search cancel

Click-time URL Protection service is not blocking access to a malicious link (False Negative)

book

Article ID: 163798

calendar_today

Updated On:

Products

Email Security.cloud Email Threat Detection and Response

Issue/Introduction

An email has been received that contains a link that has not been rewritten by the Click-time URL Protection service.

Or

An email has been received that contains a link that points to a URL that begins with https://clicktime.symantec.com/ . Upon clicking the link, you are directed to a site that you believe is hosting dangerous or malicious content, but you were not presented with a block page.

Environment

  • Email Security.cloud
  • Click-Time Protection Service

Resolution

Check your Click-time URL Protection service settings in the https://clients.messagelabs.com/ portal.

  1. Navigate to Services > Email Services > Anti-Malware and click on the Click-time URL Protection Settings tab.
  2. Confirm that the Click-time URL Protection service is enabled for the domain that received the email. Be sure to check both the Global and the per-domain levels for the domain in question.
  3. Ensure that the URL that has not been rewritten does not appear on your organizational whitelist.
  4. If you cannot see any immediate configuration issues, raise a Support ticket using your normal reporting method. Please DO NOT upload any MSG or EML attachments to the ticket; you will be asked to provide a sample through a separate, secured email address.

Submitting a False Negative

Note: At present we are unable to accept suspected False Negative sample submissions for the Click-time URL Protection service through the Symantec Email Submission Client (SESC) or the Spam Analysis Tool in the Symantec.cloud portal.

Submit false negative spam emails missed by Symantec.cloud email services