Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
230 Views 1 Reply Latest reply: Jan 8, 2014 3:06 PM by jfults RSS
xsymbianx Newcomer 2 posts since
Jan 7, 2014
Currently Being Moderated

Jan 7, 2014 8:06 AM

MEG Categories

Can someone define these categories for me?




  • virus
  • potentially unwanted programs
  • compliance
  • image analysis
  • URL reputation
  • dlp
  • spam and phish
  • sender authentication and reputation
  • other detections
  • monitored
  • legitimate
  • jfults McAfee Employee 13 posts since
    Nov 20, 2009
    Currently Being Moderated
    1. Jan 8, 2014 3:06 PM (in response to xsymbianx)
    Re: MEG Categories



         Answers are below: 


    Virus - These would be Virus Detections against McAfee Engine or Dats or Authentium Engine and Dats where action is taken.


    Potentially unwanted programs - Any files attached to emails which are identified as a unwanted program which are blocked.


    Compliance - MEG has default compliance rules for HIPPA, SOX, and other content which can identify items like SSN for example to be blocked.


    Image analysis - Offensive Content sexual in nature that is scored by MEG which is logged as image analysis when blocked.


    URL reputation - Blocked URLs in Emails that are based from McAfee's GTI Database.


    DLP - This is for emails that trigger Data Loss Prevention which detects documents uploaded to the DLP Database and Polices on MEG.


    Spam and Phish - Detections / Blocks against Spam Emails that score by default 10 or higher.  Phishing uses the same similar Anti-Spam engine and

    rules to detect and block these.


    Sender authentication and reputation - Emails blocked and added to the deny connection list by default for GTI / RBL.  Other exampls are SPF, Sender ID, DKIM, FCrDNS as an example under Email, Email Policies, Sender Authentication. 


    Other detections - Can be email block for items such as DOS and Scan Time out setting configured.


    Monitored - Emails which are modified are generally logged as Monitored.  An example is Anti-Spam Scanning as an example can set for a reporting threshold on email with a spam score of 5 or higher by default.


    Legitimate - Emails which are not blocked and would be allowed through.  This can be viewed under Reports, Email Reports, Detail View when filtering on Legitimate emails.


    Here is a screen shot as well from our appliance:



More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points