ScanMail Suite for Microsoft Exchange

Superior protection. Less administration.


More than 90 percent of targeted attacks begin with a spear phishing email, which means your mail server security is more important than ever. Unfortunately, most mail server security solutions, including the limited set of built-in protections in Microsoft® Exchange™ 2013 and 2016, rely on pattern file updates, which only detect traditional malware. They don’t include specific protections to detect malicious URLs or document exploits commonly used in targeted attacks or advanced persistent threats (APTs).

ScanMail™ Suite for Microsoft® Exchange™ stops highly targeted email attacks and spear phishing by using document exploit detection, enhanced web reputation, and sandboxing as part of a custom APT defense—protection you don’t get with other solutions. In addition, only ScanMail blocks traditional malware with email, file, and web reputation technology and correlated global threat intelligence from Trend Micro™ Smart Protection Network™ cloud-based security.

Time-saving features like central management, search and destroy, and role-based access have earned ScanMail its reputation as one of the simplest security solutions to setup and operate.


Protection Points

  • Mail server
  • Internal inspection
  • Inbound and outbound data

Threat and Data Protection

  • Antivirus
  • Web threat protection
  • Antispam
  • Antiphishing
  • Content filtering
  • Data loss prevention
  • Targeted attacks, APTs


Superior protection against targeted phishing and ransomware attacks

  • Utilizes the most advanced detection techniques, including predictive machine learning and document exploit detection, to find unknown threats in files, macros, and scripts
  • Blocks emails with malicious URLs before delivery and re-analyzes URLs in real time when a user clicks
  • Stops multi-stage attacks which use emails sent internally from compromised accounts or devices
  • Dynamically analyzes suspicious files and URLs in custom sandboxes and shares indicators of compromise (IOC) with Trend Micro and third-party security solutions, when combined with Trend Micro ™ Deep Discovery™ Analyzer
  • Catches business email compromise (BEC) attacks by using artificial intelligence (AI), including expert system and machine learning, to examine email header, content, and authorship, and applies more stringent protection for high-profile users
  • Prevents executive spoofing scams using our unique Writing Style DNA technology. This protection for ScanMail checks the writing style of an incoming English email, claiming to be from an executive, against a trained machine learning model of that executive’s writing

Lowers IT costs, enhances performance

  • Streamlines email security operations with strong group configuration and management, and centralized logging and reporting
  • Simplifies compliance and data privacy initiatives with centrally managed, template-based DLP
  • Eases the cumbersome task of organization email search requests through its innovative search and destroy feature

Key Benefits

  • Protects individuals from targeted attacks, like spear phishing
  • Provides leading cloud-based security to stop threats at the mail server, before they reach end users
  • Provides visibility and control of data to prevent data loss and support compliance
  • Enables efficient scanning with minimal impact on Microsoft Exchange servers
  • Lowers administration and total cost of ownership (TCO) with central management
Targeted attacks need a network defense

Trend Micro messaging security solutions provide protection against targeted attacks with enhanced web reputation, a document exploit detection engine, and sandbox execution for in-depth threat analysis. Integration of these components provides a network defense that enables you to detect, analyze, adapt, and respond to targeted attacks.

ScanMail Suite

The ScanMail Suite has been enriched with built-in protections against targeted attacks.

Enhanced URL Protection blocks emails with malicious URLs in the message body or in attachments. URL time-of-click re-analyzes websites upon user access. It’s powered by the Trend Micro™ Smart Protection Network™, which correlates threat information with big data analytics and predictive technology.

Advanced Threat Scan Engine detects advanced malware in Adobe® PDF, Microsoft® Office®, and other document formats using predictive machine learning and heuristic logic to detect known and zero-day exploits. It also scans the Exchange mail store for targeted threats that may have entered before protection was available.

When integrated with Deep Discovery Analyzer, ScanMail quarantines suspicious attachments and URLs for automatic sandbox execution analysis, which occurs inline—without impacting the delivery of majority of messages.

Deep Discovery Analyzer (additional purchase)

Deep Discovery Analyzer is a hardware appliance that provides sandboxing, deep threat analysis, and local security updates in a unified intelligence platform.

Custom Threat Analysis provides automatic in-depth simulation analysis of potentially malicious attachments and URLs in a secure sandbox environment. It allows customers to create and analyze suspicious objects against multiple customized target images that precisely match their host environments.

Custom Threat Intelligence links information on attacks in your environment with extensive Trend Micro threat intelligence to provide in-depth insights for risk-based incident assessment, containment, and remediation.

