Bypass threat defense scanning for specific users, files, or content

book

Article ID: 171737

calendar_today

Updated On:

Products

Messaging Gateway Content Analysis Software - CA

Issue/Introduction

There are times when the Threat Defense scanning with Symantec Content Analysis (CA) needs to be bypassed by the Symantec Messaging Gateway (SMG) in order to let certain files or emails through. 

Resolution

There are two approaches to bypass Threat Defense scans. A different solution may be needed based on the end goal. 

  1. The first approach is to use recipient groups on inbound mail. Create a Policy Group for the recipients who need to bypass Threat Defense Scanning. 

    1. Once a Policy Group is created, go to Administration > Policy Groups > [Your Policy] > Threat Defense. Here you can uncheck or modify the Threat Defense rules for this specific policy group. 

  2. The second approach is to create a custom content filter policy to bypass Threat Defense for specific users or specific attachments.

    1. Create a new Content Filter by clicking the Content > Email > "Add"

    2. Select the Blank Policy Template

    3. Name the Policy and determine if the filter will be active on Inbound, Outbound or Inbound and outbound messages

    4. Create a condition for which will trigger the Content Filter

      1. This could be a string included in a file, a file type, certain text, domains, or any other possible condition

    5. Set the action to "Bypass Threat Defense scanning"

    6. Apply to the Policy Group you choose