Overview of Policy, Virus, and Outbreak Quarantines
“Policy, virus and outbreak quarantines” includes all non-spam quarantines, including the File Analysis quarantine.
When an appliance detects possible malware or content that is not allowed by your organization in incoming or outgoing messages, it can send those messages to a quarantine instead of deleting them immediately. A quarantine holds these messages safely on the appliance or on a Cisco Content Security Management appliance for a period of time, to allow a human being to review them, or to await an update that will better evaluate the safety of the message.
Examples of how non-spam quarantines can be used in your organization:
- Policy enforcement. Let Human Resources personnel or the Legal department review messages that may contain offensive, confidential, or otherwise disallowed information.
- Virus quarantine. Store messages that are marked as infected, encrypted, or not scannable by the anti-virus scanning engine to prevent the spread of viruses to your users.
- Outbreak prevention. Hold messages that are flagged by the Outbreak Filters as possibly being part of a viral outbreak or small-scale malware attack until an anti-virus or anti-spam update is released.
- File Analysis quarantine. Store messages that have attachments that may contain malware, and that have been sent for analysis, until a verdict is reached.
Related Topic
Quarantine Types
Quarantine Type |
Quarantine Name |
Created by the System by Default? |
Description |
More Information |
---|---|---|---|---|
Advanced Malware Protection |
File Analysis |
Yes |
Holds messages that are sent for file analysis, until a verdict is returned. |
|
Virus |
Virus |
Yes |
Holds messages that may be transmitting malware, as determined by the anti-virus engine. |
|
Outbreak |
Outbreak |
Yes |
Holds messages caught by Outbreak Filters as potentially being spam or malware. |
|
Policy |
Policy |
Yes |
Holds messages caught by message filters, content filters, and DLP message actions. A default Policy quarantine has been created for you. |
|
Unclassified |
Yes |
Holds messages only if a quarantine that is specified in a message filter, content filter, or DLP message action has been deleted. You cannot assign this quarantine to any filter or message action. |
||
(Policy quarantines that you create) |
No |
Policy quarantines that you create for use in message filters, content filters, and DLP message actions. |
||
Spam |
Spam |
Yes |
Holds spam or suspected spam messages for the message’s recipient or an administrator to review. The spam quarantine is not included in the group of policy, virus, and outbreak quarantines and is managed separately from all other quarantines. |