Hello,
I just wanted to check if there is possibly a configuration issue somewhere, or if my understanding of how the e-mail scanning in SEP works.
I have a client running SEP 12.1.4023.4080 with latest definitions from LiveUpdate. E-mails are downloaded by POP3.
One of the users got infected with CryptoWall about a month back and the Symantec client did not detect it in the attachment. Fair enough, it may have been a new variant.
The client continues to get suspicious attachments, usually a "Fax" or and "Order", with an attachmed Zip file, very much like the one that was opened a month previous.
I have confirmed that mail protection is enabled in SEP, but these attachments still appear in the users' e-mails. I would think SEP would quarantine them?
If you could let me know if I maybe misunderstand how the mail protection works?
