Configuring Social Engineering Attack Criteria

• Select Enable Virtual Analyzer, and then select the security level from the drop-down list, to perform further observation and analysis for threats detected by Social Engineering Attack Protection.

  Note:

  If Virtual Analyzer is enabled, Hosted Email Security performs observation and analysis on samples in a closed environment. It takes 3 minutes on average to analyze and identify the risk of an attachment, and the time could be as long as 30 minutes for some attachments.

Hosted Email Security logs advanced threats as follows:

• "Probable Advanced Threats": Suspected threats detected by the Advanced Threat Scan Engine or Social Engineering Attack Protection but not analyzed by Virtual Analyzer

  Tip:

  Some detected files may be safe. Trend Micro recommends selecting the Quarantine action for suspected threats detected by Social Engineering Attack Protection.

• "Analyzed Advanced Threats": Suspected threats detected by the Advanced Threat Scan Engine or Social Engineering Attack Protection and detected as the high risk by Virtual Analyzer

  Note:

  The Advanced Threat Scan Engine or Social Engineering Attack Protection considers messages as suspected threats according to the security level configured for Virtual Analyzer. That is:

  • if the High security level is configured, then the action will be applied on all messages that exhibit any suspicious behavior.

  • if the Medium security level is configured, then the action will be applied on messages that have moderate to high probability of being malicious.

  • if the Low security level is configured, then the action will be applied only on messages that have high probability of being malicious.