Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Testing Trend Micro Cloud App Security (CAS) for Microsoft Exchange Online

    • Updated:
    • 27 May 2021
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

Learn how to evaluate the following modules of Cloud App Security for Microsoft Exchange Online:

  • Advanced Spam Protection
  • Malware Scanning
  • File Blocking
  • Web Reputation
  • Virtual Analyzer
  • Data Loss Prevention
Details
Public
  • Admin permission to your Cloud App Security console
  • One Exchange Online ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
  • One or more Exchange Online mailboxes protected by Cloud App Security as a selected target of the test policy
  • One external email address e.g. Gmail, Zoho, Exchange, Yahoo, etc.

Testing MS Exchange Online

Testing MS Exchange Online

To test Advanced Spam Protection, please ensure that:

  • The “Enable Advanced Spam Protection” option is checked.
  • The rules are applied to “All messages”.

Testing MS Exchange Online

Antispam Engine - BEC

  1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroSNAPBECTesting”) and send it to your test target mailbox.

    Testing MS Exchange Online

  2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “BEC".

    Testing MS Exchange Online

Antispam Engine - Other Spam

  1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroCSASSubjectRuleTesting”) and send it to your test target mailbox.

    Testing MS Exchange Online

  2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “Other spam”.

    Testing MS Exchange Online

Antispam Engine - Phishing

  1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroPhishingTesting”) and send it to your test target mailbox.

    Testing MS Exchange Online

  2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “Phishing”.

    Testing MS Exchange Online

Antispam Engine-Writing Style

  1. Ensure that “Enable writing style analysis” under “Writing Style Analysis for BEC” is checked in the test policy.

    Testing MS Exchange Online

  2. Go to “High Profile Users” in Administration > Global Settings and add a user from your organization.

    Testing MS Exchange Online

    Testing MS Exchange Online

  3. Change the display name of the sender’s email to that of the high-profile user.

    Here are the settings related to Gmail:

    Testing MS Exchange Online

  4. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroPhishingTesting”) and send it to your test target mailbox.

    Testing MS Exchange Online

  5. In the Logs tab, confirm that the email is detected by “Writing style analysis” and that the Security Risk Name is “BEC”.

    Testing MS Exchange Online

Pattern-Based Scanning

  1. Download an EICAR file from Download Anti Malware Testfile – Eicar.
  2. In the Malware Scanning test policy, ensure that "Scan all files" is selected and that the rules are applied to "All messages".

    Testing MS Exchange Online

  3. Send an email with the EICAR file attached to the test user. In the example below, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

    Testing MS Exchange Online

  4. In the Logs tab, confirm that the email is detected by Pattern-Based Scanning and the Security Risk Name is "Malware: Eicar_test_file".

    Testing MS Exchange Online

TrendX (Predictive Machine Learning)

  1. In the Malware Scanning test policy, ensure that "Scan all files" is selected and that the rules are applied to "All messages".

    Testing MS Exchange Online

  2. In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” and “Allow Trend Micro to collect suspicious files to improve its detection capabilities” are checked.

    Testing MS Exchange Online

  3. Download TrendX.zip and unzip the file with the password “virus”.
  4. Compose an email with the unzipped files attached and send it to the test target mailbox. In the example, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

    Testing MS Exchange Online

  5. In the Logs tab, confirm that the email is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

    Testing MS Exchange Online

  1. In the File Blocking test policy, ensure that “Enable File Blocking” is checked and that “Block All Files” is selected for “Type of File Blocking”.

    Testing MS Exchange Online

  2. Compose an email with any file attached and send it to the test target mailbox.

    Testing MS Exchange Online

  3. In the Logs tab, confirm that the email is detected and that the Security Filter is “File Blocking”.

    Testing MS Exchange Online

  1. In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.

    Testing MS Exchange Online

  2. Compose an email with the link in the message body and send it to the test target mailbox.

    Testing MS Exchange Online

  3. In the Logs tab, confirm that the email is detected and that the Security Filter is “Web Reputation”.

    Testing MS Exchange Online

  1. In the Virtual Analyzer test policy, ensure that “Enable Virtual Analyzer” is checked and that the rules are applied to “All messages”.

    Testing MS Exchange Online

    If the option is greyed out, please change “Apply to” in “Malware Scanning” rules to “All messages” firstly because VA analysis is dependent on the malware scanning result.

    Testing MS Exchange Online

  2. Download the PDF sample and unzip it with the password “virus”.
  3. Compose an email with the unzipped pdf file attached and send it to the test target mailbox. In the example, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

    Testing MS Exchange Online

  4. In the Logs tab, switch the Type to “Virtual Analyzer” and confirm that there is a record with Virus Name as “HEUR_PDFF.SPACE”.

    Testing MS Exchange Online

  1. Add a test DLP policy for Exchange Online. Ensure that “Enable Real-time Scanning” is selected and that the test user is set as "Selected Targets".

    Testing MS Exchange Online

  2. Ensure that “Enable Data Loss Prevention” is selected and “All: Credit Card Number” is set as "Selected Compliance Template(s)".

    Testing MS Exchange Online

  3. Compose an email with some test credit card numbers like below. If you don’t have one, you may find some from Test Payflow Transactions (paypal.com).

    Testing MS Exchange Online

  4. In the Logs tab, switch the Type to “Data loss Protection” and confirm that there is a record with the credit card numbers under Violating Content.

    Testing MS Exchange Online

Premium
Internal
Partner
Rating:
Category:
Configure; SPEC
Solution Id:
000286194
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.