Views:
The following firewall exceptions apply to networks with:

Trend Vision One Authentication

Service
Region
Exceptions
Trend Vision One
  • All
  • signin.v1.trendmicro.com
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net

Endpoint Security Exceptions

Service / Agent
Region
Exceptions
Endpoint Sensor Agents
  • All
  • assessment-ap2.mgcp.trendmicro.com
  • release-us1.mgcp.trendmicro.com
  • api-ap2.xbc.trendmicro.com
  • tgw-ap2.mgcp.trendmicro.com
  • support-connector-api.manage.trendmicro.com
  • supportconnectorpacks.manage.trendmicro.com
  • rpcollectedthings.manage.trendmicro.com
  • cloudendpoint-ap2.mgcp.trendmicro.com
  • er-ws-ane1.xdr.trendmicro.com
  • era-ane1.xdr.trendmicro.com
  • endpointpolicy-cdn-ap2.xbc.trendmicro.com
  • files.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • api.xdr.trendmicro.co.jp
  • api-cert.xdr.trendmicro.co.jp
  • upload.xdr.trendmicro.co.jp
  • wsc-ap2.xbc.trendmicro.com
  • files.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com
  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
Endpoint Sensor Agents with Sandbox Analysis
  • All
  • sandbox-threatconnect.trendmicro.com
Standard Endpoint Protection Agents
Important
Important
If you enable endpoint sensor detection and response, you must also add the Endpoint Sensor Agents exceptions.
  • All
  • <Apex One console_DNS>.manage.trendmicro.com
  • licenseupdate.trendmicro.com
  • asm01-nabu-prod.aot.trendmicro.com
  • api-nabu.aot.trendmicro.com
  • osce14-p.activeupdate.trendmicro.co.jp
  • tmsm35-p.activeupdate.trendmicro.co.jp
  • activeupdate.trendmicro.co.jp
  • osce14-jp.icrc.trendmicro.com
  • osce14-0-jp.url.trendmicro.com
  • osce140-jp.fbs25.trendmicro.com
  • osce14-jp.gfrbridge.trendmicro.com
  • osce14-jp-census.trendmicro.com
  • osce14bak-jp-census.trendmicro.com
  • osce140-jp-f.trx.trendmicro.com
  • oscecmp140-jp-f.trx.trendmicro.com
  • osce140-jp-b.trx.trendmicro.com
  • mcs.trendmicro.com
  • www.trendmicro.com/vinfo/jp/threat-encyclopedia/malware/
  • files.trendmicro.com
  • aurd-test2.activeupdate.trendmicro.com
  • support-connector-api.manage.trendmicro.com
  • support-connector-service.manage.trendmicro.com
  • supportconnectorpacks.manage.trendmicro.com
  • rpcollectedthings.blob.core.windows.net
macOS Agents:
  • tmsm35-jp.icrc.trendmicro.com/ss
  • tmsm3-5-jp.url.trendmicro.com
  • tmsm35-jp.gfrbridge.trendmicro.com
  • tmsm350-jp.fbs25.trendmicro.com
Server & Workload Protection Agents
Important
Important
If you enable endpoint sensor detection and response, you must also add the Endpoint Sensor Agents exceptions.
  • All regions
  • workload.jp-1.cloudone.trendmicro.com
  • agents.workload.jp-1.cloudone.trendmicro.com
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com
  • agent-comm.workload.jp-1.cloudone.trendmicro.com
  • dsmim.workload.jp-1.cloudone.trendmicro.com
  • relay.workload.jp-1.cloudone.trendmicro.com
  • xdr-resp-ioc.workload.jp-1.cloudone.trendmicro.com
  • files.trendmicro.com
  • iaus.activeupdate.trendmicro.com
  • iaus.trendmicro.com
  • ipv6-iaus.trendmicro.com
  • ipv6-iaus.activeupdate.trendmicro.com
  • dsaas1100-en-census.trendmicro.com
  • ds200-en.fbs25.trendmicro.com
  • ds200-jp.fbs25.trendmicro.com
  • dsaas.icrc.trendmicro.com
  • dsaas-en-f.trx.trendmicro.com
  • dsaas-en-b.trx.trendmicro.com
  • deepsecaas11-en.gfrbridge.trendmicro.com
  • dsaas.url.trendmicro.com
  • gateway.workload.jp-1.cloudone.trendmicro.com
  • gateway-control.workload.jp-1.cloudone.trendmicro.com
Firewall EIP Block
  • workload.jp-1.cloudone.trendmicro.com( 35.75.131.96/27, 18.99.69.160/27)
  • agents.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27)
  • relay.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27)
  • dsmim.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27)
  • agents-001 through agents-010.workload.jp-1.cloudone.trendmicro.com (35.75.131.96/27, 18.99.69.160/27)
Zero Trust Secure Access Exceptions
Important
Important
You must also specify the exceptions for the Endpoint Sensor Agents. These exceptions are found at Endpoint Sensor Agents.
Service
Region
Exceptions
Access Module
  • All
  • prod.ztsaagent.trendmicro.com
  • upload.xdr.trendmicro.co.jp
  • event-jp.ztsaagent.trendmicro.com
Authentication
  • All
  • agent-jp-rel.ztna.trendmicro.com
  • signin.v1.trendmicro.com
  • tm.login.trendmicro.com
  • iamservice.trendmicro.com
  • Other custom IDP services
Google reCAPTCHA:
  • www.gstatic.com
  • fonts.gstatic.com
  • Plus one of the following:
    • www.google.com (recommended)
    • www.recaptcha.net
Internet Access Service
  • All
  • auth.ztsa-iag.trendmicro.com
  • pac.jp.ztsa-iag.trendmicro.com
  • auth.jp.ztsa-iag.trendmicro.com
Internet Access Cloud Gateway
  • All
  • proxy.ztsa-iag.trendmicro.com
  • proxy.jp.ztsa-iag.trendmicro.com
Internet Access On-Premises Gateway with Smart Protection Network: Off
  • All
  • xlogr-ane1.xdr.trendmicro.com
  • api.ap-northeast-1.jp.ddcloud.trendmicro.com
  • iwsh30-en.url.trendmicro.com
  • api.crs.trendmicro.com
  • iwsh300-en.census.trendmicro.com
  • iwsaas30-en-f.trx.trendmicro.com
  • iwsh30-p.activeupdate.trendmicro.com
Internet Access On-Premises Gateway with Smart Protection Network: On
  • All
  • xlogr-ane1.xdr.trendmicro.com
  • api.ap-northeast-1.jp.ddcloud.trendmicro.com
  • ctapi.trendmicro.com
  • iwsh30-p.activeupdate.trendmicro.com
Private Access Connector
  • All
  • agent-jp-rel.ztna.trendmicro.com
  • saseztnaprodjpsagen2.blob.core.windows.net
  • saseztnaprodjpsa.blob.core.windows.net
  • sase-ztna-prod-jp-iothub-cntevt.azure-devices.net
  • speedtest.jp.ztna.trendmicro.com
  • ztnaextacr.azurecr.io
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org
Private Access Connector
(if not using the Trend Cloud Proxy service)
Australia
  • 20.5.69.128/28
Europe
  • 20.4.51.32/28
India
  • 20.219.254.160/28
Israel
  • 20.217.194.0/28
Japan
  • 52.140.246.128/28
Singapore
  • 52.187.118.64/28
United States
  • 20.7.52.240/28
Brazil
  • 4.228.193.144/28

