ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.



Article ID: 172923


Updated On:


Email Email Threat Detection and Response


The Auto Remediation feature is part of "Advanced Threat Protection" under the Email Security.Cloud services. This feature DELETES any email that is already delivered which is later determined to have contain Malware from the end users' inboxes.

The below steps explain how it actually works:

  • Email Security Service receives and email for a user
  • The email is scanned and determined to be clean
  • The email is delivered to the end user
  • After the email is delivered, the Advanced Threat Protection, Cynic Service determines that the email contained malware
  • The service then triggers a kind of recall to delete/move the delivered emails from the end users inbox
  • The operation is complete and successful once the email from the end user's inbox is deleted..


  • Email
  • Email Threat Detection and Response



The Auto Remediation Settings tab is located in the ClientNet portal under:  Dashboard > Services > Email Services > Advanced Threat Protection: Email

You must first set up your Microsoft Office 365 service to work correctly with Auto Remediation.  Click the Manage Tenants option to set up permissions to allow Auto Remediation access to your users' inboxes.

The following permissions are required on Office 365.  These are automatically granted once you sign in and link to your Office 365 tenant account.


Enable Auto-Remediation and specify an action.

You must specify the action that is applied to any messages that Auto Remediation identifies as containing malware.

  • Move to Folder
  • Permanently Delete


Alerts settings are configured under Dashboard > Services > Email Services > Anti-Malware > Alert Settings.


Frequently Asked Questions

Is it possible to auto-remediate a message that is more than 20 minutes old ?

The Auto-Remediation time limit is equal to Max Hold Time that has been configured under Cynic Settings in the Portal. The Max Hold Time that can be configured is 20 minutes. Auto-Remediation is an integrated service of the ATP: Email service and functions as an extension of Cynic Scanner.