Views:
IMSS processes an ATSE-detected message based on the risk level returned by Virtual Analyzer and the security level that you select on the IMSS management console. Possible scenarios are:
  • If the returned risk level does not match the security level you select, IMSS determines that the message is a clean message.
  • If no risk level is returned, or if the returned risk level is invalid, or if the maximum time allowed for Virtual Analyzer analysis expires, IMSS triggers a Virtual Analyzer scanning exception and logs the detection as a Probable advanced threat (ATSE).
  • If the returned risk level matches the security level you select, IMSS performs specified action and logs the detection as an Analyzed advanced threat (ATSE).
    The following table contains the security levels, the corresponding Virtual Analyzer risk levels, and the actions triggered by IMSS.
    Tip
    Tip
    Trend Micro recommends setting the security level to Low.
    Security Level
    Description
    Risk Level
    High
    Apply action on all messages exhibiting any suspicious behavior
    • High risk
    • Medium risk
    • Low risk
    Medium
    Apply action on messages with a moderate to high probability if being malicious
    • High risk
    • Medium risk
    Low
    Apply action only on messages with a high probability of being malicious
    • High risk