The legitimate email was hit by Scan-time protection policy due to suspicious URL

Email Security.cloud

Scan-Time Protection Policy filters emails based on policies templates defined by the Client Net administrator

If the user doesn't want to stop messages by Scan-Time protection policy because the email was Legit, you can do the following:

1. Edit Scan-Time Protection policy with conditions IF and IF NOT but this increases a complexity of policy. For Scan-time rule IF conditions please refer to separate KB.

2. Create a new policy but it may be a disadvantage because 1 policy will stay in conflict with another one.

3. Disable the policy.

4. The best solution is to request Symantec to change the category of URL using the Sitereview.