01-24-2024 01:50 AM
Hi,
In an ESA / SMA deployment, I have a Incoming Mail Policy where I have 1 content filter applied and also Outbreak Filter enabled (with default retention of 1h)
Can you confirm the behaviour when the VOF detects an email, quarantine it and releae it ?
I had one case, where the email was detected/quarantined by the VOF, and then released, but the content filter was not applied.
Regards
03-21-2024 05:14 AM - edited 03-21-2024 05:31 AM
Hi,
the message will be sent to the Outbreak Quarantine if the threat level for a message equals or exceeds the threshold you configured in below Step1, (1=lowest threat, 5=highest threat)
>Step1: configure retention that the messages stay in the Outbreak Quarantine
path: Mail Policies>Incoming Mail Policies>edit 'Outbreak Filter' in one of policy
Here, you can specify the 'Quarantine Threat Level' and the maximum amount of time that messages stay in the Outbreak Quarantine. You can specify different retention times for messages that may contain viral attachments and messages that may contain other threats, like phishing or malware links.
>Step2:configure what action performed on messages in outbreak quarantine
path: Monitor>Policy, Virus and Outbreak Quarantines>Outbreak
1. There are two primary default actions:
2. Messages are automatically removed from the quarantine under the following circumstances,When a message is automatically removed from a quarantine, the default action is performed on that message:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide