What's new

Extended Audit Log Query Period

Trend Micro Email Security now allows administrators to query audit logs retained for up to 180 days, instead of the previous 30 days.

Quarantined Email Preview Enhancement in Quarantine Digest, End User Console, and Quarantine Query Details

Trend Micro Email Security now supports enabling quarantined email preview in quarantine digest templates. This feature allows administrators to decide whether end users can preview quarantined emails in quarantine digests. The quarantine digest preview supports inline actions for improved user interaction, including options to deliver emails or approve senders.

Additionally, enhancements are also made to allow end users and administrators to view HTML-rendered email content in the End User Console or the Quarantine Query Details screen.

Anomaly Detection with Predefined Correlation Rules in Correlated Intelligence

In addition to detecting security risks, Correlated Intelligence in Trend Micro Email Security now supports detecting anomalies that deviate from normal behaviors and may require your attention. Based on the organization’s security needs, administrators can enable all or partial predefined correlation rules at three levels of aggressiveness and apply the rules to detect anomalies in Correlated Intelligence policy.

Email Recovery for Deleted Emails

Trend Micro Email Security provides Email Recovery to retain emails marked for deletion for 14 days. This allows for restoration of emails that were mistakenly deleted before they are permanently purged, which helps ensure your business continuity and reduce the risk of data loss.

URL Information Available in Forwarded Syslog Messages

Trend Micro Email Security enhances syslog forwarding by including URLs embedded in emails within the mail tracking syslog messages.

Correlated Intelligence for Inbound Email Threat Detection

Trend Micro Email Security launches the Correlated Intelligence policy rules for Inbound Protection that can correlate the suspicious signals found across different scanning criteria (such as Virus Scan and Spam Filtering) to enrich threat detection for email services. With Correlated Intelligence capabilities, Trend Micro Email Security also provides the reasons why an email is detected as a threat.

Improved Inline Action Process in Quarantine Digest Notifications

When end users click an inline action link in the quarantine digest notification, they're prompted to confirm on a dedicated page. This extra step ensures that actions are only taken with end users’ explicit consent, preventing unexpected access during notification transmission.

More Granular Security Checks for Approved Senders

Trend Micro Email Security adds Bypass Checks for approved senders in Sender Filter Settings. This allows you to determine which scanning criteria in Connection Filtering and Spam Filtering policies you want to apply on emails from approved senders.

More Granular Analysis Results for DMARC Reports

Trend Micro Email Security allows you to view your DMARC report data by sending source, including email service, hostname, and IP address. Besides, the solution now presents more details from raw DMARC reports in a readable format, enabling you to quickly drill down and identify the threats.

Notification Enhancement

Trend Micro Email Security now supports HTML format for system notifications. You can select either predefined or custom style for HTML notifications.

Descriptions Added to Email Addresses in Address Groups

Due to enhancements in policy object features, you may now add descriptions for email addresses in address groups. Use email address descriptions to help better identify and manage email addresses.

Threat Name Auto-Suggest for Policy Event Log Searches

To speed up your search for policy event logs using threat names, Trend Micro Email Security automatically displays the popular threats or top threats detected in your environment, such as quishing.

Support for Inserting an X-Header to Messages Matching Scan Exceptions

Trend Micro Email Security allows you to leverage the action "Insert X-Header" for messages matching scan exceptions in virus scan to meet your specific needs, for example, identify the specific scan exception for subsequent processing.

Granular Log Search for IP Block List Matching

When searching the mail tracking logs for mail traffic blocked due to IP block list matching, Trend Micro Email Security allows you to conduct more granular search by separately filtering for sender IPs found in the Blocked IP Address list and the Blocked Country/Region list.

Quishing Detection for PDF

In addition to detect quishing by scanning the QR code images attached or in the email body, Trend Micro Email Security now supports quishing detection for PDF attachments after you have enabled submission of suspicious files with QR codes to Virtual Analyzer.

DMARC Report Analysis

Trend Micro Email Security supports analyzing the DMARC reports for your managed domains. With the report analysis results, you can easily monitor trends and identify anomalies in emails sent on behalf of your managed domains.

