Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
0
Helpful
3
Replies

How to interpret this warning on ESA C170

Go to solution
vesk01
Level 1
Level 1

‎06-28-2017 03:32 AM

Hello guys,

on our ESA C170 we get this error message:

Warning Directory Attack Prevention
Potential Virus Attack detected
Expiry of a KEY in 190 days

How to interpret it and what actions are needed?

Thanks,

Vesko

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎06-28-2017 05:23 AM

Hi Vesko,

The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.

Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html

For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.

Both are information messages.

To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html

Thank You!
Libin Varghese

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎06-28-2017 05:23 AM

Hi Vesko,

The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.

Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html

For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.

Both are information messages.

To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html

Thank You!
Libin Varghese

0 Helpful

Go to solution
vesk01
Level 1
Level 1
In response to Libin Varghese

‎06-28-2017 11:57 PM

Thanks a lot

0 Helpful

Go to solution
Greg Hopp
Level 1
Level 1
In response to vesk01

‎12-04-2017 12:45 PM

For the record, NDR stands for Non-Delivery Report (NDR) in this context.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents