About outbreak management
|Article:HOWTO82430|||||Created: 2012-11-30|||||Updated: 2014-06-25|||||Article URL http://www.symantec.com/docs/HOWTO82430|
An outbreak situation occurs when an excessive number of threats or events that exhibit virus-like behavior occur on a network. When an outbreak occurs, prompt identification of the situation and notification of administrative staff is critical.
Outbreak management lets you configure Mail Security to send alerts whenever a certain threshold of duplicate messages, which are sent within a period of time, is reached. In some instances, a large number of duplicate messages can indicate an active virus outbreak or a problem within your Exchange server. You can monitor different type of conditions and receive timely alerts as they occur. An outbreak condition does not necessarily indicate that there is a problem. Sometimes the duplicate messages threshold is met by normal email flow and that depends on your settings and the amount of email flow passing through the Exchange server.
When you configure outbreak settings, it is recommended that you consider the following:
Threat potential of the event category that is being monitored
Amount of email that is typically processed
Size of your mail system
Stringency with which you want to define an outbreak
As your outbreak triggers are tested, you can fine-tune the values that you use.
Mail Security lets you manage outbreaks with the following options:
Enable Outbreak Management.
Specify the criteria for an outbreak.
The criteria consist of the number of times that an event must occur during a specified time interval.
Define the email notifications to send to the administrator when an outbreak is detected.
End the outbreak event after the situation is managed.
Article URL http://www.symantec.com/docs/HOWTO82430