While ATP could be simplified as "plugin that tests mail attachments in a sandbox," there are quite a few steps to accomplishing this task. This article breaks down all the steps from policy to end result.
This table breaks down what occurs when either the default ATP policy or a custom policy picks up attachments for processing.
Step | Detail | What Happens | Outcome |
---|---|---|---|
1 |
Policy rules filter in attachments Attachments are queued |
Attachments that match the policy rule(s) are identified. |
Attachments are put into the queue for processing. |
2 |
Wait time check User notification if needed |
ATP does a check on available sandboxes and estimates processing time. |
If estimated wait is under five minutes
|
3 |
Files wait in queue |
Attachments move along the queue until there is an available sandbox to process them. |
When a sandbox is available, move to the next step. |
4 |
Attachments are analyzed by the sandbox Sandbox generates result |
The next available sandbox removes up to five attachments per message from the queue. The sandbox analyzes each attachment. Average processing time is about 2 minutes per file. |
Each attachment is analyzed by the sandbox. The sandbox outputs two items back to the ATP plugin:
|
5 |
ATP takes action based on sandbox result |
Sandbox result is No Risk Found |
Attachment is sent along with the original email message to the end user. |
Sandbox result is Suspect In Email Security, a Suspect file has a threat equivalent to Spam. |
Attachment is quarantined. Attachment is listed as Suspect/Spam on the next Quarantine Report that the user receives. Depending on user permissions for quarantined items, they may be able to release the suspect file through a link in the Quarantine Report. |
||
Sandbox result is Malicious In Email Security, a Malicious file has a threat equivalent to Virus. |
Attachment is quarantined. Attachment is listed as Malicious/Virus on the next Quarantine Report that the user receives. Malicious attachments cannot be released by end users. |
Carlos Rios
Comments