Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

syu
New Contributor III

Created on ‎09-20-2016 06:11 AM

Can someone explain Fortiguard Outbreak Protection feature?

We just deployed fortimail 200e in production about an hour ago and inbound emails were started queued up in outbreak queue instantantly. Why?

We did the testing deployment last Tursday night and none of the legit inbound emails got put into the outbreak queue...

One the other question, what should be lowest interval number configured for "outbreak-protection-period"? 30-minute is the default and we configured 15-minute. Should we go down to 5-min without affecting the performance?

Labels:
684
0 Kudos
1 Solution
Carl_Windsor_FTNT
Staff
Staff

Created on ‎04-12-2017 02:14 AM

Outbreak Protection will queue suspicious emails for reprocessing at a later (configurable) time.  The purpose of this feature is that FortiMail has detected some unusual characteristics indicative of spam/malware so queues the email for a short period to give the opportunity for our FortiGuard data analytics to detect such a pattern globally.   This small delay can result in significant increase in catch rate with minimal of false positive.

Reducing the default hold timer is possible but will have some impact on the overall catch rate (the longer you are willing to accept, the better the catch rate). 

Carl Windsor
Senior Director, Product Management
Fortinet

Dr. Carl Windsor
Chief Information Security Officer (CISO)
Fortinet

View solution in original post

674
0 Kudos
1 REPLY 1
Carl_Windsor_FTNT
Staff
Staff

Created on ‎04-12-2017 02:14 AM

Outbreak Protection will queue suspicious emails for reprocessing at a later (configurable) time.  The purpose of this feature is that FortiMail has detected some unusual characteristics indicative of spam/malware so queues the email for a short period to give the opportunity for our FortiGuard data analytics to detect such a pattern globally.   This small delay can result in significant increase in catch rate with minimal of false positive.

Reducing the default hold timer is possible but will have some impact on the overall catch rate (the longer you are willing to accept, the better the catch rate). 

Carl Windsor
Senior Director, Product Management
Fortinet

Dr. Carl Windsor
Chief Information Security Officer (CISO)
Fortinet

675
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.