Data Analysis Report

Table of Contents

1 About This Report 3

2 Basic Information 3

3 List of Terms 3
4 Report Overview 3

5 Detailed Report 4
5.1 Dashboard 4

5.2 System Status 4

5.3 Cloud Pre-Filter 4

5.4 Policy 4

5.4.1 Policy List 4

5.4.2 Scanning Exceptions 8

5.4.3 Approved List 8

5.4.3.1 DKIM Approved List 9

5.4.3.2 Web Rep. Approved List 9
5.4.3.3 URL Keyword Exception List 9
5.4.4 Policy Objects 9

5.4.4.1 Address Groups 9

5.4.4.2 Keywords & Expressions 9

5.4.4.3 DLP Compliance Templates 12

5.4.4.4 DLP Data Identifiers 12
5.4.4.5 Policy Notifications 13

5.4.4.7 Stamps 13
5.4.5 Scan Engine 14
5.4.6 Internal Address 14

5.4.7 Smart Protection 14

5.4.8 Virtual Analyzer 14
5.4.9 Encryption Settings 14

5.4.10 Time-of-Click Protection 15

5.5 Sender Filtering 15
5.5.1 Overview 15

5.5.2 Rules 15
5.5.3 Email Reputation 15
5.5.4 Approved List 15

5.5.5 Blocked List 15

5.5.6 Suspicious IP 16

5.5.7 DMARC 16
5.6 Reports 16
5.7 Logs 16
5.8 Mail Areas & Queues 16
5.9 Administration 16
5.9.1 Administration (all except DKIM Signature) 16

5.9.2 Administration > IMSVA Configuration > DKIM Signature 16

2/16
1 About This Report

This report describes detailed results of the migration from IMSS/IMSVA to Trend Micro Email Security performed by Trend Micro Email
Security administrators on the administrator console. For more information, refer to the online help at the following link:

https://docs.trendmicro.com/en-us/enterprise/tmems/olh/migrating_data_from_imsx

2 Basic Information

Report Generated 05/17/2021 05:05:35 (UTC)

Trend Micro Email Security Account bpil

Migration Mode Merge

IMSS/IMSVA Configuration File Config_Files_20210517_222943.dat

IMSS/IMSVA Version IMSVA 9.1

IMSS/IMSVA Build Number 2025

IMSS/IMSVA Language en_US

3 List of Terms

Successful : All settings in this state are migrated to Trend Micro Email Security without any issue.

Warning : There are some minor issues about settings in this state, and the settings can be automatically handled by Trend

Micro Email Security. You only need to confirm these warning settings after migration.

Error : There are some critical issues about settings in this state, but the settings are still migrated to Trend Micro Email Security.

During migration, some improper settings may be removed or modified. The settings in Trend Micro Email Security may be

unexpected after migration, and the corresponding policies are disabled temporarily. You need to fix these error settings and

enable the policies manually after migration.

Not supported : Settings in this state are not supported in Trend Micro Email Security and are not migrated. If you need these
settings, you have to add them in Trend Micro Email Security manually.

4 Report Overview

Name Successful Warning Error Not supported

Policy List 19 0 5 0

Policy Objects > Address Groups 1 0 0 0

Policy Object > Keywords and Expressions 12 0 3 3

Policy Object > DLP Compliance Templates 0 0 0 0

Policy Object > DLP Expressions 0 0 0 0

Policy Object > DLP Keyword Lists 0 0 0 0

Policy Object > DLP File Attributes 0 0 0 0

Policy Object > Policy Notifications 3 3 0 0

Policy Object > Stamps 1 0 0 0

3/16
5 Detailed Report

This chapter describes details about the migration of the settings on the IMSS/IMSVA administrator management console, including

the migration scope and migration result. All settings on the EUQ management console are not migrated.

5.1 Dashboard

Not migrate.

The dashboard is a statistical summary of past mail traffic and scanning results. Trend Micro Email Security provides a more powerful

dashboard feature.

5.2 System Status

Not migrate.

Trend Micro Email Security is a cloud-based product. It is unnecessary to display system status information.

5.3 Cloud Pre-Filter

Not migrate.

Trend Micro Email Security is a cloud-based product. It is unnecessary to display cloud pre-filter information.

5.4 Policy

5.4.1 Policy List

Partially migrate.

