Targeted Threat Protection - Attachment Protect - Bypassing Sandbox

Updated

Ensure you’ve considered your own security posture and determine what types of attachments you are satisfied with users receiving and/or what other security protections have been enabled locally.

This only impacts the sandboxing of newly sent emails and not those already queued for processing on the platform.

This guide describes how to bypass/disable Attachment Protection sandboxing. It covers:

Bypassing Sandboxing for a Subset of Users / Mail Flow

To bypass or disable Attachment Protection sandboxing:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Policies | Gateway Policies.
  3. Click on Attachment Protect Bypass.
  4. Click the New Policy button to create a policy. For more information, see the Policy Specificity page for details.
  5. Complete the Options section as required:
 Field / Option Description
Policy Narrative Provide a description of the policy to allow you to easily identify it in the future.
Select Option

Select the following option from the drop-down:

  • Disable Attachment Protect - Enables the bypass policy.
  1. Complete the Emails From and Emails To sections as required to bypass preemptive sandboxing for the users or mail flow required:
Field / Option Description
Addresses Based On

Specify the email address characteristics the policy is based on. This option is only available in the Emails From section. Select the following:

  • Both: Applies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value for the Message Header From will be used.
Applies From / To

Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. Select the following:

  • Everyone: Includes all email users (i.e., internal and external). This option is only available in the Emails From section.
  • Internal Address: Includes only internal organization addresses.
  • Address Groups: Enables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
  1. Click on the Save and Exit button.

For more information, see the Bypass Policy Configuration page.
 

Changing the Action in a Definition

This does not utilize the sandbox and will instead create a safe, transcribed version of the file.

To change the action in the Attachment Protection definition to Safe File:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Policies | Gateway Policies.
  3. Click on the Definitions drop-down menu.
  4. Select Attachment Protect.
  5. Navigate to an individual definition and change the Attachment Protect Delivery Options field to Safe File.

Step 5 needs to be repeated for each individual definition.

  1. Click on the Save and Exit button.

For more information, see the Attachment Protection Configuration page.

 

Disabling Existing Attachment Protection Policies

To disable existing Attachment Protection policies for all mail flow:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Policies | Gateway Policies.
  3. Click on the Definitions drop-down menu.
  4. Select Attachment Protect.
  5. Navigate to an individual policy and change the Enable/Disable toggle to Disable.

Step 5 needs to be repeated for each individual policy.

  1. Click on the Save and Exit button.

Related to

Was this article helpful?
0 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.