Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Recommendations on how to best protect your network using Trend Micro products

    • Updated:
    • 7 Dec 2016
    • Product/Version:
    • Advanced Reporting and Management for InterScan Web Security 1.6
    • Cloud App Security 1.0
    • Control Manager 6.0
    • Core Protection Module 10.5
    • Core Protection Module 10.6
    • Damage Cleanup Services 3.2
    • Data Loss Prevention Endpoint 5.5
    • Data Loss Prevention Endpoint 5.6
    • Data Loss Prevention Network Monitor 2.0
    • Deep Discovery Analyzer 5.0
    • Deep Discovery Analyzer 5.1
    • Deep Discovery Email Inspector 2.0
    • Deep Discovery Email Inspector 2.1
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security for Web Apps 2.0
    • Email Encryption Gateway 5.5
    • Encryption for Email 5.7
    • Endpoint Encryption 3.0 File Encryption
    • Endpoint Encryption 3.1 Full Disk Encrypti
    • Endpoint Encryption 3.1 PolicyServer
    • Endpoint Encryption 5.0
    • Endpoint Security Platform 7.2
    • Endpoint Security Platform 8.0
    • Endpoint Security Platform 8.2
    • Hosted Email Security 1.0
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan VirusWall 7.0
    • InterScan Web Security as a Service 2.0
    • Interscan Web Security Hybrid 1.0
    • InterScan Web Security Suite 3.1 Linux
    • InterScan Web Security Suite 3.1 Windows
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Mobile Security for Enterprise 8.0
    • Mobile Security for Enterprise 9.0
    • Mobile Security for Enterprise 9.1
    • Mobile Security for Enterprise 9.2
    • Network VirusWall Enforcer 1500i 3.0
    • Network VirusWall Enforcer 1500i 3.1
    • Network VirusWall Enforcer 1500i 3.5
    • Network VirusWall Enforcer 3500i 3.1
    • Network VirusWall Enforcer 3600i 3.1
    • OfficeScan 10.6
    • OfficeScan 11.0
    • PortalProtect 2.1
    • Remote Manager 3.5
    • Remote Manager 3.6
    • SafeSync for Business 5.1
    • ScanMail for Exchange 10.2
    • ScanMail for Exchange 11.0
    • ScanMail for Lotus Domino 5.0 AIX
    • ScanMail for Lotus Domino 5.0 Windows
    • ScanMail for Lotus Domino 5.0 zLinux
    • ScanMail for Lotus Domino 5.5 Linux
    • ScanMail for Lotus Domino 5.5 Windows
    • SecureCloud as a Service 3.7
    • SecureCloud On-Premise 3.7
    • ServerProtect for EMC Celerra 5.8
    • ServerProtect for Linux 3.0
    • ServerProtect for Microsoft Windows/Novell Netware 5.7
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • ServerProtect for Network Appliance Filer 5.61
    • ServerProtect for Network Appliance Filer 5.62
    • ServerProtect for Network Appliance Filer 5.8
    • ServerProtect for Storage 6.0
    • Smart Protection Complete 1.0
    • Smart Protection for Endpoints 1.0
    • Smart Protection Server 2.6
    • Smart Protection Server 3.0
    • Threat Discovery Appliance 2.5
    • Threat Discovery Appliance 2.6
    • Threat Intelligence Manager 1.0
    • Threat Mitigator 2.6
    • Trend Micro Portable Security 1.1
    • Trend Micro Portable Security 1.5
    • Trend Micro Portable Security 2.0
    • Trend Micro Security for Mac 1.5
    • Trend Micro Security for Mac 2.0
    • Trend Micro SSL 1.0
    • Trend Micro SSL 2.0
    • Vulnerability Protection 2.0
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • N/A N/A
Summary

Learn about the recommendations and the best practices that can help you better protect your network using Trend Micro products.

