The Auto Remediation feature is part of "Advanced Threat Protection" under the Email Security.Cloud services. This feature DELETES any email that is already delivered which is later determined to have contain Malware from the end users' inboxes.
The below steps explain how it actually works:
The Auto Remediation Settings tab is located in the ClientNet portal under: Dashboard > Services > Email Services > Advanced Threat Protection: Email
You must first set up your Microsoft Office 365 service to work correctly with Auto Remediation. Click the Manage Tenants option to set up permissions to allow Auto Remediation access to your users' inboxes.
The following permissions are required on Office 365. These are automatically granted once you sign in and link to your Office 365 tenant account.
You must specify the action that is applied to any messages that Auto Remediation identifies as containing malware.
Alerts settings are configured under Dashboard > Services > Email Services > Anti-Malware > Alert Settings.
Is it possible to auto-remediate a message that is more than 20 minutes old ?
The Auto-Remediation time limit is equal to Max Hold Time that has been configured under Cynic Settings in the Symantec.cloud Portal. The Max Hold Time that can be configured is 20 minutes. Auto-Remediation is an integrated service of the ATP: Email service and functions as an extension of Cynic Scanner.