What's New

Suspicious Objects from Trend Vision One Available in Virus and Spam Scanning

Apart from the suspicious objects from Apex Central, Trend Micro Email Security allows you to leverage the suspicious objects synchronized from Trend Vision One to enhance the capability of detecting suspicious files during virus scanning and suspicious URLs during spam scanning.

For details, see Trend Vision One.

Log Details Enhancements

In Mail Tracking and Policy Event log details, Trend Micro Email Security adds the email header Reply-To and can record the display name in addition to the email address for the headers From, To, and Reply-To.

Support for Returning Delivery Time and Antispam Engine Scan Report in Log-Related REST APIs

In the API for retrieving Mail Tracking logs, Trend Micro Email Security can return the deliveryTime parameter indicating the time at which it sent the email message to the next hop. Moreover, the API for retrieving Policy Event logs can return the spamReport parameter about Antispam Engine scan details.

For details, see "Trend Micro Email Security REST API Online Help".

New Attachment-Based Criteria for Searching Mail Tracking Logs

Trend Micro Email Security allows you to query messages with attachments when searching mail tracking logs. In addition to the SHA256 hash and status of attachments, you can specify the filename and password analysis status of attachments as the search criteria.

For details, see Understanding Mail Tracking.

Display of the Antispam Engine Scan Details in Logs

In the mail tracking logs and policy event logs, Trend Micro Email Security allows you to view the message scan result details from the Antispam Engine.

For details, see Understanding Mail Tracking and Understanding Policy Events.

Visibility of Files Violating Content Filtering in Policy Event Logs

For messages matching the attachment-based scan criteria in content filtering, Trend Micro Email Security shows the specific files that triggered the policy in policy event logs.

For details, see Understanding Policy Events.

IP Address-based Exceptions for DKIM Verification and DMARC Authentication

In addition to domain names, Trend Micro Email Security allows you to specify IP addresses and CIDR blocks as ignored peers to skip DKIM verification or DMARC authentication.

For details, see Adding DKIM Verification Settings and Adding DMARC Settings.

Password Configuration for Quarantined Message Download

To protect your download of quarantined messages with a password, Trend Micro Email Security allows you to use a random password or define your own custom password.

For details, see Querying the Quarantine.

Audit Log Enhancements

In addition to a single account, Trend Micro Email Security allows you to use all accounts as a criterion to search audit logs.

Moreover, audit logs now record administrators' logout from the administrator console and end users' logout from the End User Console.

For details, see Understanding Audit Log.

Outlook Add-in for Reporting Emails

Trend Micro Email Security launches an Outlook add-in that allows your users to report emails to Trend Micro as false positives and false negatives. The reporting helps Trend Micro Email Security provide you with more accurate detection.

For details, see Email Reporting Add-in for Outlook.

Scan Bypass for Trend Micro Phishing Simulations

Trend Micro Email Security provides an option to bypass all inbound protection scans for emails sent from the IP addresses of Trend Micro phishing simulation service. You can configure this feature under Administration > Service Integration.

For details, see Phishing Simulation.

URLs Supported in the Web Reputation Approved List

In addition to domains and IP addresses, Trend Micro Email Security allows you to add URLs to the Web Reputation Approved List to bypass Web Reputation Services, Time-of-Click Protection, and Virtual Analyzer scanning.

For details, see Managing the Web Reputation Approved List.

Detailed Reasons for Actions Supported in Mail Tracking Log Retrieval

When you retrieve mail tracking logs through the REST API, Trend Micro Email Security returns the details about the reasons for specific actions taken on email messages.

For details, see Supported APIs > Logs > List Mail Tracking Logs in the REST API Online Help.

Support for Using the Header Sender to Match Enforced Peers

In addition to envelope sender addresses, Trend Micro Email Security allows you to use the sender address in the message header for matching enforced peers in DKIM and DMARC verification for inbound messages.

For details, see Adding DMARC Settings and Adding DKIM Verification Settings.

Scanning Duration Visibility in Mail Tracking Logs

Trend Micro Email Security displays the time used for Virtual Analyzer scanning and file password analysis in mail tracking logs.

Time Zone Customization in Notifications and Stamps

Trend Micro Email Security allows you to customize the time zone for the %DATE&TIME% token used in notifications for rule match and stamps inserted into the message body.

For details, see Managing Notifications and Managing Stamps.

Support for Multiple Entries in Log Search Boxes

Trend Micro Email Security allows you to specify multiple entries in the search criteria for mail tracking logs and policy event logs.

For details, see Understanding Mail Tracking and Understanding Policy Events.

MTA-STS Support for Outgoing TLS Connections

Trend Micro Email Security supports Mail Transfer Agent - Strict Transport Security (MTA-STS) for outgoing TLS connections.

For details, see Transport Layer Security (TLS) Peers.

