Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 5725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restricted vs Suspicious Attachments

mbjoe

What would be the difference in an email being listed as a Restricted Attachment compared to be listed as a Suspicious Attachment?


We have different attachment types set in each of the two content settings... some have restricted blocked and suspicious allowed while others have restricted allowd and suspicious blocked.

:11993


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The main difference between a suspicious attachment and a restricted one is that a suspicious file is one considered to be more prone to being infected, such as Javascript or HTML files. Restricted attachments would be file that would are "controlled" either by an HR or IT policy; archives or multimedia files could be considered files that should be blocked based on their size or content.

    The help documentation that comes bundled with the email appliance distinguishes between the two accordingly:

    - Suspect Attachments: Messages with attachment types that are likely to contain viruses. By default, for all users, messages with suspect attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed. [...]

    - Restricted Attachments: Allows administrators to create a customized policy for blocking messages with specific kinds of attachments. By default, for all users, messages with restricted attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed. [...]

    Regardless which Sophos gateway product you use, you can define what is suspicious and what is restricted yourself. The built-in lists can be modified accordingly to meet your organization's needs, along with the action that needs to be taken.

    :12199
Reply
  • 0

    Hi,

    The main difference between a suspicious attachment and a restricted one is that a suspicious file is one considered to be more prone to being infected, such as Javascript or HTML files. Restricted attachments would be file that would are "controlled" either by an HR or IT policy; archives or multimedia files could be considered files that should be blocked based on their size or content.

    The help documentation that comes bundled with the email appliance distinguishes between the two accordingly:

    - Suspect Attachments: Messages with attachment types that are likely to contain viruses. By default, for all users, messages with suspect attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed. [...]

    - Restricted Attachments: Allows administrators to create a customized policy for blocking messages with specific kinds of attachments. By default, for all users, messages with restricted attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed. [...]

    Regardless which Sophos gateway product you use, you can define what is suspicious and what is restricted yourself. The built-in lists can be modified accordingly to meet your organization's needs, along with the action that needs to be taken.

    :12199
Children
No Data
Unfiltered HTML