Recent updates to this article
| Date |
Update |
| January 17, 2024 |
Made the following changes:
- Updated the "Environment" section.
- Added a note about this article applying to Trellix Endpoint version 2311 and later.
|
| December 14, 2023 |
Rebranded Real Protect to ML Protect. |
NOTES:
- The Real Protect scanner engine has been rebranded from Real Protect to ML Protect. For more information about this branding change, see KB96865 - "Real Protect" rebranded to "ML Protect".
- This article only applies to Trellix Endpoint version 2311 and later. If you're running an earlier version, and wish to use ML Protect, you'll need to upgrade your Trellix Endpoint version.
Use the information in this article to make sure that Trellix Endpoint ML Protect is installed correctly. Also, the information can help you make sure that endpoints can communicate with the Trellix Cloud for detection.
ML Protect test file programs
To test the ML Protect detection functionality, use the password-protected file
MLProtect-TestFile.zip in the "Attachment"
section of this article.
NOTES:
- The password for the .zip file is clean. Password protection has been applied to the .zip file to make sure that it's not blocked when sent via email. Passwords normally meet higher security standards.
- The MLP-S.exe and MLP-D.exe are test programs to verify ML Protect client and cloud-based detections; they're harmless.
After you extract ML
Protect-TestFile.zip, you can run the files to trigger an ML Protect detection.
Trellix Endpoint ML Protect requires connectivity to Global Threat Intelligence to function correctly and detect files.
Our products that use ML Protect send the associated lookup queries to the domain
https://arc-ai1.trellix.com/.
ML Protect client detection test
To make sure that ML Protect client scanning is functioning correctly, perform the following steps:
- Make sure that Trellix Endpoint is running.
- Open Windows Explorer and navigate to the folder that contains the test utility MLP-S.exe.
- Start the program. Double-click MLP-S.exe.
If ML Protect client scanning is functioning correctly in Trellix Endpoint, it detects the file and prevents the file from running.
ML Protect Cloud detection test
To make sure that ML Protect Cloud scanning is functioning correctly, perform the following steps:
- Make sure that Trellix Endpoint is running.
- Open Windows Explorer and navigate to the folder that contains the test utility MLP-D.exe.
- Start the program. Double-click MLP-D.exe.
NOTE: The MLP-D.exe must be running for a minute for the detection to trigger.
If ML Protect Cloud scanning is functioning correctly in Trellix Endpoint, it detects the file and prevents the file from running.
