Learn how to properly configure Email Threat Isolation settings for Email Security.cloud, and how to troubleshoot common issues.

Contents

• About Email Threat Isolation
• Configure URL Threat Isolation
• URL Threat Isolation Report
• Frequently asked questions about URL Threat Isolation

About Email Threat Isolation

The URL Isolation feature executes web sessions remotely on an isolation platform. Malicious content is isolated and is prevented from being delivered to your network or your end users' devices. Only safe or sanitized content is delivered to your organization. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. Note that for this release, neither the risk levels or default policies can be modified.

Configure URL Threat Isolation

You can configure your organization's URL Isolation Settings on this page in the portal: Dashboard > Services> Email Threat Isolation > URL Isolation Settings.

The Click-time URL Protection feature MUST be enabled as a prerequisite to enabling URL Isolation. The two features work together at each click for the lifetime of a URL to ensure that malicious content is isolated.

• Add common trusted domains to your whitelist (including your own domains if appropriate).
  • Configure domain whitelists, if needed.
  • Configure recipient whitelist, if needed.
• Modify your block page content to match your organizational policy using the default text as a guide.
  • Allow or disallow the user to continue to a suspect URL.
  • Explain how they should report false positives internally.
• Provide a link to your internal policy.
• Override those settings on a domain by domain basis as necessary.

URL Isolation Report

The URL Isolation feature executes URLs in an isolation platform, which isolates malicious content and prevents it from being delivered to your network. Only safe or sanitized content
is delivered to your devices. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. URL Isolation logs events for any attempts to access higher risk URLs.

You can run a report on these events and download the data in a .csv format using the Download CSV option. Also, you can access the same data using an API and download the data in JSON format.

Refer to the URL Isolation Report page for further information and instructions on downloading the report data. You can access the page in the portal at Dashboard > Services > Email Threat Isolation > URL Isolation Report.

Troubleshoot Email Threat Isolation

• Submit false negative spam emails missed by Symantec.cloud email services
• Submit false positives for Email threat isolation
• Bypass trusted domains from URL Click-time and Email Threat Isolation
• URL is not being rewritten by Click-time URL Protection
• Websites look wrong or appear differently than they should

Frequently asked questions about Email Threat Isolation

• More information about Email Security.cloud Threat Isolation service