Suspected Malware detection, or ZHARA (Zero Hour Adaptive Risk Assessor), is Mimecast's proprietary software which provides early detection and prevention against zero day malware and spam outbreaks.
The Suspected Malware Policy is implemented by default.
These checks can be bypassed by implementing a Suspected Malware Bypass Policy. Mimecast recommends that this Policy should only be implemented in the event that regular attachments are getting blocked which need to be allowed through. Bypassing these checks could result in a new virus outbreak being undetected whilst signatures are being updated.
Encrypted ZIP files cannot be checked, although can be held using an Attachment Management Policy.
This policy provides protection against previously unknown threats using deep level anomaly detection and trending against the entire Mimecast customer base.
What you need
- An Administrator Console logon with access to the Administration | Gateway | Policies menu item.
- A previously configured Suspected Malware definition.
Creating a policy
To create a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:
|Policy Narrative||Provide a description for the Policy to allow you to easily identify it in the future.|
|Select Suspected Malware Definition|
Use the Lookup button to select the required Suspected Malware definition for the policy.
You can have an Suspected Malware Bypass policy. See here for further details.