Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Content Filter tab > Attachments > Securing suspicious attachments
Securing suspicious attachments
 
* 
Note 
Securing suspicious attachments is a limited-availability feature, and may not be available in your account.
Even when analysis does not find malicious content in an attachment, some attributes of an attachment can make it suspicious. Such attributes include sender and domain reputation, attachment file type, attachment size, the spam score of the message, and other attributes.
When a suspicious attachment is identified, you can choose to place the attachment in a password protected zip file that is delivered to the recipient along with a report that includes the message details, a preview of the attachment content, and a link to retrieve the password to the secured zip file. When the Retrieve Password link is clicked, a separate email is sent to the recipient that includes the password. Note that only an original recipient can receive the password. If a message with secured file attachments is forwarded, recipients of the forwarded message must ask the original recipient for the password.
If you choose to secure suspicious file attachments, it's very important that you prepare users to receive them and to take appropriate action. Users should know that:
1.
The email security service analyzes email attachments for malicious content. When found, the attachment is not delivered.
2.
The email security service also looks for suspicious file attachments. An attachment can be suspicious for several reasons including the reputation of the sender or sending domain, attachment file type, attachment size, the spam score of the message, and other attributes.
3.
When a suspicious attachment is found:
*
The attachment is placed in a password protected zip file and delivered, along with the original message, to the intended recipients.
*
A Secured Attachment Report is also attached to the original message. The report includes the message details, a preview of the attachment content, and support for retrieving the password for the secured zip file.
4.
Recipients should carefully examine the Secured Attachment Report to help determine if the attachment is safe.
5.
Opening a suspicious attachment could lead to the computer being compromised or infected. Recipients should open the attachment only if they're sure that it's safe. If in doubt, contact the IT team for assistance.
6.
If a user receives a forwarded copy of a message with the secured zip file, they need to ask to original recipient for the password. Only the original recipients can retrieve the password.
To secure suspicious attachments:
1.
In the Inbound Content Filter section of the Content Filter tab, select Secure suspicious attachments.
2.
Click Customize settings to:
a.
Review and customize the message that is inserted into the original message (annotates the message).
b.
Add or remove sender addresses or domains to exclude from the secure attachment rule.
c.
Click Save or Cancel to return to the Content Filter page.
3.
Click Save to save your settings.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Content Filter tab > Attachments > Securing suspicious attachments
Copyright 2023 Forcepoint. All rights reserved.