Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Detecting attached password-protected files in InterScan Messaging Security

    • Updated:
    • 14 Nov 2014
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • Linux - Red Hat RHEL 5 32-bit
    • N/A N/A
    • Windows 2008 Enterprise
Summary
Block password-protected files in InterScan Messaging Security Suite (IMSS) and InterScan Messaging Security Virtual Appliance (IMSVA).
Details
Public
The IMSS and IMSVA policy lists have the Default rule for the attachment protected by password. To detect and block the password-protected files, you may modify this rule or create a new rule.
To modify the default rule for password-protected files:
  1. Log on to IMSS or IMSVA management console.
  2. Go to Policy > Policy List.
  3. Open the Default rule for the attachment protected by password rule.
    Default rule for the attachment protected by password
    Click image to enlarge.
  4. Under Then action is, select Edit. The default action of this rule is Insert stamp in body which contains the following message:
    The attachment named %FILENAME% could not be scanned for viruses because it is a password protected file.
  5. Select Delete entire message or Quarantine as your preferred action.
    Delete entire message or Quarantine
    Click image to enlarge.
  6. Untick the Insert stamp in body check box.
  7. Save the changes.
To create a new rule for the password-protected files:
  1. Log on to IMSS or IMSVA management console.
  2. Go to Policy > Policy List.
  3. Select Add, and then click Other.
  4. On the This rule will apply to check box, select all messages, and then click Next.
  5. Tick the Password protected zip files (unscannable files) check box and click Next.
    Password protected zip files (unscannable files)
    Click image to enlarge.
  6. Select either Delete entire message or Quarantine, and then click Next.
  7. Fill out the Rule Name and Order Number fields.
    Note: Make sure that the order number of this rule is higher than the Default rule for the attachment protected by password. You may also disable the latter rule to avoid redundancy.
  8. Click Finish.
To view the logs for this policy:
  1. Navigate to Logs > Query.
  2. Under Type, select Policy events.
  3. Enter the rule name created on the Rule field.
  4. Select the date range and click Display Log.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1101602
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.