What's New

Trend Vision One integration

Integration with Trend Vision One allows IMSVA to forward policy event logs to Trend Vision One for correlated detection and other advanced analytics.

Operating system upgrade

IMSVA provides a self-contained installation that uses a standard CentOS Linux operating system. This service pack directly upgrades the self-contained operating system of IMSVA from CentOS 6 to CentOS 7.

URL analysis

In addition to suspicious files in email messages, IMSVA submits suspicious URLs included in email messages to Virtual Analyzer for further analysis.

To protect you from malicious URLs, IMSVA first compares URLs in email messages with known malicious URLs in the Web reputation database, and then further analyzes URLs at the time of click. However, untested URLs may pass the first two layers of analysis. IMSVA provides enhanced protection by leveraging the URL sandbox available in Virtual Analyzer to perform sandbox simulation and analysis.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

As an email validation system to detect and prevent email spoofing, DMARC is intended to fight against certain techniques used in phishing and spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations.

DMARC is designed to fit into the existing email authentication process of IMSVA, allowing you to define DMARC settings, including the actions to take on messages that fail DMARC verification.

Syslog integration

To provide enterprise-class logging capabilities, IMSVA supports sending logs through the syslog protocol to multiple external syslog servers in a structured format. On the IMSVA management console, you can add, delete, import and export syslog servers.

Multiple Virtual Analyzer servers

To achieve better load balancing and failover capabilities, IMSVA allows you to add multiple servers for Virtual Analyzer. You can also enable, disable and delete Virtual Analyzer servers on the IMSVA management console.

SMTP Traffic Throttling

SMTP Traffic Throttling blocks messages from a single IP address or sender for a certain time when the number of connections or messages reaches the specified maximum.

Audit log support

As an enhanced log category of system events, Audit log replaces Admin activity on the IMSVA management console. Audit logs record various administrator operations and provide a way to query activities of specified administrator accounts.

Enhanced queue management

IMSVA uses mail transfer agent (MTA) queues to store messages that just arrived, messages ready to be delivered to the next MTA, messages deferred due to delivery failure, and messages kept on hold for later manual delivery. Specific actions can be taken on the messages in MTA queues.

Enhanced Smart Protection

IMSVA supports both Trend Micro Smart Protection Network and Smart Protection Server as smart protection sources. Smart Protection Servers are supported to localize smart protection services to the corporate network to reduce outbound traffic and optimize efficiency.

External database support

IMSVA allows you to use not only the internal but also external PostgreSQL database as the admin database or the EUQ database.

Time-of-Click Protection

IMSVA provides time-of-click protection against malicious URLs in email messages. If you enable Time-of-Click Protection, IMSVA rewrites URLs in email messages for further analysis. Trend Micro analyzes those URLs at the time of click and will block them if they are malicious.

Connected Threat Defense

Configure IMSVA to subscribe to the suspicious object lists on the Trend Micro Control Manager server. Using the Control Manager console, you can specify customized actions for objects detected by the suspicious object lists to provide custom defense against threats identified by endpoints protected by Trend Micro products specific to your environment.

Control Manager facilitates the investigation of targeted attacks and advanced threats using suspicious objects. Files and URLs that have the potential to expose systems to danger or loss will be detected.

DomainKeys Identified Mail (DKIM) signature

IMSVA supports adding DKIM signatures to outgoing email messages. On the IMSVA management console, you can add or delete DKIM signatures and import or export DKIM signature files.

Report delivery through email

IMSVA allows you to send newly generated reports and archived reports through email. Detailed views of reports will be included.

Keyword and expression enhancement

To improve visibility of triggered keywords and expressions, the entity name (where the keyword expression appears in a message) and the matched expressions now appear in the policy event log query details page. Administrators can also add a description to new keyword expressions for better tracking.

Attachment names supported by message tracking logs

Message tracking logs include attachment names as a new attribute. Multiple attachment names can be specified to query message tracking logs.

Logon notice support

Customizable logon notices are available both on the administrator logon page and End-User Quarantine logon page.

Quarantine event summary

IMSVA provides quarantine event logs and reports for users to learn information about quarantine events, for example, the percentage of release events in all the quarantine events.

LDAPS support

IMSVA supports LDAP over SSL (LDAPS) that provides users a secure and encrypted channel to communicate with LDAP servers.

Ransomware detection

IMSVA gives you more visibility on ransomware detected by IMSVA. You can either query ransomware detections in logs or add a widget for ransomware detections on the dashboard.

Virtual Analyzer integration improvement

IMSVA allows you to define rules to send email messages with specified attachment names or extensions to Virtual Analyzer for analysis.