Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Features and products included in Smart Protection 1.0

    • Updated:
    • 13 Mar 2020
    • Product/Version:
    • Smart Protection Complete 1.0
    • Smart Protection for Endpoints 1.0
    • Platform:
    • N/A N/A

Know the features and identify the different products included in Smart Protection Suite 1.0.


To learn more about Smart Protection 1.0, refer to the Smart Protection Getting Started Guide topic: About Trend Micro Smart Protection Suites.

Policy management
  • Deploy product settings to managed products using policies
  • Flexible policy types
  • Role-based administration
  • Easy policy template updates from the web console
Policy status dashboard widget
  • Up-to-date deployment status of product settings
  • Monitor the numbers of deployed and pending targets
  • Check the detailed status of the pending targets
Policy template updatesWhen new or updated templates become available,
administrators can easily perform the update from
the web console.
Data Loss Prevention (DLP) integrationDLP is a feature of the Data Protection module that monitors the transmission of digital assets.
The DLP feature can minimize the risk of information loss and improve visibility of data usage patterns and risky business processes.
Control Manager has integrated the following DLP features:
  • Manageable DLP templates and data identifiers
  • Deploy DLP settings to managed products using policy management, DLP templates, and data identifiers
  • Collect DLP logs for reports and event notifications
  • 22 pre-defined DLP report templates
  • Five DLP event notifications
  • Four dashboard widgets
  • Product support: OfficeScan, IMSVA, and ScanMail for Microsoft Exchange
FavoritesAdministrators can add menu shortcuts to the Favorites menu for quick access.


  • Identify the digital assets to protect.
  • Create policies that limit or prevent the transmission of digital assets through common transmission channels, such as email messages and external devices.
  • Enforce compliance to established privacy standards
DashboardMonitor the usage of policies, rules, and applications using customizable widgets.
ManagementManage targets, rules, and policies.
LogsView logs and configure log maintenance settings.
UpdatesUpdate components and configure scheduled updates.
AdministrationManage the Endpoint Application Control server and agent settings.
  • Protection for the full disk, including the master boot record
    (MBR), operating system, and all system files
  • Hardware-based and software-based encryption for mixed environment
  • Comprehensive data
  • Flexible authentication methods, including both single and multi-factor
  • Control password strength and regularity for password changes
  • Policy updates before authentication and system boot
  • Configurable actions on failed password attempt threshold
Device management
  • Policies to protect data on endpoints and removable media
  • Ability to remotely lock, reset, wipe, or kill a device
Central administration
  • Flexibly use either PolicyServer MMC or Control Manager to manage PolicyServer
  • Deploy Endpoint Encryption agents to endpoints already managed by OfficeScan
  • Enforce security policies to individual users and policy
    groups from a single policy server
  • Instantly protect end user data by sending lock or erase commands to lost or stolen Endpoint Encryption devices
  • Automate policy enforcement with remediation of security events
  • Update security policies in real-time, before authentication, to revoke user
Record keeping, reports, and auditing
  • Advanced real-time reporting and auditing to ensure
    security compliance
  • Analyze usage statistics with scheduled reports and alert notifications
No Hardware Requirements
  • No-maintenance-required. Delivers continuous and updated protection to stop spam and email-based malware before they reach customer's network.
  • All scanning hardware is off-site at secure Trend Micro network operations centers.
IP ReputationHosted Email Security (HES) queries the Trend Micro Email Reputation server to determine whether the sending IP address is "trustworthy".
Email Content-based Filtering

HES examines the message contents and applies content filtering:

  • Spam and phishing
  • Malware (Viruses, spyware, etc.)
  • MML
Advance Filtering or Company-based ruleAdministrators can create rules by company, group, domain or individual and can set the appropriate enforcement action for each rules.
Approved SendersApproved specific email addresses or domains to send email messages to the managed domains.
Attachment Blocking

Block attachments by:

  • True-file type
  • File extension
  • File name
Valid Recipient Listing or Directory Management

Receive emails only to valid recipients. Administrators can import valid recipient list through:

  • CSV
  • Active Directory Sync Client
Web End-User Quarantine
  • Helps end users to manage spam email messages held in quarantine.
  • Set up a list of approved email senders whose messages should be delivered.
Outbound Email FilteringStops emails that contains malware and/or a spam coming from your network going to public which can result in having a bad reputation and/or blocking your IP by a third-party.
Email EncryptionFor more information on the key features of Email Encryption, refer to the following documentation: Hosted Email Encryption.
Co-BrandingDisplay your company logo on the web console top banner and in the logon page.


