Quarantine
Overview
Quarantine is the safe storage for messages which were blocked or sanitized by MetaDefender Could Email Security.
If Microsoft Teams message integration is set up, there is a separate Teams Quarantine menu for the messages quarantined by MetaDefender Cloud Email Security.
For details about quarantine configuration, which emails are quarantined see Configuration/Quarantine configuration.
The machine hosting the quarantine is safe from infections as long as items in the quarantine are not opened or executed.
Care must be taken when granting access to the quarantine as releasing or forwarding the items from the quarantine might cause harm.
Search, Filtering and Email / Message details
For details see Operating/Email History.
Saving filters
Under Quarantine in the filter section you have the possibility to save the already created filters to make it easier to manage your quarantine. Once the filter is set according to your needs you need to click on the Add button under next to the input. When you click on the freshly created filter, that will have an immediate effect on the email list, left side. Emails only according to the filter settings will be displayed.
This option is not available in the Teams Quarantine menu.
Cleanup
Scheduled
For details see Configuration/Quarantine configuration.
On-demand
To clean-up quarantine on demand click the
icon and select the time window of the cleanup. This option is not available in the Teams Quarantine menu.
This option is not available in the Teams Quarantine menu.
Pin messages
Messages that are pinned won’t be removed from the quarantine by the scheduled or the on-demand cleanup.
Clicking the
button will pin the selected message(s).
Operations
The following operations are available as both bulk and single email operations in Email Quarantine or Teams Quarantine:
| Operation | Icon | Teams | Description | |
|---|---|---|---|---|
| Rescan |  | ✔ | Initiate a rescan of the message(s). For details see Rescan email. | |
| Release |  | ✔ | Release the selected message(s). The original, potentially harmful email gets delivered. For details see Release email | |
| Forward |  | ✔ | Forward the selected message(s) to the specified recipient(s) for further investigation, for example. The original, potentially harmful email gets delivered. | |
| Delete |  | ✔ | ✔ | Delete the selected message(s) from the quarantine. The operation can not be undone. |
| Download |  | ✔ | ✔ | Download the selected message(s) as a zip archive file. The original, potentially harmful emails are downloaded. |
Upon download it is possible to encrypt the downloaded zip archive with a password.
Bulk operations
Use the checkbox in front of each row to select entries (or use the checkbox in the header row to select all visible items).
Only visible elements are selected. Elements that are not visible (due to pagination, search or filtering) are not selected even by the select all checkbox.
Single message operations
Click the
in Email details / Message details to open the single email / message menu.
The only operation that is not available as a bulk operation is View raw email.
This function can help investigating why the email was quarantined as it shows the raw text format of the email. This option is not available in Teams Quarantine.
Rescan email
MetaDefender Could Email Security provides the capability to rescan emails that were previously blocked and ended up in the quarantine. After a rescan the email may be allowed and delivered normally. Some of the reasons why emails may be rescanned:
To process the email with updated scan engines that may not block the contents,
To process the email with an alternative rule that may give different results,
- To sanitize a blocked email before releasing (see the section Disarm, reconstruct and release)
To provide password for encrypted attachments and process the decrypted contents.
This option is not available on Teams QW
Select alternative rule
Provide password
For details see Operating/Password protected attachments.
Release email
This function will release the selected original emails from the quarantine and send them to the original recipients. The original emails are removed from the quarantine.
The recipients will receive the (potentially) malicious contents.
Quarantining puts the original email into the quarantine and sends a notification or a disinfected/sanitized copy to the original recipient. As a result, releasing from the quarantine virtually duplicates the history entry for the quarantined email.
These duplicates are marked with a paper plane icon in Audit > Email history. For details see Operating/Email History.
Disarm, reconstruct and release
It is a potential use case to sanitize emails before releasing them. This feature is not supported by the regular Release email function but can be achieved using Rescan email.
Release
This option is not available on Teams Quarantine page.
The recipients will receive the (potentially) malicious contents.
- Instead of using the Release function use the Rescan function.
- In the confirmation dialog select the rule created in the previous section:
- The email will be re-processed using the newly selected rule.
- If the new rule allows the email, then it gets delivered normally.