exceptions
|
|
TrendMicro Mobile Security Backend
|
All
|
|
*.trendmicro.com *.mobile.trendmicro.com *.xdr.trendmicro.com rest.mars.trendmicro.com rest-g.mars.trendmicro.com rest-g-au.mars.trendmicro.com mint.mars.trendmicro.com portal-sg.mobile.trendmicro.com *.ztna.trendmicro.com *.ztsa-iag.trendmicro.com logs.trendmicro.com spnsupport.trendmicro.com mxdr1-0.url.trendmicro.com mxdr1-0-im.url.trendmicro.com mxdr1-0-ios.url.trendmicro.com http://*.trendmicro.com https://*.trendmicro.com |
|
Trendmicro website for Japan
|
Japan
|
|
http://*.trendmicro.co.jp https://*.trendmicro.co.jp |
|
Apple Server
|
All
|
|
*.apple.com *.mzstatic.com *.icloud.com |
|
Firebase Server
|
All
|
|
*.google.com *.firebase.com *.googleapis.com *.firebaseio.com |
|
Log feedback
|
All
|
|
https://cognito-identity.us-west-2.amazonaws.com |
TrendAI Vision One™ Agentless Vulnerability & Threat Detection Exceptions
|
Service
|
Region
|
Exceptions |
|
Agentless Vulnerability and Threat Detection
|
Japan
|
googlecode.l.googleusercontent.com sentry.jp-1.cloudone.trendmicro.com xlogr-ane1.xdr.trendmicro.com |
Security Awareness Exceptions
|
Service
|
Region
|
Exceptions
|
|
Security awareness
|
All
|
cdn.tiny.cloud |
Cloud Risk Management
|
Service
|
Region
|
Exceptions
|
|
Real-Time Posture Monitoring
|
Japan
|
rtpm.apm-jp.xdr.trendmicro.com a2sx2v445s9fxl-ats.iot.ap-northeast-1.amazonaws.com |
Executive Dashboard
|
Service
|
Region
|
Exceptions
|
|
XDR
|
All
|
download.xdr.trendmicro.com |
LaunchDarkly exceptions
|
Service
|
Region
|
Exceptions
|
|
LaunchDarkly
|
|
For the complete list of required LaunchDarkly domains, see the LaunchDarkly domain list.
|