2 Replies Latest reply on Aug 30, 2017 1:34 PM by kfordham281

    Threat Prevention Suspicious Attachment! Detection

    woody188

      Looking for any information on how Threat Prevention On-Access is making determinations on files received via email. It's set in ePO in the On-Access policy:

       

      Checking the box:   (Windows only)   turns on the scanning. It seems like it is going to quarantine anything that fits some specific rules, like a source process of OUTLOOK.EXE and a certain file header, ie PE32, a script file, etc. I have upper management asking me about this feature as it's been really effective against a lot of malspam these last few months and we'd like to know more about it. It's not mentioned in the ENS 10.5 Product Guide.

       

      McAfee, I give you a lot of grief over some things but this is something that seems to be working great. While it annoys some of our developers and power users it seems to be using actual common sense to block malspam attachments. Why no mention of this feature in any of the ENS or ePO help files or product guides or knowledge base?