Overview of Centralized Quarantines
Messages processed by certain filters, policies, and scanning operations on an Email Security appliance can be placed into quarantines to temporarily hold them for further action. You can centralize quarantines from multiple Email Security appliances on a Cisco Content Security Management appliance.
Benefits of centralizing quarantines include the following:
-
You can manage quarantined messages from multiple Email Security appliances in one location.
-
Quarantined messages are stored behind the firewall instead of in the DMZ, reducing security risk.
-
Centralized quarantines can be backed up as part of the standard backup functionality on the Security Management appliance.
Anti-virus scanning, Outbreak Filters, and Advanced Malware Protection (File Analysis) each have a single dedicated quarantine. You create policy quarantines to hold messages that are caught by message filtering, content filtering, and Data Loss Prevention policies.
The Policy, Virus and Outbreak Quarantines section in the legacy web interface is labeled as Other Quarantines in the new web interface. For more information, see Viewing Messages in Quarantines.
For additional information about quarantines, see the documentation for your Email Security appliance.
Quarantine Types
Quarantine Type |
Quarantine Name |
Created by the System by Default? |
Description |
More Information |
---|---|---|---|---|
Advanced Malware Protection |
File Analysis |
Yes |
Holds messages that are sent for file analysis, until a verdict is returned. |
|
Virus |
Virus |
Yes |
Holds messages that may be transmitting malware, as determined by the anti-virus engine. |
|
Outbreak |
Outbreak |
Yes |
Holds messages caught by Outbreak Filters as potentially being spam or malware. |
|
Policy |
Policy |
Yes |
Holds messages caught by message filters, content filters, and DLP message actions. A default Policy quarantine has been created for you. |
|
Unclassified |
Yes |
Holds messages only if a quarantine that is specified in a message filter, content filter, or DLP message action has been deleted. You cannot assign this quarantine to any filter or message action. |
||
(Policy quarantines that you create) |
No |
Policy quarantines that you create for use in message filters, content filters, and DLP message actions. |
||
Spam |
Spam |
Yes |
Holds spam or suspected spam messages for the message’s recipient or an administrator to review. The spam quarantine is not included in the group of policy, virus, and outbreak quarantines and is managed separately from all other quarantines. |