The Outbreak Filters
page shows the current status and configuration of Outbreak Filters on your
appliance as well as information about recent outbreaks and messages
quarantined due to Outbreak Filters. You can use this page to monitor your
defense against targeted virus, scam, and phishing attacks.
The Threats By Type
section shows the different types of threat messages received by the appliance.
The Threat Summary
section shows a breakdown of the threat messages by Malware, Phish, Scam, and
Virus. Click on the number to view a list of all the messages that are included
in that number using Message Tracking.
The Past Year
Outbreak Summary lists global as well as local outbreaks over the past year,
allowing you to compare local network trends to global trends. The listing of
global outbreaks is a superset of all outbreaks, both viral and non-viral,
whereas local outbreaks are limited to virus outbreaks that have affected your
appliance. Local outbreak data does not include non-viral threats. Global
outbreak data represents all outbreaks detected by the Threat Operations Center
which exceeded the currently configured threshold for the outbreak quarantine.
Local outbreak data represents all virus outbreaks detected on this appliance
which exceeded the currently configured threshold for the outbreak quarantine.
The Total Local Protection Time is always based on the difference between when
each virus outbreak was detected by the Threat Operations Center and the
release of an anti-virus signature by a major vendor. Note that not every
global outbreak affects your appliance. A value of “--” indicates either a
protection time does not exist, or the signature times were not available from
the anti-virus vendors (some vendors may not report signature times). This does
not indicate a protection time of zero, rather it means that the information
required to calculate the protection time is not available.
The Quarantined
Messages section summarizes Outbreak Filters quarantining, and is a useful
gauge of how many potential threat messages Outbreak Filters are catching.
Quarantined messages are counted at time of release. Typically, messages will
be quarantined before anti-virus and anti-spam rules are available. When
released, they will be scanned by the anti-virus and anti-spam software and
determined to be positive or clean. Because of the dynamic nature of Outbreak
tracking, the rule under which a message is quarantined (and even the
associated outbreak) may change while the message is in the quarantine.
Counting the messages at the time of release (rather than the time of entry
into the quarantine) avoids the confusion of having counts that increase and
decrease.
The Threat Details
listing displays information about specific outbreaks, including the threat
category (virus, scam, or phishing), threat name, a description of the threat,
and the number of messages identified. For virus outbreaks, the Past Year Virus
Outbreaks include the Outbreak name and ID, time and date a virus outbreak was
first seen globally, the protection time provided by Outbreak filters, and the
number of quarantined messages. You can select either global or local outbreaks
as well as the number of messages to display via the menu on the left. You can
sort the listing by clicking on the column headers. Click on the number to view
a list of all the messages that are included in that number using Message
Tracking.
The First Seen
Globally time is determined by the Threat Operations Center, based on data from
SenderBase, the world’s largest email and web traffic monitoring network. The
Protection Time is based on the difference between when each threat was
detected by the Threat Operations Center and the release of an anti-virus
signature by a major vendor.
A value of “--”
indicates either a protection time does not exist, or the signature times were
not available from the anti-virus vendors (some vendors may not report
signature times). This does not indicate a protection time of zero. Rather, it
means that the information required to calculate the protection time is not
available.
Hit Messages from
Incoming Messages section shows the percentage and number of viral attachment,
other threats (non-viral), and clean incoming messages.
Hit Messages by
Threat Level section shows the percentage and number of incoming threat
messages (viral and non-viral) based on threat levels (Level 1 through 5).
Messages resided in
Outbreak Quarantine section shows the number of threat messages resided in the
Outbreak Quarantine based on the duration.
Top URL's Rewritten
section shows the list of top 10 URLs that were rewritten based on the number
of occurrences. Use the Items Displayed drop-down to view more rewritten URLs.
Click on the number to view a list of all the messages that contain the
selected rewritten URL on the Message Tracking page.
Using the Outbreak
Filters page, you can answer questions like:
- How many messages are being
quarantined and what type of threats were they?
- How much lead time has the
Outbreak Filter feature been providing for virus outbreaks?
- How do my local virus
outbreaks compare to the global outbreaks?