Policy Setting (Exchange)

This section explains the configurable values in the HENNGE Cloud Protection management screen under the left menu [ Policy ] - Policy selection - [ Exchange ] tab.

Please refer to the following article for creating policies:
Creating a New Policy 

General

Item Name Description
Real-time Scan

Set whether to use real-time scanning for email messages and other Exchange items in the organization's mailboxes.

Trusted Senders

If this feature is set, emails from trusted sender addresses will not be isolated or deleted.
By default, this feature is turned off.

Scan and warn when malicious content is detected (Low severity)
Selecting this option will display a warning to the system when malicious content is detected with "Low" severity.
No actions will be taken on the email item, and it will be delivered to the recipient as is.

Trusted Mail Sender Address

If [ Trusted Senders ] is on, use this to add the email addresses of senders whose emails will not be isolated or deleted.

Trusted Sender Domain

If [ Trusted Senders ] is on, use this to add trusted sender domains. Emails sent from these domains will not be isolated or deleted.

Isolation

You can choose the duration until isolated items are automatically deleted.
Changes can be made to the following periods:

・1 month
・3 months
・6 months
・1 year

Malware Scan

Item Description
Malware Scan

Set whether to use the malware scan function or not.

Scan Files

Set the types of files to be scanned.

Possible values are as follows:
・All
・Target Only
・All except excluded items

If [Target Only] is selected, some files are specified in [Target Files], but you can also specify any file you want.

Scan Archive (Compressed) Files

Set whether to scan compressed files.
Files in compressed folders can only detect executable files such as exe. Office files like [ .doc ] and password-protected compressed files are not detectable.

Evaluate in Sandbox

Send suspicious files to WithSecure's Security Cloud, analyze the behavior of the file, and determine whether the file is safe or harmful.

Unsupported File Types

Displays the types of files that are not allowed.

The types of target files are set in the policy item [General] - [Threat Control] - [Malware Scan] tab.
Policy Settings (General)

Processing

Specify the action to take if malware is detected.

Possible actions are as follows:

・Isolate and save malicious attachments
・Isolate and save the entire item
・Delete malicious attachments
・Delete the entire item
・Do nothing

Notify Administrator

Set whether to notify the administrator when malware is detected.

The administrator's email address is set in the policy item [General] - [Notification] - [Recipient Email Addresses].
Policy Settings (General)

Notify Users of Detected Results with the Following Severity

Set whether to notify users when malware is detected and the severity level.

The severity level of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity].
Policy Settings (General)

Notification text is set in the policy item [Exchange] - [Notification] - [Malware Notification].
Notification

URL Scan

Item Description
URL Scan

Set whether to use the URL scan function for web links (URLs) in the body of email messages and other Exchange items.

Malicious URLs

Specify the action to take if a malicious URL is detected.

The following actions can be specified:
・Isolate and save the item
・Delete the item
・Change the subject and unlink the URL
・Do nothing

Notify Administrator

Set whether to notify the administrator when a malicious URL is detected.

The administrator's email address is set in the policy item [General] - [Notification] - [Recipient Email Addresses].
Policy Settings (General)

Notify Users of Detected Results with the Following Severity

Set whether to notify users when a malicious URL is detected and the severity level.

The severity level of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity].
Policy Settings (General)

Notification text is set in the policy item [Exchange] - [Notification] - [Malicious URL Notification].
Notification

Suspicious URLs

Specify the action to take if a suspicious URL is detected.

The following actions can be specified:
・Isolate and save the item
・Delete the item
・Change the subject and unlink the URL
・Do nothing

Notify Administrator

Set whether to notify the administrator when a suspicious URL is detected.

The administrator's email address is set in the policy item [General] - [Notification] - [Recipient Email Addresses].
Policy Settings (General)

Notify Users of Detected Results with the Following Severity

Set whether to notify users when a suspicious URL is detected and the severity level.

The severity level of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity].
Policy Settings (General)

Notification text is set in the policy item [Exchange] - [Notification] - [Malicious URL Notification].
Notification

Trusted Websites

Set websites to be excluded when scanning for harmful websites.

Allow Reporting of Trusted Website to WithSecure

If you have registered trusted websites, checking this item will submit reports to WithSecure for functionality improvement.

Blocked Websites

Set websites to be blocked when scanning for harmful websites.

Scan for Inbox Rules

Item Description
Scan for Inbox Rules

Set whether to use the suspicious Inbox rules detection function.
Enable or disable the detection conditions for the following:

・Suspicious rule names
・Suspicious rules for moving emails
・Suspicious rules for deleting emails
・Suspicious rules for forwarding emails
・Suspicious rules for hidden Inbox

Processing

Specify the action to take if malware is detected.

Notify Administrator

Set whether to notify the administrator when suspicious Inbox rules are detected.

The administrator's email address is set in the policy item [General] - [Notification] - [Recipient Email Addresses].
Policy Settings (General)

Notify Users of Detected Results with the Following Severity

Set whether to notify users when suspicious Inbox rules are detected and the severity level.

The severity level of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity].
Policy Settings (General)

Compromised Accounts

Item Description
Compromised Accounts

Set whether to use the compromised account detection function.

Processing

Specify the action to take if an account is determined to be compromised.

Notify Administrator

Set whether to notify the administrator when a compromised account is detected.

The administrator's email address is set in the policy item [General] - [Notification] - [Recipient Email Addresses].
Policy Settings (General)

Notify Users of Detected Results with the Following Severity

Set whether to notify users when a compromised account is detected and the severity level.

The severity level of the detection target is set in the policy item [General] - [Notification] - [User Notification Based on Severity].
Policy Settings (General)

The notification text is set in the policy item [Exchange] - [Notification] - [Compromised Account Notification].
Notification

Notifications

You can customize the notification text or use the default one to send to users and administrators for each threat detected.
Each notification text is listed with WithSecure's default values, so a sample is provided for HENNGE Cloud Protection.
You can edit the notifications text for the following cases.

The following notification text can be automatically retrieved and displayed using predefined variables, such as the item's destination and subject.
Please refer to the following page on WithSecure for a list of available variables.

Variables used in notification emails (external link)

Notifications for malware+

Notifications for malicious URL+

Notifications for compromised accounts+

Notification for released quarantine item+

          
Was this article helpful?