Migration scope:

Not migrate policies for POP3 messages, which are configured when you specify a policy route.

Not migrate "Other" policies whose scanning condition relationship is set to "AND", unless all conditions selected are content

related.
Not migrate C&C email settings in the scanning conditions for "Other" policies.

Migration remarks:

If a policy in IMSS/IMSVA is applied for both incoming and outgoing protection, it is split into two rows in the following table. One
is for inbound protection and the other is for outbound protection.

Policies under Policy > Policy List in IMSS/IMSVA are migrated to different destination locations in Trend Micro Email Security.

The following table lists the detailed destination locations of these policies.

Destination
Name Direction Result Description
Location

Block email address Incoming Successful Inbound Protecti

on > Content Filt

ering

Compliance - Cardhold Outgoing Successful Outbound Protec

er Information
tion > Data Loss

Prevention (DLP)

4/16
Compliance - Financial Outgoing Successful Outbound Protec
and Banking
tion > Data Loss

Prevention (DLP)

Compliance - Health Inf Outgoing Successful Outbound Protec

ormation
tion > Data Loss
Prevention (DLP)

Compliance - Personal I Outgoing Successful Outbound Protec

dentification
tion > Data Loss
Prevention (DLP)

Copy of Spam Fax Mail Incoming Successful Inbound Protecti

on > Spam Filteri

ng > Spam Policy

Inbound Protecti

on > Content Filt

ering

Copy of Spam Fax Mail Incoming Successful Inbound Protecti

on > Spam Filteri

ng > Spam Policy

Inbound Protecti
on > Content Filt

ering

Default Spam Policy Ou Outgoing Error Keyword or expression referenced by the policy is i Outbound Protec
tgoing
nvalid. (3) tion > Spam Filte
Profanity ring

Racial Discrimination Outbound Protec

Sexual Discrimination tion > Content Fil

tering

Default rule for the atta Incoming Successful Inbound Protecti

chment protected by pa
on > Content Filt
ssword
ering

Default rule for the atta Outgoing Successful Outbound Protec

chment protected by pa
tion > Content Fil
ssword
tering

5/16
Default spam rule Incoming Error Keyword or expression referenced by the policy is i Inbound Protecti

nvalid. (3) on > Spam Filteri

Profanity ng > Spam Policy

Racial Discrimination Inbound Protecti

Sexual Discrimination on > Content Filt

ering

FIle Extension Blocking Incoming Successful Inbound Protecti

on > Content Filt

ering

FIle Extension Blocking Outgoing Successful Outbound Protec

tion > Content Fil

tering

Global antivirus rule Incoming Successful Inbound Protecti

on > Virus Scan >

Virus Policy

Global antivirus rule Outgoing Error Domain of email addresses in policy route (sender, Outbound Protec

recipient or exception) is not a managed domain. ( tion > Virus Scan

1) > Virus Policy

royabhijit23@rediffmail.com (Sender Exception

IMAUSA Domain Incoming Successful Inbound Protecti

on > Spam Filteri

ng > Spam Policy

Mail Attachment Outgoing Successful Outbound Protec

tion > Content Fil

tering

Mail from invalid Email I Incoming Error Policy route (sender, recipient or exception) addre Inbound Protecti
D/Domain
ss is invalid. (1) on > Content Filt

*@*.buygroup.pe (Sender) ering

SPAM Mail for Internal D Incoming Successful Inbound Protecti

omain
on > Content Filt

ering

6/16
Spam Fax Mail Incoming Successful Inbound Protecti

on > Spam Filteri

ng > Spam Policy

Inbound Protecti

on > Content Filt

ering

Spam Mail from Invalid Incoming Error Policy route (sender, recipient or exception) addre Inbound Protecti
domain
ss is invalid. (132) on > Spam Filteri

*@*.126.com (Sender) ng > Spam Policy

*@*.163.com (Sender) Inbound Protecti

*@*.188.com (Sender) on > Content Filt

*@*.221.235.205.126 (Sender) ering

*@*.3736newsletters.com (Sender)

*@*.5thquarter.net (Sender)

*@*.COMPUTER888.net (Sender)

*@*.CiteMailer.com (Sender)

*@*.aba.com (Sender)
*@*.affinityinet.com (Sender)