Display of File and URL Quota Usage

Trend Micro Email Security allows you to view the number of files and URLs successfully analyzed in the Virtual Analyzer Quota Usage Details chart on the dashboard and in reports.

For details, see Virtual Analyzer Quota Usage Details.

Support for EUC Local Account Management

Trend Micro Email Security allows you to manage EUC local accounts from a centralized location on the administrator console.

For details, see Local Accounts.

More Secure Password Reset for Administrators

Trend Micro Email Security uses verification codes in place of simple CAPTCHAs to verify administrators when they reset passwords on the administrator console.

For details, see Resetting Local Account Passwords.

More Secure Registration and Password Reset for End Users

Trend Micro Email Security uses verification codes in place of security questions and simple CAPTCHAs to verify end users during account registration and password reset on the End User Console.

For details, see "Registering Your Account" and "Resetting Your Password" in the "Local Account Management" chapter of the End User Console Online Help.

Blank Message Body Detection

Trend Micro Email Security enhances content filtering policies to detect and take action on messages with a blank body.

For details, see Using Body Is Blank Criteria.

Quarantined Message Download in Encrypted ZIP Package

In addition to the original email file, Trend Micro Email Security provides another option for downloading a quarantined message: a password-protected ZIP file.

For details, see Querying the Quarantine.

Removal of Mobile Number from Contact Information

Trend Micro Email Security removes the mobile number from the administrator's contact information on the administrator console. It's no longer necessary to provide your mobile number during provisioning and profile configuration.

Spoofing Detection Enhancement

As a supplement to the existing spoofing detection methods, Trend Micro Email Security adds anti-spoofing checks on the envelope sender and message header sender in content filtering.

For details, see Configuring Content Filtering Criteria.

Support for Multiple Entries in Quarantine Search Boxes

Trend Micro Email Security allows you to specify multiple senders, recipients, and reasons when searching for quarantined messages.

For details, see Querying the Quarantine.

More Granular Quarantine Permission Control

When you assign the read-only quarantine permissions to a subaccount, Trend Micro Email Security allows you to control whether to include the permissions for viewing quarantined message details and downloading quarantined messages.

For details, see Adding and Configuring a Subaccount.

More Granular True File Type Detection for Microsoft Office Files

Trend Micro Email Security allows you to separately control true file type detection for Microsoft Office 97-2003 files (such as .doc, .ppt, .xls) and Microsoft Office files of later versions (such as .docx, .pptx, .xlsx).

For details, see Using Attachment True File Type Criteria.

Reverse DNS Validation

Trend Micro Email Security supports reverse DNS validation at the connection setup stage by performing PTR record lookup based on the email sending IP address. Besides, administrators can configure a list of blocked PTR domains to directly reject email messages from them.

For details, see Managing Reverse DNS Validation.

Sender Filter Enhancement

Trend Micro Email Security redesigned the Sender Filter feature under Inbound Protection by providing the following enhancements:

• Supporting more wildcard formats in approved or blocked sender addresses.

• Allowing you to apply approved or blocked senders to all recipients in your organization.

• Synchronizing approved or blocked sender lists between the administrator console and End User Console so that administrators can manage the approved or blocked senders added from the End User Console or quarantine digest mails.

For details, see Managing Sender Filter.

New Account Type: Superadmin Account

Trend Micro Email Security introduces a new local account type, namely superadmin account, to ease the administrative burden of the Trend Micro Business Account. Superadmin accounts have all administrative permissions inherited from the Business Account and can perform actions on behalf of the Business Account when necessary.

For details, see Account Management.

Support for Attaching the Original Message in Notifications for All Policy Violation Detections

In addition to writing style analysis detection, Trend Micro Email Security provides an option to attach the original message in notifications for all policy violation detections.

For details, see Managing Notifications.

Mail Tracking Log Enhancement

For deleted or delivered quarantined messages, Trend Micro Email Security enables you to check from mail tracking logs who took the action and the time when the action was completed.

Log Export Enhancement

Trend Micro Email Security now can export all queried mail tracking logs and policy event logs to CSV files from the log result page.

For details, see Understanding Mail Tracking and Understanding Policy Events.

IP-based Control of Access to Trend Micro Email Security

IP-based access control is available to restrict access to Trend Micro Email Security. With this feature enabled, Trend Micro Email Security verifies the IP address from which the access request originates, and takes the preconfigured actions if the request originates from an unapproved IP address.

For details, see Logon Access Control.

Quarantine Digest Template Enhancement

Trend Micro Email Security enhances its quarantine digest template by refining template text and providing a new token for your use.

For details, see Adding or Editing a Digest Template.

Support for Authenticated Received Chain (ARC)

Trend Micro Email Security adds support for ARC in DMARC authentication. If ARC is enabled and an ARC chain is present and validated, some legitimate messages that fail DMARC authentication due to intermediate processing will pass the authentication.

