Views:

Review how policy settings line up between Worry-Free Security Agents and TrendAI Vision One™ Endpoint Security Policies.

The following table details the mapping between Worry-Free policy settings and Endpoint Security Policies when migrating your Worry-Free policy settings to TrendAI Vision One™.

Worry-Free policy module
Feature
Worry-Free policy settings
TrendAI Vision One™ Endpoint Security module and settings
Migration/ Applied settings
Scan Settings
Scan Method
  • Smart Scan
  • Conventional Scan
N/A
No migration
Monitoring Level
N/A
Anti-MalwareMonitoring Level
  • Detection
    • Cautious
    • Moderate (Default)
    • Aggressive
    • Extra aggressive
  • Prevention
    • Cautious
    • Moderate (Default)
    • Aggressive
    • Extra aggressive
Migrated policies use the default setting
Real-Time Scan
Enable real-time scan
Anti-MalwareScan settings
  • Enable real-time scan
Migration supported
Customize Target and Action
N/A
No migration
Scheduled Scan
Enable/Disable
Anti-MalwareScan settingsScheduled scan
If Worry-Free Services Scheduled Scan is enabled, the configured schedule is migrated to Policy Resources and applied to the Anti-Malware Scheduled scan settings. If disabled, no data is migrated.
TrendAI Vision One™ imports the schedule to Policy Resources with the name Worry-Free Scheduled Scan Task YYYYMMDD
Schedule configuration
Anti-MalwareScan settingsScheduled scan
Customize Target and Action
N/A
No migration
Manual Scan
Customize Target and Action
N/A
No migration
Behavior Monitoring
Behavior Monitoring
On/Off
Enabled when Anti-Malware is enabled.
Migration supported
Malware Behavior Blocking
Not configurable
No migration - applies TrendAI Vision One™ default behavior:
  • Block known and potential threats
Ransomware Protection
Not configurable
No migration - applies TrendAI Vision One™ default behavior:
  • Protect documents against unauthorized encryption or modification
  • Automatically back up and restore files changed by suspicious programs
  • Enable program inspection to detect and block compromised executable files
Anti-Exploit Protection
Not configurable
No migration
Intuit™ QuickBook™ Protection
N/A
No migration
Event Monitoring
Not configurable
No migration
Predictive Machine Learning
Predictive Machine Learning
On/Off
Enabled when Anti-Malware is enabled.
Migration supported
Detection Settings
Not configurable
No migration - applies TrendAI Vision One™ default behavior:
  • File: Quarantine
  • Process: Terminate
Vulnerability Protection
Vulnerability Protection
On/Off
Intrusion Prevention Enable/Disable
Migration supported
Detect only mode
N/A
Detect only mode
Migrated policies disable the setting by default
Rules
No customization
  • Recommendation settings
  • Rule status and configuration
Migrated policies apply the default settings:
  • Recommendation settings: Apply Intrusion Prevention Core ruleset
  • Rule status and configuration: all rule statuses set to Dynamic
Exclusions
Can configure approved IP address list up to 100 IPs supported
PoliciesGlobal Exception ListsVulnerability ProtectionApproved IP Address List
IP address exclusions: Can apply one list of up to 15 IP addresses from Policy Resources
Approved IP address list migrates to Policy Resoures with the name Worry-Free IP list from Vulnerability Protection YYYMMDD
If there are more than 15 entries on the approved IP list, TrendAI Vision One™ creates additional lists for the remaining IP addresses
Web Reputation
Web Reputation
On/Off
Web Reputation Enable/Disable
Migration supported
Security Level
Security Level:
  • High
  • Medium
  • Low
Scan settings, Security level:
  • High
  • Medium (Default)
  • Low
Migrated policies use the default setting
Untested URLs
Untested URLs:
  • Block websites that have not been tested by Trend Micro
Scan settings, Prevention:
  • Block pages that have not been tested by TrendAI™
Migration supported
Browser Exploit Prevention
Browser Exploit Prevention
N/A
No migration
Port monitoring for web protection
N/A
Port monitoring for web protection
Migrated policies use the default setting
  • Use default ports: 80,433,8080
Access rule
Approved/Blocked URL Lists
  • Global Approved and Blocked URL Lists
  • Specify exceptions
Maximum of 300 URLs for approved URLs. Maximum of 300 URLs for blocked URLs
Web access rules
Can select one each of the following list types:
  • Allow without logging - Domain list
  • Allow without logging - URL list
  • Block - Domain List
  • Block - URL List
Lists are configurable in Policy ResourcesWeb Lists and support up to 125 URLs or Domains per list
TrendAI Vision One™ creates lists based on the imported data from Worry-Free Services.