*@*.aim.com (Sender)

*@*.alibaba.com (Sender)

*@*.all-hotels.com (Sender)

*@*.allrayinc.com (Sender)

*@*.associates-external.com (Sender)

*@*.att.net (Sender)
*@*.aweber.com (Sender)

*@*.benchmarkemail.com (Sender)

*@*.big927fm.com (Sender)

*@*.biztech2mailers.com (Sender)

*@*.bluemountain.com (Sender)

*@*.bolixe.com (Sender)

*@*.brick.com (Sender)

*@*.bsmail.in (Sender)
*@*.btinternet.com (Sender)

*@*.buygroup.pe (Sender)

*@*.bytepark.com (Sender)

*@*.centennialpr.net (Sender)

*@*.ceomelb.catholic.edu.au (Sender)

*@*.chollian.net (Sender)

*@*.cleanmail.in (Sender)
*@*.cnfcu.cn (Sender)

*@*.cocacola.com (Sender)

*@*.constantcontact.com (Sender)

*@*.dishtv.in (Sender)

*@*.dm.jetairways.com (Sender)

*@*.edu.com (Sender)

7/16
 *@*.eorgasm.com (Sender)

*@*.etiroltec.com (Sender)

*@*.eventsaroundasia.com (Sender)

*@*.exacttarget.com (Sender)
*@*.faniq.com (Sender)

*@*.fonbet.info (Sender)

*@*.free.fr (Sender)

*@*.futurepath.com.cn (Sender)

*@*.gbiresearch.com (Sender)

*@*.globaldata.com (Sender)

*@*.googlegroups.com (Sender)
*@*.greensafeglobal.com (Sender)

*@*.greensexchange.com (Sender)
Keyword or expression referenced by the policy is i

nvalid. (3)
Profanity
Racial Discrimination

Sexual Discrimination

Verify_greytip Incoming Successful Inbound Protecti

on > Content Filt

ering

non blockage incoming Incoming Successful Inbound Protecti

mail user to user
on > Content Filt

ering

non-blockage Incoming Successful Inbound Protecti

on > Content Filt

ering

Global DKIM Enforcement Settings

Migrate the "Global DKIM Enforcement" rule to Inbound Protection > Domain-based Authentication > DomainKeys Identified Mail
(DKIM) Verification in Trend Micro Email Security.

Result Successful

Description

5.4.2 Scanning Exceptions

Not migrate.

Trend Micro Email Security provides more powerful scan exception configuration, which is different from the configuration in
IMSS/IMSVA. You need to manually configure scan exception settings under the Virus Scan menu in both inbound and outbound

protection in Trend Micro Email Security.

5.4.3 Approved List

8/16
5.4.3.1 DKIM Approved List

Migrate to Inbound Protection > Domain-based Authentication > DomainKeys Identified Mail (DKIM) Verification in Trend Micro
Email Security.

Result Successful

Description

5.4.3.2 Web Rep. Approved List

Migrate to Administration > Policy Objects > Web Reputation Approved List in Trend Micro Email Security.

Result Successful

Description

5.4.3.3 URL Keyword Exception List

Migrate to Administration > Policy Objects > URL Keyword Exception List in Trend Micro Email Security.

Result Successful

Description

5.4.4 Policy Objects

5.4.4.1 Address Groups

Migrate to Administration > Policy Objects > Address Group in Trend Micro Email Security.

Migration remarks:

If the address group name already exists in Trend Micro Email Security, we will rename it by suffixing the name with a

timestamp.
If an address group is used as senders (or sender exceptions) in outgoing policies or recipients (or recipient exceptions) in
incoming policies and the group contains email addresses from unmanaged domains, we will create a copy of the address group,

delete those email addresses from the copy, and suffix the copy name with " - internal".

Name Result Description

Spam Mail Successful

5.4.4.2 Keywords & Expressions

Migrate to Administration > Policy Objects > Keywords And Expressions in Trend Micro Email Security.

Name Result Description

9/16
Additional Subject based spam keywords Error Keyword or expression starts with "s". (2)

\subirsaha@bergerindia.com Best pri-ces -56%!

\subirsaha@bergerindia.com For You 62% OFF!