DKIM Signatures in Email Notifications and Reports

To enhance DKIM email authentication, Trend Micro Email Security includes DKIM signatures in email notifications and reports for configured managed domains and all default system domains.

Search by Domain Name

Trend Micro Email Security supports searching for domains added to the Domain screen.

Enhancements on Data Loss Prevention

Trend Micro Email Security optimizes some data identifiers and compliance templates to provide more accurate detection of unauthorized data transmission.

DMARC Monitoring

Trend Micro Email Security provides you visibility of the DMARC record setup for your domains, including the SPF and DKIM record setup. You can easily identify missing configurations for implementing DMARC and understand the current DMARC policy setting for domains.

For details, see Monitoring DMARC setup.

Sender Blocking Leveraging Suspicious Objects from Trend Vision One

In addition to files and URLs, Trend Micro Email Security can synchronize the sender addresses configured with the “Block/Quarantine” action from the Suspicious Object List in Trend Vision One. Messages from the synchronized sender addresses are directly blocked.

For details, see Configuring suspicious object settings.

Detection of Email Messages with Unusual Signals

Trend Micro Email Security can identify and take action on email messages that show any unusual signal indicating possible threats, such as emails from unfamiliar senders with payment related information.

For details, see Configuring unusual signal criteria.

Official launch of the new administrator console

Trend Micro Email Security officially launches its new administrator console to provide users a modern and improved experience, with all the existing features unchanged. You can click the icon in the upper-right corner to go back to the old-style console.

Minimum TLS Version for Message Delivery

To further enhance the security of TLS-based communication with a peer, Trend Micro Email Security allows you to specify the minimum TLS version that the TLS peer must use for successful message delivery.

For details, see Adding domain TLS peers.

Submission of Specified Files Types to Virtual Analyzer

Instead of submitting only suspicious files to Virtual Analyzer, Trend Micro Email Security allows you to submit all files of specified types so that possible risks contained in such file types can be caught by Virtual Analyzer.

For details, see Configuring virus scan criteria.

More Granular DNS Record Statuses for DKIM Signing

For the DNS records published for DKIM signing, Trend Micro Email Security shows not only whether they have been published, but also whether the records have taken effect and are ready for signing.

For details, see Adding DKIM signing settings and Editing DKIM signing settings.

Visibility of Email Risks Reported by End Users

In Mail Tracking logs, Trend Micro Email Security allows you to search for and view the messages that have been reported by end users as spam, phishing, or not a risk through the Email Reporting add-in.

For details, see Understanding mail tracking.

Suspicious Objects from Trend Vision One Available in Virus and Spam Scanning

Apart from the suspicious objects from Apex Central, Trend Micro Email Security allows you to leverage the suspicious objects synchronized from Trend Vision One to enhance the capability of detecting suspicious files during virus scanning and suspicious URLs during spam scanning.

For details, see Trend Vision One.

Log Details Enhancements

In Mail Tracking and Policy Event log details, Trend Micro Email Security adds the email header Reply-To and can record the display name in addition to the email address for the headers From, To, and Reply-To.

Support for Returning Delivery Time and Antispam Engine Scan Report in Log-Related REST APIs

In the API for retrieving Mail Tracking logs, Trend Micro Email Security can return the deliveryTime parameter indicating the time at which it sent the email message to the next hop. Moreover, the API for retrieving Policy Event logs can return the spamReport parameter about Antispam Engine scan details.

For details, see "Trend Micro Email Security REST API Online Help".

New Attachment-Based Criteria for Searching Mail Tracking Logs

Trend Micro Email Security allows you to query messages with attachments when searching mail tracking logs. In addition to the SHA256 hash and status of attachments, you can specify the filename and password analysis status of attachments as the search criteria.

For details, see Understanding mail tracking.

Display of the Antispam Engine Scan Details in Logs

In the mail tracking logs and policy event logs, Trend Micro Email Security allows you to view the message scan result details from the Antispam Engine.

For details, see Understanding mail tracking and Understanding policy events.

Visibility of Files Violating Content Filtering in Policy Event Logs

For messages matching the attachment-based scan criteria in content filtering, Trend Micro Email Security shows the specific files that triggered the policy in policy event logs.

For details, see Understanding policy events.

