Appendix I: Troubleshooting

Common user issues and solutions:

Issue	Solution
Errors for protected SaaS service below the Overview page	To view the error details, hover over the protected SaaS health status icon. For more information, see Application Protection Health.
Security events are not created in the portal	Verify that Harmony Email & Collaboration was properly authorized with the SaaS application without errors. After successful authorization, you should see updated statistics of active users and total files/emails at the bottom of the Overview page The scanned files/email may contain no malicious/phishing activity and are therefore not presented as security events. Create custom query for files/emails and inspect the relevant item for malicious findings. Recent Emails query: Analytics > Add new query > Show recent emails Recent files query: Analytics > Add new query > Show recent files Contact your Check Point representative to report any missed detections.
Security event is created with a "NEW" state in the portal but the user receives phishing/malicious emails	Verify the specific user is covered by the relevant scope of the configured Inline Prevent rule. Verify that the rule's Suspected Phishing workflow is not configured to Do nothing. For the Monitor only operation mode, it is expected to get only notifications for any events that happened. For the Protect (Inline) operation mode, security events for users covered by the rule's scope should be created in REMEDIATED state. The user is alerted based on the workflow of the configured rule.
Security events are created for legitimate emails or files	After initial configuration, the system is "learning" the user's behavior and may produce false detections (called false positives) during this period. For such cases, manually add an email exception If a security event is created for a legitimate file(s), contact your Check Point representative or Check Point Support support to report the false detection.