ETP User Guide

Email Threat Prevention (ETP) Guide:
Management of Quarantined Emails & Allow/Block Senders

ABOUT THE SOLUTION

Email presents a critical vulnerability to businesses of all sizes in any industry. Ostra Cybersecurity, Inc. integrates best-in-class tools to create a comprehensive cybersecurity solution. That’s why we selected Email Threat Prevention powered by Trellix/FireEye to protect your company.

How does it work?

Prevention: Handling of incoming email inline, meaning that ALL email must pass through filtering BEFORE being delivered to your Inbox.
Remediation: Active removal of malicious emails and any associated files even if they pass through the filter.
Optimization: Constant learning of SPAM patterns to make filtering more efficient.

QUARANTINE NOTIFICATIONS

Ostra email protection will occasionally prevent wanted emails from being delivered to your Inbox*. You will receive an email notification twice a day, but only if you have new emails in your quarantine center.

If you do not wish to receive these emails in your Inbox, no action is needed.

*During the calibration stage, there may be a high volume of mislabeled emails as ETP learns what you consider Spam.

IMPORTANT: Please review any new emails in your quarantine notifications. If no action is taken, they will be permanently deleted after 30 days and they cannot be retrieved.

ACTIONS IN NOTIFICATION EMAIL

You may access emails that have been labeled as Spam.*

Click Release and the email will be delivered to your Inbox.
Click Release and Allow Sender to allow that email to be delivered and whitelist future emails from that sender.

IMPORTANT: Emails quarantined for non-Spam reasons do not have a release option. This is to prevent accidental exposure.

To report a Spam email that passed through the filter, forward it as an attachment to support@ostra.net. Future emails from that sender will be quarantined.

YOUR QUARANTINE CENTER

IMPORTANT: Bookmark the URL provided at the bottom of a quarantine notification email. This page will allow you to manage all quarantined emails and senders anytime.

The Email Quarantine tab will list all emails that have not been delivered to your Inbox. Check this page if you have not received an expected email. Use filters to narrow the list as needed.

QUARANTINE REASONS

Click ? to learn more about the reason for quarantining and status of the email.

RELEASE FROM QUARANTINE

To release emails from quarantine:

Check the boxes for all emails you wish to release to your Inbox.
Click the RELEASE button.
Optional: Check the box to report as “NOT Spam”.
Click YES, RELEASE EMAIL.

DELETE FROM QUARANTINE

To delete emails from quarantine:

Check the boxes for all emails you wish to delete permanently.
Click the DELETE button.
Click YES, DELETE EMAILS.

Deleting emails from your quarantine center is not necessary as they do not pose a threat and will be permanently deleted after 30 days. However, it does help to identify wanted emails if you have a large volume of quarantined emails.

ALLOWED AND BLOCKED SENDERS

Click on the ALLOWED AND BLOCKED SENDERS tab to view and manage permissions for specific senders and domains.

To view only allowed or only blocked senders, click on the drop-menu in SHOW ALL.

ADD ALLOWED/BLOCKED ENTRIES

Click on ADD ENTRIES to create a new rule to allow or block a sender.

Enter an email address, then select BLOCK or ALLOW. You may also enter a domain name, which will apply the action to any sender in that domain.

DELETE ALLOWED/BLOCKED ENTRIES

Check the box for the rule you want to delete and click the TRASH icon.

Click YES, DELETE SENDER.

URL REWRITE

URL rewrite is a feature included with ETP. You may encounter a warning page when you click on a link in an email. This feature is a security precaution to prevent any clicks until the URL analysis is complete. The warning page may or may not allow you to proceed to that link. When in doubt, contact support@ostra.net to request an investigation on whether or not the link is safe.

While the email is temporarily delivered, ETP may retroactively identify the links as malicious and retract the email (remediation.) If you no longer see the email in your inbox, it is likely that the email was classified as phishing and it was remediated.

Last revision: August 1, 2024

If you have any questions or find errors in this guide, please email us at onboarding@ostra.net.