Trend Micro ScanMail Virtual Analyzer Connection Troubleshooting

I’ve been working on our Trend Micro Deep Discovery Analyzer (DDAN in Trend parlance) and today I finally finished off the virtual image which it will use to sandbox suspicious files/URLs. Having finished that work I figured I’d take a look at integrating our Trend Micro ScanMail for Exchange (SMEX) systems so that e-mails can be analysed.

Below is a screenshot from ScanMail showing the ‘Test Connection’ results, the message indicates a network connection error which doesn’t give you a huge amount to go on. To be fair you can’t code an error message for every possible situation so I can’t hold it against them.Connecting to Virtual Analyser Failed

I connected to the Microsoft Exchange server which was running this instance of ScanMail and made sure I could trace through to the DDAN appliance so I knew it wasn’t a basic routing or firewall issue. Having checked the basics I figured it might be related to SSL/TLS settings as the connection between SMEX and DDAN goes over a secure connection. I remembered when I installed the DDAN appliance I changed the SSL/TLS settings to only support version 1.2. I’ve been working hard to move the organisation to a TLS 1.2 only setup which is rather challenging to say the least, it’s something I will continue to work at though.

The standard DDAN web interface doesn’t display the menu we need to configure SSL/TLS settings – for that we need to modify the URL as per my example below.

Having navigated to the necessary sub-page we can click on the ‘SSL Protocols’ menu to see what the appliance currently supports. By default the appliance comes with TLS 1.0, 1.1 and 1.2 enabled as shown below.

Deep Discovery Analyser SSL Protocols

In my case only 1.2 was enabled. I decided to re-enable 1.1 first and see what happened. Unfortunately the connection attempt still failed so I enabled 1.0 as well and at that point…

Connecting to Virtual Analyser Success

That’s more like it – I’d much prefer to only be running TLS 1.2 but right now I can live with this setup for the short term. I will do more digging into whether this issue is expected or an environmental issue with our setup.

Leave a Reply