Topic Thread

Expand all | Collapse all

Can someone explain Fortiguard Outbreak Protection feature?

  • 1.  Can someone explain Fortiguard Outbreak Protection feature?

    Posted 09-20-2016 06:11

    We just deployed fortimail 200e in production about an hour ago and inbound emails were started queued up in outbreak queue instantantly. Why?

    We did the testing deployment last Tursday night and none of the legit inbound emails got put into the outbreak queue...

    One the other question, what should be lowest interval number configured for "outbreak-protection-period"? 30-minute is the default and we configured 15-minute. Should we go down to 5-min without affecting the performance?



  • 2.  RE: Can someone explain Fortiguard Outbreak Protection feature?

     
    Posted 04-12-2017 02:14

    Outbreak Protection will queue suspicious emails for reprocessing at a later (configurable) time.  The purpose of this feature is that FortiMail has detected some unusual characteristics indicative of spam/malware so queues the email for a short period to give the opportunity for our FortiGuard data analytics to detect such a pattern globally.   This small delay can result in significant increase in catch rate with minimal of false positive.

    Reducing the default hold timer is possible but will have some impact on the overall catch rate (the longer you are willing to accept, the better the catch rate). 

    Carl Windsor
    Senior Director, Product Management
    Fortinet