ScanMail™ for Microsoft™ Exchange 12.5 SP1 Online Help

Collapse AllExpand All
  • access control
  • actions [1] [2]
    • advanced spam prevention [1]
    • attachment blocking [1]
    • compressed files [1]
    • Data Loss Prevention [1]
    • security risk scan [1]
    • spam prevention
      • content scanning [1]
    • web reputation [1]
  • activating ScanMail
    • Activation Code [1]
      • additional features [1]
      • suite [1]
  • activating Trend Micro products [1] [2]
    • Activation Code
    • reactivating [1]
  • Activation Code [1]
    • locating [1]
    • reactivating [1]
    • standard [1]
    • suite [1]
    • suite with additional features [1]
  • ActiveAction [1] [2]
  • ActiveUpdate [1] [2]
    • incremental updates [1]
  • advanced spam prevention [1] [2] [3]
    • actions [1]
    • configuring target settings [1]
    • enabling advanced spam prevention [1]
    • notifications [1]
  • advanced spam prevention scan [1]
  • advanced threats [1]
  • Advanced Threat Scan Engine [1]
  • Advanced Threat Scan Engine (ATSE)
  • adware [1]
  • alerts [1] [2]
    • notifications [1]
    • outbreak [1]
    • system events [1]
  • ATSE [1]
  • attachment blocking [1]
    • actions [1] [2] [3]
      • configuring [1]
    • compressed file handling [1]
    • enabling [1]
    • exceptions
    • global policy [1]
    • logs [1]
    • notifications
    • target
      • configuring [1]
  • Business Email Compromise (BEC) [1]
  • Command & Control Contact Alert Services [1]
    • categories [1]
    • Global Intelligence list [1]
    • Smart Protection Server [1]
    • Virtual Analyzer [1]
    • Virtual Analyzer list [1]
  • compressed files [1] [2] [3] [4] [5] [6]
    • actions [1]
    • compression ratios [1]
    • compression types [1]
    • Denial-of-Service [1]
  • compression types [1]
  • configuring
    • access control [1] [2]
    • advanced spam prevention scan
    • internal domains [1]
    • local sources [1]
    • macro scans [1]
    • notifications [1]
    • proxy settings [1] [2]
    • quarantine folder/directory [1]
    • real-time scan [1]
    • security risk scan
    • server groups [1]
    • special groups [1] [2]
    • web reputation [1]
  • content filtering [1]
  • content scanning [1]
  • Control Manager
    • see Trend Micro Control Manager [1]
  • criteria
    • customized expressions [1]
    • keywords [1]
  • customized expressions [1] [2]
  • customized keywords [1]
  • data identifiers [1]
  • data leakage prevention [1]
  • Data Loss Prevention [1] [2]
  • Denial-of-Service [1] [2] [3]
  • Denial-of-Service attack [1]
  • dialers [1]
  • disease vector [1]
  • documentation feedback [1]
  • EICAR [1]
  • email reputation
  • email reputation services [1]
  • encoding types [1]
  • End User Quarantine [1] [2]
  • Enterprise Protection Strategy [1]
  • expressions [1] [2]
  • false positive [1]
  • file reputation [1]
  • File Reputation Services [1]
  • files
    • uncleanable [1]
  • frequently asked questions
    • backup folders [1] [2]
    • calculating decompressed file size [1]
    • central reports [1]
    • checking pattern file updates [1]
    • checking service pack updates [1]
    • compression ratios [1]
    • dangerous files [1]
    • EICAR test virus [1]
    • End User Quarantine spam folder [1]
    • false positives [1]
    • firewall port exceptions [1]
    • handling large files [1]
    • latest patches [1]
    • locating Activation Code [1]
    • locating Registration Key [1] [2]
    • mapped network drives [1]
    • phish attacks [1]
    • public folder scan [1]
    • quarantine folders [1] [2]
    • regular expressions [1]
    • remote SQL server password changed [1]
