Click-time URL Protection service is not blocking access to a malicious link (False Negative)
Article ID: 163798
Updated On:
Products
Email Security.cloud
Email Threat Detection and Response
Issue/Introduction
An email has been received that contains a link that has not been rewritten by the Click-time URL Protection service.
Or
An email has been received that contains a link that points to a URL that begins with https://clicktime.symantec.com/ . Upon clicking the link, you are directed to a site that you believe is hosting dangerous or malicious content, but you were not presented with a block page.
Environment
- Email Security.cloud
- Click-Time Protection Service
Resolution
Check your Click-time URL Protection service settings in the https://clients.messagelabs.com/ portal.
- Navigate to Services > Email Services > Anti-Malware and click on the Click-time URL Protection Settings tab.
- Confirm that the Click-time URL Protection service is enabled for the domain that received the email. Be sure to check both the Global and the per-domain levels for the domain in question.
- Ensure that the URL that has not been rewritten does not appear on your organizational whitelist.
- If you cannot see any immediate configuration issues, raise a Support ticket using your normal reporting method. Please DO NOT upload any MSG or EML attachments to the ticket; you will be asked to provide a sample through a separate, secured email address.
Submitting a False Negative
Note: At present we are unable to accept suspected False Negative sample submissions for the Click-time URL Protection service through the Symantec Email Submission Client (SESC) or the Spam Analysis Tool in the Symantec.cloud portal.Submit false negative spam emails missed by Symantec.cloud email services
Feedback
Yes
No
Powered by
