Trend Micro, Inc.

April 2019

Trend Micro™ Deep Discovery Email Inspector™

Version 3.5

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site:


  1. About Trend Micro Deep Discovery Email Inspector
  2. What's New
  3. Document Set
  4. System Requirements
  5. Installation
  6. Post-installation Configuration
  7. Known Issues
  8. Release History
  9. Contact Information
  10. About Trend Micro
  11. License Agreement

1. About Trend Micro Deep Discovery Email Inspector

Trend Micro™ Deep Discovery Email Inspector™ stops sophisticated targeted attacks and cyber threats by scanning, simulating, and analyzing suspicious links and attachments in email messages before they can threaten your network. Designed to integrate into your existing email network topology, Deep Discovery Email Inspector can act as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance silently monitoring your network for cyber threats and unwanted spam messages.

Back to top

2. What's New

See Chapter 1 of the Administrator's Guide or visit the following page for a list of new features and enhancements in this release:

For a list of key features, see Chapter 1 of the Administrator's Guide or visit the following page:

Back to top

3. Document Set

In addition to this readme, the documentation set for Deep Discovery Email Inspector includes the following:

Back to top

4. System Requirements

See the Installation and Deployment Guide for a list of system requirements and installation instructions.

Back to top

5. Installation

5.1. Fresh Installation

See the Quick Start Card and the Installation and Deployment Guide for fresh installation and deployment instructions.


5.2. Upgrading

Upgrade to Deep Discovery Email Inspector version 3.5 if you are currently running the following versions:

Before installing this upgrade:

Back up your Deep Discovery Email Inspector configuration file from the management console. For details, see the Administrator's Guide.

You can install this upgrade using one of the following methods:

To install this upgrade manually on Deep Discovery Email Inspector:

  1. Log on to the Deep Discovery Email Inspector management console.
  2. Go to Administration > Product Updates > Firmware.
  3. Click Browse to locate the firmware installation package.
  4. Click Install.
  5. Wait for the package to upload and install.
  6. Clear your web browser's cache before logging on the management console.
  7. After installation completes, the user should re-open the management console logon screen.

    Note: Trend Micro recommends updating the scan engine and pattern files immediately after installation.

5.3. Uninstallation

The upgrade cannot be uninstalled. Contact Trend Micro Support for assistance.

Back to top

6. Post-installation Configuration

Installing this upgrade maintains all configurations and data. However, if Deep Discovery Email Inspector is using an internal Virtual Analyzer that connects to the Internet through a proxy server, you must reconfigure the proxy settings for the internal Virtual Analyzer. For details about configuring Virtual Analyzer settings, see the Administrator's Guide.

Back to top

7. Known Issues

7.1. Unable to Receive Email Messages from Other IPv6 Subnets if "Hosts in the same address class" is Enabled

Problem: Deep Discovery Email Inspector cannot receive incoming emails messages from other IPv6 subnets if the "Hosts in the same address class" option is enabled on the Administration > Mail Settings > Limits and Exceptions screen.

7.2. Duplicate Time Value Appears on Widgets after Daylight Savings Time Changes to Standard Time

Problem: After daylight savings time changes to standard time on Deep Discovery Email Inspector, a duplicate time value appears on widgets.

7.3. Unable to Capture ISL-Encapsulated VLAN Traffic in SPAN/TAP Mode

Problem: While operating in SPAN/TAP mode, Deep Discovery Email Inspector cannot capture VLAN traffic that is encapsulated by Cisco Inter-Switch Link (ISL) protocol.

7.4. Virtual Analyzer Unable to Import Images from FTP Servers in Active Mode

Problem: Deep Discovery Email Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Email Inspector security does not allow this type of connection.

Solution: Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method.

7.5. Limited Support for Email Messages in Non-Standard Formats

Problem: Deep Discovery Email Inspector cannot read the subject of email messages in non-standard formats.

Solution: Trend Micro recommends only routing standard-formatted email messages. Most mail user agents cannot read email messages in non-standard formats.

