Mail Threat Protection

for Windows

The Mail Threat Protection component scans the attachments of incoming and outgoing email messages for viruses and other threats. The component provides computer protection with the help of anti-virus databases, the Kaspersky Security Network cloud service, and heuristic analysis.

Mail Threat Protection can scan both incoming and outgoing messages. The application supports POP3, SMTP, IMAP, and NNTP in the following mail clients:

Microsoft Office Outlook
Mozilla Thunderbird
Windows Mail
MyOffice Mail
R7-Office Organizer

To scan traffic in Mozilla Thunderbird, MyOffice Mail and R7-Office Organizer mail clients, you need to add Kaspersky certificate to the certificate store and select the own certificate store.

Mail Threat Protection does not support other protocols and mail clients.

The Mail Threat Protection component does not scan messages if the mail client is open in a browser.

When a malicious file is detected in an attachment, Kaspersky Endpoint Security adds information about the performed action to the message subject, for example, [Message has been processed] <message subject>.

Mail Threat Protection settings for Pro View

Parameter	OS	Description
Scan exclusions	`Windows`	A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats. Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that can be used by intruders to damage your computer or personal data, please refer to the Kaspersky IT Encyclopedia website. Kaspersky Endpoint Security supports environment variables and the `*` and `?` characters when entering a mask.
Security level	`Windows`	For Mail Threat Protection, the application can apply different groups of settings. These groups of settings that are stored in the application are called security levels: Max protection. When this email security level is selected, the Mail Threat Protection component scans email messages most thoroughly. The Mail Threat Protection component scans incoming and outgoing email messages, and performs deep heuristic analysis. The High mail security level is recommended for high-risk environments. An example of such an environment is a connection to a free email service from a home network that is not guarded by centralized email protection. Recommended. The email security level that provides the optimal balance between the performance of the application and email security. The Mail Threat Protection component scans incoming and outgoing email messages, and performs medium-level heuristic analysis. This mail traffic security level is recommended by Kaspersky specialists. Max performance. When this email security level is selected, the Mail Threat Protection component only scans incoming email messages, performs light heuristic analysis, and does not scan archives that are attached to email messages. At this mail security level, the Mail Threat Protection component scans email messages at maximum speed and uses a minimum of operating system resources. The Low mail security level is recommended for use in a well-protected environment. An example of such an environment might be an enterprise LAN with centralized email security.
Protection scope	`Windows`	The value of this parameter depends on the selected security level. The Protection scope includes objects that the component checks when it is run: incoming and outgoing messages or incoming messages only.
Scan attached archives	`Windows`	The value of this parameter depends on the selected security level. Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archives. The application scans archives not only by extension, but also by format. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive). If during the scan, the application detects a password for an archive in the text of the message, this password will be used to scan the content of the archive for malicious applications. In this case, the password is not saved. An archive is unpacked during scan. If an application error occurs during the unpacking process, you can manually delete the unpacked files that are saved to the following path: %systemroot%\temp. The files have the PR prefix.
Scan POP3, SMTP, NNTP, and IMAP traffic	`Windows`	The value of this parameter depends on the selected security level. Scanning by the Mail Threat Protection component of traffic that is transferred via the POP3, SMTP, NNTP, and IMAP protocols.

Page top