    • removing quarantined email messages [1]
    • sending detected viruses to Trend Micro [1]
    • sending suspected threats to Trend Micro [1]
    • spyware/grayware [1]
    • time settings [1] [2]
    • UNC paths [1]
    • using keywords [1] [2] [3]
    • using operators with keywords [1]
    • virtual analyzer
      • working modes [1]
  • global policy [1]
  • global settings
    • quarantine folder/directory [1]
  • grayware [1]
  • hacking tools [1]
  • hot fixes [1]
  • icons [1]
  • integrated server [1]
  • IntelliScan [1] [2]
  • IntelliTrap [1]
  • internal domains [1]
    • configuring [1]
  • joke program [1] [2]
  • keywords [1] [2] [3] [4] [5]
  • known issues [1]
  • licenses [1]
    • registering [1]
  • local sources
    • configuring [1]
    • settings [1]
    • Smart Protection Server [1]
  • logs [1]
    • maintenance [1]
    • querying [1]
    • Search & Destroy [1]
    • types [1]
    • Windows events [1]
  • machine learning [1]
  • macro scan [1]
  • macro viruses/malware [1]
  • mailbox search
    • configuring [1]
    • criteria
      • date [1]
      • discovery mailbox [1]
      • keywords [1]
      • mailbox components [1]
      • mailboxes [1]
      • specific senders or recipients [1]
    • deleting [1]
    • keywords [1]
    • modifying [1]
    • options [1]
    • results [1]
    • syntax [1]
    • types [1]
    • viewing [1]
  • maintaining security [1]
  • managing outbreak situations [1]
    • analyzing [1]
    • confirming the outbreak [1]
    • recovering [1]
    • responding [1]
  • manual scan [1]
  • manual updates [1]
  • mass-mailing attack [1]
  • master services
    • ScanMail EUQ Monitor [1]
    • ScanMail for Exchange Remote Configuration Server [1]
    • ScanMail for Microsoft Exchange Master Services [1]
    • ScanMail for Microsoft Exchange System Watcher [1]
    • starting and stopping [1]
  • multipurpose internet mail extensions [1]
  • notifications [1] [2] [3]
    • about [1]
    • actions that trigger [1]
    • advanced spam prevention [1]
    • alerts [1]
    • configuring [1]
    • global settings [1]
    • web reputation [1]
  • one-time reports [1] [2]
    • generating [1]
  • online help
    • accessing [1]
  • operator [1]
  • outbreak alerts [1]
  • Outbreak Prevention Services [1]
  • password cracking applications [1]
  • patches [1]
    • updating FAQ [1]
  • pattern files [1] [2] [3] [4]
    • incremental updates [1]
    • Smart Scan Agent pattern [1]
    • Smart Scan pattern [1]
    • spam pattern files [1]
    • updates [1]
    • updating manually [1]
    • Web Blocking list [1]
  • PCRE [1]
  • Perle Compatible Regular Expressions [1]
  • phish [1] [2] [3] [4]
  • policies
    • content filtering [1]
    • Data Loss Prevention [1]
  • post-installation
    • spam folder [1]
  • predefined expressions [1]
  • predefined templates [1]
  • product console [1]
    • banner [1]
    • configuration area [1]
    • getting help [1]
    • side menu [1]
    • viewing remote servers [1]
    • viewing servers [1]
  • proxy settings [1] [2]
  • quarantine
    • alerts [1]
    • configuring [1]
    • folder/directory [1]
    • global settings [1]
    • queries
    • resending messages [1]
  • quarantine folder/directory [1]
  • quarantine query
    • maintenance
    • performing [1]
    • resending messages [1]
  • ransomware [1]
  • reactivating Trend Micro products [1]
  • real-time monitor [1]
    • viewing remote servers [1]
  • real-time scan [1] [2]
    • characteristics [1]
    • configuring [1]
  • registering
    • to Control Manager [1]
  • registering ScanMail
    • reseller purchase [1]
  • registering Trend Micro products [1]
    • how to [1]
