Solved

Trend Micro sending Notifications

Posted on 2014-02-24
2
1,789 Views
Last Modified: 2014-03-11
We are running Trend Micro Worry Free 8.0 on our SBS 2008 server which is scheduled to do a scan of Exchange on Sunday evenings.  Somehow the notification buttons were marked and a ton of our clients received e-mails from us like this because there were passworded Excel files:  

RE: [MailServer Notification][WFBS Security Server: ASK10.ask.local, Messaging Security Agent: ASK10]Security Risk Scan Notification

Protected file has been detected,and Pass has been taken on 2/23/2014 6:26:18.


I turned off the notifications under the scheduled scan area and *hope* that it never happens again but when it does the scheduled scan - does it scan everyone's email boxes (all folders)?  Some of these notifications refer to older files that clients have sent us.

What does Trend scan on Exchange during the "scheduled scans"?

Do I only need to unmark the notifications under Scheduled Scans?
0
Comment
Question by:nancyk2000
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
The scan coverage should be based on the scan option configured e.g. Default Scan, Additional Threat Scan, and Exclusions

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Customize_Your_Scan_Options.htm

To further customise the scan option, you can actually set the Messaging Security Agent (MSA) to take action against Unscannable files. MSA does not support scanning for encrypted or password-protected files. That is why you received the notification

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Using_Advanced_Scan_Options_For_Exchange_Servers.htm#XREF_50469_Advanced_Scan

Furthermore, the Customized action for the detected threats can be configured but do note that under default MSA Settings, Encrypted and Password protected files are handled based on the type of scan which you are under (b)

a) Real-time Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

b) Manual and Scheduled Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/configuring_virus_scanning.htm

For notification configuration, the sender to list is also configurable if I understand correctly such that you will send notification messages to only the selected people.

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Configuring_Notification_Settings.htm#XREF_70149_Notification

Note: Administrators can also disable sending notifications to spoofing senders external recipients.

FYI, I did see something on the exclusion (not recommended) of scan which is out for WFS but more of OfficeScan. I believe there is means to configure the scan exclusion list and that may be useful for taking away those old files etc. There should be equivalent setting in WFS

http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp1_olh/sc_gbl_scan_exclude_ms.html
0
 

Author Closing Comment

by:nancyk2000
Comment Utility
Solution was for a different version than we use but it helped point me in the right direction - thank you!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now