Trend Micro InterScan™ Messaging Security Suite Online Help

Collapse AllExpand All
  • about IMSS [1]
  • activate
  • add
    • administrator accounts [1]
  • address group
  • address groups
    • examples of [1]
    • understand [1]
  • administrator accounts
  • Advanced Threat Scan Engine [1]
  • adware [1]
  • antivirus rule [1]
  • APOP [1]
  • approved list
    • add hosts [1]
  • approved senders list
    • configure [1]
  • archive
    • configure settings [1]
  • archive areas
  • archived messages
  • asterisk wildcard
  • attachment size
    • scanning conditions [1]
  • audience [1]
  • back up
  • blocked list
    • add records [1]
  • blocked senders list
    • configure [1]
  • bounced mail settings
    • configure [1]
  • change
    • management console password [1]
  • Cloud Pre-Filter
    • configure DNS MX records [1]
    • create account [1]
    • create policy [1]
    • policies [1]
    • suggested settings [1]
    • troubleshoot [1]
    • understand [1]
    • verify it works [1]
  • Cloud Pre-Filter tab [1]
  • Command & Control (C&C) Contact Alert Services [1]
  • commands [1]
  • community [1]
  • component update [1]
  • condition statements [1]
  • Configuration Wizard
    • accessing [1]
  • configure
    • approved senders list [1]
    • archive settings [1]
    • blocked senders list [1]
    • connection settings [1] [2]
    • Control Manager server settings [1]
    • database maintenance schedule [1]
    • delivery settings [1]
    • Direct Harvest Attack (DHA) settings [1]
    • DNS MX records [1]
    • Email reputation [1]
    • encrypted message scan actions [1]
    • expressions [1]
    • internal addresses [1] [2]
    • LDAP settings [1]
    • log settings [1]
    • Messaged Delivery settings [1]
    • Message Rule settings [1]
    • notification messages [1]
    • notification settings [1]
    • other scanning exceptions scan actions [1] [2]
    • POP3 settings [1] [2]
    • product settings [1]
    • quarantine settings [1]
    • route [1]
    • scan exceptions [1]
    • scheduled reports [1]
    • security setting violation exceptions [1] [2]
    • security setting violation scan actions [1]
    • Sender Filtering [1]
    • Sender Filtering bounced mail settings [1]
    • Sender Filtering spam settings [1]
    • Sender Filtering virus settings [1]
    • SMTP routing [1]
    • SMTP settings [1]
    • spam text exemption rules [1]
    • TMCM settings [1]
    • update source [1]
    • Web EUQ Digest settings [1]
  • configure event criteria [1]
  • configuring
    • Encryption settings [1]
  • connection settings
  • Control Manager
    • enable agent [1]
    • replicate settings [1]
    • see Trend Micro Control Manager [1]
  • Control Manager server settings
    • configure [1]
  • Conventional scan [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2] [3]
  • customized keywords [1]
  • customized templates [1]
  • dashboard
  • database
    • configure maintenance schedule [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keywords [1]
  • Data Loss Prevention [1]
  • Data Loss Prevention (DLP) [1]
  • default tabs [1]
  • delete
    • address group [1]
    • administrator accounts [1]
  • delivery settings
    • configure [1]
  • dialers [1]
  • Direct Harvest Attack (DHA) settings
    • configure [1]
  • display
    • domains [1]
    • suspicious IP addresses [1]
  • DLP [1]
  • documentation [1]
  • domains
  • edit
    • address group [1]
    • administrator accounts [1]
  • Email Encryption
    • managing domains [1]
    • registering domains [1]
    • understand [1]
  • email relay [1]
  • Email reputation [1]
  • email threats
    • spam [1]
    • unproductive messages [1]
  • enable
    • Control Manager agent [1]
    • Email reputation [1]
    • End-User Access [1]
    • EUQ [1]
    • IP Profiler [1]
    • POP3 scanning [1]
    • sender filtering rules [1]
  • encrypting messages [1]
  • Encryption settings
    • configuring [1]
  • End-User Access
  • ERS
  • EUQ [1]
    • authentication [1]
    • disable [1]
    • enable [1]
    • open the console [1]
    • start [1]
    • web console [1]
    • Web console [1]
  • event criteria
    • configure [1]
  • event notifications [1]
  • export notes [1]
  • expression lists
  • expressions [1] [2]
  • FAQ
  • file attributes [1] [2] [3] [4]
  • File Reputation Services [1] [2]
  • filtering, how it works [1]
  • filters
    • examples of [1]
  • generate
  • graymail [1]
  • hacking tools [1]
  • import notes [1]
  • IMSA
  • IMSS
  • internal addresses
  • IP Profiler [1]
  • joke program [1]
  • keywords [1] [2]
  • known hosts [1]
  • LDAP settings
  • LDAP User or Group
    • search for [1]
  • license
  • logical operators [1]
  • logs [1]
    • configure settings [1]
    • query [1]
    • query message tracking [1]
    • query MTA event [1]
    • query policy event [1]
    • query quarantine event [1]
    • query sender filtering [1]
    • query system event [1]
