McAfee Security for Microsoft Exchange 8.6.0

Available primary search filters

Search filters enable you to define the search criteria and provide more efficient and effective searches from the quarantine database.

The available primary search filter option varies based on the detected item category you have selected. These search filters appear in the View Results section of the detected item category.

Use Columns to display in the View Results section, to select the search filters that you want to view.
Detected Items — Primary search filters
Search filter Definition
Action taken Search for an item based on the action that was taken on it. The actions taken by MSME are:
Clean Denied Access
Cleaned Logged
Deleted Replaced
Deleted Message Rejected
Anti-Spam Engine Search for an item based on the anti-spam engine that scans email messages for spam and phishing attacks.

To view the current Anti-Spam Engine used, go to Dashboard | Versions & Updates | Update Information | Anti-Spam Engine | Rules Version. For example, the Anti-Spam Engine version appears in this format: 9286

Anti-Spam Rule Search for an item based on the anti-spam rules that are updated every few minutes to catch the latest spam campaigns sent by spammers.

To view the current Anti-Spam Rule used, go to Dashboard | Versions & Updates | Update Information | Anti-Spam Engine | Rules Version. For example, the rule version appears in this format: core:4373:streams:840082:uri:1245250

Anti-Virus DAT Search for an item based on the anti-virus DAT version with a distinctive signature.

To view the current Anti-Virus DAT used, go to Dashboard | Versions & Updates | Update Information | Anti-Virus Engine | DAT Version | Extra Drivers. For example, the DAT version appears in this format: 6860.0000

Anti-Virus Engine Search for an item based on the anti-virus engine that had a sequence of characters unique to a virus/unwanted content.

To view the current Anti-Virus Engine used, go to Dashboard | Versions & Updates | Update Information | Anti-Virus Engine | DAT Version | Extra Drivers. For example, the Anti-Virus Engine version appears in this format: 5400.1158

Banned Phrases Search by the content of banned phrases that are defined in the DLP and Compliance Rules under Policy Manager | Shared Resource | DLP and Compliance Dictionaries.
Detection Name Search for a detected item based on its name.
File Name Search by the name of the detected file in the quarantined item.

To view the File Name used, go to Policy Manager | Shared Resource | DLP and Compliance Dictionaries | File Filtering Rules.

Folder Search by the folder where quarantined items are stored such as a user's mailbox.
The folder will not be available if the email is quarantined at the On-Access (Transport) level.
IP Reputation Score Search for an item based on the sender's IP Reputation Score. The items quarantined are based on the IP reputation threshold specified under Settings & Diagnostics | Anti-Spam | McAfee GTI IP reputation.
This filter is available only if you have installed the McAfee Anti-Spam add-on.
Policy Name Search for an item by a policy name such as a Master policy or sub-policy that detected the item.
Reason Search for an item based on the reason why it was detected. This could be based on the scanners and filters such as Anti-Virus, Anti-Spam, Anti-Phish, DLP and Compliance, and so on.
Reasons Search by a rule or rules that were triggered by a particular email. Use this if an item has triggered multiple scanners or filters. For example, if a spam email contains a virus, the Reasons are Anti-Spam and Anti-Virus.
Recipients Search for an item through the recipient's email address.
Reputation Score Search by the authenticity level of the source of the email based on up to date information available. The items quarantined are based on the Message reputation threshold specified under Settings & Diagnostics | Anti-Spam | McAfee GTI message reputation.
This filter is available only if you have installed the McAfee Anti-Spam add-on.
Rule Name Search for an item based on the rule that triggered one or more scanners/filters. The rule that triggered the scanner or filter is based on the Actions set for each policy.
Scanned by Search for an item by the scanner name that detected the item.
Sender Search for an item by the sender's email address.
Sender IP Search for an item by the IP address of the sender's system. The items quarantined are based on the IP reputation threshold specified under Settings & Diagnostics | Anti-Spam | McAfee GTI IP reputation.
This filter is available only if you have installed the McAfee Anti-Spam add-on.
Server Search for an item based on the computer name.
Spam Score Search for an item based on the spam score, which is a number that indicates the amount of potential spam contained within an email message. The engine applies anti-spam rules to each email message it scans. Each rule is associated with a score.

To assess the risk that an email message contains spam, these scores are added together to give an overall spam score for that email message. The higher the overall spam score, the higher the risk that the email messages contains spam.

This filter is available only if you have installed the McAfee Anti-Spam add-on.
State Search for an item based on its current status. The available items states are:
Untrained — Items that are not acted upon such as purged, released, forwarded or deleted. The initial state of all items will be Untrained.
Released — Items that are released from the quarantine database.
In Quarantine Manager Queue — Items that are currently in the queued in the McAfee Quarantine Manager database.
Forwarded — Items that are forwarded to the intended recipients.
Subject Search for an item based on the subject line of the email message.
Task Search for an item based on the scan task name which can be an On-Access (VSAPI), On-Access (Transport) scan task or On-Demand scan task. The on-access scan task that appears in the View Results section is based on the settings you have enabled under Settings & Diagnostics | On-Access Settings. To know whether the item was detected due to an on-demand scan task, go to Dashboard | On-Demand Scans.
Ticket Number Search for an item based on the ticket number, which is a unique alphanumeric identifier assigned to a specific detection and delivered as a notification through email. It helps identify the associated detection.
TIE Score Search for items based on the TIE score reputation.
The primary search filters applicable to Spam, Phish and, IP Reputation detection category are available only if you have installed the McAfee Anti-Spam add-on component.