About outbreak triggers


Article ID: 181319


Updated On:


Mail Security for Microsoft Exchange




The set of defining criteria for an outbreak is called an outbreak trigger. Each outbreak trigger only monitors one type of event and defines an outbreak as the frequency of the specified event within a given time period.

For example, one outbreak trigger could be defined as the occurrence of 50 or more unscannable files within one hour. Another outbreak trigger could be defined as 30 or more filtering rule violations within 15 minutes.

If you enable multiple outbreak triggers and a message is received that violates more than one, Mail Security goes into outbreak mode and stops looking for additional outbreaks. Only one outbreak rule is triggered.

Message bodies typically do not contain threats or security risks. To conserve processing resources, Mail Security installs with default settings that do not scan message bodies. (Message attachments are always scanned.)You can modify the settings to scan message bodies.

If Mail Security does not scan the message body (which includes the subject line), the Same subject outbreak can not be triggered unless the message contains an attachment.

See Configuring advanced scanning options for Auto-Protect and background scanningConfiguring advanced scanning options for Auto-Protect scanning

To activate the Same subject outbreak trigger for messages that do not contain attachments, you can do any of the following:

Outbreak triggers apply to auto-protect scans only.

See Configuring outbreak triggers