    • online purchase [1]
    • Registration Key [1]
  • Registration Key
  • regular expressions [1]
  • remote access tools [1]
  • remote servers
    • viewing with real-time monitor [1]
  • replicating configurations [1] [2]
  • reports [1]
    • generating scheduled [1]
    • maintenance [1]
    • one-time reports [1] [2]
    • scheduled [1]
  • role
  • scan engine [1]
  • ScanMail EUQ Monitor [1]
  • ScanMail for Exchange Remote Configuration Server [1]
  • ScanMail for Microsoft Exchange Master Services [1]
  • ScanMail for Microsoft Exchange System Watcher [1]
  • ScanMail technology [1]
  • scans [1]
    • about scans [1]
    • actions [1] [2]
    • logs [1]
    • macro scan [1]
    • manual scan [1]
    • manual scan settings [1]
    • on cluster servers [1]
    • real-time scan [1]
    • scheduled scan [1]
    • scheduled scan settings [1]
  • scheduled scan [1]
  • scheduled updates [1]
  • Search & Destroy
  • Search & Destroy administrator [1]
  • security baseline [1]
    • managing real-time monitor [1]
    • performing a manual scan [1]
    • update ScanMail [1]
  • security risks [1]
    • advanced threats [1]
    • compressed files [1]
    • Denial-of-Service [1]
    • Denial-of-Service attack [1]
    • disease vector [1]
    • encoding types [1]
    • grayware [1]
    • joke program [1]
    • macro viruses/malware [1]
    • mass-mailing attack [1]
    • multipurpose internet mail extensions [1]
    • other malicious codes [1]
    • packed files [1]
    • phish [1] [2] [3]
    • ransomware [1]
    • spyware [1]
    • spyware/grayware [1] [2]
    • Trojan Horse [1] [2]
    • true file type [1]
    • virus/malware writers [1]
    • viruses/malware [1] [2]
    • worms [1] [2]
    • zip-of-death [1]
  • security risk scan
    • about [1]
    • actions [1] [2]
    • ActiveAction [1]
    • compressed file handling [1] [2]
    • configuring target settings [1]
    • custom settings [1]
    • enabling real-time scan [1]
    • IntelliScan [1] [2]
    • IntelliTrap [1]
    • logs [1]
    • notifications
    • summary screen [1]
  • server groups [1]
    • configuring [1]
  • server management console [1]
    • activating [1]
    • replicating configurations [1] [2]
    • replicating servers [1]
    • view last replication [1]
    • view pattern and engine version [1]
    • view scan results [1]
    • view scan status [1]
    • view smart scan status [1]
  • Server Management Console
  • service packs [1] [2]
  • services
    • starting and stopping [1]
  • smart protection [1] [2] [3] [4] [5]
    • File Reputation Services [1]
    • Smart Protection Network [1]
    • source [1] [2]
    • sources
      • comparison [1]
      • protocols [1]
    • volume of threats [1]
  • Smart Protection [1]
    • File Reputation Services [1]
    • integrated server [1]
    • pattern files [1]
    • Smart Protection Server [1]
    • standalone server [1]
    • Web Reputation Services [1] [2]
  • Smart Protection Network [1] [2]
    • web reputation [1]
  • Smart Protection Server [1] [2] [3] [4]
  • Smart Protection sources
    • integrated server [1]
    • local source settings [1]
    • Smart Protection Server [1]
    • standalone server [1]
  • spam engine [1]
  • spam maintenance [1]
    • End User Quarantine [1]
  • spam pattern files [1]
  • spam prevention [1]
    • content scanning [1]
    • email reputation
    • email reputation services [1]
    • End User Quarantine [1]
    • maintenance [1]
    • spam engine [1]
    • spam pattern files [1]
  • special groups [1] [2]
  • spyware [1]
  • spyware/grayware [1] [2] [3] [4]
    • adware [1]
    • dialers [1]
    • entering the network [1]
    • hacking tools [1]
    • joke program [1]
