Content
Filter active HTML content
This ThreatSeeker Intelligence feature automatically analyzes HTML inside messages and disables any potential dangerous content (by disabling specific HTML tags). You can define how strictly the system applies this security feature. Available settings are:
| Setting | Description |
|---|---|
| Low | Disable embedded scripts (<SCRIPT> and <OBJECT> tags) and disable unknown HTML tags that are deemed to be potentially dangerous. |
| Medium | As Low but also disable “Web bugs” (URLs that are referred to inside a message, excluding links to images) and HTML styles that contain code. |
| High | As Low but disable all “Web bugs” and all HTML styles. |
| Very high | Extremely strict: as High, but this also disables all hypertext links to protect against a number of known vulnerabilities in common email clients. |
The recommended setting is Medium; setting the level higher than this may cause messages to display too poorly for general users.
Block potentially malicious macros
This feature looks for potentially malicious macros in common Microsoft Office document formats. By changing the sensitivity, you can control how suspicious Forcepoint ThreatSeeker Intelligence is when it carries out its analysis. We recommend setting this to High initially. You may need to amend this setting if you find that a lot of documents just over the threshold are being quarantined. Documents containing known viruses are quarantined by the antivirus engines, regardless of this setting.
Strict checks on message structure
This feature runs a set of structural checks on email messages to determine whether they conform to an accepted structure. For example, one of the attachment checks would quarantine a MIME attachment with a filename that ends in a period but has no file extension (such as “attachment1.”). Messages with a malformed message structure can be a potential attack vector.
This option is disabled by default. We recommend leaving it disabled unless you are running an old mail client that may be vulnerable to malformed email messages, or if you are performing penetration testing on your messages. Enabling this feature may result in false positives.