Malware Scanning

Cloud App Security scans all incoming email messages and uploaded files. Malware Scanning uses Trend Micro's virus scan engine to detect emerging threats.

Configuring Malware Scanning

  1. Configure Rules settings.
    Option Description

    Apply to

    (Exchange Online and Gmail only) Select the scope of email messages that Malware Scanning applies to.

    • All messages

    • Incoming messages

      Note:

      Incoming messages means that this policy applies only to incoming email messages sent from non-internal domains.

    Malware Scanning

    • Scan all files, true file types, or specific file types for malware

    • Configure Predictive Machine Learning settings to leverage the Predictive Machine Learning engine to detect emerging unknown security risks.

      1. Select Enable Predictive Machine Learning. For details, see About Predictive Machine Learning.

        By default, this check box is not selected.

      2. Optionally select the Allow Trend Micro to collect suspicious files to improve its detection capabilities check box.

        Note:

        If you enable this option, Trend Micro only checks potentially risky messages and encrypts all content before transferring any information. By stripping out specific personal information and keeping only anonymous behavior profiles, Trend Micro can maintain your privacy while discovering new threats.

    • Scan the message body for email services

    • Enable IntelliTrap

      IntelliTrap helps reduce the risk of viruses that use real-time compression algorithms to bypass network security by blocking real-time compressed executable files and pairing them with other malware characteristics. Because IntelliTrap identifies such files as security risks and may incorrectly block safe files, consider quarantining (not deleting) files after enabling IntelliTrap.

    Scan message body

    (Exchange Online and Gmail only) Select whether to scan the message body.

    Enable IntelliTrap

    Select whether to enable IntelliTrap.

  2. Configure Action settings.

    Cloud App Security protects services by executing specified actions after detecting a file that matches scanning conditions. The action depends on the performed scan, the affected service, and the configured actions for that scan.

    • Exchange Online policies

    Option Description

    Action

    • Trend Micro recommended action: Perform scan actions recommended by Trend Micro and select whether to send notifications.

    • Customized action for detected threats: Select to specify an action for each threat and then select whether to send notifications.

    Advanced Options

    Specify the Replacement file name and Replacement text that Cloud App Security uses when an unscannable message arrives. Cloud App Security replaces the file/text with the configured replacement information.

    Unscannable Message Options

    Select actions for password protected files. Specify replacement text that replaces a file/text if an unscannable message arrives.

    • SharePoint Online, OneDrive for Business, Microsoft Teams, Box, Dropbox, and Google Drive policies

    Option Description

    Action

    • Trend Micro recommended action: Perform scan actions recommended by Trend Micro and select whether to send notifications.

    • Customized action for detected threats: Select to specify an action for each threat and then select whether to send notifications.

    Advanced Options

    Specify text to replace the original file content when a file is quarantined or deleted.

    Unscannable File Options

    Select actions for password protected files.

    • Gmail policies

    Option Description

    Action

    • Trend Micro recommended action: Perform scan actions recommended by Trend Micro and select whether to send notifications.

    • Customized action for detected threats: Select to specify an action for each threat and then select whether to send notifications.

    Unscannable Message Options

    Select actions for password protected files.

  3. Configure Notification settings.
    Option Description

    Notify administrator

    Specify message details to notify administrators that Cloud App Security detected a security risk and took action on an email message, attachment, or file.

    Notification threshold sets limits on messages to send. Threshold settings include:

    • Send consolidated notifications periodically: Cloud App Security sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s).

    • Send consolidated notifications by occurrences: Cloud App Security sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of virus/malware occurrences by typing a number in the box.

    • Send individual notifications: Cloud App Security sends an email message notification every time Cloud App Security performs a filtering action.

    Notify User

    Exchange Online and Gmail: Specify message details that notify recipients that Cloud App Security detected a security risk and took action on their email message or attachment.

    SharePoint Online, OneDrive for Business, Microsoft Teams, Box, Dropbox and Google Drive: Specify message details that notify the user who uploaded a file that Cloud App Security detected a security risk and took action on their file.

    Note:

    When specifying a notification message, include relevant tokens and edit the message content as desired. For details about tokens, see Token List.

  4. Click Save or select another policy configuration on the left navigation to continue with additional rules.

About Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital DNA fingerprinting, API mapping, and other file features. Predictive Machine Learning is a powerful tool that helps protect your environment from unidentified threats and zero-day attacks.

After detecting an unknown or low-prevalence file, Cloud App Security scans the file using the Advanced Threat Scan Engine to extract file features and sends the report to the Predictive Machine Learning engine. Through use of malware modeling, Predictive Machine Learning compares the sample to the malware model, assigns a probability score, and determines the probable malware type that the file contains.