Managing Restore Requests

Quarantine Restore Requests

Under User Interaction > Restore Requests you can find the requests from users to restore an item from quarantine.

You may review the items the users asked to restore by clicking on the subject line, sender and recipient links, as well as reviewing the restore request.

Restore-requests

Quarantine Release Process - End-User Experience

Using the link in the email end-users can request to release the quarantined email or attachment if a false positive is suspected.

To request for restore from quarantine:

  1. Click on the link in the email you received.
  2. Enter the reason for the release of email from quarantine and click Submit.
    Quarantine-Release-Process
    You will receive a notification that the request is sent to the administrator.
  3. If the request is approved by the administrator, the original message will be delivered to the end-user.

Admin Quarantine Release Process

When the end-user requests to release an email, the administrator is notified via email to the configured Restore requests approver email address. The email contains a direct link to the email profile in the Avanan Portal. The administrator can do a full security review of the Malware from the Avanan Portal and can restore the email or decline the release request.


Restore-Request-Sample

Restore-request-Avanan-Portal

Extracted Restore Requests

Using this tab you can see all users' requests currently pending to restore original email attachments.

Note - For emails in Office 365 that are quarantined, the senders flagged with a red icon are external users.

Restored Emails - End-User Experience

After the administrator approves an end-user request to restore an email from quarantine, Avanan performs these actions:

  • Removes the quarantine/clean email notifications received for the quarantined email from the end user mailbox.
  • Adds the original email to the end-user mailbox, where the email received time is the restore time of
    the email from quarantine, but not the original email sent time.

This example shows the initial email received by the end-user.

email-before-approval-by-admin

This example shows the same email received by the end-user after the administrator approved the restore request.

Note - The initial email received by the end-user is removed, and the restored email gets delivered as a new email to the end-user mailbox. The email received time is the restore time of the email by the administrator, but not the original email sent time.

email-after-approval-by-admin

 

Dedicated Quarantine Mailbox / Folder

If you would like to store quarantined emails/files locally, you can configure a dedicated quarantine repository for every protected application. This repository is used to store every email / attachment / file that is  quarantined automatically according to the policy or manually by administrators.

Specifying such a mailbox/folder is not mandatory, as Avanan stores a copy of quarantined items in an S3 bucket associated with the Avanan portal.

Office 365 Mail

Note - The dedicated quarantine mailbox must be a full licensed mailbox and it cannot be a shared mailbox.

To configure the dedicated Office 365 Mail quarantine mailbox, go to Configuration > SaaS Applications and click Configure for Office 365 Mail.

Dedicated-Quarantine-Mailbox-Office365

Gmail

To configure the dedicated Gmail quarantine mailbox, go to Configuration > SaaS Applications and click Configure for Gmail.

Dedicated-Quarantine-Mailbox-Gmail

Restore Request Approver

You must specify a Restore request approver email account. This email account is used by the current administrator in the Avanan Portal. This account is used to notify administrators when there is a user requesting an email to be released from quarantine.

Office 365 Email

To configure the dedicated Office 365 Restore request approver, go to Configuration > SaaS Applications and click Configure for Office 365 Mail.

Config-Restore-request-Approver-Office365

Gmail

To configure the dedicated Gmail Restore request approver, go to Configuration > SaaS Applications and click Configure for Gmail.

Config-Restore-request-Approver-Gmail