Known Threats or Zero Day Protection


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange 7.X

Questions:

  • What is Known Threat/Zero Day Protection and how does it work?
  • How often does Trustwave publish Known Threat Updates?
  • What kinds of threats does Known Threat secure me against?
  • How do I activate Known Threat Protection?

FAQ:

What is Known Threats Protection and how does it work?

  • Note: The display name of this functionality is "Known Threats" to accurately reflect the current functionality. Older installations used the name  "Zero Day Threats", and upgraded installations still use this wording.

The Known Threats Framework is a system that allows Trustwave to reinforce your SEG/MailMarshal SMTP or MailMarshal Exchange server against potential security threats.

With SEG/MailMarshal SMTP, this function supplements SpamCensor updates to help prevent spam and malware attacks from external sources

With MailMarshal Exchange 7.X, Zero Day updates are provided to help prevent the spread of malware through internal email.

The Known Threats Protection Framework is a safety net that allows Trustwave to quickly update your MailMarshal server for you against the latest security concerns. It provides you with peace of mind so that when you are at home asleep, or away from the office, we can secure your MailMarshal server for you until you are back in the office.

To take advantage of the Known Threats Protection Framework, ensure that automatic updates are enabled. Then, in most cases you can simply enable the Known Threats rule on your MailMarshal SMTP server. Also see later in this article.

How often does Trustwave publish Known Threats Updates?

Updates are published as required. There is a perception that updates need to be issued every day or even every hour to protect your organization from malicious content. This is not the case with MailMarshal. MailMarshal is an intelligent, policy-based solution that can assess messages and threats on-the-fly. Unlike other products on the market that require constant updates to detect the latest threats, MailMarshal detects many emerging threats automatically.

What kinds of threats does Known Threats secure me against?

Known Threats functionality is focused on significant email threats and issues including viruses, malware, large spam outbreaks, phishing, and known exploits.

How do I activate Known Threats Protection?

By default in MailMarshal Exchange 7.X and SEG/MailMarshal SMTP, there are Known Threats or Zero Day Protection rules in the Anti-Malware or Virus policy groups. Simply enable these rules.  If you do not have these rules present, you can create one by using the category script 'Known Threats'.  The rule should look something like this.

Content Analysis Rule: Block Malware - Known Threats

When a message arrives
Where message is outgoing
Where message is categorized as 'Known Threats'
And move the message to 'Malware Suspected'

  • Note: The required category script XML file called KnownThreatsZeroDay.xml should be located in the \Config directory within your MailMarshal installation.  If you do not have this file please contact Trustwave Technical Support.

Last Modified 5/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle11372.aspx