From 3980192470ca6f58e7589d10062d80301ce0ffa9 Mon Sep 17 00:00:00 2001 From: cert-cwatch <149478619+cert-cwatch@users.noreply.github.com> Date: Thu, 18 Dec 2025 10:51:54 +0100 Subject: [PATCH 1/2] Add Trend Micro quarantine target --- Targets/Antivirus/TrendMicro.tkape | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Targets/Antivirus/TrendMicro.tkape b/Targets/Antivirus/TrendMicro.tkape index 8791aa49d..245940fef 100644 --- a/Targets/Antivirus/TrendMicro.tkape +++ b/Targets/Antivirus/TrendMicro.tkape @@ -1,6 +1,6 @@ Description: Trend Micro Data -Author: Drew Ervin -Version: 1.0 +Author: Drew Ervin, Paul Cabon CERT Almond +Version: 2.0 Id: 73f8ccea-61cf-4993-aa26-e5cad4f8cc8f RecreateDirectories: true Targets: @@ -19,6 +19,12 @@ Targets: Category: Antivirus Path: C:\Program Files*\Trend Micro\Security Agent\ConnLog\ FileMask: '*.log' + - + Name: Trend Micro Quarantine + Category: Antivirus + Path: C:\Program Files*\Trend Micro\*\Quarantine\ + FileMask: '*' # Documentation # https://docs.trendmicro.com/en-us/enterprise/trend-micro-apex-one-2019-server-online-help/providing-additional/troubleshooting-reso_001/trend_client_program_021.aspx +# https://docs.trendmicro.com/all/ent/tmcm/v3.5/en-us/tmcm_3.5_olh/Template_Files/decrypt_encrypted_quarantine_files.htm \ No newline at end of file From 9c4d6a8989d3ba2a49719477864ad274b84db531 Mon Sep 17 00:00:00 2001 From: cert-cwatch <149478619+cert-cwatch@users.noreply.github.com> Date: Thu, 18 Dec 2025 10:55:40 +0100 Subject: [PATCH 2/2] Fix Yaml lint error --- Targets/Antivirus/TrendMicro.tkape | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Targets/Antivirus/TrendMicro.tkape b/Targets/Antivirus/TrendMicro.tkape index 245940fef..d659cb10e 100644 --- a/Targets/Antivirus/TrendMicro.tkape +++ b/Targets/Antivirus/TrendMicro.tkape @@ -27,4 +27,4 @@ Targets: # Documentation # https://docs.trendmicro.com/en-us/enterprise/trend-micro-apex-one-2019-server-online-help/providing-additional/troubleshooting-reso_001/trend_client_program_021.aspx -# https://docs.trendmicro.com/all/ent/tmcm/v3.5/en-us/tmcm_3.5_olh/Template_Files/decrypt_encrypted_quarantine_files.htm \ No newline at end of file +# https://docs.trendmicro.com/all/ent/tmcm/v3.5/en-us/tmcm_3.5_olh/Template_Files/decrypt_encrypted_quarantine_files.htm