06-28-2017 03:32 AM
Hello guys,
on our ESA C170 we get this error message:
Warning Directory Attack Prevention
Potential Virus Attack detected
Expiry of a KEY in 190 days
How to interpret it and what actions are needed?
Thanks,
Vesko
Solved! Go to Solution.
06-28-2017 05:23 AM
Hi Vesko,
The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.
Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html
For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.
Both are information messages.
To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html
Thank You!
Libin Varghese
06-28-2017 05:23 AM
Hi Vesko,
The Directory Harvest Attack Prevention (DHAP) keeps track of the number of invalid recipient addresses from a given sender.
Once a sender crosses an administrator-defined threshold, the sender is deemed to be untrusted, and mail from that sender is blocked with no Network Design Requirement (NDR) or error code generation. You can configure the threshold based upon the reputation of the sender. For example, untrusted or suspicious senders can have a low DHAP threshold, and trusted or reputable senders can have a high DHAP threshold.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118496-technote-esa-00.html
For the key expiring alert you could navigate to System Administration -> Feature Keys to review what licenses are about to expire and contact your reselller accordingly to renew them.
Both are information messages.
To locate DHAP alert information on the ESA.
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html
Thank You!
Libin Varghese
06-28-2017 11:57 PM
Thanks a lot
12-04-2017 12:45 PM
For the record, NDR stands for Non-Delivery Report (NDR) in this context.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: