1 Reply Latest reply: Jan 8, 2014 3:06 PM by jfults RSS

    MEG Categories


      Can someone define these categories for me?




      • virus
      • potentially unwanted programs
      • compliance
      • image analysis
      • URL reputation
      • dlp
      • spam and phish
      • sender authentication and reputation
      • other detections
      • monitored
      • legitimate
        • 1. Re: MEG Categories



               Answers are below: 


          Virus - These would be Virus Detections against McAfee Engine or Dats or Authentium Engine and Dats where action is taken.


          Potentially unwanted programs - Any files attached to emails which are identified as a unwanted program which are blocked.


          Compliance - MEG has default compliance rules for HIPPA, SOX, and other content which can identify items like SSN for example to be blocked.


          Image analysis - Offensive Content sexual in nature that is scored by MEG which is logged as image analysis when blocked.


          URL reputation - Blocked URLs in Emails that are based from McAfee's GTI Database.


          DLP - This is for emails that trigger Data Loss Prevention which detects documents uploaded to the DLP Database and Polices on MEG.


          Spam and Phish - Detections / Blocks against Spam Emails that score by default 10 or higher.  Phishing uses the same similar Anti-Spam engine and

          rules to detect and block these.


          Sender authentication and reputation - Emails blocked and added to the deny connection list by default for GTI / RBL.  Other exampls are SPF, Sender ID, DKIM, FCrDNS as an example under Email, Email Policies, Sender Authentication. 


          Other detections - Can be email block for items such as DOS and Scan Time out setting configured.


          Monitored - Emails which are modified are generally logged as Monitored.  An example is Anti-Spam Scanning as an example can set for a reporting threshold on email with a spam score of 5 or higher by default.


          Legitimate - Emails which are not blocked and would be allowed through.  This can be viewed under Reports, Email Reports, Detail View when filtering on Legitimate emails.


          Here is a screen shot as well from our appliance: