Policy Exceptions

Policy exceptions reduce false positives. Configure exceptions to classify certain email messages as safe. Specify the safe senders, recipients, and X-header content, or add files, URLs, IP addresses and domains, and URL keywords. Safe email messages are discarded (BCC and SPAN/TAP mode) or delivered to the recipient (MTA mode) without further investigation.

Configuring Message Exceptions

TippingPoint Advanced Threat Protection for Email considers specified senders, recipients, or X-header content in the exceptions list safe.

Procedure

Go to Policy → Exceptions → Messages.

Specify email message exception criteria.

Senders
Recipients
X-header

Note

TippingPoint Advanced Threat Protection for Email ignores case-sensitivity for X-header exceptions.

TippingPoint Advanced Threat Protection for Email supports the use of the wildcard asterisk (*) character to specify an entire domain. For example, to create a Senders exception for the domain abc.com, type the following:

*@abc.com

Click Save.

Adding Object Exceptions

TippingPoint Advanced Threat Protection for Email passes email messages containing only safe files, URLs, IP addresses, and domains without further investigation. If an email message contains one safe URL and another unknown URL, TippingPoint Advanced Threat Protection for Email investigates the unknown URL. Virtual Analyzer also ignores safe files and URLs during sandbox analysis.

Procedure

Go to Policy → Exceptions → Objects.
Click Add.

Specify file, URL, IP address, or domain exception criteria.

For files, select File for the type and then specify the SHA-1 hash value.

Note

Threat Connect correlates suspicious objects detected in your environment and threat data from the Trend Micro Smart Protection Network to provide relevant and actionable intelligence.

For URLs, select URL for the type and then specify the web address.

Note

Specify a complete URL or use a wildcard (*) for subdomains.

For IP addresses, select IP address for the type and then specify the web address.
For domains, select Domain for the type and then specify the web address.

(Optional) Specify a note.
(Optional) Click Add more to specify multiple file, URL, IP address, or domain exception criteria at the same time.
1. Specify file, URL, IP address, or domain exception criteria.
2. Click Add to List. The criterion is added to the object list.
Click Add.

Managing Object Exceptions

Perform any of the following tasks to manage object exceptions. For details, see Adding Object Exceptions.

Procedure

Specify search filters to control the display and to view existing exceptions.

Modify the objects considered safe.

Option	Description
Add	Add a new object to the exceptions list. Optionally include a note to help you better understand the object exception.
Import	Select the CSV file to import. The format for each line is: <type>,<object>,[source],[notes] <type> values: IP address, Domain, URL, Files <object> values: IP address, domain, URL, or SHA-1 hash value (Optional) [source] values: Control Manager, Local (Optional) [notes]: Any additional information in any format Valid CSV examples: Links,www.example.com,local,customer can view this site IP address,10.10.10.10,,HR address Files,3395856CE81F2B7382DEE72602F798B642F14140,Control Manager,SHA-1 of CA certificate Domain,example.com,,Added
Delete	Delete the selected objects.
Delete All	Delete all objects.
Export	Export the selected objects.
Export All	Export the entire exceptions list to a CSV file.

Configuring URL Keyword Exceptions

URLs that contain any of the specified keywords are considered one-click URLs and will not be accessed by TippingPoint Advanced Threat Protection for Email.

Procedure

Go to Policy → Exceptions → URL Keywords.

Specify URL keywords.

Note

Specify one keyword per line.

Click Save.

$('#title').html($('meta[name=description]').attr('content'));