Product features

The main features of MSME are described in this section.

  • Protection from viruses — Scans all email messages for viruses and protects your Exchange server by intercepting, cleaning, and deleting the viruses that it detects. MSME uses advanced heuristic methods and identifies unknown viruses or suspected virus-like items and blocks them.
  • Protection from spam — Helps you save bandwidth and the storage space required by your Exchange servers by assigning a spam score to each email message as it is scanned and by taking pre-configured actions on those messages.
  • Protection from phishing — Detects phishing emails that fraudulently try to obtain your personal information.
  • Protection from malicious URLs — Protects your system from malicious URLs. When enabled, MSME scans each URL in the email body, gets the reputation score of the link, compares the score with the defined threshold, and takes appropriate action according to the configuration.
  • Capability to detect packers and potentially unwanted programs — Detects packers that compress and encrypt the original code of an executable file. It also detects potentially unwanted programs (PUPs), that are software programs written by legitimate companies to alter the security state or privacy state of a computer.
  • Content filtering — Scans content and text in the subject line or body of an email message and an email attachment. MSME supports content filtering based on regular expressions (regex).
  • File filtering — Scans an email attachment depending on its file name, type, and size of the attachment. MSME can also filter files containing encrypted, corrupted, password-protected, and digitally signed content.
  • DLP and compliance — Ability to ensure that email content is in accordance with your organization’s confidentiality and compliance policies. Pre‑defined compliance dictionaries include:
    • Addition of 60 new DLP and Compliance dictionaries
    • Support for industry specific compliance dictionaries — HIPAA, PCI, Source Code (Java, C++ etc.)
    • Improvements to existing phrase based detections.
    • Reduced false positives, due to enhanced capabilities in detecting non‑compliant content, based on the Threshold score and in combination with the maximum term count (occurrence).
    Customize policies for content security and Data Loss Prevention (DLP).
  • IP reputation — A method of detecting threat from email messages based on the sending server's IP address. IP Reputation Score reflects the likelihood that a network connection poses a threat. IP reputation leverages on McAfee Global Threat Intelligence (GTI) to prevent damage and data theft by blocking the email messages at the gateway based on the source IP address of the last email server. MSME processes the message before it enters the organization by rejecting or dropping the connection based on the IP reputation score.
  • Advanced On-Demand scan — Ability to perform granular‑level on‑demand scan on Exchange Server 2010 & 2013, resulting in faster on‑demand scans. You can schedule on‑demand scans based on these filters; Subject, Attachments, Sender/Recipient/CC, Mail Size, Message ID, Unread items, and Time duration.

  • Background scanning — Facilitates scanning of all files in the information store. You can schedule background scanning to periodically scan a selected set of messages with the latest engine updates and scanning configurations. In MSME, you can exclude mailboxes that you don't want to be scanned.
  • Product Health Alerts — These are notifications on the status of the product's health. You can configure and schedule these alerts.
  • Integrate with McAfee ePolicy Orchestrator 4.6, 5.0, or 5.1 — Integrates with ePolicy Orchestrator 4.6, 5.0, or 5.1 to provide a centralized method for administering and updating MSME across your Exchange servers. This reduces the complexity of, and the time required to, administer and update various systems.
  • Web-based user interface — Provides a user-friendly web-based interface based on DHTML.
  • Policy Management — The Policy Manager menu option in the product user interface lists different policies you can set up and manage in MSME.
  • Centralized scanner, filter rules, and enhanced alert settings — Using scanners, you can configure settings that a policy can apply when scanning items. Using File Filtering rules, you can set up rules that apply to a file name, file type, and file size.
  • On-demand/time-based scanning and actions — Scans email messages at convenient times or at regular intervals.
  • Multipurpose Internet Mail Extensions (MIME) scanning — A communications standard that enables you to transfer non-ASCII formats over protocols (such as SMTP) that support only 7-bit ASCII characters.
  • Quarantine management — You can specify the local database to be used as a repository for quarantining infected email messages. You can choose to store quarantined messages on your own server running McAfee Quarantine Manager, which is called the Off-box quarantine.
  • Auto-update of virus definitions, Extra DATs, anti-virus and anti-spam engine — Regularly provides updated DAT files, anti-virus scanning engine, and anti-spam engine to detect and clean the latest threats.
  • Retention and purging of old DATs — Retain old DAT files for periods you define or purge them as needed.
  • Support for Site List editor — Specify a location from which to download automatic updates for MSME.
  • Support for Small Business ServerMSME is compatible with Small Business Servers.
  • Detection reports — Generates status reports and graphical reports that enable you to view information about detected items.
  • Configuration reports — Summarizes product configuration such as information about the server, version, license status and type, product, debug logging, on-access settings, on-access policies, and gateway policies. You can specify when your server needs to send the configuration report to the administrator.
  • Denial-of-service attacks detection — Detects additional requests or attacks flooding and interrupting the regular traffic on a network. A denial-of-service attack overwhelms its target with false connection requests, so that the target ignores legitimate requests. MSME considers these three scenarios as Denial-of-service attacks:
    • Scanning time exceeds the defined time
    • Nested level exceeds the defined level
    • Expandable file size limit for archived files exceeds the defined size
  • Advanced notifications — Forward the quarantined emails for compliance audit to multiple users, based on the detection category.
  • Support for VMware workstation 7.0 or later, and VMware ESX 5.5.