Service Gateway Exceptions

Service
Region
Exceptions
Firmware
  • All
  • sgi-tunneling.jp.xdr.trendmicro.co.jp
  • sgi-iot.xdr.trendmicro.co.jp
  • api.xdr.trendmicro.co.jp
  • upload.xdr.trendmicro.co.jp
Smart Protection Network proxy: On
  • All
  • ctapi.trendmicro.com
  • sg-tmsps10-p.activeupdate.trendmicro.com
  • activeupdate.trendmicro.com
Smart Protection Network proxy: Off
  • All
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
  • grid-global.trendmicro.com
  • rest.mars.trendmicro.com
  • sg-tmsps10-en.gfrbridge.trendmicro.com
  • sg-tmsps10-p.activeupdate.trendmicro.com
  • sg-tmsps10-en-backup.url.trendmicro.com
  • activeupdate.trendmicro.com
Local ActiveUpdate
  • All
Refer to ActiveUpdate session of each product/agent

Trend Vision One Container Security

Service
Region
Exceptions
Artifact Scanner
  • All
  • upload.artifactscan.jp-1.cloudone.trendmicro.com
  • report.artifactscan.jp-1.cloudone.trendmicro.com
  • artifactscan.jp-1.cloudone.trendmicro.com
  • cli.artifactscan.cloudone.trendmicro.com
  • antimalware.jp-1.cloudone.trendmicro.com
Runtime Security
  • All
  • api.xdr.trendmicro.co.jp
  • vcs-iot-jp.xdr.trendmicro.com
  • vcs-storage-jp.xdr.trendmicro.com
    Note
    Note
    vcs-storage-jp.xdr.trendmicro.com is used by two services: Runtime Security and Inventory.
Runtime Malware Scanning
  • All
  • activeupdate.trendmicro.com
Inventory
  • All
  • api.xdr.trendmicro.co.jp
  • vcs-storage-jp.xdr.trendmicro.com
    Note
    Note
    vcs-storage-jp.xdr.trendmicro.com is used by two services: Runtime Security and Inventory.
Default Container Image Access
  • All
  • public.ecr.aws

Intrusion Prevention Configuration Exceptions

Service
Region
Exceptions
Intrusion Prevention Configuration
Australia
  • a1mmnfkx71i3sj-ats.iot.ap-southeast-2.amazonaws.com
Europe
  • a1mmnfkx71i3sj-ats.iot.eu-central-1.amazonaws.com
India
  • a1mmnfkx71i3sj-ats.iot.ap-south-1.amazonaws.com
Japan
  • a1mmnfkx71i3sj-ats.iot.ap-northeast-1.amazonaws.com
Singapore
  • a1mmnfkx71i3sj-ats.iot.ap-southeast-1.amazonaws.com
United States
  • a1mmnfkx71i3sj-ats.iot.us-east-1.amazonaws.com

Network Inventory

Service
Region
Exceptions
Virtual Network Sensor
Japan
  • xns-p.activeupdate.trendmicro.com
  • gp.fbs.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • api.xdr.trendmicro.co.jp
  • licenseupdate.trendmicro.com
For customers with "Send to Sandbox" enabled:
  • ctapi.trendmicro.com
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
Deep Discovery Inspector version 6.8 Service Pack 1
Japan
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.xdr.trendmicro.co.jp
  • ctapi.trendmicro.com
  • ddaaas.trendmicro.com
  • ddi681jp.retroscan.trendmicro.com
  • ddi68-p.activeupdate.trendmicro.co.jp
  • gp.fbs.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.8
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi68-ja-f.trx.trendmicro.com
  • ddi68-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi68jp.retroscan.trendmicro.com
  • ddi6-8-ja-t0.url.trendmicro.com
  • ddi6-8-ja-wis.trendmicro.com
  • ddi6-8-ja.url.trendmicro.com
  • ddi680-ja-census.trendmicro.com
  • ddi680-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.7 / 6.7 Service Pack 1
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi67-ja-f.trx.trendmicro.com
  • ddi67-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi67jp.retroscan.trendmicro.com
  • ddi6-7-ja-t0.url.trendmicro.com
  • ddi6-7-ja-wis.trendmicro.com
  • ddi6-7-ja.url.trendmicro.com
  • ddi670-ja-census.trendmicro.com
  • ddi670-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.6
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi66-ja-f.trx.trendmicro.com
  • ddi66-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi66jp.retroscan.trendmicro.com
  • ddi6-6-ja-t0.url.trendmicro.com
  • ddi6-6-ja-wis.trendmicro.com
  • ddi6-6-ja.url.trendmicro.com
  • ddi660-ja-census.trendmicro.com
  • ddi660-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.5
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi65-ja-f.trx.trendmicro.com
  • ddi65-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi65jp.retroscan.trendmicro.com
  • ddi6-5-ja-t0.url.trendmicro.com
  • ddi6-5-ja-wis.trendmicro.com
  • ddi6-5-ja.url.trendmicro.com
  • ddi650-ja-census.trendmicro.com
  • ddi650-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.2
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi62-ja-f.trx.trendmicro.com
  • ddi62-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi62jp.retroscan.trendmicro.com
  • ddi6-2-ja-t0.url.trendmicro.com
  • ddi6-2-ja-wis.trendmicro.com
  • ddi6-2-ja.url.trendmicro.com
  • ddi620-ja-census.trendmicro.com
  • ddi620-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com
Deep Discovery Inspector version 6.0
Japan
  • api-ni.xdr.trendmicro.co.jp
  • api.ddcloud.trendmicro.com
  • api.jp.ddcloud.trendmicro.com
  • api.jp.xdr.nacloud.trendmicro.com
  • ddaaas.trendmicro.com
  • gp.fbs.trendmicro.com
  • grid-global.trendmicro.com
  • intelliconnect.trendmicro.com
  • licenseupdate.trendmicro.com
  • portal-01.dddxdr.trendmicro.com
  • portal-02.dddxdr.trendmicro.com
  • rest.mars.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com
  • ddi60-ja-f.trx.trendmicro.com
  • ddi60-p.activeupdate.trendmicro.co.jp/activeupdate
  • ddi60jp.retroscan.trendmicro.com
  • ddi6-0-ja-t0.url.trendmicro.com
  • ddi6-0-ja-wis.trendmicro.com
  • ddi6-0-ja.url.trendmicro.com
  • ddi600-ja-census.trendmicro.com
  • ddi600-ja-domaincensus.trendmicro.com
Note
Note
If you connect Deep Discovery Inspector using Service Gateway with Smart Protection Network Proxy enabled, add the following exceptions in addition to the above ones:
  • sg-tmsps10-en-wis.trendmicro.com
  • sg-tmsps10-en.url.trendmicro.com
  • sg-tmsps100-en-census.trendmicro.com
  • sg-tmsps100-en-domaincensus.trendmicro.com

Trend Vision One Agentless Vulnerability & Threat Detection Exceptions

Service
Region
 Exceptions
Agentless Vulnerability and Threat Detection
Japan
  • googlecode.l.googleusercontent.com
  • sentry.jp-1.cloudone.trendmicro.com
  • xlogr-ane1.xdr.trendmicro.com

Cloud Risk Management

Service
Region
Exceptions
Real-Time Posture Monitoring
Japan
  • rtpm.apm-jp.xdr.trendmicro.com
  • a2sx2v445s9fxl-ats.iot.ap-northeast-1.amazonaws.com

Executive Dashboard

Service
Region
Exceptions
XDR
All
  • download.xdr.trendmicro.com