Cisco Cisco Email Security Appliance C160 Livre blanc
© 2016 Cisco and/or its affiliates. All rights reserved.
8
Step 2 Select Enable Content Filters (Customize settings) and select
the policies you wish to enable on the email policy.
Step 3 The policies should include the two newly created policies:
Block_URLs and Block_URL_Category
Step 4 Click Submit. The policy should look like this:
Step 5 Click Commit Changes, enter a description of the changes in the
Comment field, and Commit Changes
Note:
It is important to put in a descriptive comment when committing
changes. There is a feature at the command-line-interface (CLI) level
that allows the email administrator to roll back the configuration to a
previous version. This feature will display the last 10 commits, their date
and time, and the description entered. If the comment field is not filled
in at commit time, the field will be blank when a configuration rollback is
attempted. This may complicate rolling back configurations.
Configuring Outbreak Filters
Outbreak Filters is configured under Incoming Mail Policies for either the
Default policy or one or more individual policies.
By default, only the day-zero virus protection is active since the markup
and rewriting of messages for blended threat protection is visible to end
users. End users should be educated about the changes before rolling
the blended threat protection out to the entire user community.
To determine if Outbreak Filters is enabled for blended threat protection,
look at the Incoming Mail Policies for an entry of “Other: 4 hours” in the
Outbreak Filters column. If it is missing, blended threat protection is
not enabled.
Configuring Outbreak Filters
Step 1 Click to open Mail Policies > Incoming Mail Policies, then Click
Enable Outbreak Filtering (Customize Settings) for the desired mail
policy.
The IT Group is used as an example. Cisco recommends that Outbreak
The IT Group is used as an example. Cisco recommends that Outbreak
Filters be rolled out in a pilot program. This feature modifies email
messages and makes security visible to end users, requiring clear
messaging and user notification during deployment.
The top two configuration items are for the zero-day virus protection
offered by Outbreak Filters. The
Other Threats option is the Maximum
Quarantine Retention timer for messages that are temporarily
quarantined by Outbreak Filters’ blended threat protection. The “Deliver
messages without adding them to quarantine” option allows you to
bypass the use of a temporary quarantine for those blended threat
messages. It is not recommended to use this bypass.
Step 2 Click Enable Message Modification to turn on the blended threat
protection.
Cisco Email Security How-To Guide
How-To Protect Against URL-Based Attacks
Cisco Public