McAfee Security for Microsoft Exchange 8.6.0

Detections

Displays all statistical information on how many emails scanned by MSME are clean and how many items triggered a detection. Based on the detection category, the respective counter is incremented.

The reported numbers indicate the number of emails and documents that trigger any of the detection methods. For example, if an email contains two virus attachments, the statistics for Viruses would be incremented by one and not two. Reporting statistics are based on email messages rather than individual files or detections and is more intuitive in a mail server environment.

If your MSME server is managed by ePolicy Orchestrator and if you restart the service or click the Reset button, these statistics vary in McAfee ePO reports due to the historical data stored in McAfee ePO. For more information on McAfee ePO reports, see Integrating MSME with ePolicy Orchestrator.

Icons used — Detections section
Icon Description
Provides additional information on the detection category when you place the cursor on the icon.
Indicates that the statistics of the respective detection category is available in the graph.
Indicates that the statistics of the respective detection category is unavailable in the graph.
The graphical icons and appear only when the <Select Detections> option is selected from the Graph drop-down list.

The following table provides you more information on each detection category.

Detection definitions
Category Additional information Description
Clean
If the email flow has more clean emails than the detections, enabling this icon for clean emails might suppress the graph of other categories. In such scenarios, disable the icon next to Clean category.
Legitimate email messages that do not pose a threat to the user and does not trigger any of the MSME scanners.
Spam This counter is available only if you have installed the McAfee Anti-Spam add-on. An unsolicited email message often sent in bulk to numerous recipients who have not requested or registered for it.
Scanned for spam All emails scanned by MSME for spam.
Detected as spam Emails that are identified as spam, but not quarantined due to policy settings.
Blocked as spam Emails that are identified as spam and quarantined due to policy settings.
Phish This counter is available only if you have installed the McAfee Anti-Spam add-on.

Phish or Phishing is a method used by individuals to obtain personal information by unfair or fraudulent means. This personal information can include your credit card details, passwords, and bank account login details. These emails mimic trusted sources like banks and legitimate companies. Usually these emails would request you to click on a link to verify or update certain personal details. Like spam, phishing emails are also sent out in bulk.

Phish detected Emails that are identified as phish, but not quarantined due to policy settings.
Phish blocked Emails that are identified as phish and quarantined due to policy settings.
Spoofed Mails This counter is available only if you have installed the McAfee Anti-Spam add-on.
SPF Hard Fail detected Emails that are identified as Hard Fail spoofed mails.
SPF Soft Fail detected Emails that are identified as Soft Fail spoofed mails.
IP Reputation This counter is available only if you have installed the McAfee Anti-Spam add-on.

A method of detecting threat from email messages based on the sending server's IP address. IP reputation score reflects the likelihood that a network connection poses a threat.

IP reputation leverages on McAfee Global Threat Intelligence (GTI) to prevent damage and data theft by blocking the email messages at the gateway based on the source IP address of the last email server.

MSME processes the message before it enters the organization by rejecting or dropping the connection based on the IP reputation score.

IP Encountered All emails that reach the MSME server.
IP Dropped Emails that were quarantined by MSME due to IP reputation feature. In this case, the sender is not notified about the email delivery status.
IP Rejected Emails that were quarantined by MSME due to IP reputation feature. In this case, the sender will be notified about the email delivery status.
Viruses   A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission. Some viruses attach to files, so when the infected file executes, the virus also executes. Other viruses sit in a computer’s memory and infect files as the computer opens, modifies, or creates files. Some viruses display symptoms, others damage files and computer systems, but neither is essential in the definition of a virus; a non-damaging virus is still a virus.
Viruses detected Virus which is detected in an incoming email and an appropriate action is taken based on the policy settings.
Viruses cleaned Virus which is removed from an incoming email and an appropriate action is taken based on the policy settings.
TIE and ATD Detections File reputations Supported file type attachments sent to the TIE server for the file reputation check.
Certificate reputations Signed and supported file type attachments sent to the TIE server for the certificate reputation check.
ATD submissions Supported file type attachments sent to the ATD server for a reputation check based on your acceptance category and file size.
Total TIE detections Supported file type attachments reputation verified by TIE.
Potentially Unwanted Programs   Potentially Unwanted Programs (PUP) are software programs written by legitimate companies that could alter the security or privacy policies of a computer on which they have been inadvertently installed. These programs could be downloaded along with a legitimate application that you might require.
PUP detected PUP which is detected in an incoming email and an appropriate action is taken based on the policy settings.
PUP blocked PUP which is removed from an incoming email and an appropriate action is taken based on the policy settings.
Banned File types and Messages   Certain types of file attachments are prone to viruses. The ability to block attachments by file extension is another layer of security for your mail system. Both internal and external email messages are checked for banned file types or messages.
Banned file types

