Keyword filtering action


Applies to: Forefront Security for Exchange Server

You must indicate the action that Forefront Security for Exchange Server should take upon detecting a match to your filter criteria.


You must set the action for each content filter you configure. The Action setting is not global.

The action choices are:

Skip: detect only

Records the number of messages that meet the filter criteria, but permits messages to route normally. If, however, Delete Corrupted Compressed, Delete Corrupted Uuencode Files, or Delete Encrypted Compressed Files was selected in General Options, a match to any of those conditions will cause the item to be deleted.

Purge: eliminate message

Deletes the message from your mail system. When you select this option, a warning appears informing you that if there is a filter match, the message will be purged and unrecoverable. Click Yes to continue.

Identify: tag message

The subject line or message header of the detected message can be tagged with a customizable word or phrase. This tag can be modified for each scan job by clicking the Tag Text button on the Scan Job Settings work pane and modifying the text. This tag is used for all filters associated with the particular scan job.


Forefront Security for Exchange Server keyword filtering scans both plain text and HTML message body content. If Forefront Security for Exchange Server finds a match in both the HTML and the plain text, it reports two detections in the Virus Incidents log and the Quarantine database.