Avanan’s virtual Inline technology provides anti-phish protection for email after it has been scanned by Microsoft’s servers, but before it reaches the user’s inbox. In most cases, a malicious URL will be blocked before it is even seen by the user.

New attacks, however, use compromised servers that appear benign until after the message has been delivered. Click-time Protection checks a URL when the user clicks, blocking access should the website be malicious.


What is Click-Time Protection?

Click-Time Protection (CTP) is based on URL "rewrites". Every link within incoming emails is replaced with an Avanan URL. When anyone clicks on the link, Avanan tests the site before redirecting the user.

What Click-Time Protection Provides

  • Another layer of post-delivery protection
  • Enhanced protection for zero-day attacks, as sometimes it takes a few minutes to detect malicious emails
  • Forensics

Click-time Protection is available for Office 365 Mail and Gmail.

The unique positioning of Avanan

When security gateway replaces a URL - O365 ATP can’t scan it anymore. Avanan comes after ATP, and thus can replace URLs after ATP already scanned the email. As a result, CTP can be enabled in addition to ATP, as another layer of protection.


How it Works

When enabling Click-time Protection from the platform the admin has three options for how malicious sites should be handled by Avanan for the end-user:

  1. Do nothing and allow the user to go through to the site
  2. Completely prevent the user from visiting the site
  3. Display a warning to the user with the option for them to continue to the site.

Once enabled, all links contained in an incoming email are replaced with an Avanan link. When the user clicks on the link, it triggers an immediate scan of the target site. If it is determined to be benign, the user continues without interruption. If it is determined to be malicious, the user is forwarded to a warning page.


Click events are recorded in a new type of event - “Malicious Url Click”.



For more information on Click-Time protection see here: