Views:
Use the APT Prevention Filter tab to configure the ScanMail actions for suspicious files for advanced persistent targeted attacks and latest or unknown security threats.
Note
Note
You MUST configure and start the Deep Discovery Advisor before configuring APT Prevention Filter. See Configuring Deep Discovery Advisor Settings and Starting Deep Discovery Advisor Agent for the procedures.
To configure APT Prevention Filter options:
  1. Under Scan Options click the APT Prevention Filter tab.
  2. Select Send messages to Deep Discovery Advisor for analysis.
    Note
    Note
    The Deep Discovery Advisor uses simulators to identify potentially harmful behaviors shown by suspicious files. It can identify files used in advanced persistent targeted attacks and latest or unknown security threats.
  3. In the Scan Settings section of the APT Prevention Filter tab, configure the APT prevention filter options as follows:
    • Select which messages to scan from the following options:
      • Incoming messages only (recommended)
      • Incoming and outgoing messages
    • Select which attachments to scan from the following options:
      • Highly recommendable file types
        • Suspicious files detected by Advanced Threat Scan engine (ATSE)
          Note
          Note
          To use APT Prevention Filter option, you must enable Advanced Threat Scan Engine in Security Risk Scan tab. See Configuring Security Risk Scan for the procedure.
          The APT Prevention Filter is not supported on Windows 32-bit version.
        • Microsoft Office files with macros
        • Scripts (such as JavaScript and others)
        • Microsoft Windows executable files (.exe)
      • Files with specified types: ScanMail can open, organize, and scan the contents of more than 200 file formats—including Notes database formats, the wide variety of file types that may be attached therein. Selecting Files with specified types allows you to:
        • Click Edit to modify the file type groups in ScanMail File Types database.
        • Specify which file types to scan: Archives, Executables and applications, Pictures, Audio/Video, Flash files, Documents, Others.
        • Type new file types or click dropdown.png to select types for True file type(s).
        Note
        Note
        Be aware that modifying the file type groups in APT Prevention Filter will also update the file type groups information in Attachment Filter.
  4. In the Security Level section, select the security level for SMD to apply actions from the following options:
    • High: Apply action on all messages exhibiting any suspicious behavior
    • Medium: Apply action on messages with a moderate to high probability of being malicious
    • Low: Apply action only on messages with a high probability of being malicious
  5. In Action section, select the filtering action: Pass, Quarantine, Block, or Delete attachment.
  6. In the Notification section, select the notification options for when a suspicious file is identified by the APT prevention filter.
  7. In the Email Stamp section, define the email stamp settings for notification emails.
  8. Click Save & Close.
Related information
Keywords: attachment file name