Adaptive Security Updates issues custom security updates on new command and control (C&C) server locations and malicious download sites found during sandbox analysis for adaptive protection and remediation by ScanMail, Trend Micro endpoint and gateway products, and third-party security layers.

Key features

Protection from Phishing and Targeted Attacks

Unlike other email security solutions, ScanMail features enhanced web reputation, document exploit detection, sandbox execution analysis, and custom threat intelligence. Together, these advanced capabilities provide comprehensive security against email threats, including spear phishing attacks associated with targeted threats.

  • Detects known and unknown exploits in Adobe PDF, Microsoft Office, and other document formats
  • Performs malware execution analysis, and generates custom threat intelligence and adaptive security updates with optional Deep Discovery Analyzer integration
  • Stops threats from entering your environment with immediate protection based on leading global threat intelligence

Data Loss Prevention

Extends your existing security to support compliance and prevent data loss. Integrated DLP simplifies data protection by giving you visibility and control of data in motion and at rest.

  • Tracks sensitive data flowing through your email system and in the mail store
  • Accelerates setup and improves accuracy with 100+ compliance templates
  • Simplifies deployment with an integrated DLP, requiring no additional hardware or software, enabling granular active directory-based policy enforcement
  • Enables compliance personnel to centrally manage DLP policies and violations across other Trend Micro products from endpoint to gateway with Trend Micro™ Control Manager™

Optimized for Exchange

ScanMail is tightly integrated with your Microsoft environment to efficiently protect email with the least overhead.

  • Supports Exchange 2019, 2016, and 2013 servers including mixed environments during migration periods
  • Accelerates throughput—up to 57 percent faster than other solutions
  • Avoids duplicate inspection with AV stamp multi-threaded scanning and computer processing unit (CPU) throttling
  • Scans efficiently with native 64-bit support
  • Integrates with Microsoft® System Center Operations Manager and Outlook® Junk E-mail Filter
  • Prevents unauthorized policy changes with role-based access control

Innovative Search and Destroy Capability

Unlike the tools built into Exchange, ScanMail search and destroy can find emails swiftly and accurately.

  • Performs targeted searches through Exchange using keywords and regular expressions
  • Allows administrators to quickly respond to urgent requests from legal, human resources, or security departments to find, trace, and permanently delete specific emails if necessary
System Requirements
ScanMail with Microsoft Exchange Server 2019
Resource Requirements
x64 architecture-based processor that supports Intel™ 64 architecture (formally known as Intel EM64T)
x64 architecture-based computer with AMD™ 64-bit processor that supports AMD64 platform
Memory 4GB RAM exclusively for ScanMail
Disk Space 5GB free disk space
Operating System Microsoft® Windows Server® 2019 Standard or Datacenter
Note: For ScanMail deployment on Server Core edition, Trend Micro recommends running the installation package on Windows Server with the Desktop Experience feature and deploy ScanMail remotely.
Mail Server Microsoft Exchange Server 2019
Web Server Microsoft Internet Information Services (IIS) 10.0
Browser Microsoft® Internet Explorer® 7.0 or later
Mozilla Firefox™ 3.0 or later
MSXML 4.0 SP2 or later
.NET Framework 4.7.2
ScanMail with Microsoft Exchange Server 2016 or Exchange Server 2013
Resource Requirements
Processor x64 architecture-based processor that supports Intel™ 64 architecture (formally known as Intel EM64T)
x64 architecture-based computer with AMD™ 64-bit processor that supports AMD64 platform
Memory 1GB RAM exclusively for ScanMail (2GB RAM recommended)
Disk Space 5GB free disk space
Operating System Microsoft® Windows Server® 2016 Standard or Datacenter
Microsoft® Windows Server® 2012 R2 Standard or Datacenter
Microsoft® Windows Server® 2012 Standard or Datacenter
Microsoft® Windows Server® 2008 R2 Standard or Enterprise with SP1
Mail Server Microsoft Exchange Server 2016
Microsoft Exchange Server 2013 SP1 or later
Web Server Microsoft Internet Information Services (IIS) 10.0
Microsoft Internet information Services (IIS) 8.5
Microsoft Internet information Services (IIS) 8.0
Microsoft Internet information Services (IIS) 7.5
Browser Internet Explorer 7.0 or later
Mozilla Firefox™ 3.0 or later
MSXML 4.0 SP2 or above
.NET Framework 4.5 or later