Skip to main content

Riot in Trend Micro

Updated over a month ago

Introduction

Riot sends phishing simulation emails. Without proper configuration, some of these emails may be blocked by the Trend Micro web filter, which can distort your campaign statistics.

This guide describes the steps to configure Trend Micro in order to allow necessary senders, URLs, and domains.

Definition

Trend Micro is an integrated security solution (antispam, antivirus, web filtering) applied to emails and web traffic. It allows you to define sending policies, authorized senders, file scanning, and web reputation rules.

✅ Associated Options/Functionalities:

🔒 Advanced Spam Protection (Trend Micro)

  1. Go to the Advanced Threat Protection > Add tab

  2. Select the relevant policy (Exchange, OneDrive, etc.)

  3. In the left menu, click on Advanced Spam Protection

  4. Enable the option Enable Advanced Spam Protection

  5. Go to the Approved/Blocked Sender List section

  6. Enable Enable the approved sender list

  7. Add noreply.link and tryriot.com, then click Add

  8. In the Rules configuration section:

    • Apply to: Incoming messages

    • Detection Level: Medium

🦠 Malware Scanning

  1. In the left menu, go to Malware Scanning

  2. In the Rules configuration section:

    • Apply to: All messages

  3. Enable the following options:

    • Scan all files

    • Scan message body

    • Enable IntelliTrap

  4. In Action configuration:

    • Choose Trend Micro recommended actions

    • Notification: Notify

📁 File Blocking

  • Enable File Blocking (recommended)

  • ⚠️ Do not disable this option: it applies to all messages, not only those from Riot.

🌐 Web Reputation & URL Approvals

  1. In the left menu: Web Reputation

  2. Enable Web Reputation

  3. In the Rules configuration section:

    • Apply to: All messages

    • Security Level: Medium

  4. In the Approved/Blocked URL List section:

    • Enable Enable the approved URL list

    • Enable Add internal domains to the approved URL list

  5. Add the domains generated by Riot (examples):

    domain1.com 
    domain2.com 
    domain3.com

    Then click Add >

💡Little Extra

  • Use the exact attack domains provided by Riot for the approved list

  • Verify that noreply.link and tryriot.com are in the list of approved senders

  • Ensure that the policies are applied to Incoming messages with a detection level of Medium

Related Articles
Riot in Barracuda
Set Up Riot with Proofpoint and Phish Alarm
Riot in Darktrace
Riot in Mailinblack
Riot in Sophos
Did this answer your question?