Details
Public
  • Ensure Trend Micro Products are updated.
  • Always check who the email sender is. If the email is supposedly coming from a bank, verify with your bank if the received message is legitimate. If from a personal contact, confirm if they sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
  • Double-check the content of the message. There are obvious factual errors or discrepancies that you can spot: a claim from a bank or a friend that they have received something from you? Try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
  • Refrain from clicking links in email. In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task.
  • Be aware of social engineering attacks to be safe.
  • Backup important data. Unfortunately, there is no known tool to decrypt the files encrypted by a ransomware. A safe computing practice is to ensure you have back-ups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Cloud storage services (such as SafeSync) can be a useful part of your backup strategy.
  • For best practices in preventing ransomware infection using OfficeScan and Worry-Free Business Security/Services (WFBS/WFBS-SVC), refer to this link.
  • Enable the Ransomware Protection feature available in OSCE 11 SP1 to prevent known ransomware-like behavior in the client’s environment.
  • For best practices in configuring OfficeScan for malware protection, refer to this link.
  • For best practices in enhancing protection against malware threats in Worry-Free Business Security/Services (WFBS/WFBS-SVC), refer to this link.
  • Some malwares arrive as email attachment of spam email messages that use social engineering method to lure users to open and execute it. For this specific malware, the attachment come as a JS file or HTM file. It is strongly suggested to block these files by either by true file type or by extension name (eg. *.js, *.jse, *.htm, or *.html).
    For other types of malware attachments, you may refer to this link on how to filter and block email attachments using Trend Micro's Messaging products.
  • For ERS Advance service (IP reputation) users, make sure that this feature is enabled and QIL is at least set to level 2. Refer to this procedure.
  • For added protection for social engineering attacks, you can take advantage of Trend Micro’s Social Engineering Attack Protection feature integrated with Trend Micro’s InterScan Messaging Security and Hosted Email Security products. More details can be found here.
  • For IMSVA users and during an outbreak, we advise the clients to create a policy that would block executables (or a specific file type/extension known to carry a specific malware) and archive document and zip files which will be submitted to support for further analysis. For your reference, you can follow the links below which can be further customized according to known file type malware carriers:

    The policies above are usually placed after the following rules:

    • Spam rule
    • Antivirus rule
    • Client’s other customize rule (optional)

    The objective is to reject all known spam mails and known malwares and at the same time, get a high confidence sample file that will be submitted to support for further analysis.

  • To ensure that new variants of this malware family is detected, we need to continue collecting samples so it can be submitted for analysis and added to the patterns and solutions if needed.
  • This is best done by filtering and blocking email attachments using Trend Micro's Messaging products. This link provides information on typical file types that carries the said malware, as well as the type of sample files that can be collected during an outbreak.
  • When collecting a sample spam mail with possible TROJ_CRYPWALL v3 involvement, please make sure to send the actual/original spam mail and not the forwarded spam.
  • Collect and submit spam and all quarantined samples for sourcing and analysis. For new cases you may upload 1 ZIP or RAR file (up to 50 MB) that is protected with the password "virus" to this link.
    FTP will be helpful for other samples. ZIP or RAR files that is protected with the password "virus"
    • SMEX and WFBS-Messaging Security Agent Quarantined mails
      Please resend all quarantined mails from MSA or SMEX server side to specific recipient for sourcing. To resend a message that is displayed in the Quarantine Log, place a checkmark in the box corresponding to that message’s row in the log and then click Resend. Spam from client side can be pulled out from either spam folder or junkmail.folders.
    • IMSVA Quarantined mails
      For IMSVA please download the files from the IMSVA console>Mail Areas & Queues>Query>Quarantine tab. Display logs then click specific emails to download copies.
  • If Trend Micro product, ATTK scan and other Trend Micro anti-malware tools did not find or detect any malware, do this procedure to collect suspicious samples and system information.
  • Normal filtering configuration should be reverted once the alert has passed.

For related reports, visit our Threat Encyclopedia.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1112776
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.