Solved

Trend Micro sending Notifications

Posted on 2014-02-24
2
1,965 Views
Last Modified: 2014-03-11
We are running Trend Micro Worry Free 8.0 on our SBS 2008 server which is scheduled to do a scan of Exchange on Sunday evenings.  Somehow the notification buttons were marked and a ton of our clients received e-mails from us like this because there were passworded Excel files:  

RE: [MailServer Notification][WFBS Security Server: ASK10.ask.local, Messaging Security Agent: ASK10]Security Risk Scan Notification

Protected file has been detected,and Pass has been taken on 2/23/2014 6:26:18.


I turned off the notifications under the scheduled scan area and *hope* that it never happens again but when it does the scheduled scan - does it scan everyone's email boxes (all folders)?  Some of these notifications refer to older files that clients have sent us.

What does Trend scan on Exchange during the "scheduled scans"?

Do I only need to unmark the notifications under Scheduled Scans?
0
Comment
Question by:nancyk2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39885457
The scan coverage should be based on the scan option configured e.g. Default Scan, Additional Threat Scan, and Exclusions

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Customize_Your_Scan_Options.htm

To further customise the scan option, you can actually set the Messaging Security Agent (MSA) to take action against Unscannable files. MSA does not support scanning for encrypted or password-protected files. That is why you received the notification

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Using_Advanced_Scan_Options_For_Exchange_Servers.htm#XREF_50469_Advanced_Scan

Furthermore, the Customized action for the detected threats can be configured but do note that under default MSA Settings, Encrypted and Password protected files are handled based on the type of scan which you are under (b)

a) Real-time Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

b) Manual and Scheduled Scan - Pass (When you configure the action to Pass, encrypted files and files that are protected by passwords are passed and the event is not logged)

http://docs.trendmicro.com/all/smb/wfbs-a/v7.0/en-us/wfbs-a_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/configuring_virus_scanning.htm

For notification configuration, the sender to list is also configurable if I understand correctly such that you will send notification messages to only the selected people.

http://docs.trendmicro.com/all/smb/wfbs-s/v7.0/en-us/wfbs-s_7.0_olh/WFBS/Managing_the_Messaging_Security_Agent/Configuring_Notification_Settings.htm#XREF_70149_Notification

Note: Administrators can also disable sending notifications to spoofing senders external recipients.

FYI, I did see something on the exclusion (not recommended) of scan which is out for WFS but more of OfficeScan. I believe there is means to configure the scan exclusion list and that may be useful for taking away those old files etc. There should be equivalent setting in WFS

http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp1_olh/sc_gbl_scan_exclude_ms.html
0
 

Author Closing Comment

by:nancyk2000
ID: 39921528
Solution was for a different version than we use but it helped point me in the right direction - thank you!
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question