Forum Discussion
Issues with Phishing & Malware Classification, Quarantine, and ZAP Not Triggering
Hello,
We are facing issues with Office 365 Defender email alerts related to phishing and malware detection. Below are the key concerns:
- Emails with Malicious Attachments
- Emails classified as phishing/malware due to malicious attachments are delivered to users.
- If quarantined, they are blocked upon release, preventing delivery to recipients.
- Is this expected behavior? Are there any workarounds to allow delivery after manual review?
- Retroactive Classification Based on User Actions
- Emails are later classified as phishing/malware when another user clicks a link.
- We need better visibility and control over such cases. Any insights on handling this effectively?
- ZAP Not Triggering
- We’ve noticed that ZAP (Zero-hour Auto Purge) is not triggering as expected in certain cases.
- Has anyone experienced similar issues, and are there any known fixes or configurations that might help?
Hello nikunjbhatt_cds!
For emails with malicious attachments, if they are quarantined and then blocked upon release, this is expected behavior.
A workaround would be to manually review and release them after ensuring they are safe. For retroactive classification, you can adjust your alert settings to better track user actions and provide more visibility.
For ZAP not triggering, it could be due to misconfigurations or specific scenarios where ZAP doesn't apply. You can check if the policies are correctly set up for ZAP or if certain conditions are preventing it from triggering.
If you need some help with specific case let me know and we can try to find a solution.
Regards!
