# Endpoint Security (EPS)
Resources that you provision in your AMS Advanced environment automatically include the installation of an endpoint security (EPS) monitoring client. This process ensures that the AMS Advanced-managed resources are monitored and supported 24x7. In addition, AMS Advanced monitors all agent activity, and an incident is created if any security event is detected.
**Note**
Security incidents are handled as incidents; for more information, see [Incident response](https://docs.aws.amazon.com/managedservices/latest/userguide/sec-incident-response.html).
Endpoint security provides anti-malware protection, specifically, the following actions are supported:
+ EC2 instances register with EPS
+ EC2 instances deregister from EPS
+ EC2 instances real-time anti-malware protection
+ EPS agent-initiated heartbeat
+ EPS restore quarantined file
+ EPS event notification
+ EPS reporting
AMS Advanced uses Trend Micro for endpoint security (EPS). These are the default EPS settings. To learn more about Trend Micro, see the [Trend Micro Deep Security Help Center](https://help.deepsecurity.trendmicro.com/aws/welcome.html?redirected=true); note that non-Amazon links may change without notice to us.
AMS Advanced Multi-Account Landing Zone (MALZ) default settings are described in the following sections; for non-default AMS multi-account landing zone EPS settings, see [ AMS Advanced Multi-Account Landing Zone EPS non-default settings](https://docs.aws.amazon.com/managedservices/latest/userguide/security-mgmt.html#malz-eps-settings).
**Note**
You can bring your own EPS, see [AMS bring your own EPS](https://docs.aws.amazon.com/managedservices/latest/userguide/ams-byoeps.html).
## General EPS settings
Endpoint security general network settings.
**EPS defaults**
| Setting | Default |
| --- | --- |
| Firewall Ports (Instances’ Security Group) | EPS Deep Security Manager agents (DSMs) must have port 4120 open for the Agent/Relay to Manager communication, and port 4119 for the Manager Console. EPS Relays must have port 4122 open for the Manager/Agent to Relay communication. No specific ports should be open for customer instance inbound communication because agents initiate all requests. |
| Communication Direction | Agent/Appliance Initiated |
| Heartbeat Interval | Ten minutes |
| Number of missed heartbeats before an alert | Two |
| Maximum allowed drift (difference) between server times | Unlimited |
| Raise offline errors for inactive (registered, but not online) virtual machines | No |
| Default policy | Base policy (described next) |
| Activation of multiple computers with the same host name | Is allowed |
| Alerts for pending updates are raised | After seven days |
| Update schedule | AMS targets a monthly release cycle for Trend Micro Deep Security Manager (DSM) / Deep Security Agent (DSA) software updates. However, AMS doesn't maintain an SLA for updates. Updates are performed fleet-wide by AMS developer teams during a deployment. DSA/DSA updates are logged in Trend Micro DSM system events that AMS retains locally by default for 13 weeks. For vendor documentation, see [System events](https://help.deepsecurity.trendmicro.com/12_0/aws/Events-Alerts/ref-events-system.html) in the Trend Micro Deep Security Help Center. Logs are also exported to log group /aws/ams/eps/var/log/DSM.log in Amazon CloudWatch. |
| Update source | Trend Micro Update Server (https://ipv6-iaus.trendmicro.com/iau\$1server.dll/) |
| Event or log data deletion | Events and logs are deleted from the DSM database after seven days. |
| Agent software versions are held | Up to five |
| Most recent rule updates are held | Up to ten |
| Logs storage | By default, log files are stored securely in Amazon S3, but you can also archive them to Amazon Glacier to help meet audit and compliance requirements. |
## Base policy
Endpoint security base policy default settings.
**EPS base policy**
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/managedservices/latest/userguide/eps-defaults.html)
## Anti-malware
Endpoint security anti-malware settings.
**EPS anti-malware defaults**
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/managedservices/latest/userguide/eps-defaults.html)