    • query URL click tracking [1]
  • manage
    • administrator accounts [1]
    • expression lists [1]
    • notifications list [1]
    • one-time reports [1]
    • product licenses [1]
  • manage domains for Email Encryption [1]
  • management console password
  • manual update [1]
  • mass mailing viruses
  • message delivery [1]
  • Message Delivery settings
    • configure [1]
  • Message Rule settings
    • configure [1]
  • messages in the Virtual Analyzer queue
  • message size
    • scanning conditions [1]
  • message traffic tab [1]
  • MIME content type
    • scanning conditions [1]
  • MTA
  • new features [1]
  • notes
  • notification messages
    • configure [1]
  • notifications
  • notification settings
    • configure [1]
  • notifications list
  • one-time reports
  • online
    • community [1]
  • online help [1]
  • other rule [1]
  • password
    • management console [1]
  • password cracking applications [1]
  • pattern files
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • permitted senders [1]
  • policies
  • policy management
  • policy notification
  • POP3 messages
  • POP3 scanning
  • POP3 settings
  • postponed messages
  • predefined expressions [1]
  • predefined keywords
    • distance [1]
    • number of keywords [1]
  • predefined templates [1]
  • product licenses
  • product services [1]
  • product settings
    • configure [1]
  • quarantine
    • configure settings [1]
  • quarantine and archive [1]
  • quarantine areas
  • quarantined messages
  • query
    • archive areas [1]
    • logs [1]
    • messages [1]
    • messages in the Virtual Analyzer queue [1]
    • MTA event logs [1]
    • policy event logs [1]
    • postponed messages [1]
    • quarantine areas [1]
    • quarantine event logs [1]
    • sender filtering logs [1]
    • system event logs [1]
    • URL click tracking logs [1]
  • readme file [1]
  • register domains for Email Encryption [1]
  • remote access tools [1]
  • renew
  • replicating settings [1]
  • reports
  • restore
  • roll back
    • components [1]
  • route
  • scan
    • POP3 messages [1]
    • SMTP messages [1]
  • scan actions
    • configure encrypted message settings [1]
    • configure other scanning exceptions settings [1] [2]
  • scan engine
  • scan exceptions
    • configure [1]
  • Scan methods [1]
  • scanning conditions [1]
    • attachment names [1]
    • attachment number [1] [2]
    • attachments [1]
    • attachment size [1]
    • extensions [1]
    • message size [1]
    • MIME content type [1]
    • spam [1]
    • specify [1]
    • true file type [1]
  • scheduled reports
  • scheduled updates [1]
  • security risks
    • spyware/grayware [1]
  • security setting violations
    • configure exceptions [1] [2]
    • configure scan actions [1]
  • Sender Filtering
    • configure [1]
    • configure bounced mail settings [1]
    • configure Direct Harvest Attack (DHA) settings [1]
    • configure spam settings [1]
    • configure virus settings [1]
  • Sender Filtering Service
  • Sender Filtering tab [1]
  • services [1]
    • Sender Filtering Service [1]
  • smart protection [1] [2]
  • Smart Protection [1] [2]
  • Smart Protection Network [1] [2]
  • Smart Scan [1]
  • SMTP
    • notification server [1]
  • SMTP messages
  • SMTP routing [1]
    • configure [1]
  • SMTP settings
    • configure [1]
  • spam settings
    • configure [1]
  • spam text exemption rules
    • configure [1]
  • specify
    • actions [1]
    • route [1]
    • scanning conditions [1]
    • update source [1]
  • spyware/grayware [1]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • start
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • suspicious IP addresses
  • system overview tab [1]
  • System Status screen [1]
  • tabs
    • add a tab [1]
    • Cloud Pre-Filter [1]
    • configure a tab [1]
    • default tabs [1]
    • message traffic [1]
    • Sender Filtering [1]
    • system overview [1]
    • understand [1]
  • tag subject
  • templates [1] [2] [3] [4] [5] [6]
  • TMCM settings
    • configure [1]
  • transport layer [1]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
  • troubleshooting [1]
    • imssps daemon [1]
  • true file type [1]
  • understand
    • Email Encryption [1]
    • widgets [1]
  • update
    • automatically [1]
    • manually [1]
    • pattern files [1]
    • scan engine [1]
    • system and application [1]
  • update source
  • view
    • archived messages [1]
    • messages in the Virtual Analyzer queue [1]
    • postponed messages [1]
    • product licenses [1]
    • quarantined messages [1]
  • Virtual Analyzer [1]
  • virus settings
    • configure [1]
  • Web EUQ Digest
    • configure settings [1]
  • Web Reputation Services [1] [2]
  • what’s new [1]
  • widgets
    • add a widget [1]
    • configure a widget [1]
    • edit a widget [1]
    • understanding [1]
    • using a widget [1]
  • wildcards [1]
    • file attributes [1]

