[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Trend Micro sending Notifications

Posted on 2014-02-24
2
Medium Priority
?
2,117 Views
Last Modified: 2014-03-11
We are running Trend Micro Worry Free 8.0 on our SBS 2008 server which is scheduled to do a scan of Exchange on Sunday evenings.  Somehow the notification buttons were marked and a ton of our clients received e-mails from us like this because there were passworded Excel files:  

RE: [MailServer Notification][WFBS Security Server: ASK10.ask.local, Messaging Security Agent: ASK10]Security Risk Scan Notification

Protected file has been detected,and Pass has been taken on 2/23/2014 6:26:18.


I turned off the notifications under the scheduled scan area and *hope* that it never happens again but when it does the scheduled scan - does it scan everyone's email boxes (all folders)?  Some of these notifications refer to older files that clients have sent us.

What does Trend scan on Exchange during the "scheduled scans"?

Do I only need to unmark the notifications under Scheduled Scans?
0
Comment
Question by:nancyk2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 39885457
The scan coverage should be based on the scan option configured e.g. Default Scan, Additional Threat Scan, and Exclusions

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Customize_Your_Scan_Options.htm

To further customise the scan option, you can actually set the Messaging Security Agent (MSA) to take action against Unscannable files. MSA does not support scanning for encrypted or password-protected files. That is why you received the notification

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Using_Advanced_Scan_Options_For_Exchange_Servers.htm#XREF_50469_Advanced_Scan

Furthermore, the Customized action for the detected threats can be configured but do note that under default MSA Settings, Encrypted and Password protected files are handled based on the type of scan which you are under (b)

a) Real-time Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

b) Manual and Scheduled Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/configuring_virus_scanning.htm

For notification configuration, the sender to list is also configurable if I understand correctly such that you will send notification messages to only the selected people.

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Configuring_Notification_Settings.htm#XREF_70149_Notification

Note: Administrators can also disable sending notifications to spoofing senders external recipients.

FYI, I did see something on the exclusion (not recommended) of scan which is out for WFS but more of OfficeScan. I believe there is means to configure the scan exclusion list and that may be useful for taking away those old files etc. There should be equivalent setting in WFS

http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp1_olh/sc_gbl_scan_exclude_ms.html
0
 

Author Closing Comment

by:nancyk2000
ID: 39921528
Solution was for a different version than we use but it helped point me in the right direction - thank you!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question