Certain types of file attachments are prone to viruses. The ability to block attachments by file extension is another layer of security for your mail system.

Banned messages Certain email messages that you wish to ban from going through your mail system. Both internal and external mail are checked for banned content.
DLP and Compliance
To view available dictionaries, click the Category drop-down list from Policy Manager | Shared Resource | DLP and Compliance Dictionaries.

Stop the loss of sensitive information via email. MSME provides industry-leading email content analysis to provide the tightest control of sensitive content in any form to aid compliance with many state, national, and international regulations.

Prevent data leakage with the most extensive email Data Loss Prevention (DLP) in the industry that does pattern matching to detect data; policy-based message handling that prevents outbound data loss.

Unwanted Content   Unwanted Content is any content that the user would not like to receive through emails. The rules can be defined by certain words or phrases which would trigger a corresponding policy and block the email.
Packers A packed executable that decompresses and/or decrypts itself in memory while it is running, so that the file on disk is never similar to the memory image of the file. Packers are specially designed to bypass security software and prevent reverse engineering.
Encrypted/Corrupted content Email messages that cannot be categorized as having encrypted or corrupted content.
Encrypted content Some email messages can be encrypted, which means that the content of those email messages cannot be scanned.

Encrypted content policies specify how encrypted email messages are handled when detected.

Signed content Whenever information is sent electronically, it can be accidentally or willfully altered. To overcome this, some email software uses a digital signature - the electronic form of a handwritten signature.

A digital signature is extra information added to a sender's message, that identifies and authenticates the sender and the information in the message. It is encrypted and acts like a unique summary of the data. Typically, a long string of letters and numbers appear at the end of a received email message. The email software then re-examines the information in the sender's message, and creates a digital signature. If that signature is identical to the original, the data has not been altered.

If the email message contains a virus, bad content, or is too large, the software might clean or remove some part of the message. The email message is still valid, and can be read, but the original digital signature is 'broken'. The recipient cannot rely on the contents of the email message because the contents might also have been altered in other ways.

Corrupted content The content of some email messages can become corrupt, which means that the content of the email message cannot be scanned.

Corrupt content policies specify how email messages with corrupt content are handled when detected.

Denial of service A means of attack against a computer, server, or network. The attack is either an intentional or an accidental by-product of instruction code that is either launched from a separate network or Internet-connected system, or directly from the host. The attack is designed to disable or shut down the target, and disrupts the system's ability to respond to legitimate connection requests. A denial-of-service attack overwhelms its target with false connection requests, so that the target ignores legitimate requests.
Protected content The content of some email messages is protected, which means that the content of the email message cannot be scanned.

Protected content policies specify how email messages with protected content are handled when detected.

Password protected files It is possible to password protect a file that is sent by email. Password-protected files cannot be scanned.

Password-protected file policies specify how email messages that contain a password-protected file are handled.

Incomplete MIME messages Multipurpose Internet Mail Extensions (MIME) is a communications standard that enables the transfer of non-ASCII formats over protocols, like SMTP, that only support 7-bit ASCII characters.

MIME defines different ways of encoding the non-ASCII formats so that they can be represented using characters in the 7-bit ASCII character set.

If the content in the body of a MIME message is too large to pass through the mail transfer system, the body can be passed as a number of smaller MIME messages. These MIME messages are known as partial or incomplete MIME messages, because each MIME message contains only a fragment of the total message that must be transmitted.

Mail URL Reputation URLs detected Suspicious URLs in emails detected by URL Reputation.