For details, see Domain-based Message Authentication, Reporting & Conformance (DMARC).

Policy Event Log Enhancement

Trend Micro Email Security enhances its policy event logs by providing more details about Virtual Analyzer scan exceptions.

Email Attachment Sanitizing

Trend Micro Email Security supports email attachment sanitizing for both incoming and outgoing messages. When configuring a content filtering policy, you can choose whether to set actions specifically for email messages that contain active content such as macros in Microsoft Office attachments.

For details, see Sanitizing Attachments.

Layout Optimization for Quarantine Digest Notifications

Trend Micro Email Security is optimized to make the layout for quarantine digest notifications more mobile-friendly.

Stamp Enhancement

Trend Micro Email Security further supports HTML stamps besides already supported plain text stamps. You can customize HTML stamps based on predefined styles, and view an automatic plain text version of the customized stamps in real time.

For details, see Managing Stamps.

Quarantined Message Management Enhancement

Trend Micro Email Security allows you to configure settings for end users to view quarantined messages and take action on the End User Console and in the quarantine digest notifications. In addition, quarantined message query is optimized to provide a reasonable and consistent user experience.

For details, see Configuring End User Quarantine Settings.

Support for Wildcard Domain in Address Groups

Trend Micro Email Security supports wildcard domains for email addresses in hybrid address groups. In addition, when you search for address groups by email address, wildcard search is used instead of partial search.

For details, see Managing Address Groups.

Keyword Expression Test Support

Trend Micro Email Security now enables you to test the keyword expression functionality when you add a new keyword expression.

For details, see Adding Keyword Expressions

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search mail tracking logs by sender IP address and destination IP address.

For details, see Understanding Mail Tracking.

Keyword Expression Enhancement

Trend Micro Email Security is enhanced to add another match condition to the Keywords and Expressions feature under Administration > Policy Objects. With this enhancement, Trend Micro Email Security will trigger actions when the combined score of all matched keyword expressions reaches the specified threshold.

For details, see Adding Keyword Expressions.

Redirect Page Customization Support for Time-of-Click Protection

Trend Micro Email Security enhances Time-of-Click Protection settings by allowing you to customize redirect pages for suspicious, dangerous, and untested URLs in inbound messages. The redirect page customization settings apply to incoming messages of the entire organization.

For details, see Configuring Time-of-Click Protection Settings.

High Profile Domains

Trend Micro Email Security allows you to add high profile domains, for example, your partners' domains or domains of famous brands, to leverage the improved Trend Micro Antispam Engine to detect cousin domains. A cousin domain looks deceptively similar to a legitimate target domain and is often used in phishing attacks to steal sensitive or confidential information from users.

For details, see High Profile Domains.

Renaming from "Business Email Compromise (BEC)" to "High Profile Users"

With the launch of the High Profile Domains feature, Trend Micro Email Security renames the Business Email Compromise (BEC) menu under Inbound Protection to High Profile Users to provide a more accurate description of the feature.

Support for Enabling/Disabling Log Retrieval

Trend Micro Email Security allows you to decide whether to retrieve policy event logs and mail tracking logs via REST APIs for third-party SIEM application integration.

For details, see Log Retrieval.

File Password Analysis Result Visibility in Mail Tracking Logs

Trend Micro Email Security shows the password analysis result of email attachments in mail tracking logs.

Support for %HEADERS%

Trend Micro Email Security now supports the %HEADERS% token, which will be replaced with message headers in stamps and notification body.

DNS-Based Authentication of Named Entities (DANE) Support for Outgoing TLS Connections

Trend Micro Email Security now supports DANE for outgoing TLS connections.

For details, see Transport Layer Security (TLS) Peers.

SPF Action Enhancement

For details, see Adding SPF Settings.

License Information Optimization

Trend Micro Email Security is optimized to show all the licenses that you have purchased under Administration > License Information. In addition, a grace end date is provided in the license information.

Organization-Level Policy

Trend Micro Email Security is enhanced to allow you to create inbound and outbound protection policies at the organization level. These policies automatically apply to all domains in your organization including the new ones added in the future. Organization-level policies make policy management easier than otherwise.

For details, see Configuring Policies.

Predictive Machine Learning Support in Outbound Protection

Trend Micro Email Security adds support for Predictive Machine Learning in outbound protection, allowing you to specify Predictive Machine Learning settings in virus scan rules.

Syslog Enhancement

In addition to detection logs, audit logs and mail tracking logs, Trend Micro Email Security can now forward URL click tracking logs to syslog servers.

Quarantine Digest Template Enhancement

For details, see Adding or Editing a Digest Template.

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search policy event logs by message header address and threat name, and search mail tracking logs by message header address.

For details, see Understanding Mail Tracking and Understanding Policy Events.