McAfee Security for Microsoft Exchange 8.6.0

Actions you can take on detections

For each scanner and filter settings in a policy, you can specify a primary and secondary action to take on a detection. You can specify what happens to an email message or its attachment, when it triggers a detection.

When a policy rule is triggered based on the scanner or filter settings, MSME acts on the detection based on the primary and secondary action configured.

When configuring actions, at least one primary action must be selected. You can also select a number of secondary actions. For example, if the primary action is deleting the email that triggers a detection, the secondary action might be logging the detection and notifying the administrator.

The available primary actions depend on the type of policy category and scanner or filter settings you configure.

Click Reset, to restore the actions to default settings for the policy category and scanner.
Primary actions
Action Definition
Attempt to clean any detected virus or trojan To clean the email containing a virus or trojan detected by the Anti-Virus Scanner.
Replace item with an alert To replace the email that triggered the detection with an alert.
Delete embedded item To delete the attachment that triggered the detection in an email.
Delete message To delete the email that triggered the detection.
Allow through To allow the email to continue to the next scanning phase or reach the end user.
Score-based action To take an action based on the spam score. This is available only for the Anti-Spam scanner, where you must select If the spam score is High, Medium or Low.
Route to System Junk Folder To route the email detected by the Anti-Spam scanner to the email address specified under Settings & Diagnostics | Anti-Spam | Gateway Spam Filter | System Junk Folder Address.
Route to User Junk Folder To route the email detected by the Anti-Spam scanner to the recipient's Junk E-mail folder.
Reject the Message To reject the email and send a notification to the user.
Replace the attachment with an alert To replace the attachment in an email message with an alert, if the Mail Size Filtering scanner is triggered when the attachment size exceeds.
Replace all attachments with a single alert To replace the email message containing multiple attachments with a single alert, if the Mail Size Filtering scanner is triggered when the attachment count exceeds.
Do not allow changes to break the signature To stop MSME from breaking the signature, when an email message containing Signed Content is detected.
Allow changes to break the signature To allow MSME to break the signature, when an email message containing Signed Content is detected.
Secondary actions
Action Definition
Log To record the detection in a log.
Quarantine To store a copy of the email that triggered the detection, in the quarantine database. To view all quarantined items, go to Detected Items | All Items or the specific detection category.
Select Forward Quarantined email to send the email to a specific reviewer or distribution list, based on the detection category. To configure notifications based on the detection category, go to Settings & Diagnostics | Notifications | Settings | Advanced.
The Forward Quarantined email option is not applicable for Anti-Virus Scanner or Gateway policies.
Notify administrator To send a copy of the email to the administrator specified under Administrator E-mail from Settings & Diagnostics | Notifications | Settings | General.
Notify internal sender To send an alert message to the internal sender, if the original email originates within the Exchange server's Authoritative Domain.
Notify external sender To send an alert message to the sender, if the original email message does not originate within the Exchange server's Authoritative Domain.
Notify internal recipient To send an alert message to the recipient, if the recipient is within the Exchange server's Authoritative Domain.
Notify external recipient To send an alert message to the recipient, if the recipient is not within the Exchange server's Authoritative Domain.