Email Threat Prevention (ETP) Guide:  Management of Quarantined Emails & Allow/Block Senders ABOUT THE SOLUTION Email presents a critical vulnerability to businesses of all sizes in any industry. Ostra Cybersecurity, Inc. integrates best-in-class tools to create a comprehensive cybersecurity solution. That’s why we selected Email Threat Prevention powered by Trellix/FireEye to protect your company.  How does it work? Prevention: Handling of incoming email inline, meaning that ALL email must pass through filtering BEFORE being delivered to your Inbox. Remediation: Active removal of malicious emails and any associated files even if they pass through the filter. Optimization: Constant learning of SPAM patterns to make filtering more efficient. QUARANTINE NOTIFICATIONS Ostra email protection will occasionally prevent wanted emails from being delivered to your Inbox*. You will receive an email notification twice a day, but only if you have new emails in your quarantine center. If you do not wish to receive these emails in your Inbox, no action is needed.  *During the calibration stage, there may be a high volume of mislabeled emails as ETP learns what you consider Spam. IMPORTANT: Please review any new emails in your quarantine notifications. If no action is taken, they will be permanently deleted after 30 days and they cannot be retrieved.   ACTIONS IN NOTIFICATION EMAIL You may access emails that have been labeled as Spam.* Click Release and the email will be delivered to your Inbox. Click Release and Allow Sender to allow that email to be delivered and whitelist future emails from that sender. IMPORTANT: Emails quarantined for non-Spam reasons do not have a release option. This is to prevent accidental exposure.       To report a Spam email that passed through the filter, forward it as an attachment to support@ostra.net. Future emails from that sender will be quarantined. YOUR QUARANTINE CENTER IMPORTANT: Bookmark the URL provided at the bottom of a quarantine notification email. This page will allow you to manage all quarantined emails and senders anytime.   The Email Quarantine tab will list all emails that have not been delivered to your Inbox. Check this page if you have not received an expected email. Use filters to narrow the list as needed.        QUARANTINE REASONS Click ? to learn more about the reason for quarantining and status of the email.         RELEASE FROM QUARANTINE To release emails from quarantine: Check the boxes for all emails you wish to release to your Inbox. Click the RELEASE button. Optional: Check the box to report as “NOT Spam”. Click YES, RELEASE EMAIL.        DELETE FROM QUARANTINE To delete emails from quarantine: Check the boxes for all emails you wish to delete permanently. Click the DELETE button. Click YES, DELETE EMAILS. Deleting emails from your quarantine center is not necessary as they do not pose a threat and will be permanently deleted after 30 days. However, it does help to identify wanted emails if you have a large volume of quarantined emails. ALLOWED AND BLOCKED SENDERS Click on the ALLOWED AND BLOCKED SENDERS tab to view and manage permissions for specific senders and domains. To view only allowed or only blocked senders, click on the drop-menu in SHOW ALL.      ADD ALLOWED/BLOCKED ENTRIES Click on ADD ENTRIES to create a new rule to allow or block a sender.      Enter an email address, then select BLOCK or ALLOW. You may also enter a domain name, which will apply the action to any sender in that domain.   DELETE ALLOWED/BLOCKED ENTRIES Check the box for the rule you want to delete and click the TRASH icon.   Click YES, DELETE SENDER.     URL REWRITE URL rewrite is a feature included with ETP. You may encounter a warning page when you click on a link in an email. This feature is a security precaution to prevent any clicks until the URL analysis is complete. The warning page may or may not allow you to proceed to that link. When in doubt, contact support@ostra.net to request an investigation on whether or not the link is safe.  While the email is temporarily delivered, ETP may retroactively identify the links as malicious and retract the email (remediation.) If you no longer see the email in your inbox, it is likely that the email was classified as phishing and it was remediated. Last revision: August 1, 2024 If you have any questions or find errors in this guide, please email us at onboarding@ostra.net.

