ScanMail™ for Microsoft™ Exchange 11.0 Online Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • access control
  • actions [1] [2]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail [1] [2]
    • Activation Code [1]
      • additional features [1]
      • standard [1]
      • suite [1]
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2] [3]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1] [2]
  • automatic deployment settings
    • Scheduled Download [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Deep Discovery Advisor [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer list [1]
  • components
    • downloading [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring [1]
    • access control [1] [2]
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • managed products [1]
    • notifications [1]
    • proxy settings [1]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • security risk scan
    • special groups [1] [2]
    • user accounts [1]
    • web reputation [1]
    • World Virus Tracking Program [1]
  • contacting
    • technical support [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager [1] [2]
    • about [1]
    • accounts [1]
    • agent [1]
    • antivirus and content security components [1] [2]
    • basic features [1]
    • configuring accounts [1]
    • features [1]
    • mail server [1]
    • managed product [1]
    • MCP [1]
    • report server [1]
    • see Trend Micro Control Manager [1]
    • SQL database [1]
    • Trend Micro Management Infrastructure [1]
    • web-based management console [1]
    • web server [1]
    • widget framework [1]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • creating
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keyword lists
    • keywords [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • data views
    • understand [1]
  • Deep Discovery Advisor [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • deployment plans [1]
  • dialers [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • disease vector [1]
  • download components
  • downloading and deploying components [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • features [1]
  • file attributes [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • folders
  • frequently asked questions
    • calculating decompressed file size [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • false positives [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • phish attacks [1]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • unable to log on to product console [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1] [2]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manually download components [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Migrator Service [1]
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • MCP [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • unable to log on [1]
    • viewing remote servers [1]
    • viewing servers [1]
    • viewing virtual servers [1]
  • Product Directory
    • deploying components [1]
  • proxy servers [1]
  • proxy settings [1] [2]
    • configuring [1]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • query logs [1]
  • reactivating ScanMail [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
    • notifications [1]
  • recovering
    • managed products [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
    • reseller purchase [1]
    • to Control Manager [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • renaming
    • folders [1]
    • managed products [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2] [3]
    • scheduled [1]
    • scheduled reports [1]
    • templates [1]
  • report templates [1]
  • resources
    • creating for virtual servers [1] [2] [3] [4]
    • creating for Windows 2003 [1]
    • creating for Windows 2008 [1] [2]
    • Exchange 2007 CCR Cluster [1]
    • Exchange 2007 SCC Cluster [1]
    • Exchange 2007 SCR Cluster [1]
  • role
  • roll back [1]
  • scan engine [1]
  • ScanMail EUQ Migrator Service [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
    • scan engine [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • searching
    • managed products [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security information site [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • report [1]
    • summary screen [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4]
    • File Reputation Services [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1] [2]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Network [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • alerts [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • notifications [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • templates [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • managed product user access [1]
    • registering ScanMail [1]
    • registering to [1]
    • server [1]
    • unregistering ScanMail [1]
    • using ScanMail [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • unregistering
    • ScanMail from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual configurations [1]
    • pattern file, manual [1]
    • pattern files [1]
    • rolling back [1]
    • scan engine, manual [1]
    • scheduled configurations [1]
  • updating ScanMail [1]
  • URLs
    • email technical support [1]
    • Knowledge Base [1]
    • security information site [1]
    • update center [1]
  • version comparison [1]
  • viewing
    • managed products logs [1]
  • Virtual Analyzer
    • scan engine technology [1]
  • virtual servers [1] [2]
    • creating ScanMail resources [1] [2] [3] [4]
    • viewing from the product console [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • World Virus Tracking Program [1] [2]
    • configuring [1]
  • worms [1] [2]
  • zip-of-death [1]

Configuring Security Risk Scan Targets Parent topic

Procedure

  1. Go to the Security Risk Scan screen by navigating to one of the following:
    • For Real-time scans: Security Risk Scan
    • For Manual scans: Manual ScanSecurity risk scan
    • For Scheduled scans: Scheduled Scan[Add or Edit]Security risk scan
  2. Click the Target tab.
    The Target screen displays.
  3. Select Enable Advanced Threat Scan Engine to allow ScanMail to perform aggressive scanning for less conventional threats.
  4. Select one of the following for security risk scan:
    • All attachment files: ScanMail scans for viruses/malware, worms, Trojans, and other malicious code in all files except unscannable files. Unscannable files are password protected files, encrypted files, or files that exceed the user-defined scanning restrictions. Other malicious code describes previously unknown threat types for which you want to configure a ScanMail action.
    • IntelliScan: IntelliScan uses Trend Micro recommended settings to perform an efficient scan.
      Note
      Note
      There is one key difference between using IntelliScan and performing other scans using ScanMail true file type recognition. ScanMail true file type recognition allows users to define their own selection of files to scan, while IntelliScan always uses the Trend Micro recommended selection of files to scan.
    • Specify file types: Click the link to expand the list and select the files you want ScanMail to scan. These files are "true file types". The scan engine examines the file header rather than the file name to ascertain the actual file type. Or, select to create a list of file extensions by selecting Specify file extensions.
      Note
      Note
      For example: If you click Specify file types and then click Application and executablesExecutable (.exe; .dll, .vxd) then ScanMail scans executable, DLL and VXD file types - even when the file has a false file extension name (is labeled .txt when it is actually an .exe). However, if you click Specify file extensions and type .exe, then ScanMail scans only .exe type files. ScanMail does not recognize falsely labeled file types.
  5. To scan the message body, select Scan message body.
  6. To use IntelliTrap technology, select Enable IntelliTrap.
    For details on IntelliTrap scanning, see IntelliTrap.
  7. To scan for spyware/grayware, select Select All for Spyware/Grayware Scan or select from the list.
  8. Click Scan Restriction Criteria if performance improvement is required.
    For details on compressed file restrictions, see Security Risk Scan Compressed File Restrictions.
    Tip
    Tip
    Trend Micro recommends using scanning restrictions to protect against Denial-of-Service attacks. Denial-of-Service is an attack on a computer or network that causes a loss of 'service', namely a network connection. Typically, Denial-of-Service (DoS) attacks negatively affect network bandwidth or overload computer resources such as memory.
  9. Click Save.