ScanMail™ for Microsoft™ Exchange 11.0 Online Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • access control
  • actions [1] [2]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail [1] [2]
    • Activation Code [1]
      • additional features [1]
      • standard [1]
      • suite [1]
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2] [3]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1] [2]
  • automatic deployment settings
    • Scheduled Download [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Deep Discovery Advisor [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer list [1]
  • components
    • downloading [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring [1]
    • access control [1] [2]
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • managed products [1]
    • notifications [1]
    • proxy settings [1]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • security risk scan
    • special groups [1] [2]
    • user accounts [1]
    • web reputation [1]
    • World Virus Tracking Program [1]
  • contacting
    • technical support [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager [1] [2]
    • about [1]
    • accounts [1]
    • agent [1]
    • antivirus and content security components [1] [2]
    • basic features [1]
    • configuring accounts [1]
    • features [1]
    • mail server [1]
    • managed product [1]
    • MCP [1]
    • report server [1]
    • see Trend Micro Control Manager [1]
    • SQL database [1]
    • Trend Micro Management Infrastructure [1]
    • web-based management console [1]
    • web server [1]
    • widget framework [1]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • creating
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keyword lists
    • keywords [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • data views
    • understand [1]
  • Deep Discovery Advisor [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • deployment plans [1]
  • dialers [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • disease vector [1]
  • download components
  • downloading and deploying components [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • features [1]
  • file attributes [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • folders
  • frequently asked questions
    • calculating decompressed file size [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • false positives [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • phish attacks [1]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • unable to log on to product console [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1] [2]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manually download components [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Migrator Service [1]
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • MCP [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • unable to log on [1]
    • viewing remote servers [1]
    • viewing servers [1]
    • viewing virtual servers [1]
  • Product Directory
    • deploying components [1]
  • proxy servers [1]
  • proxy settings [1] [2]
    • configuring [1]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • query logs [1]
  • reactivating ScanMail [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
    • notifications [1]
  • recovering
    • managed products [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
    • reseller purchase [1]
    • to Control Manager [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • renaming
    • folders [1]
    • managed products [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2] [3]
    • scheduled [1]
    • scheduled reports [1]
    • templates [1]
  • report templates [1]
  • resources
    • creating for virtual servers [1] [2] [3] [4]
    • creating for Windows 2003 [1]
    • creating for Windows 2008 [1] [2]
    • Exchange 2007 CCR Cluster [1]
    • Exchange 2007 SCC Cluster [1]
    • Exchange 2007 SCR Cluster [1]
  • role
  • roll back [1]
  • scan engine [1]
  • ScanMail EUQ Migrator Service [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
    • scan engine [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • searching
    • managed products [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security information site [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • report [1]
    • summary screen [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4]
    • File Reputation Services [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1] [2]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Network [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • alerts [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • notifications [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • templates [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • managed product user access [1]
    • registering ScanMail [1]
    • registering to [1]
    • server [1]
    • unregistering ScanMail [1]
    • using ScanMail [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • unregistering
    • ScanMail from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual configurations [1]
    • pattern file, manual [1]
    • pattern files [1]
    • rolling back [1]
    • scan engine, manual [1]
    • scheduled configurations [1]
  • updating ScanMail [1]
  • URLs
    • email technical support [1]
    • Knowledge Base [1]
    • security information site [1]
    • update center [1]
  • version comparison [1]
  • viewing
    • managed products logs [1]
  • Virtual Analyzer
    • scan engine technology [1]
  • virtual servers [1] [2]
    • creating ScanMail resources [1] [2] [3] [4]
    • viewing from the product console [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • World Virus Tracking Program [1] [2]
    • configuring [1]
  • worms [1] [2]
  • zip-of-death [1]

What is spyware/grayware? Parent topic

Spyware includes software programs and technologies (called "bots") that seek to surreptitiously collect data and transmit it back to a host source.
The category of spyware and other grayware security risks includes adware, Internet cookies, Trojans, and surveillance tools. The type of information collected by spyware ranges from the relatively innocuous (a history of visited websites) to the downright alarming (credit card and Social Security numbers, bank accounts, and passwords).
The majority of spyware/grayware comes embedded in a "cool" software package which a user finds on a website and downloads. Some spyware programs are part of a legitimate program. Others are purely illicit. The network administrator needs to determine whether a given class of software is something he or she wants to allow on the network, or something they want to block.
Spyware installs in a variety of ways, for example:
  • As a by-product that results from installing software
  • As a result of clicking something in a popup window
  • As an invisible addition that is installed along with a legitimate download
  • Through Trojans, worms and viruses
The result is typically a background Internet connection, that opens a surveillance channel to the user’s computer. Multiple connections may also be established, which can lead to sluggish network performance.
When ScanMail detects spyware/grayware, it can take the following actions:
  • Replace with text/file: ScanMail deletes the infected, malicious, or undesirable content and replaces it with text or a file.
  • Quarantine entire message: ScanMail moves the email message to a restricted access folder.
  • Delete entire message: ScanMail deletes the entire email message.
  • Pass: ScanMail records the detection in logs and delivers the message unchanged.
  • Quarantine message part: ScanMail moves the email message body or attachment to a restricted access folder.

Growing Hazard

Increasingly, users are installing more and more malicious types of spyware without their knowledge, either as a "drive-by download", or as the result of clicking some option in a deceptive pop-up window. What concerns corporate security departments is that the more sophisticated types of spyware can be used to monitor keystrokes, scan files, install additional spyware, reconfigure web browsers, and snoop email and other applications. In some cases, spyware can even capture screen shots or turn on web cams.
Theft of confidential information, loss of employee productivity, consumption of large amounts of bandwidth, damage to corporate desktops, and a spike in the number of help desk calls related to spyware are forcing corporations of all sizes to take action. Spyware can represent both a security and system management nightmare.