Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working with Filters and Policies > Managing filter actions
Managing filter actions
Administrator Help | Forcepoint Email Security | Version 8.5.x
A filter action determines the final disposition of a message. The email security software analyzes messages and their attachments, then performs an action based on applicable policy settings. Actions are created on the page Main > Policy Management > Actions. You can add a defined action to a policy rule when you configure your email policies.
In addition to defining an action used in an email policy, you can create an action for use in an email DLP action plan in the Data Security module. See Forcepoint DLP Administrator Help for information about DLP action plans.
For most network configurations (i.e., single standalone appliance or single appliance cluster), the property settings available for creating an action for an email DLP policy are the same as those for a policy action configured for the email security software. However, if your network includes multiple standalone appliances or multiple clusters, limited DLP policy action settings are available when an action is initially created. Unless otherwise noted, the procedures for creating and configuring a filter action apply to both email and DLP policy actions.
The following default actions are available on the page Main > Policy Management > Actions:
*
Virus. Drop the filtered message and save the original message to the virus queue. Allow a Personal Email Manager end user to view and manage the message.
*
Spoof. Deliver the analyzed message and add "POSSIBLY SPOOFED:" to the message subject. Allow a Personal Email Manager end user to view and manage the message.
*
Email Attachment. Drop the filtered message and save the original message to the attachment queue. Do not allow a Personal Email Manager end user to view and manage the message.
*
URL Analysis. Drop the analyzed message and save the original message to the spam queue. Allow a Personal Email Manager end user to view and manage the message.
You can configure multiple URL analysis rules if you are concerned that a Personal Email Manager end user may inadvertently release email that contains a malicious URL. In that case, you can set the following characteristics for your action:
1.
2.
In the section Drop Message Options, set the Save the original, unanalyzed message to a queue pull-down menu to the url-analysis default queue.
3.
Select Do not display for the Personal Email Manager end-user portal option, to prevent an end user from controlling message delivery.
4.
Click OK to save the new action.
*
Spam. Drop the analyzed message and save the original message to the spam queue. Allow a Personal Email Manager end user to view and manage the message.
*
Commercial Bulk. Deliver the analyzed message and add "COMMERCIAL:" to the message subject. Allow a Personal Email Manager end user to view and manage the message.
*
Advanced File Analysis. Drop the analyzed message and save the original message to the virus queue. Send a notification message without attaching the original email to the original email sender.
Remove a filter action
You can delete a filter action only if its current status is Not referenced, which means that the action is not currently used in a policy rule or action plan. A filter action that is currently referenced by a filter or action plan does not have a check box for selection. You cannot remove a default email filter action.
1.
The Confirm Action Delete dialog box displays.
2.
The filter action is deleted.
Add a new filter action
*
Click Add.
The Add Action page displays. See Creating and configuring a filter action.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working with Filters and Policies > Managing filter actions
Copyright 2022 Forcepoint. All rights reserved.