Views:

Domains

Upon registration of a domain in Hosted Email Security for protection, the administrator must specify the domain name and the incoming mail server IP address or FQDN responsible for the domain.

If a domain is deleted, Hosted Email Security purges its information and does not provide protection for the domain anymore.

Console settings
Data collected	Domain names IP addresses and/or FQDN of incoming email servers IP addresses and/or FQDN of outgoing email servers
Console location	Add domains: Domains > Add Delete domains: Domains > Delete

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital fingerprinting, API mapping, and other file features.

Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect new, previously unidentified, or unknown threats.

Data collected	Metadata of suspicious executable files and scripts in cloud storage services Metadata of suspicious executable files and scripts in email attachments
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings	Enable Predictive Machine Learning

Predictive Machine Learning Feedback

Predictive Machine Learning feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.

Disabling Predictive Machine Learning feedback prevents the mentioned data from being sent to Trend Micro, but affects the enhancement of Hosted Email Security to rapidly identify and address new threats.

Data collected	Suspicious executable files and scripts in email attachments
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings	Allow Trend Micro to collect suspicious files to improve its detection capabilities

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious applications, files, and scripts. Sandbox images allow observation of application, file, and script in an environment that simulates endpoints on your network without any risk of compromising the network.

Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect advanced malware in files.

Console settings
Data collected	Suspicious applications and executable files Suspicious scripts Suspicious documents with macro Other suspicious files from Trend Micro Advanced Threat Scan Engine
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code” Enable Virtual Analyzer Include macro, JSE, and VBE scanning Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Social Engineering attack Enable Virtual Analyzer

Spam

Hosted Email Security uses Trend Micro Anti-Spam Engine to provide advanced spam protection and protect users from spam.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect spam.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Spam

Business Email Compromise (BEC)

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from BEC attacks.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect BEC attacks.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Business Email Compromise (BEC)

Phishing

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from advanced phishing.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect phishing and other suspicious content.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Phishing and other suspicious content

Graymail

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from graymail.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect graymail.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Graymail

High Profile Users

Hosted Email Security allows administrators to add high profile users that may be frequently forged or spoofed, either by manually adding single users or by synchronizing groups from Active Directory.

If a high profile user is deleted, Hosted Email Security does not check incoming email messages from this user for BEC attacks anymore.

Data collected	First names, middle names, last names and group names
Console location	Inbound Protection > Business Email Compromise (BEC)
Console settings	Source: Custom

Web Reputation

Hosted Email Security leverages Trend Micro Web Reputation Services to scan URLs contained in email subject and body to detect malicious URLs based on their reputation scores.

Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.

Data collected	URLs in the email body URLs in email subjects
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Web Reputation

Time-of-Click Protection

Hosted Email Security leverages Trend Micro’s Time-of-Click Protection service to provide the ability to rewrite URLs in the email message body during scanning, and analyze the URLs at the time when the message recipient clicks on these URLs.

Disabling Time-of-Click Protection prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.

Data collected	URLs in the email body
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Web Reputation
Console settings	Enable Time-of-Click Protection

IP Reputation

Hosted Email Security leverages Trend Micro Email Reputation Services to verify IP addresses of incoming email messages using one of the world's largest, most trusted reputation database, along with a dynamic reputation database to identify new spam and phishing sources, stopping even zombies and botnets as they first emerge.

Disabling IP Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect and block spam from known and emerging spam sources.

Data collected	Source IP addresses of incoming email messages
Console location	Inbound Protection > IP Reputation > Settings
Console settings	Settings

Active Directory Synchronization

Hosted Email Security allows administrators to enable Active Directory synchronization from the administrator console. Installed on the local network, the Active Directory Synchronization Tool performs actual synchronization as configured. Data synchronized includes Active Directory user email addresses, display names, and groups.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected	Display names Email addresses Active Directory user groups
Console location	Administration > Web Services & Tools > Applications
Console settings	Status

Directory Import

Directory Import allows administrators to import a list of valid recipients’ email addresses and display names from a CSV file.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected	Display names Email addresses
Console location	Administration > Directory Management > Directory Import
Console settings

Unique Email Addresses

Hosted Email Security maintains a list of unique email addresses collected from inbound and outbound messages, which will be used for license verification.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the service at least once.

Data collected	Email addresses
Console location	Dashboard > Unique Email Addresses
Console settings	Unique Email Addresses

Logs

Hosted Email Security stores logs of all processed email messages for the administrator to use and query. Policy event logs and URL click tracking logs are kept for 30 days, and mail tracking logs are kept for 90 days. Audit logs are kept for 12 months, but the administrator can query audit logs of up to 30 days. The number of days kept is not configurable.

After scheduled log deletion, all log data will be purged and cannot be retrieved.

Data collected	Sender email addresses Recipient email addresses Email subjects Sender IP addresses Recipient IP addresses Attachment names Message IDs
Console location	Logs
Console settings	Logs

Quarantine

Email messages quarantined for any reason are kept by Hosted Email Security for a maximum of 30 days. During this period, the administrator may be able release them or inspect them if further analysis is required. After that period, the data will be purged permanently.

Data collected	Email messages quarantined
Console location	Quarantine > Query
Console settings

Profile

Hosted Email Security administrators and subaccounts may fill in their contact information on the administrator console. Trend Micro uses the contact information only to send important notifications and service advisories related to Hosted Email Security.

