?
Solved

Trend Micro sending Notifications

Posted on 2014-02-24
2
Medium Priority
?
2,064 Views
Last Modified: 2014-03-11
We are running Trend Micro Worry Free 8.0 on our SBS 2008 server which is scheduled to do a scan of Exchange on Sunday evenings.  Somehow the notification buttons were marked and a ton of our clients received e-mails from us like this because there were passworded Excel files:  

RE: [MailServer Notification][WFBS Security Server: ASK10.ask.local, Messaging Security Agent: ASK10]Security Risk Scan Notification

Protected file has been detected,and Pass has been taken on 2/23/2014 6:26:18.


I turned off the notifications under the scheduled scan area and *hope* that it never happens again but when it does the scheduled scan - does it scan everyone's email boxes (all folders)?  Some of these notifications refer to older files that clients have sent us.

What does Trend scan on Exchange during the "scheduled scans"?

Do I only need to unmark the notifications under Scheduled Scans?
0
Comment
Question by:nancyk2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1500 total points
ID: 39885457
The scan coverage should be based on the scan option configured e.g. Default Scan, Additional Threat Scan, and Exclusions

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Customize_Your_Scan_Options.htm

To further customise the scan option, you can actually set the Messaging Security Agent (MSA) to take action against Unscannable files. MSA does not support scanning for encrypted or password-protected files. That is why you received the notification

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Using_Advanced_Scan_Options_For_Exchange_Servers.htm#XREF_50469_Advanced_Scan

Furthermore, the Customized action for the detected threats can be configured but do note that under default MSA Settings, Encrypted and Password protected files are handled based on the type of scan which you are under (b)

a) Real-time Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

b) Manual and Scheduled Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/configuring_virus_scanning.htm

For notification configuration, the sender to list is also configurable if I understand correctly such that you will send notification messages to only the selected people.

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Configuring_Notification_Settings.htm#XREF_70149_Notification

Note: Administrators can also disable sending notifications to spoofing senders external recipients.

FYI, I did see something on the exclusion (not recommended) of scan which is out for WFS but more of OfficeScan. I believe there is means to configure the scan exclusion list and that may be useful for taking away those old files etc. There should be equivalent setting in WFS

http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp1_olh/sc_gbl_scan_exclude_ms.html
0
 

Author Closing Comment

by:nancyk2000
ID: 39921528
Solution was for a different version than we use but it helped point me in the right direction - thank you!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question