Threat Detection Policy Workflows
Malware Protection
Malware Workflow
The administrators can select any of these workflows for Anti-Malware when malware is detected.
Workflow |
Description |
---|---|
Quarantine. User is alerted and allowed to restore the email |
Email to the user is scanned and when found malicious, the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a customizable message to the user along with a link to release the file if a false positive is suspected. The attachment is also stripped and noted in the replaced body. In this workflow, the user has the option to release the quarantined attachment. Using the link in the email, the user can release the attachment. The original email and attachment will be immediately delivered back to the inbox. |
Quarantine. User is alerted, allowed to request a restore. Admin must approve |
Email to the user is scanned and when found malicious, the subject is replaced with a Quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a customizable message to the user along with a link to release the file if a false positive is suspected. The attachment is also stripped and noted in the replaced body. In this workflow, using the link in the email, the end-user can request to release the attachment. The administrator is notified via email to the configured Restore requests approver email address. The email contains a direct link to the email profile in the Infinity Portal. The administrator can do a full security review of the Malware from the Infinity Portal and can restore the email or decline the release request. If the request is approved, the original email and attachment will be immediately delivered to the end-user mailbox. |
Quarantine. User is not alerted (admin can restore) |
In this mode, the email is automatically quarantined with no user notification. |
Email is allowed. Deliver to Junk folder |
The detected email is delivered to the recipient's Junk folder. |
Email is allowed. Header is added to the email |
The detected email is delivered to the recipient with an additional header that can be configured in the policy. |
Do nothing |
The detected email is delivered to the recipients. |
For more information on who receives the restored emails, see Who Receives the Emails Restored from Quarantine.
|
Note - To create Allow-List or Block-List for Anti-Malware, see Anti-Malware Exceptions. |
Suspected Malware Workflow
The administrators can select any of these workflows for Anti-Malware when suspected malware is detected in emails.
Workflow |
Description |
---|---|
User receives the email with a warning |
The detected email is delivered to the user with a notification inserted in the body of the email. |
Email is allowed. Deliver to Junk folder |
The detected email is delivered to the recipient's Junk folder. |
Quarantine. User is alerted and allowed to request a restore (admin must approve) |
Email to the user is scanned and when found malicious, the subject is replaced with a Quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a customizable message to the user along with a link to release the file if a false positive is suspected. The attachment is also stripped and noted in the replaced body. In this workflow, using the link in the email, the end-user can request to release the attachment. The administrator is notified via email to the configured Restore requests approver email address. The email contains a direct link to the email profile in the Infinity Portal. The administrator can do a full security review of the Malware from the Infinity Portal and can restore the email or decline the release request. If the request is approved, the original email and attachment will be immediately delivered to the end-user mailbox. |
Quarantine. User is alerted and allowed to restore the email |
Email to the user is scanned and when found malicious, the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a customizable message to the user along with a link to release the file if a false positive is suspected. The attachment is also stripped and noted in the replaced body. In this workflow, the user has the option to release the quarantined attachment. Using the link in the email, the user can release the attachment. The original email and attachment will be immediately delivered back to the inbox. |
Quarantine. User is not alerted (admin can restore) |
In this mode, the email is automatically quarantined with no user notification. |
Email is allowed. Header is added to the email |
The detected email is delivered to the recipient with an additional header that can be configured in the policy. |
Do nothing |
The detected email is delivered to the recipients. |
|
Note - To create Allow-List or Block-List for Anti-Malware, see Anti-Malware Exceptions. |