The Mail Threat Protection component scans incoming and outgoing email messages for viruses and other threats. It starts together with Kaspersky Endpoint Security, continuously remains active in computer memory, and scans all messages that are sent or received via the POP3, SMTP, IMAP, MAPI, and NNTP protocols. If no threats are detected in the email message, it becomes available and/or is processed.
When a threat is detected in an email message, the Mail Threat Protection component performs the following actions:
This status is assigned to the email message in the following cases:
This component interacts with mail clients installed on the computer. An embeddable extension is available for the Microsoft Office Outlook® mail client that lets you fine-tune the message scan settings. The Mail Threat Protection extension is embedded in the Microsoft Office Outlook mail client during installation of Kaspersky Endpoint Security.
Mail Threat Protection component settings
Parameter |
Description |
---|---|
Action on threat detection |
Disinfect; delete if disinfection fails. When an infected object is detected in an inbound or outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, Kaspersky Endpoint Security deletes the infected object. Kaspersky Endpoint Security adds information about the performed action to the message subject: Disinfect; block if disinfection fails. When an infected object is detected in an inbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, Kaspersky Endpoint Security adds a warning to the message subject: When an infected object is detected in an outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. If the object cannot be disinfected, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error. Block If an infected object is detected in an inbound message, Kaspersky Endpoint Security adds a warning to the message subject: If an infected object is detected in an outbound message, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error. Before attempting to disinfect or delete an infected email message, the Mail Threat Protection component creates a backup copy of it so that the message can be restored or disinfected later. |
POP3 / SMTP / NNTP / IMAP traffic |
If the check box is selected, the Mail Threat Protection component scans email messages that arrive via the POP3, SMTP, NNTP, and IMAP protocols before they are received on the computer. When the check box is cleared, the Mail Threat Protection component does not scan email messages that are transferred via the POP3, SMTP, NNTP, and IMAP protocols before they arrive on your computer. In this case, email messages are scanned by the Mail Threat Protection component plug-in that is embedded in the Microsoft Office Outlook email client after email messages arrive on the user's computer. |
Microsoft Office Outlook extension |
If the check box is selected, scanning of email messages transmitted via the POP3, SMTP, NNTP, IMAP, and MAPI protocols is enabled on the side of the extension integrated into Microsoft Office Outlook. If mail is scanned using the Mail Threat Protection extension for Outlook, it is recommended to use Cached Exchange Mode. For more detailed information about the Exchange caching mode and recommendations on its use, please refer to the Microsoft Knowledge Base. |
Do not scan archives larger than N MB |
If this check box is selected, the Mail Threat Protection component excludes archives attached to email messages from scanning if their size exceeds the specified value. A field for specifying the maximum size of archives attached to email messages. If the check box is cleared, the Mail Threat Protection component scans email attachment archives of any size. This feature can accelerate scanning of email messages. |
Do not scan archives for more than N sec |
If the check box is selected, the time that is allocated for scanning archives attached to email messages is limited to the specified period. A field for specifying the maximum time for scanning archives attached to email messages. |
Attachment filter |
The Attachment filter functionality is not applied to outgoing email messages.
In the list of file masks, you can specify the types of attached files to rename or delete from email messages. |
File masks |
A list of file masks that the Mail Threat Protection component either renames or deletes after filtering attachments in email messages. If the check box next to the file mask is selected, the Mail Threat Protection component renames or deletes files of this type when filtering email attachments. |