Configuring Web Reputation Criteria

Trend Micro web reputation technology helps break the infection chain by assigning websites a "reputation" based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain. Web reputation protects against web-based threats including zero-day attacks, before they reach the network. Trend Micro web reputation technology tracks the lifecycle of hundreds of millions of web domains, extending proven Trend Micro anti-spam protection to the Internet.

The Web reputation criteria are configured to prevent access to malicious URLs in email messages.

Note:

Hosted Email Security does not apply content-based heuristic spam, BEC, phishing, graymail, Web reputation, or social engineering attack rules to email messages received from email addresses and domains listed on the Approved Senders screen.

  1. Select Message detected as.
  2. Select Web reputation.
  3. Click Web reputation.

    The Web Reputation Settings screen appears.

  4. Select a baseline web reputation catch rate from the Security level drop-down list:

    • Lowest (most conservative)

    • Low

    • Moderately low

    • Moderately high (the default setting)

    • High

    • Highest (most aggressive)

  5. Optionally select Detect URLs that have not been tested by Trend Micro to block websites that might pose threats.
    Note:

    Web pages change frequently, and it is difficult to find data or follow a link after the underlying page is modified. Such websites are usually used as vehicles for transporting malware and carrying out phishing attacks.

    If you select this check box, Hosted Email Security will block all the URLs that have not been tested by Trend Micro, which might include some legitimate URLs.

  6. Under Time-of-Click Protection, select Enable Time-of-Click Protection and click one of the following:

    • Apply to URLs that have not been tested by Trend Micro

    • Apply to URLs marked by Web Reputation Services as possible security risks

    • Apply to all URLs

    Note:

    Time-of-Click Protection is available only in inbound protection.

    Web Reputation Services mark URLs as possible security risks if the URLs host or redirect to malicious files. For example, untested websites, file sharing websites and shortened URLs are marked as possible security risks.

  7. Optionally select Apply to URLs in digitally signed messages if necessary.
    Note:

    Enabling Time-of-Click Protection for digitally signed messages is not recommended because digital signatures might be destroyed.

  8. Select Enable the Web Reputation Approved List to prevent Hosted Email Security from scanning and blocking domains or IP addresses included in the Web Reputation Approved List.
    Note:

    To manage the Web Reputation Approved List, navigate to either of the following paths:

    • Inbound Protection > Policy Objects > Web Reputation Approved List

    • Outbound Protection > Policy Objects > Web Reputation Approved List

    For details, see Managing the Web Reputation Approved List.

  9. Click Save.
Parent topic: About Rule Scanning Criteria