• Admin permission to your Cloud App Security console
• One Exchange Online ATP (Advanced Threat Protection) policy with Real-time Scanning enabled
• One or more Exchange Online mailboxes protected by Cloud App Security as a selected target of the test policy
• One external email address e.g. Gmail, Zoho, Exchange, Yahoo, etc.

To test Advanced Spam Protection, please ensure that:

• The “Enable Advanced Spam Protection” option is checked.
• The rules are applied to “All messages”.

Antispam Engine - BEC

1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroSNAPBECTesting”) and send it to your test target mailbox.

   

2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “BEC".

   

Antispam Engine - Other Spam

1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroCSASSubjectRuleTesting”) and send it to your test target mailbox.

   

2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “Other spam”.

   

Antispam Engine - Phishing

1. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroPhishingTesting”) and send it to your test target mailbox.

   

2. In the Logs tab, confirm that the email is detected by “Antispam engine” and that the Security Risk Name is “Phishing”.

   

Antispam Engine-Writing Style

1. Ensure that “Enable writing style analysis” under “Writing Style Analysis for BEC” is checked in the test policy.

   

2. Go to “High Profile Users” in Administration > Global Settings and add a user from your organization.

   

   

3. Change the display name of the sender’s email to that of the high-profile user.

   Here are the settings related to Gmail:

   

4. Compose an email with an external email service (e.g., Gmail, with the subject “ThisIsTrendmicroPhishingTesting”) and send it to your test target mailbox.

   

5. In the Logs tab, confirm that the email is detected by “Writing style analysis” and that the Security Risk Name is “BEC”.

   

Pattern-Based Scanning

1. Download an EICAR file from Download Anti Malware Testfile – Eicar.
2. In the Malware Scanning test policy, ensure that "Scan all files" is selected and that the rules are applied to "All messages".

   

3. Send an email with the EICAR file attached to the test user. In the example below, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

   

4. In the Logs tab, confirm that the email is detected by Pattern-Based Scanning and the Security Risk Name is "Malware: Eicar_test_file".

   

TrendX (Predictive Machine Learning)

1. In the Malware Scanning test policy, ensure that "Scan all files" is selected and that the rules are applied to "All messages".

   

2. In the Malware Scanning test policy, ensure that “Enable Predictive Machine Learning” and “Allow Trend Micro to collect suspicious files to improve its detection capabilities” are checked.

   

3. Download TrendX.zip and unzip the file with the password “virus”.
4. Compose an email with the unzipped files attached and send it to the test target mailbox. In the example, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

   

5. In the Logs tab, confirm that the email is detected by Predictive Machine Learning and that the Security Risk Name is “Malware: Ransom.Win32.TRX.XXPE1”.

   

1. In the File Blocking test policy, ensure that “Enable File Blocking” is checked and that “Block All Files” is selected for “Type of File Blocking”.

   

2. Compose an email with any file attached and send it to the test target mailbox.

   

3. In the Logs tab, confirm that the email is detected and that the Security Filter is “File Blocking”.

   

1. In the Web Reputation test policy, ensure that “Enable Web Reputation” is checked.

   

2. Compose an email with the link in the message body and send it to the test target mailbox.

   

3. In the Logs tab, confirm that the email is detected and that the Security Filter is “Web Reputation”.

   

1. In the Virtual Analyzer test policy, ensure that “Enable Virtual Analyzer” is checked and that the rules are applied to “All messages”.

   

   If the option is greyed out, please change “Apply to” in “Malware Scanning” rules to “All messages” firstly because VA analysis is dependent on the malware scanning result.

   

2. Download the PDF sample and unzip it with the password “virus”.
3. Compose an email with the unzipped pdf file attached and send it to the test target mailbox. In the example, an internal email using Exchange Online within the same organization is composed to avoid detection by most online email services.

   

4. In the Logs tab, switch the Type to “Virtual Analyzer” and confirm that there is a record with Virus Name as “HEUR_PDFF.SPACE”.

   

1. Add a test DLP policy for Exchange Online. Ensure that “Enable Real-time Scanning” is selected and that the test user is set as "Selected Targets".

   

2. Ensure that “Enable Data Loss Prevention” is selected and “All: Credit Card Number” is set as "Selected Compliance Template(s)".

   

3. Compose an email with some test credit card numbers like below. If you don’t have one, you may find some from Test Payflow Transactions (paypal.com).

   

4. In the Logs tab, switch the Type to “Data loss Protection” and confirm that there is a record with the credit card numbers under Violating Content.