ScanMail™ for Microsoft™ Exchange 11.0 Online Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • access control
  • actions [1] [2]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail [1] [2]
    • Activation Code [1]
      • additional features [1]
      • standard [1]
      • suite [1]
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2] [3]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1] [2]
  • automatic deployment settings
    • Scheduled Download [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Deep Discovery Advisor [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer list [1]
  • components
    • downloading [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring [1]
    • access control [1] [2]
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • managed products [1]
    • notifications [1]
    • proxy settings [1]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • security risk scan
    • special groups [1] [2]
    • user accounts [1]
    • web reputation [1]
    • World Virus Tracking Program [1]
  • contacting
    • technical support [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager [1] [2]
    • about [1]
    • accounts [1]
    • agent [1]
    • antivirus and content security components [1] [2]
    • basic features [1]
    • configuring accounts [1]
    • features [1]
    • mail server [1]
    • managed product [1]
    • MCP [1]
    • report server [1]
    • see Trend Micro Control Manager [1]
    • SQL database [1]
    • Trend Micro Management Infrastructure [1]
    • web-based management console [1]
    • web server [1]
    • widget framework [1]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • creating
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
    • expressions [1]
    • file attributes [1]
    • keyword lists
    • keywords [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • data views
    • understand [1]
  • Deep Discovery Advisor [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • deployment plans [1]
  • dialers [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • disease vector [1]
  • download components
  • downloading and deploying components [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • features [1]
  • file attributes [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • folders
  • frequently asked questions
    • calculating decompressed file size [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • false positives [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • phish attacks [1]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • unable to log on to product console [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1] [2]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manually download components [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Migrator Service [1]
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • MCP [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • unable to log on [1]
    • viewing remote servers [1]
    • viewing servers [1]
    • viewing virtual servers [1]
  • Product Directory
    • deploying components [1]
  • proxy servers [1]
  • proxy settings [1] [2]
    • configuring [1]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • query logs [1]
  • reactivating ScanMail [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
    • notifications [1]
  • recovering
    • managed products [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
    • reseller purchase [1]
    • to Control Manager [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • renaming
    • folders [1]
    • managed products [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2] [3]
    • scheduled [1]
    • scheduled reports [1]
    • templates [1]
  • report templates [1]
  • resources
    • creating for virtual servers [1] [2] [3] [4]
    • creating for Windows 2003 [1]
    • creating for Windows 2008 [1] [2]
    • Exchange 2007 CCR Cluster [1]
    • Exchange 2007 SCC Cluster [1]
    • Exchange 2007 SCR Cluster [1]
  • role
  • roll back [1]
  • scan engine [1]
  • ScanMail EUQ Migrator Service [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
    • scan engine [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • searching
    • managed products [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security information site [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • report [1]
    • summary screen [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4]
    • File Reputation Services [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1] [2]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Network [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • alerts [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • notifications [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • templates [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager [1]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • managed product user access [1]
    • registering ScanMail [1]
    • registering to [1]
    • server [1]
    • unregistering ScanMail [1]
    • using ScanMail [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • unregistering
    • ScanMail from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual configurations [1]
    • pattern file, manual [1]
    • pattern files [1]
    • rolling back [1]
    • scan engine, manual [1]
    • scheduled configurations [1]
  • updating ScanMail [1]
  • URLs
    • email technical support [1]
    • Knowledge Base [1]
    • security information site [1]
    • update center [1]
  • version comparison [1]
  • viewing
    • managed products logs [1]
  • Virtual Analyzer
    • scan engine technology [1]
  • virtual servers [1] [2]
    • creating ScanMail resources [1] [2] [3] [4]
    • viewing from the product console [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • World Virus Tracking Program [1] [2]
    • configuring [1]
  • worms [1] [2]
  • zip-of-death [1]

Windows Event Log Codes Parent topic

Event Identifications for notifications written into Windows event logs have changed a lot from previous versions of ScanMail. This change might impact your monitoring efforts. Consult the following table to understand the Windows event logs.

