Testing Trend Micro Cloud App Security (CAS) for Salesforce

Cloud App SecurityAll

Last updated: 2021/08/28

Solution ID: KA-0011783

Category: SPEC , Configure

Learn how to evaluate the following modules of Cloud App Security for Salesforce:

Admin permission to your Salesforce console
One Salesforce Production ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
One or more Salesforce standard users for testing
A test laptop/desktop with anti-virus software that can exclude the test samples from detection
One or more Salesforce Apps and Profiles as selected targets as shown below

Download an EICAR file from Download Anti Malware Testfile – Eicar.
In the Malware Scanning test policy, ensure that "Scan all files" is selected.
Log in to the Salesforce production environment with a test user credential and ensure that the test user is a standard user rather than an administrator user.
Create a test case and just input any content acceptable by the system, like below:
Attach the eicar sample file as an attachment.

Do NOT add the file from the Feed section, or the file will be uploaded with versioning enabled. If you do so, CAS won’t be able to quarantine it.
In the Logs tab, confirm that the sample is detected by Pattern-Based Scanning and that the Security Risk Name is “Malware: Eicar_test_file”.

In the Malware Scanning test policy, ensure that "Scan all files" is selected.
In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” is checked.
Download TrendX.zip and unzip the file with the password “virus”.
Attach the two (2) extracted files to a test case.
Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.
In a test case, add a case comment and then input the test URL like below:
In the Logs tab, confirm that the email is detected and that the Security Filter is "Web Reputation".

Add a Salesforce Production Policy.
Ensure that “Enable Data Loss Prevention” is selected and that “All Objects” and "All Profiles" are selected as targets, like below:
Ensure that "Enable Data Loss Prevention" is selected and that "All: Credit Card Number" is set as "Selected Compliance Template(s)".
In a test case, add a case comment and then input some test credit card numbers. If you don’t have a test credit card number, you may find some from Test Payflow Transactions (paypal.com).
In the Logs tab, switch the Type to “Data loss Protection” and confirm that there is a record with the credit card numbers under Violating Content. The test credit card numbers in the sample are from Test Payflow Transactions (paypal.com).

Was this article helpful?