Mail Threat Protection

for Windows, macOS, and Linux

The Mail Threat Protection component scans the attachments of incoming and outgoing email messages for viruses and other threats. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.

Mail Threat Protection can scan both incoming and outgoing messages. The application supports the POP3, SMTP, IMAP, NNTP protocols.

Supported mail clients

Mail Threat Protection may not always be able to gain protocol-level access to messages (for example, when using the Microsoft Exchange solution). For this reason, Mail Threat Protection includes an extension for Microsoft Office Outlook. The extension allows scanning messages at the level of the mail client. The Mail Threat Protection extension supports operations with Outlook 2010, 2013, 2016, 2019, and 2021.

The Mail Threat Protection component does not scan messages if the mail client is open in a browser.

When a malicious file is detected in an attachment, Kaspersky Endpoint Security adds information about the performed action to the message subject, for example, [Message has been processed] <message subject>.

Mail Threat Protection settings

Settings	OS	Description
Scan exclusions	`Windows` `macOS` `Linux`	A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible for the safe use of legitimate software that can be exploited by criminals to damage a computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website. Kaspersky Endpoint Security supports environment variables and the `*` and `?` characters when entering a mask.
Action on threat detection	`Windows` `macOS` `Linux`	Disinfect, delete if disinfection fails. When an infected object is detected in an inbound or outbound message, the application attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, the application deletes the infected object. The application adds information about the performed action to the message subject, for example, [Message has been processed] <message subject>. Disinfect, block if disinfection fails. When an infected object is detected in an inbound message, the application attempts to disinfect the detected object. The user will be able to access the message with a safe attachment. If the object cannot be disinfected, the application adds a warning to the message subject. The user will be able to access the message with the original attachment. When an infected object is detected in an outbound message, the application attempts to disinfect the detected object. If the object cannot be disinfected, the application blocks transmission of the message, and the mail client shows an error. Block. If an infected object is detected in an inbound message, the application adds a warning to the message subject. The user will be able to access the message with the original attachment. If an infected object is detected in an outbound message, the application blocks transmission of the message, and the mail client shows an error.
Scan POP3, SMTP, NNTP, and IMAP traffic	`Windows` `macOS` `Linux`	Scanning by the Mail Threat Protection component of traffic that is transferred via the POP3, SMTP, NNTP, and IMAP protocols.
Connect Microsoft Outlook extension	`Windows`	If the check box is selected, scanning of email messages transmitted via the POP3, SMTP, NNTP, IMAP protocols is enabled on the side of the extension integrated into Microsoft Outlook. The application can scan incoming and outgoing messages from Microsoft Outlook at different stages: Scan when receiving. If this check box is selected, the application uses Mail Threat Protection when receiving messages via Microsoft Outlook. Scan when reading. Scan when sending. If mail is scanned using the extension for Microsoft Outlook, it is recommended to use Cached Exchange Mode. For more detailed information about Cached Exchange Mode and recommendations on its use, refer to the Microsoft Knowledge Base.
Do not scan archives larger than (MB)	`Windows` `macOS`	If this check box is selected, the Mail Threat Protection component excludes archives attached to email messages from scanning if their size exceeds the specified value. If the check box is cleared, the Mail Threat Protection component scans email attachment archives of any size.
Limit the time for checking objects to (sec)	`Windows` `macOS` `Linux`	If the check box is selected, the time that is allocated for scanning archives attached to email messages is limited to the specified period.
Attachment filter	`Windows` `Linux`	The attachment filter determines the action that Mail Threat Protection applies to files attached to email messages. The attachment filter is not applied to outgoing email messages. Do not modify attachments. If this option is selected, the Mail Threat Protection component does not filter files that are attached to email messages. Rename attachments of selected types. If this option is selected, the Mail Threat Protection component will replace the last extension character found in the attached files of the specified types with the underscore character (for example, attachment.doc_). Thus, in order to open the file, the user must rename the file. Delete attachments of selected types. If this option is selected, the Mail Threat Protection component deletes attached files of the specified types from email messages. In the list of file masks, you can specify the types of attached files to rename or delete from email messages.

Page top