Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Testing Trend Micro Cloud App Security (CAS) for Microsoft SharePoint

    • Updated:
    • 27 May 2021
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

Learn how to evaluate the following modules of Cloud App Security for Microsoft SharePoint:

  • Malware Scanning
  • File Blocking
  • Web Reputation
  • Virtual Analyzer
  • Data Loss Prevention
Details
Public
  • Admin permission to your Cloud App Security console
  • One Microsoft SharePoint ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
  • Permissions for Cloud App Security to receive notifications from Microsoft upon any change to the files in your teams (refer to Online Help - Step 11)
  • One or more test SharePoint sites protected by Cloud App Security as selected targets of the test policy

Testing MS SharePoint

 
Please use a test site different from the one for Teams and OneDrive, or the sample file will be detected by the Teams policy or OneDrive policy rather than the SharePoint policy.

Pattern-Based Scanning

  1. Download an EICAR file from Download Anti Malware Testfile – Eicar.
  2. In the Malware Scanning test policy, ensure that "Scan all files" is selected.

    Testing MS SharePoint

  3. Sign in to https://www.office.com as the test user, locate the SharePoint icon in the left panel, and then click on it to open the SharePoint page.

    Testing MS SharePoint

  4. Select the test SharePoint site and then upload the eicar file to the Documents folder.
     
    Please use a test site different from the one for Teams and OneDrive, or the sample file will be detected by the Teams policy or OneDrive policy rather than the SharePoint policy.

    Testing MS SharePoint

  5. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Pattern-Based Scanning and that the Security Risk Name is “Malware: Eicar_test_file”.

    Testing MS SharePoint

TrendX (Predictive Machine Learning)

  1. In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” is checked.

    Testing MS SharePoint

  2. Download TrendX.zip and unzip the file with the password “virus”.
  3. Upload the extracted sample files to the My Files folder.
  4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

    Testing MS SharePoint

  1. In the File Blocking test policy, ensure that “Enable File Blocking” is checked and that “Block Specific Files” is selected for “Type of File Blocking”, and then select “File names to block” and add “test.txt” to the Blocking list.

    Testing MS SharePoint

  2. Create a text file with file name “test.txt” and input any text into it.
  3. Upload the test.txt file to the Documents folder.
  4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with Security Filter “File Blocking” and that the Security Risk Name is “test.txt”.

    Testing MS SharePoint

  1. In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.

    Testing MS SharePoint

  2. Create a text file with file name “wrstest.txt” and input the following WRS test URL into it.

    Testing MS SharePoint

  3. Upload wrstest.txt to the Documents folder.
  4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with the Web Reputation Security Filter and that the Security Risk Name is “Spyware: [http]:[/][/]wrs21[.]winshipway[.]com”.

    Testing MS SharePoint

  1. In the Virtual Analyzer test policy, ensure that “Enable Virtual Analyzer” is checked.

    Testing MS SharePoint

  2. Download the PDF sample and unzip it with the password “virus”.
  3. Upload the extracted sample file to the My Files folder.
  4. Wait for several minutes and then in the Logs tab of the CAS Web UI, confirm that the sample is detected with Virus Name “HEUR_PDFF.SPACE”.

    Testing MS SharePoint

  1. Add a test DLP policy for SharePoint Online. Ensure that “Enable Real-time Scanning” is selected and that the SharePoint test site is set as "Selected Targets".

    Testing MS SharePoint

     
    Please use a test site different from the one for Teams and OneDrive, or the sample file will be detected by the Teams policy or OneDrive policy rather than the SharePoint policy.
  2. Ensure that “Enable Data Loss Prevention” is selected and that “All: Credit Card Number” is set as "Selected Compliance Template(s)".

    Testing MS SharePoint

  3. Create a text file with some test credit card numbers like below. If you don’t have one, you may find some from Test Payflow Transactions (paypal.com). The following sample file uses the test credit card numbers provided in the PayPal website.

    Testing MS SharePoint

  4. Upload the created sample file to the Documents folder.
  5. Wait for several minutes and then in the Logs tab of the CAS Web UI, select "Data Loss Prevention" as the Log Type and then confirm that the sample is detected with the Data Loss Prevention Security Filter.

    Testing MS SharePoint

Premium
Internal
Partner
Rating:
Category:
Configure; SPEC
Solution Id:
000286196
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.