ScanMail Windows Event Log Codes

Event ID
Facility
Type / Severity
Category
Description
3
Application
Error
None
Alert. ScanMail service did not start successfully.
4
Application
Error
None
Alert. ScanMail service is unavailable.
5
Application
Warning
None
Security risk scan notification.
6
Application
Warning
None
Attachment blocking notification.
7
Application
Warning
None
Content filtering notification.
16
Application
Warning
None
Alert. Manual update unsuccessful.
17
Application
Information
None
Alert. Manual update successful.
18
Application
Warning
None
Alert. Last update time is older than specified time.
19
Application
Information
None
Alert. Manual scan successful.
20
Application
Error
None
Alert. Manual scan unsuccessful.
21
Application
Warning
None
Alert. Scan time exceeds specified time.
22
Application
Warning
None
Alert. The disk space on the local drive (volume) of the backup or quarantine directory is less than specified size.
23
Application
Warning
None
Alert. The size of database to keep quarantine and logs exceeds specified size.
24
Application
Information
None
Alert. Scheduled scan successful.
25
Application
Error
None
Alert. Scheduled scan unsuccessful.
32
Application
Error
None
Alert. Scheduled update unsuccessful.
33
Application
Information
None
Alert. Scheduled update successful.
34
Application
Warning
None
Web reputation notification.
35
Application
Warning
None
Data Loss Prevention notification
80
Application
Information
None
Alert. Outbreak Prevention Mode started.
82
Application
Information
None
Alert. Outbreak Prevention Mode stopped and configuration restored.
257
Application
Warning
None
Virus/Malware Outbreak Alert.
258
Application
Warning
None
Uncleanable Virus/Malware Outbreak Alert.
259
Application
Warning
None
Blocked attachment Outbreak Alert.
260
Application
Warning
None
Spyware/Grayware Outbreak Alert.
513
Application
Error
None
Filter loading exception.
514
Application
Error
None
Adapter loading exception.
4097
Application
Warning
None
Alert. The disk space on the local drive of the MS Exchange transaction log is less than specified size.
4098
Application
Warning
None
Alert. The Microsoft Exchange mail store size exceeds specified size.
4099
Application
Warning
None
Alert. The Microsoft Exchange SMTP messages queued continuously exceeds the specified number.
4112
Application
Error
None
ScanMail Master Service stopped due to insufficient disk space. Please free up some disk space and restart ScanMail Master Service.
8193
Application
Information
None
EUQ. Processing manual End User Quarantine maintenance task started.
8194
Application
Information
None
EUQ. Processing of manual End User Quarantine maintenance task ended.
8195
Application
Information
None
EUQ. Processing of schedule End User Quarantine maintenance task started.
8196
Application
Information
None
EUQ. End of processing schedule End User Quarantine maintenance task.
8197
Application
Information
None
EUQ. Start to process enable End User Quarantine task.
8198
Application
Information
None
EUQ. End of processing enable End User Quarantine task.
8199
Application
Information
None
EUQ. Start to process disable End User Quarantine task.
8200
Application
Information
None
EUQ. End of processing disable End User Quarantine task.
12289
Application
Error
None
"The transport scan module was unable to load the ScanMail transport hook. This could be caused by improper COM registration, missing DLL files, or privilege issues with the hookSMTP.dll. Check if the required files are complete, manually register hookSMTP.dll, and restart ScanMail Master Service."
12290
Application
Error
None
The ScanMail transport scan module is unable to send IPC requests to the ScanMail Master service. Check Windows event log for system errors.
12291
Application
Error
None
The transport scan module is unable to detect ScanMail or it does not have proper permission to access ScanMail related files or registries. ScanMail Master Service has not started. Please restart ScanMail Master Service.
12292
Application
Error
None
Another transport scan module may be active. Please check if a transport scan module has already been loaded by the Exchange transport service. Another transport scan module is running.
12293
Application
Error
None
The ScanMail transport scan module is unable to create a transport agent object. Make sure the ScanMail DLL files are complete.
12294
Application
Warning
None
"Transport scan has been disabled and messages have been passed through without being scanned by ScanMail. To enable transport scanning, log on to the ScanMail Management Console and enable any of the following transport level real-time security risk scan, transport level attachment blocking, transport level content filtering, or spam prevention."
12545
Application
Error
None
The MCP agent between ScanMail and Control manager stopped unexpectedly.
20480
Application
Information
None
Log on/off ScanMail product console.
20481
Application
Information
None
ScanMail configuration change.
20482
Application
Information
None
ScanMail management operation.
28672
Application
Information
None
Switch security risk scan methods
28673
Application
Warning
None
Smart Scan - Each time File Reputation service was Unavailable.
28675
Application
Information
None
Smart Scan - Each time File Reputation service was Recovered.
28676
Application
Warning
None
Smart Scan - Each time Web Reputation service was Unavailable.
28677
Application
Information
None
Smart Scan - Each time Web Reputation service was Recovered.
28678
Application
Information
None
Search & Destroy - Each time a search was successful
28679
Application
Error
None
Search & Destroy - Each time a search was unsuccessful
28681
Application
Warning
None
Deep Discovery Advisor server - Each time the Deep Discovery Advisor server was unavailable
28682
Application
Information
None
Deep Discovery Advisor server - Each time the Deep Discovery Advisor server was recovered