Operating
3.17
Search this version
Operating
Operating
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Quarantine
Copy Markdown
Open in ChatGPT
Open in Claude
The Quarantine page provides information of blocked and modified emails, including some basic metadata. Each entry is linked to an Event (See Events).
Search and Filtering Options
- Search Bar: Search by Quarantine ID or email-related keywords.
- Verdict Filter: Narrows down events by verdict (e.g., Malicious, Suspicious, Failure to Analyze, Encrypted Content).
- Time Range: Narrows down events by time range.
- Advanced Filters: Search and refine event results using multiple parameters such as
- Verdict
- Status
- Quarantine reason
- Message ID
- Quarantine ID
- Subject
- SMTP Sender
- From: address
- Recipient
- Policy Name
Quarantine List (Blocked & Sanitized Originals)
Each row in the list represents an email with the following details:
- Quarantine ID: Unique identifier for the quarantined message.
- Time of Event: When the email was detected and quarantined.
- Policy: Indicates the Policy that applied for the the content.
- Verdict: Classification outcome such as Malicious, Suspicious, Sanitized.
- Details: Link to the related event for deeper investigation.
- Delete & Release: Perform action on the quarantined entry. Actions can also be performed from the Actions Panel.
Viewing Details
Clicking the arrow next to a Quarantine ID expands detailed metadata about the quarantined email, including:
- Item type: Type of content.
- View headers: View the email header for analysis.
- Affected User: The user(s) affected by the event.
- Sent at: Timestamp of when the email was sent.
- Received at: Timestamp of when the email was received.
- Message ID: Unique email message identifier.
- Subject: The subject of the email.
- Sender & Recipients: Sender's email address and SMTP server details.
- From, To & Cc: Identify the sender and recipients listed in the email header.
- Received from: Endpoint from where email was received.
- Size: Email content size.
Actions
To the right of each quarantined email are action icons:
- View Event: Opens the associated event for detailed threat analysis. See Viewing Event details.
- Delete: Permanently removes the email from the system
- Release: Delivers the email to the intended recipient if deemed safe
These actions can help administrators quickly manage threat resolution or allow legitimate emails that were flagged in error.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
User Actions wizardDiscard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
