Trend Micro, Inc.

April 2016

Trend Micro™ TippingPoint™ Advanced Threat Protection for Email

Version 2.5

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/enterprise/tippingpoint-advanced-threat-protection-for-email.aspx.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docs.trendmicro.com/en-us/survey.aspx.

Contents


  1. About Trend Micro TippingPoint Advanced Threat Protection for Email
  2. What's New
  3. Document Set
  4. System Requirements
  5. Installation
  6. Known Issues
  7. Release History
  8. Contact Information
  9. About Trend Micro
  10. License Agreement


1. About Trend Micro TippingPoint Advanced Threat Protection for Email


Trend Micro™ TippingPoint™ Advanced Threat Protection for Email stops sophisticated targeted attacks and cyber threats by scanning, simulating, and analyzing suspicious links and attachments in email messages before they can threaten your network. Designed to integrate into your existing anti-spam/antivirus network topology, TippingPoint Advanced Threat Protection for Email can act as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance silently monitoring your network for cyber threats.

Back to top



2. What's New


See Chapter 1 of the Administrator's Guide or visit the following page for a list of new features and enhancements in this release:

http://docs.trendmicro.com/all/ent/atp_email/2.5/en-us/atp_email_2.5_olh/about_product.html#c_whats_new

For a list of key features, see Chapter 1 of the Administrator's Guide or visit the following page:

http://docs.trendmicro.com/all/ent/atp_email/2.5/en-us/atp_email_2.5_olh/about_product.html

Back to top



3. Document Set


In addition to this readme, the documentation set for TippingPoint Advanced Threat Protection for Email includes the following:

Back to top



4. System Requirements


Trend Micro provides the TippingPoint Advanced Threat Protection for Email appliance hardware. No other hardware is supported.

See Chapter 2 of the Installation and Deployment Guide for a list of system requirements.

Back to top



5. Installation


See the Quick Start Card and Chapter 2 of the Installation and Deployment Guide for fresh installation and deployment instructions.

Back to top



6. Known Issues


6.1. Unable to Receive Email Messages from Other IPv6 Subnets if "Hosts in the same address class" is Enabled

Problem: TippingPoint Advanced Threat Protection for Email cannot receive incoming emails messages from other IPv6 subnets if the "Hosts in the same address class" option is enabled on the Administration > Mail Settings > Limits and Exceptions screen.

6.2. Duplicate Time Value Appears on Widgets after Daylight Savings Time Changes to Standard Time

Problem: After daylight savings time changes to standard time on TippingPoint Advanced Threat Protection for Email, a duplicate time value appears on widgets.

6.3. Unable to Capture ISL-Encapsulated VLAN Traffic in SPAN/TAP Mode

Problem: While operating in SPAN/TAP mode, TippingPoint Advanced Threat Protection for Email cannot capture VLAN traffic that is encapsulated by Cisco Inter-Switch Link (ISL) protocol.

6.4. Virtual Analyzer Unable to Import Images from FTP Servers in Active Mode

Problem: TippingPoint Advanced Threat Protection for Email is unable to import Virtual Analyzer images from an FTP server in active mode. TippingPoint Advanced Threat Protection for Email security does not allow this type of connection.

Solution: Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method.

6.5. Limited Support for Email Messages in Non-Standard Formats

Problem: TippingPoint Advanced Threat Protection for Email cannot read the subject of email messages in non-standard formats.

Solution: Trend Micro recommends only routing standard-formatted email messages. Most mail user agents cannot read email messages in non-standard formats.

6.6. Limits to Changing Time Format

Problem: Time format in the following pages cannot be changed if "Date and time format" in System Settings > Time page is changed. 1) "Last updated" time of each widget in "Dashboard > Add Widgets” 2) "Last update" time in widget preview screenshot 3) Time in email screenshot in "Detection" details.

