Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Email Security Data Collection Notice

    • Updated:
    • 2 Aug 2018
    • Product/Version:
    • Trend Micro Email Security 1.0
    • Platform:
    • N/A N/A
Summary

Trend Micro Email Security includes the following modules which may cause the corresponding personal data to be transmitted to Trend Micro. Detailed information and instructions are provided below for opt-out of the personal data collection by disabling specific modules. Modules that cannot be disabled are indicated below.

Details
Public

Profile

Trend Micro Email Security administrators and subaccounts may fill in their contact information on the administrator console. Trend Micro uses the contact information only to send important notifications and service advisories related to Trend Micro Email Security.

 
The administrator account can delete its subaccounts to remove their contact information from Trend Micro Email Security. The mentioned data will be purged after the administrator account is deprovisioned.
Data collected
  • First names and last names
  • Mobile numbers
  • Email addresses
Console locationAccount Name > Profile

profile

Back to top

Provisioning

When you first log on to the administrator console, Trend Micro Email Security launches a provisioning wizard for you to provision your Trend Micro Business Account.
The mentioned data will be purged after the administrator account is deprovisioned.

Data collected
  • Account email addresses
  • Phone numbers
  • Title
  • First names and last names
  • Company information
  • Contact information (address, city, state, zip, and country)
Console locationSuch information is synchronized from the Customer License Portal (CLP) or Licensing Management Platform (LMP).

Back to top

Domains

Upon registration of a domain in Trend Micro Email Security for protection, the administrator must specify the domain name and the incoming mail server IP address or FQDN responsible for the domain.

 
If a domain is deleted or the licensed account is deprovisioned, Trend Micro Email Security purges its information and does not provide protection for the domain any more.
Data collected
  • Domain names
  • IP addresses and/or FQDNs of incoming mail servers
  • IP addresses and/or FQDNs of outgoing mail servers
Console locationAdministrator Console > Domains

domains

Back to top

Predictive Machine Learning

Trend Micro Predictive Machine Learning uses advanced machine learning technology to correlate threat information and perform in-depth file analysis to detect emerging unknown security risks through digital fingerprinting, API mapping, and other file features.

 
Disabling Predictive Machine Learning prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect new, previously unidentified, or unknown threats.
Data collected
  • Metadata of suspicious executable files and scripts in cloud storage services
  • Metadata of suspicious executable files and scripts in email attachments
Console locationInbound Protection > Virus Scan> Virus Policy> Policy Name > Scanning Criteria
Console settings
  • Enable Predictive Machine Learning

PML

Back to top

Predictive Machine Learning Feedback

Predictive Machine Learning feedback enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment.

 
Disabling Predictive Machine Learning feedback prevents the mentioned data from being sent to Trend Micro, but affects the enhancement of Trend Micro Email Security to rapidly identify and address new threats.
Data collected
  • Suspicious executable files and scripts in email attachments
Console locationInbound Protection > Virus Scan > Virus Policy > Policy Name > Scanning Criteria
Console settings
  • Allow Trend Micro to collect suspicious files to improve its detection capabilities

PMLF

Back to top

Virtual Analyzer

Virtual Analyzer is a cloud sandbox designed for analyzing suspicious applications, files, and scripts. Sandbox images allow observation of application, file, and script in an environment that simulates endpoints on your network without any risk of compromising the network.

 
Disabling Virtual Analyzer prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect advanced malware in files.
Data collected
  • Suspicious applications and executable files
  • Suspicious scripts
  • Suspicious documents with macro
Console locationInbound Protection > Virus Scan> Virus Policy > Policy Name > Scanning Criteria
Console settings
  • Enable Virtual Analyzer
  • Include macro, JSE and VBE scanning

VA

Back to top

Spam Filtering

Trend Micro Email Security uses Trend Micro Anti-Spam Engine to provide advanced spam protection and protect users from spam.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect spam.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects
  • “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Spam

spam filtering

Back to top

Business Email Compromise (BEC)

Trend Micro Email Security uses Trend Micro Anti-Spam Engine to protect users from BEC attacks.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect BEC attacks.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects
  • “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Business Email Compromise (BEC)

BEC

Back to top

Phishing

Trend Micro Email Security uses Trend Micro Anti-Spam Engine to protect users from advanced phishing.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect phishing and other suspicious content.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects
  • “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Phishing and other suspicious content

phishing

Back to top

Graymail

Trend Micro Email Security uses Trend Micro Anti-Spam Engine to protect users from graymail.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect graymail.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects
  • “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Graymail

graymail

Back to top

Social Engineering Attack

Trend Micro Email Security uses Trend Micro Anti-Spam Engine to protect users from social engineering attacks.

 
Disabling the criteria prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect social engineering attacks.
Data collected
  • Sender IP addresses
  • Sender HELO information
  • Email subjects
  • “From” and “To” addresses
  • Email body
  • Attachment names
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Social engineering attack

SEA

Back to top

High Profile Users

Trend Micro Email Security allows administrators to add high profile users that may be frequently forged or spoofed, either by manually adding single users or by synchronizing groups from directories.