  • Traffic Deployment
    • Direct proxy set-up in browser
    • Use PAC file to design the traffic routine
    • USe proxy chain to route existing corporate Proxy traffic to IWSaaS
    • Use port forwarding to redirect 80 port from router to IWSaaS (No HTTPS traffic)
  • Security and Policy Enforcement
    • Anti-Malware protection (VSAPI scan)
    • Web reputation (WRS engine)
    • Advanced Protection (Specify security event types)
    • URL filtering
    • Application Control
    • Approved Blocked URLS
  • Data Visibility
    • Dashboard
    • Log query and report
  • Administration
    • Hosted Account management
    • CLP Integration
    • AD Integration
    • Alert and Notification


  • Application Control
  • Traffic Monitoring and Reporting
  • HTTP Inspection
  • Password Override Action for Blocked Url Filtering categories
  • Time Limit Action for URL Filtering
  • Time Quota Extension for Url filtering Time Limit Action
  • Data Loss Prevention
  • Advanced Threat Protection
  • HTTPS Decryption
  • Web Reputation
  • High Availability
  • FTP Scanning
  • URL Filtering
  • Content Caching
  • IP address, Hostname and LDAP-based Client Identification
  • Hyper-V Installation Support
  • Notifications
  • Real-Time Statistics and Alerts
  • Logs and Reports
  • Syslog Support
  • Integration with Cisco WCCP
  • Reverse Proxy Support
  • Support for Multiple Trend Micro IWSVA Installations
  • Command Line Interface

What's New:

  • C&C Contact Callback Detection
  • Enhanced Threat protection
  • Enhanced Log query and reporting
  • Configuration/Policy Replication
  • iDLP
  • Application Control Notification Page
  • More Virtualication Support
  • Log Analysis
  • System Status
  • Dashboard
Agent CustomizationEnables you to preset the server IP address and port number into the Android installation package.
Web Proxy Support for AndroidEnables you to set Web proxy in Android mobile devices.
HTTP(S) Push Notification Setting for AndroidProvides setting to enable or disable the HTTP(S) push notifications for Android mobile devices.
Simpler ProvisioningEnables you to configure server IP address, domain name and server port number in Android mobile devices in advance, to reduce the effort of deployment and enrollment of mobile devices.
Scan After Pattern UpdateAutomatically starts scanning the mobile device for security threats after successful pattern update, and displays the progress in the notification bar.
Web Threat Protection PolicyEnables you to manage Web threat protection policy from the Mobile Security server and deploys it on Android mobile devices. It also enables Android mobile devices to send the Web threat protection log back to the server.
Adds SD Card Restriction for AndroidEnables you to control the availability of the SD card for Android mobile devices.
Application InventoryMaintains the list of installed applications on mobile devices and displays it on the device status screen.
Application ControlEnables you to allow or block the installation of certain applications on mobile devices using approved and blocked lists.
Application PushEnables you to push the application installation package or Web link of the application to mobile devices for installation.
Selective WipeEnables you to delete all the corporate data from the server, without deleting the user’s personal data
Compliance CheckEnables you to set the compliance criteria on the server, and checks the mobile devices for compliance.
Optional Authentication using Active DirectoryEnables you to set user authentication using Active Directory (AD) or Mobile Security database for Symbian, Windows Mobile, iOS and Android mobile devices for registration.
Dashboard ScreenIntroduces the Dashboard screen to replace the old Summary screen on the web console to provide the status summary of server components and mobile devices.
Scheduled ReportsEnables you to configure Mobile Security to send scheduled reports at the pre-defined intervals.
Quick Configuration Verification ScreenIntroduces the Mobile Security Configuration and Verification screen that enables you to quickly verify Mobile Security configuration and identifies the problems, if any. If the configuration verification screen detects any wrong configuration setting, it provides suggestions to correct it.
On-Demand Remote Password Reset for iOS and AndroidEnables you to reset the password remotely for iOS and Android mobile devices from the web console.
Enterprise App StoreEnables you to create a list of webclips and apps for the users to download and install on their mobile devices.
Plug-in Manager and Plug-in Solutions

Plug-in Manager facilitates the installation, deployment, and management of plugin solutions.

Administrators can install two kinds of plug-in solutions:

  • Plug-in programs
  • Native OfficeScan features
Centralized Management
A web-based management console gives administrators transparent access to all agents and servers on the network. The web console coordinates automatic
deployment of security policies, pattern files, and software updates on every agent and server. And with Outbreak Prevention Services, it shuts down infection
vectors and rapidly deploys attack-specific security policies to prevent or contain outbreaks before pattern files are available. OfficeScan also performs real-time
monitoring, provides event notification, and delivers comprehensive reporting. Administrators can perform remote administration, set customized policies for
individual desktops or groups, and lock agent security settings.
Security Risk Protection

OfficeScan protects computers from security risks by scanning files and then performing a specific action for each security risk detected. An overwhelming number of security risks detected over a short period of time signals an outbreak.

To contain outbreaks, OfficeScan enforces outbreak prevention policies and isolates infected computers until they are completely risk-free.

