1 Reply Latest reply: Jan 8, 2014 3:06 PM by jfults RSS

    MEG Categories

    xsymbianx

      Can someone define these categories for me?

       

       

       

      • virus
      • potentially unwanted programs
      • compliance
      • image analysis
      • URL reputation
      • dlp
      • spam and phish
      • sender authentication and reputation
      • other detections
      • monitored
      • legitimate
        • 1. Re: MEG Categories

          Hello,

           

               Answers are below: 

           

          Virus - These would be Virus Detections against McAfee Engine or Dats or Authentium Engine and Dats where action is taken.

           

          Potentially unwanted programs - Any files attached to emails which are identified as a unwanted program which are blocked.

           

          Compliance - MEG has default compliance rules for HIPPA, SOX, and other content which can identify items like SSN for example to be blocked.

           

          Image analysis - Offensive Content sexual in nature that is scored by MEG which is logged as image analysis when blocked.

           

          URL reputation - Blocked URLs in Emails that are based from McAfee's GTI Database.

           

          DLP - This is for emails that trigger Data Loss Prevention which detects documents uploaded to the DLP Database and Polices on MEG.

           

          Spam and Phish - Detections / Blocks against Spam Emails that score by default 10 or higher.  Phishing uses the same similar Anti-Spam engine and

          rules to detect and block these.

             

          Sender authentication and reputation - Emails blocked and added to the deny connection list by default for GTI / RBL.  Other exampls are SPF, Sender ID, DKIM, FCrDNS as an example under Email, Email Policies, Sender Authentication. 

           

          Other detections - Can be email block for items such as DOS and Scan Time out setting configured.

             

          Monitored - Emails which are modified are generally logged as Monitored.  An example is Anti-Spam Scanning as an example can set for a reporting threshold on email with a spam score of 5 or higher by default.

             

          Legitimate - Emails which are not blocked and would be allowed through.  This can be viewed under Reports, Email Reports, Detail View when filtering on Legitimate emails.

           

          Here is a screen shot as well from our appliance:

           

          Capture.JPG