WHAT IS A VPN? VPN stands for Virtual Private Network. It is a tool that protects the data transmitted over the internet. It encrypts internet traffic so only the sender and receiver can see it. The VPN solution used by Ostra is called GlobalProtect. When should I be connected to the VPN? Whenever you are accessing your work environment, you should ensure that your computer is connected to the VPN. This is especially important if using a public wi-fi or shared internet connection. If you have a firewall in your office, you do not need to connect to the VPN. Why should I be connected to the VPN? Using the VPN protects your work environment by hiding your online activity (including passwords and sensitive information) to keep it safe from hackers and snoopers. Will the VPN slow down my internet? The VPN encrypts all the information being exchanged to and from your computer to keep it private. That process requires a very small amount of time and it is not noticeable with a normal and stable internet connection. HOW DO I OPEN GLOBALPROTECT? Apple Click on the Global Protect icon on the top right of your screen. Windows Click on the Global Protect icon in your taskbar. OR Type “GlobalProtect” in your search box and click Open. AM I CONNECTED? Your computer will be connected to the VPN with your login credentials upon installation of GlobalProtect. If your organization uses M365 or Google Workspace for VPN login authentication, you will only need to ensure you are logged in there. When you open GlobalProtect, it should say “Connected” or “Enabled”. Most users are connected to an Always-On VPN portal (AOVPN). If you are using an AOVPN, your computer stays connected unless you disable it. WHEN SHOULD I DISABLE THE VPN? If a website is not loading, try disabling the VPN. If the page loads, that means that the VPN was blocking it. Please email support@ostra.net with the URL to request safelisting the site on the VPN. If the site is still not loading after you disable, the issue is not the VPN and could be caused by a number of other reasons (e.g., internet outage, webpage down, misspelled URL.) IMPORTANT: Do NOT continue to the site with a disabled VPN, especially if it is not a site that you regularly use. Indicate if there is great urgency when you request safelisting to escalate priority. If your internet connection is very slow (especially on video calls and other activities that use a lot of bandwidth), disabling the VPN might help alleviate the problem. Contact Ostra Support for troubleshooting slowness. If the issue persists, you should consult with your internet service provider (ISP) to troubleshoot or upgrade your bandwidth. IMPORTANT: Do NOT disable the VPN if you are using a public wi-fi. HOW DO I DISABLE THE VPN? Click on the burger icon (≡) and select Disable or Disconnect. You may be prompted to enter a reason (e.g., unable to access site, very slow internet speed, using connection protected by a firewall) and click OK.   The AOVPN will reconnect automatically after 4 hours. To reconnect sooner, select Enable or Connect.   I AM NOT CONNECTED. WHAT DO I DO? Check that you have an internet connection and that it is stable. Check the status page for your ISP for any known outages in your area.   Check that your credentials are still stored in GlobalProtect. If they are no longer stored and you do not have them saved, email support@ostra.net to request a secure link to your credentials. OR If login authentication for your company is via Microsoft 365 or Google Workspace, check that you are logged into that account. Still can't connect? Email support@ostra.net to request assistance. I AM TRAVELLING. WILL THE VPN STILL WORK? The VPN portal has geolocation blocks that prevent use in countries known for cyber threats. When travelling, email support@ostra.net in advance with dates and countries so an exception can be made to allow that traffic. If you forget to notify Support in advance, Ostra will make every effort to allow it as soon as possible. If you have questions regarding this guide or find any errors, please email onboarding@ostra.net.

Please contact onboarding@ostra.net if this guide needs to be updated.

Updating your Device Name - Changing a device name on a Windows computer (Depending on your version of Windows, the pages or icons may have a different appearance but the same pages and options exist.) 1. Navigate to your device's settings menu. You can also search for settings after opening the start menu. 2. Next, navigate to the 'System' tab and then the 'About' section. Alternatively, you can search for 'Device Name' in the search box to find this page. 3. Here you will find your device name as well as the option to 'Rename this PC'. Click 'Rename this PC' and update to a unique identifier (example: Company-Lastname) and then save. 4. You will need to restart the device for the change to take place. Next time the device is restarted, the device name will have updated to the unique identifier you specified.

Locating Local Hostname - Find a device name on a MacOS computer (Depending on your version of MacOS, the pages or icons may have a different appearance but the same pages and options exist.) 1. Select the Apple icon on the top menu bar of your screen. 2. Next, navigate to 'System Settings' 3. In the search bar, type 'sharing' then click on the Sharing tab. Next, navigate to the bottom of the page and you will find the Local Hostname (this will display your hostname and end with '.local' )