Unidades lexicales básicas de interpretación 1 Familia

Configuring attachment blocking options for Microsoft Exchange servers involves setting the rules to block messages with certain attachments.

• For Real-time Scan:

Security Settings > {Messaging Security Agent} > Configure > Attachment Blocking

• For Scheduled Scan:

Scans > Scheduled > {Expand Messaging Security Agent} > Attachment Blocking

Procedure

1. From the Target tab, update the following as required:

• All attachments: The agent can block all email messages that contain

attachments. However, this type of scan requires a lot of processing. Refine this type of scan by selecting attachment types or names to exclude.

• Attachment types to exclude

• Attachment names to exclude

• Specific attachments: When you select this type of scan, the agent only

scans for email messages containing attachments that you identify. This type of scan can be very exclusive and is ideal for detecting email messages containing attachments that you suspect contain threats. This scan runs very quickly when you specify a relatively small amount of attachment names or types.

• Attachment types: The agent examines the file header rather than the

file name to ascertain the actual file type.

• Attachment names: By default, the agent examines the file header

rather than the file name to ascertain the actual file type. When you set Attachment Blocking to scan for specific names, the agent will detect attachment types according to their name.

• Block attachment types or names within ZIP files

2. Click the Action tab to set the actions that the Messaging Security Agent takes when it detects attachments. The Messaging Security Agent can perform the following actions (For descriptions, see Scan Targets and Actions for Messaging Security Agents on page 7-15):

• Quarantine message part • Delete entire message

3. Select Notify recipients to set the Messaging Security Agent to notify the intended recipients of email messages that have attachments.

Select Do not notify external recipients to only send notifications to internal mail recipients. Define internal addresses from Operations > Notification

Settings > Internal Mail Definition.

4. Select Notify senders to set the Messaging Security Agent to notify the senders of email messages that have attachments.

Select Do not notify external senders to only send notifications to internal mail senders. Define internal addresses from Operations > Notification Settings >

Internal Mail Definition.

5. Click the plus (+) icon to expand the Replacement Settings subsection. a. In the Replacement file name field, type the name of the file that

Attachment Blocking will replace an email message with when a rule using the “Replace with text/file” action is triggered, or accept the default value. b. In the Replacement text field, type or paste the content of the replacement

text for Attachment Blocking to use when an email message triggers a rule whose action is “Replace with text/file” or accept the default text.

6. Click Save.

Web Reputation

Web Reputation helps prevent access to URLs on the web or embedded in email messages that pose security risks. Web Reputation checks the URL’s reputation against the Trend Micro web reputation servers and then correlates the reputation with the specific web reputation policy enforced on the client. Depending on the policy in use:

• The Messaging Security Agent (Advanced only) will quarantine, delete, or tag the email message containing malicious URLs, or allow the message to be sent if the URLs are safe.

Web Reputation provides both email notification to the administrator and online notification to the user for detections.

For Security Agents, configure a different level of security based on the location (In Office/Out of Office) of the client.

If Web Reputation blocks a URL and you feel the URL is safe, add the URL to the Approved URLs list.

Tip

To save network bandwidth, Trend Micro recommends adding the enterprise internal websites to the Web reputation approved URL list.

Reputation Score

A URL's “reputation score” determines whether it is a web threat or not. Trend Micro calculates the score using proprietary metrics.

Trend Micro considers a URL a web threat if its score falls within a defined threshold, and safe if its score exceeds the threshold.

A Security Agent has three security levels that determine whether it will allow or block access to a URL.

• High: Blocks pages that are:

• Dangerous: Verified to be fraudulent or known sources of threats

• Highly suspicious: Suspected to be fraudulent or possible sources of threats

• Suspicious: Associated with spam or possibly compromised

• Untested: While Trend Micro actively tests web pages for safety, users may

encounter untested pages when visiting new or less popular websites. Blocking access to untested pages can improve safety but can also prevent access to safe pages.

• Dangerous: Verified to be fraudulent or known sources of threats

• Highly suspicious: Suspected to be fraudulent or possible sources of threats

• Low: Blocks pages that are:

• Dangerous: Verified to be fraudulent or known sources of threats

Configuring Web Reputation for Messaging Security