Configuring a security risk detection

book

Article ID: 181264

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

 

Resolution

Mail Security can detect security risks. Security risks are the programs that do any of the following:

  • Provide unauthorized access to computer

  • Compromise data integrity, privacy, confidentiality, or security

  • Present some type of disruption or nuisance

These programs can put your employees and your organization at risk for the following:

  • Identity theft or fraud by logging keystrokes

  • Capture of email and instant messaging traffic

  • Theft of personal information such as passwords and login identifications

Security risks can be introduced into your computer unknowingly when users visit a website, download shareware, or freeware software programs, click links or attachments in email messages, or through instant messaging clients. They can also be installed after or as a by-product of accepting an End User License Agreement from another software program that is related to or linked in some way to the security risk.

Enable Security Risk Rule for Mail Security to detect security risks.

Table: Security risk categories lists the categories of security risks that Mail Security detects.

Table: Security risk categories

Category

Description

Adware

The standalone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user's knowledge.

Adware might monitor browsing habits for advertising purposes. It can also deliver the advertising content.

Hack tools

Programs that are used to gain unauthorized access to a user's computer.

For example, a keystroke logger tracks and records individual keystrokes and sends this information to a remote computer. The remote user can perform port scans or vulnerability scans. Hack tools might also be used to create viruses.

Dialers

Programs that use a computer, without the user's permission or knowledge, to dial through the Internet to a 900 number or FTP site, typically to accrue charges.

Joke programs

Programs that alter or interrupt the operation of a computer in a way that is intended to be humorous or bothersome.

For example, a joke program might move the Recycling Bin away from the mouse when the user tries to click on it.

Remote access programs

Programs that let a remote user gain access to a computer over the Internet to gain information from, attack, or alter the host computer.

Spyware

The standalone programs that can secretly monitor computer activity and detect passwords and other confidential information and then relay the information back to a remote computer.

Trackware

The standalone or appended applications that trace a user's path on the Internet and relay the information to a remote computer.

To configure a security risk detection

  1. In the console on the primary navigation bar, click Policies.

  2. In the sidebar under Antivirus, click Antivirus Settings.

  3. In the content area, in the Rules table, on the Security Risk Rule row, click the box under the Status column, and then select Enabled from the drop-down menu.

    This rule is enabled by default.

  4. In the preview pane, in the Action to take list, use the drop-down menu to select the action to take when a security risk is detected.

  5. In the Replacement text box, type your customized message if you want to replace the message or the attachment body with a text message.

    The default text is: Symantec Mail Security replaced %attachment% with this text message. The original file contained %violation% and was %action%.

    You can use variables in your customized text.

    See Alert and notification variables

  6. Check one or more of the following to send email notifications about the detection:

    • Notify administrators

      Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Administrator Alert: Symantec Mail Security detected %violation%

      • Default message body text: Location of the infected item: %location% Sender of the infected item: %sender% Subject of the message: %subject% The attachment(s) "%attachment%" was %action% for the following reasons: %information% This was done due to the following Symantec Mail Security settings: Scan: %scan% Rule: %rule%

    • Notify internal sender

      Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Symantec Mail Security detected %violation% in a message sent from your address

      • Default message body text: %subject% Recipient of the message: %recipient%

    • Notify external sender

      Click the down arrow and type your customized text in the Subject line box and the Message body box. The default Subject line and Message body text is as follows:

      • Default subject line text: Symantec Mail Security detected %violation% in a message sent from your address

      • Default message body text: Subject of the message: %subject% Recipient of the message: %recipient%

      See Alert and notification variables

  7. On the toolbar, click Deploy changes to apply your changes.

    See Deploying settings and changes to a server or group