Configuring Deep Discovery Advisor Settings Parent topic

Before configuring the Deep Discovery Advisor settings, select the Enable Advanced Threat Scan Engine option on the Security Risk Scan: Target screen. Advanced Threat Scan Engine performs the aggressive scanning necessary to detect advanced threats.
Important
Important
  • Deep Discovery Advisor settings are not configurable until an administrator enables the Advanced Threat Scan Engine.
  • Before enabling Deep Discovery Advisor integration, administrators must enable the Exchange pickup folder. For details on enabling the Exchange pickup folder, see Deep Discovery Advisor - Integration Pre-requisites.
    WARNING
    WARNING
    Disabling the Exchange pickup folder after enabling the Deep Discovery Advisor integration may cause unexpected issues. Trend Micro recommends disabling Deep Discovery Advisor integration before disabling the Exchange pickup folder.

Procedure

  1. Go to Deep Discovery Advisor.
  2. Select Send messages to Deep Discovery Advisor for analysis.
  3. Configure the Deep Discovery Advisor server connection settings:
    • Type the Server name or IP address.
      Note
      Note
      The server name supports FQDN formats and the IP address supports IPv4 format.
    • Type the Port number.
    • Type the API key.
      Note
      Note
      Contact the Deep Discovery Advisor administrator to obtain the server name or IP address, port number, and a valid API key.
  4. Select Use a proxy to connect to the Deep Discovery Advisor server if ScanMail requires a proxy for server communication with Deep Discovery Advisor.
    1. Click the expand button (expand_button.jpg) to display the proxy settings.
    2. Type the server name or IP address of the proxy server and its port number.
    3. If your proxy server requires a password, type your user name and password in the fields provided.
  5. Click one of the following buttons:
    • Register: Establishes the connection to Deep Discovery Advisor
    • Test Connection: Verifies the connection settings to Deep Discovery Advisor but does not register ScanMail to the server
    Note
    Note
    To enable sending messages to Deep Discovery Advisor, register Deep Discovery Advisor before saving the connection settings.
  6. Select the traffic direction of the messages to analyze.
  7. Choose the recipients of the messages to analyze by searching and selecting AD Users/Groups/Contacts/Special Groups and adding them to the Selected Account(s) list.
  8. Select the attachment types to analyze.
    Tip
    Tip
    As application and executable files pose the greatest threats in respect to advanced threats, Trend Micro recommends only selecting to analyze these file types.
  9. Configure the Security Level settings for the messages and files that Deep Discovery Advisor analyzes.
    • Security level: The security level determines whether ScanMail performs an action on messages and files analyzed and rated by Deep Discovery Advisor. The available security level settings are: High, Medium, or Low.
      Note
      Note
      For messages and files with a rating that violates the configured security level, ScanMail performs the action configured for Advanced threats on the Security Risk Scan Actions tab (Security Risk ScanAction). For more information, see Configuring Security Risk Scan Actions.
    • Maximum wait time for analysis ratings: Select the maximum amount of time to temporarily quarantine messages while Deep Discovery Advisor analyzes the risk of the message.
    • Action on time out: Select the action that ScanMail performs on messages for which Deep Discovery Advisor did not return a rating within the configured wait time.