Solution: 1. For “Last updated” time of each widget, it was a limitation of the widget framework used in TippingPoint Advanced Threat Protection for Email to show time in a corresponding format. 2. For "Last update" time in the widget preview screenshot, it is not possible to be changed due to the fact that the preview screenshot is a picture. 3. For the time shown in the email screenshot, it was created by the third-party email client. It depends on locale to show proper time format, not the user-defined time format.

6.7. Limitation When There Are More than 60 URLs in One Email

Problem: Some risky URLs in an email may not be rewritten to be a link redirected to blocking or warning page, even if the same URLs have been rewritten, if there are more than 60 URLs in an email.

Solution: TippingPoint Advanced Threat Protection for Email will at most extract 60 URLs from an email for scanning by default. If some of the URLs were scanned have a risk, they will be rewritten to a link that can redirect to a blocking or warning page. If the number of URLs in the email exceeds 60, some of URLs will not be rewritten due to the fact that they were not extracted by TippingPoint Advanced Threat Protection for Email.

6.8. Issue with Password-Protected Office PowerPoint 2003 Files

Problem: TippingPoint Advanced Threat Protection for Email cannot scan password-protected Office PowerPoint 2003 files.

Solution: The encryption of Office PowerPoint 2003 files is different from later versions, and this format cannot be decrypted.

6.9. Query Limits Based on Settings

Problem: If the user enables "Connect to Smart Protection Server for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page, the internal Virtual Analyzer will not run the URL block reason query, Census query or the Certified Safe Software Service query. Additionally, it will not provide Smart Feedback.

Solution: This is the configuration of the internal Virtual Analyzer. The user can either disable “Connect to Smart Protection for Web Reputation Services” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page or enable both “Connect to Smart Protection Server for Web Reputation Services” and “Connect to global services using Smart Protection Server” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page.

6.10. Inconsistent Risk Levels When Integrated with TippingPoint Advanced Threat Protection Analyzer

Problem: When integrated with TippingPoint Advanced Threat Protection Analyzer, the final risk level of a malicious URL in TippingPoint Advanced Threat Protection for Email is different with the risk level in TippingPoint Advanced Threat Protection Analyzer.

Solution: TippingPoint Advanced Threat Protection Analyzer can support several different products with varying risk levels, so for TippingPoint Advanced Threat Protection for Email, the risk level for malicious URLs returned by Virtual Analyzer (no matter whether either internal Virtual Analyzer or TippingPoint Advanced Threat Protection Analyzer) will be downgraded one level.

6.11. Naming Issues with Duplicate Email Attachments

Problem: For the same email attachment which has a different file name, after being analyzed by TippingPoint Advanced Threat Protection Analyzer, the analysis reports for the two attachments will have the same file name.

Solution: As the current specification of TippingPoint Advanced Threat Protection Analyzer, it will return the cached analysis result for the same files or URLs to TippingPoint Advanced Threat Protection for Email.

6.12. Duplicate Icons with Microsoft IE10 and Edge

Problem: Under Microsoft Edge and IE10, there will be two delete icons at the end of "Search" box in "Dashboard > Add Widgets" page.

Solution: Microsoft IE10 and Edge will create a delete icon for "Search" box by default. However Widget Framework has already created another delete icon.

6.13. When Logging into the Control Manager Web Console Using the HTTP Protocol, Single-Sign-On from Control Manager to TippingPoint Advanced Threat Protection for Email Will Not Work

Problem: Under the current specifications of TippingPoint Advanced Threat Protection for Email, Single-Sign-On from Control Manager is not supported under the HTTP protocol.

Solution: Log into the Control Manager web console using HTTPS protocol.

Back to top



7. Release History


Back to top



8. Contact Information


Contact the TippingPoint Technical Assistance Center (TAC) by using any of the following options.

Email Support

tippingpoint.support@trendmicro.com

Phone Support

For online support and additional international toll-free numbers, visit https://tmc.tippingpoint.com.

Visit Us Online

Back to top



9. About Trend Micro


Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and TippingPoint Advanced Threat Protection for Networks are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top



10. License Agreement


Third-party licensing agreements can be viewed by:

Back to top