ATD / IS receives a large number of URL samples from Email Connector
Last Modified: 2023-05-09 12:17:59 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
ATD / IS receives a large number of URL samples from Email Connector
Technical Articles ID:
KB93820
Last Modified: 2023-05-09 12:17:59 Etc/GMT Environment
Advanced Threat Defense / Intelligent Sandbox (ATD / IS) 4.12 Email Connector Problem
ATD / IS receives many URL samples from the Email Connector.
System Change
You installed ATD / IS 4.12 and ATD / IS 4.12 Email Connector CauseVersion 4.12 has a feature enhancement in Email Connector. This enhancement extracts the URL string from the email message body and submits it to ATD / IS for analysis.
The ATD / IS Email Connector receives emails with many URL strings in the message body. ATD / IS receives those URL strings and eventually queues the URL samples awaiting scanning. ATD / IS Email Connector can await the scan results for those URLs. But, the connector times out if the wait time exceeds the Maximum time per email to wait for all scans to complete setting. Sending MTA (Email Connector, Permitted Host configuration) also treats the SMTP transaction as a timeout. This treatment is because of the excessively long waiting time. SolutionATD / IS 4.12.2 and Email Connector installation package version 4.12.2 (
If your appliance is running version 4.8 or 4.10 with
If you need the URL analysis feature, do the following:
Workaround
In version 4.12.0, Technical Support can disable the URL analysis option over a remote session by modifying the back-end of your ATD / IS Email Connector. If you've already upgraded to Request a remote session and quote this article number. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Affected ProductsLanguages:This article is available in the following languages: |
|