Start a conversation

Release of Queued Messages

If enabled, users can release email messages from the processing queue. This article explains the release process and how to enable it.

User option to release emails

If the sandbox queue is longer than 5 minutes, ATP sends users a stripped copy of their email, containing

  • A notification about the wait time
  • Copy of the email subject
  • Copy of the email message body
  • List of the email attachment names

If the release of queued messages is enabled, the stripped email also contains a link that allows the user to release the email deliver it immediately. Attachments will still be processed by the sandbox, but the user can have immediate access to their email.

Enable or disable the release of messages
  1. Click Service Settings > ATP
  2. Check or uncheck Allow users to release the Email, prior to the result from Sandbox

Email Security confirms your selection with a notification.

ATP options with email releasing enabled.

What happens when an email is released?

The link within the email message takes the user to a secure portal where the email is temporarily held.

Email in the portal with a virus. Preview and release is not allowed.

In the above example, the message contains malicious content and therefore cannot be released (or even previewed).

 

There are a few outcomes, depending on

  • Where the message sits in the sandbox queue (whether it has been processed)
  • User permissions within Email Security

See the table below for details.

Sandbox queue status Portal options Outcome

Email has not yet been analyzed

Attachment result is unknown

User can release the email

When released from the portal, ATP sends user

  • A warning that the email has not been analyzed, and may contain malicious code
  • A copy of the original message with original attachments

The sandbox will still analyze any attachments that have been queued.

Email has been analyzed

One or more attachments are Suspect

Depends on Email Security user permissions.

Some users may not have permission within Email Security to handle Suspect or Spam level messages.

User is warned that some attachments are suspect in nature. Then, one of the following options is available

  • If the user has permission to release Suspect/Spam attachments, they can release the email. If released from the portal, ATP sends user
    • A copy of the original message with original attachments

    • A warning that the email has been analyzed, and some attachments have acted suspiciously, though no malicious intent was found

  • If the user does not have permission to access Suspect/Spam attachments, they can not release the email

Email has been analyzed

One or more attachments are Malicious

User can not release

User is warned that some attachments are malicious in nature.

Email Security does not allow users/admins to release or view email that has been deemed Malicious/Virus.

Email has been analyzed

All attachments have a result of No Risk Found

None

Email has already been delivered to user.

This can occur if a user clicks the release link, but the email has been processed in the meantime.

 

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Carlos Rios

  2. Posted

Comments