Symptoms

The following behavior is observed when ScanMail for Microsoft Exchange (SMEX) is integrated with Deep Discovery Analyzer (DDAN) / Virtual Analyzer:

1. Administrator receives repeated notifications indicating a "Suspicious URL" was detected.
2. The notification action shows Pass entire message, yet the alert is still sent.
3. The Sandbox Analysis policy is configured to Pass messages that cannot be analyzed.
4. In SMEX Web Reputation Service (WRS) logs, the risk level for the affected URL is listed as Exception and the URL is flagged as detected by Virtual Analyzer.
5. When SMEX is disconnected from DDAN and WRS independently returns "Unrated," no notification is sent — confirming the behavior is specific to the DDAN integration path.

Root Cause

By design, SMEX always sends an administrator notification when a URL cannot be analyzed by DDAN, regardless of the configured action for unanalyzable messages (e.g., Pass). The notification is triggered by the WRS component when DDAN returns an Unrated result, and it operates independently from the Sandbox Analysis policy action setting.

Resolution

Follow the steps below to suppress the administrator notifications.

Note: Make sure SMEX 14 Patch 9 is installed.

Step 1: Set the DTASExtendedNotify Registry Key

1. Open the Registry Editor (regedit.exe) with administrator privileges.
2. Navigate to the following registry path:
3. HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion
4. Check whether a value named DTASExtendedNotify exists.
5. If it exists, set its value to 0.
6. If it does not exist, create a new DWORD (32-bit) Value named DTASExtendedNotify and set it to 0.
7. Close the Registry Editor.

Step 2: Verify the Behavior

1. Send a test email containing a URL that DDAN cannot analyze.
2. Confirm that no "Suspicious URL" administrator notification is generated after applying the registry change.