URL Sandbox

Administrator Help | Forcepoint Email Security | Version 8.4.x

The URL sandbox function provides real-time analysis of uncategorized URLs that are embedded in inbound email. When a user clicks an uncategorized URL, a notification message prompts the user to initiate URL analysis, because the link may not be safe. If the user chooses not to analyze the URL, the requested page is not accessible.

If analysis determines that the link is not malicious, the user receives notification that they may proceed to the site. If the link is deemed malicious, the user is notified that the site is blocked. The site may also be blocked if applicable policy does not allow a user to access uncategorized web pages.

The user may also be notified in the following cases:

If the function cannot access the requested page due to an inaccessible server or because the link is incorrect

If the protocol is not supported (e.g., HTTPS)

Your subscription must include the Forcepoint Email Security Hybrid Module. URL sandbox capability is available only after the email hybrid service is successfully registered and enabled.

The URL sandbox configuration settings include 3 components:

Default settings that apply to any recipient not covered by specific settings

Recipient-specific settings that apply to an individual domain or email address

List of domains to which sandbox settings do not apply

Use the Settings > Inbound/Outbound > URL Sandbox page to configure the URL sandbox feature:

In the Default Settings section, specify the settings that apply to any recipient not covered by recipient-specific settings.

Mark the Analyze suspicious URLs check box to activate the URL sandbox function. By default, the check box is not marked.

If the URL sandbox is enabled, mark the Allow the recipient to follow links to unclassified URLs check box to allow users to click unclassified URL links. By default, the check box is not marked.

Mark the Allow the recipient to follow links with an unsupported protocol check box to allow users to click a link that may redirect to a site with an unsupported protocol (e.g., HTTPS).

If you want the original URL replaced by other text, enter the string in the entry field below the check box. Leave this field blank if you want the original URL to appear.

Use the Recipient-specific Settings area to add custom sandbox settings for individual domain or email addresses.

Click Add to create sandbox settings for a particular group of addresses.

In the Recipient Email/Domain Address List, enter comma-separated email or domain addresses to which you want the settings to apply. No wildcards are permitted.

Mark the Analyze suspicious URLs check box to activate the URL sandbox function for these addresses. By default, the check box is not marked.

If the URL sandbox is enabled, mark the Allow the recipient to follow links to unclassified URLs check box to allow the specified users to click unclassified URL links. By default, the check box is not marked.

Mark the Allow the recipient to follow links with an unsupported protocol check box to allow users to click a link that may redirect to a site with an unsupported protocol (e.g., HTTPS).

If you want the original URL replaced by other text, enter the string in the entry field below the check box. Leave this field blank if you want the original URL to appear.

At the bottom of the URL Sandbox section, mark the Analyze suspicious URLs that appear in digitally signed email check box if you want the sandbox to examine URLs even if they appear in a message that contains the digital signature of a trusted sender. By default, the check box is not marked.

In the entry field above the check box, enter the URL domains that you want to bypass the URL sandbox. Do not use wildcards, and separate multiple entries with a comma.

If you want to delete a set of recipient-specific settings, mark the check box next to the address list and click Delete.