Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Testing Trend Micro Cloud App Security (CAS) for Salesforce

    • Updated:
    • 27 May 2021
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

Learn how to evaluate the following modules of Cloud App Security for Salesforce:

  • Malware Scanning
  • Web Reputation
  • Data Loss Prevention
Details
Public
  • Admin permission to your Salesforce console
  • One Salesforce Production ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
  • One or more Salesforce standard users for testing
  • A test laptop/desktop with anti-virus software that can exclude the test samples from detection
  • One or more Salesforce Apps and Profiles as selected targets as shown below

Testing Salesforce

Pattern-Based Scanning

  1. Download an EICAR file from Download Anti Malware Testfile – Eicar.
  2. In the Malware Scanning test policy, ensure that "Scan all files" is selected.

    Testing Salesforce

  3. Log in to the Salesforce production environment with a test user credential and ensure that the test user is a standard user rather than an administrator user.
  4. Create a test case and just input any content acceptable by the system, like below:

    Testing Salesforce

    Testing Salesforce

  5. Attach the eicar sample file as an attachment.

    Testing Salesforce

     
    Do NOT add the file from the Feed section, or the file will be uploaded with versioning enabled. If you do so, CAS won’t be able to quarantine it.
  6. In the Logs tab, confirm that the sample is detected by Pattern-Based Scanning and that the Security Risk Name is “Malware: Eicar_test_file”.

    Testing Salesforce

TrendX (Predictive Machine Learning)

  1. In the Malware Scanning test policy, ensure that "Scan all files" is selected.
  2. In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” is checked.

    Testing Salesforce

  3. Download TrendX.zip and unzip the file with the password “virus”.
  4. Attach the two (2) extracted files to a test case.
  5. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

    Testing Salesforce

  1. In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.

    Testing Salesforce

  2. In a test case, add a case comment and then input the test URL like below:

    Testing Salesforce

    Testing Salesforce

  3. In the Logs tab, confirm that the email is detected and that the Security Filter is "Web Reputation".

    Testing Salesforce

  1. Add a Salesforce Production Policy.

    Testing Salesforce

  2. Ensure that “Enable Data Loss Prevention” is selected and that “All Objects” and "All Profiles" are selected as targets, like below:

    Testing Salesforce

  3. Ensure that "Enable Data Loss Prevention" is selected and that "All: Credit Card Number" is set as "Selected Compliance Template(s)".

    Testing Salesforce

  4. In a test case, add a case comment and then input some test credit card numbers. If you don’t have a test credit card number, you may find some from Test Payflow Transactions (paypal.com).

    Testing Salesforce

  5. In the Logs tab, switch the Type to “Data loss Protection” and confirm that there is a record with the credit card numbers under Violating Content. The test credit card numbers in the sample are from Test Payflow Transactions (paypal.com).

    Testing Salesforce

Premium
Internal
Partner
Rating:
Category:
Configure; SPEC
Solution Id:
000286193
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.