- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to enable Zombie and spyware protection on the Email security for outbound email traffic.
03/26/2020 
1,029 People found this article helpful
98,575 Views
Description
How to enable Zombie and spyware protection on the Email security for outbound email traffic.
Resolution
To Enable Zombie/Spyware protection we need to have "Email Anti-Virus Comprehensive" licensed on the Email security. For this configuration, all the outbound email traffic must be routed through the SonicWall Email security.
1. Login to the Email security as an admin.
2. Go to Manage | Security Services | Anti-virus | Outbound | Zombie Protection Settings
Unauthorized software running on a user's computer sending out junk email messages (spam, phishing attacks, virus or other unauthorized content) is called a Zombie or Spyware. SonicWall's Zombie and Spyware Protection technology brings the same high standard of threat protection available on the inbound email path to email messages leaving your organization by the outbound path.
Zombie Protection Settings
Enable Zombie and Spyware Protection to prevent potentially affected machines within your organization from sending spam, viruses, phishing attacks, spyware and other malicious content outside your organization (through your outbound email path).
Monitoring for Zombie and Spyware Activity
You can alert the administrator of potential zombie messages. Alerts are sent if these settings are defined:
- Check the box to enable notification if Email is sent from an address not in LDAP.
- Check the box to enable notification if More than <X> messages are identified as possible threats, where X is the number of possible threats identified in the last hour.
- Check the box to enable notification if More than <X> messages are sent by one user, where X is the number of messages sent in the last hour.
Action Settings
If messages are being sent outside of your organization that are identified as spam, phishing attacks, virus, or another threat, select the action you want to take:
- Allow delivery: Attempts to deliver the message without interference.
- Permanently delete: Deletes the message. Use this option with caution: deleted email cannot be retrieved.
- Store in Junk Box: Stores messages with potential threats in the outbound Junk Box.
If messages are being sent outside of your organization but the sender is not listed in your LDAP server, select the action you want to take:
- Allow any "From" address: Allows messages from all email addresses. If you haven't configured LDAP this is the only option you can use.
- Permanently delete: Deletes messages from unknown senders. Use this option with caution: deleted email cannot be retrieved.
- Store in Junk Box: Stores messages from unknown senders in the outbound Junk Box.
Enable the Outbound Safe Mode if you want to block all emails with potentially dangerous attachments from leaving your organization by checking the box for Safe Mode is on.
When Outbound Safe Mode is on, administrators are alerted every 60 minutes that it is on.
To set the action to take for dangerous attachments while in Safe Mode, select one of the following:
- Permanently delete
- Store in Junk Box
If you want to automatically turn on Outbound Safe Mode, set the parameters for turning it on:
- Check the box to enable notification if Email is sent from an address not in LDAP.
- Check the box to enable notification if More than <X> messages are identified as possible threats, where X is the number of possible threats identified in the last hour.
- Check the box to enable notification if More than <X> messages are sent by one user, where X is the number of messages sent in the last hour.
Miscellaneous
You can manually add senders to a list so that the system will not flag messages sent from those email addresses. You can add any email addresses that are not in LDAP and any valid email addresses that are expected to send a high volume of legitimate email. Enter the addresses that should not trigger alerts or actions in the text box provided. Separate multiple addresses with a comma.
NOTE: If the navigation or the screenshot looks different from the one mentioned above , you may be in an older firmware version and would require a firmware upgrade. Please refer the link below to upgrade the firmware to latest version.
https://www.sonicwall.com/en-us/support/knowledge-base/170504270079039
Related Articles
- SonicWall HES IP address blocklisted by UCEProtect or Backscatter
- How to add O365 connector for domain specific routing
- SonicWall Email Security on Hyper-V Platform
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO