Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Hosted Email Security Data Collection Notice

    • Updated:
    • 26 Jun 2018
    • Product/Version:
    • Hosted Email Security 3.0
    • Platform:
    • N/A N/A
Summary

The following sections outline the features that collect data, the data transmitted, and the locations on the product console where you can disable the features.

Details
Public

Domains

Upon registration of a domain in Hosted Email Security for protection, the administrator must specify the domain name and the incoming mail server IP address or FQDN responsible for the domain.

 
If a domain is deleted, Hosted Email Security purges its information and does not provide protection for the domain anymore.
Data collected
  • Domain names
  • IP addresses and/or FQDN of incoming email servers
  • IP addresses and/or FQDN of outgoing email servers
Console location

Add domains:

  • Domains > Add

Delete domains:

  • Domains > Delete

Domains

Console settings

Back to top

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital fingerprinting, API mapping, and other file features.

 
Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect new, previously unidentified, or unknown threats.
Data collected
  • Metadata of suspicious executable files and scripts in cloud storage services
  • Metadata of suspicious executable files and scripts in email attachments
Console locationInbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings

Enable Predictive Machine Learning

Predictive Machine Learning

Back to top

Predictive Machine Learning Feedback

Predictive Machine Learning feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.

 
Disabling Predictive Machine Learning feedback prevents the mentioned data from being sent to Trend Micro, but affects the enhancement of Hosted Email Security to rapidly identify and address new threats.
Data collectedSuspicious executable files and scripts in email attachments
Console locationInbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”
Console settings

Allow Trend Micro to collect suspicious files to improve its detection capabilities

Predictive Machine Learning Feedback

Back to top

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious applications, files, and scripts. Sandbox images allow observation of application, file, and script in an environment that simulates endpoints on your network without any risk of compromising the network.

 
Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect advanced malware in files.
Data collected
  • Suspicious applications and executable files
  • Suspicious scripts
  • Suspicious documents with macro
  • Other suspicious files from Trend Micro Advanced Threat Scan Engine
Console location

Inbound Protection > Policy > Virus Policy > Scanning Criteria > Message contains “malware or malicious code”

  • Enable Virtual Analyzer
  • Include macro, JSE, and VBE scanning

    Specify Advanced settings Virtual Analyzer

Inbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Social Engineering attack

  • Enable Virtual Analyzer

    Enable Virtual Analyzer

Console settings

Back to top

Spam

Hosted Email Security uses Trend Micro Anti-Spam Engine to provide advanced spam protection and protect users from spam.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect spam.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects, “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings

Spam

Spam

Back to top

Business Email Compromise (BEC)

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from BEC attacks.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect BEC attacks.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects, “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings

Business Email Compromise (BEC)

Business Email Compromise

Back to top

Phishing

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from advanced phishing.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect phishing and other suspicious content.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects, “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings

Phishing and other suspicious content

Phishing

Back to top

Graymail

Hosted Email Security uses Trend Micro Anti-Spam Engine to protect users from graymail.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect graymail.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects, “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings

Graymail

Graymail

Back to top

High Profile Users

Hosted Email Security allows administrators to add high profile users that may be frequently forged or spoofed, either by manually adding single users or by synchronizing groups from Active Directory.

 
If a high profile user is deleted, Hosted Email Security does not check incoming email messages from this user for BEC attacks anymore.
Data collectedFirst names, middle names, last names and group names
Console locationInbound Protection > Business Email Compromise (BEC)
Console settings

Source: Custom

High Profile Users

Back to top

Web Reputation

Hosted Email Security leverages Trend Micro Web Reputation Services to scan URLs contained in email subject and body to detect malicious URLs based on their reputation scores.

 
Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.
Data collected
  • URLs in the email body
  • URLs in email subjects
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as
Console settings

Web Reputation

Web Reputation

Back to top

Time-of-Click Protection

Hosted Email Security leverages Trend Micro’s Time-of-Click Protection service to provide the ability to rewrite URLs in the email message body during scanning, and analyze the URLs at the time when the message recipient clicks on these URLs.

