Configuring Security Risk Scan Targets

Procedure

1. Go to the Security Risk Scan screen by navigating to one of the following:
   • For Real-time scans: Security Risk Scan
   • For Manual scans: Manual Scan → Security risk scan
   • For Scheduled scans: Scheduled Scan → [Add or Edit] → Security risk scan
2. Go to the Target tab.
   The Target tab displays.
3. Select Enable Advanced Threat Scan Engine to allow ScanMail to perform aggressive scanning for less conventional threats and specify the Scan level.

   Tip Some detected files may be safe. Trend Micro recommends selecting the Quarantine entire message action for suspected threats detected by ATSE. Perform an evaluation on files not sent to Virtual Analyzer to determine the actual threat of the quarantined files. Selecting a higher scan level may result in a greater number of false positives.

4. If you select Enable Advanced Threat Scan Engine, then you can also select Enable Predictive Machine Learning to detect more malware variants using the machine learning technology, and configure the following:
   • Select Enable approved file hash list to skip scanning for the attachments with hashtags on the list.
5. Select one of the following for scanning:
   • All attachment files: ScanMail scans for viruses/malware, worms, Trojans, and other malicious code in all files except unscannable files. Unscannable files are encrypted email messages, encrypted files, password protected files, files that exceed the user-defined scanning restrictions, unsupported or corrupted files. Other malicious code describes previously unknown threat types for which you want to configure a ScanMail action.
   • IntelliScan: IntelliScan uses Trend Micro recommended settings to perform an efficient scan.

     Note There is one key difference between using IntelliScan and performing other scans using ScanMail true file type recognition. ScanMail true file type recognition allows users to define their own selection of files to scan, while IntelliScan always uses the Trend Micro recommended selection of files to scan.

   • Specify file types: Click the link to expand the list and select the files you want ScanMail to scan. These files are "true file types". The scan engine examines the file header rather than the file name to ascertain the actual file type. Or, select to create a list of file extensions by selecting Specify file extensions.

     Note For example: If you click Specify file types and then click Application and executables → Executable (.exe; .dll, .vxd) then ScanMail scans executable, DLL and VXD file types - even when the file has a false file extension name (is labeled .txt when it is actually an .exe). However, if you click Specify file extensions and type .exe, then ScanMail scans only .exe type files. ScanMail does not recognize falsely labeled file types.

6. To scan the message body, select Scan message body.
7. To use IntelliTrap technology, select Enable IntelliTrap.
   For details on IntelliTrap scanning, see IntelliTrap.
8. To scan for spyware/grayware, select Select All for Spyware/Grayware Scan or select from the list.
9. Click Scan Restriction Criteria if performance improvement is required.
   For details on compressed file restrictions, see Security Risk Scan Compressed File Restrictions.

   Tip Trend Micro recommends using scanning restrictions to protect against Denial-of-Service attacks. Denial-of-Service is an attack on a computer or network that causes a loss of 'service', namely a network connection. Typically, Denial-of-Service (DoS) attacks negatively affect network bandwidth or overload computer resources such as memory.

10. Click Save.