Configuring outbreak triggers

Article Id: 181248
Status: Published
Updated On: 06-06-2016 03:00
Legacy Id: HOWTO82359
Products:
Mail Security for Microsoft Exchange
Issue/Introduction:

 

Resolution:

Mail Security provides the following outbreak triggers:

  • Same attachment name

  • Same subject

  • Same virus

  • Unrepairable viruses

  • Unscannable files

  • Filtering violations

  • Total viruses

You can enable or disable the triggers. You can also modify the number of occurrences for a violation and the span of time in which the events must occur to constitute an outbreak. You can specify whether to notify an administrator when an outbreak occurs.

See Configuring outbreak notifications

When you enable outbreak management, you can also configure Mail Security to automatically add the names of outbreak triggered attachments to the Outbreak Triggered Attachment Names match list and outbreak triggered subject text to the Outbreak Triggered Subject Lines match list. Mail Security uses these match lists for the preconfigured content filtering rules that automatically block suspicious file attachments or subjects. You can also use these match lists to create your own content filtering rules.

To configure outbreak triggers

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under General, click Outbreak.

  3. In the content area, in the table, select the trigger that you want to modify.

    The trigger that you select is highlighted in blue.

  4. In the Status column, use the drop-down menu to select Enabled or Disabled.

  5. In the Occurrences column, type the number of instances that must occur to constitute an outbreak.

    The default value is 100.

  6. In the Time column, type the span of time in which the instances must occur to constitute an outbreak.

    The default value is 20.

  7. In the Units column, click the drop-down menu, and select one of the following:

    • Minutes

      This is the default setting.

    • Hours

    • Days

  8. In the Notify Administrator column, check the box if you want to notify an administrator of the outbreak.

    See Configuring outbreak notifications

  9. In the Update Match List column, check the box if you want to automatically add the attachment name or subject to the Outbreak Triggered Names match list or Outbreak Triggered Subjects match list. The trigger must be activated.

    See About match lists

  10. In the Rule column, click View Rule to view or modify the associated content filtering rule.

    This option is available only for the Same attachment name and Same subject triggers.

    Note that Mail Security disables content filtering on the server if you uncheck Enable content filtering in the Content Enforcement Rule window.

    See What you can do with content filtering rules

  11. On the toolbar, click Deploy changes to apply your changes.

    See Deploying settings and changes to a server or group