Selecting a Scan Method Parent topic

IMSS provides two scanning methods for detection of malware and other security threats.

Procedure

  1. Go to PolicySmart Protection.
    The Security Risk Scan tab appears by default.
  2. Select one of the following malware scanning methods.
    • Conventional Scan: Conventional scan leverages anti-malware and antispyware components stored locally.
      The Virus Pattern contains information that helps IMSS identify the latest virus/malware and mixed threat attacks. Trend Micro creates and releases new versions of the Virus Pattern several times a week, and any time after the discovery of a particularly damaging virus/malware.
    • Smart Scan - File Reputation Services: Smart Scan leverages threat signatures that are stored in the cloud.
      When in Smart Scan mode, IMSS uses the Smart Scan Agent Pattern to check for security risks. The Smart Scan Agent Pattern is updated daily by Trend Micro and delivers the same protection provided by conventional anti-malware and antispyware patterns. If the Smart Scan Agent Pattern cannot determine the reputation of a file, IMSS queries the Smart Protection Network to provide up-to-date protection.
    Note
    Note
    Conventional Scan is the default scan method.
  3. If you selected Smart Scan - File Reputation Services, select one of the following smart protection sources:
    • Smart Protection Network: If you select this option, specify the proxy server setting.
    • Smart Protection Server: If you select this option, click the Local Sources tab and configure Smart Protection Servers.
    Note
    Note
    IMSS reverts to Conventional Scan when the selected Smart Protection Network or Smart Protection Server is unavailable. IMSS can switch to Conventional Scan only when you have selected Switch to Conventional Scan when Smart Protection Network or Smart Protection Server is unavailable.
  4. Click Save.
    Note
    Note
    If Smart Scan is selected, IMSS attempts to connect to the Smart Protection Network or Smart Protection Server immediately after you click Save. If a connection is not established, IMSS does not save your settings. Reselect a scan method and save your settings again.
    IMSS automatically restarts the Scan Service whenever you change your scan method settings.
When IMSS reverts to Conventional Scan, you can query system event logs for each scanner's connection timeouts. If any scanner has frequent connection timeouts, check the network configuration of that scanner. For details on querying system event logs, see Querying System Event Logs.
You can configure IMSS to send notifications for scan method changes. For details on configuring notifications, see Configuring Event Criteria and Notification Message.