 
If a high profile user is deleted, Trend Micro Email Security does not check incoming email messages from this user for BEC attacks any more.
Data collected
  • First names
  • Middle names
  • Last names
  • Group names
Console locationInbound Protection > Spam Filtering > Business Email Compromise (BEC)

high-profile users

Back to top

Web Reputation

Trend Micro Email Security leverages Trend Micro Web Reputation Services to scan URLs contained in email subject, body and attachments to detect malicious URLs based on their reputation scores.

 
Disabling Web Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect malicious URLs.
Data collected
  • URLs in email body
  • URLs in email subjects
  • URLs in attachments
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria
Console settings
  • Web Reputation

web reputation

Back to top

Time-of-Click Protection

Trend Micro Email Security leverages Trend Micro’s Time-of-Click Protection service to provide the ability to rewrite URLs in the email message body during scanning, and analyze the URLs at the time when the message recipient clicks on these URLs.

 
Disabling Time-of-Click Protection prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect malicious URLs.
Data collected
  • URLs in the email body
Console locationInbound Protection > Spam Filtering > Spam Policy > Policy Name > Scanning Criteria > Web Reputation>
Console settings
  • Enable Time-of-Click Protection

TOC

Back to top

IP Reputation

Trend Micro Email Security leverages Trend Micro Email Reputation Services to verify IP addresses of incoming email messages using one of the world's largest, most trusted reputation database, along with a dynamic reputation database to identify new spam and phishing sources, stopping even zombies and botnets as they first emerge.

 
Disabling IP Reputation prevents the mentioned data from being sent to Trend Micro, but severely affects the ability of Trend Micro Email Security to detect and block spam from known and emerging spam sources.
Data collected
  • Source IP addresses of incoming email messages
Console locationInbound Protection > Connection Filtering > IP Reputation > Settings

IP reputation

Back to top

Suspicious Objects

After Trend Micro Email Security is registered to Trend Micro Control Manager, Control Manager automatically synchronizes the suspicious objects with Trend Micro Email Security at a scheduled time interval. In addition to its own scanning mechanism, Trend Micro Email Security implements these suspicious objects during URL and file scanning.
Customers can make configurations on the Control Manager to stop synchronizing suspicious objects.
The mentioned data will be purged after the administrator account is deprovisioned.

Data collected
  • File SHA1
  • URLs
Console locationAdministration > Suspicious Objects

suspicious objects

Back to top

Directory Synchronization

Trend Micro Email Security provides a synchronization tool that enables you to synchronize your current groups and email accounts from the Active Directory, Open LDAP and Azure AD servers with the Trend Micro Email Security server.
The mentioned data will be purged after the administrator account is deprovisioned.

Data collected
  • Display names
  • Email addresses
  • Group email addresses
  • Group and member relationships
  • Email aliases
Console locationAdministration > Directory Management > Directory Synchronize

directory synchronisation

Back to top

Directory Import

Directory Import allows administrators to import a list of valid recipients’ email addresses and display names from a CSV file.
The mentioned data will be purged after the administrator account is deprovisioned.

Data collected
  • Display names
  • Email addresses
Console locationAdministration > Directory Management > Directory Import

directory import

Back to top

Logs

 
Trend Micro Email Security stores logs of all processed email messages for the administrator to use and query. Policy event logs and URL click tracking logs are kept for 30 days, and mail tracking logs are kept for 90 days.
Audit logs are kept for 12 months, but the administrator can query audit logs of up to 30 days. The number of days kept is not configurable.
After scheduled log deletion, all log data will be purged and cannot be retrieved.
Data collected
  • Sender email addresses
  • Recipient email addresses
  • Email subjects
  • Sender IP addresses
  • Recipient IP addresses
  • Attachment names and hash
  • Message IDs
Console locationLogs

logs

Back to top

Syslog

Trend Micro Email Security allows you to forward syslog messages to an external syslog server in a structured format, which allows third-party application integration.
The mentioned data will be purged after the syslog server profiles are deleted or the administrator account is deprovisioned.

Data collected
  • Syslog server addresses, ports and protocols
Console locationLogs > Syslog Settings > Syslog Server Profiles

syslog

Back to top

Quarantine

 
Email messages quarantined for any reason are kept by Trend Micro Email Security for a maximum of 30 days. During this period, the administrator may be able release them or inspect them if further analysis is required. After that period, the data will be purged permanently.
Data collected
  • Email messages quarantined
Console locationQuarantine > Query

quarantine

Back to top

Email Continuity

Trend Micro Email Security provides protection against email loss if your email server goes down. If your server becomes unavailable due to a crash or network connectivity problem, Trend Micro Email Security automatically transfers inbound traffic to a backup server until your server is back online.

 
Disabling this feature will prevent end users from using the continuity mailbox provided on the End User Console to manage their email messages when the email server goes down.
The mentioned data will be purged after the administrator account is deprovisioned.
Data collected
  • Email data and metadata (including subjects and sender addresses)
Console locationAdministration > Email Continuity

email continuity

Back to top

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1120463
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.