Overriding Microsoft's False Positive Detections
Emails Falsely Quarantined by Microsoft
Administrators can configure Harmony Email & Collaboration to automatically release emails quarantined by Microsoft, if Check Point classifies them as Clean / Spam / Suspected Phishing. To do that:
-
Go to Security Settings > User Interaction > Quarantine.
-
In the Override Microsoft Enforcement section, select the Override Microsoft quarantine/send to Junk if Check Point finds the email as clean checkbox and click customize next to it.
-
Select the Automatically restore emails quarantined by Microsoft and Check Point checkbox.
-
From the list, select the required classification of emails to restore from the Microsoft quarantine.
-
Malicious (All verdicts)
-
Phishing
-
High confidence phishing
-
Bulk
-
Spam
-
-
From the list, select the preferred Check Point verdicts.
-
Clean
-
Spam
-
Suspected Phishing
-
-
(Optional) To move emails that Microsoft marks as junk to the user's inbox when Check Point classifies them as clean, select the Move to Inbox for emails that Microsoft sends to Junk and Check Point classifies as Clean checkbox.
-
Click Save and Apply.
Notes:
-
These emails do not appear in the Daily Quarantine Report (Digest) or the End-User Quarantine Portal (Email Security Portal).
-
The policy workflow do not apply to these emails as the released email is the original email. The email will be sent directly to the user's mailbox.
-
For information about how the emails are enforced, see Enforcement Flow.
Emails Falsely Sent to Junk by Microsoft
Administrators can configure Harmony Email & Collaboration to manage phishing emails that Microsoft / Google falsely flags as spam.
For more information, see Overriding Microsoft False Detections as Spam (Send to Junk).
If you only want to apply it to emails allow-listed by Check Point, refer to the Overriding Microsoft / Google sending emails to Junk folder.