Configuring Web Reputation Criteria

Trend Micro web reputation technology helps break the infection chain by assigning websites a "reputation" based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain. Web reputation protects against web-based threats including zero-day attacks, before they reach the network. Trend Micro web reputation technology tracks the lifecycle of hundreds of millions of web domains, extending proven Trend Micro antispam protection to the Internet.

The Web reputation criteria are configured to prevent access to malicious URLs in email messages.

  1. Click Scanning Criteria.
  2. Select and click Web reputation.

    The Web Reputation Settings screen appears.

  3. Complete web reputation security settings.
    1. Select a baseline web reputation catch rate from the Security level drop-down list:
      • Lowest (most conservative)

      • Low

      • Moderately low

      • Moderately high (the default setting)

      • High

      • Highest (most aggressive)

    2. Optionally select Take action on messages containing URLs that have not been tested by Trend Micro to block websites that might pose threats.
      Note:

      Web pages change frequently, and it is difficult to find data or follow a link after the underlying page is modified. Such websites are usually used as vehicles for transporting malware and carrying out phishing attacks.

      If you select this check box, Trend Micro Email Security will take actions on all email messages containing URLs that have not been tested by Trend Micro. These URLs might include some legitimate URLs.

  4. Under Virtual Analyzer, do the following:
    Note:

    These settings are not included in the Trend Micro Email Security Standard license.

    For details about different license versions, see Available License Versions.

    1. Select Submit URLs to Virtual Analyzer.
    2. Select a security level from the drop-down list to perform further observation and analysis on the submitted URLs.

      Virtual Analyzer performs observation and analysis on samples in a closed environment. It takes 3 minutes on average to analyze and identify the risk of a URL, and the time could be as long as 30 minutes for some URLs.

      Note:

      There is a submission quota limiting the number of URLs that can be sent to Virtual Analyzer within 24 hours. The quota is calculated based on a 24-hour sliding window as follows:

      URL submission quota = Seat count * 4

      For example, if you have 1,000 seats, a total of 4,000 URLs can be submitted to Virtual Analyzer for analysis within 24 hours. Note that the submission quota mentioned here is subject to change without notice.

      In addition, the following cases will not be taken into account for quota measurement:

      • Samples hit the local or cloud cache.

      • Sample URLs are unreachable.

      • Other unexpected scan exceptions.

      Once the quota is used up, no more URLs can be sent to Virtual Analyzer. Nevertheless, the quota will be restored as the 24-hour sliding window moves forward.

      You can configure scan exception actions for the URL submissions over quota. For details, see Configuring "Scan Exceptions" Actions.

  5. Under Time-of-Click Protection, do the following:
    1. Select Enable Time-of-Click Protection and click one of the following:
      • Apply to URLs that have not been tested by Trend Micro

      • Apply to URLs marked by Web Reputation Services as possible security risks

      • Apply to all URLs

      Note:

      Time-of-Click Protection is available only in inbound protection.

      Web Reputation Services mark URLs as possible security risks if the URLs host or redirect to malicious files. For example, untested websites, file sharing websites and shortened URLs are marked as possible security risks.

    2. Optionally select Apply to URLs in digitally signed messages if necessary.
      Note:

      Enabling Time-of-Click Protection for digitally signed messages is not recommended because digital signatures might be destroyed.

  6. Select Enable the Web Reputation Approved List to prevent Trend Micro Email Security from scanning and blocking domains or IP addresses included in the Web Reputation Approved List.
    Note:

    To manage the Web Reputation Approved List, navigate to the following path:

    Administration > Policy Objects > Web Reputation Approved List

    For details, see Managing the Web Reputation Approved List.

  7. Optionally select Enable the URL keyword exception list to exclude URLs containing specified keywords from both Time-of-Click Protection and Virtual Analyzer scanning.
    Note:

    To manage the URL keyword exception list, navigate to the following path:

    Administration > Policy Objects > URL Keyword Exception List

    For details, see Managing the URL Keyword Exception List.

  8. Click Save.