Keyword or expression ends with "*". (4)

\.*Kalyanakalpataruvu.com.*
\.*Make a wish!*

\.*Microsoft -Don't miss this chance...Its true.*

\.*URGENT & Important - PLS OPEN IMMDTLY.*

Bounce Mail Successful

Chainmail Successful

Credit Card Number Successful

HTML and script messages Successful

Hoaxes Error Keyword or expression starts with "s". (78)

\s"IN GOD WE TRUST"\s+(\S+\s+)*electioneering p

osters\s

\s((# 90)|(# 09))\s+(\S+\s+)*test\s

\sANTHRAX\s+(\S+\s+)*virus\s

\sBONSAI CATS\s+(\S+\s+)*www\.bonsaikitten\.co
m\s
\sBill Palmer\s+(\S+\s+)*gift certificate\s

\sBlack Panthers\s+(\S+\s+)*Hillary Rodham Clinto

n\s

\sCanola Oil\s+(\S+\s+)*rape seed\s+(\S+\s+)*canc

er\s

\sChampagne\s+(\S+\s+)*Veuve Clicquot France\s

\sCindy Hogan\s+(\S+\s+)*prayer request\s
\sDeath Ray\s+(\S+\s+)*virus\s

\sEconomic Slow Down in US\s+(\S+\s+)*virus\s

\sGOT YOU\s+(\S+\s+)*WORM\s

\sHOW TO GIVE A CAT A COLONIC\s+(\S+\s+)*virus\

s

\sKOFI HENEKOU\s+(\S+\s+)*business transaction\

s
\sKlingerman\s+(\S+\s+)*Virus\s

\sLife is beautiful\.pps\s+(\S+\s+)*virus\s
\sLipstick Test\s+(\S+\s+)*Lead\s+(\S+\s+)*Cancer\

s
\sMadeline Murray O'Hare\s+(\S+\s+)*atheist\s

\sMartin Luther King Day\s+(\S+\s+)*reverse discri

mination\s
\sNEVER TO LICK THE ENVELOPES\s+(\S+\s+)*roac

h eggs\s
\sNeiman-Marcus cookie\s+(\S+\s+)*Cookie Recipe

-\$250\.00\s

10/16
 \sOsama Vs Bush\s+(\S+\s+)*virus\s

\sProgesterex\s+(\s+\S+){0,5}rape\s
\sSNIFF PERFUME\s+(\S+\s+)*pass out\s

\sSULFNBK\.EXE\s+(\S+\s+)*Virus\s
\sSlavemaster\s+(\s+\S+){0,5}suspect for murder\s

\sSodium Laureth Sulfate\s+(\S+\s+)*cancer\s

\sSundarbans\s+(\S+\s+)*Here you go with the pho
to\s

\sTampax Pearl\s+(\S+\s+)*Fibers\s+(\S+\s+)*bleed
\s

\sThis Is Not A Joke\s+(\S+\s+)*Virus\s

\sannual Stella Awards\s+(\S+\s+)*this year's candi

dates\s
\santi-perspirant\s+(\S+\s+)*breast cancer\s
\sautograph\.t\.pif\s+(\S+\s+)*Virus\s

\sbaby herbal soup\s+(\S+\s+)*sexual performance

stamina\s

\sblind carbon copy\s+(\S+\s+)*forward an e-mail\

s

\sdirector in charge of auditing and accounting sec

tion\s+(\S+\s+)*business transaction\s
\se-mail beta test\s+(\S+\s+)*Microsoft will pay\s

\sfree samples\s+(\S+\s+)*terrorist act\s

\shotel room keys\s+(\S+\s+)*credit card number\s

\shttp:\x2f\x2fwww\.license\.shorturl\.com\x2f\s+(
\S+\s+)*Driver's License\s

\slarva\s+(\S+\s+)*breast\s
\slocked briefcase\s+(\S+\s+)*flat tire\s

\sneedle\s+(\S+\s+)*"You have just been infected b

y HIV"\s
\snew car-jacking scheme\s+(\S+\s+)*rear-view win

dow\s
\snew gang initiation\s+(\S+\s+)*kill and dismemb

er them\s
\snew virus\s+(\S+\s+)*"WORK"\s

\sre-using plastic bottles\s+(\S+\s+)*cancer\s

\sserial killer\s+(\S+\s+)*returning money\s
\stampons and pads\s+(\S+\s+)*asbestos\s

\swedding game\s+(\s+\S+){0,5}hacker\s+(\S+\s+)*
password\s

Mailbox update Successful

Profanity Not supported No valid keywords or expressions available.

