Whitelist Implementation for Trend Micro
Whitelisting by domain in Trend Micro
Advanced Spam Protection
1. Navigate to the Advanced Threat Protection tab > Add.
2. Select the policy to create based on the service:
- Exchange
- OneDrive
- SharePoint
- Box
- Dropbox
3. On the left, select Advanced Spam Protection.
4. Check the Enable Advanced Spam Protection option.
5. Select the Approved/Blocked Sender List section.
6. Check the Enable the approved sender list option.
7. Enter *livefense.com in the text field and click the Add button.
8. Select the Rules configuration section.
9. Under the Apply to: combobox, select the Incoming messages option.
10. For Detection Level:, select the Medium option.
Malware Scanning
11. On the left, select Malware Scanning.
12. Select the Rules section.
13. Under the Apply to: combobox, select the Incoming messages option.
14. Under Malware Scanning, select Scan all files and check the boxes Scan message body and Enable IntelliTrap.
15. Select the Action section.
16. For Action:, select the Trend Micro recommend actions option.
17. For Notification:, select the Notify option.
Web Reputation
18. On the left, select Web Reputation.
19. Check the Enable Web Reputation option.
20. Select the Rules section.
21. Under the Apply to: combobox, select the All messages option.
22. For Security Level:, select the Medium option.
23. Select the Approved/Blocked URL List section.
24. Check the box Enable the approved URL list option.
25. Check the box Add internal domains to the approved URL list option.
26. Enter SMARTFENSE's IPs and domains as hostnames in the corresponding text field.
27. Then, click the Add > button.
Virtual Analyzer
28. On the left, select Virtual Analyzer.
29. Check the Enable Virtual Analyzer option.
30. In the Approved Sender List, add the email address info@livefense.com as shown in the following image.
31. Click the Save button.
Once all steps in each section are completed, your new policy will appear under the Advanced Threat Protection tab.
Allow Phishing campaign emails to end users with Hosted Email Security (HES)
Without scanning email URLs in Phishing campaigns
1. On the Hosted Email Security (EMS) console, go to:
a. Inbound Protection > Policy Objects > Keyword Expressions.
2. Create a new keyword expression for SMARTFENSE
a. Set Match to Any Specified.
b. Click the Add button.
c. Enter the following keywords/phrase:
i. SMARTFENSE
ii. This is a phishing security test from SMARTFENSE that has been authorized by the recipient organization.
d. Click Save.
3. Go to your policies and select Inbound Protection > Policy.
4. Choose the domain where you want to apply the policy to, and then click Add.
5. Under the Basic Information setting, set a name for your new policy and tick Enable.
6. Under the Recipients and Senders setting, set the following:
a. In the Recipients section, choose My domains and select from the available domains, then click Add.
b. In the Senders section, choose Anyone to use any email addresses for a rule since SMARTFENSE uses random email addresses to send its phishing campaign emails.
7. Under the Scanning Criteria setting, configure the following:
a. Click Advanced.
b. Enable the Specified header matches checkbox.
c. Click keyword expressions link.
d. Under Specified Header Matches, select Other and type X-PHISHINGSIMULATION.
e. Choose the keyword expression you have created and click Add.
f. Click Save.
8. Under the Actions setting, choose Deliver now.
9. Review the summary of your policy. It should look similar to the image below:
10. Make this new policy the first rule on your list of policies for it to take precedence before the other policies. Click the up arrow button to move this rule to the top of your policy list.
In this case, if the keyword matches, the email will not go through the rest of the policies and it would get delivered immediately to the end user. No attachment, URL, or other content will be further checked by Hosted Email Security (HES).
For Trend Micro Email Security (TMEMS) Users
Without scanning email URLs in Phishing campaigns
1. On the Trend Micro Email Security (EMS) console, go to Administration > Policy Objects > Keyword Expressions.
2. Create a new keyword expression for SMARTFENSE
a. Set Match to Any Specified.
b. Click the Add button.
c. Enter the following keywords/phrase:
i. SMARTFENSE
ii. This is a phishing security test from SMARTFENSE that
has been authorized by the recipient organization.
d. Click Save.
3. Go to your policies and select Inbound Protection > Policy.
4. Choose the domain where you want to apply the policy to, and then click Add.
5. Under the Basic Information setting, set a name for your new policy and tick Enable.
6. Under the Recipients and Senders setting, set the following:
a. In the Recipients section, choose My domains and select from the available
domains, then click Add.
b. In the Senders section, choose Anyone to use any email addresses for a rule since SMARTFENSE uses random email addresses to send its phishing campaign emails.
7. Under the Scanning Criteria setting, configure the following:
a. Click Advanced.
b. Enable the Specified header matches checkbox.
c. Click the keyword expressions link. It will show a new window where you can select the keyword expression you created earlier.
d. Under Specified Header Matches, select Other and type
X-PHISHINGSIMULATION.
e. Choose the keyword expression you have created and click Add.
f. Click Save.
8. Under the Actions setting, choose Deliver now, and select To the default mail server.
9. Review the summary of your policy. It should look similar to the image below:
10. Once verified, click Submit.
11. Make this new policy the first rule on your list of policies for it to take precedence before the other policies. Click the up arrow button to move this rule to the top of your policy list.
In this case, if the keyword matches, the email will not go through the rest of the policies and it will get delivered immediately to the end-user. No attachment, URL, or other content will be further checked by Trend Micro Email Security (EMS).
Whitelist Implementation for AppRiver
1. First, log onto the AppRiver Admin Center.
2. Select Filters > IP Addresses.
3. Under Allowed IP Addresses, add our IP addresses. For the most up-to-date list of our IP addresses, please see the Settings > Whitelist section in your SMARTFENSE instance.
4. Click Save.
Whitelist Implementation for Cisco IronPort
IP Whitelist
1. From the Cisco IronPort console, go to the Mail Policies tab.
2. Choose HAT Overview. Ensure to choose InboundMail lister.
3. Click WHITELIST.
4. Click Add Sender and add our IPs:
160.153.250.248
108.179.236.243
190.210.135.44
5. Click Submit and Commit Changes.
Skipping Outbreak Filter Scanning
1. From the Cisco IronPort console, go to the Mail Policies tab.
2. Under Message Modification, enter our IPs in the Bypass Domain Scanning table:
160.153.250.248
108.179.236.243
190.210.135.44
3. Click Submit and Commit Changes.
Whitelist Implementation for Zoho email clients
Please add the IP address to the Trusted list in your admin panel to receive from that IP in your Inbox.
Steps to add the sender IP to the Trusted list:
- Login to the Zoho Mail account as the administrator.
- Click on Control panel > Mail Administration > Spam control > Whitelist > Trusted IP list.
- Click the Add IP Address button and enter the IP address and save the changes.
User Spam Settings
Go to the following official links:
FortiGuard - Cancellation or reclassification of web domain classification
(For our domains which FortiGuard can take as malicious)
Web rating overrides allow you to apply a category override to a URL. This overrides the original FortiGuard category for the URL with either a different FortiGuard category, a custom local category, or a threat feed remote category.
If a URL is in multiple active categories, the order of precedence is local categories, then remote categories, and then FortiGuard categories.
In that case, provide the following link to the administrator so that they can review and apply it:
https://docs.fortinet.com/document/fortigate/latest/administration-guide/122974/web-rating-override