 
Disabling Time-of-Click Protection prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect malicious URLs.
Data collectedURLs in the email body
Console locationInbound Protection > Policy > Spam Policy > Scanning Criteria > Message detected as > Web Reputation
Console settings

Enable Time-of-Click Protection

Time-of-Click Protection

Back to top

IP Reputation

Hosted Email Security leverages Trend Micro Email Reputation Services to verify IP addresses of incoming email messages using one of the world's largest, most trusted reputation database, along with a dynamic reputation database to identify new spam and phishing sources, stopping even zombies and botnets as they first emerge.

 
Disabling IP Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Hosted Email Security to detect and block spam from known and emerging spam sources.
Data collectedSource IP addresses of incoming email messages
Console locationInbound Protection > IP Reputation > Settings
Console settings

Settings

IP Reputation

Back to top

Active Directory Synchronization

Hosted Email Security allows administrators to enable Active Directory synchronization from the administrator console. Installed on the local network, the Active Directory Synchronization Tool performs actual synchronization as configured. Data synchronized includes Active Directory user email addresses, display names, and groups.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected
  • Display names
  • Email addresses
  • Active Directory user groups
Console locationAdministration > Web Services & Tools > Applications
Console settings

Status

Active Directory Synchronization

Back to top

Directory Import

Directory Import allows administrators to import a list of valid recipients’ email addresses and display names from a CSV file.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the feature at least once.

Data collected
  • Display names
  • Email addresses
Console locationAdministration > Directory Management > Directory Import
Console settings

Directory Import

Back to top

Unique Email Addresses

Hosted Email Security maintains a list of unique email addresses collected from inbound and outbound messages, which will be used for license verification.

Customers with a valid Hosted Email Security license may contact Trend Micro Technical Support to request for purging such data if they have used the service at least once.

Data collectedEmail addresses
Console locationDashboard > Unique Email Addresses
Console settings

Unique Email Addresses

Unique Email Addresses

Back to top

Logs

 

Hosted Email Security stores logs of all processed email messages for the administrator to use and query. Policy event logs and URL click tracking logs are kept for 30 days, and mail tracking logs are kept for 90 days. Audit logs are kept for 12 months, but the administrator can query audit logs of up to 30 days. The number of days kept is not configurable.

After scheduled log deletion, all log data will be purged and cannot be retrieved.

Data collected
  • Sender email addresses
  • Recipient email addresses
  • Email subjects
  • Sender IP addresses
  • Recipient IP addresses
  • Attachment names
  • Message IDs
Console locationLogs
Console settings

Logs

Logs

Back to top

Quarantine

 
Email messages quarantined for any reason are kept by Hosted Email Security for a maximum of 30 days. During this period, the administrator may be able release them or inspect them if further analysis is required. After that period, the data will be purged permanently.
Data collectedEmail messages quarantined
Console locationQuarantine > Query
Console settings

Quarantine

Back to top

Profile

Hosted Email Security administrators and subaccounts may fill in their contact information on the administrator console. Trend Micro uses the contact information only to send important notifications and service advisories related to Hosted Email Security.

 
The administrator account can delete its subaccounts to remove their contact information from Hosted Email Security. Customers may contact Trend Micro Technical Support to request for purging such data if they have filled in the profile for their licensed account.
Data collected
  • First names and last names
  • Mobile numbers
  • Email addresses
Console locationAccount Name > Profile
Console settings

Profile

Profile

Back to top

Account Management

 
If a subaccount is deleted, its email address will also be removed.
Data collectedEmail addresses
Console location

Add accounts:

  • Administration > Account Management > Add

    Add Subaccount

Delete accounts:

  • Administration > Account Management > Delete

    Account management>

Console settings

Back to top

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1120199
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.