Hello all
I am trying to get a feel for how other users of Norton/Symantec Email Security have their policies setup.
Basic Virus scanning:
Unscannable File Rule --> Delete or quarantine?
Encrypted File Rule --> Delete or quarantine?
basic outbreak settings?
ANTIVIRUS SETTINGS:
Basic file rule --> delete entire message?
Unrepairable file rule --> delete entire message?
Security Risk rule --> enabled? --? delete or quarantine?
HEURISITIC DETECTION:
SCL settings? Reject messages? Prevent Delivery?
CONTENT FILTERING:
blocked attachments?
-- block all and allow exceptions?
-- allow all and block exceptions?
--quarantine or delete??
blocked subjects?
-- use default match lists?
-- quarantine or delete?
blocked message body?
-- quarantine or delete?
I am using the newest version of SMSMSE 5.0.3
During installation of the program, my collegues who installed the thing without me turned on the default content filtering rules that come with the program, enabled them, and didnt bother to look at them.
The very first night after install, SMSMSE was told to scan the entire message store (all of our users mailboxes) and quarantine any attachment on any email that wasnt a .doc .xls .ppt .pdf .rtf or .txt file. So basically any other type of attachment was grabbed and quarantined in our entire email store.
What happened was, we had over 5k items in quarantine, with no way to restore the items to the original emails.
We have decided to release all to an admin email box, and will have to do digging if anyone ever asks us why they cant lookup an old or archived attachment.
Anyways, I'm trying to remedy the problem and setup this program the way it should be working.
We did not get the premium anti-spam add-on yet but i am pushing for it.
I really do not like the way Symantec offers both information about blocked and quarantined items (not enough info to show you exactly WHY it was blocked, what words caused the errors) and also how they offer so few options to un-do a quarantine.
I would love to hear feedback about nightmare stories about the product, and also recommendations about content filtering policies, and also whatever else you may have to say.
Mike in FLA
I am trying to get a feel for how other users of Norton/Symantec Email Security have their policies setup.
Basic Virus scanning:
Unscannable File Rule --> Delete or quarantine?
Encrypted File Rule --> Delete or quarantine?
basic outbreak settings?
ANTIVIRUS SETTINGS:
Basic file rule --> delete entire message?
Unrepairable file rule --> delete entire message?
Security Risk rule --> enabled? --? delete or quarantine?
HEURISITIC DETECTION:
SCL settings? Reject messages? Prevent Delivery?
CONTENT FILTERING:
blocked attachments?
-- block all and allow exceptions?
-- allow all and block exceptions?
--quarantine or delete??
blocked subjects?
-- use default match lists?
-- quarantine or delete?
blocked message body?
-- quarantine or delete?
I am using the newest version of SMSMSE 5.0.3
During installation of the program, my collegues who installed the thing without me turned on the default content filtering rules that come with the program, enabled them, and didnt bother to look at them.
The very first night after install, SMSMSE was told to scan the entire message store (all of our users mailboxes) and quarantine any attachment on any email that wasnt a .doc .xls .ppt .pdf .rtf or .txt file. So basically any other type of attachment was grabbed and quarantined in our entire email store.
What happened was, we had over 5k items in quarantine, with no way to restore the items to the original emails.
We have decided to release all to an admin email box, and will have to do digging if anyone ever asks us why they cant lookup an old or archived attachment.
Anyways, I'm trying to remedy the problem and setup this program the way it should be working.
We did not get the premium anti-spam add-on yet but i am pushing for it.
I really do not like the way Symantec offers both information about blocked and quarantined items (not enough info to show you exactly WHY it was blocked, what words caused the errors) and also how they offer so few options to un-do a quarantine.
I would love to hear feedback about nightmare stories about the product, and also recommendations about content filtering policies, and also whatever else you may have to say.
Mike in FLA
