Endpoint Protection

 View Only
Expand all | Collapse all

New to symantec - Question about attachments and anti-virus scanning

  • 1.  New to symantec - Question about attachments and anti-virus scanning

    Posted Jul 01, 2017 09:05 AM

    Hi!

    We're new to symantec. Given that we have shared management of our symantec settings and I'm working to find the right balance on spam filtering, I was curious if:

    Does anyone know how symantec's anti-virus scanner works?

    Is it unpacking and running them? Scanning them against a database?

    What engine it's using? We're coming over from an on-prem Trustwave SEG, where (ironically) we were using the available Sophos AV engine to scan attachments.

    I have been watching many anitivirus videos to know more about it. With symantec being added to Sophos, some of the information out there is kinda separated and difficult to split. Other info seems simply nonexistent. Currently, our MSP has set most attachments to get quarantined, but we deal A LOT with those with our customers, and I'm trying to figure it how much faith I can place in Reflexion's AV scanning in order to possibly pass more of those (non-executable) office-type attachments to users' inboxes.

     

    Thank you.

     



  • 2.  RE: New to symantec - Question about attachments and anti-virus scanning

    Posted Jul 03, 2017 04:06 PM

    A descripton of the email plugins that SEP offers is here:

    http://www.symantec.com/docs/INFO3922

    It can open compressed files and scan it. If you're using SEP 14 then you do have the option to use Symantec's virus defs in teh cloud. Additionally, reputation lookups can be done against the file(s) where SEP will go out to Symantec's database in the cloud and run checks to see if the file is good/bad.