Trend Micro ScanMail for Microsoft Exchange Integration

Trend Micro ScanMail for Microsoft Exchange ("ScanMail") protects your Exchange mailbox servers. Once installed, ScanMail can protect your servers from viruses/malware, Trojans, worms, spyware/grayware and malicious URLs. It also sustains business and network integrity by filtering spam messages and messages containing undesirable or unwanted content.

The following features are available on the Cloud App Security management console if ScanMail is registered on Cloud App Security:

  • View and query policy violation logs from one or several ScanMail servers deployed within your organization. (ScanMail 14.0 Patch 2 or later)

  • Manage quarantined email messages on one or several ScanMail servers deployed within your organization. (ScanMail 14.0 Patch 3 or later)

Before Registration

Before you begin the registration, make sure that

  • You have installed ScanMail for Microsoft Exchange 14.0 Patch 2 or later.

  • You have a Customer Licensing Portal (CLP) or Licensing Management Platform (LMP) account to access the Cloud App Security management console.

If you do not have CLP or LMP account, perform the following steps to get an account for a 30-day free trial.

  1. Open the logon page of the Cloud App Security management console based on the country where you want to use the service.

    Country

    Cloud App Security Logon URL

    Serving Site

    For the European region, except the United Kingdom and Ireland

    admin-eu.tmcas.trendmicro.com

    EU

    For the United Kingdom and Ireland

    admin.tmcas.trendmicro.co.uk

    UK

    For Japan

    admin.tmcas.trendmicro.co.jp

    Japan

    For Australia, New Zealand, Fiji, and Papua New Guinea

    admin-au.tmcas.trendmicro.com

    Australia and New Zealand

    For other regions

    admin.tmcas.trendmicro.com

    Global (U.S.)

  2. Click Start Your Free Trial or Contact Reseller and provide the information as required.

    You will receive a confirmation email where you can find your trial account information and your serving site.

Registering a ScanMail Server to Cloud App Security

  1. Generate a registration token on the Cloud App Security management console.
    1. Log on to the Cloud App Security management console using the CLP or LMP account.
    2. Go to Administration > Service Account.
    3. Click Add and then select Exchange Server from the drop-down list.

      A registration token is generated and shown in the table on the screen.

  2. Configure Cloud App Security integration settings on the ScanMail management console, and register to Cloud App Security.
    1. Log on to the management console of the ScanMail server that you want to register with Cloud App Security.
    2. Go to Cloud App Security > Cloud App Security Settings.
    3. In the Cloud App Security Settings section, configure the following:
      • Service URL: Cloud App Security service IP address. Specify the service URL based on your serving site:

        Serving Site

        Service URL

        EU

        api-eu.tmcas.trendmicro.com

        UK

        api.tmcas.trendmicro.co.uk

        Japan

        api.tmcas.trendmicro.co.jp

        Australia and New Zealand

        api-au.tmcas.trendmicro.com

        Global (U.S.)

        api.tmcas.trendmicro.com

      • Registration token: Registration token that you have generated on the Cloud App Security management console in Step 1.

    4. If you need to use a proxy server, select Use a proxy server to connect to Cloud App Security and then configure the following information:
      • Host name or IP address: Proxy server host name or IP address

      • Port: Proxy server port number

      • User name and Password for proxy server authentication

    5. Click Register.
    6. Select Enable Cloud App Security Integration after registration completes.
    7. Click Save.
  3. Optionally replicate the Cloud App Security integration settings to other ScanMail servers that you want to register to Cloud App Security.

    For more information about how to replicate Cloud App Security integration settings to other ScanMail servers, see https://<ScanMail server IP address>:16373/smex/online_help/webhelp/Using-Server-Managem.html.

    Note:

    <ScanMail server IP address> is the IP address of the ScanMail server that you want to apply this feature. Replace <ScanMail server IP address> with the actual server IP address.

  4. Go to the Cloud App Security management console and then navigate to Administration > Service Account.

    The number of ScanMail servers that are successfully registered to Cloud App Security displays under Status.

Viewing Policy Violation Logs on Cloud App Security

  1. In Cloud App Security, go to Logs.
  2. Select Exchange Server under Scan Source from the left area.
  3. Specify search criteria in either of the following ways:
    • Select facets from the left area.

    • Specify facets in the Search bar, select a date range from the Select Date Range drop-down menu, and then click Search.

      This allows you to select one or several facets and specify keywords to query items on a more fine-grained level. For more information about how to query logs, see Searching Logs.

  4. Optionally save and view log data after performing a search.

    For more information about the log details and reports, see Log Options and Reports.

Managing Quarantine Email Messages on Cloud App Security

  1. In Cloud App Security, go to Quarantine.
  2. Select Exchange Server under Service from the left area.
  3. View the email messages quarantined on a ScanMail server or search for the quarantined email messages as necessary.

    For more information about how to search quarantined items, see Searching Quarantine.

    Facet

    Description

    Security Filter

    Security filter that detected a threat in an email message

    Status

    Current status of a quarantined email message violating a policy configured on the corresponding ScanMail server

  4. Select one or several email messages, and then click Restore or Delete to restore or delete them.

    For more information about how to manage the quarantined email messages, see Managing Quarantine.

    Note:

    Download does not apply in this case.

    You can restore or delete an email message on either the Cloud App Security management console or the corresponding ScanMail management console.

    • If an email message is successfully restored or deleted on the ScanMail management console, it will be removed from the quarantine list on the Cloud App Security management console.

    • If an email message is restored or deleted on the Cloud App Security management console, it will be removed from the quarantine list on the Cloud App Security management console. Go to Logs > Type: Quarantine to view the status of the message.

Unregistering a ScanMail Server from Cloud App Security

  1. Log on to the management console of the ScanMail server that you want to unregister from Cloud App Security.
  2. Go to Cloud App Security > Cloud App Security Settings.
  3. Click Unregister and then click OK on the confirmation dialog box.

Deleting the Registration Token

  1. In Cloud App Security, go to Administration > Service Account.
  2. Select the registration token and click Remove.
    Note:

    You can delete the registration token only when no ScanMail server is registered to Cloud App Security.