Vulnerability Protection

Advanced vulnerability shielding for endpoints


Today’s enterprise endpoints face more sophisticated attacks than ever with the likes of ransomware and fileless malware, especially when they are outside the corporate network and no longer protected by multiple layers of security. In addition, Point-of-Sale (POS) devices or End of Support (EOS) operating systems are difficult or impossible to update and patch. To keep your business fully protected from breach or targeted attacks, all types of endpoints require a blended approach to protection that secures data and applications from hacking attempts, web threats, and the increasing threat of vulnerabilities being exploited remotely.

Trend Micro™ Vulnerability Protection provides earlier, stronger endpoint protection by supplementing desktop anti-malware and threat security with proactive virtual patching. A high-performance engine monitors traffic for new specific vulnerabilities using hostbased intrusion prevention system (IPS) filters as well as zero-day attack monitoring. So you can detect network protocol deviations, or suspicious content that signals an attack, or security policy violations. Vulnerability Protection prevents these vulnerabilities from being exploited with easy and fast-to-deploy filters that provide full protection before patches can be deployed or are available. When used in conjunction with additional Trend Micro endpoint products, Vulnerability Protection provides the industry’s broadest range of protection for endpoints, whether they are on the network, travelling, or remote.

Download Datasheet



Protection Points

  • Endpoints

Threat Protection

  • Vulnerability Exploits
  • Denial of Service Attacks
  • Illegitimate Network Traffic
  • Web Threats

Key Benefits

  • Eliminates risk exposure due to
    missing patches
  • Extends the life of legacy and
    end-of-support operating systems
    like Windows XP
  • Reduces down-time for recovery with
    incremental protection against zero
    day attacks
  • Allows patching on your own terms
    and timelines
  • Lowers potential legal exposure by
    improving data security compliance
  • Enhances firewall protection for remote
    and mobile enterprise endpoints

Key features

Defends Against Advanced Threats

  • Blocks known and unknown vulnerability exploits before patches are deployed
  • Protects end of support and legacy operating systems for which patches may never be provided
  • Automatically assesses and recommends required virtual patches for your specific environment
  • Dynamically adjusts security configuration based on the location of an endpoint
  • Protects endpoints with minimal impact on network throughput, performance, or user productivity
  • Shields endpoints against unwanted network traffic with multiple protection layers 
  • Protects systems that hold sensitive data, critical to regulatory and corporate policy compliance


Removes Bad Data from Business-Critical Traffic

  • Applies control filters to alert/block specific traffic such as instant messaging and media streaming
  • Uses deep packet inspection to identify content that may harm the application layer
  • Filters forbidden network traffic and ensures allowed traffic through stateful inspection


Provides Earlier Protection

  • Provides protection before patches are deployed and often before patches are available
  • Shields operating system and common applications from known and unknown attacks
  • Detects malicious traffic that hides by using supported protocols over non-standard ports
  • Blocks traffic likely to damage at-risk components using vulnerability-facing network inspection
  • Prevents networking backdoors from penetrating into the corporate network
  • Blocks all known exploits with intrusion prevention signatures
  • Defends custom and legacy applications using custom filters that block user-defined parameters


Deploys and Manages with Your Existing Infrastructure

  • Preserves endpoint performance with light-weight agent architecture
  • Simply and easily deploys with existing endpoint security solutions
  • Increases convenience of implementing granular control with simplified dashboard and user-based visibility with the management console
  • Organizes vulnerability assessments by Microsoft security bulletin numbers, CVE numbers, or other important information
  • Provides logging integration with popular SIEM tools
  • Simplifies deployment and management by using your existing Trend Micro™ OfficeScan™ plug-in manager and Control Manager (central management console)
  • Reduces the need to patch and reboot immediately causing unnecessary downtime on systems


Vulnerability Protection stops zero-day threats immediately on your physical and virtual desktops and laptops—on and off the network. Using host-level intrusion prevention system (IPS) filters, behavioral, statistical, heuristic and protocol enforcement technologies, Vulnerability Protection shields against vulnerabilities before a patch is available or deployable. This allows you to protect your critical platforms from both known and unknown threats including legacy operating systems such as Windows XP and new systems like Windows 10. To support a layered approach to security, Vulnerability Protection integrates with Trend Micro User Protection solutions to deliver multiple layers of interconnected threat and data protection.

Trend Micro Vulnerability Protection is very scalable with options for multiple servers to ensure endpoint deployment for even the largest of organizations. Vulnerability Protection integrates with other Trend Micro threat protection solutions to enhance the overall threat and malware protection of your endpoints.

Two components are required:

  • Server installs on supported Windows platforms and is managed through a web-browser
  • Agent installs on supported Windows platforms



User Protection

Trend Micro Vulnerability Protection is a critical component of our Smart Protection Suites, that deliver data protection like data loss prevention (DLP) and device control but also gateway, mobile device and endpoint threat protection with our XGen™ optimized capabilities like file reputation, machine learning, behavioural analysis, exploit protection, application control, intrusion prevention (vulnerability protection). Additional Trend Micro solutions extend your protection from advanced attacks with endpoint investigation and detection. Plus, Deep Discovery network sandboxing delivers rapid response (real-time signature updates) to endpoints when a new threat is detected locally, enabling faster time-to-protection and reducing the spread of malware. All of this modern threat security technology is made simple for your organization with central visibility, management, and reporting

Systems Requirements for Vulnerability Protection
Vulnerability Protection Manager (server) system requirements
Memory 4 GB (8 GB recommended
Disk Space 1.5 GB (5 GB recommended)
Operating System
  • Microsoft Windows Server 2016 (64-bit)
  • Microsoft Windows Server 2012 R2 (64-bit)
  • Microsoft Windows Server 2012 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
Web Browser
  • Firefox 12+
  • Internet Explorer 9.x & 10.x
  • Chrome 20+

Note: Cookies must be enabled on all browsers

Vulnerability Protection Agent system requirements
Memory 128 MB
Disk Space 500 MB
Operating System
  • Windows 10 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows Vista (32-bit and 64-bit)
  • Windows XP (32 bit and 64 bit)