Managing Restore Requests

Quarantine Restore Requests

Under User Interaction > Restore Requests you can find the requests from users to restore an item from quarantine.

You may review the items the users asked to restore by clicking on the subject line, sender and recipient links, as well as reviewing the restore request.

Requesting a Restore from Quarantine - End-User Experience

Using the link in the email end-users can request to release the quarantined email or attachment if a false positive is suspected.

Note - This procedure is applicable only when the email is sent to individual recipients or distribution lists. For the procedure to request to restore a quarantined email sent to groups, see Restore Requests for Quarantined/Cleaned Emails Sent to Groups.

To request for restore from quarantine:

1. Click on the link in the email you received.
2. Enter the reason for the release of email from quarantine and click Submit.
   
   You will receive a notification that the request is sent to the administrator.
3. If the request is approved by the administrator, the original message will be delivered to the end-user.

Restore Requests for Emails Sent to Groups - End-User Experience

This procedure is applicable when these conditions are met:

• Threat detection policy the email is matched on is in Protect (Inline) protection mode.
• Email is sent to groups containing multiple users (not individual recipients or distribution lists).
• Email is quarantined or its attachments are cleaned.

End-user experience to request to restore a quarantined/cleaned email:

1. Click on the link in the email notification you received for the quarantined/cleaned email.
2. On the User Verification page, enter your email address and click Submit.
3. Avanan sends a verification code to your email address.
4. Enter the verification code you received and click Submit.
5. Enter the reason for your request to restore the original email and click Submit.

Admin Quarantine Release Process

When the end-user requests to release an email, the administrator is notified via email to the configured Restore requests approver email address. The email contains a direct link to the email profile in the Avanan Portal. The administrator can do a full security review of the Malware from the Avanan Portal and can restore the email or decline the release request.

Restoring Quarantined Emails - End-User Experience

After the administrator approves an end-user request to restore an email from quarantine, Avanan performs these actions:

• Removes the quarantine/clean email notifications received for the quarantined email from the end user mailbox.
• Adds the original email to the end-user mailbox, where the email received time is the restore time of
  the email from quarantine, but not the original email sent time.

This example shows the initial email received by the end-user.

This example shows the same email received by the end-user after the administrator approved the restore request.

Note - The initial email received by the end-user is removed, and the restored email gets delivered as a new email to the end-user mailbox. The email received time is the restore time of the email by the administrator, but not the original email sent time.

Who Receives the Emails Restored from Quarantine

• Emails quarantined by Avanan:
  • Depending on the configured workflow, Avanan delivers the email only to the requesting user or to all the original recipients.
    • If the user restores the email without administrator approval, Avanan delivers the email only to the requested user.
    • If the administrator releases the email from quarantine, Avanan delivers the email to all the original recipients of the email.
• Emails quarantined in Microsoft:
  • Avanan delivers the restored emails to all the original recipients regardless of whether it is restored by the user or the administrator.

Notifying End Users about Rejected Restore Requests

To notify end users when their quarantine restore requests are rejected:

1. Go to User Interaction > Configuration.
2. In the Notification Emails section, select the Send feedback email to end users checkbox.
   
   
   
3. Scroll down and select Save and Apply.
   
   Note - This will also enable end-user notifications for approved and rejected phishing reports..

To configure the notification subject and body, go to Configuration > SaaS Applications > Office 365 Mail or Gmail > Advanced and edit these templates:

• Decline message subject
• Decline message body

Dedicated Quarantine Mailbox / Folder

If you would like to store quarantined emails/files locally, you can configure a dedicated quarantine repository for every protected application. This repository is used to store every email / attachment / file that is  quarantined automatically according to the policy or manually by administrators.

Specifying such a mailbox/folder is not mandatory, as Avanan stores a copy of quarantined items in an S3 bucket associated with the Avanan portal.

Office 365 Mail

Note - The dedicated quarantine mailbox must be a full licensed mailbox and it cannot be a shared mailbox.

To configure the dedicated Office 365 Mail quarantine mailbox, go to Configuration > SaaS Applications and click Configure for Office 365 Mail.

Gmail

To configure the dedicated Gmail quarantine mailbox, go to Configuration > SaaS Applications and click Configure for Gmail.

Restore Request Approver

Avanan uses the Restore request approver email account to notify administrators when there is a user requesting an email to be released from quarantine. This email account is used by the current administrator in the Avanan portal.

Note - The Restore request approver must have an Admin, User, or Operations role. For more information, see User Management.

Office 365 Email

To configure the dedicated Office 365 Restore request approver, go to Configuration > SaaS Applications and click Configure for Office 365 Mail.

Gmail

To configure the dedicated Gmail Restore request approver, go to Configuration > SaaS Applications and click Configure for Gmail.