IMSS leverages ATSE to determine which messages are sent to Deep Discovery Advisor. When enabled, ATSE provides an additional layer of protection against advanced threats, such as document exploits and other threats used in targeted attacks.

ATSE detections are identifiable through the prefixes HEUR and EXPL. If the detection name contains one of these prefixes, IMSS:

Deep Discovery Advisor assigns a risk level to each analyzed message. IMSS queries this risk level approximately 15 minutes after sending the message to Deep Discovery Advisor. After receiving the risk level, IMSS logs the detection as a Probable advanced threat or an Analyzed advanced threat based on the risk level and the security level that you select on the IMSS management console.