When an Email Security appliance detects possible spam, malware, or content that is not allowed by your
organization in incoming or outgoing messages, it can send those messages to a quarantine instead of
deleting them immediately. A quarantine holds these messages safely on the Email Security appliance
or on a Cisco Content Security Management appliance for a period of time, to allow a human being to
review them, or to await an update that will better evaluate the safety of the message.

Examples of how quarantines can be used in your organization:

•

Policy enforcement. Let Human Resources personnel or the Legal department review messages that
may contain offensive, confidential, or otherwise disallowed information.

•

Virus quarantine. Store messages that are marked as infected, encrypted, or not scannable by the
anti-virus scanning engine to prevent the spread of viruses to your users.

•

Outbreak prevention. Hold messages that are flagged by the Outbreak Filters as possibly being part
of a viral outbreak or small-scale malware attack until an anti-virus or anti-spam update is released.

•

Spam management. Let end users or administrators determine whether messages are spam, to avoid
deleting necessary messages.