7.6. Limits to Changing Time Format

Problem: Time format in the following pages cannot be changed if "Date and time format" in System Settings > Time page is changed 1) "Last updated" time of each widget in "Dashboard > Add Widgets”, 2) "Last update" time in widget preview screenshot, 3) Time in email screenshot in "Detection" details, 4) "Custom range" in Detections > Sender Filtering

Solution: 1. For “Last updated” time of each widget, it was a limitation of the widget framework used in Deep Discovery Email Inspector to show time in a corresponding format. 2. For "Last update" time in the widget preview screenshot, it is not possible to be changed due to the fact that the preview screenshot is a picture. 3. For the time shown in the email screenshot, it was created by the third-party email client. It depends on locale to show proper time format, not the user-defined time format. 4. For "Custom range" in Detections > Sender Filtering , the date and time field is for both information display and data query. It is recommended not to display the time in the corresponding format.

7.7. Limitation When There Are More than 60 URLs in One Email

Problem: Some risky URLs in an email may not be rewritten to be a link redirected to blocking or warning page, even if the same URLs have been rewritten, if there are more than 60 URLs in an email.

Solution: Deep Discovery Email Inspector will at most extract 60 URLs from an email for scanning by default. If some of the URLs were scanned have a risk, they will be rewritten to a link that can redirect to a blocking or warning page. If the number of URLs in the email exceeds 60, some of URLs will not be rewritten due to the fact that they were not extracted by Deep Discovery Email Inspector.

7.8. Issue with Password-Protected Office PowerPoint 2003 Files

Problem: Deep Discovery Email Inspector cannot scan password-protected Office PowerPoint 2003 files.

Solution: The encryption of Office PowerPoint 2003 files is different from later versions, and this format cannot be decrypted.

7.9. Query Limits Based on Settings

Problem: If the user enables "Connect to Smart Protection Server for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page, the internal Virtual Analyzer will not run the URL block reason query, Census query or the Certified Safe Software Service query. Additionally, it will not provide Smart Feedback.

Solution: This is the configuration of the internal Virtual Analyzer. The user can either disable “Connect to Smart Protection for Web Reputation Services” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page or enable both “Connect to Smart Protection Server for Web Reputation Services” and “Connect to global services using Smart Protection Server” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page.

7.10. Inconsistent Risk Levels When Integrated with Deep Discovery Analyzer

Problem: When integrated with Deep Discovery Analyzer, the final risk level of a malicious URL in Deep Discovery Email Inspector is different with the risk level in Deep Discovery Analyzer.

Solution: Deep Discovery Analyzer can support several different products with varying risk levels, so for Deep Discovery Email Inspector, the risk level for malicious URLs returned by Virtual Analyzer (no matter whether either internal Virtual Analyzer or Deep Discovery Analyzer) will be downgraded one level.

7.11. Naming Issues with Duplicate Email Attachments

Problem: For the same email attachment which has a different file name, after being analyzed by Deep Discovery Analyzer, the analysis reports for the two attachments will have the same file name.

Solution: As the current specification of Deep Discovery Analyzer, it will return the cached analysis result for the same files or URLs to Deep Discovery Email Inspector.

7.12. Duplicate Icons with Microsoft IE10 and Edge

Problem: Under Microsoft Edge and IE10, there will be two delete icons at the end of "Search" box in "Dashboard > Add Widgets" page.

Solution: Microsoft IE10 and Edge will create a delete icon for "Search" box by default. However Widget Framework has already created another delete icon.

7.13. When Logging into the Trend Micro Apex Central Web Console Using the HTTP Protocol, Single-Sign-On from Apex Central to Deep Discovery Email Inspector Will Not Work

Problem: Under the current specifications of Deep Discovery Email Inspector, Single-Sign-On from Apex Central is not supported under the HTTP protocol.

Solution: Log into the Apex Central web console using HTTPS protocol.

7.14. Display Issue When Using CLISH to Configure Default Gateway Settings

Problem: If the default gateway is configured on a network interface other than eth0 using CLISH, the web console does not display the current default gateway and DNS settings.

7.15. IP Address Display Issue with Network Services Diagnostics in Dual-Stack Network

Problem: If Web Reputation Service and Community File Reputation are unreachable using IPv4 addresses in a dual-stack network, the Administration > System Maintenance > Network Services Diagnostics screen still displays the final resolved IPv4 addresses for these services.