IP Address-based Exceptions for DKIM Verification and DMARC Authentication

In addition to domain names, Trend Micro Email Security allows you to specify IP addresses and CIDR blocks as ignored peers to skip DKIM verification or DMARC authentication.

For details, see Adding DKIM verification settings and Adding DMARC settings.

Password Configuration for Quarantined Message Download

To protect your download of quarantined messages with a password, Trend Micro Email Security allows you to use a random password or define your own custom password.

For details, see Querying the quarantine.

Audit Log Enhancements

In addition to a single account, Trend Micro Email Security allows you to use all accounts as a criterion to search audit logs.

Moreover, audit logs now record administrators' logout from the administrator console and end users' logout from the End User Console.

For details, see Understanding audit log.

Outlook Add-in for Reporting Emails

Trend Micro Email Security launches an Outlook add-in that allows your users to report emails to Trend Micro as false positives and false negatives. The reporting helps Trend Micro Email Security provide you with more accurate detection.

For details, see Email reporting add-in for Outlook.

Scan Bypass for Trend Micro Phishing Simulations

Trend Micro Email Security provides an option to bypass all inbound protection scans for emails sent from the IP addresses of Trend Micro phishing simulation service. You can configure this feature under Administration → Other Settings → Service Integration.

For details, see Phishing simulation.

URLs Supported in the Web Reputation Approved List

In addition to domains and IP addresses, Trend Micro Email Security allows you to add URLs to the Web Reputation Approved List to bypass Web Reputation Services, Time-of-Click Protection, and Virtual Analyzer scanning.

For details, see Managing the Web Reputation approved list.

Detailed Reasons for Actions Supported in Mail Tracking Log Retrieval

When you retrieve mail tracking logs through the REST API, Trend Micro Email Security returns the details about the reasons for specific actions taken on email messages.

For details, see Supported APIs → Logs → List Mail Tracking Logs in the REST API Online Help.

Support for Using the Header Sender to Match Enforced Peers

In addition to envelope sender addresses, Trend Micro Email Security allows you to use the sender address in the message header for matching enforced peers in DKIM and DMARC verification for inbound messages.

For details, see Adding DMARC settings and Adding DKIM verification settings.

Scanning Duration Visibility in Mail Tracking Logs

Trend Micro Email Security displays the time used for Virtual Analyzer scanning and file password analysis in mail tracking logs.

Time Zone Customization in Notifications and Stamps

Trend Micro Email Security allows you to customize the time zone for the %DATE&TIME% token used in notifications for rule match and stamps inserted into the message body.

For details, see Managing notifications and Managing stamps.

Support for Multiple Entries in Log Search Boxes

Trend Micro Email Security allows you to specify multiple entries in the search criteria for mail tracking logs and policy event logs.

For details, see Understanding mail tracking and Understanding policy events.

MTA-STS Support for Outgoing TLS Connections

Trend Micro Email Security supports Mail Transfer Agent - Strict Transport Security (MTA-STS) for outgoing TLS connections.

For details, see Transport Layer Security (TLS) peers.

Display of File and URL Quota Usage

Trend Micro Email Security allows you to view the number of files and URLs successfully analyzed in the Virtual Analyzer Quota Usage Details chart on the dashboard and in reports.

For details, see Virtual Analyzer quota usage details.

Support for EUC Local Account Management

Trend Micro Email Security allows you to manage EUC local accounts from a centralized location on the administrator console.

For details, see Local accounts.

More Secure Password Reset for Administrators

Trend Micro Email Security uses verification codes in place of simple CAPTCHAs to verify administrators when they reset passwords on the administrator console.

For details, see Resetting local account passwords.

More Secure Registration and Password Reset for End Users

Trend Micro Email Security uses verification codes in place of security questions and simple CAPTCHAs to verify end users during account registration and password reset on the End User Console.

For details, see "Registering Your Account" and "Resetting Your Password" in the "Local Account Management" chapter of the End User Console Online Help.

Blank Message Body Detection

Trend Micro Email Security enhances content filtering policies to detect and take action on messages with a blank body.

For details, see Using body is blank criteria.

Quarantined Message Download in Encrypted ZIP Package

In addition to the original email file, Trend Micro Email Security provides another option for downloading a quarantined message: a password-protected ZIP file.

