Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Search & Destroy in ScanMail for Exchange (SMEX)

    • Updated:
    • 16 Dec 2020
    • Product/Version:
    • ScanMail for Exchange 12.0
    • ScanMail for Exchange 12.5
    • ScanMail for Exchange 14.0
    • Platform:
    • N/A

Learn about the Search & Destroy configuration that provides the capability to search and remove messages in Exchange Mailbox Server. 

Since there is no filter driver existing in ESXi for Deep Security 9.6, we do not need to adjust the heap memory anymore.
  1. Go to Administration > Access Control.
  2. Click the Search & Destroy role to configure.
  3. Modify the Search & Destroy description. (Optional)
  4. Search for users or groups to add in the Search & Destroy role.

    1. In the Available Account list, select the accounts to add in the role.
    2. Choose Add and Save your changes for the Access Control screen to appear

      For this sample setup, we will use "NETD/JeffreyF" as the service account.

      Access Control screen

    3. To the right of the Search & Destroy role, click the Status icon to enable the role. The icon changes from a red “x” to a green check, then click Save.

      enable role

    4. Log off from the SMEX console.
  1. Log on to the SMEX console using an account with a Search & Destroy role and the Search & Destroy Activation wizard will appear:

    Search & Destroy Activation wizard

    Visit Exchange management shell commands online documentation to set-up Search and Destroy Prerequisites via Exchange Management Shell.
  2. Configure the Exchange service account to perform the backend searches in the Exchange environment. Use the following Exchange Management Shell commands to configure the service account you added in Search & Destroy (We'll use SERVICE_ACCOUNT_NAME = NETD/JeffreyF in this example):

    1. Add the "SERVICE_ACCOUNT_NAME" account to the Exchange Discovery Management group:

      Add-RoleGroupMember -Identity "Discovery Management" -Member "SERVICE_ACCOUNT_NAME"

      add service account name

    2. Add the "SERVICE_ACCOUNT_NAME" account to the Exchange Mailbox Import Export role:

      New-ManagementRoleAssignment -Role "mailbox import export" -User "SERVICE_ACCOUNT_NAME"

      add service account name 2

  3. Use the following commands to create a new discovery mailbox and assign the discovery management group full access permission.

    An Exchange Discovery mailbox is necessary to store the mailbox search result messages.
    • To list down the available discovery mailboxes that exist on the Exchange server, run the following command:

      Get-Mailbox -Filter {RecipientTypeDetails -eq "DiscoveryMailbox"}

    • To know the available “MAILBOX_DATABASE_NAME”, type Get-MailboxDatabase

      In this example we will use AMEAND mailbox database as the “MAILBOX_DATABASE_NAME”


    • Create a new discovery mailbox in the MAILBOX_DATABASE_NAME database:


      New-Mailbox -Name “NEW_DISCOVERY_MAILBOX_NAME” -Discovery –database "MAILBOX_DATABASE_NAME"

      Create a new discovery mailbox

    • Assign the Exchange Discovery Management group full access permission to the DISCOVERY_MAILBOX_NAME database:

      Add-MailboxPermission -Identity "DISCOVERY_MAILBOX_NAME" -user "Discovery Management" - AccessRights FullAccess

      Assign full access

  1. Click Search & Destroy > Mailbox Search or select Search & Destroy > Settings. The Search & Destroy Activation wizard will appear.
  2. Choose Next and the Exchange Server Prerequisite Configuration screen will show.

    Search and Destroy Activation Wizard

    Read the prerequisites items discussed in section B. Setting Search and Destroy Prerequisites in the previous steps before proceeding.
  3. After configuring all the necessary settings, select All Exchange Server to know if prerequisite settings have been properly configured.
  4. Choose Next and type the domain\user name and password for the previously configured service account.
  5. Click Next and select the Discovery Mailbox available in the list.

    We will use SMEX_SEARCHANDDESTROY, we created for this example in the previous step.

    select the Discovery Mailbox

  6. Choose Next and the generated PST search results screen appears.

    PST search results screen

    Ensure that the account is a member of the Exchange Mailbox Import Export role.
  7. Click Next and the Search & Destroy activation details screen will be displayed. Review the Search & Destroy settings and choose Finish.

    PST search results screen

    If the service account or discovery mailbox provided is invalid, the activation process cannot proceed.
  8. Log-off and log-in using the Search and Destroy account and perform a mailbox search:

    mailbox search

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.