Detection and Response

Assess the nature and extent of targeted attacks
with context-aware endpoint forensics

Key Features

Endpoint event recording

Trend Micro Endpoint Sensor uses a lightweight client to record endpoint activity and communication events at the kernel level. The sensor tracks these events in context across time, providing an in-depth history that can be accessed in real time by analysts.

Windows® Mac® AndroidTM iOS new Power Up

Rich search parameters

Endpoints can be queried for specific communications, specific malware, registry activity, account activity, running processes, and more. Search inputs can be individual parameters, OpenIOC files, or YARA files.

Windows® Mac® AndroidTM iOS new Power Up

Works on and off the network

Endpoint Sensor reports and records detailed system-level activities across Windows-based servers, desktops, and laptops regardless of location.

Windows® Mac® AndroidTM iOS new Power Up

Attack discovery and highlight

Using an XGen™ security blend of cross-generational detection techniques, Endpoint Sensor can search and discover targeted attacks.

Windows® Mac® AndroidTM iOS new Power Up


  • 4 GB minimum, 16 GB recommended.
  • Available disk space: 500 GB minimum, 1 TB recommended
Operating Systems
  • Windows Server 2008 SP2 (32-bit/64-bit)
  • Windows Server 2008 R2 (64-bit)
Microsoft Internet Information Services (IIS) 7
with all of the following role services:
  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Redirection
  • ASP
  • CGI
  • ISAPI Extensions
  • ISAPI Filters
  • Request Filtering
  • IIS Management Console
  • PHP version 5.4.38
  • Microsoft SQL Server 2008 Express
  • Microsoft SQL Server 2008 R2 Standard recommended
Web Browsers
  • Microsoft Internet Explorer 9 or later
  • The latest version of Google Chrome
  • The latest version of Mozilla Firefox


  • 512 MB minimum for Windows XP
  • 1 GB minimum for other operating systems
Available Disk Space:
  • 3 GB minimum for Windows XP, Vista, 7, 8, or 8.1
  • 3 GB minimum for Windows Server operating systems
  • Windows Vista Service Pack 1 (32-bit and 64-bit)
  • Windows XP Service Pack 3 (32-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 8 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Windows 10 (32-bit and 64 bit)
  • Windows Server 2003 (32-bit and 64-bit)
  • Windows Server 2003 R2 (32-bit and 64-bit)
  • Windows Server 2008 (32-bit and 64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows Server 2012 (32-bit and 64-bit)
  • Windows Server 2012 R2 (64-bit)

Gain visibility into data breaches

Endpoint Sensor gives you complete visibility into the attack vector, spread, and extent of impact of a targeted attack.  By providing complete visibility, Incident Response staff can plan for the remediation and prevention of future attacks.


Part of a Connected
Threat Defense

When Deep Discovery detects advanced malware, Indicators of Compromise (IOC) can be sent to Endpoint Sensor, which searches for infiltration, scans for similar IOCs, and maps the timeline/progression. Suspicious objects are collected and sent to Deep Discovery Analyzer for sandbox analysis. This approach provides complete visibility and control of targeted attacks and ransomware, including its latest variants, such as WannaCry.

Connected Threat Defense

What customers say


"Trend Micro has given us an extra layer of security against advanced and unknown threats. At the same time, having Trend Micro Deep Discovery and Trend Micro Endpoint Sensor means that we have an analysis tool that gives us a much better understanding of how our security system is being challenged." ...more

Peter Mejlby,
Director, Shared Services

More success stories

Read Delacour

success story

Protect more

Protect more

Endpoint Sensor is part of Endpoint Security, powered by XGen™ security, a blend of cross-generational threat defense techniques that protect against targeted attacks, advanced threats, and ransomware.


Learn more