Overriding Microsoft High-Confidence Phishing False Positives

Administrators can configure Harmony Email & Collaboration to automatically release emails quarantined by Microsoft for being High-Confidence Phishing emails if Check Point classifies them as Clean / Spam / Suspected Phishing. To do that:

1. Go to Security Settings > User Interaction > Quarantine.

2. In the Emails Quarantined by Microsoft section, expand Emails Quarantined by Microsoft as High-Confidence Phishing, and select the Automatically restore if Check Point classifies differently checkbox.

   

3. From the list, select the preferred Check Point verdicts.

   • Clean

   • Spam

   • Suspected Phishing

4. Click Save and Apply.

   Notes: These emails do not appear in the Daily Quarantine Report (Digest) or the End-User Quarantine Portal (Email Security Portal). The policy workflow do not apply to these emails as the released email is the original email. The email will be sent directly to the user's mailbox.

For information about how the emails are enforced, see Enforcement Flow.