Introduction
The allowlist policies that need to be created in Trend Micro depends on the User Protection solution you have purchased:
Cloud App Security
Trend Micro Cloud App Security provides Content Scanning to detect certain types of attacks distributed through email messages. To allow our emails to be delivered, you will need to create/modify the Default Exchange Policy ATP. Inside the policy, we will add our email stack information to the approved sender list for the below two settings
Advanced Spam Protection
- Select Advance Spam Protection on the left-hand side of the screen
- Check the box to Enable Advanced Spam Protection.
- Configure Rules settings:
- Apply To: Incoming Messages
- Detection Level: Medium
- Click on Approved Header Field
- Check the box to Enable the approved header field
- Enter the following information:
- Name: X-PHISH
- Operator: Contains
- Value: security awareness phishing simulation test from Infosec Institute
- After adding the domains, click Save
Web Reputation Services
- Select Web Reputation on the left-hand side
- Check the box to Enable Web Reputation
- Select Rules
- In the Apply To: drop-down menu, select All Messages
- Select Medium in the Security Level Section
- Click on Approved Header Field
- Check the box to Enable the approved header field
- Enter the following information:
- Name: X-PHISH
- Operator: Contains
- Value: security awareness phishing simulation test from Infosec Institute
- After adding the domains, click Save
Trend Micro Email Security
Trend Micro Email Security will not perform the following checks on email messages from senders added to the Approved Senders list:- IP reputation-based filtering
- Unknown sender domain check
- Spam
- BEC
- Phishing
- Social engineering attack
- Web reputation
- Graymail
To configure the Approved Senders list:
- Login to the Trend Micro console
- Navigate to the Inbound Protection menu and select Connection Filtering
- From there, select Sender Filter and then Approved Senders
- Specify the senders to allow by using our phishy domains. The following syntax must be used when adding our phishy domains: *@example.com
- If you would like a complete list of all of our phishy domains, please contact our support team: customer-support@infosecinstitute.com
Note: Trend Micro Email Security still performs virus scanning and content filtering on all messages received and takes the action configured in policy rules once detecting any virus or content filtering violation. Because of this, Attachment Attacks cannot be used.
Direct SMTP Sending
Depending on how you have your Trend Micro Email Security configured, you may need to set up Direct SMTP sending in your Infosec IQ account. By setting this up, it allows you to completely bypass Trend Micro and have all email traffic from Infosec IQ flow from your firewall to your email environment over Port 25. To learn more, visit the Sending Configurations section in our Knowledge Base or contact our support team: customer-support@infosecinstitute.comScanMail for Microsoft Exchange
If you have ScanMail for Microsoft Exchange configured for your mail environment, you will need to add our Phishy Domains to the Web Reputation approved URL list. The Web Reputation policy specifically scans all incoming emails and checks the URLs. When these URL checks happen, the learner will get marked as being Phished in Infosec IQ. To add our URLs:
- Login to ScanMail
- Select Web Reputation on the left-hand side
- Check the box to Enabled approved URL list
- Add our Phishy Domains
- Individually: Enter the URL in the approved URL box and click add
-
Bulk Add: Click Import and select the CSV file of our Phishy Domains
- If you don’t have a list of our Phishy Domains, please contact your Client Success Manager or our support team (customer-support@infosecisntitute.com)