OfficeScan uses smart scan to make the scanning process more efficient. This technology works by off-loading a large number of signatures previously stored on the local endpoint to Smart Protection Sources. Using this approach, the system and network impact of the ever-increasing volume of signature updates to endpoint systems is significantly reduced.

Damage Cleanup Services

Damage Cleanup Services™ cleans computers of file-based and network viruses, and virus and worm remnants (Trojans, registry entries, viral files) through a fully automated process. To address the threats and nuisances posed by Trojans, Damage Cleanup Services does the following:

  • Detects and removes live Trojans
  • Kills processes that Trojans create
  • Repairs system files that Trojans modify
  • Deletes files and applications that Trojans drop

Because Damage Cleanup Services runs automatically in the background, it is not necessary to configure it. Users are not even aware when it runs

Web Reputation

Web reputation technology proactively protects agent computers within or outside the corporate network from malicious and potentially dangerous websites. Web reputation breaks the infection chain and prevents downloading of malicious code. Verify the credibility of websites and pages by integrating OfficeScan with the Smart Protection Server or the Trend Micro Smart Protection Network.

OfficeScan FirewallThe OfficeScan firewall protects agents and servers on the network using stateful inspections and high performance network virus scans. Create rules to filter connections by application, IP address, port number, or protocol, and then apply the rules to different groups of users.
Device ControlThe OfficeScan firewall protects agents and servers on the network using stateful inspections and high performance network virus scans. Create rules to filter connections by application, IP address, port number, or protocol, and then apply the rules to different groups of users.
Behavior MonitoringBehavior Monitoring constantly monitors agents for unusual modifications to the operating system or on installed software.
Data Loss Prevention
  • Use rule-based filters to detect, filter, and mask sensitive data before it transmits out of the network.
  • Select from over 100 predefined templates and data identifiers, or create customized expressions and keyword lists to meet company-specific mandates
  • Create customized rules to block, mask, log, and delete sensitive data transmitting across the network.
  • Create Data Loss Prevention policies and deploy to ScanMail servers from Control Manager 6.0 ensuring that company-wide policies remain consistent across all servers
Smart ScanAn integral part of the Trend Micro Smart Protection Network, Smart Scan provides the following benefits:
  • Fast, real-time security status lookup capabilities in the cloud
  • Reduces the overall time it takes to deliver protection against emerging threats
  • Lowers memory consumption on endpoints
Fast and Simple Installation
  • Install to a single or multiple Microsoft Exchange servers using a single installation program.
  • Install to cluster environments.
Powerful and Creative Antivirus Features
  • SMTP scanning (Transport scanning) and store level scanning.
  • Leverage Microsoft Virus Scanning API to scan messages at a low-level in the Exchange store.
  • Quickly scan messages using multi-threaded in-memory scanning.
  • Detect and take action against viruses/malware, Trojans, and worms.
  • Detect and take action against spyware/grayware.
  • Use true file type recognition to detect falsely labeled files.
  • Use Trend Micro recommended actions or customize actions against viruses/malware.
  • Detect all macro viruses/malware and remove them or use heuristic rules to remove them
Attachment Blocking
  • Block named attachments or block attachments by true file type, file extension, or file name.
  • Active Directory integrated exception rules on Exchange Server 2010 and 2007.
Content Filtering
  • Use rule-based filters to screen out message content deemed to be offensive or otherwise objectionable.
  • Active Directory integrated policies on Exchange Server 2010 and 2007.
Spam Prevention Rules
  • Use spam prevention filters with adjustable sensitivity levels to screen out spam while reducing falsely identified messages.
  • End User Quarantine (EUQ) with Spam Confidence Level (SCL). This version of ScanMail provides "Integrate with Outlook Junk E-mail" and "Integrate with End User Quarantine" solutions. You can select either solution during installation.
  • Junk E-Mail folder. In this version of ScanMail, you can select to send detected Spam messages to the standard Outlook folder. The creation of a separate Spam folder is no longer necessary.
Web Reputation
  • This version of ScanMail leverages Web Reputation technology, which evaluates the integrity of all requested web pages.
  • Web Reputation features help ensure that the pages that users access are safe and free from web threats, such as malware, spyware, and phishing scams that are designed to trick users into providing personal information.
  • Web Reputation blocks web pages based on their reputation ratings. It queries Trend Micro servers for these ratings, which are correlated from multiple sources, including web page links, domain and IP address relationships, spam sources, and links in spam messages. By obtaining ratings online, Web Reputation uses the latest available information to block harmful pages.
  • Web Reputation helps deter users from following malicious URLs when the feature is enabled. Web reputation queries Trend Micro servers for the reputation rating when an email message with a URL in the message body or message attachment is received. Depending on the configuration, Web Reputation can quarantine, delete, or tag the email message with URLs.
  • Set ScanMail to quarantine suspicious email messages.
  • Query logs for quarantine events and resend quarantined messages when you decide they are safe.
Web-based Product Console
  • Use SSL to access remote servers through a secure product console.
  • Detects and takes action against a virus or other threat detected in an email message
  • Blocks an infected attachment
  • Detects suspicious URLs
  • Filters out undesirable content from an email message
  • Detects a significant system event
  • Detects virus/malware outbreak conditions
  • ScanMail can notify designated individuals during real-time, manual, or scheduled scanning.
    For correct resolution of ScanMail notifications with Simple Network Management Protocol (SNMP), you can import the Management Information Base (MIB) file to your network management tools from the following path in the ScanMail 10.2 Installation Package: tool\admin\trend.mib.
Informative and Timely Reports and Logs
  • Keep up-to-date using activity logs that detail system events, viruses/malware, and program update events.
  • Send or print graphical reports.
UpdatesReceive scheduled or on-demand component updates and customize your update source.
Category for Unscannable Message PartsScanMail separates the unscannable message count from the virus/malware count. Unscannable files can be files that fall outside of the Scan Restriction Criteria, encrypted files, or password protected files.
Content Filter LogThis version of ScanMail displays the keyword in content filtering logs when there is a match.
If the keyword or regular expression is too long to display, logs display truncated information.
IntelliTrapThis version of ScanMail incorporates IntelliTrap technology. Use IntelliTrap to scan for packing algorithms to detect packed files. Enabling IntelliTrap allows ScanMail to take user-defined actions on infected attachments and to send notifications to senders, recipients, or administrators.
Trust ScanReal-time scan can skip scanning email messages at the store level when the message has been scanned by ScanMail at the Hub Transport Level. This feature is available for ScanMail with Exchange Server 2010 and 2007.
Once ScanMail scans a message on an Edge or Hub Transport server, ScanMail adds scan information to the message. When the message reaches the Mailbox, ScanMail evaluates the scan information to prevent redundant use of resources. ScanMail only scans the message if the message was scanned with an older scan engine or pattern file or if ScanMail has not previously scanned the message.
Manual and Scheduled ScanActiveUpdate does not interrupt Manual Scan or Scheduled Scan.