Racial Discrimination Not supported No valid keywords or expressions available.

SPAM Attachment Successful

11/16
SPAM Mails for Internal Domain Successful

Sexual Discrimination Not supported No valid keywords or expressions available.

Social Security Number Successful

Spam Body Successful

Test Error Keyword or expression ends with "*". (1)

.*

hi there Successful

validategreytip Successful

verifygreytip Successful

5.4.4.3 DLP Compliance Templates

Migrate to Administration > Policy Objects > DLP Compliance Templates in Trend Micro Email Security.

Migration scope:

Not migrate predefined DLP compliance templates because Trend Micro Email Security already provides predefined DLP

compliance templates.

Name Result Description

No data to migrate.

5.4.4.4 DLP Data Identifiers

DLP Data Identifiers > Expressions

Migrate to Administration > Policy Objects > DLP Data Identifiers > Expressions in Trend Micro Email Security.

Migration scope:

Not migrate predefined expressions because Trend Micro Email Security already provides predefined expressions.

Name Result Description

No data to migrate.

DLP Data Identifiers > File Attributes

Migrate to Administration > Policy Objects > DLP Data Identifiers > File Attributes in Trend Micro Email Security.

Migration scope:

Not migrate predefined file attributes because Trend Micro Email Security already provides predefined file attributes.

Name Result Description

No data to migrate.

DLP Data Identifiers > Keyword Lists

12/16
Migrate to Administration > Policy Objects > DLP Data Identifiers > Keyword Lists in Trend Micro Email Security.

Migration scope:

Not migrate predefined keyword lists because Trend Micro Email Security already provides predefined keyword lists.

Name Result Description

No data to migrate.

5.4.4.5 Policy Notifications

Migrate to Administration > Policy Objects > Notifications in Trend Micro Email Security.

Migration scope:

Not support the following IMSS/IMSVA tokens. Replace them with the actual values in Trend Micro Email Security manually if

necessary.
%HEADERS%: Complete headers from the original message.

%RULETYPE%: Type of a rule. The options are Content Filter, Message Size Filter, and others. Trend Micro Email Security
also has this variable, which however has a different meaning.

%ENTITY%: Part of the message that triggers a content filtering rule (message or attachment header, content).
%QUARANTINE_PATH%: Quarantine path (if a quarantine action is performed).
%QUARANTINE_AREA%: Quarantine name (if a quarantine action is performed).

%PROTOCOL%: Protocol used by the mail server. The options are POP3 and SMTP.

%HOSTNAME%: Scanner where a rule is triggered and where messages archived or quarantined by this rule are stored.
%MAILCHARSET%: Mail charset.

%SUSPICIOUS_URL%: Suspicious URL detected by Web Reputation.

Name Result Description

Compliance violation notification Warning Domain of the sender address in policy notification do

es not exist.

Original: postmaster@imsva.trendmicro.com

Revised: no-reply@tmes.trendmicro.com

Email encryption exceptions notification Warning Domain of the sender address in policy notification do

es not exist.
Original: postmaster@imsva.trendmicro.com

Revised: no-reply@tmes.trendmicro.com

Notification of encrypted message Warning Domain of the sender address in policy notification do

es not exist.

Original: postmaster@imss.com
Revised: no-reply@tmes.trendmicro.com

Notification of security settings violation Successful

Scanning exception Successful

Spoofing Quarantine Mails Successful

5.4.4.7 Stamps

13/16
Migrate to Administration > Policy Objects > Stamps in Trend Micro Email Security.

Migration scope:

Not support the following IMSS/IMSVA tokens. Replace them with the actual values in Trend Micro Email Security manually if

necessary.

%HEADERS%: Complete headers from the original message.

%RULETYPE%: Type of a rule. The options are Content Filter, Message Size Filter, and others. Trend Micro Email Security

also has this variable, which however has a different meaning.

%ENTITY%: Part of the message that triggers a content filtering rule (message or attachment header, content).

%QUARANTINE_PATH%: Quarantine path (if a quarantine action is performed).

%QUARANTINE_AREA%: Quarantine name (if a quarantine action is performed).

