The "Remediation Status Set" status update in the details of incident history is missing on incidents that are set to quarantine with Email Quarantine Connect FlexResponse. The headers are modified, and the quarantine appears to happen on the SMG side, but the quarantine not reflected in the incident history in Enforce
This problem can cause the "quarantined" status to be missing from incident reports ran from Enforce
There are several potential causes, as there are several potential points of failure in the back and forth communication that needs to occur between SMG and DLP.
If the incidents are truly getting quarantined in SMG but the message is not getting back to Enforce, the most likely causes of the problem would be
We have seen an instance where this problem developed shortly after SAML authentication was setup in Enforce server while the default "Administrator" Enforce account was setup in the "Enforce Server Access" section of SMG
DLP integrated with SMG via Email Quarantine Connect FlexResponse
If none of the above steps resolve the problem, and the "Administrator" account is setup in the "Enforce Server Access" tab of the "DLP Connect" section in SMG (or SAML authentication was setup in Enforce prior to the problem developing), it is possible that refreshing the account that is setup to access Enforce in SMG could help. This can be done by doing the following:
The above refresh process was found to resolve the issue for a customer who had recently switched their Enforce console to SAML authentication prior to the problem developing