Mail Threat Protection

The Mail Threat Protection component scans the attachments of incoming and outgoing email messages for viruses and other threats. The component also scans messages for malicious and phishing links. By default, the Mail Threat Protection component permanently resides in the computer's RAM and scans all messages received or sent using the POP3, SMTP, IMAP, or NNTP protocols, or the Microsoft Office Outlook mail client (MAPI). The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.

The Mail Threat Protection component does not scan messages if the mail client is open in a browser.

When a malicious file is detected in an attachment, Kaspersky Endpoint Security renames the message subject: [Message is infected] <message subject> or [Infected object deleted] <message subject>.

This component interacts with mail clients installed on the computer. For the Microsoft Office Outlook mail client, an extension with additional parameters is provided. The Mail Threat Protection extension is embedded in the Microsoft Office Outlook mail client during installation of Kaspersky Endpoint Security.

Mail Threat Protection component settings

Parameter

Description

Action on threat detection

Disinfect; delete if disinfection fails. When an infected object is detected in an inbound or outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment.

If the object cannot be disinfected, Kaspersky Endpoint Security deletes the infected object. Kaspersky Endpoint Security adds information about the performed action to the message subject: [Infected object was deleted] <message subject>.

Disinfect; block if disinfection fails. When an infected object is detected in an inbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, Kaspersky Endpoint Security adds a warning to the message subject: [Message infected] <message subject>. The user will be able to access the message with the original attachment.

When an infected object is detected in an outbound message, Kaspersky Endpoint Security attempts to disinfect the detected object. If the object cannot be disinfected, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error.

Block If an infected object is detected in an inbound message, Kaspersky Endpoint Security adds a warning to the message subject: [Message infected] <message subject>. The user will be able to access the message with the original attachment.

If an infected object is detected in an outbound message, Kaspersky Endpoint Security blocks transmission of the message, and the mail client shows an error.

POP3 / SMTP / NNTP / IMAP traffic

The check box enables / disables scanning by the Mail Threat Protection component of traffic that is transferred via the POP3, SMTP, NNTP, and IMAP protocols.

Microsoft Office Outlook extension

If the check box is selected, scanning of email messages transmitted via the POP3, SMTP, NNTP, IMAP protocols is enabled on the side of the extension integrated into Microsoft Office Outlook.

If mail is scanned using the extension for Microsoft Office Outlook, it is recommended to use Cached Exchange Mode. For more detailed information about the Exchange caching mode and recommendations on its use, please refer to the Microsoft Knowledge Base.

Do not scan archives larger than N MB

If this check box is selected, the Mail Threat Protection component excludes archives attached to email messages from scanning if their size exceeds the specified value.

If the check box is cleared, the Mail Threat Protection component scans email attachment archives of any size.

Do not scan archives for more than N sec

If the check box is selected, the time that is allocated for scanning archives attached to email messages is limited to the specified period.

Attachment filter

Attachment filter is not applied to outgoing email messages.

Disable filtering. If this option is selected, the Mail Threat Protection component does not filter files that are attached to email messages.

Rename attachments of selected types. If this option is selected, the Mail Threat Protection component replaces the last character in attached files of the specified types with the underscore (_) symbol.

Delete attachments of selected types. If this option is selected, the Mail Threat Protection component deletes attached files of the specified types from email messages.

In the list of file masks, you can specify the types of attached files to rename or delete from email messages.

See also: Managing the application via the local interface

Enabling and disabling Mail Threat Protection

Changing the mail security level

Changing the action to take on infected email messages

Forming the protection scope of the Mail Threat Protection component

Scanning compound files attached to email messages

Filtering email message attachments

Scanning emails in Microsoft Office Outlook
Page top