search cancel

Symantec Endpoint Protection email tools proxy does not scan encrypted POP3 email connections

book

Article ID: 151275

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Why are encrypted email connections not scanned by the email tools?

Symptoms
Unscanned encrypted email messages received on the client


Cause

Messages sent over encrypted connections cannot be scanned.

Resolution

This is normal operation of email scanning of encrypted connections. Symantec Endpoint Protection only monitors port 25 for SMTP traffic and port 110 for POP3 traffic. Symantec Endpoint Protection's email feature is designed to scan readable email for threats. This is done as a client of our email proxy tool which redirects ports 25 and 110. This type of redirection and interception of mail is exactly what secure email protocols are designed to protect against. As a result, Symantec Endpoint Protection can only intercept and scan unsecured standard SMTP and POP3 traffic. Encrypted email cannot be decrypted and the Endpoint Protection client will not have access to the attachments to scan for threats.

The advanced options "Allow encrypted POP3 connections" and " Allow encrypted SMTP connections" are to prevent the email proxy from interfering with secure email traffic over monitored ports 25 and 110. They are not designed to disable secure email transaction. If desired, this is more properly the role of the Network Threat Protection firewall.