The Anti-Malware engine is responsible for detecting malicious files. It comprises of matching the file against a database of known malicious files (Anti-Virus) and running it through an advanced sandbox (Threat Emulation).
- To review the malware event details, click More Info for Anti-Malware under Security Stack in the event profile.
- To see the sandbox report, click View Report under Security Stack in the event profile.
- To re-run the security for an event, click Re-check for Anti-Malware under Security Stack in the event profile.
Acting on Malware Events
- To quarantine an email, click Quarantine Email from the email profile.
- To release an email from quarantine, click Restore Email if the email is already in quarantine.
- To prevent generating false positives for specific emails, create an allow-list.
To create a malware Allow-List:
- Navigate to Configuration > Malware Allow-List.
Open the malware event generated in the Avanan Portal.
- Click Create Allow-List.
- Enter the file MD5 hash and click Ok.