Configuring Macro Scanning

Procedure

1. Go to the Security Risk Scan screen by navigating to one of the following:
   • For Real-time scans: Security Risk Scan → Action
   • For Manual scans: Manual Scan → Security risk scan → Action
   • For Scheduled scans: Scheduled Scan → [Add or Edit] → Security risk scan → Action
2. Click Advanced Options and then click Macros.
3. Select Enable advanced macro scan.
4. Select a detection type:
   1. Select Heuristic level and configure a level for the heuristic rules.
      • Level 1 uses the most specific criteria, but detects the least macro codes.
      • Level 4 detects the most macro codes, but uses the least specific criteria and may falsely identify safe macro code as harboring malicious macro code.

      Tip Trend Micro recommends a heuristic scan level of 2. This level provides a high detection level for unknown macro viruses, a fast scanning speed, and it uses only the necessary rules to check for macro virus/malware strings. Level 2 also has a low level of falsely identifying malicious code in safe macro code.

   2. Select Delete all macros detected by advanced macro scan to have ScanMail delete all of the macro codes that it detects.
   3. Specify the email messages in which the detected macro codes will be deleted:
   • All messages: Select to delete all macro codes detected by advanced macro scan in all messages.
   • Inbound messages: Select to delete all macro codes detected by advanced macro scan only in inbound messages.
5. Click Save.