McAfee Security for Microsoft Exchange 8.6.0

Master policy and subpolicy

A policy setting inside a hierarchical structure is ordinarily passed from parent to children, and from children to grandchildren, and so forth. This concept is termed as inheritance. In MSME, the default parent policy is referred as Master policy and child policy is referred as Subpolicy.

Master policy

Default parent policy available for all policy categories that define how items are scanned for viruses, how files are filtered, and various other settings. These policies apply to all users within an organization.

You cannot delete the Master policy, as it acts as a baseline to create subpolicies.

Subpolicy

Policies which inherit their settings and actions from another policy is known as a subpolicy. You can create more subpolicies with different settings and actions as needed, to apply to specific users.

Subpolicies are required in situations where you need exceptions to the Master policy to suit any geographical areas, functions, mailboxes, domains, or departments within your organization. In MSME, the general term for such more policies is known as a policy group.

Action taken on an email is based on the settings configured for the subpolicy with highest priority. When the rules of a subpolicy with highest priority are not satisfied, MSME moves on to the subpolicy with the next priority. Settings configured in the Master policy are applied only when rules in none of the subpolicies are satisfied.

If you select Inherit settings from parent policy in the scanner or filter settings page, an inherited policy (subpolicy) uses the same setting as the parent policy. However, if there is a detection, you can take a different action. Any changes to the settings in the parent or Master policy is reflected in these subpolicies.

Example: Creating a subpolicy to act on all email messages identified by MSME as a threat to be:
Quarantined — For all users
Logged, quarantined, and notify the administrator — For administrators
This simple example provides you more insight on when you might need a subpolicy.
Example — When do you need a subpolicy
Policy type Scanner Protection level Users Actions to take
Master policy Anti-virus Medium Protection All users Quarantine
Subpolicy Anti-virus High Protection Administrators Log, Quarantine, and Notify administrator
Restoring MSME to default setting removes the existing subpolicies. Make sure to back up the policies and settings using Export from Settings & Diagnostics | Import and Export Configuration | Configuration tab, before restoring MSME to factory settings.