The migration process validates the URLs in the Global and Specify exceptions lists. Valid URLs are added to a URL list. URLs that fail validation but match the format https://*.{domain}/* are sorted into a domain list. All other invalid URLs are rejected. Duplicate URLs and domains are also rejected.
Naming format for migrated lists are:
  • Allow lists:
    • Worry-Free Approved Domains from Global Exception Lists YYYMMDD
    • Worry-Free Approved URLs from Global Exception Lists YYYMMDD
    • Worry-Free Approved Domains from Specify Exception Lists YYYMMDD
    • Worry-Free Approved URLs from Specify Exception Lists YYYMMDD
  • Block lists:
    • Worry-Free Blocked Domains from Global Exception Lists YYYMMDD
    • Worry-Free Blocked URLs from Global Exception Lists YYYMMDD
    • Worry-Free Blocked Domains from Specify Exception Lists YYYMMDD
    • Worry-Free Blocked Domains from Specify URLs Lists YYYMMDD
Firewall
Firewall
On/Off
Firewall: Enable/Disable
Migration supported
Mode
Simple mode: Enables the firewall with Trend Micro default settings
Security level:
  • Low (Default)
  • Medium
  • High
Migrated policies use the default setting
Advanced mode: Configure Firewall Security Level and Exceptions
  • Security level
  • Rule management
Migration supported
  • Security level is migrated
  • Exception list settings are migrated to a corresponding Firewall rule
Exception
Only in Advanced mode, up to 256 exception rules in Firewall Exception List
Rule management manages rule enable/disable status
Firewall rules are configured in Policy Resources. You can create up to 300 rules.
Note
Note
Firewall rules have strict support for IP address formats. Applying IP lists that contain both IPv4 and IPv6 addresses can cause unwanted behavior.
  • If you select the ICMP protocol, you can only use IP lists with the IPv4 format.
  • If you select the ICMPv6 protocol, you can only use IP lists with the IPv6 format.
Migration supported
  • If Worry-Free Firewall is in Simple mode or Off, Exception rules are not included in the migration.
  • If Worry-Free Firewall is in Advanced mode, all Exception lists are migrated to a corresponding TrendAI Vision One™ Firewall rule.
  • If a Worry-Free exception rule is bi-directional, TrendAI Vision One™ creates a separate rule for inbound and outbound traffic.
  • TrendAI Vision One™ supports up to 300 Firewall rules, 250 IP lists, and 250 port lists.
  • TrendAI Vision One™ does not migrate Worry-Free rules with the protocol set to Any and the port not set to All Ports.
Allowed programs
N/A
Allowed programs
Requires configuration in TrendAI Vision One™
Endpoint Sensor
Endpoint Sensor
On/Off
XDR for Endpoints (EDR): Enable/Disable
XDR for Endpoints (EDR) is enabled only if the Worry-Free Endpoint Sensor is on and there is an active valid Worry-Free license for Endpoint Sensor
Monitoring level
N/A
Monitoring level:
  • Cautious
  • Moderate (Default)
  • Aggressive
  • Extra aggressive
Migrated policies use the default setting
Deepfake detector
N/A
Deepfake detector:
  • Enable
  • Disable (default)
Migrated policies use the default setting
Sample Submission
Sample Submission
On/Off
Sandbox Analysis: Enable/Disable
Sandbox Analysis is enabled only if the Worry-Free Sample Submission is on and there is an active valid Worry-Free license for Sample Submission
Device Control
Device Control
On/Off
Device Control: Enable/Disable
Migration supported
Endpoint Settings
CD/DVD
N/A
No migration
Network drives
N/A
No migration
USB storage devices
  • Full access
  • Modify
  • Read and execute
  • Read
  • List device content only
  • Block
USB storage devices
  • Allow full access
  • Read only access
  • Block access
Migration supported with the following mapping:
  • Full access → Allow full access
  • Modify → Read only access
  • Read and execute → Read only access
  • Read → Read only access
  • List device content only → Block access
  • Block → Block access
Block the AutoRun function on USB storage devices
USB AutoRun function
  • Allow AutoRun
  • Block AutoRun
Migration supported
Mobile Devices
  • Full access
  • Read
  • Block
Mobile devices
  • Allow full access
  • Read only access
  • Block access
Migration supported
Non-Storage Devices
N/A
No migration
Exceptions
Allow specified users access to restricted devices.
