About the criteria that defines an outbreak


Article ID: 181324


Updated On:


Mail Security for Microsoft Exchange




You can specify the number of occurrences of an event that must occur within a specified time frame to define an outbreak. Although there are no standard numbers to use when specifying frequencies, take into consideration the following:

  • Threat potential of the event category that is being monitored

  • Size of your mail system

  • Amount of email that is typically processed

  • Stringency with which you want to define an outbreak

Mail Security monitors your server at regular intervals to detect outbreaks (the default setting is every 2 minutes). When Mail Security checks your server for outbreaks, it checks the events that occurred within the specified period of time (the default setting is 20 minutes). Mail Security issues an outbreak notification when it detects an outbreak.

For example, assume that you enable outbreak management, configure Mail Security to monitor for outbreaks every 2 minutes, and enable the "Same virus" outbreak trigger using the default configuration.

Figure: Example of an outbreak event provides an explanation of the events that would occur if Mail Security detects 50 messages that contain the Eicar virus at 1:05 P.M. and 50 messages that contain the Eicar virus at 1:19 P.M.

Figure: Example of an outbreak event

Example of an outbreak event

See About outbreak management

See About outbreak triggers