Suspected Malware Policies

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 7Show Document
  • View in full screen mode

Suspected Malware detection, or ZHARA (Zero Hour Adaptive Risk Assessor), is Mimecast's proprietary software which provides early detection and prevention against zero day malware and spam outbreaks.

The Suspected Malware Policy is implemented by default.

These checks can be bypassed by implementing a Suspected Malware Bypass Policy. Mimecast recommends that this Policy should only be implemented in the event that regular attachments are getting blocked which need to be allowed through. Bypassing these checks could result in a new virus outbreak being undetected whilst signatures are being updated.


Encrypted ZIP files cannot be checked, although can be held using an Attachment Management Policy.


This policy provides protection against previously unknown threats using deep level anomaly detection and trending against the entire Mimecast customer base.

What you need

  • An Administrator Console logon with access to the Administration | Gateway | Policies menu item.
  • A previously configured Suspected Malware definition.


Creating a policy


To create a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:


Policy NarrativeProvide a description for the Policy to allow you to easily identify it in the future.
Select Suspected Malware Definition

Use the Lookup button to select the required Suspected Malware definition for the policy.


You can have an Suspected Malware Bypass policy. See here for further details.

Definition required?