N/A
No migration
Allowed USB Device List in PoliciesGlobal Exception Lists
Allowed devices
No migration
Permission and device information extraction methods differ between Worry-Free and TrendAI Vision One™
Allow programs from the specified path or digital signature provider to be executed and read/write files from restricted storage devices
N/A
No migration
Data Loss Prevention
Data Loss Prevention
Data Loss Prevention
  • On/Off
  • Rules
  • Exceptions
N/A
No migration
URL Filtering
URL Filtering
URL Filtering
  • On/Off
  • Filter Strength
  • Rules
  • Business Hours setting
N/A
No migration
Application Control
Application Control
On/Off
Application Control: Enable/Disable
Migration supported
Lockdown mode
Lockdown
Lockdown mode
Migration supported
Add Allow/Block rule
Worry-Free Application Control Rule has the following maximum numbers of match methods:
  • 400 applications on Application Reputation List
  • 400 File or folder paths
  • 400 Hash values (SHA-256)
  • 400 entries on Gray Software List
Application Control Rules are managed in Policy Resources. You can create up to 350 rules with the following match methods:
  • Certificate
  • File Path
  • SHA-256
Each rule supports file paths up to 2000 characters in length. Each rule can only include one hash value.
Limited migration supported
  • Rules using files or file paths are migrated.
  • Hash-based rules are not migrated.
  • If the total file path length exceeds 2000 characters, TrendAI Vision One™ creates multiple rules automatically.
Scan Exclusions
  • Real-Time Scan
  • Scheduled Scan
  • Manual Scan
  • Up to 256 specified folders
  • Up to 256 specified files
  • Up to 256 file extensions
Anti-MalwareScan exclusions
Supports up to 10 of each list managed in Policy Resources:
  • Directory lists
  • File lists
  • File extension lists
Each list supports up to 125 entries. Policy Resources supports up to 125 of each list type.
Only exceptions for Real-Time Scans are imported.
Imported lists use the following name format:
  • Worry-Free Antimalware Exclusion Directories YYYMMDD
  • Worry-Free Antimalware Exclusion Files YYYMMDD
  • Worry-Free Antimalware Exclusion File Extensions YYYMMDD
If the total number of entries exceed 125, TrendAI Vision One™ creates multiple lists automatically.
File extensions with wildcards or certain special characters cannot be migrated: \ \\ / : " < > | , . * ?
Spyware/Grayware
up to 1024 exceptions
N/A
No migration
Behavior Monitoring
  • Up to 500 Approved Programs
  • Up to 256 Blocked Programs
ExclusionsTrusted Programs List
Program Lists are managed by Policy Resources. Each list supports up to 125 entries.
Limited migration
  • Approved Programs are migrated to Policy ResourcesProgram Lists and automatically applied to the Trusted Programs List in Exclusions.
  • List name is Worry-Free Approved Program List from Behavior Monitoring YYYYMMDD
  • Programs are validated before migration. Invalid entries are not migrated.
  • Blocked Programs are not migrated.
Approved/Blocked URLs
Specify Approved and Blocked URL Lists
Specify Approved and Blocked URL Lists
Web Reputation
See the Web Reputation entry for more information
Global Exception List
Web Reputation/ URL Filtering
Web Reputation/ URL Filtering
  • Approved URLs: 300 entries
  • Blocked URLs: 300 entries
  • Approved IPs: 100 entries
  • Allowed Processes: 100 entries
  • Process Format: Executable names separated by semicolons (;). For example: MSVS.exe; process.exe
Web ReputationWeb access rules
  • Uses Web Lists configured in Policy Resources
  • Each list contains up to 125 URLs or domains. Can have up to 250 web lists.
Limited migration
  • Approved/Blocked URLs are migrated. See the Web Reputation entry for mor information.
  • Approved IP Addresses List and Process List are not migrated.
Malware Scan Exclusions
Trusted Windows Program List
Excludes up to 100 specified programs from Behavior Monitoring, Device Control, and Real-Time Scan
ExclusionsTrusted Programs List
Up to two Program lists can be assigned. Program Lists are managed by Policy Resources. Each list supports up to 125 entries.
