When the Deep Security Agent’s network driver intercepts traffic, its primary network operations include stateful inspection (context of traffic and connection), verification of packet integrity for suitability, and detection of certain types of attacks, including reconnaissance scans.
However, anti-malware scan configuration and exclusion lists pertain to file system operations (not network packet inspection). Packets are not compared against anti-malware exclusion lists at the network driver level.
From the official documentation:
“The network driver intercepts packets and examines them for threats. This includes analyzing packets in context, verifying integrity, and checking for reconnaissance or suspicious activity. Anti-malware exclusions are applied at the file system level, not at the network packet analysis stage.”
Option B is correct (not performed at this network layer).
Options A, C, and D all describe valid operations at the network driver level.
[References:, , Trend Micro Deep Security 20 LTS Administration Guide — Deep Security Agent Network Driver, , Trend Micro Deep Security Online Help — Module Operation, , ===========, ]