%PROTOCOL%: Protocol used by the mail server. The options are POP3 and SMTP.

%HOSTNAME%: Scanner where a rule is triggered and where messages archived or quarantined by this rule are stored.
%MAILCHARSET%: Mail charset.

%SUSPICIOUS_URL%: Suspicious URL detected by Web Reputation.

Name Result Description

Unscanned attachment Successful

5.4.5 Scan Engine

Not migrate.

Advanced Threat Scan Engine is enabled automatically in Trend Micro Email Security.

5.4.6 Internal Address

Not migrate.

IMSS/IMSVA uses the Internal Address menu to determine mail traffic direction in policy configuration. This is unnecessary in Trend

Micro Email Security.

5.4.7 Smart Protection

Not migrate.

Smart Protection is enabled automatically in Trend Micro Email Security.

5.4.8 Virtual Analyzer

Virtual Analyzer settings come from Policy > Virtual Analyzer in IMSS/IMSVA, but in Trend Micro Email Security, Virtual Analyzer

settings are applied to each policy, so we:

Migrate file sandbox to Inbound Protection > Virus Scan > Virus Policy > Scanning Criteria > Submit files to Virtual Analyzer;

Migrate URL sandbox to Inbound Protection > Spam Filtering > Spam Policy > Scanning Criteria > Web Reputation > Submit

URLs to Virtual Analyzer.

Result Successful

Description

5.4.9 Encryption Settings

Not migrate.

14/16
These settings are designed for on-premise products. Trend Micro Email Security completes all encryption settings on the cloud server
automatically.

5.4.10 Time-of-Click Protection

Migrate to Inbound Protection > Spam Filtering > Time-of-Click Protection.

Result Successful

Description

5.5 Sender Filtering

5.5.1 Overview

Not migrate.

Trend Micro Email Security provides block traffic details under Logs > Mail Tracking.

5.5.2 Rules

Not migrate.

Trend Micro Email Security does not support this feature.

5.5.3 Email Reputation

Migrate to Inbound Protection > Connection Filtering > IP Reputation > Settings in Trend Micro Email Security.

Migration scope:

Not support customized actions.

Result Successful

Description

5.5.4 Approved List

Migrate to Inbound Protection > Connection Filtering > IP Reputation > Approved IP Addresses in Trend Micro Email Security.

Migration scope:

Not migrate private IP addresses.

Not migrate IP addresses resolved from domains.

Not migrate IP addresses and groups of computers if theEmail Reputation and IP Profiler check box to the right of Apply to is
deselected.

Not migrate IP addresses in disabled approved lists.

5.5.5 Blocked List

Migrate to Inbound Protection > Connection Filtering > IP Reputation > Blocked IP Addresses in Trend Micro Email Security.

Migration scope:

Not migrate private IP addresses.

Not migrate IP addresses resolved from domain.

Not migrate IP addresses that are blocked temporarily.

Not migrate IP addresses in disabled blocked lists.

15/16
5.5.6 Suspicious IP

Not migrate.

Trend Micro Email Security does not support this feature.

5.5.7 DMARC

Migrate to Inbound Protection > Domain-based Authentication > Domain-based Message Authentication, Reporting and
Conformance (DMARC) in Trend Micro Email Security.

Result Successful

Description

5.6 Reports

Not migrate.

Trend Micro Email Security provides a more powerful report feature. The report data and settings in IMSS/IMSVA are not migrated.

5.7 Logs

Not migrate.

Trend Micro Email Security provides a more powerful log query feature. The logs in IMSS/IMSVA are not migrated.

5.8 Mail Areas & Queues

Not migrate.

Trend Micro Email Security provides a more powerful quarantine query feature. Other mail queue management is not supported by
Trend Micro Email Security.

5.9 Administration

5.9.1 Administration (all except DKIM Signature)

Not migrate.

These features provided by IMSS/IMSVA are mainly for on-premise products while Trend Micro Email Security is a cloud-based product.

5.9.2 Administration > IMSVA Configuration > DKIM Signature

Migrate to Outbound Protection > DomainKeys Identified Mail (DKIM) Signing in Trend Micro Email Security.

Migration scope:

Not support exempt domains.

Domain in IMSS/IMSVA Result Description

No data to migrate.

16/16