Views:
The virus scan criteria allow you to create policy rules that take actions on messages that contain malware, worms, or other malicious code.

Procedure

  1. Click Scanning Criteria.
  2. Specify at least one of the following detection types under the Specify at least one detection type section.
    Option Description
    Cleanable malware or malicious code
    Apply the policy rule to messages or attachments that contain cleanable malware. Cleanable malware are those that can be safely removed from the contents of the infected file, resulting in an uninfected copy of the original message or attachment.
    WARNING
    WARNING
    Selecting Cleanable malware or malicious code as a policy rule criterion, and then selecting a policy rule action other than Delete or Clean, can result in infected messages or attachments entering your messaging environment. By default, Cloud Email Gateway Protection is configured with malware policy rules to appropriately handle threats when it is installed.
    Uncleanables with mass-mailing behavior
    Apply the policy rule to messages that contain uncleanable malware, worms, or other threats that cannot be removed from messages or attachments, and that propagate by mass-mailing copies of themselves.
    Uncleanables without mass-mailing behavior
    Apply the policy rule to messages that contain the following:
    • Spyware
    • Dialers
    • Hacking tools
    • Password cracking applications
    • Adware
    • Joke programs
    • Remote access tools
    • All others
  3. Configure Predictive Machine Learning settings to leverage the Predictive Machine Learning engine to detect emerging unknown security risks.
    1. Select Enable Predictive Machine Learning under the Specify Predictive Machine Learning settings section.
    2. Optionally select the Allow Trend Micro to collect suspicious files to improve its detection capabilities check box.
      Note
      Note
      By default, this option is selected.
      If you enable this option, Trend Micro only checks potentially risky messages and encrypts all content before transferring any information.
  4. Specify advanced settings.
    1. Select Submit suspicious files to Virtual Analyzer and select the security level from the drop-down list to perform further observation and analysis on the submitted files.
      Whether a file is suspicious is determined by the Advanced Threat Scan Engine based on the scan results.
      Virtual Analyzer performs observation and analysis on samples in a closed environment. It takes 3 minutes on average to analyze and identify the risk of a file, and the time could be as long as 30 minutes for some files.
      Note
      Note
      • When an eligible file is contained in another file, such as included in an archive file or embedded in a file, Cloud Email Gateway Protection extracts the file and submits it to Virtual Analyzer.
    2. Select Submit suspicious JSE/VBE files, suspicious files with QR codes, and any files with macros if you want to submit these files to Virtual Analyzer.
      Submitting suspicious files with QR codes helps you detect quishing, which is a type of phishing that uses QR codes to deceive users into visiting malicious websites and revealing sensitive information.
      Note
      Note
      Currently, only suspicious PDF files with QR codes are submitted to Virtual Analyzer.
  5. Click Submit.