Moved to Advanced Threat Defense for better visibility
now I cant edit it
Can you give a bit more detail about what happened? It sounds like a link came through... was the link embedded in a file or directly in the email? What type of file was it?
HI David, thought I would respond to this... what I realized was that as long as the hacker has the email account open, they can continue to reset the rule when it is deleted and continue to do their mess. So the device was not infected, we just had a live hacker and had to wait for them to get out of the account. We did disable the account so it could not send or receive and eventually they got off.
We did purchase the ATD for email and that has helped a lot and we recently placed the McAfee ATD/TIE system and are working on pushing that out to all clients. Things are much better