7.16. Analysis Performance Issue in Virtual Analyzer

Problem: When performing sandbox analysis using a Windows 10 or Windows Server 2016 image that requires higher system resources, the performance of Deep Discovery Email Inspector may be affected.

Solution: Due to the system resource requirements of Windows 10 and Windows Server 2016 environments, Trend Micro recommends you contact Technical Support to evaluate the system load capacity on Deep Discovery Email Inspector before using a Windows 10 or Windows Server 2016 sandbox environment for analysis.

7.17. Display Issue When a Message Contains Multiple Suspicious Attachments With the Same SHA1 Value

Problem: When a message contains more than one suspicious file attachment with the same SHA1 value, the Detections screen displays only one entry for the multiple file attachments.

7.18. Limitation When Connecting to a Proxy Server with Multiple HTTP Authentication Methods

Problem: When Deep Discovery Email Inspector connects to a proxy server that supports multiple HTTP authentication methods, some services (except ActiveUpdate and product license registration) may not function properly. On the Network Services Diagnostics screen, the service status becomes Unsuccessful.

7.19. Issue with Sending End-User Quarantine Digest Notifications

Problem: When the "Use SMTP server for EUQ authentication" option is enabled on the Administration > End-User Quarantine > EUQ Settings page and the "Enable EUQ digest notifications" option is enabled on the Administration > End-User Quarantine > EUQ Digest page, Deep Discovery Email Inspector may send EUQ digest notifications to email groups instead of to individual recipients. Deep Discover Email Inspector is unable to determine if quarantined messages are intended for individual recipients or a group of recipients.

Solution: On the Administration > End-User Quarantine > EUQ Settings page, select the "Use SMTP server for EUQ authentication" option and add domains that contain only individual email addresses.

7.20. Limitation When The Number of Time-of-Click Detection Logs Exceeds 10,000

Problem: When there are more than 10,000 Time-of-Click Protection logs in Deep Discovery Email Inspector, the numbers of logs displayed in the log search result and on the Time-of-Click Protection widget are not the same.

Solution: Specify the time range when performing a Time-of-Click Protection log query.

7.21. Limitation When Analyzing Password-Protected Microsoft Office Files With Macros

Problem: Deep Discovery Email Inspector does not submit password-protected Microsoft Office files with macros to Virtual Analyzer for analysis based on the "Office with Macros" file category because the Advanced Threat Scanning Engine (ATSE) cannot determine whether password-protected Office files contain macros.

7.22. Issue with E1000/E1000e Network Adaptor in VMWare for Deep Discovery Email Inspector Virtual Appliances

Problem: When you set the NICs for Deep Discovery Email Inspector virtual appliances based on the E1000/E1000e network adaptor in VMWare, data packet loss may occur due to limitation in network adaptor performance and throughput.

Solution: Select the VMXNET3 network adaptor for the virtual NICs in VMWare.

7.23. SPAN/TAP Mode Not Supported in Deep Discovery Email Inspector Virtual Appliances Installed in Microsoft Hyper-V

Problem: Due to the implementation of the Microsoft Hyper-V platform, SPAN/TAP mode is not supported in Deep Discovery Email Inspector virtual appliances installed in Microsoft Hyper-V.

7.24. Limitation When Uploading File on Microsoft Edge

Problem: When uploading the Deep Discovery Email Inspector upgrade package on Microsoft Edge, the management console may become unresponsive until the upload process is complete.

7.25. Limitation When Accessing the Management Console on Microsoft Internet Explorer 9

Problem: The management console does not support user login sessions using the IPv6 address on Microsoft Internet Explorer 9.



Back to top

8. Release History

Back to top

9. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at

Evaluation copies of Trend Micro products can be downloaded from our Web site.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to

The Trend Micro 'About Us' screen displays. Click the appropriate link in the 'Contact Us' section of the screen.

Note: This information is subject to change without notice.

Back to top

10. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit

Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, Trend Micro Apex Central, Control Manager, Trend Micro Apex One, OfficeScan, and Deep Discovery are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top

11. License Agreement

Third-party licensing agreements can be viewed by:

Back to top