Enabling non-viral threat detection in Symantec Protection Engine
This topic explains the options that are configured using the Core server with user interface mode. to work with the Core server only mode.
If your client uses the ICAP protocol or the RPC protocol, you can enable the detection of one or more types of non-viral threats.
Non-viral threats are the programs that do any of the following actions:
Provide unauthorized access to computer systems
Compromise data integrity, privacy, confidentiality, or security
Present some type of disruption or nuisance
These programs can put your employees and your organization at risk for identity theft or fraud if they can do any of the following actions:
Capture email and instant messaging traffic
Harvest personal information, such as passwords and logon identifications
Non-viral threats can be introduced into your system unknowingly when users do any of the following tasks:
Visit a Web site
Download shareware or freeware software programs
Click links or attachments in email messages
Use instant messaging clients
Agree to an end-user license agreement from another software program
Symantec Protection Engine scans for non-viral threats in all types of content, such as email messages and Web content. Symantec Protection Engine can also scan POST transactions for non-viral threats. Symantec Protection Engine can only perform non-viral threat scanning when you enable virus scanning.
If a non-viral threat is detected, Symantec Protection Engine applies the scan policy that you configured. Symantec Protection Engine also gives you an option to quarantine non-viral threats also. You can quarantine threats if you have configured quarantine server in Symantec Protection Engine.