Wählen Sie Ihre Cookie-Einstellungen aus

Wir verwenden essentielle Cookies und ähnliche Tools, die für die Bereitstellung unserer Website und Services erforderlich sind. Wir verwenden Performance-Cookies, um anonyme Statistiken zu sammeln, damit wir verstehen können, wie Kunden unsere Website nutzen, und Verbesserungen vornehmen können. Essentielle Cookies können nicht deaktiviert werden, aber Sie können auf „Anpassen“ oder „Ablehnen“ klicken, um Performance-Cookies abzulehnen.

Wenn Sie damit einverstanden sind, verwenden AWS und zugelassene Drittanbieter auch Cookies, um nützliche Features der Website bereitzustellen, Ihre Präferenzen zu speichern und relevante Inhalte, einschließlich relevanter Werbung, anzuzeigen. Um alle nicht notwendigen Cookies zu akzeptieren oder abzulehnen, klicken Sie auf „Akzeptieren“ oder „Ablehnen“. Um detailliertere Entscheidungen zu treffen, klicken Sie auf „Anpassen“.

Präferenzen
Kontakt
Feedback
AWS Documentation
AWS-Konto erstellen

Endpoint Security (EPS)

PDF
RSS
Fokusmodus
Endpoint Security (EPS) - AMS Advanced User Guide
General EPS settingsBase policyAnti-malware
Diese Seite wurde nicht in Ihre Sprache übersetzt. Übersetzung anfragen

Resources that you provision in your AMS Advanced environment automatically include the installation of an endpoint security (EPS) monitoring client. This process ensures that the AMS Advanced-managed resources are monitored and supported 24x7. In addition, AMS Advanced monitors all agent activity, and an incident is created if any security event is detected.

Note

Security incidents are handled as incidents; for more information, see Incident response.

Endpoint security provides anti-malware protection, specifically, the following actions are supported:

  • EC2 instances register with EPS

  • EC2 instances deregister from EPS

  • EC2 instances real-time anti-malware protection

  • EPS agent-initiated heartbeat

  • EPS restore quarantined file

  • EPS event notification

  • EPS reporting

AMS Advanced uses Trend Micro for endpoint security (EPS). These are the default EPS settings. To learn more about Trend Micro, see the Trend Micro Deep Security Help Center; note that non-Amazon links may change without notice to us.

AMS Advanced Multi-Account Landing Zone (MALZ) default settings are described in the following sections; for non-default AMS multi-account landing zone EPS settings, see AMS Advanced Multi-Account Landing Zone EPS non-default settings.

Note

You can bring your own EPS, see AMS bring your own EPS.

General EPS settings

Endpoint security general network settings.

EPS defaults
Setting Default

Firewall Ports (Instances’ Security Group)

EPS Deep Security Manager agents (DSMs) must have port 4120 open for the Agent/Relay to Manager communication, and port 4119 for the Manager Console. EPS Relays must have port 4122 open for the Manager/Agent to Relay communication. No specific ports should be open for customer instance inbound communication because agents initiate all requests.

Communication Direction

Agent/Appliance Initiated

Heartbeat Interval

Ten minutes

Number of missed heartbeats before an alert

Two

Maximum allowed drift (difference) between server times

Unlimited

Raise offline errors for inactive (registered, but not online) virtual machines

No

Default policy

Base policy (described next)

Activation of multiple computers with the same host name

Is allowed

Alerts for pending updates are raised

After seven days

Update schedule

AMS targets a monthly release cycle for Trend Micro Deep Security Manager (DSM) / Deep Security Agent (DSA) software updates. However, AMS doesn't maintain an SLA for updates. Updates are performed fleet-wide by AMS developer teams during a deployment.

DSA/DSA updates are logged in Trend Micro DSM system events that AMS retains locally by default for 13 weeks. For vendor documentation, see System events in the Trend Micro Deep Security Help Center. Logs are also exported to log group /aws/ams/eps/var/log/DSM.log in Amazon CloudWatch.

Update source

Trend Micro Update Server (https://ipv6-iaus.trendmicro.com/iau_server.dll/)

Event or log data deletion

Events and logs are deleted from the DSM database after seven days.

Agent software versions are held

Up to five

Most recent rule updates are held

Up to ten

Logs storage

By default, log files are stored securely in Amazon S3, but you can also archive them to Amazon Glacier to help meet audit and compliance requirements.

Base policy

Endpoint security base policy default settings.

EPS base policy
Setting Default

Enabled Modules

Anti-Malware

Disabled Modules

Web Reputation

Firewall

Intrusion Protection

Integrity Monitoring

Log Inspection

Application Control

Anti-malware

Endpoint security anti-malware settings.

EPS anti-malware defaults
Setting Default Notes

Real-Time Scan

Scan everything

Quarantine all suspected viruses. Enable IntelliTrap and spyware/grayware protection.

Spyware and Grayware trigger Anti-Malware and result in a quarantine of the item.

Every Day/All Day (24 hours)

Manual Scan

Scan everything

Must be requested, then follows default real-time scan configuration.

Scheduled Scan

Scan everything

Set for the last Sunday of every month, 6am.

Smart Protection

Disabled

N/A

Quarantined Files

Trend Micro Deep Security Manager (DSM)

Appx 1GB of disk reserved for quarantine.

Scan Limitation

Trend Micro DSM

Scan files of all sizes.

Allowed Spyware or Grayware

None

N/A

Local Event Notification

Yes

N/A

Auf dieser Seite

DatenschutzNutzungsbedingungen für die WebsiteCookie-Einstellungen
© 2025, Amazon Web Services, Inc. oder Tochtergesellschaften. Alle Rechte vorbehalten.