ScanMail™ for Microsoft™ Exchange 11.0 Online Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • access control
  • actions [1] [2]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail [1] [2]
    • Activation Code [1]
      • additional features [1]
      • standard [1]
      • suite [1]
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2] [3]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1] [2]
  • automatic deployment settings
    • Scheduled Download [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Deep Discovery Advisor [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer list [1]
  • components
    • downloading [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring [1]
    • access control [1] [2]
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • managed products [1]
    • notifications [1]
    • proxy settings [1]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • security risk scan
    • special groups [1] [2]
    • user accounts [1]
    • web reputation [1]
    • World Virus Tracking Program [1]
  • contacting
    • technical support [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager [1] [2]
    • about [1]
    • accounts [1]
    • agent [1]
    • antivirus and content security components [1] [2]
    • basic features [1]
    • configuring accounts [1]
    • features [1]
    • mail server [1]
    • managed product [1]
    • MCP [1]
    • report server [1]
    • see Trend Micro Control Manager [1]
    • SQL database [1]
    • Trend Micro Management Infrastructure [1]
    • web-based management console [1]
    • web server [1]
    • widget framework [1]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • creating
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keyword lists
    • keywords [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • data views
    • understand [1]
  • Deep Discovery Advisor [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • deployment plans [1]
  • dialers [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • disease vector [1]
  • download components
  • downloading and deploying components [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • features [1]
  • file attributes [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • folders
  • frequently asked questions
    • calculating decompressed file size [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • false positives [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • phish attacks [1]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • unable to log on to product console [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1] [2]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manually download components [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Migrator Service [1]
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • MCP [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • unable to log on [1]
    • viewing remote servers [1]
    • viewing servers [1]
    • viewing virtual servers [1]
  • Product Directory
    • deploying components [1]
  • proxy servers [1]
  • proxy settings [1] [2]
    • configuring [1]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • query logs [1]
  • reactivating ScanMail [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
    • notifications [1]
  • recovering
    • managed products [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
    • reseller purchase [1]
    • to Control Manager [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • renaming
    • folders [1]
    • managed products [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2] [3]
    • scheduled [1]
    • scheduled reports [1]
    • templates [1]
  • report templates [1]
  • resources
    • creating for virtual servers [1] [2] [3] [4]
    • creating for Windows 2003 [1]
    • creating for Windows 2008 [1] [2]
    • Exchange 2007 CCR Cluster [1]
    • Exchange 2007 SCC Cluster [1]
    • Exchange 2007 SCR Cluster [1]
  • role
  • roll back [1]
  • scan engine [1]
  • ScanMail EUQ Migrator Service [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
    • scan engine [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • searching
    • managed products [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security information site [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • report [1]
    • summary screen [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4]
    • File Reputation Services [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1] [2]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Network [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • alerts [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • notifications [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • templates [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • managed product user access [1]
    • registering ScanMail [1]
    • registering to [1]
    • server [1]
    • unregistering ScanMail [1]
    • using ScanMail [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • unregistering
    • ScanMail from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual configurations [1]
    • pattern file, manual [1]
    • pattern files [1]
    • rolling back [1]
    • scan engine, manual [1]
    • scheduled configurations [1]
  • updating ScanMail [1]
  • URLs
    • email technical support [1]
    • Knowledge Base [1]
    • security information site [1]
    • update center [1]
  • version comparison [1]
  • viewing
    • managed products logs [1]
  • Virtual Analyzer
    • scan engine technology [1]
  • virtual servers [1] [2]
    • creating ScanMail resources [1] [2] [3] [4]
    • viewing from the product console [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • World Virus Tracking Program [1] [2]
    • configuring [1]
  • worms [1] [2]
  • zip-of-death [1]

Mailbox Search Options Parent topic

ScanMail provides multiple search options to narrow the scope of mailbox searches. Properly configured mailbox searches reduce the usage of system resources and return only relevant search results.
Tip
Tip
Trend Micro recommends performing an estimated search before performing Search Now or Search Later. Copying large amounts of data to the discovery mailbox requires more system resources and could result in reduced performance.
Configure the following search options to streamline mailbox search matching.

Mailbox Search Options

Option
Description
Keywords
ScanMail searches for the keywords or phrases that the administrator specifies. Use logical operators, parentheses, double quotation marks, wildcards, AQS expressions (for Exchange 2010), or KQL expressions (for Exchange 2013) to narrow the search parameters.
For details on searching for keywords, see Syntax Used for Keyword Strings.
Note
Note
The maximum allowable character length of the Keywords field is 8192.
Mailboxes
Administrators may choose to search all mailboxes in the Exchange environment or choose specific users or distribution groups.
Note
Note
Trend Micro recommends performing mailbox searches on a limited number of users or distribution groups. Copying large amounts of data to the discovery mailbox requires more system resources and could result in reduced performance.
To select Specific user or distribution group members' mailboxes:
  1. Type a search string in the text box to find the available users, distribution groups, or databases and click Search.
  2. Select the accounts or databases to search in the available list and click Add >>.
Alternatively, administrators can import pre-existing lists from properly formatted .txt files.
Note
Note
The maximum allowable number of email addresses to search is 500. When importing a file, ScanMail only adds addresses to the Selected Mailbox(es) list until the list contains 500 addresses.
Mailbox Components
ScanMail can search all mailbox components in the Exchange environment or administrators may choose to scan only specific components. When choosing specific components, the following options are available:
  • Email
  • Meetings
  • Journal
  • Tasks
  • Contacts
  • Notes
  • Instant messaging conversations
Note
Note
When selecting All mailbox components (including components not listed below), ScanMail includes results found in any component that exists in the Exchange mailbox.
Specific Senders or Recipients
ScanMail searches email messages addressed to the specified recipients or from the specified senders.
Note
Note
ScanMail can search specific senders and recipients using display names, email addresses, or domain names.
Date
Administrators may choose to search all components in the Exchange environment or only those components created within a specified date range.
Discovery Mailbox
Administrators may choose to use a specific discovery mailbox for the search or accept the previously configured default Search & Destroy discovery mailbox.
Action
ScanMail provides two search actions:
  • Search and compile: All matched results are compiled for review (recommended)
  • Search and delete: All matched results are automatically deleted (not recommended)
    Note
    Note
    Trend Micro only recommends automatically deleting messages in high security environments.