The administrator account can delete its subaccounts to remove their contact information from Hosted Email Security. Customers may contact Trend Micro Technical Support to request for purging such data if they have filled in the profile for their licensed account.

Data collected	First names and last names Mobile numbers Email addresses
Console location	Account Name > Profile
Console settings	Profile

Account Management

If a subaccount is deleted, its email address will also be removed.

Console settings
Data collected	Email addresses
Console location	Add accounts: Administration > Account Management > Add Delete accounts: Administration > Account Management > Delete >

Keywords: data collection notice Hosted Email Security,gdpr Hosted Email Security,gdpr HES,dcn HES,dcn Hosted Email Security,disable data gathering Hosted Email Security,turn off data collection,disable data gathering,HES,Hosted Email Security

Hosted Email Security Data Collection Notice

Product / Version includes:

Last updated: 2021/08/28

Solution ID: KA-0008496

Category: Configure

Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Domains
Predictive Machine Learning
Predictive Machine Learning Feedback
Virtual Analyzer
Spam
Business Email Compromise (BEC)
Phishing
Graymail
High Profile Users
Web Reputation
Time-of-Click Protection
IP Reputation
Active Directory Synchronization
Directory Import
Unique Email Addresses
Logs
Quarantine
Profile
Account Management

To see where this data is processed, refer to our list of data centers and authorized data subprocessors and their locations.

To help better understand data privacy and protection for Hosted Email Security, we have documented how it works with a focus on ensuring you have clarity on how data is treated for this offering. Please see the Hosted Email Security White Paper.

Domains

Upon registration of a domain in Hosted Email Security for protection, the administrator must specify the domain name and the incoming mail server IP address or FQDN responsible for the domain.

If a domain is deleted, Hosted Email Security purges its information and does not provide protection for the domain anymore.

Console settings
Data collected	Domain names IP addresses and/or FQDN of incoming email servers IP addresses and/or FQDN of outgoing email servers
Console location	Add domains: Domains > Add Delete domains: Domains > Delete

Predictive Machine Learning

Data collected	Metadata of suspicious executable files and scripts in cloud storage services Metadata of suspicious executable files and scripts in email attachments
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings	Enable Predictive Machine Learning

Predictive Machine Learning Feedback

Data collected	Suspicious executable files and scripts in email attachments
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings	Allow Trend Micro to collect suspicious files to improve its detection capabilities

Virtual Analyzer

Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect advanced malware in files.

Console settings
Data collected	Suspicious applications and executable files Suspicious scripts Suspicious documents with macro Other suspicious files from Trend Micro Advanced Threat Scan Engine
Console location	Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code” Enable Virtual Analyzer Include macro, JSE, and VBE scanning Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Social Engineering attack Enable Virtual Analyzer

Spam

Hosted Email Security uses Trend Micro Anti-Spam Engine to provide advanced spam protection and protect users from spam.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect spam.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Spam

Business Email Compromise (BEC)

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from BEC attacks.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect BEC attacks.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Business Email Compromise (BEC)

Phishing

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from advanced phishing.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect phishing and other suspicious content.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Phishing and other suspicious content

Graymail

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from graymail.

Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect graymail.

Data collected	Sender IP addresses Sender HELO information Email subjects, “From” and “To” addresses Email body Attachment names
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Graymail

High Profile Users

If a high profile user is deleted, Hosted Email Security does not check incoming email messages from this user for BEC attacks anymore.

Data collected	First names, middle names, last names and group names
Console location	Inbound Protection > Business Email Compromise (BEC)
Console settings	Source: Custom

Web Reputation

Hosted Email Security leverages Trend Micro Web Reputation Services to scan URLs contained in email subject and body to detect malicious URLs based on their reputation scores.

Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.

Data collected	URLs in the email body URLs in email subjects
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings	Web Reputation

Time-of-Click Protection

Disabling Time-of-Click Protection prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.

Data collected	URLs in the email body
Console location	Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Web Reputation
Console settings	Enable Time-of-Click Protection

IP Reputation

Data collected	Source IP addresses of incoming email messages
Console location	Inbound Protection > IP Reputation > Settings
Console settings	Settings

Active Directory Synchronization

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected	Display names Email addresses Active Directory user groups
Console location	Administration > Web Services & Tools > Applications
Console settings	Status

Directory Import

Directory Import allows administrators to import a list of valid recipients’ email addresses and display names from a CSV file.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected	Display names Email addresses
Console location	Administration > Directory Management > Directory Import
Console settings

Unique Email Addresses

Hosted Email Security maintains a list of unique email addresses collected from inbound and outbound messages, which will be used for license verification.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the service at least once.

Data collected	Email addresses
Console location	Dashboard > Unique Email Addresses
Console settings	Unique Email Addresses

Logs

After scheduled log deletion, all log data will be purged and cannot be retrieved.

Data collected	Sender email addresses Recipient email addresses Email subjects Sender IP addresses Recipient IP addresses Attachment names Message IDs
Console location	Logs
Console settings	Logs

Quarantine

Data collected	Email messages quarantined
Console location	Quarantine > Query
Console settings

Profile

Data collected	First names and last names Mobile numbers Email addresses
Console location	Account Name > Profile
Console settings	Profile

Account Management

If a subaccount is deleted, its email address will also be removed.

Console settings
Data collected	Email addresses
Console location	Add accounts: Administration > Account Management > Add Delete accounts: Administration > Account Management > Delete >

Was this article helpful?