Solved

Trend Micro sending Notifications

Posted on 2014-02-24
2
1,873 Views
Last Modified: 2014-03-11
We are running Trend Micro Worry Free 8.0 on our SBS 2008 server which is scheduled to do a scan of Exchange on Sunday evenings.  Somehow the notification buttons were marked and a ton of our clients received e-mails from us like this because there were passworded Excel files:  

RE: [MailServer Notification][WFBS Security Server: ASK10.ask.local, Messaging Security Agent: ASK10]Security Risk Scan Notification

Protected file has been detected,and Pass has been taken on 2/23/2014 6:26:18.


I turned off the notifications under the scheduled scan area and *hope* that it never happens again but when it does the scheduled scan - does it scan everyone's email boxes (all folders)?  Some of these notifications refer to older files that clients have sent us.

What does Trend scan on Exchange during the "scheduled scans"?

Do I only need to unmark the notifications under Scheduled Scans?
0
Comment
Question by:nancyk2000
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39885457
The scan coverage should be based on the scan option configured e.g. Default Scan, Additional Threat Scan, and Exclusions

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Customize_Your_Scan_Options.htm

To further customise the scan option, you can actually set the Messaging Security Agent (MSA) to take action against Unscannable files. MSA does not support scanning for encrypted or password-protected files. That is why you received the notification

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Using_Advanced_Scan_Options_For_Exchange_Servers.htm#XREF_50469_Advanced_Scan

Furthermore, the Customized action for the detected threats can be configured but do note that under default MSA Settings, Encrypted and Password protected files are handled based on the type of scan which you are under (b)

a) Real-time Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

b) Manual and Scheduled Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/configuring_virus_scanning.htm

For notification configuration, the sender to list is also configurable if I understand correctly such that you will send notification messages to only the selected people.

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Configuring_Notification_Settings.htm#XREF_70149_Notification

Note: Administrators can also disable sending notifications to spoofing senders external recipients.

FYI, I did see something on the exclusion (not recommended) of scan which is out for WFS but more of OfficeScan. I believe there is means to configure the scan exclusion list and that may be useful for taking away those old files etc. There should be equivalent setting in WFS

http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp1_olh/sc_gbl_scan_exclude_ms.html
0
 

Author Closing Comment

by:nancyk2000
ID: 39921528
Solution was for a different version than we use but it helped point me in the right direction - thank you!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Checkpoint Endpoint Managment 3 76
Regedit Register where from, why everyday need to clean them  ? 13 85
Sophos EC migration to Cloud. 1 106
Check a file for virus / malware 24 140
Good afternoon all, We are running a VM infrastructure on a clustered ESX environment with two DELL R710's.  One of our IT Application Support Engineers contacted me and asked if it was possible to extend the partition of a certain Windows 2003 S…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question