In Symantec Email Security.Cloud, the Track & Trace feature records the lifecycle of every email processed through the service. One of the possible outcomes you may see in the search results is “Action Logged.”

This status indicates that the email was successfully received and processed by the filtering engines, but no filtering action (such as block, quarantine, reject) was applied. Instead, the system only recorded the event in the logs for auditing and reporting purposes.

Symantec Email Security.Cloud

1. The message was deemed clean

• The email passed all security scans (anti-malware, anti-spam, impersonation, and data protection) with no rule triggered.
• No policy or rule required further action.

2. Policy or configuration allows it

• The sender, recipient, or domain might be on an allow list.
• A customer-defined policy permitted the email to bypass further scanning.

3. Auditing and traceability

• Even when no action is taken, administrators need to be able to view the email flow in Track & Trace.
• This provides proof of delivery and visibility into message handling.

Verify in Track & Trace that the final disposition is Delivered.

Some policies may be set to “Log Only” for testing or monitoring

Look at the Global Approved Senders or customer-defined allow lists for the service triggered.

See if the sender/domain/IP is on an allow list that caused the message to bypass scanning.