    • malware naming [1]
    • password cracking applications [1]
    • remote access tools [1]
    • risks and threats [1]
  • SQL server
    • manually updating password [1]
  • standalone server [1]
  • summary [1]
    • ransomware tab [1]
    • security risks [1]
    • spam tab [1]
    • system tab [1]
  • support
    • resolve issues faster [1]
  • support/system debugger [1]
  • targets
    • web reputation [1]
  • technology
    • scan engine [1]
  • templates [1] [2]
  • Trend Micro Control Manager [1] [2]
    • agent [1]
    • communication protocol [1]
    • communicator [1]
    • entity [1]
    • registering [1]
    • server [1]
    • unregistering [1]
  • Trojan Horse [1] [2]
  • true file type [1]
  • uncleanable files [1]
  • unregistering
    • from Control Manager [1]
  • updates
    • ActiveUpdate [1]
    • alerts [1]
    • components on clusters [1]
    • download source [1]
    • latest patches FAQ [1]
    • logs [1]
    • manual updates [1]
    • pattern file, manual [1]
    • pattern files [1]
    • scan engine, manual [1]
    • scheduled updates [1]
  • updating, about [1]
  • URLs
    • Knowledge Base [1]
    • update center [1]
  • URL time-of-click protection
    • enabling URL time-of-click protection [1]
  • version comparison [1]
  • Virtual Analyzer [1]
    • about [1]
    • configuring [1]
    • scan engine technology [1]
    • settings [1]
  • virtual analyzer working modes [1]
  • virtual servers [1]
  • viruses/malware [1] [2] [3]
  • Virus Scan Application Programming Interface (VSAPI) [1]
  • Virus Scan Engine [1]
    • scan engine [1]
  • web reputation [1] [2] [3] [4] [5] [6]
  • Web Reputation Services [1] [2]
  • wildcard [1]
  • wildcards [1]
  • Windows event log codes [1]
  • worms [1] [2]
  • writing style training
  • writing style verification
    • configuring [1]
    • enabling [1]
  • zip-of-death [1]

How to cleanup ScanMail email messages that were temporarily quarantined for advanced threat analysis? Parent topic

If ScanMail installation/uninstallation is initiated while there are lots of email messages quarantined for advanced threat analysis, these messages will not be removed. To handle these email messages, ScanMail automatically launches a separate tool: "toolDDAnQuarantinedMailsCleaner.exe". Usually this tool runs successful and without any issue. However, if there is any exception occurs during installation/uninstallation, you may need to run this tool manually.

Procedure

  1. Run CMD.exe with local administrators rights.
  2. Switch to ScanMail home directory.
  3. Do one of the following:
    • If the tool execution is unsuccessful during installation, use the following command to execute the tool:
      toolDDAnQuarantinedMailsCleaner.exe install [SMEX_TEMP_QUARANTINE_PATH]
      Note
      Note
      Replace:
      • [SMEX_TEMP_QUARANTINE_PATH] with suspicious files quarantine path
      For example:
      toolDDAnQuarantinedMailsCleaner.exe install "C:\Program Files\Trend Micro\Smex\storage\quarantine\Advanced threats\temp"
    • If the tool execution is unsuccessful during uninstallation, use the following command to execute the tool:
      toolDDAnQuarantinedMailsCleaner.exe uninstall [SMEX_TEMP_QUARANTINE_PATH] [SMEX_WTP_TEMP_QUARANTINE_PATH]
      Note
      Note
      Replace:
      • [SMEX_TEMP_QUARANTINE_PATH] with suspicious files quarantine path
      • [SMEX_WTP_TEMP_QUARANTINE_PATH] with suspicious URLs quarantine path
      For example:
      toolDDAnQuarantinedMailsCleaner.exe uninstall "C:\Program Files\Trend Micro\Smex\storage\quarantine\Advanced threats\temp" "C:\Program Files\Trend Micro\Smex\storage\quarantine\Advanced threats\SuspiciousURLs"