For Exchange Server 2010 and 2007, the Manual Scan and Scheduled Scan pages only appear on Combo Server (Hub Transport and Mailbox server role) and Mailbox server roles. ScanMail offers incremental scan options only with Exchange Server 2010 and 2007. There are three options:

  • Scan messages delivered during a time period
  • Scan messages with attachments
  • Scan messages that have not been scanned by ScanMail
Cluster SupportScanMail supports the following clusters:

Exchange 2010

  • Database Availability Group (DAG)
  • VERITAS Cluster 5.1 SP2

Exchange 2007

  • Single Copy Cluster (SCC)
  • Cluster Continuous Replication (CCR)
  • Standby Continuous Replication (SCR) models
  • VERITAS Cluster 5.1 SP2

Exchange 2003

  • Shared disk cluster model
  • VERITAS Cluster 5.1SP2
Security Risk Protection
  • Scan and clean files
  • Outbreak Notification
Web ReputationProtection from malicious and potentially dangerous web sites
Centralized ManagementWeb-based management console


  • Support for Microsoft Windows server platforms including Windows 2000, most versions in Windows 2003, Windows 2003 R2, Windows 2008 and Windows 2008 SP2 servers.
  • VMWare ESX/ESXi server support
  • New spyware pattern support to detect virus infections, which also includes new features to perform quarantine, delete, and renaming actions for handling infected files
  • Ability to run the Normal Server under Novell Open Enterprise Server 2
  • Upgrade from ServerProtect 5.58 and 5.7 by running either the installation program or deployment program
  • Enhanced security when communicating between the Information Server and Windows Normal Server
  • Latest Damage Cleanup Engine and Anti-Rootkit module as a generic cleaning feature
  • TMI component upgrade to the latest version v1.12
Avoid Congestion
  • Only X guest VM can run on demand scan at the same time.
  • Only Y guest VM can do component update at the same time.
White listingCustomers will make base image for VD, we believe the base image are highly virus-free. We will provide a tool to allow customer to pre-scan this image to build the white list; this list will be used in on demand scan (not for real time scan). 
Avoid duplicate GUIDCurrent OSCE 10.5 image setup tool (ImgSetup.exe) is not suitable for VDI, we create a new one (TCacheGen.exe).
  • Shields known vulnerabilities from unlimited exploits until the can be patched.
  • Defends against web application vulnerabilities.
  • Identifies malicious software accessing the network.
FirewallDecreases the attack surface of your servers.

To know more about the features and enhancements of Worry-Free Business Security Services, refer to the following KB article: New features of Worry-Free Business Security Services (WFBS-SVC).

Deploy; Install
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.