For details, see Querying the quarantine.

Removal of Mobile Number from Contact Information

Trend Micro Email Security removes the mobile number from the administrator's contact information on the administrator console. It's no longer necessary to provide your mobile number during provisioning and profile configuration.

Spoofing Detection Enhancement

As a supplement to the existing spoofing detection methods, Trend Micro Email Security adds anti-spoofing checks on the envelope sender and message header sender in content filtering.

For details, see Configuring content filtering criteria.

Support for Multiple Entries in Quarantine Search Boxes

Trend Micro Email Security allows you to specify multiple senders, recipients, and reasons when searching for quarantined messages.

For details, see Querying the quarantine.

More Granular Quarantine Permission Control

When you assign the read-only quarantine permissions to a subaccount, Trend Micro Email Security allows you to control whether to include the permissions for viewing quarantined message details and downloading quarantined messages.

For details, see Adding and configuring a subaccount.

More Granular True File Type Detection for Microsoft Office Files

Trend Micro Email Security allows you to separately control true file type detection for Microsoft Office 97-2003 files (such as .doc, .ppt, .xls) and Microsoft Office files of later versions (such as .docx, .pptx, .xlsx).

For details, see Using attachment true file type criteria.

Reverse DNS Validation

Trend Micro Email Security supports reverse DNS validation at the connection setup stage by performing PTR record lookup based on the email sending IP address. Besides, administrators can configure a list of blocked PTR domains to directly reject email messages from them.

For details, see Managing reverse DNS validation.

Sender Filter Enhancement

Trend Micro Email Security redesigned the Sender Filter feature under Inbound Protection by providing the following enhancements:

For details, see Managing sender filter.

New Account Type: Superadmin Account

Trend Micro Email Security introduces a new local account type, namely superadmin account, to ease the administrative burden of the Trend Micro Business Account. Superadmin accounts have all administrative permissions inherited from the Business Account and can perform actions on behalf of the Business Account when necessary.

For details, see Account management.

Support for Attaching the Original Message in Notifications for All Policy Violation Detections

In addition to writing style analysis detection, Trend Micro Email Security provides an option to attach the original message in notifications for all policy violation detections.

For details, see Managing notifications.

Mail Tracking Log Enhancement

For deleted or delivered quarantined messages, Trend Micro Email Security enables you to check from mail tracking logs who took the action and the time when the action was completed.

Log Export Enhancement

Trend Micro Email Security now can export all queried mail tracking logs and policy event logs to CSV files from the log result page.

For details, see Understanding mail tracking and Understanding policy events.

IP-based Control of Access to Trend Micro Email Security

IP-based access control is available to restrict access to Trend Micro Email Security. With this feature enabled, Trend Micro Email Security verifies the IP address from which the access request originates, and takes the preconfigured actions if the request originates from an unapproved IP address.

For details, see Logon access control.

Quarantine Digest Template Enhancement

Trend Micro Email Security enhances its quarantine digest template by refining template text and providing a new token for your use.

For details, see Adding or editing a digest template.

Support for Authenticated Received Chain (ARC)

Trend Micro Email Security adds support for ARC in DMARC authentication. If ARC is enabled and an ARC chain is present and validated, some legitimate messages that fail DMARC authentication due to intermediate processing will pass the authentication.

For details, see Domain-based message authentication, reporting & conformance (DMARC).

Policy Event Log Enhancement

Trend Micro Email Security enhances its policy event logs by providing more details about Virtual Analyzer scan exceptions.

Email Attachment Sanitizing

Trend Micro Email Security supports email attachment sanitizing for both incoming and outgoing messages. When configuring a content filtering policy, you can choose whether to set actions specifically for email messages that contain active content such as macros in Microsoft Office attachments.

For details, see Sanitizing attachments.

Layout Optimization for Quarantine Digest Notifications

Trend Micro Email Security is optimized to make the layout for quarantine digest notifications more mobile-friendly.

Stamp Enhancement

Trend Micro Email Security further supports HTML stamps besides already supported plain text stamps. You can customize HTML stamps based on predefined styles, and view an automatic plain text version of the customized stamps in real time.

For details, see Managing stamps.

