Trend Micro web reputation technology
helps break the infection chain by assigning websites a "reputation" based on an
assessment of the trustworthiness of a URL, derived from an analysis of the domain.
Web reputation protects against web-based threats including zero-day attacks, before
they reach the network. Trend Micro web
reputation technology tracks the lifecycle of hundreds of millions of web domains,
extending proven Trend Micro antispam
protection to the Internet.
The Web reputation criteria are configured to prevent access
to malicious URLs in email messages.
NoteWeb reputation also scans the QR codes in the body of an email or in an attached
image file in the format of JPG, PNG, GIF, or BMP.
|
Procedure
- Click Scanning Criteria.
- Select and click Web reputation.The Web Reputation Settings screen appears.
- Complete web reputation security settings.
- Select a baseline web reputation catch rate from the
Security level drop-down list:
-
Lowest (most conservative)
-
Low
-
Moderately low
-
Moderately high (the default setting)
-
High
-
Highest (most aggressive)
-
- Optionally select Take action on messages containing URLs
that have not been tested by Trend Micro to block
websites that might pose threats.
Note
Web pages change frequently, and it is difficult to find data or follow a link after the underlying page is modified. Such websites are usually used as vehicles for transporting malware and carrying out phishing attacks.If you select this check box, Trend Micro Email Security will take actions on all email messages containing URLs that have not been tested by Trend Micro. These URLs might include some legitimate URLs.
- Select a baseline web reputation catch rate from the
Security level drop-down list:
- Under Virtual Analyzer, do the following:
Note
These settings are not included in the Trend Micro Email Security Standard license.For details about different license versions, see Available license versions.- Select Submit URLs to Virtual Analyzer.
- Select a security level from the drop-down list to perform further
observation and analysis on the submitted URLs.Virtual Analyzer performs observation and analysis on samples in a closed environment. It takes 3 minutes on average to analyze and identify the risk of a URL, and the time could be as long as 30 minutes for some URLs.
Note
There is a submission quota limiting the number of URLs that can be sent to Virtual Analyzer within 24 hours. The quota is calculated based on a 24-hour sliding window as follows:URL submission quota = Seat count * 8For example, if you have 1,000 seats, a total of 8,000 URLs can be submitted to Virtual Analyzer for analysis within 24 hours. Note that the submission quota mentioned here is subject to change without notice.In addition, the following cases will not be taken into account for quota measurement:-
Samples hit the local or cloud cache.
-
Sample URLs are unreachable.
-
Other unexpected scan exceptions.
Once the quota is used up, no more URLs can be sent to Virtual Analyzer. Nevertheless, the quota will be restored as the 24-hour sliding window moves forward.You can configure scan exception actions for the URL submissions over quota. For details, see Configuring "scan exceptions" actions. -
- Under Time-of-Click Protection, do the following:
- Select Enable Time-of-Click Protection and click
one of the following:
-
Apply to URLs that have not been tested by Trend Micro
-
Apply to URLs marked by Web Reputation Services as possible security risks
-
Apply to all URLs
Note
Time-of-Click Protection is available only in inbound protection.Web Reputation Services mark URLs as possible security risks if the URLs host or redirect to malicious files. For example, untested websites, file sharing websites and shortened URLs are marked as possible security risks. -
- Optionally select Apply to URLs in digitally signed
messages if necessary.
Note
Enabling Time-of-Click Protection for digitally signed messages is not recommended because digital signatures might be destroyed.
- Select Enable Time-of-Click Protection and click
one of the following:
- Select Enable the Web Reputation Approved List to
exclude URLs matching the specified domains or IP addresses from Web Reputation,
Time-of-Click Protection, and Virtual Analyzer scanning.
Note
To manage the Web Reputation Approved List, navigate to the following path:For details, see Managing the Web Reputation approved list. - Optionally select Enable the URL keyword exception list
to exclude URLs containing specified keywords from both Time-of-Click Protection
and Virtual Analyzer scanning.
Note
To manage the URL keyword exception list, navigate to the following path:The protocol and domain parts of an URL will not be used for keyword match.For details, see Managing the URL keyword exception list. - Click Save.