Threat Protection Example

About this task

If you wanted to quarantine encrypted attachments for all but a select group of users, and notify an administrator when they are received, you could set up the threat protection policy like this:

Follow these steps

  1. In the Inbound threat protection rule table on the Configuration > Policy > Threat Protection page, click Add.
    The Policy Wizard is displayed.
  2. Select the Encrypted attachments rule type. Select the Enable advanced policy options check box. Click Next.
  3. In the Message attributes section, click Next.
  4. On the Include Recipient tab of the Users & Groups section, select All Users.
  5. Select the Exclude Recipient tab of the Users & Groups section, and select Selected groups.
  6. Select the group(s) you want to exclude, then click the >> button. When you have finished, click Next.
  7. In the Main Action section, select Quarantine. Then select Encrypted attach in the Configuration > Quarantine for reason section. Click Next.
  8. In the Additional Actions section, click Add.
    The Additional Message Actions dialog box is displayed.
  9. From the first drop-down list, select Notify. In the Configuration section, select Custom email address. Enter the administrator’s email address in the Notify users text box. In the Notify options section, add the custom notification subject and message. Select the Attach original message check box if you want the administrator to receive a copy of the original message.
  10. Click Apply
  11. Click Next.
  12. In the Rule Description section, enter a description for the rule. Select the Activate this rule check box.
  13. Click Apply.

Results

Encrypted attachments will now be quarantined, and a notification will be sent to the administrator.