Migration supported
  • Trusted programs list is migrated to Policy ResourcesProgram Lists and automatically applied to the Trusted Programs List in Exclusions.
  • List name is Worry-Free Approved Program List from Global Exception Lists YYYYMMDD
  • Programs are validated before migration. Invalid entries are not migrated.
Predictive Machine Learning Exception List
Exclude up to 500 specified SHA-1 hash value entries from Predictive machine Learning scanning
Anti-MalwareScan Exclusions
One hash list can be assigned under scan exclusions. Up to 250 hash lists can be configured in Policy Resources. Up to 50 hash entries per list.
Migration supported
  • List name is Worry-Free Exclusion ML Hashes YYYYMMDD
Device Control
Allowed USB Device List
Supports up to 20000 devices
Device ControlAllowed devices
Can add information directly or import from file
No migration
Permission and device information extraction methods differ between Worry-Free and TrendAI Vision One™
Vulnerability Protection
Approved IP Address List up to 100 IP addresses
Intrusion PreventionIP address exclusions
Select one IP List from Policy Resources. Each list supports up to 15 entries. Can apply one IP list to the policy at a time.
See the previous entry for Vulnerability Protection for more information.
Privileges and Other Settings
Privileges
Allow users to configure specified settings on the Security Agent.
  • Scan Types
    • Manual Scan
    • Scheduled Scan
    • Real-Time Scan
  • Scheduled Scan
    • Enable or disable Scheduled Scan
    • Skip and stop Scheduled Scan
    • Postpone Scheduled Scan
  • Firewall
    • View firewall settings
    • Enable or disable the firewall
  • Web Reputation
    • Continue browsing a malicious URL until the endpoint is restarted
  • URL Filtering
    • Continue browsing a restricted URL until the endpoint is restarted
  • Behavior Monitoring
    • View and configure Behavior Monitoring settings
  • Agent Alerts
    • Configure alert settings
Agent Interface: Enabled by default
  • General settings
    • Add manual scan to the shortcut menu on endpoints
  • Notification settings
    • Notify users of an upcoming scheduled scan
    • Allow user to postpone a scheduled scan
    • Allow user to skip a scheduled scan
Limited migration
  • These Scheduled Scan settings are migrated:
    • Postpone Scheduled Scan → Allow user to postpone a scheduled scan
    • Skip and stop Scheduled Scan → Allow user to skip a scheduled scan
  • Other settings are not migrated.
  • Migrated policies enable Add manual scan to the shortcut menu on endpoints
Alerts
Display a notification when the specified events occur.
  • Threat Protection
    • Real-Time Scan
    • Scheduled Scan
    • Behavior Monitoring
    • Predictive Machine Learning
    • Web Reputation
    • Firewall
    • Suspicious Objects
  • Data Protection
    • Device Control
    • Data Loss Prevention
  • Access Control
    • Application Control
    • URL Filtering
  • Other Settings
    • Blocked HTTP/2 URLs
Agent InterfaceNotification Settings
  • Scheduled Scan
  • Threat Protection
    • Anti-Malware
    • Web Reputation
  • Access Control
    • Application Control
    • Device Control
    • Firewall
  • Cyber Risk & Security Operations
    • Sensitive data (Data Security)
    • Endpoint isolation
    • Deepfake detection
    • App termination
Limited migration
The following notification settings are migrated:
  • Real-Time Scan
  • Scheduled Scan
  • Web Reputation
  • Firewall
  • Device Control
  • Application Control
All other alerts in TrendAI Vision One™ use the default settings.
Self-Protection
Agent Self-Protection
Not a configurable option. Self-protection is always enabled
No migration - all agents enable self-protection
User permissions
N/A
Allow users to shut down the agent using an authorization token
Authorization tokens are managed in Policy Resources
No migration
Advanced Risk Telemetry
N/A
N/A
Advanced Risk Telemetry
Enabled by default
Data Security Sensor
N/A
N/A
Data Security Sensor
Disabled by default
Identity Security Sensor
N/A
N/A
Identity Security Sensor
TrendAI™ recommends only enabling Active Directory monitoring on endpoints that are domain controllers. This feature requires enabling Active Directory integration.
Disabled by default
Browser Extension
N/A
N/A
Browser Extension
Enabled by default