McAfee Security for Microsoft Exchange 8.6.0

Product features

The main features of MSME are described in this section.

McAfee® Threat Intelligence Exchange (TIE) integration for file reputation check — Supports TIE file reputation check for email attachments. It quickly analyzes files and makes informed decisions by validating the file reputation based on the information received from several sources connected to the TIE server in your environment. When the email contains a compressed file, the files are extracted and the supported types of files are sent for TIE reputation. For the list of supported compressed files, see KB89577.
McAfee® Advanced Threat Defense reputation check for files MSME now supports Advanced Threat Defense, an on-premise appliance that facilitates detection and prevention of malware through TIE. With Advanced Threat Defense protection, you can protect your systems from known, near-zero day, and zero-day malware without compromising on the quality of service to your network users.
Protection from Email spoofing — Protects your systems from spoofing emails.
Exclude large emails from scanning — You can now exclude emails from on-access scanning based on the size of an email.
Block emails from specific IP addresses — You can now blacklist a specific IP address, or range of IP addresses, from sending emails to your organization regardless of the IP address reputation score.
Support for Microsoft Exchange 2016 — Supports Microsoft Exchange 2016 Cumulative Update (CU) 3 and later.
Support for Microsoft Windows Servers 2016 — Supports Microsoft Windows 2016 64-bit server operating system.
Browser enhancements — Microsoft Internet Explorer 11.1066, Mozilla Firefox 54.0.1, and Google Chrome 59.0.3071.115.
Make sure that you disable the pop-up blocker in the browser settings to access the product web interface.

Other features

Protection from viruses — Scans all email messages for viruses and protects your Exchange server by intercepting, cleaning, and deleting the viruses that it detects. MSME uses advanced heuristic methods and identifies unknown viruses or suspected virus-like items and blocks them.
Protection from spam — Helps you save bandwidth and the storage space required by your Exchange servers by assigning a spam score to each email message as it is scanned and by taking pre-configured actions on those messages.
Protection from phishing — Detects phishing emails that fraudulently try to obtain your personal information.
Protection from malicious URLs — Protects your system from malicious URLs. When enabled, MSME scans each URL in the email body, gets the reputation score of the link, compares the score with the defined threshold, and takes appropriate action according to the configuration.
Capability to detect packers and potentially unwanted programs — Detects packers that compress and encrypt the original code of an executable file. It also detects potentially unwanted programs (PUPs), that are software programs written by legitimate companies to alter the security state or privacy state of a computer.
Content filtering — Scans content and text in the subject line or body of an email message and an email attachment. MSME supports content filtering based on regular expressions (regex).
File filtering — Scans an email attachment depending on its file name, type, and size of the attachment. MSME can also filter files containing encrypted, corrupted, password-protected, and digitally signed content.
DLP and compliance — Ability to ensure that email content is in accordance with your organization’s confidentiality and compliance policies. Pre‑defined compliance dictionaries include:
Addition of 60 new DLP and Compliance dictionaries
Support for industry specific compliance dictionaries — HIPAA, PCI, Source Code (Java, C++ etc.)
Improvements to existing phrase based detections.
Reduced false positives, due to enhanced capabilities in detecting non‑compliant content, based on the Threshold score and in combination with the maximum term count (occurrence).
Customize policies for content security and Data Loss Prevention (DLP).
IP reputation — A method of detecting threat from email messages based on the sending server's IP address. IP Reputation Score reflects the likelihood that a network connection poses a threat. IP reputation leverages on McAfee Global Threat Intelligence (GTI) to prevent damage and data theft by blocking the email messages at the gateway based on the source IP address of the last email server. MSME processes the message before it enters the organization by rejecting or dropping the connection based on the IP reputation score.

Advanced On-Demand scan — Ability to perform granular‑level on‑demand scan on Exchange Server 2010 & 2013, resulting in faster on‑demand scans. You can schedule on‑demand scans based on these filters; Subject, Attachments, Sender/Recipient/CC, Mail Size, Message ID, Unread items, and Time duration.

Background scanning — Facilitates scanning of all files in the information store. You can schedule background scanning to periodically scan a selected set of messages with the latest engine updates and scanning configurations. In MSME, you can exclude mailboxes that you don't want to be scanned.
Product Health Alerts — These are notifications on the status of the product's health. You can configure and schedule these alerts.
Integrate with McAfee ePolicy Orchestrator 5.1.x, 5.3.x, and 5.9.x — Integrates with ePolicy Orchestrator 5.1.x, 5.3.x, and 5.9.x to provide a centralized method for administering and updating MSME across your Exchange servers. This reduces the complexity of, and the time required to, administer and update various systems.
Web-based user interface — Provides a user-friendly web-based interface based on DHTML.
Policy Management — The Policy Manager menu option in the product user interface lists different policies you can set up and manage in MSME.
Centralized scanner, filter rules, and enhanced alert settings — Using scanners, you can configure settings that a policy can apply when scanning items. Using File Filtering rules, you can set up rules that apply to a file name, file type, and file size.
On-demand/time-based scanning and actions — Scans email messages at convenient times or at regular intervals.
Multipurpose Internet Mail Extensions (MIME) scanning — A communications standard that enables you to transfer non-ASCII formats over protocols (such as SMTP) that support only 7-bit ASCII characters.
Quarantine management — You can specify the local database to be used as a repository for quarantining infected email messages. You can choose to store quarantined messages on your own server running McAfee Quarantine Manager, which is called the Off-box quarantine.
Auto-update of virus definitions, Extra DATs, anti-virus and anti-spam engine — Regularly provides updated DAT files, anti-virus scanning engine, and anti-spam engine to detect and clean the latest threats.
Retention and purging of old DATs — Retain old DAT files for periods you define or purge them as needed.
Support for Site List editor — Specify a location from which to download automatic updates for MSME.
Support for Small Business ServerMSME is compatible with Small Business Servers.
Detection reports — Generates status reports and graphical reports that enable you to view information about detected items.
Configuration reports — Summarizes product configuration such as information about the server, version, license status and type, product, debug logging, on-access settings, on-access policies, and gateway policies. You can specify when your server needs to send the configuration report to the administrator.
Denial-of-service attacks detection — Detects additional requests or attacks flooding and interrupting the regular traffic on a network. A denial-of-service attack overwhelms its target with false connection requests, so that the target ignores legitimate requests. MSME considers these three scenarios as Denial-of-service attacks:
Scanning time exceeds the defined time
Nested level exceeds the defined level
Expandable file size limit for archived files exceeds the defined size
Advanced notifications — Forward the quarantined emails for compliance audit to multiple users, based on the detection category.
Support for VMware workstation 7.0 or later, and VMware ESX 5.5.