Views:
IMSVA leverages ATSE to determine which messages are sent to Virtual Analyzer. When enabled, ATSE provides an additional layer of protection against advanced threats, such as document exploits and other threats used in targeted attacks.
ATSE detections are identifiable through the prefixes HEUR, EXPL and AFI MACRO. If the detection name contains one of these prefixes, IMSVA:
  • Sends the entire message (including attachments) to Virtual Analyzer for further analysis.
  • Determines further action based on the analysis result from Virtual Analyzer.
Virtual Analyzer assigns a risk level to each analyzed message. IMSVA queries this risk level approximately 60 seconds after sending the message to Virtual Analyzer. After receiving the risk level, IMSVA determines whether the message is a clean message, a Probable advanced threat, or an Analyzed advanced threat based on the risk level and the security level that you select on the IMSVA management console.