Enroll your Standard Endpoint Protection and Server & Workload Protection instances in version control policies to centralize management of agent and component updates.
 |
Important
|
Version control policies automatically manage agent and component updates for the
Trend Vision One Endpoint Security agent. Updates for endpoint protection components are managed based on the enrollment status
of your Protection Managers. The table below details what version control policies
manages:
|
Solution
|
Trend Vision One Endpoint Security agent components
|
Endpoint protection components (patterns, engines)
|
|
Trend Micro agents reporting to Trend Vision One Endpoint Inventory
|
Yes
|
No
|
|
Standard Endpoint Protection Managers - enrolled in version control policies
|
Yes
|
Yes
|
|
Standard Endpoint Protection Managers - not enrolled in version control policies
|
Yes
|
No
|
|
Server & Workload Protection Managers - enrolled in version control policies
|
Yes
|
Yes
|
|
Server & Workload Protection Managers - not enrolled in version control policies
|
Yes
|
No
|
For connected endpoint protection solutions (for example, Apex One as a Service or
Trend Cloud One Endpoint & Workload Protection), the version control policies only
apply to endpoints that report to Trend Vision One Endpoint Inventory (endpoints with the Trend Vision One Endpoint Security agent installed). The connected endpoint protection servers apply their own components
policies to manage all other components.
To manage endpoint protection updates for Standard Endpoint Protection and Server
& Workload Protection, you must enroll your Protection Manager instances. To enroll
your Protection Manager instances, click the settings icon (
) and select Protection Manager enrollment.
) and select Protection Manager enrollment. |
ImportantNewly created Protection Manager instances are automatically enrolled in Version Control
Policies and do not appear in Protection Manager enrollment. If you need to unenroll an instance not listed in Protection Manager enrollment, please contact your support provider.
If you updated from Trend Cloud One Endpoint & Workload Security to Server & Workload
Protection, verify the API keys have been generated in your Trend Cloud One console.
If the API keys do not generate correctly, you cannot view or select your Server &
Workload Protection Manager in the enrollment list. For more information, see Why is my Protection Manager not on the enrollment list?
You can still assign endpoint groups to version control policies even if the Protection
Manager instance is not enrolled.
|
When enrolling, please note the following:
-
Version control policies only support Trend Vision One Endpoint Security agent version 202412 and later. For detailed information, see Version control policies agent requirements.
-
Version control policies cannot manage endpoints which do not have the Trend Vision One Endpoint Security agent installed. For more information, see What is an unmanaged endpoint?.To download and install the Trend Vision One Endpoint Security agent package, see Deploy Agents.
-
Deploy a Service Gateway with the ActiveUpdate and Generic Caching Service services enabled.The Service Gateway provides local proxy and ActiveUpdate services for endpoint agents. Additionally, the Generic Caching Service helps simplify your environment by replacing the Update Agents feature for Standard Endpoint Protection and the Relays feature for Server & Workload Protection. For more information about Service Gateways, see Service Gateway Management.
Important
The Generic Caching Service is a pre-release feature not supported in all regions and might not appear in your list of Service Gateway services. To access the service, please contact your sales representative. -
Policy settings override any settings in the Protection Manager. This includes version control and pausing, resuming, or disabling updates.
-
Some component update settings are handled by the Protection Managers.
-
For Standard Endpoint Protection, you can configure the agent update schedule as well as which components are included in agent updates. Updating the agent program is controlled by the assigned version control policy.To configure the update schedule and component settings for Standard Endpoint Protection, see Component Updates.
-
For Server & Workload Protection, you can configure the agent update schedule. All other settings are ignored by endpoint agents managed by a version control policy.To configure the update schedule for Server & Workload Protection, see Apply security updates.
-