The article descibes on how to properly configure Email Threat Isolation settings for Email Security.cloud, and how to troubleshoot common issues.

Email Security Cloud

Email Threat Detection and Response

Contents

• About Email Threat Isolation
• Configure URL Threat Isolation
• URL Threat Isolation Report
• Frequently asked questions about URL Threat Isolation

About Email Threat Isolation

The URL Isolation feature executes web sessions remotely on an isolation platform. Malicious content is isolated and is prevented from being delivered to your network or your end users' devices. Only safe or sanitized content is delivered to your organization. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. Note that for this release, neither the risk levels or default policies can be modified.

Configure URL Threat Isolation

You can configure your organization's URL Isolation Settings on this page in the portal: Dashboard > Services > Email Threat Detection and Response > Click-time Protection Policy.

The Click-time URL Protection feature MUST be enabled as a prerequisite to enabling URL Isolation. The two features work together at each click for the lifetime of a URL to ensure that malicious content is isolated.

From this page, you can configure which Risk Score level for URLs that will trigger isolation. You can also add the envelope sender domain to the Threat Isolation Approved Sender Domains list to allow all URLs coming from these sender domains. Additionally, you have the option to create new policies or edit existing ones to either isolate or allow specific URLs.

URL Isolation Report

The URL Isolation feature executes URLs in an isolation platform, which isolates malicious content and prevents it from being delivered to your network. Only safe or sanitized content
is delivered to your devices. URL Isolation uses risk level assessments to determine whether to isolate a URL. The antiphishing protection and sensitive data protection policies can also isolate risky URLs. URL Isolation logs events for any attempts to access higher risk URLs.

To download a report containing Threat Isolation incidents within the last 30 days, click Reports > Request a new report and then select the Threat Isolation Incidents report under the Service Statistics heading. Also, you can access the same data using an API and download the data in JSON format.

Troubleshoot Email Threat Isolation

• Submit false negative spam emails missed by Symantec.cloud email services
• Submit false positives for Email threat isolation
• Bypass trusted domains from URL Click-time and Email Threat Isolation
• URL is not being rewritten by Click-time URL Protection
• Websites look wrong or appear differently than they should

Frequently asked questions about Email Threat Isolation

• More information about Email Security.cloud Threat Isolation service