Quarantined Message Management Enhancement

Trend Micro Email Security allows you to configure settings for end users to view quarantined messages and take action on the End User Console and in the quarantine digest notifications. In addition, quarantined message query is optimized to provide a reasonable and consistent user experience.

For details, see Configuring end user quarantine settings.

Support for Wildcard Domain in Address Groups

Trend Micro Email Security supports wildcard domains for email addresses in hybrid address groups. In addition, when you search for address groups by email address, wildcard search is used instead of partial search.

For details, see Managing address groups.

Keyword Expression Test Support

Trend Micro Email Security now enables you to test the keyword expression functionality when you add a new keyword expression.

For details, see Adding keyword expressions

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search mail tracking logs by sender IP address and destination IP address.

For details, see Understanding mail tracking.

Keyword Expression Enhancement

Trend Micro Email Security is enhanced to add another match condition to the Keywords and Expressions feature under Administration → Policy Objects. With this enhancement, Trend Micro Email Security will trigger actions when the combined score of all matched keyword expressions reaches the specified threshold.

For details, see Adding keyword expressions.

Redirect Page Customization Support for Time-of-Click Protection

Trend Micro Email Security enhances Time-of-Click Protection settings by allowing you to customize redirect pages for suspicious, dangerous, and untested URLs in inbound messages. The redirect page customization settings apply to incoming messages of the entire organization.

For details, see Configuring time-of-click protection settings.

High Profile Domains

Trend Micro Email Security allows you to add high profile domains, for example, your partners' domains or domains of famous brands, to leverage the improved Trend Micro Antispam Engine to detect cousin domains. A cousin domain looks deceptively similar to a legitimate target domain and is often used in phishing attacks to steal sensitive or confidential information from users.

For details, see High profile domains.

Renaming from "Business Email Compromise (BEC)" to "High Profile Users"

With the launch of the High Profile Domains feature, Trend Micro Email Security renames the Business Email Compromise (BEC) menu under Inbound Protection to High Profile Users to provide a more accurate description of the feature.

Support for Enabling/Disabling Log Retrieval

Trend Micro Email Security allows you to decide whether to retrieve policy event logs and mail tracking logs via REST APIs for third-party SIEM application integration.

For details, see Log retrieval.

File Password Analysis Result Visibility in Mail Tracking Logs

Trend Micro Email Security shows the password analysis result of email attachments in mail tracking logs.

Support for %HEADERS%

Trend Micro Email Security now supports the %HEADERS% token, which will be replaced with message headers in stamps and notification body.

DNS-Based Authentication of Named Entities (DANE) Support for Outgoing TLS Connections

Trend Micro Email Security now supports DANE for outgoing TLS connections.

For details, see Transport Layer Security (TLS) peers.

SPF Action Enhancement

Trend Micro Email Security enhances its SPF feature by allowing you to:

• Tag the email subject and send a notification for email messages with a specific SPF check result (except Pass)
• Use a new token in the notification template to represent the SPF check result

For details, see Adding SPF settings.

License Information Optimization

Trend Micro Email Security is optimized to show all the licenses that you have purchased under Administration → Other Settings → License Information. In addition, a grace end date is provided in the license information.

Organization-Level Policy

Trend Micro Email Security is enhanced to allow you to create inbound and outbound protection policies at the organization level. These policies automatically apply to all domains in your organization including the new ones added in the future. Organization-level policies make policy management easier than otherwise.

For details, see Configuring policies.

Predictive Machine Learning Support in Outbound Protection

Trend Micro Email Security adds support for Predictive Machine Learning in outbound protection, allowing you to specify Predictive Machine Learning settings in virus scan rules.

Syslog Enhancement

In addition to detection logs, audit logs and mail tracking logs, Trend Micro Email Security can now forward URL click tracking logs to syslog servers.

Quarantine Digest Template Enhancement

Trend Micro Email Security enhances its quarantine digest template by allowing you to:

• Use two more actions: "Approve Sender Domain" and "Block Sender Domain"
• Customize inline actions that are available in digest notifications
• Send a test digest mail based on the configured digest template

For details, see Adding or editing a digest template.

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search policy event logs by message header address and threat name, and search mail tracking logs by message header address.

For details, see Understanding mail tracking and Understanding policy events.