Undesired images that should not reach the intended recipient are not being detected by Image Control heuristics in Symantec Email Security.cloud. This results in a false negative.
The overall verdict for an email is calculated based on the average of all images contained within the email. It is possible that an email may not be detected if it contains one bad image among multiple legitimate images.
Consider changing the sensitivity of the Heuristics filter to a higher setting. Log in to the Symantec.cloud console, and navigate to Services > Email Services > Image Control.
Note: It is not possible to adjust the heuristics themselves, only the sensitivity level.
If you do not obtain the desired results and cannot make further adjustments to the sensitivity level, use the Blocked Images list. You can also use the mechanics available in other filters of the Symantec.cloud service, such as Anti-Spam or Data Protection.
Use Email Track and Trace to ensure that the email was scanned by the Symantec.cloud, or review the email headers and verify that they contain the Symantec relay specific entries, Received: from mailX.bemtaXXX.messagelabs.com.